Install Marauder firmware on ESP32
The ESP32 is a flexible microcontroller chip that supports WiFi and Bluetooth. It is commonly utilized in IoT (Internet of Things) projects because of its low cost, low power consumption, dual-core architecture, and wide range of networking possibilities.
Marauder firmware is a suite of WiFi/Bluetooth offensive and defensive tools designed for use with the ESP32.
To install the Marauder firmware on the ESP32, there are multiple options available. As described in the GitHub repository by justcallmekoko, We have the blue pill and red pill available, which you can check out here.
Flashing the Marauder firmware
For flashing Marauder firmware on the ESP32, we will use the FZEasyMarauderFlash Python script, which is the easiest option. You can follow the instructions in this GitHub repo.
Connecting ESP32 to Flipper Zero
For this example, I am using the Momentum firmware in my Flipper Zero.
Additionally, all the Flipper Zero related files can be found in this GitHub repository.
GPIO pins connection
To connect the ESP32 to the Flipper Zero using GPIO pins, we will need four jumper wires that will be connected to the 3V3, GND, RX0, and TX0 GPIO pins.
It’s important to note that the RX and TX labels are in reference to the device itself. Therefore, the RX from one device should be connected to the TX of the other, and vice versa.
| ESP32 | Flipper Zero | |
|---|---|---|
3V3 | → | 3V3 |
GND | → | GND |
RX0 | → | TX |
TX0 | → | RX |
WiFi Attacks
WiFi attacks involve the active transmission of WiFi data from the ESP32 Marauder. WiFi packets are specially crafted to accomplish a specific transmission goal. The following attacks can be used by the ESP32 Marauder.
To access the Marauder in Flipper Zero goto: Apps > GPIO > ESP > WiFi Marauder.
Rick Roll Beacon
In a Rick Roll Beacon attack, specially crafted beacon frames are transmitted. This causes the lyrics of “Never Gonna Give You Up” to display in the network lists of devices in range of the transmission.
Beacon Spam
In the beacon spam attack, the ESP32 broadcasts beacon frames for each SSID contained within its list of SSIDs. We can add SSIDs to the list, or we can generate random names.
Sniff EAPOL/PMKID
Using Marauder, we can sniff the Wi-Fi packets and capture the four-way Wi-Fi handshakes. To do that, we will capture all the raw packets.
References
- https://github.com/justcallmekoko/ESP32Marauder
- https://github.com/SkeletonMan03/FZEasyMarauderFlash
- https://www.youtube.com/watch?v=subLBPJ3IxU
Thank you for reading this far. Happy hacking!