Raspberry Pi Zero W WiFi Hacking Gadget
To complete this project you will need a Raspberry Pi Zero W, a micro SD Card (I used a 32 GB Samsung EVO Select), a case, a micro USB cable (a sturdy one is preferable), and optionally a USB battery bank. You will also need a computer to configure the SD Card and Pi, and a mobile phone with Bluetooth to control the Pi if you’re going to be mobile. The power requirements of the Pi Zero are not significant so a small battery bank is adequate; mine is marked 5000mAh but I’m sure it’s closer to 3000.
The article is informational. Do not break the law.
Download the latest image for Raspbian Buster Lite from raspberrypi.org and flash it to the SD Card. There are many ways to do this, Etcher is a popular one. After the image is flashed, some of the config files need to be modified on the root directory of the micro SD card (Boot). Circuit Basics has a good guide for Windows, but config.txt needs “
dtoverlay=dwc2” added as a new line to the end, and cmdline.txt needs “
modules-load=dwc2,g_ether” added after
rootwait. Also add a “ssh” file with no extension using touch or New — Text Document, and remove the .txt file extension.
You can now ssh to the pi over USB using
raspberrypi.local. Connect and run raspi-config to set localization, expand the file system, and set the GPU memory. Reboot.
sudo apt-get update && sudo apt-get upgrade -y
Install Re4son kernel for Raspberry Pi (kalipi)
wget -O re4son-kernel_current.tar.xz https://re4son-kernel.com/download/re4son-kernel-current/tar -xJf re4son-kernel_current.tar.xz
After reboot, check if you can set the WiFi interface to monitoring mode.
iw phy phy0 info
In the results we should see:
Supported interface modes:* IBSS* managed* AP* monitor* P2P-client* P2P-GO* P2P-device
Let’s setup a monitoring interface by editing rc.local
sudo nano /etc/rc.local
Add the line
sudo iw phy phy0 interface add mon0 type monitor
sudo ifconfig mon0 up
Save and exit, reboot. Type ifconfig and verify mon0 is present.
Installing Tools (Fun Stuff)
Now that we have a WiFi in monitoring mode, let’s get some fun stuff going to take advantage of that. We can start with Aircrack-ng.
curl -s https://packagecloud.io/install/repositories/aircrack-ng/release/script.deb.sh | sudo bashsudo apt install aircrack-ng
Test monitoring mode:
sudo airodump-ng mon0
Give injection a quick test:
sudo aireplay-ng -test mon0
Aircrack-ng is successfully installed and working.
Another great tool is Bettercap. This will require some prereqs, but its well worth it.
sudo apt install build-essential libpcap-dev libusb-1.0 libnetfilter-queue-dev git
You will also need a correctly configure Go environment. I found a good script here that will do the job..
wget -q -O - https://git.io/vQhTU | bash
After you source Go, you can then proceed with compiling Bettercap:
go get github.com/bettercap/bettercap
sudo make install
You can then update Bettercap and use the web UI or jump right in with the command line interface.
Where to Go From Here?
The options are limitless. Setup Bluetooth and pair with your phone for mobile WiFi hacking, use with a tablet and the Bettercap web UI, keep tethered via USB to your laptop if you don’t have a WiFi adaptor that supports monitoring mode. I have a bash script in my
rc.local to blink the LED ten times when it boots fully, which is useful when using headless. Between Aircrack and Bettercap you can have a lot of fun, learn a lot, and for very little money.
Addendum: Bluetooth Pairing
I had trouble with the Bluetooth setup I had linked above, so I figured there was a better way. The Re4son kernel ships with BlueZ, so I looked into creating a PAN with BlueZ natively, and I was able to do that without too much trouble.
First install bluez-tools.
sudo apt install bluez-tools
Create the following files:
sudo nano /etc/systemd/network/pan0.netdev
sudo nano /etc/systemd/network/pan0.network
sudo nano /etc/systemd/system/bt-agent.service
Description=Bluetooth Auth Agent[Service]
ExecStart=/usr/bin/bt-agent -c NoInputNoOutput
sudo nano /etc/systemd/system/bt-network.service
Description=Bluetooth NEP PAN
ExecStart=/usr/bin/bt-network -s nap pan0
Then run the following:
sudo systemctl enable systemd-networkd
sudo systemctl enable bt-agent
sudo systemctl enable bt-network
sudo systemctl start systemd-networkd
sudo systemctl start bt-agent
sudo systemctl start bt-network
Finally, to pair, run:
sudo bt-adapter — set Discoverable 1
I had to set “Use for Internet access” to On in my phone’s Bluetooth settings, and disable WiFi and mobile data to get traffic to route to the Pi. I can SSH to 172.20.1.1 with no issues.
Note: I have written a follow up article that can be found here.