- I have made some changes to file names and accepted some PRs that were open.
- Also gave it a more descriptive application.fam file.
- Fixed to compile on 0.94.1 (By RogueMaster)
- Fixed to compile on OFW + Unleashed (By RogueMaster)
An evil captive portal Wi-Fi access point using the Flipper Zero and Wi-Fi dev board
This project is a work in progress.
This project will turn your Wi-Fi dev board into an open access point. When users try to connect to this access point they will be served a fake login screen. User credentials are sent to the Flipper and logged on the SD card.
I am not a C developer and I am using this project as a way to learn more about esp32, flipper zero and, C programming.
This program is for educational purposes only.
You will need to manually flash the Wi-Fi dev board.
Go to the releases section on this repo and download and extract either the ofw-evil_portal.fap.zip
file or the unleashed-evil_portal.fap.zip
file depending on if you are using the official firmware (ofw) or the unleashed firmware. These files will contain the evil_portal.fap
file for your firmware.
You will also need to download and extract the evil_portal_sd_folder.zip
folder. This will contain necessary files for the app to run.
Put the evil_portal.fap
file into the apps/GPIO/
folder on your Flipper SD card.
Put the evil_portal
folder into the apps_data
folder.
This is an example of your Flipper SD card if done correctly.
apps/
GPIO/
evil_portal.fap
apps_data/
evil_portal/
ap.config.txt
index.html
logs/
<empty>
You should be able to see the [ESP32] Evil Portal
app on your flipper zero now.
If you want to create your own index.html
file keep in mind that there is a limit of 4000 characters for the file. I plan to increase this later but I ran into some issues with larger files.
If you've already flashed your Wi-Fi dev board with the Marauder firmware or something else you will need to erase it before installing the new firmware here. Follow the guide here for that.
Follow the steps below to flash the Wi-Fi dev board with the evil portal firmware via Windows. The instructions below are for the Flipper Zero Wi-Fi Wrover Development Module (ESP32-S2), you may have to adjust the steps for your specific board:
- Download and install the Arduino IDE from here.
- Download zip/clone dependency AsyncTCP to file.
- Download zip/clone dependency ESPAsyncWebServer to file.
- Unzip both dependencies to your Arduino library folder.
- On Windows this is usually
C:\Users\<username>\Documents\Arduino\libraries
.
- On Windows this is usually
- Go to the releases section on this repo and download the
EvilPortal.ino
file, open it with Arduino IDE. - Go to
File > Preferences
and paste the following two URL's into theAdditional Boards Manager URLs
field:https://dl.espressif.com/dl/package_esp32_index.json https://raw.githubusercontent.com/espressif/arduino-esp32/gh-pages/package_esp32_dev_index.json
- Go to
Tools > Board > Boards Manager...
and search foresp32
and installesp32 by Espressif Systems
. - Go to
Tools > Board
and selectESP32S2 Dev Module
. - On your ESP32-S2 Wi-Fi module, hold the BOOT button.
- Connect your ESP32-S2 to your computer, keep holding the BOOT button (holding for just 3-5 seconds and releasing may be fine, continuously holding worked better for me).
- Go to
Tools > Port
and select the port that appeared when you connected your ESP32-S2. - Click the "Upload" button in the top left corner of the Arduino IDE.
- On success, you will see:
Hash of data verified. Leaving... WARNING: ESP32-S2 (revision v0.0) chip was placed into download mode...
- Plug in the Wi-Fi Dev board to the flipper, press the reset button on the Wi-Fi dev board and you should now see a solid blue light.
Reddit user dellycem compiled binaries for the ESP32 Wroom board if you would like to use that instead of the Wi-Fi devboard.
- Download the bin files from this link
- Go to ESPWebTool and get your board connected.
- Add each of the bin files at the following locations
EvilPortal.bootloader.bin - 0x1000 EvilPortal.partitions.bin - 0x8000 boot_app0.bin - 0xe000 EvilPortal.bin - 0x10000
- Press the program button and wait while your board is flashed.
- Once complete, hook up the 3.3v, GND, RX0, and TX0 pins to the flipper zero. Remember that the RX/TX pins should go to the opposite pins on the flipper zero. RX -> TX, TX -> RX.
Plug in the Wi-Fi Dev board to the flipper.
Open the app on the Flipper and press Start portal
on the main menu. After a few seconds you should start to see logs coming in from your Wi-Fi dev board and the AP will start and the LED will turn green.
The AP will take the name that is in the ap.config.txt
file located on your Flipper in the apps_data/evil_portal/
folder.
When you connect to the AP a web page will open after a few seconds. This web page contains the HTML located in the index.html
file located on your Flipper in the apps_data/evil_portal/
folder.
You can stop the portal by pressing Stop portal
on the main menu. The LED should turn blue.
You can manually save logs using the Save logs
command. Logs will be stored in the logs
folder that is in your apps_data/evil_portal/
folder.
Logs will automatically be saved when exiting the app or when the current log reaches 4000 characters.
If you are not using the official flipper zero firmware or the unleashed firmware you can build the .fap file yourself by following these instructions.
Note that you will need to use the firmware repo that you wish to build for.
You can also download builds for each firmware via flipc.
Assuming you have the Flipper Zero Wi-Fi Wrover Development Module (ESP32-S2):
- Install Python.
- Open a command terminal as an administrator:
- On Windows press ⊞Win+R, type "cmd", and press CTRL+SHIFT+ENTER.
- In the terminal type the following to install esptool via Python package manager:
pip install esptool
- Install setuptools dependencies:
pip install setuptools
- Enter the following command into your terminal, do not run it yet:
python -m esptool --chip esp32s2 erase_flash
- On your ESP32-S2 Wi-Fi module, hold the BOOT button.
- Connect your ESP32-S2 to your computer, keep holding the BOOT button.
- In your terminal press enter to run the command from step 5.
- When successful you will get the message
Chip erase completed successfully in ___s
(time in seconds suffixed with "s"). - Unplug/reset your board.
If you run into any issues make sure that you have the required files set up on the Flipper apps_data
folder on the Flipper SD card.
Logs will not be saved if there is no logs
folder in apps_data/evil_portal/
.
If the AP won't start or you have other issues try pressing reset on the Wi-Fi dev board, waiting a few seconds, and pressing Start portal
on the main menu.
It is important to give the devboard some time to load the html files from the Flipper.
If you have the Marauder firmware on your dev board you may need to enable Erase All Flash Before Sketch Upload
before flashing.
Some users are reporting that the captive portal login does not open on some Android phones.
I plan on working on this in my free time. Here is my todo list.
- Support for multiple portals
- Enter AP name on the Flipper
- Add a config file for general app settings
- Create cleaner log files that are easier to read
- Clean up code & implement best practices
Distributed under the MIT License. See LICENSE.txt
for more information.
I was only able to create this using the following apps as examples
- flipperzero-wifi-marauder
- UART_Terminal
- flipper-zero-fap-boilerplate
- Create Captive Portal Using ESP32
You can message me on my reddit account bigbrodude6119