New Software for a Familiar Board
In a previous article, entitled Being a Wi-Fi Jerk with the ESP8266 NodeMCU and esp8266_deauther, I talked about setting up a cheap $4 ESP8266 NodeMCU board with a flash image called esp82666_deauther. Among other things, it’s used to deauthenticate wireless clients from whatever wireless access point they’re connected to. On esp_8266, this must be done in a vary deliberate manner. You must select which AP you want to deuath from the web interface after connecting to the NodeMCU, and manually initiate the deauth, which then works only against one AP at a time.
I remember reading in the FAQ for that project where someone asked if the author would change the application so that the board would easily deuath all networks it was able to see. The author of the project said that he wasn’t going to do that, as it wouldn’t be productive and would just be used for nefarious purposes (I’m paraphrasing). Ah but this is the world of open source, and if he won’t do it, someone else will.
That brings use to a fork of that original esp8266_deauther project, which is called Wi-PWN. The Wi-PWN project is also open source and is available via GitHub. You can flash the precompiled binary images, which are available here, to your NodeMCU following the same instructions that I outlined in a previous article.
Connecting to the board is similar to the previous firmware, but the default SSID is Wi-PWN and the PSK is rootaccess. The default IP address to connect to is still 192.168.4.1.
New Features
So what does this project bring to the table that esp8266_deauther didn’t? A few things.
First, the UI has been revamped and is slightly prettier. Not a huge deal, but nice. The initial setup has also changed. By default there is no WPA2 password. When you power on and connect to the device after flashing, still at 192.168.4.1, you are presented with a page asking you not to be a jerk.
After agreeing to disagree, you are presented with a page that lets you set a wireless key and the SSID. The default is rootaccess. You are also able to enable “dark mode,” which is just a CSS change, and makes the UI look similar to the esp8266_deauther project.
The second change is the option to use the device as a deauth detector. This will show you if someone is trying to deauth you in the same way you’re probably going to use this to deauth someone else. You can access this option via the “Detector” tab.
The rest of the UI is fairly similar and follows the same workflow. Scan for networks, pick one. Optionally scan for clients on the network. Choose to deauth an entire network or a specific client. Optionally launch other attacks like bogus SSID flood or SSID cloning. We’ve seen that all before with esp8266_deauther. Where this project really shines though, is the third new item.
The third change, and probably the most important, is the ability to deauth all 2.4Ghz wireless networks within range using the hard “flash” button on the NodeMCU board itself. This is great, since you don’t have to pull out a phone or tablet and connect to the device in order to initiate an attack. Just power on the device, wait a few seconds, and press the flash button. The LED will turn blue, and havoc will commence.
This makes it very easy to stow the device away in a pocket or backpack, connect it to a portable USB battery, and just let it do its thing without looking suspicious. Given the low power that this board requires as well, attached to even a decent sized battery, it should run for days.
Final Thoughts
Overall I’d say that this is a pretty worthy upgrade to a solid project. All of the new features are much appreciated and I’m glad to see that someone has taken the old project and continued it on. I hope it’s continually updated and will keep an eye on it.
This project was brought to my attention a couple months ago by “The Other Jason” – someone whom I have known locally for years. Thanks for showing me this — sorry it took so long for me to find the time to play with it.