Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//20350112
5 (U) System Components and Features
(U) This section discusses each of the components of the CB system, and discusses the
various features supported by each component.
5.1 (U) Claymore
(S) Claymore is a survey, collection, and implant tool for wireless (802.11/WiFi) devices.
The survey function attempts to determine device makes/models/versions in a region of
interest. The collection function can capture wireless traffic. The implant function can
perform wireless firmware upgrades and incorporates the exploitation tools (for
determining administrator passwords) and Wireless Upgrade Packages (for devices that
don’t allow wireless firmware upgrades). Claymore can run in a mobile environment (i.e.,
on a laptop) or in a fixed environment with a large antenna for longer ranges. See the
“Claymore User’s Manual” for more information.
5.2 (U) Flytrap
5.2.1 (U) Overview
(S) A wireless device that has been implanted with CB firmware is known as a Flytrap
(see section 6 for information on device support and implanting techniques). Typically, a
Flytrap will not be under the physical control of the sponsor, but instead operates “in the
wild”. Periodically, the Flytrap will send a Beacon to the CT (through a PoP) that reports
the status and security settings of the device. The CT will respond with a Mission that
tasks the Flytrap to search for Target emails, chat users, or MAC addresses in the
network traffic passing through the device. Upon detection of a Target (see 5.2.3.5 for
Target Types), the Flytrap will send an Alert to the CT (which if configured to do so
would distribute this Alert information to the Catapult system). The Mission may also
contain Target Actions (see 5.2.3.9), and Global Actions (see 5.2.3.10).
5.2.2 (U) Device Support
(S) The CB team maintains an information database (“Wifi Devices.xls”) on hundreds of
wireless devices. This database includes generic device info (e.g., processor, OS, default
password, etc.) as well as firmware analysis information on device support, feature
support, and an estimate of confidence and difficulty of supporting a device. See section
6.
(S) The CB team also maintains an Image Formation tool that is used to build implanted
firmware images for supported devices (see section 6.2 for devices that have passed
FAT). Typically, an operator requests a firmware for a particular device type, and
specifies a number of parameters that must be built into the firmware (see 15.5.2 for the
list of parameters, and section 15.5 for more information on the Image Formation tool).
5.2.3 (U) Features
(U) This section briefly enumerates the features supported by the Flytrap.
12
SECRET//20350112