Wi-Fi jammer, or Wi-Fi jammer, is a gadget that is designed to disconnect wireless devices from a hotspot. Why is this needed? You can imagine both a friendly prank (a neighbor, of course, will be delighted when you cut off his porn video or, for example, a football match at the most interesting place), and criminal use: an attacker can disconnect security cameras or other important equipment from the network. In this article, we'll take a look at what inexpensive options for hardware deauthenticators are, how to use them, and how to protect yourself from such attacks.

How does the "silencer" work

Unlike real jammers, which interrupt the signal of the radio transmitter with their stronger signal, the deauthenticator works at the software level. It implements a denial of service attack by sending a deauthentication frame to the router on behalf of devices connected to the network. Since this frame is not encrypted in any way, it is enough for the jammer to find out the MAC addresses of the devices by sniffing the traffic on the network.

Usually, deauthentication is part of a complex attack on the network. It is used when creating an "evil twin" of an access point or to intercept a handshake, which then allows you to decrypt the password. However, a jammer can be useful on its own.

WARNING

All tips discussed are strongly recommended for educational purposes only. Blocking the transmission of data and the use of the considered means may be punishable by law. Penetration tests require the appropriate written confirmation from the customer. Remember that deauthorization data is stored in the router logs.

Recently, inexpensive and miniature boards with support for the NodeMCU software platform have gained great popularity. They are built on the ESP8266 module, which implements Wi-Fi according to the 802.11b / g / n standard at a frequency of 2.4 GHz. Now there are two variants of such boards: with the CP2102 chip from the American company Silicon Labs or with the Chinese CH340.

These boards are positioned as prototyping devices: based on them, craftsmen create automated systems controlled via Wi-Fi. The topic itself is quite exciting, but we are now interested in something else - the possibility of using NodeMCU to carry out attacks.

ESP8266 is not suitable for full-fledged monitoring and packet injection due to technical limitations, but it can be used as a deauthenticator - which led to the appearance of the corresponding firmware. Last year, a good man with the pseudonym Spacehuhn released the first one, but since then there have been other versions - with additional features. However, before moving on to the software, let's decide on the choice of hardware.

INFO

If you are looking for more serious wardriving equipment - with a monitoring mode and maybe even the ability to carry out MiTM attacks on the network - then check out our last year.

I will demonstrate the process using the example of a board from the Chinese manufacturer Dstike: it has an ESP8266 and has modes of operation as a client (P2P) and an access point (soft-AP). You can control the board from your smartphone or any other device with Wi-Fi.

I note that the performance of the software does not depend on either the chip or the board - you can choose any option at your discretion. Dstike products alone have several options in different designs and for use in different situations. All of them are united by one thing - the ability to jam networks.

Varieties of Dstike devices

Deauther Wristband- bracelet with built-in display, battery and switch. Convenient device for quick access to the control panel.

Deauther Power Bank- with a modified charge controller; control is carried out through a special panel. The controller has a connector for connecting an external antenna. Batteries are not included. This is a discreet device that can be easily left somewhere and used remotely.

Deauther OLED V3.5- in this version, you will additionally receive a connector for connecting an external antenna and a holder for a 18650 mAh battery. The device is controlled using buttons and a switch, and the output goes to the screen, which allows you to use this option without additional equipment.

The main advantage of these gadgets is the ability to select a specific network or all at once within the range of the device. Just in case, I’ll note that you don’t need a Wi-Fi password to carry out attacks! 🙂

Deauther 2.0 installation

Let's start with Deauther 2.0 - the same firmware that Spacehuhn developed. In his GitHub repository, you can choose the version for a specific board.

bin files are compiled sketches. They need to be installed on the board through a special bootloader. But if you want, then in the archives with the source code you will find libraries and sketches that can be installed through the Arduino IDE.

Continued available to members only

Option 1. Join the "site" community to read all the materials on the site

Membership in the community during the specified period will give you access to ALL Hacker materials, increase your personal cumulative discount and allow you to accumulate a professional Xakep Score rating!

How WiFi Jammer Works

Unlike real jammers, which interrupt the signal of the radio transmitter with their stronger signal, the deauthenticator works at the software level. It implements a denial of service attack by sending a deauthentication frame to the router on behalf of devices connected to the network. Since this frame is not encrypted in any way, it is enough for the jammer to find out the MAC addresses of the devices by sniffing the traffic on the network.

Usually deauthentication- this is part of a complex attack on the network. This attack is used to create an "evil twin" of an access point or to intercept a handshake, which then allows you to decrypt the password. However, a WiFi jammer can be useful on its own.

All tips discussed in the article are strongly recommended to be used for educational purposes only. Blocking the transmission of data and the use of the considered means may be punishable by law. Penetration tests require the appropriate written confirmation from the customer. Remember that deauthorization data is stored in the router logs.

Recently, inexpensive and miniature boards with support for the NodeMCU software platform have gained great popularity. They are built on the ESP8266 module, which implements Wi-Fi according to the 802.11 b / g / n standard at a frequency of 2.4 GHz. Now there are two variants of such boards: with the CP2102 chip from the American company Silicon Labs or with the Chinese CH340.

NodeMCU Versions

These boards are positioned as devices for prototyping: based on them, techies create automated systems controlled via WiFi. The topic itself is very interesting, but we are currently interested in something else - the possibility of using NodeMCU to carry out attacks.

ESP8266 is not suitable for full monitoring and packet injection due to technical limitations, but it can be used as a deauthenticator - which led to the appearance of the corresponding firmware. A year ago, a good person with the pseudonym Spacehuhn posted the first one, but since then other versions have appeared - with additional features. However, before moving on to the software part, let's decide on the choice of devices.

If you are looking for more serious wardriving equipment - with a monitoring mode and maybe even the ability to carry out MiTM attacks on the network - then check out our previous article.

In this article, I will demonstrate the process using the example of a board from the Chinese manufacturer Dstike: it has an ESP8266 and has modes of operation as a client (P2P) and an access point (soft-AP). You can control the board from your phone or any other device with WiFi.

I note that the functionality of the software does not depend on either the chip or the board - you can choose any option at your discretion. Dstike products alone have several options in different designs and for use in different situations. All of them are united by one thing - the ability to jam networks.

Varieties of Dstike devices

Deauther Wristband- bracelet with built-in display, battery and switch. Convenient device for quick access to the control panel.

Portable Jammer

Deauther Power Bank- with a modified charge controller; control is carried out through a special panel. The controller has a connector for connecting an external antenna. Batteries are not included. This is a discreet device that can be easily left somewhere and used remotely.

power bank
charge controller

Deauther OLED V3.5- in this version, you will additionally receive a connector for connecting an external one and a holder for a 18650 mAh battery. The device is controlled using buttons and a switch, and the output goes to the screen, which allows you to use this option without additional equipment.

Ready jammer with screen

The main advantage of these gadgets is the ability to select a specific network or all at once within the range of the device. Just in case, I’ll note that you don’t need a WiFi password to carry out attacks!

Deauther 2.0 installation

Let's start with Deauther 2.0 - the same firmware that Spacehuhn developed. In its GitHub repository, you can choose the board-specific version.

bin files are compiled sketches. They need to be installed on the board through a special bootloader. But if you want, then in the archives with the source code you will find libraries and sketches that can be installed through the Arduino IDE.

If you chose the option to download the binary, then first run the NodeMCU Flasher program. You can download it from the NodeMCU repository.

Install drivers for CP2102 or for CH340. After that, we connect the board to the computer, open the NodeMCU Flasher program, select the COM port in the device manager in the "Ports (COM and LPT)" section. Now go to the Config tab, click on the gear and select the downloaded .bin file.

Firmware program

After adding the file, its path will appear in the line on the left. Go to the Operation tab and click on Flash - the firmware will then be downloaded to the board.

If you are more comfortable installing through the Arduino IDE, then the process is slightly different. First of all, download the drivers in the same way (CP2102, CH340). Then open the Arduino IDE and in the "File" menu look for "Settings", click on "Add Link for Board Manager" and paste the two links:

We save everything.

Adding links

Open the "Tools" tab and select the "Board Manager" item from the "Board:..." menu.

Adding Boards

Select "Included" and install arduino-esp-8266-deauther and esp8266.

Installing packages

Open the folder with the sketch and libraries, go to "Tools". The settings should be like in my screenshot.

In the "Board" line, select ESP8266 Deauther Modules from the list.

Firmware download

In the Flash size line, select your module. Set the firmware and memory size as in the picture below.

Module versions

Once enabled, the board will create an access point. Connect to it and go to 192.168.4.1 or deauth.me. You will be taken to the configurator and see a warning.

A warning

In the configuration section, in the LANG line, specify ru to enable the Russian language in the web interface. For the settings to take effect, you need to click on "Save" and restart the device. Now it's ready to go.

Overview of features and settings

Let's quickly walk through the application and see what our handkerchief is now capable of.

Settings

If you connect a jammer via a serial port, then you can control the jammer using commands. This feature can be disabled in the settings by unchecking the SERIAL checkbox.

Commands for Serial Port Control

• scan[ ][-t ] [-c ][-ch ]
• show[ ]
• select[ ] []
• deselect[ ] []
• add ssid [-wpa2] [-cl ]
• add ssid -ap [-cl ][-f]
• add ssid -s [-f]
• add name [-ap ][-s]
• add name [-st ][-s]
• add name [-m ][-ch ][-b ][-s]
• set name
• enable random
• disable random
• load[ ] []
• save[ ] []
• remove
• remove
• attack [-t] ]
• attack status[ ]
• stop
• sysinfo
• clear
• format
• print [
• delete [] [
• replace
• copy
• rename
• run
• write
• get
• set
• reset
• chicken
• reboot
• //
• send deauth
• send beacon
• send probe
• led []
• led<#rrggbb> []
• led
• screen
• screen mode

600 seconds after the attacks start, they will automatically stop. If you don't want this to happen, you can manually set the timeout by setting the value in the ATTACKTIMEOUT menu: set to 0, and attacks will no longer automatically turn off.

If you click in the scan section Scan APs, then the jammer finds all Wi-Fi access points. Select one or more networks, and you can go to the attacks section. Mode Deauth disconnects all devices from the selected network. Mode beacon allows you to create up to 60 access points simultaneously.

Scanning and types of attacks

In chapter SSIDs access points are created for the Beacon attack.

Creating hotspots

The firmware provides the ability to connect a display - for the version of the device with it. But if you wish, you can solder the screen and buttons to the board yourself, as well as provide autonomous power to turn it into an independent device.

Also, the firmware developers, in addition to the WiFi jammer itself, also sell a device that allows it to be detected.

Detector

Wi-PWN

Consider a similar Wi-PWN firmware developed by Sam Denty (samdenty99). He improved Spacehuhn's creation and added deauthentication detector features and created a companion app for Android. As a result, using Wi-PWN is more convenient than Deauther 2.0.

After downloading and unpacking the archive, you will need to flash the board and install the application on your phone. In the folder you will find the ESP8266Flasher program. Run it, select the COM port and in the Config section - firmware (it is located along the path *\Wi-PWN-master\arduino\Wi-PWN). Now click Flash in the Operation tab.

From the phone we connect to the board via Wi-Fi.

WiFi network

We open the downloaded application, agree with the rules, indicate the name and password of the network. After setting up, we connect to the new WiFi.

Setting up an access point and completing the installation

The application has several tabs with speaking names:

• Scan- section with search and selection of several access points;
• Users- the function of scanning a specific Wi-Fi for connections and creating your own "users";
• attack- attacks are similar to the Spacehuhn version, but when cloning networks, the maximum number of users is 48 instead of 60 (this was the case in earlier versions of Deauther);
• Detector- a function that allows you to scan channels and identify jammers;
• Settings- WiFi server setup (network name, password). Here you can also enable the WiFi client and configure scanning and attack settings.

For stable operation of the device, I recommend attaching a radiator to the heated part of the device. Otherwise, the jammer may overheat and shut down.

WiFi Jammer Protection

NodeMCU is a cheap, versatile, powerful and compact deauthentication solution. You can repeat the entire project quickly and without much effort. And since anyone can do it, it's a good idea to think about protection.

Most popular routers use the IEEE 802.11b/g/n standards, which are susceptible to jamming. If you want to eliminate this possibility, then look for a router that supports the 802.11w standard, which completely protects users from WiFi jammers.

Some routers have anti-spam protection, but it only works with devices connected to the network, and WiFi jammer does not connect to the network. If your router has anti-spam protection that works with unconnected devices, then I advise you to activate it!

Software installation process:
Connect the module to the computer and contact the device manager. If your module will be displayed as an unknown source, or USB2.0-serial, then you need to install the driver.

If this does not help, then you need to use the driver installation through driver update programs.
I used DriverScanner

After the update, the module will be recognized

Now you need to send here

You must be logged in to see links.

Here is the official instruction. There are 2 installation options. Let's go for the simplest

You must be logged in to see links.

1) Download BIN file

You must be logged in to see links.

(

You must be logged in to see links.

)
2) Download the utility
for windows 64

You must be logged in to see links.

for windows 32

You must be logged in to see links.

3) Run the utility. It is advisable to disconnect all USB devices so that there is no conflict and you are not confused.
In the first column you need to select a module

In the second path to the BIN file.

Well, the third point:

The device can work freely from any power source via USB (phone, power bank, laptop...)

After all the steps, you will have a public hotspot. But after a while it will become closed (if this did not happen, then it is possible 1) you did not put the bin file and the utility in the same folder during the firmware 2) you just need to reconnect the device)

We connect to the network using these data:
access point - pwned
password - deauther

Here you can select the network you want to block. In order to select multiple networks, you must check the box in the settings

Select a network, go to the "Attack" section

What is a GSM, 3G, Wi-Fi signal jammer?

Many people love silence, this state is very important and indispensable during a theatrical performance or a classical music concert.

There are also moments when you want to quietly and peacefully drive to your stop by public transport, whether it be a tram or a fixed-route taxi. What a pity that the silence is often broken by those who like to talk on a mobile phone.

Now they will not be able to disturb your peace, you just need to use the GSM jammer device, which is a cellular signal blocker. The word "jammer" is just a communication suppressor. Among the main elements of the device are:

• microcontroller;
• integrating chain;
• module;
• amplifier.

The jammer is powered by batteries, which are used on mobile phones. The latter is attached directly to the board.

How does a cell phone jammer work?

Now a little about the principle of operation of the device. This device is a generator of white noise - a signal that does not contain any information. The cutoff frequency of such a signal is 10 kHz. The generated signal is increased by the action of the power amplifier, so it is quite enough to interfere with a telephone conversation.

The simplicity of the device device allows you to assemble a similar jammer (jammer) with your own hands. There is nothing complicated about this, and assembly methods and its sequence are available in large numbers on the worldwide web. Also, this device can be purchased ready-made, the production and assembly of most "jammers" is carried out in China.

Suppressed waves

In addition to mobile signals, this jammer is capable of jamming wireless internet signals such as 3G and Wi-Fi.

The work of the jammer has its own characteristics. So, if the communication session that you want to influence (mute) has already begun, then the device will work after 15 seconds. Therefore, if you are interested in the fact that the conversation does not take place at all, then you must use the device before the connection is established. The device has its own coverage area, it averages 7-8 meters. The range depends on the model and the absence of extraneous interference (outside the city, the range of the device will increase three times).

The age of modern and progressive technologies is certainly good. However, there are moments when silence is needed: theater, opera, classical music concert. There are people who do not have a sense of tact or are simply not brought up. For people like them, a jammer was created, which will not allow them to interfere with enjoying anything because this ignoramus is talking loudly on the phone.

Deputy Director for Development Kerimov Rostislav.

If you have any proproblems with wireless devices, you should read the article " ».

Is it possible to jam Wi-Fi?

You (or your organization) took a responsible approach to setting up wireless access points (Wi-Fi): you used, first of all, turned off WPS and came up with a very complex password. Does this mean that now you can relax? No, attackers have at least a couple more tricks up their sleeve - DoS and Wi-Fi jamming. Even if they cannot penetrate your network, they can prevent it from working properly.

This the instruction describes the jamming of Wi-Fi, intended for a stress test your wireless network so that you can assess existing threats and take preventive security measures.

How to start Wifi_Jammer correctly

After updating Aircrack-ng, the name of the wireless interface has changed. Unfortunately Wifi_Jammer stopped working. But this can easily be fixed with a single line correction. See the article for details ". If you have already edited the Wifi_Jammer source code, then you can continue.

Let's see the name of our interface:

airmon-ng

Run the following command like this: airmon-ng start interface_name. I have so:

airmon-ng start wlan0

Please note that I have a warning (you may not have one):

Found 2 processes that could cause trouble. If airodump-ng, airplay-ng or airtun-ng stops working after a short period of time, you may want to kill (some of) them! PID Name 3036 NetworkManager 3187 dhclient

The program warns that there are conflicts with other applications and that if airodump-ng, aireplay-ng or airtun-ng stops running after a short time, then I need to stop the named processes. This can be done like this (you can have your own numbers - look at the PID):

Kill 3036 kill 3187

We continue:

airodump-ng wlan0mon

I will train on my own TD - it is at the very top.

Launching WebSploit

websploit

Enable the wifi_jammer plugin

Wsf > use wifi/wifi_jammer

Let's take a look at its options.

Wsf:Wifi_Jammer > show options

We need to set essid, bssid, channel and mon. This data can be taken from the output of airodump-ng.

wsf:Wifi_Jammer > set essid Mial wsf:Wifi_Jammer > set bssid 20:25:64:16:58:8C wsf:Wifi_Jammer > set channel 11

Also required:

Wsf:Wifi_Jammer > set mon wlan0mon

Please note that there are no options here, you need to set the value exactly in wlan0mon.

We launch the team run:

Wsf:Wifi_Jammer > run

There are two ways to control the process. The first is to simply make sure that your devices are no longer connected to the wireless Wi-Fi network. The second is with the command airodump-ng wlan0mon. Pay attention to such a field of its output as PWR. Its value during normal operation was in the region of 40.

After the start of the attack, the PWR value is 0 and does not rise until the very end of the attack. The Wi-Fi network is not available at this time.

In this example, we jammed one access point, it is possible to jam all APs at once, for example, with this program.

The essence of the attack lies in the continuous sending of deauthentication packets.

Fighting Wi-Fi jamming

• They say that there are models of routers that do not pay attention to deauthentication broadcast packets. Might be worth looking into similar models.
• During the attack, you need to understand that the attacker must be in close proximity - no more than a few hundred meters.
• You can set up automatic channel selection on the access point. This should make the attack more difficult, since the attacker will have to take care of switching channels.
• A radical solution is to buy a wired router.

Thank you for your attention! Use the received data only for good purposes. This will keep you and other people out of trouble. As always, link sharing is welcome.