Evil-M5Project is an innovative tool developed for ethical testing and exploration of WiFi networks. It harnesses the power of the M5Core2 device to scan, monitor, and interact with WiFi networks in a controlled environment. This project is designed for educational purposes, aiding in understanding network security and vulnerabilities.
Disclaimer: The creator of Evil-M5Core2 is not responsible for any misuse of this tool. It is intended solely for ethical and educational purposes. Users are reminded to comply with all applicable laws and regulations in their jurisdiction. All files provided with Evil-M5Core2 are designed to be used in a controlled environment and must be used in compliance with all applicable laws and regulations. Misuse or illegal use of this tool is strictly prohibited and not supported by the creator.
If you like this project, support me by buying me a coffee on Ko-fi !
Or use this affiliate link to buy M5 product Support the project on M5 shop !
Join the Evil-M5 discord for help and updates 😉:
-
Detect Printers
Automatically detect vulnerable printers with an open port9100on the currently connected network. -
Print Files
Send files stored on the SD card to all detected printers for printing.
- Check Printer Status
Use SNMP to retrieve the current status of detected printers, including information like toner levels, paper status, and device errors.
Add printers manually to target devices outside the current IP range and perform scans or actions on them.
This feature allows you to interact with network printers efficiently, uncover vulnerabilities, and automate printing tasks on compromised devices.
- DHCP Starvation Attack:
- Floods the target DHCP server with fake client requests, exhausting the pool of available IP addresses.
- Forces legitimate devices to fail when requesting an IP address when attack is successful.
- Rogue DHCP Server:
- Takes over DHCP requests after starvation, responding with malicious configurations.
- Redirects DNS queries to the Evil-Cardputer IP, when the portal is ON the DNS is spoofed so any http request without HSTS should redirect to portal page.
- It can be used without DHCP starvation if the DHCP is slow to anwser.
- Switch DNS:
- Switch DNS address between emitted WiFi and WiFi Local connection to answer DNS query on the connected network.
Automated Workflow:
- With a single command, Evil-Cardputer executes the full attack process:
- DHCP Starvation
- Rogue DHCP setup
- Captive portal initialization
- Switching DNS and spoofing
- Interactive guidance is provided at each step for demonstration if you want.
Here the demo video :
Introducing the ability to implant and control the Evil-Cardputer from anywhere around the world through a Command & Control (C2) Python server available in utilities.
-
Remote Access Control:
- Access the Evil-Cardputer from any location, enabling you to issue commands and monitor activity.
- The Reverse TCP Tunnel creates a connection back to a C2 Python server, allowing persistent remote management with firewall evasion.
-
Comprehensive Remote Command Interface:
- Perform network scans, capture credentials, modify portals, access files, monitor system status, and execute BadUSBscripts — all remotely through the C2 server.
- Making it ideal for ethical testing and controlled penetration testing purpose.
Introducing a powerful, all-in-one Full Network Scan feature with enhanced capabilities, including the ability to list and manage previous scans.
-
Complete Network Discovery:
- With just a single scan, you can now analyze the entire network, identifying all connected devices, 70 type of open ports and services running
- This scan provides a comprehensive overview of network devices, gathering essential data like open port and type of service per IP addresses
-
Store and Retrieve Scan Data:
- All network scan results are automatically saved to the SD card, allowing for easy storage and future reference.
- You can list previous scans and review them at any time, making it simple to track network changes over time or revisit older results for deeper analysis.
-
Web Scraping for Full Web Presence Analysis:
- Once the scan is complete, all detected web pages across the network can be scraped for further investigation. This includes internal web servers, admin panels, and any other web services running on network devices.
- The scraped data can be used for fingerprinting services, discovering hidden endpoints, and identifying potential vulnerabilities.
With this new feature, network administrators and penetration testers can streamline the process of network reconnaissance, making it quicker and more efficient to map out and analyze a network's architecture and vulnerabilities.
Skimmer Detector Refactor:
- The skimmer detector has been fully refactored for improved efficiency and accuracy.
- This updated skimmer detection algorithm now works faster, making it more reliable in identifying suspicious bluetooth device that can probably be a skimmer.
-
Custom Theming:
- EvilCardputer's interface colors can now be edited by the user. To edit, change the entries in theme.ini in your SD card's root, and color here (https://m5stack.lang-ship.com/howto/m5gfx/color/) is supported. Custom colors can be added as well, however you then need to recompile the software yourself.
-
Colorful Interface Toggle:
- The theme.ini also toggles "Colorful Interface" on and off, which when enabled, makes some UI elements more interactive, for instance the battery % changing color as it drops, or the captive portal indicator being red for off, and green for on. Later optional colorful features will be added to this toggle as well.
If updating to this version, make sure to add the necessary selectedTheme=/theme.ini (or any other theme filename) into your /config/config.txt.
Also make sure to add a theme.ini file to your root, there are a few to choose from in the SD-Card-File folder.
NEW feature ! from v1.3.2 : Handshake Master, Raw Sniffing, Client Sniff & Wi-Fi Channel Visualizer!!!
-
Handshake Master:
- Like Wardriving Master, it capture EAPOL frames across multiple Wi-Fi channels using Sniffer Slaves that you can find in slave folder. You can monitor different channels simultaneously from cardputer to ensure no handshakes are missed during your scans.
-
Wi-Fi Raw Sniffing:
- Sniff everything on a specific Wi-Fi channel. This feature provides you with a detailed view of all network traffic on the selected channel in a pcap, perfect for deep packet analysis.
-
Sniff Raw Client:
- Analyze the data leaking from clients connected to your evil portal by sniffing the entire network. This functionality helps in understanding how clients interact with the AP and potential leak more informations about the decice that connect to it.
-
Wi-Fi Channel Visualizer:
- Visualize the usage of the 13 Wi-Fi channels in the 2.4GHz band. This tool helps identify which channels are used near you.
Connect the device, go to special pages and you should see Badusb menu, click on a script to start execution. You can also edit small txt file in Check SD file. some others add on Evil-m5core2-menu.
By using 14 ESP32 devices, you can monitor all 14 Wi-Fi channels on the 2.4GHz band simultaneously without channel hopping. The Cardputer uses GPS to link each received SSID to a CSV file compatible with Wigle.
This slave code is designed to run on any ESP32 and use it as a slave for wardriving in combination with the wardriving master mode on Cardputer. Each ESP32 collects SSIDs of nearby access points (APs) on a specific channel or can hop between configured channels. You can add multiple ESP32 devices to improve the accuracy and strength of the scan. Devices with external antennas can enhance performance for wardriving.
- AtomS3: Buy here
- AtomS3 Lite: Buy here
- ESP32-C3 (with external antenna): Buy here
- WEMOS D1 Mini: Buy here
- Multi-Device Support: Add any number of ESP32 devices to increase AP detection and improve coverage.
- Channel Hopping: Configure the ESP32 to scan on a specific channel or hop between selected channels.
- Better Signal Strength: ESP32 devices with external antennas provide improved signal capture for long-range wardriving.
- Master-Slave Communication: Use in combination with the Cardputer in wardriving master mode to aggregate and monitor data from multiple ESP32 slaves.
- GPS Integration: The Cardputer witg GPS link SSID data with geographic coordinates and generate Wigle-compatible CSV files.
- Deploy one or more ESP32 devices in slave mode.
- Each device scans and captures SSID information on designated channels.
- The data is sent to the Cardputer, which aggregates it and reduces missed APs while improving overall scan accuracy and signal strength.
- Cardputer with v1.3.0
- ESP32 devices (e.g., AtomS3, AtomS3 Lite, ESP32-C3, WEMOS D1 Mini)
- External antenna (optional, for enhanced performance)
Here an assembly with 8 esp32-c3 connected in parallel and which scans 1,3,6,9,11,13 in static mode and in hopping for 2 others on 2,4,5,7 and 8,10,12,14 :
- WiFi Network Scanning: Identify and display nearby WiFi networks.
- Network Cloning: Check information and replicate networks for in-depth analysis.
- Captive Portal Management: Create and operate a captive portal to prompt users with a page upon connection.
- Credential Handling: Capture and manage portal credentials.
- Remote Web Server: Monitor the device remotely via a simple web interface that can provide credentials and upload portals that store files on an SD card.
- Sniffing probes: Sniff and store nearby probes on an SD card.
- Karma Attack: Try a simple Karma Attack on a captured probe.
- Automated Karma Attack: Try Karma Attack on nearby probes automatically.
- Bluetooth Serial Control: You can control it with Bluetooth.
- Wardriving: Wardriving with Wigle format output on SD.
- Beacon Spam: Generate multiple SSIDs around you.
- Deauther: Send deauthentication frames and sniff 4-Way handshakes and PMKID.
- Client Sniff And Deauth: Sniff clients connected to AP and auto deauth while sniffing EAPOL.
- EAPOL/Deauth detection: Detect deauthentication packets, 4-Way handshakes, PMKID, and pwnagotchi near you.
- Wall Of Flipper: Detect and save Flipper Zero with Bluetooth enabled near you and detect BLE SPAM.
- Send Tesla code with RFunit: Use RFunit to send Tesla codes, mimicking Flipper Zero capabilities.
- Scan Network and Port: Perform network and port scans to discover devices and services, checking hosts' status.
- SSH Shell: Connect to SSH servers directly from the device, allowing command execution via an on-device shell.
- Web Crawler: Crawl websites to extract information, ensuring authorization to crawl before use.
- PwnGrid: Spam face and message on pwnagotchi devices nearby, causing a Denial of Screen PWND.
- Skimmer Detector: Detect potential Bluetooth skimmers using HC-03, HC-05, and HC-06 modules.
- BadUSB: BadUSB attacks by emulating keyboard/mouse inputs to execute predefined scripts or commands with provided script.
- Wardriving Master: Perform Wardriving with wardriving slave to map networks in a defined area, analyzing signals and identifying access points.
- WebUi BadUSB: Start BadUSB attacks via a web interface.
- Wi-Fi Channel Visualizer: Visualize the number of nearby Wi-Fi on each channels.
- Client Sniff: Capture traffic from connected clients to analyze communications and detect potential vulnerabilities and informations leak.
- Raw Sniffing: Conduct raw packet captures for in-depth analysis of exchanged WiFi network data.
- Handshake Master: Capture and analyze WPA/WPA2 handshakes with Sniffer Slave on static channel.
- Customing Theming: Customize the tool’s interface and themes to tailor the appearance for specific preferences or mission needs.
- Full Network Scan: Conduct a full network scan to identify connected devices, 70 open ports, and running services.
- Reverse TCP Tunnel: Use remotly from anywhere the WebUI.
( What is a Karma attack ? check the blog : https://7h30th3r0n3.fr/does-your-machine-have-a-good-or-bad-karma/)
Features may vary depending on the firmware/device you are using:
| Feature | Evil-Cardputer v1.3.5 | Evil-M5Core2 1.2.2 | Evil-M5Core3 1.1.9 | Evil-AtomS3 v1.1.7 | Evil-Face v1.0 |
|---|---|---|---|---|---|
| WiFi Network Scanning | ✅ | ✅ | ✅ | ✅ | ❌ |
| Network Cloning | ✅ | ✅ | ✅ | ✅ | ❌ |
| Captive Portal Management | ✅ | ✅ | ✅ | ✅ | ❌ |
| Credential Handling | ✅ | ✅ | ✅ | ✅ | ❌ |
| Remote Web Server | ✅ | ✅ | ✅ | ✅ | ❌ |
| Sniffing probes | ✅ | ✅ | ✅ | ✅ | ❌ |
| Karma Attack | ✅ | ✅ | ✅ | ✅ | ❌ |
| Automated Karma Attack | ✅ | ✅ | ✅ | ✅ | ✅ |
| Bluetooth Serial Control | ❌ | ✅ | ❌ | ❌ | ❌ |
| Wardriving | ✅ | ✅ | ✅ | ✅ | ❌ |
| Wardriving Master | ✅ | ❌ | ❌ | ❌ | ❌ |
| Beacon Spam | ✅ | ✅ | ✅ | ✅ | ❌ |
| Deauther | ✅ | ✅ | ❌ | ❌ | ❌ |
| Client Sniff And Deauth | ✅ | ✅ | ❌ | ❌ | ❌ |
| EAPOL/Deauth detection | ✅ | ✅ | ✅ (No EAPOL) | ❌ | ❌ |
| Wall Of Flipper | ✅ | ✅ | ✅ | ❌ | ❌ |
| Send tesla code with RFunit | ✅ | ❌ | ❌ | ❌ | ❌ |
| Scan Network and port | ✅ | ❌ | ❌ | ❌ | ❌ |
| SSH Shell | ✅ | ❌ | ❌ | ❌ | ❌ |
| Web Crawler | ✅ | ❌ | ❌ | ❌ | ❌ |
| PwnGrid | ✅ | ❌ | ❌ | ❌ | ❌ |
| Skimmer Detector | ✅ | ❌ | ❌ | ❌ | ❌ |
| BadUSB | ✅ | ❌ | ❌ | ❌ | ❌ |
| WebUi BadUSB | ✅ | ❌ | ❌ | ❌ | ❌ |
| Wi-Fi Channel Visualizer | ✅ | ❌ | ❌ | ❌ | ❌ |
| Client Sniff | ✅ | ❌ | ❌ | ❌ | ❌ |
| Raw Sniffing | ✅ | ❌ | ❌ | ❌ | ❌ |
| Handshake Master | ✅ | ❌ | ❌ | ❌ | ❌ |
| Customing Theming | ✅ | ❌ | ❌ | ❌ | ❌ |
| Full Network Scan | ✅ | ❌ | ❌ | ❌ | ❌ |
| Reverse TCP Tunnel | ✅ | ❌ | ❌ | ❌ | ❌ |
- M5Stack Core2 M5Stack link AliExpress (this project is coded with M5Unified, it should work on other M5Stack).
- SD card (fat32 max 16Go, consider 8Go is already more than enough).
Tested working others device :
- M5Cardputer M5stack link AliExpress
- M5stack fire (with LED effect) M5stack
- M5stack core1 M5stack
- M5stack AWS M5stack
- M5stack CoreS3 [M5stack] link AliExpress
- Connect your M5Core2 to your computer.
- Download M5burner in UIFLOW FIRMWARE BURNING TOOL section : M5Stack Download Center
- Place the necessary SD file content at the root of SD card. (This is needed to access all the files of the project).
- Type "evil-" in search bar and check for the device you have.
- Click download and flash.
- Connect your M5Core2 to your computer.
- Open the Arduino IDE and load the provided code.
- Ensure the Board tutorial from M5 and
IniFile,M5Unified,TinyGPSPlus,ArduinoJson,esp8266audioandAdafruit_NeoPixellibraries are installed. Follow these tutorials for guidance on M5 Board tutorial: - Ensure the ESP32 and M5Stack board definitions are installed. Note: Errors occur with ESP32 version
3.0.0-alpha3. Please use ESP32 version2.1.1and below. - Place the necessary SD file content at the root of SD card. (This is needed to access the
IMGstartup andsitesfolder). - (Optional) Edit theme.ini on the SD card to customize your device's color theme. (Only supported for cardputer, other devices to be implemented later)
- Ensure to run the script in
utilitiesto bypass the ESP32 firmware. Also, add libraries for BadUSB functionality. - Ensure that the baud rate is set to
115200. - Ensure that
PSRAMis disabled in the tools menu. - Upload the script to your M5Core2 device.
- Restart the device if needed.
Warning : for Cardputer you need to change the Flash size to 8MB and the Partition Scheme to 8M with spiffs (3MB APP/1.5MB SPIFFS) or space error may occur.
It's your first time with arduino IDE or something not working correctly? You should check out video section or ask help on the discord !
Meet the smallest hacking tool in the world with all Evil-M5Core2 inside !
(With Screen / SDcard / GPS )
Thx to samxplogs for the video :
Evil-AtomS3 Functionnality :
- All Evil-M5Core2 functionality except bluetooth serial.
Consumption:
- Tests show max 200mA draw with 100% brightness and using WiFi/GPS
Hardware Requirement :
- M5AtomS3 link M5Stack link AliExpress
- ATOMIC GPS Base link M5Stack link AliExpress
Optional:
- ATOM TailBat(45min) link
It pretty small so you can also check and control serial on USB from your phone or IDE.
The parasite project still exist but rename to Evil-Face and should be updated in futur too.
With more than 100 references at each boot.
🇫🇷 Le turoriel et la démo en francais réalisé par Samxplogs 🇫🇷 (un trés grand merci à lui) :
Samxplogs tutorial video and demo thx to him :
More demo ? Thx to TalkingSasquatch for making a video about the project :
Follow these steps to efficiently utilize each feature of Evil-M5Core2.
- Scan Near WiFi: A fast scan is already made when starting up.
- Menu: Select a network from a list, use left and right keys to navigate and select a network.
- List Details: Informations about the selected network. You can clone the SSID in this menu.
- Operate Captive Portal: With
normal.htmlpage, a mock WiFi passord page designed to mimic a legitimate error on box.
- Credentials: Lists captured credentials.
- Upload file On SD: Provides an upload form to upload files on the SD card (for new portal pages and file exfiltration).
- Check Sd File: Provides an index of to check, download and delete files on the SD card.
- Setup Portal: Provides a page to change the SSID, password and page of the deployed access point.
- Run BadUSB Script: Execute BadUSB script by clicking on it.
- Scan Network: Execute the Scan Network Full.
- **Monitor Status **: Execute BadUSB script by clicking on it.
To prevent unauthorised access of these page they are really simply protected by a password that you need to change in the code. (Default password : 7h30th3r0n3) To acces to these page use the password form in menu: http://192.168.4.1/evil-m5core2-menu
Any other tried page should redirect to the choosen portal.
These pages can be accessed by multiple way :
But also remotly:
- Deactivate: Stops the captive portal and DNS.
- Menu: Choose the portal provided to connecting users. Lists only HTML files.
- Menu: To check captured credentials.
- Option: Delete all captured credentials.
The Monitor Status feature consists of three static menus that can be navigated using the left and right buttons. Each menu provides specific information about the current status of the system:
- Number of Connected Clients: Displays how many clients are currently connected.
- Credentials Count: Shows the number of passwords stored in
credentials.txt. - Current Selected Portal: Indicates which portal is currently being cloned.
- Portal Status: Displays whether the portal is ON or OFF.
- Provided Portal Page: Details about the portal page currently in use.
- Bluetooth: Displays whether the bluetooth is ON or OFF.
- MAC Addresses: Lists the MAC addresses of all connected clients.
- Stack left: Displays the remaining Stack in the device.
- Available RAM: Displays the remaining RAM in the device.
- Battery Level: Shows the current battery level.
- Temperature: Reports the device's internal temperature.
Send fake random probes near you on all channel. Perfect for counter the Probe Sniffing attack. Press left or right to reduce or increase time delay. (200 ms to 1000ms)
Check the demo thx to @hosseios
Probe Sniffing start a probe scan that capture the SSID receive, you can store and reuse then. Restricted to 150 probes max.
Same as Probe Sniffing but provide a menu after stopping scan to choose a unique SSID, when SSID is chosen, a portal with the same SSID is deploy, if the original AP is an Open Network and the machine is vulnerable it should connect automaticaly to the network and dependind of the machine can pop up automatically the portal, if a client is present when scan end or stopped, the portal stay open, if not the portal is shutdown. (Can be used with password if set on web interface).
Same as Karma Attack but try the first probe seen, if no client connects after 15 seconds the Evil-m5core2 returns to sniffing mode to try another captured probe and continues in a cycle until stopped by the user. Can also be used with a password if set on the web interface, if you have a password and you don't know on which AP it work you could try it with different probe request to test if karma work and get the SSID. This feature is inspired by the pwnagotchi project but with probe request and karma attack, you can use both to ensure a full attack of the near devices around you.
You can add SSID on KarmaAutoWhitelist line like this : KarmaAutoWhitelist=notmybox,thisonetoo
Probe should be ignored and serial message send to notify that this network is whitelisted, it also work on probe sniffing and karma attack.
Same as Karma Auto but with Open SSID captured with wardriving. You can also add custom SSIDs to KarmaList.txt.
Menu to select a previous captured probe SSID and deploy it. List is restricted to 150 probes.
Menu to delete a previous captured probe SSID and deploy it. List is restricted to 150 probes.
Delete ALL previous captured probes. Basically reset probes.txt on SD.
Change the Brightness of the screen.
Switch bluetooth ON or OFF.
Scan wifi network around and link it to position in Wigle format, you can upload it to wigle to earn point and generate KLM file for Google earth. You need a GPS for this.
Tested device working on Core2/Fire/AtomS3 :
- ATOMIC GPS Base link M5Stack link AliExpress
Tested device working on Core2/Fire:
- GPS Module with Internal & External Antenna link M5Stack
Tested device working on Core2/Fire/CoreS3/Cardputer :
- Mini GPS/BDS Unit link M5Stack
PIN :
- PIN for Core2 : use RX2/TX2 | GND | 5v or 3.3v
GPIO 13
GPIO 14
- PIN for Fire on C-PORT :
GPIO 16
GPIO 17
Beacon Spam create multiple networks on all channels to render multiples SSIDs in wifi search and sniffing equipement. You can use custom Beacon with config file.
Based on an original idea from K3YOMI, thanks to him for the fantastic work !
You absolutely must see the original project here from which I took inspiration and from which I used the code :
https://github.com/K3YOMI/Wall-of-Flippers
Flipper Zero detection via bluetooth :
Discover Flipper Zero Devices :
- Discovering Flipper Name
- Discovering Flipper Mac Address and if it's spoofed (normal/spoofed)
- Discovering Flipper color (Detection of Transparent, White, & Black Flipper)
- Saving Flipper Zero Devices Discovered near you on SD Card.
Capability to Identify Potential Bluetooth Advertisement Attacks from Flipper and Other Devices :
- Suspected Advertisement Attacks
- iOS Popup Advertisement Attacks
- Samsung and Android BLE Advertisement Attacks
- Windows Swift Pair Advertisement Attacks
- LoveSpouse Advertisement Attacks (Denial of Pleasure)
Check the demo thx to @hosseios
!! Warning !! You need to bypass the esp32 firmware with scripts in utilities before compiling or deauth is not working due to restrictions on ESP32 firmware
Based on an original idea from evilsocket the pwnagotchi
You absolutely must see the original project here from which I took inspiration:
https://github.com/evilsocket/pwnagotchi
On screen:
- AP: Number of APs near you
- C : Current Channel
- H : Numbers of new PCAP created ( at least one EAPOL and beacon frame)
- E : Numbers of EAPOL packets captures
- D : 0 = no deauth only sniffing / 1 = active deauth
- DF: Fast Mode
Left Button : ON/OFF deauth
middle : back to menu
right Button : Fast/slow mode
So what ?
It does :
- Scan for near AP
- Sniff if client is connected
- Send broadcast deauth frame to each AP which have client
- Send spoofed deauth frame for each client
- Sniff EAPOL at same time
- Loop at Scan near AP
!! Warning !! You need to bypass the esp32 firmware with scripts in utilities before compiling or deauth is not working due to restrictions on ESP32 firmware
Based on an original idea from spacehuhn the deauther
You absolutely must see the original project here from which I took inspiration:
https://github.com/SpacehuhnTech/esp8266_deauther
Evil-M5core2 is now able to send deauthentification frames and you can sniff the EPAOL in same time.
Just select the network and go to deauther, answer asked question, and start to deauth and sniff at same time !
Special thanks to Aro2142 and n0xa for the help and work.
Based on an original idea from G4lile0 the Wifi-Hash-Monster.
You absolutely must see the original project here from which I took inspiration:
https://github.com/G4lile0/ESP32-WiFi-Hash-Monster
- Channel : Current Channel
- Mode : Static : Stay on same channel / Auto: Hopping trough all channel
- PPS : Packets Per Second on the channel (if no activities on the channel the PPS could be locked to the last know number of packets because the refresh occur when a packet is reveived)
- H : Numbers of new PCAP created ( at least one EAPOL and beacon frame)
- EAPOL : Numbers of EAPOL packets captures
- DEAUTH : Numbers of Deauth seen
- RSSI : The transmission power (gives an idea of the distance from the transmitter)
If a EAPOL packet is detected, its stored in a pcap file with the mac address of the AP and a beacon frames wih the BSSID. You can crack a Wifi password with a 4-way handshakes or a PMKID with Aircrack-ng or Hashcat.
A python tool to process multiple pcap to hashcat format is provided in utilities.
Detect deauthentication packets near you, when a machine disconnects from an access point, it sends a deauthentication packet to close the connection, deauthentication packets can also be spoofed to disconnect the device and attacker use automatic reconnection to sniff the 4-way handshake, a lot of deauthentication packets are not normal and should be considered as a possible Wi-Fi attack.
This feature also detects nearby pwnagotchi by printing the name and number of pwned network that it get, in this way you can know if you are under attacked.
Designed to spam face and name on all pwnagotchi devices nearby and can be used to causing a DoSPWND (Denial Of Screen PWND part). You can change the face and message sended in a text file.
REMEMBER TO PUT THE FILE IN CONFIG FOLDER : https://github.com/7h30th3r0n3/Evil-M5Core2/blob/main/SD-Card-File/config/pwngridspam.txt
Perfect for showcasing at events like DEFCON or BlackHat.😜
It's also available standalone on any esp32 here : https://github.com/7h30th3r0n3/PwnGridSpam
part of the code have been taken and refactored from https://github.com/viniciusbo/m5-palnagotchi
On screen:
- URL: The website URL being crawled
- Pages: current of page crawled
- Dictonnary on SD card so it could be swaped
- Scrolling list at the end to see all the content crawled
On screen:
- A real SSH Shell with CTRL+C
- Can be used from the Scan Hosts after menu
It does:
- ARP broadcast on all the network
- Check Hosts up
- List them to let you choose actions (Scan ports / SSH connect / Web Crawling)
On screen:
- Status: Transmission status (e.g., Sending, Finished)
( This functionnality has been not totally tested, it send the same signal than the flipper zero best-tesla-opener )
The Skimmer Detector feature helps identify potential Bluetooth-based skimmers by scanning for common Bluetooth modules such as HC-03, HC-05, and HC-06. While detection does not guarantee the presence of a skimmer, it's a useful tool for identifying suspicious devices.
How it works:
- Initiate a Bluetooth scan from the device.
- View a list of detected devices with their IDs and signal strength.
- If a suspicious device is near an alert appear.
Note: Detection of a device does not necessarily mean it is a skimmer, but caution is advised.
This feature allows the device to act as a BadUSB, emulating keyboard inputs to execute predefined scripts or commands on a connected computer. Ideal for security testing and demonstrations.
Usage:
- Prepare your script in a text file and upload it to the
BadUsbScriptfolder on the device. - Activate the BadUSB mode from the menu and select the script to execute or change the layout.
- 20 Scripts are provided but you can add more.
Caution: Use responsibly and ensure you have permission before executing any scripts.
Evil-M5Core2 sends messages via serial for debugging purposes and message when you navigate on the Core2, you can use the serial app on Flipper to see these messages. Plug your flipper with :
- On flipper :
PIN 13/TX
PIN 14/RX
- On M5Core2 :
PIN G3/RXD0
PIN G1/TXD0
You can control almost all functionnaly with serial command:
Available Commands:
- scan_wifi - Scan WiFi Networks
- select_network - Select WiFi
- change_ssid <max 32 char> - change current SSID
- set_portal_password <password min 8> - change portal password
- set_portal_open - change portal to open
- detail_ssid - Details of WiFi
- clone_ssid - Clone Network SSID
- start_portal - Activate Captive Portal
- stop_portal - Deactivate Portal
- list_portal - Show Portal List
- change_portal - Switch Portal
- check_credentials - Check Saved Credentials
- monitor_status - Get current information on device
- probe_attack - Initiate Probe Attack
- stop_probe_attack - End Probe Attack
- probe_sniffing - Begin Probe Sniffing
- stop_probe_sniffing - End Probe Sniffing
- list_probes - Show Probes
- select_probes - Choose Probe
- karma_auto - Auto Karma Attack Mode stop automatically when successfull
- @SpacehuhnTech for the deauther bypass and for the fantastic work that is really inspiring.
- @evilsocket for the concept of pwnagotchi and pwngrid.
- @G4lile0 for the wifi-hash-monster.
- @K3YOMI for the Wall Of Flipper.
- @pr3y for help and Bruce code.
- @bmorcelli for the help and Bruce code too.
- @justcallmekoko for the Marauder.
- @Talking Sasquach for creating video content about the project.
- @Sam X Plogs for creating video content about the project.
- @dagnazty for the fantastic work on M5dial.
- @LaikaSpaceDawg for the work on the code.
and to all Beta-testers on the discord :
- [@KamiLocura]
- [@Skedone]
- [@toxiccpappii]
- [@OarisKiller]
- [@hosseios]
- [@BrownNoise]
- [@DAKKA]
- [@KNAX]
Your Evil-Core2 or Flipper Zero feels lonely?
Add a small parasite to it !!!
He can also be used standalone but he needs a host for energy like a phone or a powersupply to survive or he die.
Parasite Functionnality :
- Cute (yes it's a useful feature to survive).
- Accelerometer interaction (don't shake it or it get mad).
- AutoKarmaAttack when face is pressed ( when a karma attack is successfull your little parasiste tell the name of the SSID in a textbubble until the next karma successfull or death).
- Whitelist (hardcoded, need to be change by compiling the code again)
(For the moment no portal is sent it just tests if a device connect).
Hardware Requirement :
- M5AtomS3
Software Requirement : This little parasite use m5stack-avatar to render face, donwload avatar librairie before compile.
It pretty small so you can also check serial on USB to get information.
- Captive Portal: Start a simple Wi-Fi captive portal to interact with connected clients.
- SSID Selection: Browse and select SSIDs stored in the device.
- Karma Attack: Automatically respond to probe requests by creating rogue APs with detected SSIDs.
- BadUSB: List and execute all BadUSBs stored in the device.
- Settings: Change your device settings.
- About Screen: Information about the project and contributors.
- Legacy Arduino IDE (1.8.x): Download from Arduino.cc.
- ESP32 SPIFFS Tool: Download from ESP32FS Plugin GitHub.
or
- M5Dial SPIFFS Uploader: Download from Github
Before you begin, make sure you have installed the following libraries in the Arduino IDE:
-
M5Stack Unified (M5Unified)
- Description: Required to work with M5Stack devices, including the M5Dial. It handles the initialization and control of the display, buttons, and other peripherals.
- Installation: Available through the Arduino Library Manager.
- How to Install:
- Open Arduino IDE.
- Go to
Sketch > Include Library > Manage Libraries.... - Search for "M5Unified" and install it.
-
ESP32 Arduino Core
- Description: Core library for ESP32 microcontroller, supporting all ESP32-based devices, including Wi-Fi, Bluetooth, and other peripherals.
- Installation: Requires adding the ESP32 board URL to Arduino IDE and installing the board package.
- How to Install:
- Go to
File > Preferences. - In the "Additional Board Manager URLs" field, add:
https://dl.espressif.com/dl/package_esp32_index.json. - Go to
Tools > Board > Boards Manager.... - Search for "esp32" and install the package by Espressif Systems.
- Go to
-
ArduinoJson
- Description: A library to parse and generate JSON data, used to handle configuration data stored in JSON format on the M5Dial.
- Installation: Available through the Arduino Library Manager.
- How to Install:
- Open Arduino IDE.
- Go to
Sketch > Include Library > Manage Libraries.... - Search for "ArduinoJson" and install it.
- Download and install the Legacy Arduino IDE (1.8.x).
- Install the ESP32 SPIFFS tool:
- Place the
ESP32FSfolder in thetoolsdirectory inside your Arduino sketchbook location. If thetoolsdirectory doesn’t exist, create it. - You can find the Arduino sketchbook location in the Arduino IDE under
File > Preferences.
- Place the
- Clone or download this repository to your local machine.
- Open the project in the Arduino IDE by selecting
File > Open, then choose the.inofile from the project directory.
- Open the sketch in the Arduino IDE.
- Copy the
m5dial-datafolder from this project to the sketch directory. - From the Arduino IDE, select
Tools > ESP32 Sketch Data Upload. - Wait for the upload to complete.
- Download and install
M5Dial_SPIFFS_Uploader_Setup.exe. - Connect your M5Dial device to your PC via a USB cable.
- Run the
M5Dial_SPIFFS_Uploader.exe. - From the "COM Port" dropdown, select the correct COM port for your device.
- Click the
Connectbutton. The tool will attempt to detect the flash size of your device.
- After successfully connecting to the device, the
Create SPIFFS Imagebutton will be enabled. - Click
Create SPIFFS Image. - Choose the
m5dial-datafolder. - Save the SPIFFS image to your desired location.
- Click
Upload SPIFFS Image. - Select the SPIFFS image you created earlier.
- Wait for the upload to complete.
- Start Captive Portal: From the menu, select "Start Portal" to create a simple Wi-Fi access point.
- SSID Selection: Choose from stored SSIDs to set the current SSID for the captive portal.
- Karma Attack: Launch the Karma attack by selecting "Start Karma" from the menu.
- BadUSB: Execute pre-defined scripts as a USB HID device by selecting "BadUSB" from the menu.
- Settings: Configure device settings such as screen brightness, toggle between Normal and BadUSB modes, and enable or disable verbose debugging.
- About Screen: View project information by selecting "About" from the menu.
To add BadUSBs to your M5Dial copy .txt files to your m5dial-data folder and upload using your choice.
MIT License
Copyright (c) 2023 7h30th3r0n3
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
