PLEASE READ both https://forum.openwrt.org/viewtopic.php … 97#p140797 and https://forum.openwrt.org/viewtopic.php … 23#p140623 for the most recent Piranha/AAP status update ~ last updated 110808
---

While the Piranha Project already has been around since 2008, I never officially introduced it to the OpenWrt forum yet. With the next generation release v4, I'd herewith like to change this and provide both an introduction and some basic documentation to interested people. Based on the OpenWrt Backfire 10.03 branch, Piranha v4 is released as date-tagged snapshot releases at http://piranha.pwnz.org/pub/v4/

So, what is the Piranha Project? Basically, it consists of two major parts.

Being an OpenWrt enthusiast myself, I started to write AAP (aka AutoAP) for OpenWrt Kamikaze in 2009. From my very own perspective and usage scenario, the unavailability of AutoAP has been a rather big drawback of the OpenWrt platform at that time. That said, AAP is by no means a fork of AutoAP but a re-write of its functionality from scratch while addressing its design drawbacks and extending its capabilities. Let me take the opportunity to list the major features of AAP in its current release v3 (just to mention a few of them, more detailed information is provided later on), also provided as date-tagged snapshot releases.

- utilizes OpenWrt Kamikaze Unified Configuration Interface UCI
- connects upon BSSID selection of surrounding networks
- supports to client connection to OPN, WEP, WPA-PSK and WPA2-PSK encrypted networks
- is capable to white- and blacklist certain APs
- connects to hidden SSIDs and networks with enabled Mac filtering
- utilizes Mac Changer to use a random Mac at each connection attempt
- logs to syslog and provides a convenient CLI user interface

And the second part? AAP (currently v3) along with an OpenWrt Backfire 10.03 system pre-configured in station mode with appropriate patches to madwifi, aircrack-ng suite pre-installed, CIFS share capabilities and several custom scripts for your convenience is clutched into a ready-to-use package, the Piranha firmware (currently v4). That said, it's in general possible to compile your very own OpenWrt distribution with AAP pre-installed, but it's incomparable more difficult than using the Piranha firmware as is, especially due to its compatibility with (and pre-configuration of) the official OpenWrt repositories.

Both AAP and the Piranha firmware are an Atheros only development! While it's imaginable to port it to other OpenWrt supported platforms as well, I'm currently not planning to do so due to the heavy reliance of AAP on wlanconfig and the opportunities of the madwifi drivers provided for aircrack-ng techniques.

Some cups of coffee later, I'll provide some basic documentation for both Piranha v4 and AAP v3 in a subsequent forum post. Stay tuned!

(Last edited by orange on 8 Aug 2011, 01:54)

Piranha v4 itself is an OpenWrt Backfire 10.03 system pre-configured in station mode and provided for Atheros devices only! Thus, there actually isn't too much to document from a firmware perspective besides the slight modifications to a default OpenWrt distribution. Piranha is, so to speak, an auto-connecting wireless hacking drone with aircrack-ng and AAP pre-installed while providing some basic functions for users' convenience. That said, this isn't the right place to showcase OpenWrt and/or the aircrack-ng suite as both of them are very well documented at their respective wikis.

For an explanation of CIFS share capabilities shipping with Piranha by default, I assume a host system with configured CIFS share "OpenWrt" at 10.0.0.165.

Furthermore, Piranha ships with two very simple custom scripts /bin/monitor and /bin/sta to easily switch the operating mode from sta to monitor and vice versa.

-----
AAP (aka AutoAP) for OpenWrt Kamikaze is an in-house development of the Piranha Project. Its current release v3 is herewith exclusively documented at the OpenWrt forum. That said, AAP v3 consists of a single shell script /bin/aap and its configuration file /etc/config/aap and thus is fully UCI configurable. AAP basically scan for surrounding networks and decides upon SNR and provided white- and blacklisting information to which networks to connect to and in what order (unencrypted networks are used without further configuration by default). Furthermore you can configure hidden SSIDs of certain networks and define valid Mac addresses AAP utilizes upon connection attempts to networks with enabled Mac filtering. AAP obfuscates its existence by using random Mac addresses upon each of its connection attempts. This is achieved with the Mac Changer package as a companion. Furthermore AAP provides various general configuration variables and toggles to adopt its operation to your specific usecase. AAP continuously verifies the connection to the connected AP and switches the network once the connection isn't alive anymore. To get a better understanding, I paste the default configuration file Piranha v4 ships with.

IMPORTANT UPDATE 100903: Due to the behaviour of the busybox built-in grep, it's very important to leave the dummy bssid sections in /e/c/aap (see above) as is. Please, just append your custom bssid sections (ONE per bssid) to it. Otherwise AAP may fail to properly "calculate" its connection attempt list

As you can see, the configuration file is in general divided into two major parts. A general AAP configuration (please ask if you have questions) and the configuration of the various BSSIDs it connects to.

- "key" defines the known key of a WEP, WPA-PSK or WPA2-PSK encrypted network. You do not need to tell AAP the respective encryption method as it extracts the information automatically out of its scan results
- "ssid" tells AAP the known SSID of a hidden network
- "blst" is set to "1" if you'd like to blacklist a certain AP
- "fakemac" defines a valid client Mac AAP uses upon connection attempt to the configured AP

If you'd like to define more than just one of the before-mentioned options for a certain AP, you do it within one single UCI section, e.g.

Certainly, AAP can be directly configured with the Unified Configuration interface UCI. Let's assume, you'd like to utilize a BSSID "00:11:22:33:44:55" and configure its key "00010203040506070809101112", ssid "default" and fakemac "00:22:33:44:55:66" used upon respective connection attempt and store the configuration.

While I could write a really thick "novel" about AAP, I try to ensure readability and thus just cover the basics (please ask if you have further questions not explained here in detail due to space and time requirements). That all said, AAP is controlled by an easy-to-use CLI interface, providing the following functions

- enable, disable the autostart of AAP
- manually start, stop and restart it
- output the syslog messages of AAP (to verify its proper operation)
- manually skip the connection to the current network and connect to the next one in its result list
- access the connection attempt list of networks AAP connects to in descending order of scanned SNR

All that said, I hope you'll enjoy Piranha v4 and AAP v3 and have a lot of fun with it! For Piranha v4 installations instructions, please have a look at the respective OpenWrt wiki page covering your specific Atheros device.

(Last edited by orange on 3 Sep 2010, 06:49)

Can/will AAP run while a AP is used on the same device??

Ie ... repeating its connection?

In general it's possible to operate OpenWrt and thus Piranha/AAP in simultaneous station- and AP-mode configuration. That said, I do NOT recommend it as I personally never managed to get it into stable operation. Certainly feel free to test it though with the following /e/c/network

and /e/c/wireless configuration files

This would result in br-lan with attached interfaces eth0, ath1 (the AP interface) with AAP running on interface ath0. The presented configuration ALWAYS broadcasts an unencrypted network "OpenWrt" (adjust it to your scenario). Broadcasting the same SSID as the network AAP currently is connected to would require more adjustments I neither have tested nor thought about yet in detail.

Does this mean the AAP is unlikly to become an OpenWRT package

It would be nice to install

opkg install aap

etc

AAP already is an OpenWrt package available at the Piranha package respositories, the very latest version (AAP v3 100813, as of writing) at http://piranha.pwnz.org/pub/v4/100813/p … theros.ipk

That said, due to its design, AAP is Atheros only and won't run on a pre-compiled OpenWrt distribution as it needs a patch to madwifi sources, in order to un-truncate "wlanconfig ath0 list scan" SSID output, that isn't part of OpenWrt by default. I don't feel it appropriate to provide comprehensive patching/installation and OpenWrt configuration instructions as this would significantly higher both the potential for failure and my very own maintenance overhead in supporting AAP. Thus I provide Piranha (currently v4) as a ready-to-use solution. Support for other OpenWrt platforms (Broadcom etc) isn't planned (at least not from a short term perspective).

I'm certainly willing to share the before-mentioned madwifi patch by request though, just in case somebody wants to introduce AAP into his/her own custom OpenWrt distribution.

(Last edited by orange on 14 Aug 2010, 23:30)

Ok .. ok working like a charm !!!

Almost missed the needed "option 'type' 'bridge'" in the network config !!!!!

ok, iv forgoten how to set aap to automatically start ... or i just flashed with an older version ...

Actually, it's explained in the AAP documentation above (post #2), but again

Upon next reboot, it'll be automatically started.

(Last edited by orange on 17 Aug 2010, 01:19)

in the wireless config ...

Does the option 'ssid' for wan and lan need to be the same ??

Certainly not. In the simultaneous station- and AP-mode configuration I've shown you above, leave the "wan" part as is (this is handled by AAP) and change the "lan" part, i.e. the "ssid" option, to your liking.

(Last edited by orange on 17 Aug 2010, 12:11)

opkg update ....

returning

Downloading http://piranha.pwnz.org/pub/3.0/100217/ … ackages.gz.
wget: server returned error: HTTP/1.1 404 Not Found
Collected errors:
* opkg_download: Failed to download http://piranha.pwnz.org/pub/3.0/100217/ … ackages.gz, wget returned 1.

im just using  "  opkg update aap ""

should it be something different ??

Jesh .. answerd my own question really ...

copy/paste

root@OpenWrt:/aap# wget http://piranha.pwnz.org/pub/v4/100813/packages/aap_1
00813-1_atheros.ipk
Connecting to piranha.pwnz.org (216.218.192.170:80)
aap_100813-1_atheros 100% |***************************|  3694  00:00:00 ETA
root@OpenWrt:/aap# ls
aap.sh                    aap_mlst
aap_100813-1_atheros.ipk  aap_wlst
aap_blst
root@OpenWrt:/aap# install
root@OpenWrt:/aap# install aap_100813-1_atheros.ipk
-ash: install: not found
root@OpenWrt:/aap# aap_100813-1_atheros.ipk
-ash: aap_100813-1_atheros.ipk: not found
root@OpenWrt:/aap# update aap
-ash: update: not found
root@OpenWrt:/aap# opkg install aap_100813-1_atheros.ipk
Upgrading aap on root from 100217-1 to 100813-1...
Configuring aap.
root@OpenWrt:/aap# aap

  AAP v3 100813 - (C) 2009, 2010 by orange
  http://piranha.pwnz.org

  usage: aap [enable,disable,list,log,skip,restart,start,stop]

root@OpenWrt:/aap#

thanks again for the work Orange !!!!!!!

You're welcome! I'm just wondering what you're doing here *confused*
Please just do a fresh install of Piranha v4 and everything is pre-installed and -configured.

(Last edited by orange on 17 Aug 2010, 23:35)

It was an older Atheros flash .... 100260 if i remember.

I just figured - opkg update aap, would update it but it couldnt seem to find the current version - so i did it that way. I didn't want to flash the whole thing, but that might be a better thing to do after all .....

Iv telnet'ed in ...

Whats the default log in??

Its not user:root
   password:(blank)

Thats not working ..... I usally just change it VIA serial connection, but .....

Can a script be written  - so that once an actice internet conectin was found to bring up the repeating AP ??

add

config 'wifi-iface'
    option 'device' 'wifi0'
    option 'network' 'lan'
    option 'mode' 'ap'
    option 'ssid' 'OpenWrt'
    option 'encryption' 'none'

or perhaps replace /e/c/wireless & /e/c/network with the previous mentioned??

this part dosent seem to work .....

root@OpenWrt:~# opkg update
Downloading http://downloads.openwrt.org/backfire/1 … ackages.gz.
Inflating http://downloads.openwrt.org/backfire/1 … ackages.gz.
Updated list of available packages in /var/opkg-lists/packages.
Downloading http://piranha.pwnz.org/pub/4.0/100708/ … ackages.gz.
wget: server returned error: HTTP/1.1 404 Not Found
Collected errors:
* opkg_download: Failed to download http://piranha.pwnz.org/pub/4.0/100708/ … ackages.gz, wget returned 1.
root@OpenWrt:~#

Its not being redirected to the latest aap but stil trying to get the 100708 version

Mabey im doing something wrong ...

Hi Orange,
   great work!!

I'm trying to play a bit with your firmware Piranha, but I found a problem and maybe you can help me.
I'll tell you all the (few) steps just to be clear.

I've just installed the Piranha v4/100813 on a Fonera+ FON2201.
Once installed I connected via telnet on the LAN port, saved a password and reconnected via ssh.
Then I enabled aap and rebooted.
I had 2 open wifi networks (for testing) close to the router, but the aap list was empty and the aap log was continuously saying:
"(re-)scan done, no suitable APs found in range, initiating (re-)scan in 120 seconds"

To investigate this problem I tried:
- the command: wlanconfig ath0 list scan
showed the 2 networks correctly (with all the infos)

- I tried to put the ath0 in monitor mode and use airodump-ng to monitor the networks and it showed the 2 networks correctly

- I tried to manually connect to one of these test networks and it worked

- I stopped aap and edited the file /etc/config/aap:

config 'aap'
        option 'checkfreq' '60'
        option 'dhcptimeout' '60'
        option 'ineturl' 'www.google.com'
        option 'logenable' '1'
        option 'prefonly' '0'
        option 'rescandelay' '43200'
        option 'warndelay' '120'
        option 'watchinet' '1'
        option 'autostart' '1'

config '00:XX:XX:XX:XX:XX'
        option 'ssid' 'nameX'

config '00:YY:YY:YY:YY:YY'
        option 'ssid' 'nameY'

Then rebooted, but I found the same problem.
Then I tried the same but without the options: option 'ssid' 'nameX', but the same problem.
Then the same but just with the part config 'aap' and his option, but the same problem.

Any idea?

I am having similar issues ... one of witch was odd ... aap couldn't get www.google.com for internet check, but a running ping to google was getting reply times .... aap dropped the connection and went to the next detected AP ...

Is there an archive for older AAP versions ??

I took a look to the code
I'm not expert at all in bash coding and I was getting confused about the infinite awk pipes!!!

Anyway I think I found the bug which generates the problem I described before

The function aap_scan() contains: ... | grep -ivf /tmp/aap_blst > ...
But the file /tmp/aap_blst is empty (0 byte) if there is no blacklisted SSID in /etc/config/aap
And if /tmp/aap_blst is empty then the grep gives an error
(Note: grep on my linux and mac box doesnt give any error in that case, but on openwrt does)

So the effect is that if there is no blacklisted SSID in /etc/config/aap, then aap cant find any suitable AP
I solved not correcting the code, but inserting a faked blacklist entry

I remember that from the now gone web page ... on older version's ....

The install image is saposed to have a fake ssid to keep it from hic-up-ing ... mabey that got missed.

Ill see if that is what my problem is too ...

Nope .. its in there , might be a week signal thing here ...

I don't know .. Iv made my AP open .. and still will not connect ... but does detect it ....

Some thing has gone amiss ...