A Geiger Counter for WiFi Deauthentication Frames: the Telephreak 12 Badge

Things I love: Electronics, Nuclear stuff
Things I hate: Kids shitting up the WiFi

I was nearly complete with a completely different badge for Telephreak this year, but then an idea popped into my head while watching the excellent Chernobyl miniseries. What if you had a device that worked like a directional geiger counter, but would chirp at WiFi deauthentication frames instead?

Thus begins the story of how I failed to deliver a completed badge on time for DEFCON 27.

Aside from the basic function of this badge, there were some goals I wanted to expand on that weren’t fully realized with last year’s badge. I wanted to make a hackable platform that people could continue to have fun with, and I wanted to make something that could be useful on its own.

The ESP32 seemed like it’d be a natural fit for the goals of this badge. It’s inexpensive, powerful, and widely-supported.

I decided early on, having done the software prototyping on an Adafruit HUZZAH32, that I would reimplement their design, as well as reimplement the design of the ESP32 WiFi module they used, while keeping everything 100% compatible and functional, so the badge itself could be used as a target in the Arduino IDE and could make use of the full Adafruit Feather ecosystem, making it a truly open-ended platform for hacking and mischief.

I wanted to make the device work directionally, so it could actually be used to find people using Pineapples and whatnot, but the PCB Yagi antenna I put together (based on a TI reference implementation) ended up taking up way too much space on the board, and would require building a four-layer design that would cost more; at this point I was already at ~$40 per badge. Someone joked about putting the badges inside of Pringles cans and using an omnidirectional PCB antenna. That gave me an idea. Enter: the notch.

The idea was simple – I’d cut notches in the board around the omnidirectional PCB antenna, cut a slice in a copper tube cap you can get at any hardware store to slide it over the board, and then solder it to the ground plane. In theory, this should work similarly and let me keep the board simpler. It’d also look pretty damn cool.

What went wrong? I simply didn’t allocate enough time to get this project completed. So far, I’ve had to do extra rounds of prototyping to fix hardware errors – so far all relating to bad component footprints. I can deadbug an SOT-23-5 but deadbugging a VQFN64… not so much. And these boards have some interesting tolerances (and cuts) so it’s taking my fabs in China longer to get me working boards to test with. Currently I’m waiting on what I believe will be the final revision where I can wrap up the software (mostly just user interface stuff), validate the electronics, and make the hardware prettier for the final version.

Anyways, we’ll figure out the logistics of getting everyone their badges, and figure out how to sell them to people interested in buying one.

Give us some time; I’ve still got a number of badges from last year that need to be mailed.