The Joker attacks
After laying low for quite some time, the Joker finally makes its appearance! "The Joker" - a penetration testing and research tool to test security aspects of batman-adv networks - was developed by security researchers Pedro Larbig and Alexander Oberle at TU Darmstadt (Germany), and we finally got permission to release the source code to the public.
The tool currently supports the following tests:
- Peer/Route flooding: flood fake OGMs
- Blackhole: announce to neighbors that the best route is via the attacker node
- Loop Forming: create local loops on multi-hop paths
- Fuzzing: modify packets randomly to create malformed packets
Pedro & Alexander developed the tool in order to facilitate their mesh network security research. Their work focuses on B.A.T.M.A.N. Advanced version 2011.1.0 and concluded that this version was performing pretty well in the Peer/Route and fuzzing tests. Albeit not being able to prevent maliciously provoked loops/blackholes entirely, B.A.T.M.A.N. Advanced did recover quickly when needed, according to their study.
To instigate further interest in mesh network security the 'Joker' code base is being published alongside this announcement. Hopefully, the Joker inspires security researchers as well as developers to investigate and fix issues in the B.A.T.M.A.N. protocol and/or implementation. We will also accept contributions for the Joker through the usual channels. Note that the tool does currently not work with the more recent versions 2013.4.0 or 2014.4.0 and later - patches are welcome.
The B.A.T.M.A.N. team