Skip to content

Latest commit

 

History

History
80 lines (38 loc) · 4.6 KB

README.md

File metadata and controls

80 lines (38 loc) · 4.6 KB

ESP32 WiFi Hash Monster

Software License Contributors follow on Twitter

WiFi Hash Purple Monster, store EAPOL & PMKID packets in an SD CARD using a M5STACK / ESP32 device.

90% of the code is based on the great PacketMonitor32 from   follow on Twitter and the port to M5Stack from macsbug. It was a challenge to see if I could mimic the operation of pwnagotchi follow on Twitter in an ESP32 SoC.

ui

When a wifi device connect to an AP with WPA2/PSK instead of sharing the wifi key they exchange 4 EAPOL messages, this method is known as the 4-way handshake, capturing these 4 packets is possible to guess the password using dictonary attacks or brute force attack, recentely there is a more efficent way to calculate the wifi key using just one PMKID packet.

Purple Hash Monster capture all the EAPOL / PMKID packets on the SD Card for further analysis.

Short press on first button will change enable incognito mode (Display and leds off) long press will enable the SD Card and all EAPOL / PMKID will be stored on the SD-Card.

Short press on the second button will change the display backlight brighness, long press will change the LED bars brightness.

Short press on the third button will change WiFi Channel, long press will enable Auto-Channel or Smart-Channel modes.

Auto-Channel hop between channels 1,6 and after 15 seconds.

Smart-Channel cover all the channels sequentially, but only hop if there is not new SSID, EAPOL or DEAUTHS after 15 seconds.

When a deauth packet is detected left LED bar will became red and for every EAPOL / PMKID detected right LED bar will became green, also de Purple Hash Monster behaviour will change depending on the WiFi trafic and packets detected.

ui ui ui ui ui ui ui ui ui ui ui ui

Use Arduino IDE to compile it, tested with (ESP32 version 1.0.4) M5stack-fire.

How guess the WiFi password using brute force attack

Note: Cracking an WiFi password using brute force attack for a long WiFi password without GPUs or Cloud help, will be a nightmare but if the password is short or you know the key pattern it will be "easily" cracked.

Here you have a small guide for linux (Ubuntu) to crack the WiFi password using the files stored on the SD_Card of the Purple Hash Monster using your computer.

First we need to install hashcat

 sudo apt-get update
 sudo apt install hashcat

EAPOL/PMKID stored on the SD-Card are pcap files, we have to convert to hccapx format to work with hashcat. In terminal from the directory were we have the pcap file from the SD-CARD:

 wget https://raw.githubusercontent.com/hashcat/hashcat-utils/master/src/cap2hccapx.c
 gcc -o cap2hccapx cap2hccapx.c
 ./cap2hccapx 1.pcap 1.hccapx

For example if we know that the wifi password has a lenght of 8 digits we can run the following command, and in few seconds we will have the WiFi Password :)

 hashcat --force -m 2500 -a 3 -1 ?d -o cracked 1.hccapx ?1?1?1?1?1?1?1?1