Background

This is the first workshop I've ever created for the Northern Ireland Raspberry Pi Jam, they are a group that run a monthly "jam" in order to teach people of all ages about programming, robotics, the Raspberry Pi and a whole range of other STEM related subjects. I think it's an absolutely brilliant way to get people interested and involved in technology, teaching people through workshops has helped me become a better programmer, teacher and communicator as I'm definitely better at explaining concepts and ideas than I was before.

Link to worksheet PDF

I've been a helper at the Raspberry Pi Jam since about September/October 2017 and I offered to help make another workshop for the participants to do. I really wanted to do a workshop on something related to infosec however the caveat was that it had to be based and run on a Raspberry Pi meaning that any attacks featuring computationally expensive tasks or any windows/mac OS attacks are off of the table, meaning I had to find an attack that could be easily run off of a Raspberry Pi.

Looking back over personal projects I've done at home I thought a workshop featuring Aircrack-NG would be very good as it teaches the principles of why updated protocols are important, what an attacker can do once they're on your network, is computationally inexpensive as the key cracking program run-time gets exponentially less with the number of IV's captured and is not too complicated to pull off once you have the commands in the right order.

The only issue was trying to get Aircrack-Ng to run on a Raspberry Pi-3 Model B.

Configuring the Pi's to run Aircrack-Ng

Within the Raspberry-Pi Model 3 there is a Wi-Fi chip manufactured by broadcomm which unfortuantely does not allow "monitor mode" as the firmware actively blocks it, this mode allows the chip to listen to Wi-Fi packets being sent nearby which is essential for the Wi-Fi cracking process, so below are the step by step instructions in setting up a Pi 3 for Wi-Fi cracking by flashing the firmware, allowing the chip to enter monitor mode.

  1. Flashing the Wi-Fi chip firmware with Nexmon
  2. Installing Aircrack and it's dependancies
  3. Checking it has installed and ran correctly
Raspberry Pi 3 Model B
Raspberry Pi 3 Model B

Flashing the chip

A lot of the online forums I researched online said that it was impossible for the Pi 3 to run aircrack as monitor mode was unavaliable to the hardware but thankfully after hoking around online I found a great flashing utility called Nexmon, without them putting this amazing utility online this workshop would not be possible.

What this firmware patch does is allow the Wi-Fi chip to enter monitor mode so that we can begin sniffing packets.

As always follow the latest instructions here to do it manually, however I'm writing a batch file you can run on your Pi that will execute all of the commands for you instead of having to type them out. Otherwise open up a terminal and try each command in order.


sudo su
apt-get update && apt-get upgrade
sudo apt install raspberrypi-kernel-headers git libgmp3-dev gawk qpdf bison flex make
git clone https://github.com/seemoo-lab/nexmon.git
cd nexmon
cd buildtools/isl-0.10
./configure
make && make install
ln -s /usr/local/lib/libisl.so /usr/lib/arm-linux-gnueabihf/libisl.so.10
cd /
cd nexmon
source setup_env.sh
make
cd patches/bcm43430a1/7_45_41_46/nexmon/patches/bcm43455c0/7_45_154/nexmon/
make
make backup-firmware
make install-firmware
cd utilities/nexutil/
make && make install

If there are any errors at all I reccomend checking the Nexmon Repo itself here


Installing Aircrack RC-4

Hopefully if Nexmon flashed correctly then we can move onto getting aircrack installed onto the Pi.

Open a terminal, preferably as superuser and type the following commands, I'm making a batch file which will be completed soon.

apt-get -y install libssl-dev libnl-3-dev libnl-genl-3-dev ethtool

Above are some essential libraries that the Pi needs to get aircrack working, if the subsequent steps do not execute correctly, try installing each of the above packages independently.

Sudo su
wget http://download.aircrack-ng.org/aircrack-ng-1.2-rc3.tar.gz
tar -zxvf aircrack-ng-1.2-rc3.tar.gz
cd aircrack-ng-1.2-rc3
sudo make
sudo make install

If the above commands executed without throwing any errors, then we are ready to test if everything worked correctly!


Testing everything worked correctly

This is the moment of truth, open up a terminal on your pi and type in

Sudo su
nexutil -m2
airmon-ng start wlan0

If these commands execute without any errors and you see a screen similar to the one below then congratulations! You've correctly configured your pi to be able to open monitor mode and launch Aircrack! Now we can get started cracking some WEP Wi-FI

You should see something similar to this screen if everything worked correctly

 


Running the attack

First and foremost set up a Wi-Fi Router which you own or at least have the owner's permission to start cracking into, once you have this, go into the settings of the router and set a WEP password, for this attack to work, connect at least one device to it like a mobile phone or a laptop, we'll need this for later.