If you haven’t heard already about Jasager.. well you probably don’t read this blog, but for those who want to know a bit more about the history of Jasager - Karma on the Fon, where the project is now, and where it’s headed, then buckle up, and hang on while we first travel down memory lane.
The time was ShmooCon 2006. It was my very first “HACKER” convention. I was there with my buddies from Hak5 and SploitCast. I just so happened to sit in a talk by Dino (A. Dai Zovi). He was talking about Karma, his project that basically sat in the middle of wireless connections and instead of picking out the special bits directed his way, Karma accepted and responded to them all. I was in love, no not with Dino, but the project. I wrote theta44.org in my notebook and continued on with the craziness that is any con. Having no money to invest in a wireless card that could handle Karma that page with theta44.org kept hounding me.
In early 2007, boxgamex (a gentlemen from the Hak5 community) sold me a little Fonera router. What’s the first thing I did? Hack it, put OpenWRT and DD-WRT on it. But one day that page in my notebook showed up again and reminded me of Karma. I looked on Dino’s page and was appalled to find that the project hadn’t gone anywhere. Did no one see the potential that this project had? Putting 2 + 2 (=5) I decided to put Karma on the Fon for an ultra portable wifi attack tool. Well, I am by no means the Killer Coding Ninja Monkey that either Dino or Robin Wood are. I scripted my way into it working for one target at a time. The problem? I did all the work on the Fon. You can see where this is going. At DEFCON 15, I brought my scripted up Fon to test it out in the shark infested waters (Wall of Sheep addition?). Got excited to be there, booted the Fon up in my room, connected to the Fon and change a setting. The Fon bricked. No proof that I had done anything, didn’t even get the chance to test it out.
I explained what had happened to my friend Darren Kitchen, and the project really sparked in him. He talked to the Killer Coding Ninja Monkey that I mentioned before Robin Wood, and before you know it, the project was renewed under a new name “Jasager”, and this time with a better hand at the wheel.
Enough of the history lesson, lets get some information.
Here is the home page of Jasager: http://www.digininja.org/jasager/index.php HINT: Digininja’s main site, while lacking style has some things that you also want to check out. (digininja.org)
If you like reading, here is Darren’s blog post on how to get Jasager going: http://www.darrenkitchen.net/jasager-step-by-step-unlocking-install-guide
If you are more of a visual person, check out episode 405 of Hak5: http://www.hak5.org/episodes/episode-405
And if you have problems or want to discuss options and configurations with other Jasager http://hak5.org/forums/index.php?showforum=49
Back to the Furture:
MITM attacks on computer systems have been around since the dawn of time. The natural (rapid) progression of security attacks made it guaranteed that MITM would hit Wireless just as hard. If you have ever talked on a CB Radio, you know the frustration when the kids with the high powered antenna start playing the Mortal Kombat soundtrack over the CB without letting up. This is a simple example of how Jasager works. It gets in the middle of wireless communications. How do you protect against something like that? I don’t know. I don’t believe that there is a protection for Jasager or Karma (again, released in 2006). Where is Jasager heading? I think that adding the functionality of Karmetasploit (H.D. Moore’s project) to a portable device and then maybe shipping that device like the guys over at Errata Security did with an iPhone, would be one dangerous route. Or puttying it in a box like Richard Mogull did. Or in a wall like Larry Pesce did.
To the future? What if I could put this whole project on a USB stick that didn’t do anything but draw power so it could run Jasager + Karmetasploit? Maybe running it on the NeoPwn? The possibilities are endless with this project. For all those feed readers out there, you can keep up with the latest and greatest form Robin Wood and the Jasager project via their RSS feed.
http://www.metasploit.com/dev/trac/wiki/Karmetasploit Dino’s Link: http://blog.trailofbits.com/ Dino’s Twitter: http://twitter.com/dinodaizovi Karma’s Links: http://blog.trailofbits.com/karma/ Boxgamex’s Link: http://twitter.com/boxgamex