Follow us

The cheapest fire and forget hacking computer on the consumer market – the threat could be everywhere

Published: July 25, 2021 By Ozair Malik

A black-hat standing besides a trash can after dumping his machine.

Every black hat needs a hacking computer to perform hacks, Spy, or inject malware into the network. Black hats tend to use portable and cheap computers for their evil actions. Portable and inexpensive computers enable them to change location quickly or destroy the machine if exposed during an operation.

Now, you must be wondering if these portable and cheap hacking computers were built by manufacturers like Dell or HP. Can I buy one from the local market?

Fortunately, such hacking computers are not available ready-made in the market. If that would be the case, then they would have been a hot selling product. Therefore, a black hat builds and configures its own hacking machine according to the operational requirements. They use standard PCs or Laptops available in the market.

 

The cheapest fire and forget hacking computer that every black-hat tends to use is a Raspberry Pi’s variant called Raspberry Pi Zero W. Below, we will discuss how a Raspberry Pi is used to perform attacks and hacks.

Disclaimer:

This is strictly an educational guide. I will not be responsible for any misuse or unethical action of a reader.


What is a Raspberry Pi?

Raspberry Pi is a cheap, pocket-size, and single-board computer that plugs into a TV, monitor, or mobile. Like every other computer, It uses a wired or a wireless keyboard and mouse. It is capable of performing every task that you expect from a desktop computer or Laptop. One can surf the internet, play games, watch HD videos, listen to music, or make spreadsheets.

Linux is the resident operating system of a Raspberry Pi. It operates in the open-source community and hosts several open-source software.

Raspberry Pi foundation – a registered educational charity organization based in the United Kingdom, has introduced Raspberry Pi boards in the market. This project aimed at equipping schools of developing countries with low-cost computers to impart basic computer knowledge to the pupils.

Pi Models and Specifications

The first model of Pi, known as Raspberry Pi Model B, was released in February 2012, followed by a cheaper version of Model A in 2014. Since then, many variants and models with enhanced features have been introduced in the market.

As of 2021, it is estimated that around 50 million Pi boards have been sold. This shows the popularity and adaptability of Pi in the consumer market. One of the main factors behind its popularity is the price factor. Amazingly, the price bar has consistently remained below $100. The Pi Zero is priced at only $5.

The original PI computer had a single-core 700 MHz CPU and only 256 MB RAM, whereas the latest model has a Quad-core CPU with a clock speed of 1.5GHz and 4 GB RAM.

What are the Applications of a Raspberry Pi?

Due to its small size and low cost, it is widely used in DIY tech, IoT, AI, Security and, Electronics projects which include:

  • Robotics
  • Weather Stations
  • Music machines
  • Parent detectors
  • Home automation systems
  • Pi web servers
  • Gaming stations or machines
  • Cyber Security tools
  • Surveillance devices and systems
  • Industrial Systems
  • Edge Computing

Besides these legitimate applications, a PI is used for building portable and covert hacking machines. Moreover, it can be altered to fit into any system or product because it is merely a board. Pi has different variants available to fulfill the requirements of a wide variety of systems and products.

Infographic of Mobile Wi-Fi hacking toolkit using PI Zero W

Feel free to share the code of infographics

<iframe width="574" height="2597" frameborder="0" scrolling="no" style="overflow-y:hidden;" src="https://cooltechzone.com/sites/default/files/pictures/threats/consumer-market/consumer-market-1.png"></iframe>
 

What is a Raspberry Pi Zero W?

Raspberry Pi Zero W is a wireless variant of the Pi zero model. Unlike Pi zero, it has built-in Bluetooth and Wi-Fi. It was released in 2015.

The price of the Pi Zero W board is only $10. However, the complete kit costs around $50. It is ultra-small and slim with 65mm length, 30mm width, and 5mm deep. Pi zero w is the most minor form factor Raspberry Pi available in the consumer market. 

The features of a Pi Zero W include:

  • 1GHz, single-core CPU
  • 512MB RAM
  • Mini-HDMI port
  • Micro-USB On-The-Go port
  • Micro-USB power
  • HAT-compatible 40-pin header
  • Composite video and reset headers
  • CSI camera connector
  • 802.11n wireless LAN
  • Bluetooth 4.0

The Pi Zero W PCB alone is not enough; it requires other necessary accessories to make it functional. The complete basic kit includes:

  • Raspberry Pi Zero W Board
  • Official Raspberry Pi Zero Case
  • A MicroSD Card ( 32 GB recommended)
  • Power Supply ( a 5000mAh power bank)
  • USB OTG Cable
  • Mini HDMI Adapter

How can you use Pi Zero W as a Hacking Computer?

Because of the features mentioned above and the specifications of Pi Zero W, it is the go-to computer for black hats. They widely use it in performing illicit and covert tasks.

A black hat likes to carry his hacking machine with him every time to target any person, network, etc., at any time and place. Before the introduction of Raspberry Pi, they used to carry laptops with them.

They tend to carry a Pi Zero W with them because it can fit in a hoodie pocket and fulfill their operational needs.

Below, I will discuss the method through which it turned into a Wi-Fi hacking tool. But before that, we have to configure it to make it operational.

How to configure and set up a new Pi Zero W?

To start with, you need a complete starter kit with the accessories mentioned above. In addition to this, you would require an Android phone and a computer to configure the MicroSD Card and Pi.

To install Raspbian Buster lite –the official OS of Raspberry Pi:

  1. Download its image from Raspberry's official site.
  2. Flash the image on SD Card. (It is recommended to use Raspberry Pi imager). 
  3. Now, we need to modify some of the Config files on the SD Card.
    1. Move to root directory of SD card, i.e., Boot.
    2. Open the config.txt file with Wordpad.
    3. Move to the end of the file and add the “dtoverlay=dwc2” to a new line.
    4. Lastly, save and close the file.

    config.txt file opened in Wordpad

     Image source – circuitbasics.com

  4. Now, we have to edit the cmdline.txt file.
    1. Open the cmdline.txt file with Notepad.
    2. Find the command “root wait”.
    3. Add “modules-load=dwc2,g_ether:” after the command.
    4. Save and close the file.

    cmdline.txt file opened in Notepad

     Image source – circuitbasics.com

  5. Add an “ssh” file with no extension.
  6. Finally, insert the card into Pi Zero W.
  7. Connect it to a system via mini USB port to USB converter.
  8. Now, you can SSH via terminal, Putty, or phone app using the address “raspberrypi.local”.
  9. Once the connection is established, then run “raspi-config” to expand the file system.
  10. At last, reboot the Pi using the command “sudo reboot”.

After reboot, check if Pi has internet connectivity by pinging any website; if it fails to ping, follow the steps at circuitbasics.com to connect to the internet.

How to hack Wi-Fi using a Pi Zero W?

Once you are done setting up and configuring a Pi, you need to install the Wi-Fi hacking tools and other dependencies.

To start with,

  1. Firstly, update the Raspbian OS by using the following command.
sudo apt-get update && sudo apt-get upgrade -y
  1. Install Re4son Kernel
wget -O re4son-kernel_current.tar.xz https://re4sonkernel.com/download/re4son-kernel-current/
tar -xJf re4son-kernel_current.tar.xz
cd re4son-kernel_4*
sudo ./install.sh
  1. Check if you can set the Wi-Fi interface to monitoring mode.
iw phy phy0 info
  1. We need to set up a monitoring interface by editing the “rc.local file”.
sudo nano /etc/rc.local
  1. Add this line to the file.
sudo iw phy phy0 interface add mon0 type monitor
sudo ifconfig mon0 up
  1. Save, Exit and Reboot.
  2. Type ifconfig to check that mon0 is present.

After configuring the Wi-Fi interface, we need to install a tool, i.e., Aircrack-ng.

curl -s https://packagecloud.io/install/repositories/aircrack-ng/release/script.deb.sh
| sudo bash
sudo apt install aircrack-ng

Then, we have to test the monitoring mode by playing with the Aircrack-ng tool:

sudo airodump-ng mon0

Finally, we will try the injection:

sudo aireplay-ng -test mon0

Terminal interface showing Aircrack-ng Injection results

Image source –medium.com

From the above screenshot, we can see that our injection is working. Hence, Aircrack-ng is correctly installed and working.

Now, we can use Aircrack-ng commands to scan a BSSID to sniff handshakes.

sudo airodump-ng -c 1 --bssid 00:11:22:33:44:55 -w WPAcrack mon0 --ignore-negative-one

Here, c is for channel, and –w is the filename that will contain authentication handshakes. Moreover, bssid is the specific target BSSID.

How to do Mobile Wi-Fi hacking using a Pi Zero W?

If you wish to operate a Pi Zero W using a mobile phone, you need to connect it via Bluetooth. Therefore, firstly, we will configure the Bluetooth on Pi.

The Re4son kernel installed earlier ships with BlueZ. We use BlueZ to connect to the mobile Bluetooth.

To configure and setup Bluetooth on a Pi, apply the following:

  1. Firstly, install the BlueZ tool.
sudo apt install bluez-tools
  1. Create the following files with the data given below.
    1. sudo nano /etc/systemd/network/pan0.netdev

      [NetDev]
      Name=pan0

    2. sudo nano /etc/systemd/network/pan0.network
    3. sudo nano /etc/systemd/system/bt-agent.service

      Description=Bluetooth Auth Agent
      ExecStart=/usr/bin/bt-agent -c NoInputNoOutput

    4. sudo nano /etc/systemd/system/bt-network.service

      Description=Bluetooth NEP PAN
      ExecStart=/usr/bin/bt-network -s nap pan0

  2. Run the following commands :
sudo systemctl enable systemd-networkd
sudo systemctl enable bt-agent
sudo systemctl enable bt-network
sudo systemctl start systemd-networkd
sudo systemctl start bt-agent
sudo systemctl start bt-network
  1. Finally, to pair the Bluetooth, run:
sudo bt-adapter — set Discoverable 1

After performing the steps mentioned above, you can use your mobile phone to SSH the Pi. There are various SSH clients available for android, including Putty, Terminix, Mobile SSH, etc. But, Putty SSH is recommended here.

Once you are on your SSH Putty client, establish the connection with Pi and start cracking using Aircrack-ng.

GUI of Putty SSH android App


Conclusion

Raspberry Pi also has legal applications in the InfoSec field besides these illicit ones. But, as far as malicious hacking operations are concerned, Pi can be used to perform a wide array of attacks. Above, I have just mentioned one in which we use it as a Wi-Fi hacking gadget.

The flexibility of a Pi PCB allows hackers to build a hacking computer according to the task requirement. Hence, we cannot fix it for some tasks because we do not know what a black hat is up to every time.

But again, this was an educational guide. You need to be extra cautious while following such directions because they can put you in trouble.

Please let me know if you built a modified hacking computer using a Pi Zero W or did a similar task in the comments below.

Author
Ozair Malik
A passionate Cyber Security researcher and writer with a keen interest in Digital Forensics. A community worker running a insta blog to raise cybersecurity awareness among laymen.

Write a review

click to select