pwnagotchi 2022


Pwnagotchi is a cool project that I had seen a few years back and just recent decided to finally take a look at it.

What is Pwnagotchi?

Pwnagotchi is a small "AI" device derived from the 90's toy Tamagotchi. Similar to the toy, you please your Pwnagotchi by allowing it to observe and "eat" wifi handshakes. The artificial intelligence of the Pwnagotchi allows it to analyze it's surroundings making decisions on how to best collect wifi handshakes through passive sniffing, deauthentication and association attacks. 

Pwnagotchi is capable of storing the collected handshakes supporting hashcat to later crack the obtained handshakes, thus possibly providing the wifi network password.

If you don't have any pi's around, the whole project costs about 60-70 bucks including the Waveshare ink screen, Raspberry Pi Zero and Pisugar2 power pack.



Configuration Notes:

While the project is seemingly abandoned by its original developer, the documentation is still pretty relavent to complete this project. 

Image used: Build 1.5.5 to a 32gb Micro SD using Etcher.

I booted my Pi Zero before editing my config file. Once booted, Windows detected the device but did not install the correct drivers for the device to be identified as an RNDIS, I had to download drivers found here https://www.factoryforward.com/wp-content/uploads/2018/01/mod-duo-rndis.zip
 
In device manager, find the device under USB devices and install the new drivers. It will then be listed under Network devices as an RNDIS device. 

Go to network adapters and find your new network adapter. Right click properties - Tcpip 4 and manually assign an IP, subnet mask and DNS:

IP: 10.0.0.1
255.0.0.0
DNS: 1.1.1.1 (google)

Once this has applied, use putty to SSH into Pwnagotchi.

pi@10.0.0.2
Pass:raspberry

At this point I was connected SSH and also able to the webgui 10.0.0.2:8080.

Under plugins I enabled Bluetooth. I then began to edit the config file with

sudo nano /etc/pwnagotchi/config.toml

Here I changed my pwnagotchi name, configured the bluetooth, changed the webui password, opted in on grid. Grid is a Pwnagotchi API that collects stats on your device and shares then with others, keeping track of your stats.

bluetoothctl

Once connected via Bluetooth, was now able to SSH into my Pwnagotchi using an Android app called Juice SSH allowing me to perform more work from my phone. 

I installed the Pisugar2 device drivers and pwnagotchi support plugin that basically includes the battery percentage on your pwnagotchi web and screen UI. What was cool was discovering the functions of Pisugar2 - the webui for the device allows you to configure sequential button functions such as single click, double click, or long click and have it run a shell command. This is awesome for providing a proper way to shutdown, launch an service, etc.




In additional you can also schedule wakeup times which is awesome for turning on my Pwnagotchi at specific time automatically.

I was able to enable paw-gps and have my pwnagotchi map pwn'd access points through the GPS on my phone. You can view them in the webui pwnagotchiname:8080/plugins/webgpsmap. 
I ended up grabbing a U-blox 7 GPS module as I was more interested in making it standalone, rather than absolutely needing bt-teethering for geo positions.

U-blox has a piece of software called 'U-central' that I tested my unit it on prior to, but plugging it into my PI Zero I was able immediately see it with 

>lsusb



Knowing the device was detected, I used dmesg to try and be certain of its assignment:

dmesg | grep tty
I could see it was assigned ttyACM0 - so I added this to my config so it knew which device to use when a handshake is captured to mark it's coordinates.



I took my unit outside initially and gave it a few minutes to initialize and be located by GPS satellites. After a few minutes, the green LED began to flash I was receiving coordinates.

Now knowing that works, I would like to redesign the case to I cooperate the GPS module, wiring it into the GPIO rather than externally connected USB.





Comments