/ESP32-WiFi-tool

ESP32 WiFi tool (router, sniffer, deauther)

Primary LanguageCMIT LicenseMIT

ESP32 wifi tool

The goal of this repository is to create a WiFi explore tool for the self educated purpose.

Source code features.

  • Espressif/idf. (no arduino).
  • C++/C mixed code.

I am sorry for sometimes ugly source code. I have got the result and I have no desire to do a source code refactoring.

Main functions list:

  1. Web page (ESP32 AP mode).
    • download exploration results files
    • edit & upload configurations
  2. AP scanner.
  3. Beacon spammer.
  4. Wifi traffic sniffer & optional pcap file PCAP_LINKTYPE_IEEE802_11(105).
  5. Deauther packets traffic scanner.
  6. Deauther sender (patched ieee80211_output.o).
  7. NAT router & optional pcap file PCAP_LINKTYPE_ETHERNET(1).

Deauther packets traffic scanner

I had not know before how often a 'deauther' used for jamming the unwelcome WiFi APs in government's offices or a private company offices.

Deauther sender

This sender created only for the self educated purpose.

I investigate the reactions difference of various type STA/AP on a deauthentication packet.

Nat router.

Based on the https://github.com/martin-ger lwip fork.

All IP traffic of ESP32 SoftAP can be saved in to PCAP file.

This mode was created only for the self educated purpose. It's very useful to see what your phone try to send into the open WiFi network after connect.

Some hardware design & menu screenshots

Main menu & hardware design

[photo]

Router submenu

[photo]

Wifi sniffer submenu and working page

[photo] [photo]

Web page

  • ESP32 AP default url: 192.168.4.1:80
  • Demo/debug mode without ESP32:
    • ./project/main/web/test_server.py - localhost web page test
    • ./project/main/web/sd - tests files

[demo page ] [demo page ] [demo page ] [demo page ] [demo page ]

Requirements

Wiring diagram (arduino primitive style)

For practical use case, ESP32 is working with a SD card without external SPI pins pull up.

[wiring]

External dependencies

Useful things (optional)

Build & install.

  1. Install latest docker image espressif/idf. I used the 2b09259647b image.
  2. Do 'git clone https://github.com/martin-ger/esp-lwip.git' or download fork of esp-lwIP with NAT feature in to '$HOME/project/lwip_nat' github martin-ger/esp-lwip
  3. Build project.
docker run --rm -v $HOME/project:/project -w /project espressif/idf ./build_patched.sh
  1. Upload ESP32 images into the ESP32 board.
esptool.py -p COM4 -b 460800 --before default_reset --after hard_reset --chip esp32  write_flash --flash_mode dio --flash_size detect --flash_freq 40m 0x1000 "m:/project/build/bootloader/bootloader.bin" 0x8000 "m:/project/build/partition_table/partition-table.bin" 0x10000 "m:/project/build/mm-test.bin"

Windows 10 build.

Install VM Linux:

  1. Download & install VM VirtualBox
  2. Install ubuntu server image. Ubuntu server
  3. Run virtual ubuntu server

Prepare VM Linux:

  1. Install last docker
  2. Optional install dperson samba

samba anonymous login:

docker run -it --name samba -p 139:139 -p 445:445 -v /home/mm:/mount --name samba -e USERID=`id -u $USER` -e GROUPID=`id -g $USER` -d dperson/samba -s "public;/mount;yes;no;yes;all"

login/password:

docker run -it --name samba -p 139:139 -p 445:445 -v /home/mm:/mount --name samba -e USERID=`id -u $USER` -e GROUPID=`id -g $USER` -d dperson/samba -u "$USER;$USER" -s "public;/mount;yes;no;no;$USER" 

Windows upload command line

esptool.py -p COM4 -b 460800 --before default_reset --after hard_reset --chip esp32  write_flash --flash_mode dio --flash_size detect --flash_freq 40m 0x1000 "m:/project/build/bootloader/bootloader.bin" 0x8000 "m:/project/build/partition_table/partition-table.bin" 0x10000 "m:/project/build/mm-test.bin"

Off-line docker setup.

  1. Download image
  2. Install
cat docker.gpg | sudo apt-key add -
sudo apt-key fingerprint 0EBFCD88
sudo dpkg -i docker-ce_19.03.5_3-0_ubuntu-bionic_amd64.deb 
sudo dpkg -i docker-ce-cli_19.03.5_3-0_ubuntu-bionic_amd64.deb 
sudo dpkg -i containerd.io_1.2.6-3_amd64.deb 
sudo /usr/sbin/service docker start
  1. Validate installation
sudo systemctl status docker.socket
sudo docker version
sudo docker info
sudo systemctl status docker.socket
docker images
docker pa -a

libnet80211.a/ieee80211_output.o analysis (&patch)

  1. Install xtensa CPU object file editor (cutter v1.10)
  2. Find & download xtensa.pdf
  3. Get ieee80211_output.o file from the espressif/idf docker image.
rm -R $HOME/libnet80211_src
mkdir $HOME/libnet80211_src
docker run --rm --user=`id -u $USER`:`id -g $USER` -v $HOME/libnet80211_src:/project -w /project espressif/idf ar x /opt/esp/idf/components/esp_wifi/lib/esp32/libnet80211.a ieee80211_output.o
  1. Do research work xtensa CPU object file editor (cutter v1.10)

hint