/var/log $ cat "UNIT - Universal Network Interaction Thing - Design Idea"
2019-09-07 | raspberry pi wifi network hacking
Introduction
Recently I started working on a project I call UNIT - Universal Network Interaction Thing. The project is inspired on gadgets like mobile WiFi routers, WiFi Pineapple, network implants and so on. I could buy them but out-of-box but they might not do exactly what I want or function properly. So I decided I want to build my own which gives me full control over everything. Also I encountered situations in the past where an pre-build one would not work due to the circumstances.
In brief my use cases include:
- Share a network connection which only allows one device to be connect.
- Provide access to a wired network for wireless-only devices.
- Provide a secure connection through an unstrusted network (e.g. hotel, airport) without configuring user devices.
- Do pentesting / 3:-) stuff.
Design Idea
The diagram below shows what I have in mind:
Basically I want to have six network interfaces: three WiFi and three Ethernet. The idea is to have interfaces over which I can control UNIT to monitor and configure what is running, interfaces which face to an external network and provide internet access and two interfaces to build up my own (internal) network.
Depending on the use case I want UNIT to behave differently at least on a basic level. I call that modes.
Control Interfaces
In order to configure/monitor UNIT, eth0 and wlan0 will act as control interfaces:
- wlan0 is configured as access point to allow control from a wireless device.
- wlan0 acts as DHCP server.
- No routing is done for clients connected to wlan0.
- eth0 is configured using DHCP.
- For both control interfaces no restrictions apply. They are not ment to be connected to untrusted devices or networks not under own control.
- SSH on both interfaces.
- Web interface for easy monitoring and configuration.
Access Point Mode
In access point mode UNIT provides wired and wireless access to (a) trusted wired and/or wireless network(s) via NAT.
Implementation outline:
- eth1 and wlan1 act as external interfaces.
- Both external interfaces are configured using DHCP.
- eth2 and wlan2 act as internal interfaces.
- wlan2 is configure in access point mode.
- Both internal interfaces act as DNS and DHCP server for clients.
- Both internal interfaces only allow traffic into the external network. All traffic from connected clients to UNIT is blocked (except DNS and DHCP).
Privacy Mode
Bascially in privacy mode UNIT functions as in access point mode. But instead of routing client traffic directly into or through the network it is connected to, UNIT will tunnel all traffic through TOR/VPN. If no TOR/VPN connection can be established the clients will have no connection to the unstrusted network.
Evil Mode
Whatever you can think of if you have 2 WiFi and 2 Ethernet adapters available. I still need to define how an what I want. Just to name a few possibilities:
- Network tap
- DEAUTH attacks
- Beacon flooding
- MITM
- Network implant
- Evil Twin
- Rogue AP
- …
Hardware
My requirements for hardware components are:
- I want to be able to power UNIT via USB.
- It should be able to run it from a battery.
- The WiFi interfaces should support 2.4 and 5 GHz networks.
- At least onw WiFi interface should allow monitor mode.
- Ethernet interfaces should have gigabit speed.
- I want the be able to extend the capabilities, e.g. add a LTE mode later
I decided to go for the following setup:
- Raspberry Pi 4 2GB:
- Computing wise maybe a bit to much but why not.
- The great advantage is that there is wide community.
- The 2GB version was due to availability.
- I will use its network interfaces as control interfaces.
- 2x GBit-Ethernet USB3 adapters: I just bought the cheapest I could find hoping they would work (what they did).
- 2x USB3 WiFi dongles:
- I wanted to have external antennas in case I want to use other ones.
- But they should not be to big (like ones with multiple antennas) also.
- Also I want to have it cheap for the time being.
- Choosing a model was not easy because for low-priced WiFi dongles there is often no information available what chipset is used. So it was a bit of a gamble to get one that supports monitor mode. The two dongles I got have some quirks (I’ll write about it in another post). I might change them in a later stage.
- 1x 4-port USB3 hub: using the hub instead of connecting everything directly gives me three free USB ports on the Raspberry.
And this is what it looks like plugged together:
Current Status
I am already a bit past the initial idea and buying some hardware. I will explain in another article what I did and which obstacles I had to overcome to get it working. But in short:
- OS-wise I am using Raspbian which works great.
- The access point mode is working.
- In theory I have my own little mobile router but one big thing that is missing is a case.
- I started working on a simple web monitor/control interface but at the moment it is far from being useful.