Quackieduckie
A compact pentesting drone that's both small and inexpensive based on the AstroRC Carbonfly.
Full dimensions are 145x120x58mm, the full drone stays below a weight of 250g.
In its current state it is flying and we got a working connection to the Ticwatch via ssh reverse listener and currently retesting the following tools:
- Network Reconnaissance
- Bluetooth Arsenal
- One Shot WPS Attacks
There's limitations, the programs run quite wonky and currently there's no known way to attach a second network adapter to it so it has to be adapted to very specific use cases. The chipset however does seem to support monitor mode which is impressive.
Advantages Over Directional Antennas:
- Persistence and Low Profile: Remains discreet once deployed.
- Accessibility: Reaches areas inaccessible by long-range antennas (e.g., rooftops).
- Remote Access: Can be accessed via LTE.
The hacking drones we have seen are bulky and loud. We want to create a more stealthy yet functional drone.
Objective
The idea is to have a mobile server capable of remotely scanning networks in usually inaccessible areas, while keeping the design simple enough to be reproducible. Though we try to keep things as DIY-friendly as possible, assembling the electronics and installing the custom ROM will be challenging if you're a complete beginner.
Components and Construction
This project uses an AstroRC 2.0'' frame and components as its base (https://astrorc.net/products/2-5-inch-carbonfly-2). Construction requires soldering skills and experience with assembling FPV drones, as the assembly video is in Mandarin.
Initially, we used a Raspberry Pi Zero W with an LTE module and battery, the first sketch below is the result of that. However, this setup was overly complicated and too heavy for the small, originally used 2-inch propellers.
We discovered the Kali team’s documentation for installing NetHunter on a TicWatch Pro 3 LTE (https://www.kali.org/docs/nethunter/installing-nethunter-on-the-ticwatch-pro3/), which was perfect for this purpose. Surprisingly, no other drone platform had implemented this.
The design evolved from a rough sketch to a more balanced design with extended rotor protection, landing feet, and a watch container inspired by lidar. The current design is flat and light, featuring a watch case and rotor protection with opposing landing gear, making it easier to print and assemble.
Parts printed in high quality on an A1 Mini in about 1.20h
The final 3D printing files are straightforward and don't require supports, they are suitable for various filaments with implemented tolerances, we have tried both PETG and PLA but ASA could be an interesting candidate as well, without any of them being too heavy for the drone. We designed the parts using Tinkercad, Fusion360, and ZBrush.
Test Flight of the current design, parts and load is well balanced now, the Nethunter software is still fairly wonky though and we're contemplating of going back to a raspberry pi if it can't be improved.
We reverse engineered parts of the original Carbonfly and modified it with landing gear that is out of the way of the propellers and a wider frame, Currently we're using 2.3'' propellers that have been slightly shortened via pliers.
Here's a documentation on how we got an ssh tunnel working reliably, it uses a crontab to automatically enable it later, however you will still need to enable ssh at boot as well if it's not already enabled by default. This also requires a public ip address, we used one of our servers for this.
Some of the commands below will have to be entered via custom command option in nethunter, if you have a bluetooth keyboard you might be able to avoid some of the hassle but this only occured to us in retrospect, the commands below are designed as one-shots, meaning you wont have to enter a response in terminal when you fire them up.
## 1. Generating an SSH Key
Run this command to generate an SSH key without needing to press...
tlankford01
Enki
Peter Walsh
ANANTHAKRISHNAN U S