Going to DEF CON was a dream I never thought would come to fruition. I remember 2009 being in 8th grade. Reading a physical copy of the magazine Wired. Sitting in the back of parent's minivan on the way to visit family in Milwaukee, WI, and seeing pictures and reading about the largest hacking conference in the world. There were hackers getting arrested, voting machine hacking, lock picking, and hacker jeopardy. That dream came true in 2016 at DEF CON 24.

At DEF CON 31 I returned to speak at the Hardware Hacking Village. My first time speaking at DEF CON was full of anxiety, as the Sunday before flying out I was testing the hardware and I found out I ordered the ESP-01 and not the ESP-01S. I was up until 1 AM trying to get it to work anyway, but ended up putting in a last minute Amazon order (at twice the price of AliExpress) to get the ESP-01S's I needed. Thankfully the Amazon delivery arrived that Tuesday and we flew out Wednesday evening.

My talk (Introduction To Esp8266/Esp32 Microcontrollers And Building A Wi-Fi Deauthentication Detector):

TL;DR of my talk:

• Buy CH340 USB to ESP8266 Serial ESP-01 ESP-01S Wireless Wi-Fi Development Board Module for Arduino Programmer Adapter. https://www.aliexpress.us/item/2251832785022470.html or (https://www.amazon.com/ESP-01S-Programmer-Adapter-Wireless-4-5-5-5V/dp/B07V556Q82 and https://www.amazon.com/ESP8266-ESP-01S-Wireless-Transceiver-DC3-0-3-6V/dp/B08B3VZS4N)
• Download, install, and run ArduinoIDE https://www.arduino.cc/en/software
• Install Additional Board Managers
• Copy and paste this into File->Preferences->Settings->Additional board manager URL's
  • https://arduino.esp8266.com/stable/package_esp8266com_index.json
• Get the code https://github.com/SpacehuhnTech/DeauthDetector
• Copy and paste the code into ArduinoIDE
• Comment out lines 14 and 15 LED_BUILTIN and LED_INVERT lines and change line 22 to match your region.
• Set dip switch to the right and flash
• Set dip switch the left and test by deauthing a device on the 2.4GHz band

Slides are available here: https://twitter.com/TheL0singEdge/status/1690142545605791752

Lesson's Learned:

• Test your hardware earlier than the Sunday before DEF CON.
• Get more free hardware. The 30 devices I brought were gone instantly.
• Bring a cooling towel, it's hot in Vegas.
• Follow the 321 rule: Three hours of sleep, two meals, one shower.

DEF CON 31 Tool Highlights:

• gssapi-abuse - Impersonating AD users on *nix based hosts
• CloudRecon - A suite of tools for red teamers and bug hunters to find ephemeral and development assets in their campaigns and hunts.
• DllNotificationInjection - New "threadless" process injection technique.
• ContainYourself - Use the Windows containers framework to bypass EDRs.
• NoFilter - Privilege escalation by abusing Windows Filtering Platform

References:
https://media.defcon.org
https://www.flickr.com/photos/r6_cannibal/albums/72177720310525638/
https://twitter.com/search?q=%23defcon

---

What is a Pwnagotchi?

From the Website:

Pwnagotchi is an A2C-based “AI” powered by bettercap and running on a Raspberry Pi Zero W that learns from its surrounding WiFi environment in order to maximize the crackable WPA key material it captures (either through passive sniffing or by performing deauthentication and association attacks). This material is collected on disk as PCAP files containing any form of handshake supported by hashcat, including full and half WPA handshakes as well as PMKIDs.

https://pwnagotchi.ai/intro/

Sound Familiar?

In case you're curious about the name: Pwnagotchi (ポーナゴッチ) is a portmanteau of pwn and -gotchi. It is a nostalgic reference made in homage to a very popular children's toy from the 1990s called the Tamagotchi. The Tamagotchi (たまごっち, derived from tamago (たまご) "egg" + uotchi (ウオッチ) "watch") is a cultural touchstone for many Millennial hackers as a formative electronic toy from our collective childhoods.

---

Legal

• I am not an attorney.
• Attacking wireless devices without permission is likely a violation of the Computer Fraud and Abuse Act (CFAA).

• Each state and country has their own laws pertaining to the unauthorized access and collection of data.

---

Cost

• Completed Build - $92.96
• Minimum Build - $26.48
  • Pi Zero With Headers - $14
  • 32GB MicroSD - $7.49
  • USB 2.0 A-Male to Micro B Cable - $4.99
• Extras - $66.48
  • Waveshare 2.13 inch e-Paper Display Hat 250x122 - $25.99
  • Battery - $38.99
  • Case - $1.50

Notes

• No soldering required if you buy the Raspberry Pi Zero with the preinstalled headers.
• Cases can be printed, the one used in this build: (https://www.thingiverse.com/thing:3920904).

---

Unboxing

Side B

---

Flashing an Image

From https://pwnagotchi.ai/installation/#flashing-an-image:

The easiest way to create a new Pwnagotchi is downloading the latest stable image from our release page and writing it to your SD card.

Once you have downloaded the latest Pwnagotchi image, you will need to use an image writing tool to install that image on your SD card. We recommend using balenaEtcher, a graphical SD card writing tool that works on Mac OS, Linux, and Windows; it is the easiest option for most users. (balenaEtcher also supports writing images directly from the ZIP file, without any unzipping required!)

To write your Pwnagotchi image with balenaEtcher:

• Download the latest Pwnagotchi .img file.
  • Verify the SHA-256 checksum of the .img
• Download balenaEtcher and install it.
• Connect an SD card reader with the SD card inside.
• Open balenaEtcher and select from your hard drive the Raspberry Pi .img or .zip file you wish to write to the SD card.
• Select the SD card you wish to write your image to.
• Review your selections, then click Flash! to begin writing data to the SD card.

As an alternative you can use dd on GNU/Linux or macOS:

Change the path to your image file, /dev/sdcard is the path to you SD card device.dd if=path/to/pwnagotchi-raspbian-lite-XXX.img of=/dev/sdcard bs=1M

Wait before removing the SD card as you will need to create one last file on it with the initial configuration.

https://pwnagotchi.ai/installation

Connect Your USB Micro to the Data Port and Wait for the Pwnagotchi to Boot

Configure Your Newly Found Ethernet Adapter

Connect to the Terminal via Putty

---

Words of Caution

• Pwngrid is enabled by default (Pwngrid is a cloud database controlled by ¯\_(ツ)_/¯)
• Whitelist networks, like your own, before connecting it to the internet
• Whitelisting alone will not prevent the handshake from being passively captured
• YML is very picky about syntax
• YML errors will cause screen not to function even when the logs look fine

---

Example Config

Edit the config located in /etc/pwnagotchi/config.yml, restart, and you should be good-to-go.

# Add your configuration overrides on this file any configuration changes done to default.yml will be lost!
# Example:
#
# ui:
#   display:
#     type: 'inkyphat'
#     color: 'black'
#
main:
  name: '<NAMEOFPWNAGOTCHI>'
  whitelist:
    - '<YOURNETWORK>'
  plugins:
    grid:
      enabled: false
      report: false
      exclude:
        - '<YOURNETWORK>'
ui:
    display:
      enabled: true
      type: 'waveshare_2'
      color: 'black'
    web:
        username: pi
        password: <YOURPASSWORD>

---

Anatomy of a Pwnagotchi Screen (https://pwnagotchi.ai/usage)

---

Completed Build

---

References

• https://pwnagotchi.ai
• https://www.reddit.com/r/pwnagotchi
• https://github.com/evilsocket/pwnagotchi
• https://community.pwnagotchi.ai
• Pwnagotchi Slack
• Fatmann66's YouTube Channel

---

- @TheL0singEdge