Wireless pentest in my pocket
Some may know that I really enjoy working on wireless security. However, pentesting tools for wireless systems usually are not so mobile as it should be.
Before going into details I would like to remind that, although WiFi (802.11) works on ISM band and it is perfectly legal to use these frequency under your country’s regulations, it is not so ethic to perform any penetration test or intrusion to anyone without their permission.
In the past I was using the below Raspberry Pi2 with an attached WiFi dongle in the same case. Also, in order to power it up, I was using a 7000MAh Sony power bank. The result was something you do not want to carry on your pocket. Yet, with a single WiFi dongle, it was not possible to work on 3 non-overlapping WiFi channels (1,6, and 11) without hoping. This was especially a problem when the startup script was set to a specific channel while you want to work on another. Whenever this happens, I had to pull out the usb memory out from Raspberry Pi and plug it into my phone (OTG) and edit the startup script.
Then one day Raspberry Pi Zero came out. It was both thin and had low power consumption. Therefore, I decided to use it for this project.
The idea was simple. Get a Pi Zero, add a usb hub, add 3 nano wifi dongles and use old cell phone battery, then put all into a wallet.
From one of the local hardware store, I bought a USB hub and 3 Zyxel WiFi dongle. To make the device as thinner as possible I removed the plastic cover on them and solder.
I don’t know why but for some reason Pi Zero is some what picky about the USB hub. The first one I tried didn’t work on Pi zero although it was working all other versions of Raspberry Pi. Anyway, I tried another one and it did work.
Next, I removed the charger circuit of a dead lithium battery and connect it to another battery(thin) from an old phone.
Finally, I installed Kali into Pi Zero and set all parts into a wallet and wrote a basic bash script to get wireless adapters to go monitor mode for all of the 3 non-overlapping channels.
You will notice that the lithium battery pack is very small. It is actually 900mAh. However, Pi Zero does not require too much power and there are many thin batteries out in the market if you need more time. On the other hand WiFi dongles were the real problem. The main chip on them (Ralink RT3070) actually works with 3.3Volts. In order to maintain 3.3V from 5 Volt USB power, Zyxel used linear voltage regulator instead of switching ones. As you may guess this cause heat and therefore energy consumption problems. I have a strong feeling that I will replace them soon.
In any way, I am satisfied with the final solution. Now it is possible to put the wallet into my pocket and carry it anywhere I want.