Author: Andrei David

Wi-Fi attacks refer to various techniques used to exploit vulnerabilities or weaknesses in wireless networks and devices connected to them. Using the ESP32 connected to Flipper Zero I will demonstrate two types of attacks.

Wi-Fi deauthentication is a technique used to disconnect or disrupt the wireless connection between a client device (such as a laptop, smartphone, or tablet) and a Wi-Fi network. It exploits a vulnerability in the Wi-Fi protocol, specifically the 802.11 standard, to send deauthentication frames to the target device. Performing a Wi-Fi deauthentication attack on a targeted access point (AP) involves specifically targeting a single AP for disruption.

The process is as follows:

1. Discover the target AP: identify the MAC address, SSID (network name), and channel of the AP you want to target
2. Craft and send deauthentication frames: Using the captured MAC address of the target AP, create deauthentication frames and send them to the AP. The frames should contain the broadcast address to target all clients connected to the AP.
3. Persist disconnection: send deauthentication frames at regular intervals

It's important to note that conducting Wi-Fi deauthentication attacks without proper authorization is illegal and unethical. Deauthentication attacks should only be performed for legitimate purposes, such as network security testing or troubleshooting, with the necessary permissions and within legal boundaries.

This is an inoffensive attack that consists of creating a few Wifi networks that use as SSID the lyrics of the “Never Gonna Give You Up” music.

1. Never gonna give you up
2. Never gonna let you down
3. Never gonna run around
4. and desert you
5. Never gonna make you cry
6. Never gonna say goodbye
7. Never gonna tell a lie
8. and hurt you

For his setup the ESP32-WROOM32 development board is used.

Flipper Zero is a versatile, open-source, and hacker-friendly gadget designed for various security and hacking purposes. It combines multiple functions into a single device, offering features such as hardware hacking, radio communication, signal analysis, and more.

Flipper Zero also benefits from GPIO pins that work at 3.3V but also tolerate 5V. The pinout is available below:

In order to interface the ESP32 and the Flipper Zero the Serial Communication is used therefore there are only 4 wires needed for communication and power delivery to ESP32

The firmware that was flash onto the ESP32 was ESP32 Marauder. This is an opensource firmware designed specifically for the ESP32 boards including the Flipper Zero Wifi Dev Board. This firmware has built-in all the functionality from Wifi Scanning to Packet Crafting. Then it exposes to serial an API for accepting commands and providing output.

The application running on Flipper Zero is Wifi Marauder. This is a C application that is specifically designed to interface with Wifi Dev Board available for Flipper Zero which also is built using ESP32. The application's main purpose is to send to ESP32 via Serial the commands that the user provides. Then it renders the output that ESP32 generated onto the screen making it more user-friendly and giving a more compact way of generating Wifi attacks.

I created a network (mobile hotspot) in order to test the deauthentication capabilities. Then I connected my laptop to the newly created network. For checking the connectivity a ping was running indefinitely and the Gnome Wifi Settings were monitored.

I was able to unauthenticated my laptop from my own network and I was able to prevent the laptop from re-associating with the AP as long as the attack was ongoing.

A full walkthrough of the ESP32 & Flipper Zero capabilities can be found here. https://youtu.be/Q4Oe6_EmS-g

Wifi Marauder App https://github.com/0xchocolate/flipperzero-wifi-marauder

Easy Marauder Flash https://github.com/SkeletonMan03/FZEasyMarauderFlash

ESP32 Marauder Firmware https://github.com/justcallmekoko/ESP32Marauder