10/6/2018 Turning a $10 ESP32 into a Hacker Arsenal’s WiNX Portable clone.

Tomas C. Follow
Linux All The Things!!!
Sep 11, 2017 · 3 min read

Turning a $10 ESP32 into a Hacker Arsenal’s

WiNX Portable clone.
All of us have heard about or used Hacker Gadgets like the WiFi
Pineapple, PoisonTap, Rubber Ducky, Minipwner, Pwn Plug,
ESPdeauther, etc. These small devices are great to use for penetration
testing engagements, security awareness demos, social engineering
tasks or just explaining security implications in a fun way to non-
security professionals! but what does it take to build one? In this
article, we will teach you how to build one of these devices: a WiNX
Portable Clone for less than $10 from scratch.

WiNX Portable: Hacker Arsenal

The WiNX Portable is the lasted addition to the pentester or hacker

toolbox. The creation of famous hacker Vivek Ramachandran and is
sold in his Hacker Arsenal store at $59. The WiNX and WiNX Portable
are multi-purpose Wi-Fi attack-defense platform which can be used for
several scenarios based on the rmware on the device (WiFi Honeypot,
Captive Portal, WiFi Sni er, Wi Scanner and more).

One of the rst things I noticed while reading through their shop was
that the hardware was identical to the $10 WeMos WiFi + Bluetooth
Battery ESP32 Development Tool I have lying around. The ESP32 is a
WiFi capable Arduino compatible CPU, like the ESP8266, but runs a
dual core that also supports Bluetooth and more GPIO. The WeMos
Development board includes a dual power option: 18650 lithium
battery or from MicroUSB power/charging port.

https://medium.com/@tomac/turning-a-10-esp32-into-a-hacker-arsenals-winx-portable-clone-46c37c1508cd 1/5
10/6/2018 Turning a $10 ESP32 into a Hacker Arsenal’s WiNX Portable clone.

Taking a look at the download section in hacker arsenal, I see that

rmware les are available and include instructions for using the
ESP32 python serial port asher. The Wemos module contains a
CP2102 serial adapter that is automatically recognized. So why not
give it a try?

python esptool.py --chip esp32 --port /dev/ttyUSB0 --baud

921600 --before default_reset --after hard_reset write_flash
-z --flash_freq 80m --flash_mode dio --flash_size 4MB 0x1000
bootloader.bin 0x8000 WiNX-Deception.ino.partitions.bin
0xe000 boot_WiNX-Deception.bin 0x10000 WiNX-
Deception.ino.bin

It works! Updating the rmware is as simple as uploading the WiNX

rmware les using the above commands. Once you do it is as simple as
logging in via serial terminal and setting it up WiNX. After loading the
deception rmware and power cycle I can see a new wi SSID
“Internet” where whatever the page that I visit invites to enter my user
and password.

https://medium.com/@tomac/turning-a-10-esp32-into-a-hacker-arsenals-winx-portable-clone-46c37c1508cd 2/5
10/6/2018 Turning a $10 ESP32 into a Hacker Arsenal’s WiNX Portable clone.

Although the scanner and sni er rmwares also are interesting, they
require a always-connected PC. Where our WiNX clone really shines is
as a captive o ensive portal. It allows to display several prede ned
login pages or to load our own custom html. The credentials are
internally recorded and can then be extracted via serial port. The
settings and data are persistent and retained across reboots. This allows
the device to run on 18650 battery or USB powerbank for days while
collecting data. With such a small price and battery life multiple of
these devices can be dropped into the target area waiting for a victim.

Fake WinNX captive portal

https://medium.com/@tomac/turning-a-10-esp32-into-a-hacker-arsenals-winx-portable-clone-46c37c1508cd 3/5
10/6/2018 Turning a $10 ESP32 into a Hacker Arsenal’s WiNX Portable clone.

In addition, our board can be used as an standard ESP32 development

kit, taking advantage of its WiFi and BLE capabilities for example to
create an ibeacon emulator.

https://medium.com/@tomac/turning-a-10-esp32-into-a-hacker-arsenals-winx-portable-clone-46c37c1508cd 4/5
10/6/2018 Turning a $10 ESP32 into a Hacker Arsenal’s WiNX Portable clone.

https://medium.com/@tomac/turning-a-10-esp32-into-a-hacker-arsenals-winx-portable-clone-46c37c1508cd 5/5