digininja Posted September 17, 2008 Share Posted September 17, 2008 Seeing as the show is now out I can announce the url. You can get your copy of Jasager from www.digininja.org/jasager Quote Link to comment Share on other sites More sharing options...
DeepN1KE Posted September 17, 2008 Share Posted September 17, 2008 Great project mate, and I will be following this with interest as it progresses. If I can find a bargain I might even get a Fon for the lab to try this out for myself. Quote Link to comment Share on other sites More sharing options...
digininja Posted September 17, 2008 Author Share Posted September 17, 2008 Great project mate, and I will be following this with interest as it progresses. If I can find a bargain I might even get a Fon for the lab to try this out for myself. I wonder if we could organise a mass shipment from the US to the UK? Get a load shipped in in bulk then distribute them. Quote Link to comment Share on other sites More sharing options...
DeepN1KE Posted September 17, 2008 Share Posted September 17, 2008 I am sure if there was enough interest something could be arranged. Not sure how cost effective it would be, what with VAT, customs duty and alike. Quote Link to comment Share on other sites More sharing options...
skynetbbs Posted September 17, 2008 Share Posted September 17, 2008 It's correct that shop.fon.com is not selling any Fonera model 2100/2200 anymore; only the model 2201 which is basicly thesame but with an additional port... eg which makes it interesting to turn it into a firewall (wan/lan port) appliance for instance... but at www.confero24.com you can get the original accton unbranded router and they sell in UK, Europe and USA for also a cheap price; this device is by default installed with Robin Open Mesh (meraki killer) firmware but you can easily replace it with Openwrt,DDwrt or other firmware using apflash51 from the Freifunk group (opensource) btw I read something about : "and refuses to allow any packages to be installed'... perhaps you were hit by the RM/IPKG bug ? check out : http://fon.rogue.be/ to have it fixed... or you could just backup your development (scp is your tool) and reflash the device to factory defaults Quote Link to comment Share on other sites More sharing options...
digininja Posted September 18, 2008 Author Share Posted September 18, 2008 btw I read something about : "and refuses to allow any packages to be installed'... perhaps you were hit by the RM/IPKG bug ? check out : http://fon.rogue.be/ to have it fixed... or you could just backup your development (scp is your tool) and reflash the device to factory defaults I will do a re-install at some point but seeing as I only have a single Fon I didn't want to risk re-flashing it and having something go wrong before launch. I'm going to get hold of some spares so that I can make sure I always have a working one and then play with the others. Quote Link to comment Share on other sites More sharing options...
skynetbbs Posted September 18, 2008 Share Posted September 18, 2008 I will do a re-install at some point but seeing as I only have a single Fon I didn't want to risk re-flashing it and having something go wrong before launch. I'm going to get hold of some spares so that I can make sure I always have a working one and then play with the others. You could contact http://www.fondoo.net/ they have perhaps a nice stock of Classic La Fonera. On the European mainland you can get these Foneros at 12 euro in France (just take the EuroTunnel :-), Belgium (fonero.be shop on ebay), Netherlands (multimedia machines)... check out http://retail.spread-fon.com for other retailers... they aren't nicely sorted by country though :( And I believe their "retail offer" for the Classic fonera is outdated (as none in stock @ FON HQ) Offcoze you can also hack the Fonera+ using my wiki at wiki.fonboard.nl ; or using "gargoyle router" and then replace it with your madwifi drivers... But the Fonera+ FGF deal doesn't work in the UK...due to a settlement with investor British Telecom and offcoze the version from www.confero24.com should be thesame but a bit more expensive (not subsidized by Google/Ebay/Skype/...) Getting them from the US will give you 110V adaptors I guess; Getting them from the Mainland will give you European powerplugs... Quote Link to comment Share on other sites More sharing options...
digininja Posted September 18, 2008 Author Share Posted September 18, 2008 You could contact http://www.fondoo.net/ they have perhaps a nice stock of Classic La Fonera. On the European mainland you can get these Foneros at 12 euro in France (just take the EuroTunnel :-), Belgium (fonero.be shop on ebay), Netherlands (multimedia machines)... check out http://retail.spread-fon.com for other retailers... they aren't nicely sorted by country though :( And I believe their "retail offer" for the Classic fonera is outdated (as none in stock @ FON HQ) Offcoze you can also hack the Fonera+ using my wiki at wiki.fonboard.nl ; or using "gargoyle router" and then replace it with your madwifi drivers... But the Fonera+ FGF deal doesn't work in the UK...due to a settlement with investor British Telecom and offcoze the version from www.confero24.com should be thesame but a bit more expensive (not subsidized by Google/Ebay/Skype/...) Getting them from the US will give you 110V adaptors I guess; Getting them from the Mainland will give you European powerplugs... I'll have a look at these but just may try to pick a couple up when I go to Toorcon. The one I have was sent over by Darren and it has the US plug on it but the adaptor is switchable so I just plugged it into a travel converter and it worked fine. Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted September 18, 2008 Share Posted September 18, 2008 It's correct that shop.fon.com is not selling any Fonera model 2100/2200 anymore; only the model 2201 which is basicly thesame but with an additional port... eg which makes it interesting to turn it into a firewall (wan/lan port) appliance for instance... For me the fon shop shows both la fonera and la fonera+ I'll have a look at these but just may try to pick a couple up when I go to Toorcon. The one I have was sent over by Darren and it has the US plug on it but the adaptor is switchable so I just plugged it into a travel converter and it worked fine. I'll bring you a spare Fon and Fon+ at Toorcon Quote Link to comment Share on other sites More sharing options...
preciousroy Posted September 18, 2008 Share Posted September 18, 2008 Has anyone thought about ways to detect Jasager? I had nothing better to do for a few hours today and came up with a couple possibilities: Do all the fake networks share a common MAC address? Do all the fake networks share a common forward facing IP address? Is their a page on the hacked Fon that you can grab without authorization? If every router has the same exact page that's a dead giveaway. Does network-manager on Linux see multiple copies of the same router when you're near a legit and illegitimate router? If you have a directional antenna, of course, all of the networks would appear and disappear in Kismet when you point the antenna towards/away from the Fon. If any/all of these are true (with exception of the kismet test) it'd be easy enough to cook a bash script that would tell you if the skies are clear or Jasager is on the prowl. Quote Link to comment Share on other sites More sharing options...
digininja Posted September 18, 2008 Author Share Posted September 18, 2008 Has anyone thought about ways to detect Jasager? I had nothing better to do for a few hours today and came up with a couple possibilities: Do all the fake networks share a common MAC address? Yes Do all the fake networks share a common forward facing IP address? Yes Is their a page on the hacked Fon that you can grab without authorization? If every router has the same exact page that's a dead giveaway. It doesn't do it at the moment, but my suggestion is to limit all access to the device to the wired network only, when that is implemented then no. Does network-manager on Linux see multiple copies of the same router when you're near a legit and illegitimate router? I'm not sute, it doesn't send out beacons, just probe responses. If the network manager just listens to beacons then no, if it detects probe responses (which I doubt) then yes If you have a directional antenna, of course, all of the networks would appear and disappear in Kismet when you point the antenna towards/away from the Fon. They would If any/all of these are true (with exception of the kismet test) it'd be easy enough to cook a bash script that would tell you if the skies are clear or Jasager is on the prowl. It is easier than that, just send out a batch of probe requests for random SSIDs, if most or all come back then you can be pretty sure that it is some version of Karma replying. If you want to be stealthier with Jasager you could use white listing to restrict the SSIDs that you respond to. I reckon that if you did tmobile, linksys and whatever your local coffee shop uses then you'd still get a good connection rate. Quote Link to comment Share on other sites More sharing options...
preciousroy Posted September 18, 2008 Share Posted September 18, 2008 It is easier than that, just send out a batch of probe requests for random SSIDs, if most or all come back then you can be pretty sure that it is some version of Karma replying. If you want to be stealthier with Jasager you could use white listing to restrict the SSIDs that you respond to. I reckon that if you did tmobile, linksys and whatever your local coffee shop uses then you'd still get a good connection rate. Interesting. So it's not totally bulletproof out of the box but your average user will be fooled. Quote Link to comment Share on other sites More sharing options...
Matt {Undead} Posted September 18, 2008 Share Posted September 18, 2008 It seems you cant buy the old ones off the uk site, I had to pay £30 for a new version. Hope i can unlock this and get open wrt installed on it. Still waiting for it to arrive tho, been 4 days now :( Quote Link to comment Share on other sites More sharing options...
digininja Posted September 18, 2008 Author Share Posted September 18, 2008 It seems you cant buy the old ones off the uk site, I had to pay £30 for a new version. Hope i can unlock this and get open wrt installed on it. Still waiting for it to arrive tho, been 4 days now :( Whatever you do, read the jail break instructions first, if you don't and you plug the device into the internet before you should you'll get the new firmware then have a real problem getting anything else on it. Quote Link to comment Share on other sites More sharing options...
digininja Posted September 18, 2008 Author Share Posted September 18, 2008 Interesting. So it's not totally bulletproof out of the box but your average user will be fooled. Not really, it would be hard to make it undetectable without stopping it doing its job of replying to every request. Anyone looking for it would be aware enough to know if there was a real AP around with the SSID that they received, i.e. getting their home SSID sitting in an airport should be a give away. Quote Link to comment Share on other sites More sharing options...
skynetbbs Posted September 18, 2008 Share Posted September 18, 2008 Whatever you do, read the jail break instructions first, if you don't and you plug the device into the internet before you should you'll get the new firmware then have a real problem getting anything else on it. just unplug it and press the reset button to go back to the factory default firmware... the fon 2201 (the 30euro version with LAN/WAN) can be nicely jailbreaked as well... allready 3 methods out but upto now no nice guides on openwrt (paid by FON not to make it easy?) and dd-wrt as far as i notice gargoyle router has a working firmware for the fon 2201 which is based on openwrt though! yes USA has no good sales...So they still have the 110volt fonera for sale you can even buy them at Dell USA shop or in Amazon Japan shop... even on SKype SHop bundlded with a skype wifi phone i believe Quote Link to comment Share on other sites More sharing options...
preciousroy Posted September 18, 2008 Share Posted September 18, 2008 Not really, it would be hard to make it undetectable without stopping it doing its job of replying to every request. Anyone looking for it would be aware enough to know if there was a real AP around with the SSID that they received, i.e. getting their home SSID sitting in an airport should be a give away. So once I'm aware their's a Jasager around, could I then bombard it with bogus requests and cause Karma or some other component of the Fon to crash? Essentially say NEIN! Quote Link to comment Share on other sites More sharing options...
digininja Posted September 19, 2008 Author Share Posted September 19, 2008 So once I'm aware their's a Jasager around, could I then bombard it with bogus requests and cause Karma or some other component of the Fon to crash? Essentially say NEIN! Probably, but there wouldn't be much difference here with doing an association DOS on a normal AP, i.e. send loads of fake assoc packets with different MAC addresses and use that to fill the buffers. It may be a bit different in terms of buffer sizes but would probably do the same thing. Especially on a device with only 8M memory+disk. Quote Link to comment Share on other sites More sharing options...
Mike S. Posted September 19, 2008 Share Posted September 19, 2008 Does Jasager capture the SSID/Password combination of the client when it connects to the fake network? If not, is it planned to implement sutch a feature? Quote Link to comment Share on other sites More sharing options...
digininja Posted September 19, 2008 Author Share Posted September 19, 2008 Does Jasager capture the SSID/Password combination of the client when it connects to the fake network? If not, is it planned to implement sutch a feature? At the moment all it logs is the ssid, ip and date and time of connection. What passwords would you want to collect? Web, ldap, imap... Quote Link to comment Share on other sites More sharing options...
Mike S. Posted September 20, 2008 Share Posted September 20, 2008 If possible, it would be great to get the password to the network, regardless if it's WEP, WPA or WPA2. This would be a convenient way to collect passwords to networks without the need of paket injection, use of endless password lists or brute force. Ah, one more idea: Could you implement a function to send a disassociation paket to a specific workstation? Quote Link to comment Share on other sites More sharing options...
digininja Posted September 20, 2008 Author Share Posted September 20, 2008 If possible, it would be great to get the password to the network, regardless if it's WEP, WPA or WPA2. This would be a convenient way to collect passwords to networks without the need of paket injection, use of endless password lists or brute force. WEP, WPA, WPA2 don't send their passwords across the network, they exchange information which they encrypt and send send back to prove the both know the passwords. The only way I know to get a WEP key without packet capturing from the real network is to use the cafe latte attack (from the guys are Airtight I think). Ah, one more idea: Could you implement a function to send a disassociation paket to a specific workstation? Do you mean on that is associated to Jasager? If so, use the Kick MAC function, if you mean from a different AP then that would mean sniffing networks for other connections which wouldn't work too well with the card being in AP mode. Quote Link to comment Share on other sites More sharing options...
Deveant Posted September 20, 2008 Share Posted September 20, 2008 Has anyone thought about ways to detect Jasager? I had nothing better to do for a few hours today and came up with a couple possibilities: Do all the fake networks share a common MAC address? Do all the fake networks share a common forward facing IP address? Is their a page on the hacked Fon that you can grab without authorization? If every router has the same exact page that's a dead giveaway. Does network-manager on Linux see multiple copies of the same router when you're near a legit and illegitimate router? If you have a directional antenna, of course, all of the networks would appear and disappear in Kismet when you point the antenna towards/away from the Fon. If any/all of these are true (with exception of the kismet test) it'd be easy enough to cook a bash script that would tell you if the skies are clear or Jasager is on the prowl. Best way to stop it, would to, set your network connection to not Auto Connect, that way, when your down the street and you see your works connection randomly is available your less likely to click it. Also it would be possible to built a kinda a Wireless firewall for this, as soon as it detects that a new connection has been made, it would check the SSID against know SSID -> MAC address, if its incorrect, it would disconnect and or alert. New SSID's will prompt for an add to the Database. This also wouldnt be to hard to program. Quote Link to comment Share on other sites More sharing options...
digininja Posted September 21, 2008 Author Share Posted September 21, 2008 Also it would be possible to built a kinda a Wireless firewall for this, as soon as it detects that a new connection has been made, it would check the SSID against know SSID -> MAC address, if its incorrect, it would disconnect and or alert. New SSID's will prompt for an add to the Database. This also wouldnt be to hard to program. With iwconfig, you just set the MAC address of the AP you want to connect to, use the ap parameter. Quote Link to comment Share on other sites More sharing options...
syuusuke Posted September 22, 2008 Share Posted September 22, 2008 Has anyone encountered this error when installing? Also when you try and access the Jasager interface, it'll say ruby not found. I assume ruby package should be part of the requirements but it's not listed? root@OpenWrt:~# ipkg install jasager-madwifi_1.ipk Installing kmod-madwifi (2.6.21.5+r2568-20070710-atheros-2) to root... Nothing to be done Done. Collected errors: Package kmod-madwifi md5sum mismatch. Either the ipkg or the package index are corrupt. Try 'ipkg update'. root@OpenWrt:~# ipkg install jasager_1.ipk Installing jasager (1) to root... Configuring jasager chown: /karma_www: No such file or directory chown: /etc/rc.d/S91karma_ui: No such file or directory cat: /karma_www/.version: No such file or directory WARNING: Installation may have failed. Detected r is installed, but this is r0.1. Done. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.