A compact pentesting drone that's both small and inexpensive based on the AstroRC Carbonfly.

Full dimensions are 145x120x58mm, the full drone stays below a weight of 250g.

In its current state it is flying and we got a working connection to the Ticwatch via ssh reverse listener and have tested the following tools:

• Network Reconnaissance

• Bluetooth Arsenal

• One Shot WPS Attacks

There's limitations, the programs run quite wonky and currently there's no known way to attach a second network adapter to it so it has to be adapted to very specific use cases. The chipset however does seem to support monitor mode which is impressive

Advantages Over Directional Antennas:

• Persistence and Low Profile: Remains discreet once deployed.
• Accessibility: Reaches areas inaccessible by long-range antennas (e.g., rooftops).
• Remote Access: Can be accessed via LTE.

The hacking drones we have seen are bulky and loud. We want to create a more stealthy yet functional drone.

Objective

The idea is to have a mobile server capable of remotely scanning networks in usually inaccessible areas, while keeping the design simple enough to be reproducible. Though we try to keep things as DIY-friendly as possible, assembling the electronics and installing the custom ROM will be challenging if you're a complete beginner.

Components and Construction

This project uses an AstroRC 2.0'' frame and components as its base (https://astrorc.net/products/2-5-inch-carbonfly-2). Construction requires soldering skills and experience with assembling FPV drones, as the assembly video is in Mandarin.

Initially, we used a Raspberry Pi Zero W with an LTE module and battery, the first sketch below is the result of that. However, this setup was overly complicated and too heavy for the small, originally used 2-inch propellers.

We discovered the Kali team’s documentation for installing NetHunter on a TicWatch Pro 3 LTE (https://www.kali.org/docs/nethunter/installing-nethunter-on-the-ticwatch-pro3/), which was perfect for this purpose. Surprisingly, no other drone platform had implemented this.

The design evolved from a rough sketch to a more balanced design with extended rotor protection, landing feet, and a watch container inspired by lidar. The current design is flat and light, featuring a watch case and rotor protection with opposing landing gear, making it easier to print and assemble.

Parts printed in high quality on an A1 Mini in about 1.20h

The final 3D printing files are straightforward and don't require supports, they are suitable for various filaments with implemented tolerances, we have tried both PETG and PLA but ASA could be an interesting candidate as well, without any of them being too heavy for the drone. We designed the parts using Tinkercad, Fusion360, and ZBrush.

Test Flight of the current design, parts and load is well balanced now, the Nethunter software is still fairly wonky though and we're contemplating of going back to a raspberry pi if it can't be improved.

We reverse engineered parts of the original Carbonfly and modified it with landing gear that is out of the way of the propellers and a wider frame, Currently we're using 2.3'' propellers that have been slightly shortened via pliers.

Future Plans

Currently we're testing a Cubot King Kong Mini board with full kali compatibility.

We're also working on getting the stand by mode to work on the flight controller, this would allow the drone to take off after completing it's job even if it takes longer than a few hours. However, even without that feature one could land this drone for a contracted pentest, get at least two days of access on a fully charged Ticwatch and then later collect it.

This project has been made possible due to a collaboration with Chris from Techno's hackerspace in Berlin for the drone components and assembly, foxo from the foxolab hackerspace in Monza for the software and further hardware development, Lauwura for troubleshooting...