Etusivu Tutki Apua
Kirjaudu sisään
torambo.com
/
Momentum-Apps
2
0
Fork 0
Tiedostot Ongelmat 0 Pull-pyynnöt 0 Wiki
Puu: d0161bb24a
Haarat Tagit
Momentum-Apps
/
esp32cam_marauder
/
WiFiScan.h

WiFiScan.h 12 KB
Historia Raaka

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349 
  1. #ifndef WiFiScan_h
    2. 

  2. #define WiFiScan_h
    3. 

  3. 

  4. #include "configs.h"
    5. 

  5. 

  6. //#include <BLEDevice.h>
    7. 

  7. //#include <BLEUtils.h>
    8. 

  8. //#include <BLEScan.h>
    9. 

  9. //#include <BLEAdvertisedDevice.h>
    10. 

  10. #include <ArduinoJson.h>
    11. 

  11. 

  12. // Testing NimBLE
    13. 

  13. #ifdef HAS_BT
    14. 

  14.   #include <NimBLEDevice.h>
    15. 

  15. #endif
    16. 

  16. 

  17. #include <WiFi.h>
    18. 

  18. #include <math.h>
    19. 

  19. #include "esp_wifi.h"
    20. 

  20. #include "esp_wifi_types.h"
    21. 

  21. #ifdef HAS_BT
    22. 

  22.   #include "esp_bt.h"
    23. 

  23. #endif
    24. 

  24. #ifdef HAS_SCREEN
    25. 

  25.   #include "Display.h"
    26. 

  26. #endif
    27. 

  27. #include "SDInterface.h"
    28. 

  28. #include "Buffer.h"
    29. 

  29. #include "BatteryInterface.h"
    30. 

  30. #include "TemperatureInterface.h"
    31. 

  31. #include "settings.h"
    32. 

  32. #include "Assets.h"
    33. 

  33. #include "flipperLED.h"
    34. 

  34. #include "LedInterface.h"
    35. 

  35. //#include "MenuFunctions.h"
    36. 

  36. 

  37. #define bad_list_length 3
    38. 

  38. 

  39. #define OTA_UPDATE 100
    40. 

  40. #define SHOW_INFO 101
    41. 

  41. #define ESP_UPDATE 102
    42. 

  42. #define WIFI_SCAN_OFF 0
    43. 

  43. #define WIFI_SCAN_PROBE 1
    44. 

  44. #define WIFI_SCAN_AP 2
    45. 

  45. #define WIFI_SCAN_PWN 3
    46. 

  46. #define WIFI_SCAN_EAPOL 4
    47. 

  47. #define WIFI_SCAN_DEAUTH 5
    48. 

  48. #define WIFI_SCAN_ALL 6
    49. 

  49. #define WIFI_PACKET_MONITOR 7
    50. 

  50. #define WIFI_ATTACK_BEACON_SPAM 8
    51. 

  51. #define WIFI_ATTACK_RICK_ROLL 9
    52. 

  52. #define BT_SCAN_ALL 10
    53. 

  53. #define BT_SCAN_SKIMMERS 11
    54. 

  54. #define WIFI_SCAN_ESPRESSIF 12
    55. 

  55. #define LV_JOIN_WIFI 13
    56. 

  56. #define LV_ADD_SSID 14
    57. 

  57. #define WIFI_ATTACK_BEACON_LIST 15
    58. 

  58. #define WIFI_SCAN_TARGET_AP 16
    59. 

  59. #define LV_SELECT_AP 17
    60. 

  60. #define WIFI_ATTACK_AUTH 18
    61. 

  61. #define WIFI_ATTACK_MIMIC 19
    62. 

  62. #define WIFI_ATTACK_DEAUTH 20
    63. 

  63. #define WIFI_ATTACK_AP_SPAM 21
    64. 

  64. #define WIFI_SCAN_TARGET_AP_FULL 22
    65. 

  65. #define WIFI_SCAN_ACTIVE_EAPOL 23
    66. 

  66. #define WIFI_ATTACK_DEAUTH_MANUAL 24
    67. 

  67. #define WIFI_SCAN_RAW_CAPTURE 25
    68. 

  68. #define WIFI_SCAN_STATION 26
    69. 

  69. #define WIFI_ATTACK_DEAUTH_TARGETED 27
    70. 

  70. 

  71. #define GRAPH_REFRESH 100
    72. 

  72. 

  73. #define MAX_CHANNEL 14
    74. 

  74. 

  75. #ifdef HAS_SCREEN
    76. 

  76.   extern Display display_obj;
    77. 

  77. #endif
    78. 

  78. extern SDInterface sd_obj;
    79. 

  79. extern Buffer buffer_obj;
    80. 

  80. extern BatteryInterface battery_obj;
    81. 

  81. extern TemperatureInterface temp_obj;
    82. 

  82. extern Settings settings_obj;
    83. 

  83. extern flipperLED flipper_led;
    84. 

  84. extern LedInterface led_obj;
    85. 

  85. 

  86. esp_err_t esp_wifi_80211_tx(wifi_interface_t ifx, const void *buffer, int len, bool en_sys_seq);
    87. 

  87. //int ieee80211_raw_frame_sanity_check(int32_t arg, int32_t arg2, int32_t arg3);
    88. 

  88. 

  89. struct ssid {
    90. 

  90.   String essid;
    91. 

  91.   int bssid[6];
    92. 

  92.   bool selected;
    93. 

  93. };
    94. 

  94. 

  95. struct AccessPoint {
    96. 

  96.   String essid;
    97. 

  97.   int channel;
    98. 

  98.   int bssid[6];
    99. 

  99.   bool selected;
    100. 

  100.   LinkedList<char>* beacon;
    101. 

  101.   int rssi;
    102. 

  102.   LinkedList<int>* stations;
    103. 

  103. };
    104. 

  104. 

  105. struct Station {
    106. 

  106.   uint8_t mac[6];
    107. 

  107.   bool selected;
    108. 

  108. };
    109. 

  109. 

  110. class WiFiScan
    111. 

  111. {
    112. 

  112.   private:
    113. 

  113.     // Settings
    114. 

  114.     int channel_hop_delay = 1;
    115. 

  115.     bool force_pmkid = false;
    116. 

  116.     bool force_probe = false;
    117. 

  117.     bool save_pcap = false;
    118. 

  118.   
    119. 

  119.     int x_pos; //position along the graph x axis
    120. 

  120.     float y_pos_x; //current graph y axis position of X value
    121. 

  121.     float y_pos_x_old = 120; //old y axis position of X value
    122. 

  122.     float y_pos_y; //current graph y axis position of Y value
    123. 

  123.     float y_pos_y_old = 120; //old y axis position of Y value
    124. 

  124.     float y_pos_z; //current graph y axis position of Z value
    125. 

  125.     float y_pos_z_old = 120; //old y axis position of Z value
    126. 

  126.     int midway = 0;
    127. 

  127.     byte x_scale = 1; //scale of graph x axis, controlled by touchscreen buttons
    128. 

  128.     byte y_scale = 1;
    129. 

  129. 

  130.     bool do_break = false;
    131. 

  131. 

  132.     bool wsl_bypass_enabled = false;
    133. 

  133. 

  134.     //int num_beacon = 0; // GREEN
    135. 

  135.     //int num_probe = 0; // BLUE
    136. 

  136.     //int num_deauth = 0; // RED
    137. 

  137. 

  138.     uint32_t initTime = 0;
    139. 

  139.     bool run_setup = true;
    140. 

  140.     void initWiFi(uint8_t scan_mode);
    141. 

  141.     int bluetoothScanTime = 5;
    142. 

  142.     int packets_sent = 0;
    143. 

  143.     const wifi_promiscuous_filter_t filt = {.filter_mask=WIFI_PROMIS_FILTER_MASK_MGMT | WIFI_PROMIS_FILTER_MASK_DATA};
    144. 

  144.     #ifdef HAS_BT
    145. 

  145.       NimBLEScan* pBLEScan;
    146. 

  146.     #endif
    147. 

  147. 

  148.     //String connected_network = "";
    149. 

  149.     String alfa = "1234567890qwertyuiopasdfghjkklzxcvbnm QWERTYUIOPASDFGHJKLZXCVBNM_";
    150. 

  150. 

  151.     char* rick_roll[8] = {
    152. 

  152.       "01 Never gonna give you up",
    153. 

  153.       "02 Never gonna let you down",
    154. 

  154.       "03 Never gonna run around",
    155. 

  155.       "04 and desert you",
    156. 

  156.       "05 Never gonna make you cry",
    157. 

  157.       "06 Never gonna say goodbye",
    158. 

  158.       "07 Never gonna tell a lie",
    159. 

  159.       "08 and hurt you"
    160. 

  160.     };
    161. 

  161. 

  162.     char* prefix = "G";
    163. 

  163. 

  164.     typedef struct
    165. 

  165.     {
    166. 

  166.       int16_t fctl;
    167. 

  167.       int16_t duration;
    168. 

  168.       uint8_t da;
    169. 

  169.       uint8_t sa;
    170. 

  170.       uint8_t bssid;
    171. 

  171.       int16_t seqctl;
    172. 

  172.       unsigned char payload[];
    173. 

  173.     } __attribute__((packed)) WifiMgmtHdr;
    174. 

  174.     
    175. 

  175.     typedef struct {
    176. 

  176.       uint8_t payload[0];
    177. 

  177.       WifiMgmtHdr hdr;
    178. 

  178.     } wifi_ieee80211_packet_t;
    179. 

  179. 

  180.     // barebones packet
    181. 

  181.     uint8_t packet[128] = { 0x80, 0x00, 0x00, 0x00, //Frame Control, Duration
    182. 

  182.                     /*4*/   0xff, 0xff, 0xff, 0xff, 0xff, 0xff, //Destination address 
    183. 

  183.                     /*10*/  0x01, 0x02, 0x03, 0x04, 0x05, 0x06, //Source address - overwritten later
    184. 

  184.                     /*16*/  0x01, 0x02, 0x03, 0x04, 0x05, 0x06, //BSSID - overwritten to the same as the source address
    185. 

  185.                     /*22*/  0xc0, 0x6c, //Seq-ctl
    186. 

  186.                     /*24*/  0x83, 0x51, 0xf7, 0x8f, 0x0f, 0x00, 0x00, 0x00, //timestamp - the number of microseconds the AP has been active
    187. 

  187.                     /*32*/  0x64, 0x00, //Beacon interval
    188. 

  188.                     /*34*/  0x01, 0x04, //Capability info
    189. 

  189.                     /* SSID */
    190. 

  190.                     /*36*/  0x00
    191. 

  191.                     };
    192. 

  192. 

  193.     /*uint8_t auth_packet[128] = {0xB0, 0x00, 0x3C, 0x00, // Frame Control, Duration
    194. 

  194.                                 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, // Dest
    195. 

  195.                                 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, // Source
    196. 

  196.                                 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, // Dest BSSID
    197. 

  197.                                 0x00, 0x01, // Sequence number
    198. 

  198.                                 0x00, 0x00, // Algo
    199. 

  199.                                 0x01, 0x00, // Auth sequence number
    200. 

  200.                                 0x00, 0x00, // Status Code
    201. 

  201.                                 0x7F, 0x08,
    202. 

  202.                                 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x40,
    203. 

  203.                                 0xDD, 0x0B, 0x00, 0x17, 0xF2, 0x0A, 0x00, 0x01, // Say it was Apple
    204. 

  204.                                 0x04, 0x00, 0x00, 0x00, 0x00, 0xDD, 0x0A, 0x00,
    205. 

  205.                                 0x10, 0x18, 0x02, 0x00, 0x00, 0x10, 0x00, 0x00,
    206. 

  206.                                 0x00
    207. 

  207.                                 };*/
    208. 

  208.     uint8_t auth_packet[65] = {0xb0, 0x00, 0x3c, 0x00, 
    209. 

  209.                               0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 
    210. 

  210.                               0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 
    211. 

  211.                               0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 
    212. 

  212.                               0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 
    213. 

  213.                               0x7f, 0x08, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 
    214. 

  214.                               0x00, 0x40, 0xdd, 0x0b, 0x00, 0x17, 0xf2, 0x0a, 
    215. 

  215.                               0x00, 0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0xdd, 
    216. 

  216.                               0x0a, 0x00, 0x10, 0x18, 0x02, 0x00, 0x00, 0x10, 
    217. 

  217.                               0x00, 0x00, 0x00};
    218. 

  218. 

  219.     uint8_t prob_req_packet[128] = {0x40, 0x00, 0x00, 0x00, 
    220. 

  220.                                   0xff, 0xff, 0xff, 0xff, 0xff, 0xff, // Destination
    221. 

  221.                                   0x01, 0x02, 0x03, 0x04, 0x05, 0x06, // Source
    222. 

  222.                                   0xff, 0xff, 0xff, 0xff, 0xff, 0xff, // Dest
    223. 

  223.                                   0x01, 0x00, // Sequence
    224. 

  224.                                   0x00, // SSID Parameter
    225. 

  225.                                   0x00, // SSID Length
    226. 

  226.                                   /* SSID */
    227. 

  227.                                   };
    228. 

  228. 

  229.     uint8_t deauth_frame_default[26] = {
    230. 

  230.                               0xc0, 0x00, 0x3a, 0x01,
    231. 

  231.                               0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
    232. 

  232.                               0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    233. 

  233.                               0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    234. 

  234.                               0xf0, 0xff, 0x02, 0x00
    235. 

  235.                           };
    236. 

  236. 

  237.     void startWiFiAttacks(uint8_t scan_mode, uint16_t color, String title_string);
    238. 

  238. 

  239.     void packetMonitorMain(uint32_t currentTime);
    240. 

  240.     void eapolMonitorMain(uint32_t currentTime);
    241. 

  241.     void updateMidway();
    242. 

  242.     void tftDrawXScalButtons();
    243. 

  243.     void tftDrawYScaleButtons();
    244. 

  244.     void tftDrawChannelScaleButtons();
    245. 

  245.     void tftDrawColorKey();
    246. 

  246.     void tftDrawGraphObjects();
    247. 

  247.     void sendProbeAttack(uint32_t currentTime);
    248. 

  248.     void sendDeauthAttack(uint32_t currentTime, String dst_mac_str = "ff:ff:ff:ff:ff:ff");
    249. 

  249.     void sendDeauthFrame(uint8_t bssid[6], int channel, String dst_mac_str = "ff:ff:ff:ff:ff:ff");
    250. 

  250.     void sendDeauthFrame(int bssid[6], int channel, uint8_t mac[6]);
    251. 

  251.     void broadcastRandomSSID(uint32_t currentTime);
    252. 

  252.     void broadcastCustomBeacon(uint32_t current_time, ssid custom_ssid);
    253. 

  253.     void broadcastCustomBeacon(uint32_t current_time, AccessPoint custom_ssid);
    254. 

  254.     void broadcastSetSSID(uint32_t current_time, char* ESSID);
    255. 

  255.     void RunAPScan(uint8_t scan_mode, uint16_t color);
    256. 

  256.     //void RunRickRoll(uint8_t scan_mode, uint16_t color);
    257. 

  257.     //void RunBeaconSpam(uint8_t scan_mode, uint16_t color);
    258. 

  258.     //void RunProbeFlood(uint8_t scan_mode, uint16_t color);
    259. 

  259.     //void RunDeauthFlood(uint8_t scan_mode, uint16_t color);
    260. 

  260.     void RunMimicFlood(uint8_t scan_mode, uint16_t color);
    261. 

  261.     //void RunBeaconList(uint8_t scan_mode, uint16_t color);
    262. 

  262.     void RunEspressifScan(uint8_t scan_mode, uint16_t color);
    263. 

  263.     void RunPwnScan(uint8_t scan_mode, uint16_t color);
    264. 

  264.     void RunBeaconScan(uint8_t scan_mode, uint16_t color);
    265. 

  265.     void RunRawScan(uint8_t scan_mode, uint16_t color);
    266. 

  266.     void RunStationScan(uint8_t scan_mode, uint16_t color);
    267. 

  267.     void RunDeauthScan(uint8_t scan_mode, uint16_t color);
    268. 

  268.     void RunEapolScan(uint8_t scan_mode, uint16_t color);
    269. 

  269.     void RunProbeScan(uint8_t scan_mode, uint16_t color);
    270. 

  270.     void RunPacketMonitor(uint8_t scan_mode, uint16_t color);
    271. 

  271.     void RunBluetoothScan(uint8_t scan_mode, uint16_t color);
    272. 

  272.     void RunLvJoinWiFi(uint8_t scan_mode, uint16_t color);
    273. 

  273.     #ifdef HAS_BT
    274. 

  274.       static void scanCompleteCB(BLEScanResults scanResults);
    275. 

  275.     #endif
    276. 

  276. 

  277.     //int ieee80211_raw_frame_sanity_check(int32_t arg, int32_t arg2, int32_t arg3);
    278. 

  278. 

  279.   public:
    280. 

  280.     WiFiScan();
    281. 

  281. 

  282.     //AccessPoint ap_list;
    283. 

  283. 

  284.     //LinkedList<ssid>* ssids;
    285. 

  285. 

  286.     int set_channel = 1;
    287. 

  287. 

  288.     int old_channel = 0;
    289. 

  289. 

  290.     bool orient_display = false;
    291. 

  291.     bool wifi_initialized = false;
    292. 

  292.     bool ble_initialized = false;
    293. 

  293. 

  294.     String free_ram = "";
    295. 

  295.     String old_free_ram = "";
    296. 

  296.     String connected_network = "";
    297. 

  297. 

  298.     String dst_mac = "ff:ff:ff:ff:ff:ff";
    299. 

  299.     byte src_mac[6] = {};
    300. 

  300. 

  301.     //lv_obj_t * scr = lv_cont_create(NULL, NULL);
    302. 

  302. 

  303.     wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT(); 
    304. 

  304. 

  305.     char* stringToChar(String string);
    306. 

  306.     void RunSetup();
    307. 

  307.     int clearSSIDs();
    308. 

  308.     int clearAPs();
    309. 

  309.     int clearStations();
    310. 

  310.     bool addSSID(String essid);
    311. 

  311.     int generateSSIDs(int count = 20);
    312. 

  312.     bool shutdownWiFi();
    313. 

  313.     bool shutdownBLE();
    314. 

  314.     bool scanning();
    315. 

  315.     void joinWiFi(String ssid, String password);
    316. 

  316.     String getStaMAC();
    317. 

  317.     String getApMAC();
    318. 

  318.     String freeRAM();
    319. 

  319.     void changeChannel();
    320. 

  320.     void changeChannel(int chan);
    321. 

  321.     void RunInfo();
    322. 

  322.     void RunShutdownWiFi();
    323. 

  323.     void RunShutdownBLE();
    324. 

  324.     void RunGenerateSSIDs(int count = 20);
    325. 

  325.     void RunClearSSIDs();
    326. 

  326.     void RunClearAPs();
    327. 

  327.     void RunClearStations();
    328. 

  328.     void channelHop();
    329. 

  329.     uint8_t currentScanMode = 0;
    330. 

  330.     void main(uint32_t currentTime);
    331. 

  331.     void StartScan(uint8_t scan_mode, uint16_t color = 0);
    332. 

  332.     void StopScan(uint8_t scan_mode);
    333. 

  333.     
    334. 

  334.     static void getMAC(char *addr, uint8_t* data, uint16_t offset);
    335. 

  335.     static void espressifSnifferCallback(void* buf, wifi_promiscuous_pkt_type_t type);
    336. 

  336.     static void pwnSnifferCallback(void* buf, wifi_promiscuous_pkt_type_t type);
    337. 

  337.     static void beaconSnifferCallback(void* buf, wifi_promiscuous_pkt_type_t type);
    338. 

  338.     static void rawSnifferCallback(void* buf, wifi_promiscuous_pkt_type_t type);
    339. 

  339.     static void stationSnifferCallback(void* buf, wifi_promiscuous_pkt_type_t type);
    340. 

  340.     static void apSnifferCallback(void* buf, wifi_promiscuous_pkt_type_t type);
    341. 

  341.     static void apSnifferCallbackFull(void* buf, wifi_promiscuous_pkt_type_t type);
    342. 

  342.     static void deauthSnifferCallback(void* buf, wifi_promiscuous_pkt_type_t type);
    343. 

  343.     static void probeSnifferCallback(void* buf, wifi_promiscuous_pkt_type_t type);
    344. 

  344.     static void beaconListSnifferCallback(void* buf, wifi_promiscuous_pkt_type_t type);
    345. 

  345.     static void activeEapolSnifferCallback(void* buf, wifi_promiscuous_pkt_type_t type);
    346. 

  346.     static void eapolSnifferCallback(void* buf, wifi_promiscuous_pkt_type_t type);
    347. 

  347.     static void wifiSnifferCallback(void* buf, wifi_promiscuous_pkt_type_t type);
    348. 

  348. };
    349. 

  349. #endif
    350.