Idea dump: Arduino ESP8266 – WIFI Beacon Attacker

Update 2016-11-12: I wrote a piece about ESPduino – Improbinator where much of the ideas were implemented, there is also a Github repo at Improbinator where you find the code.

I accidentally bought an Arduino ONE R3 for cheaps and had no project to use it in, so I toyed around with different ideas and this hit me while taking my son for a walk.

This assumes a few things:

  • ESP8266 has ways to generate (custom) beacon frames
  • 1+N ESP8266 is possible to connecto to Arduino ONE

Use an Arduino + ESP8266 + SDCard shield, to emit lots of beacon frames and keep iterating them for a set period of time, to imitate or mimic real phones moving around in an area. MAC addresses randomized from a table of 24bit OUI prefixes of popular makes/brands and the remaining 24 bits random.

As my brain seems to work a bit different, I tend to strive for edge-cases, to over optimize and extend beyond limits – I don’t even know if it’s possible with the hardware combination to attach a second or even a third ESP8266 board to an Arduino ONE R3, or if it’s possible to drive two or three shields through software/electronics.

With one, two or three ESP8266, I imagine having as many buffers with lists of pre-generated MAC addresses to run through and broadcast beacons, depth of lists TBD. OUI prefixes would be stored on SDCard and I already have the data, both from OUI prefix list and collected data from the last 5+ years of War-walking.

If outfits like Libelium are making devices for identifying customers in stores/gallerias/malls and can even identify the type of smartphone – we could throw some dirt into their machinery, as we could generate beacons with MAC addresses for devices based on statistics from collected data. No harm would be done as they are generated and only “visible” in a small physical “bubble” for a limited time, even with the possibility that a generated MAC address would clash with a real MAC address in the same area, it would not be any long term effects.

The build would be cased in acrylic, either a stock box with modification for sheild(s) or complete custom. Powerbanks of 10000mAh (or more) @ 5V to run it off-grid/backpack.

Pry-fi by Chainfire on XDA-Developers.