Welcome to my tech blog, where we explore innovative devices and techniques. Today, we dive into the world of WiFi Hash Purple Monster, a powerful tool that captures EAPOL/PMKID packets using an M5Stack/ESP32 device. In this blog post, we’ll discuss the functionality, features, and potential applications of this impressive tool.

Understanding EAPOL/PMKID Packets:

When a WiFi device connects to an access point (AP) using WPA2/PSK security, they engage in a 4-way handshake, exchanging four EAPOL messages. Instead of sharing the actual WiFi key, these packets facilitate secure communication. By capturing these packets, it becomes possible to analyze them and potentially guess the password using dictionary or brute force attacks. More recently, a more efficient method involves using just one PMKID packet to calculate the WiFi key.

WiFi Hash Purple Monster: Purpose and Features:

The WiFi Hash Purple Monster is designed to capture and store EAPOL/PMKID packets on an SD card using an M5Stack/ESP32 device. This project is based on the remarkable PacketMonitor32 and the port to M5Stack by macsbug. The goal was to mimic the operation of Pwnagotchi, an ESP32 SoC-based tool, within the capabilities of the ESP32.

Functionality and User Interface:

The WiFi Hash Purple Monster utilizes the buttons and LEDs available on the M5Stack/ESP32 device to enhance user interaction. The first button enables “incognito mode,” turning off the display and LEDs. A long press on this button activates the SD card and begins storing all EAPOL/PMKID packets on the SD card for further analysis.

The second button controls the display backlight brightness, with a long press adjusting the LED bar brightness. The third button allows users to change the WiFi channel by short pressing, while a long press activates either “Auto-Channel” or “Smart-Channel” modes.

Auto-Channel mode hops between channels 1 and 6 after every 15 seconds. In Smart-Channel mode, the device sequentially covers all channels but only hops to the next channel if no new SSID, EAPOL packets, or deauthentications are detected after 15 seconds.

LED Indicators and Behavior:

The WiFi Hash Purple Monster utilizes LED bars to provide visual feedback. When a deauth packet is detected, the left LED bar turns red. For each EAPOL/PMKID packet detected, the right LED bar turns green. The behavior of the Purple Hash Monster adapts to the WiFi traffic and detected packets, enhancing its functionality and usability.


The WiFi Hash Purple Monster is a remarkable tool that utilizes an M5Stack/ESP32 device to capture and store EAPOL/PMKID packets. By leveraging the power of ESP32, this project replicates the capabilities of Pwnagotchi within the ESP32 SoC. With its user-friendly interface, LED indicators, and customizable settings, the WiFi Hash Purple Monster offers tech enthusiasts a practical and efficient solution for analyzing WiFi security.

Stay tuned to my blog for more exciting projects like the WiFi Hash Purple Monster, as we continue to explore innovative technologies and devices. Remember to use this tool responsibly and adhere to applicable laws and regulations when analyzing WiFi networks.

Disclaimer: The WiFi Hash Purple Monster is intended for educational and research purposes only. Any unauthorized use or malicious activities are strictly prohibited.


An amateur radio operator, military veteran, jack of all trades and master of none.

Leave a Reply

Your email address will not be published. Required fields are marked *