Fonera 2.0g as a standalone wardriving device

Needed parts:

• A Fonera 2.0 (1st Fon wireless router featuring a USB port)
• An externally powered USB hub
• A USB GPS receiver  gpsd ready (compatibility list)
• A USB pendrive
• 8 AA rechargeable batteries or 2 equivalent battery packs
• Optional: 2 battery holders

Hardware setup:

4 batteries will power the Fonera and the others 4 will power USB hub, ie: pendrive and GPS receiver. Both devices should carry a voltage regulator, so as long as your batteries deliver around 5v you’ll be fine. I advise batteries of at least 1600mAh. My setup allows wardriving secessions lasting about 3 hours.

Firmware:

I use OpenWrt 10.03 Backfire on Fonera 2.0g, which requires the atheros build. Plenty of tutorials to flash a Fonera with standard OpenWrt are available. I advise using Gargoyle Router FonFlash tool.

Software packages:

With my Globalsat BU-353 GPS receiver here is the packages i needed to wardrive and troubleshoot:

# opkg install kismet-server gpsd netcat hotplug2 kmod-usb2 kmod-fs-vfat kmod-nls-base kmod-nls-cp437 kmod-usb-serial-pl2303 usbutils coreutils-stty picocom

The issue is to find a gpsd version that works well with your GPS receiver, your version of kismet and your openwrt environment. After trying several combinations which were either not working or proved to be unstable; I came-up with the following working perfectly with openwrt 10.03:

• http://hk.airpost.net/openwrt/libncurses_5.7-2_atheros.ipk
• http://hk.airpost.net/openwrt/libstdcpp_4.3.3%2Bcs-42_atheros.ipk
• http://hk.airpost.net/openwrt/kismet-server_2010-01-R1-1_atheros.ipk
• http://hk.airpost.net/openwrt/gpsd_2.37-4_atheros.ipk
• http://hk.airpost.net/openwrt/gpsd_2.37-5_atheros_include_cgps.ipk

I built a version of the gpsd package including cgps, which standard openwrt make file do not include. I found cgps to be a useful command line client for troubleshooting. To locate issues with gpsd, another useful client might be xgps which as an X11 interface.

Configure and launch:

Here is the kismet.conf I use. It only retrieve public info about the SSIDs (BSSIDs, cypher, channel, etc.) and store them in my usb pendrive. No personal info is stored (No traffic log).

Get inspire by my /etc/init.d script to setup and launch the wardriving session:

#!/bin/sh /etc/rc.common
# Wardriving script

STOP=40

start() {
mount /dev/sda1 /mnt/sda1
gpsd /dev/ttyUSB0 -n -G
/usr/bin/kismet_server &
}

stop() {
killall kismet_server
killall gpsd
sync
umount /mnt/sda1
}

Use collected datas:

I hadn’t the time to setup a neet implementation, but there is endless possibilities when serving collected data via a web server installed on the Fonera. You can even use XSLT to dynamically transform the XML files generated by kismet!

As an example, here is a quick XSLT script I’ve done to put BSSIDs in CSV files:

<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"   version='1.0'>

  <xsl:output method="text" encoding="utf-8"/>

<!-- Parse "wireless-network" template only if attribute "type" is "infrastructure" -->
  <xsl:template match="wireless-network">
   <xsl:if test="@type='infrastructure'">
   <xsl:apply-templates/>
   </xsl:if>
  </xsl:template>

<!-- Write essid to csv and "cloaked" if "cloacked" attribute is true -->
  <xsl:template match="essid">
    <xsl:if test="@cloaked='true'">
    <xsl:text>cloaked</xsl:text>
   </xsl:if>
    <xsl:value-of select="text()"/>
    <xsl:text>,</xsl:text>
  </xsl:template>

<!-- Write BSSID to csv and create a new line -->
  <xsl:template match="BSSID">
    <xsl:value-of select="text()"/>
    <xsl:text>
</xsl:text>
  </xsl:template>

<!-- Ignore everything else -->
  <xsl:template match="text()">
  </xsl:template>

</xsl:stylesheet>

Advertisement