Jump to content

[RELEASE][BETA] WiFi Pineapple Mark 7 2.0.0 Beta Firmware


Foxtrot
 Share

Recommended Posts

Hello all!

This 2.0.0 Beta release offers new features, bug fixes and general improvements to all aspects of the WiFi Pineapple experience. As always, the feedback provided by members of the community has been invaluable, and continues to be used internally to build out new additions and improvements.

We hope that you enjoy the new changes, and invite you to join us on Discord and here on the forums.


To get the Beta update, simply switch to the Beta Update Channel and check for new updates. You will then be prompted with a choice to upgrade.

To see some sneak peeks of the firmware before upgrading, check the second reply to this thread.

Release Notes:

  • This update changes the LED trigger to be more active on wlan0 activity. We're currently trialing this change. It may appear that your WiFi Pineapple is still booting, but is actually already booted fully and is now showing wlan0 activity. 
  • Since Beta 2, wireless interfaces are not destroyed by PineAP starting, instead, they are disabled and mirrored in monitor mode with the new monitor_vif tool. This prevents interface name confusion when a new wireless card is inserted into the WiFi Pineapple, while wlan1 is already in monitor mode.

Beta 2 Change Log:

  • In addition to Beta 1;
  • General
    • Include OpenWRT 21.02 community feeds and Hak5 2.0.0 feeds
  • Setup
    • Correctly load EULA and Terms of Service even when network state changes
  • UI
    • Display interface base names (wlanX) instead of multiple instances of the same interface (wlanX, wlanXmon) for recon
  • PineAPd
    • Log zero-length IE tags properly
    • Use new monitor_vif script to bring up interfaces in monitor mode while retaining original VIFs for system consistency
    • Fix several possible deadlock situations in logging
  • Recon
    • Show relative times for detected networks even when the Pineapple system time is not set correctly, by comparing time offsets with the browser.
    • Increase overall performance and stability of Recon backend
    • Use consistent interface naming for MK7AC module adapters (wlan3)

Beta 1 Change Log:

Welcome to the 2.0.0 Beta! This firmware contains significant bug fixes and feature releases
for the WiFi Pineapple Mark VII.

  • General
    • Updated to OpenWRT 21.02.1
    • Updated from kernel 4.14.180 to 5.4.154
    • Updated the Python Pineapple API
    • Updated HostAPd
    • Updated the OUI database
    • General UI stability improvements
  • Dashboard
    • Fix an issue where the MK7AC wizard would not close when clicking the 'Configure' button
  • Setup
    • Improved the dynamic layout of the Setup wizard
  • Campaigns
    • Fixed a silent error when no reports are available
  • PineAP
    • Fixed numerous crashes
    • Improved handling for Handshakes
    • Changed the default location for Log and Recon databases to /root/
    • Added a README to the default handshakes location (/root/handshakes)
    • Improved the bring-up time for the Management, Open, and Evil WPA Access Points
    • Management Access Point no longer requires the password to change the SSID and Hidden/Disabled toggles
    • Evil WPA Access Point now has the "Confirm Password" field auto populated
  • Recon
    • Add detection for WPA3 Access Points
    • Add detection for newer 802.11 authentication suites
    • Add a new tagged parameter view for Access Points
      • View the tagged parameters and their hexadecimal values for a given Access Point.
    • Add a column for MFP (Management Frame Protection) state
    • Simplified the Security column
    • Add a security summary dialog for Access Points
    • Fixed a rare error where the Recon database couldn't be opened
    • Performance improvements when fetching Recon data
    • Implement an Auto Handshake Capture mode
      • When enabled, WPA Handshakes will be captured whenever they are seen, regardless of whether a handshake capture is running
    • Overhauled the Handshakes View
      • Handshake listings now show the Client MAC, and also show the messages that were captured
    • Improved handling of deauthentication attacks
    • Improved the dynamic layout of the Recon page
    • Fixed an issue where some channels in the Channel Distribution chart would have a grey colour
    • Improved the Channel Distribution chart axis ticks
    • Add an icon to table rows to further distinguish Clients from their associated Access Point
    • A spinner is now shown when a deauthentication attack has been started
    • Show an informative message for Access Points or Clients with MFP enabled when trying to perform deauthentication attacks against them
    • Show the associated SSID for a selected Client in it's sidebar
    • Show the OUI vendor name for the selected Client in it's sidebar
  • Logging
    • Fixed an issue where the wrong database would be accessed if the Logging location was changed
  • Settings
    • Network keys are now redacted from a generated debug log

 

We will be paying close attention to the thread and the Discord channel (#wifi-pineapple) for the duration of the Beta, so please share any feedback or reports in those places, thanks!

  • Like 3
Link to comment
Share on other sites

Improved Handshake Handling & Auto Handshake Capture

With this release, vast improvements have been made both internal to the system and external to the user to make capturing of handshakes more efficient, reliable and generally easier. On the user facing side, this begins with a redesigned Handshakes tab in Recon, which now shows you which specific EAPOL messages and Beacons have been captured, as well as the Client MAC for a given Handshake.

image.png

As well as this change and improved behind-the-scenes handling, a new mode toggle for Recon has been added to capture Handshakes whenever they are seen in the air while channel hopping. This is in contrast to the "Capture WPA Handshakes" button that appears when you select an Access Point.

The "Capture WPA Handshakes" button has been kept, however, for targeted captures of Access Points on specific channels.

image.png

 

Improved Security Parsing

With this release, there has also been improvements to the security parsing of Recon results, and now detects WPA3 SAE, OWE and Enterprise networks. There is also a new dialog for detailing an Access Point's security, down to the detected cipher suites and authentication schemes.

image.png

In addition to the parsing of the new security suites, detection has been added for Suite B, SHA256/SHA384 and more. You can now also view the Management Frame Protection (802.11w) state of a discovered Access Point.

image.png

(You may turn the MFP column on by clicking the Settings wheel and sliding the "Show MFP" toggle on).

Tagged Parameters

As the WiFi-savvy among you may know, 802.11 Management Frames can contain a variety of Tagged Parameters that contain information such as the SSID, Channel, and more. In this release, you can now view each tag for a given Access Point and it's associated data.

image.png

These new dialogs can be accessed by clicking on any AP in Recon, and using the new buttons on side bar, under the "More Details" banner.

  • Like 3
Link to comment
Share on other sites

  • Foxtrot changed the title to [RELEASE][BETA] WiFi Pineapple Mark 7 2.0.0 Beta Firmware
  • Foxtrot unlocked this topic

A few observations after a very brief session with the new firmware. 3 packages will not install MACinfo, MDK4, and Locate. Scanning both bands with the hak5 5G module seems to be very sporatic, sometimes I get the expected results, most of the time I do not get any 5G APs or only get a partial listing. I had to increase the scanning time to 5 minutes, up from 2, to get results that made sense more often. I keep getting logged out at random, this happens frequently. Though I did not try for very long, I was not able to capture any handshakes, this is possibly not an issue as I only spent about 5 minutes trying, the AP I was deauthing (I own it) was showing fairly low signal and may have been too far away for reliable results.

 

I will do some more testing tomorrow. I have reinstalled the firmware and had the same results before and after.

Link to comment
Share on other sites

some more observations from this morning's testing

Will not capture handshakes while connected to an AP for uplink

 

Will not capture handshakes unless actively scanning

 

Starting scan sometimes provides old results, ex. I removed the 5Ghz module, rebooted the device, started a scan, and was given results showing 5G access points. This should not be possible using only the 3 internal radios which are 2.4ghz only.

 

Reconfirming wlan1 for the recon interface then starting a new scan seems to have cleared the incorrect AP results. Stopping then restarting the scan causes the incorrect results to return.

Link to comment
Share on other sites

The handshake capture seems to be very unreliable in this version, I had to put the pineapple into a very controlled environment to capture a handshake. I had to position the pineapple between the client and AP and manually disconnect then reconnect the client to capture a handshake. I cleared the capture then tried deauthing the same client in the same configuration and was not able to get the client to drop or to capture a handshake. it is as if it is not actually deauthing. I will try again shortly with a device that has wireshark on it to see if it is actually transmitting the deauth frames.

Link to comment
Share on other sites

Some more additional testing. I am able to confirm it is broadcasting deauth frames, however it seems to send numerous frames 25+ for each client, this seems excessive. I was able to take Kali and capture a handshake using wifite in passive mode, however the pineapple was not able to capture it setting beside the laptop. I have reinstalled 1.1.1 on the same hardware and was able to deauth and capture the handshake from the same AP. This is a remote AP that I set up at the edge of my property to test with.

Link to comment
Share on other sites

Mmm normal handshakes seem no problem with 2.0.0. for me, but it might take a while and I also discovered that when you log-out and back in, stuff is visible all sudden, so give that a try!

Anyway, here is video of version 1.1.1 which does capture but where it didn't show me data (see around 2.50 minutes) because my connection dropped:

 

Link to comment
Share on other sites

9 hours ago, Sgt.Foose said:

Mmm normal handshakes seem no problem with 2.0.0. for me, but it might take a while and I also discovered that when you log-out and back in, stuff is visible all sudden, so give that a try!

Anyway, here is video of version 1.1.1 which does capture but where it didn't show me data (see around 2.50 minutes) because my connection dropped:

 

I've let it run for hours with handshake capture on only to get one or 2. I've also actively deauthed clients with no success. I plan to mess it with some more this weekend, however I have run it beside one of my other pineapples and the difference in capture performance is daylight and dark.

Link to comment
Share on other sites

6 hours ago, jholbrookftl said:

I've let it run for hours with handshake capture on only to get one or 2. I've also actively deauthed clients with no success. I plan to mess it with some more this weekend, however I have run it beside one of my other pineapples and the difference in capture performance is daylight and dark.

Yeah, it's not like your going to catch like 15 handshakes in one hour or so. I have like 5 usable handshakes after one night. I think the reason is because not every wifi has clients connected and if they do, they might simply be out of range for your Pineapple to man-in-the-middle. Even if you do capture allot (which my Kali machine does sometimes), you will most likely not be able to crack them. For instance a 12 character password with smalls, caps, digits and special characters, would take 600 years to crack, even with a fast GPU using Hashcat for windows. It's better to trick them using an Evil Portal I guess. 

 

 

Link to comment
Share on other sites

26 minutes ago, Sgt.Foose said:

Yeah, it's not like your going to catch like 15 handshakes in one hour or so. I have like 5 usable handshakes after one night. I think the reason is because not every wifi has clients connected and if they do, they might simply be out of range for your Pineapple to man-in-the-middle. Even if you do capture allot (which my Kali machine does sometimes), you will most likely not be able to crack them. For instance a 12 character password with smalls, caps, digits and special characters, would take 600 years to crack, even with a fast GPU using Hashcat for windows. It's better to trick them using an Evil Portal I guess. 

 

 

I should when I am actively deauthing clients in a controlled test. Whether I can crack them or not is irrelevant to the discussion at hand. I have multiple pineapples, I have the beta on one of them and latest release on another and place them close together. I run the same series of tests on each one and the beta has almost no handshake captures where the release has numerous. You are also talking about using them passively, I am talking about using them actively, I am not simply putting it out there and waiting, I am performing a simulated active attack rather than passive.

Link to comment
Share on other sites

If there is someone who can help me in the new beta (already posted), I would be grateful. I'm facing with same issues as mentioned above:

  • Quote

    The handshake capture seems to be very unreliable in this version

    Confirm - it's very difficult for me as well

  • Quote

    Will not capture handshakes unless actively scanning

    Correct, I was able to capture handshakes once in 8hr of work with MK7 just when scan was set to continuous

  • Quote

    Starting scan sometimes provides old results

    True, steps to reproduce are smth like:

    • turn on continuous scan

    • capture handshakes from victim's AP

    • turn off scan

    • turn off capturing

    • turn on scan again

 

 

 

Link to comment
Share on other sites

On 3/25/2022 at 8:33 AM, unamed said:

Need to mention that Evil Portals downloaded from Github doesn't work as well neither with PineAP (Advanced) Settings nor with Open Access Point. Have you faced with same issue?

I have not tried, share the link to the ones you are using and I'll try on my device, though I have to admit I do not use these typically and will have to mess around with it to figure it out.

Link to comment
Share on other sites

13 minutes ago, jholbrookftl said:

well, I would love to help test, however, I cannot get the pineapple to download the dependencies.

Do opkg update in the console and see if you can ping example.com. I just reinstalled my Pineapple with 2.0.0. Beta and it worked. Be aware 2.0.0. Still has an issue with the EP. Version 1.0.2 works 100% (check my videos) 

Link to comment
Share on other sites

  • Dragorn unpinned and unfeatured this topic

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...