kuyaya Posted October 20, 2019 Posted October 20, 2019 Hi Yesterday, I wasn't home so I worked with my BB on my laptop. Suddenly when I switched to arming-mode, windows said I need to format the BB before I can use it. This would delete ALL data that was stored on the BB so I didn't do it. Later, when I was back home, I tried to plug it in my PC and I got the same issue, so it's not my laptop's fault. I tried to reset it with this 3 times unplug thing in arming mode, that worked but I still got the same issue. Some sreenshots are attached below. Should I format the BB? I think it would maybe delete the whole system so I couldn't be able to use it anymore. Any solutions?
Irukandji Posted October 20, 2019 Posted October 20, 2019 9 minutes ago, bunnylover said: I tried to reset it with this 3 times unplug thing in arming mode, that worked but I still got the same issue It's four times, on the fourth time you leave it in for five minters. it's coved in this Documentation page. https://docs.hak5.org/hc/en-us/articles/360023739914-Factory-Reset And video.
kuyaya Posted October 20, 2019 Author Posted October 20, 2019 @Jtyle6 Yes, I did it exactly as shown in the video. I meant that i had to plug it in and out 3 times, and the fourth time it will recover the firmware. I also had that red/blue blinking. That was working
kuyaya Posted October 21, 2019 Author Posted October 21, 2019 I have an update! I can connect to PuTTY in arming mode (com3 and speed 115200) So I can use PuTTY but I can't access the BB files with the normal explorer. Can I fix now the BB via PuTTY?
PoSHMagiC0de Posted October 21, 2019 Posted October 21, 2019 The ability to fix the udisk (which is what you are having issues with) was made available in firmware 1.2. Version 1.2 Changelog Features - ATTACKMODE now accepts a new RO_STORAGE argument - Example: "ATTACKMODE RO_STORAGE" will now present the Bash Bunny's storage partition as read only - QUACK now accepts a new KEYCODE argument - Example: "QUACK KEYCODE 00,00,56" will write the '-' character from the numpad row - A new udisk helper was added - A 'udisk' script is now available - "udisk mount" - "udisk unmount" - "udisk reformat" - The reformat_udisk command has been merged into the new udisk command - User configuration file - A config.txt is now found on the root of the Bash Bunny's storage partition - This config.txt is sourced before payloads are executed, allowing global configurations - By default the DUCKY_LANG command is run to set the keyboard to 'us' - NOTE: settings in config.txt will be overwritten if a payload decides to do so - NOTE: config.txt will currently not survive factory resets or firmware upgrades. This will change in the future While in putty on the BB you would run "udisk reformat".
kuyaya Posted October 21, 2019 Author Posted October 21, 2019 @PoSHMagiC0de It seems like it couldn't find that command...
kuyaya Posted October 21, 2019 Author Posted October 21, 2019 When I cat version.txt it gave that output: root@bunny:~# cat version.txt 1.0_167 Seems like it resetted the whole version from 1.6 to 1.0. Is this a automatic process when you do a factory reset? Otherwise I don't know why the version resetted itself. Is there a way to update the bunny via PuTTY, since I can't access it via explorer? Or is it possible to "udisk reformat" the bunny while on version 1.0?
PoSHMagiC0de Posted October 21, 2019 Posted October 21, 2019 Hmm, at 1.0 I do not know what to do except maybe try reformat_udisk. It says in the instructions that command was sucked up into the new command. Else, someone mentioned mounting the udisk by hand to /root/udisk and formatting it with fat32 or something like that. After that it should be able to mount normally and you can rebuild the directories with that BB tool or by hand if you know the folder layout. All the partition you see when in arming mode is that udisk partition mounted.
kuyaya Posted October 24, 2019 Author Posted October 24, 2019 Hey, I have another idea. Maybe I can get access to the files when I connect the bunny with WinSCP. That's very similar to PuTTY, the difference is that it opens the files (like in windows explorer) instead of a shell. But I had an issue with that. When I tried with hostname "COM3" it gives me the error "host "COM3" doesn't exist." When I do a right-click on the Bunny_Armingmode (left side at the top) and I do "Open in PuTTY" I can login. But only with Hostname COM3. What I ask myself is, what is the correct hostname for the bunny? (basically, my idea was the when I get access to the files, I can run the bunnyupdater or just upgrade the firmware by hand, and then run udisk reformat)
PoSHMagiC0de Posted October 24, 2019 Posted October 24, 2019 I do not know how some of you end up wiping that partition. Welp, since you are on 1.0, you will have to rebuild...or reformat that partition. So....once you putty (yelp, putty no scp) into the BB and sign in, make sure you are in the /root folder and type the following. fdisk -l See if there is a nandf disk there and it is 2GB. This is the partition that holds your arming mode stuff. if it is there, then time for step 2. mount /dev/nandf /root/udisk This will mount that partition to the /root/udisk folder. Take a look inside. If it has issues mounting then it may need a good formatting which in that case you make sure the udisk is not mounting and format it like below. #unmount udisk umount /root/udisk #format to fat32 mkdosfs -F 32 -I /dev/nandf Reboot BB and see if the partition mounts in Arming mode...it should show up blank since it is blank. Now I believe that BB bunny tool will rebuild that folder and upgrade the BB for you. Advice: When you pull the BB for the flash upgrade, plug it into a dedicated USB power supply to avoid power interruptions. Also, make sure any cable you use is good.
PoSHMagiC0de Posted October 24, 2019 Posted October 24, 2019 You could also make a bash file that looks like the new udisk command and use it to rebuild your nandf. Below is a copy of the code inside it on my BB. #!/bin/bash function print_usage() { echo "udisk [ mount | unmount | remount | reformat ]" } function get_confirmation() { read -r -p "[?] Are you sure you want to reformat udisk? All files will be removed [y/N] " confirm case "$confirm" in [yY][eE][sS]|[yY]) return 0 ;; *) return 1 ;; esac } function mount_udisk() { mount -o sync /dev/nandf /root/udisk &> /dev/null return $? } function unmount_udisk() { [[ $(mount | grep /dev/nandf) == "" ]] || { sync umount /dev/nandf &> /dev/null return $? } return 0 } function reformat_udisk() { dd if=/dev/zero of=/dev/nandf bs=512 count=1 &> /dev/null mkfs.vfat -n "BashBunny" /dev/nandf &> /dev/null } function copy_files() { mkdir -p /root/udisk/loot mkdir -p /root/udisk/tools cp /root/version.txt /root/udisk cp -rf /usr/local/bunny/udisk/* /root/udisk/ &> /dev/null } function do_format() { unmount_udisk && { reformat_udisk mount_udisk && copy_files echo "[*] Udisk formatted successfully. The system will now reboot." } || { echo "[!] Error: Udisk is busy" } } case $1 in "mount") mount_udisk && echo "[*] Udisk mounted to /root/udisk" || echo "[!] Error: Udisk could not be mounted" ;; "unmount" | "umount") unmount_udisk && echo "[*] Udisk unmounted" || echo "[!] Error: Udisk is busy, could not unmount" ;; "remount") unmount_udisk && (mount_udisk && echo "[*] Udisk re-mounted to /root/udisk") || { echo "[!] Error: Udisk is busy, could not unmount" } ;; "reformat") get_confirmation && do_format && reboot ;; *) print_usage ;; esac
kuyaya Posted October 24, 2019 Author Posted October 24, 2019 First of all, there is a nandf disk with 2GB. mount /dev/nandf /root/udisk gave me that output: mount: wrong fs type, bad option, bad superblock on /dev/nandf, missing codepage or helper program, or other error In some cases useful info is found in syslog - try dmesg | tail or so. When I did "dmesg | tail" it gave me that: root@bunny:~# dmesg | tail [ 4598.080077] CPU Budget: Temperature: 69 Limit state:0 item[1200000,4,-1,0 0] [ 4598.080099] [ddrfreq] temperature=69 C, ddr freq up [ 4598.580066] CPU Budget: Temperature: 70 Limit state:1 item[1200000,3,-1,0 0] [ 4598.580081] [ddrfreq] temperature=70 C, ddr freq up [ 7076.580073] CPU Budget: Temperature: 69 Limit state:0 item[1200000,4,-1,0 0] [ 7076.580095] [ddrfreq] temperature=69 C, ddr freq up [ 7077.080058] CPU Budget: Temperature: 70 Limit state:1 item[1200000,3,-1,0 0] [ 7077.080076] [ddrfreq] temperature=70 C, ddr freq up [14808.877211] UDF-fs: warning (device nandf): udf_fill_super: No partition foun d (1) [14843.077254] UDF-fs: warning (device nandf): udf_fill_super: No partition foun d (1)
PoSHMagiC0de Posted October 24, 2019 Posted October 24, 2019 Then recreate that big old script I posted, call it something like rebuilder or something. winscp it to your /root folder. chmod a+x it and then run it with rebuilder reformat. You need to reformat the nandf drive. Or follow the section by hand in the script that does the formatting and rebuilding.
kuyaya Posted October 25, 2019 Author Posted October 25, 2019 I managed to format it to Fat32, but as you said, it is blank. Now, when I run bunnyupdater it gives me an error: Hak5 Bash Bunny Updater v1.1 [!] Error: Could not load the Bash Bunny's firmware version. [?] Please ensure that this Bunnyupdater is on the root of the Bash Bunny's storage partition. [?] Note: Alternatively, provide a path using the BUNNYPATH environment variable. [Press enter to exit] You said: Now I believe that BB bunny tool will rebuild that folder and upgrade the BB for you. Did you mean with BB bunny tool the bunnyupdater?
PoSHMagiC0de Posted October 25, 2019 Posted October 25, 2019 Does the bashbunny storage come up with a label of BASHBUNNY? It might not be labelled or the other is you are not launching it from the root of the storage partition of the BB. I do not use the updater but do everything by hand. To update, I just download the new firmware update and drop it to the root of the storage partition of BB when in arming mode, shut down bunny safely with eject and then plug it back in to a dedicated USB charger and leave it there until done. When done, it is at newest version and usually will rebuild the folders too. Never used the updater so it may just look for the BashBunny label or an environment variable pointing to where the BB is. Can't help you with updater much.
kuyaya Posted October 25, 2019 Author Posted October 25, 2019 Yessss, it works! It works perfectly as it should. The only thing left is, it doesn't show up with label BASHBUNNY, it's just USB Drive.
kuyaya Posted October 26, 2019 Author Posted October 26, 2019 Solved it by myself. I had a really strange output by the PasswordGrabber payload, so i thought it was maybe not 100% clean. But I had firmware 1.6 so I just ran udisk reformat, and everything worked perfectly, and the label is BashBunny again @PoSHMagiC0deThanks alot you really helped get to the right solution!
Recommended Posts
Archived
This topic is now archived and is closed to further replies.