#!/zitstif.no-ip.org/

(Skip to the bottom of this post if you do not want to read the short story and if you just want the instructions).

This is sad to say, but this will probably be my last post on the Nokia N900. I am growing a bit tired of blogging specifically about this device though I do adore it, its capabilities, and what it has taught me. Per contra, I will still be supporting those who contact me for help regarding the N900 when I find the time to.

I am writing this post due to the fact that I actually had to buy a new replacement N900 this year due to water damage on my original N900. I tried the rice method, but this did not mend the issue. I also disassembled the phone and cleaned the components with rubbing alcohol, but this still didn’t work. So it was off to Ebay for a replacement N900 due to the fact that I wanted to finish my weaponizen900.sh program and I also planned on still using this device as an awesome media player.

I received my replacement N900 in less than a week. The seller from Ebay stated that the device was “NEW”, but I found out later that it wasn’t quite “NEW”. The seal on the packaging for the N900 was torn and I also noticed the default password ‘12345’ did not work along with other default passwords for Nokia (such as 0000, 00000, and I believe 1234). Foolishly, I ignored this and thought to myself, “I will not worry about this right now, I just need a functioning phone”.

Back to hacking away at my program and every couple lines of code that I would make changes, I would test my program on my N900. The replacement N900 had firmware version 1.2 which I thought I would test out my program on. I soon found out that my program was not compatible with the PR 1.2 firmware version and my phone would go into an infinite reboot sequence. To fix this issue, I flashed the phone with the PR 1.3 firmware version and my phone booted up as normal but this time it asked for the password before loading the Maemo operating system. The default password didn’t work ergo.. I WAS LOCKED OUT OF MY N900!

Obviously this N900 wasn’t “NEW” and since the phone had a password set I had to figure out how to break into my N900 without being able to fully boot it. Here is how you break into it:

1.) Flash your N900 with PR 1.2 firmware version. This version does not ask for the password before loading the Maemo operating system by default.

2.) You will be able to get into your N900.

3.) Then simply follow these directions: http://lifewithmaemo.blogspot.com/2011/01/recovering-n900-phone-lock-code.html to recover the phone lock code.

(If you’re curious, my original N900 phone lock code was 11552 🙂 )

“Remember that the most valuable antiques are dear old friends.” H. Jackson Brown, Jr.

I felt that this was an appropriate quote for my aging Nokia N900. What should I do with this phone? Should I throw it in the “Electronic Wasteland” in China and should I become just another Android user? Hell, I can even run Backtrack 5 on Android now! There are even reports that hackers have been able to get monitor mode and packet injection to work on Android devices!

However, what if I want to run a wide array of Linux based programs locally using my phone’s operating system without depending upon a chroot environment? What if I want a phone/device that has been known to be able to do packet injection, monitor mode, hostmode and not have to sign up for any large corporation’s software market like “Google Play” or Apple’s “App Store” to install software? Maybe I just want to use apt-get to install my programs for Christ’s sake! What if I just want to whip a device out of my pocket that I can quickly run mtr from to troubleshoot a client’s wireless network issues?

It is also nice to have a phone/device that has a physical keyboard versus a touch screen since in my humble opinion, I believe that touchscreen devices are meant for consuming than being productive.

I still believe the best phone for hackers is the Nokia N900 and it is a shame that Nokia decided to go the way of Microsoft. I personally believe that Nokia should have gone the route of an Android/Linux hybrid mobile operating system, but that’s just my opinion. We will have to see how well the Firefox OS or the Sailfish OS take off.

Android is a great mobile operating system but to me it is kind of a bastard version of the Linux operating system. Another problem with the Android platform is the sheer vast amount of different hardware manufactures there are. So by the time independent developers are able to get features like monitor mode working on one phone, chances are there are a dozen of other phones that have been released while the phone that the developers were able to get monitor mode working on will be given hardly much credence to.

Part of the beauty of the Nokia N900 is that it has ‘staying power’. This phone was released over 3 years go to this date. I still receive e-mails asking for support or giving me compliments on my work for the N900 which I appreciate dearly. There still is an active, smart and driven community around the world who develop applications and provide support for this phone, which I am very thankful for.

So what am I to do with this beloved device? A device that can be overclocked to 1.0GHZ, can run the OSX , can run Backtrack 5, do myriad of other tasks and is available for about $200.

Sadly, my Nokia N900 will no longer be used as a phone but as an MP3/Multimedia player that I can use for penetration testing! With about 32GB of internal storage and a MicroSD slot that can be use to extend the storage of the N900 from 32GB to 48GB, DLNA client/server support, a FM Transmitter, and Pandora client support, why would I want to shell out the extra cash for a new MP3 player that most likely won’t be able to run Metasploit locally and an OpenSSH Server?

This is why for the three year anniversary of the Nokia N900, I have written a bash shell script that helps automate weaponizing the Nokia N900 to save myself and I’m hoping many other individuals time for weaponizing the Nokia N900.

Before you download and run the this shell script, please read the following:

Firstly, I am not responsible if this program bricks/damages your N900 (but I can assure you as long as you follow my instructions you SHOULD be safe). For best results make sure you have flashed your N900 firmware to version pr1.3 (also for best results my shell script works BEST on freshly flashed N900s). I was not able to get my shell script to work properly with the pr1.2 firmware.

Plug your wall charger into your N900. Make sure you also have strong signal strength to your wireless network.

Once you have your N900 flashed, please root your N900 and install bash4. Then pull up the terminal on your N900 and as root do this:

ln -s /bin/bash4 /bin/bash

Next download this following script to your N900:

http://zitstif.no-ip.org/weaponizen900.tar

(sha1sum: c3699aea31c8ac91684e89bfdda7901bcc7f042e  weaponzenizen900.tar)

(Source code for main script is publicly viewable here: http://pastebin.com/4UXmAEQx )

Extract it via:

tar -xvf weaponizen900.tar

Then cd into the newly created folder called “n900project” and run as root:

bash weapoinzen900.sh

MAKE SURE TO FOLLOW AND PAY CLOSE ATTENTION TO ALL THE PROMPTS FROM THIS PROGRAM! Installation typically for me took about 2 hours. If your Internet connection drops out for whatever reason, for the most part it is safe to run this program again!

For a list of tools that weaponizen900.sh installs for native use, please see this: http://zitstif.no-ip.org/listweapons.txt. You can also list the installed tools by typing on your N900 ‘listweapons’. It also installs this following kernel: http://talk.maemo.org/showthread.php?t=85665. With this kernel you can do monitor mode, packet injection, and hostmode with the N900. With hostmode on the Nokia N900, you can use an OTG cable and do forensics with your N900 with tools like testdisk!

PLEASE DO NOT USE THE GUI TO UPDATE YOUR N900! Do this at your own risk! TO SAFELY UPDATE YOUR N900 PLEASE USE A SCRIPT I CREATED CALLED “update”. To update programs that have been installed by your package manager run as root:

update modded

To update programs that have been installed by your package manager and programs like Metasploit, SET, Nikto, and etc run as root:

update modded scripts

I hope this script is of great use to anyone who decides to use it. If you have any issues with this program or need any help with this program feel free to contact me via e-mail. I want to thank the Maemo forums for support on this project.

Over the summer I’ve been working on a final project for the Nokia N900 and I’m still in the progress of coding this program. I will post the project to my website and infosecisland when done. This program should save a lot of people (including myself) time in weaponizing their Nokia N900s.

I am writing this right after I was just about to pull my hair out due to the fact that I rely on my N900 as my primary phone (which is not necessarily the greatest idea if you tinker with it quite a bit).

I have noticed that after updating to this kernel:

Linux N900 2.6.28.10-power50

produces an issue with the bleeding-edge wireless driver that allows the N900 to be able to do packet injection. If you try to enable the driver and use it, the wlan0 interface will disappear. You will then have to reboot your phone to be able to get the wlan0 interface back.

So out of curiosity I decided to try rolling back to the previous kernel I was using that was provided with the  bleeding-edge drivers. Case and point, this was a BAD IDEA. The installation failed and upon rebooting my N900, the N900 went into a reboot loop and to power the phone off I had to pull the battery.

Gladly, I was able to reflash the phone and get it functioning.

Conclusion:

If you want to be able to do packet injection (and use awesome tools like reaver and aircrack) on your N900, you MUST (for now) use the kernel (kernel-power_2.6.28-maemo46-wl1) from  bleeding-edge.

Feel free to contact me if you need any help regarding this and I will do my best to help you.

What was covered in this presentation: SSH basics, Offensive uses of SSH, Defensive uses of SSH, automating SSH through scripting languages, brief history of SSH, setting up a poor man’s VPN, using SSH with IPV6, attacks on SSH and more!

PowerPoint Slides available at:

http://ia601206.us.archive.org/32/items/SshTricksAndMorePresentedByKyleYoung/…

sha1sum: fb8a4132f57c12f6e49beeb18880b2d961d2e37c

Full video for download is available at:

http://ia601206.us.archive.org/1/items/KyleyoungSshTricksandMorevideo/KyleYou…

sha1sum: 3b862e15e9c6664040470034ef4c2f04ce2ad1e5

Part 2: http://youtu.be/h0mzoOsc85s

Part 3: http://youtu.be/ne-H7kGrw8w

Part 4: http://youtu.be/nLSSf8CXWqk

I want to thank the Grand Rapids ISSA chapter for allowing me to put on this presentation back in April.