SGP PHANTOM · OFFICIAL DOCUMENTATION

HackerOS v3

Multi-tool Cybersecurity & Pentesting Device
Powered by ESP32-S3

WiFi · BLE · RFID · NFC BME680 SENSOR USB HID · OTG TOUCHSCREEN GAMES
📁 CODES & EXAMPLES — GOOGLE DRIVE
DOCUMENTATION

Table of Contents

SECTION 1

Device Overview

The SGP PHANTOM HackerOS is a compact, touchscreen-based cybersecurity multi-tool built on the ESP32-S3 microcontroller. It is designed for security researchers, penetration testers, and enthusiasts.

The device runs HackerOS v3, a custom firmware with a hacker-themed graphical interface offering dozens of tools organized in a scrollable main menu.

📡

WiFi Tools

Scan, deauth, beacon spam, packet sniffing, captive portal phishing, net stress testing

🔵

Bluetooth BLE

Scanner, spoofer, distance estimator, BLE destroyer, wireless keyboard bridge

💳

RFID & NFC

Read, write and clone 13.56 MHz MIFARE and NFC cards and tags

🌡️

BME680 Sensor

Temperature, humidity, pressure, altitude, gas/VOC, smoke detection

⌨️

USB HID

Keyboard/mouse emulation via OTG, Bad USB payloads, PIN brute-force

🎮

Games

Flappy Bird, Pong, Snake, Tetris, Space Invaders, Dice — all on the touchscreen

SECTION 2

Hardware Specifications

Component Detail
MCU ESP32-S3 — dual-core 240 MHz, Wi-Fi 802.11 b/g/n + BLE 5.0
Board Waveshare ESP32-S3-Touch-LCD-1.69
Display 1.69" ST7789 LCD · 240×280 px · SPI interface
Touchscreen CST816T capacitive touch controller · I²C
IMU QMI8658 — 3-axis accelerometer + 3-axis gyroscope · I²C
Environmental Sensor I²C Bosch BME680 — temperature, humidity, pressure, altitude, gas/VOC, smoke
RFID / NFC SPI MFRC522 module — 13.56 MHz MIFARE Classic, Ultralight, NTAG NFC tags
Buzzer Passive piezo · GPIO 42
Battery Rechargeable LiPo · ADC monitoring on GPIO 1
Power Button GPIO 40 (SYS_OUT)
USB Native USB-OTG (ESP32-S3) — HID keyboard, mouse, serial
Flash 8 MB (default) / PSRAM: OPI
IMPORTANT NOTICE FOR DEVELOPERS

🛠️ Stock Firmware = Demo Only

The HackerOS firmware pre-installed on this device is a DEMONSTRATION / TEST firmware only.

It is provided so you can see the hardware working out of the box and understand what the device is capable of. It is not intended to be the final software you use.

The SGP PHANTOM is a fully open, programmable ESP32-S3 development board with a touchscreen, sensors, and connectivity built in. The HackerOS firmware is just one example of what it can run.

🎯 This device is designed for you to build your own code

📝

Write your own firmware

Use Arduino IDE, ESP-IDF, MicroPython or any ESP32-S3 compatible framework to build your own application from scratch.

🔧

Modify the stock code

Take HackerOS as a base and add, remove or change any functionality. All source code is available in the Google Drive folder linked at the top of this page.

📦

Flash any .ino project

Any standard ESP32-S3 Arduino sketch can be uploaded to this device. Use it as a general-purpose embedded platform for any project.

🌐

Community & examples

Ready-to-use example sketches (RFID, WiFi, BLE, BME680, display, games, USB HID) are all available in the shared Google Drive folder.

The hardware is yours to program freely. The stock HackerOS demo can always be restored by re-flashing the original HackerOS_v3.ino from the Google Drive source folder.

What the stock firmware gives you

Included in demo firmware Purpose
Full working menu with all apps Shows the display and touch system working
RFID cloner & reader Demonstrates the MFRC522 module integration
BME680 gas/temperature readings Demonstrates connected sensor data
WiFi & BLE tools Demonstrates the ESP32-S3 radio capabilities
USB HID keyboard & mouse Demonstrates OTG USB emulation
6 games + watch faces Demonstrates animation and touch input
📁 All source code, example projects and app templates are in the Google Drive shared folder.
SECTION 4

Apps & Features

4.1 — WiFi Tools

📡 MAC Scanner (WiFi Scan)

Scans all nearby WiFi networks and displays SSID, BSSID (MAC address), RSSI signal strength, and channel. Runs an async scan so the display stays responsive.

📡 Deauth Target

Sends 802.11 deauthentication frames to disconnect devices from a selected access point.

  1. Device scans for nearby networks

  2. Tap a target network from the list

  3. Attack runs continuously — tap the green header to stop

📡 Beacon Spam

Floods the WiFi environment with hundreds of fake network names (SSIDs). Nearby phones and laptops will see their WiFi scanner fill up with ghost networks.

📡 Probe Sniffer

Passively listens for 802.11 probe request frames. Captures the MAC address and the saved SSID name that each nearby device is searching for. Tap CLEAR LOG to reset.

📡 Packet Monitor

Puts the WiFi adapter in promiscuous mode and counts raw packets by type (beacons, deauths, data). Displays a live packet rate graph.

📡 WiFi Recon (Channel Hopper)

Automatically sweeps all 13 WiFi channels while collecting AP information — essentially a full-band reconnaissance sweep.

📡 Net Stresser

Floods a selected WiFi target with authentication and/or association request packets to stress-test router hardware.

Mode Description
AUTH Floods with authentication request frames only
ASSOC Floods with association request frames only
CHAOS Both AUTH + ASSOC simultaneously — maximum stress

Tap FIRE to start. Packet count is shown in real-time. Tap STOP to end.

🎣 Free WiFi — Captive Portal Phishing

Creates an open hotspot named FreeWiFi_Movistar and serves a fake carrier login page. Any credentials entered by connecting users are captured and stored in the device.

Action How
Activate Select from the main menu
View captured credentials Connect to the hotspot, open browser, enter phone 12345678 and password SGPcard
Stop Tap STOP SERVER on screen
⚠️ For authorized security testing and awareness demonstrations only.

4.2 — Bluetooth (BLE) Tools

🔵

BLE Hunter

Passively scans for nearby BLE devices. Displays device name, MAC address, and RSSI signal strength in real-time.

📍

BLE Distance Estimator

Estimates physical distance to a BLE device using RSSI. Useful for locating hidden transmitters or tracking signal sources.

👻

BLE Spoof

Broadcasts fake BLE advertisements with a custom device name and UUID. Your device appears as a fake Bluetooth peripheral to nearby scanners.

💥

BLE Destroyer / Goldeneye Jam

Sends a high volume of BLE advertising packets to flood nearby device scanner logs.

🍎

Apple Watch Spoof

Broadcasts BLE advertisements mimicking an Apple Watch, triggering proximity popups on nearby iPhones.

🌐

BLE Ultimate

Advanced multi-mode BLE attack and analysis tool combining multiple BLE operations.

4.3 — RFID & NFC Multitool EXTERNAL MODULE

Requires the MFRC522 module connected via SPI. See the Wiring section for pin details.

The RFID & NFC tool supports 13.56 MHz technology — the global standard for contactless access cards, hotel keys, transit cards, payment cards, and NFC stickers.

Compatible Cards & Tags

Type Common Use
MIFARE Classic 1K / 4K Access control, building entry, hotel keys
MIFARE Ultralight Transit tickets, event passes
NTAG213 / 215 / 216 NFC stickers, business cards, smart posters
ISO/IEC 14443 Type A Any standard contactless card

App Buttons

Button Action
READ UID Reads and displays the card's unique identifier (UID)
READ TXT Reads text stored in block 4 of the card
WRITE TEXT Writes a text string to block 4 of the card
READ CLONE Dumps all 64 sectors of the card into device RAM
PASTE CLONE Writes the RAM dump onto a blank writable card
EMULATE / SAVE Opens memory management sub-menu

How to Clone a Card — Step by Step

  1. Open RFID Cloner from the Main Menu

  2. Tap READ CLONE — log shows > MODE: READ CLONE

  3. Hold the source card near the RFID antenna for ~1 second

  4. Log shows [*] COPIED TO RAM! with a success beep ✅

  5. (Optional) Tap EMULATE/SAVE → SAVE TO MEM to persist for later

  6. Place a blank writable card near the antenna

  7. Tap PASTE CLONE — log shows [*] Injecting... then [*] DONE!

Log Viewer Controls

Gesture Action
Double tap Expand/collapse full-screen log
Swipe up/down Scroll through log history
Swipe left/right Return to button view

4.4 — USB HID Tools

Connect the device to a computer or phone using a USB-C OTG cable. The device appears as a standard USB keyboard or mouse.

⌨️ Bad USB — Payload Injector

Emulates a USB keyboard and automatically executes pre-programmed keystroke sequences on the connected host. Used for HID injection testing and security awareness demos.

⌨️ OTG BruteForce — PIN Cracker

Automatically tries all numeric PINs from 0000 to 9999 by typing them as a USB keyboard with Enter after each attempt.

Control Description
START / STOP Begin or pause the attack
TURBO — 30ms delay Fastest. May fail on devices with lockout
NORMAL — 150ms delay Recommended for most devices
SLOW — 500ms delay Most reliable on devices with cooldown timers
RESET Restart from PIN 0000
FMT:0000 / FMT:NUM Toggle zero-padding format

The display shows the current PIN in large digits, a progress bar, percentage complete, speed (PINs/sec) and estimated time remaining (ETA).

🖱️ USB Mouse

Emulates a USB HID mouse via OTG, allowing you to control cursor movement on any connected device.

4.5 — Remote Control & BLE Bridge

🌐 Remote Control — Web Interface

Creates a WiFi Access Point and hosts a browser-based control panel. Connect from any phone or laptop to control the device remotely.

🌐 SGP Wired — Advanced Dashboard

Hosts a full-featured web dashboard over WiFi for remote access to multiple device features simultaneously.

🔵 BLE Bridge — Wireless Bluetooth Keyboard

Turns HackerOS into a wireless Bluetooth keyboard that can be controlled from any phone browser on the same WiFi network.

  1. Launch BLE Bridge from the menu

  2. Connect your phone/laptop to WiFi: SSID HackerOS-BLE · Password hacker123

  3. Open a browser and go to 192.168.4.1

  4. On the target PC, pair via Bluetooth to HackerOS Keyboard

  5. Use the web page to type text or send special keys (arrows, Win, Enter)

  6. Tap EXIT BRIDGE on device or tap header to stop

4.6 — Watch Faces

Select Watch Faces from the Main Menu to access 10 different clock designs, including analog, digital, and hybrid styles. Time is tracked using the device's uptime timer.

Tap the screen to cycle between watch face designs.

4.7 — Games (Arcade Ops)

Select Arcade Ops from the Main Menu to open the games sub-menu. All games are fully playable on the touchscreen.

Game How to Play
🐦 Flappy Drone Tap to flap — avoid pipes. Touch restarts after crash
🏓 Pong Touch to move your paddle (right side). First to 5 wins
🐍 Snake Tap screen quadrants to change direction. Eat red apples to grow
🟦 Tetris Bottom corners = move left/right. Center tap = rotate piece
👾 Space Invaders Bottom L/R = move. Tap upper area to shoot
🎲 Digital Dice Tap anywhere to roll a random 1–6

4.8 — BME680 Environmental Sensor BUILT-IN

The Bosch BME680 is a precision multi-parameter environmental sensor. It gives HackerOS the ability to monitor air quality and environmental conditions in real-time.

🌡️
TEMPERATURE
±1 °C
💧
HUMIDITY
±3% RH
🌬️
PRESSURE
hPa
📏
ALTITUDE
meters
💨
GAS / VOC
🚬
SMOKE
fumes

How the Gas / Smoke Sensor Works

The BME680 heats a metal-oxide element to ~320 °C and measures how its electrical resistance changes when exposed to reducing gases. A high resistance = clean air. A low resistance = smoke, VOCs, alcohol, or chemical fumes present.

⏱️ The gas sensor requires approximately 5 minutes of warm-up time after power-on before giving stable readings. This is normal behaviour for metal-oxide sensors.

Apps that use the BME680

App What it shows
Gas Monitor Live gas resistance, VOC index, and air quality status
Altimeter Altitude above sea level calculated from barometric pressure
Q Labs All raw sensor values: temperature, humidity, pressure, gas resistance

4.9 — Utilities & Other Apps

App Description
📷 Camera Detector Detects hidden surveillance cameras via RF signature scanning
📐 Spirit Level Digital bubble level using the QMI8658 accelerometer
🌊 Gravity Physics Tilt the device to move simulated particles under gravity
🖥️ Matrix Rain Full-screen falling green code animation
💡 Mood Light Cycling color display for ambient effects
⏱️ Chronos Precision stopwatch / timer
🔬 Q Labs Advanced sensor lab — live BME680 readings and experiments
☢️ Biohazard Animated biohazard alert display
🕵️ Counter Intel Detects and logs surveillance-related RF signals
🔊 Audio FX Plays sound effects through the built-in buzzer
📡 Spectre Radar Radar-style animated WiFi scanning display
SECTION 5

Wiring the Modules

⚡ All external modules use 3.3V logic. Never connect 5V to any GPIO pin — this will damage the ESP32-S3.

MFRC522 — RFID / NFC SPI

MFRC522 ESP32-S3 GPIO
SDA (NSS/CS) GPIO 43 (TX pin)
SCK GPIO 18
MOSI GPIO 2
MISO GPIO 17
RST GPIO 3
3.3V 3V3 rail
GND GND 
MFRC522      ESP32-S3
───────      ────────
SDA   ──────  GPIO 43
SCK   ──────  GPIO 18
MOSI  ──────  GPIO 2
MISO  ──────  GPIO 17
RST   ──────  GPIO 3
3.3V  ──────  3V3
GND   ──────  GND
IRQ pin is unused — leave it unconnected.

BME680 — Environmental I²C

BME680 Connect to
SDA GPIO 11
SCL GPIO 10
VCC 3V3
GND GND
SDO GND → address 0x76
CS 3V3 → I²C mode 
BME680     ESP32-S3
──────     ────────
SDA  ──────  GPIO 11
SCL  ──────  GPIO 10
VCC  ──────  3V3
GND  ──────  GND
SDO  ──────  GND
CS   ──────  3V3
Shares the I²C bus with the QMI8658 IMU (0x6B) and RTC (0x51). All work simultaneously.
SECTION 6

Programming the Device

What You Need

💻 Arduino IDE 2.x

Download free from arduino.cc/en/software

🔌 USB-C Cable

A data-capable USB-C cable (not charge-only)

📁 Source Code

The HackerOS_v3/ folder with HackerOS_v3.ino

Step 1 — Install ESP32 Board Support

  1. Open Arduino IDEFile → Preferences

  2. In "Additional Board Manager URLs", add:

https://raw.githubusercontent.com/espressif/arduino-esp32/gh-pages/package_esp32_index.json

  1. Go to Tools → Board → Board Manager

  2. Search esp32, install "esp32 by Espressif Systems" version 2.x or 3.x

Step 2 — Board & Settings

Go to Tools → Board → ESP32S3 Dev Module, then configure:

BoardESP32S3 Dev Module
USB ModeUSB-OTG (TinyUSB)
USB CDC On BootEnabled
Flash Size8MB
Partition SchemeHuge APP (3MB No OTA)
PSRAMOPI PSRAM
Upload Speed921600
PortYour COM port (Device Manager)

Step 3 — Install Libraries

Go to Sketch → Include Library → Manage Libraries and install all libraries in Section 7.

Step 4 — Open the Project

  1. Go to File → Open

  2. Navigate to the HackerOS_v3/ folder

  3. Open HackerOS_v3.ino

Step 5 — Upload Firmware

  1. Connect the device via USB-C

  2. If not detected: hold BOOT, press RESET, release BOOT to enter bootloader mode

  3. Click the Upload (→) button in Arduino IDE

  4. Wait for compilation and upload to complete (~2–3 minutes)

  5. The device reboots automatically into HackerOS ✅

✅ After upload the device should display the HackerOS boot animation then the main menu.
SECTION 7

Required Libraries

Install from Sketch → Include Library → Manage Libraries:

Library Author Where
Arduino_GFX_Library Moon On Our Nation Library Manager
MFRC522 GithubCommunity Library Manager
Adafruit BME680 Library Adafruit Library Manager
Adafruit Unified Sensor Adafruit Library Manager
ESP32 BLE Arduino Espressif Included with board package
WebServer Espressif Included with board package
DNSServer Espressif Included with board package
EEPROM Espressif Included with board package
USBHIDKeyboard Espressif (TinyUSB) Included with board package
USBHIDMouse Espressif (TinyUSB) Included with board package
SensorQMI8658.hpp SGP PHANTOM Already in project folder
SECTION 8

Troubleshooting

Problem Solution
Screen stays dark after upload Check board set to ESP32S3 Dev Module, USB Mode = USB-OTG
Upload fails / port not found Enter bootloader: hold BOOT → press RESET → release BOOT
RFID / NFC module not responding Check SPI wiring, confirm 3.3V supply — never 5V
Card not detected Only 13.56 MHz cards work. 125 kHz cards (EM4100) are NOT supported
BME680 shows 0 or error Check I²C wiring GPIO 10/11, SDO must be pulled to GND (address 0x76)
Gas readings unstable Normal — BME680 needs ~5 minutes warm-up after cold boot
WiFi features not working Ensure WiFi antenna is connected on the board
BLE Bridge not appearing Enable Bluetooth on target device, search for new devices
Games lag or freeze Reset the device, avoid running other heavy apps in background
Battery % seems wrong ADC calibration varies between LiPo cells — values are approximate
Device won't power on Charge via USB-C for at least 15 minutes before first boot
Compilation error: library missing Install all libraries in Section 7 via Library Manager