← @RoganDawes Twitter archive

Rogan Dawes

@RoganDawes

You may have seen other posts of mine about the @GLiNetWiFi AR750S Slate, suggesting I'm a bit of a fanboy. I've had their 6416 and AR300M routers too, which I've also liked.
This is a thread about some of the things I have done with my Slate, mostly from an infosec perspective.

08/12/2019, 12:27:45

Favs: 41

Retweets: 12

Rogan Dawes

@RoganDawes

I love the fact that all the GL.iNet routers are so small, that I never have to make a decision about whether there is space for it in my bag. While the 6416 and AR300M were a bit smaller than the Slate, there's still no question about whether to pack it or not.

08/12/2019, 12:27:45

Favs: 1

Retweets: 0

Rogan Dawes

@RoganDawes

Being powered from USB is awesome, too, as it means no 12V bricks taking up space either.
Multiple Ethernet ports (GbE on the Slate) open up all sorts of possibilities, and a USB host port mean you can expand them in any way you like.

08/12/2019, 12:27:46

Favs: 2

Retweets: 0

Rogan Dawes

@RoganDawes

Best of all, the Slate is built upon OpenWrt, which means that almost infinite possibilities exist to customise it they way you want it.
I've heard good things about the stock firmware. I wouldn't know, as I flashed mainline the day I got mine.

08/12/2019, 12:27:46

Favs: 3

Retweets: 0

Rogan Dawes

@RoganDawes

What's special about the Slate?
Firstly, 3(!) GbE interfaces. Very few travel routers provide Gigabit, so this is genuinely unusual.
2.4GHz and 5GHz Ath10k WiFi. The choice of WiFi hackers everywhere.
128MB RAM and 775MHz MIPS CPU for fun and games.
16MB NOR and 128MB NAND Flash.

08/12/2019, 12:27:47

Favs: 7

Retweets: 0

Rogan Dawes

@RoganDawes

I've used it conventionally as a personal AP in hotels, to access my ChromeCast when the hotel WiFi enforced client isolation.
And in Vegas to hook up multiple devices to the "pay per MAC" WiFi.

08/12/2019, 12:31:57

Favs: 2

Retweets: 0

Rogan Dawes

@RoganDawes

One of my favourite tricks is as a transparent Person in the Middle, using raw iptables, or with https://www.nccgroup.trust/us/our-research/phantap/ (in the OpenWrt repositories, even!). GbE means that you don't show up as an outlier on the switch status reports.

08/12/2019, 12:33:57

Favs: 4

Retweets: 1

Rogan Dawes

@RoganDawes

You can even switch easily between conventional br-lan and PitM use with an empty br-pitm interface. Break up the br-lan into eth0.1 and eth0.3, then you can add those to either bridge, even automated with the switch on the side of the Slate.

08/12/2019, 12:38:01

Favs: 1

Retweets: 0

Rogan Dawes

@RoganDawes

You can then access the PitM device using WiFi, or via the WAN GbE interface.
Neat trick for the WAN interface, BTW:
Make note of the IPv6 Link Local address, then you can always 'ssh root@ip6ll%eth0" or whatever NetworkManager has renamed it to!

08/12/2019, 12:40:03

Favs: 1

Retweets: 0

Rogan Dawes

@RoganDawes

I have recently used it as a host for @mame82 https://github.com/mame82/LOGITacker, with screen and picocom on the Slate. While LOGITacker does have headless mode, sometimes you want to see what actually happened. The Slate even has an internal USB header for more covert goodness!

08/12/2019, 12:42:05

Favs: 2

Retweets: 1

Rogan Dawes

@RoganDawes

@mame82 Some clients I "visited" recently had a Wireless Intrusion Detection system, which deauthed clients connecting to any unauthorised Access Points. OpenWrt supports 802.11w (authenticated management frames), and a checkbox in the UI to enable it, to prevent them ruining your day!

08/12/2019, 12:52:45

Favs: 2

Retweets: 1

Rogan Dawes

@RoganDawes

DNSMasq (the default OpenWRT resolver) has the useful ability to query different upstream DNS servers for different domains, for the case where you have multiple routes to different networks.
And of course, /etc/hosts for simple PitM scenarios!

08/12/2019, 12:52:45

Favs: 0

Retweets: 1

Rogan Dawes

@RoganDawes

An obvious use of the USB port is for a 4G/LTE modem. It doesn't make for the smallest of dropboxes, but it allows remote access to your device when needed. Ideally over a VPN, such as WireGuard or OpenVPN.
The Slate can do up to 68Mbps using WireGuard, btw!

08/12/2019, 12:52:46

Favs: 3

Retweets: 1

Rogan Dawes

@RoganDawes

I've used the Slate as a wireless client on a red team exercise. OpenWrt has good support for most wireless protocols (install the full wpa_supplicant package), as well as a nice GUI for the wireless noobs like me!

08/12/2019, 12:52:47

Favs: 1

Retweets: 1

Rogan Dawes

@RoganDawes

I used it for the whole day in my car with a 10000mAh battery pack, accessing a network about 100m away, and the pack was only on 50% by the end of the day!
The Slate has removable antennae (ignore the docs), with IPX connectors, and an RP-SMA should fit perfectly in the holes.

08/12/2019, 12:52:47

Favs: 2

Retweets: 0

Rogan Dawes

@RoganDawes

In my opinion, I have only begun to scratch the surface of what is possible with this router. It’s definitely one of the first tools I consider when faced with a networking conundrum!

08/12/2019, 12:53:37

Favs: 0

Retweets: 0

Rogan Dawes

@RoganDawes

My only wish is for USB Gadget capability, which the SoC is quite capable of. It just needs to be wired up somewhat differently, unfortunately.
Then it could replace 6 or more Hak5 gadgets, at a fraction of the cost!

08/12/2019, 12:55:11

Favs: 6

Retweets: 1

Rogan Dawes

@RoganDawes

I thought of another possible trick with the Slate:
When you have a single upstream Ethernet port, but need to connect 2 devices to it without NAT, just move the 2 LAN interfaces into the WAN VLAN, and you have a 3-port gigabit switch that won't get in your way.

07/02/2020, 07:14:49

Favs: 3

Retweets: 0