Back to the Future: Pwn Pad Review


It was nearly one year ago that we took an in-depth look at the Pwnie Express Pwn Plug, a security appliance that absolutely exploded its way onto the scene. By combining an off the shelf hardware platform that was well supported by open source software, custom software front-end, and the experience and knowledge of their team of security researchers, Pwnie Express managed to create something totally unique.

Taking an existing product, remixing it, and then redistributing your improvements is the very core of the free and open source movement. It’s the freedom that you are guaranteed by licenses like the GNU GPL. Indeed, protecting the freedom to adapt and redistribute is the whole reason those licenses exist.

Pwnie Express brought that same ethos into the Pwn Plug, and they were rewarded with staggering success. While they’ve put out a number of software and hardware products since, the winning combination of widely available hardware and community developed software that made the Pwn Plug a reality has remained their greatest commercial and critical success.

For 2013, the team at Pwnie Express is looking to repeat that success with the latest addition to their product line: the Pwn Pad. By taking what is arguably the most popular and best supported Android tablet available, the Nexus 7, and combining it with their software tweaks and real world knowledge of the security industry, Pwnie Express is adhering to the same formula that put them on the map.

Pwn Pad

At first glance, the Pwnie Express Pwn Pad looks like a regular Nexus 7 tablet. For good reason: that’s exactly what it is. There is absolutely no physical difference between the 32 GB HSPA+ Nexus 7 you’ll get when you purchase a Pwn Pad and the one you can get directly from Google. The only difference between the consumer Nexus 7 and the Pwn Pad version is the software that’s loaded up on it.

Is putting a custom ROM on a Nexus 7 worth considering it a whole new product? No, probably not. But when you purchase a Pwn Pad you aren’t technically buying a tablet, but more of a complete security kit. If all you wanted to do was get an Android tablet to play around with, then by all means go and buy one at the regular price. In fact, Pwnie Express even plans on making a free version of the Pwn Pad firmware available for existing Nexus 7 owners who just want to poke around with the system; just as they did with the Pwn Plug before it.

So what exactly is the Pwn Pad?


As already mentioned, the tablet Pwnie Express has chosen for the Pwn Pad kit is the 32 GB HSPA+ Nexus 7. This isn’t much of a surprise of course, the Nexus 7 is very powerful, extremely well supported both officially and in the community, and is comparatively cheap.

But perhaps the most important reason for choosing the Nexus 7 above other similar tablets is that it has proper support for USB host mode. Without USB host mode, it wouldn’t be possible to plug additional network interfaces into the tablet, greatly reducing its functionality as a serious pentesting device.

Granted it would be nice to use a tablet which featured full size USB ports rather than the Nexus 7’s Micro-USB, but unfortunately there aren’t a whole lot of choices in that market. Pwnie Express likely would have been forced to make some serious compromises in terms of performance and software support if they went with one of the less popular tablets that had full size USB, so you can’t really fault them for going with reliability over pure convenience. As it stands, all of the external hardware that comes with the Pwn Pad kit has to be connected with the included Micro-USB “pigtail” style adapter.

The USB hardware included with the Pwn Pad is really one of the main selling points of the kit, as it has all been matched to the software installed on the Nexus 7. If you had to use only the meager internal WiFi and Bluetooth radios on the Nexus 7, you’d be constrained by both their relatively poor performance (in terms of sensitivity and range) and their limited chipset and software support. To say nothing of the fact that working on wired networks would be impossible without using the included USB to Ethernet adapter.

As of this writing, the Pwn Pad kit contains the following external devices:

TREDnet TU2-ET100

Not much to say about this one, just your average USB to Ethernet adapter. This one happens to have native Linux support courtesy of TRENDnet, though realistically I’ve never used one of these that didn’t have some kind of Linux support, official or otherwise.

TRENDnet TU2-ET100
TRENDnet TU2-ET100

The TU2-ET100 is fairly small and light, though it’s rather annoying that the adapter has its own pigtail on it, which then connects up to the Micro-USB pigtail. This makes for something of an ungainly setup, unfortunately.


This small USB WiFi adapter is very well suited to pentesting work, as it features not only the extremely well supported Atheros AR9271 chip, but an external antenna jack with RP-SMA connector. The TL-WN722N is capable of monitor mode, master mode, and packet injection, making it an excellent choice for the collection of software installed on the Pwn Pad.


SENA Parani UD100

The Parani UD100 from SENA is a high performance Class 1 Bluetooth adapter that can extend the effective range of Bluetooth up into the hundreds of meters. This particular Class 1 adapter is much smaller and lighter than other high performance hardware from companies such as AIRcable, which makes it a natural choice for mobile work.

SENA Parani UD100
SENA Parani UD100

The included 1 dBi antenna is cute, but you’d do much better to connect up something with higher gain to really extend your range. Conveniently, the UD100 uses the same RP-SMA connector as the TL-WN722N, so you can simply use that to widen your effective area.

Interestingly enough, the Pwn Pad’s included tools don’t seem to be able to make use of the Nexus 7’s internal Bluetooth hardware. So while some of the tools on the Pwn Pad will let you use either internal or external WiFi, you’ll always need to use the UD100 if you are working with Bluetooth.


Finally, it’s worth mentioning that the Pwn Pad kit includes the poetic SLIMLINE case for the Nexus 7. Aside from simply protecting the Nexus 7 and being able to prop it up for hands-free viewing, Pwnie Express has put a strip of Velcro down the back of the case which mates up to the strips they put on all of the other devices. While a decidedly low-tech solution, this does let you quickly slap one of the external devices right on to the back of the case, and not have to worry about holding it separately (or worse, letting it dangle from the USB port).

About Tom Nardi

Tom is a Network Engineer with focus on GNU/Linux and open source software. He is a frequent submitter to "2600", and maintains a personal site of his projects and areas of research at: .