wismna/hackpi
1
0
Fork 0
mirror of https://github.com/wismna/HackPi.git synced 2025-10-03 15:40:16 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
68b9abb42061ed04809f1e96998f36837110214a
hackpi/readme.md
wismna 68b9abb420 Update readme.md
2017-01-04 15:47:26 -05:00

4.7 KiB
Raw Blame History

HackPi Readme

HackPi is a combination of Samy Kamkar's Poisontap and Responder (original idea by Mubix) on a Raspberry Pi Zero.

I wanted to integrate the two hacking mechanisms on a single Raspberry Pi Zero so that they could work at the same time. I also wanted it to work automatically on Windows, Linux and Mac. However, this proved to be quite complex.

Walkthrough

Quick guide

Basically, clone the poisontap project but replace the files that have the same name by mine:
  • pi_startup.sh
  • dhcpd.conf
  • interfaces
  • rc.local
And merge the contents of config.txt (located in /boot), modules (located in /etc) and isc-dhcp-server (located in /etc/defaults) in your own files.

Create an ethernet gadget

This was the most irritating part of all. The really simple way to do this on the Pi is to follow this guide and use g_ether kernel module. However, this is the old way of doing it and it would definitely not work at all on Windows. During all my test, the gadget was systematically recognized as a COM3 device. I couldn't even force newer versions of Windows (10) to use an Ethernet driver. Also, it's impossible to emulate more than one device at the same time.

So, I started with this great guide, and used the libcomposite kernel module. This was far more advanced as it allows precise configuration of the gadget, as well as giving the ability to emulate more than one device at the same time.

I used an Ethernet gadget adapter as well as the serial adapter configuration. The serial adapter is very very useful, especially while testing the Ethernet configuration, as if you make a breaking change and can't ssh back to your Raspberry Pi Zero, you still can use the console:
sudo screen /dev/ttyACM0 115200

To make the Ethernet gadget work on Windows, I used a little trick. When it's starting the adapter, it will look in its .inf files for a matching driver based on idVendor and idProduct (as well as bcdDevice for revision). Knowing this, I used
echo 0x04b3 > idVendor
echo 0x4010 > idProduct
so that Windows would load its generic RNDIS driver netimm.inf. However, this still wouldn't work for me, even though it appeared to be working for other people. Windows would load the drive but fail to start the adapter with a code 10 error.

Browsing a bit (a lot...) I determined that Windows would only reliably work with a RNDIS configuration. So I added an new configuration designed to emulate the RNDIS function. This configuration had to be the first one defined for Windows to work. Linux and Mac are smart enough to ignore it and load the seconde one, the CDC ECM configuration. And lo and behold, it worked! Windows correctly loaded the driver and the adapter, with no manual intervention. But, it now didn't work on Linux anymore... great.

Bridge interface

I realized (thanks to the serial console) that each configfs configuration creates a new network interface (usb0, usb1 and so on). However, all the servers were listening exclusively on usb0, which was assigned to the RNDIS configuration. Linux ignored this configuration to load the CDC ECM one, where no servers (especially ISC-DHCP) were listening and no routes nor iptables rules were added.

The easy solution could have to duplicate everything, but I decided to create a bridge interface, br0, which would be the master of all usbX interfaces, and make the servers listen on that interface, as well as add the routes and iptable rules. After a bit of fiddling around, it worked!

My gadget is now automatically recognized by Windows and Linux, without having to change anything to the configuration files. But, as there is always a but, you may have noticed that I stopped talking about Mac... and this is because since version 10.11, MacOs is no longer smart enough to load the CDC ECM configuration if it isn't the first one! I tried to work my may around it, to no avail as of now. As a change to correct this would break the Windows compatiblity, I really don't know what to do for the moment to have it working automatically on all three OSs. The only solution for the moment is to comment the two lines linking the RNDIS configuration, so it will work on Mac and Linux (but not anymore in Windows).

Details can be found in the pi_startup.rndis.sh file.