A recreation of the original Pwnagotchi but with mods to support the officially unsupported Raspberry Pi 3.5 inch GPIO based screen.
Pwnagotchi is an A2C-based “AI” powered by bettercap that learns from its surrounding WiFi environment in order to maximize the crackable WPA key material it captures (either through passive sniffing or by performing deauthentication and association attacks). This material is collected on disk as PCAP files containing any form of crackable handshake supported by hashcat, including full and half WPA handshakes as well as PMKIDs.
- A Raspberry Pi Zero WH
- A microSD card (8GB minimum recommended, preferably of good quality and speed)
- A decent quality micro-USB cord that allows data transfer
- A 3.5″ Touch Screen LCD Raspberry Pi Display
-
Download and Install balenaEtcher and PuTTy
-
Using balenaEtcher flash this image onto the microSD card
-
Once boot folder is created add the config.toml file.
- To whitelist a particular network from getting pwned (e.g. your home network) add the network SSID within main.whitelist in the config.toml file.
-
Insert the microSD card into the RPi0 and connect it to a PC using a data cable from the data port.
-
Open View network connections and the device should show up as a RNDIS device.
- In case it does not appear, download the RNDIS.inf file from the drivers folder in the repo.
- Go to Device Manager > Network Adapters > Action > Add Drivers
- Browse and add the folder containing the downloaded RNDIS.inf driver file.
- The RPi0WH device should be visible as a RNDIS device now.
-
Go to the RPi0W device Properties GUI > IPv4 > Properties
- Add static IP: 10.0.0.1
- Add subnet mask: 255.255.255.0
- Add default gateway: 10.0.0.1
- Add DNS (if required): 8.8.8.8
-
Test your connection to the RPi0 in cmd with:
ping 10.0.0.2
Change the following settings in PuTTy and press Load to access the RPi0 using SSH.
PuTTy Configuration for SSH Access
- Default password: 'raspberry'
-
To enable Internet access to the device:
nano /etc/resolv.conf
-
Edit the file to add
dns 8.8.8.8
-
-
sudo apt update && upgrade
-
To configure the screen
-
Fit the screen onto the GPIO pins on the RPi0 board
-
sudo rm -rf LCD-show git clone https://github.com/waveshare/LCD-show.git cd LCD-show/ chmod +x LCD35-show sudo nano /usr/local/lib/python3.7/dist-packages/pwnagotchi/ui/hw/spotpear24inch.py
-
Replace the file contents with screenmod.txt contents
-
./LCD35-show lite
-
-
The screen will boot. Don't disconect or the whole process may have to be repeated again.
Pwnagotchi will start in AUTO mode by default.
It has a webUI hosted at http://10.0.0.2:8080/ and the username & password are both 'changeme' by default.
-
Custom configurations are stored in
/etc/pwnagotchi/config.toml
-
Handshakes captured by Pwnagotchi are saved to
/root/handshakes/
-
SSH into the device via PuTTy
-
Copy the .pcap file of the captured handshake to be decrypted from the root directory into /home/pi
sudo su cd .. cd boot cp -r /handshakes /home/pi exit
-
Remove the microSD card from the RPi0 and access the copied .pcap file from a PC
-
Run aircrack-ng in the handshakes folder to use the RockYou wordlist to decrypt
aircrack-ng example-handshake.pcap -w /usr/share/wordlists/rockyou.txt
This project was done by the CyberSec and Cloud domain of MLSA KIIT Chapter by Dhruv Agarwal, Mrinank Bhowmick, Sourasish Basu and advised by Aaryan Jordan.