by hash3liZer . 21 October 2018
I came across an occasion upon I build a Wireless Jammer with Raspberry Pi 3 and almost flooded my target wireless network. WiFi Jammers are as clear from the name used to disconnect the stations of an Access Point or Access Points. The flooding works by continuous dispatching of de-authentication frames, inter-relating the Access Point and target station.
In simple, it could prove a very powerful device if so operated legally within the framework of laws. There are a number of Jamming scripts available on GitHub for the purpose. Best of those we got at the moment is by DanMcInerney. I choose it because of it's roaming feature. The number of Access Points is specified so in case you are not in a stationary position, the collected list would be flushed out.
The process would continue to take place and upon every 10th station, the list would flush again. The effectiveness of dispatching frames depends on your wireless adapter. A powerful adapter like Alfa can send frames about a block radius.
The script is available on GitHub. Clone into it using git and install:
$ git clone https://github.com/DanMcInerney/wifijammer.git $ cd wifijammer/ $ python setup.py install
A link would be created to the default commands execution directory. Verify by pushing the help manual:
$ wifijammer --help
Continue with this command:
$ sudo wifijammer
The process takes place by first locating the most powerful Wireless Adapter attached to the system. It then is placed in monitor mode and NetworkManager will be stopped. Then channels will sequentially be hoped according to the given range and script will try to locate Access Points. As soon as an access point will be located and its clients will be discovered, de-authentication step will occur.
Three kinds of dissociation packets will be transferred. One from Access Point, one to Access Point and one to broadcast address. Note that de-authentication packet will be sent only when a data frame is captured regarding the Access Point.
A target network can directly be specified using -a option:
$ wifijammer -p 10 -a aa:bb:cc:dd:00:12 -c 6
This will only target networks with bssid aa:bb:cc:dd:00:12, operating on channel 6. -p option specified the number of de-auth packets to send.
The problem at the moment we got is when the jammer is continuously moving or not in a stationary postion. The script will keep adding the discovered networks without flushing the previous networks which are no longer in range. However, the script provides with a flushing facility which will flush the list after a specific number of Access points. Take this example:
$ wifijammer --maximum 20 --directedonly
Now, we know to fire up a simple jammer from the raspbian. All we need is to push it as a startup program. There a number of ways to start a program on startup. We will pick the most easiest one. Open the file rc.local and add the jamming command into the file:
$ nano /etc/rc.local
$ wifijammer --maximum 20 --directedonly &
Press CTRL+X and then y to save the file. Reboot your Raspberry and you are good to go with your wireless jammer:
$ sudo reboot
Wireless Jammers are stress-testing devices designed for special purposes like by big orgnaziations to manage their data and other important stuff you could think of. Note that using any kind of jammer is illegal and the utilizer could have to pay up to $100,000 fine which is pretty huge. So, always make sure that you either have full authority of the target or atleast have a consent of your target network.