ESP8266 Turned Secretive WiFi Probe Request Sniffer

September 20, 2020 by Danie Conradie 21 Comments

When a Wi-Fi device is switched on, it starts spewing out probe requests to try and find a familiar access point. These probe requests contain the device’s MAC address and the SSID of the hotspot it’s looking for, which can potentially be used to identify a specific device and where it’s been. After experimenting with these probe requests, [Amine Mehdi Mansouri] has created OpenMAC, a tiny ESP8266 based sniffer that could be hidden anywhere.

The device consists of an ESP-07S module, a regulator circuit for getting power from a USB-C connector, and a button for power cycling. An external antenna is required for the module, which can be selected based on the size or gain requirements for a specific deployment. [Amine] tested the OpenMAC at a local library (with permission), in combination with a number of his own little Wi-Fi repeaters to expand the reach of the network. All the recorded MAC addresses were logged to a server, where the data can be used for traffic analysis in and around the library, or even for tracking and locating specific devices.

This is nothing new, and is relatively common technique used for gathering information in retail locations, and could be also be used for more nefarious purposes. Newer versions of iOS, Android, and Windows 10 feature MAC address randomization which can limit the ability to track devices in this manner, but it isn’t always activated.

We’ve seen a number of projects that exploit probe requests. FIND-LF can be used for locating devices in your home, and Linger fools probe requests sniffers by replaying previously recorded requests.

TP-LINK’s WiFi Defaults To Worst Unique Passwords Ever

January 27, 2016 by Mike Szczys 82 Comments

This “security” is so outrageous we had to look for hidden cameras to make sure we’re not being pranked. We don’t want to ruin the face-palming realization for you, so before clicking past the break look closely at the image above and see if you can spot the exploit. It’s plain as day but might take a second to dawn on you.

The exploit was published on [Mark C.’s] Twitter feed after waiting a couple of weeks to hear back from TP-LINK about the discovery. They didn’t respond so he went public with the info.

Continue reading “TP-LINK’s WiFi Defaults To Worst Unique Passwords Ever” →

PS3 Controller Spoofing Advancing With Leaps And Bounds

May 25, 2011 by Mike Szczys 26 Comments

Development has been progessing quite nicely on [Matlo’s] PlayStation 3 controller spoofing project. This is a package that allows you to identify a PC as a PS3 controller. We know what you’re thinking: why would you want to do that? When we originally looked in on the project about a year ago we mentioned that this allows you to use any Linux-friendly peripheral as a PS3 controller. In the clip embedded below you’ll see that nothing beats a good keyboard and gaming mouse when it comes to first-person shooters. [Matlo’s] solution not only allows you to use alternative control hardware, but there’s almost unlimited configurability.

And speaking of configuration, he’s done a ton of work on the GUI. After the initial package installation no terminal typing needs to be done to get the system configured. Once in place, you can set the MAC address of a Bluetooth dongle to spoof the address of your SixAxis controller. From there you can set up the button mapping, calibrate mouse hardware and the like, and even program macros (fantastic). Now go out and pwn everyone at deathmatch now that the PlayStation Network is back up and running.

Continue reading “PS3 Controller Spoofing Advancing With Leaps And Bounds” →