The thing about the iPod Touch and the iPhone is that they are
great portable hacking devices. To the naked eye the iPod Touch/iPhone
looks like nothing more than an ordinary mp3 player/cellphone however
that is just an understatement to its full potential. Once your iPod
Touch/iPhone is jailbroken you have access to your whole file system
meaning that applications generally associated with
laptop/desktop hacking can be ported and used on the iPod Touch/iPhone. This opens up a whole lot of possibilities for
network sniffing, port scanning and much much more! In this
tutorial we are going to take a look at one of these programs called
Pirni.
What is Pirni?
Pirni is an
application that was ported to The Ipod Touch/iPhone to be used as a native network
sniffer. Pirni is so useful because it gets past the iPod
Touch’s/iPhone’s wifi hardware limitation of not being able to be set
into promiscious mode (a mode that allows a network device to intercept and read each network
packet that arrives in its entirety). To get past this limitation
Pirni comes with an ARP spoofer that successfully routes all the network
traffic through your iPod Touch/iPhone, records it to a dump file and
then uses packet forwarding to send it to it’s normal recipent (ie. the
router). What this basically means in simpler terms is that all the
traffic on a specific network comes through your iPod Touch/iPhone before it reaches the router. This meaning that if we sniff the network long enough, another user connected to the network could enter in an unencrypted password and you could then retrieve that password after looking through your dump file.
Using Pirni
Pirni is an application that does not have a GUI (Graphical User
Interface) and it requires a program called Terminal to run and be used.
Terminal is basically an application that allows you to give your iPod
Touch/iPhone simple commands. Below I am going to go through the steps
of installing and using Pirni… **
Note this is a technical tutorial and is not recommended for users new to computers. Please also note that this tutorial is for educational purposes only. It is illegal to sniff a
wireless network that is not your own. Use and Follow this Tutorial at your own Risk.
Step 1) - The first thing you are going to
need to do is install a program called Mobile Terminal on your iPod
Touch/iPhone. This program is available through cydia, so open up cydia
and type in terminal into the search tab. Once you find Mobile Terminal
on your search Results install it to your iPod Touch/iPhone.
Step 2) - Once you have installed terminal the next application
you are going to install is Pirni. Type pirni into the search tab and
once it appears on your search results click it and install it to your
iPod Touch/iPhone. Once Pirni installs you will have installed
everything you need to begin sniffing wireless
networks…
Step 3) - Before you launch terminal and begin sniffing you will need a few pieces of information on your wireless network; the network’s
ip address and the router’s ip address. You can find out this
information by launching Settings and clicking Wifi then clicking on
the arrow next to Your wireless network’s Name. Once you find the
information you are looking for which is the IP Address and the Router
IP Address write it down on a piece of paper so you remember it.
Step 4) - Now that you have the required
information you are ready to begin the process of sniffing with Pirni.
The first thing you need to do is open up Terminal; so do this now by
finding Terminal on your springboard and clicking it to launch it. **Note Terminal sometimes takes a few times to actually load. If you click the Terminal application
and it opens and closes then simply click it again until it fully
launches. Once you get Terminal up and Running you are going to need to
login as a a root user to gain full access to your iPod Touch/iPhone.
Type in the following commands and please note they are all case sensitive so copy them exactly as shown…
su
alpine (alpine is the default password. If you have not changed your password then use alpine)
Once you have gained root access continue to step 5…
Step 5) - Once you are logged in as the
root user you can begin using Pirni. To initiate Pirni you are going to
need to enter in a line of commands replacing whats in
red with your network specific information.
-s: Specifies the IP-adress you want to spoof, this is where the Router IP Address goes.
-d: Specifies the target you want to perform MITM on, this is where the IP Address of your network goes.
-f: Specifies the Berkley Packet Filter so that
pirni only collects interesting packets. This is very good if you want
to filter out specific packets – such as FTP, SMTP or HTTP. If no -f
options is supplied, all packets will be captured.
-o: Specifies the dumpfile where all the collected
packets end up. This is a pcap dump format, that most traffic analyzers
can handle.
|
iphone4s:~ root# more get.sh
pirni -s 192.168.1.1 -o log.pcap
pirni -s 192.168.1.1 -d 192.168.1.189 -f "tcp dst port 80" -o log.pcap
pirni -i en1 -s 192.168.1.1 -d 255.255.255.0 -o log.pcap
iphone4s:~ root#
|
Once you enter the Commands Pirni will initiate and begin collecting
packets. A packet is a formatted unit of data carried by a packet mode
computer network.
For example, every Web page that you receive comes as a series of
packets, and every e-mail you send leaves as a series of packets. Pirni
collects these packets and records them into a readable dump file that
can be analyized at a later date on your computer. In order for Pirni to
collect something interesting you are going to need to visit a website
that doesnt use an ssl encrypted connection. Leave your iPod Touch or
iPhone alone collecting packets and go to a website that doesn’t use an
ssl encrypted connection and login to that website. An example of this
kind of website would be
Hawkee.com
this website does not use an ssl encrypted connection while handling
logins. If you want to test out Pirni to see if you can get a password
register an account up with
Hawkee.com and login to
your account while you are sniffing your network. Once you are done scanning the network drag your finger across the screen in a diagnol
direction and this will stop pirni correctly. **Note it is important to close pirni this way to avoid errors while analyzing your dump file later on.
Analyzing your Dump File
Now that you have sniffed the packets on your network you now have to
analyze the dump file created by Pirni. To do this you will need to get
the dump file off your iPodTouch/iPhone by using a program called
Winscp.
This program allows you to access the files on your iPodTouch/iPhone.
To use this program you will need two things; open ssh installed on your
iPodTouch/iPhone and Winscp installed on your computer…
Step 1) - Download openssh to your
iPodTouch/iPhone by going into Cydia and typing in openssh into the
search panel. Once you see openssh on the search results click it and
install open ssh. Once open ssh has been installed exit cydia and
continue to step 2…
Step 2) - The next thing you need to do is install a program called winscp to your computer. This program will allow you to take files off your iPod Touch/iPhone with an easy to use GUI (Graphical User Interface).
Once Winscp
Downloads to your computer install it by following the easy to use steps of the installer…
Step 3) - Once Winscp has finished
installing double click the winscp.exe to launch the program. You will
be presented with a window like the one depicted below…
Once you get Winscp up and running you are going to need to enter in
some information into Winscp. The first thing you need to enter is the
Host name which is your networks IP Address. This is the Address that you wrote down earlier you can find it inside Settings > Wifi >Your Network Name Tab. The next thing you need to enter is the
Username this
is always left as root. The last piece of information you need to enter
in is the password the default password if you haven’t changed it is
alpine. If you have changed your password then enter your current
password in the password field now.
Once you enter in the required information click the Login Button.
The first time you login it will take awhile to load just be patient and
wait it can take up to five minutes. The first time you login you will
also get a warning message that will appear simply hit the ok button to
the warning message. When you succesfully login click the / button on
the top right hand corner of the screen…
Once you click the / Button (Which is the Root Directory Shortcut)
the next thing you are going to do is click the User file directory as
shown below. This is where all your dump files are saved and stored
through Pirni…
Once you are inside the User File Directory you should now see your
log file. Drag the Log file to your Desktop and then Exit Winscp as you
are now done using the program. Winscp is a useful program if you need
to access your iPod Touch/iPhones internal File Structure. Now that you
know how to use Winscp you can use this useful program anytime you want.
Step 4) - Now that your Log File has been
successfully transferred to your computer you are now going to need to
download an application that will analyze the dump file called
WireShark.
With WireShark successfully downloaded to your computer double click
the setup.exe and install it to your computer. When it asks you if you
want to install WinPcap click no because you will not need this
functionality while analyzing your dump file.
Step 5) - Now that WireShark is installed
double click the WireShark.exe on your Desktop to start the program.
Once the Program is up and running you are going to need to open your
log file. Click the Open Button in the middle of the screen and then
locate your log file which should be on your Desktop.
Once you locate your Dump file and load it into WireShark you will
now see a screen with a bunch of packets displayed. These are all the
Packets that you captured while you were sniffing your network. If you
have never seen packets before all of this information will mean nothing
to you and seem confusing. If you research a little bit online about
packets you will find these packets are a lot more interesting however
if you are new to this whole thing then the search tool will be your
friend. Click the Magnifying glass on the top of the screen and it will
bring up a search window.
Once the Search window comes up you will be presented with three
options Display Filter, Hex Value and String. Click the String Option
and then type in password into the search field and click the Find
Button. The Search Tool is a great tool to find interesting information
in your dump file. With the search tool it will quickly scan through all
your packets and will find a match to what you are searching for. It
defiantly beats looking through hundreds of packets till you find
something interesting. With the search tool you can simply type in
keywords that would be of interest to you like
password,username,login,email and it will try to find a match. **Note
not all dump files will contain interesting information like
passwords,usernames etc… It all depends on what users connected to the
network you are scanning are doing.
Once you click the find button you will be directed to the packet
that contains the password string or the string that you typed into the
search field. If you look at what is highlight you can see that you have
successfully found the username and password to your
hawkee.com
account. If this was performed on an unknown network you would have
successfully sniffed a password that you can then do what you want with.
WireShark is a very powerful tool for analyzing packets if you go to
their
Website you can learn a lot about packets and other analyzing techniques not discussed on this tutorial.
As you can see your iPod Touch or iPhone can be transformed into a
powerful password sniffing device. With Pirni you can have a powerful
password sniffing program hidden within your iPod Touch/iPhone. You can
have your morning coffee at starbucks while sniffing its wireless
network without anyone knowing or suspecting a thing. There are many
other useful hacking programs on the iPod Touch/iPhone, and I will write
more tutorials for programs like Ngrep and TCP Dump in the future if
enough interest is given. As always if you require any help with this
tutorial please feel free to post your questions/comments in the
comments section below.
