Pi Zero W, Micro USB Cable, and USB Power Bank

Resources

To complete this project you will need a Raspberry Pi Zero W, a micro SD Card (I used a 32 GB Samsung EVO Select), a case, a micro USB cable (a sturdy one is preferable), and optionally a USB battery bank. You will also need a computer to configure the SD Card and Pi, and a mobile phone with Bluetooth to control the Pi if you’re going to be mobile. The power requirements of the Pi Zero are not significant so a small battery bank is adequate; mine is marked 5000mAh but I’m sure it’s closer to 3000.

Getting Started

Download the latest image for Raspbian Buster Lite from raspberrypi.org and flash it to the SD Card. There are many ways to do this, Etcher is a popular one. After the image is flashed, some of the config files need to be modified on the root directory of the micro SD card (Boot). Circuit Basics has a good guide for Windows, but config.txt needs “dtoverlay=dwc2” added as a new line to the end, and cmdline.txt needs “modules-load=dwc2,g_ether” added after rootwait. Also add a “ssh” file with no extension using touch or New — Text Document, and remove the .txt file extension.

You can now ssh to the pi over USB using raspberrypi.local. Connect and run raspi-config to set localization, expand the file system, and set the GPU memory. Reboot.

Basic Setup

Update Raspbian

sudo apt-get update && sudo apt-get upgrade

Install Re4son kernel for Raspberry Pi (kalipi)

wget -O re4son-kernel_current.tar.xz https://re4son-kernel.com/download/re4son-kernel-current/ tar -xJf re4son-kernel_current.tar.xz

cd re4son-kernel_4*

sudo ./install.sh

After reboot, check if you can set the WiFi interface to monitoring mode.

iw phy phy0 info

In the results we should see:

Supported interface modes: * IBSS * managed * AP * monitor * P2P-client * P2P-GO * P2P-device

Let’s setup a monitoring interface by editing rc.local

sudo nano /etc/rc.local

Add the line

sudo iw phy phy0 interface add mon0 type monitor

sudo ifconfig mon0 up

Save and exit, reboot. Type ifconfig and verify mon0 is present.

mon0 is Present

Installing Tools (Fun Stuff)

Now that we have a WiFi in monitoring mode, let’s get some fun stuff going to take advantage of that. We can start with Aircrack-ng.

curl -s https://packagecloud.io/install/repositories/aircrack-ng/release/script.deb.sh | sudo bash sudo apt-get install aircrack-ng

Test monitoring mode:

sudo airodump-ng mon0

Give injection a quick test:

sudo aireplay-ng — test mon0

Injection is working!

Aircrack-ng is successfully installed and working.

Another great tool is Bettercap. This will require some prereqs, but its well worth it.

Bettercap dependencies

sudo apt-get install build-essential libpcap-dev libusb-1.0 libnetfilter-queue-dev git

You will also need a correctly configure Go environment. I found a good script here that will do the job..

wget -q -O - https://git.io/vQhTU | bash

Go Successfully Installed.

After you source Go, you can then proceed with compiling Bettercap:

go get github.com/bettercap/bettercap

cd $GOPATH/src/github.com/bettercap/bettercap

make build

sudo make install

You can then update Bettercap and use the web UI or jump right in with the command line interface.

Where to Go From Here?

The options are limitless. Setup Bluetooth and pair with your phone for mobile WiFi hacking, use with a tablet and the Bettercap web UI, keep tethered via USB to your laptop if you don’t have a WiFi adaptor that supports monitoring mode. I have a bash script in my rc.local to blink the LED ten times when it boots fully, which is useful when using headless. Between Aircrack and Bettercap you can have a lot of fun, learn a lot, and for very little money.

Addendum: Bluetooth Pairing

I had trouble with the Bluetooth setup I had linked above, so I figured there was a better way. The Re4son kernel ships with BlueZ, so I looked into creating a PAN with BlueZ natively, and I was able to do that without too much trouble.

First install bluez-tools.

sudo apt-get install bluez-tools

Create the following files:

/etc/systemd/network/pan0.netdev

[NetDev]

Name=pan0

Kind=bridge

/etc/systemd/network/pan0.network

[Match]

Name=pan0 [Network]

Address=172.20.1.1/24

DHCPServer=yes

/etc/systemd/system/bt-agent.service

[Unit]

Description=Bluetooth Auth Agent [Service]

ExecStart=/usr/bin/bt-agent -c NoInputNoOutput

Type=simple [Install]

WantedBy=multi-user.target

/etc/systemd/system/bt-network.service

[Unit]

Description=Bluetooth NEP PAN

After=pan0.network [Service]

ExecStart=/usr/bin/bt-network -s nap pan0

Type=simple [Install]

WantedBy=multi-user.target

Then run the following:

sudo systemctl enable systemd-networkd

sudo systemctl enable bt-agent

sudo systemctl enable bt-network

sudo systemctl start systemd-networkd

sudo systemctl start bt-agent

sudo systemctl start bt-network

Finally, to pair, run:

sudo bt-adapter — set Discoverable 1

I had to set “Use for Internet access” to On in my phone’s Bluetooth settings, and disable WiFi and mobile data to get traffic to route to the Pi. I can SSH to 172.20.1.1 with no issues.