HOW to install and use L-ReCon

Contents:

L-ReCon installation guide for dd-wrt routers

What you need:

Installation steps:

    • Install dd-wrt firmware on the router following the firmware upgrade instructions that are specific to your router
    • Decompress the content of the L-ReCon distribution inside the USB stick using the following command on a Linux shell in the root directory:
      tar zxf l-recon.tar.gz.
      This operation will create a USB key that contains all the files that are needed to run L-ReCon.
    • Insert the USB stick in the router’s USB port.
    • Connect to the web interface of the router (usually http://192.168.1.1) and change the “Router Name” in the Setup/Basic Setup configuration page to “recon.wrt”.
      In this operation a different name can be chosen, but in such a case, any instructions that refer to this name also have to be changed accordingly.
    • Go to “Services/USB” in the configuration page and:
      1. Enable core USB support, USB storage support, automatic drive mount.
      2. Run-on-mount script name: /opt/boot-chroot.sh
      3. Mount this partition to /opt: copy the UUID of the ext4 partition of the USB key (you should be able to see it on the same page)
      4. Click Save and Apply Settings
        This operation is needed to recognize the USB stick and start L-ReCon automatically every time the router starts.
    • Go to “Services->Services” in the configuration page and put the following line in the “Additional DNSMasq Options” field:
      dhcp-script=/opt/opt/meddle/reconwrt/dnsmasq-event.sh
      Then Save and apply settings.
      This command is needed to have the DHCP server of dd-wrt (called DNSMASQ) notifying L-ReCon for any new connection and then start analyzing it.
    • Configure any other router option (e.g., Wi-Fi name and password, router accounts, etc.).
      Save, Apply settings, and reboot the router with the USB stick inserted.
    • Wait two minutes for the restart to complete, and L-ReCon is now ready to be used on any device that is connected to the router Wi-Fi or LAN port.

L-ReCon installation guide for Raspberry Pi

What you need:

      • A Raspberry Pi 3 or Raspberry Pi 2 with external Wi-Fi module
      • An empty SD card with at least 16GB formatted using FAT32 file system and MBR partition table
      • The L-ReCon distribution, which can be downloaded from the tools section of this website

Installation steps

      • Copy Raspbian NOOBS  into the SD card (we tested version 2.9.0)
      • Put the SD card into the Raspberry Pi and install Raspbian (we tested the Lite installation).
      • Connect the ethernet port of the Raspberry Pi device to a LAN port of any modem or router with Internet connectivity and DHCP support. No configuration is required on the modem/router side.
      • Open the console on the Raspberry Pi (you can either use SSH or a keyboard/monitor directly connected to the Raspberry Pi). Default username and password for Raspbian NOOBS is “pi” and “raspberry”.
      • If SSH is not enabled, you can enabled it using the raspi-config tool. Using the same tool you can also set the name of the Raspberry Pi to “recon.wrt”. If this is not done, you can use its IP address instead of “recon.wrt” (the default is 192.168.100.1).
      • Copy lrecon-XXXX-XX-XX.tar.gz to the directory /home/pi on the Raspberry Pi and then move to such directory:
        cd /home/pi
      • Decompress the content of the L-ReCon distribution:
        tar zxf lrecon-XXXX-XX-XX.tar.gz.
      • Enter the directory opt/meddle/l-recon-pi
        cd opt/meddle/l-recon-pi
      • Execute the setup-master installation script and follow the instructions. It will ask for the pi user password (chosen during Raspbian installation), the name of the Wi-Fi, and the Wi-Fi password.
        sudo ./setup-master
      • Shutdown the Raspberry Pi.
        sudo halt
      • Unplug and replug the Raspberry Pi from its power supply and wait 2 minutes for the restart to complete. After this L-ReCon is now ready to be used on any device that is connected to the Wi-Fi network created above.

L-ReCon quick user guide

Once L-ReCon has been installed and the router or Raspberry Pi device restarted, L-ReCon is automatically active and will be processing all the traffic that is sent from all the devices connected to its Wi-Fi, including mobile phones, laptops, and any IoT devices.

The interaction with L-ReCon happens using a web interface that can be accessed from all the devices connected to the router or Raspberry Pi: http://recon.wrt:8080 (NOTE: http:// in the URL is mandatory). If the router or Raspberry Pi have a different name, you can use such name. The local IP address can also be used (for example http://192.168.1.1:8080 or http://192.168.100.1:8080)

The interface will show on its main screen the list of PII that have been leaked by the same devices visiting the web interface, if any. The same interface also provides a link to activate or disable TLS interception providing guided installation instructions that are automatically customized based on the device that is being connected (e.g., Android, iOS, and the most popular web browsers). The list of PII leaks in the web interface is updated automatically every 30 seconds, but the wait time may be higher depending on the amount of users connected and the CPU speed/RAM of the router/Raspberry Pi.

Known bugs and issues

L-ReCon is alpha software in its early development phase, therefore it has some limitations and known issues. The most important ones are listed here:

    • L-ReCon will slow down your connection because all the traffic has to be processed by the router processor.
    • L-ReCon will look for PII (including passwords) from the traffic of all devices connected to the router, so can be potentially abused if an unaware victim connects to the Wi-Fi. To limit this problem L-ReCon has TLS interception disabled by default.
    • L-ReCon will only show the PII to the device that has shared them. This works for IoT devices companion apps and IoT devices with a web browser. We will add visualization for other IoT devices in future versions.
    • Since we released our first version of ReCon in our previous ReCon project, app developers increased the privacy of their applications and/or made more difficult for us to detect privacy leaks, therefore there may be false negatives/positives for recently updated apps.
    • Android v7 or higher does not allow by default L-ReCon to use TLS interception for apps that target such platform. There is no way to change this behavior other than rooting the Android device.
    • Several apps (such as banking apps, facebook, and other popular apps) do not trust L-ReCon TLS certificates and change their destination address frequently. This prevents them from working correctly when TLS interception is active. To solve this problem L-ReCon whitelistes automatically the domains contacted by such apps, therefore some applications may need several attempts before working correctly.
    • When TLS interception is disabled the amount of leaks found is very low since TLS adoption is increasing over time.