This adventure starts out at Shmoocon, Grifter talked me into going even though at the time I didn’t have a pass and was 299 miles away. Luckily someone had an extra and hooked me up!
Additionally, I was lucky enough to be talking with Darren Kitchen from Hak5 about my previous years DEF CON Wireless Monitoring Project and told him that I wished I could create a system that didn’t have to channel hop since nearly all of my data had fragmented frames. From our discussion we came up with the idea of the WiFi-Cactus using a ridiculous number of Pineapple Tetras. Two weeks later 2 boxes showed up at my house with 40 Pineapple Tetras, Hak5’s sponsored contribution to the project. It was time to go to work.
The first roadblock came when I wanted to have the Tetras each rotated 90 degrees from each other. Each Tetra has 4 antenna, 2 on each side of it. If you stack them on top of each other and try to move the antennas vertical they interfere with each other. The solution was to rotate each Tetra by 90 degrees. The problem is that they were not designed to be stacked this way. The feet wouldn’t be touching the unit below it. Additionally stacking Tetras this way makes it extremely difficult to support them. My friend Austin came up with a way to create 2 channel plastic rails that would hold the units in place. He designed and machined the base frame which would secure all of the devices.
The next challenge was software. Also at Shmoocon I met Dragorn the author of Kismet. He showed me the bleeding edge of Kismet which had a web-based dashboard and tons of new features. We began to collaborate about my project and how to accomplish it. I couldn’t have done this project without him!
Once the WiFi-Cactus was assembled and working, it was missing something… the ability to be mobile. I brainstormed with my friends Bryan and Henry and we came up with the idea of mounting it to a backpack frame. At this point we had run out of time to order anything online. I went to a local sporting goods store and found the perfect frame. Bryan and I spent the next few nights attaching the WiFi-Cactus to the frame.
Lastly, we had to put lights on it and what better to use than Adafruit Neopixels. There is something about adding Neopixels to a project that enhances its awesomeness!
What does it do you ask? According to CNet’s Alfred Ng, its “a goofy but terrifying device…” I was very excited to get the mention in his article! The main goal of this device is to passively listen on 50 channels in 2.4Ghz and 5Ghz at the same time without channel hopping. Each individual radio is acting as a remote capture device to the Kismet server session running on the Intel NUC. During my demo lab I showed the crowd 50 wireless capture devices active at once which saw 14k wireless clients active in the vicinity of my demo.
The hardware was made up of the following:
- 25 – Hak5 Pineapple Tetras (Sponsored by Hak5)
- Intel NUC (7th Gen Core i5-7260u, 16GB Ram, 250 GB Samsung NVME)
- 2 – Cisco 16 Port Switches (10/100 Mbps)
- ABI 12v 500W power supply
- Binzet DC 12v to 5v 10A converter
- Arduino Micro
- Adafruit Neopixels Strip
- Custom milled aluminum plates and custom milled plastic rails
- Backpack frame
- 30 Amp-hour lead acid battery and box
It blew me away how excited everyone was by this project. I was constantly being asked about the project and if they could take pictures of it.
I also had the opportunity to do a few interviews which can be found here:
- This guy hunted Wi-Fi hackers using a giant backpack made out of radios
- #WiFiCactus: When You Need to Know About Hackers #WearableWednesday #defcon #wearabletech #DIY
- I play the security odds in Las Vegas by rolling the Wi-Fi dice
- @SwiftonSecurity tweeted a picture of my cactus!!
- WiFi Cactus? DEF CON 25 – Hack Across the Planet – Hak5 2220
The photos below are credited to l34n who took them.
I am very thankful for the support of the DEF CON community and everyone who made this project successful! Thank you for coming to my demo lab and for stopping me in the halls to ask questions! Thanks to the BlackHat NOC team (especially grifter, stumper, l34n, caesar, and everyone else I’m forgetting) who let me hang out! Thanks to the organizers and volunteers of DEF CON (especially kampf, supertechguy, Luiz, and NOC staff) where something like this can be presented and encouraged! Thank you all for such an EPIC SUMMER CAMP!! <3