Weaponizing the Nokia N900 – Part 4.0 – A Three Year Anniversary!

Remember that the most valuable antiques are dear old friends.H. Jackson Brown, Jr.

I felt that this was an appropriate quote for my aging Nokia N900. What should I do with this phone? Should I throw it in the “Electronic Wasteland” in China and should I become just another Android user? Hell, I can even run Backtrack 5 on Android now! There are even reports that hackers have been able to get monitor mode and packet injection to work on Android devices!

However, what if I want to run a wide array of Linux based programs locally using my phone’s operating system without depending upon a chroot environment? What if I want a phone/device that has been known to be able to do packet injection, monitor mode, hostmode and not have to sign up for any large corporation’s software market like “Google Play” or Apple’s “App Store” to install software? Maybe I just want to use apt-get to install my programs for Christ’s sake! What if I just want to whip a device out of my pocket that I can quickly run mtr from to troubleshoot a client’s wireless network issues?

It is also nice to have a phone/device that has a physical keyboard versus a touch screen since in my humble opinion, I believe that touchscreen devices are meant for consuming than being productive.

I still believe the best phone for hackers is the Nokia N900 and it is a shame that Nokia decided to go the way of Microsoft. I personally believe that Nokia should have gone the route of an Android/Linux hybrid mobile operating system, but that’s just my opinion. We will have to see how well the Firefox OS or the Sailfish OS take off.

Android is a great mobile operating system but to me it is kind of a bastard version of the Linux operating system. Another problem with the Android platform is the sheer vast amount of different hardware manufactures there are. So by the time independent developers are able to get features like monitor mode working on one phone, chances are there are a dozen of other phones that have been released while the phone that the developers were able to get monitor mode working on will be given hardly much credence to.

Part of the beauty of the Nokia N900 is that it has ‘staying power’. This phone was released over 3 years go to this date. I still receive e-mails asking for support or giving me compliments on my work for the N900 which I appreciate dearly. There still is an active, smart and driven community around the world who develop applications and provide support for this phone, which I am very thankful for.

So what am I to do with this beloved device? A device that can be overclocked to 1.0GHZ, can run the OSX , can run Backtrack 5, do myriad of other tasks and is available for about $200.

Sadly, my Nokia N900 will no longer be used as a phone but as an MP3/Multimedia player that I can use for penetration testing! With about 32GB of internal storage and a MicroSD slot that can be use to extend the storage of the N900 from 32GB to 48GB, DLNA client/server support, a FM Transmitter, and Pandora client support, why would I want to shell out the extra cash for a new MP3 player that most likely won’t be able to run Metasploit locally and an OpenSSH Server?

This is why for the three year anniversary of the Nokia N900, I have written a bash shell script that helps automate weaponizing the Nokia N900 to save myself and I’m hoping many other individuals time for weaponizing the Nokia N900.

Before you download and run the this shell script, please read the following:

Firstly, I am not responsible if this program bricks/damages your N900 (but I can assure you as long as you follow my instructions you SHOULD be safe). For best results make sure you have flashed your N900 firmware to version pr1.3 (also for best results my shell script works BEST on freshly flashed N900s). I was not able to get my shell script to work properly with the pr1.2 firmware.

Plug your wall charger into your N900. Make sure you also have strong signal strength to your wireless network.

Once you have your N900 flashed, please root your N900 and install bash4. Then pull up the terminal on your N900 and as root do this:

ln -s /bin/bash4 /bin/bash

Next download this following script to your N900:

http://zitstif.no-ip.org/weaponizen900.tar

(sha1sum: c3699aea31c8ac91684e89bfdda7901bcc7f042e  weaponzenizen900.tar)

(Source code for main script is publicly viewable here: http://pastebin.com/4UXmAEQx )

Extract it via:

tar -xvf weaponizen900.tar

Then cd into the newly created folder called “n900project” and run as root:

bash weapoinzen900.sh

MAKE SURE TO FOLLOW AND PAY CLOSE ATTENTION TO ALL THE PROMPTS FROM THIS PROGRAM! Installation typically for me took about 2 hours. If your Internet connection drops out for whatever reason, for the most part it is safe to run this program again!

For a list of tools that weaponizen900.sh installs for native use, please see this: http://zitstif.no-ip.org/listweapons.txt. You can also list the installed tools by typing on your N900 ‘listweapons’. It also installs this following kernel: http://talk.maemo.org/showthread.php?t=85665. With this kernel you can do monitor mode, packet injection, and hostmode with the N900. With hostmode on the Nokia N900, you can use an OTG cable and do forensics with your N900 with tools like testdisk!

PLEASE DO NOT USE THE GUI TO UPDATE YOUR N900! Do this at your own risk! TO SAFELY UPDATE YOUR N900 PLEASE USE A SCRIPT I CREATED CALLED “update”. To update programs that have been installed by your package manager run as root:

update modded

To update programs that have been installed by your package manager and programs like Metasploit, SET, Nikto, and etc run as root:

update modded scripts

I hope this script is of great use to anyone who decides to use it. If you have any issues with this program or need any help with this program feel free to contact me via e-mail. I want to thank the Maemo forums for support on this project.

35 thoughts on “Weaponizing the Nokia N900 – Part 4.0 – A Three Year Anniversary!”

  1. Just a heads up mate, theres a typo in your weaponizen900.sh which messes the whole thing up and stops it from working. 🙁

    Just find in your script where you’ve spelt cach instead of cache, then it all works fine!

    How would one go about making a completely offline installer?, as the repos may well go down at some point. 🙁

    Cheers,

  2. Mike, the script essentially installs a suite of tools on your n900 so you can use it for security assessments/penetration testing. 🙂

  3. ever tried this on CSSU?
    do you think you will keep tools up-to-date?
    when you say “do not use the GUI to update”, you really mean that i should apt-get update && apt-get upgrade?

    thanks for all these precious information and the script!

  4. i am getting permissions errors when its trying to download tools, seems to go smooth for a while then its giving me 1000 uid permission erros, any ideas? thanks J

  5. Hey, I’m trying to run this script. I’m connected to my WiFi, but the script always says:
    [!]It doesn’t look like you’re connected to the internet!![!]

    Any solutions?

  6. hi Zitsif you are really doing a great work. but pls can you give me a tutorial on how to use this tools you can post it my email. i dont mind any amount attached. because i cant start the metasploit and set. i would be very glad. just email it to me pls. sorry for my bad English anyway. thanks in advance… !!

  7. Please view the email I sent you.

    To start metasploit in the console mode, as root type in ‘msfconsole’. To start the social engineering toolkit type in as root ‘SET’.

  8. I just picked up a n900 and want to get started weaponizing it. It says it’s Maemo 5 with version 21.2011.38-1.002. Please point me to links that can help me get firmware version pr1.3 and how to flash. Also how I can determine whether my device is looked and what to do if it is locked, etc. Thank you, I’m eager to run your script.

  9. So, do you know if there are any good websites that list packet injection driver successes besides the ones previously mentioned?
    I would have thought for sure that at least the Galaxy S4 would have one made.

  10. If you’re referring to packet injection working under Android, then what I’ve seen so far is that end users have to get a compatible OTG cable and wireless adapter and load the appopriate driver for packet injection to work on their rooted Android based devices. For instance have a look at this:

    http://www.securitytube.net/video/7471

    If you own a Nexus 7 and the appropriate OTG and wireless adapter you can do packet injection.

  11. Dear Zitstif,
    Since yesterday I format my phone and trying to use ur great script.
    It seems the Set repository is changed to http://www.trustedsec.com.
    I changed the line in weaponisn900.sh for social engineering toolkit but still face same issue once I run the script.
    In additional could you please forward a copy of email that you send to Sammy to me? 🙂

    Again thanks for your nice job bro.

  12. Hi,

    Wow, awesome script. That must of took you some time. What version of metasploit does it install and does it have all the updated payloads? I know the newer versions don’t run soo well on the n900.

    3.6 is the last version with sqlite3 DB support, so db_autopwn works and I think 4.3 was the latest version that works well but not sure if you can update the exploits while leaving the framework at 4.3??

  13. It downloads the latest version via git. I would actually recommend commenting out the metasploit section of this script. Metasploit in general doesn’t run well on the n900 and barely usable.

  14. I’ve been lookin’ around trying to find out if it’s possible to install CSSU on top of weaponized N900 and keep device working, but so far couldn’t find an answer. does anyone know if this is indeed possible?

  15. no, actually I don’t have any…yet. My main concern is if updating power kernel to anything above v46 would break injection capabilities, or at least pwnphone documentation says that we should not update the power kernel flasher. i guess i might just risk it and check it out.

  16. Hi,
    I used your script, it worked great but now MyDocs is gone. I can see the files using TestDisk but, where is it? How do i fix this..?
    Thanks…

  17. Yamato, that makes no sense. You’re the first one ever to report this issue. There is nowhere in the script where it says to remove the MyDocs directory. It only removes some contents in the directory.

    Here are the remove commands issues in my script:

    rm /home/user/MyDocs/.weaponize/scripts/exiftool/Image-ExifTool-9.00.tar.gz;

    rm download;

    rm -rf rubygems-*;

    rm -rf opt;

    rm -rf teth*;

    Are you sure something else didn’t delete the MyDocs directory?

  18. Hi, should this still work? I ran into a few errors that I think are to do with the repositories no longer being hosted. also how do I know it’s worked/ use it? I assume the tools don’t have a gui?

  19. just to add to my earlier message, Get:13 is trying to access downloads.maemo.nokia.com which is no longer active.

  20. cannot do apt-get update, perl is not available. This gave the error for problems installing languages and other useful tools which cancelled out of the weaponizen script

  21. Hello… I just installed the weaponizn900 but if I try to open the tools it doesn’t work… Neither do the listweapons nor update nodded works

  22. You’ll have to give me the specific error messages you’re receiving and I may be able to help you but keep in mind this article is almost 4 years old. So a lot of repositories that it relies on where it pulls tools from may no longer exist.

  23. Bit late to the party, i am currently trying to weaponize my n900, for now, many google code links don’t work, some tools are down i am currently fixing them. I will send you the script once i get it running if you are interested.

    Thanks for all the work you done on n900!

Leave a Reply

Your email address will not be published. Required fields are marked *