Series Video game Watch Dogs was released in 2014, infecting viewers with the idea of a magic smartphone that can change traffic signals, hack webcams and even remotely control forklifts. This may sound like science fiction, but The Sonic uses a custom build of Kali Linux to deploy all the power of Kali on any smartphone – all without having to create an access point to control it.
If you have ever tried to hack something from an iPhone then you know that this is not an easy task. There are several problems when you try to hack from a smartphone at once. Operating systems are incredibly limiting our capabilities. The closest to “hacking” that you will ever get on your iPhone is a banal port scanner.
You can jailbreak your iPhone or install Kali NetHunter on Android, but even in this case you will be extremely limited in those situations, when it comes to Wi-Fi hacking. In fact, the available hacking strategies expect too much flexibility from the devices, designed for a very specific purpose.
Log in to Sonic. It comes with all the pre-installed tools needed to manage Raspberry Pi right from your smartphone. This way we start to loosen these notorious chains of our smartphones by joining it to a more universal companion in the form of a Raspberry Pi device. When we connect to The Sonic we will be able to transfer from the phone all the work it can’t do and use the fully functional Kali Linux to attack.
This assembly is different from the Kali Linux that we used in our previous articles about Raspberry Pi, where in order to control our Pi we had to connect it to our smartphone access point. If your phone does not have an access point The Sonic will turn an internal Raspberry Pi Wi-Fi card into a wireless communication and control channel from which you can connect to any smartphone to access its functions.
One of the essential differences between the two assemblies is that The Sonic cannot use the Internet connection from your phone. To connect to the Internet, you must first connect from your phone to the Sonic Wi-Fi hotspot and then connect Sonic to the nearest Wi-Fi network to connect to the Internet.
In other words, Sonic Pi can access the network for you by hiding your real MAC address. To access the Internet, you first connect to Sonic Pi, and then connect Sonic Pi to a Wi-Fi network that provides Internet access.
This means that Sonic needs two interfaces: the command and control interface to connect to your smartphone and the interface for the “attacking” antenna, which provides Pi connection to the network from which you want to connect to the Internet.
Step 1: Gather the details you need
When we are at
- TP-Link TL-WN722N wireless card. Any wireless card with Atheros chip will also follow these guidelines. If you don’t know which chipset your wireless card is using, you can read our article about the best Wi-Fi adapters 2017.
- We also need a microSD card to write the Sonic.
- While not a requirement of the Sonic website, we may also need a good battery for Raspberry Pi. Because if we want to build a truly mobile solution, we’ll need a battery-powered one.
The main advantage we get when using Pi over something like a notebook is its mobility and secrecy. While a laptop with several antennas sticking out in all directions looks pretty suspicious, the guy who uses The Sonic looks quite ordinary – as if he is looking at something on his phone.
Step 2: Download and save the image from Sonic
You can download the Sonic IMG file
Since the files are really very large, it is a good idea to check their integrity. You can do this by checking the hashes of the downloaded file and comparing them with the hashes listed on the website.
Once you get this image the steps to write it to the microSD card will depend on your operating system. Find your operating system just below and do the necessary steps.
In order to record a Sonic image in Windows, you need to download an additional program.
Mac and Linux
We can use the dd utility in our terminal. But first we need to find out which of the already connected devices is our SD-card. You can do this by running the lsblk command in Linux or the diskutil list in macOS. Then we need to unmount our card with the command umount path_to_card in Linux or the command diskutil unmount /dev/device diskutil in macOS. Finally we write the Sonic image to the SD card with the following command:
dd if=theImageFile.img of=/dev/device bs=4m
Once the image is recorded on the card, insert it into Raspberry Pi.
Step 3: Connecting to Sonic
Now it’s time to launch our Sonic!
A little remark before we continue. Sonic is programmed to automatically configure the right Linux files to create an access point. To do this Pi itself will restart once or twice. This is perfectly normal.
During this process Sonic assigns a special interface name to the Wi-Fi card of your Raspberry Pi so that it can start the access point. After that Sonic will launch several scripts to configure the access point, enable SSH input and launch the web application.
Connect the Wi-Fi-adapter to Raspberry Pi and turn on the power to Pi by connecting it to the power supply via MicroUSB cable.
As soon as Pi configures it, it will start the built-in access point. By default, the SSID is “The Sonic” and the password is “password”. It is a good idea to change these default values to real ones. You can do this by going to the “AP Manager” tab in the Sonic web application, which we will soon talk about.
Step 4: Fixing problems with Sonic
If you don’t see an access point called “The Sonic” 15 minutes after the download, you need to check a few things.
First, turn off your Sonic, connect it to the monitor and turn it back on. We want to make sure that the device is booting normally and there are no cyclic reboots or any error messages.
If the device is endlessly rebooting or you are constantly getting an error message “wlan0 link is not ready” it may be a problem with the drivers of your particular Wi-Fi adapter. If you have another Wi-Fi-adapter then try to connect it.
Otherwise try to disconnect the card and load Sonic without an external interface. Once Pi is loaded, check if the driver for your wireless card is installed. You can find out which drivers are installed by entering the following command in the terminal:
lspci | grep -i wireless
If the driver for your wireless card is not installed, the steps to take to install it may be different. Go to the website of your Wi-Fi card manufacturer to find out how to install their drivers specifically for Debian Linux.
If Pi is booting successfully but you don’t see an access point called “The Sonic” then try to connect the keyboard and run the following:
Check if he sees both Wi-Fi cards and if the interface named “wap0” is present. If you see the interface with the name “wap0” in the list, then enter the following in the terminal:
This command launches a script that checks the current status of the built-in Wi-Fi interface in Raspberry Pi. If it can not find this interface, it may be a problem with the built-in Wi-Fi card in Raspberry Pi.
In this case, try to use a second Raspberry Pi, if you have another one, or double check the Wi-Fi card with another way for Raspberry Pi (for example, Raspbian) and the monitor.
If none of the above does not help, it is possible that some error occurred when writing the image to your SD card. Try to write the image with the system to it again. You can also see the documentation on the website (
Step 5: Using Sonic
As soon as we connect – everything is possible! Well, at least in those parts of the world where there are serious shortcomings in information security. Before we do anything, we will need to connect to Wi-Fi, because the current connection will not serve the data on your phone or Pi. Fortunately, Sonic has a built-in web application, which makes tedious manipulations in the terminal quite feasible.
By default the web application is at 192.168.8.1. Just paste this address into the address bar of your browser on your smartphone and you will be met by a window inviting you to enter your username and then your password. The default username is “sonic” and the password is “password”.
Once you do this, the main menu will appear as shown in the lower left screenshot. The design of the menu is very simple, but it reflects the essence. By clicking on “Wifi Manager” we can quickly view the available Wi-Fi access points around us (see the bottom right screenshot).
The access points we see are sorted by signal strength. In this example, all access points with the word “Open” on the right are part of a Wi-Fi network that does not have a password but requires authentication through the web portal used.
Unfortunately, we do not have any credentials. However, being smart hackers we will still be able to access it.
Step 6: Getting access to the network
So we need to find the MAC address of a client that is already connected to this network. Sonic makes this process incredibly easy for us. If we go back to the web application we will be able to find some great features.
In Wifi Manager we will click on a button for the network we are trying to hack. We will be welcomed by the application window, similar to the ones shown in the lower left screenshot. Here we see a couple of options: we can either connect to a network or we can do sniffing and see all clients connected to that network. Of course, we will check everything we can, so click on “List Connected Devices”.
Sonic will open a new tab which will start scanning the connected devices. Basically, it is the background process started by Airodump-ng from the Aircrack-ng package which will process the data and show us the result. This process takes about 33 seconds so we have to wait a bit.
Step 7: Change our MAC address
Once the web application finishes downloading, we will be presented with a list of clients’ MAC addresses. By simply clicking on any of them, we will be redirected to the MAC Changer page where we will send all the data needed to assign the new MAC address to our device. Now all we need to do is return to the Wifi Manager and connect to the access point. That’s it!
It should be noted that by doing this, you are likely to interrupt service to the one whose MAC address you used to mask yourself. Keep that in mind – the attack is not quite covert.
But, let’s put this issue aside. Now that we can connect to the network, there are really not many things we can’t do. To connect to the Internet, Sonic redirects its built-in Wi-Fi access point through the access point to which it has connected. This means that you can still access the Internet from your phone as soon as Sonic connects to the nearest access point.
From here we can analyze the local traffic, swap the DNS server, run exploits on network devices and do almost anything you can do with a laptop or desktop computer running Kali Linux. The beauty of The Sonic lies in its portability and secrecy.
Start and let your inner hacker get started
While the project is still very new, the main functions of The Sonic make it a Plag-and-Play tool for hacking, which has no equal yet. Already now Sonic is actively supported, and new features are constantly added to the web application, making it more intuitive and easy to use.
If you want to use the full potential of The Sonic then you should first get to know Kali Linux well. Be sure to explore our website and sooner or later you will become a real professional hacker.