I set out to create a drone with WiFi cracking abilities. Since drones can fly, they can minimize interference and maximize signal strength by flying directly above access points. Drones are designed to be light yet powerful. The setup I wanted to use needed to be light as to minimally affect the drones flying ability. I choose a light 1200 mAh battery from Adafruit and their PowerBoost 1000 to convert the batteries voltage to 5V at a steady 1 Amp. This was needed to power the RaspberryPi.
The Software Setup
Setting up the Pi took longer than expected. I began to follow the guide here. I was using a RaspberryPi 3 which has onboard WiFi as mentioned in the guide. Unfortunately because I wanted to utilize the tool set that comes with Kali, I had Kali installed instead of Raspian. This created some problems I’ll talk about later. To start, I installed and setup hostapd and udhcpd as follows:
sudo apt-get install hostapd udhcpd
Then I edited the config file at /etc/udhcpd.conf. I began by commenting out the lines the config file came with and adding the following at the bottom of the file.
opt subnet 255.255.255.0
opt router 192.168.42.1
opt lease 864000
Then I commented out this line in /etc/default/udhcpd
Then I setup the address and netmask the Pi’s interface needed to use in /etc/network/interfaces.
iface wlan0 inet static
Next, I setup hostapd by creating the file /etc/hostapd/hostapd.conf. The bottom three lines are crucial to the RaspberryPi and we will return to the driver option later.
ieee80211n=1 # 802.11n support
wmm_enabled=1 # QoS support
One last step; editing the #DAEMON_CONF=”” line in the /etc/default/hostapd file to read:
Finally we just start up the services and tell them to start on boot!
sudo service hostapd start
sudo service udhcpd start
sudo systemctl enable hostapd
sudo systemctl enable udhcpd
Now back to that driver issue….
Since I was running Kali Linux, after an excruciating amount of time and frustration I found the firmware for the wireless card was simply not installed. Yes I used the SPECIFIC Kali image for the Pi, and NO it didn’t come with the firmware. Inside this firmware package is the nl80211 driver. Anyways, I fixed this with a simple apt-get and a reboot.
apt-get install firmware-brcm80211
The Hardware Setup
The PowerBoost’s connectors needed to be soldered on before I could continue.
Below is a picture before the hardware was put on the drone.
After a large amount of electrical tape, we were ready for flight.
The whole system worked surprisingly well. I was able to connect to the network the Pi was making with no problems. From there I ssh’d into the Pi. The aircrack-ng suite I used to capture the 4-way WiFi handshake worked decently. From what I could tell, the Pi just didn’t have enough power to make it’s own network AND run a network card in monitor mode. It just wasn’t discovering very many networks and struggled to capture the actual handshake after many de-auth attacks. A larger battery at a higher amperage could fix this.
After some issues with udhcpd I switched to isc-dhcp-server. Much faster and more reliable address assignment.