Creating a Wi-Fi DOS Attack Tool – Wi-Fi Deauther

The 802.11 WiFi protocol includes a Deauthentication feature, which is designed to disconnect users from the network. Attackers can use a forged source address from a wireless AP to send a Deauthentication attack data packet to the transmitter at any time.

This protocol does not require encryption for the Deauthentication attack framework, nor does it require session establishment. This vulnerability was proposed to be addressed in 802.11w-2009, but almost all manufacturers have it disabled by default.

In simple terms, this device can disconnect your connected devices from Wi-Fi and prevent them from reconnecting, similar to a DOS attack. It also has a flood feature that can clone a bunch of Wi-Fi networks, making it hard to distinguish between real and fake.

1. Arduino IDE (essential for detours 🙂

Includes the following: esp8266 development environment

2. Python and esptool

1. WeMoS ESP8266 NODEMCU development board (with 0.96 OLED and 18650 battery holder) *1

2. 18650 battery *1

3. Antenna (DB>5.5)

4. ESP-07 *2 (don’t ask me why two)

5. W25Q32 chip *2

The above materials can all be found on Taobao

Tools:

1. Soldering iron and hot air gun

2. Tweezers

3. Rosin, solder, flux 🙂

Temperature:

Hot air gun and soldering iron can be set to 350-380 degrees

Step One: Unbox….

Step Two: Handle ESP-07

Heat the ceramic antenna, 0-ohm resistor (the black one near the antenna), and flash with a hot air gun, then remove with tweezers. (It’s best to follow my order)

The first time I removed it, both the LED and the board were damaged (you can tell by looking closely at the picture). The back cover needs to be heated for a long time. Due to inexperience, I overheated it, so it’s best to buy two to get a feel for it the first time.

The second time, I got the hang of it, and it was very successful. Then I replaced the W25Q32, and after heating, it still wouldn’t stick, so I added some solder myself.

Friendly reminder: there is a small groove on the flash, just make sure the groove orientation is consistent.

Then stick the cover back on and test it with power!

Step Three: Handle ESP8266

First, blow off the OLED screen (blow from the back of the board)

Then blow off the ESP8266

Then replace it with the ESP-07, it’s best to solder it after heating

Then test it with power

If the ESP-07 and the onboard light are on, it’s OK, just stick the screen back on

Step Four: Flash the firmware

Connect to the computer and check the COM port in Device Manager

Use esptool to format the flash

esptool -- port COM3 erase_flash
Most are:
esptool.py -- port COM3 erase_flash

The following is a detour:

Go to obtain firmware and replace the attachment I sent (configuration that supports OLED screen)

Then compile and upload

Transmission parameters

Then you will encounter the following error

How to solve it?

When uploading, connect GPIO00 of the ESP-07 to GND with a jumper wire

Actually, choosing WeMoS is fine. I mention the above method because most environment setup tutorials talk about it, which is more universal, and the solution is also very common.

Next, the firmware was successfully burned!

Let’s take a look at the detour running diagram

Is everything over??? NO, NO, NO

Test the functionality, and you will find everything is normal, but there is no actual attack effect!

Otherwise, how could it be called a detour? I spent an afternoon looking for the reason. I found nothing, maybe it only supports its own hardware better (there are Chinese partners selling it on Taobao)

A moment of awkwardness…….

There is always a way out. You can look at its previous versions.

Seeing version 1.6 directly has firmware that supports the sh1106 screen

How to play with bin?

Just use esptool to burn flash.

esptool --port COM3 --baud 460800 write_flash --flash_size=detect 0 esp8266_deauther_1mb_oled_sh1106.bin (replace esp8266_deauther_1mb_oled_sh1106.bin with the firmware file name)
Most are:
esptool.py --port COM3 --baud 460800 write_flash --flash_size=detect 0 esp8266_deauther_1mb_oled_sh1106.bin (replace esp8266_deauther_1mb_oled_sh1106.bin with the firmware file name)

Let’s run it and see

It runs fine, let’s test the functionality.

Flood, deauth attack

Great, it disconnects in 3 seconds! It also cloned a bunch!

Hey, I’ve been annoyed by my wife Yan for a long time, let me help you!

Supports web management, Wi-Fi name pwned, password deauther!

There are many tutorials online that directly use ESP8266 without screens and buttons, and you can control the attack through the web. Therefore, everyone can buy WeMoS directly to burn, which has a screen and buttons, but without a gain antenna, it is still weak! As for version 2.0, I have included the modified display configuration file from Master Angel of w3bsafe along with the v1.6 firmware in the attachment.

To summarize: This is my first time building hack hardware and my first time playing with ESP. Thanks to all the masters who helped me! Especially thanks to Master Angel! If there’s anything wrong, all masters are welcome to point it out!

Finally, a very important point, please use it responsibly!

KanXue ID: raax

bbs.pediy.com/user-805204

This article is original by KanXue Forum raax

Please indicate the source from KanXue Community when reprinting

2019 KanXue Security Developer Summit tickets are on sale!

Long press to identify the QR code below, to enjoy 75% off discount!

Official Account ID: ikanxue

Official Weibo: KanXue Security

Business Cooperation: [email protected]

Click on the original text to see what everyone is saying?