Deception Firmware

GettingStarted:Deception

TheDeceptionfirmwareallowsyoutouseyourdeviceasaportableWi-Fi Honeypot. The firmware has different captive portal splashpageswhichyoucanselectanddemoforsecurityawareness.

DeceptionFirmware:Connecting

WewillbecommunicatingwiththedeviceusingitsserialportwhichisavailableovertheUSBinterface.WewillusetheSerialMonitorinthe Arduino IDE as it allows us to send and receive using a simpleinterface.We are assuming the device has already been flashedusingtheDeceptionfirmwaredownloadedfromourwebsite.

Step 1: Download and install Arduino IDE by following theinstructionsgivenbelow:

Windows:https://www.arduino.cc/en/Guide/Windows

Linux:https://www.arduino.cc/en/Guide/Linux

MacOSX:https://www.arduino.cc/en/Guide/MacOSX

Step 2: Connect the device to your laptop, start the Arduino IDE,make sure that the Port is selected correctly as per yourenvironmentandthenopentheSerialMonitor.

Step3:IntheSerialMonitor,pleaseensurethatthebaudrateissetto115200.

YoushouldbeabletoviewthelogsfromWiNXDeceptionfirmware.IfyouareunabletoseeanythingthenresetthedeviceusingtheENbuttonatthebottom.Thiswillrestartthedeviceandyoushouldbeabletoseealogssimilartotheabove.

DeceptionFirmware:Configuration

DefaultSettings:

Oncethedeviceboots,itwillshowyouahelpscreenwiththelistofsupported commands. You can access this anytime by using ?command.

The default SSID is Internet and the default splash page isHackerArsenal.

ChangingtheSSID:

TochangetheSSIDofthehoneypot,youcanusetheH<ssid_len>ssidcommand.Thismeans,HfollowedbylengthoftheSSIDandthentheSSID. For example the commandH13Free_Internetwill change thehoneypot SSID to Free_Internet (13 character long).ThemaximumallowedSSIDlengthis30characters.

ChangingtheSplashPage:

The firmware comeswith five splash/loginpages. Inorder touseapage other than the default one, you will need to use theD<number> command. The <number> here is the number of thepageasshowninthehelp.Forexample,D4isforchoosingthePublicWi-Fisplashpage.

ViewingCapturedLoginData:

Thesettingsarepersistentand retainedacross reboots.Thisallowsthedevicetorunonabatteryfordayswhilecollectingdata.

Toviewthecollecteddatalogs,connecttothedeviceandissuetheSEND command.This commandwill print logs to the serial consoleanddeletethelogsfromthedevice.

ResetDeviceConfiguration:

To reset the configuration, we can use FLUSH command. Thiscommandwilldeleteallconfigurationfilesanddevicewillbootwithdefaultconfiguration.

DeceptionFirmware:InActionLetusnowlookatademo!WeareassumingthedeviceisconfiguredwithSSIDFree_InternetandthesplashpageisD4(PublicWiFi).

Step 1: The victim device connects toFree_Internet,an openWiFinetwork

Step2:Whenthevictimnowtriestoaccessanywebpage,heshouldbeautomaticallyredirectedtoourfakesplashpage.

Step3:Anyinformationthatheentersintothefieldswillbelogged

Step 4: Nomatter what credentials are provided, an error page isshown.Thevictimmightendup tryingmultiplecombinationsallofwhicharelogged.

Step5:WewilluseSENDcommandtoviewthesestoredcredentials

andotherlogs.

DeceptionFirmware:SplashScreensThefollowingscreensareavailableforuseonyourdevice:

Screen1(default):HackerArsenalsplashpage

Screen2:Wi-Linkrouterloginpage

Screen3:MyWiFirouterloginpage

Screen4:PublicWiFisplashpage

Screen5:Coffeeshopinternetsplashpagescreen

Troubleshooting:

• If youdonot seeanyoutput thenpressand release the“EN”button on your device. This should reset the device and itshouldrestarttheprogram.

• Ifyoustillhaveproblemswithviewingtheoutputthenitmightbeagood idea todownload the firmwareagainand flash thedevice.