Hackaday Prize Entry: Don’t Build This

The ESP8266 is a remarkable piece of hardware. What we originally thought — and what was originally marketed as — a simple UART to WiFi bridge with Hayes modem commands has turned into one of the best embedded platforms around. It’s a powerful little microcontroller, it has WiFi, and it can send raw frames. That last bit is awesome, because it allows for some mischief or mirth making, depending on your point of view.

For his Hackaday Prize entry, [Tejas] is building a WiFi Jammer with an ESP8266. It’s a small device that is able to disconnect anyone from a WiFi AP. Should you build it? No. Can you? Sure, why not.

The code for this WiFi hacking tool is taken from the creator of the ESP8266 deauth toolkit, [spacehuhn], although [Tejas] is violating the license for [spacehuhn]’s (non-Open Source) code. This fantastic piece of firmware uses management packets to send a deauthentication frame, effectively allowing anyone to disconnect any device from a WiFi router. Why would anyone want to do this? Mischief, of course, but there are also a few techniques that could allow an attacker to get a password for the WiFi.

While there are ways to protect against deauth attacks, most routers don’t have management-frame protection enabled. In any event, we’re going to see exactly how annoying deauth attacks can be this week at DEF CON. The smart money is on a small percentage of DEF CON attendees lulzing about with ESPs and the Caesar’s CTO being very, very unhappy.

28 thoughts on “Hackaday Prize Entry: Don’t Build This

    1. Sorry, was laughing so hard I forgot, I’ll add ESP8266 to my Open-Office+LibreOffice dictionaries for a future F7 session when I’m laughing too hard to spot my mistakes.

  1. Quality of the project (pretty meh) aside: The owner of the ESP8266 DeAuther page seems oddly controlling.
    At several points in the readme (and pasted at the top of their Creative Commons license) is the phrase:
    “Referring to this project as “jammer” is prohibited! Name the project by its correct name.”

    I wonder how they intend to enforce that prohibition, and why they’re so defensive about their jammer.

    1. Maybe they want to protect themselves from being sued for providing a jammer project. In some countries jamming is so illegal, that even a schematic or firmware might be considered breaking the law. And they can’t enforce anything, they just state their intention of prohibition to provide a deniability in case of any prosecution…

    1. Yep I [CTRL+C] then [CTRL+V] like a r33l 1337 h4x0r!!!

      P.S. It is my bro that is the one-button-hacker wannabe.

      Read one-button-hacker like one-button-DJ:
      [Button] – who…

      [AUTO-SYNC] – DJ

      [AUTO-HACK] – H4X0R

  2. Eventually, giving the frontpage again ( http://hackaday.com/2017/03/30/sir-it-appears-weve-been-jammed/ ) and even sponsored prize-hosting to this kind of useless “tool” may have some consequences regarding the openness consented by the hardware manufacturer…
    In a recent discussion on Espressif forum about low-level access to their new ESP32 chip’s network interface, SpriteTM who works for this company (that makes the ESP8266) told :

    “Let me put it like this: We are kind-of hesitant in opening the lower layers more. Not only because of IP reasons, but also because we’ve been bitten by these things before: when there was a method to send manager frames available, the first (and only, for a while) project that used them was a mass-deauthenticator throwie. Yes, sure, there are other bits of hardware that you can use to do this, but when it hits the news, it’s still an Espressif product that’s placed in a bad light. “

  3. I don’t get it — none of my other posts written under different pen names get this sort of reaction.

    Oh, Boxes and Annie, I’m really thinking that we’re going to ban you. Not because you’ve wounded me in some way, and not because you’ve violated some terms of service or whatever. You (yes, both of you, unless you’re insane and have a VPN) are incredibly annoying. Just go away, you’re not wanted here.

    If this ban happens, it will happen randomly, without warning.

    1. You know, as much as I’m not a fan of some of Benchoff’s conduct, he does at least write some interesting articles.

      I make no claim for myself (only having one of my projects featured so far) but as for boxes and Annie, well, I agree with Benchoff. Boxes, you used to make some decent comments but you’ve recently become too big for your boots, and Annie, you have been a waste of bandwidth from the start.

    2. The following:
      Chin0crix,
      dahud,
      Moryc
      Jean-Michel Putaclic

      has had one each of something article related to comment about,
      That is 4 out of 26 comments before this comment, leaves 22 comments of trolling, correcting each other, post bashing, etc.

      OK 50% of the trolling came from myself, which I was a bit harsh :(
      However, it wouldn’t be surprising the amount of commentees* who would of trolled along should they have ignored their morals.

      Nearly all other articles of yours have been either interesting or OK with less than 10% trolling (possibly less than 5%) and not normally from myself… unless it was towards someone who commented any form of hate speech or stupidity against anyone in a non subjective manner.

      * intentional (mis-)use of language for emphasis.

    3. I’d say that ‘annie’ is clearly trolling the site with the purpose of trolling and annoying and a caase of clear fishing for a ban, possibly to then act all indignant and using that as an excuse to double up on being annoying.

      Perhaps it’s someone you know personally?

    1. HaD often features stuff from a decade ago, sometimes it’s a good reminder, sometimes it was missed, and seldomly do we care.
      Oh and sometimes it is something that becomes more/back in focus because there is a new use of an old thing.

  4. I mean, Brian will probably reply that it’s hilarious, but this kind of shit is why I read HaD every 3 or 4 days now, instead of every day, and soon I’m sure I’ll stop coming here altogether. Maybe its a case of ‘good riddance’, but pushing your readers away can never be a good long term plan.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.