about summary refs log tree commit diff stats
path: root/utils/src/test_generation.c
diff options
context:
space:
mode:
authorMarc <foxtrot@malloc.me>2022-01-09 15:21:47 +0000
committerGitHub <noreply@github.com>2022-01-09 15:21:47 +0000
commit0bd924735125b34b74c893936b89cfae02e3379d (patch)
treec8140bf65c24791874fa9b0e194773178a34da83 /utils/src/test_generation.c
parent8e09d29df19312583747a3de00fe4269c17e6586 (diff)
parent11c7393bebe4df6e2061f69787f4a7dd5c31f077 (diff)
downloadlibwifi-0bd924735125b34b74c893936b89cfae02e3379d.tar.gz
libwifi-0bd924735125b34b74c893936b89cfae02e3379d.tar.bz2
libwifi-0bd924735125b34b74c893936b89cfae02e3379d.zip
Merge pull request #3 from libwifi/test
test: Add ctests for parse and generate functions.
Diffstat (limited to 'utils/src/test_generation.c')
-rw-r--r--utils/src/test_generation.c919
1 files changed, 919 insertions, 0 deletions
diff --git a/utils/src/test_generation.c b/utils/src/test_generation.c new file mode 100644 index 0000000..314ce34 --- /dev/null +++ b/utils/src/test_generation.c
@@ -0,0 +1,919 @@
1#include <errno.h>
2#include <libwifi.h>
3#include <pcap.h>
4#include <pcap/dlt.h>
5#include <pcap/pcap.h>
6#include <signal.h>
7#include <stddef.h>
8#include <stdint.h>
9#include <stdio.h>
10#include <stdlib.h>
11#include <string.h>
12#include <sys/time.h>
13#include <unistd.h>
14
15#include "helpers.h"
16
17#define LIVE_INJECT 0
18#define OFFLINE_DUMP 1
19
20#define MODE_BEACON 0
21#define MODE_PROBE_RESPONSE 1
22#define MODE_PROBE_REQUEST 2
23#define MODE_DEAUTH 3
24#define MODE_DISASSOC 4
25#define MODE_ASSOC_RESPONSE 5
26#define MODE_ASSOC_REQUEST 6
27#define MODE_REASSOC_RESPONSE 7
28#define MODE_REASSOC_REQUEST 8
29#define MODE_AUTH 9
30#define MODE_RTS 10
31#define MODE_CTS 11
32#define MODE_RANDOM_BEACON 12
33#define MODE_ACTION 13
34#define MODE_ACTION_NOACK 14
35#define MODE_TIMING_AD 15
36#define MODE_ATIM 16
37
38#define SNAPLEN 96
39#define CHANNEL 11
40#define BCAST_MAC "\xff\xff\xff\xff\xff\xff"
41#define TO_MAC "\x00\x20\x91\xAA\xBB\xCC"
42#define FROM_MAC "\x00\x20\x91\x11\x22\x33"
43#define REASSOC_MAC "\xAA\xBB\xCC\xDD\xEE\xFF"
44#define BEACON_SSID "libwifi-beacon"
45#define PROBE_RESP_SSID "libwifi-probe-resp"
46#define PROBE_REQ_SSID "libwifi-probe-req"
47#define ASSOC_REQ_SSID "libwifi-assoc-req"
48#define REASSOC_REQ_SSID "libwifi-reassoc-req"
49
50pcap_t *handle = NULL;
51pcap_dumper_t *outputHandle = NULL;
52FILE *filename = NULL;
53
54static unsigned char to[] = TO_MAC;
55static unsigned char from[] = FROM_MAC;
56static unsigned char bcast[] = BCAST_MAC;
57static unsigned char reassoc_mac[] = REASSOC_MAC;
58static unsigned char tag_data[] = "\x00\x00\00\x01This is a 221 tag from libwifi.\n";
59
60static int mode = 0;
61static int inject_mode = 0;
62
63void handle_interupt(int signal) {
64 if (signal == SIGINT) {
65 int oldmode = inject_mode;
66 mode = -1;
67 inject_mode = -1;
68
69 if (oldmode == LIVE_INJECT) {
70 pcap_close(handle);
71 printf("\n\nClosed Capture Handle!\n");
72 } else if (oldmode == OFFLINE_DUMP) {
73 pcap_dump_flush(outputHandle);
74 pcap_dump_close(outputHandle);
75 printf("\n\nDumped and Closed Output File!\n");
76 }
77
78 exit(EXIT_SUCCESS);
79 }
80}
81
82void inject_frame(void *buf, size_t buf_sz) {
83 struct libwifi_radiotap_info info = {0};
84 info.present = 0x0000002e; // 0x002e: Flags, Rate, Channel, dBm Ant Signal
85 info.channel.flags = 0x0140; // OFDM, 5GHz
86 info.channel.freq = 5180; // Channel 46
87 info.flags = 0x0000; // No Flags
88 info.rate = 1; // 1 Mbit
89 info.rate_raw = info.rate * 2; // Radiotap uses 500kb/s increments
90 info.signal = -20; // Signal in dBm
91
92 char *rtap = NULL;
93 rtap = malloc(LIBWIFI_MAX_RADIOTAP_LEN);
94 if (rtap == NULL) {
95 printf("malloc failure: %s\n", strerror(errno));
96 return;
97 }
98 memset(rtap, 0, LIBWIFI_MAX_RADIOTAP_LEN);
99
100 int rtap_len = libwifi_create_radiotap(&info, rtap);
101 if (rtap_len == -1) {
102 printf("error generating radiotap header\n");
103 return;
104 }
105
106 void *frame = NULL;
107 size_t frame_sz = rtap_len + buf_sz;
108 frame = malloc(frame_sz);
109 if (frame == NULL) {
110 printf("malloc failure: %s\n", strerror(errno));
111 exit(EXIT_FAILURE);
112 }
113
114 memcpy(frame, rtap, rtap_len);
115 memcpy(frame + rtap_len, buf, buf_sz);
116
117 hexdump(rtap, rtap_len);
118 printf("-----\n");
119 hexdump(frame, frame_sz);
120
121 if (inject_mode == LIVE_INJECT) {
122 pcap_inject(handle, frame, frame_sz);
123 } else if (inject_mode == OFFLINE_DUMP) {
124 struct pcap_pkthdr hdr = {0};
125 hdr.caplen = frame_sz;
126 hdr.len = frame_sz;
127 struct timeval tv;
128 gettimeofday(&tv, NULL);
129 hdr.ts = tv;
130 pcap_dump((unsigned char *) outputHandle, &hdr, frame);
131 }
132
133 free(rtap);
134 free(frame);
135}
136
137void inject_beacons(int random_mac) {
138 while (1) {
139 printf("Sending 50 beacons...\n");
140 for (int i = 0; i < 50; ++i) {
141 struct libwifi_beacon beacon;
142 unsigned char txmac[6] = {0};
143 memset(&beacon, 0, sizeof(struct libwifi_beacon));
144
145 if (random_mac) {
146 libwifi_random_mac(txmac, NULL);
147 } else {
148 memcpy(txmac, FROM_MAC, 6);
149 }
150 libwifi_create_beacon(&beacon, bcast, txmac, BEACON_SSID, CHANNEL);
151 libwifi_quick_add_tag(&beacon.tags, TAG_VENDOR_SPECIFIC, tag_data, sizeof(tag_data));
152
153 unsigned char *buf = NULL;
154 size_t buf_sz = libwifi_get_beacon_length(&beacon);
155
156 buf = malloc(buf_sz);
157 if (buf == NULL) {
158 printf("malloc failure: %s", strerror(errno));
159 exit(EXIT_FAILURE);
160 }
161
162 printf("Injecting beacon with:\n");
163 printf("\tSSID: %s\n", BEACON_SSID);
164 printf("\tChannel: %d\n", CHANNEL);
165 printf("\tSource: " MACSTR "\n", MAC2STR(txmac));
166 printf("\tDestination: " MACSTR "\n", MAC2STR(bcast));
167
168 libwifi_dump_beacon(&beacon, buf, buf_sz);
169 inject_frame(buf, buf_sz);
170
171 libwifi_free_beacon(&beacon);
172 free(buf);
173 usleep(1e4); // 10ms
174 }
175 sleep(1);
176 }
177}
178
179void inject_probe_responses() {
180 while (1) {
181 printf("Sending 50 probe responses, then sleeping for 1 second\n");
182 for (int i = 0; i < 50; ++i) {
183 struct libwifi_probe_resp probe_resp;
184 memset(&probe_resp, 0, sizeof(struct libwifi_probe_resp));
185
186 libwifi_create_probe_resp(&probe_resp, to, from, PROBE_RESP_SSID, CHANNEL);
187 libwifi_quick_add_tag(&probe_resp.tags, TAG_VENDOR_SPECIFIC, tag_data, sizeof(tag_data));
188
189 unsigned char *buf = NULL;
190 size_t buf_sz = libwifi_get_probe_resp_length(&probe_resp);
191
192 buf = malloc(buf_sz);
193 if (buf == NULL) {
194 printf("malloc failure: %s", strerror(errno));
195 exit(EXIT_FAILURE);
196 }
197
198 printf("Injecting probe responses with:\n");
199 printf("\tSSID: %s\n", PROBE_RESP_SSID);
200 printf("\tChannel: %d\n", CHANNEL);
201 printf("\tSource: " MACSTR "\n", MAC2STR(from));
202 printf("\tDestination: " MACSTR "\n", MAC2STR(to));
203
204 libwifi_dump_probe_resp(&probe_resp, buf, buf_sz);
205 inject_frame(buf, buf_sz);
206
207 libwifi_free_probe_resp(&probe_resp);
208 free(buf);
209 usleep(1e4); // 10ms
210 }
211 sleep(1);
212 }
213}
214
215void inject_probe_requests() {
216 while (1) {
217 printf("Sending 50 probe responses, then sleeping for 1 second\n");
218 for (int i = 0; i < 50; ++i) {
219 struct libwifi_probe_req probe;
220 memset(&probe, 0, sizeof(struct libwifi_probe_req));
221
222 libwifi_create_probe_req(&probe, to, from, to, PROBE_REQ_SSID, CHANNEL);
223
224 unsigned char *buf = NULL;
225 size_t buf_sz = libwifi_get_probe_req_length(&probe);
226
227 buf = malloc(buf_sz);
228 if (buf == NULL) {
229 printf("malloc failure: %s", strerror(errno));
230 exit(EXIT_FAILURE);
231 }
232
233 printf("Injecting probe requests with:\n");
234 printf("\tSSID: %s\n", PROBE_REQ_SSID);
235 printf("\tChannel: %d\n", CHANNEL);
236 printf("\tSource: " MACSTR "\n", MAC2STR(from));
237 printf("\tDestination: " MACSTR "\n", MAC2STR(to));
238
239 libwifi_dump_probe_req(&probe, buf, buf_sz);
240 inject_frame(buf, buf_sz);
241
242 libwifi_free_probe_req(&probe);
243 free(buf);
244
245 usleep(1e4); // 10ms
246 }
247 sleep(1);
248 }
249}
250
251void inject_deauths() {
252 while (1) {
253 printf("Sending 50 probe responses, then sleeping for 1 second\n");
254 for (int i = 0; i < 50; ++i) {
255 struct libwifi_deauth deauth;
256 memset(&deauth, 0, sizeof(struct libwifi_deauth));
257
258 libwifi_create_deauth(&deauth, to, from, REASON_STA_LEAVING);
259
260 unsigned char *buf = NULL;
261 size_t buf_sz = libwifi_get_deauth_length(&deauth);
262
263 buf = malloc(buf_sz);
264 if (buf == NULL) {
265 printf("malloc failure: %s", strerror(errno));
266 exit(EXIT_FAILURE);
267 }
268
269 printf("Injecting deauths with:\n");
270 printf("\tChannel: %d\n", CHANNEL);
271 printf("\tReason: %d\n", REASON_STA_LEAVING);
272 printf("\tSource: " MACSTR "\n", MAC2STR(from));
273 printf("\tDestination: " MACSTR "\n", MAC2STR(to));
274
275 libwifi_dump_deauth(&deauth, buf, buf_sz);
276 inject_frame(buf, buf_sz);
277
278 free(buf);
279
280 usleep(1e4); // 10ms
281 }
282 sleep(1);
283 }
284}
285
286void inject_disassocs() {
287 while (1) {
288 printf("Sending 50 probe responses, then sleeping for 1 second\n");
289 for (int i = 0; i < 50; ++i) {
290 struct libwifi_disassoc disassoc;
291 memset(&disassoc, 0, sizeof(struct libwifi_disassoc));
292
293 libwifi_create_disassoc(&disassoc, to, from, REASON_STA_LEAVING);
294
295 unsigned char *buf = NULL;
296 size_t buf_sz = libwifi_get_disassoc_length(&disassoc);
297
298 buf = malloc(buf_sz);
299 if (buf == NULL) {
300 printf("malloc failure: %s", strerror(errno));
301 exit(EXIT_FAILURE);
302 }
303
304 printf("Injecting disassocs with:\n");
305 printf("\tChannel: %d\n", CHANNEL);
306 printf("\tReason: %d\n", REASON_STA_LEAVING);
307 printf("\tSource: " MACSTR "\n", MAC2STR(from));
308 printf("\tDestination: " MACSTR "\n", MAC2STR(to));
309
310 libwifi_dump_disassoc(&disassoc, buf, buf_sz);
311 inject_frame(buf, buf_sz);
312
313 free(buf);
314
315 usleep(1e4); // 10ms
316 }
317 sleep(1);
318 }
319}
320
321void inject_assoc_requests() {
322 while (1) {
323 printf("Sending 50 association requests, then sleeping for 1 second\n");
324 for (int i = 0; i < 50; ++i) {
325 struct libwifi_assoc_req assoc_req;
326 memset(&assoc_req, 0, sizeof(struct libwifi_assoc_req));
327
328 libwifi_create_assoc_req(&assoc_req, to, from, ASSOC_REQ_SSID, CHANNEL);
329
330 unsigned char *buf = NULL;
331 size_t buf_sz = libwifi_get_assoc_req_length(&assoc_req);
332
333 buf = malloc(buf_sz);
334 if (buf == NULL) {
335 printf("malloc failure: %s", strerror(errno));
336 exit(EXIT_FAILURE);
337 }
338
339 printf("Injecting association requests with:\n");
340 printf("\tChannel: %d\n", CHANNEL);
341 printf("\tSource: " MACSTR "\n", MAC2STR(from));
342 printf("\tDestination: " MACSTR "\n", MAC2STR(to));
343
344 libwifi_dump_assoc_req(&assoc_req, buf, buf_sz);
345 inject_frame(buf, buf_sz);
346
347 free(buf);
348 libwifi_free_assoc_req(&assoc_req);
349
350 usleep(1e4); // 10ms
351 }
352 sleep(1);
353 }
354}
355
356void inject_assoc_responses() {
357 while (1) {
358 printf("Sending 50 association responses, then sleeping for 1 second\n");
359 for (int i = 0; i < 50; ++i) {
360 struct libwifi_assoc_resp assoc_resp;
361 memset(&assoc_resp, 0, sizeof(struct libwifi_assoc_req));
362
363 libwifi_create_assoc_resp(&assoc_resp, to, from, CHANNEL);
364
365 unsigned char *buf = NULL;
366 size_t buf_sz = libwifi_get_assoc_resp_length(&assoc_resp);
367
368 buf = malloc(buf_sz);
369 if (buf == NULL) {
370 printf("malloc failure: %s", strerror(errno));
371 exit(EXIT_FAILURE);
372 }
373
374 printf("Injecting association responses with:\n");
375 printf("\tChannel: %d\n", CHANNEL);
376 printf("\tSource: " MACSTR "\n", MAC2STR(from));
377 printf("\tDestination: " MACSTR "\n", MAC2STR(to));
378
379 libwifi_dump_assoc_resp(&assoc_resp, buf, buf_sz);
380 inject_frame(buf, buf_sz);
381
382 free(buf);
383 libwifi_free_assoc_resp(&assoc_resp);
384
385 usleep(1e4); // 10ms
386 }
387 sleep(1);
388 }
389}
390
391void inject_reassoc_requests() {
392 while (1) {
393 printf("Sending 50 reassociation requests, then sleeping for 1 second\n");
394 for (int i = 0; i < 50; ++i) {
395 struct libwifi_reassoc_req reassoc_req;
396 memset(&reassoc_req, 0, sizeof(struct libwifi_assoc_req));
397
398 libwifi_create_reassoc_req(&reassoc_req, to, from, reassoc_mac, REASSOC_REQ_SSID, CHANNEL);
399
400 unsigned char *buf = NULL;
401 size_t buf_sz = libwifi_get_reassoc_req_length(&reassoc_req);
402
403 buf = malloc(buf_sz);
404 if (buf == NULL) {
405 printf("malloc failure: %s", strerror(errno));
406 exit(EXIT_FAILURE);
407 }
408
409 printf("Injecting reassociation requests with:\n");
410 printf("\tChannel: %d\n", CHANNEL);
411 printf("\tSource: " MACSTR "\n", MAC2STR(from));
412 printf("\tDestination: " MACSTR "\n", MAC2STR(to));
413 printf("\tPrevious BSSID: " MACSTR "\n", MAC2STR(reassoc_mac));
414
415 libwifi_dump_reassoc_req(&reassoc_req, buf, buf_sz);
416 inject_frame(buf, buf_sz);
417
418 free(buf);
419 libwifi_free_reassoc_req(&reassoc_req);
420
421 usleep(1e4); // 10ms
422 }
423 sleep(1);
424 }
425}
426
427void inject_reassoc_responses() {
428 while (1) {
429 printf("Sending 50 reassociation responses, then sleeping for 1 second\n");
430 for (int i = 0; i < 50; ++i) {
431 struct libwifi_reassoc_resp reassoc_resp;
432 memset(&reassoc_resp, 0, sizeof(struct libwifi_assoc_req));
433
434 libwifi_create_reassoc_resp(&reassoc_resp, to, from, CHANNEL);
435
436 unsigned char *buf = NULL;
437 size_t buf_sz = libwifi_get_reassoc_resp_length(&reassoc_resp);
438
439 buf = malloc(buf_sz);
440 if (buf == NULL) {
441 printf("malloc failure: %s", strerror(errno));
442 exit(EXIT_FAILURE);
443 }
444
445 printf("Injecting reassociation responses with:\n");
446 printf("\tChannel: %d\n", CHANNEL);
447 printf("\tSource: " MACSTR "\n", MAC2STR(from));
448 printf("\tDestination: " MACSTR "\n", MAC2STR(to));
449
450 libwifi_dump_reassoc_resp(&reassoc_resp, buf, buf_sz);
451 inject_frame(buf, buf_sz);
452
453 free(buf);
454 libwifi_free_reassoc_resp(&reassoc_resp);
455
456 usleep(1e4); // 10ms
457 }
458 sleep(1);
459 }
460}
461
462void inject_auths() {
463 while (1) {
464 printf("Sending 50 auth frames, then sleeping for 1 second\n");
465 for (int i = 0; i < 50; ++i) {
466 struct libwifi_auth auth;
467 memset(&auth, 0, sizeof(struct libwifi_deauth));
468
469 libwifi_create_auth(&auth, to, from, AUTH_OPEN, 0, STATUS_SUCCESS);
470
471 unsigned char *buf = NULL;
472 size_t buf_sz = libwifi_get_auth_length(&auth);
473
474 buf = malloc(buf_sz);
475 if (buf == NULL) {
476 printf("malloc failure: %s", strerror(errno));
477 exit(EXIT_FAILURE);
478 }
479
480 libwifi_dump_auth(&auth, buf, buf_sz);
481 inject_frame(buf, buf_sz);
482
483 free(buf);
484
485 memset(&auth, 0, sizeof(struct libwifi_deauth));
486
487 libwifi_create_auth(&auth, from, to, AUTH_OPEN, 1, STATUS_SUCCESS);
488
489 buf = NULL;
490 buf_sz = libwifi_get_auth_length(&auth);
491
492 buf = malloc(buf_sz);
493 if (buf == NULL) {
494 printf("malloc failure: %s", strerror(errno));
495 exit(EXIT_FAILURE);
496 }
497
498 printf("Injecting auths with:\n");
499 printf("\tChannel: %d\n", CHANNEL);
500 printf("\tAlgorithm: %d\n", AUTH_OPEN);
501 printf("\tSource: " MACSTR "\n", MAC2STR(from));
502 printf("\tDestination: " MACSTR "\n", MAC2STR(to));
503
504 libwifi_dump_auth(&auth, buf, buf_sz);
505 inject_frame(buf, buf_sz);
506
507 free(buf);
508 usleep(1e4); // 10ms
509 }
510 sleep(1);
511 }
512}
513
514void inject_timing_ads() {
515 while (1) {
516 printf("Sending 50 timing advertisement frames, then sleeping for 1 second\n");
517 for (int i = 0; i < 50; ++i) {
518 struct libwifi_timing_advert time_ad = {0};
519 struct libwifi_timing_advert_fields ad_fields = {0};
520
521 ad_fields.timing_capabilities = 2;
522 memcpy(ad_fields.time_error, "\xCC\xCC\xCC\xCC\xCC", 5);
523 memcpy(ad_fields.time_update, "\xBB", 1);
524 memcpy(ad_fields.time_value,
525 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA", 10);
526
527 libwifi_create_timing_advert(&time_ad, to, from, &ad_fields, "GB", -56, -56, -30, -20);
528
529 unsigned char *buf = NULL;
530 size_t buf_len = libwifi_get_timing_advert_length(&time_ad);
531 buf = malloc(buf_len);
532 if (buf == NULL) {
533 printf("malloc failure: %s", strerror(errno));
534 exit(EXIT_FAILURE);
535 }
536 printf("buf_len: %zu\n", buf_len);
537
538 size_t ret = libwifi_dump_timing_advert(&time_ad, buf, buf_len);
539 if (ret < 0) {
540 printf("error dump: %zu\n", ret);
541 exit(EXIT_FAILURE);
542 }
543 hexdump(buf, buf_len);
544 inject_frame(buf, buf_len);
545
546 free(buf);
547 libwifi_free_timing_advert(&time_ad);
548
549 usleep(1e4); // 10ms
550 }
551 sleep(1);
552 }
553}
554
555void inject_action_noacks() {
556 while (1) {
557 printf("Sending 50 action no ack frames, then sleeping for 1 second\n");
558 for (int i = 0; i < 50; ++i) {
559 struct libwifi_action action;
560 memset(&action, 0, sizeof(struct libwifi_action));
561
562 libwifi_create_action_no_ack(&action, to, from, ACTION_FAST_BSS_TRANSITION);
563
564 unsigned char *action_buf = malloc(256);
565 memset(action_buf, 0, 256);
566
567 size_t offset = 0;
568 size_t w = 0;
569
570 memcpy(action_buf, "\x01", 1); // Fast BSS Request
571 offset += 1;
572 memcpy(action_buf + offset, "\xAA\xBB\xCC\xDD\xEE\xFF", 6); // STA Address
573 offset += 6;
574 memcpy(action_buf + offset, "\xFF\xEE\xDD\xCC\xBB\xAA", 6); // AP Address
575 offset += 6;
576
577 unsigned char *tag_tmp = malloc(256);
578 memset(tag_tmp, 0, 256);
579
580 struct libwifi_tagged_parameter rsne = {0};
581 size_t tsz = libwifi_create_tag(&rsne, TAG_RSN, (const unsigned char * )"\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x02\x00\x00", 20);
582 w = libwifi_dump_tag(&rsne, tag_tmp, tsz);
583 memcpy(action_buf + offset, tag_tmp, w);
584 offset += w;
585
586
587 struct libwifi_tagged_parameter mobdom = {0};
588 tsz = libwifi_create_tag(&mobdom, TAG_MOBILITY_DOMAIN, (const unsigned char*)"\x00\x11\x01", 3);
589 memset(tag_tmp, 0, tsz);
590 w = libwifi_dump_tag(&mobdom, tag_tmp, tsz);
591 memcpy(action_buf + offset, tag_tmp, w);
592 offset += w;
593 libwifi_free_tag(&mobdom);
594
595 struct libwifi_tagged_parameter fbss = {0};
596 tsz = libwifi_create_tag(&fbss, TAG_FAST_BSS_TRANSITION, (const unsigned char*)"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xAA\xBB\xCC\xDD\xEE\xFF\xAA\xBB\xCC\xDD\xEE\xFF\xAA\xBB\xCC\xDD\xEE\xFF\xAA\xBB\xCC\xDD\xEE\xFF\xAA\xBB\xCC\xDD\xEE\xFF\xAA\x03\x04\xAA\xBB\x04\xAA\xBB\xCC\xDD", 88);
597 memset(tag_tmp, 0, tsz);
598 w = libwifi_dump_tag(&fbss, tag_tmp, tsz);
599 memcpy(action_buf + offset, tag_tmp, w);
600 offset += w;
601 libwifi_free_tag(&fbss);
602
603 libwifi_add_action_detail(&action.fixed_parameters.details, action_buf, offset);
604
605 unsigned char *buf = NULL;
606 size_t buf_sz = libwifi_get_action_length(&action);
607
608 buf = malloc(buf_sz);
609 if (buf == NULL) {
610 printf("malloc failure: %s", strerror(errno));
611 exit(EXIT_FAILURE);
612 }
613
614 printf("Injecting actions with:\n");
615 printf("\tAction: %d\n", ACTION_FAST_BSS_TRANSITION);
616 printf("\tSource: " MACSTR "\n", MAC2STR(from));
617 printf("\tDestination: " MACSTR "\n", MAC2STR(to));
618
619 libwifi_dump_action(&action, buf, buf_sz);
620 inject_frame(buf, buf_sz);
621
622 free(buf);
623
624 usleep(1e4); // 10ms
625 }
626 sleep(1);
627 }
628}
629
630void inject_actions() {
631 while (1) {
632 printf("Sending 50 action frames, then sleeping for 1 second\n");
633 for (int i = 0; i < 50; ++i) {
634 struct libwifi_action action;
635 memset(&action, 0, sizeof(struct libwifi_action));
636
637 libwifi_create_action(&action, to, from, ACTION_FAST_BSS_TRANSITION);
638
639 unsigned char *action_buf = malloc(256);
640 memset(action_buf, 0, 256);
641
642 size_t offset = 0;
643 size_t w = 0;
644
645 memcpy(action_buf, "\x01", 1); // Fast BSS Request
646 offset += 1;
647 memcpy(action_buf + offset, "\xAA\xBB\xCC\xDD\xEE\xFF", 6); // STA Address
648 offset += 6;
649 memcpy(action_buf + offset, "\xFF\xEE\xDD\xCC\xBB\xAA", 6); // AP Address
650 offset += 6;
651
652 unsigned char *tag_tmp = malloc(256);
653 memset(tag_tmp, 0, 256);
654
655 struct libwifi_tagged_parameter rsne = {0};
656 size_t tsz = libwifi_create_tag(&rsne, TAG_RSN, (const unsigned char * )"\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x02\x00\x00", 20);
657 w = libwifi_dump_tag(&rsne, tag_tmp, tsz);
658 memcpy(action_buf + offset, tag_tmp, w);
659 offset += w;
660
661
662 struct libwifi_tagged_parameter mobdom = {0};
663 tsz = libwifi_create_tag(&mobdom, TAG_MOBILITY_DOMAIN, (const unsigned char*)"\x00\x11\x01", 3);
664 memset(tag_tmp, 0, tsz);
665 w = libwifi_dump_tag(&mobdom, tag_tmp, tsz);
666 memcpy(action_buf + offset, tag_tmp, w);
667 offset += w;
668 libwifi_free_tag(&mobdom);
669
670 struct libwifi_tagged_parameter fbss = {0};
671 tsz = libwifi_create_tag(&fbss, TAG_FAST_BSS_TRANSITION, (const unsigned char*)"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xAA\xBB\xCC\xDD\xEE\xFF\xAA\xBB\xCC\xDD\xEE\xFF\xAA\xBB\xCC\xDD\xEE\xFF\xAA\xBB\xCC\xDD\xEE\xFF\xAA\xBB\xCC\xDD\xEE\xFF\xAA\x03\x04\xAA\xBB\x04\xAA\xBB\xCC\xDD", 88);
672 memset(tag_tmp, 0, tsz);
673 w = libwifi_dump_tag(&fbss, tag_tmp, tsz);
674 memcpy(action_buf + offset, tag_tmp, w);
675 offset += w;
676 libwifi_free_tag(&fbss);
677
678 libwifi_add_action_detail(&action.fixed_parameters.details, action_buf, offset);
679
680 unsigned char *buf = NULL;
681 size_t buf_sz = libwifi_get_action_length(&action);
682
683 buf = malloc(buf_sz);
684 if (buf == NULL) {
685 printf("malloc failure: %s", strerror(errno));
686 exit(EXIT_FAILURE);
687 }
688
689 printf("Injecting actions with:\n");
690 printf("\tAction: %d\n", ACTION_FAST_BSS_TRANSITION);
691 printf("\tSource: " MACSTR "\n", MAC2STR(from));
692 printf("\tDestination: " MACSTR "\n", MAC2STR(to));
693
694 libwifi_dump_action(&action, buf, buf_sz);
695 inject_frame(buf, buf_sz);
696
697 free(buf);
698
699 usleep(1e4); // 10ms
700 }
701 sleep(1);
702 }
703}
704
705void inject_atim() {
706 while (1) {
707 printf("Sending 50 ATIM frames, then sleeping for 1 second\n");
708 for (int i = 0; i < 50; ++i) {
709 struct libwifi_atim atim = {0};
710
711 libwifi_create_atim(&atim, to, from, from);
712
713 inject_frame(&atim, sizeof(struct libwifi_atim));
714
715 usleep(1e4); // 10ms
716 }
717 sleep(1);
718 }
719}
720
721void inject_rts() {
722 while (1) {
723 printf("Sending 50 RTS frames, then sleeping for 1 second\n");
724 for (int i = 0; i < 50; ++i) {
725 struct libwifi_rts rts = {0};
726
727 libwifi_create_rts(&rts, to, from, 32);
728
729 inject_frame(&rts, sizeof(struct libwifi_rts));
730
731 usleep(1e4); // 10ms
732 }
733 sleep(1);
734 }
735}
736
737void inject_cts() {
738 while (1) {
739 printf("Sending 50 CTS frames, then sleeping for 1 second\n");
740 for (int i = 0; i < 50; ++i) {
741 struct libwifi_cts cts = {0};
742
743 libwifi_create_cts(&cts, to, 32);
744
745 inject_frame(&cts, sizeof(struct libwifi_cts));
746
747 usleep(1e4); // 10ms
748 }
749 sleep(1);
750 }
751}
752
753void help(const char *name) {
754 fprintf(stderr, "Usage:\n");
755 fprintf(stderr, "\t%s --interface [interface] [--mode]\n", name);
756 fprintf(stderr, "\t\tor\n");
757 fprintf(stderr, "\t%s --file [output file] [--mode]\n", name);
758 fprintf(stderr, "\n");
759 fprintf(stderr, "Modes:\n");
760 fprintf(stderr, "\t--beacon\n");
761 fprintf(stderr, "\t--random-beacon\n");
762 fprintf(stderr, "\t--probe-req\n");
763 fprintf(stderr, "\t--probe-resp\n");
764 fprintf(stderr, "\t--deauth\n");
765 fprintf(stderr, "\t--disassoc\n");
766 fprintf(stderr, "\t--assoc-req\n");
767 fprintf(stderr, "\t--assoc-resp\n");
768 fprintf(stderr, "\t--reassoc-req\n");
769 fprintf(stderr, "\t--reassoc-resp\n");
770 fprintf(stderr, "\t--auth\n");
771 fprintf(stderr, "\t--timing-ad\n");
772 fprintf(stderr, "\t--atim\n");
773 fprintf(stderr, "\t--rts\n");
774 fprintf(stderr, "\t--cts\n");
775}
776
777void handle_args(int argc, const char *argv[]) {
778 char errbuf[PCAP_ERRBUF_SIZE];
779 memset(errbuf, 0, PCAP_ERRBUF_SIZE);
780
781 if (argc < 4) {
782 help(argv[0]);
783 exit(EXIT_SUCCESS);
784 }
785
786 if (strcmp(argv[1], "--file") == 0) {
787 inject_mode = OFFLINE_DUMP;
788
789 filename = fopen(argv[2], "w+");
790 if ((handle = pcap_open_dead(DLT_IEEE802_11_RADIO, BUFSIZ)) == NULL) {
791 fprintf(stderr, "1 %s: %s\n", argv[2], errbuf);
792 exit(EXIT_FAILURE);
793 }
794 if ((outputHandle = pcap_dump_fopen(handle, filename)) == NULL) {
795 fprintf(stderr, "2 %s: %s\n", argv[2], errbuf);
796 exit(EXIT_FAILURE);
797 }
798 } else if (strcmp(argv[1], "--interface") == 0) {
799 inject_mode = LIVE_INJECT;
800
801 if ((handle = pcap_create(argv[2], errbuf)) == NULL) {
802 fprintf(stderr, "Couldn't open interface %s: %s\n", argv[2], errbuf);
803 exit(EXIT_FAILURE);
804 }
805 if (pcap_activate(handle) == 0) {
806 printf("Sniffing on %s\n", argv[2]);
807 } else {
808 fprintf(stderr, "Couldn't activate %s: %s\n", argv[2], pcap_geterr(handle));
809 exit(EXIT_FAILURE);
810 }
811 } else {
812 help(argv[0]);
813 exit(EXIT_SUCCESS);
814 }
815
816 if (strcmp(argv[3], "--beacon") == 0) {
817 mode = MODE_BEACON;
818 } else if (strcmp(argv[3], "--random-beacon") == 0) {
819 mode = MODE_RANDOM_BEACON;
820 } else if (strcmp(argv[3], "--probe-resp") == 0) {
821 mode = MODE_PROBE_RESPONSE;
822 } else if (strcmp(argv[3], "--probe-req") == 0) {
823 mode = MODE_PROBE_REQUEST;
824 } else if (strcmp(argv[3], "--deauth") == 0) {
825 mode = MODE_DEAUTH;
826 } else if (strcmp(argv[3], "--disassoc") == 0) {
827 mode = MODE_DISASSOC;
828 } else if (strcmp(argv[3], "--assoc-resp") == 0) {
829 mode = MODE_ASSOC_RESPONSE;
830 } else if (strcmp(argv[3], "--assoc-req") == 0) {
831 mode = MODE_ASSOC_REQUEST;
832 } else if (strcmp(argv[3], "--reassoc-resp") == 0) {
833 mode = MODE_REASSOC_RESPONSE;
834 } else if (strcmp(argv[3], "--reassoc-req") == 0) {
835 mode = MODE_REASSOC_REQUEST;
836 } else if (strcmp(argv[3], "--auth") == 0) {
837 mode = MODE_AUTH;
838 } else if (strcmp(argv[3], "--timing-ad") == 0) {
839 mode = MODE_TIMING_AD;
840 } else if (strcmp(argv[3], "--action") == 0) {
841 mode = MODE_ACTION;
842 } else if (strcmp(argv[3], "--action-noack") == 0) {
843 mode = MODE_ACTION_NOACK;
844 } else if (strcmp(argv[3], "--atim") == 0) {
845 mode = MODE_ATIM;
846 } else if (strcmp(argv[3], "--rts") == 0) {
847 mode = MODE_RTS;
848 } else if (strcmp(argv[3], "--cts") == 0) {
849 mode = MODE_CTS;
850 } else {
851 help(argv[0]);
852 exit(EXIT_SUCCESS);
853 }
854}
855
856int main(int argc, const char *argv[]) {
857 signal(SIGINT, handle_interupt);
858 handle_args(argc, argv);
859
860 printf("Starting in 5 seconds...\n");
861
862 sleep(5);
863
864 switch (mode) {
865 case MODE_BEACON:
866 inject_beacons(0);
867 break;
868 case MODE_RANDOM_BEACON:
869 inject_beacons(1);
870 break;
871 case MODE_PROBE_RESPONSE:
872 inject_probe_responses();
873 break;
874 case MODE_PROBE_REQUEST:
875 inject_probe_requests();
876 break;
877 case MODE_DEAUTH:
878 inject_deauths();
879 break;
880 case MODE_DISASSOC:
881 inject_disassocs();
882 break;
883 case MODE_ASSOC_REQUEST:
884 inject_assoc_requests();
885 break;
886 case MODE_ASSOC_RESPONSE:
887 inject_assoc_responses();
888 break;
889 case MODE_REASSOC_REQUEST:
890 inject_reassoc_requests();
891 break;
892 case MODE_REASSOC_RESPONSE:
893 inject_reassoc_responses();
894 break;
895 case MODE_AUTH:
896 inject_auths();
897 break;
898 case MODE_ACTION:
899 inject_actions();
900 break;
901 case MODE_ACTION_NOACK:
902 inject_action_noacks();
903 break;
904 case MODE_TIMING_AD:
905 inject_timing_ads();
906 break;
907 case MODE_ATIM:
908 inject_atim();
909 break;
910 case MODE_RTS:
911 inject_rts();
912 break;
913 case MODE_CTS:
914 inject_cts();
915 break;
916 }
917
918 return 0;
919}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-07-04 13:25:18 +0000