What interests me is a small and low power device such as what you are showing that will log the bluetooth and wifi mac addresses of people that come within range of the device. This could be used for geofence applications as well as securtiy.
Yes! I like the low power too. The WiFi is only 2.4GHz but will catch most IOT devices, printers, etc. My ESP board doesn't have Bluetooth but I know you can sniff that too!
Have it alert in the presense of a list of mac addresses with wildcards. Will sell like crazy when criminals figure out it works as a cop detector. Taser, car, and some weapons have wifi or BLE.
Do you know whether the ESP32 (Or the Raspberry Pi Pico W) is able to send raw packets? As in build any custom packet and send it. I'm pretty much a beginner here, but I believe that the ESP8266 is able to and some has used it for sending deauth and beacon frames.
Hi! Yes it is possible! The ESP32 has built-in support for packet crafting and transmission. I have only done deauthentication by specifying the MAC address. Maybe you could adapt my code from the client deauth code here: github.com/bdash9/ESP32-Deauthroize-clients-script
@@dash9computing This is very cool, thanks a lot for sharing. I will play with it when I get some time. It is always nice to be able to send raw packets to learn how the protocol works in great detail.
@@dash9computing Hi again, I got a chance to play with your code. Maybe I misunderstand, but this is how I understand it. You have two different deauth functions going on. You make a access point from the ESP32 and use the esp_wifi_deauth_sta function to send deauth commands to devices connected to this AP. This clearly works, but is a limited function for this AP. And this function cannot be made to send any raw packet. The other one uses esp_wifi_80211_tx, to send a custom raw packet (in this case a deauth), which is what I am interested in. However, with this I get errors like "E (2154) wifi:invalid buffer". I tried to dig a bit further. In the official documentation it says "Currently only support for sending beacon/probe request/probe response/action and non-QoS data frame". So the SDK limits what kind of raw packets it allows to be sent. But then I found the "ESP32 Wi-Fi Penetration Tool" library that mentions this restriction. People have apparently found out, from reverse engineering, that the SDK has a function ieee80211_raw_frame_sanity_check that checks for allowed packets. One can apparently overwrite this function to always return false, but it might require using some specific version of the ESP32 SDK and special compiling details. See "Wi-Fi Stack Libraries (WSL) Bypasser component" (github.com/risinek/esp32-wifi-penetration-tool/tree/master/components/wsl_bypasser). Did you have to anything like this to make the esp_wifi_80211_tx function send deauth packets? Or do I misunderstand something? Thanks for the help!
By adding extern "C" int ieee80211_raw_frame_sanity_check(int32_t arg, int32_t arg2, int32_t arg3) { return 0; } and adding some flags in the compiler config files I manage to make it compile and now I do not get the "wifi:invalid buffer" errors. Later I will check whether it is actually sending any packets. I still wonder whether this is how you got it to work too?
I am not calling external C commands. I think you saw this but just incase....the code for my sniffer is here: github.com/bdash9/ESP32-packet-sniffer-tft-display
Hi pal, if any custom PCBs are required for any of your upcoming projects? We'd love to sponsor some free ones to realize your final work together. (PCBWay zoey)
Absolutely! A laptop is much easier/better. I guess I saw this as more of a proof of concept and learning tool than an improvement. Maybe this could be useful if it forwarded the captures to a data store of some sort. Still, not better than a laptop for most applications as it only has a 2.4GHz wifi interface. . I have, in the past, had to leave my laptop in a machine room over night. Would have been cool if the ESP32 could have done the same thing :)
Thank you for putting this together along with the Github repositories. I was just trying it out and it looks like you made a LinkedList.h which is not in your github. around line 208 you have #include
Very nicely done! Greetings from fellow embedded software engineer 👍
Hey, thanks!
good job. I used TTGO T-Display got some thing in serial monitor, nothing on its screen, what can be?
What interests me is a small and low power device such as what you are showing that will log the bluetooth and wifi mac addresses of people that come within range of the device. This could be used for geofence applications as well as securtiy.
Yes! I like the low power too. The WiFi is only 2.4GHz but will catch most IOT devices, printers, etc. My ESP board doesn't have Bluetooth but I know you can sniff that too!
Have it alert in the presense of a list of mac addresses with wildcards. Will sell like crazy when criminals figure out it works as a cop detector.
Taser, car, and some weapons have wifi or BLE.
Do you know whether the ESP32 (Or the Raspberry Pi Pico W) is able to send raw packets? As in build any custom packet and send it. I'm pretty much a beginner here, but I believe that the ESP8266 is able to and some has used it for sending deauth and beacon frames.
Hi! Yes it is possible! The ESP32 has built-in support for packet crafting and transmission. I have only done deauthentication by specifying the MAC address.
Maybe you could adapt my code from the client deauth code here: github.com/bdash9/ESP32-Deauthroize-clients-script
@@dash9computing This is very cool, thanks a lot for sharing. I will play with it when I get some time. It is always nice to be able to send raw packets to learn how the protocol works in great detail.
@@dash9computing Hi again, I got a chance to play with your code. Maybe I misunderstand, but this is how I understand it. You have two different deauth functions going on.
You make a access point from the ESP32 and use the esp_wifi_deauth_sta function to send deauth commands to devices connected to this AP. This clearly works, but is a limited function for this AP. And this function cannot be made to send any raw packet.
The other one uses esp_wifi_80211_tx, to send a custom raw packet (in this case a deauth), which is what I am interested in. However, with this I get errors like "E (2154) wifi:invalid buffer".
I tried to dig a bit further. In the official documentation it says "Currently only support for sending beacon/probe request/probe response/action and non-QoS data frame". So the SDK limits what kind of raw packets it allows to be sent.
But then I found the "ESP32 Wi-Fi Penetration Tool" library that mentions this restriction. People have apparently found out, from reverse engineering, that the SDK has a function ieee80211_raw_frame_sanity_check that checks for allowed packets. One can apparently overwrite this function to always return false, but it might require using some specific version of the ESP32 SDK and special compiling details. See "Wi-Fi Stack Libraries (WSL) Bypasser component" (github.com/risinek/esp32-wifi-penetration-tool/tree/master/components/wsl_bypasser).
Did you have to anything like this to make the esp_wifi_80211_tx function send deauth packets? Or do I misunderstand something?
Thanks for the help!
By adding
extern "C" int ieee80211_raw_frame_sanity_check(int32_t arg, int32_t arg2, int32_t arg3) {
return 0;
}
and adding some flags in the compiler config files I manage to make it compile and now I do not get the "wifi:invalid buffer" errors. Later I will check whether it is actually sending any packets. I still wonder whether this is how you got it to work too?
I am not calling external C commands. I think you saw this but just incase....the code for my sniffer is here: github.com/bdash9/ESP32-packet-sniffer-tft-display
Hi pal, if any custom PCBs are required for any of your upcoming projects? We'd love to sponsor some free ones to realize your final work together. (PCBWay zoey)
PCBway supports the CCP!
Thanks so much! I am ding some research and cooking up a project. Will be in touch. Cheers!
its a company in china lol enev us companies get stuff from there@@enzofitzhume7320
wouldn't a regular tablet/laptop be better and easier for that?
Absolutely! A laptop is much easier/better. I guess I saw this as more of a proof of concept and learning tool than an improvement. Maybe this could be useful if it forwarded the captures to a data store of some sort. Still, not better than a laptop for most applications as it only has a 2.4GHz wifi interface. . I have, in the past, had to leave my laptop in a machine room over night. Would have been cool if the ESP32 could have done the same thing :)
@@dash9computing try connecting esp32 to HD mipi screen - that would be something impressive
Thank you for putting this together along with the Github repositories. I was just trying it out and it looks like you made a LinkedList.h which is not in your github. around line 208 you have #include
Hi Chris, I just uploaded LinkedList.h to the repo. Please let me know how it goes. Thanks, ben