قالب وردپرس درنا توس
Home / Tips and Tricks / Hack networks and devices right from your wrist with the Wi-Fi Deauther Watch «Null Byte :: WonderHowTo

Hack networks and devices right from your wrist with the Wi-Fi Deauther Watch «Null Byte :: WonderHowTo



Travis Lin’s Deauther watch is the physical manifestation of Spacehuhn’s Wi-Fi Deauther project, and it’s designed to let you control the Deauther project right from your wrist without the need for a computer. That’s pretty cool if you want to do all the interesting things that Wi-Fi Deauther can do without connecting it to a device.

If you missed our guide on how to use an ESP8266-based Wi-Fi Deauther, you may be confused about what the Deauther does. First, it can create authentication and disassociation packages, which can kick devices from the same Wi-Fi network that the Deauther is attacking. It can do this over and over and constantly block the network so that devices cannot connect or stay connected.

Wi-Fi security cameras are an interesting use case for this type of attack. You could use Deauther Watch̵

7;s wearable hacking tool and then track down the Wi-Fi network to which a security camera you come across is connected, then send out a deauth attack to kick the network’s cameras so you can skate past unnoticed.

The Wi-Fi Deauther project can scan for both nearby access points and connected devices, and it can even clone any Wi-Fi network it sees. It can also generate dozens of fake Wi-Fi networks with any name you want, check channels for packet traffic between devices, and do all of this from a nice built-in interface.

What you need:

Now you can build a Deauther watch yourself if you want to buy all the components individually, but I recommend checking out one of the links below to choose a pre-flashed watch with all the parts included.

Python 3 is also needed if you need to reinstall the firmware from scratch.

Step 1: Flash from Scratch (if necessary)

The Deauther Watch should be pre-flashed with the correct firmware, but if the software is missing, the software is corrupted, or something is not working properly, you can install or reinstall it. In any of these cases, make sure that you have the esptool installed with:

~$ pip3 install esptool

Collecting esptool
  Downloading https://files.pythonhosted.org/packages/68/91/08c182f66fa3f12a96e754ae8ec7762abb2d778429834638f5746f81977a/esptool-2.8.tar.gz (84kB)
    100% |████████████████████████████████| 92kB 928kB/s
Requirement already satisfied: ecdsa in /usr/lib/python3/dist-packages (from esptool) (0.13)
Collecting pyaes (from esptool)
  Downloading https://files.pythonhosted.org/packages/44/66/2c17bae31c906613795711fc78045c285048168919ace2220daa372c7d72/pyaes-1.6.1.tar.gz
Requirement already satisfied: pyserial>=3.0 in /usr/lib/python3/dist-packages (from esptool) (3.4)
Building wheels for collected packages: esptool, pyaes
  Running setup.py bdist_wheel for esptool ... done
  Stored in directory: /root/.cache/pip/wheels/56/9e/fd/06e784bf9c77e9278297536f3df36a46941c885eb23593bb16
  Running setup.py bdist_wheel for pyaes ... done
  Stored in directory: /root/.cache/pip/wheels/bd/cf/7b/ced9e8f28c50ed666728e8ab178ffedeb9d06f6a10f85d6432
Successfully built esptool pyaes
Installing collected packages: pyaes, esptool
Successfully installed esptool-2.8 pyaes-1.6.1

Then go to the Releases page of Spacehuhn’s Wi-Fi Deauther project on GitHub to make sure you get the most recent firmware version. Find and download the BIN file for the most recent Deauther Watch, which is currently one of the following:

https://github.com/SpacehuhnTech/esp8266_deauther/releases/download/2.6.0/esp8266_deauther_2.6.0_DSTIKE_DEAUTHER_WATCH.bin

https://github.com/SpacehuhnTech/esp8266_deauther/releases/download/2.6.0/esp8266_deauther_2.6.0_DSTIKE_DEAUTHER_WATCH_V2.bin

If you’re having trouble installing the firmware, Spacehuhn’s Wi-Fi Deauther Wiki on GitHub is a great resource to find the necessary commands and some tips and tricks for installing the BIN file on the Watch.

Connect the ESP8266 microcontroller on the Deauther Watch to your computer with a micro USB cable and locate the port it is connected to. Use for this ls /dev/cu.* on macOS, dmesg | grep tty on Linux, or by searching in Device Manager for the with port in Windows. We have many microcontroller guides that show you the location of the port in more detail, so check one out if you’re having trouble.

If you have the correct port, flash the firmware with the following command. Make sure to replace them / dev / ttyUSB0 with the port your Deauther wristband is connected to and change the BIN file name if it is not the same version.

esptool.py -p /dev/ttyUSB0 write_flash -fm dout 0x0000 esp8266_deauther_2.6.0_DSTIKE_DEAUTHER_WATCH.bin

This should write the firmware to the device but the screen may not turn on.

Step 2: turn on the screen (if necessary)

If your Deauther Watch screen is not working, you need to turn it on. The Wi-Fi Deauther Wiki has a good resource for the setup screen and buttons if you need them at any time.

While your Deauther Watch is still connected to your computer via a micro USB cable, connect to screen with the following command. You need to replace the port with the one your Deauther Watch is connected to.

~$ screen /dev/ttyUSB0 115200

MicroPython v1.15 on 2021-05-14; ESP module with ESP8266
Type "help()" for more information.
>>>

Alternatively, you can connect to it in Arduino IDE. If you want to go that route, open Arduino IDE, click “Tools” in the menu, select “Port” and choose the port of your connected Deauther Watch. Then press Command-Shift-M on your keyboard or click the serial monitor button in the current window to open the serial monitor

Once connected, via a terminal or Arduino IDE, you type help out to see a list of commands and confirm that you are connected correctly. You should see output as below.

>>> help

[===== List of commands =====]
help
scan [] [-t 
========================================================================
for more information please visit github.com/spacehuhn/esp8266_deauther
========================================================================

Now run the following commands in your terminal or Arduino IDE to turn on the screen.

>>> set display true;;save settings

You may need to restart the device for the settings to take effect. When backing up, the screen should now work!

Step 3: Create a reactive target (optional)

To have something legal to practice on, it’s good to create a reactive target, which is basically a device on a Wi-Fi hacking test network. One can be created from the standard Arduino IDE “WiFiAccessPoint” sketch for ESP8266-based microcontrollers such as the D1 Mini.

Kody Kinzie has a custom sketch of his WiFiHackingWorkshop project on GitHub. The sketch is the ReactiveTarget.ino file, so make sure to grab this. Download that and then flash it to your ESP8266. The code box below shows the contents of the ReactiveTarget.ino file if you want to rebuild it yourself.

If you need help with this, check out my previous guide on how to legally play Wi-Fi hacking games with microcontrollers, which shows a similar step.

// SIMPLE Wi-FI LINK MONITOR BY SKICKAR - Based on Henry's Bench Wi-Fi link checker
// This project has the goal to connect an ioT device to a Wi-Fi network and monitor the ability to establish a normal wireless connection.
// The project uses only three componants - A nodeMCU, a breadboard, and one RGB LED.
    #include  // First, we include the libraries we need to make this work on the ESP8266
#include 
#include 

    const char* ssid     = "Control"; // Next, we set the name of the network to monitor.
    const char* password = "testytest"; // After that, we enter the password of the network to monitor.
    int wifiStatus; // Here, we create a variable to check the status of the Wi-Fi connection.
    int connectSuccess = 0, highTime = 500, lowtime = 500; // And now, we set a variable to count the number of times we've been able to successfully connect, and how long the LED will stay on and off for.

void red() { // Here, we will map a function called "red" to the right pin that will light up the red LED for the amount of time we defined in hightTime for how long it is lit, and lowTime for how long it is off each time we pulse a red LED.
      digitalWrite(D1, HIGH), delay(highTime), digitalWrite(D1, LOW), delay(lowtime);  // We map the red function to the D5 pin, so that each time we call red() it will pulse power on the D5 pin.
}
void green() { // We do the same with green, mapping the D6 pin to the green() function.
      digitalWrite(D2, HIGH), delay(highTime), digitalWrite(D2, LOW), delay(lowtime);
}
void blue() { // Finally, we do the same with blue, mapping it to the D7 pin.
      digitalWrite(D3, HIGH), delay(highTime), digitalWrite(D3, LOW), delay(lowtime);
}
void setup() { // The setup function runs only once when the device starts up.
  unsigned long previousMillis = 0;        // will store last time LED was updated

// constants won't change:
const long interval = 1000;           // interval at which to blink (milliseconds)

  pinMode(D1, OUTPUT), pinMode(D2, OUTPUT), pinMode(D3, OUTPUT); // In this case, we will activate the D5, D6, and D7 pins for output mode.
      WiFi.begin(ssid, password); // The last part of setup we will write is to start the Wi-Fi connection process.
      }

void loop() { // This loop will run over and over again, unlike the setup function, which will only run once.
          HTTPClient http;
          http.begin(/*client, */ "http://192.168.4.1");

        int httpCode   = http.GET();
        String payload = http.getString();

        if (httpCode > 0) {
        } else {
            Serial.printf("ERROR %dn", httpCode);
        }

      //delay(1000); // Set a delay of one second per cycle of checking the status of the link.
      wifiStatus = WiFi.status(); // First, we'll check the status of the Wi-Fi connection and store the result in the variable we created, wifiStatus.
      if(connectSuccess == 0){ blue();} // If device is not connected and never has successfully connected, flash the blue light. This could mean the network doesn't exist, is out of range, or you misspelled the SSID or password.
      if(wifiStatus == WL_CONNECTED){ green(), connectSuccess ++; } // If the device is connected, flash the green light, and add one to the count of the "connectSuccess" variable. This way, we will know to flash the red light if we lose the connection.
      else if(connectSuccess != 0){ red(); } // If the connection is not active but we have been able to connect before, flash the red LED. That means the AP is down, a jamming attack is in progress, or a normal link is otherwise impossible.

}

This sketch constantly checks if a Wi-Fi network is accessible, if the device can connect to it, or if it is blocked. If it is blocked the ESP8266 will go ahead and alert me with a red flash, and if it can connect successfully, it will let me know with a green flash. If no connection can be established at all, meaning something is wrong with my access point, the ESP8266 will flash blue.

Step 4: Scan for target networks

Now we can turn on the Deauther Watch by flipping the switch on the side. From the watch’s main menu, use the slide switch to adjust the SCAN option, and then press the slide switch to open the scan menu.

Image by Retia / Null Byte

From the scan menu you can decide to scan for access points (SCAN APs), stations (SCAN STATIONS) or both (SCAN AP + ST). After you have decided where to scan and selected it with the jog wheel, press the jog wheel to start the scan.

Image by Retia / Null Byte

After the scan is complete, it will show you how many APs, drives, or both have been found. Now go back to the main menu and open it SELECT menu. Here you can see APs or drives detected by the scan.

Image by Retia / Null Byte

Then go through the options APs, Stations, Names and SSIDs until you find your reactive target. Select your target and press the scroll wheel to highlight the target with an asterisk

and save it in the target list.

Step 5: Attack a targeted network Go back to the main menu and select it ATTACK menu item this time. Once there you have the option to use itDEAUTH ,BEACON , or PROBE

to attack.

If you want to clone this over and over again, you can use the beacon attack. If I want to send some probe frames looking for this network or device try the probe attack. I’m going to select the deauth attack. SelectDEAUTH then go downstairs GET STARTED

Hack networks and devices right from your wrist with the Wi-Fi Deauther Watch

Image by Retia / Null Byte

You should successfully block the target’s WiFi and the reactive target should no longer connect to the WiFi network. When you’re ready to quit, you can press the scroll key again to stop the attack, and the reactive target can rejoin the network.

This was just a brief demonstration of how to use the Deauther Watch to scan, select, and attack a network. To attack the device again, simply restart the attack.

Play safe with your Deauther Watch

Don’t Miss: Generate Crackable Wi-Fi Handshakes with ESP8266 Based Test Network Do you want to earn money as a white hat hacker?

Jump-start your hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and get over 60 hours of training from cybersecurity professionals.

Buy now (90% discount)>

Other worthwhile deals to check out:

Cover photo by Retia / Null byte


Source link