about summary refs log tree commit diff stats
path: root/test/src/test_generation.c
diff options
context:
space:
mode:
Diffstat (limited to 'test/src/test_generation.c')
-rw-r--r--test/src/test_generation.c924
1 files changed, 924 insertions, 0 deletions
diff --git a/test/src/test_generation.c b/test/src/test_generation.c new file mode 100644 index 0000000..407e87f --- /dev/null +++ b/test/src/test_generation.c
@@ -0,0 +1,924 @@
1#include <errno.h>
2#include <libwifi.h>
3#include <libwifi/core/frame/management/action.h>
4#include <libwifi/core/frame/management/timing_ad.h>
5#include <libwifi/core/frame/tag.h>
6#include <libwifi/core/misc/types.h>
7#include <libwifi/gen/management/timing_ad.h>
8#include <pcap.h>
9#include <pcap/dlt.h>
10#include <pcap/pcap.h>
11#include <signal.h>
12#include <stddef.h>
13#include <stdint.h>
14#include <stdio.h>
15#include <stdlib.h>
16#include <string.h>
17#include <sys/time.h>
18#include <unistd.h>
19
20#include "helpers.h"
21
22#define LIVE_INJECT 0
23#define OFFLINE_DUMP 1
24
25#define MODE_BEACON 0
26#define MODE_PROBE_RESPONSE 1
27#define MODE_PROBE_REQUEST 2
28#define MODE_DEAUTH 3
29#define MODE_DISASSOC 4
30#define MODE_ASSOC_RESPONSE 5
31#define MODE_ASSOC_REQUEST 6
32#define MODE_REASSOC_RESPONSE 7
33#define MODE_REASSOC_REQUEST 8
34#define MODE_AUTH 9
35#define MODE_RTS 10
36#define MODE_CTS 11
37#define MODE_RANDOM_BEACON 12
38#define MODE_ACTION 13
39#define MODE_ACTION_NOACK 14
40#define MODE_TIMING_AD 15
41#define MODE_ATIM 16
42
43#define SNAPLEN 96
44#define CHANNEL 11
45#define BCAST_MAC "\xff\xff\xff\xff\xff\xff"
46#define TO_MAC "\x00\x20\x91\xAA\xBB\xCC"
47#define FROM_MAC "\x00\x20\x91\x11\x22\x33"
48#define REASSOC_MAC "\xAA\xBB\xCC\xDD\xEE\xFF"
49#define BEACON_SSID "libwifi-beacon"
50#define PROBE_RESP_SSID "libwifi-probe-resp"
51#define PROBE_REQ_SSID "libwifi-probe-req"
52#define ASSOC_REQ_SSID "libwifi-assoc-req"
53#define REASSOC_REQ_SSID "libwifi-reassoc-req"
54
55pcap_t *handle = NULL;
56pcap_dumper_t *outputHandle = NULL;
57FILE *filename = NULL;
58
59static unsigned char to[] = TO_MAC;
60static unsigned char from[] = FROM_MAC;
61static unsigned char bcast[] = BCAST_MAC;
62static unsigned char reassoc_mac[] = REASSOC_MAC;
63static unsigned char tag_data[] = "\x00\x00\00\x01This is a 221 tag from libwifi.\n";
64
65static int mode = 0;
66static int inject_mode = 0;
67
68void handle_interupt(int signal) {
69 if (signal == SIGINT) {
70 int oldmode = inject_mode;
71 mode = -1;
72 inject_mode = -1;
73
74 if (oldmode == LIVE_INJECT) {
75 pcap_close(handle);
76 printf("\n\nClosed Capture Handle!\n");
77 } else if (oldmode == OFFLINE_DUMP) {
78 pcap_dump_flush(outputHandle);
79 pcap_dump_close(outputHandle);
80 printf("\n\nDumped and Closed Output File!\n");
81 }
82
83 exit(EXIT_SUCCESS);
84 }
85}
86
87void inject_frame(void *buf, size_t buf_sz) {
88 struct libwifi_radiotap_info info = {0};
89 info.present = 0x0000002e; // 0x002e: Flags, Rate, Channel, dBm Ant Signal
90 info.channel.flags = 0x0140; // OFDM, 5GHz
91 info.channel.freq = 5180; // Channel 46
92 info.flags = 0x0000; // No Flags
93 info.rate = 1; // 1 Mbit
94 info.rate_raw = info.rate * 2; // Radiotap uses 500kb/s increments
95 info.signal = -20; // Signal in dBm
96
97 char *rtap = NULL;
98 rtap = malloc(LIBWIFI_MAX_RADIOTAP_LEN);
99 if (rtap == NULL) {
100 printf("malloc failure: %s\n", strerror(errno));
101 return;
102 }
103 memset(rtap, 0, LIBWIFI_MAX_RADIOTAP_LEN);
104
105 int rtap_len = libwifi_create_radiotap(&info, rtap);
106 if (rtap_len == -1) {
107 printf("error generating radiotap header\n");
108 return;
109 }
110
111 void *frame = NULL;
112 size_t frame_sz = rtap_len + buf_sz;
113 frame = malloc(frame_sz);
114 if (frame == NULL) {
115 printf("malloc failure: %s\n", strerror(errno));
116 exit(EXIT_FAILURE);
117 }
118
119 memcpy(frame, rtap, rtap_len);
120 memcpy(frame + rtap_len, buf, buf_sz);
121
122 hexdump(rtap, rtap_len);
123 printf("-----\n");
124 hexdump(frame, frame_sz);
125
126 if (inject_mode == LIVE_INJECT) {
127 pcap_inject(handle, frame, frame_sz);
128 } else if (inject_mode == OFFLINE_DUMP) {
129 struct pcap_pkthdr hdr = {0};
130 hdr.caplen = frame_sz;
131 hdr.len = frame_sz;
132 struct timeval tv;
133 gettimeofday(&tv, NULL);
134 hdr.ts = tv;
135 pcap_dump((unsigned char *) outputHandle, &hdr, frame);
136 }
137
138 free(rtap);
139 free(frame);
140}
141
142void inject_beacons(int random_mac) {
143 while (1) {
144 printf("Sending 50 beacons...\n");
145 for (int i = 0; i < 50; ++i) {
146 struct libwifi_beacon beacon;
147 unsigned char txmac[6] = {0};
148 memset(&beacon, 0, sizeof(struct libwifi_beacon));
149
150 if (random_mac) {
151 libwifi_random_mac(txmac, NULL);
152 } else {
153 memcpy(txmac, FROM_MAC, 6);
154 }
155 libwifi_create_beacon(&beacon, bcast, txmac, BEACON_SSID, CHANNEL);
156 libwifi_quick_add_tag(&beacon.tags, TAG_VENDOR_SPECIFIC, tag_data, sizeof(tag_data));
157
158 unsigned char *buf = NULL;
159 size_t buf_sz = libwifi_get_beacon_length(&beacon);
160
161 buf = malloc(buf_sz);
162 if (buf == NULL) {
163 printf("malloc failure: %s", strerror(errno));
164 exit(EXIT_FAILURE);
165 }
166
167 printf("Injecting beacon with:\n");
168 printf("\tSSID: %s\n", BEACON_SSID);
169 printf("\tChannel: %d\n", CHANNEL);
170 printf("\tSource: " MACSTR "\n", MAC2STR(txmac));
171 printf("\tDestination: " MACSTR "\n", MAC2STR(bcast));
172
173 libwifi_dump_beacon(&beacon, buf, buf_sz);
174 inject_frame(buf, buf_sz);
175
176 libwifi_free_beacon(&beacon);
177 free(buf);
178 usleep(1e4); // 10ms
179 }
180 sleep(1);
181 }
182}
183
184void inject_probe_responses() {
185 while (1) {
186 printf("Sending 50 probe responses, then sleeping for 1 second\n");
187 for (int i = 0; i < 50; ++i) {
188 struct libwifi_probe_resp probe_resp;
189 memset(&probe_resp, 0, sizeof(struct libwifi_probe_resp));
190
191 libwifi_create_probe_resp(&probe_resp, to, from, PROBE_RESP_SSID, CHANNEL);
192 libwifi_quick_add_tag(&probe_resp.tags, TAG_VENDOR_SPECIFIC, tag_data, sizeof(tag_data));
193
194 unsigned char *buf = NULL;
195 size_t buf_sz = libwifi_get_probe_resp_length(&probe_resp);
196
197 buf = malloc(buf_sz);
198 if (buf == NULL) {
199 printf("malloc failure: %s", strerror(errno));
200 exit(EXIT_FAILURE);
201 }
202
203 printf("Injecting probe responses with:\n");
204 printf("\tSSID: %s\n", PROBE_RESP_SSID);
205 printf("\tChannel: %d\n", CHANNEL);
206 printf("\tSource: " MACSTR "\n", MAC2STR(from));
207 printf("\tDestination: " MACSTR "\n", MAC2STR(to));
208
209 libwifi_dump_probe_resp(&probe_resp, buf, buf_sz);
210 inject_frame(buf, buf_sz);
211
212 libwifi_free_probe_resp(&probe_resp);
213 free(buf);
214 usleep(1e4); // 10ms
215 }
216 sleep(1);
217 }
218}
219
220void inject_probe_requests() {
221 while (1) {
222 printf("Sending 50 probe responses, then sleeping for 1 second\n");
223 for (int i = 0; i < 50; ++i) {
224 struct libwifi_probe_req probe;
225 memset(&probe, 0, sizeof(struct libwifi_probe_req));
226
227 libwifi_create_probe_req(&probe, to, from, to, PROBE_REQ_SSID, CHANNEL);
228
229 unsigned char *buf = NULL;
230 size_t buf_sz = libwifi_get_probe_req_length(&probe);
231
232 buf = malloc(buf_sz);
233 if (buf == NULL) {
234 printf("malloc failure: %s", strerror(errno));
235 exit(EXIT_FAILURE);
236 }
237
238 printf("Injecting probe requests with:\n");
239 printf("\tSSID: %s\n", PROBE_REQ_SSID);
240 printf("\tChannel: %d\n", CHANNEL);
241 printf("\tSource: " MACSTR "\n", MAC2STR(from));
242 printf("\tDestination: " MACSTR "\n", MAC2STR(to));
243
244 libwifi_dump_probe_req(&probe, buf, buf_sz);
245 inject_frame(buf, buf_sz);
246
247 libwifi_free_probe_req(&probe);
248 free(buf);
249
250 usleep(1e4); // 10ms
251 }
252 sleep(1);
253 }
254}
255
256void inject_deauths() {
257 while (1) {
258 printf("Sending 50 probe responses, then sleeping for 1 second\n");
259 for (int i = 0; i < 50; ++i) {
260 struct libwifi_deauth deauth;
261 memset(&deauth, 0, sizeof(struct libwifi_deauth));
262
263 libwifi_create_deauth(&deauth, to, from, REASON_STA_LEAVING);
264
265 unsigned char *buf = NULL;
266 size_t buf_sz = libwifi_get_deauth_length(&deauth);
267
268 buf = malloc(buf_sz);
269 if (buf == NULL) {
270 printf("malloc failure: %s", strerror(errno));
271 exit(EXIT_FAILURE);
272 }
273
274 printf("Injecting deauths with:\n");
275 printf("\tChannel: %d\n", CHANNEL);
276 printf("\tReason: %d\n", REASON_STA_LEAVING);
277 printf("\tSource: " MACSTR "\n", MAC2STR(from));
278 printf("\tDestination: " MACSTR "\n", MAC2STR(to));
279
280 libwifi_dump_deauth(&deauth, buf, buf_sz);
281 inject_frame(buf, buf_sz);
282
283 free(buf);
284
285 usleep(1e4); // 10ms
286 }
287 sleep(1);
288 }
289}
290
291void inject_disassocs() {
292 while (1) {
293 printf("Sending 50 probe responses, then sleeping for 1 second\n");
294 for (int i = 0; i < 50; ++i) {
295 struct libwifi_disassoc disassoc;
296 memset(&disassoc, 0, sizeof(struct libwifi_disassoc));
297
298 libwifi_create_disassoc(&disassoc, to, from, REASON_STA_LEAVING);
299
300 unsigned char *buf = NULL;
301 size_t buf_sz = libwifi_get_disassoc_length(&disassoc);
302
303 buf = malloc(buf_sz);
304 if (buf == NULL) {
305 printf("malloc failure: %s", strerror(errno));
306 exit(EXIT_FAILURE);
307 }
308
309 printf("Injecting disassocs with:\n");
310 printf("\tChannel: %d\n", CHANNEL);
311 printf("\tReason: %d\n", REASON_STA_LEAVING);
312 printf("\tSource: " MACSTR "\n", MAC2STR(from));
313 printf("\tDestination: " MACSTR "\n", MAC2STR(to));
314
315 libwifi_dump_disassoc(&disassoc, buf, buf_sz);
316 inject_frame(buf, buf_sz);
317
318 free(buf);
319
320 usleep(1e4); // 10ms
321 }
322 sleep(1);
323 }
324}
325
326void inject_assoc_requests() {
327 while (1) {
328 printf("Sending 50 association requests, then sleeping for 1 second\n");
329 for (int i = 0; i < 50; ++i) {
330 struct libwifi_assoc_req assoc_req;
331 memset(&assoc_req, 0, sizeof(struct libwifi_assoc_req));
332
333 libwifi_create_assoc_req(&assoc_req, to, from, ASSOC_REQ_SSID, CHANNEL);
334
335 unsigned char *buf = NULL;
336 size_t buf_sz = libwifi_get_assoc_req_length(&assoc_req);
337
338 buf = malloc(buf_sz);
339 if (buf == NULL) {
340 printf("malloc failure: %s", strerror(errno));
341 exit(EXIT_FAILURE);
342 }
343
344 printf("Injecting association requests with:\n");
345 printf("\tChannel: %d\n", CHANNEL);
346 printf("\tSource: " MACSTR "\n", MAC2STR(from));
347 printf("\tDestination: " MACSTR "\n", MAC2STR(to));
348
349 libwifi_dump_assoc_req(&assoc_req, buf, buf_sz);
350 inject_frame(buf, buf_sz);
351
352 free(buf);
353 libwifi_free_assoc_req(&assoc_req);
354
355 usleep(1e4); // 10ms
356 }
357 sleep(1);
358 }
359}
360
361void inject_assoc_responses() {
362 while (1) {
363 printf("Sending 50 association responses, then sleeping for 1 second\n");
364 for (int i = 0; i < 50; ++i) {
365 struct libwifi_assoc_resp assoc_resp;
366 memset(&assoc_resp, 0, sizeof(struct libwifi_assoc_req));
367
368 libwifi_create_assoc_resp(&assoc_resp, to, from, CHANNEL);
369
370 unsigned char *buf = NULL;
371 size_t buf_sz = libwifi_get_assoc_resp_length(&assoc_resp);
372
373 buf = malloc(buf_sz);
374 if (buf == NULL) {
375 printf("malloc failure: %s", strerror(errno));
376 exit(EXIT_FAILURE);
377 }
378
379 printf("Injecting association responses with:\n");
380 printf("\tChannel: %d\n", CHANNEL);
381 printf("\tSource: " MACSTR "\n", MAC2STR(from));
382 printf("\tDestination: " MACSTR "\n", MAC2STR(to));
383
384 libwifi_dump_assoc_resp(&assoc_resp, buf, buf_sz);
385 inject_frame(buf, buf_sz);
386
387 free(buf);
388 libwifi_free_assoc_resp(&assoc_resp);
389
390 usleep(1e4); // 10ms
391 }
392 sleep(1);
393 }
394}
395
396void inject_reassoc_requests() {
397 while (1) {
398 printf("Sending 50 reassociation requests, then sleeping for 1 second\n");
399 for (int i = 0; i < 50; ++i) {
400 struct libwifi_reassoc_req reassoc_req;
401 memset(&reassoc_req, 0, sizeof(struct libwifi_assoc_req));
402
403 libwifi_create_reassoc_req(&reassoc_req, to, from, reassoc_mac, REASSOC_REQ_SSID, CHANNEL);
404
405 unsigned char *buf = NULL;
406 size_t buf_sz = libwifi_get_reassoc_req_length(&reassoc_req);
407
408 buf = malloc(buf_sz);
409 if (buf == NULL) {
410 printf("malloc failure: %s", strerror(errno));
411 exit(EXIT_FAILURE);
412 }
413
414 printf("Injecting reassociation requests with:\n");
415 printf("\tChannel: %d\n", CHANNEL);
416 printf("\tSource: " MACSTR "\n", MAC2STR(from));
417 printf("\tDestination: " MACSTR "\n", MAC2STR(to));
418 printf("\tPrevious BSSID: " MACSTR "\n", MAC2STR(reassoc_mac));
419
420 libwifi_dump_reassoc_req(&reassoc_req, buf, buf_sz);
421 inject_frame(buf, buf_sz);
422
423 free(buf);
424 libwifi_free_reassoc_req(&reassoc_req);
425
426 usleep(1e4); // 10ms
427 }
428 sleep(1);
429 }
430}
431
432void inject_reassoc_responses() {
433 while (1) {
434 printf("Sending 50 reassociation responses, then sleeping for 1 second\n");
435 for (int i = 0; i < 50; ++i) {
436 struct libwifi_reassoc_resp reassoc_resp;
437 memset(&reassoc_resp, 0, sizeof(struct libwifi_assoc_req));
438
439 libwifi_create_reassoc_resp(&reassoc_resp, to, from, CHANNEL);
440
441 unsigned char *buf = NULL;
442 size_t buf_sz = libwifi_get_reassoc_resp_length(&reassoc_resp);
443
444 buf = malloc(buf_sz);
445 if (buf == NULL) {
446 printf("malloc failure: %s", strerror(errno));
447 exit(EXIT_FAILURE);
448 }
449
450 printf("Injecting reassociation responses with:\n");
451 printf("\tChannel: %d\n", CHANNEL);
452 printf("\tSource: " MACSTR "\n", MAC2STR(from));
453 printf("\tDestination: " MACSTR "\n", MAC2STR(to));
454
455 libwifi_dump_reassoc_resp(&reassoc_resp, buf, buf_sz);
456 inject_frame(buf, buf_sz);
457
458 free(buf);
459 libwifi_free_reassoc_resp(&reassoc_resp);
460
461 usleep(1e4); // 10ms
462 }
463 sleep(1);
464 }
465}
466
467void inject_auths() {
468 while (1) {
469 printf("Sending 50 auth frames, then sleeping for 1 second\n");
470 for (int i = 0; i < 50; ++i) {
471 struct libwifi_auth auth;
472 memset(&auth, 0, sizeof(struct libwifi_deauth));
473
474 libwifi_create_auth(&auth, to, from, AUTH_OPEN, 0, STATUS_SUCCESS);
475
476 unsigned char *buf = NULL;
477 size_t buf_sz = libwifi_get_auth_length(&auth);
478
479 buf = malloc(buf_sz);
480 if (buf == NULL) {
481 printf("malloc failure: %s", strerror(errno));
482 exit(EXIT_FAILURE);
483 }
484
485 libwifi_dump_auth(&auth, buf, buf_sz);
486 inject_frame(buf, buf_sz);
487
488 free(buf);
489
490 memset(&auth, 0, sizeof(struct libwifi_deauth));
491
492 libwifi_create_auth(&auth, from, to, AUTH_OPEN, 1, STATUS_SUCCESS);
493
494 buf = NULL;
495 buf_sz = libwifi_get_auth_length(&auth);
496
497 buf = malloc(buf_sz);
498 if (buf == NULL) {
499 printf("malloc failure: %s", strerror(errno));
500 exit(EXIT_FAILURE);
501 }
502
503 printf("Injecting auths with:\n");
504 printf("\tChannel: %d\n", CHANNEL);
505 printf("\tAlgorithm: %d\n", AUTH_OPEN);
506 printf("\tSource: " MACSTR "\n", MAC2STR(from));
507 printf("\tDestination: " MACSTR "\n", MAC2STR(to));
508
509 libwifi_dump_auth(&auth, buf, buf_sz);
510 inject_frame(buf, buf_sz);
511
512 free(buf);
513 usleep(1e4); // 10ms
514 }
515 sleep(1);
516 }
517}
518
519void inject_timing_ads() {
520 while (1) {
521 printf("Sending 50 timing advertisement frames, then sleeping for 1 second\n");
522 for (int i = 0; i < 50; ++i) {
523 struct libwifi_timing_advert time_ad = {0};
524 struct libwifi_timing_advert_fields ad_fields = {0};
525
526 ad_fields.timing_capabilities = 2;
527 memcpy(ad_fields.time_error, "\xCC\xCC\xCC\xCC\xCC", 5);
528 memcpy(ad_fields.time_update, "\xBB", 1);
529 memcpy(ad_fields.time_value,
530 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA", 10);
531
532 libwifi_create_timing_advert(&time_ad, to, from, &ad_fields, "GB", -56, -56, -30, -20);
533
534 unsigned char *buf = NULL;
535 size_t buf_len = libwifi_get_timing_advert_length(&time_ad);
536 buf = malloc(buf_len);
537 if (buf == NULL) {
538 printf("malloc failure: %s", strerror(errno));
539 exit(EXIT_FAILURE);
540 }
541 printf("buf_len: %zu\n", buf_len);
542
543 size_t ret = libwifi_dump_timing_advert(&time_ad, buf, buf_len);
544 if (ret < 0) {
545 printf("error dump: %zu\n", ret);
546 exit(EXIT_FAILURE);
547 }
548 hexdump(buf, buf_len);
549 inject_frame(buf, buf_len);
550
551 free(buf);
552 libwifi_free_timing_advert(&time_ad);
553
554 usleep(1e4); // 10ms
555 }
556 sleep(1);
557 }
558}
559
560void inject_action_noacks() {
561 while (1) {
562 printf("Sending 50 action no ack frames, then sleeping for 1 second\n");
563 for (int i = 0; i < 50; ++i) {
564 struct libwifi_action action;
565 memset(&action, 0, sizeof(struct libwifi_action));
566
567 libwifi_create_action_no_ack(&action, to, from, ACTION_FAST_BSS_TRANSITION);
568
569 unsigned char *action_buf = malloc(256);
570 memset(action_buf, 0, 256);
571
572 size_t offset = 0;
573 size_t w = 0;
574
575 memcpy(action_buf, "\x01", 1); // Fast BSS Request
576 offset += 1;
577 memcpy(action_buf + offset, "\xAA\xBB\xCC\xDD\xEE\xFF", 6); // STA Address
578 offset += 6;
579 memcpy(action_buf + offset, "\xFF\xEE\xDD\xCC\xBB\xAA", 6); // AP Address
580 offset += 6;
581
582 unsigned char *tag_tmp = malloc(256);
583 memset(tag_tmp, 0, 256);
584
585 struct libwifi_tagged_parameter rsne = {0};
586 size_t tsz = libwifi_create_tag(&rsne, TAG_RSN, (const unsigned char * )"\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x02\x00\x00", 20);
587 w = libwifi_dump_tag(&rsne, tag_tmp, tsz);
588 memcpy(action_buf + offset, tag_tmp, w);
589 offset += w;
590
591
592 struct libwifi_tagged_parameter mobdom = {0};
593 tsz = libwifi_create_tag(&mobdom, TAG_MOBILITY_DOMAIN, (const unsigned char*)"\x00\x11\x01", 3);
594 memset(tag_tmp, 0, tsz);
595 w = libwifi_dump_tag(&mobdom, tag_tmp, tsz);
596 memcpy(action_buf + offset, tag_tmp, w);
597 offset += w;
598 libwifi_free_tag(&mobdom);
599
600 struct libwifi_tagged_parameter fbss = {0};
601 tsz = libwifi_create_tag(&fbss, TAG_FAST_BSS_TRANSITION, (const unsigned char*)"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xAA\xBB\xCC\xDD\xEE\xFF\xAA\xBB\xCC\xDD\xEE\xFF\xAA\xBB\xCC\xDD\xEE\xFF\xAA\xBB\xCC\xDD\xEE\xFF\xAA\xBB\xCC\xDD\xEE\xFF\xAA\x03\x04\xAA\xBB\x04\xAA\xBB\xCC\xDD", 88);
602 memset(tag_tmp, 0, tsz);
603 w = libwifi_dump_tag(&fbss, tag_tmp, tsz);
604 memcpy(action_buf + offset, tag_tmp, w);
605 offset += w;
606 libwifi_free_tag(&fbss);
607
608 libwifi_add_action_detail(&action.fixed_parameters.details, action_buf, offset);
609
610 unsigned char *buf = NULL;
611 size_t buf_sz = libwifi_get_action_length(&action);
612
613 buf = malloc(buf_sz);
614 if (buf == NULL) {
615 printf("malloc failure: %s", strerror(errno));
616 exit(EXIT_FAILURE);
617 }
618
619 printf("Injecting actions with:\n");
620 printf("\tAction: %d\n", ACTION_FAST_BSS_TRANSITION);
621 printf("\tSource: " MACSTR "\n", MAC2STR(from));
622 printf("\tDestination: " MACSTR "\n", MAC2STR(to));
623
624 libwifi_dump_action(&action, buf, buf_sz);
625 inject_frame(buf, buf_sz);
626
627 free(buf);
628
629 usleep(1e4); // 10ms
630 }
631 sleep(1);
632 }
633}
634
635void inject_actions() {
636 while (1) {
637 printf("Sending 50 action frames, then sleeping for 1 second\n");
638 for (int i = 0; i < 50; ++i) {
639 struct libwifi_action action;
640 memset(&action, 0, sizeof(struct libwifi_action));
641
642 libwifi_create_action(&action, to, from, ACTION_FAST_BSS_TRANSITION);
643
644 unsigned char *action_buf = malloc(256);
645 memset(action_buf, 0, 256);
646
647 size_t offset = 0;
648 size_t w = 0;
649
650 memcpy(action_buf, "\x01", 1); // Fast BSS Request
651 offset += 1;
652 memcpy(action_buf + offset, "\xAA\xBB\xCC\xDD\xEE\xFF", 6); // STA Address
653 offset += 6;
654 memcpy(action_buf + offset, "\xFF\xEE\xDD\xCC\xBB\xAA", 6); // AP Address
655 offset += 6;
656
657 unsigned char *tag_tmp = malloc(256);
658 memset(tag_tmp, 0, 256);
659
660 struct libwifi_tagged_parameter rsne = {0};
661 size_t tsz = libwifi_create_tag(&rsne, TAG_RSN, (const unsigned char * )"\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x02\x00\x00", 20);
662 w = libwifi_dump_tag(&rsne, tag_tmp, tsz);
663 memcpy(action_buf + offset, tag_tmp, w);
664 offset += w;
665
666
667 struct libwifi_tagged_parameter mobdom = {0};
668 tsz = libwifi_create_tag(&mobdom, TAG_MOBILITY_DOMAIN, (const unsigned char*)"\x00\x11\x01", 3);
669 memset(tag_tmp, 0, tsz);
670 w = libwifi_dump_tag(&mobdom, tag_tmp, tsz);
671 memcpy(action_buf + offset, tag_tmp, w);
672 offset += w;
673 libwifi_free_tag(&mobdom);
674
675 struct libwifi_tagged_parameter fbss = {0};
676 tsz = libwifi_create_tag(&fbss, TAG_FAST_BSS_TRANSITION, (const unsigned char*)"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xAA\xBB\xCC\xDD\xEE\xFF\xAA\xBB\xCC\xDD\xEE\xFF\xAA\xBB\xCC\xDD\xEE\xFF\xAA\xBB\xCC\xDD\xEE\xFF\xAA\xBB\xCC\xDD\xEE\xFF\xAA\x03\x04\xAA\xBB\x04\xAA\xBB\xCC\xDD", 88);
677 memset(tag_tmp, 0, tsz);
678 w = libwifi_dump_tag(&fbss, tag_tmp, tsz);
679 memcpy(action_buf + offset, tag_tmp, w);
680 offset += w;
681 libwifi_free_tag(&fbss);
682
683 libwifi_add_action_detail(&action.fixed_parameters.details, action_buf, offset);
684
685 unsigned char *buf = NULL;
686 size_t buf_sz = libwifi_get_action_length(&action);
687
688 buf = malloc(buf_sz);
689 if (buf == NULL) {
690 printf("malloc failure: %s", strerror(errno));
691 exit(EXIT_FAILURE);
692 }
693
694 printf("Injecting actions with:\n");
695 printf("\tAction: %d\n", ACTION_FAST_BSS_TRANSITION);
696 printf("\tSource: " MACSTR "\n", MAC2STR(from));
697 printf("\tDestination: " MACSTR "\n", MAC2STR(to));
698
699 libwifi_dump_action(&action, buf, buf_sz);
700 inject_frame(buf, buf_sz);
701
702 free(buf);
703
704 usleep(1e4); // 10ms
705 }
706 sleep(1);
707 }
708}
709
710void inject_atim() {
711 while (1) {
712 printf("Sending 50 ATIM frames, then sleeping for 1 second\n");
713 for (int i = 0; i < 50; ++i) {
714 struct libwifi_atim atim = {0};
715
716 libwifi_create_atim(&atim, to, from, from);
717
718 inject_frame(&atim, sizeof(struct libwifi_atim));
719
720 usleep(1e4); // 10ms
721 }
722 sleep(1);
723 }
724}
725
726void inject_rts() {
727 while (1) {
728 printf("Sending 50 RTS frames, then sleeping for 1 second\n");
729 for (int i = 0; i < 50; ++i) {
730 struct libwifi_rts rts = {0};
731
732 libwifi_create_rts(&rts, to, from, 32);
733
734 inject_frame(&rts, sizeof(struct libwifi_rts));
735
736 usleep(1e4); // 10ms
737 }
738 sleep(1);
739 }
740}
741
742void inject_cts() {
743 while (1) {
744 printf("Sending 50 CTS frames, then sleeping for 1 second\n");
745 for (int i = 0; i < 50; ++i) {
746 struct libwifi_cts cts = {0};
747
748 libwifi_create_cts(&cts, to, 32);
749
750 inject_frame(&cts, sizeof(struct libwifi_cts));
751
752 usleep(1e4); // 10ms
753 }
754 sleep(1);
755 }
756}
757
758void help(const char *name) {
759 fprintf(stderr, "Usage:\n");
760 fprintf(stderr, "\t%s --interface [interface] [--mode]\n", name);
761 fprintf(stderr, "\t\tor\n");
762 fprintf(stderr, "\t%s --file [output file] [--mode]\n", name);
763 fprintf(stderr, "\n");
764 fprintf(stderr, "Modes:\n");
765 fprintf(stderr, "\t--beacon\n");
766 fprintf(stderr, "\t--random-beacon\n");
767 fprintf(stderr, "\t--probe-req\n");
768 fprintf(stderr, "\t--probe-resp\n");
769 fprintf(stderr, "\t--deauth\n");
770 fprintf(stderr, "\t--disassoc\n");
771 fprintf(stderr, "\t--assoc-req\n");
772 fprintf(stderr, "\t--assoc-resp\n");
773 fprintf(stderr, "\t--reassoc-req\n");
774 fprintf(stderr, "\t--reassoc-resp\n");
775 fprintf(stderr, "\t--auth\n");
776 fprintf(stderr, "\t--timing-ad\n");
777 fprintf(stderr, "\t--atim\n");
778 fprintf(stderr, "\t--rts\n");
779 fprintf(stderr, "\t--cts\n");
780}
781
782void handle_args(int argc, const char *argv[]) {
783 char errbuf[PCAP_ERRBUF_SIZE];
784 memset(errbuf, 0, PCAP_ERRBUF_SIZE);
785
786 if (argc < 4) {
787 help(argv[0]);
788 exit(EXIT_SUCCESS);
789 }
790
791 if (strcmp(argv[1], "--file") == 0) {
792 inject_mode = OFFLINE_DUMP;
793
794 filename = fopen(argv[2], "w+");
795 if ((handle = pcap_open_dead(DLT_IEEE802_11_RADIO, BUFSIZ)) == NULL) {
796 fprintf(stderr, "1 %s: %s\n", argv[2], errbuf);
797 exit(EXIT_FAILURE);
798 }
799 if ((outputHandle = pcap_dump_fopen(handle, filename)) == NULL) {
800 fprintf(stderr, "2 %s: %s\n", argv[2], errbuf);
801 exit(EXIT_FAILURE);
802 }
803 } else if (strcmp(argv[1], "--interface") == 0) {
804 inject_mode = LIVE_INJECT;
805
806 if ((handle = pcap_create(argv[2], errbuf)) == NULL) {
807 fprintf(stderr, "Couldn't open interface %s: %s\n", argv[2], errbuf);
808 exit(EXIT_FAILURE);
809 }
810 if (pcap_activate(handle) == 0) {
811 printf("Sniffing on %s\n", argv[2]);
812 } else {
813 fprintf(stderr, "Couldn't activate %s: %s\n", argv[2], pcap_geterr(handle));
814 exit(EXIT_FAILURE);
815 }
816 } else {
817 help(argv[0]);
818 exit(EXIT_SUCCESS);
819 }
820
821 if (strcmp(argv[3], "--beacon") == 0) {
822 mode = MODE_BEACON;
823 } else if (strcmp(argv[3], "--random-beacon") == 0) {
824 mode = MODE_RANDOM_BEACON;
825 } else if (strcmp(argv[3], "--probe-resp") == 0) {
826 mode = MODE_PROBE_RESPONSE;
827 } else if (strcmp(argv[3], "--probe-req") == 0) {
828 mode = MODE_PROBE_REQUEST;
829 } else if (strcmp(argv[3], "--deauth") == 0) {
830 mode = MODE_DEAUTH;
831 } else if (strcmp(argv[3], "--disassoc") == 0) {
832 mode = MODE_DISASSOC;
833 } else if (strcmp(argv[3], "--assoc-resp") == 0) {
834 mode = MODE_ASSOC_RESPONSE;
835 } else if (strcmp(argv[3], "--assoc-req") == 0) {
836 mode = MODE_ASSOC_REQUEST;
837 } else if (strcmp(argv[3], "--reassoc-resp") == 0) {
838 mode = MODE_REASSOC_RESPONSE;
839 } else if (strcmp(argv[3], "--reassoc-req") == 0) {
840 mode = MODE_REASSOC_REQUEST;
841 } else if (strcmp(argv[3], "--auth") == 0) {
842 mode = MODE_AUTH;
843 } else if (strcmp(argv[3], "--timing-ad") == 0) {
844 mode = MODE_TIMING_AD;
845 } else if (strcmp(argv[3], "--action") == 0) {
846 mode = MODE_ACTION;
847 } else if (strcmp(argv[3], "--action-noack") == 0) {
848 mode = MODE_ACTION_NOACK;
849 } else if (strcmp(argv[3], "--atim") == 0) {
850 mode = MODE_ATIM;
851 } else if (strcmp(argv[3], "--rts") == 0) {
852 mode = MODE_RTS;
853 } else if (strcmp(argv[3], "--cts") == 0) {
854 mode = MODE_CTS;
855 } else {
856 help(argv[0]);
857 exit(EXIT_SUCCESS);
858 }
859}
860
861int main(int argc, const char *argv[]) {
862 signal(SIGINT, handle_interupt);
863 handle_args(argc, argv);
864
865 printf("Starting in 5 seconds...\n");
866
867 sleep(5);
868
869 switch (mode) {
870 case MODE_BEACON:
871 inject_beacons(0);
872 break;
873 case MODE_RANDOM_BEACON:
874 inject_beacons(1);
875 break;
876 case MODE_PROBE_RESPONSE:
877 inject_probe_responses();
878 break;
879 case MODE_PROBE_REQUEST:
880 inject_probe_requests();
881 break;
882 case MODE_DEAUTH:
883 inject_deauths();
884 break;
885 case MODE_DISASSOC:
886 inject_disassocs();
887 break;
888 case MODE_ASSOC_REQUEST:
889 inject_assoc_requests();
890 break;
891 case MODE_ASSOC_RESPONSE:
892 inject_assoc_responses();
893 break;
894 case MODE_REASSOC_REQUEST:
895 inject_reassoc_requests();
896 break;
897 case MODE_REASSOC_RESPONSE:
898 inject_reassoc_responses();
899 break;
900 case MODE_AUTH:
901 inject_auths();
902 break;
903 case MODE_ACTION:
904 inject_actions();
905 break;
906 case MODE_ACTION_NOACK:
907 inject_action_noacks();
908 break;
909 case MODE_TIMING_AD:
910 inject_timing_ads();
911 break;
912 case MODE_ATIM:
913 inject_atim();
914 break;
915 case MODE_RTS:
916 inject_rts();
917 break;
918 case MODE_CTS:
919 inject_cts();
920 break;
921 }
922
923 return 0;
924}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-07-04 09:53:59 +0000