wismna / hackpi Goto Github PK

Hacking tool inside a Raspberry Pi zero

Shell 100.00%

gadget raspberry-pi ethernet-gadget driver bridge linux usb-controller

hackpi's Issues

WINDOWS OS

THIS WORK IN WINDOWS 7 AND 10?
thanks for ur understanding and ur hard work u do to make us hack other cookies while eating cookies

Hi，Is it possible to improve Poisontap and Responder in HackPi following the specific configuration manual, or POC tutorial? It's too complicated for the novice.
There is a problem, HackPi can integrate Browser Exploit? At the same time be able to do HID (keyboard input) attack?

will this work on win 7?

Implemented recently?

Hi just checking in if this has been deployed recently and successfully on a raspberry pi zero /w?

I followed the instructions to run the standard install.sh script but had failures detecting the kernel and then the device would not get detected on MacBook, only Windows would see the device and the DHCP component tied to PoisonTap would not work on Windows, no DHCP address of 1.0.0.1 was handed out.

wireless interface don't work?

I have installed the finished, and in the WIN 10 plug USB test is good。
But the raspberry independent power supply to start (do not plug PC USB) wireless interface can not be used, iwlist can scan to SSID, but can not connect to wifi, this is normal?

works with windows 7

Trying to add keyboard to gadget

Hi,

First thanks for your great work :) I have been using your repository for my testings on PoisonTap and love it.

I have been trying to add a keyboard gadget without much success.

I modified the gadget.sh like this:

#!/bin/sh
#
# HackPi
#  by wismna
#  http://github.com/wismna/raspberry-pi/hackpi
#  14/01/2017
#

cd /sys/kernel/config/usb_gadget/
mkdir -p hackpi
cd hackpi

OS=`cat /home/pi/os.txt`
HOST="48:6f:73:74:50:43"
SELF0="42:61:64:55:53:42"
SELF1="42:61:64:55:53:43"
SELF2="42:61:64:55:53:43"

echo 0x04b3 > idVendor
echo 0x4010 > idProduct

echo 0x0100 > bcdDevice # v1.0.0
mkdir -p strings/0x409
echo "badc0deddeadbeef" > strings/0x409/serialnumber
echo "wismna" > strings/0x409/manufacturer
echo "PiZero" > strings/0x409/product

if [ "$OS" != "MacOs" ]; then
        # Config 1: RNDIS
        mkdir -p configs/c.1/strings/0x409
        echo "0x80" > configs/c.1/bmAttributes
        echo 250 > configs/c.1/MaxPower
        echo "Config 1: RNDIS network" > configs/c.1/strings/0x409/configuration

        echo "1" > os_desc/use
        echo "0xcd" > os_desc/b_vendor_code
        echo "MSFT100" > os_desc/qw_sign

        mkdir -p functions/rndis.usb0
        echo $SELF0 > functions/rndis.usb0/dev_addr
        echo $HOST > functions/rndis.usb0/host_addr
        echo "RNDIS" > functions/rndis.usb0/os_desc/interface.rndis/compatible_id
        echo "5162001" > functions/rndis.usb0/os_desc/interface.rndis/sub_compatible_id
fi

# Config 2: CDC ECM
mkdir -p configs/c.2/strings/0x409
echo "Config 2: ECM network" > configs/c.2/strings/0x409/configuration
echo 250 > configs/c.2/MaxPower

mkdir -p functions/ecm.usb0
# first byte of address must be even
echo $HOST > functions/ecm.usb0/host_addr
echo $SELF1 > functions/ecm.usb0/dev_addr

# Create the CDC ACM function
mkdir -p functions/acm.gs0

mkdir -p functions/hid.usb0
echo 1 > functions/hid.0/protocol
echo 1 > functions/hid.0/subclass
echo 8 > functions/hid.0/report_length
echo -ne \\x05\\x01\\x09\\x06\\xa1\\x01\\x05\\x07\\x19\\xe0\\x29\\xe7\\x15\\x00\\x25\\x01\\x75\\x01\\x95\\x08\\x81\\x02\\x95\\x01\\x75\\x08\\x81\\x03\\x95\\x05\\x75\\x01\\x05\\x08\\x19\\x01\\x29\\x05\\x91\\x02\\x95\\x01\\x75\\x03\\x91\\x03\\x95\\x06\\x75\\x08\\x15\\x00\\x25\\x65\\x05\\x07\\x19\\x00\\x29\\x65\\x81\\x00\\xc0 > functions/hid.0/report_desc


# Link everything and bind the USB device
if [ "$OS" != "MacOs" ]; then
        ln -s configs/c.1 os_desc
        ln -s functions/rndis.usb0 configs/c.1
fi

ln -s functions/ecm.usb0 configs/c.2
ln -s functions/acm.gs0 configs/c.2
ln -s functions/hid.usb0 configs/c.2
# End functions
ls /sys/class/udc > UDC

But Im receiving a kernel panic on boot like this one:

[   24.552717] Unable to handle kernel NULL pointer dereference at virtual address 00000002
[   24.558020] pgd = d8534000
[   24.563353] [00000002] *pgd=18d4c831, *pte=00000000, *ppte=00000000
[   24.568837] Internal error: Oops: 17 [#1] ARM
[   24.574084] Modules linked in: usb_f_hid usb_f_acm u_serial usb_f_rndis bnep hci_uart btbcm bluetooth bridge stp llc brcmfmac brcmutil snd_bcm2835 cfg80211 snd_pcm rfkill snd_timer snd bcm2835_gpiomem uio_pdrv_genirq uio fixed usb_f_ecm u_ether libcomposite dwc2 udc_core ipv6 [last unloaded: usb_f_rndis]
[   24.586514] CPU: 0 PID: 818 Comm: ls Not tainted 4.9.24+ #993
[   24.592339] Hardware name: BCM2835
[   24.598413] task: d8d3c420 task.stack: da686000
[   24.604646] PC is at alloc_ep_req+0x30/0xa8 [libcomposite]
[   24.610500] LR is at 0x0
[   24.616628] pc : [<bf0b6fe8>]    lr : [<00000000>]    psr: a0000013
sp : da687d98  ip : 00000000  fp : da687db4
[   24.628734] r10: da6622c8  r9 : d8cd56c4  r8 : da662270
[   24.634894] r7 : d8cd56a8  r6 : d8cd7f80  r5 : da649a90  r4 : 00000000
[   24.640883] r3 : d8cd7fb4  r2 : 00000000  r1 : 00000000  r0 : d8cd7f80
[   24.646878] Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
[   24.653058] Control: 00c5387d  Table: 18534008  DAC: 00000055
[   24.658985] Process ls (pid: 818, stack limit = 0xda686188)
[   24.665233] Stack: (0xda687d98 to 0xda688000)
[   24.671503] 7d80:                                                       00000003 da662270
[   24.677587] 7da0: 00000004 bf43cc80 da687dec da687db8 bf43b7f0 bf0b6fc4 bf4364ac bf0b1428
[   24.684054] 7dc0: 00000000 da687dd0 da68cd80 da662270 d8cd56a8 da67e5e0 d8cd571c da662270
[   24.690461] 7de0: da687e04 da687df0 bf0b20c0 bf43b75c d8cd56a8 da67e68c da687e3c da687e08
[   24.696805] 7e00: bf0b6384 bf0b2050 da5a5d10 da67e654 c013eb30 da5ae600 bf07bea4 da67e5e0
[   24.703416] 7e20: da67e5e0 bf07be98 00000000 d84f8000 da687e5c da687e40 bf079838 bf0b6144
[   24.709768] 7e40: 00000000 da5ae600 bf07bea4 da64bfe0 da687e84 da687e60 bf079d68 bf079808
[   24.716468] 7e60: 00000032 da64bfe0 d8d73700 da67e400 da67e590 0000000d da687eac da687e88
[   24.723184] 7e80: bf0b6d10 bf079c74 0000000d d8d73700 d8d73718 da687f80 d8c1a320 b6f82000
[   24.729725] 7ea0: da687edc da687eb0 c01baf30 bf0b6c6c da687f80 d8c1a320 da687f80 b6f82000
[   24.736592] 7ec0: da687f80 0000000d da686000 00000000 da687f4c da687ee0 c0143dec c01bae68
[   24.743193] 7ee0: b6f82000 da687fb0 01b73df8 00000000 da687fac da687f00 c0009204 c05d40f0
[   24.750081] 7f00: 593071f9 1312cebc 00002919 da459554 00000003 00001000 00000000 c0144be8
[   24.756947] 7f20: da686000 c0147320 da687f4c 0000000d d8c1a320 b6f82000 da687f80 c000ffc4
[   24.763685] 7f40: da687f7c da687f50 c0144c24 c0143dc0 00000002 d8c1a322 d8c1a320 d8c1a322
[   24.770704] 7f60: 0000000d b6f82000 c000ffc4 da686000 da687fa4 da687f80 c0145d34 c0144b80
[   24.777506] 7f80: 00000000 00000000 0000000d b6f82000 b6ef9b40 00000004 00000000 da687fa8
[   24.784647] 7fa0: c000fe40 c0145cec 0000000d b6f82000 00000001 b6f82000 0000000d 00000000
[   24.791555] 7fc0: 0000000d b6f82000 b6ef9b40 00000004 0000000d b6f82000 0000000d 00000000
[   24.798715] 7fe0: 00000000 bec1a85c b6e27008 b6e7e89c 60000010 00000001 00000000 00000000
[   24.806068] [<bf0b6fe8>] (alloc_ep_req [libcomposite]) from [<bf43b7f0>] (hidg_bind+0xa0/0x258 [usb_f_hid])
[   24.813255] [<bf43b7f0>] (hidg_bind [usb_f_hid]) from [<bf0b20c0>] (usb_add_function+0x7c/0x164 [libcomposite])
[   24.820842] [<bf0b20c0>] (usb_add_function [libcomposite]) from [<bf0b6384>] (configfs_composite_bind+0x24c/0x360 [libcomposite])
[   24.828355] [<bf0b6384>] (configfs_composite_bind [libcomposite]) from [<bf079838>] (udc_bind_to_driver+0x3c/0xe0 [udc_core])
[   24.836220] [<bf079838>] (udc_bind_to_driver [udc_core]) from [<bf079d68>] (usb_gadget_probe_driver+0x100/0x14c [udc_core])
[   24.843934] [<bf079d68>] (usb_gadget_probe_driver [udc_core]) from [<bf0b6d10>] (gadget_dev_desc_UDC_store+0xb0/0xcc [libcomposite])
[   24.852066] [<bf0b6d10>] (gadget_dev_desc_UDC_store [libcomposite]) from [<c01baf30>] (configfs_write_file+0xd4/0x17c)
[   24.859906] [<c01baf30>] (configfs_write_file) from [<c0143dec>] (__vfs_write+0x38/0x128)
[   24.868070] [<c0143dec>] (__vfs_write) from [<c0144c24>] (vfs_write+0xb0/0x1bc)
[   24.875963] [<c0144c24>] (vfs_write) from [<c0145d34>] (SyS_write+0x54/0xb0)
[   24.884219] [<c0145d34>] (SyS_write) from [<c000fe40>] (ret_fast_syscall+0x0/0x1c)
[   24.892172] Code: ebff044d e2506000 0a000013 e5952024 (e1d230d2)
[   24.900498] ---[ end trace c29f93dff280ffe1 ]---

Thanks in advance!

responder

Has been patched.
Sorry

Windows does not recognize the ethernet adapter

Hello,
I've been trying to make poisontap work on a raspberry pi zero and start with Sammy Kamkar's github. After having several problems I wrote to Samy and he told me that I had to try Hackpi. After following your tutorial to do the installation I have had the same problems as with the Samy version. In Windows 10 I recognize the device as a Serial Bus. In Windows 7 I recognized the device as an RNDIS Ethernet Gadget but did not install the driver. In linux I install the USB device but nothing is executed.
Thank you very much! Regards!

Not detected by any OS

I was curious about your project, so I gave it try.
But my Raspberry pi zero is not detected as an Ethernet Adapter by any OS.
Here are the steps that I followed :
1 . I did a fresh install of Raspbian.
2 . apt-get install git
3 . git clone https://github.com/wismna/HackPi
4 . sudo chmod +x install.sh
5 . ./install.sh

Then I plugged it into a Win 10 laptop. Nothing happened.
Then I plugged it into a Mac OS Sierra laptop. Same.

No error in /var/log/syslog.
gadget.log and usbreq.log are empty.
In the os.txt file I got "Unknow".

So I read a little the source code and I tried to force the Mac Os detection.
I modified gadget.sh :

#OS=`cat /home/pi/os.txt`
OS="MacOs"

But it's not working :).
I didn't have the time to search more, I will update this issue.

Did I do something wrong ?
I should precise that the original poisontap works good on the Mac laptop, but not on the Windows one.

Pi hack

Issue after reboot

I followed the tutorial, and it work well. But after the reboot of my raspberry Pi 3 (the one I using for the configuration) I'm unable to connect to the ssh and my USB keyboard is not detected.

Someone can help ?
Thanks you for reading this.

ps : I'm using Jessie Lite.

Serial interface OSX High Sierra don't work

Hey,

i installed HackPi on a Raspberry Pi Zero W without any errors and without the backdoor.
It seems to work fine but i have 2 problems:

After i plugged it in the first time (usb <--> computer) i can't ssh via Wifi to the Pi. Why?
I wanted to see the output of sudo screen /dev/ttyACM0 115200 but i get the response Cannot exec '/dev/ttyACM0 ': no such file or directory. Whats the problem?

Cant install

EDIT

So I figured out that it doesnt work when I try to install hackpi while my sd card is in my rpi3

Now I finally installed it on my rpi zero with some errors tho

https://pastebin.com/5tnUPiDp

Generating /etc/default/isc-dhcp-server... Job for isc-dhcp-server.service failed. See 'systemctl status isc-dhcp-server.service' and 'journalctl -xn' for details. invoke-rc.d: initscript isc-dhcp-server, action "start" failed.
Backup files? [y/n] N cp: cannot create regular file ‘/lib/modules/4.4.50+/kernel/drivers/usb/dwc2/dwc2.ko’: No such file or directory

backend server tutorial

Hello,
I am trying to setup the backend server, but i dont know any good hosting...
Do you have an idea were I can host my server/
and do you have a tutorial how to do this/

kind regards

Natascha

/sbin/sysctl -w net.ipv4.ip_forward=1 /sbin/iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT --to-port 1337
/usr/bin/screen -dmS dnsspoof /usr/sbin/dnsspoof -i br0 port 53 /usr/bin/screen -dmS node /usr/bin/nodejs /home/pi/poisontap/pi_poisontap.js

Thanks for the great work!

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.