phr34kc0der

Wardriving

95 posts in this topic

I just got back from doing a little war driving (it still surprises me how many access points are open or on wep). War driving is fun and all but i always feel a little shady, pulling up down a quite road, all the lights off with just the glow of the laptop illuminating my face :P

What tips do you guys have on not getting caught and looking a little less suspicious, or failing that, on SEing your way out of the situation? My excuse will be "hi officer, oh this laptop? My stereo doesn't work so i use it for music and was just changing CD"

0

Share this post


Link to post
Share on other sites

I'd say distance, but a 12" squared patch antenna suction cupped to your vehicle would be mighty suspicious too.

When taking the bus I always use my little Mini9 and just keep a good lookout as its easily concealed. I've sat in front of city buildings and ... well ... played on the Internet. Also, at night if your lights are off, even with glare for your laptop, you've got the advantage on an approaching 5O (usually they roll up lights blaring). A netbook will have a smaller screen so less light as well.

As for an excuse: "Lost, just checking some maps I d/l from Google. Is there a problem officer?" Just have some maps of the are on your laptop.

EDIT: location is key too: just don't stand out too much. Really, there isn't much one could do to look nonchalant in a foreign neigborhood at 3:00am.

Edited by tekio
0

Share this post


Link to post
Share on other sites

Ive been thinking about setting up my Asus eee 701 for wardriving but im not too sure how it would handle cracking the wep keys and i would be pretty limited on the software i could install and data i could gather. Then i thought i could ssh them the packets to a home box which could crack them but then we get to a chicken and egg Internet issue :P (Then again, mobile Internet is pretty cheap)

0

Share this post


Link to post
Share on other sites

Crackin on eee is nooo problem. Aireplay that bitch and get a load of packets and its cracked in a matter of seconds :)

0

Share this post


Link to post
Share on other sites

ok guys that is a really amusing topic

even before finishing reading what phr34koder and tekio wrote i was already asking myself where they really are

i mean you would agree on that - it is essential

before revealing about where i am - i have to say a few things first

the other day i was with my laptop in a city plaza wjth all kinds of offices and stores around. I would open my bag turn on my laptop and choose one of half a dozen unsecured networks available - besides a little browsing i had to download some channels (news) from miro so i needed at least 100kb/sec speed which i got. then i was a little greedy and said i can sit a little more than my battery permits so i had to plug my adaptor in a hidden socket - which i discovered easily enough... after 3-4 hours i got up ( meanwhile i found a comfordable armchair from a pizza restaurant around ) and started packing when a security guard appeared - he was not much older and i am sure i was looking serious and responsible enough to his eyes - he didn't complain but said he came to ask me when i was finishing my work - i told him as you see i am packing and asked him if there was anything the matter - he said it's ok if i do this up to this hour and that i could come again if i need - which i did - that time the boys from the pizza restaurant told me in a friendly and semi-conspirational manner that there where other guys and girls coming regularly with their laptops too

the other day i went cycling when i noticed a guy with his laptop behind the bushes - i checked the area with my eyes and scaned the houses around - a week later i took my bike and came with my laptop and found two unsecured networks there too

so what is the tip on not getting caught ? behave like doing the most natural thing

Edited by deickos
0

Share this post


Link to post
Share on other sites

it's not something people get upset over, especially if you're in a public place. It's also not really the first thing in someone's mind when they see someone using their laptop. just relax and nothing bad will happen (which it won't anyways).

but if you want stealth when you're surfing unsecured networks, I'd recommend getting something tiny that's wifi-capable, like an ipod touch. it fits in the palm of your hand, but you still have a wide array of networking tools, like nmap & netcat at your disposal. sure, there isn't any WEP cracking software out for it yet (that I know of) but if you're just wanting to use unsecured APs, it's fine.

0

Share this post


Link to post
Share on other sites
I just got back from doing a little war driving (it still surprises me how many access points are open or on wep). War driving is fun and all but i always feel a little shady, pulling up down a quite road, all the lights off with just the glow of the laptop illuminating my face :P

What tips do you guys have on not getting caught and looking a little less suspicious, or failing that, on SEing your way out of the situation? My excuse will be "hi officer, oh this laptop? My stereo doesn't work so i use it for music and was just changing CD"

first of all theres a couple of things you need to keep in mind when youre wardriving. first thing is, 9am-5pm is the best time for wardriving, during that time youll find the most amount of computers powered on, users logged on, and traffic flying around. second thing is WARDRIVING RESIDENTIAL AREAS IS A WASTE OF TIME. theres useless info on residential wlans. if youre looking to poke around and gain access to interesting data try wardriving business districts, stripmalls, industrial areas that have alot of companies concentrated into a small area. also it isnt suspicious looking for a guy to be driving around business complex with a laptop in his car. keep a clipboard and some other generic looking business type folders n shit in the car with you if youre super paranoid aboutcops rollin up, and keep a google maps tab open in your browser so you can always say youre looking for an address.

0

Share this post


Link to post
Share on other sites

I would recommend that if you were in a business section of town like lolcat suggested, you could always act like you were on your lunch-break ( this also gives you the excuse to get a burger somewhere ;) ) or as previously suggested pretend to be looking at a map of the neighborhood. The advantage of looking at a map would be that you could look for better places to go to after your finished with where you're at.

0

Share this post


Link to post
Share on other sites

There was a presentation on automated wifi hacking at the 25c3. The topic was "Short Attention Span Security". Basically, the point is to have a small low power box that sits in your car and automatically breaks into wifi networks with aircrack.

http://www.awgh.org/?p=76

0

Share this post


Link to post
Share on other sites
There was a presentation on automated wifi hacking at the 25c3. The topic was "Short Attention Span Security". Basically, the point is to have a small low power box that sits in your car and automatically breaks into wifi networks with aircrack.

http://www.awgh.org/?p=76

wow, thanks. I was actually in the process of doing something similar

0

Share this post


Link to post
Share on other sites
Ive been thinking about setting up my Asus eee 701 for wardriving but im not too sure how it would handle cracking the wep keys and i would be pretty limited on the software i could install and data i could gather. Then i thought i could ssh them the packets to a home box which could crack them but then we get to a chicken and egg Internet issue :P (Then again, mobile Internet is pretty cheap)

backtrack is suppose to have the eee drivers build in to the distro i haven't confirmed this yet but you could always install BT3 on an sd card.

http://forum.eeeuser.com/viewtopic.php?pid=54504

-E

0

Share this post


Link to post
Share on other sites
Ive been thinking about setting up my Asus eee 701 for wardriving but im not too sure how it would handle cracking the wep keys and i would be pretty limited on the software i could install and data i could gather. Then i thought i could ssh them the packets to a home box which could crack them but then we get to a chicken and egg Internet issue :P (Then again, mobile Internet is pretty cheap)

backtrack is suppose to have the eee drivers build in to the distro i haven't confirmed this yet but you could always install BT3 on an sd card.

http://forum.eeeuser.com/viewtopic.php?pid=54504

-E

I've used the asus eee with bt4 (installed on a USB thumb drive) and packet injection was supported out of the box. I was more concerned about the speed of cracking the keys on a low spec laptop, but after playing a while it seems to work ok.

0

Share this post


Link to post
Share on other sites

IMO, Wardriving is played out.... It used to be cool 3-5 years ago but I honestly do not see the point driving around wasting your gas looking for random access points. If you really want to [break into/break encryption] of a wireless network, then target a specific network and mess with it discreetly. As for dealing with cops, I doubt they can confiscate your laptop without a warrant/court order (not to mention 99.99% cops don't know shit about computers, so very easy to make up some bullshit story). Usually these statements will get you out of a conversation with the police if delivered correctly:

Officer: blahblahblah

You: Are you detaining me?

Officer: No, I am just asking a question blah blah

You: So if you are not detaining me, am I free to go?

Officer: no

You: so you ARE detaining me?

Officer: No

You: So I am free to go?

Standard question loop.

Edited by R3c0n
0

Share this post


Link to post
Share on other sites
IMO, Wardriving is played out.... It used to be cool 3-5 years ago but I honestly do not see the point driving around wasting your gas looking for random access points. If you really want to [break into/break encryption] of a wireless network, then target a specific network and mess with it discreetly. As for dealing with cops, I doubt they can confiscate your laptop without a warrant/court order (not to mention 99.99% cops don't know shit about computers, so very easy to make up some bullshit story). Usually these statements will get you out of a conversation with the police if delivered correctly:

Officer: blahblahblah

You: Are you detaining me?

Officer: No, I am just asking a question blah blah

You: So if you are not detaining me, am I free to go?

Officer: no

You: so you ARE detaining me?

Officer: No

You: So I am free to go?

Standard question loop.

I didnt have a car 3-5 years ago...

0

Share this post


Link to post
Share on other sites
not to mention 99.99% cops don't know shit about computers

True. I read about one guy that got busted breaking someone's encryption the cop said to the reporters, "he was doing something illegal we just weren't sure what". Hopefully the person in question got a good attorney that would've used that statement against them, "You mean you arrested my client and were not even sure why?".

I read it is a felony to bypass any authentication of any computer system in some parts of the USA. :ninja:

Edited by tekio
0

Share this post


Link to post
Share on other sites

My advice, don't tell the cop your hacking their wifi, and if you see lights pull up behind you, just exit out of the program. Keep an atlas with you, and a flashlight.

0

Share this post


Link to post
Share on other sites

The atlas and the flashlight isnt a bad idea. However id go for having a cellphone on instead and have a suit or somthing on while working. Be it in a burgerjoint next to the office youre "borrowing" the network from, or sitting in a car. If you look like a punk or random the cops will treat you that way. Are you looking like a businessman or salesperson the cops will most often treat you a little diffrently. Its all a matter of.. well social engineering in a way. But the phsylogical aspect of it. Most people, cops including, will have a better authority feeling towards somone in a suit over a random punk.

If you talk in a very confident yet polite way you can get away with murder.

And if youre sitting in a car and speaking with the cellphone between your ear and shoulder you will not look suspiscious since that would be a very resonable (not to mention legal obligation in most contries) to pull over and stop the car.

If a cop aproaches you, and see youre merely talking on the phone while looking up a case on your computer he likely wont bother you at all. It would be a bit rude to interrupt a businessman talking on the phone with a client.

0

Share this post


Link to post
Share on other sites
The atlas and the flashlight isnt a bad idea. However id go for having a cellphone on instead and have a suit or somthing on while working. Be it in a burgerjoint next to the office youre "borrowing" the network from, or sitting in a car. If you look like a punk or random the cops will treat you that way. Are you looking like a businessman or salesperson the cops will most often treat you a little diffrently. Its all a matter of.. well social engineering in a way. But the phsylogical aspect of it. Most people, cops including, will have a better authority feeling towards somone in a suit over a random punk.

If you talk in a very confident yet polite way you can get away with murder.

And if youre sitting in a car and speaking with the cellphone between your ear and shoulder you will not look suspiscious since that would be a very resonable (not to mention legal obligation in most contries) to pull over and stop the car.

If a cop aproaches you, and see youre merely talking on the phone while looking up a case on your computer he likely wont bother you at all. It would be a bit rude to interrupt a businessman talking on the phone with a client.

Or you could just be texting someone on your blackberry franatically.

I'm sure the cops see people pull over all time to text message someone, I see it every so often.

0

Share this post


Link to post
Share on other sites

Funny r4p1d, as I usually see people texting on their CrackBerries while still driving. Anyway, I figured you would have said something about your trump card in wardriving. r4p1d has an interesting strategy of putting Linux on innocent-looking consumer devices with wireless connections. Then, he can use them to do at least part of the wardriving. Of course, I'm not giving specifics to ensure continued deniability, but let's say nobody would look at any of these and think they would be used for that. Until they turn them on and navigate a bit, that is.

As for that part, r4p1d, I got an idea for you. Even though this isn't one of your toys, I'm going to use iPod and Linux as an example. Lets say someone was rolling with Linux on an iPod. The second someone turned it on they would know it was different. What if, though, it appeared broken until a certain action was performed? When first loaded, any of the consumer devices will show an error screen of some sort or a splash screen that never ends. If anyone inspects it, you can tell them about "this f***ing problem that keeps showing up. It seems like its happening more and more. May have to get the damn thing fixed." Of course, if you press [up, up, down, down, left, right, left, right, B,A,B,A,Start] or something it will promptly load up. This should provide deniability for more than casual inspections. Also carry no more than one at a time, as every device breaking looks suspicious. What do you think about this scheme?

I was going to implement a version of this on a desktop PC. If someone was about to seize my HD, I could run a program that overwrites critical portions of it. Even quickest that just overwrites TrueCrypt headers and partition table would take a few minutes. How to make them wait? Screen, looking like part of Windows, pops up saying its scanning and repairing the hard drive. An error occurred, and permanent data corruption will occur unless the process is finished. I'll do some acting to look surprised and pissed, and may pretend to want them to shut it down, so they think I want the data destroyed. ;) The program will be loaded into RAM from encrypted volume on CD or USB stick, which will be promptly discarded. Encrypted volume on it will be erased on load. I think a fake error screen talking data corruption might be a good cover, cuz the last thing they want is data corruption and weren't suspecting it to be a ploy. What u think?

0

Share this post


Link to post
Share on other sites

Why don't you guy's just use a carpc?

I put something similar in my wifes honda years ago.

Back then in car monitors and DVD were expensive along with all the other gadgets.

So I just spent the money for the monitor,and then bought a few tools for my stereo to wire into my laptop.

I just plugged in my laptop to the monitor and stereo buss and had in car MP3,DVD,GPS etc..

Incar PC's are easily built nowadays.

Just build it into a box in the trunk with plugin's up front for a keyboard.

On a newer truck I built,I cut the dash out and installed a screen in place of the double-din stereo.

Most newer vehicles have in-dash screens anyway,and ALOT of stereo-oriented guys have put them in their car.

A quick click snaps you over onto a navigation screen etc..,

I'm doing another in-car computer in my wifes car pretty soon,this time going with a dedicated box in the trunk as opposed to the laptop idea.

Also doing it in a street/track truck i'm doing,though i'm using a touchscreen in place of the cluster to utilize my datalogging equipment for tuning the fuel injection.

The equipment allows me to build a virtual dashboard complete with a plethora of guage options.

Basically,mount a screen on your dashboard(doesn't have to be custom,my first incar screen just mounted on the dash with screws).

Put the box in the back,power supplies are essentially 12v anyway and you can buy them setup for auto use now.

Programs are already available for startup etc.. in a car for incar computing.

Run wireless mouse/keyboard or on-screen controls for touchscreen apps.

Check out MP3car.com for the power supplies,programs and more info.

Side benefits include mass storage for music and DVD for incar use,GPS for a PC is cheaper than auto apps.

If your into cars and diagnosis you can run a dedicated datalogging/OBDII program for tuning and problem-solving.

This can all be done with existing computer equipment you have laying around,and even buying all new equipment it is extremely easy on the budget.

Hope that helps some,i've never done wardriving but plan to try it out by checking out different wifi systems in my area.

I'm backwoods/country in a small town so for the most part i'm betting nobody uses security here.

0

Share this post


Link to post
Share on other sites

you could have some pizza boxes with a rack mount in one of them makeing a literal LinuxROM, then you could ploy to be delivering pizzas or you just bought some pizza's. or you could say you are using/looking for open wifi as it is not illegal as long as your not loitering/ tresspasing. as obvious do not run from the cops. as long as you dont have like a desktop your probably not going to get much trouble.

edit:^ thought about doing that if i had a car lols, was not going to controll the car through the computer though, beacuse the computer is just going to error and put too much gas in when i put hydrogen+oxygen in thru the air line. would rather have carbirated anyways then i can replace the carbarator with a fuel pump, and 15 air pumps, anyways i was gonna put a mini keyboard/screen in the glovebox by pulling out the whole dash putting the screen in then cut out the back of the glove box. but then id void the insurance. so om just gonna build a car then id be easyer to put a cpu in it.

if your in a business district you may be able to fake out the cop, and be like im the sytem administrator they've been having problems with their network, so i had to drive all the way down here just to scan it and tell them to change the pword. it may work if your wearing a suit and have clipboards with some papers with some random junk scibbled on it.

Edited by dinscurge
0

Share this post


Link to post
Share on other sites

Im actually quite interested in the whole adding a computer to a car thing. I got this book a little while ago, just to see what kinda things to keep my eye open for. I dont really want to cut up pieces of my car, and i think all the ideas in this book are reversible

geek my ride

I was thinking it would be pretty cool to have a computer in your dashboard (maybe touch screen) with a shell script to crack wep. You could pull up, hit one button and it would take care of the rest. No problems with cops or neighbours.

r4p1d has an interesting strategy of putting Linux on innocent-looking consumer devices with wireless connections. Then, he can use them to do at least part of the wardriving

I like that idea, but what kind of chipset do those kind of devices use? That must be a problem.

What if, though, it appeared broken until a certain action was performed? When first loaded, any of the consumer devices will show an error screen of some sort or a splash screen that never ends. If anyone inspects it, you can tell them about "this f***ing problem that keeps showing up

A little off topic from war driving, but i was thinking of doing a similar thing with my mobile phone. Someone was taking videos where i work and there were some confidentiality issues, so the security guards first watched the vids and deleted them from the phone. I was thinking it would be cool if you presented a fake screen which only pretended to delete them (thinking about it, this idea could be used for some really creepy intentions, but when i thought of it, it really was for more of an espionage thing)

0

Share this post


Link to post
Share on other sites
edit:^ thought about doing that if i had a car lols, was not going to controll the car through the computer though, beacuse the computer is just going to error and put too much gas in when i put hydrogen+oxygen in thru the air line. would rather have carbirated anyways then i can replace the carbarator with a fuel pump, and 15 air pumps, anyways i was gonna put a mini keyboard/screen in the glovebox by pulling out the whole dash putting the screen in then cut out the back of the glove box. but then id void the insurance. so om just gonna build a car then id be easyer to put a cpu in it.

You don't have to control the vehicles PCM,doing that isn't hard but when we do that(i'm a tuner) we use a hacked PCM with an emulator wired or bluetoothed into our equipment (Roadrunner by Moates.net)

The PC is mainly for logging the vehicle sensor's while driving for later tuning,only the hardcore really constantly tune their daily drivers.

All the InCar PC's i've seen don't even log the cars PCM,it is strictly a multimedia add-on.

And I'm guessing you mean void your cars warranty,not insurance.

Insurance can't say anything about what you do to your car,and I only buy used cars for cash so warranty has nothing on me.

On a side note,I'm just getting interested in Hydrogen. A guy from my old job sells the setup,and I'm fixing to start working with him on getting the most out of it along with installing his systems.

You can do it without messing up the cars sensors,most people just fool the sensors-there are other ways to do it by just allowing the PCM to recognize the fuel though(hydrogen is a fuel).

I'm gearing up to do some preliminary tuning with hydrogen,the buddy I mentioned is trying to get some government research grants for it.

EPA hates it,regardless of the less emissions and that is where most of the legality issues are coming from.

I've put up a request on freecycle for old pc's people have laying around so I might go ahead and start on the InCar for my wife's impala soon.

Edited by DefPlay
0

Share this post


Link to post
Share on other sites

well i guess the pcm may freak out because even if it can tell that hydrogen is fuel it probably wont be able to figure out that the hydrogen is a 2.1 fuel and not a 15.1 like gas so it could or could not show that too much air is coming in and shoot more gas in with the fuel injector. i was going to compress the hydrogen/oxygen at home with a geared down/reinforced pump so i coould get liquid hydrogen/oxygen in propane tanks (yes i know it is dangerous) and use beefy internal regulator's as to limit the pressure to really low somewhat 1-14psi. use internal so it doesnt shoot out hydrogen and blow up. or you can just run electrolysis in the car and run the output into airline past the filter.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now