Sunday, April 10, 2011

Wifon 2.0

Wifon is back! Smaller and better!

Here's an upgraded version of my "Handheld Fonera pentesting device".
This time I was working alone, so I don't have anyone to blame for the outcome. :P
Wifon 2.0

New features:
- Color 320x240 LCD screen with touch panel
- Fast STM32 microcontroller for a more advanced user interface
- Smaller custom case - 150 mm x 100 mm x 28 mm
- External battery pack


Hardware:

Case opened
This time the construction is much simpler, with almost no custom parts.
I'm still using the La Fonera router, but this time with a much better screen and uC - the MINI-STM32 devkit I've posted about earlier.
There are no buttons, everything is controlled by the touch panel.

The screen and micro are powered from the 3.3V supplied by the fonera's linear voltage regulator.
This isn't very efficient, but makes the construction much simpler - all you have to do is connect the UART and power pins from the fonera to the micro.
Everything is powered through the fonera's power socket - accepting 5V nominally.
I built a lithium battery pack supplying 5V  using a 4xAA holder and a switching voltage regulator from wifon 1, it can be attached to the back of the device to make it portable.

Battery pack inside
I've tried adding an SD card to the fonera for additional storage (http://deve.loping.net/files/fon_mmc/), but it's too slow to be of any use.

Software:

The firmware on the microcontroller uses ChibiOS/RT real time operating system, which allows for multitasking and made the whole project a lot easier.
The user interface is controlled entirely by the uC, which makes it much more responsive - it's not slowed down by apps running on the router.

Just like in wifon 1, a set of Ruby/shell scrpits for communicating with the display run on the fonera's serial terminal, but I had to write them from scratch because of the different approach to the user interface.

I'm using the Jasager firmware for the fonera (http://www.digininja.org/jasager/index.php) to be able to demonstrate the Karma attack.

So far I've only managed to implement some simple apps demonstrating that the device works - displaying wifi status and a couple of attacks using mdk3. Doing everything alone is harder than I thought! :P
I hope to add more software in the future.

Main screen with a graph displaying WiFi interface usage
Unfortunately, hardware limits of the fonera are showing - running too many apps at once makes the device run out of RAM and restart. I have to consider doing the RAM upgrade mod...


Sources:
https://sites.google.com/site/emeryth/files/wifon2_source.zip

9 comments:

  1. Very impressive! Do you think to use mikrotik? Have more ram.

    ReplyDelete
  2. hi Andrzej,

    Awesome project. I love incorporating wifi routers into things - they do so much of the hard (and expensive) work!

    Any chance you're releasing source and schematics for this? I'd love to build one!

    Thanks, Laurence

    ReplyDelete
  3. Maybe you should show your prototipe to some infosec companies. I would offer 1200-1800€

    ReplyDelete
  4. You should take that to Defcon

    ReplyDelete
  5. What LCD module are you using?

    Thanks,
    -Michael

    ReplyDelete
  6. @stanty
    There is no schematic because it's very simple, just connect two UART lines between the router and microcontroller.
    I'm using a pre-made board, so the LCD was already connected and I had example code for using it.

    @swyphcosmo
    The LCD came bundled with the uC board I bought here:
    http://stores.ebay.com/PowerMCU-Electronics

    But you can find similar LCD modules (without the uC) all over eBay, for example here:
    http://stores.ebay.com/Ego-China-Electronics

    ReplyDelete
  7. HostileWRT runs fine on the Fonera2+ with 32MB of RAM, but aircrack has some problems (mallocs too much, was designed for fatty x86 machines), so it might need some tuning to work in 16M of RAM:

    http://hsf.wikidot.com/hostilewrt

    ReplyDelete
  8. Andrzej hi,
    1th of all i want to say you are my hero...
    a lot of time i searched how it is possible to connect an interface to a fonera
    so good job man you are rule!

    2nd, i got an uC board exactly like yours (STM32F103RBT6) but i don't know how to program it with out "PROGRAMER (hardware)...
    can you please help me a little bit?

    you can find me in:
    Gmail - tzionlevy@gmail.com
    facebook- tzionlevy@gmail.com

    or in your blog, from time to time...

    thanks

    ReplyDelete
  9. Hi
    I want to convert lcd signals to rca(s-video).How can i do this?Any idea?

    ReplyDelete