Skip to content

HOGWASH - Karma AP #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Isonimus wants to merge 19 commits into
base: main
Choose a base branch
from
Open

HOGWASH - Karma AP #9

Isonimus wants to merge 19 commits into from

Conversation

@Isonimus
Copy link

@Isonimus Isonimus commented Dec 30, 2025
edited
Loading

HOGWASH Mode - Karma AP / Evil Twin Implementation

Summary

This PR introduces HOGWASH Mode, a new operational mode that implements a Karma Access Point attack. The pig listens for WiFi probe requests from nearby devices, extracts the SSIDs they're looking for, and broadcasts a matching fake AP to lure them in.

Features

Core Karma AP Functionality

  • Probe Request Capture: Monitors WiFi probe requests in promiscuous mode
  • SSID Cycling: Broadcasts as the last probed SSID to attract devices
  • Smart Rotation: SSID cycling pauses while clients are connected (10s disconnect detection)
  • Hook Detection: Tracks connected stations with Apple device identification
  • MAC Randomization Detection: Shows [RandomMAC] when devices use randomized addresses

Captive Portal

  • DNS Redirect: All domains redirect to the AP (192.168.4.1)
  • HTTP Server: Serves portal HTML on port 80
  • Custom Portal: Drop /portal.html on SD card for custom pages
  • Platform Detection: Handles Android, iOS, macOS, and Windows captive portal endpoints

XP & Achievements System

Event XP Cap
HOGWASH_PROBE_NEW +3 200/session
HOGWASH_HOOK +25 -
HOGWASH_APPLE_HOOK +35 -
HOGWASH_SESSION_5MIN +10 -

6 New Achievements:

  • F1RST H00K - First device hooked
  • K4RMA K1NG - 50 devices hooked lifetime
  • H0N3Y P0T - 5 devices connected simultaneously
  • TR4P M4ST3R - 100 unique SSIDs captured
  • 4PPL3 P1CK3R - Hook 10 Apple devices
  • TR4FF1C W4RD3N - 30 minutes continuous operation

Avatar & Mood

  • DEVIOUS State: New sneaky avatar face (> > eyes, ~ expression)
  • Probe Phrases: "I am [SSID] now", "looking for [SSID]?", etc.
  • Hook Phrases: "GOTCHA!", "yoink", "GET OVER HERE"
  • Mixed Status/Flavor: 60% stats, 40% flavor phrases during operation

UI & Settings

  • Bottom Bar: Shows P:probes U:unique H:hooked [SSID]
  • Sound Notifications: Double beep for hooks, triple for Apple devices
  • Settings:
    • Karma Portal: Toggle captive portal (default: OFF)
    • SSID Cycle: 1-30 seconds (default: 5s)
    • Fixed SSID: When set, HOGWASH mode operates as an Evil Twin attack instead of Karma AP

Files Changed

New Files

  • src/modes/hogwash.cpp - Core implementation (~700 lines)
  • src/modes/hogwash.h - Mode interface and structures

Modified Files

  • src/core/porkchop.cpp/.h - Mode integration (K key binding)
  • src/core/xp.cpp/.h - XP events and achievements2 field
  • src/core/config.cpp/.h - Settings (portal toggle, cycle time)
  • src/piglet/avatar.cpp/.h - DEVIOUS state and frames
  • src/piglet/mood.cpp/.h - Phrases and onHogwashUpdate()
  • src/ui/display.cpp - UI elements and bottom bar
  • src/ui/settings_menu.cpp - New settings items
  • README.md - Full documentation

Tests

  • test/test_hogwash/test_hogwash.cpp - 33 test cases covering:
    • SSID queue operations
    • Probe request parsing
    • Achievement2 bitfield operations
    • XP anti-farm cap logic
    • Captive portal HTML loading
    • Platform endpoint detection

Technical Details

WiFi Stack

  • Uses ESP32 promiscuous mode for probe capture
  • Soft AP with dynamic SSID switching
  • esp_wifi_set_inactive_time(10) for fast disconnect detection
  • Mixed ESP-IDF and Arduino WiFi API usage

Memory

  • RAM: 23.1% (75.5KB / 327KB)
  • Flash: 53.7% (1.69MB / 3.15MB)

Key Design Decisions

  1. Deferred XP: Probe callback runs in WiFi task; XP grants queued for main loop
  2. achievements2 field: Uses second uint64_t for HOGWASH achievements (NVS compatible)
  3. Station Count: Uses WiFi.softAPgetStationNum() for real-time client detection
  4. Inactivity Timeout: 10 seconds instead of default 300s for responsive cycling

Disclaimer

HOGWASH mode demonstrates Karma AP/Evil twin attacks for educational purposes only. Use responsibly on your own devices. The same legal considerations as PIGGY BLUES apply.

Testing

# Run HOGWASH tests
pio test -e native --filter "test_hogwash"

# Build for device
pio run -e m5cardputer

# Flash and monitor
pio run -e m5cardputer -t upload && pio device monitor -b 115200

Commits (17 total)

See individual commit messages for detailed changes. Key commits:

  • a2e26a4 - Core implementation
  • 38e89f9 - Captive portal
  • 072af77 - SSID rotation fixes
  • 88f00c7 - DEVIOUS avatar persistence

IkerLaforga and others added 19 commits December 29, 2025 14:53
@IkerLaforga
Added Hogwash tests
0111f65
@IkerLaforga
feat(hogwash): add HOGWASH (Karma AP) mode core implementation
a2e26a4 
- Add hogwash.h with mode interface, SSID queue, station tracking
- Add hogwash.cpp with probe monitoring, soft AP, station detection
- Integrate HOGWASH_MODE into porkchop.h enum
- Add K key binding and menu item in porkchop.cpp
- Add mode handlers for start/stop/update/draw
- Warning dialog similar to PIGGY BLUES pattern
@IkerLaforga
feat(xp): add HOGWASH XP events, achievements, and anti-farm cap
be86b84 
- Add 4 XP events: HOGWASH_PROBE_NEW (+3), HOGWASH_HOOK (+25),
  HOGWASH_APPLE_HOOK (+35), HOGWASH_SESSION_5MIN (+10)
- Add HogwashAchievement enum with 6 achievements using achievements2 field
- Add unlockAchievement2(), hasAchievement2(), getAchievement2Name() helpers
- Add lifetimeHooks, lifetimeProbes persistent counters
- Add session counters: hogwashProbes, hogwashHooks, hogwashProbeXP
- Implement anti-farm cap: max 200 XP from probes per session
@IkerLaforga
feat(avatar): add DEVIOUS state for HOGWASH mode
7f1405c 
- Add DEVIOUS to AvatarState enum
- Add AVATAR_DEVIOUS_R frames: narrowed eyes (> >) and sly expression (~)
- Add AVATAR_DEVIOUS_L frames: mirror of right-facing
- Add DEVIOUS case to draw() switch statement
@IkerLaforga
feat(mood): add HOGWASH phrases and onHogwashUpdate method
0907146 
- Add onHogwashUpdate() method declaration
- Add 9 idle phrases ('come to papa...', 'trust me bro', etc.)
- Add 9 hook phrases ('GOTCHA!', 'yoink', 'GET OVER HERE', etc.)
- Add 5 status template phrases
@IkerLaforga
feat(display): add HOGWASH mode UI elements
dd57963 
- Add HOGWASH case to top bar (mode label)
- Add HOGWASH case to main canvas drawing (avatar + mood)
- Add bottom bar stats: P:probes U:unique H:hooked [SSID]
@IkerLaforga
feat(config): add HOGWASH settings (captive portal, SSID cycle)
71267d2 
- Add hogwashCaptivePortal bool to WiFiConfig (default: false)
- Add hogwashSSIDCycleMs uint16_t to WiFiConfig (default: 5000)
- Add config load/save for both settings
- Add 'Karma Portal' toggle to settings menu
- Add 'SSID Cycle' value setting (1-30 seconds)
@IkerLaforga
docs: add HOGWASH mode documentation to README
defc899 
- Add section 3.4 - HOGWASH Mode (Karma AP)
- Document probe capture, SSID cycling, XP events
- Document achievements and settings
- Renumber subsequent sections (3.5-3.14)
@IkerLaforga
chore: update build info
05ef1e1
@IkerLaforga
feat(hogwash): implement captive portal with custom HTML support
38e89f9 
- Add DNS server to redirect all domains to AP IP (192.168.4.1)
- Add HTTP server on port 80 to serve portal page
- Add default portal HTML with pig branding and loading spinner
- Add custom HTML support: load /portal.html from SD if exists
- Handle captive portal detection endpoints:
  /generate_204 (Android), /hotspot-detect.html (iOS/macOS),
  /connecttest.txt and /success.txt (Windows)
- Integrate into mode lifecycle: start/stop/update
- Show 'KARMA+PORTAL' toast when portal enabled
- RAM: 23.1%, Flash: 53.7%
@IkerLaforga
docs+test: add captive portal docs and tests
907187a 
- Expand HOGWASH README section with captive portal details:
  - Settings (Karma Portal, SSID Cycle)
  - How portal works (DNS redirect, HTTP server)
  - Custom HTML via /portal.html on SD card
  - Platform detection endpoints
  - Sound notifications

- Add 10 captive portal tests (33 total now):
  - HTML loading (default vs custom)
  - Start/stop lifecycle
  - Idempotent start/stop
  - Android endpoints (/generate_204, /gen_204)
  - Apple endpoints (/hotspot-detect.html)
  - Windows endpoints (/connecttest.txt, /success.txt)
  - Unknown endpoint rejection
@IkerLaforga
fix(hogwash): pause SSID rotation while clients are connected
f9cde37 
Changing SSID restarts the soft AP and disconnects all clients.
Now SSID cycling only happens when hookedCount == 0, keeping
hooked devices connected for captive portal and XP collection.

Rotation resumes automatically when all clients disconnect.
@IkerLaforga
fix(hogwash): also pause SSID changes from probe callback
178e4e7 
The probe callback was immediately switching SSID when a new probe
arrived, even if clients were connected. Now checks hookedCount
before calling updateSoftAPSSID() in both:
- update() periodic cycling
- probeCallback() immediate switch

Serial log now shows 'clients connected' when SSID change is skipped.
@IkerLaforga
fix(hogwash): improve SSID rotation and add MAC randomization detection
072af77 
SSID rotation fixes:
- Use WiFi.softAPgetStationNum() for real-time connected count
- SSID pauses while clients connected, resumes on disconnect

Logging improvements:
- Remove verbose 5-second debug logs
- Remove redundant probe logs
- Add [RandomMAC] indicator when locally-administered MAC detected
- Cleaner hook log format

README updates:
- Document smart behaviors (pause/resume, fast timeout)
- Document MAC randomization and its effects on hook counting
@IkerLaforga
feat(hogwash): add pig phrases when switching to probed SSIDs
73121ef 
Add 6 probe phrases that display when karma AP mimics a new SSID:
- 'I am [SSID] now'
- 'yes I'm [SSID]'
- 'looking for [SSID]?'
- '*becomes [SSID]*'
- '[SSID]? never heard of it'
- 'totally [SSID] rn'

Long SSIDs are truncated to 12 chars with '...' for display.
@IkerLaforga
fix(mood): mix flavor phrases with status phrases in HOGWASH modeWhen…
e2fb798 
… clients are hooked, HOGWASH now shows:- 60% status phrases ('2 hooked', 'karma: 2 souls')- 40% flavor phrases ('trust me bro', 'come to papa')This matches the variety seen in OINK mode and keeps the UImore interesting during prolonged hooking sessions.
@IkerLaforga
fix(mood): keep DEVIOUS avatar in HOGWASH modeThe applyMomentumBoost(…
88f00c7 
…) was triggering mood peeks which overridemode-specific states. Removed the call from onHogwashUpdate() andadded HOGWASH_MODE case to Mood::update() switch to always show the DEVIOUS face while karma AP is running.
@IkerLaforga
feat(hogwash): add Fixed SSID setting for Evil Twin mode
0fcee27 
When 'Fixed SSID' is set in settings, HOGWASH mode operates as an
Evil Twin attack instead of Karma AP:
- Uses configured SSID instead of cycling probed SSIDs
- Disables probe-based SSID switching
- Toast shows 'EVIL TWIN' instead of 'KARMA ACTIVE'

Implementation:
- config: Added hogwashFixedSSID to WiFiConfig
- settings: Added 'Fixed SSID' text input
- hogwash: Check fixedSSID in start(), skip cycling when set

README updated with mode documentation.
@Isonimus
Merge branch 'main' into feature/karma
97cbb08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Isonimus @IkerLaforga