Skip to main content

ESP8266: Super compact WiFi Snipper for DeAuth attack

Introduction:

Hello world! Few years ago, a new chip came to the market which started a new revolution! Yes, i am talking about the ESP8266. This chip is  way more powerful in terms of CPU architecture, clock frequency, flash size and power consumption if we compare it with existing arduino boards that usually contains Atmel's AVR controllers.

ESP-01 Module
Actually i bought this ESP-01 modules few years back which was originally flashed with good old serial AT command firmware. Over the time, I figured out that the same chip can be directly programmed through the Arduino IDE. This feature is so amazing that you can practically use all existing arduino libraries and the same IDE to program the ESP8266 according to your need by flashing your own arduino sketch. (Word of caution: It will remove your existing AT commands firmware from the chip)

Okay, but why DeAuth?

[ First of all you must read this, if you don't know anything about deauthentication attack. ]
After experimenting a lot with typical IoT stuff like thingspeak API or Blynk platform, I stopped working with ESP8266 for few months. During this period, I learned about stuff related to penetration testing of Wi-Fi. If you want to know more about cracking WPA handshakes click here to know more because its certainly out of the scope of this post.
I thought, it would be great to build a device which is able to deauth all nearby WiFi devices instead of running deauth attack from terminal by entering bunch of commands. Thus, once again, i decided to pull out my ESP8266 module from the drawer after long time!

Setting it up..

To build your own deauth device, you will need following stuff:
  1. Any ESP8266 module (ESP-01 is smallest & cheapest! I recommend this)
  2. Arduino IDE (Above v 1.6.5)
  3. FTDI / Another Arduino / Any USB to Serial programmer.
 Now, lets assume you have all three things which i mentioned above. Then first you need to add ESP8266 board to your IDE.

Instructions for adding ESP8266 to Arduino IDE:

Please strictly follow all the instructions given below to avoid compilation errors!
  • Start Arduino and open Preferences window.
  • Enter http://arduino.esp8266.com/stable/package_esp8266com_index.json into Additional Board Manager URLs field. You can add multiple URLs, separating them with commas.
  • Open Boards Manager from Tools > Board menu and find esp8266 platform.
  • Select the version 2.0.0 you need from a drop-down box.
  • Click install button.
  • Don't forget to select your ESP8266 board from Tools > Board menu after installation.
  • Go to the file Packages > esp8266 > hardware > esp8266>2.0.0> tools> sdk > include folder and replace existing user_interface.h file with this modified file.
  • Go to  Packages > esp8266 > hardware > esp8266>2.0.0> libraries > ESP8266WiFi folder
  • Replace existing ESP8266WiFi.cpp with this and ESP8266WiFi.h with this file.
 Congrats, you have completely installed ESP8266 SDK with promiscuous mode support by using above modified files. The modified files enables promiscuous mode which is supported but not activated by deafult SDK.

Programming ESP:

For programming ESP8266 through arduino, select proper board settings from arduino IDE and make connections of ESP8266 module with your USB programmer like this.

ESP8266 programming mode
 Usually, for all my projects, i prefer to write my own code because its fun! But for this project, I am going to use a ready made code available on this GitHub link (Thanks to RandDruid) because there is no point in re-writing the new code to generate exactly same format of deauth packets generated by the available code. Though, I have added few more functionalities like Inbuilt LED blink on transmitting each deauth packet to provide visual feedback without need of serial monitor. Feel free to modify the code as per your need.
Flash the given code through arduino IDE. If you are getting connection related erros while flashing, make sure CH_PD pin is tied to Vcc & try playing with connections of RESET & GPIO0 pins ;)
You will definitely figure it out!

Making a battery-mount:

My primary objective was to build the battery-powered super compact deauth device, so i soldered everything on a general purpose PCB. All you need is a battery clip connected to an ESP through a voltage regulator.
First i tried to use a 3.3v regulator for ESP but it didn't worked for me! I guess that was due to low output current of voltage regulator than ESPs requirement. Then i did a little trick here, Even though ESP8266 works at 3.3V and it's recommended to operate on 3.3V, I powered it with 5V regulator (LM7805) & it worked like a charm!! Even though it gets a bit warm after usage, it is still working fine :)

Here are some images of prototype so that you will understand how compact it is:

Top side of PCB

Battery clip is glued to solder side

Working prototype - Blue LED blink indicates deauth frame transmission

Now, you can carry this little WiFi snipper anywhere along with you and it will continuously keep deauthenticating all devices from all routers which are in its range.

I hope you already know the purpose of writing this post is purely intended for knowledge sharing and penetration testing to improve network security. Any unethical use of this type of device will not be appreciated.(Particularly by your neighbours!)

Your sniper is now ready to hunt. Happy DeAuthenticating!! :)
Labels:
Location: Kolhapur, Maharashtra, India

Comments

  1. DougJuly 8, 2017 at 8:01 AM

    The json file doesn't offer a version 2.0.0 from the drop down box, only generic ESP8266 module. Can you clarify this step please?

    ReplyDelete
    Replies
    1. PranjalDecember 17, 2017 at 11:17 PM

      Any version higher than 2.0.0 will do the same work. Just don't forget to copy given cpp & h files as they are tweaked to enable promiscuous mode which is commented by default.

      Delete
  2. Krystian BaranowskiNovember 18, 2018 at 3:42 AM

    Hey, I tried compiling but I get errors - https://pastebin.com/a84P0UjZ

    Could you please have a look? Thank you!

    ReplyDelete

Post a Comment

Popular posts from this blog

Wireless gesture Controlled Robot Using AT89S52

ACCELEROMETER  BASED  WIRELESS  GESTURE CONTROLLED  ROBOT  USING 8051 (ATMEL’S  AT89S52)                        The gesture controlled robot is a special kind of robot which works with your hand gestures. It is possible to control the movement of robot in desired direction just with your hand gestures. You just need to wear a small transmitting device in your hand which included an acceleration meter. This will transmit an appropriate command to the robot so that it can do whatever we want. This robot is mainly divide into 2 parts: 1. Transmitter – The gesture device. 2. Receiver – The Robot. Now let’s discus about transmitter first. The transmitter consist of following analog and digital components: 1. Analog accelerometer ( motion sensor ) 2. Comparator (LM324 OP-AMP) 3. 4-bit Encoder (HT12E) 4. RF transmitter (remote control ) THE GESTURE (TRANSMITTER) DEVICE: Gesture Device THE TRANSMITTER SCHEMATIC: the transmitter schematic THE TRANSMITTER
58 comments
Read more

Let's make an Arduino T-copter from scratch!

STEP-1 Starting up... Hi people, I am back after few months.. I decided to build something "productive" from ATmega chips laying around in my drawer, collecting dust. Still my final exam is not completed, i am busy in my studies.. but i am updating my idea as early as possible on this blog. From the first day, when i saw a multi-rotor UAV i was passionate to build my own multi copter.. And yes, build it from scratch rather than building it using ready made flight controllers like multiwii, kk multicopter etc... I am going make my own RF remote control rather than using a ready made multichannel  transmitters & receivers.. Hope my tricopter will fly as early as possible.. Basic Design (just created in paint): Selection of configuration I am going buy require components after my final exam... lot of work to do.. software, hardware & calculations...!! so stay tuned to build your very own tricopter with me...  (PS. I am trying to understand ma
21 comments
Read more