Hi Everyone, David Bombal back with a very special guest. Talking Sasquatch, you've got to tell us about your name and tell us about your channel. I'll just say this for everyone who's watching. Fantastic channel. If you're into FlipperZero, I saw that you've just posted OMG cable, but I've said enough, introduce yourself. Tell us what your channel's about. How's it going, yeah, I am the Talking Sasquatch. I've got a YouTube channel where we go over mostly FlipperZero stuff, what we're getting into a little bit more, you know, hardware hacking and, you know, anything that I find is interesting. We do like 3D printing little projects and stuff like that too on the side, but yeah, a lot of FlipperZero content, at least that's what I'm mostly known for. So tell us about the demo. It's Wi-Fi hacking, I believe, right? Yeah, so what we're going to do is we're going to walk you through the workflow of basically de-authenticating a Wi-Fi hotspot, and then we're going to grab the four-way handshakes, and we're going to, you know, store those on our Flipper. We'll pull those off, the pcaps we're going to pull those out. We're going to check them them in Wireshark, and then we're going to decrypt using Hashchat, so it should be pretty fun. That's great. I mean, so Hashcat's not going to run on the FlipperZero, I assume so you're going to put that on a service on my right? Yeah, so I'm going to be able to pull everything right off the Flipper and then run it on PC. Unfortunately, the whole workflow can't really be done directly in Flipper, but it gives you the idea of how it can be done in Flipper. Like, there's a lot of things you can do with Flipper that are easier to do on other things, but it's cool to see what the Flipper can actually do. And one of your very first videos you're telling me offline is a TikTok where you were deauthing cameras, right? Yeah, so one of the first things I did, once I didn't even have the official Wi-Fi board, I just had a ESP32 room and plug in the four wires and ran a de-auth on my network. And I realized that I had older ring video cameras that were susceptible to de-authentication. They're at a 2.4 gigahertz network. And yeah, I just pulled up on my phone, my ring camera, hit the de-auth button and camera went off. I was like, that's really interesting. So from there, I kind of started messing around with more and more stuff figuring out how far you could take it. And yes, actually stealing Wi-Fi password, not stealing, but figuring out Wi-Fi passwords that way is certainly something that is capable of doing. That's great, okay, so I'm gonna keep quiet now. Take us on this journey because I'm sure everyone wants to actually see how to do it rather than us talk about it. So first things first, I've got my, this is the official Wi-Fi board. And this is my relatively heavily modified FlipperZero right here. Things don't really focus super well in this camera, but yeah, if you saw my video from, well yesterday, technically here, but whatever timeframe works, I did the clear case mod, which is pretty fun. So what we're gonna do is let me hop down to the desktop real quick. And then I will show you basically the workflow on this one. So I'm gonna open up QFlipper, so you can see what I'm doing. Here's QFlipper. So the first thing that I'm gonna do, so I have in the background a router setup. And this router is running a network called Hacksquash, which software or firmware, sorry, are you running on your Flipper? So currently this is running on the latest dev version of XFW or Extreme firmware. Okay, so Xtreme is the software that you like at the moment right? Right now, yeah, it's got all the things that I need in it. I like the UI updates to it. It's got working RGB control, which is important because I did the RGB mod. So yeah, it kind of checks all the boxes. They have really been pushing, like I know the devs over there, and they really are trying to push the envelope or what can be done. So yeah, they make pretty good software, or pretty good firmware for that matter. So just before you go any further, is this installed as part of the Extreme firmware? Or do you need to do something? So this is all part of it. Yeah, most of the custom firmware has come with applications already picked out. This is Wi-Fi Marauder by JustCallMeKoko, running on the board. So the board has special firmware. And then this, the Wi-Fi companion app is done by OX Chocolate, aka Coco Code, who's actually really, really cool. They're part of the Discord and they've made some really great applications aside from this as well. So sorry, just because I'm slow, can you show your FlipperZero again with you've got a board on it, right? And that's a board that you have to buy separately and flash it, is that correct? So yeah, right up there. Mine's fancy because I've got a nice 3D printer, but that's the official Wi-Fi Devboard. So this isn't from any of the other creators. And honestly, if you don't own one of these already, you're really missing out. It's not very expensive, and especially if you bundle it with a brand new one. These will allow you to do, you know, I mean, Wi-Fi stuff. It does have some Bluetooth options in there as well. So yeah, definitely get one of these. It makes your Flipper a lot more versatile. And in your, on your channel, you've got video showing people how to flash that and how to update it and stuff like that, right? Oh yeah, oh yeah. So we've got a number of different ways to do it, involving either hooking it up to your computer, but what's great now is Coco Code actually came up with a little application that allows you to install the Marauder firmware directly from the Flipper. We also figured out a way of installing Flipper and evil portal at the same time so you can dual boot, switch back and forth with a single file. It's super, super cool. But yeah, that's basically the idea is you do have to flash Marauder firmware onto the official Wi-Fi dev board. So I'll link those videos below. If anyone wants, if any of you want to go and see those, as always, you know, Nate's got a lot of videos on his channel talking about all kinds of things. And that's what I love about what you've done in your channel. So if we are going to quick in this video or you missing some stuff, go check his channel out for those videos and a lot more, you know, information. But I've been speaking enough and keeping you too long. So shows this demo. So what we're going to do is we're just going to open up Wi-Fi Marauder. And we're going to scan our access points. And let's see, do, do, clearing access point zero. Any luck, this will actually scan my access point. Sometimes I have to do this twice. There we go. So now what it's doing is it's going through and it's finding all of the local access points around. These are mostly my neighbors. But deep down in this list, we're going to find hacksquash. So that should be long enough. So just for people who don't know what we're doing, you've got the FlipperZero software connected to your FlipperZero and you're doing all of this on the FlipperZero, right? Yeah, this is all directly on my Flipper. I'm using QFlipper is just a way for you to kind of follow along with me. Well, list the access points. And you can see right here at zero, that's Squachnet. That is my access point we're going to go through. So it's going to select it by going to zero, save that. All right, so we have our access point selected. What we're going to do is we're going to go to a PMKID sniff. And we're going to do this is targeted active. So what this is going to do, it's going to deauthenticate the network and it's going to sniff for the four way handshake. So what I'm going to do to make sure this works well, I'm also going to hop over and grab Squachnet. We're going to actually connect to it with my PC. So basically what we're doing is we're making as many handshakes as possible with the different devices. So I've got my phone. I've got this set to automatically connect to that network. And I've also got my PC, which I'm connecting to it over and over again, because it needs to read the fourway handshake. It's necessary to decrypt the password. So basically, a little swap back over. Now we've got that on here. So we can close this. So once I've done that, what it actually does is saves those files directly to the SD card. So I can open the SD card. And it's going to be under application data. Or I can double click too many times into a Marauder. And then pcaps. Here's my pcap file right in here. So I can download that and then save this to the desktop. So basically, those are our handshake files. We're going to use those to translate or to decode our passwords. So the next thing we're going to have to do is basically go and make sure that those handshake files have the right files on them. We need the EAPOL handshakes. So let's open up Wireshark. All right, cool. So we're going to hop on down to Wireshark. And then we're going to drag this here. Capture has a, it always says, but not always, but it's almost always cut off in the middle of a packet. That's normal. All right, so now we know we have one, two, three, and four. So we have all of the files that we need for this. So what we're going to do from here is actually go to open up a browser. And then we're going to go to Hashcat because we need to convert these files over for something that's usable from the actual Hashcat software. So I'm going to go to the converter. I'm going to choose our file, which is this guy right here, and we're going to convert it. So that worked. And I'm going to save this into the same file or the same folder, for that matter. That has Hashcat in it. So we're going to do that. And we're going to name this squach.hc22000 save. Over your, we can replace that. Cool. So what we're going to do is I'm going to open up CMD in the same folder that Hashcat's in.
So we've got that right here. We can just type CMD up here, love this little trick. And now that we're in there. So all we're going to do from here is type in Hashcat-m22000 squach.hc22000. And we're going to use the list that I have, which is cracked.txt.gz. That's a bunch of passwords, right? Yep. That's my password list for you. So it's going to go through and test through here. And yeah, it's got a lot of CPU power in this thing, which we don't really need. But if we scroll up here, we can see Squachnet, and there's my password right there. That's why you want to make sure you don't have a really easy password. Because the most common passwords are on all these password lists. This is a small password list. This only has about 400,000 passwords. And you can see how long it took to go through that list. I mean, I've got a decent graphics card, but yeah, it's actually a lot easier than you might think. That's what I love about the FlipperZero, right? Because it's some people knock it and say it's a toy. But I disagree. I mean, it's a great way to learn, right? It absolutely is. So I mean, I'm a bicycle mechanic by trade, and I used to be really, really into computers and stuff. When I got the FlipperZero, I hadn't done anything like this in 20 years almost. And it just kind of reignited that, like, let's see what we can do with it. And the more I push it and the more things I try to do, the crazier stuff that actually seems doable. There's so many options with, you know, BadUSB and with Wi-Fi, and this got Bluetooth on there too. Like, there's a lot you can actually do. And it's a lot more than most people think. Because they see these fake videos on YouTube and TikTok, and they think the whole thing is fake. But it's really not. So just hold on. If I understood this correctly, you don't work full-time in IT at the moment, right? I have never worked full-time in IT. So in other words, you... I've never worked in IT. So you do bicycle stuff as your full-time job. And then you're doing FlipperZero videos, and yet you're learning tremendous amounts by doing these videos. And just like playing around with the tool, right? Yep. I think that's a great inspiration for anyone who wants to learn, right? Because I think I see a lot of hate in the community where people say, I've script-kiddy as these guys, they don't know what they're doing. But I mean, how do you learn this stuff if you're not inspired to learn it? That's exactly what it is. Like, if you don't have a reason to learn these things, and you're not going to, and yeah, I run scripts and stuff on there, but I mean, that's what everybody does. I mean, that's what Kali is for, right? It's not like anybody's out there writing these applications, metasploit. Like, they're just scripts at the end of the day. And how long ago did you say you got your Flipper? September. And you've learned all of this... Stuff in that amount of time. Yep. Along with hardware modification and stuff like that, like I always could kind of solder. But I mean, the one of the first things that I did actually was build this. That is amazing. Yeah, and like, I'm not... I mean, it's anybody who does this professionally thinks this is like an abomination, but yeah, like... But how do you learn the best way to learn is to do? Exactly. Pick an ambitious thing. Don't tell anybody you're trying to do it. So there's no real pressure if you fail at it. And if it comes out good, share it. That's kind of what I've been doing the whole time. Nate, really appreciate you sharing that. Again, on your channel, you go through this and a whole bunch more, right? Absolutely. And I do go kind of fast, you know, from the New England area. So we're a little fast. But yeah, but we can go through everything. I try to go through every single step. I try to do everything live and real. So I don't cheat if I don't have to. I mean, I really don't like doing any content that's not completely genuine. It also helps people go through every single step. I make mistakes along with you. So, you know, I try to make everything as easy as possible. So as mentioned, I've linked Nate's channel below. I've linked some of his videos. Go and check them out. Go and show the love and support. Go and subscribe. And I'm really happy to announce that we've got many, many more videos coming. So let us know the kind of demos you want to see on my channel. Nate's going to share a whole bunch of videos. And we've actually recording a whole bunch today. But we'll be recording more in the future. Nate, thanks so much. Glad to be here. Appreciate it.