wireless.md

Wireless Stuff

Content

• 802.11
• 802.15.4
• Bluetooth
• Linux
• Misc
• Radio Controllers
• SDR

802.11

• Tools
  • aircrack-ng: complete suite of tools to assess WiFi network security.
    • GitHub: WiFi security auditing tools suite
  • airpwn-ng: Packet injection for wifi.
  • bettercap: Swiss Army knife for WiFi, Bluetooth Low Energy, wireless HID hijacking.
    • GitHub: source code repository.
  • ESP32 802.11 TX: Send arbitrary IEEE 802.11 frames with Espressif's ESP32.
  • ESP32 ESP8266 attacks: Proof of Concept of ESP32/8266 Wi-Fi vulnerabilties.
  • ESP32 Marauder: suite of WiFi/Bluetooth offensive and defensive tools for the ESP32.
  • Kismet: Wi-Fi, Bluetooth, RF, and more
    • GitHub: Kismet and related tools and libraries for wireless monitoring, transmitting, and auditing.
  • libwifi: an 802.11 (WiFi) Frame Generation and Parsing Library in C.
    • github repo: libwifi github repository
  • libwifi (nukesor): rust library for parsing IEE 802.11 frames.
  • libwifi (vanhoefm): python and scapy scripts for Wi-Fi.
  • nexmon: The C-based Firmware Patching Framework for Broadcom/Cypress WiFi Chips.
  • pawnagotchi: A2C-based “AI” powered by bettercap and running on a Raspberry Pi Zero W that learns from its surrounding WiFi environment in order to maximize the crackable WPA key material it captures/
  • wifijammer: Continuously jam all wifi clients/routers.
  • wifiphisher: The Rogue Access Point Framework.
  • wifipumpkin3: Powerful framework for rogue access point attack.
• esp-wifi: WIP / POC for using the ESP32-C3, ESP32-S3 and ESP32 wifi drivers in bare-metal Rust.
• USB-WiFi: USB WiFi Adapter Information for Linux

802.15.4

• KillerBee: IEEE 802.15.4/ZigBee Security Research Toolkit.

Bluetooth

• Awesome bluetooth security: useful references for anyone working with Bluetooth BR/EDR/LE or Mesh security.
• BLE Security Attack Defence: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth LE stacks.
• Tools
  • BTLE: Bluetooth Low Energy (BLE) packet sniffer and transmitter for both standard and non standard (raw bit) based on Software Defined Radio (SDR).
  • btlejack: Bluetooth Low Energy Swiss-army knife.
  • ESP32 bluetooth classic sniffer: Active Bluetooth BR/EDR Sniffer/Injector as cheap as any ESP32 board can get.
  • ice9-bluetooth-sniffer: Wireshark Bluetooth sniffer for HackRF, BladeRF, and USRP.
  • internalblue: About Bluetooth experimentation framework for Broadcom and Cypress chips.
  • Injectable firmware: Custom firmware for nrf52840-dongle.
  • nRF sniffer: Bluetooth LE sniffer from nordic.
  • Sniffle: A sniffer for Bluetooth 5 and 4.x LE

linux

• Linux Wireless wiki: Documentation for the Linux wireless (IEEE-802.11) subsystem.
• Realtek drivers:
  • RTL88x2BU: Linux Driver for USB WiFi Adapters that are based on the RTL8812BU and RTL8822BU Chipset.

Misc

• Awesome CTS: curated list of Capture The Signal CTF related stuff.
• cts.ninja: CTF focused on radio signal reverse engineering
• Mirage: powerful and modular framework dedicated to the security analysis of wireless communications.
• Signal Identification Guide: help identify radio signals through example sounds and waterfall images.

Radio Controllers

SDR and SDP

• Hardware
  • BladeRF: 2x2 MIMO, 47MHz to 6GHz frequency range
    • GitHub: bladeRF USB 3.0 Superspeed Software Defined Radio Source Code.
  • HackRF One: oftware Defined Radio peripheral capable of transmission or reception of radio signals from 1 MHz to 6 GHz.
    • GitHub: low cost software radio platform.
  • LimeSDR: low cost, open source, apps-enabled software defined radio (SDR).
    • GitHub: LimeSdr software
• Libraries
  • FISSURE: RF and reverse engineering framework for everyone.
  • GNU Radio: development toolkit that provides signal processing blocks to implement software radios.
    • GitHub: the Free and Open Software Radio Ecosystem.
  • LiquidSDR: free and open-source signal processing library for software-defined radios.
    • liquid-dsp: digital signal processing library for software-defined radios.
  • OpenOFDM: Sythesizable, modular Verilog implementation of 802.11 OFDM decoder.
• Theory
  • dspguide: The Scientist and Engineer's Guide to Digital Signal Processing.
  • pysdr: A Guide to SDR and DSP using Python.
  • sdre: Software-Defined Radio for Engineers.
• Tools
  • sdrangel: SDR Rx/Tx software
  • SDRPlusPlusA: Cross-Platform SDR Software
  • urh: Universal Radio Hacker