Affordable WiFi hacking platform for testing and learning

arduino attack board deauth deauther esp8266 hack hacktoberfest scanning wifi

Go to file

Stefan Kremser b99a5d2967 Merge remote-tracking branch 'origin/master'		2017-03-31 12:28:36 +02:00
.github	Update issue_template.md	2017-03-22 09:56:07 +01:00
esp8266_deauther	hopefully fixed clientscan bug	2017-03-25 10:50:56 +01:00
screenshots	Readme changes & new images	2017-02-27 19:06:54 +01:00
sdk_fix	Added infos to install the SDK fix	2017-03-03 00:57:31 +01:00
web_server	Splitted JS part of the HTML files	2017-03-12 23:31:16 +01:00
.gitignore	Initial commit	2017-01-07 14:39:23 +01:00
LICENSE	Initial commit	2017-01-07 14:39:23 +01:00
README.md	fixed a few spelling errors	2017-03-14 21:53:27 +01:00

README.md

ESP8266 Deauther

Deauthentication attack and other hacks using an ESP8266.

Introduction
Disclaimer
Installation
- Uploading the bin files
- Compiling the source with Arduino
How to use it
FAQ
License
Sources and additional links

Introduction

What it is

Basically it’s a device which performs a deauth attack.
You select the clients you want to disconnect from their network and start the attack. As long as the attack is running, the selected devices are unable to connect to their network.
Other attacks also have been implemented, such as beacon or probe request flooding.

How it works

The 802.11 Wi-Fi protocol contains a so called deauthentication frame. It is used to disconnect clients safely from a wireless network.

Because these management packets are unencrypted, you just need the mac address of the Wi-Fi router and of the client device which you want to disconnect from the network. You don’t need to be in the network or know the password, it’s enough to be in its range.

What an ESP8266 is

The ESP8266 is a cheap micro controller with built-in Wi-Fi. It contains a powerfull 160 MHz processor and it can be programmed using Arduino.

You can buy these chips for under $2 from China!

How to protect against it

With 802.11w-2009 Wi-Fi got an update to encrypt management frames. So make sure your router is up to date and has management frame protection enabled. But note that your client device needs to support it too, both ends need to have it enabled!

The only problem is that most devices don’t use it. I tested it with different Wi-Fi networks and devices, it worked every time! It seems that even newer devices which support frame protection don’t use it by default.

Disclaimer

Use it only for testing purposes on your own devices!
I don't take any responsibility for what you do with this program.

Please check the legal regulations in your country before using it. Jamming transmitters are illegal in most countries and this device can fall into the same category (even if it’s technically not the same).

My intention with this project is to draw attention to this issue. This attack shows how vulnerable the 802.11 Wi-Fi standard is and that it has to be fixed. A solution is already there, why don’t we use it?

Installation

The only thing you will need is a computer and an ESP8266.

I recommend you to buy a USB breakout/developer board, because they have 4Mb flash and are very simple to use. It doesn’t matter which board you use, as long as it has an ESP8266 on it.

You have 2 choices here. Uploading the bin files is easier but not as good for debugging, so keep that in mind in case you want to open an new issue.

Uploading the bin files

Note: the 512kb version won't have the full MAC vendor list.

0 Download the current release from here

1 Upload using the ESP8266 flash tool of your choice. I recommend using the nodemcu-flasher. If this doesn't work you can also use the official esptool from espressif.

That's all! :)

Make sure you select the right com-port, the right upload size of your ESP8266 and the right bin file.

Compiling the source with Arduino

0 Download the source code of this project.

1 Install Arduino and open it.

2 Go to File > Preferences

3 Add http://arduino.esp8266.com/stable/package_esp8266com_index.json to the Additional Boards Manager URLs. (source: https://github.com/esp8266/Arduino)

4 Go to Tools > Board > Boards Manager

5 Type in esp8266

6 Select version 2.0.0 and click on Install (must be version 2.0.0!)

7 Go to File > Preferences

8 Open the folder path under More preferences can be edited directly in the file

9 Go to packages > esp8266 > hardware > esp8266 > 2.0.0 > tools > sdk > include

10 Open user_interface.h with a text editor

11 Scroll down and before #endif add following lines:

typedef void (*freedom_outside_cb_t)(uint8 status);
int Wi-Fi_register_send_pkt_freedom_cb(freedom_outside_cb_t cb);
void Wi-Fi_unregister_send_pkt_freedom_cb(void);
int Wi-Fi_send_pkt_freedom(uint8 *buf, int len, bool sys_seq);

don't forget to save!

12 Go to the SDK_fix folder of this project

13 Copy ESP8266Wi-Fi.cpp and ESP8266Wi-Fi.h

14 Past these files here packages > esp8266 > hardware > esp8266 > 2.0.0 > libraries > ESP8266Wi-Fi > src

15 Open esp8266_deauther > esp8266_deauther.ino in Arduino

16 Select your ESP8266 board at Tools > Board and the right port at Tools > Port
If no port shows up you may have to reinstall the drivers.

17 Upload!

Note: If you use a 512kb version of the ESP8266, you need to comment out a part of the mac vendor list in data.h.

Your ESP8266 Deauther is now ready!

How to use it

First start your ESP8266 by giving it power.

You can use your smartphone if you have a USB OTG cable.

Scan for Wi-Fi networks and connect to pwned. The password is deauther.
Once connected, you can open up your browser and go to 192.168.4.1.

You can now scan for networks...

scan for client devices...

Note: While scanning the ESP8266 will shut down its access point, so you may have to go to your settings and reconnect to the Wi-Fi network manually.

...and start different attacks.

Happy hacking :)

FAQ

Could it auto-deauth all APs in the range?

Yes, but I will not implement this 'feature' for ethical and legal reasons.

Can it sniff handshakes?

The ESP8266 has a promiscuous mode in which you can sniff packets, but handshake packets are dropped and there is no other way to get them with the functions provided by the SDK.
Maybe someone will find a way around this barrier.

espcomm_sync failed/espcomm_open when uploading

The ESP upload tool can't communicate with the chip, make sure the right port is selected!
You can also try out different USB ports and cables.
If this doesn't solve it you may have to install USB drivers.
Which drivers you need depends on the board, most boards use a cp2102 or ch340.

AP scan doesn't work

There is a reported issue on this: https://github.com/spacehuhn/esp8266_deauther/issues/5
Try out switching the browser or open the website with another device.

Deauth attack won't work

If you see 0 pkts/s on the website you've made a mistake. Check if you have followed the the installation steps correctly and that the right SDK installed, it must be version 2.0.0!
If it can send packets but your target don't loose its connection then the Wi-Fi router uses 802.11w and it's protected against such attacks or they communicate via 5 GHz Wi-Fi, which the ESP8266 doesn't support.

###If you have other questions or problems with the ESP8266 you can also check out the official community forum.