GPS Wardriving

I remember my first time doing wardriving (not that long ago). I only used my laptop and my mothers car. Of course i did everything manually, like writing down every AP and MACs and so on.

Since we got some new “toys” here at school, my networking teacher dared me to do some wardriving using a bluetooth GPS and an external wireless adapter. See my last 2 posts for info on them.

The idea sounded really interesting so i started doing stuff. I quickly found a link that was pretty straightforward. The author of the article used Backtrack 4, Kismet and gpsd. After having some big headaches with gpsd i decided to drop it. So here is the list with all the things i’ve used:

The steps:

  1. Connect the GPS to the laptop via bluetooth (check my blogpost on the gps for that)
  2. Link the serial bluetooth port (rfcomm) to a virtual port, so it can be seen without problems by some programs
    1. ln -s /dev/rfcommX/dev/ttyS000Xreplace the first X with the appropiate number you got for your bluetooth connection, and the second one with anything you desire
  3. Edit the Kismet configuration file
    1. After seeing that i have no chance to get gpsd to work with kismet, i decided to use the GPS directly. To do this i had to edit the kismet configuration file: root@hackcentral:~# whereis kismet
      kismet: /usr/local/bin/kismet /usr/local/etc/kismet.conf
      gedit /usr/local/etc/kismet.confI’m not going to put the whole configuration file here, only the part that interests us:

      # Do we have a GPS?
      gps=true
      # Do we use a locally serial attached GPS, or use a gpsd server?
      # (Pick only one)
      #gpstype=gpsd
      gpstype=serial
      # What serial device do we look for the GPS on?
      gpsdevice=/dev/ttyS0007
      # Host:port that GPSD is running on. This can be localhost OR remote!
      #gpshost=localhost:2947
      # Do we lock the mode? This overrides coordinates of lock “0”, which will
      # generate some bad information until you get a GPS lock, but it will
      # fix problems with GPS units with broken NMEA that report lock 0
      gpsmodelock=false
      # Do we try to reconnect if we lose our link to the GPS, or do we just
      # let it die and be disabled?
      gpsreconnect=true


      It should look like above.

  4. Start Kismet and walk around so you can get the wifis
    1. kismet
    2. automatically start Kismet server? Yes
    3. Startup options – Start
    4. Kismet started with no packet sources defined…blabla…Add a source now? – Yes
      1. and here your write the name of your wireless interface, press TAB until you get to Add and press Enter.

    5. Walk/drive around
  5. Visualise the output
    1. Kismet will save some files in the home directory – because im am using Backtrack with root user, the files will be in /root
    2. Now we will use giskismet to make the data readable and put it into a map
      1. go to your home directory -> cd /root
      2. giskismet -x BLABLA.netxml (instead of BLABLA , put the name of the file, it should be obvious if you look for the netxml extension) – this will transform all the data into a database file.
      3. giskismet -q “select * from wireless” -o NAMEOFCHOICE.kml  – this will turn the database file into a KML file, which is readable by Google Map
    3. Import the KML file into Google Maps and VOILA! If you don’t know how check the refferences

References:

http://blog.securityactive.co.uk/2009/07/17/wardriving-with-kismet-newcore-and-backtrack-4/

http://jgrasstechtips.blogspot.dk/2009/07/bluetooth-gps-on-linux-short-howto.html

https://docs.google.com/document/d/18cUsBK9eA7n7wnLOwxBp-lBzpsttbeSKtdrKsF8R9mU/edit?hl=en&pli=1

http://www.askdavetaylor.com/how_to_import_xml_kml_data_file_google_maps.html

  • Good post, let’s find some 1st semesters to redo it 🙂
    Just by accident you chose to show the network with a WEP encryption. Does that tell us anything about what you are planning to do next?

    • Not sure if it’s “just by accident” 🙂 . I’m planning some WEP related stuff, but probably not in the school premises. Stay tuned for the next posts 😀