From ae6c98a48da409d040604aeffb84a38155fb5bac Mon Sep 17 00:00:00 2001 From: Marc Date: Tue, 30 Nov 2021 22:39:26 +0000 Subject: Initial Commit Signed-off-by: Marc --- test/src/test_generation.c | 924 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 924 insertions(+) create mode 100644 test/src/test_generation.c (limited to 'test/src/test_generation.c') diff --git a/test/src/test_generation.c b/test/src/test_generation.c new file mode 100644 index 0000000..407e87f --- /dev/null +++ b/test/src/test_generation.c @@ -0,0 +1,924 @@ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "helpers.h" + +#define LIVE_INJECT 0 +#define OFFLINE_DUMP 1 + +#define MODE_BEACON 0 +#define MODE_PROBE_RESPONSE 1 +#define MODE_PROBE_REQUEST 2 +#define MODE_DEAUTH 3 +#define MODE_DISASSOC 4 +#define MODE_ASSOC_RESPONSE 5 +#define MODE_ASSOC_REQUEST 6 +#define MODE_REASSOC_RESPONSE 7 +#define MODE_REASSOC_REQUEST 8 +#define MODE_AUTH 9 +#define MODE_RTS 10 +#define MODE_CTS 11 +#define MODE_RANDOM_BEACON 12 +#define MODE_ACTION 13 +#define MODE_ACTION_NOACK 14 +#define MODE_TIMING_AD 15 +#define MODE_ATIM 16 + +#define SNAPLEN 96 +#define CHANNEL 11 +#define BCAST_MAC "\xff\xff\xff\xff\xff\xff" +#define TO_MAC "\x00\x20\x91\xAA\xBB\xCC" +#define FROM_MAC "\x00\x20\x91\x11\x22\x33" +#define REASSOC_MAC "\xAA\xBB\xCC\xDD\xEE\xFF" +#define BEACON_SSID "libwifi-beacon" +#define PROBE_RESP_SSID "libwifi-probe-resp" +#define PROBE_REQ_SSID "libwifi-probe-req" +#define ASSOC_REQ_SSID "libwifi-assoc-req" +#define REASSOC_REQ_SSID "libwifi-reassoc-req" + +pcap_t *handle = NULL; +pcap_dumper_t *outputHandle = NULL; +FILE *filename = NULL; + +static unsigned char to[] = TO_MAC; +static unsigned char from[] = FROM_MAC; +static unsigned char bcast[] = BCAST_MAC; +static unsigned char reassoc_mac[] = REASSOC_MAC; +static unsigned char tag_data[] = "\x00\x00\00\x01This is a 221 tag from libwifi.\n"; + +static int mode = 0; +static int inject_mode = 0; + +void handle_interupt(int signal) { + if (signal == SIGINT) { + int oldmode = inject_mode; + mode = -1; + inject_mode = -1; + + if (oldmode == LIVE_INJECT) { + pcap_close(handle); + printf("\n\nClosed Capture Handle!\n"); + } else if (oldmode == OFFLINE_DUMP) { + pcap_dump_flush(outputHandle); + pcap_dump_close(outputHandle); + printf("\n\nDumped and Closed Output File!\n"); + } + + exit(EXIT_SUCCESS); + } +} + +void inject_frame(void *buf, size_t buf_sz) { + struct libwifi_radiotap_info info = {0}; + info.present = 0x0000002e; // 0x002e: Flags, Rate, Channel, dBm Ant Signal + info.channel.flags = 0x0140; // OFDM, 5GHz + info.channel.freq = 5180; // Channel 46 + info.flags = 0x0000; // No Flags + info.rate = 1; // 1 Mbit + info.rate_raw = info.rate * 2; // Radiotap uses 500kb/s increments + info.signal = -20; // Signal in dBm + + char *rtap = NULL; + rtap = malloc(LIBWIFI_MAX_RADIOTAP_LEN); + if (rtap == NULL) { + printf("malloc failure: %s\n", strerror(errno)); + return; + } + memset(rtap, 0, LIBWIFI_MAX_RADIOTAP_LEN); + + int rtap_len = libwifi_create_radiotap(&info, rtap); + if (rtap_len == -1) { + printf("error generating radiotap header\n"); + return; + } + + void *frame = NULL; + size_t frame_sz = rtap_len + buf_sz; + frame = malloc(frame_sz); + if (frame == NULL) { + printf("malloc failure: %s\n", strerror(errno)); + exit(EXIT_FAILURE); + } + + memcpy(frame, rtap, rtap_len); + memcpy(frame + rtap_len, buf, buf_sz); + + hexdump(rtap, rtap_len); + printf("-----\n"); + hexdump(frame, frame_sz); + + if (inject_mode == LIVE_INJECT) { + pcap_inject(handle, frame, frame_sz); + } else if (inject_mode == OFFLINE_DUMP) { + struct pcap_pkthdr hdr = {0}; + hdr.caplen = frame_sz; + hdr.len = frame_sz; + struct timeval tv; + gettimeofday(&tv, NULL); + hdr.ts = tv; + pcap_dump((unsigned char *) outputHandle, &hdr, frame); + } + + free(rtap); + free(frame); +} + +void inject_beacons(int random_mac) { + while (1) { + printf("Sending 50 beacons...\n"); + for (int i = 0; i < 50; ++i) { + struct libwifi_beacon beacon; + unsigned char txmac[6] = {0}; + memset(&beacon, 0, sizeof(struct libwifi_beacon)); + + if (random_mac) { + libwifi_random_mac(txmac, NULL); + } else { + memcpy(txmac, FROM_MAC, 6); + } + libwifi_create_beacon(&beacon, bcast, txmac, BEACON_SSID, CHANNEL); + libwifi_quick_add_tag(&beacon.tags, TAG_VENDOR_SPECIFIC, tag_data, sizeof(tag_data)); + + unsigned char *buf = NULL; + size_t buf_sz = libwifi_get_beacon_length(&beacon); + + buf = malloc(buf_sz); + if (buf == NULL) { + printf("malloc failure: %s", strerror(errno)); + exit(EXIT_FAILURE); + } + + printf("Injecting beacon with:\n"); + printf("\tSSID: %s\n", BEACON_SSID); + printf("\tChannel: %d\n", CHANNEL); + printf("\tSource: " MACSTR "\n", MAC2STR(txmac)); + printf("\tDestination: " MACSTR "\n", MAC2STR(bcast)); + + libwifi_dump_beacon(&beacon, buf, buf_sz); + inject_frame(buf, buf_sz); + + libwifi_free_beacon(&beacon); + free(buf); + usleep(1e4); // 10ms + } + sleep(1); + } +} + +void inject_probe_responses() { + while (1) { + printf("Sending 50 probe responses, then sleeping for 1 second\n"); + for (int i = 0; i < 50; ++i) { + struct libwifi_probe_resp probe_resp; + memset(&probe_resp, 0, sizeof(struct libwifi_probe_resp)); + + libwifi_create_probe_resp(&probe_resp, to, from, PROBE_RESP_SSID, CHANNEL); + libwifi_quick_add_tag(&probe_resp.tags, TAG_VENDOR_SPECIFIC, tag_data, sizeof(tag_data)); + + unsigned char *buf = NULL; + size_t buf_sz = libwifi_get_probe_resp_length(&probe_resp); + + buf = malloc(buf_sz); + if (buf == NULL) { + printf("malloc failure: %s", strerror(errno)); + exit(EXIT_FAILURE); + } + + printf("Injecting probe responses with:\n"); + printf("\tSSID: %s\n", PROBE_RESP_SSID); + printf("\tChannel: %d\n", CHANNEL); + printf("\tSource: " MACSTR "\n", MAC2STR(from)); + printf("\tDestination: " MACSTR "\n", MAC2STR(to)); + + libwifi_dump_probe_resp(&probe_resp, buf, buf_sz); + inject_frame(buf, buf_sz); + + libwifi_free_probe_resp(&probe_resp); + free(buf); + usleep(1e4); // 10ms + } + sleep(1); + } +} + +void inject_probe_requests() { + while (1) { + printf("Sending 50 probe responses, then sleeping for 1 second\n"); + for (int i = 0; i < 50; ++i) { + struct libwifi_probe_req probe; + memset(&probe, 0, sizeof(struct libwifi_probe_req)); + + libwifi_create_probe_req(&probe, to, from, to, PROBE_REQ_SSID, CHANNEL); + + unsigned char *buf = NULL; + size_t buf_sz = libwifi_get_probe_req_length(&probe); + + buf = malloc(buf_sz); + if (buf == NULL) { + printf("malloc failure: %s", strerror(errno)); + exit(EXIT_FAILURE); + } + + printf("Injecting probe requests with:\n"); + printf("\tSSID: %s\n", PROBE_REQ_SSID); + printf("\tChannel: %d\n", CHANNEL); + printf("\tSource: " MACSTR "\n", MAC2STR(from)); + printf("\tDestination: " MACSTR "\n", MAC2STR(to)); + + libwifi_dump_probe_req(&probe, buf, buf_sz); + inject_frame(buf, buf_sz); + + libwifi_free_probe_req(&probe); + free(buf); + + usleep(1e4); // 10ms + } + sleep(1); + } +} + +void inject_deauths() { + while (1) { + printf("Sending 50 probe responses, then sleeping for 1 second\n"); + for (int i = 0; i < 50; ++i) { + struct libwifi_deauth deauth; + memset(&deauth, 0, sizeof(struct libwifi_deauth)); + + libwifi_create_deauth(&deauth, to, from, REASON_STA_LEAVING); + + unsigned char *buf = NULL; + size_t buf_sz = libwifi_get_deauth_length(&deauth); + + buf = malloc(buf_sz); + if (buf == NULL) { + printf("malloc failure: %s", strerror(errno)); + exit(EXIT_FAILURE); + } + + printf("Injecting deauths with:\n"); + printf("\tChannel: %d\n", CHANNEL); + printf("\tReason: %d\n", REASON_STA_LEAVING); + printf("\tSource: " MACSTR "\n", MAC2STR(from)); + printf("\tDestination: " MACSTR "\n", MAC2STR(to)); + + libwifi_dump_deauth(&deauth, buf, buf_sz); + inject_frame(buf, buf_sz); + + free(buf); + + usleep(1e4); // 10ms + } + sleep(1); + } +} + +void inject_disassocs() { + while (1) { + printf("Sending 50 probe responses, then sleeping for 1 second\n"); + for (int i = 0; i < 50; ++i) { + struct libwifi_disassoc disassoc; + memset(&disassoc, 0, sizeof(struct libwifi_disassoc)); + + libwifi_create_disassoc(&disassoc, to, from, REASON_STA_LEAVING); + + unsigned char *buf = NULL; + size_t buf_sz = libwifi_get_disassoc_length(&disassoc); + + buf = malloc(buf_sz); + if (buf == NULL) { + printf("malloc failure: %s", strerror(errno)); + exit(EXIT_FAILURE); + } + + printf("Injecting disassocs with:\n"); + printf("\tChannel: %d\n", CHANNEL); + printf("\tReason: %d\n", REASON_STA_LEAVING); + printf("\tSource: " MACSTR "\n", MAC2STR(from)); + printf("\tDestination: " MACSTR "\n", MAC2STR(to)); + + libwifi_dump_disassoc(&disassoc, buf, buf_sz); + inject_frame(buf, buf_sz); + + free(buf); + + usleep(1e4); // 10ms + } + sleep(1); + } +} + +void inject_assoc_requests() { + while (1) { + printf("Sending 50 association requests, then sleeping for 1 second\n"); + for (int i = 0; i < 50; ++i) { + struct libwifi_assoc_req assoc_req; + memset(&assoc_req, 0, sizeof(struct libwifi_assoc_req)); + + libwifi_create_assoc_req(&assoc_req, to, from, ASSOC_REQ_SSID, CHANNEL); + + unsigned char *buf = NULL; + size_t buf_sz = libwifi_get_assoc_req_length(&assoc_req); + + buf = malloc(buf_sz); + if (buf == NULL) { + printf("malloc failure: %s", strerror(errno)); + exit(EXIT_FAILURE); + } + + printf("Injecting association requests with:\n"); + printf("\tChannel: %d\n", CHANNEL); + printf("\tSource: " MACSTR "\n", MAC2STR(from)); + printf("\tDestination: " MACSTR "\n", MAC2STR(to)); + + libwifi_dump_assoc_req(&assoc_req, buf, buf_sz); + inject_frame(buf, buf_sz); + + free(buf); + libwifi_free_assoc_req(&assoc_req); + + usleep(1e4); // 10ms + } + sleep(1); + } +} + +void inject_assoc_responses() { + while (1) { + printf("Sending 50 association responses, then sleeping for 1 second\n"); + for (int i = 0; i < 50; ++i) { + struct libwifi_assoc_resp assoc_resp; + memset(&assoc_resp, 0, sizeof(struct libwifi_assoc_req)); + + libwifi_create_assoc_resp(&assoc_resp, to, from, CHANNEL); + + unsigned char *buf = NULL; + size_t buf_sz = libwifi_get_assoc_resp_length(&assoc_resp); + + buf = malloc(buf_sz); + if (buf == NULL) { + printf("malloc failure: %s", strerror(errno)); + exit(EXIT_FAILURE); + } + + printf("Injecting association responses with:\n"); + printf("\tChannel: %d\n", CHANNEL); + printf("\tSource: " MACSTR "\n", MAC2STR(from)); + printf("\tDestination: " MACSTR "\n", MAC2STR(to)); + + libwifi_dump_assoc_resp(&assoc_resp, buf, buf_sz); + inject_frame(buf, buf_sz); + + free(buf); + libwifi_free_assoc_resp(&assoc_resp); + + usleep(1e4); // 10ms + } + sleep(1); + } +} + +void inject_reassoc_requests() { + while (1) { + printf("Sending 50 reassociation requests, then sleeping for 1 second\n"); + for (int i = 0; i < 50; ++i) { + struct libwifi_reassoc_req reassoc_req; + memset(&reassoc_req, 0, sizeof(struct libwifi_assoc_req)); + + libwifi_create_reassoc_req(&reassoc_req, to, from, reassoc_mac, REASSOC_REQ_SSID, CHANNEL); + + unsigned char *buf = NULL; + size_t buf_sz = libwifi_get_reassoc_req_length(&reassoc_req); + + buf = malloc(buf_sz); + if (buf == NULL) { + printf("malloc failure: %s", strerror(errno)); + exit(EXIT_FAILURE); + } + + printf("Injecting reassociation requests with:\n"); + printf("\tChannel: %d\n", CHANNEL); + printf("\tSource: " MACSTR "\n", MAC2STR(from)); + printf("\tDestination: " MACSTR "\n", MAC2STR(to)); + printf("\tPrevious BSSID: " MACSTR "\n", MAC2STR(reassoc_mac)); + + libwifi_dump_reassoc_req(&reassoc_req, buf, buf_sz); + inject_frame(buf, buf_sz); + + free(buf); + libwifi_free_reassoc_req(&reassoc_req); + + usleep(1e4); // 10ms + } + sleep(1); + } +} + +void inject_reassoc_responses() { + while (1) { + printf("Sending 50 reassociation responses, then sleeping for 1 second\n"); + for (int i = 0; i < 50; ++i) { + struct libwifi_reassoc_resp reassoc_resp; + memset(&reassoc_resp, 0, sizeof(struct libwifi_assoc_req)); + + libwifi_create_reassoc_resp(&reassoc_resp, to, from, CHANNEL); + + unsigned char *buf = NULL; + size_t buf_sz = libwifi_get_reassoc_resp_length(&reassoc_resp); + + buf = malloc(buf_sz); + if (buf == NULL) { + printf("malloc failure: %s", strerror(errno)); + exit(EXIT_FAILURE); + } + + printf("Injecting reassociation responses with:\n"); + printf("\tChannel: %d\n", CHANNEL); + printf("\tSource: " MACSTR "\n", MAC2STR(from)); + printf("\tDestination: " MACSTR "\n", MAC2STR(to)); + + libwifi_dump_reassoc_resp(&reassoc_resp, buf, buf_sz); + inject_frame(buf, buf_sz); + + free(buf); + libwifi_free_reassoc_resp(&reassoc_resp); + + usleep(1e4); // 10ms + } + sleep(1); + } +} + +void inject_auths() { + while (1) { + printf("Sending 50 auth frames, then sleeping for 1 second\n"); + for (int i = 0; i < 50; ++i) { + struct libwifi_auth auth; + memset(&auth, 0, sizeof(struct libwifi_deauth)); + + libwifi_create_auth(&auth, to, from, AUTH_OPEN, 0, STATUS_SUCCESS); + + unsigned char *buf = NULL; + size_t buf_sz = libwifi_get_auth_length(&auth); + + buf = malloc(buf_sz); + if (buf == NULL) { + printf("malloc failure: %s", strerror(errno)); + exit(EXIT_FAILURE); + } + + libwifi_dump_auth(&auth, buf, buf_sz); + inject_frame(buf, buf_sz); + + free(buf); + + memset(&auth, 0, sizeof(struct libwifi_deauth)); + + libwifi_create_auth(&auth, from, to, AUTH_OPEN, 1, STATUS_SUCCESS); + + buf = NULL; + buf_sz = libwifi_get_auth_length(&auth); + + buf = malloc(buf_sz); + if (buf == NULL) { + printf("malloc failure: %s", strerror(errno)); + exit(EXIT_FAILURE); + } + + printf("Injecting auths with:\n"); + printf("\tChannel: %d\n", CHANNEL); + printf("\tAlgorithm: %d\n", AUTH_OPEN); + printf("\tSource: " MACSTR "\n", MAC2STR(from)); + printf("\tDestination: " MACSTR "\n", MAC2STR(to)); + + libwifi_dump_auth(&auth, buf, buf_sz); + inject_frame(buf, buf_sz); + + free(buf); + usleep(1e4); // 10ms + } + sleep(1); + } +} + +void inject_timing_ads() { + while (1) { + printf("Sending 50 timing advertisement frames, then sleeping for 1 second\n"); + for (int i = 0; i < 50; ++i) { + struct libwifi_timing_advert time_ad = {0}; + struct libwifi_timing_advert_fields ad_fields = {0}; + + ad_fields.timing_capabilities = 2; + memcpy(ad_fields.time_error, "\xCC\xCC\xCC\xCC\xCC", 5); + memcpy(ad_fields.time_update, "\xBB", 1); + memcpy(ad_fields.time_value, + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA", 10); + + libwifi_create_timing_advert(&time_ad, to, from, &ad_fields, "GB", -56, -56, -30, -20); + + unsigned char *buf = NULL; + size_t buf_len = libwifi_get_timing_advert_length(&time_ad); + buf = malloc(buf_len); + if (buf == NULL) { + printf("malloc failure: %s", strerror(errno)); + exit(EXIT_FAILURE); + } + printf("buf_len: %zu\n", buf_len); + + size_t ret = libwifi_dump_timing_advert(&time_ad, buf, buf_len); + if (ret < 0) { + printf("error dump: %zu\n", ret); + exit(EXIT_FAILURE); + } + hexdump(buf, buf_len); + inject_frame(buf, buf_len); + + free(buf); + libwifi_free_timing_advert(&time_ad); + + usleep(1e4); // 10ms + } + sleep(1); + } +} + +void inject_action_noacks() { + while (1) { + printf("Sending 50 action no ack frames, then sleeping for 1 second\n"); + for (int i = 0; i < 50; ++i) { + struct libwifi_action action; + memset(&action, 0, sizeof(struct libwifi_action)); + + libwifi_create_action_no_ack(&action, to, from, ACTION_FAST_BSS_TRANSITION); + + unsigned char *action_buf = malloc(256); + memset(action_buf, 0, 256); + + size_t offset = 0; + size_t w = 0; + + memcpy(action_buf, "\x01", 1); // Fast BSS Request + offset += 1; + memcpy(action_buf + offset, "\xAA\xBB\xCC\xDD\xEE\xFF", 6); // STA Address + offset += 6; + memcpy(action_buf + offset, "\xFF\xEE\xDD\xCC\xBB\xAA", 6); // AP Address + offset += 6; + + unsigned char *tag_tmp = malloc(256); + memset(tag_tmp, 0, 256); + + struct libwifi_tagged_parameter rsne = {0}; + size_t tsz = libwifi_create_tag(&rsne, TAG_RSN, (const unsigned char * )"\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x02\x00\x00", 20); + w = libwifi_dump_tag(&rsne, tag_tmp, tsz); + memcpy(action_buf + offset, tag_tmp, w); + offset += w; + + + struct libwifi_tagged_parameter mobdom = {0}; + tsz = libwifi_create_tag(&mobdom, TAG_MOBILITY_DOMAIN, (const unsigned char*)"\x00\x11\x01", 3); + memset(tag_tmp, 0, tsz); + w = libwifi_dump_tag(&mobdom, tag_tmp, tsz); + memcpy(action_buf + offset, tag_tmp, w); + offset += w; + libwifi_free_tag(&mobdom); + + struct libwifi_tagged_parameter fbss = {0}; + tsz = libwifi_create_tag(&fbss, TAG_FAST_BSS_TRANSITION, (const unsigned char*)"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xAA\xBB\xCC\xDD\xEE\xFF\xAA\xBB\xCC\xDD\xEE\xFF\xAA\xBB\xCC\xDD\xEE\xFF\xAA\xBB\xCC\xDD\xEE\xFF\xAA\xBB\xCC\xDD\xEE\xFF\xAA\x03\x04\xAA\xBB\x04\xAA\xBB\xCC\xDD", 88); + memset(tag_tmp, 0, tsz); + w = libwifi_dump_tag(&fbss, tag_tmp, tsz); + memcpy(action_buf + offset, tag_tmp, w); + offset += w; + libwifi_free_tag(&fbss); + + libwifi_add_action_detail(&action.fixed_parameters.details, action_buf, offset); + + unsigned char *buf = NULL; + size_t buf_sz = libwifi_get_action_length(&action); + + buf = malloc(buf_sz); + if (buf == NULL) { + printf("malloc failure: %s", strerror(errno)); + exit(EXIT_FAILURE); + } + + printf("Injecting actions with:\n"); + printf("\tAction: %d\n", ACTION_FAST_BSS_TRANSITION); + printf("\tSource: " MACSTR "\n", MAC2STR(from)); + printf("\tDestination: " MACSTR "\n", MAC2STR(to)); + + libwifi_dump_action(&action, buf, buf_sz); + inject_frame(buf, buf_sz); + + free(buf); + + usleep(1e4); // 10ms + } + sleep(1); + } +} + +void inject_actions() { + while (1) { + printf("Sending 50 action frames, then sleeping for 1 second\n"); + for (int i = 0; i < 50; ++i) { + struct libwifi_action action; + memset(&action, 0, sizeof(struct libwifi_action)); + + libwifi_create_action(&action, to, from, ACTION_FAST_BSS_TRANSITION); + + unsigned char *action_buf = malloc(256); + memset(action_buf, 0, 256); + + size_t offset = 0; + size_t w = 0; + + memcpy(action_buf, "\x01", 1); // Fast BSS Request + offset += 1; + memcpy(action_buf + offset, "\xAA\xBB\xCC\xDD\xEE\xFF", 6); // STA Address + offset += 6; + memcpy(action_buf + offset, "\xFF\xEE\xDD\xCC\xBB\xAA", 6); // AP Address + offset += 6; + + unsigned char *tag_tmp = malloc(256); + memset(tag_tmp, 0, 256); + + struct libwifi_tagged_parameter rsne = {0}; + size_t tsz = libwifi_create_tag(&rsne, TAG_RSN, (const unsigned char * )"\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x02\x00\x00", 20); + w = libwifi_dump_tag(&rsne, tag_tmp, tsz); + memcpy(action_buf + offset, tag_tmp, w); + offset += w; + + + struct libwifi_tagged_parameter mobdom = {0}; + tsz = libwifi_create_tag(&mobdom, TAG_MOBILITY_DOMAIN, (const unsigned char*)"\x00\x11\x01", 3); + memset(tag_tmp, 0, tsz); + w = libwifi_dump_tag(&mobdom, tag_tmp, tsz); + memcpy(action_buf + offset, tag_tmp, w); + offset += w; + libwifi_free_tag(&mobdom); + + struct libwifi_tagged_parameter fbss = {0}; + tsz = libwifi_create_tag(&fbss, TAG_FAST_BSS_TRANSITION, (const unsigned char*)"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xAA\xBB\xCC\xDD\xEE\xFF\xAA\xBB\xCC\xDD\xEE\xFF\xAA\xBB\xCC\xDD\xEE\xFF\xAA\xBB\xCC\xDD\xEE\xFF\xAA\xBB\xCC\xDD\xEE\xFF\xAA\x03\x04\xAA\xBB\x04\xAA\xBB\xCC\xDD", 88); + memset(tag_tmp, 0, tsz); + w = libwifi_dump_tag(&fbss, tag_tmp, tsz); + memcpy(action_buf + offset, tag_tmp, w); + offset += w; + libwifi_free_tag(&fbss); + + libwifi_add_action_detail(&action.fixed_parameters.details, action_buf, offset); + + unsigned char *buf = NULL; + size_t buf_sz = libwifi_get_action_length(&action); + + buf = malloc(buf_sz); + if (buf == NULL) { + printf("malloc failure: %s", strerror(errno)); + exit(EXIT_FAILURE); + } + + printf("Injecting actions with:\n"); + printf("\tAction: %d\n", ACTION_FAST_BSS_TRANSITION); + printf("\tSource: " MACSTR "\n", MAC2STR(from)); + printf("\tDestination: " MACSTR "\n", MAC2STR(to)); + + libwifi_dump_action(&action, buf, buf_sz); + inject_frame(buf, buf_sz); + + free(buf); + + usleep(1e4); // 10ms + } + sleep(1); + } +} + +void inject_atim() { + while (1) { + printf("Sending 50 ATIM frames, then sleeping for 1 second\n"); + for (int i = 0; i < 50; ++i) { + struct libwifi_atim atim = {0}; + + libwifi_create_atim(&atim, to, from, from); + + inject_frame(&atim, sizeof(struct libwifi_atim)); + + usleep(1e4); // 10ms + } + sleep(1); + } +} + +void inject_rts() { + while (1) { + printf("Sending 50 RTS frames, then sleeping for 1 second\n"); + for (int i = 0; i < 50; ++i) { + struct libwifi_rts rts = {0}; + + libwifi_create_rts(&rts, to, from, 32); + + inject_frame(&rts, sizeof(struct libwifi_rts)); + + usleep(1e4); // 10ms + } + sleep(1); + } +} + +void inject_cts() { + while (1) { + printf("Sending 50 CTS frames, then sleeping for 1 second\n"); + for (int i = 0; i < 50; ++i) { + struct libwifi_cts cts = {0}; + + libwifi_create_cts(&cts, to, 32); + + inject_frame(&cts, sizeof(struct libwifi_cts)); + + usleep(1e4); // 10ms + } + sleep(1); + } +} + +void help(const char *name) { + fprintf(stderr, "Usage:\n"); + fprintf(stderr, "\t%s --interface [interface] [--mode]\n", name); + fprintf(stderr, "\t\tor\n"); + fprintf(stderr, "\t%s --file [output file] [--mode]\n", name); + fprintf(stderr, "\n"); + fprintf(stderr, "Modes:\n"); + fprintf(stderr, "\t--beacon\n"); + fprintf(stderr, "\t--random-beacon\n"); + fprintf(stderr, "\t--probe-req\n"); + fprintf(stderr, "\t--probe-resp\n"); + fprintf(stderr, "\t--deauth\n"); + fprintf(stderr, "\t--disassoc\n"); + fprintf(stderr, "\t--assoc-req\n"); + fprintf(stderr, "\t--assoc-resp\n"); + fprintf(stderr, "\t--reassoc-req\n"); + fprintf(stderr, "\t--reassoc-resp\n"); + fprintf(stderr, "\t--auth\n"); + fprintf(stderr, "\t--timing-ad\n"); + fprintf(stderr, "\t--atim\n"); + fprintf(stderr, "\t--rts\n"); + fprintf(stderr, "\t--cts\n"); +} + +void handle_args(int argc, const char *argv[]) { + char errbuf[PCAP_ERRBUF_SIZE]; + memset(errbuf, 0, PCAP_ERRBUF_SIZE); + + if (argc < 4) { + help(argv[0]); + exit(EXIT_SUCCESS); + } + + if (strcmp(argv[1], "--file") == 0) { + inject_mode = OFFLINE_DUMP; + + filename = fopen(argv[2], "w+"); + if ((handle = pcap_open_dead(DLT_IEEE802_11_RADIO, BUFSIZ)) == NULL) { + fprintf(stderr, "1 %s: %s\n", argv[2], errbuf); + exit(EXIT_FAILURE); + } + if ((outputHandle = pcap_dump_fopen(handle, filename)) == NULL) { + fprintf(stderr, "2 %s: %s\n", argv[2], errbuf); + exit(EXIT_FAILURE); + } + } else if (strcmp(argv[1], "--interface") == 0) { + inject_mode = LIVE_INJECT; + + if ((handle = pcap_create(argv[2], errbuf)) == NULL) { + fprintf(stderr, "Couldn't open interface %s: %s\n", argv[2], errbuf); + exit(EXIT_FAILURE); + } + if (pcap_activate(handle) == 0) { + printf("Sniffing on %s\n", argv[2]); + } else { + fprintf(stderr, "Couldn't activate %s: %s\n", argv[2], pcap_geterr(handle)); + exit(EXIT_FAILURE); + } + } else { + help(argv[0]); + exit(EXIT_SUCCESS); + } + + if (strcmp(argv[3], "--beacon") == 0) { + mode = MODE_BEACON; + } else if (strcmp(argv[3], "--random-beacon") == 0) { + mode = MODE_RANDOM_BEACON; + } else if (strcmp(argv[3], "--probe-resp") == 0) { + mode = MODE_PROBE_RESPONSE; + } else if (strcmp(argv[3], "--probe-req") == 0) { + mode = MODE_PROBE_REQUEST; + } else if (strcmp(argv[3], "--deauth") == 0) { + mode = MODE_DEAUTH; + } else if (strcmp(argv[3], "--disassoc") == 0) { + mode = MODE_DISASSOC; + } else if (strcmp(argv[3], "--assoc-resp") == 0) { + mode = MODE_ASSOC_RESPONSE; + } else if (strcmp(argv[3], "--assoc-req") == 0) { + mode = MODE_ASSOC_REQUEST; + } else if (strcmp(argv[3], "--reassoc-resp") == 0) { + mode = MODE_REASSOC_RESPONSE; + } else if (strcmp(argv[3], "--reassoc-req") == 0) { + mode = MODE_REASSOC_REQUEST; + } else if (strcmp(argv[3], "--auth") == 0) { + mode = MODE_AUTH; + } else if (strcmp(argv[3], "--timing-ad") == 0) { + mode = MODE_TIMING_AD; + } else if (strcmp(argv[3], "--action") == 0) { + mode = MODE_ACTION; + } else if (strcmp(argv[3], "--action-noack") == 0) { + mode = MODE_ACTION_NOACK; + } else if (strcmp(argv[3], "--atim") == 0) { + mode = MODE_ATIM; + } else if (strcmp(argv[3], "--rts") == 0) { + mode = MODE_RTS; + } else if (strcmp(argv[3], "--cts") == 0) { + mode = MODE_CTS; + } else { + help(argv[0]); + exit(EXIT_SUCCESS); + } +} + +int main(int argc, const char *argv[]) { + signal(SIGINT, handle_interupt); + handle_args(argc, argv); + + printf("Starting in 5 seconds...\n"); + + sleep(5); + + switch (mode) { + case MODE_BEACON: + inject_beacons(0); + break; + case MODE_RANDOM_BEACON: + inject_beacons(1); + break; + case MODE_PROBE_RESPONSE: + inject_probe_responses(); + break; + case MODE_PROBE_REQUEST: + inject_probe_requests(); + break; + case MODE_DEAUTH: + inject_deauths(); + break; + case MODE_DISASSOC: + inject_disassocs(); + break; + case MODE_ASSOC_REQUEST: + inject_assoc_requests(); + break; + case MODE_ASSOC_RESPONSE: + inject_assoc_responses(); + break; + case MODE_REASSOC_REQUEST: + inject_reassoc_requests(); + break; + case MODE_REASSOC_RESPONSE: + inject_reassoc_responses(); + break; + case MODE_AUTH: + inject_auths(); + break; + case MODE_ACTION: + inject_actions(); + break; + case MODE_ACTION_NOACK: + inject_action_noacks(); + break; + case MODE_TIMING_AD: + inject_timing_ads(); + break; + case MODE_ATIM: + inject_atim(); + break; + case MODE_RTS: + inject_rts(); + break; + case MODE_CTS: + inject_cts(); + break; + } + + return 0; +} -- cgit 1.4.1