gitea-mirror/ESP32Marauder
1
0
Fork 0
mirror of https://github.com/justcallmekoko/ESP32Marauder.git synced 2025-12-12 15:50:36 -08:00
Code Issues Packages Projects Releases Wiki Activity

Add wardrive function

Browse Source
This commit is contained in:
Just Call Me Koko
2023-09-07 20:26:33 -04:00
parent 7049e1101f
commit 7669a7447f
7 changed files with 322 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
esp32_marauder/EvilPortal.h
View File

@@ -93,7 +93,6 @@ class EvilPortal {
void setupServer();
void startPortal();
void startAP();
void addLog(String log, int len);
void convertStringToUint8Array(const String& str, uint8_t*& buf, uint32_t& len);
void sendToDisplay(String msg);
@@ -102,6 +101,7 @@ class EvilPortal {
String get_user_name();
String get_password();
void addLog(String log, int len);
bool begin(LinkedList<ssid>* ssids, LinkedList<AccessPoint>* access_points);
void main(uint8_t scan_mode);

6
esp32_marauder/GpsInterface.cpp
View File

@@ -61,9 +61,15 @@ void GpsInterface::setGPSInfo() {
}
this->altf = (float)alt / 1000;
this->accuracy = 2.5 * ((float)nmea.getHDOP()/10);
//nmea.clear();
}
float GpsInterface::getAccuracy() {
return this->accuracy;
}
String GpsInterface::getLat() {
return this->lat;
}

2
esp32_marauder/GpsInterface.h
View File

@@ -16,6 +16,7 @@ class GpsInterface {
String getLat();
String getLon();
float getAlt();
float getAccuracy();
String getDatetime();
private:
@@ -23,6 +24,7 @@ class GpsInterface {
String lat = "";
String lon = "";
float altf = 0.0;
float accuracy = 0.0;
String datetime = "";
bool gps_enabled = false;

11
esp32_marauder/MenuFunctions.cpp
View File

@@ -474,6 +474,7 @@ void MenuFunctions::main(uint32_t currentTime)
(wifi_scan_obj.currentScanMode == WIFI_SCAN_RAW_CAPTURE) ||
(wifi_scan_obj.currentScanMode == WIFI_SCAN_STATION) ||
(wifi_scan_obj.currentScanMode == WIFI_SCAN_AP) ||
(wifi_scan_obj.currentScanMode == WIFI_SCAN_WAR_DRIVE) ||
(wifi_scan_obj.currentScanMode == WIFI_SCAN_EVIL_PORTAL) ||
(wifi_scan_obj.currentScanMode == WIFI_SCAN_SIG_STREN) ||
(wifi_scan_obj.currentScanMode == WIFI_SCAN_TARGET_AP) ||
@@ -526,6 +527,7 @@ void MenuFunctions::main(uint32_t currentTime)
(wifi_scan_obj.currentScanMode == WIFI_SCAN_RAW_CAPTURE) ||
(wifi_scan_obj.currentScanMode == WIFI_SCAN_STATION) ||
(wifi_scan_obj.currentScanMode == WIFI_SCAN_AP) ||
(wifi_scan_obj.currentScanMode == WIFI_SCAN_WAR_DRIVE) ||
(wifi_scan_obj.currentScanMode == WIFI_SCAN_EVIL_PORTAL) ||
(wifi_scan_obj.currentScanMode == WIFI_SCAN_SIG_STREN) ||
(wifi_scan_obj.currentScanMode == WIFI_SCAN_TARGET_AP) ||
@@ -1191,6 +1193,15 @@ void MenuFunctions::RunSetup()
wifi_scan_obj.StartScan(WIFI_SCAN_SIG_STREN, TFT_CYAN);
});
#endif
#ifdef HAS_GPS
if (gps_obj.getGpsModuleStatus()) {
this->addNodes(&wifiSnifferMenu, "Wardrive", TFT_GREEN, NULL, BEACON_SNIFF, [this]() {
display_obj.clearScreen();
this->drawStatusBar();
wifi_scan_obj.StartScan(WIFI_SCAN_WAR_DRIVE, TFT_GREEN);
});
}
#endif
// Build WiFi attack menu
wifiAttackMenu.parentMenu = &wifiMenu; // Main Menu is second menu parent

301
esp32_marauder/WiFiScan.cpp
View File

@@ -310,6 +310,8 @@ void WiFiScan::StartScan(uint8_t scan_mode, uint16_t color)
RunEapolScan(scan_mode, color);
else if (scan_mode == WIFI_SCAN_AP)
RunBeaconScan(scan_mode, color);
else if (scan_mode == WIFI_SCAN_WAR_DRIVE)
RunBeaconScan(scan_mode, color);
else if (scan_mode == WIFI_SCAN_SIG_STREN)
RunRawScan(scan_mode, color);
else if (scan_mode == WIFI_SCAN_RAW_CAPTURE)
@@ -476,6 +478,7 @@ void WiFiScan::StopScan(uint8_t scan_mode)
{
if ((currentScanMode == WIFI_SCAN_PROBE) ||
(currentScanMode == WIFI_SCAN_AP) ||
(currentScanMode == WIFI_SCAN_WAR_DRIVE) ||
(currentScanMode == WIFI_SCAN_EVIL_PORTAL) ||
(currentScanMode == WIFI_SCAN_RAW_CAPTURE) ||
(currentScanMode == WIFI_SCAN_STATION) ||
@@ -569,6 +572,100 @@ String WiFiScan::getApMAC()
return String(macAddrChr);
}
bool WiFiScan::mac_cmp(struct mac_addr addr1, struct mac_addr addr2) {
//Return true if 2 mac_addr structs are equal.
for (int y = 0; y < 6 ; y++) {
if (addr1.bytes[y] != addr2.bytes[y]) {
return false;
}
}
return true;
}
bool WiFiScan::seen_mac(unsigned char* mac) {
//Return true if this MAC address is in the recently seen array.
struct mac_addr tmp;
for (int x = 0; x < 6 ; x++) {
tmp.bytes[x] = mac[x];
}
for (int x = 0; x < mac_history_len; x++) {
if (this->mac_cmp(tmp, this->mac_history[x])) {
return true;
}
}
return false;
}
void WiFiScan::save_mac(unsigned char* mac) {
//Save a MAC address into the recently seen array.
if (this->mac_history_cursor >= mac_history_len) {
this->mac_history_cursor = 0;
}
struct mac_addr tmp;
for (int x = 0; x < 6 ; x++) {
tmp.bytes[x] = mac[x];
}
this->mac_history[this->mac_history_cursor] = tmp;
this->mac_history_cursor++;
}
String WiFiScan::security_int_to_string(int security_type) {
//Provide a security type int from WiFi.encryptionType(i) to convert it to a String which Wigle CSV expects.
String authtype = "";
switch (security_type) {
case WIFI_AUTH_OPEN:
authtype = "[OPEN]";
break;
case WIFI_AUTH_WEP:
authtype = "[WEP]";
break;
case WIFI_AUTH_WPA_PSK:
authtype = "[WPA_PSK]";
break;
case WIFI_AUTH_WPA2_PSK:
authtype = "[WPA2_PSK]";
break;
case WIFI_AUTH_WPA_WPA2_PSK:
authtype = "[WPA_WPA2_PSK]";
break;
case WIFI_AUTH_WPA2_ENTERPRISE:
authtype = "[WPA2]";
break;
//Requires at least v2.0.0 of https://github.com/espressif/arduino-esp32/
case WIFI_AUTH_WPA3_PSK:
authtype = "[WPA3_PSK]";
break;
case WIFI_AUTH_WPA2_WPA3_PSK:
authtype = "[WPA2_WPA3_PSK]";
break;
case WIFI_AUTH_WAPI_PSK:
authtype = "[WAPI_PSK]";
break;
default:
authtype = "[UNDEFINED]";
}
return authtype;
}
void WiFiScan::clearMacHistory() {
for (int i = 0; i < mac_history_len; ++i) {
memset(this->mac_history[i].bytes, 0, sizeof(mac_history[i].bytes));
}
}
String WiFiScan::freeRAM()
{
@@ -1193,13 +1290,82 @@ void WiFiScan::RunPwnScan(uint8_t scan_mode, uint16_t color)
initTime = millis();
}
void WiFiScan::executeWarDrive() {
#ifdef HAS_GPS
if (gps_obj.getGpsModuleStatus()) {
bool do_save;
String display_string;
int n = WiFi.scanNetworks(false, true, false, 110, this->set_channel);
if (n > 0) {
for (int i = 0; i < n; i++) {
display_string = "";
do_save = false;
uint8_t *this_bssid_raw = WiFi.BSSID(i);
char this_bssid[18] = {0};
sprintf(this_bssid, "%02X:%02X:%02X:%02X:%02X:%02X", this_bssid_raw[0], this_bssid_raw[1], this_bssid_raw[2], this_bssid_raw[3], this_bssid_raw[4], this_bssid_raw[5]);
if (this->seen_mac(this_bssid_raw))
continue;
this->save_mac(this_bssid_raw);
String ssid = WiFi.SSID(i);
ssid.replace(",","_");
if (ssid != "") {
display_string.concat(ssid);
}
else {
display_string.concat(this_bssid);
}
if (gps_obj.getFixStatus()) {
do_save = true;
display_string.concat(" | Lt: " + gps_obj.getLat());
display_string.concat(" | Ln: " + gps_obj.getLon());
}
else {
display_string.concat(" | GPS: No Fix");
}
int temp_len = display_string.length();
#ifdef HAS_SCREEN
for (int i = 0; i < 40 - temp_len; i++)
{
display_string.concat(" ");
}
display_obj.display_buffer->add(display_string);
#endif
String wardrive_line = WiFi.BSSIDstr(i) + "," + ssid + "," + this->security_int_to_string(WiFi.encryptionType(i)) + "," + gps_obj.getDatetime() + "," + (String)WiFi.channel(i) + "," + (String)WiFi.RSSI(i) + "," + gps_obj.getLat() + "," + gps_obj.getLon() + "," + gps_obj.getAlt() + "," + gps_obj.getAccuracy() + ",WIFI\n";
Serial.print((String)this->mac_history_cursor + " | " + wardrive_line);
evil_portal_obj.addLog(wardrive_line, wardrive_line.length());
}
}
this->channelHop();
}
#endif
}
// Function to start running a beacon scan
void WiFiScan::RunBeaconScan(uint8_t scan_mode, uint16_t color)
{
#ifdef WRITE_PACKETS_SERIAL
buffer_obj.open();
#elif defined(HAS_SD)
sd_obj.openCapture("beacon");
if (scan_mode == WIFI_SCAN_AP)
sd_obj.openCapture("beacon");
else if (scan_mode == WIFI_SCAN_WAR_DRIVE) {
sd_obj.openLog("wardrive");
String header_line = "WigleWifi-1.4,appRelease=" + display_obj.version_number + ",model=ESP32 Marauder,release=" + display_obj.version_number + ",device=ESP32 Marauder,display=SPI TFT,board=ESP32 Marauder,brand=JustCallMeKoko\nMAC,SSID,AuthMode,FirstSeen,Channel,RSSI,CurrentLatitude,CurrentLongitude,AltitudeMeters,AccuracyMeters,Type\n";
evil_portal_obj.addLog(header_line, header_line.length());
}
#else
return;
#endif
@@ -1222,21 +1388,33 @@ void WiFiScan::RunBeaconScan(uint8_t scan_mode, uint16_t color)
display_obj.tft.setTextColor(TFT_WHITE, color);
#ifdef HAS_ILI9341
display_obj.tft.fillRect(0,16,240,16, color);
display_obj.tft.drawCentreString(text_table4[38],120,16,2);
if (scan_mode == WIFI_SCAN_AP)
display_obj.tft.drawCentreString(text_table4[38],120,16,2);
else if (scan_mode == WIFI_SCAN_WAR_DRIVE) {
this->clearMacHistory();
display_obj.tft.drawCentreString("Wardrive", 120, 16, 2);
}
display_obj.touchToExit();
#endif
display_obj.tft.setTextColor(TFT_GREEN, TFT_BLACK);
display_obj.setupScrollArea(display_obj.TOP_FIXED_AREA_2, BOT_FIXED_AREA);
#endif
if (scan_mode != WIFI_SCAN_WAR_DRIVE) {
esp_wifi_init(&cfg);
esp_wifi_set_storage(WIFI_STORAGE_RAM);
esp_wifi_set_mode(WIFI_MODE_NULL);
esp_wifi_start();
esp_wifi_set_promiscuous(true);
esp_wifi_set_promiscuous_filter(&filt);
esp_wifi_set_promiscuous_rx_cb(&beaconSnifferCallback);
esp_wifi_set_channel(set_channel, WIFI_SECOND_CHAN_NONE);
esp_wifi_init(&cfg);
esp_wifi_set_storage(WIFI_STORAGE_RAM);
esp_wifi_set_mode(WIFI_MODE_NULL);
esp_wifi_start();
esp_wifi_set_promiscuous(true);
esp_wifi_set_promiscuous_filter(&filt);
esp_wifi_set_promiscuous_rx_cb(&beaconSnifferCallback);
esp_wifi_set_channel(set_channel, WIFI_SECOND_CHAN_NONE);
}
else {
WiFi.mode(WIFI_STA);
WiFi.disconnect();
}
this->wifi_initialized = true;
initTime = millis();
}
@@ -1900,12 +2078,18 @@ void WiFiScan::beaconSnifferCallback(void* buf, wifi_promiscuous_pkt_type_t type
{
extern WiFiScan wifi_scan_obj;
#ifdef HAS_GPS
extern GpsInterface gps_obj;
extern EvilPortal evil_portal_obj;
#endif
wifi_promiscuous_pkt_t *snifferPacket = (wifi_promiscuous_pkt_t*)buf;
WifiMgmtHdr *frameControl = (WifiMgmtHdr*)snifferPacket->payload;
wifi_pkt_rx_ctrl_t ctrl = (wifi_pkt_rx_ctrl_t)snifferPacket->rx_ctrl;
int len = snifferPacket->rx_ctrl.sig_len;
String display_string = "";
String essid = "";
if (type == WIFI_PKT_MGMT)
{
@@ -1916,11 +2100,12 @@ void WiFiScan::beaconSnifferCallback(void* buf, wifi_promiscuous_pkt_type_t type
// If we dont the buffer size is not 0, don't write or else we get CORRUPT_HEAP
#ifdef HAS_SCREEN
int buf = display_obj.display_buffer->size();
int buff = display_obj.display_buffer->size();
#else
int buf = 0;
int buff = 0;
#endif
if ((snifferPacket->payload[0] == 0x80) && (buf == 0))
// It is a beacon
if ((snifferPacket->payload[0] == 0x80) && (buff == 0))
{
// Do signal strength stuff first
if (wifi_scan_obj.currentScanMode == WIFI_SCAN_SIG_STREN) {
@@ -1965,7 +2150,7 @@ void WiFiScan::beaconSnifferCallback(void* buf, wifi_promiscuous_pkt_type_t type
}
}
else {
else if (wifi_scan_obj.currentScanMode == WIFI_SCAN_AP) {
delay(random(0, 10));
Serial.print("RSSI: ");
Serial.print(snifferPacket->rx_ctrl.rssi);
@@ -2006,6 +2191,84 @@ void WiFiScan::beaconSnifferCallback(void* buf, wifi_promiscuous_pkt_type_t type
addPacket(snifferPacket, len);
}
else if (wifi_scan_obj.currentScanMode == WIFI_SCAN_WAR_DRIVE) {
#ifdef HAS_GPS
if (gps_obj.getGpsModuleStatus()) {
bool do_save = false;
// Check if we've already seen this AP
char addr[] = "00:00:00:00:00:00";
getMAC(addr, snifferPacket->payload, 10);
if (wifi_scan_obj.seen_mac(reinterpret_cast<unsigned char*>(addr)))
return;
Serial.print("RSSI: ");
Serial.print(snifferPacket->rx_ctrl.rssi);
Serial.print(" Ch: ");
Serial.print(snifferPacket->rx_ctrl.channel);
if (snifferPacket->payload[37] > 0) {
Serial.print(" ESSID: ");
for (int i = 0; i < snifferPacket->payload[37]; i++)
{
Serial.print((char)snifferPacket->payload[i + 38]);
display_string.concat((char)snifferPacket->payload[i + 38]);
essid.concat((char)snifferPacket->payload[i + 38]);
}
}
else {
Serial.print(" BSSID: ");
Serial.print(addr);
display_string.concat(addr);
}
if (gps_obj.getFixStatus()) {
do_save = true;
display_string.concat(" | Lt: " + gps_obj.getLat());
display_string.concat(" | Ln: " + gps_obj.getLon());
}
else
display_string.concat(" | GPS: No Fix");
int temp_len = display_string.length();
#ifdef HAS_SCREEN
for (int i = 0; i < 40 - temp_len; i++)
{
display_string.concat(" ");
}
Serial.print(" ");
if (display_obj.display_buffer->size() == 0)
{
display_obj.loading = true;
display_obj.display_buffer->add(display_string);
display_obj.loading = false;
}
#endif
Serial.println();
wifi_scan_obj.save_mac(reinterpret_cast<unsigned char*>(addr));
int n = WiFi.scanNetworks(false, true, false, 110, wifi_scan_obj.set_channel);
if (do_save) {
if (n > 0) {
for (int i = 0; i < n; i++) {
Serial.printf("%-32.32s", WiFi.SSID(i).c_str());
Serial.print(" -> ");
Serial.println(wifi_scan_obj.security_int_to_string(WiFi.encryptionType(i)).c_str());
}
}
String wardrive_line = (String)addr + "," + essid + "," + wifi_scan_obj.security_int_to_string(snifferPacket->rx_ctrl.channel) + "," + gps_obj.getDatetime() + "," + (String)snifferPacket->rx_ctrl.channel + "," + (String)snifferPacket->rx_ctrl.rssi + "," + gps_obj.getLat() + "," + gps_obj.getLon() + "," + gps_obj.getAlt() + "," + gps_obj.getAccuracy() + ",WIFI";
Serial.println(wardrive_line);
//evil_portal_obj.addLog(wardrive_line, wardrive_line.length());
}
}
#endif
}
}
}
}
@@ -3570,6 +3833,16 @@ void WiFiScan::main(uint32_t currentTime)
channelHop();
}
}
else if (currentScanMode == WIFI_SCAN_WAR_DRIVE) {
if (currentTime - initTime >= this->channel_hop_delay * 1000)
{
initTime = millis();
#ifdef HAS_GPS
if (gps_obj.getGpsModuleStatus())
this->executeWarDrive();
#endif
}
}
else if (currentScanMode == WIFI_SCAN_GPS_DATA) {
if (currentTime - initTime >= 5000) {
this->initTime = millis();

11
esp32_marauder/WiFiScan.h
View File

@@ -77,6 +77,7 @@
#define WIFI_SCAN_SIG_STREN 29
#define WIFI_SCAN_EVIL_PORTAL 30
#define WIFI_SCAN_GPS_DATA 31
#define WIFI_SCAN_WAR_DRIVE 32
#define GRAPH_REFRESH 100
@@ -142,6 +143,7 @@ class WiFiScan
struct mac_addr mac_history[mac_history_len];
// Settings
uint mac_history_cursor = 0;
uint8_t channel_hop_delay = 1;
bool force_pmkid = false;
bool force_probe = false;
@@ -239,6 +241,12 @@ class WiFiScan
0xf0, 0xff, 0x02, 0x00
};
bool seen_mac(unsigned char* mac);
bool mac_cmp(struct mac_addr addr1, struct mac_addr addr2);
void save_mac(unsigned char* mac);
void clearMacHistory();
void executeWarDrive();
void startWiFiAttacks(uint8_t scan_mode, uint16_t color, String title_string);
void packetMonitorMain(uint32_t currentTime);
@@ -300,9 +308,10 @@ class WiFiScan
byte src_mac[6] = {};
wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();
wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();
wifi_config_t ap_config;
String security_int_to_string(int security_type);
char* stringToChar(String string);
void RunSetup();
int clearSSIDs();

10
esp32_marauder/configs.h
View File

@@ -253,7 +253,7 @@
//#define MENU_FONT &FreeMonoBold9pt7b
//#define MENU_FONT &FreeSans9pt7b
//#define MENU_FONT &FreeSansBold9pt7b
#define BUTTON_ARRAY_LEN 11
#define BUTTON_ARRAY_LEN 12
#define STATUS_BAR_WIDTH (TFT_HEIGHT/16)
#define LVGL_TICK_PERIOD 6
@@ -308,7 +308,7 @@
//#define MENU_FONT &FreeMonoBold9pt7b
//#define MENU_FONT &FreeSans9pt7b
//#define MENU_FONT &FreeSansBold9pt7b
#define BUTTON_ARRAY_LEN 11
#define BUTTON_ARRAY_LEN 12
#define STATUS_BAR_WIDTH 16
#define LVGL_TICK_PERIOD 6
@@ -365,7 +365,7 @@
//#define MENU_FONT &FreeMonoBold9pt7b
//#define MENU_FONT &FreeSans9pt7b
//#define MENU_FONT &FreeSansBold9pt7b
#define BUTTON_ARRAY_LEN 11
#define BUTTON_ARRAY_LEN 12
#define STATUS_BAR_WIDTH 16
#define LVGL_TICK_PERIOD 6
@@ -423,7 +423,7 @@
//#define MENU_FONT &FreeMonoBold9pt7b
//#define MENU_FONT &FreeSans9pt7b
//#define MENU_FONT &FreeSansBold9pt7b
#define BUTTON_ARRAY_LEN 11
#define BUTTON_ARRAY_LEN 12
#define STATUS_BAR_WIDTH 16
#define LVGL_TICK_PERIOD 6
@@ -491,7 +491,7 @@
//#define MENU_FONT &FreeMonoBold9pt7b
//#define MENU_FONT &FreeSans9pt7b
//#define MENU_FONT &FreeSansBold9pt7b
#define BUTTON_ARRAY_LEN 11
#define BUTTON_ARRAY_LEN 12
#define STATUS_BAR_WIDTH (TFT_HEIGHT/16)
#define LVGL_TICK_PERIOD 6