Hacker Detector

Hacker Detector

A small device that uses the MAX32620FTHR and an ESP8266 to detect hackers over WiFi.

Story

Hacking is a common problem in today’s world. People are constantly getting hacked and hackers are destroying people’s privacy via identity theft, which as a result can put people in danger and ruin their safety. Privacy is growing to be more and more of a safety issue each day. This project is a submission for the Unleash Invisible Intelligence by Maxim and is under the personal safety category.

Has your phone every told you that a wifi network (i.e. public network) isn’t safe to join, or your privacy could be compromised because a certain website doesn’t follow the latest security standards? Have you ever wanted to know if a hacker was on a network, maliciously collecting people’s passwords? Now you can. Introducing the Hacker Detector

The hacker detector is a simple device that allows people to know if a hacker is detected on the WiFi of their choice. Using the MAX32620FTHR, this project is able to come alive.

How Are Hackers Detected?

A common form of hacking over wifi is called DNS spoofing. DNS spoofing simply means hosting a fake or clone website trying to mimic the real website. My idea for detecting hackers is to spot “fake” websites and alert people that hackers may be trying to collect their data through false websites.

My project is divided into two sections: Code and Hardware.

If you are going to complete this cool project, please complete the Code section first as it goes over the drivers and boards installation.

The Code

There are many ways to hack. My device is designed to detect the most relevant form of attack over a wifi network. This is called: “DNS Spoofing”. DNS spoofing allows hackers to redirect (or “spoof”) a webpage (DNS) that someone looks up on a wifi network! For example, you could be looking up ebay.com. A hacker would then serve you a cloned version of ebay.com. If you enter in your credentials (account password and username), you are essentially giving them to the hacker!

DNS stands for Domain Name System and is a system for naming computers, or IP addresses, over the internet. For example, the IP address: 172.217.8.132, is www.google.com ’s IP. If you type this into a browser, it will load the Google home page. As you look it up, a DNS will translate that IP into the Domain Name: google.com.

Another component of this attack is ARP spoofing, ARP spoofing is required for the Domain name to be spoofed. ARP stands for Address Resolution Protocol, and is a protocol for “linking” a MAC address to an IP (mostly ipv4). This allows devices on the internet to know which IP coordinates with what devices. Hackers will then trick, using the ARP system, all the devices on the LAN (Local area network) to think that they (or the computer that they are using) is the router! That way all traffic (webpage lookups, http and https request, UDP and TCP requests, and so on) is routed to their computer! Then, they take the information that they are getting, and forward it to the router. This is called a MITM attack, known as a Man-in-the-middle attack. This means that all the devices on the LAN do not know that there is someone collecting their data.

DNS spoofing comes in after the ARP spoofing is completed. When a webpage lookup is requested, the hacker will then hand them the wrong webpage instead of the right one! Unfortunately, this is a very easy hack to perform! My device is aimed at detecting false websites served on a LANand alerting the user that there is a hacker on the wifinetwork.

You might be thinking, how is this attack detected? Most modern day websites will have a form of encryption on them. This encryption will be locked with a SSL certificate. Each SSL certificate has its own key, often having a SHA-1 or SHA-256 bit encryption on it. These keys ARE VERY DIFFICULT to copy and most regular hackers will not be attempting to copy these keys. The Hacker Detector looks up the website via https, pulls up the certificate, and compares the key found on the website to a key stored on the code. This way it can detect if a DNS attack is being done and if there is potential hackers on the network.

This may be new information for you, but the bottom line is that my device detects false websites over the wifi network. After all of that, let's get down to the code and how to download the drivers necessary to upload the code.

The Drivers

(Steps for mac)

To use the driver, please go to:

https://github.com/mengbo/ch340g-ch34g-ch34x-mac-os-x-driver

and download the 1.4 version. Unzip the package. First open your terminal and enter these two commands.

sudo rm -rf /System/Library/Extensions/usb.kext
sudo rm -rf /Library/Extensions/usbserial.kext

These will make sure that any other USB drivers that will interfere are removed.

Restart your computer.

If you are using a mac with High Sierra, there is a security bug. When you are doing the installation process, and you get a security notification, BEFORE you click “OK”, please open settings and navigate to “Security and Privacy”. There will be a message towards the bottom saying that the installation is not authorized. Click allow and enter in your credentials.

Arduino Boards Installation

Navigate to preferences for the Arduino IDE. Click the “Additional Boards ManagerURLs” button and copy and paste the following:

-------------------------------------------------------------------------------------------------------

http://arduino.esp8266.com/stable/package_esp8266com_index.json

https://raw.githubusercontent.com/maximintegratedmicros/arduino-collateral/master/package_maxim_index.json

Click OK and exit out of that window. Navigate to the Tools section and click “BoardsManager, which is located under Board.”

Find the Maxim’s 32-bit Micro-controller and select install.

Find the ESP8266 and select install

Then find the Adafruit SSD306 library and click install. Also find the Adafruit GFX library and click install for that as well.

You have finished all the installation processes!

-----------

For the library to work you need to make some small edits to them. Navigate to where your Arduino sketches are stored and you will find a folder named: "libraries". Open this folder up and open the files: Adafruit_SPITFT.h and Adafruit_SPITFT.cpp and delete the contents of these files. I used Microsoft's Visual Studio Code to edit the files, but you should be able to just use TextEdit.

-----------

WIFICA.ino

WifiCA (wifi certification) does the bulk of the work of detecting the hacker. This code is uploaded onto the ESP8266 module, but that will be demonstrated in the Hardware section.

The first thing in WifiCA that you will notice is: struct Wifi. This struct consists of two Strings, said and password. This will help you when you need to add more than one wifi to the code. For instance you can add multiple restaurant wifis and different locations that you travel to that have wifi. The devices will scan for recognized wifi and try to connect to any known wifi. This is a neat feature for using more than one wifi.

To add more than one wifi, simply open up the file and navigate to the setup() void. Towards the top of the void, there will be a comment line that says:

//to add wifis, create a struct and add a ssid and password

To add a wifi, declare a struct of type wifi and add a said and password.

struct Wifi yourWifi;
yourWifi.ssid = "MyWifiName";
yourWifi.password = "MyPassword";

Then you will see another comment:

 // add your struct to the array

Simply add the code below the struct array (increasing the position value for each wifi added).

 wifis[0] = yourwifi;

After that you can add as many wifi networks as you want.

Hackers are detected on websites that have an incorrect or not present SSL certificate. The more websites scanned, the more accuracy you have of detecting a hacker. I included some major websites in my code, but feel free to try whatever you want. I have tried to scan google.com, but they have a different method for using the SSL certificate so it didn't work. Keep this in mind in case a website you put isn't working.

To add a website do the following:

Towards the top of the file you will see four sets of websites, the host and the certificate. Duplicate one and change the host to the website you want to scan.

To get the certificate off of a website (Different browsers have different methods across different operating systems. If you can't figure out how to obtain it, simply google how to get certificate your browser)

Click on certificate and find the SHA-1 fingerprint. (Sometimes this may be called a key)

Make adjustments to the code:

const char* host5 = "www.hackster.io";
const char* fingerprint5 = "06 3F 6D 26 DC 6D 86 CA B8 5D 30 5C ED 3F 01 67 5D C2 AB 1C";

Right below it you will find a list of booleans. These record if a hacker has been detected or not. Add a boolean for your website:

bool hacksterHacker = false;

Right below the setup() void, you will see a list of integers. These keep track of how many times a https port fails. Sometimes I found that while trying to connect via https, it will fail during the first few times. This way it will make sure it is not a glitch and is a hacker or a fraud website. Add one for your website:

int countHackster= 0;

In the loop() void add the following:

if(countHackster == 0){
 hackster();
 }

Then add a void below loop():

void hackster(){
 WiFiClientSecure client;
Serial.print("connecting to ");
Serial.println(host);
delay(2000);
if (!client.connect(host, 443)) {
 Serial.println("connection failed for hackster.io");
if(countApple == 3){
 Serial.println("No HTTPS port, hacker may be trying to force you to use HTTP!");
   hacksterHacker = true;
}else{
  coundHackster = countHackster + 1;
  hackster();
 }
}else{
 if (client.verify(fingerprint5, host5)) {
 Serial.println("certificate matches for hackster.io");
 client.flush();
 client.stop();
} else {
 client.flush();
 client.stop();
Serial.println("certificate doesn't match for hackster.io! Hacker dectected");
   hacksterHacker = true;
}
}
} 

This function connects to the website via https and checks the certificate. If the certificate doesn't ring up valid, it will then assume a hacker is on that website.

Down at the bottom, there is a function named hackerDetected(). Add this to it:

if(hacksterHacker){
 digitalWrite(2, HIGH);
 analog = true;
 }   

And below all of that:

countHackster = 0; 
hacksterHacker = false; 

There you go! That is how to add a website to be scanned. Continue to the next section on how to build the hardware.

In the future I plan to revise the code logic to make it easier to add website to scan. Stay tuned for updates!

--------------

The Hardware:

The hardware is simple: the MAX32620FTHR, an ESP8266/ESP-01 module, a 0.946 inch OLED screen, and a 1200mah Li-Po battery. Here is a final diagram:

The MAXFTHR board communicates with the OLED screen via an I2C interface. The ESP8266 module talks with the max board via analog input. I tried using multiple other communication techniques with the ESP module, i.e I2C and Serial, but the standard libraries for communicating would not work with the Maxim board due to the ARM processor. I hope that in the future these libraries (mostly Wire.h) will be updated so that they support the board.

Let's Begin!

------------

The first step is to get together and open up the ESP modules, the Maxim board, and the USB adapter. In the Coding section, I explained how to set up the drivers and libraries for these boards so please complete that step first.

To upload code to the ESP modules you must first install a button that connects the ground pin to the GPIO0 pin. This puts the board into “flashing” mode and allows the Arduino IDE to install the code.

/*

Tools Needed: A Soldering Iron

Supplies Needed: A Push Button and Solder

*/

Heat up the soldering to get ready for the soldering job. When the iron is heated, solder the button to the pins located at ground and GPIO0

I put a little bit of hot glue on it to make sure it wouldn’t fall off. You know have the USB adapter ready. Plug the module into the adapter with the antenna facing toward the computer.

Then take the adapter and plug it into the computer while holding down the push button for 3-4 seconds. (I have found that if you accidentally hold it longer then this period of time it sometimes won’t work. ) Open the Arduino IDE and select “Generic ESP8266 Module” from the drop down list of boards. Then select the port that the USB adapter is on.

Most of the options for the board should be fine, but you can change the Flash Size to 1M. You can also change the Upload speed to 115200 for faster uploads. Download or copy and paste my code (WIFICA.ino) into a new sketch. Then upload the code onto the board. (This does take awhile)

Unplug the USB adapter and take out the module. Put the module to the side as you will need it later.

The next step is to assemble the board and connect everything together.

------------

/*

Tools: Soldering Iron, Scissors, Ruler

Supplies: 8 Female Cables, Tape, Solder

*/

Take four of the jumper cables and cut them at 3 inches. (It doesn't have to be perfect :)

Strip the wires:

Insert and solder two of the wires into the SDA SCL port on the Maxim board.

Plug the other ends of the wires into the SDA SCL port on the OLED screen, in order.

Finish the OLED screen wiring by attaching two more wires (unstripped) to the VCC and GND port on the screen. Attach the end of those wires to the PMOD connector on the Maxim board to 3V and GND.

You have successfully connected the OLED screen!

-----------

Next take two stripped wires and attach them to ports A0 and A1. Solder those to the board.

Plug two unstripped wires into the other PMOD connector the Maxim board (3v and GND) and connect those to 3V and GND on the ESP module. Those should be labeled on the module. Plug the wires that are connected to A0 and A1 into GPIO2 and GPIO1.

A0 ——— GPIO2

A1 ——— GPIO1

Congratulations! You have put together the circuitry.

---------

The next step is to flash code onto the Maxim FTHR board.

Programming the Maxim board is easy, simply plug in the port from the MAX Pico board in the connector on the board. Then plug both of them into a computer via micro USB (or simply power the Maxim board from an external power source and plug the programmer into the computer).

Open the arduino IDE and upload my sketch (MAXIM.ino) to the board (either copy and paste the code or download and open the file). Make sure the programming cable is connected right and the board is on! Select the “MAX32620FTHR” option from the boards list and if you are using a mac computer, select something like “/dev/cu.usbmodem1422”. Select upload. (this is usually very fast!)

If the upload worked, then you have completed the bulk of the project!

-----------

3D print the design of the box and assemble.

Whenever you want to scan the wifi, simply pop the lid off, press the power button, and see if it detects any hackers!