search

whid-injector / WHID

WiFi HID Injector - An USB Rubberducky / BadUSB On Steroids.
MIT License
1.65k stars 244 forks source link

Unable to connect to WHID access point even after software/hardware reset/reflashing #62

Open lightzmare opened 4 years ago

lightzmare commented 4 years ago

Hi,

Received my WHID Cactus but I have been struggling to get my devices connected to its access point.

Straight out of the box, the SSID would not show up on any of my Apple devices (MacBook Air 7,2 on macOS Catalina 10.15.6, iPhone XS on iOS 14) but would appear on my Google Pixel 1 (on Android 10)... I type in the default password which is DotAgency, the AP is registered as a saved network but does not connect to it. Retrying to connect to it by clicking on the saved AP in the WiFi list and hitting Connect briefly kicks me out of my home WiFi but, again, does not connect to the Cactus AP.

Tried to fiddle with Android's debugging tool to get logs while it's trying to connect, I'm putting below a paste of it in case that's of any relevance...

Moving on: After searching through the wiki for a solution to my issue, I read at the bottom of the Software Unbrick & Reset to Default Configuration section that some devices can experience issues to connect to the Cactus while it's password protected and to solve that, going through the software unbrick steps but sending ResetDefaultConfig:OpenNetwork as the command instead of the one mentioned in the guide would help.

Downloaded Arduino IDE (v1.8.13), opened it, clicked on Tools in menu bar then selected Lily Arduino USB as the board and the corresponding port for it. Opened the Serial Monitor and sent the command ResetDefaultConfig:OpenNetwork after setting the baud value to 38400... Serial Monitor tool shows feedback that it's Relaying command to connected ESP device (without ever sending a reply back that it's done), I see the Cactus flash as the command is sent, I wait a few seconds before unplugging the Cactus from my USB port and plugging it back in. Now, still the same issue where SSID only shows on my Pixel only (tried to manually add the AP to my Apple devices with no result) and - surprise - with no password to it... I just click to connect but alas, same problem, it tries to connect but simply fails... Checking the ADB log of my Pixel, it's just saying that it cannot find the network...

At this point, I sent a ResetDefaultConfig: in Arduino's Serial Monitor to perform a software reset, command is relayed and AP shows again (only on my Pixel) with default password to be entered but still won't connect to it after typing it in.

I decide to go for a hard-reset using a magnet that I rub close to the sensor hall and away, doing this twice where I see the blue LED of the Cactus blinking every time after each time I rubbed the magnet.

Result of this: AP shows (again only on Pixel) with password, I type it in but it won't connect. Tried to manually add it to my Mac and iPhone, both devices say they cannot this network.

Now almost out of options and desperate to get this working, I went to exploitagency's ESPloitV2 GitHub page to see if there was anything there that could help me... Followed thoroughly the whole Initial Flasing guide, thinking that reflashing the board would help but it did not. I still cannot access the AP.

At this point, I'm totally out of options and coming here for help, in hope that a solution to my issue would be generously shared with me...

Thanks a lot in advance.

ADB log while trying to connect to AP: 

08-26 22:00:28.149  1227  1502 D WifiService: SAVE nid=0 config=* ID: -1 SSID: "Exploit" PROVIDER-NAME: null BSSID: null FQDN: null PRIO: 0 HIDDEN: false PMF: false
08-26 22:00:28.149  1227  1502 D WifiService:  NetworkSelectionStatus NETWORK_SELECTION_ENABLED
08-26 22:00:28.149  1227  1502 D WifiService:  hasEverConnected: false
08-26 22:00:28.149  1227  1502 D WifiService:  trusted
08-26 22:00:28.149  1227  1502 D WifiService:  macRandomizationSetting: 1
08-26 22:00:28.149  1227  1502 D WifiService:  mRandomizedMacAddress: 02:00:00:00:00:00
08-26 22:00:28.149  1227  1502 D WifiService:  KeyMgmt: WPA_PSK Protocols:
08-26 22:00:28.149  1227  1502 D WifiService:  AuthAlgorithms:
08-26 22:00:28.149  1227  1502 D WifiService:  PairwiseCiphers:
08-26 22:00:28.149  1227  1502 D WifiService:  GroupCiphers:
08-26 22:00:28.149  1227  1502 D WifiService:  GroupMgmtCiphers:
08-26 22:00:28.149  1227  1502 D WifiService:  SuiteBCiphers:
08-26 22:00:28.149  1227  1502 D WifiService:  PSK/SAE: *
08-26 22:00:28.149  1227  1502 D WifiService: Enterprise config:
08-26 22:00:28.149  1227  1502 D WifiService: IP config:
08-26 22:00:28.149  1227  1502 D WifiService: IP assignment: DHCP
08-26 22:00:28.149  1227  1502 D WifiService: Proxy settings: NONE
08-26 22:00:28.149  1227  1502 D WifiService:  cuid=-1 luid=-1 lcuid=0 userApproved=USER_UNSPECIFIED noInternetAccessExpected=false 
08-26 22:00:28.149  1227  1502 D WifiService: recentFailure: Association Rejection code: 0
08-26 22:00:28.149  1227  1502 D WifiService:  uid=1000 name=android.uid.system:1000
08-26 22:00:28.149  1227  1503 E WifiConfigManager: Cannot find network with configKey "Exploit"WPA_PSK
08-26 22:00:28.149  1227  1503 E WifiConfigManager: Cannot find network with networkId -1 or configKey "Exploit"WPA_PSK
08-26 22:00:28.153  1227  1502 D WifiService: CONNECT  nid=-1 config=* ID: -1 SSID: "Exploit" PROVIDER-NAME: null BSSID: null FQDN: null PRIO: 0 HIDDEN: false PMF: false
08-26 22:00:28.153  1227  1502 D WifiService:  NetworkSelectionStatus NETWORK_SELECTION_ENABLED
08-26 22:00:28.153  1227  1502 D WifiService:  hasEverConnected: false
08-26 22:00:28.153  1227  1502 D WifiService:  trusted
08-26 22:00:28.153  1227  1502 D WifiService:  macRandomizationSetting: 1
08-26 22:00:28.153  1227  1502 D WifiService:  mRandomizedMacAddress: 02:00:00:00:00:00
08-26 22:00:28.153  1227  1502 D WifiService:  KeyMgmt: WPA_PSK Protocols:
08-26 22:00:28.153  1227  1502 D WifiService:  AuthAlgorithms:
08-26 22:00:28.153  1227  1502 D WifiService:  PairwiseCiphers:
08-26 22:00:28.153  1227  1502 D WifiService:  GroupCiphers:
08-26 22:00:28.153  1227  1502 D WifiService:  GroupMgmtCiphers:
08-26 22:00:28.153  1227  1502 D WifiService:  SuiteBCiphers:
08-26 22:00:28.153  1227  1502 D WifiService:  PSK/SAE: *
08-26 22:00:28.153  1227  1502 D WifiService: Enterprise config:
08-26 22:00:28.153  1227  1502 D WifiService: IP config:
08-26 22:00:28.153  1227  1502 D WifiService: IP assignment: DHCP
08-26 22:00:28.153  1227  1502 D WifiService: Proxy settings: NONE
08-26 22:00:28.153  1227  1502 D WifiService:  cuid=-1 luid=-1 lcuid=0 userApproved=USER_UNSPECIFIED noInternetAccessExpected=false 
08-26 22:00:28.153  1227  1502 D WifiService: recentFailure: Association Rejection code: 0
08-26 22:00:28.153  1227  1502 D WifiService:  uid=1000 name=android.uid.system:1000
08-26 22:00:28.188  1227  1503 E WifiConfigManager: Cannot find network with configKey "Exploit"WPA_PSK
LTOWN810 commented 3 years ago

Having the exact same issues would love to hear and see in your future research and if I come across something promising to resolve this issue I will certainly let you know and if you could keep me in mind on this matter I would really appreciate it. Keep in touch

razvan420 commented 1 year ago

+1