0%

Pwnagotchi project: Using Pwnagotchi image

Posted on Edited on Disqus:

what is Pwnagotchi

Pwnagotchi is an A2C-based “AI” powered by bettercap that learns from its surrounding WiFi environment in order to maximize the crackable WPA key material it captures (either through passive sniffing or by performing deauthentication and association attacks). This material is collected on disk as PCAP files containing any form of crackable handshake supported by hashcat, including full and half WPA handshakes as well as PMKIDs.

falshing an image

download the the latest image
then unzip it into present directory

1
anna@ubuntu1804:~/Downloads$ dd if=pwnagotchi-raspbian-lite-v1.3.0.img of=/dev/sdcard

config file

before boot this image on RPI 3B+, I need to config it first. I mount this device to /mnt/1.
then add config.yml to it.

1
2
3
4
5
6
7
8
9
10
main:
  name: 'pwnagotchi'
  whitelist:
    - 'YourHomeNetworkMaybe'
  plugins:
    grid:
      enabled: true
      report: true
      exclude:
        - 'YourHomeNetworkMaybe'

Because I dont have RPi 0w, so I try to use web UI (instead of an e-ink display attached to RPi0W) to see your Pwnagotchi’s face.

I add these to my config.yml file

1
2
3
4
ui:
    web:
        username: my_new_username
        password: my_new_password

In order to reduce power requirements I can lower cpu frequency (underclocking). Edit my /boot/config.txt and uncomment the arm_freq=800.

First boot

It shows like following.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
Linux pwnagotchi 4.19.81-Re4son-v7+ #1 SMP Wed Nov 6 10:16:47 AEDT 2019 armv7l
(◕‿‿◕) pwnagotchi

Hi! I'm a pwnagotchi, please take good care of me!
Here are some basic things you need to know to raise me properly!

If you want to change my configuration, use /etc/pwnagotchi/config.yml

All the configuration options can be found on /etc/pwnagotchi/default.yml,
but don't change this file because I will recreate it every time I'm restarted!

I'm managed by systemd. Here are some basic commands.

If you want to know what I'm doing, you can check my logs with the command
journalctl -fu pwnagotchi

If you want to know if I'm running, you can use
systemctl status pwnagotchi

You can restart me using
systemctl restart pwnagotchi

But be aware I will go into MANUAL mode when restarted!
You can put me back into AUTO mode using
touch /root/.pwnagotchi-auto && systemctl restart pwnagotchi

You learn more about me at https://pwnagotchi.ai/
Last login: Wed Jul 10 01:30:38 2019 from 192.168.0.26

SSH is enabled and the default password for the 'pi' user has not been changed.
This is a security risk - please login as the 'pi' user and type 'passwd' to set a new password.

check the service 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

pi@pwnagotchi:~ $ systemctl status pwnagotchi.service 
● pwnagotchi.service - pwnagotchi Deep Reinforcement Learning instrumenting bettercap for WiFI pwning.
   Loaded: loaded (/etc/systemd/system/pwnagotchi.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2019-07-10 02:17:04 BST; 2min 45s ago
     Docs: https://pwnagotchi.ai
 Main PID: 406 (bash)
    Tasks: 24 (limit: 2319)
   CGroup: /system.slice/pwnagotchi.service
           ├─406 bash /usr/bin/pwnagotchi-launcher
           ├─468 /usr/bin/python3 /usr/local/bin/pwnagotchi
           └─811 orted --hnp --set-sid --report-uri 14 --singleton-died-pipe 15 -mca state_novm_select 1 -mca ess hnp -mca pmix ^s1,s2,cray,is

Jul 10 02:18:06 pwnagotchi pwnagotchi-launcher[406]: Instructions for updating:
Jul 10 02:18:06 pwnagotchi pwnagotchi-launcher[406]: Please use `layer.__call__` method instead.
Jul 10 02:18:06 pwnagotchi pwnagotchi-launcher[406]: [2019-07-10 02:18:06,735] [WARNING] From /usr/local/lib/python3.7/dist-packages/tensorflo
Jul 10 02:19:33 pwnagotchi pwnagotchi-launcher[406]: [2019-07-10 02:19:33,331] [WARNING] From /usr/local/lib/python3.7/dist-packages/stable_ba
Jul 10 02:19:36 pwnagotchi pwnagotchi-launcher[406]: [2019-07-10 02:19:36,093] [ERROR] got data on channel 149, we can store 140 channels
Jul 10 02:19:36 pwnagotchi pwnagotchi-launcher[406]: [2019-07-10 02:19:36,112] [ERROR] got data on channel 149, we can store 140 channels
Jul 10 02:19:36 pwnagotchi pwnagotchi-launcher[406]: [2019-07-10 02:19:36,116] [ERROR] got data on channel 149, we can store 140 channels
Jul 10 02:19:36 pwnagotchi pwnagotchi-launcher[406]: [2019-07-10 02:19:36,118] [ERROR] got data on channel 149, we can store 140 channels
Jul 10 02:19:36 pwnagotchi pwnagotchi-launcher[406]: [2019-07-10 02:19:36,129] [ERROR] got data on channel 149, we can store 140 channels
Jul 10 02:19:41 pwnagotchi pwnagotchi-launcher[406]: [2019-07-10 02:19:41,825] [INFO] sending association frame to clarkwifi (b0:2a:43:e6:6f:f

all the handshake eaten by pwnagotchi can be found under /root/handshake

1
2
3
4
5
6
7
8
9
10
11
12
13
root@pwnagotchi:~/handshakes# ls -al
total 52
drwxr-xr-x 2 root root 4096 Jul 10 02:28 .
drwx------ 9 root root 4096 Jul 10 02:17 ..
-rw-r--r-- 1 root root 1780 Jul 10 02:28 abfguest_d66e0e3131a4.pcap
-rw-r--r-- 1 root root 4824 Jul 10 02:20 ATTtpcaygs_f82dc0d869e0.pcap
-rw-r--r-- 1 root root 6264 Jul 10 02:21 ATTvmtPDGs_2c9569519550.pcap
-rw-r--r-- 1 root root 2544 Jul 10 02:22 DIRECT19HPOfficeJet3830_10e7c694ba1a.pcap
-rw-r--r-- 1 root root 1892 Jul 10 02:25 Hailey716_b02a43ec8ab0.pcap
-rw-r--r-- 1 root root 2812 Jul 10 02:23 hidden_963badcbb2be.pcap
-rw-r--r-- 1 root root 2476 Jul 10 02:23 NETGEARORBIhidden86_963badcbb2be.pcap
-rw-r--r-- 1 root root 2283 Jul 10 02:27 ngHub319444NG01912_dcef09d5a816.pcap
-rw-r--r-- 1 root root 2484 Jul 10 02:21 PeakyBlinders24G_9c3dcf98b8b3.pcap