Pwnagotchi — hacking WiFi networks in seconds | Real Experiment

Sumsub
31 Oct 202310:43

Summary

TLDRThe video introduces 'Pwnagotchi,' an open-source device designed for hacking Wi-Fi networks, combining the concept of a digital pet with hacking capabilities. It uses a Raspberry Pi 0, an e-ink display, and a micro SD card to operate. Pwnagotchi intercepts WPA handshakes to crack passwords, utilizing AI to learn and improve its hacking efficiency. The device is automatic, requiring only power to function, and its progress is indicated by different pet faces displayed on the screen. The video also offers tips on how to protect Wi-Fi networks from such attacks.

Takeaways

  • 💡 Hacking Wi-Fi networks can be simplified with a cheap, self-made device called Pwnagotchi, which combines hacking capabilities with a digital pet.
  • 🔧 The Pwnagotchi device is assembled using a Raspberry Pi Zero, an e-ink display, a micro SD card, and other components, with a total cost of around $45.
  • 🛠️ Pwnagotchi is an open-source project, and its firmware can be downloaded from the project's website for setup and configuration.
  • 📡 The device operates automatically once configured, hacking Wi-Fi networks within range by intercepting and analyzing handshake packets.
  • 🔍 Pwnagotchi uses bettercap, a tool for Wi-Fi, Bluetooth, wireless HID, and network reconnaissance, to collect authentication packets.
  • 🤖 Powered by AI, Pwnagotchi employs an actor-advantage-critic model to learn and improve its Wi-Fi hacking capabilities.
  • 🎮 The digital pet aspect of Pwnagotchi provides visual feedback on its activities and mood, with different faces for various states.
  • 🛑 To protect against such hacking attempts, network administrators should use strong passwords, monitor connected devices, and consider implementing a whitelist of allowed MAC addresses.
  • 🚨 The video also touches on the broader topic of fraud prevention, emphasizing the importance of detecting and responding to suspicious activities to avoid account takeovers.
  • 🔗 The video is produced by suub, a platform aiming to make the digital world more secure and user-friendly, offering insights into both hacking devices and fraud prevention.

Q & A

  • What is the main purpose of Pwnagotchi?

    -The main purpose of Pwnagotchi is to hack Wi-Fi networks, even those that are password-protected, using a cheap, self-made, open-source device.

  • What components are needed to assemble a Pwnagotchi?

    -To assemble a Pwnagotchi, you need a single board computer like Raspberry Pi Zero (costing about $15), a power supply, an e-link display (approximately $9), and a fast micro SD card with at least 8 GB capacity.

  • How does Pwnagotchi intercept Wi-Fi handshakes?

    -Pwnagotchi intercepts Wi-Fi handshakes by capturing the four packets exchanged between the client device and the access point during the WPA or WPA 2 Wireless protocol. These packets are used to derive session keys from the Wi-Fi password.

  • What is the role of the virtual pet inside Pwnagotchi?

    -The virtual pet inside Pwnagotchi adds an element of fun to the device. It displays different faces based on the device's status, such as sleeping, hopping among Wi-Fi channels, and showing different emotions like happiness or boredom.

  • How does Pwnagotchi use artificial intelligence?

    -Pwnagotchi uses an AI model called actor-Advantage critic to teach itself and improve its ability to hack Wi-Fi networks. The more Wi-Fi networks it encounters, the faster it learns and cracks new networks.

  • What tools does Pwnagotchi use for network reconnaissance and attacks?

    -Pwnagotchi uses Bettercap, a special tool for Wi-Fi, Bluetooth, wireless HID, network reconnaissance, and MITM (Man-In-The-Middle) attacks to collect authentication packets and perform various hacking activities.

  • How can you protect your Wi-Fi network from devices like Pwnagotchi?

    -To protect your Wi-Fi network, use strong passwords, monitor connected clients, and configure your network to only allow devices with pre-approved MAC addresses on a whitelist to connect.

  • What are the two methods Pwnagotchi can use to intercept handshake packets?

    -Pwnagotchi can use two methods: de-authenticating client devices to force them to repeat the handshake, and sending association frames directly to access points to try to force them to leak the PMKID.

  • How does the user interface of Pwnagotchi work?

    -The user interface of Pwnagotchi is fairly simple, displaying information about the device's operation on the screen, along with the virtual pet's face, which indicates the device's status and activities.

  • What is the significance of the Pwnagotchi's ability to automatically hack Wi-Fi networks?

    -The ability of Pwnagotchi to automatically hack Wi-Fi networks signifies that once switched on, it requires no user intervention to perform its hacking activities, making it a potentially dangerous and unattended threat to Wi-Fi security.

  • What additional advice is given in the script for protecting against hacking and fraud?

    -The script advises using strong passwords for all accounts, keeping an eye on connected clients, and considering fraud prevention systems that can detect suspicious activities and conduct additional checks, such as biometric and liveness verifications.

Outlines

00:00

🔧 Introducing Pwnagotchi: The DIY Wi-Fi Hacking Device

This paragraph introduces Pwnagotchi, a self-made, open-source device designed for hacking Wi-Fi networks. It combines the concept of a digital pet with hacking capabilities, allowing users to easily crack password-protected Wi-Fi networks. The device is assembled using a Raspberry Pi, an e-link display, a power bank, and a micro SD card. The assembly process is straightforward, and once the hardware is set up, firmware is downloaded from the Pwnagotchi project website and written to the SD card. The device operates automatically, requiring no user intervention beyond powering it on.

05:00

🕵️‍♂️ How Pwnagotchi Hacks Wi-Fi Networks and its AI Capabilities

This paragraph delves into the technical process of how Pwnagotchi hacks Wi-Fi networks. It intercepts handshake packets during the WPA or WPA 2 wireless protocol, which are essential for establishing a secure connection. By collecting these packets, Pwnagotchi can use tools like hashcat software or online hash cracking services to recover the Wi-Fi password. The device also employs AI, specifically the actor-advantage critic model, to learn and improve its hacking abilities. Pwnagotchi's interface provides real-time feedback on its operations, with a digital pet that displays different moods based on the device's activities.

10:03

🛡️ Protecting Your Wi-Fi Network from Pwnagotchi and Other Threats

The final paragraph focuses on security measures to protect Wi-Fi networks from hacking devices like Pwnagotchi. It suggests using strong network passwords, monitoring connected clients, and configuring the network to allow only devices with pre-approved MAC addresses. The paragraph also emphasizes the importance of being vigilant against suspicious devices and individuals, and the potential benefits of implementing fraud prevention systems to detect and mitigate unauthorized access attempts.

Mindmap

Keywords

💡Hacking

Hacking refers to the unauthorized access or manipulation of computer systems, networks, or data. In the context of the video, hacking is shown to be made accessible through a device called Pwnagotchi, which simplifies the process of hacking Wi-Fi networks, even for those without extensive technical knowledge.

💡Pwnagotchi

Pwnagotchi is a self-made, open-source device designed for hacking Wi-Fi networks. It combines the functionality of a digital pet with hacking capabilities, making it an engaging and educational tool for those interested in cybersecurity. The device is powered by artificial intelligence and learns to hack more efficiently over time.

💡Raspberry Pi

Raspberry Pi is a series of small single-board computers used for various computing projects. In the video, a Raspberry Pi 0 is used as the central processing unit for the Pwnagotchi, highlighting its affordability and versatility in DIY projects related to hacking and cybersecurity.

💡Wi-Fi Network

A Wi-Fi network is a wireless local area network (WLAN) that uses Wi-Fi technology for devices to connect and communicate. The video focuses on the vulnerability of Wi-Fi networks to hacking, especially when they are not properly secured with strong passwords or up-to-date security protocols.

💡Handshaking Hashes

Handshaking hashes are cryptographic data packets exchanged between devices and a Wi-Fi network during the authentication process. These hashes are crucial for establishing a secure connection. In the context of hacking, capturing these hashes can allow an attacker to recover the password used for the Wi-Fi network.

💡Bettercap

Bettercap is a security testing tool used for Wi-Fi, Bluetooth, wireless HID, and IPv4 and IPv6 network reconnaissance, as well as man-in-the-middle (MITM) attacks. In the video, Pwnagotchi uses Bettercap to collect authentication packets, which are essential for hacking Wi-Fi networks.

💡Artificial Intelligence (AI)

Artificial Intelligence refers to the simulation of human intelligence in machines that are programmed to think and learn like humans. In the video, Pwnagotchi uses an AI model called actor-advantage-critic to teach itself how to hack Wi-Fi networks more effectively over time.

💡Firmware

Firmware is a type of software that provides the low-level control for a device's specific hardware. In the context of the video, firmware is the software that needs to be downloaded and written onto the SD card to enable the Pwnagotchi device to function and perform its hacking tasks.

💡SSID

SSID (Service Set Identifier) is a unique identifier that distinguishes a Wi-Fi network from others. It is the name of the network that devices look for when connecting to Wi-Fi. The video emphasizes the importance of not including the name of one's own Wi-Fi network in the Pwnagotchi configuration to prevent it from being hacked.

💡Network Security

Network security encompasses the technologies and practices designed to prevent unauthorized access, misuse, modification, or destruction of a network and its data. The video highlights the importance of network security by demonstrating how easily Wi-Fi networks can be compromised without proper protection measures.

💡MAC Address

A MAC (Media Access Control) address is a unique identifier assigned to network interfaces for communications on the physical network segment. In the context of the video, MAC addresses are mentioned as a security measure where networks can be configured to only allow connections from devices with pre-approved MAC addresses.

Highlights

Introducing Pwnagotchi, a cheap device designed to hack Wi-Fi networks easily.

Pwnagotchi is a self-made, open-source device with a digital pet inside.

The device can automatically hack password-protected Wi-Fi networks when in proximity.

Assembling Pwnagotchi is straightforward, requiring a Raspberry Pi Zero, power supply, e-ink display, and a micro SD card.

The device's cost-effective components, such as the $15 Raspberry Pi Zero and the $9 e-ink display, make it accessible.

Pwnagotchi's assembly involves downloading firmware and configuring settings like the virtual pet's name and Wi-Fi network names.

Once assembled and powered, Pwnagotchi operates automatically to hack Wi-Fi networks.

Pwnagotchi intercepts Wi-Fi handshake packets, which can be cracked using hashcat software or online hash cracking services.

The device uses bettercap for Wi-Fi, Bluetooth, wireless HID, and network reconnaissance, as well as MITM attacks.

Powered by AI, Pwnagotchi employs the actor-advantage critic model to learn and enhance its Wi-Fi hacking capabilities.

Pwnagotchi's AI-driven learning process is influenced by the number of Wi-Fi networks it encounters and hacks.

The device displays its operation status and virtual pet mood through different faces on the screen.

Users can customize the virtual pet's faces and monitor the device's activities through the simple user interface.

Pwnagotchi's automatic operation and lack of physical controls make it a unique and innovative hacking tool.

The project website features a pet rating system similar to Pokémon Go, but for hackers.

To protect against such hacking attempts, users should be vigilant about the presence of suspicious devices and maintain strong Wi-Fi security.

Implementing fraud prevention systems can help businesses detect and prevent unauthorized access and abuse of user accounts.

Whitelisting devices by MAC address is recommended to enhance wireless network security.

Suub aims to help users stay safe and navigate the digital world securely through informative content.

Transcripts

play00:09

[Music]

play00:25

[Music]

play00:31

hacking is considered very difficult but

play00:33

we made a cheap device that made it easy

play00:36

this device can automatically hack any

play00:38

Wi-Fi network even if it's password

play00:41

protected to do this the attacker just

play00:43

needs to be

play00:45

nearby meet pwnagotchi from the words

play00:48

pone and Tamagotchi this is a self-made

play00:51

open-source simple and cheap device for

play00:54

hacking Wi-Fi networks oh and it has a

play00:57

fun digital pet inside let's see what

play01:00

it's made of and how it works this video

play01:03

was created by suub the verification

play01:05

platform we make the digital world

play01:08

people friendly yet

play01:13

secure well how do hackers assemble it

play01:16

themselves it's not so difficult to put

play01:18

all the parts together firstly we need a

play01:21

single board computer the Raspberry Pi

play01:24

0w it only costs about $15 and can be

play01:27

purchased on the internet we plug

play01:30

Raspberry Pi into the power supply for

play01:33

$19.56 then we plug the screen into the

play01:35

connector on the board hogi uses an

play01:38

e-link display that can be bought for

play01:40

approximately

play01:41

$9 unfortunately the shipping company

play01:44

seems to have dropped an elephant on our

play01:46

parcel in transit because when we

play01:48

unpacked the Box containing the power

play01:50

unit we found that the micro USB

play01:52

connector and the battery connector on

play01:54

the board were damaged it doesn't work

play01:57

that's why we use the small power bank

play01:59

to power power up our pona GOI finally

play02:02

we need a fast micro SD card to put the

play02:05

operating system on it at a minimum of 8

play02:07

gab capacity anything for about a dollar

play02:10

will be good when the hardware is

play02:12

assembled we need to download firmware

play02:15

from ponoi Project website and write it

play02:17

to an SD card using Bina etra

play02:21

program once the firmware has been

play02:23

written on the SD card we access it on

play02:25

the computer open the boot folder and

play02:28

create a configuration file called

play02:30

config

play02:31

dotl in this file we will need to

play02:34

specify the virtual pet's name screen

play02:36

type and the names of our home Wi-Fi

play02:38

networks otherwise pagi will hack

play02:42

them the preparations are complete we

play02:45

connect the pon GOI to the computer with

play02:47

the

play02:48

cable raspberry pi0 has two USB ports

play02:52

one for power only and one for data you

play02:54

should use the second we need to

play02:57

configure the IP address subnet mask and

play02:59

G Gateway for SSH access to the device

play03:03

complete now just power up the pag GOI

play03:06

and the device will work

play03:12

automatically so you may think that this

play03:14

device is like a cheap version of

play03:16

flipper zero as it also embodies a pixel

play03:18

art dolphin virtual pet but it's not

play03:21

flipper zero contains many hacking tools

play03:24

and various applications can be

play03:25

installed on it and it requires button

play03:28

control GOI is only made for one thing

play03:32

hacking Wi-Fi networks but this device

play03:34

is completely automatic all you have to

play03:37

do is switch it on and let it do it all

play03:39

by itself let's conduct an experiment

play03:42

and check it

play03:46

out to hack a wireless network even a

play03:49

password protected one an attacker with

play03:51

pag GOI simply needs to be within range

play03:54

of the network oh a new wireless network

play03:58

pwned the information intercepted by

play04:01

pagi is transmitted to a program that

play04:03

picks up the passwords by collecting

play04:06

handshaking hashes and recovering

play04:08

passwords an attacker can connect to

play04:10

your wireless network they can get all

play04:13

the files from shared folders and access

play04:15

the internet through your channel and

play04:17

access the devices connected to your

play04:20

network there is also a pet rating on

play04:22

the project website kind of like a

play04:24

Pokémon go for

play04:28

hackers

play04:31

how exactly does pagi work when an

play04:34

access point and a device establish a

play04:36

Wi-Fi connection they exchange special

play04:38

data packets called a handshake in the

play04:41

WPA or WPA 2 Wireless protocol imagine

play04:45

that your phone connects to your home

play04:46

Wi-Fi network before it can securely

play04:49

send and receive data to and from the

play04:52

access point the WPA encryption Keys

play04:55

must be generated this process involves

play04:57

the exchange of four packets between the

play05:00

client device and the access point these

play05:02

are used to derive the session keys from

play05:04

the access Point's Wi-Fi password once

play05:07

the packets have been successfully

play05:08

exchanged and the keys have been

play05:10

generated the client device is

play05:12

authenticated and can begin to send and

play05:14

receive secure and encrypted data the

play05:17

WPA handshake is transmitted by the

play05:20

client in the second message of the

play05:22

four-step handshake process the content

play05:25

of this packet is hashed and it serves

play05:27

as proof to the access point that the

play05:29

client knows the psk shared key pagi

play05:32

intercepts and stores such packets this

play05:35

material is collected on an SD card as

play05:37

pcap files containing any form of

play05:40

crackable

play05:41

handshake then a hash can be used to

play05:43

find the password using a special

play05:45

dictionary on a computer using hashcat

play05:47

software or with special online services

play05:51

such as online hash crack pagi uses

play05:54

better cap a special tool for Wi-Fi

play05:57

Bluetooth wireless hid hijacking

play06:00

ipv4 and IPv6 networks reconnaissance

play06:03

and mitm attacks to collect as many

play06:06

authentication packets as possible honer

play06:08

GOI can use two methods the first one is

play06:11

De authenticating the clients if the

play06:13

client device receives a disconnect

play06:15

signal on reconnection it must repeat

play06:18

the four-step handshake and the packet

play06:20

may be

play06:21

intercepted the second one is sending

play06:23

Association frames directly to the

play06:25

access points to try to force them to

play06:27

leak the pmk ID the most interesting

play06:30

thing is that the pag GOI is powered by

play06:32

artificial intelligence it uses AI model

play06:35

actor Advantage critic to teach itself

play06:38

and enforce hacking Wi-Fi networks the

play06:41

device makes funny faces that show its

play06:43

mood if pag GOI said that it's bored it

play06:46

must be fed immediately to do this we

play06:49

need to take the pag GOI to a place

play06:51

where there are lots of Wi-Fi networks

play06:53

to hack the more practice it gets the

play06:56

faster poni will crack new wireless

play06:58

networks

play07:03

pagi doesn't have any controls it works

play07:07

automatically all information about the

play07:09

operation of the device is displayed on

play07:11

the screen the screen displays a

play07:13

different

play07:14

information also it shows the special

play07:17

message when another person with a poni

play07:19

is nearby the virtual pet can show the

play07:22

different faces sleeping this is the

play07:25

state the unit will start from moreover

play07:28

from time to time your Pon GOI will also

play07:30

perform naps of a few seconds while

play07:32

hopping among Wi-Fi channels Awakening

play07:36

the unit is in its last seconds of its

play07:37

nap normal this face is the neutral

play07:40

awake status of the unit observing the

play07:43

ponoi is waiting and observing what

play07:46

better cap can find on all the channels

play07:48

it's hopping on intense the unit is

play07:51

sending an association frame to an

play07:53

access point in order to force it to

play07:55

leak the pmk ID cool the unit is the

play07:58

authenticating a client station from an

play08:00

access point happy your pona GOI is

play08:03

happy for some reason and so on the user

play08:07

can customize the faces set by editing

play08:10

one of the system files the device has a

play08:13

fairly simple user interface by looking

play08:15

at your pet's face and the information

play08:17

on the screen you can tell exactly what

play08:19

your device is doing right

play08:23

[Music]

play08:25

now so how can you protect yourself the

play08:29

first first thing to look out for is of

play08:31

course the presence of a suspicious

play08:33

person near your equipment with a

play08:35

suspicious device in their

play08:37

hands use a strong network password for

play08:40

your Wi-Fi and keep an eye on the

play08:42

clients connected to the

play08:45

network this rule can be applied to any

play08:47

situation from Wi-Fi networks to your

play08:50

social media and bank accounts however

play08:52

and even then there is a chance that

play08:54

criminals will hack into your account

play08:55

and abuse it hi this is Lucas from ssup

play08:59

and and today we're going to look at how

play09:00

fraudes can impact businesses by taking

play09:03

over user accounts say for example

play09:05

you're a car sharing company many of

play09:06

your clients register just for a single

play09:08

ride maybe several but then forget about

play09:10

their account sometime later down the

play09:12

line a frauds that can get these

play09:14

credentials and abuse the service in

play09:15

someone else's name you might try to get

play09:17

back in contact with a customer who in

play09:19

reality isn't even aware of the

play09:21

situation and yet all of this could have

play09:23

been avoided if your car sharing company

play09:26

implemented a fraud prevention system in

play09:28

the first place which would have spotted

play09:30

any of the suspicious activity at a much

play09:31

earlier stage fraud prevention systems

play09:34

can detect suspicious activity such as

play09:36

unusual IP addresses new device logins

play09:40

and then conduct additional checks if

play09:41

necessary some sub provide such a

play09:43

solution allowing companies to request

play09:45

biometric and liveness checks from their

play09:47

customers to verify their authenticity

play09:50

if you would like to learn more about

play09:51

fraud prevention Solutions and Thumbs Up

play09:53

In general click that link in the

play09:55

description below if a suspicious new

play09:58

device appears appears on your

play10:02

network this is a reason to change the

play10:07

password each wireless and network

play10:09

device has a unique Mac address the best

play10:12

defense is to configure your wireless

play10:13

network so that only devices with preall

play10:15

outed Mac addresses on a white list can

play10:17

connect to it this measure will protect

play10:20

your network not only from the attack

play10:22

described above but also from a number

play10:24

of other attacks that involve connecting

play10:26

a hacker's device to the wireless

play10:28

network well we at suub are always here

play10:32

to help you satisfy your curiosity

play10:33

safely and survive in the online jungle

play10:37

till next

play10:39

[Music]

play10:42

time

Browse More Related Video

Top 10 Hacking Tools In Kali Linux You Must Know.

Windows Latest CMD Hacks & Tricks

Raspberry Pi Travel Router - RaspAP (2024)

GL.iNet Opal Travel Router Review: You Didn't Know You Needed This!

Self Host 101 - Set up and Secure Your Own Server

XPPen Magic Drawing Pad (review): Surprisingly good but...

Rate This

5.0 / 5 (0 votes)

Summary
Outlines
Mindmap
Keywords
Highlights
Transcripts
Related Tags
Wi-Fi HackingOpen SourceAI SecurityCybersecurityRaspberry PiDigital PetNetwork SecurityFraud PreventionTech InnovationCyber Threats