SpiderLabs Blog

Wardrive, Raspberry Pi Style!

Written by Videoman | Dec 31, 2012 7:11:00 PM

I purchased a Raspberry Pi a few weeks back. I found that I could power it, with a WiFi card and a GPS from my 12000mah Li-Ion battery pack for about 12 hours. What a great way to explore without having to have a huge laptop or giant battery in my bag.

From that I did a little bit of driving and biking with this tool kit, passively looking for and logging networks. I could have easily used my NinjaTel phone (and will attempt this in the future), but I wanted something that I didn't have to mess with too much and would have a long battery life to "power all the things".

From this, I found that out of 6,164 APs identified, only 5% had WEP configured (which is flawed). That is a total of 327 APs that still had WEP enabled. Not to bad as a basic health check. Of course, more data would always be better.

 

Hardware Used

  • Raspberry Pi: Model B, 512Meg (Adafruit or Newark.com)
  • 32GB Class 10 SD Card (8GB or 16GB would also work)
  • RealTek USB WiFi adapter, ideally with an RP-SMA connector for an external antenna
  • Mag mount WiFi Antenna with N or RP-SMA
  • Global Positioning System receiver (GPS) that will work with GPSD, I used a Garmin 60CSx over USB
  • USB Hard drive power splitter cable for the WiFi Radio
  • NewTrent USB portable device charger, I used a 12000mah version, YMMV.

 

Hardware Notes

The Raspberry Pi model B uses 700mah of power alone. If it dips or goes below that, it crashes and will need to be manually rebooted. That is why it's very important to supply at least 1Amp (or more) to the Pi itself and use a USB power splitter cable for the Wi-Fi device. At first, the Pi was crashing when I would fire up Kismet as the USB WiFi adapter pulled more (m)amps than could be supplied from the Pi. Below is a picture of one of these said cables. Plug the pass-through port into the power, and the other into the Raspberry Pi.

 

Install the OS

The first thing to do is get the Pi OS setup. You will need to install the "Raspbian" image and set up and expand the primary partition to use an entire SD card. There are many good tutorials on this, and the Raspberry Pi site has lots of documentation.

 

Install Dependencies

Once our OS is installed, we will then need to add the necessary packages to support Kismet.

SSH into your Pi as "pi", and download the Kismet code (or add it to your apt sources):

wget http://www.kismetwireless.net/code/kismet-2011-03-R2.tar.gz

First things first, screen. Screen is a great tool for having multiple virtual "consoles" that can continue to run in the background. I use them a lot when doing pen tests. I could run Kismet in server-only mode, but I don't have a Kismet client on my stock iPad. But I do have an SSH client, so instead, I'll just run the full ncurses UI in a screen session.

This will allow me to easily detach from the session and reattach where I left off. Also, we need to install some prerequisites before we begin compiling Kismet. I'm installing TCP dump as well. It's a very valuable tool to check and verify network traffic, or just peak at the data going across a network.

sudo apt-get install screen gpsd ncurses-dev libpcap-dev tcpdump

Wait for that to finish... Get some coffee or Tea.

 

Configure GPSD

Next, configure GPSD for your equipment. As I used a USB GPS device, I just updated the file /etc/default/gpsd with my relevant hardware.

/etc/default/gpsdGPSD_OPTIONS="/dev/ttyUSB0"

 

Install Kismet

Now we get to compile and install Kismet from the source we downloaded earlier.

tar xfvz kismet-2011-03-R2.tar.gzcd kismet-2011-03-R2./configuresudo make install

This takes a while... like minutes... reminds me of the days of sub-GHz processors, oh wait that is what the Pi is. It's great for graphics, but kind of slow for compiling, and I believe that is due to the SD card bus being the bottleneck.

 

Configure Kismet

Next, to speed up the start-up of kismet, edit your /usr/local/etc/kismet.conf to point at your wireless card. Check out the Kismet README, section five, for examples for your card. Otherwise, the newer version of Kismet will ask you for the wireless interface each time it starts up.

I added the following line to the /usr/local/etc/kismet.conf config file:

 ncsource=wlan0:name=RTL8187 

 

Wardrive, Warchalk, Warwalk, Warbike!

Now plug in "all the things" and take it out on the town for a spin.

screenkismetCtrl-A-D

Go for a drive, walk, or bike (my favorite pastime) and collect some data. Then take that raw Kismet data and combine it using the netxml2kml python script. Run it through netxml2kml.py, and then import the KML data into Google Earth and plot your WiFi data. Check out which of your neighbors still have WEP. Ideally, the next feature should be showing where people still have WPS enabled, but that's for another time.