Rick Roll Beacon

Menu Location

WiFi>Attacks>Rick Roll Beacon

Info

The ESP32 is capable of transmitting specially crafted WiFi packets.
In a Rick Roll Beacon attack, specially crafted beacon frames are transmitted so the lyrics of "Never Gonna Give You Up" display in the network lists of devices in range of the transmission.

Transmitting

The base data required for all beacon frame to transmit successfully is hardcoded in the Marauder firmware.

// barebones packet
    uint8_t packet[128] = { 0x80, 0x00, 0x00, 0x00, //Frame Control, Duration
                    /*4*/   0xff, 0xff, 0xff, 0xff, 0xff, 0xff, //Destination address 
                    /*10*/  0x01, 0x02, 0x03, 0x04, 0x05, 0x06, //Source address - overwritten later
                    /*16*/  0x01, 0x02, 0x03, 0x04, 0x05, 0x06, //BSSID - overwritten to the same as the source address
                    /*22*/  0xc0, 0x6c, //Seq-ctl
                    /*24*/  0x83, 0x51, 0xf7, 0x8f, 0x0f, 0x00, 0x00, 0x00, //timestamp - the number of microseconds the AP has been active
                    /*32*/  0x64, 0x00, //Beacon interval
                    /*34*/  0x01, 0x04, //Capability info
                    /* SSID */
                    /*36*/  0x00
                    };

The /* SSID */ tag is replaced by an ESSID containing a portion of the the lyrics from "Never Gonna Give You Up".
The bytes placeholder for the BSSID are replaced by randomly generated bytes.

The packet rate is displayed on screen.

This function can be exited by touching the screen. Once exited, the user will be sent back to the menu.