Marauder NOT Sniffing the wifi network I selected, but a RANDOM other wifi network... about esp32marauder HOT 13 OPEN

Describe the bug WiFi Marauder program on Flipper Zero is scanning the WRONG WiFi network when you're doing something like Sniff (with "pmkid" option). And yes, of course I double checked I selected the right network, and it is definitely STILL selecting the wrong WiFi network (and giving me wrong PCAPs since they're for a different WiFi network than I selected).

To Reproduce Steps to reproduce the behavior:

1. Open WiFi Marauder program on your Flipper Zero with official WiFi Dev Board Attached (flashed with Marauder).
2. Choose "Scan (ap)" option and let it run for a bit, then back out.
3. Choose "List (ap)" find the number of the network you want to Sniff, then back out.
4. Choose "Select (ap)" and add the number of the network you saw in the list above, hit "Save", back out.
5. Choose "Sniff (pmkid)" and let it run until you get PCAP files (it'll say "Received EAPOL"). In those PCAP files you'll see it's for the WRONG network - it scanned some other random WiFi network in your area. It did NOT scan the network you selected (and double-checked that you selected it correctly). This doesn't happen 100% of the time, just a lot!

Expected behavior I expect WiFi Marauder to scan the network I selected, and not another random network.

Screenshots

Marauder (please complete the following information if applicable):

• Firmware version: Marauder 0.13.9
• Hardware version: OG/Official Flipper Zero WiFi Dev Board (ESP32-S2-WROVER based)
• Flipper Zero running newest XFW Firmware, OR newest RogueMaster firmware - happens on BOTH.

Additional context Just started researching but at least one other person (with same hardware as me, on newest versions of everything) has this SAME EXACT Issue! ...so at least it's not just me ;) He posted about it on the Talking Sasquach Discord channel.

@justcallmekoko - This is the 6th person to complain about this issue, my guess is when running PMKID it's missing the ability to target the correct AP and is looking just at the traffic on the channel rather than narrowing the scope.

from esp32marauder.

I have the same issue 13.9

from esp32marauder.

I have the same issue 13.9

Are you using a Flipper Zero with official WiFi Dev Board (flashed with Marauder)? If so, what Flipper firmware are you on? ...don't know if this GitHub is mostly flipper people or what which is why I asked (and also want to see if it's a flipper-only thing, or effects anybody with a ESP32 based WiFi board running Marauder – on whatever other type of non-flipper hardware).

from esp32marauder.

Yes I'm using a flipper zero, I've tried the official dev board and a few other boards I have flashed with marauder and ended up with the same results. lol glad it's not just me

Current firmware's flipper - momentum dev

Marauder firmware- 13.9 I've refreshed twice

from esp32marauder.

Same issue with me, Flipper 13.9 and official dev board.

from esp32marauder.

Have either of you @intentethan @MastiffJeff rolled back the Marauder firmware and see if an earlier version works properly? I just got my Flipper this week so only been using the newest version.

Also wanted to ask you both how fast yours gets the PCAP file (where you run "Sniff (pmkid)", and it completes by saying "Received EAPOL"). Every. single. video I watch they seem to get the "Received EAPOL" message super fast (could be the editing though?)... Mine does NOT work this way. Many times I can run it for an HOUR (if not several) and it won't get one. Sometimes I'm lucky and can hit back button and try it again and it might get one immediately, or in a ~minute i.e. super fast... but many times it's the same and nothing for a very long time (if not back out and try again multiple times over and over again... can commonly take FOREVER). -- just wanted to make sure this is normal... if not it might be related to this issue ("Sniff (pmkid)") which is why I mentioned it.

from esp32marauder.

i do also have this happen to me but only on some networks, i have not rolled back

from esp32marauder.

I have not rolled back yet.

from esp32marauder.

This also happens when the network you're targeting has other networks on the same channel, my guess is the firmware is looking at the channel rather than the SSID..

This has been happening for 6 months ish.. I noticed it back in November when you're in a severely (WiFi) crowded area.

from esp32marauder.

@Dochartaigh please close the issue, we have linked the solution to it in Sasquach's Discord.

from esp32marauder.

Just so people know the solution: In Talking Sasquach's (very popular) 2024 video on WiFi and Marauder, when he's going over the process in the WiFi Marauder app, in the "Sniff (pmkid)" options, he mistakingly says to choose "Active (ForceDeauth)". This is incorrect – you want to use the "Targeted Active (List)" option. That's the one which should scan ONLY the network/SSID you have selected.

...have a feeling with that video being so popular, and so many people reporting this as an issue, probably quite a few watched that same video and are making the same mistake.

from esp32marauder.

I just tested this, target on channel 3, used Targeted Active PCAP file was my home router on channel 10.

from esp32marauder.

Sorry to re-open but I just did some more testing with "Targeted Active (List)"... and just like when I was using "Active (Force Deauth)", the PCAP I got was for the WRONG network again! ...so I think this is still broke.

On the "Flipper Zero Level Up" Facebook group (where somebody posted about this GitHub ticket) another user posted saying he ALWAYS uses "Targeted Active (List)" from the beginning and he likewise gets PCAP's for the wrong network so that's another person confirming this... so this leads me to believe this bug effects multiple Sniff (pmkid) options.

Also wanted to note that for anybody trying to duplicate this bug (besides being aware it doesn't happen 100% of the time) I think you also HAVE to be in a very Wi-Fi heavy area. We think it's scanning EVERYTHING on a single channel to grab a PCAP - so the PCAP you get back could be the network you selected on that channel, but it could also be some other RANDOM network on that SAME Channel. When I "Scan (ap)" on mine, after 30 seconds there's 50+ SSID's listed, with TONS on the same channel... (just in case somebody posts saying theirs works fine)

from esp32marauder.