WiFi jammer / deauth attack using ESP-Wroom-02
One of the more obvious applications of a board like the ESP-Wroom-02 is using it as “WiFi jammer”. In the previous post I already wrote about the board I got from VNG Systems. In this tutorial we will find out how we can set it up for executing WiFi deauthentication attacks. In a later post we will take a closer look at the actual attacks.
WiFi jammer or deauther?
With this method of disturbing the wireless network traffic we are not actually “jamming” anything. We will not be using illegal transmitters to send jamming signals blocking the WiFi frequencies. Only legal, certified WiFi hardware will be used to send legitimate WiFi network packets that will merely confuse wireless devices. We will send the target devices special packets that tell them to disconnect their wireless client devices. This practice is called “deauthentication” or “deauth attack”.
Disclaimer
This tutorial is for educational purposes only. Although WiFi jamming is not real jamming nor hacking, messing with other people’s wireless networks might be, and probably is, illegal where you live. So only use this method on networks you own or allowed to mess with.
ESP8266 Deauther project
For this venture we will make use of the excellent “ESP8266 Deauther” project on GitHub. There, you can download precompiled binary (.bin) files that can be flashed to the ESP8266 directly. You can do this with the Esptool, Esptool-gui, Espressif’s Flash Download Tools or NodeMCU-flasher. Alternatively, you can download the source files and then compile and upload them to the board using the Arduino IDE. This is the route we will go in this tutorial.
Preparing the Arduino IDE
First of all, you need to have the following already in place:
- the Arduino IDE installed
- the ESP8266 Arduino core installed
If you need instructions on how to do this, you can check out the section “Using the Esp-Wroom-02 with the Arduino IDE” in the previous post “WEMOS D1 Esp-Wroom-02 and Arduino IDE“.
Adding the ESP8266 Deauther boards
Go to File > Preferences and add the following url to the “Boards Manager”:
http://phpsecu.re/esp8266/package_deauther_index.json
Your Boards Manager should now show at least two URLs: the deauther URL and the ESP8266 core URL. See the image below.
Then go to Tools > Boards > Board Manager… and install “arduino-esp8266-deauther“. Note that you should aready have “esp8266” installed. See the next image.
Finally, select an appropriate board at Tools > Board and make sure it is one of the “ESP8266 Deauther Modules” and not the generic ESP8266 Boards. For my board, the “DSTIKE” option worked quite well. See the image below.
Download, edit, compile and upload the code
Download the source code ZIP file for this project from the ESP8266 Deauther GitHub page.
Extract the .zip file, navigate to the “esp8266_deauther” folder and open “esp8266_deauther.ino” with the Arduino IDE.
Open the tab “A_.config.h” and make the following changes to the code:
- set USE DISPLAY to true:
#define USE_DISPLAY true - set the button pins:
#define BUTTON_UP 12
#define BUTTON_DOWN 13
#define BUTTON_A 14
The code should now look like the image below.
The code can now be compiled and uploaded to the board. If the OLED display is showing text after uploading is finished, then you are done setting up the board.
In case the OLED display stays blank, do the following:
- Open the serial monitor in the Arduino IDE while the board is connected and powered on
- Set the baud rate to 115200 and select “newline”
- Enter this command in the serial monitor and press enter:
set display true;;save settings
See the image below.
After resetting the board, the OLED should now display text.
Controlling the WiFi jammer / deauther
There are 3 ways you can control ESP8266 Deauther:
- Web interface: you can connect to the ESP-Wroom-02 with your phone ot other wireless device. It will have the SSID “pwned” and you can connect to it using the password “deauther“. Then open the URL “death.me” or “192.168.4.1″ in your browser.
- OLED display and buttons
- Serial CLI
For more details, see the official WiKi page.
Wi-Fi Deauthentication attack using Linux
If you do not want to use an ESP8266 powered board but still want to experiment with WiFi deauthentication, then you might be interested in a previous blog post called “WiFi jamming: jam wireless networks with Kali Linux“. This method will allow you to do the same with ordinary WiFi hardware and a computer or laptop.
C’est vraiment un défi pour moi d’en créer un par moi-même, en particulier de rassembler tous ces outils / dispositifs. si je devais en acheter un, ce brouilleur de signal wifi suffira-t-il à désactiver complètement le routeur B528 Huawey? https://www.brouilleur-fr.com/brouilleur-wifi-signal-de-24g-58g-avec-2-antennes-24.html
Hi Forrest, you can only tell by actually trying it against that type of router. Some routers had firmware updates to protect against the attack. If that particular router doesn’t have a recent, hardened firmware then chances are the attack might work.
hey i’ve done everything according to the guide but when i try to upload to the board i get this error :
“warning: espcomm_sync failed
error: espcomm_open failed
error: espcomm_open failed”
im using esp32-13
the esp32 is a different processor – please refer to this project https://github.com/GANESH-ICMC/esp32-deauther