Weaponizing the GL.iNet GL-AR150

UPDATE 06/02/2019:

I apologize for the delay I’m posting this. Unfortunately for me has become too time consuming maintaining this firmware port. Additionally, Hak5 seems to have started embedding hardware checks into their binaries.

Since I use this device for work, I don’t want to bother solving firmware problems while I should focus on the actual work, so I’m deprecating this project. The last working version will be 2.0.2, and no other updates on this project will be released from my side.

I actually bought one of the amazing Hak5 Pineapples to have peace of mind so when I need it, it works as expected.

Thanks for all the interesting this project has attracted over the years, it has been much appreciated!

UPDATE 15/01/2018:

Please make sure you use the TP-Link TL-WN722N version 1, as version 2 is not compatible. In general, all WiFi adapters using the Atheros AR9271 chip should work fine.

Also, I’ve updated the firmware into the Github repo to the latest Pineapple v2.0.2 firmware.

Hi all, so much time since I posted something here. I’ll try to post more regularly from now on.

Last week I was wondering if somebody had ported the latest Pineapple firmware (v.1.1.3) to the GL-AR150. As you may know, this small router has the same hardware of the WiFi Pineapple Nano (minus the second radio, of course, but there is an USB port to which you can plug a wifi adapter).

After spending some time looking for it without luck, I tried to build it myself.

Patrick Sapinski, on his own blog, posted earlier this year a small guide to do that, and it has been very helpful for me as starting point.

Those are the steps I followed to build a working WiFi Pineapple firmware for the GL-AR150:

Just remember, in make menuconfig, to select the GL-AR150 as target and to include the driver of the USB WiFi adapter you’re going to use (you must use one, the pineapple firmware is mostly useless without the second WiFi interface).

For your convenience, the firmware I built is available on my Github repo at https://github.com/SecurityAddicted/pineapple-ar150

I compiled it with support to all common USB WiFi adapters (I tested it with a TP-Link TL-WN722N).

Hope some of you will find this useful.


117 thoughts on “Weaponizing the GL.iNet GL-AR150”

  1. does this work very well ??? I was thinking of trying this out as a little project in the near future to start learning about wifi and security

    1. This really should be a real project. I would be happy to donate time to see regular firmware updates released. Anybody else?

  2. Thanks for the Build, could you detail how you configured openwrt-cc to work with the gl-ar150? all my builds always bootloop :-S

    1. Glad you found it useful. You must select the GL-AR150 from the Target Profile submenu in make menuconfig.
      If you still have problems, I can share my .config file 😉

  3. Hi Alex, thanks for the build.
    I succeeded to upgrade my device (former 1.1.1 build from gopher2) with the sysupgrade -F -v .
    Nevertheless, the webinterface keeps saying: The Wifi Pineapple is still booting
    On the other hand, my Pine managment Wifi network is still operational, and Im able to login through SSH. From there I see my TL-WN722N is now recognized (reason for the upgrade).

    Any idea how I could solve the problem with the webinterface?

    Thank you!

    1. I had a similar issue, i tried the above but now i’m unable to ssh into it. The password must have changed? And im locked out! is there a default password at all? currently running a dictionary attack, but …

      1. Thank you for respond ı understand this steps.but ı have few questions ..1. I have tp link wn722n whic has ar9271 and its tx power locked at 20 dbm, at this point ı need alfa card for better signal. because of this ı look ar150 if ı use ar150 will ı am need to use external card again like alfa?

          1. But how ? Wn722n just has 4 dbi antenna ?and gli alsp has 4 dbi antenna how they are working for long range ? Can you explain how ?

          2. If you need long-range performance, just use a better antenna. The stock one works flawlessly anyway.

          3. but ı read that gli has max output 18dbm so if ı use better antenna is it change anyway?
            Also have tp link like you ı contact with tp link support and asked them.
            “if ı use better antenna is it change anything ”
            they say
            “no because its antenna output power is low”

          4. Try that out by yourself, flash your AR150 with my firmware, plug you 722 into the USB port and have fun 🙂

          5. Okay 😀 ı have two more question ? First ı hear that if we want nano module we need sd but ar150 dont have sd how to fix it ? And the other is whats difference between awus036nha with kali vs ar150 with pineapple?

          6. Never used modules, but I tried installing some and they seem to install fine. I guess you can try and see 😉
            The Pineapple firmware makes the AR150 a very portable WiFi tool to attack wireless clients, but you can’t use it to crack WiFi networks. That’s where Kali + your WiFi card of choice come to help 😉

          7. You mean crack “reaver”? My aim is just use for evil twin attack and long range do u have any advice to me usb card ?

          8. Pineapple is awesome for Evil Twin attacks. About range, I tested only the 722 with its antenna and it worked ok for my needs. You need to experiment in your own here I’m sorry 🙂

  4. Finally received my little gl-ar150 in the post from aliexpress … within 30 minutes of opening the package I was installing modules .Thanx Alex for the bin file and Thanx Steven for the jffs2reset command ..Awesome now to learn how to drive this thing

      1. I started playing around I thought having more space would be better .Has anyone added usb storage with any success ?? .I looked at demsg and the device is plugged but nothing much else in the syslog or even /dev and there is no kernel modules loaded I get a error when I try to load ehci-hcd manually .The USB is working right cause all the wifi cards are happy .It’s just storage not working properly
        Any ideas or pointers would be muchly appreciated

        1. It isn’t straightforward to add new storage to the device, as the only USB port is used by the second WiFi card. It should at least involve some hardware hacking to add a SD card reader (click HERE for more details).
          Let me know if you’re going to do that 🙂

  5. i think for usb storage u need a usb hub which have self powered power. like these:

    back when i have old rpi 1st gen, kernel already detect the usb,my ext-hdd even turn its led,but i cant sense any movement/rotation from my hdd due lack of power. those hub solve that.

    my only question for ar150 is same as mehmet, what if i connect 24dbi grid antenna to this little killer, can it survive?

    i dont own the antenna, just plan to buy it only if these board can sustain it.
    i am fine with ar150 only use 60-70% antenna capacity, but it still works
    but what if funny thing happens? 😀
    since those antenna twice the cost of ar150 (from where i lived)

  6. I have mounted the USB memory stick as the SD card everything is working fine …I did look at the spi bit banging .. maybe later this also seems a useful website on the subject https://randomcoderdude.wordpress.com/2013/08/15/spi-over-gpio-in-openwrt/ .. I’m using a usb hub with no problems .The next part is looking at the LAN/WAN .I’m not sure if it’s working or not ….Once again Alex thanx very much for this project ..I also want to say I will buy a wifi pineapple nano as I really want to support the HAK5 guys they have put alot of time and effort into this product .Something I have learnt looking around inside the device .I am having a good time learning about routers and look forward learning about wifi security

      1. Ikk3
        you need to make sure that these kernel modules are loaded scsi_mod.ko,sd_mod.ko and usb-storage.ko .For the file system you need these ext4.ko,exfat.ko,ext4.ko and ntfs.ko .You prolly don’t need all those I just load them incase i might use them … I ended up compiling my own firmware as there was something a bit funky about loading and unloading Kernel modules in Alex’s firmware

        1. Hello Mary
          I compliled my own firmware too. I did all the steps in this tutorial but when i do install a module, appears only one button (install to internal storage). Could u help me to set this up properly?

  7. So I loaded the .bin and rebooted the device – I see no web interface when I try to go to the IP, just a blank interface and then I don’t know the password to SSH into the device. I tried the default creds for SSH for OpenWRT and they dont work. Any advice on what to try?

    1. connect your ethernet cable in the wan port, and make sure that ur default gatewat is

      1. Got it – that worked had it in wrong port, thank you – the webui is stuck at: The WiFi Pineapple is still booting. Trying to SSH – to issue the command “‘jffs2reset -y && reboot'” but cannot access do not know ssh credentials. Any thoughts? I have tried the default nano password, default root type passwords. I am feeling like I am overlooking something obvious.

          1. Can you post what you did to get it working. I am having the same issue.

          2. Ok…Figured it out. I was flashing the Pineapple firmware after doing the AR150 initial setup. You need to flash it after a factory reset(Before selecting language and password), then flash the Pineapple firmware from the uboot page(google for directions). When AR150 reboots itself, make sure to set your lan adapter back to obtain IP automatically. Direct
            your browser to:, then follow the directions.

          3. Hi, I’m having the same problem. Can you please let me know what password you used?

          4. I tried going into uboot mode to re-flash the firmware but I never get a web page to come up at
            I do get an arp entry for that IP though. Any help?

  8. Hi! I’m trying to compile my own firmware following this steps and everytime I try doesn’t matter the config I choose there’s an error compiling the uboot. Has anyone an idea of what’s going wrong?
    And thank you Alex for the firmware, it works like a charm 😀

  9. I ended compiling my own firmware adding all the kernel modules for usb storage, it works perfect. I haven’t tried to connect the wifi dongle and usb drive at the same time yet ( i don´t have a usb hub ), but it should work.
    I uploaded the firmware to github so you can test it ( and skip hours of compiling ) https://github.com/serxo/ar150-wifi_pineapple.
    Hope it helps someone.

    1. Hello, I have several problems / questions.
      1. It is possible to configure the wlan0 (the internal wlan of the ar150) as a client and thus be able to use the external USB as AP
      2. Does this Firmware support USB HUB ?, only supports some special models?

      Thank you very much, great job

    1. I added many wifi drivers, but I don’t have that specific model to test so you have to try out yourself.

  10. I flashed the AR150 with the firmware you’ve provided, but the recon function doesn’t work. ‘There was an error starting Recon. Please try again.’

    I’ve tried turning off management AP, turning on PineAP.. Nothing works.

    When looking under Networking it only shows wlan0 interface, on another Pineapple firmware version it shows wlan0 and wlan0-1.. Not sure if this has to do with it…

    What should I do to get it working?

    1. So, I re-read everything. Is it true that I need an external WiFi adapter? If yes, why? In version 1.0.6 (you can find it online for the AR150) it is not necessary, this version just works with the antenna of the AR150…

      1. To use the Pineapple firmware the right hardware is needed. Since the Pineapple has 2 wifi interfaces, you must have the same in your AR150 to get a fully working Pineapple-like device.

        1. Hi Alex, I connected a WN822N to it. But still no luck using recon.

          Do you have any tips?

          1. I tried SFTP, and found some folders. Not sure if I can just drag and drop the drivers for WN822N.

  11. i just ordered the ar150 and i am trying to find a antenna i can buy locally any work on what drivers you added? i just want to know like a brand to look for that tp one i can only find online.

  12. Hi Alex,

    thank you for you excellent work! Flashed your prebuild firmware and it works like a charm… ALMOST ;-). Everything is working fine, however the device does not do any kind of DeAuthentications, neither with the DeAuth Feature from ReCon (PineAP), nor wih the DeAuth module. All stations keep connected rock solid to their assosiated APs. Also PineAP Logging does not pick up any Auth/Deauths. I am using a TP-Link 722N as second interface. Could you look into this and confirm? Many thanks in advance!

  13. I can second what Alexander said above. I installed serxo’s image from https://github.com/serxo/ar150-wifi_pineapple and DeAuth Feature didn’t work for me either.I’m also using TP-Link 722N v1. However, I should mention that I used an iPhone, Android and Windows phones as WiFi clients and there was a message on one of the phones (doen’t remember which one) that it’s not going to connect to open access point because there is a secure access point exists with the same name.

    1. DeAuth should work regardless of the device type (Phone, Workstation…) – however if you tried it with phones and have a router capable of 5Ghz it might have happened that your phones connected via 5Ghz instead of 2,4GHz. Our hardware can only DeAuth 2,4Ghz Clients. However I tried in a lab with 2,4Ghz equipment only and it did not work either – all clients stay assosiated.

  14. Hey, Alex,
    The firmware works like a charm, thank you. The only doubt I have is that when I try to install new modules says that I have no more internal memory storage available, do you know any way to increase storage to install new modules, such as using an external storage or even change the hardware to increase the storage?


    1. Smit, you can connect an USB drive using USB hub (2.0 worked for me, 3.0 did not), mount it (mount /dev/sda1 /sd) and then create a softlink, for example (ln -s /sd/modules/ReconPlus/ /pineapple/modules). The result will look like this:
      root@Pineapple:~# ls -l /pineapple/modules/Recon*
      lrwxrwxrwx 1 root root 22 Sep 24 22:35 /pineapple/modules/ReconPlus -> /sd/modules/ReconPlus/
      Hope this helps.

    2. good guy.. can you make video tutorial for us.. i don’t really get how to do it..anyway i’m in 2.0.2. hope for your respond. thanks in advance

  15. @vitpi, thanks! Mounting the USB-Stick like this works like a charm. Too bad that the DeAuth Issue still exists. :-/ Nobody seems to have a solution. I wonder what might be the reason for this and how it is possible to verify it. Is there any log one can skim through to find an indication what goes wrong? Maybe the 2nd Interface is named wrong? Maybe the Driver for the 2nd Interface is not able to packet inject? One could also try to login via SSH and try to deauth manually the way the scripts do (when one would know what the scripts exactly do). I tried to deauth manually like described here: https://www.aircrack-ng.org/doku.php?id=deauthentication – However it seems to get stuck before even starting (but no error message was given). Maybe we can isolate the problem this way? Unfortunately my Linux skills are rather limited. Hopefully we can get this sorted out together! Cheers!

    1. It’s not going to work since TL-WN727N v4 is based on MediaTek MT7601U. From what read, only 3 chipsets support packet injection and monitor mode: Atheros AR9271, Ralink RT3070, Ralink RT3572.
      TL-WN722N v1 (AR9271) works for sure also TL-WN727N v1 (RT3070) should work as well, if you could find those.

      1. I had to compile the OpenWRT firmware with the MT7601U driver enabled. Now i can use recon, but i have to continue exploring. Thanks.

    1. OK – I managed to get it to work on PC through a guide, but the mobile Pineapple app isn’t working?

  16. A solution to the “non working deauth capability” is not around the corner yet, right? I wonder if we have somebody here with enough skill to dig into this problem? I will perform some tests on the weekend regarding powering the AR-150 with another power supply to rule out a lack of power during packet injection. Could someone please look into the logs or scripts to help hunt the problem down? Thanks!

  17. Meanwhile I found out that DeAuth does in fact work when freshly booted… however “ReCon” and “PineAP” seem to mess up with each other. Since PineAP Deamon has to be turned on in order to use DeAuth in ReCon things start to get dodgy. Things like “Capture SSIDs to Pool” and “Logging” stop to work and can only be restored by Resetting the network interfaces to Default (Networking -> Advanced -> Dropdown Menu -> Reset WiFi Config to Defaults”). Hoever this reset comes along with strange side effects like the Nano suddenly broadcasting all SSIDs in the Pool even though the according checkboxes are not ticked.
    There are also tons of complaints in the Hak5 Forums about similar issues with the nano. Maybe we could try with an older version such as 1.1.2 or 1.1.0? Anyone has a compiled binary for this?

  18. Anyone had any success with v2.0.2? I’ve compiled it, but there’s a problem with networking from the web interface. When I try to load bulletins or modules I get the “Error connecting to WiFiPineapple.com. Please check your connection.” I can successfully ping and traceroute to http://www.wifipineapple.com from the CLI via ssh. Any ideas?

        1. Sorry, missed this one.
          GetDevice trick is that you have to look in pineapple.php file and make that function always return “nano”…

  19. Any update??? Any firmware update?? I’m going to buy 150ar and I have 722N. What firmware Bin I must Download???
    Thanks !!!

  20. Attention TP WN722N buyers:
    There are 4 different hardware versions manufactured. Only v1 with the Atheros AR9271 works out of the box (from what I read). My v2 using a Realtek r8188 is not supported. You cannot see the version in the model number, they are all called WN722N.

    1. Yes, thank you! Meant to say myself but slipped my mind.

      Has anyone tried it with success? I’m having trouble with it working but I’m assuming it’s me and not the firmware.

  21. thanks for your work. i need to know how to install modules as its say downloading and nothing happens. other is working fine .

    1. This issue should be resolved on the last version of the firmware. Please download it again from the Github repo.

  22. Hello. I did not understand when you said “Copy the content of the squashfs-root folder extracted by binwalk in the files/ folder on the repo just cloned (create the folder if it doesn’t exist)” ?

    where should I place the content of “squashfs-root” folder?

  23. Hi Alex,
    I built a new version ,based on latest firmware. Booting and config works good. Detects my TP LINK card also fine. But pineap is not starting.The toggle switch is not enabling it. Also I would love to know the getDevice workaround to connect to pineapple website/modules.

    1. Same problem with PineAP on 2.2.0 firmware.
      GetDevice trick is that you have to look in pineapple.php file and make that function always return “nano”…

  24. Hi, is RTL8191SU supported? I have a NW300M from NetCore but after I plugged it in there is no response except for

    Bus 001 Device 002: ID 0bda:8172 Realtek Semiconductor Corp. RTL8191SU 802.11n WLAN Adapter

  25. Just wondering if it is possible to update the ar150 firmware with latest wifi pineapple rom 2.1.0 build?

  26. I have built version 2.2.0, and the PineAP daemon is not working same as with the previous one.
    Seems that 2.0.2. is the last more or less working version for ar150… Any Ideas?

  27. Hi,

    I installed version 1.1 to my ar150 how can I now update to 2.0.2 since I can not find manual update function.
    I try to hold reset and plug it in power then connect it to PC vie LAN port and set

    but when I try to open it does not work.

    Can anybody suggest me how to manualy flash new FW to ar150 which allready have pineapple FW

  28. I saw that you updated the github files 8 months ago with v2 of the wifi pineapple nano bin but lot many updates have been made after that recent being with c2 cloud etc so if we have the bin firmware of your github v2 flashed will i be able to update the firmware from the device? or do i need to pack my firmware for the newer version?

  29. Just been trying to source the TP-Link TL-WN722N and they don’t appear to exist any more (there is one person offering them, for £500!).

    Can anyone recommend an alternative? I believe several companies made similar products with the same Atheros chip but damned if I can find out which now. Any help would be hugely appreciated.

  30. Buena noches tengo el GL-AR150-ext intenete instalando wifi-pineapple-2.0.2-gl-ar150-sysupgrade me instalo pero a la hora de ingresar al!/modules/Setup se queda arrancando con el siguiente mensaje “La piña WiFi sigue arrancando
    Por favor, espere hasta que el WiFi Pineapple haya arrancado completamente. La configuración continuará automáticamente.”

    Y nunca pasa de esa parte soy nuevo en cuanto al tema te agradecería mucho si saber como dar solución al problema.

    Muchas gracias.

  31. I want to get back a default firmware from gl-inet but there is no web form for installation firmware from file and no Uboot. What can I do in that case?

  32. So I installed this on my GL150 with a USB wireless adapter and in the pineapple software screen there is never a wlan2 showing up, but I DO get a (zero dash one) wlan0-1 showing up and a wlan0 and a wlan1 which is the default (and only) option in the dropdown. Any ideas for me? Do I need to edit a config file somewhere? lsusb shows the wireless adapter just fine.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.