Jump to content

[RELEASE] Shark Jack Firmware 1.0.1


Timzor

Recommended Posts

Hello!

We're happy to announce the 1.0.1 update for the Shark Jack. It includes some small improvements and introduces support for Hak5 Cloud C2.

1.0.1 Changelog:

  • General
    • Added support for Hak5 Cloud C2.
    • Added host timeout and max retries to default payload to avoid long scan times.

 

You can find the update at the Hak5 Download Center and use the Shark Jack helper script to install it and run the latest version.

Thanks,
Tim

Link to comment
Share on other sites

  • Foxtrot pinned and featured this topic
  • 2 weeks later...
On 10/11/2019 at 12:48 PM, Jtyle6 said:

I'm getting on when downloading.


{"error_message":"tool version not found"}

On https://downloads.hak5.org/shark When downloading the helper tools.

Can confirm I'm getting the same issue.

Edit: Don't think I need to do it manually. Reviewing the binaries on the host I found /usr/bin/shark_framework which has some interesting lines in. Looks like if you copy the firmware file to /root/, have the switch in arming mode... it'll autodetect and apply the firmware.

	#!/bin/bash
	SWITCH_POSITION=$(/usr/bin/SWITCH)
MODE="OFF"
	UPGRADE_FILE=$(ls /root/upgrade-*.bin 2>/dev/null | tail -n1)
	LOG="logger -t Shark [*]"
LOG_ERR="logger -t Shark -p 3 [!]"
	function upgrade_leds() {
        /usr/bin/LED OFF
        while true
        do
                echo 1 > /sys/class/leds/shark:red:system/brightness
                sleep 0.2
                echo 0 > /sys/class/leds/shark:red:system/brightness
                echo 1 > /sys/class/leds/shark:blue:system/brightness
                sleep 0.2
                echo 0 > /sys/class/leds/shark:blue:system/brightness
        done
}
	function execute_upgrade() {
        $LOG "Checking for firmware upgrade"
	        [[ -f $UPGRADE_FILE ]] && {
                $LOG "Firmware upgrade found"
                upgrade_leds &
                led_pid=$!
	                cp $UPGRADE_FILE /tmp/upgrade.bin
                rm $UPGRADE_FILE
	                sleep 2 && kill $led_pid
	                $LOG "Executing UPGRADE"
                /usr/bin/LED B && echo "sysupgrade -n /tmp/upgrade.bin" | at now
	                exit
        } || {
                $LOG "No firmware upgrade found"
                return 1
        }
}
<snipped>



Giving it a shot now.

Edited by Scriptmonkey_
adding info.
Link to comment
Share on other sites

Well... snifflebiscuits.

I believe I've done did broke it.

Lost network connectivity as the file was transferring (not sure why, it was there, I wasn't touching it, just SCP stopped transferring the file and said connection reset by peer).

Next boot, I can only assume it tried to take to the partial file that I'd uploaded and appears to have flashed that. All switch modes are unresponsive.

I don't suppose there is a "Users Be Stupid, Factory Reset" magical on-off-switch-button combination in order to restore the firmware?

Edit2: I've actually managed to recover this myself. I've taken the liberty of writing up the procedure I took in a forum post and deleted some of my posts from here as it was just cluttering up the place.

 

Edited by Scriptmonkey_
Edit: cleaned up my thread a bit, added info about guide I've written elsewhere in the forum.
Link to comment
Share on other sites

15 minutes ago, Scriptmonkey_ said:

Latest: I found a "button" on the device, under the hole on the casing (though its absolutely tiny so I would recommend just dismantling the case - easily done, there are no screws under any labels).

Na, you just need a paper clip or a SIMcard eject tool to do it...

Link to comment
Share on other sites

1 hour ago, Jtyle6 said:

Na, you just need a paper clip or a SIMcard eject tool to do it...

Thanks, I was using a pin and it just kept missing it or slipping off 🙂 Wrote up the recovery guide into another thread but yeah, looks like firmware upgrade is basically scp firmware file to /root/ boot cycle it into arming mode and wait for LEDs to stop doing the hokey cokey.

Link to comment
Share on other sites

  • 3 weeks later...

DO NOT FOLLOW THESE INSTRUCTIONS. SEE THE NEXT POST.

Had a question about how to upgrade Shark Jack Firmware. I answered my own question. Here is what I did.
(Default User, "root", Default Password "hak5shark", Default IP 172.16.24.1)

Make sure Shark Jack is Fully charged
Connect Shark Jack to network and set switch to arming mode.
SCP upgrade-1.0.1.bin to /root/
SCP sharkjack.sh to /root/payload/
Set switch to Off/Charging
Wait 10 seconds
Set switch to Arming Mode
Wait for light show to finish (5 minutes for me)
SSH to Shark Jack
Run command cat VERSION
Confirm output as 1.0.1

Hope this helps everyone!

Side note, I noticed that if I have the Shark Jack connected to USB Power while in Arming Mode, when I flip the switch to Off/Charging, the device will stay on and respond to pings. If you are trying to power cycle the device while you have it connected to power this might cause issues.
After performing the upgrade, the upgrade-1.0.1.bin and sharkjack.sh files disappeared. The /root/loot/ folder also disappeared. So make sure your have your loot off the device before you update it.

Link to comment
Share on other sites

  • 2 weeks later...

@Topknot thanks for detailing the process you followed to upgrade - however I want to advise against this method as it will not be supported. We cannot guarantee that the firmware file will always fit in the root file system in /root/, and the sysupgrade function may not always be present in the framework.

If you wish to manually upgrade the Shark Jack, as opposed to the guided method using the sharkjack.sh helper available from https://downloads.hak5.org I advise you to please follow the instructions listed at https://docs.hak5.org/hc/en-us/articles/360038189894-Manual-Upgrade

  • Upvote 2
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...