Talks #77 - Adrian Solom - Wireless Routers Failures, Freedom and Flexibility

Transcript

1. Wireless Routers Failures, Freedom and Flexibility Adrian Solom

2. #iotvillage @Defcamp

3. The Target

4. HNAP is bad, mkay? Home Network Administration Protocol Based on

   SOAP Used by Linksys and D-D-Link First attacks on January 2010

5. As seen on the interwebs devttys0.com SOAPAction = getenv("HTTP_SOAPACTION"); if(strstr(SOAPAction,

   "http://purenetworks.com/HNAP1/GetDeviceSettings") == NULL) { ... } SOAPAction = strrchr(SOAPAction, '/'); ... sprintf(command, "sh %s%s.sh > /dev/console", "/var/run/", SOAPAction); system(command);

6. Demo...

7. Custom firmware to the rescue OpenWRT, DD-WRT, Tomato, etc. Complete

   GNU/Linux distros More control over wifi settings Custom apps SSH access Fast update cycle Your WiFi router is a general purpose computer

8. OpenWrt is a complete OS kernel GNU tools and libraries

   aditional software documentation package management distro-specific files 3.18 uClibc / musl luci wiki.openwrt.org opkg /etc/config

9. Networking? quagga - rip / ospf / bgp / is-is

   / babel - (bird) b.a.t.m.a.n. bmx6 olsrd

10. What else works in OpenWRT? erlang git lua perl php

    python ruby aircrack-ng / nmap / snort / tcpdump collectd / rrdtool / zabbix ctorrent / mktorrent / rtorrent / transmission ffmpeg / lame / minidlna freeradius2 / openldap haproxy / nginx / polipo / squid mysql / postgresql / sqlite3 ipsec-tools / openvpn / strongswan asterisk / baresip / kamailio / siproxd / yate

11. Use cases Home router (power user) Coffee shop captive portal

    (WiFiDog.org) Small ISP Computer science class BitCoin miner ASIC controller
12. None
13. None

14. Yoctopuce USB sensors

15. None
16. None
17. None

18. Based on OpenWRT libreCMC / ThinkPenguin TurrisOS PirateBox / LibraryBox

    RIPE Atlas
19. None

20. Thank You [email protected]