/* =========================================== Copyright (c) 2018 Ste

1. /*
2. ===========================================
3. Copyright (c) 2018 Stefan Kremser
4. github.com/spacehuhn
5. ===========================================
6. */
7.  
8. // ===== Settings ===== //
9. const uint8_t channels[] = {1, 6, 11}; // used Wi-Fi channels (available: 1-14)
10. const bool wpa2 = false; // WPA2 networks
11. const bool appendSpaces = true; // makes all SSIDs 32 characters long to improve performance
12.  
13. /*
14. SSIDs:
15. - don't forget the \n at the end of each SSID!
16. - max. 32 characters per SSID
17. - don't add duplicates! You have to change one character at least
18. */
19. const char ssids[] PROGMEM = {
20. "For P*rn Use Only\n"
21. "Get your Own Wi-Fi F#ckHead\n"
22. "No Free Wi-Fi for you\n"
23. "Virus Infected Wi-Fi\n"
24. "Bring Beer and Women to 40.2\n"
25. "NoFreeINternetHereKeepLooking\n"
26. "You Lost Your Connection\n"
27. "I am hungry\n"
28. "Very slow internet\n"
29. "Log in here!\n"
30. "Internet Costs $\n"
31. "Searching…\n"
32. "Ye old Internet\n"
33. "Free CeX\n"
34. "Protected CeX\n"
35. "Unprotected CeX\n"
36. "The Next Door\n"
37. "Virus WiFi\n"
38. "Network error\n"
39. "TellMyWifiLoveHer\n"
40. "WillUmarryMe?\n"
41. "Go Home Tourists\n"
42. "For Porn Use Only\n"
43. "Please use me\n"
44. "You are Hacked!\n"
45. "Pay $1 Per Hour\n"
46. "C:Virus.exe\n"
47. "Hi Sweetheart\n"
48. "Call Me Maybe\n"
49. "Password is Password\n"
50. "Look Ma, No Wires!\n"
51. "I am the Internet, AMA\n"
52. "Child Toucher\n"
53. "THANK ME LATER\n"
54. "YOU DO COUNT\n"
55. "POOR BOY INSIDE\n"
56. "Hidden webcam\n"
57. "TooManyD*cks\n"
58. "Netflix Streaming!\n"
59. "2 Girls, 1 Router\n"
60. "GetYourOwnNetBro\n"
61. "Connecting, Please Wait…\n"
62. "Error, Unable to connect\n"
63. "cxxx{}:::::::::::::::::>\n"
64. "? (Shit Emoji)\n"
65. "Thx I got ur MAC\n"
66. "Insert key here –>\n"
67. "I Stalk You\n"
68. "not_a_virus.exe\n"
69. "GOV_USE_ONLY\n"
70. "Only have this for porn\n"
71. "male looking for female\n"
72. "Nice Panties\n"
73. "Backdoor Internet Services\n"
74. "≖_≖\n"
75. "IP in the shower\n"
76. "Look at your as$\n"
77. "F#ck you\n"
78. "Fu#ck off\n"
79. "Hack me\n"
80. "Hacked you\n"
81. "Wife vs Wi-Fi\n"
82. "I am a batman\n"
83. "Call me idiot\n"
84. "2fast4u\n"
85. "Welcome 2 Azkaban\n"
86. "Wi-Fi Story 1 2 3\n"
87. "LANderella\n"
88. "I m under ur bed\n"
89. "Free for 1 day\n"
90. "we can hear you having sex\n"
91. "Hidden webcam\n"
92. "GetYourOwnetBro\n"
93. "You may be my girlfriend\n"
94. "Or I'll call Police\n"
95. "Sing a song For Me\n"
96. "Bang Bang\n"
97. "Night Club\n"
98. "Room No **** \n"
99. "Dontlookatporn\n"
100.  
101. };
102. // ==================== //
103.  
104. // ===== Includes ===== //
105. #include <ESP8266WiFi.h>
106.  
107. extern "C" {
108. #include "user_interface.h"
109. typedef void (*freedom_outside_cb_t)(uint8 status);
110. int wifi_register_send_pkt_freedom_cb(freedom_outside_cb_t cb);
111. void wifi_unregister_send_pkt_freedom_cb(void);
112. int wifi_send_pkt_freedom(uint8 *buf, int len, bool sys_seq);
113. }
114. // ==================== //
115.  
116. // run-time variables
117. char emptySSID[32];
118. uint8_t channelIndex = 0;
119. uint8_t macAddr[6];
120. uint8_t wifi_channel = 1;
121. uint32_t currentTime = 0;
122. uint32_t packetSize = 0;
123. uint32_t packetCounter = 0;
124. uint32_t attackTime = 0;
125. uint32_t packetRateTime = 0;
126.  
127. // beacon frame definition
128. uint8_t beaconPacket[109] = {
129. /* 0 - 3 */ 0x80, 0x00, 0x00, 0x00, // Type/Subtype: managment beacon frame
130. /* 4 - 9 */ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, // Destination: broadcast
131. /* 10 - 15 */ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, // Source
132. /* 16 - 21 */ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, // Source
133.  
134. // Fixed parameters
135. /* 22 - 23 */ 0x00, 0x00, // Fragment & sequence number (will be done by the SDK)
136. /* 24 - 31 */ 0x83, 0x51, 0xf7, 0x8f, 0x0f, 0x00, 0x00, 0x00, // Timestamp
137. /* 32 - 33 */ 0xe8, 0x03, // Interval: 0x64, 0x00 => every 100ms - 0xe8, 0x03 => every 1s
138. /* 34 - 35 */ 0x31, 0x00, // capabilities Tnformation
139.  
140. // Tagged parameters
141.  
142. // SSID parameters
143. /* 36 - 37 */ 0x00, 0x20, // Tag: Set SSID length, Tag length: 32
144. /* 38 - 69 */ 0x20, 0x20, 0x20, 0x20,
145. 0x20, 0x20, 0x20, 0x20,
146. 0x20, 0x20, 0x20, 0x20,
147. 0x20, 0x20, 0x20, 0x20,
148. 0x20, 0x20, 0x20, 0x20,
149. 0x20, 0x20, 0x20, 0x20,
150. 0x20, 0x20, 0x20, 0x20,
151. 0x20, 0x20, 0x20, 0x20, // SSID
152.  
153. // Supported Rates
154. /* 70 - 71 */ 0x01, 0x08, // Tag: Supported Rates, Tag length: 8
155. /* 72 */ 0x82, // 1(B)
156. /* 73 */ 0x84, // 2(B)
157. /* 74 */ 0x8b, // 5.5(B)
158. /* 75 */ 0x96, // 11(B)
159. /* 76 */ 0x24, // 18
160. /* 77 */ 0x30, // 24
161. /* 78 */ 0x48, // 36
162. /* 79 */ 0x6c, // 54
163.  
164. // Current Channel
165. /* 80 - 81 */ 0x03, 0x01, // Channel set, length
166. /* 82 */ 0x01, // Current Channel
167.  
168. // RSN information
169. /* 83 - 84 */ 0x30, 0x18,
170. /* 85 - 86 */ 0x01, 0x00,
171. /* 87 - 90 */ 0x00, 0x0f, 0xac, 0x02,
172. /* 91 - 92 */ 0x02, 0x00,
173. /* 93 - 100 */ 0x00, 0x0f, 0xac, 0x04, 0x00, 0x0f, 0xac, 0x04, /*Fix: changed 0x02(TKIP) to 0x04(CCMP) is default. WPA2 with TKIP not supported by many devices*/
174. /* 101 - 102 */ 0x01, 0x00,
175. /* 103 - 106 */ 0x00, 0x0f, 0xac, 0x02,
176. /* 107 - 108 */ 0x00, 0x00
177. };
178.  
179. // goes to next channel
180. void nextChannel() {
181. if(sizeof(channels) > 1){
182. uint8_t ch = channels[channelIndex];
183. channelIndex++;
184. if (channelIndex > sizeof(channels)) channelIndex = 0;
185.  
186. if (ch != wifi_channel && ch >= 1 && ch <= 14) {
187. wifi_channel = ch;
188. wifi_set_channel(wifi_channel);
189. }
190. }
191. }
192.  
193. // generates random MAC
194. void randomMac() {
195. for (int i = 0; i < 6; i++)
196. macAddr[i] = random(256);
197. }
198.  
199. void setup() {
200. // create empty SSID
201. for (int i = 0; i < 32; i++)
202. emptySSID[i] = ' ';
203.  
204. // for random generator
205. randomSeed(os_random());
206.  
207. // set packetSize
208. packetSize = sizeof(beaconPacket);
209. if (wpa2) {
210. beaconPacket[34] = 0x31;
211. } else {
212. beaconPacket[34] = 0x21;
213. packetSize -= 26;
214. }
215.  
216. // generate random mac address
217. randomMac();
218.  
219. // start serial
220. Serial.begin(115200);
221. Serial.println();
222.  
223. // get time
224. currentTime = millis();
225.  
226. // start WiFi
227. WiFi.mode(WIFI_OFF);
228. wifi_set_opmode(STATION_MODE);
229.  
230. // set channel
231. wifi_set_channel(channels[0]);
232.  
233. // print out saved SSIDs
234. Serial.println("SSIDs:");
235. int i = 0;
236. int len = sizeof(ssids);
237. while(i < len){
238. Serial.print((char)pgm_read_byte(ssids + i));
239. i++;
240. }
241.  
242. Serial.println();
243. Serial.println("Started \\o/");
244. Serial.println();
245. }
246.  
247. void loop() {
248. currentTime = millis();
249.  
250. // send out SSIDs
251. if (currentTime - attackTime > 100) {
252. attackTime = currentTime;
253.  
254. // temp variables
255. int i = 0;
256. int j = 0;
257. int ssidNum = 1;
258. char tmp;
259. int ssidsLen = strlen_P(ssids);
260. bool sent = false;
261.  
262. // go to next channel
263. nextChannel();
264.  
265. while (i < ssidsLen) {
266. // read out next SSID
267. j = 0;
268. do {
269. tmp = pgm_read_byte(ssids + i + j);
270. j++;
271. } while (tmp != '\n' && j <= 32 && i + j < ssidsLen);
272.  
273. uint8_t ssidLen = j - 1;
274.  
275. // set MAC address
276. macAddr[5] = ssidNum;
277. ssidNum++;
278.  
279. // write MAC address into beacon frame
280. memcpy(&beaconPacket[10], macAddr, 6);
281. memcpy(&beaconPacket[16], macAddr, 6);
282.  
283. // reset SSID
284. memcpy(&beaconPacket[38], emptySSID, 32);
285.  
286. // write new SSID into beacon frame
287. memcpy_P(&beaconPacket[38], &ssids[i], ssidLen);
288.  
289. // set channel for beacon frame
290. beaconPacket[82] = wifi_channel;
291.  
292. // send packet
293. if(appendSpaces){
294. for(int k=0;k<3;k++){
295. packetCounter += wifi_send_pkt_freedom(beaconPacket, packetSize, 0) == 0;
296. delay(1);
297. }
298. }
299.  
300. // remove spaces
301. else {
302.  
303. uint16_t tmpPacketSize = (packetSize - 32) + ssidLen; // calc size
304. uint8_t* tmpPacket = new uint8_t[tmpPacketSize]; // create packet buffer
305. memcpy(&tmpPacket[0], &beaconPacket[0], 38 + ssidLen); // copy first half of packet into buffer
306. tmpPacket[37] = ssidLen; // update SSID length byte
307. memcpy(&tmpPacket[38 + ssidLen], &beaconPacket[70], wpa2 ? 39 : 13); // copy second half of packet into buffer
308.  
309. // send packet
310. for(int k=0;k<3;k++){
311. packetCounter += wifi_send_pkt_freedom(tmpPacket, tmpPacketSize, 0) == 0;
312. delay(1);
313. }
314.  
315. delete tmpPacket; // free memory of allocated buffer
316. }
317.  
318. i += j;
319. }
320. }
321.  
322. // show packet-rate each second
323. if (currentTime - packetRateTime > 1000) {
324. packetRateTime = currentTime;
325. Serial.print("Packets/s: ");
326. Serial.println(packetCounter);
327. packetCounter = 0;
328. }
329. }