5 months ago

Turn Any Phone into a Hacking Super Weapon with the Sonic « Null Byte :: WonderHowTo

The Watch Dogs video game series became available in 2014, enamoring audiences with the idea of a seemingly magical smartphone in which could change traffic signals, hack web cameras, as well as even remotely control forklifts. This particular may sound like science fiction, yet The Sonic uses a customized flavor of Kali Linux to allow you to unleash the power of Kali through any smartphone — all without the need to create a hotspot to control in which.

If you’ve ever tried hacking on an iPhone, you know in which’s not a straightforward process. A few problems arise when trying to do any sort of hacking through a smartphone. First, the operating systems are incredibly restrictive. The closest thing to “hacking” you’ll ever get on an iPhone can be a port scanner.

You could jailbreak your iPhone, or put Kali NetHunter on an Android device, yet even then you are extremely restricted when in which comes to wireless hacking by the hardware. Essentially, these strategies expect too much flexibility through devices in which were designed for a specific purpose.

Don’t Miss: How to Install Kali Nethunter on Supported Android Devices

Enter The Sonic. in which comes pre-built with all of the tools needed to control a Raspberry Pi right through your smartphone. This particular can be where we start to loosen the proverbial chains of our smartphones, by adding a more versatile companion device. When we connect to The Sonic, we can offload any work our phone can’t do as well as take advantage of a fully functional Kali Linux attack suite.

The Sonic, complete with wireless network adapter, being discreet. Image by SADMIN/Null Byte

This particular build can be different through our previous Raspberry Pi-based Kali Linux, in which our Pi connects to our smartphone’s hotspot to be controlled. If your phone doesn’t have a hotspot, The Sonic will turn the Raspberry Pi’s internal Wi-Fi card into a command-as well as-control communications Wi-Fi link, which you can connect to through any smartphone to access its features.

One major difference in these two build methods can be in which the The Sonic will not be able to tether an internet connection through your phone. To connect to the internet, you will need to first connect to The Sonic’s wireless AP through your smartphone, as well as then connect The Sonic to a nearby Wi-Fi network to establish a link to the internet.

The Sonic Pi can access a network for you, hiding your real MAC address. To access the internet, you first connect to the Sonic Pi, as well as then connect the Sonic Pi to the Wi-Fi network providing internet. Image by Allegiance/Null Byte

This particular means The Sonic will need two interfaces, the command-as well as-control to host the connection to your smartphone as well as the “attack” antenna to connect the Pi to the network you want to access the internet through.

For more on our alternative Kali Linux build, check out the link below.

Don’t Miss: Set Up a Headless Raspberry Pi Hacking Platform Running Kali Linux

Step 1: Gathering the Necessary Parts

Going on the Sonic’s website, we see in which there are some various other parts we’re going to need. In addition to a Raspberry Pi 3, the following parts are suggested:

  • A TP-Link TL-WN722N wireless card. Any wireless card with an Atheros chip should also satisfy This particular recommendation. If you’re not sure what chipset your wireless card uses, check out the link below for our breakdown.

More on Picking an Adapter: Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2017

  • We will also need a microSD card to burn The Sonic image to.
  • Although in which isn’t a specific requirement on The Sonic website, we’re also going to want to pick up a not bad battery for our Raspberry Pi. If we want truly mobile hacking, we need a truly mobile solution. I tested This particular battery using a Raspberry Pi 3 B as well as in which lasted more than 7 hours!
To make a Sonic, you’ll need a Raspberry Pi 3 as well as a Kali-compatible wireless network adapter. Image by SADMIN/Null Byte

The main benefit to using the Pi over something like a laptop can be portability as well as stealth. While a laptop with several antennas sticking out looks pretty suspect, someone using The Sonic appears to be doing nothing more than checking their phone.

today in which we’ve got the hardware, we need to get some matching software. For mobile devices, we need to make sure we possess the Google Chrome web browser. Safari on iPhone doesn’t support the JavaScript functions in which The Sonic uses, so we need Google Chrome to access in which properly.

Step 2: Downloading & Burning the Sonic Image

You can download the IMG file for The Sonic through here. The image will be delivered inside the form of a 2.1 GB ZIP archive, which you’ll have to extract. After you unzip the image, the total size will be around 16 GB, so be aware you’re working with some pretty big files.

Because the files are so massive, in which’s a not bad idea to verify their integrity. You can do This particular by checking the hash values for the downloaded file as well as comparing them to the ones shown on the download page of the website. FCIV can be an easy to use command line tool for Windows to calculate the hash values. For Linux, you can use the command md5sum, as well as Mac users can use the command md5.

The hash checksums for the .zip file can be found on The Sonic website.

Once you possess the image, the steps to flash in which to the microSD card vary depending on your operating system. Find your operating system below as well as follow the necessary steps.

On Windows

In order to flash The Sonic image on Windows, we need some additional software. Win32 Disk Imager will let us pick the image file, select what device we want to write to, as well as finally take care of the rest for us.

On Mac & Linux

We can use dd in our terminal. First, we will need to figure out which connected disk device represents the SD card. This particular can be done by running lsblk in Linux, or diskutil list in macOS. Next, we need to unmount the device via umount (disklocation) in Linux, or diskutil unmount /dev/device in macOS. Finally, we write the image to the SD card with the following command.

dd if=theImageFile.img of=/dev/device bs=4m.

Once the card has been flashed, insert in which into your Raspberry Pi.

Step 3: Connecting to the Sonic

today in which’s time to start up our Sonic!

A quick note before we continue: The Sonic can be programmed to automatically configure the necessary Linux files to set up an access point. To do This particular, the Pi will restart itself once or twice. This particular can be completely normal.

During This particular process, The Sonic can be assigning your Raspberry Pi’s internal Wi-Fi card a special interface name in order in which in which can run an access point. After in which, The Sonic will run a few startup scripts to configure the access point, enable SSH login, as well as run the web application.

Plug your wireless network adapter into the Raspberry Pi, as well as power on the Pi by connecting in which to a power source via the Micro USB power cable.

Once the Pi can be done setting itself up, in which will start the built-in access point. By default, the SSID can be The Sonic as well as the password can be password. in which’s definitely a not bad idea to change these at some point. This particular can be done by going to the “AP Manager” tab on The Sonic web app, which we’ll take a look at soon.

The default WPA password for The Sonic can be the easiest “password” ever.

Step 4: Troubleshooting Issues with the Sonic

If you don’t see an access point named “The Sonic” after 15 minutes, there are a few things to check.

First, turn off your Sonic, plug in which into a monitor, as well as power in which back on. We want to check as well as see if the device can be booting up normally, or if there’s an issue such as an infinite reboot loop or error message.

If the device can be stuck in an infinite loop of rebooting, or you get an error message reading “link wlan0 can be not ready” for eternity, there may be a problem with the drivers related to your particular wireless network adapter. If you have another wireless adapter available, try switching to in which card.

Otherwise, try unplugging the card as well as booting The Sonic up without the external interface. Once the Pi boots successfully, check to see if the driver for your wireless card can be installed. You can find out what drivers are installed by typing the following.

lspci | grep -i wireless

If the driver for your wireless card can be not installed, the steps for installation vary. Visit the some sort of’s website for steps on how to install the drivers necessary for Debian Linux.

If the Pi boots up successfully, yet you can’t see an access point called “The Sonic,” try connecting a keyboard as well as running the following.


Check see if both Wi-Fi cards are detected, as well as if an interface named “wap0” can be present. If you can’t find an interface named “wap0,” type the following.


This particular will run the script in which checks the current state of the Raspberry Pi’s built-in Wi-Fi interface. If in which can’t find the interface, there may be a problem with the built-in Wi-Fi card on your Raspberry Pi.

In in which case, try using a second Raspberry Pi if you’re lucky enough to have another one around, or double-check the Wi-Fi card using a different Raspberry Pi image such as Raspbian as well as a monitor.

Don’t Miss: Set Up a Fake SMB Server to Capture Domain Passwords

If none of the above seem to help, there may have been a mistake when you first imaged your SD card. Try re-imaging the card as well. You can also look at the documentation on the website here.

Step 5: Using the Sonic

Once we’re connected, the planet can be our oyster! Well, at least the parts of the planet with serious security flaws. Before we do anything though, we’re going to want to connect to Wi-Fi, since the current connection will not serve data to our phone or Pi. Thankfully, The Sonic incorporates a built-in web application in which makes those sort of otherwise tedious terminal tasks very trivial.

By default, the web application can be located at Just punch in which address into the browser on your smartphone, as well as you’ll be greeted by a prompt for a username, as well as then a password. By default, the username can be sonic as well as the password can be password.

Here, we log in to the Sonic Pi web application.

Once you’ve done in which, the main menu will come up as seen on the left-hand side below. The menu design can be definitely basic, yet in which’s to the point. By tapping “Wifi Manager,” we can quickly list Wi-Fi points around us (seen on the right-hand side).

inside the Sonic web app, the main menu (left) as well as the Wifi Manager (right). The AP names have been hidden for privacy.

The access points we see are listed by signal strength. In This particular example, all of the access points with “(Open)” are a part of a Wi-Fi network in which doesn’t have a password, yet requires authentication via a web portal to use.

Unfortunately we don’t have credentials. However being the smart hackers we are we, we can still get access anyway.

Step 6: Gaining Access to a Network

In order to bypass the web-based authentication with This particular network, we first need to understand how the authentication keeps track of its users. Just like certain websites use cookies to pre-authenticate users who have already logged in, these types of networks log the MAC addresses of clients to keep track of whether a device can be authorized or not.

So what we need to do can be find the MAC address of a client already connected. The Sonic makes This particular process incredibly easy for us. If we hop back into the web app, we can find some pretty nifty features.

inside the Wifi Manager, let’s tap on the button for the network we are trying to hack into. We’ll be greeted using a screen similar to the one on the left below. Here we see a couple options: We can either connect to the network or do some wireless sniffing as well as see all of the clients connected to the network. Of course, we want to snoop, so we tap “List Connected Devices.”

Upon tapping This particular button, the Sonic will open a completely new tab in which will start scanning for connected devices. Basically, a background process running Airodump-ng through the Aircrack-ng suite will process the output as well as show us the results. This particular process takes about 33 seconds to load, so you’ll have to be patient.

This particular feature can be currently the only one in which doesn’t work inside the Safari browser. Safari doesn’t support the completely new tab JavaScript function the Sonic uses. Plans are in place to extend support to Safari once additional features have been implemented.

Step 7: Changing Our MAC Address

Once the web app has finished loading, we’ll be presented using a list of client MAC addresses. By simply tapping one, we’ll be sent to the MAC Changer page where all of the necessary data will have been sent to assign our device This particular completely new MAC address. today, all we have to do can be go back to the Wifi Manager as well as connect to the point. We’re in like Flynn!

in which can be worth noting in which by doing This particular, you will most likely disrupt the service of whoever the device you are masquerading as belongs to. With This particular in mind, the attack isn’t exactly stealthy.

yet putting in which aside, today in which we can connect to the network, there truly isn’t much we can’t do. The Sonic can be set up to route its built-in Wi-Fi access point through the access point in which’s just connected to in order to connect to the internet. This particular means you can still access the internet through your phone, once The Sonic can be connected to a nearby access point.

through here, we possess the ability to sniff local traffic, spoof a DNS server, run exploits on network devices, as well as just about anything else you could do through a Kali Linux laptop or desktop. The beauty of The Sonic can be how portable as well as stealthy the device can be.

Get started out & Unleash Your Inner Hacker

Again, while the project can be still very completely new, the foundations of The Sonic make in which a plug-as well as-play hacking tool like no various other. The Sonic can be being actively maintained right today, as well as completely new features are being added to the web app to make in which much more intuitive as well as convenient to use.

If you want to be able to wield The Sonic to its full potential, you’ll have to first master Kali Linux. Keep scrolling through Null Byte as well as drinking in all of the hacking goodness we have here!

Feel free to comment below with questions or contact me on Twitter @xAllegiance.

Cover photo by SADMIN/Null Byte
Screenshots by allegiance/Null Byte

Leave a Comment

Your email address will not be published. Required fields are marked *

4 × 4 =