Daniel Grießhaber made an interesting project on hackaday.io for security of your wifi.
His device, called ESPTool, is based on the common ESP8266-12E and allow to scan wifi network and check security by attempting to crack access. This handy nice device is battery powered for ease of use.
Of course, it is illegal to try cracking another network than yours…
Disclaimer: It is forbidden to use this device on another network than yours and its creator reminds that this project is done in a pedagogical goal. He would not be responsible for a bad usage.
His goal is to make an affordable tool to show it could be easy to crack a wifi key or to jam signal. This tool is done in a pedagogical goal for your personal tests.
There are different softwatre for various attacks and tests of the wifi, but the ESPTool is an elegant and useful mean of performing these tests. Its small size allows you to carry it anywhere and its minimalist interface does it easy to use.
Have-you ever try to use the Aircrack software ? It is complex and you must have a wifi chipset allowing the monitoring mode. Then you have to fill in many commands with many parameters. That is what the ESPTool tries to automated.
Wifi security for everyone !
Hardware
This is the second revision of the PCB, to correct some blocking bugs interesting for those who have working with the ESP8266. this version would allow to evaluate the board and test the idea. A third version would iprove routing like restict zone of the PCB antenna under the ESP8266…
David discovered than the second SPI port on the bottom of the ESP12E module is internaly connected to the Flash memory for the code of the ESP. Actually, the flash memory uses a SDIO port and not SPI, on these pins what mean that all pins on the bottom of the ESP12E are in fact used. The main advantage I see is to allow to use another flash memory. Fortunately, a secon pot is available on the pins 12-15.
Moreover, pins use to boot into normal or programming mode could be used as GPIOs. For example, pin GPIO2 must be pulled high at startup for normal mode and pulled low for programming mode. But once system has booting, this pin could be reassigned as GPIO. The same for pins GPIO0 and GPIO5.
The schematic of the board are strongly inspired from the open-source NodeMCU but instead exposed all pins on connectors for others usages, they are all used by the hardware of the ESPTool.
Main elements of the board are:
- OLED display based on the SSD1306 controller, connected on I2C
- microSD card connected on the SPI port
- 3 buttons for a general use
- ESP8266-12E Module
- TPS63031 Buck/Boost regulator with an input voltage from 1.8V to 5.5V
- MCP73831 charger for a LiPo cell
- USB-UART converter CP2012
Software
Of course, the software is the main element of the project where all the security functions of the wifi are implemented. Developmment is in progress but it would be available on Github.
Here are the main functionalities accordingly to the OSI model:
- Layer 1 – Physical Layer:
- Since the ESPs Radio is not really configurable it is not possible to create a WiFi Jammer that works by emitting broadband noise or any other Layer 1 attacks
- Layer 2 – Data Link Layer:
- Deauthentification attack
- collecting authentification frames and save the keys to SD card for later decryption (using a wordlist on a computer, the ESP neither has enough memory nor enough processing power to crack them on the system)
- arp spoofing and session hijacking when connected (needs investigation)
- evil twin hotspot
- Layer 3 (after connecting to an AP) – Network Layer:
- Host discovery (IP Scanner)
- Ping flooding (ICMP Pings)
- Layer 4 (after connecting to an AP) – Transport Layer:
- Port Scan on Host
Incognito Features (TBD):
- Random MAC-Address on Power Up
- Random Mac Address while performing critical Tasks