Wi-PWN
Sponsor this project
ESP8266 firmware for performing deauthentication attacks, with ease.
- Fast & responsive Material Design UI, with optional dark mode
- Integrated Deauth Detector (with full customization)
- WiFi client mode - Access Wi-PWN on a WiFi network
- Info page with total packets sent, uptime, memory usage, check for updates...
- Easy to use translation engine - want to translate it to your own language? Simply go over here and ask!
Table of Contents
Introduction
What is Wi-PWN
Wi-PWN is a firmware that performs deauth attacks on cheap Arduino boards. The ESP8266 is a cheap micro controller with built-in Wi-Fi. It contains a powerful 160 MHz processor and it can be programmed using Arduino.
A deauthentication attack is often confused with Wi-Fi jamming, as they both block users from accessing Wi-Fi networks.
How it works
The 802.11 Wi-Fi protocol contains a so called deauthentication frame. It is used to disconnect clients safely from a wireless network.
Because these management packets are unencrypted, you just need the MAC address of the Wi-Fi router and of the client device which you want to disconnect from the network. You don’t need to be in the network or know the password, it’s enough to be in its range.
How to protect against it
With the 802.11w-2009 updated standards, management frames are encrypted by default.
802.11w is rarely used in the real world as both the router and the client device need to support this standard, otherwise they won't be able to connect to the routers.
Updating to the 802.11w standard is often expensive and difficult due to the vast devices of legacy devices not supporting the new standard. Because of the maintenance nightmare, over 95% of devices use the vulnerable 802.11 standard — even though newer devices support newer standards.
Installation
Requirements:
- ESP8266 module (any board)
- Micro-USB cable
- Computer
I would recommend getting a USB breakout/developer board, mainly due to the 4Mb of flash and simplicity.
In order to upload the Wi-PWN firmware, you can use one of two methods. The first method is easier overall but using Arduino is better for debugging. YOU ONLY NEED TO DO ONE OF THE INSTALLATION METHODS!
Install the necessary drivers
There are two variants of UART converters that ESP8266 boards use:
CP210x | CH34x |
---|---|
Drivers | Drivers |
Method 1: Flashing with NodeMCU-Flasher
-
Download the current release of Wi-PWN
-
Upload the
.bin
file using the nodemcu-flasher. Alternatively you can use the official esptool from espressif. -
Connect your ESP8266 (making sure the drivers are installed) and open up the NodeMCU Flasher
-
Go to the
Advanced
tab and select the correct values for your board. -
Navigate to the
config
tab and click the gear icon for the first entry. -
Browse for the
.bin
file you just downloaded and click open. -
Switch back to the
Operation
tab and click Flash(F).
Method 2: Compiling with Arduino
-
Download the source code of this project.
-
Install Arduino and open it.
-
Go to
File
>Preferences
-
Add
http://arduino.esp8266.com/stable/package_esp8266com_index.json
to the Additional Boards Manager URLs. (refer to https://github.com/esp8266/Arduino) -
Go to
Tools
>Board
>Boards Manager
-
Type in
esp8266
-
Select version
2.0.0
and click onInstall
(must be version 2.0.0!)
-
Go to
File
>Preferences
-
Open the folder path under
More preferences can be edited directly in the file
-
Go to
packages
>esp8266
>hardware
>esp8266
>2.0.0
>tools
>sdk
>include
-
Open
user_interface.h
with a text editor -
Just before the last line
#endif
, add the following:
typedef void (*freedom_outside_cb_t)(uint8 status);
int wifi_register_send_pkt_freedom_cb(freedom_outside_cb_t cb);
void wifi_unregister_send_pkt_freedom_cb(void);
int wifi_send_pkt_freedom(uint8 *buf, int len, bool sys_seq);
-
Go to the arduino/SDK_fix folder of this project
-
Copy
ESP8266Wi-Fi.cpp
andESP8266Wi-Fi.h
toC:\Users\%username%\AppData\Local\Arduino15\packages\esp8266\hardware\esp8266\2.0.0\libraries\ESP8266WiFi\src
-
Open
arduino/Wi-PWN/Wi-PWN.ino
in Arduino -
Select your ESP8266 board at
Tools
>Board
and the right port atTools
>Port
If no port shows up you need to reinstall the drivers, search online for chip part number + 'driver Windows' -
Depending on your board you may have to adjust the
Tools
>Board
>Flash Frequency
and theTools
>Board
>Flash Size
. I used the80MHz
Flash Frequency, and the4M (1M SPIFFS)
Flash Size -
Upload! CTRL-U
Note: If you use a 512kb version of the ESP8266, you need to comment out a part of the mac vendor list in data.h
How to use
-
Connect your ESP8266 to a USB power source (you can power it with your phone using an OTG cable)
-
Scan for Wi-Fi networks on your device and connect to
Wi-PWN
(no password by default). -
Once connected, open up your browser and go to
http://192.168.4.1
-
Specify a SSID and password for Wi-PWN to use and click on CONTINUE
-
Reconnect to the new network using the SSID & Password you specified in the previous step.
-
Go back to your browser and the page should reload (open
http://192.168.4.1
again if the page doesn't reload) -
Click on the Scan button to scan for Wi-Fi networks
Note: You may have to reconnect to the Wi-Fi network. -
Select the WiFi network(s) you want to perform the attack on. Once finished, click on the Attack button
FAQ
Only able to connect to Wi-Fi network on some devices
This happens due to a channel conflict. Simply navigate to 192.168.4.1/settings.html
on a device that is able to connect to the Wi-Fi network and change the Channel number from 1
to any number up to 14
.
espcomm_sync failed
/ espcomm_open
when uploading
The ESP upload tool can't communicate with the chip.
- Reconnect the chip using a different USB port and cable.
- Install the USB drivers (cp2102 or ch340).
- Make sure the right COM port is selected.
SSID's wont load? (No clear button)
Try resetting the SSID list by visiting 192.168.4.1/clearSSID.json
while connected to your ESP.
If this doesnt solve your problem, ask for help in the official discord.
Deauth attack won't work
If you see 0 pkts/s on the website, then you've made a mistake. Check that you have followed the installation steps correctly and that the right SDK installed, it must be version 2.0.0! If it can send packets but your target doesn't lose its connection, then the Wi-Fi router either uses 802.11w and it's protected against such attacks, or it communicates on the 5GHz band, which the ESP8266 doesn't support because of its 2.4GHz antenna.