Jump to content

MANA Attack, for the Pineapple.


Recommended Posts

26 minutes ago, Just_a_User said:

@Zylla 

Its weird but i think i have found something i can repeat. It maybe coincidence but maybe not. will repeat some more to confirm.

Cold boot nano with properly formatted sd card in - USB port empty = fail hdparm test

Cold boot nano with properly formatted sd card in + RT chipset 5390 in client mode connected to AP = pass hdparm test

?????

EDIT repeated 3 times now and can confirm it seems consistent, will try some more when i get a min

I will test this in a bit. I have a W722n to use in client mode, but not exactly a RT5390.
Will report my findings.

Link to post
Share on other sites
  • Replies 446
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

MANA-Toolkit! Pineapple NANO + TETRA. (IPK installation-files, and source-files ready to compile with OpenWRT-SDK) MANA Toolkit includes a working version of SSLstrip2+dns2proxy for the Pineapples.

Sorry for not answering SBB's question. I didn't notice that someone had posted until RazerBlade did. I'll try to explain what's going on with those errors that you're getting. It is obviously re

This is under development. So the only thing the startup-script will do at the moment is to behave as a normal AP would on wlan1, (with the mana patches) It will try to fool clients that are probing

Posted Images

[   28.870000] eth0: link up (100Mbps/Full duplex)
[   28.870000] br-lan: port 1(eth0) entered forwarding state
[   28.880000] br-lan: port 1(eth0) entered forwarding state
[   30.880000] br-lan: port 1(eth0) entered forwarding state
[   32.490000] device wlan0 entered promiscuous mode
[   32.500000] br-lan: port 2(wlan0) entered forwarding state
[   32.500000] br-lan: port 2(wlan0) entered forwarding state
[   32.620000] device wlan0-1 entered promiscuous mode
[   32.650000] br-lan: port 3(wlan0-1) entered forwarding state
[   32.650000] br-lan: port 3(wlan0-1) entered forwarding state
[   32.950000] br-lan: port 3(wlan0-1) entered disabled state
[   34.500000] br-lan: port 2(wlan0) entered forwarding state
[   34.890000] br-lan: port 3(wlan0-1) entered forwarding state
[   34.890000] br-lan: port 3(wlan0-1) entered forwarding state
[   36.890000] br-lan: port 3(wlan0-1) entered forwarding state
[ 1767.130000] Aborting journal on device sda1-8.
[ 1767.130000] JBD2: Error -5 detected when updating journal superblock for sda1-8.
[ 1767.520000] EXT4-fs error (device sda1): ext4_put_super:797: Couldn't clean up the journal
[ 1767.530000] EXT4-fs (sda1): Remounting filesystem read-only
[ 1769.160000] usb-storage 1-1.2:1.0: USB Mass Storage device detected
[ 1769.190000] scsi host1: usb-storage 1-1.2:1.0
[ 1770.190000] scsi 1:0:0:0: Direct-Access     Generic  STORAGE DEVICE   0933 PQ: 0 ANSI: 6
[ 1770.190000] sd 1:0:0:0: Attached scsi generic sg0 type 0
[ 1770.510000] sd 1:0:0:0: [sdb] 15523840 512-byte logical blocks: (7.94 GB/7.40 GiB)
[ 1770.510000] sd 1:0:0:0: [sdb] Write Protect is off
[ 1770.520000] sd 1:0:0:0: [sdb] Mode Sense: 21 00 00 00
[ 1770.520000] sd 1:0:0:0: [sdb] Write cache: disabled, read cache: enabled, doesn't support DPO or FUA
[ 1770.540000]  sdb: sdb1 sdb2
[ 1770.550000] sd 1:0:0:0: [sdb] Attached SCSI removable disk
[ 1770.860000] EXT4-fs (sdb1): recovery complete
[ 1770.870000] EXT4-fs (sdb1): mounted filesystem with ordered data mode. Opts:
[ 1771.030000] EXT4-fs (sdb1): couldn't mount as ext3 due to feature incompatibilities
[ 1771.030000] EXT4-fs (sdb1): couldn't mount as ext2 due to feature incompatibilities
[ 1771.050000] EXT4-fs (sdb1): mounted filesystem with ordered data mode. Opts: (null)
[ 1771.130000] Adding 1000340k swap on /dev/sdb2.  Priority:-2 extents:1 across:1000340k
[ 1771.300000] Adding 1000340k swap on /dev/sdcard/sd2.  Priority:-2 extents:1 across:1000340k
[ 1777.340000]  sdb: sdb1 sdb2
[ 1777.530000] EXT4-fs (sdb1): couldn't mount as ext3 due to feature incompatibilities
[ 1777.530000] EXT4-fs (sdb1): couldn't mount as ext2 due to feature incompatibilities
[ 1777.550000] EXT4-fs (sdb1): mounted filesystem with ordered data mode. Opts: (null)
[ 1777.750000] Adding 1000340k swap on /dev/sdcard/sd2.  Priority:-2 extents:1 across:1000340k
[ 1778.140000] EXT4-fs (sdb1): couldn't mount as ext3 due to feature incompatibilities
[ 1778.150000] EXT4-fs (sdb1): couldn't mount as ext2 due to feature incompatibilities
[ 1778.170000] EXT4-fs (sdb1): mounted filesystem with ordered data mode. Opts: (null)
[ 1778.390000] Adding 1000340k swap on /dev/sdcard/sd2.  Priority:-2 extents:1 across:1000340k
[ 1797.280000] EXT4-fs (sdb1): couldn't mount as ext3 due to feature incompatibilities
[ 1797.290000] EXT4-fs (sdb1): couldn't mount as ext2 due to feature incompatibilities
[ 1797.310000] EXT4-fs (sdb1): mounted filesystem with ordered data mode. Opts: (null)
[ 2513.110000] usb 1-1.2: USB disconnect, device number 4
[ 2513.120000] scsi 1:0:0:0: rejecting I/O to offline device
[ 2513.120000] scsi 1:0:0:0: [sdb] killing request
[ 2513.120000] scsi 1:0:0:0: rejecting I/O to offline device
[ 2513.120000] scsi 1:0:0:0: [sdb] killing request
[ 2513.120000] scsi 1:0:0:0: rejecting I/O to dead device
[ 2513.120000] scsi 1:0:0:0: rejecting I/O to dead device
[ 2513.150000] scsi 1:0:0:0: [sdb]
[ 2513.150000] Result: hostbyte=0x01 driverbyte=0x00
[ 2513.150000] scsi 1:0:0:0: [sdb] CDB:
[ 2513.160000] cdb[0]=0x28: 28 00 00 1e 8a bc 00 00 f0 00
[ 2513.160000] blk_update_request: I/O error, dev sdb, sector 2001596
[ 2513.170000] scsi 1:0:0:0: [sdb]
[ 2513.170000] Result: hostbyte=0x01 driverbyte=0x00
[ 2513.180000] scsi 1:0:0:0: [sdb] CDB:
[ 2513.180000] cdb[0]=0x28: 28 00 00 1e 8b ac 00 00 10 00
[ 2513.180000] blk_update_request: I/O error, dev sdb, sector 2001836
[ 2513.190000] Buffer I/O error on dev sdb1, logical block 112, async page read
[ 2513.210000] Buffer I/O error on dev sdb1, logical block 112, async page read
[ 2513.210000] Buffer I/O error on dev sdb1, logical block 112, async page read
[ 2513.230000] Buffer I/O error on dev sdb1, logical block 112, async page read
[ 2513.230000] Buffer I/O error on dev sdb1, logical block 112, async page read
[ 2513.250000] Buffer I/O error on dev sdb1, logical block 113, async page read
[ 2513.250000] Buffer I/O error on dev sdb1, logical block 113, async page read
[ 2513.270000] Buffer I/O error on dev sdb1, logical block 113, async page read
[ 2513.280000] Buffer I/O error on dev sdb1, logical block 113, async page read
[ 2513.280000] Buffer I/O error on dev sdb1, logical block 114, async page read
[ 2515.630000] usb 1-1.2: new high-speed USB device number 5 using ehci-platform
[ 2515.770000] usb-storage 1-1.2:1.0: USB Mass Storage device detected
[ 2515.790000] scsi host2: usb-storage 1-1.2:1.0
[ 2516.790000] scsi 2:0:0:0: Direct-Access     Generic  STORAGE DEVICE   0933 PQ: 0 ANSI: 6
[ 2516.800000] sd 2:0:0:0: Attached scsi generic sg0 type 0
[ 2517.100000] sd 2:0:0:0: [sdc] 15523840 512-byte logical blocks: (7.94 GB/7.40 GiB)
[ 2517.110000] sd 2:0:0:0: [sdc] Write Protect is off
[ 2517.120000] sd 2:0:0:0: [sdc] Mode Sense: 21 00 00 00
[ 2517.120000] sd 2:0:0:0: [sdc] Write cache: disabled, read cache: enabled, doesn't support DPO or FUA
[ 2517.130000]  sdc: sdc1 sdc2
[ 2517.150000] sd 2:0:0:0: [sdc] Attached SCSI removable disk
[ 2517.540000] JBD2: Error -5 detected when updating journal superblock for sdb1-8.
[ 2517.550000] Aborting journal on device sdb1-8.
[ 2517.550000] JBD2: Error -5 detected when updating journal superblock for sdb1-8.
[ 2517.570000] EXT4-fs (sdc1): couldn't mount as ext3 due to feature incompatibilities
[ 2517.580000] EXT4-fs (sdc1): couldn't mount as ext2 due to feature incompatibilities
[ 2517.670000] EXT4-fs (sdc1): recovery complete
[ 2517.680000] EXT4-fs (sdc1): mounted filesystem with ordered data mode. Opts: (null)

@Sebkinne @Zylla  I rechecked my sd cards and I use all sandisk 8gb and 16gb and all of them give me the Dmesg output that zylla displayed on the last page.

Edited by b0N3z
Link to post
Share on other sites

Did some testing with hdparmdd and cat to test reading/writing.

  • Hdparm was using -tT args. to test device read timings, and cache read timings. dd was used to test writing, and cat to read the output from dd
  • The dmesg output is cleaned up to only display the stuff happening during the triggering of the bug, to save space, and make it more readable.
  • The Nano was NOT connected in client-mode to a AP during these tests. (As suggested by @Just_a_User earlier)

hdparm -tT /dev/sdcard/sd1:
stderr outputted to terminal from hdparm:
/dev/sdcard/sd1:
read(2097152) returned 1318912 bytes
 Timing buffered disk reads: read() failed: Input/output error
BLKFLSBUF failed: No such device

[  854.780000] usb 1-1.2: USB disconnect, device number 4
[  854.800000] sd 0:0:0:0: [sda]
[  854.800000] Result: hostbyte=0x01 driverbyte=0x00
[  854.800000] sd 0:0:0:0: [sda] CDB:
[  854.810000] cdb[0]=0x28: 28 00 00 1e aa f0 00 00 f0 00
[  854.810000] blk_update_request: I/O error, dev sda, sector 2009840
[  854.820000] sd 0:0:0:0: [sda]
[  854.830000] Result: hostbyte=0x01 driverbyte=0x00
[  854.830000] sd 0:0:0:0: [sda] CDB:
[  854.830000] cdb[0]=0x28: 28 00 00 1e ab e0 00 00 10 00
[  854.840000] blk_update_request: I/O error, dev sda, sector 2010080
[  857.260000] usb 1-1.2: new high-speed USB device number 5 using ehci-platform
[  857.380000] usb-storage 1-1.2:1.0: USB Mass Storage device detected
[  857.400000] scsi host1: usb-storage 1-1.2:1.0
[  858.400000] scsi 1:0:0:0: Direct-Access     Generic  STORAGE DEVICE   0933 PQ: 0 ANSI: 6
[  858.400000] sd 1:0:0:0: Attached scsi generic sg0 type 0
[  858.730000] sd 1:0:0:0: [sdb] 15187968 512-byte logical blocks: (7.77 GB/7.24 GiB)
[  858.740000] sd 1:0:0:0: [sdb] Write Protect is off
[  858.740000] sd 1:0:0:0: [sdb] Mode Sense: 21 00 00 00
[  858.750000] sd 1:0:0:0: [sdb] Write cache: disabled, read cache: enabled, doesn't support DPO or FUA
[  858.760000]  sdb: sdb1 sdb2
[  858.780000] sd 1:0:0:0: [sdb] Attached SCSI removable disk
[  859.140000] EXT4-fs (sdb1): recovery complete
[  859.150000] EXT4-fs (sdb1): mounted filesystem with ordered data mode. Opts:
[  859.300000] EXT4-fs (sdb1): couldn't mount as ext3 due to feature incompatibilities
[  859.310000] EXT4-fs (sdb1): couldn't mount as ext2 due to feature incompatibilities
[  859.330000] EXT4-fs (sdb1): mounted filesystem with ordered data mode. Opts: (null)
[  859.550000] Adding 1004364k swap on /dev/sdcard/sd2.  Priority:-2 extents:1 across:1004364k
[  864.690000] EXT4-fs error (device sda1): ext4_find_entry:1289: inode #2: comm dmesg: reading directory lblock 0
[  864.700000] EXT4-fs error (device sda1): ext4_find_entry:1289: inode #2: comm dmesg: reading directory lblock 0
[  864.720000] EXT4-fs error (device sda1): ext4_find_entry:1289: inode #2: comm dmesg: reading directory lblock 0
[  864.730000] EXT4-fs error (device sda1): ext4_find_entry:1289: inode #2: comm dmesg: reading directory lblock 0


dd if=/dev/zero of=/sd/output bs=8k count=10k:

[  981.620000] EXT4-fs warning (device sda1): __ext4_read_dirblock:884: error -5 reading directory block (ino 2, block 0                                                                                                                     )
[  981.630000] EXT4-fs error (device sda1): __ext4_get_inode_loc:3855: inode #2: block 435: comm ls: unable to read itab                                                                                                                     le block
[  981.640000] EXT4-fs error (device sda1) in ext4_reserve_inode_write:4819: IO failure
[  987.020000] Aborting journal on device sda1-8.
[  987.020000] Buffer I/O error on dev sda1, logical block 557056, lost sync page write
[  987.030000] JBD2: Error -5 detected when updating journal superblock for sda1-8.
[  994.650000] EXT4-fs error (device sda1): ext4_find_entry:1289: inode #2: comm ash: reading directory lblock 0
[ 1000.630000] EXT4-fs warning (device sda1): __ext4_read_dirblock:884: error -5 reading directory block (ino 2, block 0                                                                                                                     


cat /sd/output:

[ 1011.490000] usb 1-1.2: USB disconnect, device number 5
[ 1011.510000] sd 1:0:0:0: [sdb]
[ 1011.510000] Result: hostbyte=0x01 driverbyte=0x00
[ 1011.510000] sd 1:0:0:0: [sdb] CDB:
[ 1011.520000] cdb[0]=0x28: 28 00 00 23 13 c0 00 00 f0 00
[ 1011.520000] blk_update_request: I/O error, dev sdb, sector 2298816
[ 1011.530000] Aborting journal on device sdb1-8.
[ 1011.530000] sd 1:0:0:0: [sdb]
[ 1011.530000] Result: hostbyte=0x01 driverbyte=0x00
[ 1011.530000] sd 1:0:0:0: [sdb] CDB:
[ 1011.530000] cdb[0]=0x28: 28 00 00 23 14 b0 00 00 10 00
[ 1011.530000] blk_update_request: I/O error, dev sdb, sector 2299056
[ 1011.550000] JBD2: Error -5 detected when updating journal superblock for sdb1-8.
[ 1013.940000] usb 1-1.2: new high-speed USB device number 6 using ehci-platform
[ 1014.080000] usb-storage 1-1.2:1.0: USB Mass Storage device detected
[ 1014.100000] scsi host2: usb-storage 1-1.2:1.0
[ 1015.100000] scsi 2:0:0:0: Direct-Access     Generic  STORAGE DEVICE   0933 PQ: 0 ANSI: 6
[ 1015.100000] sd 2:0:0:0: Attached scsi generic sg0 type 0
[ 1015.480000] sd 2:0:0:0: [sdc] 15187968 512-byte logical blocks: (7.77 GB/7.24 GiB)
[ 1015.490000] sd 2:0:0:0: [sdc] Write Protect is off
[ 1015.490000] sd 2:0:0:0: [sdc] Mode Sense: 21 00 00 00
[ 1015.490000] sd 2:0:0:0: [sdc] Write cache: disabled, read cache: enabled, doesn't support DPO or FUA
[ 1015.510000]  sdc: sdc1 sdc2
[ 1015.520000] sd 2:0:0:0: [sdc] Attached SCSI removable disk
[ 1015.810000] EXT4-fs (sdc1): recovery complete
[ 1015.810000] EXT4-fs (sdc1): mounted filesystem with ordered data mode. Opts:
[ 1015.970000] EXT4-fs (sdc1): couldn't mount as ext3 due to feature incompatibilities
[ 1015.980000] EXT4-fs (sdc1): couldn't mount as ext2 due to feature incompatibilities
[ 1016.010000] EXT4-fs (sdc1): mounted filesystem with ordered data mode. Opts: (null)
[ 1016.230000] Adding 1004364k swap on /dev/sdcard/sd2.  Priority:-3 extents:1 across:1004364k


Link to complete dmesg dump. ]

Edited by Zylla
added stderr from hdparm
Link to post
Share on other sites

I also wanted to add that i think we can gather some debug-information about the sd-card controller at these directories:
(Be careful. Only read if you don't know what you're doing):

  • /sys/devices/platform/ehci-platform/usb1/1-1/1-1.2/1-1.2:1.0/host0/target0:0:0/0:0:0:0
  • /sys/bus/scsi/drivers/sd/0\:0\:0\:0/
Edited by Zylla
Link to post
Share on other sites
17 minutes ago, Zylla said:

The Nano was NOT connected in client-mode to a AP during these tests. (As suggested by @Just_a_User earlier)

I can still repeat that with hdparm, its weird. not sure why that had an impact though.

I tried it with badblock and it has the impact of a delay before it pops (i think). Seems there is a usage threshold before it flips out?

Did you try it with your wlan2 device @Zylla  ? Im not sure it had to be associated, just thats how it was configured.

Edited by Just_a_User
Link to post
Share on other sites
Just now, Just_a_User said:

I can still repeat that with hdparm, its weird. not sure why that had an impact though.

I tried it with badblock and it has the impact of a delay before it pops (i think). Seems there is a usage threshold before it flips out?

Did you try it with your wlan2 device @Zylla  ?

I'm doing some testing right now. Will do! :)

Link to post
Share on other sites

@Just_a_User


Tested hdparm and badblocks while wlan2 in client-mode to AP.

And it seems to trigger consistent here as well.

hdparm -tT /dev/sdcard/sd1:
stderr:
/dev/sdcard/sd1:
read(2097152) returned 524288 bytes
 Timing buffered disk reads: read() failed: Input/output error
BLKFLSBUF failed: No such device

[  951.240000] usb 1-1.2: USB disconnect, device number 4
[  951.260000] sd 0:0:0:0: [sda]
[  951.260000] Result: hostbyte=0x01 driverbyte=0x00
[  951.260000] sd 0:0:0:0: [sda] CDB:
[  951.270000] cdb[0]=0x28: 28 00 00 1e aa e0 00 00 10 00
[  951.270000] blk_update_request: I/O error, dev sda, sector 2009824
[  951.280000] sd 0:0:0:0: [sda]
[  951.280000] Result: hostbyte=0x01 driverbyte=0x00
[  951.290000] sd 0:0:0:0: [sda] CDB:
[  951.290000] cdb[0]=0x28: 28 00 00 1e aa f0 00 00 f0 00
[  951.300000] blk_update_request: I/O error, dev sda, sector 2009840
[  953.780000] usb 1-1.2: new high-speed USB device number 6 using ehci-platform
[  953.920000] usb-storage 1-1.2:1.0: USB Mass Storage device detected
[  953.940000] scsi host1: usb-storage 1-1.2:1.0
[  954.340000] Buffer I/O error on dev sda1, logical block 128, async page read
[  954.940000] scsi 1:0:0:0: Direct-Access     Generic  STORAGE DEVICE   0933 PQ: 0 ANSI: 6
[  954.940000] sd 1:0:0:0: Attached scsi generic sg0 type 0
[  955.300000] sd 1:0:0:0: [sdb] 15187968 512-byte logical blocks: (7.77 GB/7.24 GiB)
[  955.300000] sd 1:0:0:0: [sdb] Write Protect is off
[  955.310000] sd 1:0:0:0: [sdb] Mode Sense: 21 00 00 00
[  955.310000] sd 1:0:0:0: [sdb] Write cache: disabled, read cache: enabled, doesn't support DPO or FUA
[  955.330000]  sdb: sdb1 sdb2
[  955.340000] sd 1:0:0:0: [sdb] Attached SCSI removable disk
[  955.640000] EXT4-fs (sdb1): recovery complete
[  955.640000] EXT4-fs (sdb1): mounted filesystem with ordered data mode. Opts:
[  955.810000] EXT4-fs (sdb1): couldn't mount as ext3 due to feature incompatibilities
[  955.810000] EXT4-fs (sdb1): couldn't mount as ext2 due to feature incompatibilities
[  955.840000] EXT4-fs (sdb1): mounted filesystem with ordered data mode. Opts: (null)
[  956.070000] Adding 1004364k swap on /dev/sdcard/sd2.  Priority:-2 extents:1 across:1004364k
[  970.780000] EXT4-fs error (device sda1): ext4_find_entry:1289: inode #2: comm dmesg: reading directory lblock 0
[  970.800000] EXT4-fs error (device sda1): ext4_find_entry:1289: inode #2: comm dmesg: reading directory lblock 0
[  970.810000] EXT4-fs error (device sda1): ext4_find_entry:1289: inode #2: comm dmesg: reading directory lblock 0
[  970.820000] EXT4-fs error (device sda1): ext4_find_entry:1289: inode #2: comm dmesg: reading directory lblock 0


badblocks -e 100 /dev/sdcard/sd1:
stderr:
Too many bad blocks, aborting test
done
Pass completed, 100 bad blocks found. (100/0/0 errors)

[ 1115.790000] EXT4-fs error (device sda1): ext4_find_entry:1289: inode #2: comm badblocks: reading directory lblock 0
[ 1116.000000] EXT4-fs error (device sda1): ext4_find_entry:1289: inode #2: comm badblocks: reading directory lblock 0
[ 1116.900000] usb 1-1.2: USB disconnect, device number 6
[ 1116.920000] sd 1:0:0:0: [sdb]
[ 1116.920000] Result: hostbyte=0x01 driverbyte=0x00
[ 1116.920000] sd 1:0:0:0: [sdb] CDB:
[ 1116.930000] cdb[0]=0x28: 28 00 00 1e a9 50 00 00 10 00
[ 1116.930000] blk_update_request: I/O error, dev sdb, sector 2009424
[ 1116.940000] sd 1:0:0:0: [sdb]
[ 1116.940000] Result: hostbyte=0x01 driverbyte=0x00
[ 1116.950000] sd 1:0:0:0: [sdb] CDB:
[ 1116.950000] cdb[0]=0x28: 28 00 00 1e a9 60 00 00 f0 00
[ 1116.950000] blk_update_request: I/O error, dev sdb, sector 2009440
[ 1116.990000] Buffer I/O error on dev sdb1, logical block 92, async page read
[ 1117.010000] Buffer I/O error on dev sdb1, logical block 92, async page read
[ 1117.020000] Buffer I/O error on dev sdb1, logical block 92, async page read
[ 1117.020000] Buffer I/O error on dev sdb1, logical block 92, async page read
[ 1117.040000] Buffer I/O error on dev sdb1, logical block 93, async page read
[ 1117.040000] Buffer I/O error on dev sdb1, logical block 93, async page read
[ 1117.060000] Buffer I/O error on dev sdb1, logical block 93, async page read
[ 1117.060000] Buffer I/O error on dev sdb1, logical block 93, async page read
[ 1117.080000] Buffer I/O error on dev sdb1, logical block 94, async page read
[ 1117.080000] Buffer I/O error on dev sdb1, logical block 94, async page read
[ 1119.400000] usb 1-1.2: new high-speed USB device number 7 using ehci-platform
[ 1119.520000] usb-storage 1-1.2:1.0: USB Mass Storage device detected
[ 1119.540000] scsi host2: usb-storage 1-1.2:1.0
[ 1120.540000] scsi 2:0:0:0: Direct-Access     Generic  STORAGE DEVICE   0933 PQ: 0 ANSI: 6
[ 1120.550000] sd 2:0:0:0: Attached scsi generic sg0 type 0
[ 1120.890000] sd 2:0:0:0: [sdc] 15187968 512-byte logical blocks: (7.77 GB/7.24 GiB)
[ 1120.900000] sd 2:0:0:0: [sdc] Write Protect is off
[ 1120.910000] sd 2:0:0:0: [sdc] Mode Sense: 21 00 00 00
[ 1120.910000] sd 2:0:0:0: [sdc] Write cache: disabled, read cache: enabled, doesn't support DPO or FUA
[ 1120.920000]  sdc: sdc1 sdc2
[ 1120.940000] sd 2:0:0:0: [sdc] Attached SCSI removable disk
[ 1121.210000] EXT4-fs (sdc1): recovery complete
[ 1121.220000] EXT4-fs (sdc1): mounted filesystem with ordered data mode. Opts:
[ 1121.380000] EXT4-fs (sdc1): couldn't mount as ext3 due to feature incompatibilities
[ 1121.390000] EXT4-fs (sdc1): couldn't mount as ext2 due to feature incompatibilities
[ 1121.420000] EXT4-fs (sdc1): mounted filesystem with ordered data mode. Opts: (null)
[ 1121.700000] Adding 1004364k swap on /dev/sdcard/sd2.  Priority:-3 extents:1 across:1004364k


I noticed in the kernel log that when i ran badblocks, it kept on with the same error-message as hdparm (ext4_find_entry:1289)
If i count all the identical ones reported with hdparm; it counts to 6. Then the device disconnects. (Might be useful info. for debugging?)
Strange...

Edited by Zylla
Link to post
Share on other sites

Last resort...
I'm gonna attempt to run the nano's firmware + kernel using qemu.
I want to try spoofing the sd-card and see if i can replicate the issue there.

If i can do that, and if it happens; it has to be a software issue.
qemu has been helpful earlier to debug stuff like this on embedded devices.

Edited by Zylla
Link to post
Share on other sites
25 minutes ago, Zylla said:

@Just_a_User


Tested hdparm and badblocks while wlan2 in client-mode to AP.

And it seems to trigger consistent here as well.

Huh? thats so weird.So maybe the wifi driver having an impact there? its the only diff other than card manufacturer. so weird. Good work with all the testing

Edited by Just_a_User
Link to post
Share on other sites
13 minutes ago, Just_a_User said:

Huh? thats so weird.So maybe the wifi driver having an impact there? its the only diff other than card manufacturer. so weird. Good work with all the testing

I'm not sure how the wifi driver affects the sd-card driver.
Are you sure you're not getting any errors at all while having it in client-mode?

The nano seems to detect the internal Genesys reader as a "Generic Storage Device" (mapped to /dev/sg0)
So, i'm not sure what driver exactly is being used (i'll try to find out), or how the kernel loads the "generic device".
But it seems to behave differently when i used my Realtek reader. The kernel reported the device as "Generic- SD/MMC/MS PRO" (and maps the device to /dev/sg1)
So that device is also "generic" in a way, but it has to be using it differently since it's working. ("PQ: 0 ANSI: 4" is also differently from the internal one saying: "PQ: 0 ANSI: 6", not sure what that means exactly)

I'll also read through the kernel-section of the SDK for OpenWRT, and see if i can find something that matches the information we're getting from the crashes.
Complicated stuff. :/

Link to post
Share on other sites
6 minutes ago, Zylla said:

Are you sure you're not getting any errors at all while having it in client-mode?

100% no errors, I can complete the hdparm test with results and nothing in dmesg, then remove my wifiadaptor run the hdparm test and it fail with reports to dmesg, then re-insert wifi adapter and it passes hdparm test with no report to dmesg.

Also both badblocks and hdparm run fine on ubuntu checking the same sd card.

Out of interest are your sd cards class 10?

 

Link to post
Share on other sites
12 hours ago, Just_a_User said:

100% no errors, I can complete the hdparm test with results and nothing in dmesg, then remove my wifiadaptor run the hdparm test and it fail with reports to dmesg, then re-insert wifi adapter and it passes hdparm test with no report to dmesg.

Also both badblocks and hdparm run fine on ubuntu checking the same sd card.

Out of interest are your sd cards class 10?

 

Yeah, most of my cards are class 10, but some are not specified.
But they are all working on other devices, or when i'm using the Realtek reader in the nano's USB port to mount the /sd directory.

Link to post
Share on other sites
12 hours ago, _bugs_ said:

Hi Zylla,

If I install this package, will I get the same versions of  SSltrip2 and dns2proxy you are speaking about in another thread?

(the top 2 threads of this forum)

Thanks

B.

yes

Link to post
Share on other sites
  • 2 weeks later...
1 minute ago, thatalbinofrog said:

Hey, I've installed the module, but now I'm stuck installing dependencies, any help?

Please read tutorial i typed in the few pages before. Search for the part where i speak of dependencies.

Link to post
Share on other sites
27 minutes ago, Rinilyn said:

Please read tutorial i typed in the few pages before. Search for the part where i speak of dependencies.

Thanks for the quick reply, I got it working, I guess.

I'm very new to pineappling, could you give me a hand with a few questions?  I posted a thread about 7 hours ago and I was wondering if you could answer some of the questions

 

Thanks man!

Link to post
Share on other sites
  • Sebkinne unpinned this topic
  • 1 month later...

 

Is this all working on 2.2.0 (Tetra)?

Installed as per your post

root@Pineapple:~# wget -qO- https://raw.githubusercontent.com/adde88/hostapd-mana/master/INSTALL.sh | bash -s -- -v -v

And installed the Pineapple Module beta (never starts though)

Pineapple module log

Configuration file: /etc/mana-toolkit/hostapd-mana.conf
Interface name not specified in /etc/mana-toolkit/hostapd-mana.conf, nor by '-i' parameter
: interface state UNINITIALIZED->DISABLED
: AP-DISABLED
hostapd_free_hapd_data: Interface  wasn't started
Failed to initialize interface

 

 

Log file (running from terminal)

 

------

root@Pineapple:~# launch-mana
Mana Toolkit - Pineapple Edition!

Device seems to be: ONLINE.
RTNETLINK answers: File exists
Configuration file: /etc/mana-toolkit/hostapd-mana.conf
Using interface wlan1 with hwaddr 00:13:37:a6:bb:8c and ssid "MANA"
RTNETLINK answers: Invalid argument
wlan1: interface state UNINITIALIZED->ENABLED
wlan1: AP-ENABLED
-----

Then Pinapple reboots

*Im also connected to laptop in bridged Lan mode it appears using laptop internet sharing off my laptop wifi

 

 

Edited by Jehu4u
update.
Link to post
Share on other sites
On 7/19/2018 at 7:32 PM, Jehu4u said:

 

Is this all working on 2.2.0 (Tetra)?

Installed as per your post


root@Pineapple:~# wget -qO- https://raw.githubusercontent.com/adde88/hostapd-mana/master/INSTALL.sh | bash -s -- -v -v

And installed the Pineapple Module beta (never starts though)

Pineapple module log


Configuration file: /etc/mana-toolkit/hostapd-mana.conf
Interface name not specified in /etc/mana-toolkit/hostapd-mana.conf, nor by '-i' parameter
: interface state UNINITIALIZED->DISABLED
: AP-DISABLED
hostapd_free_hapd_data: Interface  wasn't started
Failed to initialize interface

 

 

Log file (running from terminal)

 

------

root@Pineapple:~# launch-mana
Mana Toolkit - Pineapple Edition!

Device seems to be: ONLINE.
RTNETLINK answers: File exists
Configuration file: /etc/mana-toolkit/hostapd-mana.conf
Using interface wlan1 with hwaddr 00:13:37:a6:bb:8c and ssid "MANA"
RTNETLINK answers: Invalid argument
wlan1: interface state UNINITIALIZED->ENABLED
wlan1: AP-ENABLED
-----

Then Pinapple reboots

*Im also connected to laptop in bridged Lan mode it appears using laptop internet sharing off my laptop wifi

 

 

There's been some changes lately, especially on the install-part.
I'm not sure if you read the output you get when installing, but it should state that you now have to issue the following command after the install-script:

root@Pineapple:~$ install-mana-depends

Did you do this? If not, it might explain why you're having problems launching it.
It's working for me on the Tetra and Nano running latest fw. But feedback from you guys are still highly appreciated, as something might still have slept past me :)

Link to post
Share on other sites
6 hours ago, Zylla said:

There's been some changes lately, especially on the install-part.
I'm not sure if you read the output you get when installing, but it should state that you now have to issue the following command after the install-script:


root@Pineapple:~$ install-mana-depends

Did you do this? If not, it might explain why you're having problems launching it.
It's working for me on the Tetra and Nano running latest fw. But feedback from you guys are still highly appreciated, as something might still have slept past me :)

Awesome thanks for the reply.

my Terta is dead. Reboots whenever injection or anything is needed.  Even a deauth. 

Hoping support will send me one ASAP.  Can’t wait to try it. 

Link to post
Share on other sites
16 hours ago, Jehu4u said:

Awesome thanks for the reply.

my Terta is dead. Reboots whenever injection or anything is needed.  Even a deauth. 

Hoping support will send me one ASAP.  Can’t wait to try it. 

Ouch, doesn't sound good. I've read other ppl. having similar problems, where they discovered that taking of the Tetra's antenna(s) was a "solution" for them.
Have you tried this, just to see if it has any affect on the problem? (I know it's not a good solution at all, but just for debugging purposes it would be interesting to hear your results ? )

Link to post
Share on other sites

I had a question related to the Mana Toolkit as used on the NANO, i spent alot of time is this thread the last couple of days, yet i dont think i have seen this question answered, but i would like to apologize in case i overlooked something. anyway, i managed to get the mana toolkit running, but now it runs a little bit too well, it tries every singel AP within range, however my scope is one specific SSID. i found the hostapd.accept and the hostapd.SSID_filter files, but leaving the MAC adress did not have the result i was looking for. now, i was hoping maybe someone could nudge in de right direction, it would be appreciated:)

Link to post
Share on other sites
On 7/23/2018 at 9:00 PM, l1ghtman said:

I was wondering if there is some sort of documentation on MANA for pineapple. I installed the whole toolkit because I needed sslstrip, however, I don't know how to launch only sslstrip by itself

I created a package individually for sslstrip+. But i'm in the process of updating it, as much progress have been made on it.
I had to tweak alot of stuff to get sslstrip+ working on them, so the old package should work, but it uses a dirty python-fix.
After i've updated it, it should work flawlessly.

I haven't completed it yet. BUT you could try downloading the following "ipk" files from my repo:
https://github.com/adde88/hostapd-mana/tree/master/dependencies

Basically that directory contains everything needed to run sslstrip2 and dns2proxy.

I haven't tested using them without the Mana installation script, but i'm relative sure it should work still.

EDIT: Regarding documenation.
Specifically for the Pineapples, there's no complete documentation as of yet. You're actually the first person to mention this, and i agree.
I'll get some documention up for you guys, specifically for the Pineapples.
Btw, Sensepost updated their repos. recently, adding a Wiki part to hostapd-mana.

Edited by Zylla
Link to post
Share on other sites
1 hour ago, display-names said:

I had a question related to the Mana Toolkit as used on the NANO, i spent alot of time is this thread the last couple of days, yet i dont think i have seen this question answered, but i would like to apologize in case i overlooked something. anyway, i managed to get the mana toolkit running, but now it runs a little bit too well, it tries every singel AP within range, however my scope is one specific SSID. i found the hostapd.accept and the hostapd.SSID_filter files, but leaving the MAC adress did not have the result i was looking for. now, i was hoping maybe someone could nudge in de right direction, it would be appreciated:)

If you're planning to use either hostapd.accept or hostapd.deny. Make sure that your hostapd.conf is set to also use them.
If i remember correctly Mana Toolkit's hostapd-mana.conf on the Pineapples is set to only read hostapd.deny
And remember, only add MAC addresses to those two files (.deny / .accept).
If you set the config to read hostapd.accept, you set it to operate in a "whitelist-mode", where it only accept connections from those specific addresses.
If you use the default mode (blacklist), you add MAC addresses to hostapd.deny, and it will not let those clients connect.

If you plan on attacking ONLY a specific SSID, you also have to edit the hostapd-mana,conf to enable the ssid-filtering. Because it's disabled by default.
Let's say i only want to attack my own network. Then i open hostapd-mana.conf and edit this line: (Just remove the # sign in the beginnign to enable it)

#mana_ssid_filter_file=/etc/mana-toolkit/hostapd.ssid_filter

Aferwards i open up /etc/mana-toolkit/hostapd.ssid_filter and add the name of the networks i plan to attack on a separate line.
So hostapd.ssid_filter might end up looking like this:

Zylla
Zylla-5GHz
MyCorporateWifi

 

Edited by Zylla
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.


×
×
  • Create New...