

Bunny.py: A WiFi darknet that hides its traffic in the noise of 802.11 - mothran
https://github.com/mothran/bunny
This is a project I have been working on for a while now and I would love some feedback.
======
jtchang
So a possible use case for this covert channel:

You are trying to infiltrate a specific computer inside a large corporation.
You have a wireless USB key that you sneak in and plug it into a target
computer.

The problem is issuing commands to that USB dongle (which I assume is running
some sort of OS).

If the dongle sets up a new wireless network it will be detected by rogue AP
scanners (common feature in many enterprise access points). So instead you
stick your data in a covert channel. You then sit in the parking lot and
communicate with your device without it tripping any IDS systems. At least for
now until the IDS systems start looking for weird packets with data stuffed in
all the wrong places.

~~~
skeletonjelly
Can you elaborate on the OS on a USB thing? You mean you'd reboot the machine
to the OS on the USB? Wouldn't that trigger things? Or that machine merely a
conduit?

~~~
Shish2k
If you can convince a machine to boot from USB, then one could make a liveUSB
distro which automatically boots the first hard drive in a fullscreen VM (+
remote access), so it would appear to the user and network to be unchanged.

(Not sure how well that works for windows, which freaks out at the slightest
hardware change, but it seems to work great for linux - I'm doing that at work
to get modern hardware and software support of ubuntu while the software we
use is only for centos; if I ever want to go back I just remove my extra hard
drive and boot from the original again :) )

~~~
hobolobo
So you boot into Ubuntu which then loads the HDDs OS in a VM? What do you use
to do this?

~~~
Shish2k
Yup, using KVM / Virt-Manager, "Create VM" -> "Use existing disk: /dev/sda" ->
"Run". Aside from X getting confused, which was easily fixed [1], everything
Just Worked. SSHFS is used so that I can edit code from the native desktop and
run it in the VM.

[1] it had the nvidia proprietary driver hardcoded in xorg.conf -- with a
blank config, Xorg correctly auto-configures the neuveuo(sp?) driver when it's
running natively and the emulated card driver when running in a VM.

------
drippingwet
Why not just be honest, and let everyone know that the fate of
(2.4Ghz)802.11a/b/g/n/ac residential/commercial/enterprise/carrier grade rests
on an unencrypted management packet framework(that some may argue is
defective-by-design).

Until 802.11ad implements alternative methods of handling client/station
management, it only takes one deauthentication packet to cause client(s)/AP
interference, and possible interception/eavesdropping.

:-\

~~~
euroclydon
No one is voting this up, but it's certainly interesting if true, or if I
could actually understand it.

~~~
err_badprocrast
Wifi authentication frames aren't encrypted, so you can craft bogus de-auth
packets to disconnect clients. This has a lot of uses - you can DoS a client
indefinitely, force them to reveal a hidden access point when reconnecting, or
force them to disconnect and then reconnect to a rogue access point.

new standards encrypt management frames, though.

------
tptacek
Anybody who made it through a couple levels of our crypto challenges want to
take a run at evaluating this?

~~~
mothran
The crypto is super simple currently. I have spent a long time trying to
figure out a better solution but currently there is a single round of AES-256
in CBC mode, each message gets a random IV.

To answer the first questions from this, 1) yes I know there is no MAC I am
working on that and could use some ideas 2) forward security is not built in,
but if you can find a quicker way to renegotiable mpOTR we might be in
business.

Any feedback would be great, I would really like to improve Bunny to be more
solid in its use of crypto.

~~~
andrewcooke
you _really_ need hmac or similar. someone else already said, but in more
words: in a practical system (that has error handling etc) your current
approach can allow someone to provide fake data. if they can trick you into
repeating the same message (random iv doesn't help) then they can use padding
to work out what bits of iv to flip to give any first block. and you including
length in message only makes that easier (no second block error).

better: why not implement a lower level without crypto then layer a known good
crypto on top? so just go for datagrams (udp), then add reliability (tcp),
then add, say tls. I don't know much about this (sorry), but I bet once you
have udp there are libraries to do almost all the rest.

~~~
andrewcooke
ps my "simple-crypt" package for python 3 combines aes and hmac.

<https://pypi.python.org/pypi/simple-crypt>

for python 2 it is still a good pycrypto example - the code is pretty simple.

------
tlow
"Bunny is intended to act as a layer 1/2 technology that attempts to hide its
wireless mesh communication traffic."

I think there's a lot of interest in this article but also a lot of
uncertainty.

There are some interesting comments on the theoretical basis of Bunny and
Bunny packets, but as someone without a lot of technical knowledge of this
area, I don't know: How effective Bunny is in practice? How visible is it...?
If I were a network security professional, would I notice Bunny on my wireless
network? Perhaps the author or a knowledgable person could speak to these
questions?

------
orangethirty
Cool, this is using pylorcon. I forked it to have fun with it. Let's see where
can I manage to put this, and what kind of fun can be had. Hmm..., I can even
send commands through this. Fun. Thanks for open sourcing this.

~~~
mothran
No problem man, if you get it working on your hardware that is not listed in
the README, please tell me. I would love to keep a easy to find list of
supported chips.

~~~
orangethirty
Will do, thanks. (:

------
danabramov
I am a bit confused as to what this does.

Does it allow me to chat over someone's WiFi network with another client
running this software?

Something else?

~~~
EvanAnderson
Yes-- that's what it does. Nodes need to agree on a pre-shared AES key, a
modulus, and a remainder, and with that information they can monitor the wifi
network to locate Bunny frames.

I glanced over the "proposal.txt" file and I think a reasonable summary is as
follows: Bunny monitors a wifi network to build a model of the types of common
packets it "sees". Once it has built the model it can transmit data covertly
by sending packets with a crafted length (based on a couple of pre-shared
values) that are similar to the "average" traffic on the network. Bits of AES-
encrypted data are stored in some of the various header and payload fields
that are "sloppily" defined in the 802.11 standards. Other Bunny nodes are
able to recognize these frames because their length modulus the pre-shared
modulus value will equal the pre-shared remainder value.

~~~
lifeisstillgood
But

The packets sent wont be routed ? So this is a peer to peer / adhoc network
between two clients who not only will encrypt their messages but will write it
in invisible ink too.

It's a really cool hack, and mothran probably knows more about wifi packets
now than anyone is legally allowed.

But if I am in a situation where the enemy is so sophisticated they can infer
useful information from my non hidden encrypted traffic I am going back to
filling in the Times crossword on a bench in st James park

------
zobzu
I did something similar as in using the wifi chip for non-intended purposes
(but not the same as you did with bunny) a few years ago.

Used same chipsets hehe. I found that lorcon and aircrack's libs were both
lacking tho. It appears not much has changed :/ Made it in C as i eventually
forked off aircrack's lib to fix stuff (lorcon is nicer yes, but the code is
so abstracted that it makes it painful to modify)

------
silasdavis
How about providing this as a transport layer for:
<http://briar.sourceforge.net/overview.html>

------
alexkrycek
Your README mentioned the following:

rtl8187 - Alfa AWUS036NH

Note: These are by far the WORST chipsets on the market, the RX sensitivity
makes them almost worless for any kind of application besides cracking WEP
passwords.

I have this model. Can you explain a bit more what the issue is with the RX
sensitivity. Are there any workarounds?

------
punnerud
This would not work on a lot of large enterprise networks that use RSSI
(Received signal strength indication) to detect malicious devices. Unless you
are close to one sender and are sending data at the same time as this sender
is sending its data.

------
informatimago
How much hidden bandwidth can be piggy pegged on wifi with bunny?

