DEF CON Forum Site Header Art

Announcement

Collapse
No announcement yet.

The WiFi Kraken Lite Demolab at DEF CON 29

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • The WiFi Kraken Lite Demolab at DEF CON 29

    Tool or Project Name: The WiFi Kraken Lite

    Short Abstract:
    D4rkm4tter and Henry have been obsessed with monitoring wireless networks and have built hardware to meet the challenges of scanning and testing in the most busy and client dense environments. The WiFi-Kraken Lite contends with these issues in a smaller package without sacrificing any monitoring performance. This project is the results of years of research into the most effective way to scan and audit wireless in a single box that can be easily deployed or used as a hardened terminal in the most rugged conditions.

    The WiFi-Kraken Lite consists of a single-board computer which connects 12 wireless radios that enables scanning and auditing WiFi, Bluetooth, LoRaWAN and other commonly used wireless protocols. The number of wireless devices is growing as well as the way those devices are being connected. Having an all-in-one wireless monitoring solution will give you the ability to track this data across these bands and give you the best picture of what’s happening in the air around you.

    This demonstration will provide you the information so that you can build your own all-in-one monitoring device. You will also gain an overview of capture technologies including Kismet that will help you perform this type of analysis in your own environments. Finally once the data is capture, you will get an understanding of efficient data processing using tools like Wireshark and d4rkm4tter’s own PCAPinator tool.

    Short Developer Bio:
    Mike Spicer (d4rkm4tter) is a mad scientist hacker who likes to meddle with hardware and software. He is particularly obsessed with wireless. He has a degree in computer science which he has put to use building and breaking a wide array of systems. These include web application pentesting, wireless monitoring and tracking as well as reverse engineering. He is the creator of the #WiFiCactus and has been seen presenting and demoing at a number of conferences including DEF CON. He is a Kismet cultist and active in the wireless and wardriving communities.

    Henry Hill is an expert with computer hardware and is able to design and build the most bleeding edge systems that are the fastest in the world. His internal knowledge of architecture and system bottlenecks help him build systems capable of extreme processing and even faster storage. Henry is also an expert with mechanical engineering and fabrication. When his modifications aren’t appearing in d4rkm4tter’s projects, they can be seen in his race car at the track.

    URL to any additional information:
    Palshack.org/wifi-kraken-lite (Site will be online for DEF CON)

    Detailed Explanation of Tool:
    The WiFi-Kraken Lite is a wireless monitoring system that is a rugged box with a single board computer and 12 wireless devices that are capable of simultaneously monitoring a large number of frequencies and protocols while storing that data in real time. The primary motivation for this project was to be able to gain visibility into as much of the wireless spectrum as possible in very congested networks in a small rugged form factor. Networks with a large number of clients that have a large number of access points can be difficult to perform analysis on. These networks typically have clients who switch between networks and can switch frequencies lending to more confusion when tracking with only a single radio. By increasing the number of radios as well
    as adding support for other protocols beyond just WiFi, a more complete understanding of the wireless environment can be documented. This information can then be used for defenders or penetration testers to identify vulnerable networks, vulnerable clients, or verify security that can be easily documented and audited.

    The hardware is set up so that it minimizes the number of bottlenecks between the actual frames in the air and when it writes the data to disk. It does this by taking advantage of the high-bandwidth PCI-express bus to connect wireless devices. From there the data transfers to a high-speed NVMe storage device. The operating system is Linux which allows us to take advantage of a number of open source tools and projects that help us capture the data. These projects include Kismet, BlueZ, btscanner, and Feather TFT LoRa Sniffer. Custom scripts help us manage and easily configure The WiFi-Kraken Lite for the desired mode.

    The buildout of the project uses a hardened Pelican like case which provides the ruggedness and physical security so that the system can be left in harsh environments. Inside the case is a mounted LCD screen that gives the user easy access to make changes in the field if necessary. The electronic components including the single board computer wireless cards are all mounted inside to protect them. The project also features battery packs so that it can run for up to 24 hours or longer depending on the monitoring task.

    Data captured with the system can be stored on disk or be analyzed in real time thanks to the internally mounted LCD. Data can also be analyzed remotely by using one of the radios to connect to a nearby laptop. This can be useful in scenarios where the WiFi-Kraken Lite needs to be concealed. The form factor was chosen for not only its strength but also for being inconspicuous especially at conferences where lots of large polycarbonate cases can be seen.

    Further data analysis can be performed in real time thanks to Kismet’s fully featured web dashboard. Additionally post monitoring analysis can be performed using Wireshark or d4rkm4tter’s PCAPinator tool which is a multithreaded wrapper around tshark to optimize queries on large datasets. The wireless data captured in this type of analysis can help to determine vulnerabilities which then you can use The WiFi-Kraken Lite to attack what you found.

    This tool can be used entirely passively as a silent listener to validate bring your own device (BYOD) policies, monitor if wireless attacks are happening against your infrastructure, see if there are strange behaviors happening in your wireless network due to misconfiguration or maliciousness, or track devices as they moved throughout the networks so that you can have a better understanding of client flow. It can be used to perform a number of active attacks including impersonation, evil twin and other common wireless attacks.

    It has never been more important to perform wireless assessments and continual monitoring of your infrastructure considering the number of wireless enabled devices increases daily. Rolling out new wireless infrastructure is costly and implementing the most secure system is daunting for even the most seasoned network integrators. This leads to misconfiguration and sub optimal security settings which are still connected to important infrastructure. For the defender this project brings clarity to the risks and also provides information into the most important mitigations that should be implemented. For the attacker this tool provides valuable recon that will allow them to focus solely on the vulnerable target making as little noise as possible all from it a single box.

    Target Audience:
    Offense, Defense and Hardware

    By bringing equipment that can monitor the latest in wireless technologies, including WiFi 6, this project will shed light on a new and up and coming standard of technology that is slowly being rolled out across the world. With new technology, new tools are required so that research can be conducted to find flaws and validate the real world applications. The WiFi Kraken Lite will bring an enhanced perspective to the wireless monitoring in a box with new tools, new wireless bands captured, and new data processing.
    PGP key: dtangent@defcon.org valid 2020 Jan 15, to 2024 Jan 01 Fingerprint: BC5B CD9A C609 1B6B CD81 9636 D7C6 E96C FE66 156A
Working...
X