A suite of WiFi/Bluetooth offensive and defensive tools for the ESP32
Download the latest release of the firmware.
Check out the project wiki for a full overview of the ESP32 Marauder
You can buy the ESP32 Marauder using this link
A suite of WiFi/Bluetooth offensive and defensive tools for the ESP32
A suite of WiFi/Bluetooth offensive and defensive tools for the ESP32
Download the latest release of the firmware.
Check out the project wiki for a full overview of the ESP32 Marauder
You can buy the ESP32 Marauder using this link
I want to be able to run a firmware update by loading a bin from an SD card in case I decide to remove the OTA update capability to save space.
Add menu option under WiFi Attacks to generate list of random SSIDs
I eventually want to include the capability to broadcast a fixed list of SSIDs. This will allow the possibility of monitoring association requests to see if clients are trying to connect to any of the fake access points.
Menu options would be:
Generate SSID List
Clear SSID List
As per request I'll leave here the steps needed to get the ESP32Marauder to work on the M5Stack.
Random observations:
#ifdef ESP8266
statements and will be cleaned up, this can't end up with a clean PRconst
@justcallmekoko how about you create a gitter from this project so we can talk about these issues without spamming your userbase ?
Just wondering if this is the right display? (for folks to DYI it)
I know between manufacturers overseas, there tends to be huge variances.. but this seems to match the pin outs.. for voltage, spi, etc
https://www.amazon.com/WIshioT-Display-ILI9341-Controller-Arduino/dp/B07916R3KY
Weirdly, I think I have one kicking around in my parts bin from another project. I'll have to try and report back. I have like 4 ESp32's kicking around so not a huge deal to try this later this week, and say if that display works.
Although I wonder if maybe finding a non touchscreen display via i2c, and a clicker, or joystick type control would be a nice alternative. But GUI work is really not my thing. Someone would have to redo the input stuff for that i'd assume.
ESP32 Marauder is running out of space. Pretty soon we won't have enough space for new features and this is a problem. An easy solution would be to just replace the ESP32-WROOM with an ESP32-WROVER, but that would make the current hardware obsolete.
seeing how easy unscrupulous airbnb owners can buy hidden cameras, it would be so useful to scan for these devices by mac or ssid? (e.g. https://www.fing.com/news/how-to-find-hidden-cameras-in-your-airbnb)
I see the image of the M5Stack Fire with enthusiasm. Is there already a working version for this model that can be flashed?
Redesign Marauder hardware to support IP5306 I2C, on-board TFT, and SD card.
The marauder is lacking some features and has room for changes that would improve form factor and cost per unit.
I want to add support for the IP5306 I2C chip which will allow me to completely remove the battery level LEDs. I will be able to display the current battery level on the TFT screen.
I have been working on my own TFT Touch screen circuit. If my circuit works, I will be able to add the circuit to the design of marauder. I will no longer need a separate shield to be connected to marauder. The prices of the screens themselves when separate from the shield are much less costly which will allow me to order greater quantities of screens for producing more units.
I plan on add SD card support using the SPI bus which will allow for a greater expansion of marauder features such as saving large amounts of pcap files from WiFi scans.
Is a touch screen required to navigate menus? Or will Marauder run on non-touch devices?
When sniffing for WiFi or Bluetooth devices, you can expect anywhere between several seconds and 15 minutes of run time before Marauder crashes.
This is caused by a synchronization issue with reading and writing print statements to a buffer to be used by the touch screen. I have employed a binary semaphore, but it is not 100% effective.
The semaphore just makes a crash less likely to happen but it can happen at any moment while sniffing.
I would like to show the AP and Station MACs in the device info again. I originally took them out because it would cause RAM usage to got up and up each time you opened device info. I found out it was because of the getStaMac
and getAPMac
functions. They start the wifi interface but do not shut it down...at least I think that is the issue but I am not sure.
I want to create a separate function for shutting down the WiFi that can be used by those two functions AND stopScan
Create "General" sub menu under wifi attacks
Create "General" sub menu under bluetooth
Once the new version of the marauder hardware is delivered, I will have the option to interface with the IP5306 using I2C. This will supplement the status bar feature
I want to add a status bar to the menu that will show the current status of device properties like:
If you use the beacon spam attack then exit the attack, sniffing WiFi frames will not work.
On Serial
rst:0x1 (POWERON_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
configsip: 0, SPIWP:0xee
clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00
mode:DIO, clock div:2
load:0x3fff0018,len:4
load:0x3fff001c,len:1216
ho 0 tail 12 room 4
load:0x40078000,len:9720
ho 0 tail 12 room 4
load:0x40080400,len:6364
entry 0x400806b8
[D][esp32-hal-psram.c:47] psramInit(): PSRAM enabled
Using TFT DIY
clearScreen()
SPI_FREQUENCY: 27000000
SPI_READ_FREQUENCY: 20000000
SPI_TOUCH_FREQUENCY: 2500000
--------------------------------
ESP32 Marauder
v0.6.9
By: justcallmekoko
--------------------------------
RAM Free: 4392020 bytes
SD: SDSC Mounted
SD Card Size: 1886MB
SD Card supported
RAM Free: 4358264 bytes
RAM Free: 4358264 bytes
RAM Free: 4358264 bytes
RAM Free: 4358168 bytes
IP5306 I2C Supported: false
RAM Free: 4358008 bytes
Setting neopixel to black...
initScrollValues()
setupScrollArea()
tfa: 48
bfa: 0
yStart: 48
Bulding buttons...
Displaying current menu...
clearScreen()
It compiles fine on Arduino 1.8.13.
My changes - SPI.begin (14, 2, 15, 13) before SD.begin (SD_CS) in SDInterface.cpp and reassigned SPI pins for display in User_Setup.h
v0.6.8. works great with the same changes
I will need to adjust the naming conventions of the pcap files saved
hello, why does the touchscreen work in reverse? I see the writing straight but the touch is reversed compared to the keys
Document wiring mod required for SD Card support.
The Marauder firmware now supports an SD Card. I need to document the wiring required to get full hardware support for the SD Card slot on the 2.8" TFT Shield for those who have a marauder of hardware revision 3 or older.
A pwnagotchi will be detected and a line with a channel will show up on the TFT screen, but no pwnagotchi info.
If you look at the serial monitor when this happens, the full pwnagotchi advertisement will show up, but I think the JSON is not being decoded properly or something.
At the same time, my second pwnagotchi WILL show up properly on both the serial monitor and the TFT.
If you've noticed, you can execute a beacon spam or rick rollleelle attack and it will work just fine.
If you exit the attack and restart it, the packets/sec will drop significantly. I actually suspect packets aren't even being sent because access points don't even show up. I need to verify this will an actual scan and not just listing wifi network on iphone and PC.
When displaying device info, I want to show the firmware version and also the name of the firmware.
Pretty self explanatory.
Arduino:1.8.13 (Windows 10), Scheda:"ESP32 Dev Module, Disabled, Default 4MB with spiffs (1.2MB APP/1.5MB SPIFFS), 240MHz (WiFi/BT), QIO, 80MHz, 4MB (32Mb), 921600, None"
Più di una libreria trovata per "SD.h"
In file included from c:\users\rferr\documents\arduino\libraries\lvgl\src/lv_misc/lv_log.h:16:0,
Usata: C:\Users\rferr\AppData\Local\Arduino15\packages\esp32\hardware\esp32\1.0.4\libraries\SD
from c:\users\rferr\documents\arduino\libraries\lvgl\lvgl.h:26,
Non usata: C:\Program Files (x86)\Arduino\libraries\SD
from C:\Users\rferr\Documents\Arduino\libraries\lvgl\src/lvgl.h:17,
Non usata: C:\Users\rferr\Documents\Arduino\libraries\SD
from sketch\Display.h:11,
Più di una libreria trovata per "WiFi.h"
from C:\Users\rferr\Desktop\ESP32Marauder-master\esp32_marauder\esp32_marauder.ino:20:
Usata: C:\Users\rferr\AppData\Local\Arduino15\packages\esp32\hardware\esp32\1.0.4\libraries\WiFi
c:\users\rferr\documents\arduino\libraries\lvgl\src\lv_conf_internal.h:24:101: fatal error: ../../lv_conf.h: No such file or directory
Non usata: C:\Program Files (x86)\Arduino\libraries\WiFi
compilation terminated.
Più di una libreria trovata per "SPI.h"
Usata: C:\Users\rferr\AppData\Local\Arduino15\packages\esp32\hardware\esp32\1.0.4\libraries\SPI
Non usata: C:\Users\rferr\Documents\Arduino\libraries\SPI
Più di una libreria trovata per "Wire.h"
Usata: C:\Users\rferr\AppData\Local\Arduino15\packages\esp32\hardware\esp32\1.0.4\libraries\Wire
Non usata: C:\Users\rferr\Documents\Arduino\libraries\Wire
exit status 1
Errore durante la compilazione per la scheda ESP32 Dev Module.
where is lv_conf.h file?
when compiling it tells me it can't find this file
I am taking @tobozo advice and making the menu better. No more arbitrary sorting!
Depends on #45
Under attack options, send a single packet with user specified type, channel, source MAC, and dest MAC
`C:\Users\ADMINI1\AppData\Local\Temp\arduino_build_223464\sketch\Display.cpp: In member function 'void Display::RunSetup()':1\AppData\Local\Temp\arduino_build_223464\sketch\Display.cpp: In member function 'void Display::drawStylus()':
Display.cpp:42:7: error: 'class TFT_eSPI' has no member named 'setTouch'
tft.setTouch(calData);
^
C:\Users\ADMINI
Display.cpp:482:25: error: 'class TFT_eSPI' has no member named 'getTouch'
boolean pressed = tft.getTouch(&x, &y);
C:\Users\ADMINI1\AppData\Local\Temp\arduino_build_223464\sketch\MenuFunctions.cpp: In function 'bool my_touchpad_read(lv_indev_drv_t*, lv_indev_data_t*)':1\AppData\Local\Temp\arduino_build_223464\sketch\MenuFunctions.cpp: In member function 'void MenuFunctions::main(uint32_t)':
MenuFunctions.cpp:47:34: error: 'class TFT_eSPI' has no member named 'getTouch'
bool touched = display_obj.tft.getTouch(&touchX, &touchY, 600);
^
C:\Users\ADMINI
MenuFunctions.cpp:322:29: error: 'class TFT_eSPI' has no member named 'getTouch'
pressed = display_obj.tft.getTouch(&t_x, &t_y);
^
C:\Users\ADMINI1\AppData\Local\Temp\arduino_build_223464\sketch\MenuFunctions.cpp: In member function 'void MenuFunctions::orientDisplay()':1\AppData\Local\Temp\arduino_build_223464\sketch\WiFiScan.cpp: In member function 'void WiFiScan::RunLvJoinWiFi(uint8_t, uint16_t)':
MenuFunctions.cpp:668:19: error: 'class TFT_eSPI' has no member named 'setTouch'
display_obj.tft.setTouch(calData);
^
WiFiScan.cpp:1141:11: error: DynamicJsonBuffer is a class from ArduinoJson 5. Please see arduinojson.org/upgrade to learn how to upgrade your program to ArduinoJson version 6
DynamicJsonBuffer jsonBuffer;
^
C:\Users\ADMINI
WiFiScan.cpp:439:19: error: 'class TFT_eSPI' has no member named 'setTouch'
display_obj.tft.setTouch(calData);
^
C:\Users\ADMINI1\AppData\Local\Temp\arduino_build_223464\sketch\WiFiScan.cpp: In member function 'void WiFiScan::RunPacketMonitor(uint8_t, uint16_t)':1\AppData\Local\Temp\arduino_build_223464\sketch\WiFiScan.cpp: In member function 'void WiFiScan::RunEapolScan(uint8_t, uint16_t)':
WiFiScan.cpp:604:19: error: 'class TFT_eSPI' has no member named 'setTouch'
display_obj.tft.setTouch(calData);
^
C:\Users\ADMINI
WiFiScan.cpp:651:19: error: 'class TFT_eSPI' has no member named 'setTouch'
display_obj.tft.setTouch(calData);
^
C:\Users\ADMINI1\AppData\Local\Temp\arduino_build_223464\sketch\WiFiScan.cpp: In static member function 'static void WiFiScan::pwnSnifferCallback(void*, wifi_promiscuous_pkt_type_t)':1\AppData\Local\Temp\arduino_build_223464\sketch\WiFiScan.cpp: In member function 'void WiFiScan::eapolMonitorMain(uint32_t)':
WiFiScan.cpp:1141:27: error: 'jsonBuffer' was not declared in this scope
DynamicJsonBuffer jsonBuffer;
^
WiFiScan.cpp:1143:19: error: 'ArduinoJson::JsonObject {aka class ArduinoJson6170_91::ObjectRef}' has no member named 'success'
if (!json.success()) {
^
WiFiScan.cpp:1150:16: error: 'ArduinoJson::JsonObject {aka class ArduinoJson6170_91::ObjectRef}' has no member named 'printTo'
json.printTo(json_output);
^
C:\Users\ADMINI
WiFiScan.cpp:1774:31: error: 'class TFT_eSPI' has no member named 'getTouch'
pressed = display_obj.tft.getTouch(&t_x, &t_y);
^
C:\Users\ADMINI~1\AppData\Local\Temp\arduino_build_223464\sketch\WiFiScan.cpp: In member function 'void WiFiScan::packetMonitorMain(uint32_t)':
WiFiScan.cpp:2007:31: error: 'class TFT_eSPI' has no member named 'getTouch'
pressed = display_obj.tft.getTouch(&t_x, &t_y);
exit status 1
'class TFT_eSPI' has no member named 'setTouch'
`
The new TTGO watches look like an ideal platform for the ESP32Marauder.
Example: You are on the main menu which says
WiFi
Bluetooth
Reboot
You click on WiFi
and you now see a menu which says
Back
Sniffers
Scanners
Attacks
You then click back
to return to the main menu.
If you click the blank spot where Attack
was on the WiFi
menu, the clicked Attack
button will show up then marauder will crash.
I probably need to clear the array of menu options when the menu changes before loading the new menu options.
the best I could come up with to end this error was to add this function to TFT_eSPI, not sure what yours is doing though:
void TFT_eSPI_Button::drawButton(String label, boolean inverted) {
strncpy(_label, label.c_str(), 9);
drawButton( inverted );
}
looks like it can't be wrapped outside TFT_eSPI anyway
[edit] User_Setup.h for LoLin D32 Pro, just in case someone needs it
// See SetupX_Template.h for all options available
#define ILI9341_DRIVER
// removed all TFT_* pins definitions as those are already defined by Arduino Board setting
#define TFT_BL 32 // LED back-light
#define TOUCH_CS 21 // Chip select pin (T_CS) of touch screen
#define LOAD_GLCD // Font 1. Original Adafruit 8 pixel font needs ~1820 bytes in FLASH
#define LOAD_FONT2 // Font 2. Small 16 pixel high font, needs ~3534 bytes in FLASH, 96 characters
#define LOAD_FONT4 // Font 4. Medium 26 pixel high font, needs ~5848 bytes in FLASH, 96 characters
#define LOAD_FONT6 // Font 6. Large 48 pixel font, needs ~2666 bytes in FLASH, only characters 1234567890:-.apm
#define LOAD_FONT7 // Font 7. 7 segment 48 pixel font, needs ~2438 bytes in FLASH, only characters 1234567890:-.
#define LOAD_FONT8 // Font 8. Large 75 pixel font needs ~3256 bytes in FLASH, only characters 1234567890:-.
//#define LOAD_FONT8N // Font 8. Alternative to Font 8 above, slightly narrower, so 3 digits fit a 160 pixel TFT
#define LOAD_GFXFF // FreeFonts. Include access to the 48 Adafruit_GFX free fonts FF1 to FF48 and custom fonts
// this will save ~20kbytes of FLASH
#define SMOOTH_FONT
#define SPI_FREQUENCY 5000000
#define SPI_READ_FREQUENCY 20000000
#define SPI_TOUCH_FREQUENCY 2500000
@tobozo
I wanted to get your opinion on this before I do it. I came across this embedded graphics library that looks really good. Pretty soon I will start needing on screen keyboards and check boxes for the marauder settings and attack features. Here is a demo video of the library and I believe it is a 3 part series. You can find the library itself here and a link to the demos used in the videos here.
Let me know what you think. It seems like it's exactly what I need and it has a small memory footprint.
TF card inserted into the interface on the screen can work,But in this case, the side of the screen will appear irregular and protrude.
When I plug in the ESP32 interface, the TF card does not work
Please help me, how can I set up the TF card of ESP32 to work
The following is the schematic diagram of my configuration settings and T8 V1.3
SDIneterface.h File configuration
#define SD_CS 12
#define SD_MOSI 23
#define SD_MISO 2
#define SD_SCK 18
Can you share your User_Setup.h ?
Thank you.
It turns out that the ESP32 has an internal temperature sensor. I want to use it.
I want the time the packet monitor takes to update the graph to be longer.
Currently the graph updates every tick but I want it to update every X millis
For future features that require user input, LVGL is needed
hi everyone, i would like to know how the analog battery circuit is connected and how it is done thanks.
Add SD card support to code base in preparation for marauder hardware redesign to include micro SD card slot
Create bools in WiFiScan that will help keep track of whether or not WiFi and BLE are initialized
each scan setup function should set initialized to true and each stop function should set initialized to false
This will help the Shutdown WiFi
and Shutdown BLE
menu options later
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.