Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
UNCLASSIFIED
Cherry Bomb Program Cherry Blossom FAT Procedures
3.16Test 16: CB v5.0 Include/Exclude Built-in Beacon Addresses
3.16.1 Description
This test verifies the include/exclude built-in beacon address feature.
3.16.2 Test Setup
No additional setup required (see 2.3). Assumes the Flytrap firmware has been built with
both IP address and url of the test PoP.
3.16.3 Test Procedure
Step Execute Action Expected Results Req
1 (Cherry Tree Tester) Assign a Mission
where the built-in PoP addresses are
to be excluded (i.e., “Use Firmware
Default PoP(s) in Mission” field of the
“Mission Workflow Step 8: PoP(s)” is
“No”) and the only PoP address in the
Mission is the IP address of the test
PoP. Set beacon fast and slow retries
to 10 seconds.
(CherryTree Tester) Verify
Flytrap has received new
Mission at expected time
(“Flytrap Details” page will
report “Current Mission” as
the one just assigned).
CB v5.0
4.1.1
4.2.1
2 (Flytrap Tester) Once the Cherry Tree
Tester has verified Flytrap receipt of
the new Mission, disconnect the hub’s
internet port.
(Flytrap Tester) Flytrap no
longer has internet
connectivity.
CB v5.0
4.1.1
4.2.1
3 (Flytrap Tester) Start wireshark on the
squid laptop and verify that the Flytrap
attempts to beacon to only the IP
address of the test server and does no
DNS lookup of the test PoP’s URL (i.e.
wireshark shows no DNS lookups of
the PoP URL).
NOTE: some devices realize after a
failed connection attempt (i.e., the first
Beacon attempt after disconnecting the
hub’s internet port) that the gateway is
no longer present and will not open
another connection until the gateway is
present (i.e., subsequent Beacon
attempts will not happen and will not
show in wireshark until the gateway is
present). In this case, reconnect the
hub’s internet connection, watch for a
(Flytrap Tester) Wireshark
should only show beacon
attempts to the test PoP IP
address – no DNS lookups of
the test PoP are performed.
CB v5.0
4.1.1
4.2.1
UNCLASSIFIED
41