Elektroda.com
Elektroda.com
X

Search our partners

Find the latest content on electronic components. Datasheets.com
Elektroda.com

Wi-Fi Jammer ( deauthentication attack )

jarusek131 28047 19
This content has been translated flag-pl » flag-en View the original version here.
  • Wi-Fi Jammer ( deauthentication attack )
    For some time now, I became interested in network security and came across an article on how to make a Wi-Fi Jammer (deauthentication attack). I did not even suspect that you can make someone's life so easy and simple. To make a Jammer All we need is esp8266. The principle of operation is very simple. Our device pretends to be a router and sends information (deauthentication packets) to network users to disconnect. This option does not always work, but it is enough to set an attack on a specific device and you're done. I haven't been able to find information on how to defend myself against such an attack, but maybe one of the forum members knows and will share their knowledge. Remember that you can only use this for educational purposes and testing your OWN network. Link to the video with step-by-step instruction youtube.com/watch?v=9UgFafZhONI

    Instruction:

    Uploading the program to ESP8266:



    1) Download the file with the files forbiddenbit.com/239/
    2) Unpack the Wi -Fi_Jammer.zip file
    3) Install the driver for CH340 ch341SER / SETUP.EXE
    4) Open ESP8266Flasher.exe.
    Select deauther_2.1.0_1m.bin in the file.
    In Operation, select the COM port from ESP8266 and click FLASH.

    Wi-Fi Jammer ( deauthentication attack ) Wi-Fi Jammer ( deauthentication attack ) Wi-Fi Jammer ( deauthentication attack ) Wi-Fi Jammer ( deauthentication attack ) Wi-Fi Jammer ( deauthentication attack ) Wi-Fi Jammer ( deauthentication attack ) Wi-Fi Jammer ( deauthentication attack )
    ATTACK:

    1) Connect to wpnet, password: deauther
    2) Open the address of the browser entry 192.168.4.1
    3) Accept the terms
    4) Select your network from the list
    5) Go to the attack tab, select deauth and click start. Now the devices connected to the network will be disconnected.
    If you select an attack beacon, multiple networks will be created
    Wi-Fi Jammer ( deauthentication attack ) Wi-Fi Jammer ( deauthentication attack ) Wi-Fi Jammer ( deauthentication attack ) Wi-Fi Jammer ( deauthentication attack ) Wi-Fi Jammer ( deauthentication attack ) Wi-Fi Jammer ( deauthentication attack )

    instructables.com/id/Wi-Fi-Jammer-With-ESP8266/

    Cool? Ranking DIY
    Can you write similar article? Send message to me and you will get SD card 64GB.
    About Author
    jarusek131
    Level 8  
    Offline 
    jarusek131 wrote 5 posts with rating 36, helped 0 times. Live in city Warszawa. Been with us since 2016 year.
  • #2
    krisRaba
    Level 31  
    Interesting. If I understand correctly from the cursory information, the device copies the MAC of the indicated router and to the selected target (network client), impersonating the router, sends frames defined in the standard, which are used to force the client to disconnect from the router. An interesting method for a local attack that makes life difficult for someone. All in all, if the frame is defined in the standard, the customer should necessarily handle it, and thus it is difficult to defend against it.
  • #3
    tygrysss
    Level 21  
    I remember the Gargoyle CC probably was susceptible to this and the FritxBox not, but it actually shows how easy it is to disconnect someone.
  • #4
    fotomh-s
    Level 23  
    jarusek131 wrote:
    Jammer to do

    I am asking my colleague to respect the correct technical terminology. The device does not qualify as a jammer. It is enough for us that there is already a sufficiently large number of people who call the igniter, the RC apparatus a remote control, there are also those who say that "they turn on the electricity" :-P
    I advise you to read: https://hackaday.com/2017/08/13/wifi-deauthentication-vs-wifi-jamming-what-is-the-difference/

    As for the possibilities of defense, it is:
    Quote:
    There is hope though with 802.11w which encrypts management frames. It's been around for a while however manufacturers don't seem bothered and don't implement it, even though it would improve the security of a WiFi device from these types of attacks.
  • #5
    wiktor13570
    Level 12  
    I was making a similar jammer with the Wemos d1 mini. Newer, more decent routers are more resistant to this type of action, and not all of them can be disrupted
  • #6
    jarusek131
    Level 8  
    If you choose to attack the entire network it rarely works, but if you choose one device from the network it always worked in MY case, I checked on 3 laptops, 2 TVs and 5 phones and it fired every time.
  • #7
    Jarzabek666
    Level 36  
    and you can upset your neighbor with this?
  • #9
    leonow32

    Level 30  
    If someone has a free evening, he can make a simple program that will allow anonymous use of the Internet for free - just make a loop on ESP that activates WPS every minute, put a tile by the window and just wait for a neighbor to press the WPS button on his router ;) then you just need to write down the SSID together with the EEPROM password :D
  • #10
    oshii
    Level 24  
    Then finally
    leonow32 wrote:
    it is enough to make a loop on ESP that activates WPS every minute

    if:
    leonow32 wrote:
    wait for a neighbor to press the WPS button on their router

    ?

    You host two types of attack - bruteforce and regular occasion listening.
    In the first case, most devices block WPS after 2-3 failed pin bend attempts, so it will take some time to check 5,000-11,000 combinations.
    In the latter case, the opportunity may never come.

    The fact is that it's better not to use WPS and turn it off at all.
  • #11
    leonow32

    Level 30  
    WPS on ESP only works for a minute (or maybe two, I don't remember) and if it doesn't find any router, it turns itself off. This loop is for the WPS to be active all the time and waiting for an opportunity. It has nothing to do with any brute force.
  • #12
    oshii
    Level 24  
    Still do not understand.
    Or Still you are listening for WPS frames, or you are actively attacking WPS.

    What do you mean by "turn on WPS for a minute"?
  • #13
    krisRaba
    Level 31  
    oshii wrote:
    Still do not understand.
    Either you are constantly listening for WPS-related frames, or you are actively attacking WPS.

    What do you mean by "turn on WPS for a minute"?

    Normal WPS pairing seems to work by clicking WPS on your router, running WPS in the client and without giving anything (weak passwords etc) they will find, exchange the keys and "pair". Hence, if you run WPS connection in a client over and over again, then you wait for the moment when someone in your router clicks WPS to connect your client. Then you count on the fact that you will shoot the moment between activation on the router and activation in the client, i.e. you will be the first to hit the router ...
    After this pairing, the router reliably turns off WPS.
    A moderately aware user will say that something has gone wrong and turn on WPS again to try again with your client, while you are glad that you already have the authorization data for that router in memory and can use them for free connections over someone else's network. ..
  • #14
    oshii
    Level 24  
    krisRaba wrote:
    Normal WPS pairing seems to work by clicking WPS on your router, running WPS in the client and without giving anything (weak passwords etc) they will find, exchange the keys and "pair".

    "Normal" WPS pairing requires a PIN printed on the AP.

    Inventions that don't require a pin work like this:
    Quote:
    Push button method:

    In which the user has to push a button, either an actual or virtual one, on both the access point and the new wireless client device. On most devices, this discovery mode turns itself off as soon as a connection is established or after a delay (typically 2 minutes or less)

    https://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup#Modes

    So the 2 minutes between consecutive attempts to catch the net stink of failure 90% of the time.

    Anyway, great amenity ...
  • #15
    krisRaba
    Level 31  
    I have not met the version with the pin, but maybe I just had such equipment in my hands.

    The given description of the version without the pin is consistent with what I wrote earlier. The percentage of success is quite high, because instinctively, everyone clicks the router first, and then goes to encourage the client to cooperate, and since the attacker has WPS turned on in his client all the time (with minor breaks for reconnection), there is a chance to shoot between manual actions user-casualties are large.
    The downside here is another thing - how often do you pair your devices with the router? Because I have a set of devices that are connected once (not via WPS :P ) and I haven't added new ones for a long time :P
    Unless you have to play with this WPS every time you want to connect, which I sincerely doubt, because then the attack does not make much sense, because the acquired keys would not work with the next connection. So I assume that it is done once per device, which is veeeeery rarely :)
  • #16
    byrrt
    Level 21  
    WPS with PIN? What is the point of that? Digital TV via internet in Orange works in such a way that their devices cannot be paired differently .. There is simply no other option than via WPS ..
  • #17
    oshii
    Level 24  
    byrrt wrote:
    WPS with PIN? What is the point of that?

    When configuring, you only enter 8 numbers, while WPA-Passphrase can be set to several dozen alphanumeric characters.

    As for Orange - there is really no option to manually set a password? Imho absurd if that's true.
  • #18
    a666mi
    Level 9  
    I use wifi zone wps love it for the ease of hacking (internet access and routers) The neighbors are surprised when it shows passwords and turns off wps
  • #19
    Gandalf102
    Level 5  
    I also had a jammer. My router was quite resilient, but the jammer slowed the internet down terribly.
  • #20
    uzi18
    Level 24  
    OpenWRT / LEDE has been configuring the option to detect this attack for some time, the only thing is an attack targeting network clients, not a router and basically a standard used for a malicious purpose.