Unofficial Recovery for Shark Jack

[Scriptmonkey_]

So anyone who's seen the other firmware post has probably seen my adventures in trying to figure out the firmware upgrade process as the suggested tool in the post just doesn't exist, is available on github if you need it, but the links in the download center appeared to be broken earlier.

I ended up bricking my shark to some degree - Turns out though as it's based on openwrt it has the inbuilt recovery features.

So these are the steps I took to restore its functionality - you can follow, but it is by no means the official help, nor is it without massive risk. I was willing to chalk my jack up to being a lost cause.

1. Charge it - You probably won't have LEDS here to help you out (no charge level indication) but you only need sufficient power to "wait" for it to actually boot, so plug it in for 5 minutes and just let it charge.

2. Using either a pin*, sim-card removal tool, etc locate the hole on the back of the case and insert it most of the way, you should feel a button at the end of the travel. Rest it on it, but do not depress it.

*I found it difficult to "aim" my pin, at the button as it's tiny... so I removed the casing of the shark jack... there are no screws, it comes apart with a spudger inserted down the side, really easily.

3. Power on the device to ARMING mode (middle position). Depress button using your pin now. Count 1000, 1, 1000 2... etc until 1000 7. remove pin!

4. Plug device into your Network Jack within a minute or so you should see green lights, indicating activity on the network port.

5. Set your host's IP to 192.168.1.2 and attempt to browse using a web browser to 192.168.1.1 you should see a screen like the following:

6. Once you've proven connectivity to the recovery webpage, PLUG IN YOUR USB-C... KEEP THE SHARK JACK POWERED THROUGHOUT THIS PROCESS.

7. Select the OS tab.

8. Using a normal "upgrade-*.*.bin' firmware file available from the hak5 download center (download it, check the checksum),  browse to the firmware.

9. CONFIRM YOU ARE ON THE OS TAB AND IT SAYS "e.g: OpenWRT.bin" DO NOT DO ANY OTHER TAB or you will be on your own. - select "start upload file".

10. Page will switch to a loading screen informing you to wait until the device reboots.

11. Once the device has rebooted you should notice this... the LEDs will have done their boot cycle (flashing greens) and turned to either flashing amber, indicating arming mode, or flashing/static blue to indicate the device is either charging or charged.

12. Set your host's IP to 172.16.24.2 and attempt to SSH to the device. You may get prompted about the SSH host key having been changed and may need to delete it from your known_hosts file, but once done... you can log back into the device using the default credentials of root:hak5shark.

Now go get a celebratory beverage of your choice and get your hack on.

 

[Didier Stevens]

I guess that with "the suggested tool that is missing", you mean the following script: https://github.com/hak5/sharkjack-payloads/blob/master/sharkjack.sh

Looking inside this script, the upgrade process is essentially:

1. copy firmware to /tmp/upgrade.bin
2. sysupgrade -n /tmp/upgrade.bin

 

[funnybunny]

I was in the process of wget the upgrade-1.0.1.bin to the shark jack and unsure if it finished. The wget was uploading to the default directory location upon initial SSH connection. I suspect the power could have gone out. There was a red blue light combo before all lights went out. Didn't find a red blue light combo in the description. Now there are no lights what so ever when I charge. Flipping the selection switch to Arm or Attack has no lights what so ever. Following the above unofficial reset doesn't appear to be working either. I dont get the html page on 192.168.1.1. Any other ideas on resetting? Thanks.

Update: If I plug the RJ45 in and turn the switch to Arm after 7 seconds a green light flashes once. No other lights after. Not sure what that is.

[Irukandji]

Two things to do before going upgrade. 

1. Allways sha256 the upgrade flie.

2. Allways plug in sharkjack into power when you upgrade. 

[McFly]

On 10/12/2019 at 4:23 PM, Scriptmonkey_ said:

1. Charge it - You probably won't have LEDS here to help you out (no charge level indication) but you only need sufficient power to "wait" for it to actually boot, so plug it in for 5 minutes and just let it charge.

2. Using either a pin*, sim-card removal tool, etc locate the hole on the back of the case and insert it most of the way, you should feel a button at the end of the travel. Rest it on it, but do not depress it.

*I found it difficult to "aim" my pin, at the button as it's tiny... so I removed the casing of the shark jack... there are no screws, it comes apart with a spudger inserted down the side, really easily.

3. Power on the device to ARMING mode (middle position). Depress button using your pin now. Count 1000, 1, 1000 2... etc until 1000 7. remove pin!

4. Plug device into your Network Jack within a minute or so you should see green lights, indicating activity on the network port.

5. Set your host's IP to 192.168.1.2 and attempt to browse using a web browser to 192.168.1.1 you should see a screen like the following:

I have the same problem. Lost the connection as I uploaded the file to the /root/ folder.

Now the sharkjack is blinking green fast, green slow, out some seconds, blinking green fast, green slow, out some seconds and a last time green fast, green slow, out forever.

Until I I put it to off and to arming mode again.

I did everything as you told. But this three times rounds of green blinking stay as they are. In the network on windows I can see the network device is on, off, on, off... and it stays off

 

Is there any other possibility to reset the device? If not is is broken and I have to buy a new one. Great. I did the upgrade process as it was written here...

 

 

[McFly]

Is there really nobody there who can help me? What for is the reset button? I wrote to the support but the last sound I heard of them was 4 days ago and I answered instantly and since then nothing. 

[Scriptmonkey_]

10 hours ago, McFly said:

Is there really nobody there who can help me? What for is the reset button? I wrote to the support but the last sound I heard of them was 4 days ago and I answered instantly and since then nothing. 

Honestly the only thing I can offer is "Try Harder" to coin a phrase.

It took me a few attempts to get the reset function to trigger but it worked for me. If there are LEDS flashing patterns that aren't related to network activity, then I'd say there is clearly something running and its down to you to figure it out. I figured out the above, you may need to do some other incantation. There are other rescue modes advertised on the openwrt docs, perhaps you booted into one of those.

Here LMGTFY: https://openwrt.org/docs/guide-user/troubleshooting/failsafe_and_factory_reset
Your description sounds like you've got it booting into the first example given.

[skibo187]

Hey Scriptmonkey_ question can you access your shark after you fixed it through a PC win10? 

I am having an issue almost like yours, I upgraded the firmware and now I can't access it through my PCwin10 BUT i can access it through my kali VM machine. any idea? I already tested the attack payload and it worked. Just can't access it through my PC. 

[Scriptmonkey_]

Not had any issues here, but I'm primarily accessing it from an Ubuntu 18.04 base. I have ssh'd to it using Windows 10 and had no issues but I'm off on leave now for the holidays so no access to it at the moment but will double check when I can.

Just to eliminate the obvious, it isn't just taking a while to regenerate its keys is it? It happens on connection so it could just be taking a while maybe?