wlan router wardriving

So, I have this shiny new Asus toy, now what can we do with it?
I thought that maybe using its ressources for some wardriving fun would make sense. What’s necessary for that? Well, we have the wlan router that has everything “on board” except for a power supply, a huge storage for the results and a device to record its position. Read the complete article for details 😉


Power supply: That one’s easy, bought a small transformer thingy at a local electronics shop that converts 10.5-25v DC into a configurable output voltage. The output voltage can be configured in seven steps ranging from 1.5 to 12 volts at a maximum draw of 2A. The Asus’ power supply is rated at 5v 2.5A, but I found some page were someone was measuring his WL-HDD draw 0.5A idle with the built-in harddisc spinning, so I suppose mine would even draw less, given that it isn’t equipped with a power-hungry harddisc at all. The transformer can be plugged into a cars cigarette lighter outlet – or into a mobile power station if you happen to have a friend who has such a thing laying around 😉
Huge storage: I already mentioned in a recent post how I connected an usb stick to the Asus, that’s pretty easy anyway.
“Device to record its position”: Well, I have this Garmin GPSMAP 60cs and as it comes with an USB port, why not plug it into the Asus? Well, while there is a kernel module for these devices it’s only supported with 2.6 kernels, not with 2.4.30 the OpenWRT WhiteRussian RC6 runs on. Fortunately there is also a serial NMEA output on the GPS device, so I connected it via a serial2usb adapter device that got recognized by the OpenWRT kernel module kmod-usb-serial-ftdi (/dev/usb/tts/0).
What’s also needed is, of course, a program to do all the nice stuff such as scanning for wireless networks and saving the results – that’s where Kismet comes into play.
While there are Kismet packages for OpenWRT there is a small issue – OpenWRT’s Kismet has its GPS support removed by one of the patches that are applied while the packages are being built. I found a version with GPS support, but unfortunately it’s linked against an old version of libpcap, so it doesn’t work on WhiteRussian RC6, so I had to compile my own kismet binaries. Following this document I set up an OpenWRT buildroot, removed the Kismet GPS-removal patch and copied the resulting binaries onto the Asus.
To get GPS data into kismet a special daemon is required for the communication with the GPS receiver: gpsd
Fortunately there is already a OpenWRT package, but I read that gpsd 2.10 works better than the newer versions, so I installed that one.
After playing a bit with various kismet settings I wrote a small init script that automatically starts gpsd and kismet whenever an USB stick with a directory called “wardriving” is detected on bootup. It basically consists of a directory existance check and the following calls:

gpsd -s 4800 -p /dev/usb/tts/0
wl ap 0
wl disassoc
wl passive 1
wl promisc 1
kismet_server -f /etc/kismet/kismet_wardriving.conf

A first test was a huge success. The whole setup works well in a car and even better in a backpack for some warbiking or even warwalking 🙂
I might post some results here soon, stay tuned.

Related links:
Headless wardriver
gpsd man page with protocol description

Comments are closed.