Tag Archives: wlan0

Nokia N900 Packet Injection Problems

I am writing this right after I was just about to pull my hair out due to the fact that I rely on my N900 as my primary phone (which is not necessarily the greatest idea if you tinker with it quite a bit).

I have noticed that after updating to this kernel:

Linux N900 2.6.28.10-power50

produces an issue with the bleeding-edge wireless driver that allows the N900 to be able to do packet injection. If you try to enable the driver and use it, the wlan0 interface will disappear. You will then have to reboot your phone to be able to get the wlan0 interface back.

So out of curiosity I decided to try rolling back to the previous kernel I was using that was provided with the  bleeding-edge drivers. Case and point, this was a BAD IDEA. The installation failed and upon rebooting my N900, the N900 went into a reboot loop and to power the phone off I had to pull the battery.

Gladly, I was able to reflash the phone and get it functioning.

Conclusion:

If you want to be able to do packet injection (and use awesome tools like reaver and aircrack) on your N900, you MUST (for now) use the kernel (kernel-power_2.6.28-maemo46-wl1) from  bleeding-edge.

Feel free to contact me if you need any help regarding this and I will do my best to help you.

Weaponizing the Nokia N900 – Part 3.6 – Portable Rogue AP Point

With continuing the series of weaponizing the N900 and hoping that Infosec Island will continue with their series as well, I have successfully setup my N900 as a rogue AP point.

Firstly, to effectively deploy it you want to make sure your cell phone service (3G for the N900) is quite strong. You may even want to try pinging google or the like and see what the delay is. With a good connection, it will very for me between 70 and 90 milliseconds.

Second, you want to survey the site you’re going to deploy your portable rogue ap point. Luckily, you can run kismet on the N900. Once you have surveyed the site for other AP points, take note of the MAC addresses of each AP point that is specific to the area and also take note of the names of the AP points. With this mac address you can spoof your wlan0 interface to something that is very similar:

ifconfig wlan0 hw ether 00:XX:XX:XX:XX:XX

You will need to have the extra repos enabled to install an application called mobilehotspot. You will also need prior to this, to install the custom kernel for the N900. You will also need ettercap and sslstrip to carry out this attack. See my earlier post for notes on the two: http://zitstif.no-ip.org/?p=451

1.) Get sslstrip up and running, and make sure you have iptables. For steps on using sslstrip check out:
http://www.thoughtcrime.org/software/sslstrip

2.) Spoof your wlan0 hardware address to what is appropriate for the site.

3.) Run the mobilehotspot application.

4.) Wait for a few seconds

5.) Run ettercap by doing so (modify as needed):
ettercap -i wlan0 -q -T -p -u // //

The reason why we don’t have ettercap forward packets, is because the kernel is already doing so due to the mobilehotspot application.

That is pretty much it. You could also do dnsspoofing to send your victims to a server under your control to do drive by attacks.