tag:blogger.com,1999:blog-31169746633886969712024-03-09T17:27:17.625-05:00Mr-Protocol's BlogMr-Protocol's Blog of random things.Mr-Protocolhttp://www.blogger.com/profile/00800626757082803903noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-3116974663388696971.post-74027426443106140302019-06-29T20:36:00.003-04:002022-03-01T19:24:56.477-05:00My first domain.Well. It's 2019 and I bought my first domain. So here we are.Mr-Protocolhttp://www.blogger.com/profile/00800626757082803903noreply@blogger.comtag:blogger.com,1999:blog-3116974663388696971.post-17903868343067901322016-11-22T22:45:00.006-05:002022-03-01T19:25:15.843-05:00HackRF One: GPS SimulationHere we go. I have been meaning to make this post for a while now. I have parts needed and worked through some bumps to get this working. It keeps it pretty localized, approximately 15 foot range with line of sight.<br />
<br />
<strong><span data-darkreader-inline-color="" style="--darkreader-inline-color: #ff2727; color: red;"><span style="font-size: 24px;">WARNING! MAY BE ILLEGAL IN YOUR AREA. Check all regulations that apply to you. I am not responsible for your actions. Don't be that guy/gal, keep it in safe test environments.</span></span></strong><br />
<strong><span data-darkreader-inline-color="" style="--darkreader-inline-color: #ff2727; color: red;"><span style="font-size: 24px;"><br /></span></span></strong>
<strong>Software:</strong><br />
<strong><br /></strong>
Linux SDR distribution. I use Kali and installed the SDR tools.<br />
<br />
<div aria-label="pre widget" class="cke_widget_wrapper cke_widget_block cke_widget_selected" data-cke-display-name="pre" data-cke-filter="off" data-cke-widget-id="6" data-cke-widget-wrapper="1" role="region" tabindex="-1">
<pre class="ipsCode prettyprint lang-html prettyprinted cke_widget_element" data-cke-widget-data="%7B%22classes%22%3A%7B%22prettyprinted%22%3A1%2C%22lang-html%22%3A1%2C%22prettyprint%22%3A1%2C%22ipsCode%22%3A1%7D%7D" data-cke-widget-keep-attr="0" data-cke-widget-upcasted="1" data-widget="ipscode" id="ips_uid_6094_6"><span class="pln">apt update && apt upgrade -y && apt dist-upgrade -y && apt install kali-linux-sdr</span></pre>
<pre class="ipsCode prettyprint lang-html prettyprinted cke_widget_element" data-cke-widget-data="%7B%22classes%22%3A%7B%22prettyprinted%22%3A1%2C%22lang-html%22%3A1%2C%22prettyprint%22%3A1%2C%22ipsCode%22%3A1%7D%7D" data-cke-widget-keep-attr="0" data-cke-widget-upcasted="1" data-widget="ipscode" id="ips_uid_6094_6"><span class="pln">
</span></pre>
</div>
<a data-cke-saved-href="https://github.com/osqzss/gps-sdr-sim" href="https://github.com/osqzss/gps-sdr-sim" ipsnoembed="true" rel="external nofollow">https://github.com/osqzss/gps-sdr-sim</a><br />
<br />
<a data-cke-saved-href="http://www.labsat.co.uk/index.php/en/free-gps-nmea-simulator-software" href="http://www.labsat.co.uk/index.php/en/free-gps-nmea-simulator-software" ipsnoembed="true" rel="external nofollow">http://www.labsat.co.uk/index.php/en/free-gps-nmea-simulator-software</a><br />
<br />
<strong>Hardware:</strong><br />
<strong><br /></strong>
1x HackRF One <a data-cke-saved-href="https://hakshop.com/collections/wireless-gear/products/hackrf?variant=701314117" href="https://hakshop.com/collections/wireless-gear/products/hackrf?variant=701314117" ipsnoembed="true" rel="external nofollow">https://hakshop.com/collections/wireless-gear/products/hackrf?variant=701314117</a><br />
<br />
1x Board design <a data-cke-saved-href="https://github.com/osqzss/gps-sdr-sim/tree/master/extclk" href="https://github.com/osqzss/gps-sdr-sim/tree/master/extclk" ipsnoembed="true" rel="external nofollow">https://github.com/osqzss/gps-sdr-sim/tree/master/extclk</a><br />
<ul>
<li>I used OSHPark and got 3x for $1.80 USD <a data-cke-saved-href="https://oshpark.com/shared_projects/LUrNnBgA" href="https://oshpark.com/shared_projects/LUrNnBgA" ipsnoembed="true" rel="external nofollow">https://oshpark.com/shared_projects/LUrNnBgA</a></li>
</ul>
1x TCXO <a data-cke-saved-href="http://www.digikey.com/product-detail/en/FOX924B-10.000/631-1067-1-ND/1024772" href="http://www.digikey.com/product-detail/en/FOX924B-10.000/631-1067-1-ND/1024772" ipsnoembed="true" rel="external nofollow">http://www.digikey.com/product-detail/en/FOX924B-10.000/631-1067-1-ND/1024772</a><br />
<br />
1x Ceramic Capacitor <a data-cke-saved-href="http://www.digikey.com/product-detail/en/murata-electronics-north-america/GRM219R61A105KA01D/490-5760-1-ND/2771955" href="http://www.digikey.com/product-detail/en/murata-electronics-north-america/GRM219R61A105KA01D/490-5760-1-ND/2771955" ipsnoembed="true" rel="external nofollow">http://www.digikey.com/product-detail/en/murata-electronics-north-america/GRM219R61A105KA01D/490-5760-1-ND/2771955</a><br />
<br />
1x Header Pins <a data-cke-saved-href="http://www.digikey.com/product-detail/en/amphenol-fci/67997-412HLF/609-3244-ND/1878517" href="http://www.digikey.com/product-detail/en/amphenol-fci/67997-412HLF/609-3244-ND/1878517" ipsnoembed="true" rel="external nofollow">http://www.digikey.com/product-detail/en/amphenol-fci/67997-412HLF/609-3244-ND/1878517</a><br />
<br />
1x Passive Antenna for GPS <a data-cke-saved-href="http://www.digikey.com/product-search/en?keywords=TS.07.0113" href="http://www.digikey.com/product-search/en?keywords=TS.07.0113" ipsnoembed="true" rel="external nofollow">http://www.digikey.com/product-search/en?keywords=TS.07.0113</a><br />
<br />
1x 30 db RF attenuator. I purchased one off ebay. Specs: SMA male - SMA Female, 30 dB, 50 Ohm, 2W max power, DC to 6 GHz<br />
<br />
Soldering Iron, Flux, Solder, etc.<div><br /></div><div>Optional (Same part):</div><div><div><a href="https://www.hammfg.com/part/1455J1201">https://www.hammfg.com/part/1455J1201</a></div><div><a href="https://www.digikey.com/en/products/detail/hammond-manufacturing/1455J1201/1090702?s=N4IgTCBcDaIBIFkAcBOADAWgHYBMQF0BfIA">https://www.digikey.com/en/products/detail/hammond-manufacturing/1455J1201/1090702?s=N4IgTCBcDaIBIFkAcBOADAWgHYBMQF0BfIA</a></div>
<br />
<strong>Getting it working:</strong><br />
<strong><br /></strong>
Construct the board using the pictures from the github as a reference: <a data-cke-saved-href="https://github.com/osqzss/gps-sdr-sim/blob/master/extclk/hackrf_tcxo.jpg" href="https://github.com/osqzss/gps-sdr-sim/blob/master/extclk/hackrf_tcxo.jpg" ipsnoembed="true" rel="external nofollow">https://github.com/osqzss/gps-sdr-sim/blob/master/extclk/hackrf_tcxo.jpg</a><br />
<br />
Connect your RF attenuator and GPS antenna to the HackRF.<br />
<br />
After you have checked all your solder joints for the external clock, see if the hackRF will detect the clock via <a data-cke-saved-href="https://github.com/mossmann/hackrf/wiki/HackRF-One" href="https://github.com/mossmann/hackrf/wiki/HackRF-One" ipsnoembed="true" rel="external nofollow">https://github.com/mossmann/hackrf/wiki/HackRF-One</a><br />
<br />
<div aria-label="blockquote widget" class="cke_widget_wrapper cke_widget_block cke_widget_selected" data-cke-display-name="blockquote" data-cke-filter="off" data-cke-widget-id="5" data-cke-widget-wrapper="1" role="region" tabindex="-1">
<blockquote class="ipsQuote cke_widget_element" data-cke-widget-data="%7B%22classes%22%3A%7B%22ipsQuote%22%3A1%7D%7D" data-cke-widget-keep-attr="0" data-cke-widget-upcasted="1" data-ipsquote="" data-widget="ipsquote">
<div class="ipsQuote_citation">
Quote</div>
<div class="ipsQuote_contents ipsClearfix cke_widget_editable" contenteditable="true" data-cke-enter-mode="1" data-cke-widget-editable="content">
<h2 data-darkreader-inline-bgcolor="" data-darkreader-inline-border-bottom="" data-darkreader-inline-color="" style="--darkreader-inline-bgcolor: #242729; --darkreader-inline-border-bottom: #505659; --darkreader-inline-color: #ffffff; background-color: white; border-bottom: 1px solid rgb(238, 238, 238); box-sizing: border-box; color: #333333; line-height: 1.25; margin-bottom: 16px; margin-top: 24px; padding-bottom: 0.3em;">
<span style="font-size: 14px;">External Clock Interface (CLKIN and CLKOUT)</span></h2>
<div data-darkreader-inline-bgcolor="" data-darkreader-inline-color="" style="--darkreader-inline-bgcolor: #242729; --darkreader-inline-color: #ffffff; background-color: white; box-sizing: border-box; color: #333333; font-size: 16px; margin-bottom: 16px;">
<div style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; margin-bottom: 16px;">
HackRF One produces a 10 MHz clock signal on CLKOUT. The signal is a 10 MHz square wave from 0 V to 3 V intended for a high impedance load.</div>
<div style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; margin-bottom: 16px;">
The CLKIN port on HackRF One is a high impedance input that expects a 0 V to 3 V square wave at 10 MHz. Do not exceed 3.3 V or drop below 0 V on this input. Do not connect a clock signal at a frequency other than 10 MHz (unless you modify the firmware to support this). You may directly connect the CLKOUT port of one HackRF One to the CLKIN port of another HackRF One.</div>
<div style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; margin-bottom: 16px;">
HackRF One uses CLKIN instead of the internal crystal when a clock signal is detected on CLKIN. The switch to or from CLKIN only happens when a transmit or receive operation begins.</div>
<div style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; margin-bottom: 16px;">
To verify that a signal has been detected on CLKIN, use <code data-darkreader-inline-bgcolor="" style="--darkreader-inline-bgcolor: rgba(36, 39, 41, 0.1); background-color: rgba(255, 255, 255, 0.1); border-radius: 3px; box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; margin: 0px; padding: 0.2em 0.4em;">hackrf_debug --si5351c -n 0 -r</code>. The expected output with a clock detected is <code data-darkreader-inline-bgcolor="" style="--darkreader-inline-bgcolor: rgba(36, 39, 41, 0.1); background-color: rgba(255, 255, 255, 0.1); border-radius: 3px; box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; margin: 0px; padding: 0.2em 0.4em;">[ 0] -> 0x01</code>. The expected output with no clock detected is <code data-darkreader-inline-bgcolor="" style="--darkreader-inline-bgcolor: rgba(36, 39, 41, 0.1); background-color: rgba(255, 255, 255, 0.1); border-radius: 3px; box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; margin: 0px; padding: 0.2em 0.4em;">[ 0] -> 0x51</code>.</div>
</div>
</div>
</blockquote>
</div>
Git clone <a data-cke-saved-href="https://github.com/osqzss/gps-sdr-sim" href="https://github.com/osqzss/gps-sdr-sim" ipsnoembed="true" rel="external nofollow">https://github.com/osqzss/gps-sdr-sim</a> and follow the instructions to compile.<br />
<br />
Go into the satgen directory and run make as well.<br />
<br />
Download a brdc*.*n.Z from <a data-cke-saved-href="ftp://cddis.gsfc.nasa.gov/gnss/data/daily/2016/brdc/" href="https://cddis.nasa.gov/archive/gnss/data/daily/2021/" ipsnoembed="true" rel="external nofollow"><strike>ftp://cddis.gsfc.nasa.gov/gnss/data/daily/2016/brdc/</strike></a> <a href="https://cddis.nasa.gov/archive/gnss/data/daily/2021/">https://cddis.nasa.gov/archive/gnss/data/daily/2021/</a> and unzip the file.<br />
In order to get this working with the HackRF, you need to use the -b flag with a value of 8. Here is a modified example from the github page:<br />
<br />
./gps-sdr-sim -b 8 -e brdc3540.14n -l 37.808880,-122.410167,216 -o StaticLocation.bin<br />
<br />
This runs the program using -b 8 for the HackRF, -e for the historic GPS ephemeris data (This cannot do current day, but yesterday's compiled file should work. Read up more on that if you are interested.), -l for gps location and the last number is the altitude in meters, -o for output.bin file. The max duration for gps-sdr-sim is 300 seconds. If you use the default/max 300 seconds, it will generate a ~1.5 GB output.bin file. Keep this in mind if you are saving multiple locations. If you forget to use the -o option, it will create gpssim.bin.<br />
<br />
From there you can broadcast that .bin file with HackRF using the following command:<br />
<br />
hackrf_transfer -f 1575420000 -s 2600000 -a 1 -x 0 -R -t StaticLocation.bin<br />
Use hackrf_tansfer -h to know what all the options do.<br />
<br />
You may notice that your phone will not accept the GPS broadcast. The first thing to do is enable "Device Only" GPS mode. Do not use High Accuracy. I also had to use an app (GPS Status) in order to clear my A-GPS cache. Then I use a different app (GPS Test) in order to see if my phone gets a GPS lock. I usually leave the phone in airplane mode with WiFi turned off in order for GPS Status to clear the cache and not auto-download A-GPS data. Then I will run GPS Test and wait for a lock before turning on WiFi.<br />
<br />
Garmin GPS units and similarly other devices shouldn't have an issue detecting your GPS signals.<br />
<br />
<strong>Creating Paths:</strong><br />
<strong><br /></strong>
You can create a path using Google Earth and saving out the path into a KML. Using that SatGen program, you can load the KML and it will show you some options you can manipulate, and also a crude picture of your path.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgulg-QxRrwqXkbVeSnMk9jl2_ka8f_dsYz03-xOP1ZQLvVUGQygQAsMWo17euw_19s_fN24uJHVGyfFgz2ZC9iIBj5ScIVB5RVyIkyTLp03dRQfNfHaaxkuzr-bnEH88ZUU1_vvxl1soQX/s1600/satgen.JPG.9d9f28b20f975144339654d3f31669eb.JPG" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgulg-QxRrwqXkbVeSnMk9jl2_ka8f_dsYz03-xOP1ZQLvVUGQygQAsMWo17euw_19s_fN24uJHVGyfFgz2ZC9iIBj5ScIVB5RVyIkyTLp03dRQfNfHaaxkuzr-bnEH88ZUU1_vvxl1soQX/s320/satgen.JPG.9d9f28b20f975144339654d3f31669eb.JPG" width="255" /></a></div>
<br />
<br />
You can manipulate some of the options to your liking and hit the preview button to have it refresh and show your new speed graph. When you are happy, click "Generate NMEA" and save that file.<br />
Move that file over to the gps-sim-sdr/satgen directory and run the program which you should have compiled earlier to convert the NMEA to a user motion file for gps-sdr-sim.<br />
<br />
<div aria-label="pre widget" class="cke_widget_wrapper cke_widget_block cke_widget_selected" data-cke-display-name="pre" data-cke-filter="off" data-cke-widget-id="2" data-cke-widget-wrapper="1" role="region" tabindex="-1">
<pre class="ipsCode prettyprint lang-html prettyprinted cke_widget_element" data-cke-widget-data="%7B%22classes%22%3A%7B%22prettyprinted%22%3A1%2C%22lang-html%22%3A1%2C%22prettyprint%22%3A1%2C%22ipsCode%22%3A1%7D%7D" data-cke-widget-keep-attr="0" data-cke-widget-upcasted="1" data-widget="ipscode" id="ips_uid_6663_15"><span class="pln">./nmea2um
Usage: nmea2um </span><span class="tag"><nmea_gga></span><span class="pln"> </span><span class="tag"><user_motion></span></pre>
</div>
Once you have your user motion file created. You can use that in the gps-sdr-sim using the -u option.<br />
<br />
./gps-sdr-sim -b 8 -e brdc2980.16n -u Hak5_Usermotion -o Hak5example.bin<br />
Notice the total time at the bottom of the SatGen program 111.40 seconds. You will need to keep it under 300 seconds to work with gps-sdr-sim. You can modify gps-sdr-sim to increase the max number of seconds by editing USER_MOTION_SIZE in gpssim.h and then recompile with gcc. Use caution as this will allow you to create very large files. The default of 300 seconds caps approximately 1.5 GB.<br />
<br />
From there it's a matter of transmitting the .bin file like before.<br />
<br />
hackrf_transfer -f 1575420000 -s 2600000 -a 1 -x 0 -R -t Hak5example.bin<br />
<br />
Cheers!</div><div id="gtx-trans" style="left: 516px; position: absolute; top: 1616.86px;"><div class="gtx-trans-icon"></div></div>Mr-Protocolhttp://www.blogger.com/profile/00800626757082803903noreply@blogger.com1tag:blogger.com,1999:blog-3116974663388696971.post-77283405677935560982013-12-02T20:10:00.003-05:002022-03-01T19:25:27.376-05:00WiFi Pineapple Mark IV - Clean Flash UART<h2>
Mark IV Clean Flash over Serial (UART)</h2>
<br />
<h3>
<span style="color: red;">Attention!</span></h3>
<span style="color: red;">DO NOT USE ON BATTERY POWER!</span><br />
Always use the AC Adaptor.<br />
<br />
<h4>
Why you would want to clean flash</h4>
<br />
<ul>
<li>Because you somehow bricked your pineapple</li>
<li>You have a new Hornet-UB (Hornet-UB only has the bootloader, no OpenWRT)</li>
</ul>
<h4>
Where to connect the UART</h4>
To open the Pineapple/Jasager/AP121U, you will need to remove the 2 rubber stoppers on the bottom of the device to reveal 2 screws. Remove the 2 screws and you should be able to wiggle it apart.<br />
<br />
<h4>
UART Adaptors</h4>
There are many USB/Serial to UART adapters out there. The author of the video below (Mr-Protocol) used the <a href="http://www.alfa.com.tw/in/front/bin/ptdetail.phtml?Part=consoleboard&Category=0">Alfa Console Board</a>. Any 3.3v capable UART adapter should work. Check the adapter specifications before buying. You can also buy a UART Adaptor from the <a href="https://hakshop.com/">Hakshop</a>.<br />
<br />
If you are not using the <a href="http://www.alfa.com.tw/in/front/bin/ptdetail.phtml?Part=consoleboard&Category=0">Alfa Console Board</a>, You only need to hook up the TX, RX, GND pins to your UART adapter. <span style="color: red;">DO NOT hook up the VDD pin to your adapter</span>.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoeTCWUqg7s6S4SE8ZWcH8-dPQpQ8S90pilxrmJ921EfWgIbkT4hOwwR0TSjVGiPoBJOa6S_Tl9-R9cG293Kw_cv_CgDADZsVvKZ9heUa78j8PsoTJBXAUbdKUqPpfSUr-w3AXTy0lVVqz/s1600/GPIO.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoeTCWUqg7s6S4SE8ZWcH8-dPQpQ8S90pilxrmJ921EfWgIbkT4hOwwR0TSjVGiPoBJOa6S_Tl9-R9cG293Kw_cv_CgDADZsVvKZ9heUa78j8PsoTJBXAUbdKUqPpfSUr-w3AXTy0lVVqz/s1600/GPIO.jpg" /></a></div>
<br />
<br />
<h4>
Hardware Used</h4>
<br />
<ul>
<li><a href="http://www.blogger.com/href=http://www.alfa.com.tw/in/front/bin/ptdetail.phtml?Part=consoleboard&Category=0">Alfa Console Board</a> Or any USB-UART 3.3v Adapter</li>
<li>Serial Cable from PC to Alfa Console Board (If you are using a serial port on PC and the Alfa Console Board)</li>
<li>Ethernet Cable</li>
<li>AC Power Adapter</li>
<li>WiFi Pineapple (<a href="http://www.blogger.com/href=http://www.alfa.com.tw/in/front/bin/ptdetail.phtml?Part=AP121U&Category=0">AP121U</a>)(<a href="http://www.blogger.com/href=http://www.alfa.com.tw/in/front/bin/ptdetail.phtml?Part=Hornet_UB&Category=0">Hornet-UB PCB</a>) </li>
</ul>
<br />
<h4>
For non-Alfa Console Board hookup</h4>
UART RX Pin —– Hornet TX Pin<br />
UART TX Pin —– Hornet RX Pin<br />
UART GND Pin —– Hornet GND Pin<br />
(Take note of the cross between RX-TX)<br />
<span style="color: red;">DO NOT plug in the voltage pin.</span><br />
<br />
***Depending on how the UART manufacturer labeled TX and RX, you may need to swap them if you don't see data in your terminal session.***<br />
<h4>
Software Tools (Windows)</h4>
<br />
<ul>
<li><a href="http://tftpd32.jounin.net/tftpd32_download.html">tftpd32</a></li>
<li><a href="http://winscp.net/eng/download.php">WinSCP</a></li>
<li><a href="http://www.chiark.greenend.org.uk/~sgtatham/putty/">PuTTY</a> or your favorite serial terminal.</li>
<li><a href="https://www.wifipineapple.com/mk4/factoryFiles.tar">Hornet-UB Factory Firmware (Files)</a></li>
<li><a href="https://wifipineapple.com/?downloads&version=mk4">Latest Mark IV Firmware</a></li>
</ul>
<h4>
Software Tools (Linux/*buntu)</h4>
<br />
<ul>
<li><a href="http://code.google.com/p/tftpgui/downloads/list">tftpgui</a> - Simple tftp server. Make sure you have the correct Python dependencies installed for the one you download. Read the readme file to understand how to use it. Extract tftpgui, then extract factoryFiles.tar to the tftpgui/tftproot/ directory. sudo python tftpgui –nogui</li>
<li><a href="http://linux.die.net/man/1/scp">scp</a></li>
<li><a href="https://help.ubuntu.com/community/Minicom">Minicom</a> or your favorite serial terminal. Read the man page for setting baud and other options. sudo minicom -w -s</li>
<li><a href="https://www.wifipineapple.com/mk4/factoryFiles.tar">Hornet-UB Factory Firmware (Files)</a></li>
<li><a href="https://wifipineapple.com/?downloads&version=mk4">Latest Mark IV Firmware</a></li>
</ul>
<h2>
Instructions</h2>
<h4>
Setup</h4>
<br />
<ul>
<li>Download <a href="https://www.wifipineapple.com/mk4/factoryFiles.tar">Hornet-UB Factory Firmware (Files)</a></li>
<li>Extract the factory files and set up a tftp server (tftpgui, tftpd32, etc.) that points to the files.</li>
<li>Setup your computer to allow scp. For Windows: WinSCP</li>
<li>Connect to your pineapple through serial. Serial Settings: 115200 baud, 8 data bits, no parity, 1 stop bit, no flow control.</li>
<li>Connect via the pineapples PoE/LAN port (the one closest to the power plug) with your computer's IP set to 192.168.2.11</li>
</ul>
<h4>
Apply Power and Configure</h4>
When the bootmenu shows up, Press '1'<br />
<br />
Execute these commands :<br />
<blockquote class="tr_bq">
setenv bootargs "board=ALFA console=ttyATH0,115200 rootfstype=squashfs,jffs2 noinitrd"<br />
saveenv<br />
tftp 0x80600000 kernel.bin<br />
erase 0x9f650000 +0x190000<br />
cp.b 0x80600000 0x9f650000 d695a<br />
tftp 0x80600000 rootfs.bin<br />
erase 0x9f050000 +0x600000<br />
cp.b 0x80600000 0x9f050000 23d004<br />
bootm 0x9f650000<br />
reboot</blockquote>
<br />
If you see kernel panics, start over.<br />
Wait for the pineapple to boot then hit enter, you will drop into the OpenWRT Shell.<br />
<br />
<h4>
Change the root password and start the SSH server</h4>
Change the root password<br />
<blockquote class="tr_bq">
passwd</blockquote>
<h4>
Start the SSH server</h4>
<blockquote class="tr_bq">
/etc/init.d/dropbear start</blockquote>
<h4>
Installing Firmware</h4>
scp over the firmware to /tmp/<br />
<blockquote class="tr_bq">
scp upgrade.bin root@172.16.42.1:/tmp/</blockquote>
and perform the upgrade.<br />
<blockquote class="tr_bq">
sysupgrade -n -v /tmp/upgrade.bin</blockquote>
<br />
At this point, the Jasager firmware is being installed. When it's finished and you have a command prompt:<br />
<blockquote class="tr_bq">
reboot</blockquote>
<h4>
Post-Installation</h4>
Enjoy your new pineapple!, Learn all about it by reading the manual and visit the <a href="https://forums.hak5.org/">forums</a> to use your pineapple.<br />
<br />
<h4>
Clean Flash Videos</h4>
Windows Clean Flash Video by Mr-Protocol :<br />
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen='allowfullscreen' webkitallowfullscreen='webkitallowfullscreen' mozallowfullscreen='mozallowfullscreen' width='320' height='266' src='https://www.youtube.com/embed/i58XOF4Rfc4?feature=player_embedded' frameborder='0'></iframe></div>
(YouTube link: <a href="http://www.youtube.com/watch?v=i58XOF4Rfc4">http://www.youtube.com/watch?v=i58XOF4Rfc4</a>)Mr-Protocolhttp://www.blogger.com/profile/00800626757082803903noreply@blogger.com0tag:blogger.com,1999:blog-3116974663388696971.post-28350191328259318512012-10-01T18:59:00.001-04:002022-03-01T19:25:40.829-05:00DerbyCon 2012Just wanted to throw out there a big thanks to everyone I spoke to at DerbyCon. It was a great experience and can't wait until next year!Mr-Protocolhttp://www.blogger.com/profile/00800626757082803903noreply@blogger.com0tag:blogger.com,1999:blog-3116974663388696971.post-70921436289959590342012-08-08T02:46:00.002-04:002022-03-01T19:25:54.397-05:00First PostJust getting setup. Stay tuned!Mr-Protocolhttp://www.blogger.com/profile/00800626757082803903noreply@blogger.com