Evil-M5Project – RTFM  邪恶-M5 项目 – RTFM

https://github.com/7h30th3r0n3/Evil-M5Core2

Introduction  介绍

Evil-M5Core2 is an innovative tool developed for ethical testing and exploration of WiFi networks. It harnesses the power of the M5Core2 device to scan, monitor, and interact with WiFi networks in a controlled environment. This project is designed for educational purposes, aiding in understanding network security and vulnerabilities.
Evil-M5Core2 是一款创新工具，专为 WiFi 网络的道德测试和探索而开发。它利用 M5Core2 设备的强大功能在受控环境中扫描、监控 WiFi 网络并与之交互。该项目专为教育目的而设计，有助于了解网络安全和漏洞。

Disclaimer  免責聲明

The creator of Evil-M5Core2 is not responsible for any misuse of this tool. It is intended solely for ethical and educational purposes. Users are reminded to comply with all applicable laws and regulations in their jurisdiction. All files provided with Evil-M5Core2 are designed to be used in a controlled environment and must be used in compliance with all applicable laws and regulations. Misuse or illegal use of this tool is strictly prohibited and not supported by the creator.
Evil-M5Core2 的创建者对此工具的任何滥用概不负责。它仅用于道德和教育目的。提醒用户遵守其所在司法管辖区的所有适用法律和法规。Evil-M5Core2 提供的所有文件均设计用于在受控环境中使用，并且必须遵守所有适用的法律和法规。严禁滥用或非法使用此工具，并且作者不支持。

Installation  安装

1. Connect your M5Core2 to your computer.
   将 M5Core2 连接到计算机。
2. Open the Arduino IDE and load the provided code.
   打开 Arduino IDE 并加载提供的代码。
3. Ensure M5unified, TinyGpsPlus, ArduinoJson and adafruit_neopixel libraries are installed.
   确保已安装 M5unified、TinyGpsPlus、ArduinoJson 和 adafruit_neopixel 库。
4. Ensure esp32 and M5stack board are installed (Error occur with esp32 3.0.0-alpha3, please use esp32 v2.0.14 and below).
   确保安装了 esp32 和 M5stack 板（esp32 3.0.0-alpha3 出现错误，请使用 esp32 v2.0.14 及以下版本）。
5. Place SD file content needed on the SD card. ( Needed to get IMG startup and sites folder).
   将 SD 文件所需的内容放在 SD 卡上。（需要获取 IMG 启动和站点文件夹）。
6. Ensure to run the script in utilities to bypass the esp32 firmware. (be sure that the folder in the script exist, change if needed (M5stack/eso32))
   确保在实用程序中运行脚本以绕过 esp32 固件。（确保脚本中的文件夹存在，根据需要更改（M5stack/eso32））
7. Ensure that the baudrates is at 115200.
   确保波特率为 115200。
8. Ensure that PSRAM is disabled in tools menu.
   确保在工具菜单中禁用 PSRAM。
9. Upload the script to your M5Core2 device.
   将脚本上传到您的 M5Core2 设备。
10. Restart the device if needed.
    如果需要，重新启动设备。

Warning : for Cardputer you need to change the Flash size to 8MB and the Partition Scheme to 8M with spiffs (3MB APP/1.5MB SPIFFS) or space error may occur.
警告 ：对于 Cardputer，您需要将闪存大小更改为 8MB，将分区方案更改为 8M，并带有 spiffs（3MB APP/1.5MB SPIFFS），否则可能会出现空间错误。

Features and explanation
特点和说明

Scan WiFi  扫描 WiFi

• A fast scan is performed automatically upon startup to identify nearby WiFi networks. You can scan again with this functionnality.
  启动时会自动执行快速扫描，以识别附近的 WiFi 网络。您可以使用此功能再次扫描。

Select Network  选择网络

• Select a network from a list. Use the left and right keys to navigate and select the desired network. After selecting the network you can clone it.
  从列表中选择一个网络。使用左右键导航并选择所需的网络。选择网络后，您可以克隆它。

Clone & Details  克隆和详细信息

• View detailed information about the selected network. The informations listed are : SSID, Channel, Security used, Signal strengh and MAC address. You can also clone the SSID in this menu before starting the portal.
  查看有关所选网络的详细信息。列出的信息是：SSID、信道、使用的安全性、信号强度和 MAC 地址。您还可以在启动门户之前在此菜单中克隆 SSID。

Start Captive Portal  启动强制网络门户

• Deploy a web captive portal with html files stored on SD card in « sites » folder. The deployed portal take the name of previous selected Network SSID. This portal should pop-up automatically on some devices or provided a notifications to access the current network, when informations are provided on pages, you can see it on the credentials.txt file.
  部署一个 Web 强制门户，其中 html 文件存储在 SD 卡上的 « 站点 » 文件夹中。部署的门户采用先前选定的网络 SSID 的名称。此门户应该在某些设备上自动弹出或提供访问当前网络的通知，当页面上提供信息时，您可以在 credentials.txt 文件上看到它。

Special Pages  特别页面

When Captive Portal is ON, you can access three functionalities protected by a password that hardcoded in the coded, it’s better that you change it before compiling to ensure security of data on the SD:
当强制门户处于打开状态时，您可以访问由编码中硬编码的密码保护的三个功能，最好在编译之前更改它，以确保 SD 上数据的安全性：

• /evil-m5core2-menu: Provides easy access to other pages with authentication, you need to enter the password to access others pages (default:7h30th3r0n3).
  /evil-m5core2-菜单： 通过身份验证提供对其他页面的便捷访问，您需要输入密码才能访问其他页面（默认：7h30th3r0n3）。
• /credentials: Lists captured credentials.
  /凭据： 列出捕获的凭据。
• /uploadhtmlfile: Upload files to the SD card, select the folder and send file on SD card ( consider to upload file less than 3Mo).
  /uploadhtml 文件： 上传文件到 SD 卡，选择文件夹并发送文件到 SD 卡上（考虑上传文件小于 3 个月）。
• /check-sd-file: Index to check, download, and delete files on the SD card.
  /check-sd-文件： 索引以检查、下载和删除 SD 卡上的文件。
• /Change-Portal-Password: Change the password of the deployed access point.
  /change-portal-password： 更改已部署接入点的密码。

Stop Captive Portal  停止强制门户

• Stop the captive portal and DNS.
  停止强制门户和 DNS。

Change Portal  变更门户

• Choose the portal provided to connecting users. Lists only HTML files on sites folder at the root of SD Card.
  选择提供给连接用户的门户。仅列出 SD 卡根目录下站点文件夹中的 HTML 文件。

Check Credentials  检查凭据

• View captured credentials : username, password, portal used and SSID when it was captured.
  查看捕获的凭据：用户名、密码、使用的门户和捕获时的 SSID。

Delete Credentials  删除凭据

• Delete all previous captured credentials.
  删除所有以前捕获的凭据。

Monitor Status  监控状态

• Consists of three static menus navigable using the left and right buttons.
  由三个静态菜单组成，可使用左右按钮导航。

Menu 1: System Overview
菜单 1：系统结束 view

• Number of Connected Clients: Displays the number of currently connected clients.
  连接客户端数量： 显示当前连接的客户端数。
• Credentials Count: Shows the number of passwords stored in credentials.txt.
  凭据计数： 显示存储在 credentials.txt 中的密码数。
• Current Selected Portal: Indicates the currently cloned portal.
  当前选择的门户： 指示当前克隆的入口。
• Portal Status: Displays whether the portal is ON or OFF.
  门户状态： 显示门户是打开还是关闭。
• Provided Portal Page: Details about the current portal page.
  提供的门户页面： 有关当前门户页面的详细信息。
• Bluetooth: Displays whether Bluetooth is ON or OFF.
  蓝牙： 显示蓝牙是打开还是关闭。

Menu 2: Client Information
菜单 2：客户信息

• MAC Addresses: Lists the MAC addresses of all connected clients.
  MAC 地址： 列出所有连接客户端的 MAC 地址。

Menu 3: Device Status
菜单 3：设备状态

• Stack left: Displays the remaining stack in the device.
  左堆栈： 显示设备中的剩余堆栈。
• Available RAM: Displays the remaining RAM in the device.
  可用内存： 显示设备中的剩余 RAM。
• Battery Level: Shows the current battery level.
  电池电量： 显示当前电池电量。
• Temperature: Reports the device’s internal temperature.
  温度： 报告设备的内部温度。

Probe Request Process  探测请求流程

When a WiFi-enabled device (such as a smartphone, laptop, or tablet) moves out of range of a known WiFi network and then comes back into range, it needs to reconnect to that network. To do this efficiently, the device uses a process involving « probe requests. »
当支持 WiFi 的设备（例如智能手机、笔记本电脑或平板电脑）移出已知 WiFi 网络的范围，然后又回到范围时，它需要重新连接到该网络。为了有效地做到这一点，该设备使用了涉及“探针请求”的过程。

1. Probe Request Emission:  探针请求发射：
   • The device actively scans for available WiFi networks by broadcasting probe request frames.
     设备通过广播探测请求帧主动扫描可用的 WiFi 网络。
   • These probe requests are essentially « pings » sent out by the device to check if the previously known networks are available nearby.
     这些探测请求本质上是设备发出的“ping”，用于检查附近是否有先前已知的网络。
   • Each probe request contains information about the network(s) the device is looking for, typically including the SSID (Service Set Identifier) of the network.
     每个探测请求都包含有关设备正在寻找的网络的信息，通常包括网络的 SSID（服务集标识符）。
2. Access Point Response:  接入点响应：
   • Nearby WiFi access points (APs) that match the SSID specified in the probe request will respond with a probe response frame.
     与探测请求中指定的 SSID 匹配的附近 WiFi 接入点 （AP） 将使用探测响应帧进行响应。
   • This response includes details such as the network capabilities, supported data rates, and other relevant information.
     此响应包括网络功能、支持的数据速率和其他相关信息等详细信息。
3. Reconnection:  重新连接：
   • Upon receiving a probe response, the device can then proceed to authenticate and associate with the access point, completing the reconnection process.
     收到探测响应后，设备可以继续进行身份验证并与接入点关联，完成重新连接过程。

Probe Attack  探针攻击

• Sends fake random probes near you on all channels. Adjust time delay with left or right buttons (200 ms to 1000 ms). This functionnality can be used to mess with Sniffing devices like Evil-M5 or others by sending fake probe attack. You can send custom probes (change it on the config.txt file in config folder default RickRoll) or randomized characteres probes.
  在所有通道上向您附近的虚假随机探针发送。使用左键或右键调整时间延迟（200 毫秒至 1000 毫秒）。此功能可用于通过发送虚假探测攻击来扰乱 Evil-M5 或其他嗅探设备。您可以发送自定义探针（在配置文件夹默认 RickRoll 中的 config.txt 文件上更改它）或随机字符探针。

Probe Sniffing  探针嗅探

• Starts a probe scan, capturing probes requests emissions, you can capture the SSID and store it on SD card at the end of the scan. Limited to 200 probes max. You can reuse it in Select probes menu to deploy it with start portal.
  启动探头扫描，捕获探头请求发射，您可以捕获 SSID 并在扫描结束时将其存储在 SD 卡上。最多限于 200 个探头。可以在“选择探测”菜单中重复使用它，以使用启动门户进行部署。

Karma  业

To better understand Karma Attack, check this article :
为了更好地理解 Karma Attack，请查看这篇文章：

Karma Attack  业力攻击

• Similar to Probe Sniffing but allows selection of a unique SSID after the probes scan. It deploy a portal with the same SSID, Waiting for 60 seconds that a possible vulnerable devices connect to it. If a client connect automatically the portal is provided.
  与探头嗅探类似，但允许在探头扫描后选择唯一的 SSID。它部署一个具有相同 SSID 的门户，等待 60 秒，直到可能的易受攻击的设备连接到它。如果客户端自动连接，则会提供门户。

Karma Auto  业力汽车

• Automates Karma Attacks on captured probes, retrying every 15 seconds on first probe receive until a client connect or stopped by the user. Inspired by the pwnagotchi project but with probes and rogue AP.
  自动对捕获的探针进行业力攻击，在第一次接收探针时每 15 秒重试一次，直到客户端连接或被用户停止。灵感来自 pwnagotchi 项目，但带有探针和流氓 AP。

Karma Spear  业力之矛

• Similar to Karma Auto but uses open SSIDs captured during wardriving. When the wardriving mode is used it ask at the end if you want to save Open network, if yes you populate the KarmaList.txt with it, you can also add custom SSIDs to KarmaList.txt.
  与 Karma Auto 类似，但使用在行车期间捕获的开放 SSID。当使用战争驾驶模式时，它会在最后询问您是否要保存开放网络，如果是，则用它填充 KarmaList.txt，您还可以将自定义 SSID 添加到 KarmaList.txt。

Select Probe  选择探头

• Menu to select a previously captured probe SSID and deploy it with start portal. Limited to 200 probes listed. You can also add custom SSIDs to probes.txt.
  菜单以选择以前捕获的探测 SSID 并使用启动门户进行部署。仅列出 200 个探头。您还可以将自定义 SSID 添加到 probes.txt。

Delete Probe  删除探针

• Menu to delete a unique previously captured probe SSID. Limited to 200 probes.
  菜单，用于删除之前捕获的唯一探头 SSID。仅限 200 个探头。

Delete All Probes  删除所有探测

• Deletes all previously captured probes, resetting probes.txt on SD card.
  删除所有以前捕获的探头，重置 SD 卡上的 probes.txt。

Brightness  亮度

• Adjust the screen brightness. Stored in config.txt file in config folder.
  调整屏幕亮度。存储在 config 文件夹中的 config.txt 文件中。

Bluetooth ON/OFF  蓝牙开/关

• Switch Bluetooth ON or OFF to be able to control it with serial bluetooth. Only on specific M5 devices.
  打开或关闭蓝牙，以便能够通过串行蓝牙控制它。仅适用于特定的 M5 设备。

Wardriving  战争驾驶

Wardriving is the practice of driving around in a vehicle with a laptop or smartphone to detect and map the location of Wi-Fi wireless networks. This activity often involves using software and hardware tools to capture data about the networks, such as their SSIDs (network names), signal strengths, and security configurations. The goal can be to find open or weakly secured networks for internet access, to gather information for security assessments, or simply for hobbyist mapping purposes.
战争驾驶是驾驶带有笔记本电脑或智能手机的车辆四处行驶以检测和绘制 Wi-Fi 无线网络位置的做法。此活动通常涉及使用软件和硬件工具来捕获有关网络的数据，例如其 SSID（网络名称）、信号强度和安全配置。目标可以是找到开放或安全性较弱的网络以访问互联网、收集信息以进行安全评估，或者仅用于业余爱好者的地图绘制目的。

WIGLE (Wireless Geographic Logging Engine) is a website and app that collects and displays crowdsourced information about wireless networks worldwide. Users contribute data by uploading their wardriving results, which are then aggregated into a publicly accessible database and map. This data can be used for various purposes, including research, security analysis, and network planning.
WIGLE（无线地理日志记录引擎）是一个网站和应用程序，用于收集和显示有关全球无线网络的众包信息。用户通过上传他们的战争驾驶结果来贡献数据，然后将这些数据汇总到可公开访问的数据库和地图中。这些数据可用于各种目的，包括研究、安全分析和网络规划。

• Scans WiFi networks and links them to positions in Wigle format, it can be used without GPS to populate KarmaList.txt. Requires indeed GPS.
  扫描 WiFi 网络并将它们链接到 Wigle 格式的位置，它可以在没有 GPS 的情况下使用来填充 KarmaList.txt。确实需要 GPS。

Beacon Spam  信标垃圾邮件

Beacon spam, also known as SSID spam, is a technique used in wireless networking to broadcast multiple, often fake, Wi-Fi network names (SSIDs) to disrupt or manipulate the surrounding wireless environment. This practice can overwhelm users’ devices by presenting numerous network options, which can be confusing and potentially lead to connection issues. Beacon spam can be used maliciously to interfere with legitimate networks, make it difficult for users to connect to their intended Wi-Fi.
信标垃圾邮件，也称为 SSID 垃圾邮件，是无线网络中使用的一种技术，用于广播多个通常是虚假的 Wi-Fi 网络名称 （SSID） 以破坏或纵周围的无线环境。这种做法可能会提供大量网络选项，从而使用户的设备不堪重负，这可能会令人困惑并可能导致连接问题。信标垃圾邮件可以被恶意用于干扰合法网络，使用户难以连接到他们预期的 Wi-Fi。

• Creates multiple networks on all channels, rendering multiple SSIDs in WiFi search. This functionnality is a workaround that I found that ensure similar attack without the bypass, but it’s less effective than sending forged frames, in other hand it’s causing some troubles on things like airodump and others it’s build in this way which is not the common way on others project
  在所有信道上创建多个网络，在 WiFi 搜索中呈现多个 SSID。我发现这种功能是一种解决方法，可以确保在没有旁路的情况下进行类似的攻击，但它不如发送伪造帧有效，另一方面，它会给 airodump 等东西带来一些麻烦，而其他它以这种方式构建，这不是其他项目的常见方式

Deauther

Send deauthentication frames, inspired by Spacehuhn’s Deauther project. View the original project here.
发送取消身份验证帧，灵感来自 Spacehuhn 的 Deauther 项目。在此处查看原始项目。

A deauther, also known as a deauthentication tool or deauth tool, is a device or software used to send deauthentication frames to a Wi-Fi network, causing connected devices to disconnect. This can be used for various purposes, including network testing, security assessments, and malicious activities.
取消身份验证器，也称为取消身份验证工具或取消身份验证工具，是用于向 Wi-Fi 网络发送取消身份验证帧的设备或软件，导致连接的设备断开连接。这可用于各种目的，包括网络测试、安全评估和恶意活动。

How Deauther Works  DEAUTHER 的工作原理

1. Deauthentication Frames: In Wi-Fi networks, deauthentication frames are management frames that tell a device it has been disconnected from the network. These frames are part of the 802.11 standard and are meant to be used by legitimate network devices.
   取消身份验证帧： 在 Wi-Fi 网络中，取消身份验证帧是管理帧，用于告诉设备它已与网络断开连接。这些帧是 802.11 标准的一部分，旨在由合法网络设备使用。
2. Sending Deauthentication Frames: A deauther device or software sends these frames to one or more devices connected to a target Wi-Fi network, forcing them to disconnect.
   发送取消身份验证帧 ：取消身份验证设备或软件将这些帧发送到连接到目标 Wi-Fi 网络的一个或多个设备，强制它们断开连接。
3. Reconnection: After being disconnected, devices will typically try to reconnect automatically. This creates an opportunity for the attacker to capture handshake data or disrupt network service.
   重新连接 ：断开连接后，设备通常会尝试自动重新连接。这为攻击者捕获握手数据或中断网络服务创造了机会。

Sniffing EAPOL 4-way handshakes and PMKID (Pairwise Master Key Identifier) are techniques used in the context of Wi-Fi security, particularly for cracking WPA/WPA2 protected networks.
嗅探 EAPOL 4 路握手和 PMKID（成对主密钥标识符）是 Wi-Fi 安全背景下使用的技术，特别是用于破解受 WPA/WPA2 保护的网络。

Sniffing EAPOL 4-Way Handshakes
嗅探 EAPOL 4 向握手

When a client device connects to a Wi-Fi network, the access point and the client perform a 4-way handshake to authenticate and generate encryption keys. This handshake involves four Extensible Authentication Protocol over LAN (EAPOL) messages. By capturing these handshake packets, an attacker can attempt to crack the Wi-Fi password offline.
当客户端设备连接到 Wi-Fi 网络时，接入点和客户端会执行 4 次握手以进行身份验证并生成加密密钥。此握手涉及四个 LAN 上的可扩展身份验证协议 （EAPOL） 消息。通过捕获这些握手数据包，攻击者可以尝试离线破解 Wi-Fi 密码。

1. Capture Handshake: Using tools like Wireshark, Aircrack-ng, or similar, an attacker captures the 4-way handshake packets.
   捕获握手 ：攻击者使用 Wireshark、Aircrack-ng 或类似工具捕获 4 路握手数据包。
2. Cracking: The attacker then uses software to perform a dictionary or brute-force attack on the captured handshake, attempting to guess the Pre-Shared Key (PSK) used to secure the network.
   破解 ：然后，攻击者使用软件对捕获的握手执行字典或暴力攻击，试图猜测用于保护网络的预共享密钥 （PSK）。

Sniffing PMKID  嗅探 PMKID

PMKID is another method used to attack WPA/WPA2 networks. This technique involves capturing the PMKID, which is present in the first message of the 4-way handshake in some implementations.
PMKID 是另一种用于攻击 WPA/WPA2 网络的方法。此技术涉及捕获 PMKID，该 PMKID 存在于某些实现中的 4 向握手的第一条消息中。

1. Capture PMKID: Tools like hcxdumptool can be used to capture PMKID from the wireless traffic.
   捕获 PMKID：hcxdumptool 等工具可用于从无线流量中捕获 PMKID。
2. Cracking: The captured PMKID is then subjected to a cracking process similar to that used for 4-way handshakes, typically using Hashcat.
   破解 ：然后对捕获的 PMKID 进行类似于 4 向握手的破解过程，通常使用 Hashcat。

Cracking  裂化

Once the necessary data (EAPOL handshake or PMKID) is captured, the process of cracking involves:
一旦捕获了必要的数据（EAPOL 握手或 PMKID），破解过程将涉及：

1. Dictionary Attack: Using a list of potential passwords (wordlist), the cracking software attempts each password to see if it matches the captured handshake or PMKID.
   字典攻击 ：破解软件使用潜在密码列表（单词列表），尝试每个密码，看看它是否与捕获的握手或 PMKID 匹配。
2. Brute-Force Attack: If a dictionary attack fails, a more exhaustive brute-force attack can be used, trying all possible combinations of characters up to a certain length.
   暴力攻击 ：如果字典攻击失败，可以使用更详尽的暴力攻击，尝试所有可能的字符组合，直到一定长度。

Cracking these protections depends heavily on the complexity of the password and the computational power available. Strong, complex passwords can significantly mitigate the risk of successful cracking.
破解这些保护措施在很大程度上取决于密码的复杂性和可用的计算能力。强而复杂的密码可以显着降低成功破解的风险。

A script to transform pcap to hccapx is provided in utilities to try to crack password with hashcat.
实用程序中提供了将 pcap 转换为 hccapx 的脚本，用于尝试使用 hashcat 破解密码。

On Evil-M5 :   在 EVIL-M5 上：

To send deauthentication frames while sniffing EAPOL packets at the same time or not if you just want to send deauth :
要在同时嗅探 EAPOL 数据包时发送取消身份验证帧，如果您只想发送取消身份验证：

1. Select the network.  选择网络。
2. Go to the deauther menu.
   转到取消身份验证菜单。
3. Answer the prompted questions.
   回答提示的问题。
4. Start deauth and sniff simultaneously.
   同时启动 deauth 和 sniff。

Special thanks to Aro2142 and n0xa for their contributions.
特别感谢 Aro2142 和 n0xa 的贡献。

Client Sniff And Deauth
客户端嗅探和取消授权

Sniff connected clients and send deauthentication frames automatically. This feature is inspired by the original idea from Evilsocket’s Pwnagotchi project. You can view the original project here.
嗅探连接的客户端并自动发送取消身份验证帧。此功能的灵感来自 Evilsocket 的 Pwnagotchi 项目的原始想法。您可以在此处查看原始项目。

On Screen Information:  屏幕上的信息：

• AP: Number of access points near you.
  美联社： 您附近的接入点数量。
• C: Current channel.
  丙： 当前通道。
• H: Number of new PCAP files created (at least one EAPOL and beacon frame).
  H： 创建的新 PCAP 文件数（至少一个 EAPOL 和信标帧）。
• E: Number of EAPOL packets captured.
  E： 捕获的 EAPOL 数据包数。
• D: 0 = no deauth (only sniffing) / 1 = active deauth.
  D：0 = 无取消身份验证（仅嗅探）/ 1 = 主动取消授权。
• DF: Fast mode.  DF： 快速模式。

Controls:  控制：

• Left Button: Toggle deauth ON/OFF.
  左键： 打开/关闭取消授权。
• Middle Button: Return to menu.
  中间按钮： 返回菜单。
• Right Button: Switch between fast/slow mode.
  右键： 在快/慢模式之间切换。
  
  On cardputer :  在 cardputer 上：
  
• D key : Toggle deauth ON/OFF.
  D 键： 打开/关闭取消授权。
• return key : Return to menu.
  返回键 ： 返回菜单。
• F key: Switch between fast/slow mode.
  F 键： 在快/慢模式之间切换。

Functionality:  功能性：

1. Scan for nearby access points.
   扫描附近的接入点。
2. Sniff if a client is connected to the access point.
   嗅探客户端是否连接到接入点。
3. Send broadcast deauth frames to each access point with connected clients.
   将广播取消身份验证帧发送到具有连接客户端的每个接入点。
4. Send spoofed deauth frames for each client.
   为每个客户端发送欺骗性的取消身份验证帧。
5. Sniff EAPOL packets simultaneously.
   同时嗅探 EAPOL 数据包。
6. Loop back to scan nearby access points.
   循环回以扫描附近的接入点。

Handshake/Deauth Sniffing
握手/取消身份验证嗅探

Evil-M5Core2 can capture EAPOL (4-way handshakes and PMKID) packets, inspired by G4lile0’s Wifi-Hash-Monster project. View the original project here.
Evil-M5Core2 可以捕获 EAPOL（4 路握手和 PMKID）数据包，灵感来自 G4lile0 的 Wifi-Hash-Monster 项目。在此处查看原始项目。

On Screen Information:  屏幕上的信息：

• Channel: Current channel.
  渠道： 当前通道。
• Mode: Static (stay on the same channel) / Auto (hopping through all channels).
  模式： 静态（保持在同一通道上）/自动（跳过所有通道）。
• PPS: Packets per second on the channel (if no activity, PPS may show the last known number due to refresh on packet receipt).
  缴费灵： 通道上每秒的数据包数（如果没有活动，PPS 可能会显示最后一个已知数字，因为在数据包接收时刷新）。
• H: Number of new PCAP files created (at least one EAPOL and beacon frame).
  H： 创建的新 PCAP 文件数（至少一个 EAPOL 和信标帧）。
• EAPOL: Number of EAPOL packets captured.
  东海警察： 捕获的 EAPOL 数据包数。
• DEAUTH: Number of deauthentication packets seen.
  取消授权： 看到的取消身份验证数据包数。
• RSSI: Signal strength (indicates distance from the transmitter).
  RSSI： 信号强度（表示与发射器的距离）。

If an EAPOL packet is detected, it is stored in a PCAP file with the MAC address of the AP and a beacon frame with the BSSID. You can use tools like Aircrack-ng or Hashcat to crack WiFi passwords using the 4-way handshake or PMKID.
如果检测到 EAPOL 数据包，则将其存储在带有 AP 的 MAC 地址和带有 BSSID 的信标帧的 PCAP 文件中。您可以使用 Aircrack-ng 或 Hashcat 等工具通过 4 向握手或 PMKID 破解 WiFi 密码。

A Python tool for processing multiple PCAP files into Hashcat format is provided in the utilities folder.
utilities 文件夹中提供了一个用于将多个 PCAP 文件处理为 Hashcat 格式的 Python 工具。

Detect Deauthentication Packets
检测取消身份验证数据包

Detect nearby deauthentication packets, which occur when a machine disconnects from an access point. These packets can be spoofed to disconnect devices, exploiting automatic reconnection to sniff the 4-way handshake. An abnormal number of deauthentication packets is a sign of a possible Wi-Fi attack.
检测附近的取消身份验证数据包，当计算机与接入点断开连接时发生。这些数据包可以被欺骗以断开设备连接，利用自动重新连接来嗅探 4 次握手。异常数量的取消身份验证数据包是可能遭受 Wi-Fi 攻击的迹象。

This feature also detects nearby Pwnagotchi devices, printing the name and number of networks pwned, indicating if you are under attack.
此功能还可以检测附近的 Pwnagotchi 设备，打印 pwned 网络的名称和数量，表明您是否受到攻击。

Check Handshakes   检查握手

Just list previous captures pcap.
只需列出以前捕获的 pcap。

Wall of Flipper  鳍状肢墙

Flipper Zero Detection via Bluetooth
通过蓝牙进行弹球零检测

• Discover Flipper Name  发现 Flipper 名称
• Discover Flipper Mac Address (normal/spoofed)
  发现 Flipper Mac 地址（正常/欺骗）
• Discover Flipper Color (Transparent, White, Black)
  探索脚蹼颜色（透明、白色、黑色）
• Save Discovered Devices to SD Card
  将发现的设备保存到 SD 卡

Identify Potential Bluetooth Advertisement Attacks
识别潜在的蓝牙广告攻击

• Suspected Advertisement Attacks
  疑似广告攻击
• iOS Popup Advertisement Attacks
  iOS 弹出广告攻击
• Samsung and Android BLE Advertisement Attacks
  三星和 Android BLE 广告攻击
• Windows Swift Pair Advertisement Attacks
  Windows Swift Pair Advertisement 攻击
• LoveSpouse Advertisement Attacks (Denial of Pleasure)
  LoveSpouse 广告攻击（拒绝快乐）

Change Startup Image  更改启动映像

• Upload a 320×240 startup.jpg image to replace the original and personalize your Evil-M5Core2.
  上传 320×240 startup.jpg 图像以替换原始图像并个性化您的 Evil-M5Core2。