5Ghost WiFi Lab — Setup & User Guide
PINGEQUA · Dual-Band Wi-Fi Lab
5Ghost WiFi Lab — Setup & User Guide
For the PINGEQUA 5Ghost BW16 (RTL8720DN) dual-band Wi-Fi devboard for Flipper Zero. Covers all three variants — external antenna, black, and green — which share the same board, firmware, and app.
Host Flipper Zero · GPIO header · UART (TX/RX) + 5V/GND
Flipper app 5Ghost WiFi Lab
.fapModule firmware 5Ghost — preloaded at the factory
Source & releases github.com/pingequalab/5ghost-wifi-lab
Quick Start — three steps
The board is preloaded. There is nothing to flash for normal use.
.fap from GitHub Releases and place it on the Flipper SD card under /ext/apps/GPIO/ (using qFlipper or a card reader).Apps → GPIO → 5Ghost WiFi Lab. The header shows Official once the board is detected — you're live.What's inside the app
- Dual-band Scan — lists 2.4 and 5 GHz APs with signal, encryption, precise PMF (capable / required), WPA3 detection, and same-SSID mesh markers.
- Channel Map — congestion view across both bands, least-busy channel highlighted.
- Capture Handshake — grabs the WPA/WPA2 4-way handshake on 5 GHz, written as standard PCAP to SD; drop into hashcat (mode 22000) or aircrack-ng.
-
Evil Portal — captive-portal pages: built-in, bundled demos, or your own
.htmlfrom the SD card. - PMF-aware Deauth — on 2.4 + 5 GHz; tells you when a target is 802.11w / WPA3-protected instead of failing silently.
- Create AP · Beacon — stand up a soft AP with captive portal, or send custom / random / Rickroll beacons.
-
Everything to SD — scans (CSV), credentials, and handshakes (PCAP) save to
/ext/apps_data/5ghost/with on-screen confirmation.
Compatibility
| Host device | Flipper Zero (GPIO / UART) — required, not included |
| Flipper firmware | Official · Momentum · Unleashed |
| Module | RTL8720DN (BW16), preloaded with 5Ghost firmware |
| Not supported | Other BW16 boards (different firmware/pinout) · ESP32 boards (no 5 GHz radio) · standalone use without a Flipper |
Firmware & browser recovery
You normally never flash the module — it ships preloaded. This is a safety net only. If the module firmware is interrupted mid-update, corrupted, or you want to restore factory state, re-flash it from a web browser — no Arduino, no toolchain, no command line.
Connect, and pick the port. Install the CH340 serial driver if your OS prompts for it.Flash. It enters download mode automatically; if that fails, hold BOOT, tap RESET, release BOOT, and reconnect. A full image takes a few minutes at 115200 baud — let it finish.Troubleshooting
-
App not visible on Flipper: confirm the
.fapis in/ext/apps/GPIO/, then restart the Flipper. - Header doesn't show "Official" / board not detected: power off the Flipper, reseat the module firmly on the GPIO header, power back on.
-
"App too old" or API warning: download the latest
.fapfrom GitHub Releases for your firmware. - No 5 GHz results: confirm 5 GHz networks are nearby. 5 GHz range is naturally shorter than 2.4 GHz.
- Deauth has no effect on some APs: those are PMF (802.11w) / WPA3 protected and immune by design — 5Ghost flags them in the scan list.
- Module unresponsive after a bad flash: use the browser recovery flasher above.
Honest limits
- WPA3-SAE cannot be cracked offline — by any tool. A captured SAE handshake carries no offline-crackable hash. 5Ghost detects WPA3 and labels it out of reach rather than pretending otherwise.
- PMF / WPA3 APs cannot be deauthed — that's 802.11w working as designed.
- Handshake capture runs on 5 GHz — on 2.4 GHz this chip often can't hear the client uplink, so capture uses the 5 GHz path.
- Cross-channel mesh roaming (802.11r) is hard to fully suppress on single-radio hardware.
FAQ
Do I have to flash or wire anything?
No. The board ships preloaded with 5Ghost firmware. You dock it on the GPIO header and copy one .fap to the SD card — that's the whole setup. Browser re-flash exists only as recovery.
Which Flipper firmwares are supported?
Official, Momentum, and Unleashed — one universal .fap build for all three.
Onboard antenna vs 8 dBi external — does the guide differ?
No. Same board, firmware, and app across all variants. Only the antenna and color differ; setup is identical.
Can it crack WPA3?
No tool can, offline. For WPA/WPA2 it captures the 4-way handshake to PCAP for hashcat/aircrack-ng on your own machine.
Does it work without a Flipper Zero?
No — it's a companion module. The Flipper is the host that runs the app and screen.
Need help? Email support@pingequa.com with your order number, product variant, Flipper firmware version, and a photo of your setup.