TL;DR: I was preparing my tools for my first on-site assessment. The scope of the engagement included some possible wifi audit/site survey, figuring the Hak5 Wifi Pineapple (tm) is really popular, I wanted to see about bringing one to try it out in a real engagement. I decided on the Archer AC1750 as the hardware, and with some fighting did manage to get the Tetra firmware flashed over, there are some takeaways though; the documentation kicking around is missing some specificity, and in the end I don’t think the ordeal was really worth it compared to just carrying an Alfa.
The Hardware
Unbeknownst to me, the Amazon listing for my AC1750 was refurbished, so it did end up cheaper than expected. I ended up paying approx 60 maple bucks for mine, and the regular price is closer to 100, so YMMV on pricing. It still beats the entry cost of a Pineapple VII though if you do really want one.
Since this was for an on-site engagement, I wanted a way to power the device without plugging into the wall. I ended up grabbing a 12V to barrel adapter from amazon
This adapter did kind of fight me once in a while and required a couple of attempts to turn the device on, I assume something to do with the usb power handshake; with some fiddling it did work and powered the device alright.
The one weirdness with the whole thing, was that only one of my two power banks would handshake properly and provide sufficient voltage/amperage. My USB-PD Ravpower would power the device, but my little modern lipoly Anker does not (which coincidentally works better with other USB-C devices). So it may take a couple of tries to get a bank that reliably powers your device.
The Process
The firmware builder and guide I followed was Sammy Younsi’s Sweet Pineapple Builder. The project itself was reliable and it was straightforward to build the right firmware (or simply grab an existing build from the repo). The project is great.
I run Arch btw, and there were some issues with dependencies since the project is on the older side. It ended up being markedly easier just to use Docker to build the firmware, 7/10 recommend.
After building or otherwise getting the correct firmware version, in this case archer-c7-v5, you need to flash over raw openwrt first. I couldn’t manage to get the router to go from the shipping firmware over to the customized openwrt image. The router’s got hands, so in the end after a tonne of fighting with failed flashes, I found that I had to flash over a rather old openWRT 19.0 since this is the version that Sweet Pineapple is based on.
I simply could not get the router to successfully flash with a more recent openWRT, or directly over to the Pineapple firmware.
It’s important to note that the router explicitly looks for 192.168.0.66; so you do in fact need to statically assign an IP, otherwise it won’t find the tftp server. It is beneficial to follow the generic OpenWRT guide. Doing a recovery flash with OpenWRT 19.0, and then doing a followup flash with the Sweet Pineapple build was finally successful. Think of it as the equivalent of a downgrade flash followed by a sidegrade flash.
Was it worth it?
God no. I do wish I had listened to some of the general advice that the Pineapple isn’t really an improvement over aircrack, airmon, eaphammer, etc. In fact, it was actually easier to perform deauth attacks from the commandline than it was from the UI on the Pineapple (possibly just simply due to the plugin fighting me, I had more luck with the Alfa).
I can’t speak to the current state of the VII models, but the Tetra ended up just being a waste of limited luggage space, I won’t be traveling with it again. It ended up being better to simply use a usb-c Alfa and commandline tools. Between the Tetra being out of date, and not really adding any functionality over and above a skilled hacker with a decent laptop, it’s just added weight that doesn’t really provide anything. Perhaps if one needed the portability (and concealability) of the real Pineapple, grab a new one from Hak5, but don’t bother lugging around a router for exercises.