WiTi Board and OpenWRT

UPDATE 20160107: Witi patches got into OpenWRT mainline, but there is SD breakage in mainline, so I still do not recommend using OpenWRT master/trunk for WiTi. As soon as it gets fixed, it should be good to go. Until that moment, I recommend using my branch.

Just got my WiTi Router board today. I’ve supported WiTi project on Indiegogo and was lucky enough to get it on time. It is manufactured by MqMaker. It’s really nice device for running OpenWRT. The problem is that support for WiTi is still not in the OpenWRT mainline.

Original author (manufacturer) did not follow git workflow, but added patches to specific OpenWRT version, so it’s hard to check changes against OpenWRT mainline. He actually sent pull request to the Github page of Openwrt, but did not know they don’t accept pull requests from there (they will be ignored). His changes are available through his pull request.

Nitroshift had nice initative of having it in the OpenWRT mainline, but so far he have managed to submit few patches to the official OpenWRT mailing list. You can check his fork of OpenWRT here. OpenWRT page of this router is available here and forum discussion is here.

Being security consciousness, I wanted to see the differences from the mainline and go through them myself. In that process, I have managed to make witi branch on github which is fork from official OpenWRT mainline. It is basically nitroshift patch, but with few critical fixes in order to boot up board normally (no need for serial cable). You can check differences between OpenWRT mainline (master) and my patches here.


Read more of this post

Nmap 5.61TEST4 on Android

Since Fyodor released Nmap 5.61TEST4 version, I had to compile it for Android as well. Nmap works on both rooted and non rooted phones. On non rooted phones you will be limited to functions which are possible as non-root user (i.e. no OS fingerprinting, SYN scan, etc).

Google released android-ndk-r5b which have infamous output problem fixed. Therefore, nmap android binary now works perfectly. Also, new NDK implements (almost) all C++ – therefore Crystax is not needed any more. In short, that means that build process is much simplified.


It is available at usual location:

Note that it is built for Android on arm architecture statically. Therefore, you should build from source if you’re using other platform than standard arm.

How you should install it?

  • extract nmap-5.61TEST4-android-arm-bin.tar.bz2 to opt directory of the root of storage location. That means /sdcard/opt
    cd /sdcard/opt
    tar xvjf nmap-5.61TEST4-android-arm-bin.tar.bz2
  • check that you have following directory structure: /sdcard/opt/nmap-5.61TEST4
    ls /sdcard/opt/nmap-5.61TEST4
  • As you cannot execute from sdcard by default, you have to copy nmap binaries from bin/ to somewhere where you can execute. If you did not root the Android – that probably means /data/data/jackpal.androidterm/nmap is good place as you will probably run nmap from terminal. Still, you can have data files and scripts on VFAT sdcard and you need to copy only nmap bin directory to somewhere where you have execute permissions (your phone, /sd-ext, /data/data/jackpal.androidterm depending on your type of phone/ownership, …).

    For example, on non-rooted Android you should do something like this (as cp is not possible on most of the Android phones):

    mkdir /data/data/jackpal.androidterm/nmap
    cat /sdcard/opt/nmap-5.61TEST4/bin/nmap > /data/data/jackpal.androidterm/nmap/nmap

  • run nmap
  • Compilation

    You need to have Linux based OS, as we have tested building it on Linux only. Scripts are for building arm based binary. You need to modify the build in order to compile it for other platforms.

    Download android helper Makefile and patches here:


    Extract it to Nmap dir. That means you should have android directory inside nmap directory. Go to to nmap-dir/android and run make.

    You can do “make doit” which will automatically download Android NDK (~40 Mb) and build nmap. or If you have NDK already installed, you should edit android/Makefile for NDK path and run “make havendk”.

    Note: patches are not perfect. Some of them are kludgy until nmap devs decide how they want to proceed with patches.

  • that’s it
  • Wiki

    I’ve made pages for Nmap on Android and Kindle on https://secwiki.org, so up-to-date information regarding these two ports you can always find there:



    Good luck and let me if it works for you!

    Metasploit on Amazon Kindle

    Metasploit running on Amazon Kindle

    Metasploit running on Amazon Kindle

    Since Nmap and Ruby is working on Kindle (check my previous posts how I’ve done that), next step is Metasploit – of course! Let me tell you immediately, no patches to Metasploit needed. You can run full blown version of Metasploit with Kindle’s 256 MB of RAM, but dont’ expect miracles.


  • http://ftp.linux.hr/kindle/ruby-1.9.3-p0-kindle-bin.tar.bz2
  • http://downloads.metasploit.com/data/releases/framework-latest.tar.bz2
  • Install

  • Create opt directory and extract files there
    mkdir /mnt/us/opt && cd /mnt/us/opt
    tar xvjf ruby-1.9.3-p0-kindle.tar.bz2
    tar xvjf framework-latest.tar.bz2
  • Test that you have following directory structures:
  • export HOME=/mnt/us
  • and run metasploit
    cd /mnt/us/opt/msf3/
    ../ruby-1.9.3-p0/bin/ruby msfconsole
  • I have made small script in /mnt/us/opt which starts msf, so I don’t have to do it every time. It’s straightforward:


    export HOME=/mnt/us
    cd /mnt/us/opt/msf
    ../ruby-1.9.3-p0/bin/ruby msfconsole

    Let me know if it works for you!

    Ruby on Amazon Kindle

    Porting Ruby on Amazon Kindle was not too hard. I’ve just reused my cross compiling environment for Nmap. There were few changes required in the source (ext/socket/extconf.rb) due to IPv6 structures used even if you disabled IPv6. The rest was straightforward.




  • Create opt directory and extract files there
    mkdir /mnt/us/opt && cd /mnt/us/opt
    tar xvjf ruby-1.9.3-p0-kindle.tar.bz2
  • Run

  • Just call the ruby binary
  • …or invoke interactive Ruby shell:
  • Compile

    For building statically linked Ruby, I have used appropriate scratchbox for kindle and following command line:

    ac_cv_linux_vers=2 ./configure --prefix=/mnt/us/opt/ruby-1.9.3-p0 --host=arm-none-linux --with-baseruby=/opt/ruby-1.9.3-p0/bin/ruby --with-static-linked-ext --disable-shared

    Note that –disable-ipv6 and –without-ipv6 does not work any more.
    I have made following changes in order to compile the source:

    Nmap on Amazon Kindle

    Amazon Kindle running Nmap

    Amazon Kindle running Nmap

    Since Nmap is already ported to ARM architecture including Android, I’ve managed to successfully compile 5.51 version of Nmap on Amazon Kindle just recently. This port to Amazon Kindle was pretty straightforward. No source patches were needed.


    I’ve just compiled newer version(5.61TEST2 to be exact) of Nmap with OpenSSL support. Initial version (5.51) did not had OpenSSL compiled in. It is available at usual location:

    How you should install it?

  • extract nmap-5.61TEST2-kindle-bin.tar.bz2 to opt directory of the root of storage location. That means /mnt/us/opt
    cd /mnt/us/opt
    tar xvjf nmap-5.61TEST2-kindle-bin.tar.bz2
  • check that you have following directory structure: /mnt/us/opt/nmap-5.61TEST2
    ls /mnt/us/opt/nmap-5.61TEST2
  • run nmap
  • Tips

    If you’re not familar, few usual tips. Thanks to various Kindle enthusiasts it is possible to get shell terminal directly on Kindle, so you can run nmap directly from Kindle (you can also run it through ssh – of course!). I’m talking about Kindle 3. Take a look at Amazon Liberation Project and specifically this blog post.


  • Download appropriate scratchbox for kindle
  • run configure
    ac_cv_linux_vers=2 ./configure --host=arm-none-linux --prefix=/mnt/us/opt/nmap-5.61TEST2 --enable-static
    --without-zenmap --with-pcap=linux --with-liblua=included --with-libpcap=internal
    make install
  • that’s it
  • Sample session from initial version

    [root () kindle root]# uname -a
    Linux kindle 2.6.26-rt-lab126 #5 Thu Sep 8 22:30:01 PDT 2011 armv6l unknown
    [root () kindle root]# head -5 /proc/cpuinfo
    Processor : ARMv6-compatible processor rev 3 (v6l)
    BogoMIPS : 255.59
    Features : swp half thumb fastmult vfp edsp java
    CPU implementer : 0x41
    CPU architecture: 6TEJ
    [root () kindle root]# /mnt/us/nmap-5.51/bin/nmap

    Starting Nmap 5.51 ( http://nmap.org ) at 2011-12-11 07:18 CET
    Nmap scan report for localhost.localdomain (
    Host is up (0.00013s latency).
    Not shown: 999 closed ports
    22/tcp open ssh

    Nmap done: 1 IP address (1 host up) scanned in 1.38 seconds

    Good luck and let me if it works for you!