Sniping 2.4GHz

A long time ago when WiFi and Bluetooth were new and ‘wardriving’ was still a word, a few guys put a big antenna on a rifle and brought it to DefCon. Times have changed, technology has improved, and now [Hunter] has built his own improved version.

The original sniper Yagi was a simple device with a 2.4 GHz directional antenna taped onto the barrel, but without any real computational power. Now that displays, ARM boards, and the software to put this project all together are cheap and readily available, [Hunter] looked towards ubiquitous computing platforms to make his Sniper Yagi a little more useful.

This version uses a high gain (25dBi) antenna, a slick fold-out screen, and a Raspberry Pi loaded up with Raspberry Pwn, the pentesting Raspi distro, to run the gun. There’s a button connected to the trigger that will automatically search the WiFi spectrum for the best candidate for cracking and… get cracking.

[Hunter] says he hasn’t taken this highly modified airsoft rifle outside, nor has he pointed out a window. This leaves us with the question of how he’s actually testing it, but at least it looks really, really cool.

42 thoughts on “Sniping 2.4GHz

      1. You are a bit of a sad git, droning the message of oppression.
        But guess what? Many people in the US have guns and has them for decades.
        .And I’m sure the freaking ‘homeland security’ people know all about remote tapping of WiFi, all too much..
        Now go dream of raping guys somewhere else if you please.

        1. Actually they are incorrect.. This wont land you in jail.. It will get you dead.

          Anyone seeing you aiming this “device” will be assuming you are sniper getting ready to take a shot.. You’ll be executed.

          You may think it’ll be funny to have to answer questions to cops when they show up, hope they’ll think its funny and have a good laugh WITH you over it..

          But odds are, they’ll just shoot you and investigate afterwards.

        2. Yea, because the first thing that goes through the mind of an officer when they see something pointing at someone that looks like an automatic weapon is, “Gee, I wonder if that’s a real weapon or a wifi sniffer.” Freedom doesn’t prevent the consequences of stupidity.

          1. DHS Employee / Law Enforcement Officer here.
            I can confirm that anything that looks even remotely like a gun is treated as such. There have been multiple civilians shot or killed because they were holding a cell phone, radio, or any other inanimate object. They have been shot trying to dispose of real guns because they moved too fast or pointed it at some one. If it looks like a gun and it is pointed at us or at another person we are trained to shoot first. Ugly legal battles have been fought over the literal split second decisions made by law enforcement officers. When a person is shot and it turns out they were holding something other than a gun it’s called a “bad shoot”; it is a constant fear screaming in the back of our heads every time we have to lay a hand on our weapons.

            There is a reason we are trained to look for and quickly identify possible weapons or objects disguised as such. There is a reason toy and look alike guns are supposed to have an orange tip.

            As for this project. Using the rifle as a platform makes sense. It’s a long device that needs visual sighting. Ergonomically, rifles are designed for just that. That being said he would do well to make sure his build looks as un-rifle like as possible. Especially if he intends to be walking around suburbia or shopping malls. Paint it day-glow orange, cover it in warning labels and caution tape. Lie to nosy police and bystanders. Tell them you are conduction research for an engineering white paper. We built a line throwing gun using a collapsing stock for an SKS. We made damn sure It LOOKS like a tool used for rescuing people… or fowling boat propellers.

    1. Pretty good idea actually. Disguising it as part of a hedge trimmer instead of part of a rifle is a lot more socially acceptable. Nothing suspicious about wandering around your yard with one. However, driving around pointing a hedge trimmer out of the window would make people assume you are a garden variety looney.

  1. as dangerous as it looks for actual use because of jumpy officials, does anyone else get the idea of loading it up with some stuff for de-authentication packets and using it for targeted attacks on visible access points? XD shame we don’t have emp tech down to a compact targetable form factor either, that could be another neat use.

    1. “shame we don’t have emp tech down to a compact targetable form factor…”

      I often think the same thing. Then I realize that it’s good that isn’t available because after I shoot a beam of shut-the-f-up at all my neighbors it wouldn’t take long for “the authorities” to discover that my apartment is the only one with tech that still works.

    2. I may or may not have used the deauth packet trick on a douchenozzle script kiddy who lived in my apartment complex, and somehow ran his AP on channel 5. Thanks to spectrum overlap, that made running your own AP on any channel but 11 impossible. Took him almost two weeks to realize what was up, presumably after replacing his equipment several times. Shithead.

  2. As much as this is badass, I enjoy being more discrete than a three foot sniper rifle with a hedge trimmer on the front when I’m hacking. The American public is fairly unaware of their surroundings, but when you knock someone’s (insert excessive modifiers) latte off the table with this at Starbucks, someone will notice. A backpack with a flat yagi mounted in it is much more discrete.

  3. Lol, was messing w/ wifi jamming the other day. If your DC-DC converter is LC Tech. from China be careful; got a new one that wasn’t soldered right nearly resulting in a blown cap (like those on both sides). Bluetooth jamming/sniffing is the way to go, since all phones have it and it’s getting used more frequently…

    And I LOL-ed at the end; b/c being extreme is using a backpack for your jammer and not an assault rifle (w/ the orange cap, mind you). Hilarious.

  4. Yep, they might just asses you as a threat from a distance and take you out, would not recommend.

    This is like the exact opposite of a concealed penetration tester, designed to get you in trouble. “Oh so it’s not a weapon.. why do you have it then?” “Hacking Wifi!”

    All respect to the creator though, it looks badass otherwise, I’d just keep it inside.

  5. would be interested if that yagi does ANYTHING useful. I bought a very similar one with less elements on ebay which was total crap. I remember reading that having too many elements doesn’t help with the signal, I think mine claimed to be 18dBi and even that was apparently above the limit for a 2.4Ghz yagi… considering it came from deal extreme, I’m guessing its crap :(

  6. I built one of these a year or so ago (no nice screen, no RasPi). I lived in an area that had some great terrain for long range WiFi sniffing. I was getting some really nice signals over half a mile away (Several apartment complexes on a hill), while using a bipod and some rice-filled sandbags (ricebags?). Because of how the device looked, I waited until after midnight, and I only stayed in one spot for 15 minutes.

    Just thinking about how this thing looked scared the crap outta me. This was one of those hacks where I put it together, tried it, and said “I should know better”.

    All that being said, the form factor is incredible. I’ve used it in very rural areas to hit hotspots that were very distant (having essentially no noise floor probably helps). I’m probably going to drag it off the shelf at some point and figure out how to put a variable zoom webcam or IP camera on it. Just the antenna and a relatively stiff tripod.

  7. So this how does this work! so you transmit say over a mile, you are picked up by the receiver (a mile away), how on earth does the transmitter of the receivers network send the information to you…? standard 850ft without obstruction, I doubt the receivers transmitter will send you any data back. Please some explain how they get 2 way communication out of one long range transmitter.

Leave a Reply to Dave KnerrCancel reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.