Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to use single-chip microcomputer to achieve a complete wifi attack", interested friends may wish to take a look. The method introduced in this paper is simple, fast and practical. Let the editor take you to learn "how to use a single-chip microcomputer to achieve a complete wifi attack"!

0x01 attack Conception

While using tpyboardv202 to interfere with wifi, the ssid and channel of v202 are changed to the same SSID and channel as the interfered wifi. At this time, the disturbed user is very likely to connect to the fake WIFI. When the user connects, no matter which network the user visits, the user will jump out of the camouflaged page of entering the password, thus inducing it to write the password. After the password is written, v202 tries to verify the correctness of the password. If it is correct, the interference will be stopped and the password will be stored in the TF card, otherwise it will interfere again.

0x02 builds development environment

1. First of all, you need a TPYBoardv202 and a TPYBoardV102 development board.

2. An open source firmware for making Deauth wireless attacks using esp8266 is downloaded from the Internet, which is developed by arduino.

2. After the download is completed, decompress as follows:

The firmware of esp8266_wifi.rar adds the ability to swindle WIFI passwords on the basis of the previous experiment [Evil Modification: TPYBoard makes cheap WIFI jammers]. At the same time, the serial port and TPYBoardv102 are used to connect, and the obtained WIFI password is passed to v102. After receiving the correct password, the TF card is stored and the attack log is recorded.

Double-click arduino-1.8.2-windows.exe to install arduinoIDE. If you have already installed arduinoIDE, this step can be omitted.

4, after the installation, open arduino, the menu to find the file-"preferences, click the red area to enter the SDK directory." My path is: C:\ Users\ Sen\ AppData\ Local\ Arduino15.

5. Decompress Arduino15-2.rar and directly overwrite the files under C:\ Users\ Sen\ AppData\ Local\ Arduino15.

0x03 compiling and burning firmware

1. TPYBoardv102 source code (main.py)

Import pybfrom pyb import UARTu4=UART (4Jing 115200) mkdir_='/sd/log.txt' # need to insert TF card to create a new log.txt pyb.LED (2). On () while True: if (u4.any () > 0): # determine whether there is data in the serial port _ mag='' pyb.LED (3). Toggle () f=open (mkdir_) 'a') _ data=u4.readline () # read a row of data _ dataMsg=_data.decode ('utf-8') # transcode byte data into utf-8-encoded string print (' _ dataMsg:') _ dataMsg) # parsing data _ index_h=_dataMsg.find ('tpyboardpwd') _ index_e=_dataMsg.find (' *') if _ index_h >-1 and _ index_e >-1 and (_ index_e-_index_h) > 11: _ dataMsg=_dataMsg.replace ('tpyboardpwd',''). Replace (' *',') print ('GetPwd:' _ dataMsg) _ mag=_mag+'-attack log-\ r\ n' _ mag=_mag+'SSID:'+_dataMsg.split ('+') [0] +'-'+ 'PWD:'+_dataMsg.split (' +') [1] print ('- -\ r\ n') pyb.LED (4) .toggle () if _ magnified recording records: f.write (_ mag) # saves the acquired SSID and PWD in the log file f.close ()

2. This article focuses on the use of TPYBoardv202.

(1) decompress the esp8266_wifi.rar,arduinoIDE menu bar file-"Open esp8266_deauther\ esp8266_deauther.ino under the esp8266_wifi source package"

(2) TPYBoardv202 uses microUSB data cable to connect to the computer. Check the port of the installed usb transfer string. Open the computer's device Manager (this is COM44)

(3) tools-"Port, select COM44 (according to your actual port number)

(4) in the green icon menu area under the menu bar, select upload, start compilation, and burn firmware.

(5) View the lowest log area

Wait for the compilation to complete, when the message above appears (status: upload), hold down FLASH while pressing the RST button to release, let TPYBoardv202 reset, continue to press FLASH, when the following message appears, you can release the FLASH button.

Connection of 0x04 hardware

The code and program are complete, and then you need to connect the serial ports of TPYBoardv102 and TPYBoardv202.

Connection diagram:

TPYBoard v102

TPYBoard v202

X1 (TX)

RX

X2 (RX)

TX

Connect the physical diagram:

0x05 test effect

1. First of all, I use my own home WIFI for testing, and I first use my mobile phone to access WIFI (Tend_01CB30).

2. Extract XCOMV2.0.rar and double-click to run XCOMV2.0.exe serial port assistant. Open the serial port according to your choice, mine is the COM44 baud rate of 115200 the rest of the default, open the serial port, you can see the v202 print information.

Ps: just now v202 will start itself immediately after burning the firmware, so reset v202 and click RST so we can see the whole process from the beginning to the end.

3. As you can see, v202 startup will search a lot of nearby WIFI, and then it will determine which signal is the strongest. I must be the strongest in my home, so v202 starts to attack [Tend_01CB30] this WIFI, and also sets up an open [Tend_01CB30] hotspot. When attacking, the small blue light on v202 will always be on.

4. At this time, my phone can no longer connect to the [Tend_01CB30] WIFI of my original router. At this time, if you change to someone who doesn't know anything about it, you will most likely go to the phone settings to have a look. Why can't you connect to the network?

5. At this time, he will manually click on the connection [Tend_01CB30]. Of course, he will find that there are two WIFI with the same name. Because we belong to Open, when he fails to connect to his original WIFI, he will connect to the disguised WIFI.

6. When we successfully deceive him into connecting to our WIFI, as long as we open the browser and enter any URL, we will automatically jump to the false network password confirmation page.

7, test input 12345678 click to confirm, the serial port debugging assistant can see the obtained WIFI password, and then stop the attack, the small blue light will go out.

8. At the same time, v202 will first try to connect to verify the accuracy of the password. If the connection is successful, it will automatically send the password to v102 for preservation. If the connection fails, v202 will continue to interfere with the attack.

9. Check the log.txt file in the TF card to see if you have recorded the password you just cracked.

(when TPYBoardv102 uses TF card, the data will not be updated in real time. You need to reset to see the contents of the updated log.txt.)

At this point, I believe that everyone on "how to use single-chip microcomputer to achieve a complete wifi attack" have a deeper understanding, might as well to the actual operation of it! Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.