Wardriving with a Tesla Model 3 — Part 2

In part 1 of our multi-part series on modern wardriving, we discussed a basic hardware setup that will allows us to start catching some of those important wifi data packets. Now we will discuss the software used in this project. Like anything else, this is mostly preference based on my part. I will try to tell you where to research alternative if you like.

PLEASE NOTE: Read Part 1 of this series here…

Install Kali on the Raspberry Pi

Let’s start with the operating system. For this project I went with Kali Linux for the Raspberry Pi. It seems to have a solid wifi stack from drivers to software — way more that what we’ll need anyway. You can use your favorite flavor of Linux here as long as it supports capturing packets via wifi.

You can choose to go headless here. If so, skip the next step. Once you can SSH into your Raspberry Pi you are ready to install Bettercap.

Install display drivers (optional)

If you are using the display from Step 1 — simply visit http://www.lcdwiki.com/4inch_HDMI_Display-C and follow the instructions to install the display drivers. They do offer various Linux images with the drivers pre-installed. This will give you full touch screen functionality as well.

Install Bettercap

bettercap is the Swiss Army knife for WiFi, Bluetooth Low Energy, wireless HID hijacking and Ethernet networks reconnaissance and MITM attacks.

If you Google around or search Github, you’ll see a rather wide selection of tools available to collect and analyze 802.11 packet data. Some try to target specific attack vectors while others try to provide a high-level tooklit to allow you to choose how to shape your strategy. Bettercap falls into the latter, and it does it perfectly.

This again is a preference of mine. I implore you to mess around with other software out there. You’ll see some do well while others… well not so much. Anyway, I have found Bettercap to be a very well written software that is flexible enough to suite my needs for this project. Since we’ll be doing low-level packet inspection, it seems that GO and Python based projects seem to outperform others.

Verify Wireless 802.11 adapters work

Once you have a clean build of Kali and Bettercap installed, we just need to verify that your wireless adapters are capturing packets okay. The above screenshot show Bettercap’s UI. It’s an Angular app that interfaces with Bettercap’s API and is perfect to easily check to see if you adapters are being detected and working okay.

Fire Up GPSD

So Bettercap is great but not perfect. It’s does not handle GPS well at all. For this case, I will just enable the GPS daemon in Kali. I’ve messed around with different strategies like accessing the serial port directly but it seems that the GPSD is pretty solid and flexible. Once setup, it should fire up a server with a url that you can put in other apps like Kismon. The default url:port it creates should be fine. Find out more at https://gpsd.gitlab.io/gpsd/installation.html.

Kismet/Kismon

Kismet is the oldschool tried and true wifi packet analyzer that is a must have piece of kit for any wardriver. Kismon is a GTK-based application that provides a cool graphical user interface for Kismet. The best part though… it has a built in map that auto-plots any discovered wireless access points. If your GPSD is setup okay, it will receive the gps coordinates in realtime. Detach this map from Kismon, and you now have a fullscreen touchable map for your wardriving session. Sweet!

Driver — You are the Wheelman

You *should* be able to drive, bike, or walk around and watch Bettercap capture packets. There is a whole bunch going on in the background but key points of interest to look at are wifi access point RSSI (signal) strength. Any value less than -90 is not usable and varies from there are the signal strength goes up. You of course want a strong signal that is blasting as many data (802.11) packets at you as possible. You can either try to get closer to the source or get a bigger antenna to try to get better RSSI numbers.

Stay tuned for Part 3 where we will discuss using the true powers of the Tesla Model 3, it’s always on, internet connected screen. Leveraging React, Node JS, and Firebase for realtime data transactions, we can create a cool interface for our new wifi data. This also unlocks a whole new level of potential possibilities that we can do with our data. Now you can patrol the wireless ocean of your Covid-19 ridden hell-scape from the comfort of your vehicle. be Be safe out there and stay tuned for Part 3…