Tag: nokia

Weaponizing the Nokia N900 – Part 4.0 – A Three Year Anniversary!

by on Nov.24, 2012, under Posts

Remember that the most valuable antiques are dear old friends.H. Jackson Brown, Jr.

I felt that this was an appropriate quote for my aging Nokia N900. What should I do with this phone? Should I throw it in the “Electronic Wasteland” in China and should I become just another Android user? Hell, I can even run Backtrack 5 on Android now! There are even reports that hackers have been able to get monitor mode and packet injection to work on Android devices!

However, what if I want to run a wide array of Linux based programs locally using my phone’s operating system without depending upon a chroot environment? What if I want a phone/device that has been known to be able to do packet injection, monitor mode, hostmode and not have to sign up for any large corporation’s software market like “Google Play” or Apple’s “App Store” to install software? Maybe I just want to use apt-get to install my programs for Christ’s sake! What if I just want to whip a device out of my pocket that I can quickly run mtr from to troubleshoot a client’s wireless network issues?

It is also nice to have a phone/device that has a physical keyboard versus a touch screen since in my humble opinion, I believe that touchscreen devices are meant for consuming than being productive.

I still believe the best phone for hackers is the Nokia N900 and it is a shame that Nokia decided to go the way of Microsoft. I personally believe that Nokia should have gone the route of an Android/Linux hybrid mobile operating system, but that’s just my opinion. We will have to see how well the Firefox OS or the Sailfish OS take off.

Android is a great mobile operating system but to me it is kind of a bastard version of the Linux operating system. Another problem with the Android platform is the sheer vast amount of different hardware manufactures there are. So by the time independent developers are able to get features like monitor mode working on one phone, chances are there are a dozen of other phones that have been released while the phone that the developers were able to get monitor mode working on will be given hardly much credence to.

Part of the beauty of the Nokia N900 is that it has ‘staying power’. This phone was released over 3 years go to this date. I still receive e-mails asking for support or giving me compliments on my work for the N900 which I appreciate dearly. There still is an active, smart and driven community around the world who develop applications and provide support for this phone, which I am very thankful for.

So what am I to do with this beloved device? A device that can be overclocked to 1.0GHZ, can run the OSX , can run Backtrack 5, do myriad of other tasks and is available for about $200.

Sadly, my Nokia N900 will no longer be used as a phone but as an MP3/Multimedia player that I can use for penetration testing! With about 32GB of internal storage and a MicroSD slot that can be use to extend the storage of the N900 from 32GB to 48GB, DLNA client/server support, a FM Transmitter, and Pandora client support, why would I want to shell out the extra cash for a new MP3 player that most likely won’t be able to run Metasploit locally and an OpenSSH Server?

This is why for the three year anniversary of the Nokia N900, I have written a bash shell script that helps automate weaponizing the Nokia N900 to save myself and I’m hoping many other individuals time for weaponizing the Nokia N900.

Before you download and run the this shell script, please read the following:

Firstly, I am not responsible if this program bricks/damages your N900 (but I can assure you as long as you follow my instructions you SHOULD be safe). For best results make sure you have flashed your N900 firmware to version pr1.3 (also for best results my shell script works BEST on freshly flashed N900s). I was not able to get my shell script to work properly with the pr1.2 firmware.

Plug your wall charger into your N900. Make sure you also have strong signal strength to your wireless network.

Once you have your N900 flashed, please root your N900 and install bash4. Then pull up the terminal on your N900 and as root do this:

ln -s /bin/bash4 /bin/bash

Next download this following script to your N900:

http://zitstif.no-ip.org/weaponizen900.tar

(sha1sum: c3699aea31c8ac91684e89bfdda7901bcc7f042e  weaponzenizen900.tar)

(Source code for main script is publicly viewable here: http://pastebin.com/4UXmAEQx )

Extract it via:

tar -xvf weaponizen900.tar

Then cd into the newly created folder called “n900project” and run as root:

bash weapoinzen900.sh

MAKE SURE TO FOLLOW AND PAY CLOSE ATTENTION TO ALL THE PROMPTS FROM THIS PROGRAM! Installation typically for me took about 2 hours. If your Internet connection drops out for whatever reason, for the most part it is safe to run this program again!

For a list of tools that weaponizen900.sh installs for native use, please see this: http://zitstif.no-ip.org/listweapons.txt. You can also list the installed tools by typing on your N900 ‘listweapons’. It also installs this following kernel: http://talk.maemo.org/showthread.php?t=85665. With this kernel you can do monitor mode, packet injection, and hostmode with the N900. With hostmode on the Nokia N900, you can use an OTG cable and do forensics with your N900 with tools like testdisk!

PLEASE DO NOT USE THE GUI TO UPDATE YOUR N900! Do this at your own risk! TO SAFELY UPDATE YOUR N900 PLEASE USE A SCRIPT I CREATED CALLED “update”. To update programs that have been installed by your package manager run as root:

update modded

To update programs that have been installed by your package manager and programs like Metasploit, SET, Nikto, and etc run as root:

update modded scripts

I hope this script is of great use to anyone who decides to use it. If you have any issues with this program or need any help with this program feel free to contact me via e-mail. I want to thank the Maemo forums for support on this project.

35 Comments :, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , more...

Weaponizing the Nokia N900 – Part 3.6 – Portable Rogue AP Point

by on Feb.26, 2011, under Code, Posts

With continuing the series of weaponizing the N900 and hoping that Infosec Island will continue with their series as well, I have successfully setup my N900 as a rogue AP point.

Firstly, to effectively deploy it you want to make sure your cell phone service (3G for the N900) is quite strong. You may even want to try pinging google or the like and see what the delay is. With a good connection, it will very for me between 70 and 90 milliseconds.

Second, you want to survey the site you’re going to deploy your portable rogue ap point. Luckily, you can run kismet on the N900. Once you have surveyed the site for other AP points, take note of the MAC addresses of each AP point that is specific to the area and also take note of the names of the AP points. With this mac address you can spoof your wlan0 interface to something that is very similar:

ifconfig wlan0 hw ether 00:XX:XX:XX:XX:XX

You will need to have the extra repos enabled to install an application called mobilehotspot. You will also need prior to this, to install the custom kernel for the N900. You will also need ettercap and sslstrip to carry out this attack. See my earlier post for notes on the two: http://zitstif.no-ip.org/?p=451

1.) Get sslstrip up and running, and make sure you have iptables. For steps on using sslstrip check out:
http://www.thoughtcrime.org/software/sslstrip

2.) Spoof your wlan0 hardware address to what is appropriate for the site.

3.) Run the mobilehotspot application.

4.) Wait for a few seconds

5.) Run ettercap by doing so (modify as needed):
ettercap -i wlan0 -q -T -p -u // //

The reason why we don’t have ettercap forward packets, is because the kernel is already doing so due to the mobilehotspot application.

That is pretty much it. You could also do dnsspoofing to send your victims to a server under your control to do drive by attacks.

6 Comments :, , , , , , , , , , , , , , , , , , , , , , , , , more...

Weaponizing the Nokia N900 – Part 3.5

by on Feb.13, 2011, under Posts

Due to my love of hand held devices that can be used for penetration testing, I have obtained a Nokia N900 for relatively cheap on eBay. A brand new N900 will burn you a hole about the size of $399 USD in your pocket. However, I obtained mine (a refurbished one) for about $285.

Granted this device is now 2 years old but in my opinion it can be setup as a solid security assessment tool. I thought I would write a de facto continuation of the “Weaponizing the Nokia N900″ series that Infosec island has done. (I hope they don’t mind 🙂 )

With the N900 being an old man, in terms of technology, one can spruce it up a bit via overclocking. I would highly suggest to check out:

http://thehandheldblog.com/2010/07/27/how-to-easily-overclock-your-n900-in-under-two-minutes/

I have mine overclocked to 750MHZ and it seems to be running just fine. Metasploit will load in about a minute or so. Which is not nearly as bad as running Metasploit on the N810 (which I was able to do by just following the same instructions for getting Metasploit to run on the N900). The N810, the last time I checked, took 15 minutes to load Metasploit.

Bear in mind that my tips imply that you have already enabled all the extra repositories as needed, if you haven’t done so check out:

http://www.nokian900applications.com/repositories-extras-extras-devel-and-extras-testing-for-nokia-n900/

As stated and shown before, there have been guides on weaponizing the N900. However some of these guides have failed to explain certain issues that I would like to address:

1.) The ettercap-ng package from the repositories is totally broken. I ended up having to download ettercap from this forum post and follow the instructions on it appropriately:

http://talk.maemo.org/showthread.php?t=42680

2.) sslstrip will work, and you have to follow the comments addressed on this web page to get it setup along with a few other things:

http://www.knownokia.ca/2010/04/using-n900-for-fun-and-profit.html

a.) You have to install iptables  (apt-get install iptables)

b.) You have to install another python package, (apt-get install python-openssl)

3.) The Metasploit package comes in in a tar.bz2 format. For some odd reason, the version of tar (the busy-box version) cannot do ‘-xjf’. So either you have to install the gnu version of tar or put metasploit on a computer that can extract it and put it into a format that can be decompressed on the n900.

4.) I wasn’t able to find netcat in the repositories. If you’re in the same boat, you’ll have to port it over or get a chroot environment setup. (easydebian)

Lastly, here is my original way of weaponizing the n900 even more so.

You’ll need a MicroSD card that you’re currently not using and you don’t mind wiping it and making it bootable. Also, you’re going to need BackBox iso (yes.. not BackTrack 4, I will explain later) and unetbootin.

Obtain BackBox from:

http://www.backbox.org/content/download

Obtain unetbootin from:

http://unetbootin.sourceforge.net/

1.) Install your Microsd card into the N900, by removing the back plate.

2.) Connect your n900 via the USB cable that came with it to your N900.

3.) When you get a prompt on your n900 from connecting it to your computer, choose the Mass storage device mode.

4.) Now, 2 drives should show up, (depending on if you’re using Windows or if you have automount setup under Linux). The drive that is the size of your MicroSD card, is your MicroSD card. (I know.. DUH)

5.) Fire up unetbootin, select Diskimage option, locate where you downloaded the BackBox iso and select it.

6.) Make sure you have the correct drive selected and finally click ‘OK’.

7.) Once the process is done, reboot your computer.

8.) Hit F2 (or it could be other keys, like F9) for your BIOS or better yet if there is an option for a boot menu, hit that key.

9.) Select to boot off of the N900 (some BIOS will show two and not differentiate the two, while other BIOS will state that there is a removable n900. If you’re not sure, just change your boot order to have both N900’s as the first and second boot devices. If your BIOS shows the removable N900, this is the one you want to boot off of.)

10.) Your computer should now be booting off your MicroSD card which is in your N900.

The real cool thing here, is that you can still use your N900 while the computer has booted off of your N900. So you can still make phone calls or surf the net with it.

Now you may be asking yourself, “Why would I want to do this?”. I ran through a couple scenarios in my head, the first, is if you only have one USB drive that is currently in use running, say L0phtcrack on one workstation, but you want to multitask and still explore the network further. Well you have your handy and now bootable N900. Lastly, it seems as if most computers (from my experience) don’t have a MicroSD card slot but have USB ports.

Finally, I naturally tried BackTrack 4, but it would not boot and it would shove me to a busybox shell. I didn’t feel like dealing with finding a fix at the time, so I thought I would find a different distro.

If I do more interesting and original things with my N900, I will post more.

As usual more to come…

8 Comments :, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , more...

Updated Section and Other Matters

by on Jan.19, 2011, under Posts

I haven’t had much time or energy to work on my website due to work, having a more than usual social life (odd), and school. I’m gong to make an honest effort to keep this website up to date at a higher frequency than what I’ve been doing.

This post is mostly in regards to my reconnaissance websites section. I’ve updated it and organized the websites by category. I’ve also added a link Samy’s geolocation page, which is great for finding actual (or close) locations of AP points, thanks to Google doing ‘legal’ wardriving.

Also, I’m planning on obtaining a Nokia n900, which I plan to ‘weaponize’ it in an original manner, and I will post steps to doing so on my website. I also have some meterpreter script ideas that I’m planning on working on. Additionally to that, I have a meterpreter script that has been laying around that utilizes an old trick for maintaining access to a compromised server, that I will plan on posting for metasploit users to use.

Here’s to a new year in information security! What will 2011 bring? 🙂

More to come as usual..

1 Comment :, , , , , , , , , , , , , , , , , , , , , , , more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!