Sunday 14 August 2016

Mini ESP8266 dev board and a demo WiFi hack

I attended a one week network security training recently and taught end-user security awareness a little later. One outstanding topic in both trainings were weak WPA/WPA2 passwords.
I actually wanted to explore ways to use menues on my little I2C OLED display. So I set out to combine testing for weak WiFi passwords and findind a way to make easy to use menus.

But menues need buttons and there was no space left on my little breadboard between the NodeMCU dev module and the OLED. So I looked for smaller breadboard-ready ESP8266 dev modules and found this inexpensive ESP8266 Dev Mini Module.




Further research showed that this might be pretty much a knockoff of the Wemos D1 Mini, I hadn't seen before.
This board has a lot less pins as compared to a full NodeMCU dev board. But all the important ones seem to be there. The board came with a set of headers and I decided to make the USB stuff the bottom side, so I can see the LED on the ESP-12F module.
Top view: ESP-12f

Bottom view: USB
The USB drivers auto-installed on my Windows 10 machine.


So my first project with this board was a very simple WiFi security scanner that lists all available AccessPoints (excluding the invisible ones) and try to get in with a list of passwords stored in the SPIFFS file system.

Here is my video about both the module and the Wifi Security tester.


Fritzing schematic of the WiFi scanner
My motivation was to find out how to make a simple menue system. The current implementations has quite a few shortcommings. Eg: The list of WiFi targets can only be a few items long, and does not scroll. Simpley because the number of  networks visible from my lab was never longer than that.
I use interrupts (falling edge) on the GPIO pins to trigger functions that increment or decrement the menu selection bar.

Good WPA/WPA2 password lists are shipped with Kali linux, but these are *WAY* too big to fit on the module's file system. You have to ressort to "educated guessing" there,

If you are looking for the code for the Wifi-Security tester, it is up on my GitHub repository. It still needs quite a lot of cleanup and a few functions should be rewritten, so beware!