You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
**Any redistributing, advertising or selling of this project as "jammer" without clearly stating it as a pentesting device for testing purposes only, is prohibited!**
297
+
298
+
I disabled the issue section because of the flood of invalid questions, unrelated to this project.
299
+
All necessary information is described below. Do not open issues about this project on any other of my projects, otherwise you will be blocked immediately!
300
+
301
+
**This project is a proof of concept for testing and education.**
302
+
Neither the ESP8266, nor the SDK was meant and build for such purposes.
303
+
Bugs can occur!
304
+
305
+
306
+
## Contents
307
+
-[Introduction](#introduction)
308
+
-[What it is](#what-it-is)
309
+
-[How it works](#how-it-works)
310
+
-[What an ESP8266 is](#what-an-esp8266-is)
311
+
-[How to protect against it](#how-to-protect-against-it)
312
+
-[Disclaimer](#disclaimer)
313
+
-[Videos](#videos)
314
+
-[Installation](#installation)
315
+
-[Uploading the bin files](#uploading-the-bin-files)
316
+
-[Compiling the source with Arduino](#compiling-the-source-with-arduino)
317
+
-[Adding OLED display](#adding-oled-display)
318
+
-[How to use it](#how-to-use-it)
319
+
-[FAQ](#faq)
320
+
-[License](#license)
321
+
-[Sources and additional links](#sources-and-additional-links)
322
+
323
+
## Introduction ##
324
+
325
+
### What it is
326
+
327
+
Basically it’s a device which performs a [deauth attack](https://en.wikipedia.org/wiki/Wi-Fi_deauthentication_attack).
328
+
You select the clients you want to disconnect from their network and start the attack. As long as the attack is running, the
329
+
selected devices are unable to connect to their network.
330
+
Other attacks also have been implemented, such as beacon or probe request flooding.
331
+
332
+
### How it works
333
+
334
+
The 802.11 Wi-Fi protocol contains a so called [deauthentication frame](https://mrncciew.com/2014/10/11/802-11-mgmt-deauth-disassociation-frames/). It is used to disconnect clients safely from a wireless
335
+
network.
336
+
337
+
Because these management packets are unencrypted, you just need the mac address of the Wi-Fi router and of the client device which you want to disconnect from the network. You don’t need to be in the network or know the password, it’s enough to be in its range.
338
+
339
+
### What an ESP8266 is
340
+
341
+
The [ESP8266](https://en.wikipedia.org/wiki/ESP8266) is a cheap micro controller with built-in Wi-Fi. It contains a powerful 160 MHz processor and it can be programmed using [Arduino](https://www.arduino.cc/en/Main/Software).
342
+
343
+
You can buy these chips for under $2 from China!
344
+
345
+
### How to protect against it
346
+
347
+
With [802.11w-2009](https://en.wikipedia.org/wiki/IEEE_802.11w-2009) Wi-Fi got an update to encrypt management frames.
348
+
So make sure your router is up to date and has management frame protection enabled. But note that your client device needs to
349
+
support it too, both ends need to have it enabled!
350
+
351
+
The only problem is that most devices don’t use it. I tested it with different Wi-Fi networks and devices, it worked every time! It seems that even newer devices which support frame protection don’t use it by default.
352
+
353
+
I made a [Deauth Detector](https://github.com/spacehuhn/DeauthDetector) using the same chip to indicate if such an attack is running against a nearby network. It doesn't protect you against it, but it can help you figure out if and when an attack is running.
354
+
355
+
## Disclaimer
356
+
357
+
Use it only for testing purposes on your own devices!
358
+
I don't take any responsibility for what you do with this program.
359
+
360
+
Please check the legal regulations in your country before using it.
361
+
**It is not a frequency jammer as claimed falsely by many people.** Its attack, how it works and how to protect against it is described above. It uses valid Wi-Fi frames described in the official 802.11 standard and doesn't block or disrupt any other communications or frequencies.
362
+
363
+
Any redistributing, advertising or selling of this project as "jammer" without clearly stating it as a pentesting device for testing purposes only, is prohibited!
364
+
365
+
My intention with this project is to draw more attention to this issue.
366
+
This attack shows how vulnerable the 802.11 Wi-Fi standard is and that it has to be fixed.
367
+
**A solution is already there, why don’t we use it?**
[](https://www.youtube.com/watch?v=SswI-J-M2SE)
376
+
377
+
## Installation
378
+
379
+
The only thing you will need is a computer and an ESP8266.
380
+
381
+
I recommend you to buy a USB breakout/developer board, because they have 4Mb flash and are very simple to use.
382
+
It doesn’t matter which board you use, as long as it has an ESP8266 on it.
383
+
384
+
You have 2 choices here. Uploading the bin files is easier but not as good for debugging, so keep that in mind in case you want to open an new issue.
385
+
**YOU ONLY NEED TO DO ONE OF THE INSTALLATION METHODS!**
386
+
387
+
### Uploading the bin files
388
+
389
+
**Note:** the 512kb version won't have the full MAC vendor list.
390
+
The NodeMCU and every other board which uses the ESP-12 has 4mb flash on it.
391
+
392
+
**0** Download the current release from [here](https://github.com/spacehuhn/esp8266_deauther/releases)
393
+
394
+
**1** Upload using the ESP8266 flash tool of your choice. I recommend using the [nodemcu-flasher](https://github.com/nodemcu/nodemcu-flasher). If this doesn't work you can also use the official [esptool](https://github.com/espressif/esptool) from espressif.
395
+
396
+
**That's all! :)**
397
+
398
+
Make sure you select the right com-port, the right upload size of your ESP8266 and the right bin file.
399
+
400
+
If flashing the bin files with a flash tool is not working, try flashing the esp8266 with the Arduino IDE as shown below.
401
+
402
+
### Compiling the source with Arduino
403
+
404
+
**0** Download the source code of this project.
405
+
406
+
**1** Install [Arduino](https://www.arduino.cc/en/Main/Software) and open it.
407
+
408
+
**2** Go to `File` > `Preferences`
409
+
410
+
**3** Add `http://arduino.esp8266.com/stable/package_esp8266com_index.json` to the Additional Boards Manager URLs. (source: https://github.com/esp8266/Arduino)
411
+
412
+
**4** Go to `Tools` > `Board` > `Boards Manager`
413
+
414
+
**5** Type in `esp8266`
415
+
416
+
**6** Select version `2.0.0` and click on `Install` (**must be version 2.0.0!**)
417
+
418
+
419
+
420
+
**7** Go to `File` > `Preferences`
421
+
422
+
**8** Open the folder path under `More preferences can be edited directly in the file`
423
+
424
+
425
+
426
+
**9** Go to `packages` > `esp8266` > `hardware` > `esp8266` > `2.0.0` > `tools` > `sdk` > `include`
427
+
428
+
**10** Open `user_interface.h` with a text editor
429
+
430
+
**11** Scroll down and before `#endif` add following lines:
`int wifi_send_pkt_freedom(uint8 *buf, int len, bool sys_seq);`
436
+
437
+
438
+
439
+
**don't forget to save!**
440
+
441
+
**12** Go to the SDK_fix folder of this project
442
+
443
+
**13** Copy ESP8266Wi-Fi.cpp and ESP8266Wi-Fi.h
444
+
445
+
**14** Paste these files here `packages` > `esp8266` > `hardware` > `esp8266` > `2.0.0` > `libraries` > `ESP8266WiFi` > `src`
446
+
447
+
**15** Open `esp8266_deauther` > `esp8266_deauther.ino` in Arduino
448
+
449
+
**16** Select your ESP8266 board at `Tools` > `Board` and the right port at `Tools` > `Port`
450
+
If no port shows up you may have to reinstall the drivers.
451
+
452
+
**17** Depending on your board you may have to adjust the `Tools` > `Board` > `Flash Frequency` and the `Tools` > `Board` > `Flash Size`. In my case i had to use a `80MHz` Flash Frequency, and a `4M (1M SPIFFS)` Flash Size
453
+
454
+
**18** Upload!
455
+
456
+
**Note:** If you use a 512kb version of the ESP8266, you need to comment out a part of the mac vendor list in data.h.
457
+
458
+
**Your ESP8266 Deauther is now ready!**
459
+
460
+
461
+
### Adding OLED display
462
+
463
+
464
+
465
+
**0** Follow the steps [above](#compiling-the-source-with-arduino) to get your Arduino environment ready.
466
+
467
+
**1** Install this OLED driver library: https://github.com/squix78/esp8266-oled-ssd1306
468
+
469
+
**2** Customize the code for your wiring.
470
+
In `esp8266_deauther.ino` uncomment `#define USE_DISPLAY`.
471
+
Then scroll down and customize these lines depending on your setup.
472
+
I used a Wemos d1 mini with a SSD1306 128x64 OLED and 3 push buttons.
473
+
474
+
//include the library you need
475
+
#include "SSD1306.h"
476
+
//#include "SH1106.h"
477
+
478
+
//button pins
479
+
#define upBtn D6
480
+
#define downBtn D7
481
+
#define selectBtn D5
482
+
483
+
#define buttonDelay 180 //delay in ms
484
+
485
+
//render settings
486
+
#define fontSize 8
487
+
#define rowsPerSite 8
488
+
489
+
//create display(Adr, SDA-pin, SCL-pin)
490
+
SSD1306 display(0x3c, D2, D1);
491
+
//SH1106 display(0x3c, D2, D1);
492
+
493
+
## How to use it
494
+
495
+
First start your ESP8266 by giving it power.
496
+
497
+
You can use your smartphone if you have a USB OTG cable.
498
+
499
+
500
+
Scan for Wi-Fi networks and connect to `pwned`. The password is `deauther`.
501
+
Once connected, you can open up your browser and go to `192.168.4.1`.
502
+
503
+
You can now scan for networks...
504
+
Yes, but I will not implement this 'feature' for ethical and legal reasons.
521
+
522
+
**Can it sniff handshakes?**
523
+
524
+
The ESP8266 has a promiscuous mode in which you can sniff packets, but handshake packets are dropped and there is no other way to get them with the functions provided by the SDK.
525
+
Maybe someone will find a way around this barrier in the future.
526
+
527
+
**espcomm_sync failed/espcomm_open when uploading**
528
+
529
+
The ESP upload tool can't communicate with the chip, make sure the right port is selected!
530
+
You can also try out different USB ports and cables.
531
+
If this doesn't solve it, you may have to install USB drivers.
532
+
Which drivers you need depends on the board, most boards use a cp2102 or ch340.
533
+
534
+
**AP scan doesn't work**
535
+
536
+
There is a reported issue on this: https://github.com/spacehuhn/esp8266_deauther/issues/5
537
+
Try switching the browser or opening the website with another device.
538
+
539
+
**Deauth attack won't work**
540
+
541
+
If you see 0 pkts/s on the website, then you've made a mistake. Check that you have followed the installation steps correctly and that the right SDK is installed, it must be version 2.0.0!
542
+
If it can send packets but your target doesn't loose its connection, then the Wi-Fi router either uses [802.11w](#how-to-protect-against-it) and it's protected against such attacks, or it communicates on the 5GHz band, which the ESP8266 doesn't support because of its 2.4GHz antenna.
543
+
544
+
### If you have other questions or problems with the ESP8266, you can also check out the official [community forum](http://www.esp8266.com/).
545
+
546
+
## License
547
+
548
+
This project is licensed under the MIT License - see the [license file](LICENSE) for details.
549
+
550
+
**The License file must be included in any redistributed version of this program!**
551
+
Any redistributing, advertising or selling of this project as "jammer" without clearly stating it as a pentesting device for testing purposes only, is prohibited!
0 commit comments