wismna / hackpi Goto Github PK
View Code? Open in Web Editor NEWHacking tool inside a Raspberry Pi zero
Hacking tool inside a Raspberry Pi zero
THIS WORK IN WINDOWS 7 AND 10?
thanks for ur understanding and ur hard work u do to make us hack other cookies while eating cookies
Hi,Is it possible to improve Poisontap and Responder in HackPi following the specific configuration manual, or POC tutorial? It's too complicated for the novice.
There is a problem, HackPi can integrate Browser Exploit? At the same time be able to do HID (keyboard input) attack?
Hi just checking in if this has been deployed recently and successfully on a raspberry pi zero /w?
I followed the instructions to run the standard install.sh script but had failures detecting the kernel and then the device would not get detected on MacBook, only Windows would see the device and the DHCP component tied to PoisonTap would not work on Windows, no DHCP address of 1.0.0.1 was handed out.
I have installed the finished, and in the WIN 10 plug USB test is good。
But the raspberry independent power supply to start (do not plug PC USB) wireless interface can not be used, iwlist can scan to SSID, but can not connect to wifi, this is normal?
Hi,
First thanks for your great work :) I have been using your repository for my testings on PoisonTap and love it.
I have been trying to add a keyboard gadget without much success.
I modified the gadget.sh like this:
#!/bin/sh
#
# HackPi
# by wismna
# http://github.com/wismna/raspberry-pi/hackpi
# 14/01/2017
#
cd /sys/kernel/config/usb_gadget/
mkdir -p hackpi
cd hackpi
OS=`cat /home/pi/os.txt`
HOST="48:6f:73:74:50:43"
SELF0="42:61:64:55:53:42"
SELF1="42:61:64:55:53:43"
SELF2="42:61:64:55:53:43"
echo 0x04b3 > idVendor
echo 0x4010 > idProduct
echo 0x0100 > bcdDevice # v1.0.0
mkdir -p strings/0x409
echo "badc0deddeadbeef" > strings/0x409/serialnumber
echo "wismna" > strings/0x409/manufacturer
echo "PiZero" > strings/0x409/product
if [ "$OS" != "MacOs" ]; then
# Config 1: RNDIS
mkdir -p configs/c.1/strings/0x409
echo "0x80" > configs/c.1/bmAttributes
echo 250 > configs/c.1/MaxPower
echo "Config 1: RNDIS network" > configs/c.1/strings/0x409/configuration
echo "1" > os_desc/use
echo "0xcd" > os_desc/b_vendor_code
echo "MSFT100" > os_desc/qw_sign
mkdir -p functions/rndis.usb0
echo $SELF0 > functions/rndis.usb0/dev_addr
echo $HOST > functions/rndis.usb0/host_addr
echo "RNDIS" > functions/rndis.usb0/os_desc/interface.rndis/compatible_id
echo "5162001" > functions/rndis.usb0/os_desc/interface.rndis/sub_compatible_id
fi
# Config 2: CDC ECM
mkdir -p configs/c.2/strings/0x409
echo "Config 2: ECM network" > configs/c.2/strings/0x409/configuration
echo 250 > configs/c.2/MaxPower
mkdir -p functions/ecm.usb0
# first byte of address must be even
echo $HOST > functions/ecm.usb0/host_addr
echo $SELF1 > functions/ecm.usb0/dev_addr
# Create the CDC ACM function
mkdir -p functions/acm.gs0
mkdir -p functions/hid.usb0
echo 1 > functions/hid.0/protocol
echo 1 > functions/hid.0/subclass
echo 8 > functions/hid.0/report_length
echo -ne \\x05\\x01\\x09\\x06\\xa1\\x01\\x05\\x07\\x19\\xe0\\x29\\xe7\\x15\\x00\\x25\\x01\\x75\\x01\\x95\\x08\\x81\\x02\\x95\\x01\\x75\\x08\\x81\\x03\\x95\\x05\\x75\\x01\\x05\\x08\\x19\\x01\\x29\\x05\\x91\\x02\\x95\\x01\\x75\\x03\\x91\\x03\\x95\\x06\\x75\\x08\\x15\\x00\\x25\\x65\\x05\\x07\\x19\\x00\\x29\\x65\\x81\\x00\\xc0 > functions/hid.0/report_desc
# Link everything and bind the USB device
if [ "$OS" != "MacOs" ]; then
ln -s configs/c.1 os_desc
ln -s functions/rndis.usb0 configs/c.1
fi
ln -s functions/ecm.usb0 configs/c.2
ln -s functions/acm.gs0 configs/c.2
ln -s functions/hid.usb0 configs/c.2
# End functions
ls /sys/class/udc > UDC
But Im receiving a kernel panic on boot like this one:
[ 24.552717] Unable to handle kernel NULL pointer dereference at virtual address 00000002
[ 24.558020] pgd = d8534000
[ 24.563353] [00000002] *pgd=18d4c831, *pte=00000000, *ppte=00000000
[ 24.568837] Internal error: Oops: 17 [#1] ARM
[ 24.574084] Modules linked in: usb_f_hid usb_f_acm u_serial usb_f_rndis bnep hci_uart btbcm bluetooth bridge stp llc brcmfmac brcmutil snd_bcm2835 cfg80211 snd_pcm rfkill snd_timer snd bcm2835_gpiomem uio_pdrv_genirq uio fixed usb_f_ecm u_ether libcomposite dwc2 udc_core ipv6 [last unloaded: usb_f_rndis]
[ 24.586514] CPU: 0 PID: 818 Comm: ls Not tainted 4.9.24+ #993
[ 24.592339] Hardware name: BCM2835
[ 24.598413] task: d8d3c420 task.stack: da686000
[ 24.604646] PC is at alloc_ep_req+0x30/0xa8 [libcomposite]
[ 24.610500] LR is at 0x0
[ 24.616628] pc : [<bf0b6fe8>] lr : [<00000000>] psr: a0000013
sp : da687d98 ip : 00000000 fp : da687db4
[ 24.628734] r10: da6622c8 r9 : d8cd56c4 r8 : da662270
[ 24.634894] r7 : d8cd56a8 r6 : d8cd7f80 r5 : da649a90 r4 : 00000000
[ 24.640883] r3 : d8cd7fb4 r2 : 00000000 r1 : 00000000 r0 : d8cd7f80
[ 24.646878] Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
[ 24.653058] Control: 00c5387d Table: 18534008 DAC: 00000055
[ 24.658985] Process ls (pid: 818, stack limit = 0xda686188)
[ 24.665233] Stack: (0xda687d98 to 0xda688000)
[ 24.671503] 7d80: 00000003 da662270
[ 24.677587] 7da0: 00000004 bf43cc80 da687dec da687db8 bf43b7f0 bf0b6fc4 bf4364ac bf0b1428
[ 24.684054] 7dc0: 00000000 da687dd0 da68cd80 da662270 d8cd56a8 da67e5e0 d8cd571c da662270
[ 24.690461] 7de0: da687e04 da687df0 bf0b20c0 bf43b75c d8cd56a8 da67e68c da687e3c da687e08
[ 24.696805] 7e00: bf0b6384 bf0b2050 da5a5d10 da67e654 c013eb30 da5ae600 bf07bea4 da67e5e0
[ 24.703416] 7e20: da67e5e0 bf07be98 00000000 d84f8000 da687e5c da687e40 bf079838 bf0b6144
[ 24.709768] 7e40: 00000000 da5ae600 bf07bea4 da64bfe0 da687e84 da687e60 bf079d68 bf079808
[ 24.716468] 7e60: 00000032 da64bfe0 d8d73700 da67e400 da67e590 0000000d da687eac da687e88
[ 24.723184] 7e80: bf0b6d10 bf079c74 0000000d d8d73700 d8d73718 da687f80 d8c1a320 b6f82000
[ 24.729725] 7ea0: da687edc da687eb0 c01baf30 bf0b6c6c da687f80 d8c1a320 da687f80 b6f82000
[ 24.736592] 7ec0: da687f80 0000000d da686000 00000000 da687f4c da687ee0 c0143dec c01bae68
[ 24.743193] 7ee0: b6f82000 da687fb0 01b73df8 00000000 da687fac da687f00 c0009204 c05d40f0
[ 24.750081] 7f00: 593071f9 1312cebc 00002919 da459554 00000003 00001000 00000000 c0144be8
[ 24.756947] 7f20: da686000 c0147320 da687f4c 0000000d d8c1a320 b6f82000 da687f80 c000ffc4
[ 24.763685] 7f40: da687f7c da687f50 c0144c24 c0143dc0 00000002 d8c1a322 d8c1a320 d8c1a322
[ 24.770704] 7f60: 0000000d b6f82000 c000ffc4 da686000 da687fa4 da687f80 c0145d34 c0144b80
[ 24.777506] 7f80: 00000000 00000000 0000000d b6f82000 b6ef9b40 00000004 00000000 da687fa8
[ 24.784647] 7fa0: c000fe40 c0145cec 0000000d b6f82000 00000001 b6f82000 0000000d 00000000
[ 24.791555] 7fc0: 0000000d b6f82000 b6ef9b40 00000004 0000000d b6f82000 0000000d 00000000
[ 24.798715] 7fe0: 00000000 bec1a85c b6e27008 b6e7e89c 60000010 00000001 00000000 00000000
[ 24.806068] [<bf0b6fe8>] (alloc_ep_req [libcomposite]) from [<bf43b7f0>] (hidg_bind+0xa0/0x258 [usb_f_hid])
[ 24.813255] [<bf43b7f0>] (hidg_bind [usb_f_hid]) from [<bf0b20c0>] (usb_add_function+0x7c/0x164 [libcomposite])
[ 24.820842] [<bf0b20c0>] (usb_add_function [libcomposite]) from [<bf0b6384>] (configfs_composite_bind+0x24c/0x360 [libcomposite])
[ 24.828355] [<bf0b6384>] (configfs_composite_bind [libcomposite]) from [<bf079838>] (udc_bind_to_driver+0x3c/0xe0 [udc_core])
[ 24.836220] [<bf079838>] (udc_bind_to_driver [udc_core]) from [<bf079d68>] (usb_gadget_probe_driver+0x100/0x14c [udc_core])
[ 24.843934] [<bf079d68>] (usb_gadget_probe_driver [udc_core]) from [<bf0b6d10>] (gadget_dev_desc_UDC_store+0xb0/0xcc [libcomposite])
[ 24.852066] [<bf0b6d10>] (gadget_dev_desc_UDC_store [libcomposite]) from [<c01baf30>] (configfs_write_file+0xd4/0x17c)
[ 24.859906] [<c01baf30>] (configfs_write_file) from [<c0143dec>] (__vfs_write+0x38/0x128)
[ 24.868070] [<c0143dec>] (__vfs_write) from [<c0144c24>] (vfs_write+0xb0/0x1bc)
[ 24.875963] [<c0144c24>] (vfs_write) from [<c0145d34>] (SyS_write+0x54/0xb0)
[ 24.884219] [<c0145d34>] (SyS_write) from [<c000fe40>] (ret_fast_syscall+0x0/0x1c)
[ 24.892172] Code: ebff044d e2506000 0a000013 e5952024 (e1d230d2)
[ 24.900498] ---[ end trace c29f93dff280ffe1 ]---
Thanks in advance!
Has been patched.
Sorry
Hello,
I've been trying to make poisontap work on a raspberry pi zero and start with Sammy Kamkar's github. After having several problems I wrote to Samy and he told me that I had to try Hackpi. After following your tutorial to do the installation I have had the same problems as with the Samy version. In Windows 10 I recognize the device as a Serial Bus. In Windows 7 I recognized the device as an RNDIS Ethernet Gadget but did not install the driver. In linux I install the USB device but nothing is executed.
Thank you very much! Regards!
Hi
I was curious about your project, so I gave it try.
But my Raspberry pi zero is not detected as an Ethernet Adapter by any OS.
Here are the steps that I followed :
1 . I did a fresh install of Raspbian.
2 . apt-get install git
3 . git clone https://github.com/wismna/HackPi
4 . sudo chmod +x install.sh
5 . ./install.sh
Then I plugged it into a Win 10 laptop. Nothing happened.
Then I plugged it into a Mac OS Sierra laptop. Same.
No error in /var/log/syslog
.
gadget.log
and usbreq.log
are empty.
In the os.txt file I got "Unknow".
So I read a little the source code and I tried to force the Mac Os detection.
I modified gadget.sh :
#OS=`cat /home/pi/os.txt`
OS="MacOs"
But it's not working :).
I didn't have the time to search more, I will update this issue.
Did I do something wrong ?
I should precise that the original poisontap works good on the Mac laptop, but not on the Windows one.
I followed the tutorial, and it work well. But after the reboot of my raspberry Pi 3 (the one I using for the configuration) I'm unable to connect to the ssh and my USB keyboard is not detected.
Someone can help ?
Thanks you for reading this.
ps : I'm using Jessie Lite.
Hey,
i installed HackPi on a Raspberry Pi Zero W without any errors and without the backdoor.
It seems to work fine but i have 2 problems:
sudo screen /dev/ttyACM0 115200
but i get the response Cannot exec '/dev/ttyACM0 ': no such file or directory
. Whats the problem?EDIT
So I figured out that it doesnt work when I try to install hackpi while my sd card is in my rpi3
Now I finally installed it on my rpi zero with some errors tho
Generating /etc/default/isc-dhcp-server... Job for isc-dhcp-server.service failed. See 'systemctl status isc-dhcp-server.service' and 'journalctl -xn' for details. invoke-rc.d: initscript isc-dhcp-server, action "start"
failed.
Backup files? [y/n] N cp: cannot create regular file ‘/lib/modules/4.4.50+/kernel/drivers/usb/dwc2/dwc2.ko’: No such file or directory
Hello,
I am trying to setup the backend server, but i dont know any good hosting...
Do you have an idea were I can host my server/
and do you have a tutorial how to do this/
kind regards
Natascha
Failed to bring up br0, other than that everything is looking good. Any suggestions?
Hi,
I was wondering what needs to be disabled/commented out to just run Responder to capture the creds (i.e. not run PoisonTap) ?
Is it a matter of just commenting out the following lines in rc.local?
/sbin/sysctl -w net.ipv4.ip_forward=1 /sbin/iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT --to-port 1337
/usr/bin/screen -dmS dnsspoof /usr/sbin/dnsspoof -i br0 port 53 /usr/bin/screen -dmS node /usr/bin/nodejs /home/pi/poisontap/pi_poisontap.js
Thanks for the great work!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.