gitea-mirror/ESP32Marauder
1
0
Fork 0
mirror of https://github.com/justcallmekoko/ESP32Marauder.git synced 2025-12-12 07:40:58 -08:00
Code Issues Packages Projects Releases Wiki Activity

Created Beacon Spam Random

Browse Source
This commit is contained in:
Just Call Me Koko
2019-11-24 20:56:37 -05:00
parent d2f2a7c474
commit 7763c859f3
6 changed files with 183 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
esp32_marauder/Display.cpp
View File

@@ -10,11 +10,6 @@ Display::Display()
{
}
void Display::main()
{
return;
}
// Function to prepare the display and the menus
void Display::RunSetup()
{
@@ -462,4 +457,8 @@ void Display::listDir(fs::FS &fs, const char * dirname, uint8_t levels) {
}
#endif
void Display::main()
{
return;
}
// End SPIFFS_functions

1
esp32_marauder/Display.h
View File

@@ -14,6 +14,7 @@
#define SCREEN_WIDTH 240
#define SCREEN_HEIGHT 320
#define STANDARD_FONT_CHAR_LIMIT 40 // number of characters on a single line with normal font
#define TEXT_HEIGHT 16 // Height of text to be printed and scrolled
#define BOT_FIXED_AREA 0 // Number of lines in bottom fixed area (lines counted from bottom of screen)
#define TOP_FIXED_AREA 16 // Number of lines in top fixed area (lines counted from top of screen)

61
esp32_marauder/MenuFunctions.cpp
View File

@@ -8,20 +8,30 @@ MenuFunctions::MenuFunctions()
// Function to check menu input
void MenuFunctions::main()
{
boolean pressed = false;
// This is code from bodmer's keypad example
uint16_t t_x = 0, t_y = 0; // To store the touch coordinates
// Get the display buffer out of the way
if (wifi_scan_obj.currentScanMode != WIFI_SCAN_OFF)
if ((wifi_scan_obj.currentScanMode != WIFI_SCAN_OFF ) &&
(wifi_scan_obj.currentScanMode != WIFI_ATTACK_BEACON_SPAM))
display_obj.displayBuffer();
// Pressed will be set true is there is a valid touch on the screen
boolean pressed = display_obj.tft.getTouch(&t_x, &t_y);
int pre_getTouch = millis();
// getTouch causes a 10ms delay which makes beacon spam less effective
//if (wifi_scan_obj.currentScanMode == WIFI_SCAN_OFF)
pressed = display_obj.tft.getTouch(&t_x, &t_y);
//boolean pressed = false;
//Serial.print("getTouch: ");
//Serial.print(millis() - pre_getTouch);
//Serial.println("ms");
// This is if there are scans going on
// This is if there are scans/attacks going on
if ((wifi_scan_obj.currentScanMode != WIFI_SCAN_OFF) && (pressed))
//if ((wifi_scan_obj.currentScanMode != WIFI_SCAN_OFF) && (x != -1) && (y != -1))
{
@@ -30,6 +40,7 @@ void MenuFunctions::main()
(wifi_scan_obj.currentScanMode == WIFI_SCAN_AP) ||
(wifi_scan_obj.currentScanMode == WIFI_SCAN_ST) ||
(wifi_scan_obj.currentScanMode == WIFI_SCAN_ALL) ||
(wifi_scan_obj.currentScanMode == WIFI_ATTACK_BEACON_SPAM) ||
(wifi_scan_obj.currentScanMode == BT_SCAN_ALL) ||
(wifi_scan_obj.currentScanMode == BT_SCAN_SKIMMERS))
{
@@ -50,28 +61,31 @@ void MenuFunctions::main()
}
// / Check if any key coordinate boxes contain the touch coordinates
for (uint8_t b = 0; b < BUTTON_ARRAY_LEN; b++) {
if (pressed && key[b].contains(t_x, t_y)) {
key[b].press(true); // tell the button it is pressed
} else {
key[b].press(false); // tell the button it is NOT pressed
if ((wifi_scan_obj.currentScanMode != WIFI_ATTACK_BEACON_SPAM))
{
for (uint8_t b = 0; b < BUTTON_ARRAY_LEN; b++) {
if (pressed && key[b].contains(t_x, t_y)) {
key[b].press(true); // tell the button it is pressed
} else {
key[b].press(false); // tell the button it is NOT pressed
}
}
}
// Check if any key has changed state
for (uint8_t b = 0; b < BUTTON_ARRAY_LEN; b++) {
display_obj.tft.setFreeFont(MENU_FONT);
if (key[b].justPressed()) {
key[b].drawButton2(current_menu->list->get(b).name, true); // draw invert
// Check if any key has changed state
for (uint8_t b = 0; b < BUTTON_ARRAY_LEN; b++) {
display_obj.tft.setFreeFont(MENU_FONT);
if (key[b].justPressed()) {
key[b].drawButton2(current_menu->list->get(b).name, true); // draw invert
}
// If button was just release, execute the button's function
if (key[b].justReleased())
{
key[b].drawButton2(current_menu->list->get(b).name); // draw normal
current_menu->list->get(b).callable();
}
display_obj.tft.setFreeFont(NULL);
}
// If button was just release, execute the button's function
if (key[b].justReleased())
{
key[b].drawButton2(current_menu->list->get(b).name); // draw normal
current_menu->list->get(b).callable();
}
display_obj.tft.setFreeFont(NULL);
}
x = -1;
y = -1;
@@ -131,6 +145,7 @@ void MenuFunctions::RunSetup()
// Build WiFi attack menu
wifiAttackMenu.parentMenu = &wifiMenu; // Main Menu is second menu parent
addNodes(&wifiAttackMenu, "Back", TFT_RED, NULL, 0, [this](){changeMenu(wifiAttackMenu.parentMenu);});
addNodes(&wifiAttackMenu, "Beacon Spam Random", TFT_ORANGE, NULL, 1, [this](){wifi_scan_obj.StartScan(WIFI_ATTACK_BEACON_SPAM, TFT_ORANGE);});
// Build Bluetooth Menu
bluetoothMenu.parentMenu = &mainMenu; // Second Menu is third menu parent

144
esp32_marauder/WiFiScan.cpp
View File

@@ -1,5 +1,6 @@
#include "WiFiScan.h"
//esp_err_t esp_wifi_80211_tx(wifi_interface_t ifx, const void *buffer, int len, bool en_sys_seq);
class bluetoothScanAllCallback: public BLEAdvertisedDeviceCallbacks {
void onResult(BLEAdvertisedDevice advertisedDevice) {
@@ -112,12 +113,15 @@ WiFiScan::WiFiScan()
// Function to prepare to run a specific scan
void WiFiScan::StartScan(uint8_t scan_mode, uint16_t color)
{
//Serial.println("Starting Scan...");
if (scan_mode == WIFI_SCAN_OFF)
StopScan(scan_mode);
else if (scan_mode == WIFI_SCAN_PROBE)
RunProbeScan(scan_mode, color);
else if (scan_mode == WIFI_SCAN_AP)
RunBeaconScan(scan_mode, color);
else if (scan_mode == WIFI_ATTACK_BEACON_SPAM)
RunBeaconSpam(scan_mode, color);
else if (scan_mode == BT_SCAN_ALL)
RunBluetoothScan(scan_mode, color);
else if (scan_mode == BT_SCAN_SKIMMERS)
@@ -132,10 +136,10 @@ void WiFiScan::StopScan(uint8_t scan_mode)
if ((currentScanMode == WIFI_SCAN_PROBE) ||
(currentScanMode == WIFI_SCAN_AP) ||
(currentScanMode == WIFI_SCAN_ST) ||
(currentScanMode == WIFI_SCAN_ALL))
{
(currentScanMode == WIFI_SCAN_ALL) ||
(currentScanMode == WIFI_ATTACK_BEACON_SPAM))
esp_wifi_set_promiscuous(false);
}
else if ((currentScanMode == BT_SCAN_ALL) ||
(currentScanMode == BT_SCAN_SKIMMERS))
{
@@ -151,21 +155,31 @@ void WiFiScan::StopScan(uint8_t scan_mode)
display_obj.tteBar = false;
}
// Function for updating scan status
void WiFiScan::main(uint32_t currentTime)
// Function to prepare for beacon spam
void WiFiScan::RunBeaconSpam(uint8_t scan_mode, uint16_t color)
{
// WiFi operations
if ((currentScanMode == WIFI_SCAN_PROBE) ||
(currentScanMode == WIFI_SCAN_AP) ||
(currentScanMode == WIFI_SCAN_ST) ||
(currentScanMode == WIFI_SCAN_ALL))
{
if (currentTime - initTime >= 1000)
{
initTime = millis();
channelHop();
}
}
//Serial.println("Beacon Spam...");
display_obj.TOP_FIXED_AREA_2 = 32;
display_obj.tteBar = true;
display_obj.print_delay_1 = 15;
display_obj.print_delay_2 = 10;
display_obj.clearScreen();
display_obj.initScrollValues(true);
display_obj.tft.setTextWrap(false);
display_obj.tft.setTextColor(TFT_BLACK, color);
display_obj.tft.fillRect(0,0,240,16, color);
display_obj.tft.drawCentreString(" Beacon Spam Random ",120,0,2);
display_obj.touchToExit();
display_obj.tft.setTextColor(TFT_GREEN, TFT_BLACK);
packets_sent = 0;
//esp_wifi_set_mode(WIFI_MODE_STA);
WiFi.mode(WIFI_AP_STA);
esp_wifi_set_promiscuous_filter(NULL);
esp_wifi_set_promiscuous(true);
esp_wifi_set_max_tx_power(78);
initTime = millis();
//display_obj.clearScreen();
//Serial.println("End of func");
}
// Function to start running a beacon scan
@@ -397,6 +411,61 @@ void WiFiScan::probeSnifferCallback(void* buf, wifi_promiscuous_pkt_type_t type)
}
}
// Function for sending crafted beacon frames
void WiFiScan::broadcastRandomSSID(uint32_t currentTime) {
set_channel = random(1,12);
esp_wifi_set_channel(set_channel, WIFI_SECOND_CHAN_NONE);
delay(1);
// Randomize SRC MAC
packet[10] = packet[16] = random(256);
packet[11] = packet[17] = random(256);
packet[12] = packet[18] = random(256);
packet[13] = packet[19] = random(256);
packet[14] = packet[20] = random(256);
packet[15] = packet[21] = random(256);
packet[37] = 6;
// Randomize SSID (Fixed size 6. Lazy right?)
packet[38] = alfa[random(65)];
packet[39] = alfa[random(65)];
packet[40] = alfa[random(65)];
packet[41] = alfa[random(65)];
packet[42] = alfa[random(65)];
packet[43] = alfa[random(65)];
packet[56] = set_channel;
uint8_t postSSID[13] = {0x01, 0x08, 0x82, 0x84, 0x8b, 0x96, 0x24, 0x30, 0x48, 0x6c, //supported rate
0x03, 0x01, 0x04 /*DSSS (Current Channel)*/ };
// Add everything that goes after the SSID
for(int i = 0; i < 12; i++)
packet[38 + 6 + i] = postSSID[i];
//Serial.println("About to send packets...");
esp_wifi_80211_tx(WIFI_IF_AP, packet, sizeof(packet), false);
esp_wifi_80211_tx(WIFI_IF_AP, packet, sizeof(packet), false);
esp_wifi_80211_tx(WIFI_IF_AP, packet, sizeof(packet), false);
//esp_wifi_80211_tx(WIFI_IF_AP, packet, sizeof(packet), false);
//esp_wifi_80211_tx(WIFI_IF_AP, packet, sizeof(packet), false);
//esp_wifi_80211_tx(WIFI_IF_AP, packet, sizeof(packet), false);
packets_sent = packets_sent + 3;
//Serial.print("Packets sent: ");
//Serial.println(packets_sent);
//Serial.println("Sent packets");
}
//void WiFiScan::sniffer_callback(void* buf, wifi_promiscuous_pkt_type_t type) {
// wifi_promiscuous_pkt_t *snifferPacket = (wifi_promiscuous_pkt_t*)buf;
// showMetadata(snifferPacket, type);
@@ -412,3 +481,44 @@ void WiFiScan::channelHop()
esp_wifi_set_channel(set_channel, WIFI_SECOND_CHAN_NONE);
delay(1);
}
// Function for updating scan status
void WiFiScan::main(uint32_t currentTime)
{
// WiFi operations
if ((currentScanMode == WIFI_SCAN_PROBE) ||
(currentScanMode == WIFI_SCAN_AP) ||
(currentScanMode == WIFI_SCAN_ST) ||
(currentScanMode == WIFI_SCAN_ALL))
{
if (currentTime - initTime >= 1000)
{
initTime = millis();
channelHop();
}
}
else if ((currentScanMode == WIFI_ATTACK_BEACON_SPAM))
{
// Need this for loop because getTouch causes ~10ms delay
// which makes beacon spam less effective
for (int i = 0; i < 55; i++)
broadcastRandomSSID(currentTime);
if (currentTime - initTime >= 1000)
{
initTime = millis();
//Serial.print("packets/sec: ");
//Serial.println(packets_sent);
String displayString = "";
String displayString2 = "";
displayString.concat("packets/sec: ");
displayString.concat(packets_sent);
for (int x = 0; x < STANDARD_FONT_CHAR_LIMIT; x++)
displayString2.concat(" ");
display_obj.showCenterText(displayString2, 160);
display_obj.showCenterText(displayString, 160);
packets_sent = 0;
}
}
}

9
esp32_marauder/WiFiScan.h
View File

@@ -6,6 +6,7 @@
#include <BLEScan.h>
#include <BLEAdvertisedDevice.h>
#include <WiFi.h>
#include "esp_wifi.h"
#include "esp_wifi_types.h"
#include "Display.h"
@@ -24,6 +25,7 @@
extern Display display_obj;
esp_err_t esp_wifi_80211_tx(wifi_interface_t ifx, const void *buffer, int len, bool en_sys_seq);
class WiFiScan
{
@@ -32,11 +34,10 @@ class WiFiScan
bool run_setup = true;
int set_channel = 1;
int bluetoothScanTime = 5;
int packets_sent = 0;
const wifi_promiscuous_filter_t filt = {.filter_mask=WIFI_PROMIS_FILTER_MASK_MGMT | WIFI_PROMIS_FILTER_MASK_DATA};
BLEScan* pBLEScan;
esp_err_t esp_wifi_80211_tx(wifi_interface_t ifx, const void *buffer, int len, bool en_sys_seq);
String alfa = "1234567890qwertyuiopasdfghjkklzxcvbnm QWERTYUIOPASDFGHJKLZXCVBNM_";
char* prefix = "G";
@@ -70,6 +71,8 @@ class WiFiScan
/*36*/ 0x00
};
void broadcastRandomSSID(uint32_t currentTime);
void RunBeaconSpam(uint8_t scan_mode, uint16_t color);
void RunBeaconScan(uint8_t scan_mode, uint16_t color);
void RunProbeScan(uint8_t scan_mode, uint16_t color);
void RunBluetoothScan(uint8_t scan_mode, uint16_t color);
@@ -77,6 +80,8 @@ class WiFiScan
public:
WiFiScan();
void channelHop();
uint8_t currentScanMode = 0;

6
esp32_marauder/esp32_marauder.ino
View File

@@ -47,12 +47,18 @@ void setup()
void loop()
{
// get the current time
//if ((wifi_scan_obj.currentScanMode != WIFI_ATTACK_BEACON_SPAM))
currentTime = millis();
// Update all of our objects
display_obj.main();
wifi_scan_obj.main(currentTime);
//if ((wifi_scan_obj.currentScanMode != WIFI_ATTACK_BEACON_SPAM))
menu_function_obj.main();
//Serial.print("Run Time: ");
//Serial.print(millis() - currentTime);
//Serial.println("ms");
delay(1);
}