In the movies, the most-high tech stuff is always built into a briefcase. It doesn’t whether whether it’s some spy gear or the command and control system for a orbiting weapons platform; when an ordinary-looking briefcase is opened up and there’s an LCD display in the top half, you know things are about to get interesting. So is it any surprise that hackers in the real-world would emulate the classic trope?
As an example, take a look at the NightPi by [Sekhan]. This all-in-one mobile penetration testing rig has everything you need to peek and poke where you aren’t supposed to, all while maintaining the outward appearance of an regular briefcase. Well, admittedly a rather utilitarian aluminum briefcase…with antennas sticking out. OK, so it might not be up to 007’s fashion standards, but it’s still pretty good.
[Sekhan] has crammed a lot of gear into the NightPi beyond the eponymous Raspberry Pi 3B+. There’s an RFID reader, an RTL-SDR dongle, an external HDD, plus the 12V battery and 5V converter to power everything. All told, it cost about $500 USD to build, though that figure is going to vary considerably depending on what your parts bins look like.
To keep things cool, [Sekhan] has smartly added some vent holes along the side of the briefcase, and a couple of fans to get the air circulating. With these cooling considerations, we imagine you should be able to run the NightPi with the lid closed without any issue. That could let you hide it under a table while you interact with its suite of tools from your phone, making the whole thing much less conspicuous. The NightPi is running Kali Linux with a smattering of additional cools to do everything from gathering data from social media to trying to capture keystrokes from mechanical keyboards with the microphone; so there’s no shortage of things to play with.
If you like the idea of carrying around a Pi-powered security Swiss Army knife but aren’t too concerned with how suspicious you look, then the very impressive SIGINT tablet we covered recently might be more your speed. Not that we think you’d have any better chance making it through the TSA unscathed with this whirring briefcase full of wires, of course.
Signals Intelligence (SIGINT) refers to performing electronic reconnaissance by eavesdropping on communications, and used to be the kind of thing that was only within the purview of the military or various three letter government agencies. But today, for better or for worse, the individual hacker is able to pull an incredible amount of information out of thin air with low-cost hardware and open source software. Now, thanks to [Josh Conway], all that capability can be harnessed with a slick all-in-one device: the RadioInstigator.
In his talk at the recent 2019 CircleCityCon, [Josh] (who also goes by the handle [CrankyLinuxUser]) presented the RadioInstigator as an affordable way to get into the world of wireless security research beyond the traditional WiFi and Bluetooth. None of the hardware inside the device is new exactly, it’s all stuff the hacking community has had access to for a while now, but this project brings them all together under one 3D printed “roof” as it were. The end result is a surprisingly practical looking device that can be used on the go to explore huge swaths of the RF spectrum at a cost of only around $150 USD.
So what has [Josh] packed into this wireless toybox? It will probably come as little surprise to find out that the star of the show is a Raspberry Pi 3 B+, combined with a touch screen display and portable keyboard so the user can interface with the various security tools installed.
To help the RadioInstigator surf the airwaves there’s an RTL-SDR and a 2.4 Ghz nRF24LU1+ “Crazyradio”, both broken out to external antenna connectors on the outside of the device. There’s even an external SMA connector hooked up to the Pi’s GPIO pin, which can be used for low-power transmissions from 5 KHz up to 1500 MHz with rpitx. Everything is powered by a beefy 10,000 mAh battery pack which should give you plenty of loiter time to perform your investigations.
[Josh] has also written several Bash scripts which will get a trove of radio hacking tools installed on the Pi automatically, either by pulling them in through the official repositories or downloading the source and compiling them. Getting the software environment into a known-good state can be a huge time sink, so even if you don’t build your own version of the RadioInstigator, his scripts are still worth checking out.
You can do some pretty incredible things with nothing more than a Pi and an RTL-SDR, but we can’t help but notice there’s still plenty of room inside the RadioInstigator for more gear. It could be the perfect home for a Mult-RTL setup, or maybe even a VGA adapter for spoofing cell networks.
Continue reading “Mobile SIGINT Hacking On A Civilian’s Budget” →
Signals Intelligence (SigInt) isn’t something that you normally associate with home hackers, but the Deep Sweep project is looking to change that: it is a balloon platform that captures radio signals in the stratosphere, particularly conversations between drones and satellites. Created by three students at the Frank Ratchye Studio for Creative Inquiry at Carnegie-Mellon, Deep Sweep is a platform that is attached to a balloon and which captures signals over a wide range of frequencies, logging them for later analysis. The current version captures data on three frequency bands: LF/HF (10KHz-30KHz), UHF (650 – 1650MHz) and SHF (10-20GHz). The latter are often the bands used for satellite links between drones and satellites. They are difficult to intercept from the ground, as the signals are directed upwards towards the satellite. By creating a platform that can fly several kilometers above the earth, they are hoping to be able to capture some of this elusive traffic.
So far, the team has made two flights in Europe, both of which encountered technical issues. The first had a battery fault and only captured 10 minutes of data, and the second flew further than expected and ended up in Belarus, a country that isn’t likely to welcome this kind of thing. Fortunately, they were able to recover the balloon and are working on future launches in Europe and the USA. It will be interesting to see how the Department of Homeland Security feels about this.