Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

Wardrive, Raspberry Pi Style!

I purchased a Raspberry Pi a few weeks back. I found that I could power it, a WiFi card and a GPS from my 12000mah Li-Ion battery pack for about 12 hours. What a great way to explore with out having to have a huge laptop or giant battery in my bag.


From that I did a little bit of driving and biking with this tool kit, passively looking for and logging networks. I could have easily used my NinjaTel phone (and will attempt this in the future), but I wanted something that I didn't have to mess with to much and would have a long batter life to "power all the things".

From this I found that out of 6,164 APs identified, that only %5 had WEP configured ( which is flawed ). That is a total of 327 APs that still had WEP enabled. Not to bad as a basic health check. Of course more data would always be better.

GEarth-image2Hardware Used


Hardware Notes

The Raspberry Pi model B uses 700mah of power alone. If it dips or goes below that, it crashes and will need to be manually rebooted. That is why it's very important to supply at least 1Amp (or more) to the Pi itself and use a USB power splitter cable for the Wifi Device. At first, the Pi was crashing when I would fire up kismet as the USB WiFi adapter pulled more (m)amps then could be supplied from the Pi. Below is a picture of one of these said cables. Plug the pass-though port into the power, and the other into the Raspberry Pi.


Install the OS

First thing to do is get the Pi OS setup. You will need to install the "Raspbian" image, and setup and expand the primary partition to use entire SD card. There are many good tutorials on this, and the Raspberry Pi site has lots of documentation.

Install Dependencies

Once our OS is installed, we will then need to add the necessary packages to support kismet.

SSH into your Pi as "pi", and download the Kismet code (or add it to your apt sources):

wget http://www.kismetwireless.net/code/kismet-2011-03-R2.tar.gz

First things first, screen. Screen is a great tool for having multiple virtual "consoles" that can continue to run in the background. I use them a lot when doing pentests. I could run Kismet in server only mode, but I don't have a kismet client on my stock iPad. But I do have an SSH client, so instead, I'll just run the full ncurses UI in a screen session.

This will allow me to easily detach from the session and reattach where I left off.Also we need to install some per-requisites before we begin compiling Kismet. I'm installing tcpdump as well. It's a very valuable tool to check and verify network traffic, or just peak at the data going across a network.

sudo apt-get install screen gpsd ncurses-dev libpcap-dev tcpdump

Wait for that to finish... Get some coffee or Tea.

Configure GPSD

Next, configure GPSD for your equipment. As I used a USB GPS device, I just updated the file /etc/default/gpsd with my relevant hardware.


Install Kismet

Now we get to compile and install Kismet from the source we downloaded earlier.

tar xfvz kismet-2011-03-R2.tar.gzcd kismet-2011-03-R2./configuresudo make install

This takes a while... like minutes... reminds me of the days of of sub Ghz processors, oh wait that is what the Pi is. It's great for graphics, but kind of slow for compiling, and I believe that is due to the SD card bus being the bottleneck.

Configure Kismet

Next, to speed the start-up of kismet, edit your /usr/local/etc/kismet.conf to point at your wireless card. Check out the Kismet README, section five, for examples for your card. Otherwise, the newer version of Kismet will ask you for the wireless interface each time it starts up.

I added the following line to the /usr/local/etc/kismet.conf config file:



Wardrive, Warchalk, Warwalk, Warbike!

Now plug in "all the things" and take it out on the town for a spin.

Go for a drive, walk, or bike (my favorite past time) and collect some data. Then take that raw kismet data and combine it using the netxml2kml python script. Run it though netxml2kml.py, and then import the KML data into Google Earth and plot your WiFi data. Check out which of your neighbors still have WEP. Ideally, the next feature should be showing where people still have WPS enabled, but that's for another time.