Kali Linux on the BeagleBone Green Wireless

Some bad news

Unfortunately, the BeagleBone Green Wireless uses the Texas Instrument WL1835 which does not support monitor mode. The BeagleBone Green Wireless cannot be used with airodump-ng, kismet, tcpdump, etc. out of the box.

Fortunately, the BBGW has USB ports; therefore, USB Wi-Fi dongles can be added for promiscuous mode. Having two wireless interfaces does have its perks: an ssh session can exist on one interface while the other collects packets.

Booting Kali

The BeagleBone Black instructions for Kali work on the BBGW. Once the SD card is flashed, inserting it into the BBGW and power-cycling will boot Kali. Kali does not flash the eMMC of the BBGW so there is no need to hold the Boot button and wait for the image to copy. Removing the SD card is all that is necessary to boot stock Angstrom.

Logging in

Kali does not start an Ethernet-over-USB interface like the default installation. The easiest way to get a login shell is to attach a USB-to-UART cable (available from Amazon and Sparkfun) to UART0 (row of six pins marked GND,NC,NC,RX,TX,NC).

In Debian, the serial port typically appears as /dev/ttyUSB0. To open the port without root, the owner of the file needs changed to the current user.

chown <username> /dev/ttyUSB0  

The default getty login prompt uses a baud rate of 115200. Opening the prompt with screen:

screen /dev/ttyUSB0 115200  

The default Kali credentials are root:toor.

After logging in, SSH certificates should be revoked.

Setting up Wi-Fi

If the built-in Wi-Fi chipset is used to connect to a wireless network, ssh can be used to login in to the BBGW.

To determine the built-in wireless interface use ethtool:

root@kali:~# ethtool -i wlan0 | grep driver  
driver: wl18xx_driver  
root@kali:~# ethtool -i wlan1 | grep driver  
driver: rt2800usb  

The built-in WiLink 8 Module will be the interface using the wl18xx_driver. wlan0 is the built-in interface in this situation and will be used in the configurations below.

To have the BBGW automatically connect to a wireless network on boot, edit or create /etc/wpa_supplicant/wpa_supplicant.conf

# /etc/wpa_supplicant/wpa_supplicant.conf

ctrl_interface=/var/run/wpa_supplicant  
eapol_version=1  
ap_scan=1  
fast_reauth=1

network={  
  ssid="ssidname"
  scan_ssid=1
  key_mgmt=WPA-PSK
  psk="thepassword"
}

If wpa_passphrase was not used to compute the psk, wpa_supplicant.conf should probably be made so only root has read access:

chmod 700 /etc/wpa_supplicant/wpa_supplicant.conf  

Edit /etc/network/interfaces to be:

# /etc/network/interfaces

auto wlan0  
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf  
iface default inet static  
    address 192.168.1.137
    netmask 255.255.255.0
    network 192.168.1.0
    gateway 192.168.1.1

This will set the BBGW to have a static IP of 192.168.1.137. Depending on the network, the third octet may need to be 0 instead of 1 as in 192.168.0.137.

Taking the interface down and bringing it back up should connect the BBGW to the network.

ifconfig wlan0 down  
ifconfig wlan0 up  
airodump-ng on wlan1

The USB dongle I'm using is a Tenda with a Ralink chipset. Unfortunately, there was a regression in Kali that prevents Ralink hardware from entering promiscuous mode.

The ARM Kali image (at the time of writing) ships with the 4.1.18 kernel, which is affected by the regression. Installing linux-image-4.9.0-kali3-armmp fixes the problem.

apt-get update  
apt-get upgrade  
apt-get install linux-image-4.9.0-kali3-armmp  

After rebooting, the newer rt2800usb drivers worked allowing packet injection and promiscuous mode.

airmon-ng start wlan1  
airodump-ng wlan1mon  
In Summary

The BeagleBone Green Wireless does not support promiscuous mode. The BeagleBone Black Wireless also uses the WL1835 and therefore does not support promiscuous mode. The BBGW and BBBW can be used as low cost and portable Kali installations with USB Wi-Fi dongles. However, the current ARM Kali image has a regression in the Ralink drivers which requires an update to the kernel in order for Ralink dongles to enter monitor mode.


Was this information useful or thought provoking? Do you appreciate a webpage free of analytics and ads? Please consider using my Amazon Affilliate URL as a way of saying thanks. Or, feel free to donate BTC (1DNwgPQMfoWZqnH78yt6cu4WukJa3h8P1f) or ETH (0xf3c4a78c24D34E111f272Ac2AC72b1f01ba52DF3).