Nokia N900 is a pentest device

The Nokia N900 has a lot of pentesting potential thanks to the numerous pentest software that has been ported to Maemo. Today I will be doing a guide on how to fully equip your N900 so that it becomes a must-have device for every pentester. Everything that your going to read is for testing only, you should NOT use it on computers you don’t own. Anything you do with this software is your own fault. You have been warned.

Before continuing you should first enable the extras-devel repository on your phone – go to Application Manager and Add this catalogue:

 Catalogue name: Extras-Devel
 Web address:
 Distribution: fremantle
 Components: free non-free

To begin with, I will start with aircrack-ng. It is one of the most popular pentesting programs out there and it serves the purpose of breaking wep/wpa/wpa2 keys and gaining access to a wireless network. To get it, you need to follow these instructions:

apt-get install aircrack-ng

However, so far you will not be able perform packet injection, which will slow down WEP cracking and will make wpa handshake capture much harder. So next thing to do is go tolxp’s blog and get the patched wireless driver and carefully follow the instructions. If you find the driver useful donate at his blog! It adds much more than just packet injection, but you can read all about that on his blog.

As of May,2011 you can now install successfully mdk3, genpmk and cowpatty. You need to have updated your aircrack-ng to version 1.1. To install them follow this post. You can further install wessid-ng ,kiptun and airolib by placing them in /usr/bin and chmod them.

A great addition to aircrack-ng are one of the two available GUI’s. If you are a Backtrack user, you have most probably gotten used to GrimWepa. Luckily for you, a N900 version exists. Here is the actual file. To install it follow these instructions:

apt-get install libgif4

apt-get install icedtea6

java -jar grimwepa-n900.jar

However, I personally don’t like how it works on the N900 and I prefer wifite v2. To install it,use :

– wget

– chmod +x

– ./

The biggest change from version 1 is support for “reaver”, a Wifi-Protected Setup (WPS) attack tool. Reaver can compromise the PIN and PSK for many routers that have WPS enabled, usually within hours.

Other changes include a complete code re-write with bug fixes and added stability. Due to problems with the Python Tkinter suite, the GUI has been left out of this latest version. Most of the new router now got WPS. For example,the default configuration in UniFi router- Dlink Dir-615 – got WPS enabled. Instead of attacking WPA key,wifite attack WPS pin. And have tested using wifite v2, i can crack wpa password without using WPA dictionary. Wifite v2 use pyrit + cowpatty to attacking WPA key.

And for your info wifite just for LINUX, not working in windows or mac…so put yourself with LINUX.

Next thing on the list is getting nmap – apt-get install nmap – easy as that. Quite a useful ip/port scanner that is needed for many exploits. You can run it from terminal by typing ‘nmap’.

My favorite tool of them all is ettercap-ng. It is used to poison a network, redirect traffic,sniff packets and even for DoS attacks. Installing it is a bit harder,but thanks to colin.stephane, who build it into deb packages, it is quite easy if you follow the commands. The files and instructions can be found in this post.

If you want to get the gui working you should also do “dpkg -i ettercap-gtk_0.7.3-1.2.armel.deb”. DO NOT install it via xterm from the repositories as the package uploaded there is completely broken.

A great tool combination for ettercap is sslstrip – it basically turns https links to http and allows you to steal passwords from secured sites.It is quite hard to notice even for a person thats familiar with this exploit. Installation here is a bit harder. First you need to get python-twisted-web and iptables – “apt-get install python-twisted-web iptables python-pyopenssl”. Next you need to download the latest sslstrip package at . Unpack it with “tar zxvf sslstrip-0.x.tar.gz”, then cd into that directory “cd sslstrip-0.x” and do a “python build” & “python install”. If you get any dependency errors, install the missing packages first (sometimes you will have to install a different package – for example if you are missing package ABC you will have to type in the Xterminal “apt-get install python-ABC”, not just “apt-get install ABC”.) If you have any issues with installing make a comment and I will try to help you.

Another cool program that you can get is Wireshark – “apt-get install Wireshark”. It can be used for packet sniffing or for examining files created by ettercap for example. The gui is a bit messed up,but it is useable.

The famous metasploit framework can also be run on the N900 and the instructions + the actual file can be found HERE. Everything works flawlessly and I have successfully exploited my Virtual Machine’s Windows XP through the phone. However, some people have had issues with the official metasploit installation guide – so here is a second one with optified ruby packages : .

The Online password cracker tool – THC-Hydra. Ported by SuperDumb. To download Install by doing a dpkg -i hydra_6.3-src-1_armel.deb.

That is it for today. If you have any issues/recommendations please make a comment.


13 thoughts on “Nokia N900 is a pentest device

  1. salam boh, saya tertarik dgn ayat ni “i can crack wpa password without using WPA dictionary”. saya nak mitok tolong boh ajar saya lagu mano nok buat tu. saya tahu lah sikit2 pasal BT5 R3….


      1. ok,lam bt5 r3 tu demo akn jupo namo software wifite lam wireless esxploit…demo runn hok tuh jah…dio akn crack router,bkn crack wpa password…kal tngk wifi huk enable wps gk,mknonyo bulih r crack… skalonyow,unifi meme default enable wps


    1. kalu wps xenable meme kno paka wpa lah…tp skalo,huk bnyok kawe buat,beyeh doh paka gtuh…so lagi kl demo bulih pehe gk,demo cari kt utube gano nk krek wpa paka pyrit


  2. Hi I was wondering if you can guide me to install BackTrack on my N900. I have the ARM iso but cannot install it to the memory internal or external.

    Would like some advise on the proper way to do this.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s