Skip to content

Evil portal app for the flipper zero + WiFi dev board, Works on OFW, better on RM!

License

Notifications You must be signed in to change notification settings

RogueMaster/flipperzero-evil-portal

Repository files navigation

Discord  Firmware GitHub  Latest PATREON Release  RM Merch  More Research / Assets

Flipper Zero Evil Portal

An evil captive portal Wi-Fi access point using the Flipper Zero and Wi-Fi dev board

About

This project is a work in progress.

This project will turn your Wi-Fi dev board into an open access point. When users try to connect to this access point they will be served a fake login screen. User credentials are sent to the Flipper and logged on the SD card.

Disclaimer

I am not a C developer and I am using this project as a way to learn more about esp32, flipper zero and, C programming.

This program is for educational purposes only.

Getting Started

You will need to manually flash the Wi-Fi dev board.

Install pre-built app on the flipper

Go to the releases section on this repo and download and extract either the ofw-evil_portal.fap.zip file or the unleashed-evil_portal.fap.zip file depending on if you are using the official firmware (ofw) or the unleashed firmware. These files will contain the evil_portal.fap file for your firmware.

You will also need to download and extract the evil_portal_sd_folder.zip folder. This will contain necessary files for the app to run.

Put the evil_portal.fap file into the apps/GPIO/ folder on your Flipper SD card.

Put the evil_portal folder into the apps_data folder. This is an example of your Flipper SD card if done correctly.

apps/
  GPIO/
    evil_portal.fap
apps_data/
  evil_portal/
    ap.config.txt
    index.html
    logs/
      <empty>

You should be able to see the [ESP32] Evil Portal app on your flipper zero now.

If you want to create your own index.html file keep in mind that there is a limit of 4000 characters for the file. I plan to increase this later but I ran into some issues with larger files.

Installing/flashing the Wi-Fi dev board

If you've already flashed your Wi-Fi dev board with the Marauder firmware or something else you will need to erase it before installing the new firmware here. Follow the guide here for that.

Follow the steps below to flash the Wi-Fi dev board with the evil portal firmware via Windows. The instructions below are for the Flipper Zero Wi-Fi Wrover Development Module (ESP32-S2), you may have to adjust the steps for your specific board:

  1. Download and install the Arduino IDE from here.
  2. Download zip/clone dependency AsyncTCP to file.
  3. Download zip/clone dependency ESPAsyncWebServer to file.
  4. Unzip both dependencies to your Arduino library folder.
    • On Windows this is usually C:\Users\<username>\Documents\Arduino\libraries.
  5. Go to the releases section on this repo and download the EvilPortal.ino file, open it with Arduino IDE.
  6. Go to File > Preferences and paste the following two URL's into the Additional Boards Manager URLs field:
    https://dl.espressif.com/dl/package_esp32_index.json
    https://raw.githubusercontent.com/espressif/arduino-esp32/gh-pages/package_esp32_dev_index.json
    
  7. Go to Tools > Board > Boards Manager... and search for esp32 and install esp32 by Espressif Systems.
  8. Go to Tools > Board and select ESP32S2 Dev Module.
  9. On your ESP32-S2 Wi-Fi module, hold the BOOT button.
  10. Connect your ESP32-S2 to your computer, keep holding the BOOT button (holding for just 3-5 seconds and releasing may be fine, continuously holding worked better for me).
  11. Go to Tools > Port and select the port that appeared when you connected your ESP32-S2.
  12. Click the "Upload" button in the top left corner of the Arduino IDE.
  13. On success, you will see:
    Hash of data verified.
    Leaving...
    WARNING: ESP32-S2 (revision v0.0) chip was placed into download mode...
    
  14. Plug in the Wi-Fi Dev board to the flipper, press the reset button on the Wi-Fi dev board and you should now see a solid blue light.

Installing/flashing an ESP32 Wroom board

Reddit user dellycem compiled binaries for the ESP32 Wroom board if you would like to use that instead of the Wi-Fi devboard.

  1. Download the bin files from this link
  2. Go to ESPWebTool and get your board connected.
  3. Add each of the bin files at the following locations
    EvilPortal.bootloader.bin - 0x1000
    EvilPortal.partitions.bin - 0x8000
    boot_app0.bin - 0xe000
    EvilPortal.bin - 0x10000
    
  4. Press the program button and wait while your board is flashed.
  5. Once complete, hook up the 3.3v, GND, RX0, and TX0 pins to the flipper zero. Remember that the RX/TX pins should go to the opposite pins on the flipper zero. RX -> TX, TX -> RX.

Usage

Plug in the Wi-Fi Dev board to the flipper.

Open the app on the Flipper and press Start portal on the main menu. After a few seconds you should start to see logs coming in from your Wi-Fi dev board and the AP will start and the LED will turn green.

The AP will take the name that is in the ap.config.txt file located on your Flipper in the apps_data/evil_portal/ folder.

When you connect to the AP a web page will open after a few seconds. This web page contains the HTML located in the index.html file located on your Flipper in the apps_data/evil_portal/ folder.

You can stop the portal by pressing Stop portal on the main menu. The LED should turn blue.

You can manually save logs using the Save logs command. Logs will be stored in the logs folder that is in your apps_data/evil_portal/ folder.

Logs will automatically be saved when exiting the app or when the current log reaches 4000 characters.

Building for different firmware

If you are not using the official flipper zero firmware or the unleashed firmware you can build the .fap file yourself by following these instructions.

Note that you will need to use the firmware repo that you wish to build for.

You can also download builds for each firmware via flipc.

Erasing firmware

Assuming you have the Flipper Zero Wi-Fi Wrover Development Module (ESP32-S2):

  1. Install Python.
  2. Open a command terminal as an administrator:
    • On Windows press ⊞Win+R, type "cmd", and press CTRL+SHIFT+ENTER.
  3. In the terminal type the following to install esptool via Python package manager:
    pip install esptool
    
  4. Install setuptools dependencies:
    pip install setuptools
    
  5. Enter the following command into your terminal, do not run it yet:
    python -m esptool --chip esp32s2 erase_flash
    
  6. On your ESP32-S2 Wi-Fi module, hold the BOOT button.
  7. Connect your ESP32-S2 to your computer, keep holding the BOOT button.
  8. In your terminal press enter to run the command from step 5.
  9. When successful you will get the message Chip erase completed successfully in ___s (time in seconds suffixed with "s").
  10. Unplug/reset your board.

Issues

If you run into any issues make sure that you have the required files set up on the Flipper apps_data folder on the Flipper SD card.

Logs will not be saved if there is no logs folder in apps_data/evil_portal/.

If the AP won't start or you have other issues try pressing reset on the Wi-Fi dev board, waiting a few seconds, and pressing Start portal on the main menu.

It is important to give the devboard some time to load the html files from the Flipper.

If you have the Marauder firmware on your dev board you may need to enable Erase All Flash Before Sketch Upload before flashing.

Some users are reporting that the captive portal login does not open on some Android phones.

Todo

I plan on working on this in my free time. Here is my todo list.

  • Support for multiple portals
  • Enter AP name on the Flipper
  • Add a config file for general app settings
  • Create cleaner log files that are easier to read
  • Clean up code & implement best practices

License

Distributed under the MIT License. See LICENSE.txt for more information.

Acknowledgments

I was only able to create this using the following apps as examples

Contact me

You can message me on my reddit account bigbrodude6119