Hackaday Links: January 5, 2014

hackaday-links-chain

While we can’t condone the actual use of this device, [Husam]‘s portable WiFi jammer is actually pretty cool. It uses a Raspberry Pi and an Aircrack-ng compatible dongle to spam the airwaves with deauth packets. The entire device is packaged in a neat box with an Arduino-controlled LCD and RGB LEDs. Check out an imgur gallery here.

You can pick up a wireless phone charger real cheap from any of the usual internet outlets, but try finding one that’s also a phone stand. [Malcolm] created his own. He used a Qi charger from DealExtreme and attached it to a 3D printed phone stand.

A while back, [John] noticed an old tube radio in an antique store. No, he didn’t replace the guts with a Raspberry Pi and an SD card full of MP3s. He just brought it back to working condition. After fixing the wiring (no ground cord on these old things), repairing the speaker cone, putting some new twine on the tuner and replacing the caps, [John] has himself a new old radio. Here’s a video of the complete refurbishment.

Here’s a Sega Master System (pretty much a Game Gear) running on an STM32 dev board. Also included are some ROMs for some classic games – Sonic the Hedgehog, Castle of Illusion, and The Lion King. If you have this STM Discovery board you can grab the emulator right here.

[Spencer] wanted a longer battery life in his iPhone, so he did what any engineering student would do: he put another battery in parallel.

Breadboarding something with an AVR or MAX232? Print out some of these stickers and make sure you get the pinouts right. Thanks, [Marius].

SkyJack: A Drone to Hack All Drones

skyjack

Quadcopters are gradually becoming more affordable and thus more popular; we expect more kids will unwrap a prefab drone this holiday season than any year prior. [Samy's] got plans for the drone-filled future. He could soon be the proud new owner of his own personal army now that he’s built a drone that assimilates others under his control.

The build uses a Parrot AR.Drone 2.0 to fly around with an attached Raspberry Pi, which uses everybody’s favorite Alfa adapter to poke around in promiscuous mode. If the SkyJack detects an IEEE-registered MAC address assigned to Parrot, aircrack-ng leaps into action sending deauthentication requests to the target drone, then attempts to take over control while the original owner is reconnecting. Any successfully lassoed drone doesn’t just fall out of the sky, though. [Samy] uses node-ar-drone to immediately send new instructions to the slave.

You can find all his code on GitHub, but make sure you see the video below, which gives a thorough overview and a brief demonstration. There are also a few other builds that strap a Raspberry Pi onto a quadcopter worth checking out; they could provide you with the inspiration you need to take to the skies.

[Read more...]

Cheap WiFi bridge for pen testing or otherwise

Twenty three dollars. That’s all this tiny pen-testing device will set you back. And there really isn’t much to it. [Kevin Bong] came up with the idea to use a Wifi router as a bridge to test a wired network’s security remotely. He grabbed a TP-Link TL-WR703N router, a low-profile thumb drive, and a cellphone backup battery; all cheaply available products.

No hardware hacking is necessary to connect the three components. The only other preparation needed is to reflash the router firmware with OpenWRT and load it up with common pen-testing software packages like Netcrack and Airhack.

[Kevin] calls this a drop box, because you find an Ethernet jack, plug it in, and drop it there. You can then connect to the router via Wifi and begin testing the wired network security measures. We’re sure images of espionage pop into your head from that description, but we’re certain this can be useful in other ways as well. If you ever find yourself with an Ethernet connection but no access to Wifi this is a quick way to setup an AP.

WiFi jamming via deauthentication packets

[Elliot] put together an intriguing proof-of-concept script that uses repeated deauthentication packet bursts to jam WiFi access points. From what we can tell it’s a new way to use an old tool. Aircrack-ng is a package often seen in WiFi hacking. It includes a deauthentication command which causes WiFi clients to stop using an access point and attempt to reauthenticate themselves. [Elliot's] attack involves sending repeated deauthenitcation packets which in essence never allows a client to pass any data because they will always be tied up with authentication.

After the break you can see a video demonstration of how this works. The script detects access points in the area. The attacker selects which ones to jam and the script then calls the Aircrack-ng command. If you’ve got an idea on how to protect against this type of thing, we’d love to hear about. Leave your thoughts in the comments.

[Read more...]

An interesting take on WEP cracking

[Ben Kurtz] is doing a little WEP cracking but in a bit of a different way than we’re used to. WEP cracking makes us think of war driving; driving around with your laptop open, looking for WiFi access points, and stopping to run some software when you find them. [Ben's] way is similar but different in one key way, he’s using an iPhone as the frontend.

This started as a way to find a use for some leftover equipment. He threw together a Linux box and loaded up Aircrack-ng, the software we often see used in penetration testing. To remove himself from shady-looking activities in public he coded a web interface using the Python package Turbogears. It uses screen, a program often used with SSH to run services concurrently in different terminals, with the option to disconnect without stopping the processes. Now it’s just a matter of parking the hardware near an AP, and doing the work in a browser on your mobile device. You can check out the script he wrote, as well as installation instructions, in his post linked above.

[Thanks Tech B.]

[Note: Banner image not directly related to this post]

Make iPhone a penetration testing tool

[Nicholas Petty] has posted a guide to setting up your iPhone as a penetration tester. You already carry it around with you and, although not too beefy, it does have the hardware you need to get the job done. So if you’re not interested in building a drone or carrying around a boxy access point try this out. The first step is to jailbreak your device and setup OpenSSH so that you can tunnel in for the rest of the setup. From there the rest of the setup is just acquiring build tools and compiling pentesting programs like Aircrack-ng, Ettercap, Nikto2, and the Social Engineering Toolkit. You’ll be up to no good testing your wireless security in no time.