When we first reviewed the Pwnie Express Pwn Plug back in April, we came away with the impression that Pwnie Express was on the verge of something big, but that the total product wasn’t quite there. While there was no question Pwnie Express had put together a winning combination of hardware, the software had the distinct impression of being a work in progress. Based on an OS that was past its end of life, and running outdated security tools, it was clear the software needed a makeover to do the rest of the Pwn Plug product justice.
Fortunately, our interview with CEO Dave Porcello made it clear a vastly improved version of the system software was coming, completely revamping the system internally and adding a slew of new tools and capabilities at the same time.
Earlier this month, the 1.1 update hit for commercial Pwn Plug devices followed closely by the free community edition. As promised, this update modernizes and expands the existing Pwn Plug product into a much more capable and flexible tool, and adds some very interesting new features.
Installation and Documentation
I couldn’t do a review of the new 1.1 software without mentioning the installation process: for lack of a better word, it’s a hassle. Upgrading the Pwn Plug involves more intricate steps and contains more pitfalls than the average consumer could manage. That said, the Pwn Plug owner is not quite what you could call an average user, so perhaps we can forgive Pwnie Express a bit here.
Thankfully, this update process is a one-time event, as future updates can be handled more gracefully thanks to the vast internal software improvements. It’s also worth noting that newly purchased Pwn Plug’s are shipping with 1.1 pre-installed, so the upgrade process only applies to existing Plug owners.
The official documentation walks you through updating your Pwn Plug over the network, and last month we published a slightly different method that uses a USB flash drive instead. No matter which way you go, set aside at least an hour you can dedicate fully to reading the instructions and making sure you go through the process exactly.
As I mentioned in the original Pwn Plug review, Pwnie Express does a fantastic job with their documentation. The 1.1 release is no different, being even more detailed and polished than the previous version. Printing out a copy of the current manual is highly suggested so you’ll have the material on hand if there is any part of the Plug’s configuration and use that isn’t immediately obvious:
The biggest change for the 1.1 software release is that the underlying OS has swapped from the outdated Ubuntu 9.04 to Debian 6 (Squeeze). This instantly fixes many of the most serious problems from the previous software release, such as the lack of security updates and outdated tools. Using straight Debian as opposed to Ubuntu makes a lot of sense on a device like this; Debian’s lean nature and maturity make it an excellent choice, and I give the Pwnie Express team a lot of credit for going that route rather than just slapping the latest Ubuntu release on it.
Along with the updated OS comes a whole new suite of tools and updates to the existing roster. The outdated and somewhat weak tool list from the previous software release really hindered the Pwn Plug as a serious security tool, and it’s good to see this issue largely resolved. Just as before, you are also able to build new tools right on the hardware as GCC and the full development suite has been crammed into the Pwn Plug’s relatively limited internal flash.
Speaking of internal flash, this release makes use of the newer Unsorted Block Image File System (UBIFS), a filesystem designed for flash disks and successor to the Journalling Flash File System (JFFS). UBIFS is much faster than the older JFFS, and offers improved wear-leveling to extend the life of the internal flash device.
One thing missing from this new release, just as with the previous, is a pre-configured repository of up-to-date security tools maintained by Pwnie Express. Given that one of Debian’s greatest strengths is it’s package management system and ability to utilize multiple repositories, it seems strange that Pwnie Express would yet again neglect to setup their own repository for updates and new tools. Computer security is a rapidly changing game, and not being able to instantly react to a new exploit can cost you. With a Pwnie Express-maintained repository, new tools or exploits could be pushed to all Pwn Plug’s in the field within hours of their release.
From speaking with members of the Pwnie Express team, my impression is that this functionality is planned and definitely on the table for the near future. Pwnie Express is planning on showing a few new products at DEFCON in July, so perhaps we’ll get more information then.
If you’re coming from the previous Pwn Plug release, the first thing you’ll notice is the much improved boot time. From power on to login is now around 20 seconds, greatly improving over the original software. I remember more than a few times wondering if the Plug had frozen up while starting under the old software, as there was such a large delay any no immediate way of telling what the device was doing (unless you booted up with the serial console connected).
The next obvious change is that the Pwn Plug is now setup with a static IP address by default: 192.168.9.10. In the previous Pwn Plug software release, the Plug would simply grab a DHCP lease from your network, but that made it easily detectable if you were using it in the field. By using a static IP instead of DHCP, Pwnie Express has made sure that you don’t inadvertently advertise yourself before your pentest has even begun.
The static IP was a wise choice by Pwnie Express, as it’s in a subnet which is very unlikely to be seen under normal circumstances. Had the Pwn Plug been setup to take a more common address (such as 192.168.1.1), it would have likely caused IP conflicts and complicated setup.
So within the first 30 seconds of operation, the Pwn Plug 1.1 software has proven to be better engineered than the previous releases: things are off to an excellent start already.