2. Flipper Add‐On: Marauder & Marauder Spoof
The ESP32 Marauder is a WiFi and Bluetooth analysis tool. It hosts a suite of capabilities for frame capture, device enumeration, and frame transmission. It is intended to serve as a portable device to stand in for physically larger traffic capturing tools and to provide captured data for post-op analysis.
The firmware used by the ESP32-S3 is based and can be find in the official project repository: https://github.com/justcallmekoko/ESP32Marauder
MagSpoof, Based on SamyKamkar's work, emulates a magnetic stripe by quickly changing the polarization of an electromagnet, producing a magnetic field similar to that of a normal magnetic stripe as if it's being swiped.
For learn more about MagSpoof or card magnetic stripes visit:
This Add-On unlocks a powerful toolset for the Flipper, fueled by the ESP32-S3 module and meticulously crafted for offensive and defensive maneuvers in the WiFi and Bluetooth realms.
ESP32-S3 supports 2.4 GHz Wi-Fi (802.11 b/g/n) with 40 MHz of bandwidth support. The Bluetooth Low Energy subsystem supports long-range through Coded PHY and advertisement extension. It also supports higher transmission speed and data throughput, with 2 Mbps PHY. Both Wi-Fi and Bluetooth LE have superior RF performance that is maintained even at high temperatures.
- Xtensa® dual-core 32-bit LX7 microprocessor,up to 240 MHz.
- 384 KB ROM
- 512 KB SRAM
- Secure boot
- Bluetooth LE: Bluetooth 5, Bluetooth mesh.
- IEEE 802.11b/g/n-compliant.
Important
Flipper Add-On Marauder v2.0 will be available soon with an ESP32-C5 module, enabling the use of Marauder app features with 5G networks.
Find the Marauder schematics here: flipper-shields/Marauder
This Add-On emerges from the fusion of our renowned MagSpoof variant with the ESP32-S3 module, seamlessly infused with the Marauder.
This Add-On incorporates the renowned MagSpoof functionality into the Flipper system. Leveraging identical components and enhancements that define our distinct MagSpoof iterations, these elements have been expertly adapted to seamlessly integrate with the Flipper platform.
- Same as Flipper Add-On: Marauder
- TC4424 (Dual High-Speed Power MOSFET driver)
- High Peak Output Current: 3A.
- Wide Input Supply Voltage Operating Range:4.5V to 18V.
- High Capacitive Load Drive Capability: 1800 pF in 25 ns.
- Short Delay Times: <40 ns (typ).
- Low Output Impedance: 3.5ohms (typ).
Important
Flipper Add-On Marauder Spoof v2.0 will be available soon with an ESP32-C5 module, enabling the use of Marauder app features with 5G networks.
Find the Marauder Spoof schematics here: flipper-shields/MARAUDER_SPOOF
@Gino-Tonic has shared with us his 3D-designed case ready to be printed. You can find and download the STL file HERE. Go and thank Gino!
Marauder is not just firmware for the ESP32; it's a suite of powerful tools that unlocks its full potential as a WiFi and Bluetooth powerhouse for both offensive and defensive security purposes. Offering a variety of capabilities:
-
Offensive Arsenal:
- Network Scanning and Sniffing: Scan for nearby Wi-Fi networks, identify connected devices, and even capture network traffic to understand data flow.
- Vulnerability Assessments: Test the security of Wi-Fi networks and devices by probing for weaknesses like WPS vulnerabilities, open ports, and outdated firmware.
- Deauth Attacks: Disrupt wireless connections by injecting deauthentication packets, effectively "kicking" devices offline.
- Packet Injection: Craft and inject custom packets into wireless networks for advanced manipulation and exploration.
- Man-in-the-Middle Attacks: Intercept and modify communication between devices on a network, potentially gaining access to sensitive information.
-
Defensive Shield:
- Wireless Intrusion Detection: Monitor your own network for suspicious activity and identify potential threats like unauthorized devices or hacking attempts.
- Packet Capture and Analysis: Capture and analyze network traffic to understand data flows, identify anomalies, and troubleshoot network issues.
- Penetration Testing: Simulate real-world attacks on your own network to identify and address vulnerabilities before attackers do.
- Wireless Forensics: Analyze captured network traffic for traces of past activity, potentially aiding in investigations or incident response.
Important
ONLY MARAUDER SPOOF:
What can MagSpoof do:
- Store all of your credit cards and mag stripes in one device.
- Works on traditional mag stripe readers wirelessly (no NFC/RFID required).
- Supports all three magnetic stripe tracks, and even supports Track 1+2 simultaneously.
- Simulates the swiping of a magnetic stripe card, either in one direction or in the opposite direction.
- MagSpoof can be used as a traditional credit card and simply store all of your credit cards (and with modification, can technically disable chip requirements) in various impressive and exciting form factors, or can be used for security research in any area that would traditionally require a mag stripe, such as readers for credit cards, drivers licenses, hotel room keys, automated parking lot tickets, etc.
The buttons on the Add-On are only useful to reset the ESP32 module and enter the bootloader mode.
Note
Resetting the board is possible using the option Reboot in the Marauder menu.
Entering bootloader mode is useful when updating the ESP32-S3 firmware. To enter bootloader mode follow the next buttons sequence:
- Tap and hold the BOOT/GPIO button.
- While pressing the BOOT/GPIO button tap and release the RESET button.
- Release the BOOT/GPIO button.
To use the Flipper Add-Ons you must flash unleashed firmware to the Flipper Zero and Marauder firmware to the ESP32-S3.
Important
Flipper Add-On Marauder and Maraudder Spoof comes with a pre-flashed firmware ready to use it. This section only serves as a guide in case you need to reflash the firmware
Important
Keeping the ESP32-S3 updated to the latest Marauder or Evil Portal firmware version ensures the correct functionality.
Important
Marauder and Marauder Add-On are officially supported by the official project and Flipper app.
As in other applications, the ESP32-S3 module is not the main MCU when using it with a flipper. This means that the firmware updates should be done using the USB-C port on the Add-On and not through the Flipper's USB.
Find all the possible ways to flash the firmware in the official project's wiki: Update Firmware- ESP32 Marauder v4, v6, v7, Kit, Mini, WiFi Dev Board Pro. We will cover the most recommended method for our board:
- Go to the FZEE FLASHER.
-
Attach the Marauder/ Marauder Spoof Add-On to the Flipper.
-
Plug the USB cable into the USB-C port on the Add-On, enter the ESP32-S3 module in bootloader mode.
-
Click connect on FZEE FLASHER. A pop-up menu will appear, select the correct board and port.
-
From the dropdown menus select "ESP32-S3 Multiboard" as the device model, use the latest version and use the Marauder firmware.
-
Click on PROGRAM. The update will start immediately. Do not disconnect the USB cable or detach the Add-On from the flipper while updating.
-
Once the update has been finalized, press the reset button.
Now you can unplug the USB cable and you are ready!
Currently, the Flipper Add-On Marauder v2.0 is not available yet and it cannot be flashed with the method of the ESP32-S3 module shared previously. For the moment, you must flash Marauder firmware cloning the repository ESP32Marauder and following the next steps to update the Marauder firmware:
Important
As the case of the ESP32-S3 module, the firmware update should be done using the USB-C port on the Add-On and not through the Flipper's USB.
- Open the workstation CLI of your preference in the carpet bins in the ESP32Marauder repository (ESP32Marauder\C5_Py_Flasher\bins)
- Execute the following command into it:
python -m esptool --chip esp32c5 -b 460800 --before default_reset --after hard_reset write_flash --flash_mode dio --flash_freq 80m 0x2000 bootloader.bin 0x8000 partitions.bin 0x10000 esp32_marauder_v1_8_5_esp32c5devkitc1.bin
- The firmware flashing will start, just wait a few moments.
- Once the update has been finalized, press the reset button.
Now you can unplug the USB cable and you are ready!
Marauder Flipper app is not developed by us and the app used varies on the firmware used in your Flipper. You can find the recommended firmware for Marauder in the official project repository wiki: Marauder Flipper Zero Preparation
Thank you for reading our Wiki!
- How do Magnetic Stripes work?
- MagSpoof Flipper Add-On
- Understanding MagSpoof Flipper Add-On
- First steps with the Flipper Add-On MagSpoof
- Example
- Marauder - Marauder Spoof's technologies
- Flipper Add‐On: Marauder
- Flipper Add‐On: Marauder Spoof
- Understanding Flipper Add-On: Marauder and Flipper Add-On: Marauder Spoof
- First steps with Marauder
- Marauder App
- How does Flipper Add-On SubGHz' technologies work?
- Flipper Add‐On: SubGHz
- Understanding Flipper Add‐On: SubGHz
- First steps with Flipper Add‐On: SubGHz
- What is RS485?
- What is the Modbus Protocol & How Does It Work?
- Requirements
- Menus description
- How to build a packet manually and send it
- How does Flipper CAN Bus work?
- Flipper Add‐On: CAN Bus
- Understanding Flipper Add‐On: CAN Bus
- First steps with Flipper Add‐On: CAN Bus
- Flipper Add‐On: Ethernet
- Understanding Flipper Add‐On: Ethernet
- First steps with Flipper Add‐On: Ethernet