Project PITA: Build a mini mass deauther using Bettercap and a Raspberry Pi Zero W

deauth

evilsocket shared a how-to on making a mini WiFi deauthenticator using Bettercap and a Raspberry Pi Zero W:

A few days ago I started playing with some idea I had from a few weeks already, using a Raspberry Pi Zero W to make a mini WiFi deauthenticator: something in my pocket that periodically jumps on all the channels in the WiFi spectrum, collects information about the nearby access points and their connected clients and then sends a deauthentication packet to each one of them, resulting in some sort of WiFi jammer on the 802.11 level. As an interesting “side effect” of this jammer (the initial intent was purely for the lulz) is that the more it deauths, the higher the changes to also sniff WPA2 handshakes.

See the full post on Evilsocket blog.

IoT-ify All Things: LG Has Gone Overboard

If you been following Hackaday lately, you’ve surely noticed an increased number of articles about IoT-ifying stuff. It’s a cool project to take something old (or new) and improve its connectivity, usually via WiFi, making it part of the Internet of Things. Several easy to use modules, in particular the ESP8266, are making a huge contribution to this trend. It’s satisfactory to see our homes with an ESP8266 in every light switch and outlet or to control our old stereo with our iPhone. It gives us a warm fuzzy feeling. And that’s completely fine for one’s personal projects.

But what happens when this becomes mainstream? When literally all our appliances are ‘connected’ in the near future? The implications might be a lot harder to predict than expected. The near future, it seems, starts now.

This year, at CES, LG Electronics (LG) has introduced Smart InstaView™, a refrigerator that’s powered by webOS smart platform and integrated with Amazon’s Alexa Voice Service.

… with webOS, consumers can also explore a host of WiFi-enabled features directly on the refrigerator, creating a streamlined and powerful food management system all housed directly on the front of the fridge door. Amazon’s Alexa Voice Service gives users access to an intelligent personal assistant that, in addition to searching recipes, can play music, place Prime-eligible orders from Amazon.com…

This is ‘just’ a fridge. There are other WiFi-enabled appliances by now, so what?  Apparently, during the LG press conference last Wednesday, the company marketing VP David VanderWaal said that from 2017 on, all of LG’s home appliances will feature “advanced Wi-Fi connectivity”.

Notice the word advanced, we wonder what that means? Will ‘advanced’ mean complicated? Mesh? Secure? Intelligent? Will our toaster finally break the Internet and ruin it for everyone by the end of the year? Will the other big players in the home appliances market jump in the WiFi wagon? We bet the answer is yes.

Here be dragons.

[via Ars Technica]


Filed under: home hacks, news

ESP32 (5) – Wifi scanner

The main feature of the esp32 chip, as it was for its predecessor esp8266, is for sure the ability to connect to wifi networks. I’ve already blogged in a previous article about the different standards (802.11 b/g/n) and security methods (WEP, WPA-PSK…) the chip supports; today I’m going to explain how to develop a program to scan for available wifi networks.

The complete program is available in my Github repository; let’s comment the source code.

As we know, every program using the esp-idf framework is executed starting from the app_main() method. This method starts initializing the tcpip stack and the wifi event handler:

tcpip_adapter_init();
ESP_ERROR_CHECK(esp_event_loop_init(event_handler, NULL));
ESP_ERROR_CHECK is a handy macro, defined in esp_err.h, to check the result of the different framework methods. If a call returns the constant ESP_OK, the execution of the program can proceed; if not the program is stopped and the line in error is displayed on the serial output.

The esp-idf wifi stack requires a method (= event handler) that is called every time an event related to the wifi interface is triggered (for example the connection to a new network…). We’ll talk in a future tutorial about event handling, for now it’s enough to define an empty handler method:

static esp_err_t event_handler(void *ctx, system_event_t *event)
{
  return ESP_OK;
}

The program continues configuring, initializing and starting the wifi stack:

wifi_init_config_t wifi_config = WIFI_INIT_CONFIG_DEFAULT();
ESP_ERROR_CHECK(esp_wifi_init(&wifi_config));
ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA));
ESP_ERROR_CHECK(esp_wifi_start());

You can create a default configuration with the WIFI_INIT_CONFIG_DEFAULT() macro and start the wifi interface in station mode with the constant WIFI_MODE_STA. Station mode is when the interface acts as a “client”, to connect to an access point.

Now you can configure and start the scan process:

wifi_scan_config_t scan_config = {
	.ssid = 0,
	.bssid = 0,
	.channel = 0,
        .show_hidden = true
};
ESP_ERROR_CHECK(esp_wifi_scan_start(&scan_config, true));

Using the scan_config variable you can configure some filters the scanning process will use (for example scan only a given channel) and ask to display or not the access points with hidden SSID. A zero value for each field means ALL (= no filter).

The scanning process can be executed in blocking (true) or non blocking (false) mode changing the second parameter of the function esp_wifi_scan_start. In this example I’m using the blocking mode: program execution is halted until the scan is completed.

When the scan is complete, you can obtain the list of the detected networks:

uint16_t ap_num = MAX_APs;
wifi_ap_record_t ap_records[MAX_APs];
ESP_ERROR_CHECK(esp_wifi_scan_get_ap_records(&ap_num, ap_records));

The esp_wifi_scan_get_ap_records method returns an array of wifi_ap_record_t elements. You have to reserve some memory space to store that array, defining the maximum number of elements you want to retrieve. In my program, I defined therefore the MAX_APs constant:

#define MAX_APs 20
It may sound strange to pass the ap_num variable by reference to the esp_wifi_scan_get_ap_records method. The reason is that the method uses the variable in two ways (inout): as input to find the max capacity of the array passed as the second parameter and as output to return the effective number of networks found and stored in the array.

You can now print on the serial connection the details of the networks found:

printf("Found %d access points:\n", ap_num);
for(int i = 0; i < ap_num; i++)
	printf("%32s | %7d | %4d | %12s\n", 
	(char *)ap_records[i].ssid, ap_records[i].primary, ap_records[i].rssi,
	getAuthModeName(ap_records[i].authmode));

At the end, create an empty task to avoid a continuous reset of the chip:

xTaskCreate(&loop_task, "loop_task", 2048, NULL, 5, NULL);
[...]
void loop_task(void *pvParameter) {
    while(1) { 
        vTaskDelay(1000 / portTICK_RATE_MS);		
    }
}

During the program compilation, remember to activate the wifi module in the menuconfig (Component config – ESP32-specific config):

esp32-wifi01

Here’s the output of the program:

esp-scan02

Wifi-Controlled Christmas Ornaments!

Trimming one’s Christmas tree can be an enjoyable tradition year after year, but every once in a while some variation on  the established order can be just as fun. Seeking some new ornaments to and desiring to flex his skills, Instrucables user [Gosse Adema] created a LED-illuminated, phone-controlled, deltrahedron Christmas tree ornaments.

Wemos DI Mini Pros are the brains of these little guys, WS2182b RGB LED strips — being the superb go-to’s that they are — light the ornament, and a 5 V power supply keep them lit. [Adema] used the Wemos specifically to create a web server unique to each ornament, and goes into incredible detail on how to program each one — now there’s an arrangement of words you wouldn’t expect to see — providing all the code he used, as well as the models to 3D print the deltahedron.

Wireless Christmas Ornaments

[Adema] also provides steps for a non-wireless version in case pulling out all the stops isn’t practical. Don’t forget to decorate the final product!

While this is indeed a merry hedron, one could go the route of a foul-mouthed decoration instead for your custom ornaments.

 


Filed under: Holiday Hacks, led hacks

These Ornaments Measure Christmas Cheer

The ornament projects we post around here tend to be simple, stand-alone projects. We are, however, well into the era of the Internet of Things (like it or not) and holiday ornaments need not be single, unconnected blinking objects. For Christmas this year, [Sean Hodgins]  came up with some connected DIY ornaments that respond to Christmas cheer.

[Sean Hodgins] had some beautiful PCBs done up in festive shapes and he hand-pastes and oven-solders the SMD components on both sides. Each one is battery powered and controlled by an ESP8266. LEDs and a button on the front of each ornament comprise the user interface. When the button is pressed, data is sent to a Phant server and a “Christmas Cheer” counter is incremented. Other ornaments, so long as they can connect to the Phant server, will periodically check the counter. If the Christmas Cheer has increased, the ornaments will play a tune and flash some lights.

The ornaments are open-source — [Sean Hodgins] posted the code and PCB designs on GitHub. They look great, and would be a good way to let people know you’re thinking of them over the holidays. Check out this light-up menorah or these lighted acrylic ornaments for more holiday fun!

 


Filed under: Holiday Hacks, wireless hacks

Password-Free Guest WiFi from Raspberry Pi

Anytime you’re having more than a handful of people over to your place for a wild rager or LAN party (or both), you’ll generally need a way to make sure everyone can get their devices on the network. Normally, this would involve either putting your WiFi password into more phones than you can count or yelling your password across a crowded room. Neither of these options suited [NicoHood] and his partner, however, so he came up with another more secure solution to the WiFi-in-a-crowded-room problem.

He calls his project “guestwlan” and it’s set up to run on a Raspberry Pi with a touch screen. When a potential WiFi user approaches the Pi and requests access to the network, the Pi displays a QR code. Within that code is all of the information that the prospective device needs to connect to the network. For those who have already spotted the new security vulnerability that this creates, [NicoHood] has his guest WiFi on a separate local network just to make sure that even if someone nefarious can access the Internet, it would be more difficult for them to do anything damaging to his local network. As it stands, though, it’s a lot more secure than some other WiFi networks we’ve seen.

[NicoHood] also released his software on Git but it has been configured for use with Arch. He says that it would probably work in a Debian environment (which the Raspberry Pi-specific OS is based on) but this is currently untested. Feel free to give it a try and let us know how it goes.


Filed under: wireless hacks

More Blinky = More Better – The WS2812FX Library

The WS2812 is an amazing piece of technology. 30 years ago, high brightness LEDs didn’t even exist yet. Now, you can score RGB LEDs that even take all the hard work out of controlling and addressing them! But as ever, we can do better.

Riffing on the ever popular Adafruit NeoPixel library, [Harm] created the WS2812FX library. The library has a whole laundry list of effects to run on your blinkenlights – from the exciting Hyper Sparkle to the calming Breathe inspired by Apple devices. The fantastic thing about this library is that it can greatly shorten development time of your garden-variety blinkables – hook up your WS2812s, pick your effect, and you’re done.

[Harm]’s gone and done the hard yards, porting this to a bevy of platforms – testing it on the Arduino Nano, Uno, Micro and ESP8266. As a proof of concept, they’ve also put together a great demonstration of the software – building some cute and stylish Christmas decorations from wood, aluminium, and hacked up Christmas light housings. Combining it with an ESP8266 & an app, the effects can be controlled from a smartphone over WiFi. The assembly video on YouTube shows the build process, using screws and nails to create an attractive frame using aluminium sheet.

This project is a great example of how libraries and modern hardware allow us to stand on the shoulders of giants. It’s quicker than ever to build amazingly capable projects with more LEDs than ever. Over the years we’ve seen plenty great WS2812 projects, like this sunrise alarm clock or this portable rave staff.
As always, blink hard, or go home. Video after the break.


Filed under: Arduino Hacks, Holiday Hacks, led hacks

Creepy Wireless Stalking Made Easy

In a slight twist on the august pursuit of warwalking, [Mehdi] took a Raspberry Pi armed with a GPS, WiFi, and a Bluetooth sniffer around Bordeaux with him for six months and logged all the data he could find. The result isn’t entirely surprising, but it’s still a little bit creepy.

If your WiFi sends out probe requests for its home access points, [Mehdi] logged it. If your Bluetooth devices leak information about what they are, [Mehdi] logged it. In the end, he got nearly 30,000 WiFis logged, including 120,000 probes. Each reading is timestamped and geolocated, and [Mehdi] presents a few of the results from querying the resulting database.

For instance, one person who shared a train commute with [Mehdi] got on at Meriadek and got off at Lycee Dagin on July 14th, and was never seen again. Another fellow train rider’s WiFi sent out probes for a Dominos pizza WiFi BSSID. [Mehdi] points out that you could even figure out which riders knew each other because they often connect to devices with unique IDs, which could be used to correlate them.

Now, all of this is actually more telling about [Mehdi] than anyone else he meets. You can easily tell which train lines he rides and when. But if there were a network of these sniffers scattered around the city, especially if they were made cheaper out of something like an ESP8266 or a used cell phone, one could play NSA on a human-scale budget. (Local laws allowing.)

Is this horrible, creepy, illegal, or yesterday’s news? Hash it out in the comments!


Filed under: wireless hacks

A Smart Wand for all us Muggles

Arthur C. Clarke said that “any sufficiently advanced technology is indistinguishable from magic.” Even though we know that something isn’t “magic”, it’s nice to see how close we can get. [Dofl] and his friends, big fans of the magic in Harry Potter, thought the same thing, and decided to create a magic wand that they could use themselves.

muggle-wand-internalsThe wand itself is 3D printed and has a microcontroller and WiFi board, a voice recognition board, a microphone, and a vibrating motor stuffed inside. The wand converts the voice into commands and since the wand is connected to WiFi, the commands can be used to communicate with your WiFi connected lights (or your WiFi connected anything, really.) Five voice commands are recognized to turn on and off music, the lights, and a “summon” command which is used in the video to request a hamburger from delivery.com. For feedback, the motor is vibrated when a command is recognized.

There’s not much technical information in the original article, but I’m sure our readers could figure out the boards used and could suggest some alternatives to get the wand’s form factor down a bit.  Over the years, other wands have appeared on our pages, using some different technologies.  It’s a fun way to interact with the environment around you, even if you know the “magic” involved is just boring old technology.


Filed under: hardware