- Re4son-Kernel for Raspberry Pi
- Bluetooth
- Kernel Headers
- Nexmon Drivers (included in “current stable” & “old stable”)
- No need to do anything with the latest “current” and “next” kernels
- For older kernel versions:
- Images with Re4son Kernel (Best to use Chrome for download)
- Bluetooth
- Ethernet Gadget
- Source
- Dan The IOT Man
- Using Re4son’s Kali-Pi & the Mana-Toolkit on a Raspberry Pi 3
- Installing
- Mana-Toolkit
- Important Directories:
- Running Mana
- Metapackages
- Conclusion
Re4son-Kernel for Raspberry Pi
For Raspberry Pi 3 and Pi Zero W:
– Press “Y” when prompted to install bluetooth and wifi drivers (not required on Raspbian)
– Say “Y” when prompted to enable bluetooth services (you can still disable it later)
– reboot
Bluetooth
There aren’t any issues with Bluetooth but if you want to de-install or re-install the drivers just type:
## Remove Bluetooth: cd /usr/local/src/re4son-kernel_4* ./install.sh -r ## Re-install Bluetooth: ./install.sh -b
Kernel Headers
You will be offered to install the headers during the kernel installation.
To install them later manually , run the installer again like this:
shell]cd /usr/local/src/re4son-kernel_4*
./install.sh -e[/shell]
Nexmon Drivers (included in “current stable” & “old stable”)
No need to do anything with the latest “current” and “next” kernels
The nexmon drivers are fully stable and now compiled in the kernel tree.
For older kernel versions:
The nexmon drivers enable monitor mode and frame injection for the build in wifi chips of the Pi3B and Pi0W.
The re4son kernel includes the compiled nexmon drivers and firmware with -m6 and -m7 support.
To install, reboot after installing a new kernel and run:
cd /usr/local/src/re4son-kernel_4* ./install.sh -x
If you have any problems with the drivers and wish to rollback to the original ones, just run:
cd /usr/local/src/re4son-kernel_4* ./install.sh -o
Head over to the nexmon project for details:
https://github.com/seemoo-lab/nexmon
Images with Re4son Kernel
(Best to use Chrome for download)
Important: These images use the smallest possible partition size, run “kalipi-config” and extend your partition first thing when you boot up or you run out of space very quickly:
Note: Unofficial Kali images have been retired.
Official Kali Linux images ship with the latest re4son-kernel and kalipi-tft-config already.
Bluetooth
Make sure the bluetooth service is enabled and started, via:
systemctl enable bluetooth systemctl start bluetooth
You are now ready to pair your devices, just like this:
[bluetooth]# agent on Agent registered [bluetooth]# default-agent Default agent request successful [bluetooth]# scan on Discovery started [bluetooth]# pair 00:1F:xx:xx:xx:xx Attempting to pair with 00:1F:xx:xx:xx:xx …snip… Pairing successful [bluetooth]# trust 00:1F:xx:xx:xx:xx [CHG] Device 00:1F:xx:xx:xx:xx Trusted: yes [bluetooth]# connect 00:1F:xx:xx:xx:xx Attempting to connect to 00:1F:xx:xx:xx:xx Connection successful
Voila – there it is, Bluetooth device connected.
Ethernet Gadget
The Re4son-Kernel supports ethernet gadget mode and both Pi zero armel images on this page have the usb0 interface enabled out of the box to allow the initial setup without any additional hardware except a micro usb cable.
Below the steps to get it working:
- Image a micro SD card
- Leave the card in your computer and edit the following two files in the /boot partition:
– cmdline.txt: Add “modules-load=dwc2,g_ether” after “rootwait“
– config.txt: Add “dtoverlay=dwc2“ - Insert the card into your Raspberry Pi zero
- Insert the micro USB cable into the usb port of the Pi (not the power port) and your computer
- Wait for the Pi to boot up and enable ICS for the newly created adapter on your PC or MAC (Don’t have VM’s running at this point)
- Wait a minute and ssh into “kali.mshome.net” from you PC (not sure about Mac).
– If the name resolution doesn’t work, find the IP address of your Pi via:
Edit “/etc/network/interfaces” and add the following stanza:
allow-hotplug wlan0 iface wlan0 inet dhcp wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
Source
For questions or comments please join the discussion in our forum:
https://re4son.com/forum
Last modified: May 12, 2019 @ 9:55 am
Dan The IOT Man
Using Re4son’s Kali-Pi & the Mana-Toolkit on a Raspberry Pi 3
If you want to run Kali Linux on a Raspberry Pi, one great solution is Re4son’s “Sticky Fingers Kali-Pi”. Kali-Pi runs on Raspberry Pi/0/2/3 and includes touch screen and Bluetooth support out of the gate.
If you follow the Kali forums, then you have probably seen Kali-Pi mentioned in any Raspberry Pi related post. Kali-Pi was even featured a few months ago on the Kali.org website:
Kali-Pi’s pre-configured image has several tools already installed and ready to use. This includes the “Mana-Toolkit”.
The author of Kali-Pi provides instructions for installing it manually, but also provides a download link for a ready to go pre-configured Pi image. In this article we will look at installing the pre-configured Kali-Pi image on a Pi3 and quickly cover using it to run the rogue Wi-Fi attack platform, the Mana-Toolkit.
For this article you will need:
- Raspberry Pi 3, with power supply and 32 GB micro SDcard
- Touchscreen display case (I used a Raspberry Pi 7” touchscreen)
- Re4son’s Kali-Pi software
- SD card writer
If you want to perform Wi-Fi scanning, or anything that requires putting the Wi-Fi in monitoring mode, you will probably also want to use a USB Wi-Fi adapter. I used a TP-Link TL-WN722N.
Warning: As always, this article is for educational purposes only. It is illegal to access a computer without the user’s permission. Only use this in a lab environment using systems that you own. Ye have been warned.
Installing
Instructions for using the pre-configured image are included on the author’s website, so I will only briefly touch on the install process. It is always a good idea to check the author’s site for any install changes and the latest install information.
Overview with quick install and manual install instructions:
As mentioned, I will be using the Pi 3 pre-configured image available here:
If you are using a SD card larger than 8GB it will only be partitioned as 8 GB. You need to re-size the partition to get full use of the card. Instructions are provided on the Re4son webpage.
Some of the installed tools can take up a lot of space. I used a 32 GB SD card, so I needed to resize mine so it could access the entire card. I just used the “gparted” command in a Linux VM to resize the partition.
Basically, I ran gparted (make sure you select the correct partition), clicked on the image partition, clicked the Resize button and dragged the partition border across the open space.
Then I clicked the “Apply All Operations” button and it resized the partition.
After the image has successfully installed and the card resized (if needed), we are all set to use it on our Pi.
Insert the memory card into your Pi, and assemble your touchscreen case:
Connect your peripherals to the Pi, apply power and let it boot up.
Next you need to setup your screen, here are the directions from the Quick Start Guide:
- cd /usr/local/src/re4son-kernel_4*
- mount /dev/mmcblk0p1 /boot
- ./re4son-pi-tft-setup -u (updates re4son-pi-tft-setup to the latest version)
- ./re4son-pi-tft-setup -h (lists all options – pick your screen from the list)
- ./re4son-pi-tft-setup -t-d /home/pi (Say “Y” when asked if you want the console to be displayed on the TFT screen)
- reboot
Note: At this point I lost my built-in wireless connection. As I was using a wired connection, it wasn’t a big deal. Though I was able to get it back after a few reboots and trying the different Nexmon switches you can use with the re4son-pi-tft-setup.
And that is it! You should have a functional Kali Linux install on your Raspberry Pi. Now let’s take a look at running the Mana-Toolkit, which is already installed.
Mana-Toolkit
In this section we will cover using the Mana Full NAT script. This creates a fully functional open Access Point for targets to connect to and also performs a man-in-the-middle attack with SSL strip. What this means is that people will see an open Wi-Fi router to connect to, and when they do, we will get a copy of any website they visit or any credentials they enter, possibly even when they are using HTTPS.
For this to be successful I had the Pi connected to the internet through the Lan port, and used my TP-Link USB Wi-Fi adapter for Mana’s rogue access point. That way anyone who connected to the fake Wi-Fi access point created by Mana, would be able to connect out to the internet through the LAN connection.
Important Directories:
- Mana program: /usr/share/mana-toolkit
- Mana configuration settings: /etc/mana-toolkit/hostapd-mana.conf
- Mana startup scripts: /usr/share/mana-toolkit/run-mana
- Mana captured traffic & logs: /var/lib/mana-toolkit
Running Mana
In this directory you will find several scripts that you can run:
See the Mana documentation for a complete description of what each script does. For our demonstration we will run the start-nat-full script that creates a Wi-Fi Access Point, performs SSL strip (attempting to downgrade HTTPS to HTTP) and a man-in-the-middle attack on any clients that connect to it. It then captures any credentials and cookies and stores them in the log folder.
A new open Wi-Fi network should appear. We will be notified when someone connects to the rogue AP, and if they surf to a webpage where credentials are entered, we should see a copy of them in the Mana-Toolkit logs, as seen below.
I connected to the rogue AP from my smartphone and attempted to check my e-mail:
Any activity captured by Mana was listed in the Log directory files:
Scanning through the logs I found this:
Many websites and browsers will now warn you that something is not right and that the browser could not make an encrypted https connection to the host network. But it does still work on some websites.
Metapackages
The Kali-Pi image comes pre-installed with some tools, like the Mana-Toolkit, beEF, Metasploit, mysql, mitmf and a few additional tools, but you can install the Kali metapackages if you would like. Kali Metapackages are security tool packages grouped by function.
If you have 32 GB of space you can install the full Kali Linux install:
But that will take forever, you probably want to install one of the more specialized packages. These are listed on the Kali Metapackages website:
Conclusion
In this brief introduction to Re4son’s Kali-Pi, we covered how to install the pre-configured image on a Pi3 and how to run the Mana Toolkit. Kali-Pi is a fully functional Kali Linux platform which can be expanded by installing additional Kali Metapackages (though I did run into some errors when trying to install a couple of the packages). There are many other interesting features of the Kali-Pi that we may look at in a future article. Re4son also makes a DV-Pi (Damn Vulnerable Pi) that could be used for IoT pentesting, we will most definitely look at this at some point.