Results 1 to 9 of 9
Discuss Kismet on iPhone? Wifi Boost? at the Free Toolchain Software (Cydia App's) - Hackint0sh.org; Here's a different thread than all the moaning about when the phone will be SIM ...
  1. #1
    Senior Professional Array cyberface's Avatar

    Join Date
    Jul 2007
    Posts
    139
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    13

    Exclamation Kismet on iPhone? Wifi Boost?

    Here's a different thread than all the moaning about when the phone will be SIM unlocked. Here in the UK there *are* Wifi hotspots but most are locked down. Too many people in London live in apartment blocks and people have wised up to their neighbours stealing their bandwidth

    So... going back a good few years, I owned a Sharp Zaurus SL-5000D developer test device and put a Prism2 802.11b compact-flash card in it. It ran Linux, and after a lot of hacking about I managed to get Kismet running in a ncurses terminal window, which was very useful for getting WEP passwords etc. Obviously enterprise WPA2 isn't feasible but many people choose the minimum.

    Now I've got full shell on my iPhone and a full bin-kit - the phone works well and I have the UIKit mobileterminal.

    Anyone know enough about the 802.11 hardware in the iPhone to know whether Kismet would stand a chance of running? I have the ARM binary for the Zaurus (which also used an ARM main CPU) but IIRC the iPhone uses some bizarre integrated Marvell RF jobbie that may not allow promiscuous mode etc. for network scanning.

    This would make a damn good app for the iPhone. Anyone this it's impossible and not worth trying (and can give a damn good reason why!) or should I ask the dev team?



  2. #2
    Professional Array

    Join Date
    Jul 2007
    Posts
    91
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    11

    Default

    I thought about it too. That would be a kick-ass application!

  3. #3
    Senior Professional Array

    Join Date
    Jul 2007
    Posts
    141
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    14

    Default

    Do I understand well that this Kismet app gives access to locked WiFi networks?

    R o n

  4. #4
    Senior Professional Array

    Join Date
    Jul 2007
    Location
    Faroe Islands
    Posts
    192
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    16

    Default

    Well it's a software, which hacks the network to give you access.
    Petemag - Running on a 15" MacBook Pro 2.5 GHz and an 8GB iPhone SW unlocked - SW unlocked 45 iPhones and HW unlocked 2 iPhone

  5. #5
    Senior Professional Array

    Join Date
    Aug 2007
    Posts
    227
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    18

    Default

    Well there is always Kismac, which is a mac version of kismet, however there may be some issues with the wireless chipset that the iphone uses...

    ...also the kismac developer has stopped working on the project.

    However I might take a look at the code and see if a port is feasible, but I really wouldnt hold your breath...


    MR


  6. #6
    Senior Professional Array cyberface's Avatar

    Join Date
    Jul 2007
    Posts
    139
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    13

    Default

    Forget Kismac. That'd require a full GUI app build and necessary resources to port from full OS X UIKit to the restricted stuff on the iPhone.

    I was thinking more the ncurses-only text version of kismet. Now the MobileTerminal devs have an active defect (#10) on their bugtracker to get vt100 terminal emulation working so ncurses apps such as pico, top, nano etc. can work. Once this is in place, the text-only kismet will have what it needs to compile on the iPhone toolchain.

    The only issue will be whether the Wifi device is accessible in a similar way to 'regular' wifi implementations on BSD. For the original Airport cards, a driver was written to allow this. The Broadcom Airport Extreme cards didn't originally work for rfmon because the source wasn't available and Broadcom wouldn't let any spec out. This was rumoured to be because the chip was almost software-radio and could be hacked to do 'dangerous' things (i.e. illegal frequency jamming etc.)

    Anyone know anything about the Marvell chipset? If this radio chipset does everything from GSM to Wifi then it is likely to be another one of these locked-down situations.

    Basically with vt100 term emulation, I don't see why kismet wouldn't work on the iPhone - unless the wifi device can't be put into rfmon mode. This would be the stopper.

  7. #7
    Senior Professional Array

    Join Date
    Aug 2007
    Posts
    227
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    18

    Default

    Quote Originally Posted by cyberface View Post
    Forget Kismac. That'd require a full GUI app build and necessary resources to port from full OS X UIKit to the restricted stuff on the iPhone.

    I was thinking more the ncurses-only text version of kismet. Now the MobileTerminal devs have an active defect (#10) on their bugtracker to get vt100 terminal emulation working so ncurses apps such as pico, top, nano etc. can work. Once this is in place, the text-only kismet will have what it needs to compile on the iPhone toolchain.

    The only issue will be whether the Wifi device is accessible in a similar way to 'regular' wifi implementations on BSD. For the original Airport cards, a driver was written to allow this. The Broadcom Airport Extreme cards didn't originally work for rfmon because the source wasn't available and Broadcom wouldn't let any spec out. This was rumoured to be because the chip was almost software-radio and could be hacked to do 'dangerous' things (i.e. illegal frequency jamming etc.)

    Anyone know anything about the Marvell chipset? If this radio chipset does everything from GSM to Wifi then it is likely to be another one of these locked-down situations.

    Basically with vt100 term emulation, I don't see why kismet wouldn't work on the iPhone - unless the wifi device can't be put into rfmon mode. This would be the stopper.
    Phew, someone with a clue ;-)


    The fabled "is it vulnerable or is it not" Mac broadcom driver ;-)

    I am fairly sure that it is an integrated chip (that is also capable of GPS)... This I know because I live in the same village as one of the project engineers that has worked on the very chip.... (Small place called Cambridge).

    However, that doesn't mean we need that kind of control. What we need to be able to do is have enough control over the device (driver) so that we can send out beacon requests at a quicker interval and log the results.... in other words exactly what KisMAC does in active mode, rather than putting the radio into monitor mode and listening on *all* channels for SSID broacasts.

    Sure its its a noisy way to stumble for SSIDs, and not ideal, but it would be a start.

    In other words very much like PocketStumbler for Pocket PC (eugh).

    MR

  8. #8
    Senior Professional Array cyberface's Avatar

    Join Date
    Jul 2007
    Posts
    139
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    13

    Default

    Well without the WEP crack functionality, going to all the bother to write a driver to access the wifi device API (I'm assuming there aren't unix commands already on the iPhone like the Linux kits and the Viha driver stuff for the Airport v1), then trying to build kismet (both server and client since they decided on a two tier architecture which would be irrelevant for the iPhone), just to get an SSID stumbler.... sounds like a waste of time.

    The iPhone already finds wifi networks and indicates whether they're locked or not. With a bit of ingenuity i.e. seeing what length passwords are required before the 'join' button is activated, and seeing how long it takes for a bad password authentication handshake, you can guess which base stations are running WPA (longer authentication time since more crypto work done) and which are running WEP (shorter, simpler crypto). Now kismet can crack WEP so it'd give us more options if all the available wifi nets are secured but some were WEP.

    I thought it'd be possible to reuse some of the existing wifi control code from BSD or Linux, but if the device itself is a completely different class (like the Broadcom) then the bulk of the work would be reversing the driver and building an API.

    SO..... conclusion - out of league at the moment. But would be a cracking tool. Funny that my 5 year old Zaurus Linux PDA could do it no problem though

    (small place called Cambridge, eh? As in the UK... were you one of those pesky Tabs then? )
    Last edited by cyberface; 08-14-2007 at 01:08 AM.

  9. #9
    Rookie Array

    Join Date
    Sep 2007
    Posts
    29
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default Marvell chipsets are not documented

    As far as i know, the Marvell chipsets do not have open API's and using them even on well-established Linux platforms requires wrapper code to run a proprietary Windows driver (under Linux). In short, access to the required hardware functions has remained elusive.

    Kismet's auditing functions might be usful for things besides evil hacking, but I think it is likely to be very difficult to acheive.

 

 

Similar Threads

  1. Replies: 0
    Last Post: 10-10-2011, 09:50 PM
  2. Brain Boost-Refresh your mind and get a mental boost!
    By Sam11 in forum AppStore Software
    Replies: 0
    Last Post: 03-31-2010, 05:04 AM
  3. installing kismet
    By blacksafir in forum Installation
    Replies: 0
    Last Post: 12-26-2009, 03:02 AM
  4. MacNN: iPhone case with signal boost debuts
    By hackint0sh in forum Latest Headlines
    Replies: 0
    Last Post: 04-03-2008, 08:10 PM
  5. App Req: Kismet(Wellenriter) - basicly WLAN sniffer for iPhone
    By Beler@mac.com in forum Free Toolchain Software (Cydia App's)
    Replies: 5
    Last Post: 10-22-2007, 05:35 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Powered by vBulletin®
Copyright © 2014 vBulletin Solutions, Inc. All rights reserved.
Search Engine Friendly URLs by vBSEO
(c) 2006-2012 Hackint0sh.org
All times are GMT +2. The time now is 07:43 AM.
twitter, follow us!