O mnie Moje standardy Książka Blog Video Blog
Menu
O mnie Kontakt

Jak wykorzystać mikrokontroler ESP8266 do skanowania sieci WiFi? (film, 9 minut)

ESP8266 WiFi monitorowanie IoT programming dane biblioteka hacking Arduino technologia

W najnowszym odcinku kanału Hak5, Alex Lind pokazuje, jak wykorzystać tani mikrocontroller ESP8266 do monitorowania danych Wi-Fi w trybie promiskuitywnym. Ten niezwykle niedrogi komponent, który można nabyć za zaledwie 3 dolary na stronach takich jak AliExpress, ma wiele zastosowań, od urządzeń IoT po kontrolę niestandardowych platform sprzętowych, a nawet przeprowadzanie prostych ataków Wi-Fi. W materiałach wideo przedstawiono, jak aktywować tryb monitorowania, który umożliwia rejestrację wszystkich danych Wi-Fi w otoczeniu. To działa podobnie jak bycie w pokoju pełnym ludzi rozmawiających, gdzie można selektywnie słuchać rozmów.

Korzystając z tego trybu, możliwe jest zarejestrowanie pakietów w paśmie 2,4 GHz, co pozwoli na identyfikację typów urządzeń lub określonych działań. Autor wspomnił o swoich wcześniejszych projektach, takich jak ESPBUG, które pokazują zastosowanie tej technologii. W odcinku omówiono także bibliotekę ESP Pro autorstwa Ricardo Oliveiry, która jest podstawowym API do interakcji z ESP8266. Alex podkreśla, jak przydatna jest ta biblioteka, która może być wykorzystywana do różnych zadań związanych z pozyskiwaniem danych Wi-Fi.

Aby rozpocząć, widzowie będą potrzebować komputera z zainstalowanym Arduino IDE oraz ESP8266. Alex prowadzi widzów przez rozwijanie repozytoriów GitHub, na których można znaleźć niezbędne oprogramowania oraz przykłady kodu. Po prawidłowym skonfigurowaniu płytki, widzowie mogą przesyłać kod do ESP8266, co umożliwia uzyskanie surowych danych Wi-Fi na monitorze szeregowy. Zobaczą oni adresy MAC, typy pakietów i inne przydatne informacje.

Na koniec odcinka Alex pokazuje proste demonstracje kodu, które napisano dla biblioteki ESP Pro. Jednym z przykładów jest logger danych na karcie SD, który pozwala na przechowywanie zarejestrowanych danych w pliku CSV. Pisząc kod, Alex zapewnił, że jest on strukturalnie podobny do kodu z biblioteki ESP Pro, co ułatwia modyfikacje i dostosowywanie do własnych projektów. Widzowie mają możliwość poszerzenia swoich umiejętności w programowaniu, a także wykorzystania ESP8266 do różnych zastosowań.

Na moment pisania tego artykułu, film z kanału Hak5 ma 31853 wyświetleń i 1136 polubień. Umożliwia to identyfikację aktywności, jak ataki deautoryzacji, a także rejestruje cenne dane, dzięki czemu staje się niezwykle użytecznym narzędziem dla entuzjastów technologii. W przyszłych filmach Alex zapowiada pokazanie kolejnych zastosowań ESP8266, które z pewnością przyciągną wzrok wielu zapalonych programistów i hobbystów technologicznych, a także zachętą do aktywnego uczestnictwa w społeczności Hak5.

Toggle timeline summary

  • 00:00 Wprowadzenie do skanowania Wi-Fi w trybie promiscuous za pomocą mikrosterownika za 5 dolarów.
  • 00:05 Przegląd ESP8266 jako mikrosterownika Wi-Fi.
  • 00:19 Omówienie zastosowań ESP8266 w urządzeniach IoT i prostych atakach Wi-Fi.
  • 00:34 Wspomnienie popularnych projektów wykorzystujących ESP8266.
  • 00:41 Wyjaśnienie, jak włączyć tryb monitorowania w urządzeniu.
  • 00:51 Analogia trybu monitorowania do przechwytywania danych Wi-Fi.
  • 01:07 Korzyści z przechwytywania pakietów w paśmie 2.4GHz.
  • 01:16 Wymagania do śledzenia: Arduino IDE, ESP8266, opcjonalny rejestrator kart SD.
  • 01:26 Wprowadzenie do biblioteki ESP Pro autorstwa Ricardo Oliveiry.
  • 01:38 Odniesienie do projektu Friend Detector korzystającego z biblioteki ESP Pro.
  • 01:49 Klonowanie repozytorium GitHub dla biblioteki ESP Pro.
  • 02:06 Otwarcie pliku .ino do demonstracji kodu Arduino.
  • 02:24 Opis przechwytywania danych na żywo na monitorze szeregowym.
  • 02:38 Szczegóły dotyczące typów pakietów Wi-Fi i przechwytywania.
  • 02:52 Odniesienie do Wikipedii w celu uzyskania informacji o typach pakietów Wi-Fi.
  • 03:09 Przykład identyfikacji ataków Wi-Fi poprzez przechwytywanie pakietów.
  • 03:26 Konfiguracja Arduino IDE do przesyłania kodu.
  • 03:47 Przesyłanie kodu do ESP8266.
  • 03:59 Obserwacja przychodzących pakietów Wi-Fi na monitorze szeregowym.
  • 04:15 Identyfikacja nowych urządzeń z użyciem biblioteki.
  • 04:33 Demonstracja prostego rejestratora kart SD.
  • 04:54 Klonowanie repozytorium GitHub dla demonstracji biblioteki ESP Pro.
  • 05:17 Wprowadzenie do dwóch demonstracji kodu w repozytorium.
  • 06:18 Rejestrowanie danych Wi-Fi do pliku CSV.
  • 07:37 Korzyści z używania formatu CSV do przechowywania danych.
  • 08:09 Podsumowanie na temat wszechstronności ESP8266 w zakresie rejestrowania i rozpoznawania.
  • 08:30 Zachęta do sugerowania tematów w komentarzach pod przyszłymi filmami.
  • 08:41 Zakończenie filmu i wyrażenie wdzięczności widzom.

Transcription

Today, I'm going to show you how you can promiscuously scan Wi-Fi data on a $5 microcontroller, and also show you how to write your own Wi-Fi reconnaissance tools using the ESP8266. The ESP8266 is a Wi-Fi microcontroller that you can find for as cheap as up to $3 on sites like AliExpress, and it offers a wide range of use cases such as for IoT devices, controlling custom hardware platforms, or even just launching very simple Wi-Fi attacks. This device has been used in many popular projects such as Spacetoon's open source Wi-Fi deauthor, and is commonly found in lots of IoT devices like smart home light bulbs. In today's video, I'm going to show you how you can enable monitor mode on this device, which is a mode that comes on some Wi-Fi cards, allowing it to passively listen in to all the Wi-Fi data coming in around it. Now this is sort of like if I were in a room full of people talking and chose to selectively listen to parts of everyone's conversation at the same time. Using this mode means we'll be able to capture packets on the 2.4GHz spectrum, which will let us log device types or certain activity, which I found very useful in some of my previous projects like the ones I featured on this channel such as ESPBUG, and a few more demonstrations that I have upcoming in future videos. To follow along with today's video, all you're going to need is a computer with the Arduino IDE installed, an ESP8266, and an optional SD card logger. Today we're going to be looking at the ESP Pro library by Ricardo Oliveira, which is a basic API that allows us to interface with the ESP8266 and output captured Wi-Fi data to the serial monitor. Now you might have seen his Friend Detector project featured before, which uses this exact library to detect known nearby devices, and I've also used ESPPL across a few of my projects before since I find it super handy as a high-level interface for the ESP8266. To start, I'm going to go ahead and clone his GitHub repository to my computer. I'm going to copy the address and open up a terminal. And I'm just going to run git clone https://github.com/.ricardooliveira.esprolibrary. After it downloads, I'm going to go ahead and open the repository we downloaded, open ESPProLib, and open up this .ino file, which will contain the Arduino code demo that we're going to be looking at today. So basically what this will do is just dump a live raw data capture straight to our serial monitor, which will show us all of the promiscuous Wi-Fi data we're capturing. So as you can see here, it's a relatively straightforward setup, and this code makes calls directly to the ESPProLibrary's API, showing us information like what devices are sending Wi-Fi packets, where they're being delivered to, and also the specific type of Wi-Fi packet that we're dealing with. So this will basically let us look at things like deauthentication attacks, beacon frames, ESPPro requests, and all other types of Wi-Fi packets by their frame and subframe types. So you can actually reference this Wikipedia page that I'll have linked below if you want more information specifically on these frame types, but basically this will let us get a view of the Wi-Fi spectrum and Wi-Fi data around us on the 2.4 gigahertz spectrum. So this is going to let us identify things like Wi-Fi attacks going on. For instance, if you detected deauthentication attack, we can see phones that are looking for networks they've previously identified by probe requests, and a whole lot of other juicy information. So now I'm going to head back over to the Arduino IDE and plug in my ESP8266. After I've done that, I'm going to head over to tools and make sure that I have the correct board set up. So here you can see I've selected Wemos D1 Mini, which is the board I'm using, and I'm going to set the upload speed to 921600. So make sure you also have the rest of the settings here configured to what I have set up. And after you've done that, you can go ahead and just upload the code by using this button in the corner. So after the code flashes, I can go ahead and just pop open the serial monitor using Control-Shift-M, where you can see that it started a data capture. And sure enough, we can get a readout of these incoming Wi-Fi packets, so you can see things like the source and destination MAC address, Wi-Fi packet types, SSID, received signal strength, and a whole lot more. In a previously featured video on this channel, I actually used this library to basically identify and flag new devices for the ESP bug, so that way I could remotely and inconspicuously detect when certain people came in and out of an area, just based off the MAC address of their phone. So this library is obviously very useful and has a lot of use cases. So for the last part of this demonstration, I'm actually going to show you some basic code demonstrations I wrote for this library, since I find myself using it a lot. And today, the first one we're going to look at is just a simple SD card logger. So if you want to start making modifications to the ESP Pro library for your own projects, you'll have a basic place to start by looking at my GitHub repository. So heading over to the browser, I'm going to go over to my GitHub repo at alexlind slash ESP Pro library demos. I'm going to go ahead and copy this, and we're going to clone it, just like we did before. So git clone HTTPS, github.com slash alexlind slash ESP Pro library demos. So now I'm going to go ahead and open this in my files. I'm going to head back to ESP Pro library demos. And if you open this up, you'll see that I've actually already written two different demonstrations. One of them constructs a JSON file for creating post requests to a server, and the other one just basically logs it to a micro SD card. So I'm going to go ahead and open up this folder and click on this Arduino sketch. So if you take a look at the code I wrote, you can see that much of it is structured, basically the same as the raw ESP Pro library file that we took a look at, and this is because I basically just conflated it with an SD card logging program. But the only difference is that I just have it directing output from the serial monitor also into a comma separated value or CSV file. So if I just scroll down a little, you can see that I've constructed here a CSV file header, which will denote the data types we're working with. So for example, you can see frame type, subframe type, source MAC address, and so on and so forth. And if you look up here, you can just see the other code segments, which basically will pass data along into the SD card and log it with this delimiter, which is just separated by a comma. So since I'm using the D1 mini form factor, I can just go ahead and stack this SD card module, which mounts directly on top of the ESP8266, and it's just going to start working right away. But if you're using different hardware or a different ESP module that's not the D1 mini, you might have to look up the pinout on the internet somewhere. Otherwise, I'll link to this hardware in the description below, and I'll also cover the D1 mini form factor in future videos, as well as how to get started prototyping with it. So after I have my ESP plugged in and the SD card stack set up, I can just go ahead and flash the code to my board. So after flashing, I can just go ahead and pop open the serial monitor again. And as you can see, it's still pulling in Wi-Fi packets, which should now also be saving to the micro SD card. So I'm just going to give it a few more seconds to run to make sure that we have a decent data capture before unplugging and ejecting it. So now I'm going to go ahead and unplug the SD card. And if we head over to my computer, we should be able to get a look at that CSV file that it captured. So opening up my files, I can see that it created this log9.csv file, which I'm going to go ahead and click on. And as you can see, it immediately springs us into a spreadsheet. Now the benefit to using a CSV file like this is that the raw file is actually super compact since the values are just comma separated, as you can see in this raw CSV file that I have open here. But this format using just commas as a delimiter is basically enough to store most data. And it's a very ubiquitous format since it has a ton of applications for data logging. Promiscuous Wi-Fi scanning offers us a ton of insight to data around us, allowing us to flag certain activity, like if someone you know is nearby or if someone is running a really noisy Wi-Fi attack. The ESP8266 is a very cheap and easy way to get into logging different data sources, specifically over Wi-Fi and the D1 Mini form factor that we covered today offers a very versatile and useful platform that just allows you to interface with modules in a plug and play operation. In future videos, I'll show you more Wi-Fi reconnaissance proof of concepts with the ESP8266 and specifically how to use the D1 Mini to recreate a few of my projects that use this platform specifically. If you have any questions or suggestions for future videos you want to see, let us know in the comments below or feel free to reach out to me on Twitter at AlexLind. Thank you for watching and we'll see you next time on Hack5. Thanks for supporting Hack5. Find all our shows, community, and pen test products at hack5.org.

31853
https://www.youtube.com/watch?v=SPOCmnPj41E Opublikowano 2021-08-20