Blueberry - The Wifi Pineapple Mark V

REMARKS : When Kali Linux Nethunter is out, Wifi Pineapple is worthless except for the cheaper price.



PLEASE NOTE THAT THIS ARTICLE IS CONSIDERED TO BE OUT-DATED AND WIFI PINEAPPLE 2.0.4 IS VULNERABLE. PLEASE DO NOT FOLLOW THIS ARTICLE TO INSTALL IT. YOU ARE WASTING YOUR TIME AND MONEY FOR SURE.







Hardware



(1) TP-Link TL-MR3020 ver. 1.x (ver. 1.9 at the time of this writing)

(2) SanDisk Cruzer Fit USB Flash Drive (8GB)



Software



(1) OpenWrt

(2) Wifi Pineapple firmware

(3) Kali Linux 1.0.9a or Ubuntu Desktop 14.04 LTS



Wifi Pineapple is created by Hak5. It is a quite expensive device ($99.99-USD at the time of this writing). It is also named as Jasager (in German). The meaning in English is "Yes Man".



Wifi Pineapple is the Rouge Wifi Access Point (AP) to answer “Yes” to all Wifi probe requests by mobile devices. When a Wifi client is looking for an open SSID (no matter the SSID is) in Macdonald's Restaurant or in a cafe shop, the Pineapple (or Jasager) will reply “That’s Me!”. Once victims' mobile devices connected to Wifi Pineapple, you can carry out Man-in-the-Middle attack against the victims.



Now, we are going to make your Wifi Pineapple in less than $25-USD (TP-Link TL-MR3020 is about $20-USD while SanDisk Cruzer Fit USB Flash Drive is about $5-USD) and in a very easy way.



Step 1 :



To download the OpenWRT (Attitude Adjustment 12.09 - at this time of writing) :



If you are fresh install from the stock version of the TP-Link TL-MR3020 -

wget http://downloads.openwrt.org/attitude_adjustment/12.09/ar71xx/generic/openwrt-ar71xx-generic-tl-mr3020-v1-squashfs-factory.bin



If you are upgrade from the previous installed OpenWRT -

wget http://downloads.openwrt.org/attitude_adjustment/12.09/ar71xx/generic/openwrt-ar71xx-generic-tl-mr3020-v1-squashfs-sysupgrade.bin



Configure your computer to static IP address :



IP address : 192.168.0.10

Gateway : 192.168.0.1




Connect the TL-MR3020 to your computer with cable. The default IP address of stock TP-Link TL-MR3020 is 192.168.0.254. Then browse to the stock IP address.



The username and password of the stock TP-Link TL-MR3020 are both "admin".



Go to the "System Tools" -- "Firmware Upgrade" to upgrade from the just downloaded .bin file.



Step 2 :



Once upgraded to OpenWRT, your device's IP address will changed to 192.168.1.1.



Configure your computer to static IP address :



IP address : 192.168.1.10

Gateway : 192.168.1.1




Then set the very STRONG root password at "System" -- "Administration".



Go to "System" -- "System" to set the timezone.



To enable wireless at "Network" -- "Wifi".



To enable DHCP at "Network" - "Interfaces" - "Edit" - select "DHCP Client" and select "OpenWrt" by clicking "Switch Protocol". If you take too much time to re-load the page, it is fine. It is because the IP address cannot be get. Just go ahead.



Now, connect your TL-MR3020 with ethernet cable to the internet. Then, connect your computer to the TL-MR3020 via wifi and the SSID is "OpenWrt". Make sure you can access to the internet.



Once you get the IP address, such as 192.168.1.100, you can connect to the TL-MR3020 via ssh.



ssh 192.168.1.100 -lroot



Enter your just created very STRONG root password.



Install the following packages :



opkg update

opkg install kmod-usb-storage

opkg install kmod-fs-ext4

opkg install block-mount




Step 3 :



Format your USB pendrive (8GB) as ext4 and swap, e.g. 2GB for swap (sda1) and 6GB for ext4 (sda2).



Then insert the USB pendrive to the TL-MR3020. Execute the following command line by line.



mkdir -p /mnt/sda2

mount /dev/sda2 /mnt/sda2

mkdir -p /tmp/cproot

mount --bind / /tmp/cproot

tar -C /tmp/cproot -cvf - . | tar -C /mnt/sda2 -xf -

umount /tmp/cproot

umount /mnt/sda2




Step 4 :



/etc/init.d/fstab enable

/etc/init.d/fstab start




vi /etc/config/fstab



Change the content as the following :



config mount

        option target /

        option device /dev/sda2

        option fstype ext4

        option options rw,sync

        option enabled 1

        option enabled_fsck 0



config swap

        option device /dev/sda1

        option enabled 1




The following is the command for the vi if you do not familiar with vi :



i - go to the insert mode and ready for edit

Esc - exit from insert mode

:w - write the changes to the file

:q - quit the vi



Then type the following command to reboot the device :



reboot



Once it boot up again, you login to it via ssh.



To check if the USB pendrive is mounted as "/" or not :



mount

df




Step 5 :



Turn off the TL-MR3020 and take the USB Pendrive out from the TL-MR3020 and insert to your computer.



Back up the USB Pendrive to your computer.



mkdir mr3020

sudo cp -R /media/1234....1123/* ~/mr3020/

sudo cp -R ~/mr3020/lib ~/mr3020/lib-original




*** Where /media/1234....1123/ is different from yours.



You also need to make a backup of the /lib directory.



Do not take out the USB Pendrive from your computer.



Step 6 (Pineapple firmware installation):



Download the upgrade package of Pineapple (upgrade-2.0.4.bin at the time of this writing) to your computer, such as Kali Linux or Ubuntu :



wget -O upgrade-2.0.4.bin https://wifipineapple.com/index.php?downloads&download_mk5_upgrade=2.0.4



When using Ubuntu, you should issue "sudo". However, Kali Linux does not required.



Install firmware-mod-kit on your Kali Linux or Ubuntu if you do not have it :



sudo apt-get install firmware-mod-kit

sudo /opt/firmware-mod-kit/trunk/extract-firmware.sh upgrade-2.0.4.bin

cd fmk/rootfs




Copy the requested directories to the USB Pendrive.



sudo cp -R bin/* /media/1234....1123/bin/

sudo cp -R sbin/* /media/1234....1123/sbin/

sudo cp -R usr/* /media/1234....1123/usr/

sudo cp -R etc/* /media/1234....1123/etc/

sudo cp -R www/* /media/1234....1123/www/

sudo cp -R pineapple /media/1234....1123/

sudo cp -R lib/firmware/* /media/1234....1123/lib/firmware/

sudo cp lib/* /media/1234....1123/lib/

sudo cp lib/wifi/* /media/1234....1123/lib/wifi/



sudo cp ~/mr3020/etc/config/fstab /media/1234....1123/etc/config/

sudo cp ~/mr3020/etc/passwd /media/1234....1123/etc/

sudo cp ~/mr3020/etc/shadow /media/1234....1123/etc/

sudo cp -R ~/mr3020/lib-original /media/1234....1123/




Step 6a :



To allow the victim to surf the internet via Pineapple, you need to change the DNS and Gateway at /etc/config/network from 172.16.42.1 to 172.16.42.42. Or, to change the DNS to 8.8.8.8



Step 7 :



Insert back the USB Pendrive to TL-MR3020.



Switch on TL-MR3020 and until it is booted up. Run "wp5.sh" script (at Step 8) at your computer. Browse the IP address that is showing on the screen. You will be asked to enter the password twice for the initial login. You should enter the previous STRONG root password.



Step 8 (Connectivity) :



The following is one of the ways to use the Pineapple (TL-MR3020) by the way of tethering :



Connect your laptop to internet via wireless or 3G.



Then connect the CAT5/5e/6 cable to the Pineapple and your laptop.



At the laptop, download the script.



wget http://www.wifipineapple.com/wp5.sh

chmod +x wp5.sh

sudo ./wp5.sh








Now, your computer (laptop) can access internet and also can access the TL-MR3020. Victims can also access the internet when they connected to your Pineapple.



Once you want to reset what wp5.sh set, you need to run the following script that is created by me.



sudo ./killwp5.sh







When the TL-MR3020 is rebooted, you need to run wp5.sh again to get the access.



Important Note



There are THREE important things you should NOT do, otherwise, you will brick the TL-MR3020. They are :



First - Do NOT upgrade the OpenWrt from the web interface as the USB pendrive will not be mounted. Unless, you install the related packages again as above stated.



Second - Do NOT upgrade the Pineapple in the normal way (that is via the web UI or Pineapple). Make sure keep away from the /lib directory. Or, if you have a backup, you can copy the /lib directory back.



Third - Do NOT long press the "WPS/Reset" button on the TL-MR3020; otherwise, the OpenWrt will be reset and the USB pendrive cannot be mounted. Unless, you install the related packages again as above stated.



Remarks



Victims need to had connected to any open wifi before; otherwise, Karma will not work.



Make sure the TL-MR3020 is version 1.x, other versions may brick the TL-MR3020.



The ONLY way to upgrade the Pineapple firmware is by following Step 6. In addition, you can upgrade from Mark IV (by this tutorial) to Mark V by following the Step 6 only.



Some infusions may not working on Blueberry as it is not the original one. For example, (1) the WPS infusion does not work as designed on Blueberry as it has only one wifi card. You cannot provide the internet connection to the victims and conduct WPS hacking at the same time. (2) The PineAP and Reconnaissance on AP & Client do not work as designed on Blueberry as it has only one wifi card too.



Know Issues



The external Wifi Dongle, such as Realtek 8187L does not work even the driver is installed and loaded. The limitation of Blueberry is that it cannot provide internet access to the victims and doing the attacks at the same time (for some of the attacks), such as WPS attacks.



It is still a good try to the Blueberry before you considering to purchase an original Wifi Pineapple Mark V.



Reference



Wifi Pineapple Mark V -

Pineapple Mark V WiKi

Pineapple Forums

Hak5

PhiberOptics Youtube

Code injection to the downloading binaries



Wifi Pineapple Mark IV -

The beginners guide to breaking website security with nothing more than a Pineapple

Getting Started with the Wi-Fi Pineapple IV (Video)

Security4Plus Youtube Channel (Video)

How To: Configure a WiFi Pineapple For Use With Mac OS X (Video)

The Wifi Pineapple Book - Free Download

WiFi Pineapple – First Impression

You just can't trust wireless: covertly hijacking wifi and stealing passwords using sslstrip

All about WiFi Pineapple (Video)



That's all! See you.