What is Pwnagotchi?
A funny nickname for a tool or program used for WiFi hacking. It’s a combination of “pwn” (slang for gaining unauthorized control over a computer system) and “Tamagotchi” (a portable digital pet). Pwnagotchi is an application or small portable gadget designed to “catch” network packets, passively monitor WiFi networks, and try to capture keys to gain unauthorized access.
The Pwnagotchi project, which originates from the open-source community, was created to spread awareness about WiFi security vulnerabilities and the importance of protecting wireless networks. It uses various techniques to enhance the success of cracking WiFi keys, including capturing handshakes, performing dictionary attacks, and using artificial intelligence algorithms.
It’s important to note that using Pwnagotchi or any other hacking tools to gain unauthorized access to computer systems is illegal and unethical. These tools are primarily used by security professionals or ethical hackers to identify weak points and help properly configure network security.
How to build your own Pwnagotchi?
To build a Pwnagotchi, you’ll need a few hardware components and software.
Here’s the list:
- Raspberry Pi: Pwnagotchi is typically built using a Raspberry Pi, a small single-board computer. You can use any model, but the Raspberry Pi Zero W is commonly used due to its low cost and compact size.
- MicroSD card: You’ll need a microSD card to store the OS and Pwnagotchi software.
- Power source: A USB power bank or portable battery is necessary to power the Raspberry Pi.
- WiFi adapter: The built-in WiFi on Raspberry Pi might not be suitable for Pwnagotchi. You may need a compatible external WiFi adapter that supports monitor mode and packet injection. Popular choices include the Alfa AWUS036NHA or TP-Link TL-WN722N.
- Case: Optional, but a protective case for your Pwnagotchi can help protect it physically.
Once you’ve gathered the hardware components, you’ll need to set up the software:
- Operating system: Install the Raspbian OS on the microSD card. You can use tools like Etcher to flash the OS image onto the card.
- Pwnagotchi software: Visit the official Pwnagotchi GitHub repository (https://github.com/evilsocket/pwnagotchi) for the latest version. Follow the provided installation instructions to set it up on your Raspberry Pi.
- Configuration: You’ll need to configure Pwnagotchi by editing the config file to define network interfaces, WiFi settings, and other options. Detailed setup instructions are available in the Pwnagotchi documentation.
- Optional: You can customize the appearance of your Pwnagotchi by adding an OLED display or LEDs, which will require extra components and wiring.
I’m not going to go into full detail about how to build and configure your Pwnagotchi since many guides already exist. The one I built looks like this:
But why do I even need this?
To go on longer walks with my dog 🐶
While building and experimenting with Pwnagotchi can be an educational experience, it’s essential to adhere to ethical and legal standards. Always ensure you have proper authorization before engaging in any WiFi security activities.
Using Pwnagotchi and other similar tools (like Flipper Zero + WiFi dev board + WiFi Marauder), you can achieve very similar results—capturing handshakes and attempting to crack them. This article is intended to demonstrate how easy it can be to access poorly secured networks.
It’s time to use hashcat to attack WPA2 after collecting enough keys. Where does Pwnagotchi store all the "eaten" handshakes (I had to say it)? They’re stored in /root/handshakes/. Now it’s time to try to “recover” the keys…
Modern versions of hashcat use hash mode 22000, while Pwnagotchi saves handshakes as .pcap files. Converting between them is simple. You’ll need to install hcxtools like this (for Debian/Ubuntu):
sudo apt-get install hcxtools
Run the following command in the directory containing all .pcap files:
hcxpcapngtool *.pcap -o output.hc22000
This creates output.hc22000, a single output file made up of all the .pcap files. Now we need hashcat.
Hashcat is likely already installed if you’re using Kali. If not, and you’re using another distro, you can download it from https://hashcat.net/hashcat/. Remember, the better the GPU, the faster the results :)
Hashcat should run in hash mode 22000. To do this, provide the mode, the output.hc22000 file, and a dictionary, e.g., example.dict:
hashcat -m 22000 output.hc22000 example.dict
After the cracking process, you can always review the results:
hashcat -m 22000 output.hc22000 --show
Here’s an example cracking process using a file with over 118 different keys (not from real networks).
I used a dictionary with 2 billion words, ranked by likelihood of use. More info: https://github.com/berzerk0/Probable-Wordlists
Right after launching hashcat - 3 cracked passwords.
I wasn’t thrilled with the estimated time to complete (I used a laptop GPU, so 9 days wouldn’t be that bad in a real-world attack). Final result: out of 118 keys, we cracked 17. If I wanted to go further, I’d change the dictionary, or maybe even try brute force (many default router passwords are just 10–14 digits). The recovered passwords averaged 7–9 characters and were typically dictionary-based, like “browar44”.
Fun fact
Pwnagotchi is also a “crypto-pager”! Using the PwnGRID API, it can exchange encrypted messages with other devices registered on the network. Each message is encrypted using the recipient’s RSA public key before being sent.
Remember: It's just a gadget — real cybersecurity skills, understanding the process, and manual testing are far more important than any automated tool.