ESP32/Flipper WiFi Spoofer/Deauther

Recently I bought a FlipperZero to learn more about RFID/NFC tag types and sub-Ghz frequencies and modulation. I’ve been having a ton of fun with this and reading through some GitHub repos I found some people are adding Wi-Fi and Bluetooth capabilities. This was being done with a separately sold devboard that uses the ESP32 module (as this is thought to be an included capability in the Flipper’s successor) with the custom Marauder firmware released by justcallmekoko.

Since these devboards were out of stock or scalped I decided to go with purchasing the ESP32-WROOM module from amazon for a sweet $7. The Flipper provides GPIO pins for Arduino modules so to get this board attached I needed some right-angle breadboard headers and a protoboard to connect the module to. I soldered the GRN, 3v PWR, and Tx-Rx pins (excuse my god-awful solder work, it’s been a minute). And that’s it!

From here, we flash the Marauder firmware to the board using either Arduino’s IDE, a web flasher, or bat script with firmware linked in koko’s wiki. I decided to go with the IDE install. After installing the board package and loading the firmware on the ESP-32 module, we should be good to go!

I want to note that I have the custom RogueMaster firmware on my FlipperZero which includes the .fap file for Marauder already. If you are running stock firmware you will have to install the file from the RogueMaster linked repos here.

We plug it in and have power! Loading up the app we see the log works and can start scanning access points.

We can list out access points after scanning and find ours, then start the deauth attack to send deauthenticate packets to that point! We could also change to a particular station to deauthenticate rather than all devices connected to the AP.

With the Marauder firmware we can spoof SSID’s, probe for connected stations, and scan for Bluetooth devices nearby (the ESP-32 module has both Wi-Fi and Bluetooth capabilities compared to the ESP-8266 which only supports 2.4Ghz Wi-Fi).

I was interested in adding the capability to run a continuous scan and append discovered APs to a list along with geographic data to submit for wardriving for hobbyists through my connected phone. Unfortunately, the source code for the Marauder firmware is a bit daunting for me but this could be a future project!