PDAs as Hacker-Swiss-Army-Knives

PDAs as Hacker-Swiss-Army-Knives
by Domonkos P. Tomcsányi
Hacktivity, 2010 - Budapest
Intro or What the heck is this about?
• PDAs and smartphones are getting smarter and
more common today
• They are potential risks in two ways:
▫ a; The owner stores all his/her personal data
on a handheld device, which could be
compromised (stolen, lost, remotely hacked –
via Bluetooth for example)
▫ b; The PDA itself could be used for hacking ->
this is what I am gonna talk about
How?
• Most of the tools we use for hacking are free and
open-source, but written for Linux
• PDAs usually run a mobile version of Windows
• Some people managed to port the Linux kernel
to some of the devices on the market, which
opened the way for hacking
History of porting Linux to Handhelds
• The beginning: Andrew Zabolotny created
HaRET, HANDHELD REVERSE ENGINEERING TOOL,
which runs on Windows Mobile/Windows CE
• HaRET is capable of running as a Telnet server
and showing developers many useful
information about the device (memory adresses
for example)
• But it could also load a kernel image, functioning
as a bootloader
History of porting Linux to Handhelds
• Handhelds.org project (supported by HP)
started porting, first 2 devices that achieved
good Linux support were
• HTC Blue Angel and HTC Universal
How?
• Distributions appeared for specific devices, later
more general versions were developed
• Once we got the kernel it is pretty easy, since the
devices are ARM based which means everything
is described in standards
Distributions
• Device specific: Titchy Linux (special packages
and daemons to ensure fluent Linux experience
on the HTC Universal)
• Universal:
 Jlime (for HP Jornada/NEC MP900C)
 Zubuntu (Ubuntu for Sharp Zaurus)
 Rhobuntu (Ubuntu ARM for HTC Diamond,
Touch Pro, Diamond2, Touch Pro2, HD2)
Then came….
Let’s talk a little bit about Android
• Android is Google’s fancy, free and open-source
operating system for smartphones, gadgets, etc.
• It is pretty simple:
Why is it important?
• LINUX KERNEL
• Many developers started porting Android to
older devices, which ultimately led to working
Linux kernels for the certain device
What devices?
• There are two types of devices:
• Devices which originally wasn’t able to run
Linux, but it was ported to them:
 PDAs and smartphones: HTC Universal,
HTC Kaiser, HTC Touch Pro2 and many
others
 HandheldPCs: HP Jornada, NEC MobilePro
900c
What other devices are capable of
running Linux?
• Commercial devices that have Linux as default
OS on them:
 Old Sharp Zaurus series
 Nokia Internet tablets (N800, N810 and
the new N900) have Maemo
 More devices expected: Nokia and Intel
partnered up, their new system is Linux
based: MeeGo
Why would you run Linux on a PDA?
• You can get your device „opensourced”
• It could be faster, than Windows Mobile
• Linux could also be useful for people using
special applications, which are not available for
Windows Mobile…for example H.A.C.K.I.N.G.
Why would you hack with your PDA?
• First and foremost: Immunity Inc. released an
ARM tablet-kind of thing with WiFi hacking and
penetration testing capabilities
SILICA
There is only one problem…
• Its price:
$ 3 600
So?
• Well, there has to be a cheaper solution for this,
right?
Still why?
• Imagine going anywhere with a complete
hacking toolkit in your pocket
• It is much fun!
The devices
• First of all: the HTC Universal, featuring a 520
MHz Intel PXA processor, 128 MB of RAM (I
soldered plus 64 MB into it), GSM, WLAN,
Bluetooth, SD card slot, VGA touchscreen, full
QWERTY keyboard, TitchyLinux (Debian based
special rootfs for the HTC Universal), kernel
2.6.21
The devices
• Second of all: the HTC Kaiser featuring a 400
MHz Qualcomm CPU, 128 MB of RAM, GSM,
3G, WLAN, GPS, Bluetooth, microSDcard,
QVGA touchscreen, full QWERTY keyboard,
running a special version of Ubuntu called
KaiserBuntu (porting started just some time
ago), kernel 2.6.25
The devices
• Third of all: the HTC Touch Pro2, featuring a
528 MHz Qualcomm processor, 288 MB of
RAM, GSM, 3G, HSDPA, WLAN, GPS, WVGA
touchscreen, full QWERTY keyboard, running a
specialized version of Ubuntu-ARM called
Rhobuntu, kernel 2.6.27
The devices
• Last but not least a special HandheldPC, the really
rare NEC MobilePro 900c, featuring a 400 MHz
Intel PXA processor, 64 MB of RAM, USB host,
PCMCIA 16-bit slot, phone-modem, CF card slot,
HVGA touchscreen, full QWERTY keyboard, VGA
out, running the only distribution for HPCs: Jlime,
kernel 2.6.24/2.6.19
Live DEMO
• Wireless (WEP) hacking with the NEC
MobilePro 900c
• Metasploit exploit (from yesterday’s
presentation) running on the HTC Touch Pro2
Live DEMO
• Wireless (WEP) hacking with the NEC
MobilePro 900c
Cracking
the
WEP key
(aircrack-ng)
Live DEMO
• Metasploit exploit (from yesterday’s
presentation) running on the HTC Touch Pro2
VICTIM
Running Metasploit
WEP-key already known
Future of this
• Near future: HTC Kaiser WiFi driver will be
fixed, so the Kaiser will be the first really
portable ARM based Hacking Device
Later…
• More powerful handhelds will appear, cheaper
• Hacking on your PDA will become faster and
more common
This could be reality soon…
Before questions, I would like to…
• Say THANK YOU for all these people who
helped me a lot:
• My friend, Manó Molnár who contributed to
the presentation
• Developers: first Kristoffer Ericson creating
Jlime and porting the 2.6.19 for the mp900c
(ONLY because of this presentation!)
All the developers working on the Rhobuntu,
metasploit, Android on HTC projects
Any questions?
Thank you for your attention!