Monday, October 17, 2016

War Pi 2.1

After a lot of use of wigle.net on a dedicated android phone I decided to extend my wifi discovery adventures (known as War Driving) to include a higher power rig with more radios and better antennas for greater network coverage.

This was built modeled after the work of Scott Christie's SANS white paper and TeamBSF's War Pi 2.0:

Hardware


I recommend starting with the two guides listed above; you might run into some of the same problems I ran into, if so below are few scratch pad notes I made to resolve the issues. 


The Wireshark MAC Manufacture list link needs to be updated to:


SystemD is your enemy, GPSD needs a SystemD script to start and to configure systemd's systemctl to start and enable the service:

Adding the contents of /lib/systemd/system/gpsd.socket[Unit]Description=GPS (Global Positioning System) Daemon Sockets[Socket]ListenStream=/var/run/gpsd.sockListenStream=[::1]:2947ListenStream=0.0.0.0:2947SocketMode=0600[Install]WantedBy=sockets.target

Kismet config now lives in:

/etc/kismet/kismet.conf

Make sure to read the docs on how to configure your Kismet appropriately, channellist behavior is now different than some of the older tutorials:


The wpa_supplicant is your enemy and disabling it is a dark art, all of these steps need to be taken:

The scripts responsible for configuring wireless network interfaces at boot are located in
  /etc/network/{if-pre-up.d,ip-up.d,if-down.d,if-post-down.d}
Each of these directories contains a wpasupplicant file, which is just a symbolic link to /etc/wpasupplicant/ifupdown.sh, a script that states, in its header:
  #####################################################################
  ## Purpose
  # This file is executed by ifupdown in pre-up, post-up, pre-down and
  # post-down phases of network interface configuration. It allows
  # ifup(8), and ifdown(8) to manage wpa_supplicant(8) and wpa_cli(8)
  # processes running in daemon mode.
  #
  # /etc/wpa_supplicant/functions.sh is sourced by this file.
There is no reference to wpa_supplicant per se in this file, but the reference is in functions.sh, the file sourced by wpasupplicant. It contains the following lines:
  WPA_SUP_BIN="/sbin/wpa_supplicant"
  ....
  start-stop-daemon --start --oknodo $DAEMON_VERBOSITY \
  --name $WPA_SUP_PNAME --startas $WPA_SUP_BIN --pidfile $WPA_SUP_PIDFILE \
   -- $WPA_SUP_OPTIONS $WPA_SUP_CONF
  ....
  start-stop-daemon --stop --oknodo $DAEMON_VERBOSITY \
  --exec $WPA_SUP_BIN --pidfile $WPA_SUP_PIDFILE
These are the two calls you wish to modify.

1 comment:

  1. Great post! And in service of a great cause, the trip looked legit.

    I ended up on a USB Type-C phone recently, and at first I was annoyed that I'd need to replace all my micro-USB cables and chargers. The high amperage USB Type-C chargers are pretty amazing though. 0 to 80% charge in ~15m or so.

    I did grab a handful of adapters, which work ok. Obviously same old (slow) micro USB charging speed, but often that's fine. The glue holding their housings on wears out quickly, though, which is just cosmetic, but still. https://www.amazon.com/gp/product/B0151RKYBG/

    ReplyDelete