I stumbled across the pwnagotchi project, started by evilsocket, on Twitter a couple months ago. I ordered the parts I needed on Amazon a few days later, and then sat on them for a month until I had time to get it up and running. Turns out CWNE applications are time consuming!
Here’s the two main components I picked up:
- Raspberry Pi Zero W (pre-soldered GPIO headers)
- Waveshare 2.13″ e-Paper display hat
You’ll also need a microsd card at least 8GB in size to get started, but I had some of those on hand already.
How the pwnagotchi tells others it exists
Now that I’ve had some time to play with my pwnagotchi, I got curious how it found other pwnagotchi’s in the wild. I assumed it was using WiFi rather than Bluetooth, so I fired up my WLANPi and started to take a look.
In a case of funny-and-not-really-surprising the pwnagotchi uses the address de:ad:be:ef:de:ad when sending beacons. I’m easily amused. There’s no SSID in the packet, but there are some extra parameters tacked on at the end that include a pile of information about your pwnagotchi.
Interestingly WiFi Explorer Pro and other WLAN survey tools I have didn’t show anything from the pwnagotchi. Perhaps it’s something non-standard that they aren’t decoding?
Data fields
Basically everything about the current state of your pwnagotchi is included, so when another pwnagotchi is listening and in the area it likely finds that beacon packet and sees a friend it needs to learn about.
- {
- “epoch”:11,
- “face”:”(…_…)”,
- “grid_version”:”1.10.1″,
- “identity”:”xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx”,
- “name”:”pwnagotchi”,
- “policy”:{
- “advertise”:true,
- “ap_ttl”:34,
- “associate”:true,
- “bond_encounters_factor”:20000,
- “bored_num_epoch..s”:14,
- “channels”:[1,2,3,6,7,8,11],
- “deauth”:true,
- “excited_num_epochs”:15,
- “hop_recon_time”:54,
- “max_inactive_scale”:5,
- “max_interactions”:19,
- “max_misses_for_recon”:8,
- “min_recon_time”:17,
- “min_rssi”:-71,
- “recon_inactive_multiplier”:2,
- “recon_time”:41,
- “sad_num_epochs”:8,
- “sta_ttl”:212},
- “pwnd_run”:1,
- “pwnd_tot”:100,
- “session_id”:”3f:xx:c0:24:xx:xx”,
- “timestamp”:1572218230,
- “uptime”:6859,
- “version”:”1.1.0RC0″
- }
It looks like this follows the YAML format of the pwnagotchi config.yml file plus some added bits put in from the AI portion. If you’ve seen the out put from ‘journalctl -fu pwnagotchi’ on your pwnagotchi you should find the beacon data contents familiar.
Next Steps
So, the next step is to build another pwnagotchi, or find a friend with one so that we can make them be friends too. Then maybe there will be a full pwnagotchi association phase to take a look at, but until then there’s just the pwnagotchi beacon for my mostly sad pwnagotchi.