/ESP32Marauder

A suite of WiFi/Bluetooth offensive and defensive tools for the ESP32

Primary LanguageC++MIT LicenseMIT

ESP32 Marauder v0.7.0

Marauder logo

A suite of WiFi/Bluetooth offensive and defensive tools for the ESP32

License Gitter Downloads
Twitter Instagram

I sell on Tindie

HitCount Build Status

Table Of Condensation

About

Sometimes you just gotta do what you gotta do. Am I right, ladies? The ESP32 Marauder is a suite of WiFi/Bluetooth offensive and defensive tools created for the ESP32 and was originally inspired by Spacehuhn's esp8266_deauther project. The tool itself serves as a portable device used to test and analyze WiFi and Bluetooth devices. Use this tool and its firmware with caution as the use of some of its capabilities without explicit consent from the target owner is unlawful in most countries. For more information about this project and how it's assembled, follow the video link below. Track features and issues here. Check out #esp32marauder on Instagram.
Note: Because of espressif's ESP32-IDF, the ESP32 included with Marauder is incapable of transmitting deauthentication frames.

YouTube

Marauder logo

Hackster Article

You can check out the marauder article written here as well as other interesting engineering projects.

Capabilities

Current

  • Join WiFi: Just join a WiFi network
  • Shutdown WiFi: Shutdown the Marauder WiFi interface to save some RAM
  • Generate SSIDs: Add 20 random SSIDs to your list of SSIDs
  • Add SSID: Use an on-screen keyboard to add your own SSIDs to the SSID list
  • Clear SSIDs: Clear the list of SSIDs
  • Probe Request Sniff: Sniff for WiFi probe request frames sent by wireless devices
  • Beacon Sniff: Sniff beacon frames sent by wireless acccess points
  • Beacon Spam List: Spam a list of SSIDs and monitoring connection attempts to those networks
  • Beacon Spam Random: Spam hundreds of random beacon frames to wireless devices within range
  • Rick Roll Beacon: Broadcast the rick roll lyrics as WiFi access points
  • Bluetooth Sniffer: Sniff bluetooth devices within range
  • Shutdown BLE: Shutdown the Marauder BLE interface to save RAM
  • Detect Card Skimmers: Detect bluetooth enabled credit card skimmers
  • Packet Monitor: Show WiFi packet density on a given channel using a time bar graph
  • EAPOL/PMKID Scan: Capture EAPOL/PMKID frames
  • Detect Pwnagotchi: Detect any pwnagotchis in range
  • Detect Espressif: Detect any espressif devices in range
  • Deauth Sniff: Detect deauthentication packets sent on all channels
  • Draw: Just doodle on the screen or whatever
  • Update Firmware: Update Marauder firmware over the air via web interface or with SD card
  • Save PCAP files to SD card

Do It Yourself

Marauder logo

Hardware

This project requires the following hardware in order to work:

  • Any ESP32 Development Board
  • 2.8" TFT Touch Screen w/ ili9341
  • Jumper Wires
  • Breadboard

Connections

Make the following connections between your 2.8" TFT Screen and your ESP32 board. You may need to refer to a pinout sheet specific to the ESP32 dev board you have chosen. For more infomation about this circuit, please refer to this schematic

SD Card 2.8" TFT ESP32
VCC VCC
GND GND
CS GPIO17
RESET GPIO5
D/C GPIO16
SD_MOSI MOSI GPIO23
SD_SCK SCK GPIO18
LED GPIO32
SD_MISO MISO GPIO19
T_CLK GPIO18
T_CS GPIO21
T_DI GPIO23
T_DO GPIO19
T_IRQ
SD_CS GPIO12

For the analog battery circuit, use a 4 to 1 voltage divider, and (optional) a mosfet. For the charge detection circuit, use a 1 to 2 voltage divider (the charge detection is optional and only changes the battery icon colour while charging)

BATTERY ESP32
BAT + GPIO34
MOSFET GPIO13
CHARGE + GPIO27

Flashing Firmware

Using Arduino IDE

  1. Install the Arduino IDE
  2. In the Arduino IDE, go to File>Preferences
  3. Add the following URL to Additional Boards Manager URLs:
  4. Go to Tools>Board>Boards Manager, search for esp32 and install esp32 by Espressif Systems
  5. Install Spacehuhn's SimpleList library in your Arduino IDE
    • Download the SimpleList repo
    • In the Arduino IDE, go to Sketch>Include Library>Add .ZIP Library... and add the SimpleList-master.zip you just downloaded
  1. Install my fork of Bodmer's TFT_eSPI library in your Arduino IDE
    • Download the TFT_eSPI repo
    • In the Arduino IDE, go to Sketch>Include Library>Add .ZIP Library... and add the TFT-eSPI-master.zip you just downloaded
    • Make the following modifications shown in this issue to the TFT_eSPI library you just installed
  2. Follow these instructions for installing ESP32 Spiffs Tool
  3. Install the CH340 Drivers
  4. Download or clone this repository
  5. Open esp32_marauder.ino 10.5. If you're using the analog battery measuring circuit, go to the MenuFunctions.h and change "#define BATTERY_ANALOG_ON" to 1
  6. Plug your ESP32 into a USB port and select the COM port under Tools>Port
  7. Select LOLIN D32 under Tools>Boards 12.5 If you want an upscaled version of the logo, go to the data folder and rename "marauder3L1.jpg" to "marauder3L.jpg"
  8. Click ESP32 Sketch Data Upload and wait for the SPIFFS upload to finish
  9. Click the upload button

Marauder logo Marauder logo

Updating Firmware

There are multiple options available to update the Marauder firmware. If you have already built the project from this repo, you can just pull the latest commit and flash the firmware using the Arduino IDE (see here).
If you own an ESP32 Marauder (v0.4.0 or later) and have not build the project, you can follow these instructions for installing the latest update over the air via Marauder's web interface or these instructions for installing the latest update using an SD Card.

Web Update

  1. Download the latest release of the Marauder firmware
  2. With Marauder powered on, navigate to Device>Update Firmware>Web Update
    • Marauder will display details on screen about the status of the update
  3. Connect to the MarauderOTA WiFi network from your computer
    • password: justcallmekoko
  4. On your web browser, navigate to http://192.168.4.1
  5. Enter the username and password
    • Username: admin
    • Password: admin
  6. Click the Browse button and select the .bin file you downloaded from the releases
  7. Click Update
    • Marauder will automatically reboot once the update has been applied

SD Update

Using a Samsung MicroSD card will cause Marauder not to boot

  1. Download the latest release of the Marauder firmware
  2. Copy the bin file you downloaded to the root of an SD card
  3. Rename the bin file on the SD card to update.bin
  4. With Marauder powered off, insert the SD card into Marauder
  5. Power Marauder on and navigate to Device>Update Firmware>SD Update
  6. Click Yes to confirm the update
    • Marauder will automatically reboot once the update has been applied

Enclosure

The ESP32 Marauder sold on Tindie comes with its own 3D printed enclosure. If you want to replace the enclosure that came with yours or you want to try to fit your own hardware in an enclosure and have access to a 3D printer, you can download the STL files here or from Thingiverse.

Instructions from Thingiverse Components of the project:

  • ESP32 Marauder
  • 4 M2.5x10 Hex screws
  • Enclosure face plate
  • Enclosure body

How to do the thing:

  1. Print both the face plate and the body
  2. Mount the face plate onto the screen of the Marauder by putting the pegs through the holes on the screen PCB
  3. Lower the Marauder into the body of the enclosure and ensure the battery sits within the trench in the center of the body
  4. Fasten the face plate to the body using 4 M2.5x10 hex screws.
    • The top of the screws should be flush with the surface of the face plate

Icons

I put these here just because
Marauder logo Marauder logo Marauder logo Marauder logo Marauder logo Marauder logo Marauder logo Marauder logo Marauder logo Marauder logo Marauder logo Marauder logo Marauder logo Marauder logo Marauder logo Marauder logo Marauder logo Marauder logo Marauder logo Marauder logo Marauder logo Marauder logo Marauder logo Marauder logo

Under Development

Currently the ESP32 Marauder has limited firmware capabilities. Most of the work so far has been put into designing the hardware. New firmware features will be added over time and will eventually reach a point where this project will be a fully capable hacking machine.

Special Thanks

  • Spacehuhn for an easy to use linked list library SimpleList
    • Also a well designed menu structure. I adapted it to the TFT GUI because it worked perfectly
    • Also...providing the buffer class used to save pcap files to an SD card
  • Ivanseidel for providing a thread safe LinkedList library
  • Bodmer for a comprehensive TFT touch screen library TFT_eSPI
  • HyderHasnain for an adaptable line graph to be used as the packet monitor

For Sale Now

You can buy the ESP32 Marauder using this link