Image: Simone Margaritelli
Ever wondered what would manifest if you mixed 1990s nostalgia with a clever name and some futuristic hacking tech?The answer is the Pwnagotchi: a DIY, open source gadget for hacking Wi-Fi that gets smarter the more networks it gets exposed to using machine learning. It also has an adorable interface that reflects different "moods" depending on what it's doing, and echoes the Tamagotchi digital pets of the 90s. The idea is for its user to take it around the city and "feed" it with Wi-Fi handshakes, the process that allows phones or laptops to communicate with other wireless devices like a router or a smart TV.
In theory, these handshakes can then be cracked to reveal the Wi-Fi network’s password, which would be useful if the Pwnagotchi user wanted to hack into the Wi-Fi network at a later time.Hackers, of course, love it. The software for the Pwnagotchi was publicly released on September 19. Barely a month later, and with little promotion other than on Twitter, there’s already an enthusiastic community of hundreds of security researchers and hackers all over the world who are playing with it, modding it, writing plugins to improve it, and helping each other out on a Slack channel.
“It's gotten me to walk a LOT more instead of taking U-Bahn,” said Darren Martyn, a security researcher who lives in Berlin and said he owns three Pwnagotchis.The Pwnagotchi is the brainchild of Simone Margaritelli, a security researcher who’s known for other open source hacking projects like Bettercap, and a hacker who goes by the name hexwaxwing.The two devised the Pwnagotchi to be able to observe the Wi-Fi networks nearby and learn how to collect handshakes more efficiently overtime, using a type of machine learning called “deep reinforcement learning,” the same underlying tech that powers both AlphaGo and Super Mario-playing AIs.The deep learning algorithm is programmed to optimize the parameters needed to collect as many handshakes as possible. Every network is a bit different, and the way the Pwnagotchi collects handshakes from them will depend on if it’s on a busy street or in an office, for example.
To run the software, all you need is a Raspberry Pi Zero W, a microSD card with at least 8 GB of storage, and an external battery. If you want to see the Pwnagotchi’s cute black and white emoji face, you’ll also need a 2-inch e-paper display, according to the project’s official page. That amounts to a $60 investment, give or take, at the time of publication.Aside from its cyberpunk bonafides, hexwaxwing said that the cute factor is a big, and intentional, draw.“I knew adding the face to it would cause people to get extremely attached to their units, and extremely invested in cheering them up. I guarantee you a significant percentage of users came for the cute and stayed for the AI,” hexwaxwing said in an online chat. “I would not be surprised if the majority of users don't actually really care about collecting or cracking handshakes; they just love the idea of a grown-up Tamagotchi for hackers that takes advantage of an environmental playground that exists everywhere—insecure wireless networks! Beautiful.”Pwnagotchi is very much a work in progress with features being added all the time. Pwnagotchis can now detect other units in the vicinity and exchange end-to-end encrypted messages, for example. For example, thanks to a newly introduced feature, Margaritelli said, the units are able to network and learn cooperatively.Margaritelli said that he did not intend for Pwnagotchi to become a tool only for professional hackers. Instead, it's more of a learning tool for anyone interested in hacking. The underlying technology and what it does is not new, and there’s nothing illegal about it. In fact, the tool is designed to limit itself not to cause any denial of service on the devices it collects handshakes from, according to Margaritelli.“The main objective is pushing a bit vendors for mass adoption of safer Wi-Fi technologies (802.11w) and as an educational project for the users to learn from and have fun with,” he said in an online chat.Subscribe to our new cybersecurity podcast, CYBER.