Minikrebs

In short:

minikrebs is an low-interaction special-purpose firmware generator for the TP-Link WR703N.

official project page: http://krebsco.de/minikrebs

Longer Version: The project minikrebs is a meta-project for a number of special-purpose images for the TP-Link WR703n (or MR3020) Wireless Router. These Images are called `profiles` in the context and are build with the help of the OpenWRT Image Builder. Building the complete image is very important as the scarcest resource of the wr703n is its 4MB Flash memory

Hardware

Hardware Platform is in most cases the TP-Link WR703N Buy at:

Important: you do NOT want to buy the WR702N, it is cheaper but is NOT OpenWRT-compatible!

Almost 100% compatible is the TP-Link MR3020 which was built for the european market and is a bit bigger, has 5 LEDs and a 3-way switch. Buy at:

TLDR

Get your own minikrebs in 3 easy steps

Step 1: clone the minikrebs repository:

 git clone https://github.com/krebscode/minikrebs && cd minikrebs

Step 2: Build a cool webcam-streamer firmware for your WR703N:

 ./prepare instacam && builder/init 

Use it to flash your minirouter, password is `minikrebs`

For the MR3020 run:

 PLATFORM=TLMR3020 ./prepare instacam && builder/init

Step 3: Load the image to onto the WRT-Platform

 upload via web interface (for fresh install)

or with OpenWRT already installed

 # copy (via scp/wget or something) builder/bin/ar71xx/openwrt-ar71xx-generic-tl-wr703n-v1-squashfs-factory.bin (or mr3020 ) to minikrebs:/tmp
 (on router) 
 # mtd write /tmp/ar71xx/openwrt-ar71xx-generic-tl-wr703n-v1-squashfs-factory.bin firmware
 

Step 0: Something does not work

Join IRC: #krebs at irc.freenode.com

DISCLAMER

All code is pseudo-code and it might or might not work on your system. Copy-Paste with extreme caution.

Installation

All code is stored in the minikrebs git repository at https://github.com/krebscode/minikrebs .

git clone https://github.com/krebscode/minikrebs
cd minikrebs

Build Environment

The following convenience scripts are available under /painload/minikrebs:

./prepare -- prepares the build environment for a given profile into builder/
./upgrade -- writes the created image to your minikrebs via ssh
./restore -- restores custom files from builder folder

Profiles

Profiles provide the core functionality of minikrebs. It contains everything you need to build an awesome, special-purpose firmware for your mini computer.

Profiles are a combination of three things:

  1. An Idea
  2. A custom make command for the Image Builder
  3. A directory of custom files to be included in the final image

Currently (May '13) available profiles:

dali_master
heckenkrebs
instacam
krebs
madplayer
nfc_login
overlay_krebs
rickroller_advanced
rickroller_bare
shack_bridge
shack_dali
shack_instacam
shack_streamer
superheckenkrebs

The Next section describes some of these profiles - please note, profiles may change faster than this wiki page, so have a look at minikrebs/profiles

Also, `good` profiles will contain a doc/ folder which describes what the profiles does and what its prerequirements are.

Default credentials for all profiles are root/minikrebs

Profile: Instacam

The aim of the project is to reliably push a video stream directly to the internets for everyone to see at a very low price.

lh6.googleusercontent.com_-j7s_fzjkep8_upmve8yphxi_aaaaaaaaakg_wvaghpdvgt4_s640_img_20130113_225119.jpg

Hardware

Core (Wifi / Ethernet)
4G / 3G / UMTS

Currently Untested:

  1. usb hub ~ 4 Euro
  2. umts stick ~ 20 Euro
  3. MicroSD card (optional)
Mobile Version

either use (easy mode): - USB Battery Bank

  1. Dealextreme - Provides at least 6h of battery life (with external usb-device)

or (expert mode): - DC-DC StepDown Module

- Battery Pack

  1. take any battery pack you can find (car battery, model making)

Software

Build Firmware
  git clone github.com/krebscode/painload krebs
  cd krebs/minikrebs
  ./prepare instacam
  builder/init
Flash
  # flash image is at:
  #       builder/bin/ar71xx/openwrt-ar71xx-generic-tl-wr703n-v1-squashfs-sysupgrade.bin 
  
  # either flash image directly via web interface or
  # after obtaining ssh-access on the router run
  OWN_IP=<<your ip>> ./upgrade <<remote ip>>

Profile: Lazorcam

The minikrebs is deployed inside the shackspace lazor and is powered by its power supply. The next step is to stream the webcam data to ustream via an intermediate VHOST inside the shack infrastructure network.

lh5.googleusercontent.com_-x9gy2nhwdfq_upmu3-bouzi_aaaaaaaaai4_3zsz4p4dlj0_s640_img_20130113_225851.jpg

Besides that the image is pretty much equal to the base instacam firmware.

The WR703N is external Antenna adapter modded to be able to connect to the shack wifi through the metal case of the laser.

For more information see Lazorcam.

Profile: Airlift

The goal is to supply internet to „external territories“. The WR703N is modded with an external Antenna connector and fitted with a (claimed) 13 dBi yagi antenna.

A first quick network test proved successful with the Rick-roller profile spanning a distance of more than 2.5 km.

For more information see (2come) Airlift.

Profile: Usbbridge

minikrebs will start up as usbbridge with the usbip-stack. It will run usbipd and grab an ip-address via dhcp from the LAN interface.

lh5.googleusercontent.com_-e-0zt5znd0s_upm9lrducwi_aaaaaaaaala_gqzrvdemijw_s640_img_20130114_000208.jpg

setup

Connect usb-device and then connect krebsplug to power. When changing the usb-device, detach it on the client side, power off the krebsplug, attach usb device and power upthen.

usage

client side attach
  modprobe vhci-hcd
  usbip list -r <<KREBSIP>>
  usbip attach -h <<KREBSIP>> -p 1-1
client side detach
  usbip detach -p 0

Profile: Rick-Roller

The purpose of the profile is to create an access point where every connection is rewritten to rickroll.

lh3.googleusercontent.com_-l9s5pd3l9se_upmyj2mwxli_aaaaaaaaalk_kmpmeeknf10_s640_img_20130113_231711.jpg

If you carry it in your hand when driving by train you will have great fun giggling at the blinking LED.

Difficulities

As video autostarting is quite difficult at mobile victims to achieve, a short gif with rick dancing plus the first minute of its famous song will be served by the httpd.

Laptops and other clients with phat-browsers will probably honor both autostart loop tags in the new html5 standard.

Bare Version

This is the 'bare-metal' version of the rick-roller which opens a network called 'default' and waits for victims and will fit onto your 4MB of flash memory with a minute of rick-rolling audio and a 500KB gif of rick astley dancing.

Without an external usb-stick the space is very limited on the device and you will not fit airbase-ng onto the image to automatically answer all the probes for free networks by mobile devices.

Advanced Version

With more disk space you can fit airbase-ng on the system and also push the whole song (and possibly the whole damn video) to victims.

This image is not yet finished so i advise to use rickroller_bare instead.

=== Software The dnsmasq will resolve every domain request to the plugs ip-address. uhttpd will serve a custom rick-astley error-page for every request it receives. The LED will blink for 5 seconds and then go off.

=== Honorable Mentions In the process of creating this profile i stumbled upon the Mobile RickRoll Appliance, took their code but except for the idea of using cgi to display a successful roll pretty much nothing survived the complete rewrite. Also the wr703n is much much smaller and the (also much smaller) battery with 2000mah lasts for 6+ hours.

=== Rickroll Loop

8.8 –> 17.3 ; startup loop 26.3 –> 34 ; were no strangers to love, you know the rules and so do i 26.3 –> 42.6 ; … gotta make you understand

Profile: NFC-Gate

The NFC-Gate is part of the User Suppository infrastructure. It polls the attached nfc-connector for new cards and uses the UID of the card for trying to either log in or log out the user at the shack-infrastructure.

lh5.googleusercontent.com_-jrmgtdu44uo_upnf8fyhcwi_aaaaaaaaaly_tc3la5wargc_s640_img_20130114_003939.jpg

The nfcgate is a build for the MR3020Amazon DEAmazon COM, not the WR703 as it uses all the available LEDs to display the status of the login. NFC-Reader used is the SCM SCL3711Amazon DE as this one is supported pretty well by libnfc and is quite small.

For more information see: Github Repository and the source code of this profile. Direct deployment may not work as expected, even though you might haven't expected anything.

Profile: Krebs

This is the base profile for krebs nodes. Copy it to create cool krebs images. Core feature is the automatic connection to the retiolum darknet.

Hard Package dependencies

Make sure to include them in custom\_make

  tinc

Profile: Heckenkrebs

Heckenkrebs is the automatic internet-establish and gateway provider for the krebs darknet. It is a fork of the original krebs image.

This profile will automatically establish wireless connections to shared wireless networks. If you want the Krebs to connect to your wlan you need to add your wireless credentials to /etc/autowifi/wifi_keys. Syntax is $SSID|$MAC|$KEY W-Lans can be blacklisted by adding the mac to /etc/autowifi/blacklist

run infest on the system to get into the retiolum darknet (requires internet) hostsfiles for tinc can be updated with tinc-update

the LED will turn off after working internet connection to save power

Functionality

The heckenkrebs uses different profiles (located in /usr/lib/autowifi). Right now we only have a „hacking“ profile for easybox, but further profiles should follow soon.

Quickstart to get your own krebs on wr703n

!important this is pseudo code, so please use your brains

  cd /krebs/minikrebs
  ./prepare krebs
  builder/init

Stock image

connect to krebs

  dhclient eth0
  firefox 192.168.1.1
  {{goto the firmware-upgrade page}}
  {{upload ../builder/bin/ar71xx/openwrt-ar71xx-generic-tl-wr703n-v1-squashfs-factory.bin}}
  {{wait}}
  {{reconnect power}}

Upgrade image

From Recovery

  {{ start krebs in recovery mode}}
  ifconfig eth0 192.168.1.3
  telnet 192.168.1.1
      mount_root
      passwd
      /etc/init.d/dropbear start
      exit
  OWN_IP=192.168.1.3 ./upgrade 192.168.1.1
  {{reconnect power}}

When minikrebs is in dhcp-client mode

  echo "dhcp-range=192.168.0.50,192.168.0.150,12h" > /etc/dnsmasq.conf
  ifconfig eth0 192.168.0.1 && dnsmasq -d
  

WR703N Mods

USB-Hub

Pigtail

Add a SMA female connector or 2 (the other connector is called RPSMA - as I just learned) e.g. from Amazon if you want to install an external antenna.

Serial Port

project/minikrebs.txt · Zuletzt geändert: 2014/03/15 16:21 von 93.231.148.222