Pawnagotchi — Wi-Fi Handshake Capture & Hashcat Analysis

2024 · Raspberry Pi Zero W, Pawnagotchi, Hashcat, WPA2, Linux

Context

This project explores wireless security using a Raspberry Pi Zero W running Pawnagotchi, an open-source tool that captures WPA/WPA2 handshakes for offline analysis. I focused on understanding the 802.11/WPA2 protocol flow and applying ethical cracking techniques with Hashcat in a controlled lab environment.

Topology

The device operates in monitor mode to passively capture 4-way handshakes from nearby AP/client exchanges. Captured handshakes are exported to .pcap / .hccapx for analysis on a Linux workstation.

Implementation

Configured Pawnagotchi with an e-ink display for live status and passive handshake capture.
Analyzed captured frames in Wireshark to review the WPA2 4-way handshake flow (ANonce/SNonce, MIC verification, PTK derivation).
Converted captures to .hccapx and tested Hashcat wordlists/rules for password-strength evaluation.


# Example (educational use, lab-only)
hashcat -m 22000 handshakes.22000 wordlists/rockyou.txt --status

Demo

Short demo of the setup and capture workflow.

Results & Learnings

Deepened understanding of the WPA2 4-way handshake and key derivation.
Gained hands-on experience with passive capture, PCAP analysis, and ethical cracking workflow.
Validated the impact of strong passphrases and rate-limited association attempts.

Ethics & Scope

All testing was performed on my own lab equipment and networks with explicit permission.