Jump to content
Cap_Sig

HCX Pi - Portable hcxdumptool Device

Recommended Posts

The HCX Pi is based off ZerBea's hcxdumptool project: https://github.com/ZerBea/hcxdumptool

Specs:

  • Raspberry Pi 3B+ running Arch Linux
  • Alfa AWUS036NH adapter
  • Custom board for multiple status LEDs and control button
  • 3D printed enclosure.

The purpose of the hardware is to have a small self-contained portable tool for capturing WPA2 PMKIDs

The hardware could easily be repurposed for many other applications as well (more coming soon!).

Ku9dBf4.jpg

0x4M3oC.jpg

LEDs are for power, ACT for Pi, and hcxdumptool status LED based off the script from github project.

If there is interest in a build log please leave a reply and I will consider making one.  Future improvements are a smaller case and internal battery.

  • Like 2

Share this post


Link to post
Share on other sites
On 8/27/2019 at 9:59 PM, F0x3nB0x3n said:

Great idea!  I'd be keen to see a build log! 🙂

Thanks! I will keep the thread updated.

Share this post


Link to post
Share on other sites

I hope I am in the correct area for this question.  will this or any portable device able press a button to start WPS connect session while I have physical access to a router with the WPS  turned on and button pressed there.  Act like a client wanting to connect and save all the data.

Share this post


Link to post
Share on other sites
6 hours ago, Freybergers said:

I hope I am in the correct area for this question.  will this or any portable device able press a button to start WPS connect session while I have physical access to a router with the WPS  turned on and button pressed there.  Act like a client wanting to connect and save all the data.

Pretty sure the WPS push button systems have a timeout, so may be a bit inefficient.

 

To be honest, if I were pentesting in an area where the router was physically accessible, the first thing I'd do is plug in ethernet and try some default router credentials.

 

Failing that I guess you could feed the pin into reaver.  Or perform a manual connection using the pin if you're running linux....sometimes stores the PSK in /etc/network/interfaces in plain text.

  • Upvote 1

Share this post


Link to post
Share on other sites

timing would be great having one device in the pocket and the other at my fingertips. too obvious to look at the xxxx-xxxx key on the bottom.  I tried using my phone but recovering the key was when I found out i need root on my own phone! would i use the pineapple mini with a script to connect save the data to SD card.  Then in most cases the default username and password is known for a later connect

Share this post


Link to post
Share on other sites

Build log coming in the near future.  I will post the link to it once posted.  Hope to have it up in a week or less.

  • Like 1

Share this post


Link to post
Share on other sites

Well due to have some unexpected free time, build log is here early! https://cap-sig.com/hcx-pi-v1/

Please let me know you thoughts/comments here and on the site!

Also, the site is new, under heavy development, and adding of new content.

Updates will be posted and a lot of new content coming soon!

Edited by Cap_Sig
  • Like 2

Share this post


Link to post
Share on other sites
3 hours ago, MasloRama said:

Great job. Already have a first catch?

Thanks! Yes, what testing I have done has gone very well.

Share this post


Link to post
Share on other sites

But hcxtools is closely synced to hashcat git branch (that means: latest hcxtools matching on latest hashcat beta) and John the Ripper git branch "bleeding-jumbo".

Share this post


Link to post
Share on other sites
22 hours ago, clarc said:

But hcxtools is closely synced to hashcat git branch (that means: latest hcxtools matching on latest hashcat beta) and John the Ripper git branch "bleeding-jumbo".

But hcxtools is closely synced to hashcat git branch (that means: latest hcxtools matching on latest hashcat beta) and John the Ripper git branch "bleeding-jumbo".

 

 

 

 

 

 

Kodi Lucky Patcher

Share this post


Link to post
Share on other sites
14 hours ago, clarc said:

But hcxtools is closely synced to hashcat git branch (that means: latest hcxtools matching on latest hashcat beta) and John the Ripper git branch "bleeding-jumbo".

 

 

 

 

 

 

Kodi Lucky Patcher

Are you implying that this is an issue?  Sorry just don't understand what you are getting at.  As long as the setup guide is followed it should work as the device is just used for capturing at this time.  You would then transfer the capture to a machine you plan to run hashcat on.

Share this post


Link to post
Share on other sites

I made something like this before. I used all the tools to capture hand shakes and brute pins. The goal was to cover all vectors when cracking wifi. 

 

If you use a pi with onboard wifi to create a hotspot. You could login with ssh and use a console based frontend for your tool or at least monitor live data from your phone and launch other attacks.

 

I would include a reaver attack of the most used defailt pins like 0000000, 01234567 etc. Range is the most common issue with River attacks but with this in your bag you can walk up extremely close to a building for just a couple minutes.

 

Also collecting handshakes is a must add function and maybe with a 'deauth all' to acquire those stubborn handshakes.

 

Did you ever experience insufficient current with your Wi-Fi card?

Share this post


Link to post
Share on other sites
20 hours ago, i8igmac said:

I made something like this before. I used all the tools to capture hand shakes and brute pins. The goal was to cover all vectors when cracking wifi. 

 

If you use a pi with onboard wifi to create a hotspot. You could login with ssh and use a console based frontend for your tool or at least monitor live data from your phone and launch other attacks.

 

I would include a reaver attack of the most used defailt pins like 0000000, 01234567 etc. Range is the most common issue with River attacks but with this in your bag you can walk up extremely close to a building for just a couple minutes.

 

Also collecting handshakes is a must add function and maybe with a 'deauth all' to acquire those stubborn handshakes.

 

Did you ever experience insufficient current with your Wi-Fi card?

Sounds like a nice build.  I have done several headless builds using a tablet, phone, laptop for control.  Just did the build with display for the idea of it. 

I have done a lot of testing with the alfa cards and what you can power without issues.  As long as you have a stable 2 amp supply it will run two AWUS036NH adapters without issues. The biggest thing to not is actual power consumption of alfa adapters are much lower than TX ratings as this is based on EIRP.  Mixed results with three, seems to just depend on the load collectively for all three.  Six adapters is possible with a USB hub but under full load it results in slow Ethernet as they are tied together on the chipset.  

I am currently working on a build that I plan to post soon with the odroid ux4 (started the build before pi 4 was easily available).  It is very stable under high USB loads especially with powered hubs. 

  • Upvote 1

Share this post


Link to post
Share on other sites
On 10/24/2019 at 5:43 PM, Cap_Sig said:

Sounds like a nice build.  I have done several headless builds using a tablet, phone, laptop for control.  Just did the build with display for the idea of it. 

I have done a lot of testing with the alfa cards and what you can power without issues.  As long as you have a stable 2 amp supply it will run two AWUS036NH adapters without issues. The biggest thing to not is actual power consumption of alfa adapters are much lower than TX ratings as this is based on EIRP.  Mixed results with three, seems to just depend on the load collectively for all three.  Six adapters is possible with a USB hub but under full load it results in slow Ethernet as they are tied together on the chipset.  

I am currently working on a build that I plan to post soon with the odroid ux4 (started the build before pi 4 was easily available).  It is very stable under high USB loads especially with powered hubs. 

I ran into issues when hosting access points with hostapd. most cards i tested would only run stable if rates were set no higher than 11M.  Insufficient current would just disconnect the USB device.  Good luck with the project

Share this post


Link to post
Share on other sites
12 hours ago, i8igmac said:

I ran into issues when hosting access points with hostapd. most cards i tested would only run stable if rates were set no higher than 11M.  Insufficient current would just disconnect the USB device.  Good luck with the project

Thanks for the info.  I appreciate the good luck wishes, I might be needing them... 😂

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...