They say that life imitates art, which in modern parlance basically means if you see something cool in a video game, movie or TV show, you might be inclined to try and build your own version. Naturally, such things generally come in the form of simple props, perhaps with the occasional embedded LED or noise making circuit. It’s not as if you can really build a phaser from Star Trek or a phone booth that’s bigger on the inside.
But after seeing the hacking quadcopter featured in the video game Watch Dogs 2, [Glytch] was inspired to start work on a real-world version. It doesn’t look much like the drone from the game, but that was never the point. The idea was to see how practical a small flying penetration testing platform is with current technology, and judging by the final build, we’d say he got his answer.
All the flight electronics are off the shelf quadcopter gear. It’s running on a Betaflight OMNIBUS F4 Pro V2 Flight controller with an M8N GPS mounted in the front and controlling the 2006 2400KV motors with a DYS F20A ESC. Interestingly [Glytch] is experimenting with using LG HG2 lithium-ion cells to power the quad rather than the more traditional lithium-polymer pack, though he does mention there are some issues with the voltage curve between the two battery technologies.
But the real star of the show is the payload: a Hak5 Pineapple Nano. As the Pineapple provides a turn-key penetration testing platform on its own, [Glytch] just needed a way to safely carry it and keep it powered. The custom frame keeps it snug, and the 5 Volt Battery Eliminator Circuit (BEC) on the DYS F20A ESC combined with a female USB port allows powering the Pineapple without having to make any hardware modifications.
We’ve seen quadcopters with digital weaponry before, though not nearly as many as you might think. But as even the toy grade quadcopters become increasingly capable, we imagine the airborne hacking revolution isn’t far away.
What does it do? It’s not clear if you don’t know the game!
The pineapple is basically a malicious router that let’s you run man in the middle and wifi eaves dropping. I’m sure it does other stuff too but those are the big ones.
Oh hey, thanks for the article :D
I also recently appeared on Hak5 with a more recent version of the drone. Here’s the video on that in case anyone wants to see it :)
Cheers!
https://youtu.be/KUCERaqSyno
With the WiFi + GPS on-board, war-driving would be piece of cake on this.
Hi,
I am Thomas Geffroyd from the WD team in Montreal. This is really amazing! I remember the inspiration for this in the game came from convos with David Maynor and @Viss :D
Cheers!
“They say that life imitates art, which in modern parlance basically means if you see something cool in a video game, movie or TV show, you might be inclined to try and build your own version.”
Spooks have all the fun gear.
“or a phone booth that’s bigger on the inside.”
It’s Toll-BOOTH
but Phone-BOX.
Because it’s … you know … like a box.
Maybe not in your country… I know that Wikipedia is not always right, but in this case it seems so…
Telephone booth
From Wikipedia, the free encyclopedia
Jump to navigation
Jump to search
“Phone Booth” redirects here. For other uses, see Phone Booth (disambiguation).
Not to be confused with Money booth or Telephone Booth (song).
Classic UK red telephone boxes
A telephone booth, telephone kiosk, telephone call box, telephone box or public call box[1][2] is a small structure furnished with a payphone and designed for a telephone user’s convenience.
In the United States and in some parts of Canada, “telephone booth” (or “phone booth”) is the commonly used term for the structure, while in the Commonwealth of Nations (particularly the United Kingdom and Australia and most of Canada), it is a “telephone box” (or “phone box”).[3]
It’s as if the Pineapple was made for this, instead of the other way around.
Because everyone is on WEP, WPS, or extremely weak WPA-PSK keys.. The Watchdogs 2 drone was basically a x-ray and lidar scanner that also hacked random RF protocol locks even though they were far away and low powered.. This uses one of those mostly useless script kiddy hak5 devices..
Maybe a downward radiating patch antenna would be a nice addition? It is likely the network you want to attack will be below the UAV.
There are plenty of stupid installations still running poor encryption, and yes, sometimes none at all. You could also fit this with a small SDR dongle and use it to receive transmissions from all over the RF spectrum while it flies around the target.
The only limitation on something like this is the operator’s imagination.
Could use an Adalam Pluto SDR and connect to it using wifi for both transmit and receive support. I have that SDR but no drone capable of lifting it yet.
none with valuable controllers or data.. RFID locks have less than a meter range and a amp for a directional would drain modern light battery tech too quick.. What was in Watchdogs 2 is basically the equivalent to RFID(xxKhz and 300-400 Mhz bands) or NFC based locks..
High-value subnets don’t even have APs and have mac filtering and IDS and sometimes auth-dongles to block rogue employee devices.. A SOHO LAN belonging to someone who uses it for anything valuable will be modern and you might find WPS enabled at best and it might not be patched.. OEM carrier WPA-PSK keys exceed the Hashcat brute-mask-parameter and aren’t unique so not in a pre-calc table..
LOL @ “High-value subnets don’t even have APs and have mac filtering and IDS and sometimes auth-dongles” – As said by someone who’s only read about security and thinks every org follows best-practice, but obviously never in life been hired to perform a commercial pentest.
“OEM carrier WPA-PSK keys exceed the Hashcat brute-mask-parameter” – too funny man.
Well, to find out if a target person is inside a building, it’s possible to just scan which MACs poll which SSIDs. That works totally fine with a WiFi Pinapple glued to a cheap drone.
Without taking anything away from this project, I just have to point out Naomi Wu’s version of this from last year. Her’s is much simpler of course, it’s more of a proof-of-concept for using an off-the-shelf drone as a malicious cargo delivery device. However, it’s a good counterpart to this drone. These guys worked to re-create fiction and did well – Wu just went and put together the kind of thing you’ld see in real life.
https://www.youtube.com/watch?v=Cdk4Zw2oYdc
What does ‘shes hot’ got to do with anything?
OP: “NOT TO TAKE ANYTHING AWAY..”
Just posting a related example of someone with similar idea.
And you hid the nail on your own head: if you need a quick and dirty way to deposit an infiltration device in a hard to reach location, you likely WONT spend the weeks, money and effort to build a beauty like this. Rather you’d tape the thing to w cheap toy and get it done.
Hence: Naomi demonstrates “getting it done dirt cheap”
We get it man…you think she’s worthy to be judged by her creations because she’s female.
Doesn’t mean that her version is not somehow related to the topic of this hack and doesn’t mean hers is not worthy being posted here in the comments.