[RELEASE][BETA] WiFi Pineapple Mark 7 2.0.0 Beta Firmware

[Sgt.Foose]

10 hours ago, dark_pyrro said:

Check this post and see if it solves things, it did for me when I dug into it to find the issue a while ago

 

True hero! It works now!

One new issue arrived, the start web server button works but also activates the START. When pressing STOP, I get "error stopping portal". The button seems out of sync allot. However, the portal does work!

[jholbrookftl]

10 hours ago, dark_pyrro said:

Check this post and see if it solves things, it did for me when I dug into it to find the issue a while ago

 

after doing this the portals are now working.

[jholbrookftl]

6 hours ago, Sgt.Foose said:

True hero! It works now!

One new issue arrived, the start web server button works but also activates the START. When pressing STOP, I get "error stopping portal". The button seems out of sync allot. However, the portal does work!

I too get this error.

[Dragorn]

Hello!  2.0.0 Beta 3 is now available!

 

This 2.0.0 Beta release offers new features, bug fixes and general improvements to all aspects of the WiFi Pineapple experience. As always, the feedback provided by members of the community has been invaluable, and continues to be used internally to build out new additions and improvements.

We hope that you enjoy the new changes, and invite you to join us on Discord and here on the forums.

To get the Beta update, simply switch to the Beta Update Channel and check for new updates. You will then be prompted with a choice to upgrade.

To see some sneak peeks of the firmware before upgrading, check the second reply to this thread.

 

Release Notes

In addition to the features in Beta 1 and Beta 2, Beta 3 brings:

• Setup
  • Revamp of the setup wizard to only require a physical button press when configuring via wireless
• UI
  • Extend login token timeout to handle NTP time resets, you'll no longer be logged out when the time jumps into the future
  • Properly update client-mode IP
• Security
  • Allow restricting the management interface to wired and management networks only (under Settings...Advanced)
• Recon
  • Properly format the encryption column for WEP networks
  • Reduce contention between Pineapple UI and PineAPd
  • Don't use cached 5GHz band recon settings if a 5GHz adapter isn't available
  • Improve PineAPd internal contention and efficiency
  • Fix PineAPd not exiting properly on kill
• Cloud C2
  • Build C2 client into firmware
• Packages
  • Enable Hak5 Community packages

[Sgt.Foose]

Great an thanks all of you for you hard work!

Just my first notice (no blame, just trying to help and learn 😉 ).

1# In the new setup process for wired, selecting wired and pressing the button 4 seconds (for wireless), will loop you through two setup processes (so had to enter root password twice etc).

2# The Evil Portal SSL issue were the Preview function is not working is not fixed in this update. (might be module related, not Firmware)

3# Evil portal START / STOP button still out of sync when pressing STOP (it also stops the webserver). (might be module related, not Firmware)

4# Airmon-ng + Airodump-ng are since 1.1.1 no longer useful via the Console (The PineAP keeps overwriting stuff which in my humble opinion isn't necessarily a bad thing but I guess it's one of the reasons why my 5GHz is not working). Maybe it should stop doing this when the PineAP suite is disabled?

5# I do also see a bunch of errors in the logs (see attached). Here is a summary of most:

Command failed: Permission denied

wlan2: disassociated from be:4e:26:ae:f4:50 (Reason: 2=PREV_AUTH_NOT_VALID)

radio2 (11048): sh: -o: unknown operand (Please ignore, I used an unsupported 5GHz USB Adapter)

radio2 (11048): command failed: Not supported (-122) (Please ignore, I used an unsupported 5GHz USB Adapter)

A default route is present but there is no public prefix on lan thus we don't announce a default route!

radio0 (5147): Failed to connect to hostapd - wpa_ctrl_open: No such file or directory

wlan0-1: IAID conflicts with one assigned to eth0

radio2 (4771): Interface 0 setup failed: BRIDGE_NOT_ALLOWED (Please ignore, I used an unsupported 5GHz USB Adapter)

/etc/rc.d/S99pineapd: [!! 30-03-2022 07:17:31] [INTERFACE] Failed to create capture pcap_handle for wlan1mon: wlan1mon: No such device exists (SIOCGIF

/etc/rc.d/S95done: /etc/rc.local: line 32: /sbin/led: not found

Failed to send to ff02::1%lan@br-lan (Address not available)

ipv6_addaddr1: Permission denied

[dark_pyrro]

When it comes to #2 and #3, I guess there will be no actual work made on those things since it's module related (that is community developed). I've seen the SSL error on 1.1.1 as well, so I think that is related to how nginx is packaged in the upstream OpenWrt repo. I seem to remember that the "stop thing" is valid for previous firmware releases as well, so I'm not sure it's something related to the beta. Can't say for sure though and I don't want to revert from the beta at the moment to check if that's the case. #4 will probably not get much attention since it's an unsupported chipset.

[Sgt.Foose]

20 hours ago, dark_pyrro said:

When it comes to #2 and #3, I guess there will be no actual work made on those things since it's module related (that is community developed). I've seen the SSL error on 1.1.1 as well, so I think that is related to how nginx is packaged in the upstream OpenWrt repo. I seem to remember that the "stop thing" is valid for previous firmware releases as well, so I'm not sure it's something related to the beta. Can't say for sure though and I don't want to revert from the beta at the moment to check if that's the case. #4 will probably not get much attention since it's an unsupported chipset.

I guess you're right, my 5GHz dongle is not supported so i changed my comments. With this update an old frustration was solved. I had to connect over wifi and disconnect to make my Lenovo USB Ethernet adapter functional. This now seems solved and after reboot, I can ping without the need to connect to Wifi so thumbs up!

[Dragorn]

Hot on the heels of Beta 3, 2.0.0 Beta 4 is now available to fix a few more outstanding issues:

• Setup
  • Fix button alignments in setup wizard in Firefox
• UI
  • Be consistent about the number of handshakes seen on various screens
  • Remove old 'News' link that didn't have new news
• Recon
  • Resolve issues with recon swamping the UI
  • Resolve issues with recon breaking during deauthentication
  • Resolve issues with recon and deauthentication with the MK7AC module
  • Be more aggessive about stopping and restarting PineAPd when needed

 

We hope that you enjoy the new changes, and invite you to join us on Discord and here on the forums.

To get the Beta update, simply switch to the Beta Update Channel and check for new updates. You will then be prompted with a choice to upgrade.

To see some sneak peeks of the firmware before upgrading, check the second reply to this thread.

[Sgt.Foose]

Beta 4 works really well to be honest, great job!

[Mr Moonlight]

I used Beta 4 on a live engagement today: working perfectly for me.

Recon is so fast now.

 

Cheers

[Dragorn]

To add on to beta 4, 2.0.0 beta 5 is now live!  This fixes a few more of the reported bugs and cleans up the experience; in addition to the fixes in previous betas, this includes:

• Networking
  • The hostname of the device can now be configured in Settings...Advanced
• Logs
  • Now able to delete logs while recon is running
• Recon
  • Deleting handshakes now works again
  • Properly respect DFS / UNII-2 / UNII-2e channels
  • Add docs to pinap.conf generation to discuss uci configs
  • Fix search in recon

We hope that you enjoy the new changes, and invite you to join us on Discord and here on the forums.

To get the Beta update, simply switch to the Beta Update Channel and check for new updates. You will then be prompted with a choice to upgrade.

To see some sneak peeks of the firmware before upgrading, check the second reply to this thread.

[jholbrookftl]

The capture handshakes button is missing in Recon in beta 5. The toggle for any handshakes is there but the button to capture per SSID is missing. I think this is a crippling bug in the firmware as this is one of the most used functions when I teach class with these things.

[Sgt.Foose]

9 hours ago, jholbrookftl said:

The capture handshakes button is missing in Recon in beta 5. The toggle for any handshakes is there but the button to capture per SSID is missing. I think this is a crippling bug in the firmware as this is one of the most used functions when I teach class with these things.

Use recover firmware. I just updated and it still shows. Jut when you select an OPEN access point, it disappears.

[jholbrookftl]

I will try this. 

[dark_pyrro]

Seems logic to me if that is the case. Not that much to capture.

[Dragorn]

All - 

Looks like there's a (relatively minor) bug in the setup process for Beta 5 (and possibly earlier).  If you encounter "Setup failed" on the final screen, go back and set up with no allow/deny filters.  We recommend defaulting to "Allow List", with no entries, for both Client Mode and Wi-Fi Mode during setup.

You can change these once setup is complete to whatever filter options you need!

[jholbrookftl]

On 4/5/2022 at 4:57 AM, Sgt.Foose said:

Use recover firmware. I just updated and it still shows. Jut when you select an OPEN access point, it disappears.

this solved the issue, must have been a weird load for the firmware. I is only missing now on open APs, as expected.

[DISHFEAR]

when doing a recon scan, if you sort by signal or dbi it will arrange them accordingly, then it looses the sorting again. was fixed in 1.1.1 and now its back to random listing

[jholbrookftl]

leaving the pineapple on for long periods of time makes joining it via the management AP very unreliable. I have reproduced this 3 days in a row now. If I leave the pineapple on for at least 6 hours joining the hidden AP fails 80+% of the time, and when I can join it, I cannot get the management interface to load. This needs to be much more reliable.

 

EDIT: even joining the open AP is very unreliable.

[Sgt.Foose]

4 minutes ago, jholbrookftl said:

leaving the pineapple on for long periods of time makes joining it via the management AP very unreliable. I have reproduced this 3 days in a row now. If I leave the pineapple on for at least 6 hours joining the hidden AP fails 80+% of the time, and when I can join it, I cannot get the management interface to load. This needs to be much more reliable.

 

EDIT: even joining the open AP is very unreliable.

 

4 minutes ago, jholbrookftl said:

leaving the pineapple on for long periods of time makes joining it via the management AP very unreliable. I have reproduced this 3 days in a row now. If I leave the pineapple on for at least 6 hours joining the hidden AP fails 80+% of the time, and when I can join it, I cannot get the management interface to load. This needs to be much more reliable.

 

EDIT: even joining the open AP is very unreliable.

I have the same issue with beta5. “Cannot join”.

[dark_pyrro]

That makes me remember that I have experienced something similar, but that wasn't related to Beta 5 specifically. It was the beta that was available around the 21st of March (which would probably be Beta 2 according to the release history). I had a short chat on Discord about it at the time, but I didn't have time to follow it up and look further into it and then..... I forgot about it. Can't say I've experienced it since though. It was basically about reconnecting to the Pineapple APs. First connection was OK, but any attempt after that resulted in not being able to get connected. Does dmesg say anything on the client that tries to connect, if running a Linux client that is. It would perhaps be interesting to look at dmesg and logread as well on the Pineapple?

[Dragorn]

Hello everyone!

2.0.0 Beta 6 is now live for the WiFi Pineapple Mark 7.  On top of all the previous beta improvements, Beta 6 brings:

• Campaigns
  • Campaign report generation works again
  • Campaign report generation now correctly reports MFP, WPA3, and other advanced encryption options.
  • Support running multiple campaigns at once properly and prevent conflicting filenames
  • Rename campaign plaintext to JSON, since it actually generates JSON records
  • Allow selecting scan band when building recon configs
  • Fix campaign timing issues not generating recon results
  • Fix campaign reports being duplicated in the UI
  • Clean up campaign scheduling and execution
  • Fix campaign reports not populating when target report dirs are empty
• Networking
  • Handle configuring supported USB Ethernet devices as static or DHCP
  • Handle UI experience disconnecting from Wi-Fi Client mode gracefully
  • Include Ethernet in the uplink/client firewall group for admin access
  • Migrate Ethernet and Wi-Fi Client mode to standard UCI groups
• PineAPd
  • Handle fallback to 2.4GHz scans if a multi-band scan was configured but a multi-band scanning radio is no longer available
  • Warn when campaigns are enabled which could interfere with settings
• Recon
  • Don't allow manual recon while there are scheduled campaigns
• Setup
  • Fix an issue where duplicate SSIDs could be entered into the setup filters which could prevent setup from continuing properly
• System
  • Go into an error state and communicate to the user when system is flashed improperly
  • Fix crond not starting until there was a crontab

[Sgt.Foose]

Yes this works much better, and also admin access through the USB Ethernet Adapter with static IP settings! Very nice thank you! 

The Evil Portal module Preview window is still broken, even after editing /etc/config/nginx (option uci_enable 'true' to option uci_enable 'false'). Is this something that needs to be fixed on the Pineapple or module side?

Status: (failed) net:ERR_CONNECTION_TIMED_OUT

[Dragorn]

Greetings all!  A new week and a new beta - 2.0.0 Beta 7; on top of all the previous betas, this includes:

• Campaigns
  • Fix broken campaign names
  • Allow changing campaign intervals
  • Fix launching campaigns from shell
  • Enable launching campaigns on-demand from the UI
  • Show campaign notifications
  • Fix typo in crontab starting half-hour campaigns at minute 36
• PineAPd
  • Enable PineAPd at all times
  • Clean up UI experience for configuring PineAP
  • Add warning about MSChapV2 auth in Enterprise
  • Refresh captured WPA Enterprise creds
  • Revamp WPA Enterprise UI for clarity
  • Always enable PineAP associations when WPA Enterprise Associations are enabled
  • Clarify authentication mode / downgrade modes
• Recon
  • Fix deleting recons leaving an empty recon behind

[c4rr3d45]

Hi all,

I would like to know if this firmware can be installed in the wifi pineapple Tetra or nano ?

Thanks