Bananagotchi for the Future

This is a big one

Build enhancements

The build scripts have been cleaned up and now work for Armbian build and Debian Image Builder. The Makefile will build for armbian. To use with Debian Image Builder, symlink the "files/uscripts" directory to pwny-builder. Pi-gen shouldn't be too far off.

It's a Nexmon-omenon!

The nexmon module is now being built as a DKMS module, which automatically rebuilds (mostly) when the kernel updates. This means you can more safely "apt upgrade" on a bananagotchi without losing pwnability. (The dkms module also works on raspberry pi).

Kernel up

The nexmon module has been modified to work on linux kernels 6.12 and 6.13, which are the "current" and "edge" on Armbian right now.

High speed build

The dkms-ification seems to make cross compiling work better. The image accompanying this release was built on a VM on a M3 Mac. It is blazingly fast, compared to the Intel iMac for previous builds. Like 4 minutes instead of 48.

New Features!

More than just the OS updates. There's new pwny features!

Next in the Rotation

Bananagotchi has been the testbed for a few features that have made it into jayofelony pwnagotchi recently. You can rotate the screen to 0, 90, 180 and 270, so you can have "vertical" layouts. To go with that, tweak_view is starting to support profiles, so you could save your "horizontal profile", switch to 90, reconfigure, save to a "vert profile", then switch back and forth on the fly. (Via tweak_view web hooks. read the source code and try it out. explanation is beyond the scope of this README).

Touch your Pwny

The webUI is now clickable (this is not in jayofelony yet). Plugins can add a "click_url"attribute to any UI element. If you click within the invisible rectangle around that element, it will redirect to the click_url. For example, clicking in the "mode" in the bottom right corner will go to Auto-tune settings. More usefully, the display-password plugin will pop up a QR code if you click on the SSID/password. Click the QR code to dismiss it.

More handshakes

Work in progress. It has been noted that bananagotchi would stop getting handshakes after a while, even moving to a new place. If you restart, it would almost immediately get a few more, then nothing again. I think I'm tracking it down, but I added some watchdog checks to auto_tune that will restart pwnagotchi if it's been a while since it got handshakes.

Double your images, Double your confusion

pwny-builder works with armbian-build and debian-image-builder (and maybe pi-gen). The images from both builders are included below. The Armbian build (bananapwnm4zero) works better on V1 boards, and the "DIB" build (bpwn-deb-m4zero) works better on V2 boards. V1 board has the exposed Realtek wifi chipset. V2 has the covered "KEIIOT" wifi chipset.

D I Why? Because you can!

First release in the new digs!

I am moving releases from Sniffleupagus Pwnagotchi into here, since it's more about the build scripts at this point. It still installs the Sniffleupagus fork, which has been modified for bananapi m4zero. This release brings some pretty good improvements over the last one, especially on the V2 bananapim4zero.

The DIY-1.0.0 tag is the files and scripts used to generate this image. This current version can build a working pwnagotchi on bananapim4zero using armbian-build. It might do something useful on a bananapim2zero, but it is untested. It will build a pwnagotchi that crashes on injection on a Radxa Zero 3w. You can try it out with any Armbian board target. Copy the config-bananapim4zero.conf as a template, and change things as needed.

Release Notes

FAT /boot partition

This build has a separate FAT partition for /boot, with ext4 /root, like a Raspberry Pi OS Image. The boot partition should be accessible on almost any computer. The partition is 2GB, with the remainder of the SD-card expanded for the root portion on the first boot. This can be used to pre-configure your pwnagotchi from a backup. The boot partition should appear as a drive named "armbi_boot".

After flashing the SD-card, you can copy an old "/etc/pwnagotchi" to "/boot/pwnagotchi". Those files will get moved into /etc/pwnagotchi the first time pwnagotchi is run. It should include id_rsa, id_rsa.pub, fingerprint, config.toml, tweak_view.json, etc., and then the Pwny will come up with that old identity on its first run.

Even better, you could copy a pwnagotchi backup, as described in this reddit post. Probably don't copy /boot/cmdline.txt and /boot/config.txt from a Raspberry Pi to a Banana Pi. I'll try to remember to filter those out when unpacking in the next release. It probably won't actually do anything, but certainly doesn't help anything. Anyway, place the pwny-backup.tar.gz (name must be exact) in the boot partition of the SD card, and it will get restored, then deleted on the first boot only. If you do not place the file before the first boot, it will not be picked up.

Since the boot partition is now easily accessible, handshakes are captured in /boot/handshakes. After you take your pwny for a walk, you can come home, put the SD card into you computer, and easily access the new handshakes. If you are restoring from an old pwnagotchi, you can copy the handshakes and SSID gps.json files into /boot/handshakes. There is a symlink back to /root/handshakes, in case plugins look for handshakes there.

GPIO Mostly working for Both Versions

GPIO is full-ish supported on both versions of the M4Zero, using a modified fork of RPi.GPIO. Waveshare e-paper and Pimoroni Displayhatmini have been tested. UART GPS

I2C for the PiSugar and other UPS boards works on both boards. On V1, the i2c bus is "4", so plugins will need to be edited. On V2 boards, it is i2c bus 0. Plugins may need editing if they are expecting 1. The included ups_hat_c plugins will take a .i2c_bus option in config.toml, like:

main.plugins.pisugar3.i2c_bus = 4
main.plugins.ups_hat_c.i2c_bus = 0

The pisugar3 plugin needs to be updated from here, but it will be in the next build.

The GPIO uart on pins 8 & 10, frequently used for GPS connections, is probably working on both boards. It works for sure on V1 as /dev/ttyS1 (uart1). It might work on V2, but I do not have a GPS connected to that board. On V2, it is /dev/ttyS4, which does not give me an error when I cat /dev/ttyS4, which is promising.

DummyDisplay for Hi-res Headless Pwny

If you don't have a GPIO header, or don't want a screen on your banana, you can set up a "dummy" display type. In config.toml, set it with whatever dimension you want, for example:

ui.display.type="dummydisplay"
ui.display.width=480
ui.display.height=720
ui.colormode="RGB"
ui.foregroundcolor="DarkBlue"
ui.backgroundcolor="LightYellow"

to get much higher resolution and full color in web UI. The default layout uses math to try to place things in the "right" places, but it is rough. Use the tweak_view plugin to move things around, change font size, and change colors. Better yet, turn on FancyGotchi and personalize a theme!

DisplayHatMini looks better than ever

You can also use the color settings with screens like the Pimoroni Display Hat Mini, and not be stuck in monochrome. The backlight on Displayhatmini can be dimmed and brightened using RPi.GPIO pwm. The "display_settings.py" plugin shows how to change the background color and brightness in response to pwnagotchi action. Software PWM can be a little flickery.

E-paper displays will dither colors. Some colors work better than others.

More Plugins

This release includes even more plugins:

• gpsd-easy - easy GPS setup
• UPS-HAT-C plugin - display power and charging state for Waveshare UPS-HAT-C
• Neonlightning plugins - Weather2pwn, IPDisplay, and a lot of others
• FancyGotchi - theme manager for pwnagotchi
• PwnSpotify - show your current song info
• wardriver - requires GPS
• Wall of Flippers - wof.service is enabled by default. WoF probably does not work on V2 boards, since there is still no bluetooth. The service will be disabled on V2 boards when the V2 overlay is enabled and the pwny reboots.

aic8800

The Radxa-supported aic8800 wifi driver is now included. On the Radxa zero3w injection (association or deauth) causes a kernel panic, so it may not be ideal for pwning. I use a small aic8800 dongle on my bananapim4zero to access my LAN, and the internal wifi, with external antenna, does the pwning.

Bug Fixes

• Plugin glitches should not cause the pwny to delete id_rsa and fingerprint files. It was

Known issues

• V2: bluetooth still has no controller. still no clue how to fix that.
• One of my V1s seems to freeze after a while.
• V1 wifi becomes "mon0" the first time it is flipped to monitor mode after rebooting. Subsequent changes do not change name. I've put code into bettercap-launcher to try to rectify that situation if/when it happens.

Username: pwnagotchi
Password: pwny1234
Root Password: pwny1234