WiFi Hacking – Wardriving with an Android Phone and Raspberry Pi 3

No comments

blog3.png

Introduction:
This article is intended for anyone interested in the concept of wardriving. We will cover a written, how to, setup tutorial that will walk you through the hardware and tools needed to successfully perform wardriving. There is also a video tutorial that shows wardriving in action.

The written section is meant to be more informative and technical where the video is meant to be a visual representation of wardriving along with some setup. To get the best experience, I recommend performing the setup from the written section and then viewing the video. Either way, I hope you get some enjoyment out of this. Let’s have some fun.

Video:

 

How to:
This portion of the article focuses on how to set up your Raspberry Pi and Android phone with the appropriate tools. Once you have set everything up, feel free to watch the video for a live demonstration.

Equipment used:
-Raspberry Pi 3 with Kali installed (Amazon link)
-Android (Samsung Galaxy 8S)
-ALFA AWUS036NH wireless adapter (Amazon link)
-RavPower 22000 mAh portable battery (Amazon link)

You’ll also need a device to connect to your Raspberry Pi. In my case, I brought my WiFi Pineapple in the car with me and hosted a local wireless network. I then used SSH to connect from my laptop to the Raspberry Pi machine. You could achieve the same results by using a small switch that can be battery powered or with a mouse/keyboard/screen combo on the Raspberry Pi. My Raspberry Pi is headless, so I was forced to use my laptop in one way or another.

Tools to install:
-Kismet
-GISKismet
-GPSD
-ADB
-Share GPS (Android App)
-Google Earth (On separate PC)

You can use the following apt-gets on your Raspberry Pi:
apt-get update && apt-get upgrade
apt-get install kismet
apt-get install giskismet
apt-get install gpsd
apt-get install adb

Make sure to install Share GPS on your Android device. I paid the $1.99 for the premium version, but that is not necessary if you do not want it. For Google Earth, download and install it on a separate machine. At the time of this article, Google Earth and Raspberry Pi architecture are not compatible. I used my main Kali VM to install Google Earth.

Configuration:
There are a couple of small changes we need to make to some configuration files to get everything working properly.

For GPSD:
Edit the /etc/default/gpsd file and set START_DAEMON and USB_AUTO to “false”.

1

For Kismet:
Edit the /etc/kismet/kismet.conf file and make the following changes:

ADD -> ncsource=wlan1

2

EDIT -> listen=tcp://0.0.0.0:2501
EDIT -> allowedhosts=0.0.0.0

3

Finally, ensure gps=true:

4

We will also need OUI files for Kismet to properly identify MAC address vendors. Run the following commands to set it up:

wget -O manuf “https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob plain;f=manuf”

sudo cp manuf /etc/

Lastly, we need to configure our Share GPS. First, you should put your Android device in developer mode. Here’s a quick video on how to do that.

Once you’re in developer mode, open up Share GPS and click on “Connections”. Add a new connection using the following settings:

5

Hit “next” and set the port to 50000:

6

Select “OK”. Now, hit the ellipses in the upper right corner and select “Settings”. Make sure your settings match mine:

7

Now, go back and you should see that your newly set up connection is idle. Tap on the connection and it will switch to listening mode. We’re now ready for the next step.

Getting ready to wardrive:
It’s almost time to get in the car and do some wardriving. Let’s cover the final setup that we will need to run while we are driving around.

I’ve gone ahead and plugged my Raspberry Pi and Pineapple into my RavPower battery pack. I’ve plugged my ALFA and Galaxy 8S into the Raspberry Pi. I’ve also rebooted the Raspberry Pi, which is important.

Again, your setup may differ than mine. Once you have your setup ready, let’s connect to the Raspberry Pi. I will be using SSH from my main Kali VM to control the Raspberry Pi.

First, ensure that your wireless adapter is in monitor mode. Typically, the adapter will be sitting on wlan1, but confirm this. The commands to set wlan1 into monitor mode are:

ifconfig wlan1 down
iwconfig wlan1 mode monitor
ifconfig wlan1 up

You can use iwconfig to ensure wlan1 is in monitor mode:

8

Once you’re in monitor mode, we need to make sure our Android device is talking to the Raspberry Pi. This is where ADB comes into play. First, type in adb devices and see the results:

9

There’s a chance that your device will say “unauthorized”. If you are in developer mode, you should be prompted to trust the device you’re attached to. Sometimes, this does not pop up right away. I’ve found that changing from “File Transfer” to “MIDI” and back to “File Transfer” has prompted the pop up. You may need to toy with this for a bit. Once your device is authorized and attached, type:

adb forward tcp:50000 tcp:50000

At this point, you can check if the GPS is working. Use netcat to check the port:

nc localhost 50000

You should see GPS traffic flowing on the screen. Once you do, you can CTRL + C out and move to the next step. Now, let’s turn on GPSD:

gpsd -F /var/run/gpsd.sock tcp://localhost:50000

Again, we can confirm that GPS is working by typing:

cgps

Once you verify that GPSD is working properly, we just need to run kismet_server, which will pick up all of the information while driving. The command to run kismet_server is:

kismet_server -p /root -c wlan1 –daemonize

With kismet_server running, you can open a second terminal and run kismet_client to view the results by typing:

kismet_client

Now, go enjoy your drive and have some fun. When you’re done, come back and we will look at how to put the information into a nice Google Earth view.

Mapping your results:
Now that you’ve gone driving, we can place the results into Google Earth. Remember, Google Earth must be running on a machine other than your Raspberry Pi. First, let’s use GISKismet to port our netxml information into a SQL database:

giskismet -x yourkismetfile.netxml

You should see quite a bit of information flow through here. Once it’s done, we can extract the SQL information into a kml file. To do that, type:

giskismet -q “select * from wireless” -o test.kml

Now, place the kml file on the same machine as your Google Earth. You can then open up Google Earth and view the results:

10

Summary:
I hope you were able to have some fun with this tutorial. While there are sites that already have wardriving information out there, it’s still fun to get out and experience it on our own. You’ll notice that mostly everyone is on WPA2 and that wardriving isn’t as much of a treasure trove as it used to be. However, you still got out of the house today, and that’s always a positive for us home dwellers.

 

Wanna chat? Add me on Twitter or LinkedIn!
Veteran? Join our Slack!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s