HackerBox 0023: Digital Airwaves

Digital Airwaves - This month, HackerBox Hackers are experimenting with Wi-Fi, various microwave antenna designs, and the WeMos embedded IoT platform. This Instructable contains information for working with HackerBox #0023, which you can pick up here while supplies last. Also, if you would like to receive a HackerBox like this right in your mailbox each month, please subscribe at HackerBoxes.com and join the revolution!

Topics and Learning Objectives for HackerBox 0023:

• Working with Wi-Fi wireless networking technology
• Exploring Wi-Fi exploits and security
• Comparing microwave monopole antennas
• Testing an experimental printed circuit Yagi-Uda antenna
• Assembling a high-gain Yagi-Uda antenna from PVC pipe
• Exploring Wi-Fi functionality of the WeMos D1 Mini Pro-16
• Modifying the WeMos to use external antennas
• Coupling the WeMos to OLED an display device

HackerBoxes is the monthly subscription box service for DIY electronics and computer technology. We are hobbyists, makers, and experimenters. We are the dreamers of dreams. HACK THE PLANET!

• HackerBoxes #0023 Collectable Reference Card
• USB Wi-Fi Interface Device with RT5370 Chipset
• WeMos D1 Mini Pro-16
• WeMos I2C OLED Shield
• WeMos ITX to SMA Antenna Coax
• Exclusive PCB Yagi-Uda Antenna Kit
• Exclusive CPVC Yagi-Uda Antenna Kit
• SMA male to RP-SMA male Coax Adapter
• Mini Tripod with Shoe Mount
• USB Extension Cable
• MicroUSB Cable
• Exclusive Yagi-Uda Antenna Decal
• Exclusive Digital Airwaves Iron-on Patch

Some other things that will be helpful:

• Soldering iron, solder, and basic soldering tools
• Small tube of cyanoacrylate (super glue or kragle)
• Computer for running software tools

Most importantly, you will need a sense of adventure, DIY spirit, and hacker curiosity. Hardcore DIY electronics is not a trivial pursuit, and we are not watering it down for you. The goal is progress, not perfection. When you persist and enjoy the adventure, a great deal of satisfaction can be derived from learning new technology and hopefully getting some projects working. We suggest taking each step slowly, minding the details, and never hesitating to ask for help.

FREQUENTLY ASKED QUESTIONS: We like to ask all HackerBox members a really big favor. Please take a few minutes to review the FAQ on the HackerBoxes website prior to contacting support. While we obviously want to help all members as much as necessary, over 80% of our support emails involve simple questions that are very clearly addressed in the FAQ. Thank you for understanding!

Wi-Fi is a technology for wireless local area networking based on the IEEE 802.11 standards. Devices that can use Wi-Fi technology include personal computers, video-game consoles, phones and tablets, digital cameras, smart TVs, digital audio players, printers, and a growing array of embedded internet-of-things devices. Wi-Fi compatible devices can connect to the Internet via a WLAN and a wireless access point. Such an access point (or hotspot) has a range of about 20 meters (66 feet) indoors and a greater range outdoors. Wi-Fi most commonly uses the 2.4 gigahertz (12 cm) UHF and 5 gigahertz (6 cm) SHF ISM radio bands.

The Ralink RT5370 (datasheet) Wi-Fi chipset works out of the box with most Windows, Mac, and Linux boxes. It has been tested with Kali 2.0 and supports Managed and Monitor modes. Monitor mode, or RFMON (Radio Frequency MONitor) mode, allows the wireless network interface controller (WNIC) to monitor all traffic received from the wireless network.

The Ralink RT5370 supports 802.11 b/g/n at up to 150Mbps on 2.400-2.487 GHz channels 1-14. It is quite power efficient using just 25 mA at idle and 70 mA under load. It can drive up to 20 dBm RF transmit power.

The RP-SMA coaxial connector supports easily connecting various antenna types. A USB extension cable can be used to position and orient the USB Wi-Fi dongle to test various antenna positions and orientations.

For more Wi-Fi details, definitely check out Hak5's Wi-Fi Hacking Workshop Part 1.1 (and so on through Part 3.3).

Compare the performance of the two rubber ducky antennas.

There are various programs that can be used to display Wi-Fi received signal strength indicators (RSSI). Some common examples include:

Windows: WifiInfoView, NetStumbler

OSX: KisMAC

UNIX: iwconfig, wavemon

Decibels (dB) are a logarithmic unit used to express the ratio of one value of a physical property to another, and may used to express a change in value (e.g., +1 dB or -1 dB) or an absolute value. In the latter case, the ratio of a value to a reference value is expressed and the decibel symbol is generally appended with a suffix that indicates the reference value or some other property. For example: dBi or dBm.

Decibel-isotropic (dBi) is the forward gain of an antenna compared with the hypothetical isotropic antenna, which uniformly distributes energy in all directions. Since real antennas do not radiate energy as a perfect sphere, but instead are more or less directive (in azimuth and/or elevation), this is a useful measure. For example, the two earlier rubber duckies are nominally rated as 2dBi (shorter antenna) and 5dBi (longer antenna) when operating at 2.4GHz.

Decibel-milliwatts (dBm) is an abbreviation for power ratio in decibels (dB) of a measured power referenced to one milliwatt (mW). It is used in radio, microwave, and fiber-optical networks as a convenient measure of absolute power because of its capability to express both very large and very small values in a short form.

A Yagi–Uda Antenna, commonly known as a Yagi antenna, is a directional antenna consisting of multiple parallel elements in a line, usually half-wave dipoles made of metal rods. Antenna Theory.

This Printed Circuit Board (PCB) Yagi is tuned to 2.4GHz. It consists of a single driven dipole element coupled to an edge-launch SMA connector and six parasitic elements including a large reflector plane and five directors.

The reflector includes a mounting hole sized for a tripod mount. The mount can be fixed in place using a 1/4-20 threaded thumb-wheel from a camera shoe mount.

The PCB Antenna design was inspired by this excellent Application Note from Texas Instruments.

Paper on PCB Log Periodic antennas.

Blog entry on testing PCB antennas.

A Yagi with even higher directional gain can be easily fabricated using a long gun-like boom with conductive cross elements. Kit components:

• CPVC 1/2 inch Pipe (Two Ten Inch Lengths)
• CPVC 1/2 inch Tee Coupling
• 36 inches of Bare Copper Wire (14 AWG)
• SMA Female Connector
• 1/4-20 Tripod Mounting Nut

This 15 element Yagi can provide a high gain of approximately 15 dBi. The design was inspired by this tutorial from AB9IL.

Note that CPVC is thinner and lighter than similar PVC. Half inch CPVC also has the advantage of perfectly press-fitting the 1/4inch mounting nut.

Note that 14 AWG wire has a nearly perfect diameter of 0.06410 inches or 1.62814 mm.

1. Dry Assemble: Test fit the CPVC lengths (without glue) into the co-linear ports of the tee-coupling.
2. Measure and Cut Boom: Measure 44cm along the boom and cut the excess CPVC from one end. This short end of the boom will be the driven end. The remaindered portion of CPVC will insert into the cross port of the tee-coupling to form a short mounting mast (or handle). This will result in an wicked-cool, gun-like structure.
3. Glue CPVC: Affix the three pipe lengths into the tee using a few drops of cyanoacrylate.
4. Measure and Mark Wire Holes: Starting with the short end of the boom as "0" measure and mark the lengths from the template using a sharp pencil.
5. Drill Wire Holes: Using a bit only slightly larger than the 14G wire, drill the wire holes along the center of the boom. A drill press will be easier and more precise, but a hand-drill will also work. If drilling by hand, consider marking the holes on both sides and drilling them separately to maintain a straight center line.
6. Form Wire Elements: Cut each of the wire elements (including the folded-dipole driven element) to length according to the template.
7. Position Wire Elements into Boom: Insert each of the wire elements into its respective hole. Bend the driven element into its final shape. Once all of the elements are centered and double-checked, deposit a drop of cyanoacrylate onto each wire where it passes through a hole in the CPVC boom.
8. Insert Mounting Nut in Base of Mast
9. Prep SMA Connector: It is helpful to break off the two shield posts near the center of the connector and also slightly bend the center conductor pin away from the remaining two shield posts.
10. Solder SMA Connector: Solder one end of the folded dipole to one (or both) of the ground posts on the SMA connector. Solder the other end of the folded dipole to the center conductor pin of the SMA connector.
11. Test Yagi for Proper Operation
12. Paint: Optionally, hit the Yagi with some spray paint. Remember to mask off the SMA connector and the mounting nut beforehand.

Here are the results of our signal level measurements performed about 15m (and one sheetrock wall) away from the access point:

NO ANTENNA: -80dBm

2dBi RUBBER DUCKY: -40dBm (-49dBm cross polarity)

5dBi RUBBER DUCKY: -37dBm (-49dBm cross polarity)

PCB YAGI: -35dBm (-45dBm cross polarity, -45dBm ninety degrees off-axis, -53dBm cross polarity and off axis)

CPVC YAGI: -29dBm (-52dBm cross polarity, -47 dBm ninety degrees off-axis)

How do yours compare? Have you identified any other interesting factors? How about testing a max distance of operation for the high-gain Yagi?

WeMos D1 Mini Pro-16 is a mini embedded Wi-Fi board with 16MB flash, external antenna connector, and built-in ceramic antenna based on the ESP-8266EX system-on-chip device. Here is a nice YouTube video about measuring Wi-Fi received power. Notice that the experiment in the video fails to switch the ZERO-OHM resistor between the built-in ceramic antenna and the ITX external antenna plug as shown here on the schematic image. The ITX to SMA antenna coax cable supports use of the previously discussed SMA antennas with the WeMos D1 Mini Pro-16.

The OLED Shield supports a 64×48 pixel OLED Display measuring 0.66 inch across and including an I2C interface. Check out this example video. Obviously, the OLED display can be used to output various Wi-Fi information as desired.

The ESP8266 Mini Sniff is an Arduino project for the ESP8266 running in promiscuous mode which will display Device and Access Point MAC, RSSI, SSID, and channel.

The ESP8266 Deauther project from Spacehuhn performs a deauth attack with an ESP8266 against selected networks.

If you have enjoyed this Instrucable and would like to have a box of electronics and computer tech projects like this delivered right to your mailbox each month, please join us by SUBSCRIBING HERE.

Reach out and share your success in the comments below or on the HackerBoxes Facebook Page. Certainly let us know if you have any questions or need some help with anything. Thank you for being part of HackerBoxes. Please keep your suggestions and feedback coming. HackerBoxes are YOUR boxes. Let's make something great!