Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Marauder NOT Sniffing the wifi network I selected, but a RANDOM other wifi network... #509

Open
Dochartaigh opened this issue Mar 8, 2024 · 13 comments
Open

Marauder NOT Sniffing the wifi network I selected, but a RANDOM other wifi network... #509

Dochartaigh opened this issue Mar 8, 2024 · 13 comments

Comments

@Dochartaigh
Copy link

Dochartaigh commented Mar 8, 2024
edited

Describe the bug
WiFi Marauder program on Flipper Zero is scanning the WRONG WiFi network when you're doing something like Sniff (with "pmkid" option). And yes, of course I double checked I selected the right network, and it is definitely STILL selecting the wrong WiFi network (and giving me wrong PCAPs since they're for a different WiFi network than I selected).

To Reproduce
Steps to reproduce the behavior:

  1. Open WiFi Marauder program on your Flipper Zero with official WiFi Dev Board Attached (flashed with Marauder).
  2. Choose "Scan (ap)" option and let it run for a bit, then back out.
  3. Choose "List (ap)" find the number of the network you want to Sniff, then back out.
  4. Choose "Select (ap)" and add the number of the network you saw in the list above, hit "Save", back out.
  5. Choose "Sniff (pmkid)" and let it run until you get PCAP files (it'll say "Received EAPOL"). In those PCAP files you'll see it's for the WRONG network - it scanned some other random WiFi network in your area. It did NOT scan the network you selected (and double-checked that you selected it correctly). This doesn't happen 100% of the time, just a lot!

Expected behavior
I expect WiFi Marauder to scan the network I selected, and not another random network.

Screenshots
wong-network-scanned

Marauder (please complete the following information if applicable):

  • Firmware version: Marauder 0.13.9
  • Hardware version: OG/Official Flipper Zero WiFi Dev Board (ESP32-S2-WROVER based)
  • Flipper Zero running newest XFW Firmware, OR newest RogueMaster firmware - happens on BOTH.

Additional context
Just started researching but at least one other person (with same hardware as me, on newest versions of everything) has this SAME EXACT Issue! ...so at least it's not just me ;) He posted about it on the Talking Sasquach Discord channel.
@intentethan
Copy link

I have the same issue 13.9

@Dochartaigh
Copy link
Author

I have the same issue 13.9

Are you using a Flipper Zero with official WiFi Dev Board (flashed with Marauder)? If so, what Flipper firmware are you on? ...don't know if this GitHub is mostly flipper people or what which is why I asked (and also want to see if it's a flipper-only thing, or effects anybody with a ESP32 based WiFi board running Marauder – on whatever other type of non-flipper hardware).

@intentethan
Copy link

Yes I'm using a flipper zero, I've tried the official dev board and a few other boards I have flashed with marauder and ended up with the same results. lol glad it's not just me

Current firmware's flipper - momentum dev

Marauder firmware- 13.9 I've refreshed twice

@MastiffJeff
Copy link

Same issue with me, Flipper 13.9 and official dev board.

@Dochartaigh
Copy link
Author

Dochartaigh commented Mar 8, 2024
edited

Have either of you @intentethan @MastiffJeff rolled back the Marauder firmware and see if an earlier version works properly? I just got my Flipper this week so only been using the newest version.

Also wanted to ask you both how fast yours gets the PCAP file (where you run "Sniff (pmkid)", and it completes by saying "Received EAPOL"). Every. single. video I watch they seem to get the "Received EAPOL" message super fast (could be the editing though?)... Mine does NOT work this way. Many times I can run it for an HOUR (if not several) and it won't get one. Sometimes I'm lucky and can hit back button and try it again and it might get one immediately, or in a ~minute i.e. super fast... but many times it's the same and nothing for a very long time (if not back out and try again multiple times over and over again... can commonly take FOREVER). -- just wanted to make sure this is normal... if not it might be related to this issue ("Sniff (pmkid)") which is why I mentioned it.

@intentethan
Copy link

i do also have this happen to me but only on some networks, i have not rolled back

@MastiffJeff
Copy link

I have not rolled back yet.

@InfoSecREDD
Copy link

InfoSecREDD commented Mar 9, 2024
edited

This also happens when the network you're targeting has other networks on the same channel, my guess is the firmware is looking at the channel rather than the SSID..

This has been happening for 6 months ish.. I noticed it back in November when you're in a severely (WiFi) crowded area.

@InfoSecREDD
Copy link

Describe the bug WiFi Marauder program on Flipper Zero is scanning the WRONG WiFi network when you're doing something like Sniff (with "pmkid" option). And yes, of course I double checked I selected the right network, and it is definitely STILL selecting the wrong WiFi network (and giving me wrong PCAPs since they're for a different WiFi network than I selected).

To Reproduce Steps to reproduce the behavior:

  1. Open WiFi Marauder program on your Flipper Zero with official WiFi Dev Board Attached (flashed with Marauder).
  2. Choose "Scan (ap)" option and let it run for a bit, then back out.
  3. Choose "List (ap)" find the number of the network you want to Sniff, then back out.
  4. Choose "Select (ap)" and add the number of the network you saw in the list above, hit "Save", back out.
  5. Choose "Sniff (pmkid)" and let it run until you get PCAP files (it'll say "Received EAPOL"). In those PCAP files you'll see it's for the WRONG network - it scanned some other random WiFi network in your area. It did NOT scan the network you selected (and double-checked that you selected it correctly). This doesn't happen 100% of the time, just a lot!

Expected behavior I expect WiFi Marauder to scan the network I selected, and not another random network.

Screenshots wong-network-scanned

Marauder (please complete the following information if applicable):

  • Firmware version: Marauder 0.13.9
  • Hardware version: OG/Official Flipper Zero WiFi Dev Board (ESP32-S2-WROVER based)
  • Flipper Zero running newest XFW Firmware, OR newest RogueMaster firmware - happens on BOTH.

Additional context Just started researching but at least one other person (with same hardware as me, on newest versions of everything) has this SAME EXACT Issue! ...so at least it's not just me ;) He posted about it on the Talking Sasquach Discord channel.

@justcallmekoko - This is the 6th person to complain about this issue, my guess is when running PMKID it's missing the ability to target the correct AP and is looking just at the traffic on the channel rather than narrowing the scope.

@InfoSecREDD
Copy link

@Dochartaigh please close the issue, we have linked the solution to it in Sasquach's Discord.

@Dochartaigh
Copy link
Author

Just so people know the solution: In Talking Sasquach's (very popular) 2024 video on WiFi and Marauder, when he's going over the process in the WiFi Marauder app, in the "Sniff (pmkid)" options, he mistakingly says to choose "Active (ForceDeauth)". This is incorrect – you want to use the "Targeted Active (List)" option. That's the one which should scan ONLY the network/SSID you have selected.

...have a feeling with that video being so popular, and so many people reporting this as an issue, probably quite a few watched that same video and are making the same mistake.

@MastiffJeff
Copy link

I just tested this, target on channel 3, used Targeted Active PCAP file was my home router on channel 10.

@Dochartaigh Dochartaigh reopened this Mar 9, 2024
@Dochartaigh
Copy link
Author

Dochartaigh commented Mar 9, 2024
edited

Sorry to re-open but I just did some more testing with "Targeted Active (List)"... and just like when I was using "Active (Force Deauth)", the PCAP I got was for the WRONG network again! ...so I think this is still broke.

On the "Flipper Zero Level Up" Facebook group (where somebody posted about this GitHub ticket) another user posted saying he ALWAYS uses "Targeted Active (List)" from the beginning and he likewise gets PCAP's for the wrong network so that's another person confirming this... so this leads me to believe this bug effects multiple Sniff (pmkid) options.

Also wanted to note that for anybody trying to duplicate this bug (besides being aware it doesn't happen 100% of the time) I think you also HAVE to be in a very Wi-Fi heavy area. We think it's scanning EVERYTHING on a single channel to grab a PCAP - so the PCAP you get back could be the network you selected on that channel, but it could also be some other RANDOM network on that SAME Channel. When I "Scan (ap)" on mine, after 30 seconds there's 50+ SSID's listed, with TONS on the same channel... (just in case somebody posts saying theirs works fine)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Dochartaigh @InfoSecREDD @intentethan @MastiffJeff