Great Badge Concept: A “Geiger Counter” For WiFi Deauthentication Frames

[Nick Price] had a wonderful concept for a DEFCON badge: a device that worked a lot like a directional Geiger counter, but chirped at detecting WiFi deauthentication packets instead of radiation. That’s a wild idea and it somehow slipped past us last year. Why detect such a thing? Well, the WiFi deauth attack is a kind of invisible toxicity, effectively jamming wireless communications by forcing users to be constantly tied up with authentication, and this device would detect it.

A few things were harder than expected, however. To make the device directional, [Nick] designed and built a PCB Yagi antenna but it wasn’t practical. Not only was it far too big, it would also have required going to four layers on a PCB that was already expensive. The solution he settled on — inspired by a friend’s joke about just dropping the badge into a Pringles can — was to surround the PCB omni antenna with a copper pipe end cap from the plumbing section of any hardware store. [Nick] figured that soldering that to the ground plane should result in a simple, cheap, and attractive directional antenna mod. Did it work? We’ll all have to wait and see.

Sadly, [Nick] wasn’t able to finish in time for last year’s DEFCON. Hardware revisions mounted, and fabrication times for his specialized PCB were longer than usual. Worse news is that this year’s is cancelled, or rather is going virtual, which means he’s going to have to deauth himself. The good news is that now he’s got another 12-month extension. Watch the brief video of the functional prototype, embedded below.

Continue reading “Great Badge Concept: A “Geiger Counter” For WiFi Deauthentication Frames”

WiFi Goes Open

For most people, adding WiFi to a project means grabbing something like an ESP8266 or an ESP32. But if you are developing your own design on an FPGA, that means adding another package. If you are targeting Linux, the OpenWifi project has a good start at providing WiFi in Verilog. There are examples for many development boards and advice for porting to your own target on GitHub. You can also see one of the developers, [Xianjun Jiao], demonstrate the whole thing in the video below.

The demo uses a Xilinx Zynq, so the Linux backend runs on the Arm processor that is on the same chip as the FPGA doing the software-defined radio. We’ll warn you that this project is not for the faint of heart. If you want to understand the code, you’ll have to dig into a lot of WiFi trivia.

Continue reading “WiFi Goes Open”

Lowering The Boom On Yagi Element Isolation

Antenna design can be confusing, to say the least. There’s so much black magic that goes into antennas that newbies often look at designs and are left wondering exactly how the thing could ever work. Slight changes in length or the angle between two elements result in a vastly different resonant frequency or a significant change in the antenna’s impedance. It can drive one to distraction.

Particularly concerning are the frequent appearances of what seem to be dead shorts between the two conductors of a feedline, which [andrew mcneil] explored with a pair of WiFi Yagi antennas. These highly directional antennas have a driven element and a number of parasitic elements, specifically a reflector behind the driven element and one or more directors in front of it. Constructive and destructive interference based on the spacing of the elements and capacitive or inductive coupling based on their length determine the characteristics of the antenna. [Andrew]’s test antennas have their twelve directors either isolated from the boom or shorted together to the shield of the feedline. In side-by-side tests with a known signal source, both antennas performed exactly the same, meaning that if you choose to build a Yagi, you’ve got a lot of flexibility in what materials you choose and how you attach elements to the boom.

If you want to dive a little deeper into how the Yagi works, and to learn why it’s more properly known as the Yagi-Uda antenna, check out our story on their history and operational theory. And hats off to [andrew] for reminding us that antenna design is often an exercise in practicality; after all, an umbrella and some tin cans or even a rusty nail will do under the right circumstances.

Continue reading “Lowering The Boom On Yagi Element Isolation”

Turn An Unused Pi Zero Into A Parts Bin WiFi Extender

We know a lot of you are sitting on an unused Raspberry Pi Zero W, maybe even several of them. The things are just too small and cheap not to buy in bulk when the opportunity presents itself. Unfortunately, the Zero isn’t exactly a powerhouse, and it can sometimes be tricky to find an application that really fits the hardware.

Which is why this tip from [Tejas Lotlikar] is worth taking a look at. Using the Pi Zero W, a cheap USB WiFi adapter, and some software trickery, you can put together a cheap extender for your wireless network. The Pi should even have a few cycles left over to run ad-blocking software like Pi-hole while it shuffles your packets around the tubes.

[Tejas] explains every step of the process, from putting the Raspbian image onto an SD card to convincing wpa_supplicant to put the Pi’s WiFi radio into Access Point mode. Incidentally, this means that you don’t need to be very selective about the make and model of the USB wireless adapter. Something with an external antenna is preferable since it will be able to pull in the weak source signal, but you don’t have to worry about it supporting Soft AP.

With the software configured, all you need to finish this project off is an enclosure. A custom 3D printed case large enough to hold both the Pi and the external WiFi adapter would be a nice touch.

What Will You Do With An Extra 1.2 Gigahertz?

While our collective minds have been turned towards the global pandemic it’s refreshing to hear that in some quarters life has continued, and events that would have made the news in more normal times have continued to take place while they have been replaced in coverage by more urgent considerations.

In the last few weeks there has been a piece of routine American bureaucracy that flew under the radar but which will have a significant effect on global technology; the United States’ Federal Communication Commission first proposed, then ratified, the allocation of an extra 1200 MHz of spectrum in the 6 GHz band to ISM usage. This allocation process is likely to be repeated by other regions worldwide, freeing up another significant piece of spectrum for unlicensed usage.

In practice this means that there will be a whole new set of WiFi channels created, and we’ll all have a little more spectrum to play around with, so it’s worth examining in a little more detail. Continue reading “What Will You Do With An Extra 1.2 Gigahertz?”

21st Century Cheating: WiFi In A Calculator

Obviously, we would never endorse cheating on an exam, but sometimes a device is just too tempting to be left untouched. For [Neutrino], it was an old Casio calculator that happened to have a perfectly sized solar panel to fit a 128×32 OLED as replacement. But since the display won’t do much on its own, he decided to connect it to an ESP8266 and mount it all inside the calculator’s housing, turning it into a spy-worthy, internet-connected cheating device, including a stealthy user interface controlled by magnets instead of physical buttons. (Video, embedded below.)

Editor’s Update: Please read our follow-up coverage to the copyright claims made against this project. The video linked above and embedded below are unavailable due to these claims, despite widespread belief that this project does not violate copyright. For now, the original video is available via the Internet Archive.

To achieve the latter, [Neutrino] added two Hall effect sensors and a reed switch inside each end of the calculator. Placing a magnet — possibly hidden in a pen cap — near the reed switch will turn the display on, and placing another magnet near the Hall-effect sensors will navigate through the display’s interface, supporting two inputs with long, short, and multi-tap gestures each. To obtain information through WiFi, the ESP8266 connects to Firebase as backend, allowing to set up predefined content to fetch, as well as a possibility to communicate with your partner(s) in crime through a simple chat program.

As the main idea was to keep visible modifications to a minimum, one shortcoming is that charging the additional battery that powers the whole system would require an additional, external charging circuit. But [Neutrino] had a solution for that as well, and simply exposed two wires to the back, which could easily be mistaken for random solder splatters. And well, of course, requiring WiFi might also be tricky in some situations, so maybe you might want to consider a mobile network upgrade for yourself.

Continue reading “21st Century Cheating: WiFi In A Calculator”

ESP32-S2 Hack Chat With Adafruit

Join us on Wednesday, May 6 at noon Pacific for the ESP32-S2 Hack Chat with Limor “Ladyada” Fried and Scott Shawcroft!

When Espressif released the ESP8266 microcontroller back in 2014, nobody could have predicted how successful the chip was to become. While it was aimed squarely at the nascent IoT market and found its way into hundreds of consumer devices like smart light bulbs, hackers latched onto the chip and the development boards it begat with gusto, thanks to its powerful microcontroller, WiFi, and lots of GPIO.

The ESP8266 was not without its problems, though, and security was always one of them. The ESP32, released in 2016, addressed some of these concerns. The new chip added another CPU core, a co-processor, Bluetooth support, more GPIO, Ethernet, CAN, more and better ADCs, a pair of DACs, and a host of other features that made it the darling of the hacker world.

Now, after being announced in September of 2019, the ESP32-S2 is finally making it into hobbyist’s hands. On the face of it, the S2 seems less capable, with a single core and neither Bluetooth nor Ethernet. But with a much faster CPU, scads more GPIO, more ADCs, a RISC-V co-processor, native USB, and the promise of very low current draw, it could be that the ESP32-S2 proves to be even more popular with hobbyists as it becomes established.

To talk us through the new chip’s potential, Limor “Ladyada” Fried and Scott Shawcroft, both of Adafruit Industries, will join us on the Hack Chat. Come along and learn everything you need to know about the ESP32-S2, and how to put it to work for you.

join-hack-chatOur Hack Chats are live community events in the Hack Chat group messaging. This week we’ll be sitting down on Wednesday, May 6 at 12:00 PM Pacific time. If time zones have got you down, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.
Continue reading “ESP32-S2 Hack Chat With Adafruit”