Advertise Your Conference Schedule Via SSID

October 22, 2019 by Tom Nardi 11 Comments

Whether it’s been a Python script running on a Linux box or an ESP8266, ~~abusing~~ using WiFi SSIDs to convey messages is hardly a new trick. But for DerbyCon 2019, [vgrsec] wanted to do put together something a little unique. Dare we say, even useful. Rather than broadcast out SSID obscenities or memes, this Raspberry Pi created fake WiFi networks that told everyone what talks were coming up.

The concept here is fairly simple: there’s a text file in /boot that contains the truncated names of all the talks and workshops in the schedule, one per line, and each line starts with the time that particular event is scheduled for. The script that [vgrsec] wrote opens this text file, searches for the lines beginning with the current time, and generates the appropriate SSIDs. With the number of tracks being run at DerbyCon, that meant there could be as many as five SSIDs generated at once.

Now in theory that would be enough to pull off this particular hack, but there’s a problem. The lack of an RTC on the Raspberry Pi means it can’t keep time very well, and the fact that the WiFi adapter would be busy pumping out SSIDs meant the chances of it being able to connect to the Internet and pull down the current time over NTP weren’t very good.

As the system was worthless without a reliable way of keeping time, [vgrsec] added an Adafruit PiRTC module to the mix. Once the time has been synchronized, the system could then run untethered via a USB battery bank. We might have put it into an enclosure so it looks a little less suspect, but then again, there were certainly far more unusual devices than this to be seen at DerbyCon.

Of course, if you’re OK with just dumping the entire schedule out at once and letting the user sift through the mountain of bogus SSIDs themselves, that’s even easier to accomplish.

This WiFi Spoofing Syringe Is For External Use Only

August 8, 2019 by Tom Nardi 6 Comments

A browse through his collected works will tell you that [El Kentaro] loves to build electronics into interesting enclosures, so when he realized there’s enough room inside a 150 ml plastic syringe to mount an ESP8266, a battery, and a copious amount of RGB LEDs, the “Packet Injector” was the inescapable result.

Granted, the current incarnation of this device doesn’t literally inject packets. But [El Kentaro] wasn’t actually looking to do anything malicious, either. The Injector is intended to be a fun gag for him to bring along to the various hacker cons he finds himself at, like his DEAUTH “bling” necklace we saw at DEF CON 26, so having any practical function is really more icing on the cake than a strict requirement.

In the end, the code he came up with for the Adafruit Feather HUZZAH that uses the FakeBeaconESP8266 library to push out fictitious networks on demand. This is a trick we’ve seen used in the past, and makes for a relatively harmless prank as long as you’re not pumping out any particularly unpleasant SSIDs. In this case, [El Kentaro] punctuates his technicolor resplendency with beacons pronouncing “The WiFi Doctor is Here.”

But the real hack here is how [El Kentaro] controls the device. Everything is contained within the syringe chamber, and he uses a MPL3115A2 I2C barometric pressure sensor to detect when it’s being compressed. If the sensor reads a pressure high enough over the established baseline, the NeoPixel Ring fires up and the fake beacon frames start going out. Ease up on the plunger, and the code detects the drop in pressure and turns everything back off.

If this build has piqued your interest, [El Kentaro] gave a fascinating talk about his hardware design philosophy during the WOPR Summit that included how he designed and built some of his “greatest hits”; including a Raspberry Pi Zero enclosure that was, regrettably, not limited to external use.

ESP8266 Broadcasts Memorial WiFi Spam

February 9, 2018 by Tom Nardi 25 Comments

John Perry Barlow, founding member of the Electronic Frontier Foundation and Freedom of the Press Foundation, died on February 7th, 2018. To say that he left his mark on the Internet, and by extension modern culture, is something of an understatement. He may not be a household name, but between this activism (online and off), lectures, written work, and various entrepreneurial projects, his 70 years of life were surely not wasted. Barlow was once quoted as saying “I want to be a good ancestor”, and by pretty much any metric it would seem he made good on that goal.

To mark his passing, [Moritz Metz] came up with a rather unusual memorial. Using a bit of code on an ESP8266 board, he created a device that would broadcast out Barlow’s “A Declaration of the Independence of Cyberspace” line-by-line in the form of 228 WiFi SSIDs. Perhaps not the most effective way to get Barlow’s words out to the people, but we’ll give him extra points for style.

The code itself is based on FakeBeaconESP8266, which as the name implies, allows the user to create fake WiFi networks. to broadcast the manifesto of your choosing, you need only add in the appropriate sendBeacon() lines at the bottom of the code. It would appear that prefixing each line with a number is required to make devices scanning for networks show the lines of text in proper sequence. At least on the devices demoed, anyway.

Just to be clear: you should definitely not do this. Jamming up the local environment with a bunch of fake networks is a pretty terrible idea. But as a memorial for a man who occasionally claimed to be an anarchist, you could do worse. Plus we have to admit “Giants of Flesh and Steel” is an awesome name for a network.

Continue reading “ESP8266 Broadcasts Memorial WiFi Spam” →