Pwnagotchi: A WIFI AuditTool

Have you ever thought, 'No one would try to get into my WiFi,' or believed no one could exploit your WiFi password? Well, unless you are careful, any one of these scenarios could be you. Take my grandpa for example. When I went to his house to fix his computer, I didn't know his WiFi password. It took me two tries before I guessed it. I didn't have to ask for anything. This made me think of all the information that anyone could have stumbled across, just by doing a little research on my Grandpa. I then changed his WiFi password, and all of the other passwords to all of his online applications. I wrote them down for him and told him that if he needed help, ask. The last thing he should be worrying about is someone hacking his computer to take his online poker account.

When I began learning about cyber security, I thought I was doing everything right. I thought I was secure. I tried to make things tricky, not using any names I associate with, and no birthdays. I quickly realized that that's not all it takes to make a strong password. I stumbled across this tool when I was trying to find ways to test WiFi password integrity. It's called a Pwnagotchi. Using this I quickly learned how easy it is to be hacked. And it is all because of this cute little guy I always second-guess my passwords.

What does it do? How can it help cybersecurity experts? It is a cute AI-powered "Tamagotchi" style WiFi handshake device. Yeah, I didn't know what that meant at first either. It uses AI to "politely" ask miscellaneous things on WiFi networks what the WiFi hash (This is your WiFi password, just scrambled into and more secure version of random letters and numbers) is. It does this by kicking something off of the WiFi (like a Ring doorbell or that fancy mop you bought that's also a vacuum cleaner that for some reason wants to be connected to your WiFi) and intercepts the WiFi hash when it tries to reconnect. This is called a handshake (a very aggressive handshake). You can then take the WiFi hashes or "handshakes" and run them through a program to get the un-hashed version of these handshakes. Then whoever has the WiFi network name has full access to your WiFi to do whatever they please. Including man-in-the-middle attacks, packet sniffing, and stealing your credentials. Pretty neat, huh? It's kind of like Pokemon Go but for hackers.

So why would anyone want one? Besides them being cute and an adult Tamagotchi that doesn't die if you don't feed it, it is a really fun and easy way to test the integrity of WiFi networks. It's also very easy to conceal. All you really need is a Raspberry Pi Zero W, an SD card, and a power source. The screen is optional, but I recommend it so you can quickly see if it is working as intended. This helps cyber security experts in the field perform penetration tests. It also helps people like me who want to get into the field of cybersecurity learn basic tasks. It also gives me a chance to strengthen my Python skills, which before this, I had none. I do have to mention, ONLY USE PWNAGOTCHI ON YOUR OWN WIFI NETWORK OR NETWORKS YOU HAVE PERMISSION TO DO SO ON. WITHOUT PERMISSION, THIS IS VERY ILLEGAL.

Making a Pwnagotchi is fairly simple. You just load up the OS using Baleana etcher, load it into the Raspberry Pi, and change the config.toml file to your desired needs. Here you can tell the device not to perform handshakes with WiFi networks that you do not intend on testing. You can also add plugins, like an XP bar. And with it being completely open source, the possibilities are endless. There are so many different versions of Pwnogotchi on GitHub with so much support for all of them, it makes it easy to get one up and running in no time. But be careful, they are addicting. I made my first Pwnogotchi and showed all of my friends. That same week, I made 3 more for different situations, like adding a battery to one of them, and an antenna to another for a longer range.

I believe everyone studying cybersecurity, or already in the field should own one. It's an amazing project, that is simple for almost anyone to follow along with and teaches a lot of very valuable skills. If you would like to make one of your own, visit the website. It has the bare-bones instructions and links to the original image file. This is enough to get you started. There are also tons of online resources like YouTube("Talking Sasquatch" did an amazing tutorial) and the Pwnagotchi discord channel.