Using the N900 for Fun and Profit.

One of the main reasons I purchased a Nokia N900 was due to the mere fact that stuffed inside (of the gorgeous hardware) is a recent Linux kernel, packaged with the regular GNU tools that make computing ever so enjoyable and apt/dpkg, which is arguably the greatest binary package managing system known to man. Back in the day, I was big into the blackhat side of life, something that never really leaves you. 10 years later I found myself writing small patches for Neutrino RTOS and wepattack, causing mayhem with the guys at and building custom translators for GNU/Hurd. Having a device with the power that I have on my desktop at home, is paramount.

Some of the tools that I use on my N900 are pen-testing related, development/debugging and general network mayhem purposes. I’ve created a short list of the applications I’ve cross compiled, packaged, had to do general hackwork on or ones that simply Just Work (tm) on my N900;


1). Metasploit - After some quick tips and talks with @hdmoore, I packaged up ruby, sqlite and gems that provided metasploit and db access. I later removed sqlite (I don’t need databasing anyway) and went with ruby et al packages from the maemo repositories for ease of use.



2). Ettercap-NG - I had numerous issues with lib linking with ettercap, pcre and GTK but got some help by a real dapper chap (@tchouky) with patches and binaries to boot. Both GTK and curses interfaces work, although it’s a bit difficult to use curses with the device keyboard, better suited for BT or SSH.

Screenshot-20100413-141848 Screenshot-20100413-141909


3). Wireshark / Ethereal - Needs to be “hildonized” by the binary packages in repositories work as described. Capture works, promiscuous mode works and packet dissection works. I’d like to incorporate the LORCON Injection Patch eventually when we get raw frame support with WL1251.

Screenshot-20100413-143911 Screenshot-20100413-143919


4). SSLStrip - Since we’ve got Ettercap-NG we can setup ARP poisoning and other MiTM attacks. SSLStrip can be used to gank traffic out of encapsulation. Python2.5.4 along with python-twisted-web and conch are all in the maemo repositories, and sslstrip runs perfectly fine with no modifications.



5). dsniff - I found a package at the Maemo Garage with everything seemingly in order apart from functional arpspoof, seems to be an issue with my libnet installation. I’ve had to symlink too many libraries around it seems I might have dropped some compile flags wrong on my copy of libnet. You’ll need to symlink libcrypto and libssl files in /usr/lib to make it play nicely (after installing them from the repo) but it runs and returns no errors. I have yet to use it in a mischievous fashion.

6). kippo - I recently heard about this tool and Kojoney on the PaulDotCom podcast. If you have the above tools working, you’ll also have all the required dependencies for kippo. Unfortunately it seems that python-crypto has some false files and it doesn’t link properly. I’ll be working on this and submitting a package.

7). nmap - Yep. From the repo. Works mint.



8). w3af - A bit tricky to get working. I’ve been using a debian chroot (also installable from repo) but I’m certain it’s possible to get all the libraries over and running “natively”. I probably won’t bother, since NeoPwn2 will  achieve that.


9). aircrack-ng - Semi functional for crunching. Not useful for on-the-spot penetration. It’s in the repositories. It’s an old version. You should checkout the newest source via svn and compile it.

Screenshot-20100413-155322 Screenshot-20100413-155326



10.) nikto - Without breaking my perl packages by installing a bucket load of modules for SSL, nikto2 runs just great.




That’s all for PART 1. Stay tuned for PART 2 of all the little tools you should keep in your arsenal. The little work I’ve done will pale in comparison to the work that’s being done on the BackTrack Mobile N900 images, which hopefully will be ready for public release shortly. I really can’t wait for the great work these guys are doing. You should check out the podcast episode 005 where the boys over at Social Engineer interview the BackTrack Linux development team (the same guys working on NeoPwn / BackTrack Mobile). Really good stuff.




dre said...

I would think that you could use a Alfa AWUS306H in a USB slot to do frame injection, and thus, support Karma. Have you tried this?

Simon said...

Host Mode is still being worked on. It was possible with the N810, so it will eventually work.

BackTrack Mobile will be released shortly after BH2010, and provides patched drivers for the WL1251 chip to allow live injection, negating the requirement for a USB module.

Anonymous said...

I was very happy to find this page. I want to to thank you for your time just for this wonderful read!!
I definitely loved every bit of it and i also have you book-marked
to see new things in your blog.

My homepage - how to grow taller

Post a Comment