PORTAL.HACK Firmware

Firmware for advanced security tests on M5StickC Plus and M5StickC Plus 2 ESP32 Devices

BUY COMPLETE FIRMWARE

Access the full power of PORTAL.HACK firmware for M5StickC Plus & Plus 2.

Buy Now

FIRMWARE BY @MASTERBUDZ_REAL

1. Bluetooth (BLE) Attacks

BLE-HACK: Spam of Bluetooth Low Energy devices.
BLE-FASTSPAM: Rapid spam of BLE devices, constantly sending notifications.
BLE SCAN: Scanning Bluetooth Low Energy networks and displaying devices.
BLE WIN BAD-USB: Executing BadUSB attacks on Windows PCs via Bluetooth.
BLE RUBBERDUCKY: Executing Rubber Ducky attacks via Bluetooth.
nRF24 JAM: Jamming Bluetooth devices using the nRF24 antenna.
EXFILTRATE CORP.: Extracting system information from Bluetooth devices.
IOS-CRASH: Crashing or disrupting iOS devices via Bluetooth.
ANDROID-CRASH: Crashing or disrupting Android devices via Bluetooth.

2. Wi-Fi Attacks

WIFI-HACK: Attacking Wi-Fi networks by exploiting protocol vulnerabilities.
WIFI PCAP FILE SAVE: Saving Wi-Fi packets in PCAP format for analysis.
PORTAL.ino - Wi-Fi Function: Fake Wi-Fi hotspot for social engineering attacks and credential harvesting.

3. RF Device Attacks

RF SIGNAL JAM: Jamming RF signals.
RF REMOTE JAM: Web-controlled device for disrupting RF signals.
RF GRABBER: Capturing RF signals.
RF REPLY: Replaying captured RF signals.
RF SCANNER: Scanning RF signals.
RF RECORD: Recording RF signals.
RF REC-REPLY: Replaying recorded RF signals.
RF COPY-RAW: Copying raw RF signals.
RF SEND-RAW: Transmitting raw RF signals.
RF SUB SEND: Sending RF signals from .sub files.
RF FILE-SAVE: Saving RF signals to SD card.
RF CUSTOM REPLY: Custom response to RF signals via web interface.
RF AUDIO JAM: Jamming audio signals transmitted via RF.
CC1101 GRAB: Capturing RF signals using the CC1101 antenna.
CC1101 REPLY: Replaying captured signals using CC1101.
CC1101 SCANNER: Scanning RF signals in real-time using CC1101.
CC1101 JAMMER: Using CC1101 to jam radio signals.
CC1101 BRUTE: Brute-force attack for 24-bit Princeton RF remotes using the CC1101 antenna.
CC1101 SYNC: Synchronizes rolling code remotes and allows PORTAL.HACK to emulate them as a real remote.
RF FS SAVE: Saves RF signals directly to M5Stick internal storage (no SD card required).
RF FS SEND: Replays RF signals stored on the device's internal memory.
CC1101 TESLA: Opens Tesla charging ports using the CC1101 antenna.
TESLA PORT OPEN: Opening Tesla charging ports.
TESLALOOP: Continuously sends Tesla charge port open signal in a loop, preventing it from closing while in range.
CC1101 SYNC: Synchronizes multiple CC1101 signals.
RF RECORD LFS: Records signal data using LittleFS (internal storage, no SD card required).
RF REPLAY LFS: Replays recorded signals from LittleFS.
SCROLLSCANNER: RF spectrum scanner with real-time waterfall display, similar to SDR visualizations.
CC1101SCROLL: CC1101-based waterfall RF scanner for visualizing signal activity across frequencies.

4. Infrared (IR) Attacks

IR-BRUTE: Brute-force attacks on IR remote control systems.
IR LEARN: Learning and saving IR signals.
IR SEND: Sending copied IR signals.
IR SCANNER: Scanning IR signals in real-time.
IR FILE-SAVE: Saving IR signals to SD card.
IR CUSTOM REPLY: Sending custom IR signals via web interface.
IR DATA SCAN: Scanning and displaying IR data.
TRAFFIC LIGHTS IR: Manipulating traffic lights via IR signals.
NIGHT-CAMERA JAM: Jamming night vision cameras via IR signals.
IRLIST COPY: Copies a saved sequence of IR signals into memory for review, editing, or replay.
IRLIST SEND: Captures and stores a list of IR signals, then allows full batch replay in sequence.
IR LEARNING LFS: IR learning and saving to LittleFS.
IR REPLAY LFS: IR signal replay from LittleFS storage.

5. Brute Force on RF Devices

RF DEVICE BRUTE: Brute-forcing RF devices to identify access codes.
RF LIGHTS BRUTE: Brute-forcing RF-controlled lighting systems.
PARKING GATE BRUTE: Brute-forcing parking gate systems.
CEILING FAN BRUTE: Brute-forcing RF-controlled ceiling fans.
DEBRUIJN BRUTE: Brute-force attack using De Bruijn algorithm.
CAME 12bit BRUTE: Brute-forcing CAME 12-bit systems.
CAME 24bit BRUTE: Brute-forcing CAME 24-bit systems.
LINEAR 10bit BRUTE: Brute-forcing linear 10-bit systems.
PRINCETON 24bit BRUTE: Brute-forcing Princeton 24-bit systems.
KEELOQ BRUTE: Brute-forcing KeeLoq systems.
NICE FLO BRUTE: Brute-forcing Nice Flo systems.
HOLTEK BRUTE: Brute-forcing Holtek systems.
RESTAURANT RATEKESS PAGERS BRUTE: Brute-forcing Ratekess restaurant pagers.
PT-2240 BRUTE: Brute-forcing PT-2240 systems.
UNILARM 25bit BRUTE: Brute-forcing Unilarm 25-bit systems.

6. NFC and RFID Attacks

NFC SCANNER: Scanning NFC cards and displaying UID.
NFC DOOR BRUTE: Brute-forcing NFC door systems.
PN532 CLONE: Clone NFC tag data directly to device memory using the PN532 module (no SD card required).
PN532 SCAN: Scan and display the UID of NFC chips using the PN532 reader.
RFID FASTBRUTE: Fast brute-force on RFID (Mifare) systems.
RFID SLOWBRUTE: Slow brute-force on RFID (Mifare) systems.
MIFARE UNLOCK: Replay function for RFID brute force attacks.
CLONE RFID TAG: Full cloning of RFID cards.
REPLY RFID TAG: Replay data from an RFID card.
COPY RFID UID: Copying the UID of an RFID card.
REPLAY RFID UID: Replaying the UID of an RFID card.
EMULATE TAG: Emulating a cloned RFID card.
PN532VIEW: Adds a visual NFC tag viewer for PN532.

7. Specific Device Attacks (Others)

SHOP CART UNLOCK: Unlocking smart supermarket shopping carts.
SAFE UNLOCK: Unlocking safes using the Flipper Zero SentrySafe method.

8. Security and Utility Functions

DETECT SKIMMERS: Detecting skimmer devices to ensure card security.
DETECT PWNAGOTCHI: Detecting Pwnagotchi devices.
DETECT FLIPPERZERO: Detecting other Flipper Zero devices.
EMP GENERATOR: Generating electromagnetic pulses (EMP) for testing.
GPS INFO: Displaying GPS information such as location and altitude.
SOUND NOISE: Emitting annoying sounds to disrupt or alert.
LED LIGHT: Controlling an LED for visual effects or indications.
WEBFILEMANAGER: Web-based file manager for device internal storage.
REMOTESCREEN: Creates a Wi-Fi network to remotely view and control the PORTAL.HACK screen from a connected device, like a smartphone.

9. Simulations and Extra Features

TAMAGOTCHI: Simulating a virtual pet like a Tamagotchi.
WEB LINKS: Quick access to web resources for hacking.
SETTINGS: Accessing the device's configuration menu.

PORTAL.ino - Wi-Fi Function

In PORTAL.HACK Portal mode, an open WiFi Hotspot named "Vodafone Free WiFi" (configurable by clone another AP) is activated. It serves a fake login page for social engineering attacks, capturing entered usernames, passwords, emails, and OTPs. Cloning existing SSIDs is possible from the WiFi Scan details. Captured credentials can be viewed by connecting to the portal and browsing to http://172.0.0.1/creds. Custom SSIDs and settings can be configured in a similar manner. SD Card support logs usernames and passwords to portal-hack-creds.txt.

Note: PORTAL.HACK is intended for professional engagements, education, or demonstration purposes only. Unauthorized use of personal information is against the law.

Discord Community

Join our Discord community for support, updates, and discussions!

Join Now

Guide: Wiring and Modules

433 MHz Transmitter:

RF Receiver Pinout:

CC1101 Pinout:

nRF24 Pinout:

INFRARED Transmitter Pinout:

INFRARED Receiver Pinout:

SD CARD PINOUT

IR BLASTER

RFID2 READER

📜 Changelog - PORTAL.HACK Firmware

v6.8.0 - Coming Soon (2025): New functions added:
- IRLIST_SEND: Captures and stores a list of IR signals, then allows full batch replay in sequence.
- TESLAUNLOCKER: Enhances Tesla unlock function setup.
- CC1101_MULTI_SYNC: Synchronizes multiple CC1101 signals.
- RECORD_LFS: Records signal data using LittleFS (internal storage, no SD card required).
- REPLAY_LFS: Replays recorded signals from LittleFS.
- PN532VIEW: Adds a visual NFC tag viewer for PN532.
- IR_LEARNING_LFS: IR learning and saving to LittleFS.
- IR_REPLAY_LFS: IR signal replay from LittleFS storage.
- TESLALOOP: Continuously sends Tesla charge port open signal in a loop, preventing it from closing while in range.
- WEBFILEMANAGER: Web-based file manager for device internal storage.
- SCROLLSCANNER: RF spectrum scanner with real-time waterfall display, similar to SDR visualizations.
- CC1101SCROLL: CC1101-based waterfall RF scanner for visualizing signal activity across frequencies.
- REMOTESCREEN: Creates a Wi-Fi network to remotely view and control the PORTAL.HACK screen from a connected device, like a smartphone.
v6.7.0 - February 20, 2025: Added CC1101 BR (brute-force 24-bit) and IR JAM functions. Improved system performance, memory management, and fixed various bugs.
v6.6.1 - February 15, 2025: Major UI and stability improvements. Full menu redesign, memory optimization, enhanced signal learning, and refined features.
v6.6.0 - September 15, 2024: Added nRF24 JAM for Bluetooth disruption and RFID tag emulation. Improved RF GRABBER and reduced memory usage.
v6.5.8 - August 14, 2024: Introduced CC1101 JAMMER and SCANNER with real-time visual feedback. Enhanced UI and audio signals for various RF functions.
v6.5.7 - August 13, 2024: Refined IR LEARN/SEND interface with graphics. Fixed bugs in RFID and CC1101 replication functions.
v6.4.5 - August 5, 2024: Enabled full RFID tag cloning and reply features. Improved RF JAMMER user interface.
v6.3.4 - August 4, 2024: Released BLE-FASTSPAM for continuous BLE notifications. Added EMP generator. Improved reception graphics and sound feedback.
v6.2.3 - July 25, 2024: Added support for CC1101 GRAB and REPLY. Introduced EMP Generator for signal interference experiments.
v6.1.2 - July 3, 2024: Added WIFI PCAP FILE SAVE for EAPOL and general Wi-Fi packet capturing to SD card in PCAP format.
v6.0.2 - June 21, 2024: Added brute-force support for KeeLoq, Holtek, Nice Flo, Retekess, and PT2240. Enhanced RF brute-force speeds and reliability.
v6.0.1 - June 19, 2024: Fixes for RF brute-force functions and added BRUTEFORCE support for Holtek, Nice Flo 24-bit, Retekess pagers, and PT2240.
v6.0.0 - June 9, 2024: Introduced KEYLESS GRAB and REPLY for modern Hitag remotes. Added IR DATA SCAN.
v5.9.9 - June 7, 2024: Removed IR/RF SD REPLY. Added IR/RF CUSTOM REPLY with web interface for signal launch.
v5.9.8 - June 6, 2024: Added IR SCANNER with near real-time signal graph. Fixed IR and RF file saving issues.
v5.8.7 - May 31, 2024: Fixed menu flickering and improved function positioning for clarity.
v5.8.6 - May 30, 2024: Introduced IR FILE SAVE to SD card and reorganized menu layout. Bug warning noted.
v5.7.5 - May 18, 2024: Added EXFILTRATE CORP. for extracting Windows system info via Bluetooth.
v5.6.5 - May 14, 2024: Prevented pin 26 overheating, improved BLE ANDROID SPAM support.
v5.6.4 - May 10, 2024: Fixed Tesla port auto-sending, IR transmission/reception over pin 26 fully working.
v5.6.3 - May 4, 2024: Resolved IR transmission pin misconfiguration.
v5.6.2 - May 4, 2024: Corrected IR receiving pin input setup.
v5.6.1 - May 2, 2024: Fixed external IR communication pin and expanded IOS-CRASH capabilities.
v5.6.0 - May 2, 2024: Enabled IR-BRUTE with external IR transmitter support.
v5.5.9 - May 1, 2024: Improved IR functions with dual-output support, updated RF-RECORD for timing accuracy.
v5.5.8 - April 30, 2024: Added NIGHT CAMERA JAM and TRAFFIC LIGHT SET via IR with improved logic.
v5.5.7 - April 29, 2024: Extended RFID compatibility to all MIFARE chips.
v5.5.6 - April 29, 2024: Redesigned RFID cloning logic to fix failures.
v5.5.5 - April 29, 2024: Added web interface remote jammer.
v5.4.5 - April 28, 2024: Added ANDROID CRASH function and PORTAL.HACK boot logo.
v5.3.4 - April 22, 2024: Optimized brute-force speeds and accuracy across all functions.
v5.3.3 - April 22, 2024: Enhanced RF scanner compatibility, iOS crasher responsiveness.
v5.3.1 - April 18, 2024: STARTUP MENU SOUND added, EEPROM management improved.
v5.3.0 - April 18, 2024: Added Tesla port FS1000A support, faster CAME brute-force.
v5.2.8 - April 15, 2024: Improved Tesla opener with 26-bit preamble, expanded model support.
v5.2.7 - April 13, 2024: PN532 support added, improved card scanning logic.
v5.1.6 - April 9, 2024: Fixed Tesla signal looping issue.
v5.1.5 - April 8, 2024: Added Bluetooth-based BadUSB with web command interface.
v5.1.4 - April 7, 2024: IR SEND now supports repetition; fixed file replication errors.
v5.1.2 - March 28, 2024: IR LEARN/IR SEND improvements, stable CARD SCANNER handling.
v5.0.1 - March 21, 2024: Resolved LED toggle reversal and SOUND NOISE playback issues.
v5.0.0 - March 10, 2024: Added RF data capture to .sub file on SD; replay supported.
v4.9.2 - March 7, 2024: RF LIGHTS BRUTE added, memory optimized, improved boot speed.
v4.8.1 - March 3, 2024: Added RF GRABBER + REPLY, improved BLE, NFC DOOR bruteforce, and interface.
v4.5 - February 2024: Introduced CAME and Linear garage protocol brute-force attacks.