I firmly believe that learning about hacking and, by extension, computers in general should be fun. Much of the modern world is purposefully trying to cover up how these things work, making technology a huge disappointment functionally. And if you want to learn more about networking and Wi-Fi, it can be hard to know where to start.
What if technology were fun again? What if it was inviting? What if there was a little cat on it? Enter the HakCat WiFi Nugget.
What is it?
Like the DSTIKE Deauther watch, the WiFi Nugget is an open source tool that tries to make the learning process of hacking fun and approachable. Designed by Hak5 hosts Kody Kinzie and Alex Lyndthe device has a small OLED screen, some buttons and the face of a cute cat (in honor of a real cat named nugget) — added up to a very low-threshold way to access WiFi hacking. It’s cute and inviting, just like the Pwnagotchi and the Flipper Zerowho also apply the Tamagotchi aesthetic to a fun tool.
HakCat offers pre-soldered and pre-flashed nuggets on his web store, but the design is so simple that you can build it yourself from parts if you feel like it. Just take the Gerber and BOM (Bill of Materials) files from GitHub to your local PCB manufacturer (PCBWay, OSH Parkand JLCPCB, to name a few) and have a handful produced. After that you only have to order some parts from the internet, do a little soldering, 3D print some cases, flash the firmware of ESPTool in Chromeand you are ready to go!
What can it do?
Essentially, it can cause problems with Wi-Fi networks – sending specific commands that play with the way networks and client devices authenticate each other. That way the Nugget has a lot in common with the DSTIKE watch and can even run a modified version of the same Daughter tool from Spacehuhn – but that’s not the only attack you can try. There is also the probe attackwho plays with the initial call-and-response commands, or the beacon attack that allows you to forge an access point. Once you’ve mastered those, the folks at HakCat have built on Spacehuhn’s original project to create a Wi-Fi attack detection tool.
The WiFi Nugget isn’t the only tool the fine folks at HakCat have developed. On top of that, there’s the USB Nuggeta tool with the same shape that you can supply DuckyScript payloads and more. This device is based on the ESP32S2, and if you’re familiar with the USB Rubber Ducky, you might already know what to do with it.
How much threat is it?
Like the DSTIKE watch, the WiFi Nugget is based on: an ESP8266 microcontroller, making it a fun, affordable tool for learning the ins and outs of Wi-Fi hacking. It’s not particularly powerful though, which is fine! The ESP8266 only has 2.4GHz Wi-Fi and many newer routers have features that protect against authentic attacks (assuming they are enabled). But like the DSTIKE watch, you can certainly wreak some havoc, especially for older networks and devices.
Still, the purpose of the WiFi Nugget is not to create a powerful, all-encompassing tool like the pinball or the Pwnagotchi. You can better see the Nugget as a nice little buddy that fits on a bag or key ring. It’s really just a tool to learn how to fake Wi-Fi access points, learn about deauth attacks, and explore the possibilities of what simple microcontrollers can do. And it looks cute, to boot.
Could I use it myself?
Absolute. Like the DSTIKE watch, the WiFi Nugget is very intuitive and friendly to new users. It costs less than $100, and if you don’t like the firmware running on it, it’s easy to flash a new binary using the ESPTool web interface. It’s also a cat, which you have to admit is a huge selling point.