Deception Firmware
Deception Firmware
GettingStarted:Deception
TheDeceptionfirmwareallowsyoutouseyourdeviceasaportableWi-Fi Honeypot. The firmware has different captive portal splashpageswhichyoucanselectanddemoforsecurityawareness.
DeceptionFirmware:Connecting
WewillbecommunicatingwiththedeviceusingitsserialportwhichisavailableovertheUSBinterface.WewillusetheSerialMonitorinthe Arduino IDE as it allows us to send and receive using a simpleinterface.We are assuming the device has already been flashedusingtheDeceptionfirmwaredownloadedfromourwebsite.
Step 1: Download and install Arduino IDE by following theinstructionsgivenbelow:
Windows:https://www.arduino.cc/en/Guide/Windows
Linux:https://www.arduino.cc/en/Guide/Linux
MacOSX:https://www.arduino.cc/en/Guide/MacOSX
Step 2: Connect the device to your laptop, start the Arduino IDE,make sure that the Port is selected correctly as per yourenvironmentandthenopentheSerialMonitor.
Step3:IntheSerialMonitor,pleaseensurethatthebaudrateissetto115200.
YoushouldbeabletoviewthelogsfromWiNXDeceptionfirmware.IfyouareunabletoseeanythingthenresetthedeviceusingtheENbuttonatthebottom.Thiswillrestartthedeviceandyoushouldbeabletoseealogssimilartotheabove.
DeceptionFirmware:Configuration
DefaultSettings:
Oncethedeviceboots,itwillshowyouahelpscreenwiththelistofsupported commands. You can access this anytime by using ?command.
The default SSID is Internet and the default splash page isHackerArsenal.
ChangingtheSSID:
TochangetheSSIDofthehoneypot,youcanusetheH<ssid_len>ssidcommand.Thismeans,HfollowedbylengthoftheSSIDandthentheSSID. For example the commandH13Free_Internetwill change thehoneypot SSID to Free_Internet (13 character long).ThemaximumallowedSSIDlengthis30characters.
ChangingtheSplashPage:
The firmware comeswith five splash/loginpages. Inorder touseapage other than the default one, you will need to use theD<number> command. The <number> here is the number of thepageasshowninthehelp.Forexample,D4isforchoosingthePublicWi-Fisplashpage.
ViewingCapturedLoginData:
Thesettingsarepersistentand retainedacross reboots.Thisallowsthedevicetorunonabatteryfordayswhilecollectingdata.
Toviewthecollecteddatalogs,connecttothedeviceandissuetheSEND command.This commandwill print logs to the serial consoleanddeletethelogsfromthedevice.
ResetDeviceConfiguration:
To reset the configuration, we can use FLUSH command. Thiscommandwilldeleteallconfigurationfilesanddevicewillbootwithdefaultconfiguration.
DeceptionFirmware:InActionLetusnowlookatademo!WeareassumingthedeviceisconfiguredwithSSIDFree_InternetandthesplashpageisD4(PublicWiFi).
Step 1: The victim device connects toFree_Internet,an openWiFinetwork
Step2:Whenthevictimnowtriestoaccessanywebpage,heshouldbeautomaticallyredirectedtoourfakesplashpage.
Step3:Anyinformationthatheentersintothefieldswillbelogged
Step 4: Nomatter what credentials are provided, an error page isshown.Thevictimmightendup tryingmultiplecombinationsallofwhicharelogged.
Step5:WewilluseSENDcommandtoviewthesestoredcredentials
andotherlogs.
DeceptionFirmware:SplashScreensThefollowingscreensareavailableforuseonyourdevice:
Screen1(default):HackerArsenalsplashpage
Screen2:Wi-Linkrouterloginpage
Screen3:MyWiFirouterloginpage
Screen4:PublicWiFisplashpage
Screen5:Coffeeshopinternetsplashpagescreen
Troubleshooting:
• If youdonot seeanyoutput thenpressand release the“EN”button on your device. This should reset the device and itshouldrestarttheprogram.
• Ifyoustillhaveproblemswithviewingtheoutputthenitmightbeagood idea todownload the firmwareagainand flash thedevice.