Automated Wireless Hacking - Pwnagotchi
hacking wireless pwnagotchi hardware raspberry piBuild a fun and functional pocket-sized automated wireless security gadget using a Raspberry Pi Zero and the pwnagotchi project.
Overview
From the website:
Pwnagotchi is an A2C-based “AI” powered by bettercap that learns from its surrounding WiFi environment in order to maximize the crackable WPA key material it captures (either through passive sniffing or by performing deauthentication and association attacks). This material is collected on disk as PCAP files containing any form of crackable handshake supported by hashcat, including full and half WPA handshakes as well as PMKIDs.”
In short, the pwnagotchi
is a device that allows you to automatically capture EAPOL “four way
handshakes” from networks around you using a few different methods, and it uses an AI concept called
Reinforcement Learning
to improve this process over time. It's a cool project to learn the basics of modern wireless security, and a really fun use of
a Pi Zero. A very detailed explanation (with examples) of performing these techniques using bettercap
can be found at the creator's website.
Hardware
There are a bunch of different options, but I wanted to stick to hardware (specifically a battery) that wouldn't add too much bulk to the Pi Zero. Here's the exact hardware I used for my build:
- Raspberry Pi Zero WH. The “WH” means this unit comes with pre-soldered GPIO headers ‒ we'll be able to plug in the screen without any additional work.
- Waveshare 250x122, 2.13 inch E-Ink Display Hat. This is the officially supported display for the
pwnagotchi
project. The refresh rate is pretty good, and it's fully compatible for this build without any special configuration changes. - PiSugar 900 mAh Battery. This battery is very slim, and attaches directly to the Pi via the power pads, meaning there are no wires or cables that need to be plugged in.
- SanDisk 32GB MicroSD UHS-I Memory Card. The documentation recommends a UHS-I card with at least 8GB capacity.
- Anker 3ft Micro USB Cable. You'll need a Micro USB cable that can handle both power and data.
- I used OSX, but you can follow along with this setup using Linux.
Setup
To start out, hardware setup is simply a matter of plugging the screen into the Pi's GPIO headers. You'll want to leave the battery disconnected for now, because initial setup will happen via USB Micro which will provide power via the data port. As for the software, I opted to use a pre-built image which can be found in the project's releases on github. This removes a lot of potential setup issues, and I had a working device in about an hour using theese steps:
- Download the image:
wget http://github.com/evilsocket/pwnagotchi/releases/download/v1.4.1/pwnagotchi-raspbian-lite-v1.4.1.zip
- Extract the image, and verify the SHA256 checksum:
unzip pwnagotchi-raspbian-lite-v1.4.1.zip
shasum -a256 pwnagotchi-raspbian-lite-v1.4.1.img
- Use Balena Etcher to flash the image to your SD card. You can also use the
dd
utility:
sudo gdd if=./pwnagotchi-raspbian-lite-v1.4.1.img of=/dev/rdisk3s1 bs=4M status=progress
-
Mount your newly flashed SD card. You may have to unplug and reinsert it.
-
Browse to the
/boot
directory, and create the following starter config file calledconfig.yml
. You'll want to choose a name for yourpwnagotchi
, and specify your own wireless network SSID for the whitelist. I also chose to opt out of grid in my configuration:
main:
name: 'pwnagotchi'
whitelist:
- 'YourNetwork'
plugins:
grid:
enabled: false
report: false
ui:
display:
enabled: true
type: 'waveshare_2'
color: 'black'
- At this point, you're ready to plug the SD card in, and power on the device. For initial setup, you'll want to plug the Micro USB cable into the Pi's
data port
. This is the Micro USB port closest to the middle of the Pi. Connect the device to your computer, and give it awhile (up to 15 minutes) to initialize. The screen will be blank for awhile, but eventually you'll see that your device is on and inMANU
mode. In this mode, yourpwnagotchi
is now up and running and you can follow these steps to SSH into it.
That's it! There are a few more things that you'll probably want to do now that you're up and running:
- Once you can SSH into your device, make sure you change the default password.
- Read the documentation.
- Check out the builtin
bettercap
web interface. - Reboot your device into
AUTO
mode to start automatically capturing handshakes:
sudo su -
touch /root/.pwnagotchi-auto && systemctl restart pwnagotchi
- Go for a walk.
Happy hacking!