This tutorial is for educational purposes and security testing experiments only. Please do not use it illegally!
Background Introduction:
The De-authentication Flood Attack, commonly referred to as Deauth Attack, is a form of denial-of-service attack on wireless networks. It aims to change the client’s status to unassociated/unverified by spoofing the de-authentication frames sent from the AP to the client.
This is based on the open-source project esp8266_deauther by Spacehuhn on GitHub.
Firmware project link: https://github.com/spacehuhn/esp8266_deauther
Chinese version of the firmware link: https://pan.baidu.com/s/1bo7VHb5 Password: 5ktp
The board used in this article is the relatively inexpensive NodeMCU (around 15-25 yuan including shipping). Since the ESP8266 only supports 802.11bgn, the following experiments are limited to 2.4G WiFi testing. It does not support 5G Wi-Fi!
Let’s briefly discuss the deployment methods and precautions.
esp8266_deauther is developed using Arduino, and it is open-source. We need to prepare Arduino IDE, ESP8266 development package, and a NodeMCU board.
Let’s get started:
1. Install Arduino. You can download it here: https://www.arduino.cc/en/Main/Software
The array deauthPacke is the structure for the deauth attack.
2. After installation, open Arduino, then go to File\Preferences, find the additional board manager URLs option, and fill in http://arduino.esp8266.com/stable/package_esp8266com_index.json
3. Open the menu Tools\Board\Board Manager, find the ESP8266 module, select version 2.0.0 (must be 2.0.0) and install it.
Installation may be difficult due to firewall issues, and sometimes you may need to use a VPN.
4. Open the menu File\Preferences again and click here to enter the SDK edit directory.
5. Navigate to packages\esp8266\hardware\esp8266\2.0.0\tools\sdk\include directory and copy the user_interface.h from the sdk_fix folder in the downloaded esp8266_deauther source code to this directory, replacing the original file.
6. Find packages\esp8266\hardware\esp8266\2.0.0\libraries\ESP8266WiFi\src directory and copy the ESP8266WiFi.cpp and ESP8266WiFi.h from the sdk_fix folder in the downloaded esp8266_deauther source code to this directory, replacing the original files.
7. In the menu, select Tools\Board\NodeMcu 1.0 (ESP-12E Module), and choose the corresponding board based on the ESP8266 development board you purchased. Make sure to select the correct port for the board; otherwise, you cannot upload the compiled firmware. Then click the upload button in the toolbar to compile and upload the firmware.
Power Supply Method:
The supported voltage range is: 3V-12V, with a built-in voltage regulator module. Current below 3A. Common power supply methods include: 1 18650 battery, power bank, computer USB interface, Android phone charger, and phones with OTG function can be powered directly from the phone.
Using the Tool:
Turn on the device, the blue light will blink once, then connect to the tool’s WiFi signal “HH” with your phone. Then enter the backend at 192.168.199.1/backdoor.html in the browser.
(From left to right is the tool’s backend, the client pops up automatically)
Due to the potential security risks of this tool that can interfere with WiFi and affect customers, I have deleted the WEB files. This article only provides the idea for production. Interested parties can request the WEB files from me.
Additionally, we summarize the attack methods and characteristics of the hardware used in this experiment:
1. Comprehensive Attack
Simply taking all clients offline is meaningless for the attacker, but this attack method can be combined with phishing Wi-Fi applications. After blocking the available networks around you, a forged node named “CMCC” or “ChinaNet” can be launched to steal phone numbers, passwords, or verification codes.
2. Strong Concealment
The portability and concealment of the ESP8266 are stronger, as it can be powered directly from a phone or power bank: imagine placing it inside a power bank case and using phone power, making it very difficult to detect. Its concealment is much higher than carrying a computer and antenna.
Testing Effectiveness
Open the web interface. Click “scan” to scan for WiFi, select the WiFi you want to attack; click Attacks to choose the attack method:
Deauth: The attacker can arbitrarily send “de-authentication” packets to forcibly disconnect the AP from the client.
Beacon: The attacker forges a large number of non-existent AP information in the Beacon frames, which cannot provide services to STA, and STA cannot find the real AP from a large number of forged Beacon information, making it unable to connect to WiFi normally.
Probe-Request: Your device sends this management frame to check if the networks it previously connected to are currently around. If there are networks within range that have been accessed before, the corresponding hotspot will respond with a “probe-response” frame.
Follow us. The story begins here.
Black and White Sky
DNSIL Technology
Business Cooperation: [email protected]
Follow the world of black and white to understand the tricks and share technology front-end.