406 Not Acceptable

It looks like the N900 may become a network security/hackers dream phone! First aircrack, now Nmap; hopefully, we can get kismet, metasploit, air-pwn, and friends up and running on the device in the near future.

Installing Nmap is a breeze, the program is located in the extras-testing repository. I believe it is under ‘network’ in the application manager, but it’s faster to simply search for the program. To run this program, you will have to use the X terminal and simply type nmap – the application will then report a LOT of options! It’s best not to try and crash out of a scan on the N900 using CTRL+C as the x terminal will no longer accept any keyboard commands until you close it. I guess that is one reason why Nmap is still in extras-testing!

Here is the result of a basic scan, you don’t need to be root for this one; but you do for a number of options. For a basic scan you simply need to type nmap <target ip> . In the example, I had to use option -PN to find the machine; this treats all hosts as online and doesn’t bother checking if it is alive.

Nmap is typically used to find available ports/machines and the operating system (option -O) before running other tools to attempt to exploit the open ports. It’s also a nice way to check your router is doing what it should be!

For a comphrensive list of the options and more information on how to use Nmap, please see the official manual pages.

It seems there are a number of issues with Aircrack on the N900. Whilst you can sniff packets and sometimes injection may be successful; many other features do not work.

This looked to be an early success for the the N900. Sadly, aircrack is not that useful at the moment. As it sees every network as being on channel 6. Airodump-ng does not work on the latest SVN version; unless you are actually connected to the network (which renders it pointless.)

Before I go testing other utilities on the N900 I really need to flash my device. For no apparent reason I did not get the PR1.01 update pushed to my device; so I have had to make do with a manual update using apt. This has left my N900 in a weird state. All my applications are working with PR1.1 features (e.g. rotation, Ovi store) but my device reports as using PR1.0

I am really starting to love the N900!

I have been playing outside of the maemo repositories and decided to give everyones favourite ’security’ program Aircrack (aircrack-ng) a go. After setting up a debian repository from an official mirror installation was easy via the command line, a simple sudo apt-get install aircrack-ng.

Once installed, you cannot use the program straight away. This is because your wireless card will already be in use, or have been set up for ‘Managed mode’ where the operating system deals with setting up wireless networks. To get out of this, and into Monitor mode, you will need root access and go through the following commands:

root

ifconfig wlan0 down

iwconfig wlan0 mode Monitor

ifconfig wlan0 up

If you wish to use a different mac (useful when doing a fake auth,) go through the same process but instead of setting monitor mode use macchanger (e.g. macchanger mac=11:22:33:44:55:66). You can now use monitor mode and aircrack in all it’s glory! See the following for an injection test:

I crashed out early, due to my battery being on its last legs!

This is the result of a dump, the command used here was airodump-ng wlan0 -c 6

As you can see the N900 captured my WPA handshake, so I could crack my own WPA network; but that would be silly!

Airodump running on the N900: hope you like my faked mac address!

So aircrack looks like it can simply be moved to Maemo-extras (devel or testing.) It just needs more testing to check if inject is really working. My N900 had been up for 48 hours at this point, so didn’t wish to comply with testing