CYBER ARMS – Computer Security – CyberSecurity Training and Offensive Security News

Tactical Wireless Security – Using DragonOS for Pentesting

This is a part of a sample chapter from my latest book, “Tactical Wireless Security” converted to article form. The book was originally created for a class to teach basic WiFi and SDR skills to Special Forces troops. The book is available now on Amazon.

DragonOS Introduction

DragonOS is a Linux-based system designed specifically for RF analysis and wireless security testing. What sets Dragon OS apart is its focus on critical RF tools, especially for tactical use. It comes pre-loaded with software like GQRX for spectrum monitoring, GNU Radio for signal processing, and tools for cellular network analysis. Basically, it’s built to handle a wide range of SIGINT and wireless recon missions right out of the box.

Dragon OS is also available for Raspberry Pi, making it ideal for field operations where portability is key. Whether you’re using an RTL-SDR or more advanced devices like BladeRF or USRP, Dragon OS has you covered. We will be using it because it’s tailor-made for tactical RF ops—monitoring peer or near peer signals, mapping networks, and securing communications.

What is Dragon OS?

A free, Linux-based OS for RF analysis and wireless security testing

Key Features:

Pre-installed and configured software for SDR and wireless security
Built for spectrum monitoring, signal analysis, and recon

Why Use Dragon OS?

Tailored for tactical RF operations
Efficient for field use on Raspberry Pi
Flexible, powerful tools for signal interception and analysis.

Tools in Dragon OS:

GQRX, GNU Radio, SDRangel, OpenLTE, and more
Supports RTL-SDR, HackRF, BladeRF, and more!

Dragon OS makes SDR based scanning and attacks extremely simple. Dragon OS comes pre-configured to work with most popular SDR devices. Simply boot Dragon OS, insert your HackRF, BladeRF or your favorite RTL-SDR and run one of the numerous pre-installed tools. It really is that simple.

Installing DragonOS

Dragon OS is available from the OS website in two formats, Raspberry Pi and X86-64. Simply pick the version you want and download it.

_{DragonOS website}

Installing Dragon OS is extremely easy on a Raspberry Pi. Just download the Raspberry Pi image from the Dragon OS website (https://cemaxecuter.com/). Write it to a Pi compatible memory card using a tool like balenaEtcher. Insert it into your Pi, attach peripherals, and lastly power. It will boot up to the Dragon OS Desktop. You could also download the x86-64 .iso write it to removeable media and boot it, or use it in VMWare – Create a new Virtual Machine, setting the ISO as the boot drive, and then after it boots, running through the install routine.

The default password is “dragon”.

Dragon contains a lot of preinstalled tools for us to use. All are configured to run out of the box. Just boot up Dragon, insert your SDR adapter, start the tool you want, select your SDR from the tool configuration and you are off to the races.

DragonOS – A Quick Walk Through

I know Dragon is new to a lot of you, so let’s do a quick walk through. After login, you will be at the Dragon main desktop. The bird in the bottom left is the menu button, you also have 4 desktops you can use, a file manager, browser, console, and a “show desktop” button.

Clicking the menu button offers a standard Linux system menu.

Many of the RF spectrum scanning tools are under the menu option “Hamradio”. Many of the transmitting tools can be found under the “other” menu.

To logout and shutdown Dragon OS, just use the “Leave” menu option.

If you are familiar with Debian Linux, you will feel right at home. In fact, Kali Linux is also Debian based, and all the tools we covered in Kali could be used in Dragon as well. And some are actually already installed!

Enough introduction let’s get some hands-on time! In my book, I cover basic usage of several of the RF Scanning tools first, and then the tools to capture and manipulate signals in the next section.

The creator of Dragon OS has an extensive YouTube library of almost three hundred Dragon OS “How-To” videos. They cover literally everything from installing Dragon to using some of the more advanced tools and techniques like the Cell Tower tools and tracking down drones with his own hardware and software creation, the “War Dragon”.

I highly suggest that you check out his YouTube channel:

https://www.youtube.com/@cemaxecuter7783

Before I wrap up this article, I want to cover one tool in Dragon that is very good for scanning WiFi and Bluetooth – Sparrow WiFi.

WiFi Scanning with Sparow WiFi

Sparrow WiFi is a quick and easy to use WiFi scanning tool that displays all WiFi networks detected and shows you a bandwidth map, so you can see, at a glance, what WiFi networks are using what channel bandwidth. Attach your WiFi USB adapter and a Bluetooth adapter if you have one.

From the main dragon menu, select, “Other > Sparrow WiFi”
Then type, “sudo ./sparrow-wifi.py”

Click the scan button, this will begin the WiFi Scan. Next, click “Bluetooth” from the top menu and click “start scan”. This will detect both WiFi and Bluetooth Devices.

That’s it, with just a couple clicks you can have a good layout of the WiFi and Bluetooth space around you! I personally really like this tool and use it a lot when I do use Dragon OS. It’s quick, easy to use and seems to show a lot more Bluetooth devices than other tools that I have used.

Conclusion

In this article, we introduced DragonOS. DragonOS is a great operating system that is totally pre-configured to use SDR. We also looked at the basic layout of the menu system and looked at one of the popular WiFi tools in Dragon.

In my latest book, “Tactical Wireless Security”, I cover performing Wireless security testing with some of the most popular WiFi tools on Kali Linux. I then switch to DragonOS and have two sections on using it – tools and techniques for Spectrum Scanning and Analysis, and a section on the transmission tools, learning techniques like signal modification and even jamming.

The book covers using hardware tools like the HackRF One, and covers numerous popular SDR software tools, like GNU Radio Companion (GRC), Universal Radio Hacker (URH), and SDRAngel.

Each of these sections is written in a hands on, step by step, learn by doing style that all my books are written in.

Check out “Tactical Wireless Security” on Amazon.com

Resources & References

RTL-SDR, “About RTL-SDR” – https://www.rtl-sdr.com/about-rtl-sdr/
Dragon OS Creator’s YouTube Channel – https://www.youtube.com/@cemaxecuter7783

New Book – “Tactical Wireless Security”

My New SDR Wireless Security Testing Book -“Tactical Wireless Security” is Here! Unlock the Secrets of Testing Wireless Security and Master Software Defined Radio using Kali Linux and DragonOS with my latest release!

In an increasingly interconnected world, securing the airwaves is no longer optional – it’s mission-critical. In this cutting-edge guide you will take a journey into wireless security, spectrum analysis, and offensive SDR techniques. Packed with hands-on methods and real-world applications, this book is an indispensable resource for military professionals, college students, and cybersecurity enthusiasts alike.

Part 1: WiFi Security Testing with Kali Linux
Learn to exploit and defend against wireless vulnerabilities using the most powerful tools in Kali Linux. From ethical hacking techniques to in-depth WiFi analysis, this hands-on section provides a solid foundation for understanding and securing wireless networks.

Detecting Networks, Drones, and Airplanes with Kismet
Using the Aircrack-NG toolset, the core for many WiFi tools
Angry Oxide
Bettercap
Fern WiFi cracker
and more!

Part 2: SDR Spectrum Scanning and Analysis with DragonOS
Dive into the fascinating world of Software-Defined Radio (SDR). Using DragonOS, you’ll explore spectrum scanning and signal analysis to uncover the world of RF wireless communication. Whether identifying rogue signals or mapping frequency environments, this section gives you the edge in spectrum dominance.

GQRX
SDR++
CubicSDR
Aiplane, Ship and Satellite Tracking with SDRAngel
OpenWebRX+
and MUCH more!

Part 3: Offensive SDR Techniques
Go beyond the basics with advanced offensive capabilities. Learn to capture, edit, and jam signals using SDR hardware and software tools. From tactical applications to counterintelligence operations, this section provides the knowledge to turn SDR technology into a strategic asset.

Gnu Radio
CleverJam
Universal Radio Hacker (URH)
Transmitting and Jamming with SDRAngel
And More!

Part 4: Using Small Board Computers as Wireless Attack Tools
Learn how to turn a Raspberry Pi into a HackRF type board with RPITX. Learn how to create a long range hacking platform with LoRa (Long Range Wireless) and get hands on with a Flipper Zero using the latest Momentum Firmware

Part 5: Next-Generation Wireless Attacks
Explore groundbreaking research that demonstrates how to bypass air-gapped networks using innovative wireless attack methods. This thought-provoking chapter offers a glimpse into the future of wireless exploitation and its implications for cybersecurity.

Part 6: Network Defense and Personal Anti-Tracking Techniques
Learn how to defend your wirless network and devices from the latest threats. Also learn simple steps you can take to protect yourself from wireless tracking.

Whether you’re a defender looking to secure your wireless assets or an operator seeking tactical superiority, this book delivers practical, actionable knowledge that will take your wireless security expertise to the next level. Pick up your copy today and dominate the airwaves!

Available now on Amazon.com

Russian APT Hackers: A Look Inside Russian CyberWarfare

Introduction

When it comes to the clandestine world of cyber warfare, Russian APT (Advanced Persistent Threat) groups are often at the forefront. These digital operatives, shrouded in mystery and often state-sponsored, play a critical role in the geopolitical cyber landscape. In this report, we’ll explore the main Russian APT groups, their targets, operational methods, and a technical analysis of their varied and sophisticated techniques. Finally, we’ll discuss effective defensive strategies to counter these threats.

Russian Hybrid Warfare: The Bigger Picture

Russian APT groups are a critical component of Russia’s broader hybrid warfare strategy, which blends conventional military tactics with cyber operations, disinformation, and other unconventional methods to achieve strategic goals.

Hybrid Warfare Explained

Hybrid warfare is a multifaceted approach that combines military force with cyber attacks, propaganda, economic pressure, and political influence operations. The aim is to create ambiguity and confusion, making it difficult for adversaries to respond effectively.

For example, the annexation of Crimea in 2014 showcased Russia’s hybrid warfare tactics.

This is where conventional military actions were supported by cyber-attacks, information warfare, and the use of “little green men”

Unmarked soldiers who created confusion and uncertainty on the ground.

Role of APT Groups in Hybrid Warfare

Russian APT groups play a vital role in the cyber dimension of hybrid warfare. They conduct cyber espionage, sabotage, and disinformation campaigns to destabilize and influence target nations.

Example: During the 2016 US presidential election, APT28 (Fancy Bear) and APT29 (Cozy Bear) conducted cyber operations to influence the outcome. These groups hacked into political organizations, leaked sensitive information, and spread disinformation, all as part of a broader strategy to sow discord and undermine confidence in democratic processes.

Key Russian APT Groups

Let’s take a look at several of the currently active APT groups.

APT28 (Fancy Bear)

Who They Are: APT28, also known as Fancy Bear, Sofacy, and STRONTIUM, is one of the most notorious Russian APT groups. Linked to Russia’s General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center military unit 26165, Fancy Bear has been active since at least 2004.

Targets: Government entities, military organizations, security firms, media outlets, and political entities worldwide, particularly in Europe and North America.

Operational Techniques: APT 28 is known for its spear-phishing campaigns, zero-day exploits, and advanced malware.

Technical Analysis:

Spear-Phishing: APT28 excels in crafting personalized spear-phishing emails that trick victims into opening malicious attachments or links. These emails often mimic legitimate communications, making them highly effective.
Exploits and Malware: They use a wide range of techniques and tools including ADVSTORESHELL, CHOPSTICK, JHUHUGIT, X-Agent and XTunnel, and numerous droppers in an attempt to steal passwords, collect data, capture screenshots, and log keystrokes. It also uses obfuscation and encrypted communication channels during data exfiltration.
This APT group used Android malware to target the Ukrainian Army’s Artillery. Allegedly leading to heavy losses of Howitzer D-30 artillery pieces.
See https://attack.mitre.org/groups/G0007/

APT29 (Cozy Bear)

Who They Are: Cozy Bear, also known as The Dukes, Nobelium and several others, is another heavyweight in the Russian APT arena. Believed to be linked to Russia’s Foreign Intelligence Service (SVR), Cozy Bear has been operating since at least 2008. Well known for the SolarWinds Compromise.

Targets: Primarily targets government institutions, think tanks, research organizations, and businesses, particularly in the United States and Europe.

Operational Techniques: Cozy Bear employs a combination of spear-phishing, credential harvesting, and sophisticated malware.

Technical Analysis:

Spear-Phishing and Credential Harvesting: Like Fancy Bear, Cozy Bear uses spear-phishing to obtain initial access. Once inside, they focus on credential harvesting to escalate privileges and maintain persistence.
Custom Malware: They use existing tools, windows commands and custom malware like SUNBURST, SUNSPOT, Raindrop, TEARDROP and the Dukes (MiniDuke, CosmicDuke, OnionDuke, CozyDuke) to perform reconnaissance, data exfiltration, and command execution.
See https://attack.mitre.org/campaigns/C0024/

APT44 (Sandworm)

Who They Are: APT44, also known as Sandworm, associated with groups such as Iron Viking and FROZENBARENTS. APT44 has been used heavily in coordination with Russian conventional military attacks in Ukraine.

In fact, they are responsible for many of the disruptive cyber operations against Ukraine over the past decade. Linked to Russia’s military intelligence wing, APT44 has been active since as early as 2009.

Targets: APT44 primarily targets businesses, especially those involved in the energy sector, and financial institutions in the United States and Europe.

Operational Techniques: They use a three-prong attack including Espionage, Intrusion and Psychological Influence campaigns, often employing a mix of spear-phishing, malware, and social engineering tactics. Their tactics have evolved over the years from cyber espionage to destructive operations.

Technical Analysis:

Spear-Phishing: APT44 uses sophisticated spear-phishing campaigns made up of emails with malicious Office documents infected with malicious macros.
Destructive Malware – They are behind some of the most destructive cyberattacks, including NotPetya and BlackEnergy. NotPetya was malware that contained basically two parts – the NSA’s Eternal Blue tool and Mimikatz. NotPetya was initially intended to damage Ukraine, but raced across the globe and caused an estimated $10 Billion in damages.
BlackEnergy is a Trojan used to perform DDoS attacks, cyber espionage and destructive information attacks. APT 44 used BlackEnergy to target industrial control systems (ICS) in government, media and energy companies worldwide. It was also used to shut down Ukraine’s power grid in 2015.
They also used CaddyWiper, a malware tool known for its ability to work alphabetically through target system drive and overwriting all files.
See https://attack.mitre.org/groups/G0034/

GAMAREDON

Who They Are: GAMAREDON, also known as Trident Ursa, Primitive Bear and Shuckworm, is a cyber espionage group linked to Russian intelligence (FSB Center 18). They have been active since at least 2013 and are known for their persistent and targeted attacks. According to the EU CERT, they are currently the most prolific actor in the Russian war against Ukraine

Targets: GAMAREDON primarily targets Ukrainian government institutions, military organizations, and critical infrastructure.

Operational Techniques: Their operations are characterized by phishing, malware deployment, and sophisticated command and control infrastructure.

Technical Analysis:

Phishing Campaigns: GAMAREDON employs phishing emails with malicious attachments or links to deliver their malware. These emails are often tailored to the victim’s profile to increase their effectiveness. They use techniques like fast flux DNS and DNS Bypasses to make analysis more difficult.
Malware: They use a variety of malicious email tactics, including malicious office macros, zipped attachments, GitHub downloads and droppers. These tools allow them to remotely control infected systems and extract valuable information. See https://attack.mitre.org/groups/G0047/

GOSSAMER BEAR

Who They Are: GOSSAMER BEAR is a Russian FSB APT group with a focus on cyber espionage. They have been active since at least 2014 and are known for their sophisticated targeting and malware use.

Targets: GOSSAMER BEAR targets government agencies, military entities, and think tanks, primarily in Europe and the United States, with a focus on Ukraine.

Operational Techniques: Their methods include spear-phishing, malware deployment, and exploiting vulnerabilities in software.

Technical Analysis:

Spear-Phishing and Exploits: GOSSAMER BEAR uses well-crafted spear-phishing emails to deliver malware. They often exploit zero-day vulnerabilities to gain initial access to networks.
Advanced Malware: GOSSAMER uses tools designed for data exfiltration, remote control, and system manipulation, allowing them to maintain a persistent presence on targeted networks.

How They Function: The Anatomy of a Russian APT Operation

Russian APT operations are characterized by their meticulous planning, resourcefulness, and adaptability. Sometimes they are used alongside kinetic attacks as seen in Ukraine and other Countries. Sometimes they are used in retaliation attacks (Ex. In response to Sanctions).

Sometimes they are used in espionage or influence campaigns. They usages can very, but many times their techniques and procedures are the same. Let’s break down the general modus operandi of these groups.

Initial Access

Spear-phishing remains the go-to method. By sending emails that appear legitimate, attackers trick targets into downloading malicious attachments or clicking on harmful links.

Establishing Foothold

After gaining initial access, APT groups establish a foothold by deploying malware and backdoors.

Command and Control (C2)

Secure communication channels are set up between the compromised systems and the attackers’ command and control servers.

Lateral Movement

Attackers move laterally within the network to compromise additional systems and gather more intelligence.

Data Exfiltration

Data is collected and exfiltrated from the target network back to the attackers.

Covering Tracks

Advanced APT groups employ various methods to cover their tracks, making it difficult for defenders to trace their activities.

Defensive Strategies: Building a Strong Cyber Defense

Understanding how these APT groups operate is the first step in defending against them. As many of their attacks are standard phishing or common direct attacks, standard defensive strategies are a good tactic for securing against these threats. Here are some practical strategies to bolster your cyber defenses.

Comprehensive Threat Intelligence

Strategy: Invest in a robust threat intelligence program to stay ahead of emerging threats.

Implementation: Regularly update threat databases with the latest indicators of compromise (IOCs) and share intelligence with other organizations to build a collaborative defense.

Multi-Factor Authentication (MFA)

Strategy: Implement MFA to add an extra layer of security, making it more difficult for attackers to gain unauthorized access.

Implementation: Require MFA for all user accounts, especially those with administrative privileges, and ensure that MFA methods are robust and secure.

Network Segmentation

Strategy: Divide the network into smaller, isolated segments to limit the spread of malware and unauthorized access.

Implementation: Use VLANs, firewalls, and access controls to enforce segmentation, ensuring that critical systems and sensitive data are protected.

Endpoint Protection

Strategy: Deploy advanced endpoint protection solutions to detect and prevent malware infections.

Implementation: Don’t trust in just anti-virus alone, intelligence security products are much better at detecting and stopping advanced attacks. Use Next Generation Firewalls (NGFWs), anti-malware, endpoint detection and response (EDR) tools to monitor and protect endpoints from sophisticated threats.

Regular Security Audits

Strategy: Conduct regular security audits and penetration testing to identify and address vulnerabilities.

Implementation: Engage third-party security experts to perform thorough assessments and provide recommendations for improving security posture.

User Training and Awareness

Strategy: Educate users about cybersecurity best practices and the dangers of phishing.

Implementation: Regularly conduct training sessions and phishing simulations to keep employees vigilant and aware of potential threats.

Conclusion

Russian APT groups are sophisticated, persistent, and deeply intertwined with the nation’s broader hybrid warfare strategy. By understanding their tactics and implementing robust defensive measures, organizations can better protect themselves against these formidable adversaries. In the ever-evolving landscape of cyber warfare, vigilance and preparedness are key to staying one step ahead in the digital shadows.

Sources

https://flashpoint.io/blog/russian-apt-groups-cyber-threats/

https://attack.mitre.org/groups/

https://home.treasury.gov/news/press-releases/jy1962

https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/

https://services.google.com/fh/files/misc/apt44-unearthing-sandworm.pdf

Long Range Hacking with LoRa

LoRa or Long-Range wireless is an extremely long range, low bandwidth communication protocol that allows you to send data packets at ranges that far exceed standard WiFi. In this article we will see how it could be used to create a long-range hacking platform.

Introduction

In the ever-evolving landscape of cyber security and hacking, researchers and security professionals are constantly exploring innovative techniques to push the boundaries of what is possible. One such area of exploration is the utilization of Long-Range (LoRa) wireless technology for security and defense purposes.

For example, Russia is using LoRa to help make their new drones GPS jam proof. This same tech could be used to extend the reach of hacking platforms beyond the limitations of traditional WiFi networks. This article delves into the creation of an Extended Range Hacking Platform leveraging LoRa, offering a unique perspective on the potential applications and implications of this emerging technology usage.

For several years I pondered about using LoRa in a long-range hacking platform. Something that wasn’t cellular, or relied on cell towers, but something that would extend pentest drop box range or P4wnP1 ALOA from the short range of WiFi signals to something that you could control from a block away, or maybe a mile or more.

The Problem with WiFi Hacking – Range

It’s a popular Red Team tactic to park in a parking lot and use long range WiFi antennas to try to access internal systems in an office building. Everybody is doing it now, even Russian spies! I remember seeing a photo of a car used in an espionage attack where Russian operatives hid long range WiFi antennas in the trunk of a car and sat in the parking lot of a target.

The problem with WiFi is range. Yes, you can extend it with Yagi and directional antennas, but at the end of the day, the limit is still range.

Another technique is to use “hacking” drones and fly them near or land them on top of a target building in an attempt to hack into the target’s WiFi system. Yes, it is effective, but what happens if you lose your drone on the roof? Say, it lands and for some reason you can’t get it to take off again?

That could get expensive quick! And it is also one of the reasons why I stopped using my NetHunter phone on my drone. After a couple unpredictable New York wind crashes, I figured losing a cell phone really wasn’t worth it!

Enter LoRa

LoRa isn’t hobbled by the very short ranges of WiFi. With the right antennas and power level tweaking, you can reach up to 20kms in open air!

Two LoRa Devices with Long Range Antennas

As mentioned before, the shortfall of LoRa is Bandwidth. Lora is perfect for sending small packet of information. So, it is perfect for say, an off the grid survival communication device. In fact, LoRa is used for exactly this. You can find many text-based survival comm devices that use LoRa. But if you are looking to stream live video this isn’t the solution for you.

My LoRa Hacking Platform

I always felt you could use LoRa for hacking, over my last vacation I realized I had all the parts I needed and gave it a go!

The Parts:

Adafruit LoRa Radio with OLED Bonnet @ 915MHz – https://www.adafruit.com/product/4074
Pi 0 W or Pi 0W 2, I used the original Pi 0 W
IPX to RP SMA Female IPEX Connector RF Pigtail Mini PCI e WiFi Antenna Cable
Long Range Antennas

Raspberry Pi LoRa device with Antenna Connector

Using Raspberry Pi 0w’s, the Adafruit LoRa Pi Zero Hat, and the Adafruit LoRa tutorial, I was able to work quickly through the basic, “Hello World” transmissions. Next, using AI to create my code, I was able to send terminal commands from one Pi Zero to the other.

Once I could send terminal commands, I was able to quickly go from just running the “ls” command to view a directory listing of the other Pi, to commanding it to run nmap against local targets and even having it kick of an automated WiFi scan that automatically scanned and attacked any area WiFi networks!

In the screenshot below – The first Pi is telling the second Pi to run Besside-NG using the wlan1 (using an extended range Alfa WiFi USB WiFi adapter – not shown)

How do you actually make this work? Every LoRa board is a little different. See the manufacturers website for the LoRa board that you have and follow the instructions. An abbreviated set of the steps I took for the Adafruit board follows.

Quick Instructions

Installing:

Download and burn that latest Pi OS Lite to your Pi 0w. I used the 32-bit version- https://www.raspberrypi.com/software/operating-systems/

Edit/Create the 4 boot up files before you boot the card

https://learn.adafruit.com/raspberry-pi-zero-creation/text-file-editing

userconf.txt – create the Pi user

config.txt – Enables devices

ssh – Empty file, enables SSH

wpa_supplicant.conf – setup your WiFi

Insert your card in the Pi and boot it up
“sudo nano /etc/default/keyboard” – Set your keyboard to “us”
“sudo nano /etc/wpa_supplicant/wpa_supplicant.conf” if wifi doesn’t connect add it manually
If you only want to use IPv4

sudo nano /etc/sysctl.conf

add “net.ipv6.conf.all.disable_ipv6=1”

Set Auto Login

To enable Auto-login run:

sudo raspi-config

Choose option: 1 System Options Choose option: S5 Boot / Auto Login Choose option: B2 Console Autologin Select Finish, and reboot the Raspberry Pi

Install Blinka – Adafruit’s Circuit Python

https://learn.adafruit.com/circuitpython-on-raspberrypi-linux/installing-circuitpython-on-raspberry-pi

Install the Lora Software and Virtual Environment

https://learn.adafruit.com/lora-and-lorawan-radio-for-raspberry-pi/rfm9x-raspberry-pi-setup#

*Don’t use sudo for the pip commands

Create and run the Radio command. If it detects the radio, you should be all set!

Creating your First Code

https://learn.adafruit.com/lora-and-lorawan-radio-for-raspberry-pi/sending-data-using-a-lora-radio

Enter the code from this website and if it sends and receives packets between the two, congrats, it’s working!!

Creating Code with AI

Now that we have the devices communicating, we can start to create our own code.

Enter the virtual environment, “source env/bin/activate”

Create your send and receive code. I used ChatGPT for all of my code. I just had to tell it that I was using the RFM95 Adafruit OLED bonnet and then explained in detail what I wanted it to do.

I needed it to send a terminal command from the sending Pi and then execute the command on the receiving Pi. ChatGPT instantly created the code I needed I just had to change the import commands and variable settings to the ones from the code from Adafruit’s site and it worked perfectly!

I started simple, I had it send an “ls” command with one button push, and then a “Hello World!” echo statement with the second button.

Remote WiFi Scanning and Testing with Besside-NG

Tool GitHub: https://www.aircrack-ng.org/doku.php?id=besside-ng

We can go a step further

Install aircrack-ng:

sudo apt install aircrack-ng

Then I programmed button 3 to send “sudo besside-ng -W wlan1” to the receiving unit.

Here is a snippet of my sending code:

The receiving system displays what command is being run on the OLED and the terminal, then saves the output of the file to the drive with a time date stamp.

Below is a terminal view of both Pi’s:

As you can see in this test, the sending system sent three commands, “ls”, “Hello World!!” and then the command to start scanning the WiFi for targets. The LS command actually performs a directory list and stores it as a file. Once the third button was pushed, the WiFi attack button, you can see that the receiving machine not only successfully scanned WiFi networks near it, but was able to obtain a handshake key from a target WiFi network!

Let’s Go Long Range!

For a better test, I put the sending and receiving units about half a mile apart. In this scenario the attacker could leave the receiving unit in a target area and be a half mile, or more away and still successfully send commands to it. There was dense woods and a large industrial building between the two units.

They communicated perfectly, and on command, the receiving unit started scanning for WiFi Networks. Even though the two systems were half a mile apart, it was as if I was entering terminal commands on the receiving one from an attached keyboard.

The Next Steps

This is just the beginning; with this setup one could create their own code and use the hacking platform in many different ways. One way, which is being implemented by a good friend, is using it on a drone platform. LoRa will communicate for very long distances over open air, so drone is naturally the platform of choice.

But it could be used in many different ways, only the imagination is the limit.

Conclusion

The article presents a compelling case for the incorporation of LoRa technology into hacking platforms, demonstrating its capability to transcend the range limitations of WiFi-based solutions. By leveraging off-the-shelf components and using AI tools for code development, the author showcases a functional LoRa-based system that can execute remote commands and initiate WiFi network attacks from substantial distances.

While the low bandwidth nature of LoRa restricts its use for data-intensive applications like video streaming, its long-range capabilities open up new avenues for covert and remote hacking operations. The integration of this technology with drone platforms further amplifies its potential, enabling a new level of stealth and remote hacking possibilities.