WiFi Pineapple + Kismet + gpsd + dump1090 = your SIGINT box :)

[lholo]

https://www.linkedin.com/posts/lcrahay_got-it-all-working-together-wifi-pineapple-activity-6966709291420426241-L_Q8?utm_source=share&utm_medium=member_desktop

[lholo]

Hi all, sorry the previous link is only available via LinkedIn... and couldn't attach a picture here...
but goal was to use the pineapple as a recon-all-the-things box or a SIGINT mobile setup

here are the technical steps summarized...

Inspired by Glytch - Adding GPS to Tactical WiFi Pineapple and this post https://forums.hak5.org/topic/33855-warwalking-redux-and-a-question/#comment-252170

I used the same USB hub Amazon.com: SABRENT 4 Port Portable USB 2.0 Hub (9.5" Cable) for Ultra Book, MacBook Air, Windows 8 Tablet PC (HB-MCRM) : Electronics>

the usb hub has 4 ports USB 2.0 , 

- mk7 adapter

- RTL-SDR/ADS-B dongle

- GPS dongle

- .... any idea?? 🙂

maybe Bluetooth..

purchased a GPS dongle

Amazon.com: HiLetgo VK172 G-Mouse USB GPS/GLONASS USB GPS Receiver for Windows 10/8/7/VISTA/XP : Electronics
and used a standard RTL-SDR 

NESDR Mini 2+ 0,5 PPM TCXO RTL-SDR & A-DS-B Récepteur USB avec antenne, support à ventouse et adaptateur SMA femelle. Tuner RTL2832U & R820T2, récepteur radio défini par logiciel : Amazon.fr: Informatique

Then added the following packages from the OpenWRT repo with the opkg install command,

	↓ Name	Version	Dependencies	...........................................Description...........................................	File size	Installed size	License	Maintainer	Bug report	Source code
utilities	readsb	3.8.3-2	libc, libncurses6, libpthread, librt, librtlsdr	Mode-S/ADSB/TIS decoder for various devices (readsb)	74kB	73kB	GPL-3.0-or-later	Stijn Tintel	Bug reports	Sources
utilities	viewadsb	3.8.3-2	libc, libncurses6	Mode-S/ADSB/TIS decoder for various devices (viewadsb)	51kB	50kB	GPL-3.0-or-later	Stijn Tintel	Bug reports

utilities	dump1090	4.0-1	libc, libncurses6, librtlsdr, uhttpd	Dump1090 is a Mode S decoder specifically designed for RTLSDR devices.	3162kB	3169kB	GPL-2.0-or-later	Álvaro Fernández Rojas	Bug reports	Sourc
utilities	dump1090	4.0-1	libc, libncurses6, librtlsdr, uhttpd	Dump1090 is a Mode S decoder specifically designed for RTLSDR devices.	3162kB	3169kB	GPL-2.0-or-later	Álvaro Fernández Rojas	Bug reports	Sources
libraries	librtlsdr	0.6.0-2	libc, libpthread, librt, libusb-1.0-0	rtl-sdr allows DVB-T dongles based on the Realtek RTL2832U to be used as an inexpensive SDR.   This package contains the librtlsdr shared library.	19kB	18kB	GPLv2	Vasilis Tsiligiannis	Bug reports	Sour

utilities	rtl-ais	0.3-4	libc, libpthread, librt, librtlsdr	rtl_ais uses a rtl2832u dvb-t dongle to tune AIS (Automatic Identification System) used on ships and by vessel traffic services	15kB	14kB	GPL-2.0-or-later	Nuno Goncalves	Bug reports	Sources
libraries	librtlsdr	0.6.0-2	libc, libpthread, librt, libusb-1.0-0	rtl-sdr allows DVB-T dongles based on the Realtek RTL2832U to be used as an inexpensive SDR.   This package contains the librtlsdr shared library.	19kB	18kB	GPLv2	Vasilis Tsiligiannis	Bug reports	Sources
utilities	rtl-sdr	0.6.0-2	libc, libpthread, librt, librtlsdr	rtl-sdr allows DVB-T dongles based on the Realtek RTL2832U to be used as an inexpensive SDR.   This package contains the utilities and daemons.	43kB	43kB	GPLv2	Vasilis Tsiligiannis	Bug reports	Sources

 

From <https://openwrt.org/packages/table/start?datasrt=version-short&dataflt%5BDescription_wiki%2A~%5D=DVB-T>

then I also used a couple of of custom IPKs from that github

 GitHub - adde88/openwrt-useful-tools: A repo containing different tools compiled specifically for the Hak5 WiFi Pineapple MK6 and MK7.

kmod-rtl88x2bu_4.14.248+2021-01-21-48e7c19c-1_mipsel_24kc.ipk

librtlsdr_0.6.0-2_aarch64_cortex-a72.ipk

libwifi_0.0.1-1_mipsel_24kc.ipk

python3-cython_0.29.21-1_mipsel_24kc.ipk

python3-numpy_1.19.1-1_mipsel_24kc.ipk (this one is a tricky one / as the archittecture seems not supported / but still Kismet can work...)

python3-websockets_8.1-1_mipsel_24kc.ipk

readsb_3.8.3-2_aarch64_cortex-a72.ipk
python3-protobuf_3.13.0-1_mipsel_24kc.ipk
rtl_433_20.11-1_aarch64_cortex-a72.ipk
rtl-ais_0.3-4_aarch64_cortex-a72.ipk
rtl-sdr_0.6.0-2_aarch64_cortex-a72.ipk
viewadsb_3.8.3-2_aarch64_cortex-a72.ipk

optional : still to be tested bettercap_2.32.0-1_mipsel_24kc.ipk

Kismet;

opkg install kismet and need capture packages (the ADS one may give error because of the python-numpy package -> use the custom ipk from below = python3-numpy_1.19.1-1_mipsel_24kc.ipk )

to see all pakages for kismet opkg list | grep kismet

for the Dump1090 config

mkdir -p /var/run/dump1090
touch /var/run/dump1090/aircraft.json

and launch Dump1090 = dump1090 --quiet --write-json /var/run/dump1090

GPS - opkg install gpsd gpsd-clients

plug the usb dongle

then dmesg | grep tty or lsusb

should show you your GPS dongle either ttyACM0 or ttyUSB0

launch gpsd /dev/ttyACM0 or gpsd  /dev/ttyUSB0

to test your GPS => gpsmon or cgps (should return "caught signal ..."

-> should display RAW data and coordinates of your GPS (will blink green... always a good sign 🙂 )

you will now have your gpsd running on localhost:2947

then configure kismet

nano /etc/kismet/kismet.conf 

locate the lines for GPSD

and add/uncomment the following line "gps=gpsd:host=localhost,port:2947"

launch kismet either via 

kismet or kismet -g localhost:2947

kismet is now available on your WiFi Pineapple => http://172.16.42.1:2501

to test your RTL-SDR dongle;

rtl_sdr -d 0

rtl_test

rtl_fm

the pineapple was powered by a 20.000 mAh USB powerbank

being locate in Europe, Belgium; Brussels Capital, the National Airport is just a few Kilometers (Miles) away, I could spot 10 planes in 10-15 minutes.
be sure your rtl-sdr antenna has open skies... 

PS: never unplug/plug (or even play) with your antennas when the device is powered on... you may fry something...

all references;

https://forums.hak5.org/topic/34942-setting-system-time-using-gps-nmea-0183-strings/#comment-259455

https://forums.hak5.org/topic/55361-how-to-install-working-kismet-on-mkvii/#comment-339926

https://flylib.com/books/en/2.434.1/hack_22_map_wi_fi_networks_with_kismet_and_gpsd.html
https://www.kismetwireless.net/docs/readme/kml/

 

useful note (cannot find back the source, sorry)

"- CONFIGURING KISMET - The Kismet capture driver is implemented as a Python datasource; you will need the Kismet-related Python modules from the python_modules/ directory of Kismet (which will be installed automatically in most cases). The rtladsb support also requires the NumPy Python module; you can typically get this as a package from your distribution (often python-numpy) or via pip. rtlsdr hardware will be automatically detected and shown in the Datasources window, or it can be configured as 'rtladsb-X', where 'X' is the radio you wish to use. If you have only one radio, this will always be zero; for instance: source=rtladsb-0:name=some_sdr"

Thanks to the all HAK5 Community for making this crazy setup possible and their inspirations...

PS: why not plug a WiFi Coconut into my WiFi Pineapple? why? Why not? it is fun for techies 🙂

(sponsorship for a coconut hosted in Belgium anyone?)

Hope those instructions help

Take care

Have fun / Hack yourself first

Lho