Nova-X

WiFi security testing and BLE advertisement tool specifically designed for ESP32C5 platform with U8g2 OLED display support.

The current version is in beta. More features will be added.

Table of Contents

• Contact & Troubleshooting
• Features
• Hardware Requirements
• Pin Configuration
• Software Requirements
• Installation
• Usage
• Menu System
• Technical Details
• Legal Disclaimer
• License

Contact & Troubleshooting

• Issues && Troubleshooting: Discord Server Link

Features

WiFi Security Testing

Deauthentication Attacks

• All Access Points mode
• Channel-specific targeting
• Selected AP targeting

Authentication Flooding

• Mass authentication frame transmission
• Channel-based authentication attacks
• Selective AP authentication flooding

Association Flooding

• Association request flood attacks
• Channel-specific association attacks
• Targeted association frame injection

Beacon Frame Manipulation

• All SSID duplication
• Selected SSID cloning
• Random SSID generation
• Channel-specific beacon flooding
• Custom Prefix beacon flooding

BLE Advertisement Spoofing

• iOS device emulation support
• Samsung device emulation support

User Interface

• SSD1306 OLED display (128x64)
• 4-button tactile navigation system

Network Scanning

Dual-Band WiFi Support

• 2.4GHz: Channels 1-14
• 5GHz: Channels 36-165
• Progressive scanning algorithm
• RSSI measurement
• Channel mapping
• Encryption detection

Hardware Requirements

Microcontroller

• ESP32C5 module

Display

• SSD1306 OLED (128x64 pixels)
• I2C interface

Buttons

• 4x Tactile push buttons

Pin Configuration

// I2C Display Pins
I2C_SDA = GPIO 26
I2C_SCL = GPIO 25

// Button Pins
BTN_UP   = GPIO 24
BTN_DOWN = GPIO 23
BTN_OK   = GPIO 28
BTN_BACK = GPIO 10

// OLED Reset
OLED_RESET = -1 (not used)

Wiring Diagram

ESP32C5          SSD1306 OLED
GPIO 26  ------>  SDA
GPIO 25  ------>  SCL
3.3V     ------>  VCC
GND      ------>  GND

ESP32C5          Buttons
GPIO 24  ------>  UP Button    ----> GND
GPIO 23  ------>  DOWN Button  ----> GND
GPIO 28  ------>  OK Button    ----> GND
GPIO 10  ------>  BACK Button  ----> GND

Software Requirements

Required Libraries

// Core Libraries
- U8g2lib              // OLED display driver
- NimBLE-Arduino       // Bluetooth Low Energy
- WiFi                 // ESP32 WiFi library
- esp_wifi             // Low-level WiFi functions

// Standard Libraries
- Arduino.h
- Wire.h (I2C)
- vector (STL)
- string (STL)
- map (STL)

Library Installation

Method 1: Arduino Library Manager

Tools > Manage Libraries
Search:  "U8g2"        Install:  U8g2 by oliver
Search: "NimBLE"      Install: NimBLE-Arduino by h2zero

Method 2: Manual Installation

cd ~/Arduino/libraries/
git clone https://github.com/olikraus/u8g2.git
git clone https://github.com/h2zero/NimBLE-Arduino.git

Installation

Step 1: Board Setup (If you need to modify the sketch)

1. Open Arduino IDE
2. Go to File > Preferences
3. Add ESP32 board URL to Additional Board Manager URLs:

https://espressif.github.io/arduino-esp32/package_esp32_index.json

4. Open Tools > Board > Board Manager
5. Search "esp32" and install "esp32 by Espressif Systems"
6. Select Tools > Board > ESP32 Arduino > ESP32C5 Dev Module

Step 2: Upload Sketch

Recommended method is the first method

Method 1 (Upload via Image Uploader)

1. Download the latest image uploader from the Release page
2. Open image uploader
3. Select the COM port to which the ESP32-C5 is connected
4. Click Upload

Method 2 (Upload via Sketch)

Before upload sketch you need to patch your esp32 compiler - patcher - ex) platform.txt

1. Open nova-x-esp32c5/nova-x-esp32c5.ino
2. Configure board settings:
   • Board: ESP32C5 Dev Module
   • Upload Speed: 115200
   • Flash Frequency: 80MHz
   • Flash Mode: QIO
   • Partition Scheme: Huge APP (3MB No OTA/1MB SPIFFS)
3. Select correct COM port
4. Click Upload

Step 3: Serial Monitor

Tools > Serial Monitor
Baud Rate: 115200

Usage

Navigation

• UP Button: Move selection up
• DOWN Button: Move selection down
• OK Button: Confirm selection / Start action
• BACK Button: Return to previous menu / Stop action

Basic Workflow

1. Scanning Networks

Main Menu > Scan

2. Selecting Targets

Main Menu > Settings > Select APs

3. Running Attacks

Main Menu > Exploit > [Attack Type] > [Mode]

Menu System

Nova-X ESP32C5
│
├── Exploit
│   ├── Deauth
│   │   ├── All APs
│   │   ├── Channel
│   │   └── Selected
│   │
│   ├── Auth
│   │   ├── All APs
│   │   ├── Channel
│   │   └── Selected
│   │
│   ├── Assoc
│   │   ├── All APs
│   │   ├── Channel
│   │   └── Selected
│   │
│   ├── Beacon
│   │   ├── All SSIDs Dupe
│   │   ├── Selected Dupe
│   │   ├── Random
|   |   ├── Channel
│   │   └── Prefix
│   │
│   └── B. T Adv
│       ├── Samsung
│       └── IOS
│
├── Scan
│
├── Settings
│   └── Select APs
│
└── About

Technical Details

WiFi Frame Structures

Deauthentication Frame (26 bytes)

Frame Control:     0xC0 0x00
Duration:          0x3A 0x01
Destination MAC:   FF:FF:FF:FF:FF:FF (broadcast)
Source MAC:        [Target AP BSSID]
BSSID:             [Target AP BSSID]
Sequence:          0x00 0x00
Reason Code:       0x07 0x00

Authentication Frame

Frame Control:     0xB0 0x00
Algorithm:         0x00 0x00 (Open System)
Sequence Number:   0x01 0x00
Status Code:       0x00 0x00

Association Request Frame

Frame Control:     0x00 0x00
Capability Info:   0x21 0x04
Listen Interval:   0x0A 0x00
Tagged Parameters:  SSID, Supported Rates

Beacon Frame

Frame Control:     0x80 0x00
Fixed Parameters: 
  - Timestamp
  - Beacon Interval:  0xE8 0x03
  - Capability Info:  0x21 0x00
Tagged Parameters: SSID, Rates, Channel

Channel Configuration

2.4GHz Band (14 channels)

1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14

5GHz Band (23 channels)

36, 40, 44, 48, 52, 56, 60, 64,
100, 104, 108, 112, 116, 124, 128,
132, 136, 140,
149, 153, 157, 161, 165

Total: 37 channels

BLE Advertisement Data

iOS Device Structure (31 bytes)

Size:          0x1e
Type:         0xFF (Manufacturer Specific)
Company ID:   0x4C 0x00 (Apple Inc.)
Subtype:      0x07 0x19
Device Type:  [varies by device]

Samsung Device Structure (15 bytes)

Size:         0x0E
Type:         0xFF (Manufacturer Specific)
Company ID:   0x75 0x00 (Samsung Electronics)
Subtype:      0x01
Model:        [device-specific byte]

MAC Address Management

#define STORE_LEN 64  // MAC address cache size

bool checkedMac(const uint8_t* mac);
void storeMac(const uint8_t* mac);
void clearMacStored();

Attack Configuration

#define STORE_LEN 64        // MAC address cache
#define PER_PKT 3           // Packets per target
#define MAX_TX_POWER ESP_PWR_LVL_P20  // 20dBm transmit power

#define MAX_SSID 60 // Max ssid list
#define MAX_SSID_LEN 13 // Max ssid len
#define CLONES_PER_AP 10 // Clones per ap

Legal Disclaimer

IMPORTANT: READ BEFORE USE

This tool is designed exclusively for:

• Authorized penetration testing
• Educational purposes in controlled environments
• Network administration on owned infrastructure
• Security research with proper authorization

Legal Warnings

Unauthorized use of this software may violate laws including:

• United States: Computer Fraud and Abuse Act (CFAA), Federal Communications Act
• European Union: GDPR, Computer Misuse Act, national telecommunications laws
• International: Local wireless communication regulations and computer crime statutes

WiFi deauthentication, association flooding, and unauthorized network interference are illegal activities in most jurisdictions without explicit written permission from network owners.

Penalties may include:

• Criminal prosecution
• Civil liability
• Significant fines
• Imprisonment

User Responsibility

By using this software, you acknowledge:

1. You have explicit written authorization to test target networks
2. You understand applicable laws in your jurisdiction
3. You accept full legal responsibility for your actions
4. The authors bear no liability for misuse or legal consequences

Use this tool only on networks you own or have explicit written permission to test.

License

This project is licensed under the BSD 2-Clause "Simplified" License.

Copyright (c) 2024, warwick320
All rights reserved. 

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice,
   this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice,
   this list of conditions and the following disclaimer in the documentation
   and/or other materials provided with the distribution.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
THE POSSIBILITY OF SUCH DAMAGE.

See the LICENSE file for full details.

---

Remember: With great power comes great responsibility. Use this tool ethically and legally.