Flipper Zero Wifi Hacking has Never Been Easier! Updated for 2024!

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] this video is for educational purposes only only test your own Hardware doing otherwise is illegal don't be a skin what is going on you guys it is the talking sasquat and it's great to have you back now for those of you who don't know we have a super active Discord and one of the cool things about our Discord is that it's got an entire support ticket system all you got to do is fill out a support ticket and sooner or later somebody will help you out typically it's actually pretty fast you'll even get developers from firmwares just stoping by to help out now if there's one topic that comes up more than anything else right now at least it seems like it's Wi-Fi cracking and figuring out why people have zero BTE peaps it's literally like every single day five times a day it's just ping ping ping where are my peaps where are my peaps where are my peaps so we're going to revisit the entire Wi-Fi password cracking system we're going to figure this whole thing out from top to bottom I've Got the Whole Thing slimmed Down it's easier faster simpler and better explained so that everybody should know exactly what's going on so put on your hacker fingerless gloves let's crack some hashes and figure out some Wi-Fi passwords let's [Music] go all right right up top disclaimer obviously only test devices that you own or allowed to test doing otherwise is extremely illegal and yes you can get caught don't be a skid I'm talking to you yeah you I feel like you're going to do it anyway but hey I told you I warned you okay it's on you now I do also want to acknowledge the fact that there actually has been a kind of a misconfiguration between esp32 Wi-Fi Marauder that's the firmware that goes onto the Wi-Fi boards and the companion app so there actually has been some issues with z cap files and it hasn't been the fault of the user I want to personally thank just call me Coco and Willie from xfw they actually went out of their way to make sure that this was fixed before the video went out so you guys are awesome you just great job guys want to give a huge shout out to just Calli Coco he is the developer of the marauder firmware for those of you who don't know what Marauder is it's effectively a Wi-Fi toolkit that was created for an esp32 now an esp32 is simply a Wi-Fi and sometimes bluetooth enabled chip and that's what just call me Coco uses on his esp32 Standalone Marauder also it's what the flipper developers use for their Wi-Fi board Now The Flipper zero Wi-Fi board was originally created to basically do wireless debugging and running through troubleshooting and stuff when flipper came out uh just Calli Coco realized that he could run his firmware on this chip and basically created this immensely powerful Wi-Fi tool that flipper zero can take advantage of now one of the things that makes everything a little bit more complicated as far as installing firmware onto the Wi-Fi boards is the fact that there are a lot like this one which is the official Wi-Fi board or this one maybe made by just call me Coco or this one made by awok or this one also made by awok that I threw some GPS onto or this one made by some sometimes or even this one made by estabon Fuente Alba called the melvv which has an esp32 on the back it's capable of running Marauder I mean hell even I built one right here which is one of the first prototype boards I made so now I know you're probably thinking hey where do I get boards like that well that brings us to today's sponsor PCB way PCB way is your One-Stop shop for anything that has to do with pcbs PCB way can help you design create and assemble almost any PCB for almost any project they're actually currently working on a flex PCB for me right now it's so cool now don't forget just because they're called PCB way doesn't mean that that's all they do they also do 3D printing injection molding and Sheet Metal Fabrication on top of all that they've also got a module store where you can pick up anything from Raspberry Pi to small TFT screens to sensors and more that's where I got my miniware es-15 and my miniware ts1 C so check out PCB way.com for a free instant quote thank you so much again for your continued support and let's get back at it so yeah with all those different boards some of them actually have to be flashed slightly differently well we're going to go through the entire process top to bottom we're going to get them all working today so first I'm going to do it for people using official firmware I'm going to show you how to use FZ flasher to flash the Wi-Fi board and then how to get the companion app through flipper Labs so for this example I'm going to use the transparent flipper that I got the case printed from PCB way the thing come out awesome thanks to ZR Kraken for making the model uh so let's plug this into USB hop on to Q flipper get it all updated and we'll show you how it works all right here we are on the desktop of course we're going to plug our flipper into USBC we're going to make sure that the cable that we're using to plug it into USBC also has data not just power if you're concerned about the cable just use the one that came with the flipper so usually we would just open up Q flipper and update that way but I'm actually going to show you how to use lab. flipper. net to update the firmware and also install the marauder companion app so we'll close this we're going to navigate over to lab. flipper. net there we go put it on the actual screen and here we go we can go to the development I mean you can do anything you want um let's do release for now and just click install it's going to take a few minutes but it's going to install and update everything and you'll be ready to go for the next step two very boring minutes later all right one short rest later and we're done here and let's see if we can get this back up on the screen might have to unplug the flipper and plug it back in for lab to connect and here we go all updated and ready to go now all we have to do is go over to the apps over here and then you can see all the cool apps that you can install directly from your browser this is an actually a fantastic addition to the lab. flipper. net setup I learned about this a little bit later than I should have but man this is a great great setup obviously feel free to browse through all these and install as many apps as you'd like but for today we're going to do Marauder [Laughter] [Music] search okay so what's actually going on is the fact that remember I talked about that misconfiguration between the firmware for the board and the companion app well what's going on is that the app itself hasn't been updated quite yet not a problem by the time this video airs I'm pretty sure that's going to be up won't be an issue for you whatsoever so you'll just be able to install Marauder just like well say I don't know cross remote so you just click install and it'll install directly to the flipper it's that simple it's that easy so for now we're just not going to worry about it we can close out of labs and then there's our update what we're going to do from there is actually go to fzf flasher.pdf if you're using Mac use Mac whatever uh we'll download that there we go and we'll open that all you got to do is extract it make sure you extract the files if you try to do this inside the compressed folder it won't work go to the syab INF and go to install open and install operation successful so that's going to install the drivers for our Wi-Fi board so we can go ahead and close this and delete those files we no longer need those and if we go back and it just talks about how you're going to plug the board in and how you're going to use the buttons I will show you exactly how to use the buttons in just one second so let's switch over to the camera and I'll show you all right so here we have the official Wi-Fi board you'll notice there's two buttons says one's Boot and one's reset it's actually written on the board itself we're going to hold the boot Button we're holding the boot button and then we're going to plug in our USBC right there boom that's it let go of the boot button and then this is in what's called dfu mode which allows the firmware to be flashed let's go back to desktop and do that now quick note you do not have to do this in all boards and some boards don't even have the boot or reset buttons the Flasher itself can automatically trigger things to go into boot mode but it just depends on the wiring of the boards and when they were made and things like that but for the most part follow these instructions everything will go well we can close the how-to and all we're going to do is Click connect right there and I have two things in there and my USB serial at com 17 is actually a IPS clock but it figured out asp 32 actually let me unplug my clock just to make sure I have okay perfect I have overwritten the firmware of my IPS Nixie clock like five times I don't want to do it again and connect give it a second and here we go now what's really cool is it actually allows you to select your board so there are a ton of different boards and this is where people are getting really really confused my God they even have my board which nobody actually has yeah custom unreleased that's so cool you guys are the best this was made made by zardo and infos red all right so let's scroll back up and this is the official Wi-Fi board now you'll notice there's two versions now the official Wi-Fi board has a SD card add-on that just call me Coco made or you can actually make one yourself um just a little bit of wiring but mine does not have an onboard SD card so you're just going to select flipper Dev board and we'll select version so I mean it's either latest or previous we're going to go with latest cuz obviously we're cool and then now yeah you can Flash either Marauder or black magic Marauder is the Wi-Fi Suite of tools black magic is the wireless debugging so we're going to use Marauder and then just hit program give it a roll and it finishes in no time it's so much faster than it used to be such a cool process great job on this project great job and we're complete all you got to do is unplug the board and it's ready to go and that's it that's the workflow for installing the firmware onto the dev board and onto your flipper itself easy peasy if you want to stay on official firmware now if you want to be a little more spicy uh we can go ahead and install custom firmware the guys over at xfw did a fantastic job making this entire process even easier on their firmware all right so let's go ahead and make sure we have FC flasher closed Labs closed everything closed take our flipper we're going to go ahead and plug it into USBC we'll hop down to the desktop and install xfw all right so we're just going to navigate over to the extreme website which is flipper dtme extreme and click on upload upload click on install we reading's hard all of a sudden cool cool cool and just click the flash button and give it a second that's all you got to do and you'll have extreme installed we'll be right back all right one short rest later and it's all set you can't really see anything on the screen here but it's all done so let's close this and we'll actually open q flipper so you can see what's on my screen you don't need to do this this is just me showing you my flipper screen otherwise it's just me talking about what I'm doing and that's really boring so here we are we've got extreme updated so now we're running extreme firmware what we'll do from here is actually take our Wi-Fi board and plug it into the flipper per usual you don't need to do anything special just go ahead plug the Wi-Fi board into the flipper and we're good to go so we're going to navigate into Apps and then we're going to go to gpio and then we're going to go down to ESP flasher there we go all right now the fun part it's this easy click on quick Flash and then we're going to go to The Flipper Wi-Fi board you can see they've added functionality for all these other boards so depending upon what other board you're running you can use you know whatever they're using and actually for clarity the esp32 room is a completely different chipset than the esp32 Rover that's running on the official board now a lot of people like just call me Coco or awok use an esp32 room all you have to do is Select that and you know that's what you're using if you don't know what Bo board you're using if you look really closely at the actual chip on the Wi-Fi board itself it will tell you it'll say esp32 room or esp32 Rover so once we've got our board selected we'll just press the middle button so again we don't want to flash black magic we want to use Marauder we'll click that and it's going to automatically enter bootloader mode you don't need to press any buttons and then it's just going to automatically install the proper firmware onto your Wi-Fi board now it's very important to note that the guys at xfw do things a little bit differently and they will occasionally tweak both the companion app and the firmware that goes on the Wi-Fi board so you want to make sure that you update the Wi-Fi board every time there's a major release in firmware very important to that same degree also don't overwrite The Marauder companion app that's already in xfw their version is the correct one so there's no reason to install anything else other fun tidbit is if we scroll up on here we'll notice an error that people tend to get freaked out about if we go all the way up here it Scrolls down so you know when you're installing it you'll see all this but we go all the way up there we went too far here we go back down failed to mount SD card SD card not supported that is okay that is not a problem at all all that really means is that the the board that we have currently does not have an SD card attached to it which it does not so we're done yeah we can back out of the app and now we have everything we need to run esp32 Marauder and that's really freaking cool so now we can get into the business of figuring out how to crack some Wi-Fi passwords so we can exit out of here and now we're going to go down to WiFi this used to be in gpio but they moved it to Wi-Fi and we're going to go to esp32 Wi-Fi Marauder now for those of you that are new to this app I have an entire video basically explaining how to use this app there's been a lot of updates so I may have to make it update for that video but you know there's a lot more features on here and I show you how to use most of them in my previous video on how to use it now the first thing you're going to want to do when you're in the marauder app is scroll all the way down to the bottom here super super super important and we're going to go to save to flipper SD card and then go to yes that's going to make sure all the pcap files are saved directly to the SD card it's plugged into the flipper you can save the logs there too if you want I don't really care about logs so we'll select no for that very important all right so from there what we're going to do is we're going to go to scan access points that's what AP stands for and we're going to scan our nearby access points give it a little while but keep an eye on the screen it will show you what access points it's finding and there we go squash net that's what we want so I can just click the back button and we're done scanning so now what the app is actually going to do is it assigns a number to every access point so here's all the access points we found and now we have we keep scrolling down here we go Squatch net is number eight so perfect now we know Squatch net number eight from there we simply click back and then we're going to go to select the access point and then we'll simply click on the number eight and then save then press back a couple times and you're all set and then you're done setting the Wi-Fi access point so now we got to do some sniffing so if we go down to sniff sniff here we go press the side Arrow to go to PM kit also known as Pim kids also known as pairwise master key identifiers go ahead and select there and we're going to go with active so there's a different you know a bunch of different attacks we can do and I can kind of explain them quickly for you so we can do a passive sniff which is really just going to sniff for everything and it's going to see any handshakes happen to come our way we'll catch him we can go with active and what that will do is it'll Target the Wi-Fi access point that we currently selected and it will do a deauthentication attack against that access point what a deauthentication attack does is it basically simply asks the devices on that Network to disconnect from it keep in mind this only works on 2.4 GHz networks basically this entire process really only works on 2.4 GHz networks we can also do a targeted passive list or a targeted active list basically it's the same idea but you have you know multiple different access points that you're attacking at the same time so for today what we're going to do is the active force dooth will select that right there and it's running what's really cool about this is that it actually will show you when you're getting the EAP data now what EAP stands for is extensible Authentication Protocol over land basically these are our four-way handshakes that we need in order to decrypt the password I always say give this you know 5 minutes 10 minutes whatever it takes if you're lucky and yeah we should be able to get the information that we need all right sometime later I have a bunch of these EA Pauls and those are going to be the files that we need so we're good to go we'll back out out of this right to the beginning screen so yeah from here we can just pull the files off of our flipper and yeah we're ready to go so yeah we can simply go back and we'll hop into the file manager yeah so from here all you got to do is open the SD card go to apps data go to Marauder go to peaps and here is my glorious peap go ahead and uh whoops download put this guy right on my desktop and here is our sniff pimp kids oh it's so good here's our peaps then we can even right click on that go to properties and and then Hey look it's got a file size look at that now if for any reason you get a pcap file with a zero byte file size go ahead and update and install both the new firmware for your flipper and the new companion app and the new firmware for the Wi-Fi board make sure you're starting off fresh so start from step one and get back here so I guess now is a really good time to talk about what a pcap actually is so pcaps basically it's just a digest of the password that can cannot be directly converted into a password as my good friend Delilah puts it it's like trying to turn a chicken McNugget back into a chicken it just can't do it what you can do is take millions of passwords and basically redigested the end so this is why yeah these are dictionary attacks but there's not really too many better ways of doing this at least using this method now there's a couple ways we can go ahead and deal with these peaps and get information from them so let's close Q flipper and let's check out a really cool project at infos red set up so this is infos Red's peap uploader really cool all you got to do is basically put the peaps in the same folder as this and run an command and basically it's going to upload those peap and then email you with the cracks password which is really cool so all you do is go to download zip we'll download this to our desktop just like we have millions of times before and then we'll just extract all of this here we go extract and then Bo here's our folder which has the pcap uploader very very cool what's really fun too is if you're the kind of person that takes the SD card out to transfer files you can even put this upload windows. command into the same folder as the peaps it will automatically do this allinone step super fun so the way it works is we'll just copy and paste our peap in here and then just run upload dw. command obviously Windows is going to tell us that we don't want to do that click more info click run anyway but yeah here it is so all you got to do is enter your email address the talking Sasquatch docomo and it's going to yeah we're done it's already sent this off to onlin crack.com we're going to get a confirmation email about it and as soon as it's done cracking it it's going to go directly to our email One Step super cool literally couldn't be easier you can do this anywhere what's great about this too is it doesn't require you to have a super powerful GPU if you're trying to find the easiest possible way this is a great way but let's say we want to do it the fancier way or the oldfashioned way so let's delete all this stuff and let's start in a different direction and the oldfashioned way that we're going to use today is going to be simply using hashcat so we're in Windows we're going to download the binaries poopy poy save here it's going to go directly onto our desktop I guess I got to actually click the button close this uh wait for it to download here we go and then we're going to open this I use seven zip which works really well for opening seven zip files or any file like that drag and drop put this onto our desktop give it just a second close that we'll delete the original file cuz we don't need that open up this folder and now for the next step now again since I said we can't turn a chicken nugget back into a chicken we do need a word list to basically test against our password so here we go we've got all these different word lists the link will be down below we're going to use Rock you. text. gz go ahead and click that and if you click the RAW button right here that basically is going to allow you to download it we'll put that directly into our hashcat folder do not unzip this leave it as a gunzip leave it as a compressed file you do not need to unzip this it's not going to make your life any better all right so now what we have to do is actually convert our pcap file into something that hashcat can use so we're going to use hash cat.net cap to hashcat same thing we did last time we're just going to open up our pcaps and then click the convert tool handshake extraction successful now keep in mind this can fail that's a bummer you know it's just kind of how it happens sometimes we have to kind of start over again but for now we'll click download and we're going to save it directly into our hashcat folder and let's make this easier we're just going to name this pcap dohc 22,000 that's hc22 fantastic we can close this and now we can do the fun part so let's confirm real quick that we are in our hashcat folder we have Rock you. tex. gz we have PC cap. HC 22000 and we have our hash cat.exe perfect so now we're going to do a fun little trick if you go into the address bar and type CMD that's going to open up the command prompt so we can do this the fun way so we're simply going to type in hashcat it's going to run the hashcat program we're going to do the name of the pcap file which is pca. HC 22000 and then just the word list which is Rock you. txt wh txt Dogz and let it rip there we go when we cracked it now one thing to keep in mind is that uh this does run off of the GPU and I do have an RTX 380 so I have a very powerful GPU so it takes a lot less time than maybe it would if you're on a laptop or something but it will work eventually but yeah if we take a look right now it's Squatch net and there's our password right there very very cool we've successfully cracked our Wi-Fi password and I mean it's just that easy well it's not actually that easy there's a lot of steps and a lot of things that can go wrong along the way in no way is this guaranteed work on every single Network also again as I said before make sure if you're trying to test a network it's got to be a 2.4 GHz Network otherwise it's just not going to work now what is helpful is that most of the 5G networks or most of the home networks or most of the networks in general are a mesh Network and it does use a 2.4g basically part of the network and that's more or less for iot things or Internet of Things there's so many different devices like smart switches lights all sorts of stuff that use a 2.4 GHz Network because the 2.4 GHz signal reaches much much further than 5G oh yeah and while I'm thinking about it let me show you what it looks like from Red's pcap uploader they just sent me an email it's not done yet but I can get to the the control panel we can take a look so let's hop on to the desktop all right yeah here is basically the um online hash.com it shows that it found the network right there what kind of password encryption it is and yeah it'll basically go through and crack this password for me it says it can take up to 72 hours depending upon the complexity of the password and I guess the user how many people are using it at the time but again this is a really good way to do this and it's super super easy for anybody who again doesn't have the GPU or maybe they're trying to do things quickly it's a great tool so yeah I hope that was as uncomplicated as I can possibly make it again cracking Wi-Fi passwords is a tricky thing to do and it is based off of word list now you can add rules to the word list which will effectively kind of change the way the words and things that it's you know trying to crack against there's a lot a lot of stuff here there's a reason why there's entire cyber security like divisions just for password cracking thank you so much for watching I know this was a longer video there is a ton of stuff to go over and again it's complicated and I want to try to make it as clear and simple as possible for you please make sure to like comment subscribe it helps me out a ton you guys are absolute Legends we'll catch you next time hey

Info

Channel: Talking Sasquach

Views: 93,401

Rating: undefined out of 5

Keywords: flipper zero, flipper, hacking, technology, watch dogs, deauth, flipperzero, talkingsasquach, talking sasquach, flipper zero hacks, flipperzero unleashed, flipper zero talkingsasquach, flipperzero talkingsasquach, flipper zero talking sasquach, flipperzero talking sasquach, talkingsasquatch, talking sasquatch, zero, flipper0, deauth wifi, pcap, pcap files, wifi hacking, hacking wifi, hack wi-fi, flipper wifi, wifi pcap, empty pcap, pcap files flipper, wifi pcap files

Id: nKcwJodcOTA

Channel Id: undefined

Length: 25min 9sec (1509 seconds)

Published: Sun Feb 11 2024