Creating a lot of fake access pointsTechnically it does not create any access points, but if you list the available access points with your phone or computer you will see a really a lot of them all with a random name and no encryption. The ESP8266 does it with sending beacon frames, similarly to the ones routers are using to advertise their wifi network. The original blogpost I was using is here: http://ruralhacker.blogspot.it/2016/01/esp8266-jamming.html and the code is here: https://github.com/kripthor/WiFiBeaconJam It was working for me flawlessly.
Disconnecting everyone from the wifiThere is a known attack against wifi networks: it is pretty easy to forge a deauth packet in the name of the access point and send it to the clients, and they will drop the connection (and usually try to reconnect). I was using this code from github: https://github.com/RandDruid/esp8266-deauth but it took me a while to make it work.
The problem is, that the developers of ESP8266 do not really want us to send these type of packages with the module. They (accidentally) added the functionality in SDK v1.3.0 but they removed it in v1.5.0. So we have to use v1.3.0. To do this with the Arduino IDE I did the followings:
- I used a freshly downloaded Arduino 1.6.5
- Then I added the staging version of esp8266 to Board Manager (more info: https://github.com/esp8266/Arduino)
- I installed the ESP8266 boards version 2.1.0-rc2 from the Board Manager. The version is really important, because they use the SDK v1.3.0.
- Then I edited the user-interface.h, because although the functionality is presented in the binaries of the SDK, it is not included in the header files. The user-interface.h was under ~/.arduino15/packages/esp8266/hardware/esp8266/2.0.0-rc2/tools/sdk/include/user_interface.h (I'm using Ubuntu).
I simply added the following lines to the end of the file (before the #endif):
typedef void (*freedom_outside_cb_t)(uint8 status);
int wifi_register_send_pkt_freedom_cb(freedom_outside_cb_t cb);
int wifi_send_pkt_freedom(uint8 *buf, int len, bool sys_seq);
I have also tried to run the improved version using 2 ESP8266 module (https://github.com/RandDruid/esp8266-deauth2), but I couldn't make it work so far.