Illustration by Lille Allen / The Verge
I am firmly in the camp that learning about hacking and, by extension, computers generally should be fun. Much of the modern world purposefully attempts to obfuscate how these things work, functionally turning technology into a huge bummer. And if you want to learn more about networking and Wi-Fi, it can be hard to know where to start.
What if technology was fun again? What if it was inviting? What if it had a little kitty cat on it? Enter the HakCat WiFi Nugget.
What is it?
Like the DSTIKE Deauther watch, the WiFi Nugget is an open-source tool that tries to make the process of learning hacking fun and approachable. Designed by Hak5 hosts Kody Kinzie and Alex Lynd, the device has a tiny OLED screen, some buttons, and the face of a cute cat (in honor of a real cat called Nugget) — adding up to a very approachable way to get into Wi-FI hacking. It’s cute and inviting, just like the Pwnagotchi and the Flipper Zero, which also apply the Tamagotchi aesthetic to a fun tool.
HakCat provides pre-soldered and pre-flashed nuggets on its web store, but the design is simple enough that you can build it yourself from parts if you’re so inclined. Just take the Gerber and BOM (Bill of Materials) files from GitHub to your local PCB Manufacturer (PCBWay, OSH Park, and JLCPCB, to name a few) and get a handful of them produced. After that, you just need to order some parts from the internet, do a teensy bit of soldering, 3D print some cases, flash the firmware with ESPTool in Chrome, and you are good to go!
What can it do?
Essentially, it can cause trouble with Wi-Fi networks — sending out specific commands that play with the way networks and client devices authenticate each other. In that way, the Nugget shares a lot in common with the DSTIKE watch and can even run a modified version of the same Deauther tool by Spacehuhn — but that’s not the only attack you can try. There’s also the probe attack, which plays with the initial call-and-response commands, or the beacon attack that lets you spoof an access point. Once you’ve mastered those, the folks at HakCat have built on Spacehuhn’s original project to create a tool for detecting Wi-Fi Attacks.
The WiFi Nugget is not the only tool the fine folks at HakCat have developed. On top of that, there is the USB Nugget, a similarly shaped tool that allows you to deliver DuckyScript payloads and more. This device is based on the ESP32S2, and if you are familiar with the USB Rubber Ducky, you may already be familiar with what you can do with it.
How much of a threat is it?
Like the DSTIKE watch, the WiFi Nugget is based on an ESP8266 microcontroller, making it a fun, affordable tool for learning the ins and outs of Wi-Fi hacking. It is not, however, particularly powerful, which is fine! The ESP8266 only has 2.4GHz Wi-Fi, and many newer routers have features that protect against deauth attacks (assuming they are enabled). But like the DSTIKE watch, you can definitely cause some havoc, particularly to older networks and devices.
Still, the goal of the WiFi Nugget is not to create a powerful, all-encompassing tool like the Flipper or the Pwnagotchi. It’s better to think of the Nugget as a fun little buddy that fits on a bag or keychain. It’s really just a tool for learning how to spoof Wi-Fi access points, learn about deauth attacks, and explore the possibilities of what simple microcontrollers can do. And it looks cute, to boot.
Could I use it myself?
Absolutely. Like the DSTIKE watch, the WiFi Nugget is very intuitive and friendly for new users. It costs less than $100, and if you don’t like the firmware it’s running, flashing a new binary is easy with the ESPTool web interface. It also is a kitty cat, which you gotta admit is a huge selling point.