Flipper Zero Evil Portal

Hello!. In today’s post, we are going to see how to configure our Flipper Zero + Devboard running the latest version of the Unleashed Firmware, to being able of creating an evil access point, that when a user connect’s, will serve a fake login screen. The credentials typed by the users will be sent to the Flipper and logged on the SD card.

This project has released recently, and I will be covering the installation of every Firmware/Software needed, I hope you enjoy it.

Erasing firmware (ESP32-S2)

If you have already installed any kind of firmware to your Devboard, you will need to perform the following steps before starting, if your Devboard is factory new, you can skip this point.

The first thing you need to do is installing Python, you can find the official site here.

Once you have Python installed, open a command terminal as administrator:

  • On Windows press ⊞Win+R, type “cmd”, and press CTRL+SHIFT+ENTER.

Now we need to install esptool and setuptools dependencies via Python package manager by using the pip install command:

pip install esptool

pip install setuptools

Now is the time to connect your ESP32-S2 Wi-Fi module, hold the BOOT button before plugging the USBC cable to your computer, and release it within 3 seconds of being connected.

Enter the following command into your terminal, and run it:

python -m esptool –chip esp32s2 erase_flash

When successful, you will get the message: Chip erase completed successfully in ___s (time in seconds suffixed with “s”).
Unplug/reset your board.

Flashing the DevBoard (ESP32-S2)

Update your flipper zero to the last version available before starting, in my case I’m running the latest version of the Unleashed Firmware.

Navigate to the release section of the GitHub Project, which can be found here, and download the wifi_dev_board.zip file.

This will contain 4 .bin files.
Connect your Wifi DevBoard to your computer once again, while holding the boot button as explained before, and navigate to the following site https://esp.huhn.me/.

Press the connect button, and once connected, add each of the 4 .bin files using the blue Add button, you need to enter the following addresses in the text field to the left of each file.

  • 1000 - EvilPortal.ino.bootloader.bin
  • 8000 - EvilPortal.ino.partitions.bin
  • e000 - boot_app0.bin
  • 10000 - EvilPortal.ino.bin

With everything set, press the Program button and wait till the board finishes flashing, if you don’t get any errors, we can continue.

Installing the Evil Portal app on the Flipper

The pre-built fap file is made for the unleashed custom firmware. If you are on a different firmware, you can download the evil_portal.fap file at flipc.org or you can build the .fap file yourself by following these instructions.

Back again to the releases page, but this time download and extract the unleashed-evil_portal.fap.zip file from the latest release.This file will contain the evil_portal.fap file for the Unleashed firmware.

Put the evil_portal.fap file into the apps/GPIO/ folder on your Flipper SD card.

In the releases section you will also need to download and extract the evil_portal_sd_folder.zip folder. This .zip file contains a evil_portal folder.

Put the evil_portal folder into the apps_data folder on your SD card.

In this folder you can find two interesting files, the index.html, which is the webpage that will be served when the web server is running, you can create your own templates and replace this file, but in this case I will leave the default one, so you can see it.

The other file contains the SSID name that will be assigned to the Roge Wifi Network, in my case I chose Slayer Free Wifi.

You should be able to see the [ESP32] Evil Portal app on your flipper zero now.

Usage

Plug the DevBoard to your Flipper and navigate to the Applications:

Now to GPIO:

You will see the Evil Portal App:

Select Start Portal, and if everything is correct, the blue led from your DevBoard will change to green:

Time for an IRL photo:

A new Wifi network will pop up in your devices, in this case Slayer Free Wifi:

Once we are connected, the phishing form will be opened automatically:

Finally, we will get the credentials typed by the user in our Flipper zero:

Hope you have learned something new today!. Slayer 07/22/2023