Skip to content

New WiFi Pineapple; From Britain with Love!

by on October 13, 2013

Pineapple_MK5

Introduction

Since approximately around the time of our posting Blue for the Pineapple (6 months ago). Hak5 Pineapple Team have disappeared underground to produce the new Mark 5 Pineapple. A customised board that is cheaper to produce and more easily affordable.

The Mark 5 has 2x WiFi cards (Atheros 9331 & RTL8187 (famously known as an Alfa)), with SMA connectors. Twice the RAM & ROM (16MB & 64MB), with the addition of a micro-SDcard slot for logging capability (Hak5 Team announced a 2GB sdcard will be included). The custom board also gives access to a 5-pin DIP switch, 2-preprogrammed with automated attacks, 3-user-configurable. The last differences with the last Pineapple are an accessible JTAG/I2S port for hardware customisation, 1x ethernet port and 1x USB port; boast compatitbility with over 300 3G/4G modems and USB drives.  The hardware is even FCC and CE certified (without which, the device could not be sold in the USA and Europe).

The new Pineapple will continue to use the Version-3.0+ web-interface, and apparently support mesh-networking. Have python, ruby, PHP and other languages working out of the box; making way for the use of frameworks such as Metasploit.

The Hak5 Team announced that they will release 2x APIs (1x Software Development & 1x Hardware Development).  So the community can hack this baby with ease.  So we can look forward to more modules, and possibly the addition of some innovative hardware hacks.

Price ($USD)

  • The standard Mk 5 = $99.99
  • The Travel Pack = +$49.99
  • The Elite (Pelican case) = +$99.99

Estimated Postage costs (USD)

  • UK $48 + approx.
  • Germany, Netherlands, Italy $47
  • France $45
  • Spain, Switzerlan, Sweden, Norway $39

Approximate Custom & Handling Charge

Reports Vary:

  • UK £23-29(GBP) UPS Custom & Handling Charge

So depending where your from your still looking at $150 (rounding up) approx. £100+ in the UK including custom charges.  This is an improvement over the Mark 4, which originally cost this much alone before postage & custom charges. 🙂

Purchase Online

http://hakshop.myshopify.com/collections/wifi-pineapple

Media

For Those that Missed the Release Event: https://wifipineapple.com

Contrary to Belief

We are massive supporters of Hak5 and their products (Pineapple, Ducky, Ubertooth, Throwing Star LanTap), we recommend you buy them. Their build quality is professional and Technical support is available through an online Forum, Twitter, IRC and Hackerspaces. Do not forget that Educational and Military Organisations get discounts! Everyone else…. you can always learn something by trying to make your own? You may even create some interesting plugins/modules that could be fed back into the community! Feed your Technolust 🙂

If you were at the party and Failed at drinking the Boot…..

Here is a handy tip:

http://www.beerfestboots.com/how-to-drink-from-a-beer-boot/info_26.html

😉

Specification

  • CPU: 400 MHz MIPS Atheros AR9331 version 1 SoC
  • http://www.eeboard.com/wp-content/uploads/downloads/2013/08/AR9331.pdf
  • Memory: 16 MB ROM (w25q128 (16384 Kbytes)), 64 MB DDR2 RAM
  • Disk: Micro SD support up to 32 GB, FAT or EXT, 2 GB Included
  • Mode Select: 5 DIP Switches – 2 System, 3 User configurable
  • Wireless: Atheros AR9331 IEEE 802.11 b/g/n + Realtek RTL8187 IEEE 802.11 a/b/g
  • Ports: (2) SMA Antenna, 10/100 Ethernet, USB 2.0, Micro SD, TTL Serial, Expansion Bus
  • Power: DC in Variable 5-12v, ~1A, 5.5mm*2.1mm connector, International Power Supply
  • Status Indicators: Power LED, Ethernet LED, Wireless 1 LED, Wireless 2 LED
  • JTAG (Tags are on reverse of board)(IO6=TDI, IO7=TDO,IO8=TMS)

JTAG/I2S

   | Power Connector|   | USB |  |Ethernet|
OuterTop------------------Inner------------
3.3v | 3.3v                             
GND  | GND                                
IO26 | IO6                                   
IO7  | IO8                                
IO21 | IO22                                
IO18 | IO19                                
IO20 | GND                                  
OuterBot-------------------Inner------------

TTL Serial

Assuming sparkfun version of the buspirate cable:

  • Black=GND (far left)
  • Orange=MOSI(TX) onto RX 2nd from left
  • Brown=MISO(RX) onto TX 3rd from left
  • Do NOT connect the 3.3v!!!!!!!

Buspirate config

  • 115200,8,NONE,1
  • Flow Control:None

Buspirate terminal

HiZ>M <<< bus mode menu
1. HiZ
2. 1-WIRE
3. UART
4. I2C
5. SPI
6. JTAG
7. RAW2WIRE
8. RAW3WIRE
9. PC KEYBOARD
10. MIDI
11. LCD
(1)>3
Set serial port speed: (bps)   
1. 300 
2. 1200 
3. 2400 
4. 4800 
5. 9600            
6. 19200 
7. 38400 
8. 57600 
9. 115200 
10. BRG raw value 
(1)>9      
Data bits and parity: 
1. 8, NONE *default 
2. 8, EVEN 
3. 8, ODD 
4. 9, NONE 
(1)>
Stop bits: 
1. 1 *default 
2. 2 
(1)>             
Receive polarity: 
1. Idle 1 *default 
2. Idle 0 (1)>           
Select output type: 
1. Open drain (H=Hi-Z, L=GND) 
2. Normal (H=3.3V, L=GND) 
(1)>2      
UART>P          
Pull-Up Resistors On
UART>(1) 

To receive a transparent bridge!

Dmesg

[ 0.000000] CPU revision is: 00019374 (MIPS 24Kc) 
[ 0.000000] SoC: Atheros AR9330 rev 1 
[ 0.000000] Clocks: CPU:400.000MHz, DDR:400.000MHz, AHB:200.000MHz, Ref:25.000MHz 
[ 0.000000] Determined physical RAM map: 
[ 0.000000] memory: 04000000 @ 00000000 (usable) 
[ 0.000000] Initrd not found or empty - disabling initrd 
[ 0.000000] Zone PFN ranges: 
[ 0.000000] Normal 0x00000000 -> 0x00004000 
[ 0.000000] Movable zone start PFN for each node 
[ 0.000000] Early memory PFN ranges 
[ 0.000000] 0: 0x00000000 -> 0x00004000 
[ 0.000000] On node 0 totalpages: 16384 
[ 0.000000] free_area_init_node: node 0, pgdat 802d8470, node_mem_map 81000000 
[ 0.000000] Normal zone: 128 pages used for memmap 
[ 0.000000] Normal zone: 0 pages reserved 
[ 0.000000] Normal zone: 16256 pages, LIFO batch:3 
[ 0.000000] pcpu-alloc: s0 r0 d32768 u32768 alloc=1*32768 
[ 0.000000] pcpu-alloc: [0] 0 
[ 0.000000] Built 1 zonelists in Zone order, mobility grouping on. Total pages: 16256 
[ 0.000000] Kernel command line: board=MK5 console=ttyATH0,115200 rootfstype=squashfs,jffs2 noinitrd [ 0.000000] PID hash table entries: 256 (order: -2, 1024 bytes) 
[ 0.000000] Dentry cache hash table entries: 8192 (order: 3, 32768 bytes) 
[ 0.000000] Inode-cache hash table entries: 4096 (order: 2, 16384 bytes) 
[ 0.000000] Primary instruction cache 64kB, VIPT, 4-way, linesize 32 bytes. 
[ 0.000000] Primary data cache 32kB, 4-way, VIPT, cache aliases, linesize 32 bytes 
[ 0.000000] Writing ErrCtl register=00000000 
[ 0.000000] Readback ErrCtl register=00000000 
[ 0.000000] Memory: 61596k/65536k available (2124k kernel code, 3940k reserved, 405k data, 208k init, 0k highmem) 
[ 0.000000] SLUB: Genslabs=9, HWalign=32, Order=0-3, MinObjects=0, CPUs=1, Nodes=1 
[ 0.000000] NR_IRQS:51 [ 0.000000] Calibrating delay loop... 265.42 BogoMIPS (lpj=1327104) 
[ 0.080000] pid_max: default: 32768 minimum: 301 
[ 0.080000] Mount-cache hash table entries: 512 
[ 0.090000] NET: Registered protocol family 16 
[ 0.090000] gpiochip_add: registered GPIOs 29 on device: ath79 
[ 0.100000] MIPS: machine is MK5 V1.0 
[ 0.350000] bio: create slab at 0 
[ 0.360000] Switching to clocksource MIPS 
[ 0.360000] NET: Registered protocol family 2 
[ 0.370000] IP route cache hash table entries: 1024 (order: 0, 4096 bytes) 
[ 0.370000] TCP established hash table entries: 2048 (order: 2, 16384 bytes) 
[ 0.380000] TCP bind hash table entries: 2048 (order: 1, 8192 bytes) 
[ 0.380000] TCP: Hash tables configured (established 2048 bind 2048) 
[ 0.390000] TCP reno registered 
[ 0.390000] UDP hash table entries: 256 (order: 0,6 bytes) 
[ 0.400000] UDP-Lite hash table entries: 256 (order: 0, 4096 bytes) 
[ 0.400000] NET: Registered protocol family 1 
[ 0.410000] PCI: CLS 0 bytes, default 32 
[ 0.430000] squashfs: version 4.0 (2009/01/31) Phillip Lougher 
[ 0.430000] JFFS2 version 2.2 (NAND) (SUMMARY) (LZMA) (RTIME) (CMODE_PRIORITY) (c) 2001-2006 Red Hat, Inc. 
[ 0.440000] msgmni has been set to 120 
[ 0.440000] io scheduler noop registered 
[ 0.450000] io scheduler deadline registered (default) 
[ 0.450000] Serial: 8250/16550 driver, 1 ports, IRQ sharing disabled 
[ 0.460000] ar933x-uattyATH0 at MMIO 0x18020000 (irq = 11) is a AR933X UART 
[ 0.460000] console [ttyATH0] enabled, bootconsole disabled 
[ 0.480000] m25p80 spi0.0: found w25q128, expected m25p80 
[ 0.480000] m25p80 spi0.0: w25q128 (16384 Kbytes) 
[ 0.490000] 5 tp-link partitions found on MTD device spi0.0 
[ 0.490000] Creating 5 MTD partitions on "spi0.0": 
[ 0.500000] 0x000000000000-0x000000020000 : "u-boot" 
[ 0.510000] 0x000000020000-0x000000102744 : "kernel" 
[ 0.510000] mtd: partition "kernel" must either start or end on erase block boundary or be smaller than an erase block -- forcinad-only 
[ 0.520000] 0x000000102744-0x000000ff0000 : "rootfs" 
[ 0.530000] mtd: partition "rootfs" must either start or end on erase block boundary or be smaller than an erase block -- forcing read-only 
[ 0.540000] mtd: partition "rootfs" set to be root filesystem 
[ 0.550000] mtd: partition "rootfs_data" created automatically, ofs=BB0000, len=440000 
[ 0.550000] 0x000000bb0000-0x000000ff0000 : "rootfs_data" 
[ 0.560000] 0x000000ff0000-0x000001000000 : "art" 
[ 0.570000] 0x000000020000-0x000000ff0000 : "firmware" 
[ 0.590000] ag71xx_mdio: probed [ 0.590000] eth0: Atheros xx at 0xb9000000, irq 4 
[ 1.150000] ag71xx ag71xx.0: eth0: connected to PHY at ag71xx-mdio.1:04 [uid=004dd041, driver=Generic PHY] 
[ 1.160000] TCP cubic registered 
[ 1.160000] NET: Registered protocol family 17 
[ 1.160000] Bridge firewalling registered 
[ 1.170000] 8021q: 802.1Q VLAN Support v1.8 
[ 1.180000] VFS: Mounted root (squashfs filesystem) readonly on device 31:2. 
[ 1.180000] Freeing unused kernel memory: 208k freed 
[ 3.640000] Registered led device: mk5:red:wlan1 
[ 3.640000] Registered led device: mk5:blue:wlan0 
[ 3.640000] Registered led device: mk5:amban 
[ 6.980000] JFFS2 notice: (422) jffs2_build_xattr_subsystem: complete building xattr subsystem, 1 of xdatum (1 unchecked, 0 orphan) and 20 of xref (0 dead, 0 orphan) found. 
[ 7.990000] SCSI subsystem initialized 
[ 8.290000] usbcore: registered new interface driver usbfs 
[ 8.290000] usbcore: registered new interface driver hub 
[ 8.300000] usbcore: registered new device driver usb 
[ 8.860000] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver 
[ 8.860000] ehci-platform ehci-platform: Generic Platform EHCI Controller 
[ 8.870000] ehci-platform ehci-platform: new USB registered, assigned bus number 1 
[ 8.910000] ehci-platform ehci-platform: irq 3, io mem 0x1b000000
[ 8.930000] ehci-platform ehci-platform: USB 2.0 started, EHCI 1.00 
[ 8.930000] hub 1-0:1.0: USB hub found 
[ 8.930000] hub 1-0:1.0: 1 port detected 
[ 9.060000] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver 
[ 9.180000] uhci_hcd: USB Universal Host Controller Interface driver 
[ 9.300000] Initializing USB Mass Storage driver... 
[ 9.300000] usbcore: registered new interface driver usb-storage 
[ 9.310000] USB Mass Storage support registered. 
[ 9.410000] us1: new high-speed USB device number 2 using ehci-platform 
[ 9.560000] hub 1-1:1.0: USB hub found 
[ 9.560000] hub 1-1:1.0: 4 ports detected 
[ 9.840000] usb 1-1.1: new high-speed USB device number 3 using ehci-platform 
[ 10.060000] usb 1-1.4: new high-speed USB device number 4 using ehci-platform 
[ 10.190000] scsi0 : usb-storage 1-1.4:1.0 
[ 11.190000] scsi 0:0:0:0: Direct-Access Multi Flash Reader 1.00 PQ: 0 ANSI: 0 
[ 11.810000] sd 0:0:0:0: [sda] 3686400 512-byte logical blocks: (1.88 GB/1.75 GiB) 
[ 11.820000] sd 0:0:0:0: [sda] Write Protect is off 
[ 11.830000] sd 0:0:0:0: [sda] Mode Sense: 03 00 00 00 
[ 11.830000] sd 0:0:0:0: [sda] No Caching mode page present 
[ 11.830000] sd 0:0:0:0: [sda] Assuming drive cache: write through 
[ 11.840000] sd 0:0:0:0: [sda] No Caching mode page present 
[ 11.850000] sd 0:0:0:0: [sda] Assuming drive cache: write through 
[ 11.850000] sda: sda1 
[ 11.850000] sda: p1 size 3686398 extends beyond EOD, enabling native capacity 
[ 11.860000] sd 0:0:0:0: [sda] No Caching mode page present 
[ 11.870000] sd 0:0:0:0: [sda] Assuming drive cache: write through 
[ 11.880000] sda: sda1 
[ 11.880000] sda: p1 size6398 extends beyond EOD, truncated 
[ 11.890000] sd 0:0:0:0: [sda] No Caching mode page present 
[ 11.890000] sd 0:0:0:0: [sda] Assuming drive cache: write through 
[ 11.900000] sd 0:0:0:0: [sda] Attached SCSI removable disk 
[ 31.020000] Loading modules backported from Linux version master-2013-06-27-0-gdcfa6d5 
[ 31.020000] Backport generated by backports.git backports-20130617-4-ge3220f5 
[ 31.140000] cfg80211: Calling CRDA to update world regulatory domain 
[ 31.140000] cfg80211: World regulatory domain updated: 
[ 31.150000] cfg80211: (start_freq - end_freq @ bandwidth), (max_nna_gain, max_eirp) 
[ 31.150000] cfg80211: (2402000 KHz - 2472000 KHz @ 40000 KHz), (300 mBi, 2000 mBm) 
[ 31.160000] cfg80211: (2457000 KHz - 2482000 KHz @ 20000 KHz), (300 mBi, 2000 mBm) 
[ 31.170000] cfg80211: (2474000 KHz - 2494000 KHz @ 20000 KHz), (300 mBi, 2000 mBm) 
[ 31.180000] cfg80211: (5170000 KHz - 5250000 KHz @ 40000 KHz), (300 mBi, 2000 mBm) 
[ 31.180000] cfg80211: (5735000 KHz - 5835000 KHz @ 40000 KHz), (300 mBi, 2000 mBm) 
[ 32.810000] usbcore: registered new interface driver rt73usb 
[ 32.870000] ath: EEPROM regdomain: 0x0 
[ 32.870000] ath: EEPROM indicatefault country code should be used 
[ 32.870000] ath: doing EEPROM country->regdmn map search 
[ 32.870000] ath: country maps to regdmn code: 0x3a 
[ 32.870000] ath: Country alpha2 being used: US 
[ 32.870000] ath: Regpair used: 0x3a 
[ 32.870000] ieee80211 phy0: Selected rate control algorithm 'minstrel_ht' 
[ 32.880000] Registered led device: ath9k-phy0 
[ 32.880000] ieee80211 phy0: Atheros AR9330 Rev:1 mem=0xb8100000, irq=2 
[ 32.880000] cfg80211: Calling CRDA for country: US 
[ 32.890000] cfg80211: Regulatory domain changed to country: US 
[ 32.890000] cfg80211: (start_freqnd_freq @ bandwidth), (max_antenna_gain, max_eirp) 
[ 32.900000] cfg80211: (2402000 KHz - 2472000 KHz @ 40000 KHz), (300 mBi, 2700 mBm) 
[ 32.910000] cfg80211: (5170000 KHz - 5250000 KHz @ 40000 KHz), (300 mBi, 1700 mBm) 
[ 32.920000] cfg80211: (5250000 KHz - 5330000 KHz @ 40000 KHz), (300 mBi, 2000 mBm) 
[ 32.920000] cfg80211: (5490000 KHz - 5600000 KHz @ 40000 KHz), (300 mBi, 2000 mBm) 
[ 32.930000] cfg80211: (5650000 KHz - 5710000 KHz @ 40000 KHz), (300 mBi, 2000 mBm) 
[ 32.940000] cfg80211: (5735000 KHz - 5835000 KHz @ 40000 KHz), (300 mBi, 3000 mBm) 
[ 32.970000] usb: registered new interface driver rt2800usb 
[ 33.430000] ieee80211 phy1: Selected rate control algorithm 'minstrel_ht' 
[ 33.430000] ieee80211 phy1: hwaddr 00:13:37:81:44:35, RTL8187vB (default) V1 + rtl8225z2, rfkill mask 2 
[ 33.460000] rtl8187: Customer ID is 0x46 
[ 33.460000] Registered led device: rtl8187-phy1::radio 
[ 33.460000] Registered led device: rtl8187-phy1::tx 
[ 33.460000] Registered led device: rtl8187-phy1::rx 
[ 33.470000] rtl8187: wireless switch is on 
[ 33.470000] usbcore: registered new interface driver rtl8187 
[ 33.490000] Button Hotplug driver versi.4.1 
[ 33.720000] RPC: Registered named UNIX socket transport module. 
[ 33.720000] RPC: Registered udp transport module. 
[ 33.730000] RPC: Registered tcp transport module. 
[ 33.730000] RPC: Registered tcp NFSv4.1 backchannel transport module. 
[ 34.000000] PPP generic driver version 2.4.2 
[ 34.030000] tun: Universal TUN/TAP device driver, 1.6 
[ 34.040000] tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com> 
[ 34.310000] ip_tables: (C) 2000-2006 Netfilter Core Team 
[ 34.560000] NET: Registered protocol family 24 
[ 34.710000] nf_conntrack version 0.5.0 (965 buckets, 386x) 
[ 35.470000] xt_time: kernel timezone is -0000 
[ 36.100000] usbcore: registered new interface driver ath9k_htc 
[ 36.360000] usbcore: registered new interface driver usbserial 
[ 36.370000] USB Serial support registered for generic 
[ 36.370000] usbcore: registered new interface driver usbserial_generic 
[ 36.380000] usbserial: USB Serial Driver core 
[ 36.530000] usbcore: registered new interface driver asix 
[ 36.660000] usbcore: registered new interface driver cdc_ether 
[ 36.780000] Error: Driver 'gpio-keys-polled' is already registered, aborting... 
[ 36.890000] usbcore: rtered new interface driver rndis_host 
[ 37.020000] sd 0:0:0:0: Attached scsi generic sg0 type 0 
[ 40.320000] EXT4-fs (sda1): couldn't mount as ext3 due to feature incompatibilities 
[ 40.340000] EXT4-fs (sda1): couldn't mount as ext2 due to feature incompatibilities 
[ 40.450000] EXT4-fs (sda1): recovery complete 
[ 40.450000] EXT4-fs (sda1): mounted filesystem with ordered data mode. Opts: (null) 
[ 41.700000] usbcore: deregistering interface driver usbserial_generic 
[ 41.710000] USB Serial deregistering driver generic 
[ 41.710000] usbcore: deregistering interface driver usbsl 
[ 41.770000] usbcore: registered new interface driver usbserial 
[ 41.770000] USB Serial support registered for generic 
[ 41.780000] usbcore: registered new interface driver usbserial_generic 
[ 41.780000] usbserial: USB Serial Driver core 
[ 42.730000] usbcore: deregistering interface driver usbserial_generic 
[ 42.740000] USB Serial deregistering driver generic 
[ 42.740000] usbcore: deregistering interface driver usbserial 
[ 42.790000] usbcore: registered new interface driver usbserial 
[ 42.790000] USB Serial support registered for generic 
[ 42.800000] usbcore: registerew interface driver usbserial_generic 
[ 42.800000] usbserial: USB Serial Driver core 
[ 43.520000] usbcore: deregistering interface driver usbserial_generic 
[ 43.530000] USB Serial deregistering driver generic 
[ 43.530000] usbcore: deregistering interface driver usbserial 
[ 43.580000] usbcore: registered new interface driver usbserial 
[ 43.580000] USB Serial support registered for generic 
[ 43.590000] usbcore: registered new interface driver usbserial_generic 
[ 43.590000] usbserial: USB Serial Driver core 
[ 43.930000] USB Serial deregistering driver genericver usbserial_generic 
[ 43.940000] usbcore: deregistering interface driver usbserial 
[ 43.990000] usbcore: registered new interface driver usbserial 
[ 43.990000] USB Serial support registered for generic 
[ 44.000000] usbcore: registered new interface driver usbserial_generic 
[ 44.000000] usbserial: USB Serial Driver core 
[ 44.820000] device eth0 entered promiscuous mode 
[ 49.910000] device wlan0 entered promiscuous mode 
[ 49.970000] br-lan: port 2(wlan0) entered forwarding state 
[ 49.980000] br-lan: port 2(wlan0) entered forwarding state 
[ 49.980000] br-lan: port 2(wlan0) entered forwarding state

Pictures

Bottom:
MKV_board_bottom
Top:
MKV_board_top
Top Zoom:
MKV_board_top_zoom

2 Comments
  1. I absolutely love your blog and find the majority of
    your post’s to be precisely what I’m looking for. Do you offer guest writers to
    write content to suit your needs? I wouldn’t mind creating
    a post or elaborating on a lot of the subjects you write with regards
    to here. Again, awesome web site!

    • dusty permalink

      Hello,

      Thank you for your comments. We don’t do this but we can accommodate it, should you still want to write some posts.

      If you do, please drop me an direct email (Mike (dot) Evans (at) pentura (dot) com).

      Thanks,

      Mike

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: