Pwnagotchi is a cool project that I had seen a few years back and just recent decided to finally take a look at it.
What is Pwnagotchi?
Pwnagotchi is a small "AI" device derived from the 90's toy Tamagotchi. Similar to the toy, you please your Pwnagotchi by allowing it to observe and "eat" wifi handshakes. The artificial intelligence of the Pwnagotchi allows it to analyze it's surroundings making decisions on how to best collect wifi handshakes through passive sniffing, deauthentication and association attacks.
Pwnagotchi stores the collected handshakes as PCAP files, that can later attempt to be cracked, or collected and mapped via GPS of novelty rewards of wonder.
If you don't have any pi's around, the whole project costs about 60-70 bucks including the Waveshare ink screen, Raspberry Pi Zero and Pisugar2 power pack.
Configuration Notes:
While the project is seemingly abandoned, the documentation is still pretty relavent to complete this project.
Image used: Build 1.5.5 to a 32gb Micro SD using Etcher.
I booted my Pi Zero before editing my config file. Once booted, Windows detected the device but did not install the correct drivers for the device to be identified as an RNDIS, I downloaded the drivers found here: https://www.factoryforward.com/wp-content/uploads/2018/01/mod-duo-rndis.zip
In device manager, find the device under USB devices and install the new drivers. It will then be listed under Network devices as an RNDIS device.
Once this is complete, I went to network adapters and found my RNDIS adapter. Right click properties - Tcpip 4 and manually assigned an IP, subnet mask and DNS:
IP: 10.0.0.1
255.0.0.0
DNS: 1.1.1.1 (google)
Once this has applied, I use putty to SSH into Pwnagotchi.
pi@10.0.0.2
Pass:raspberry
At this point I was connected SSH and also able to the webgui 10.0.0.2:8080.
Under plugins I enabled Bluetooth. I then began to edit the config file with
sudo nano /etc/pwnagotchi/config.toml
Here I changed my pwnagotchi name, configured the bluetooth by adding my phones bluetooth mac address, changed the webui password, opted in on grid. Grid is a Pwnagotchi API that collects stats on your device and shares then with others, keeping track of your pwnagotchi stats.
With my Pi Zero, I did have issues auto pairing for Bluetooth. To resolved this, I used
bluetoothctl
pair xx:xx:xx:xx:xx
trust xx:xx:xx:xx:xx
exit
x marks your own mac address.
Once connected via Bluetooth, was now able to SSH into my Pwnagotchi using an Android app called Juice SSH.
I installed the Pisugar2 device drivers and pwnagotchi support plugin that basically includes the battery percentage on your pwnagotchi web and screen UI. What was cool was discovering the functions of Pisugar2.The webui for the device allows you to configure sequential button functions such as single click, double click, or long click and have it run a shell command. This is awesome for providing a proper way to shutdown, launch an service, etc.
I was able to enable paw-gps and have my pwnagotchi map pwn'd access points through the GPS on my phone. You can view them in the webui pwnagotchiname:8080/plugins/webgpsmap.
I ended up grabbing a U-blox 7 GPS module as I was more interested in making it standalone, rather than absolutely needing bt-teethering for geo positions.
U-blox has a piece of software called 'U-central' that I tested my unit it on prior to, but plugging it into my PI Zero I was able immediately see it with
>lsusb
Knowing the device was detected, I used dmesg to try and be certain of its assignment:
dmesg | grep tty
I could see it was assigned ttyACM0 - so I added this to my config so it knew which device to use when a handshake is captured to mark it's coordinates.
.
No comments:
Post a Comment