issues when running pineapd on ar150

[sysadminpower2019]

I have compiled brand new firmware and extract the latest version of the pineapple software and i am getting this error.
this is the dmesg result

do_page_fault(): sending SIGSEGV to pineapd for invalid read access from 0000005c
[ 515.263461] epc = 770088a1 in libpcap.so.1[77000000+2b000]
[ 515.268826] ra = 004053f8 in pineapd[400000+e000]

[mankidavu]

There are few discussions on their forums about some conflict between new versions of pcap and reaver/pineap etc. May be hardcoding a working libpcap is a solution. Did you try with 2.1.2 ? Looks like there were few fixes added to that.

[sysadminpower2019]

how can i figure out what version to hardcore. Yea im using 2.1.2 and getting the pcap error. Do you have a source for the pcap discussion

[qinzh760]

I have compiled 2.12 by following the insctructions but I got ar150/openwrt-cc/bin/ar71xx/openwrt-ar71xx-generic-gl-ar150-squashfs-sysupgrade.bin whcih is only 3.7MB. Something wrong here?

[qinzh760]

How do you extract latest pineapple firmware then? binwalk?

[mankidavu]

I was referring old discussions. Not exactly on latest firmware, but similar libpcap breaking programs were discussed. Eg:

https://forums.hak5.org/topic/39654-whats-the-issue-with-wps/

someone posted it on LEDE/openwrt forum too.But as pineapd is out of their domain, don't think we will get some help.

https://forum.lede-project.org/t/glinet-ar150m-sigfault-when-enabling-ap/16317

[bruvv]

Just to update on this. The pineapd.bin is a 32 BIT ELF program. that is somewhat obfuscated. You can read the strings but it does not show anything really. I have no idea how objdump works but is supposed to show what is going on.
I made a build system that is always building the latest firmware and I am currently running 2.4.1 and everything works witouth hacking anything (MIPS = NANO) only the pineapd is not working.

Lets brainstorm guys and get this to work! I have been on it 5 days already and tried already the following:

• Change mips name (works for everything expect the pineapd)
• Change the board name from GL-AR150 to PINEAPPLE-NANO, or I am doing this wrong but the GL-AR150 does not boot.
• Change the build to a specifiek TP-LINK board (just like the pineapple NANO does with 5 MTD partitions) but that also makes the GL-AR150 crash...
• Changes some specifiek offsets in the MIPS/MACH file but that makes no difference.
• Updated the packages to mimick the PINEAPPLE NANO AIRCRACK HAK5 package which is called by pineapd but that is still giving the segment fault...
• updated the kernel to the new build that HAK5 is using it boots but still pineapd does not work

Anyone knows anything else to test? Lets start some brainstorming guys!

Please bare in mind I am just doing this debugging for fun and learning process.

[spoetnik]

Have you tried this? I don’t know if it’s relevant for this bug...

One of the comments on
https://www.securityaddicted.com/2016/11/17/weaponizing-gl-inet-gl-ar150/

“GetDevice trick is that you have to look in pineapple.php file and make that function always return “nano”…”

[bruvv]

I hacked it that that API thinks it's the nano already. So that's not needed anymore. Thanks for the tip! Please keep them coming.

[bruvv]

new version:
https://github.com/d1slact0r/pineapple-firmware-builder