How to turn your Raspberry Pi into a WiFi (Wireless) Jammer

by hash3liZer . 21 October 2018

How to turn your Raspberry Pi into a WiFi (Wireless) Jammer

I came across an occasion upon I build a Wireless Jammer with Raspberry Pi 3 and almost flooded my target wireless network. WiFi Jammers are as clear from the name used to disconnect the stations of an Access Point or Access Points. The flooding works by continuous dispatching of de-authentication frames, inter-relating the Access Point and target station.

In simple, it could prove a very powerful device if so operated legally within the framework of laws. There are a number of Jamming scripts available on GitHub for the purpose. Best of those we got at the moment is by DanMcInerney. I choose it because of it's roaming feature. The number of Access Points is specified so in case you are not in a stationary position, the collected list would be flushed out.

The process would continue to take place and upon every 10th station, the list would flush again. The effectiveness of dispatching frames depends on your wireless adapter. A powerful adapter like Alfa can send frames about a block radius.

STEP 1

Clone into wifijammer

The script is available on GitHub. Clone into it using git and install:

$ git clone https://github.com/DanMcInerney/wifijammer.git
$ cd wifijammer/
$ python setup.py install
Installation

A link would be created to the default commands execution directory. Verify by pushing the help manual:

$ wifijammer --help
help manual

STEP 2

A simple turn

Continue with this command:

$ sudo wifijammer
wifijammer

The process takes place by first locating the most powerful Wireless Adapter attached to the system. It then is placed in monitor mode and NetworkManager will be stopped. Then channels will sequentially be hoped according to the given range and script will try to locate Access Points. As soon as an access point will be located and its clients will be discovered, de-authentication step will occur.

Three kinds of dissociation packets will be transferred. One from Access Point, one to Access Point and one to broadcast address. Note that de-authentication packet will be sent only when a data frame is captured regarding the Access Point.

STEP 3

Specific Network

A target network can directly be specified using -a option:

$ wifijammer -p 10 -a aa:bb:cc:dd:00:12 -c 6

This will only target networks with bssid aa:bb:cc:dd:00:12, operating on channel 6. -p option specified the number of de-auth packets to send.

STEP 4

Wandering Jammer

The problem at the moment we got is when the jammer is continuously moving or not in a stationary postion. The script will keep adding the discovered networks without flushing the previous networks which are no longer in range. However, the script provides with a flushing facility which will flush the list after a specific number of Access points. Take this example:

$ wifijammer --maximum 20 --directedonly
  • -m, --maximum: Number of Access Point after the list to be flushed.
  • -d, --directonly: Do not send de-auth frames to broadcast address
jammer

STEP 5

Pushing it as a Startup Program

Now, we know to fire up a simple jammer from the raspbian. All we need is to push it as a startup program. There a number of ways to start a program on startup. We will pick the most easiest one. Open the file rc.local and add the jamming command into the file:

$ nano /etc/rc.local

Command:

$ wifijammer --maximum 20 --directedonly &
jammer

Press CTRL+X and then y to save the file. Reboot your Raspberry and you are good to go with your wireless jammer:

$ sudo reboot

Conclusion

Wireless Jammers are stress-testing devices designed for special purposes like by big orgnaziations to manage their data and other important stuff you could think of. Note that using any kind of jammer is illegal and the utilizer could have to pay up to $100,000 fine which is pretty huge. So, always make sure that you either have full authority of the target or atleast have a consent of your target network.