Have you seen the Emmy and Golden Globe awarded TV show, Mr. Robot? Ever wondered what software & hacking tools depicted in the show are all about?
If you’re a bit of a geek like I am then you’ll wonder about the software and tools they use. If you’re not a geek then maybe you want to know if the stuff is real or not?
Either way I am happy to say that yes, Mr. Robot, unlike so many hollywood tech TV shows and movies actually use real software that actually does work as depicted in the show. They hire tech consultants who ensure that all of the hacks they use are technically possible. Well I’m not about to hack a top tier datacentre with a Raspberry Pi, however the actual software and how they are used do actually work.
Before you read on – Warning Will Robertson, Warning!
THIS LIST CONTAINS SPOILERS UP TO AND INCLUDING SEASON 3, EPISODE 10
Operating Systems in Mr Robot
Kali Linux is a Linux distro used by network security teams, penetration testers, intrusion analysts and of course hackers. Kali is featured throughout Mr. Robot as it is used by fsociety and others as their operating system of choice?
Why is it the go-to operating system? As it is fully loaded with hacking tools to sniff networks, WiFi injectors/penetrators, data discovery/recovery, iPhone backup analyzer, SSL hacking tools, the list goes on and on.
If you are a budding white hat, the tools in Kali will help you learn how networks, filesystems and the entire web actually work.
Slackware is a Linux distribution created in 1993 that aims for design stability and simplicity and to be the most “Unix-like” Linux distribution. The first official release of the Linux kernel by Linus Torvalds was September 17, 1991.
Originally based on Softlanding Linux System, Slackware has been the basis for many other Linux distributions, most notably the first versions of SUSE Linux distributions. It is also the oldest distribution which is still maintained.
In season 3, episode 10 “shutdown -r” Elliot makes a deal with the Dark Army to save Darlene’s life. Leon gives him a laptop with Slackware installed on it to move Dark Army’s projects to the Congo.
Linux Mint is an Ubuntu based distro. It is one of the most popular distributions due to its ease of use and “Windows like” interface. It is very stable, actually it’s what I’m using right now writing this post.
In season 3, episode 3 “eps3.2_legacy.so” Elliot rightly suspects that a backdoor might be on his Linux Mint PC. He downloads a Kali ISO, writes it to a USB and boots off it so he can run rkhunter to scan for any nasties.
Below is what the FBI can see on Elliots computer.
Raspbian is a hybrid of Raspberry Pi hardware plus the Debian OS. Raspbian is a distribution specifically made for the Raspberry Pi, a minature PC.
More on the episode details further down below under “Raspberry Pi”.
KVM – Kernel Based Virtual Machine
KVM is a hypervisor, which is a software that can run other operating systems via virtual machines. Elliot uses KVM to virtualize Windows 7 inside of Kali Linux. In season 1, episode 6 “eps1.5_br4ve-trave1er.asf” Elliot uses KVM to run Metasploit and Metapreter and in season 1, episode 8 “eps1.7_wh1ter0se.m4v” he uses KVM to run DeepSound.
Phone Tools & Software
Wikr is an end-to-end encrypted chat app which has a configurable time out of messages once they are read. Throughout season two Fsociety members use “Wikr Me” to communicate with each other. Often they will read a message, then it disappears seconds later.
Why? Just in case the feds or anyone else gets hold of thier phones, all messages sent through Wikr are not retrievable, gone forever.
Pwnix, otherwise known as “Pwnie Express” is an Android ROM built for penetration testers for network hacking and security.
In season 2, episode 9 “eps2.7_init_5.fve” Elliot uses a Pwnie Express Pwn Phone which is a pre-built phone with Pwnie Express installed, so that he and Darlene can tap into the Dark Army’s phone calls.
Framaroot, called RooterFrame in the episode. Tyrell Wellick in season 1, episode 3 “eps1.2_d3bug.mkv” uses Framaroot to root a co-worker’s Android phone so that he can covertly install the FlexiSpy spyware on it. So he can get access to secret messages regarding who is going to be announced as the next CTO of Evil Corp.
Kingo Root was used in conjunction with Framaroot above by Tyrell for the same hack.
Again, this was used by Tyrell in the FramaRoot hack to get mesages about the next CTO of Evil Corp.
SupeSU is an app that can be installed on rooted Android devices to manage superuser privileges. Again (last one I promise!) this app was used by Tyrwell Wellick when he compromised his work mate’s phone in season 1, episode 3.
Other Software & Websites
This package, can-utils is suite of executables specifically for computers in cars. In Mr. Robot one of the utilities called candump was used to hack into a car.
This is a framework used to reverse engineer code. radare2 was used by Tyrell Wellick in season 2, episode 12 “eps2.9_pyth0n-pt2.p7z”.
PyCharm is a Python and Djano IDE (Integrated Developer Environment). An IDE is what developers/programmers use as an interface to write code. In season 1, episode 4 “eps1.3_da3m0ns.mp4” you can see Trenon using it.
TOR stands for “The Onion Router” which is a protocol that has many layers such as that of peeling each each layer of an onion. It routes a user’s traffic via multiple computers around the world to make it extremely difficult to trace the actual user’s ip address / location.
It’s widely considered to be the best anonymizing tool available. It will make your Internet activity very hard to trace and this edition, unlike Tor Browser – can be used to host Hidden Services commonly referred to as the “DarkNet” which are sites that are only accessible through Tor and that have their physical server location concealed by the Tor anonymity network.
TOR, even though already quite well known at the time was made rather famous by Edward Snowden who used TOR to transfer documents regarding Prism and communicate privately.
Ray runs a Silk Road inspired Tor Hidden Service, it’s a market for nefarious buyers looking for illicit products and services. Ray asks, well forces Elliot migrate and fix his market site for him in season 2, episode 5 “eps2.3_logic-b0mb.hc”.
PuTTY is a client used to connect to Unix like servers, such as Linux. Elliot uses PuTTY in season 2, episode 4 “eps2.2_init_1.asec” and 5 “eps2.3_logic-b0mb.hc” to connect to his own VPS (virtual private server) running Kali Linux, so that he can use an IRC client installed on the VPS to chat privately with Darlene while on Ray’s computer.
He also uses PuTTY in season 2, episode 5 to do a site migration on Ray’s Silk Road inspired Tor market website (Tor Hidden Service).
I’m sure you’ve heard of this one already. Used throughout all seasons, Firefox is Elliot’s default web browser. Trenton also uses Firefox in season 2, episode 8 “eps2.6_succ3ss0r.p12”.
FFmpeg is a utility to convert different video and audio formats. In season 2, episode 8 “eps2.6_succ3ss0r.p12” Trenton uses FFmpeg to encode a video file containing a leaked FBI conference call where they discuss illegal mass surveillance and uploads it to Vimeo via Tor Browser (to upload it anonymously).
VLC Media Player
Here’s another one you’re likely familiar with. VLC Media Player was used in season 2, episode 4 “eps2.2_init_1.asec” when Elliot and Darlene watched a VHS rip of the fake horror movie Careful Massacre of the Bourgeoisie together.
VLC is also used in season 2, episode 8 when fsociety preview the video they are about to upload a leaked FBI conference call about illegal mass surveillance.
The Wayback Machine, which is operated by the Internet Archive, is a database containing a history of most websites. You can use it to see what a website looked like back through time. Just for fun, check out what Microsoft’s site looked like in 1996!
The FBI Agent Dominique DiPierro explains to Mobley in season 2, episode 8 “eps2.6_succ3ss0r.p12” that the FBI used the Wayback Machine in order to find his hacker handle and connect it with an old fanpage he created for a DJ called DJ Mobley.
John the Ripper
John the Ripper, named cutely after Jack The Ripper is a brute force dictionary password cracker. It’s included in Kali Linux. Made by OpenWall security. Given a password file it makes thousands of password guesses a second and reports when a successfull attempt is made.
Elliot used John the Ripper against Evil Corp’s interim CTO, Tyrell Wellick in season 1, episode 2 “eps1.1_ones-and-zer0es.mpeg”
µTorrent is a very popular bittorrent client. In season 2, episode 4 Darlene downloaded a VHS rip of the fake horror movie Careful Massacre of the Bourgeoisie using µTorrent. Even though it is fake, you can actually watch all 8 minutes, 35 seconds of it below.
FileZilla is an extremely easy to use FTP client and one of the most popular in the world.
In season 1, episode 4 “eps1.3_da3m0ns.mp4”, Trenton uses FileZilla to upload an exploit to fsociety’s FTP server for the Raspberry Pi Elliot would soon install in Steel Mountain’s climate control system to destroy all of E-Corps data, including much of the consumer debt records held in the US.
Nginx, pronounced “Engine X” is a webserver engine like Apache which serves the pages of a website to your browser. Nginx is touted as the fastest, most efficient web server. Between both Apache and Nginx they run about 80% of the websites in the world.
Elliot configures the website for Ray’s Tor Market site using PuTTY in season 2, episode 5 “eps2.3_logic-b0mb.hc” to do a site migration on Ray’s Silk Road inspired Tor market website.
DeepSound is a quite a clever bit of software which makes a data CD look like tracks on an audio CD, and encrypts the data. This technique is called steganography
Most notably Elliot uses it in season 1, episode 8 “eps1.7_wh1ter0se.m4v” to hide files on a CD among regular music tracks so that the hidden files are only viewable using the DeepSound software.
However you see it throughout early season 1. After he completes a hack on someone he writes all the data using DeepSound to a CD and writes a band and album on it. Then usually wipes his whole PC and fries the hardware in his microwave.
In the final episode of season 1 (episode 10) “eps1.9_zer0-day.avi” after Elliot and Tyrell Wellick execute the Evil Corp hack, the Fsociety team use the Enterprise Edition of HDShredder to securely wipe all the hard drives. Shortly after they take incinerate all the hardware in the crematory of a dog pound.
Wget is a command line tool that makes webpage requests. It can download and store pages, check for webpage errors such as “404 not found” etc. It is used in Mr. Robot to hack an Android phone using the Shellshock bug in combination with John the Ripper.
ProtonMail is one of the most secure email available for end/home users. It is a secure, end-to-end encrypted e-mail service based in Switzerland that is used by Elliot in season 1, episode 8 “eps1.7_wh1ter0se.m4v”.
An interesting point,: The researches behind Mr. Robot searched for secure e-mail services to decide which one to use in the show. They even contacted the ProtonMail developers and asked if it was possible for users to monitor their own e-mail activity in ProtonMail, much like Gmail, Yahoo! and Outlook do now.
The ProtonMail developers were so interested in the idea for this kind of monitoring, that they ended up implementing it in their v2.0 release of ProtonMail.
You can read more about it on this post by ProtonMail.
|Licence: Free||Mac OS X, Linux||Website|
As Elliot says, it’s much easier to hack a person than it is to hack anything else. The Social-Engineer Toolkit is a pentesting framework which focuses on social engineering attacks such as phishing for eg sending emails to targets to get them to perform an action like reset their webmail password. Or calling tech support on the phone to determine versions of software the target company may be using etc.
In a nutshell social engineering is tricking someone to give sensitive information in order to perform a hack.
Elliot’s team uses this toolkit’s SMS spoofing function to get a supervisor to leave Steel Mountain so he can get around the datacentre without staff supervision. He needed to get around on his own in order to install the Raspberry Pi onto the facility’s air conditioning system network.
OpenWrt is a router firmware that Elliot & Darlene setup on a rogue router and installed on the floor of Evil Corp which the FBI took over by Angela in season 2, episode 6 “eps2.4_m4ster-s1ave.aes”. In doing so Elliot can hack the FBI with his malware installed on the FBI’s Android phones.
mimikatz is a post-exploitation tool package including some useful tasks that hackers may want to perform such as extract plaintext passwords, hash, PIN code and kerberos tickets from memory on computers running Windows.
Angela is given this by FSociety in season 2, episode 6 “eps2.4_m4ster-s1ave.aes” on a USB Rubber Ducky as a contingency plan in case she is unable to successfully perform the femtocell hack.
btscanner is a tool that is included in Kali Linux that can obtain a suprising amount of information about a bluetooth device without pairing with it.
Elliot uses btscanner in season 1, episode 6 “eps1.5_br4ve-trave1er.asf” in combination with Bluesniff and Metasploit so he can connect to a nearby police car’s computer that has a USB bluetooth Dongle.
Using this Elliot successfully compromises the prison network so he can free a drug dealer who’s companions are holding his kinda-girlfriend Shayla hostage.
Elliot uses Bluesniff in conjunction with the other tool above to hack a police car’s bluetooth device to get access to the prison network so he can open all the cell doors and free drug dealer, Vera out of prison.