void send_auth(struct params *p)
{
char buf[2048];
struct ieee80211_frame *wh;
char *data;
int len;
memset(buf, 0, sizeof(buf));
wh = (struct ieee80211_frame*) buf;
fill_basic(wh, p);
wh->i_fc[0] |= IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_AUTH;
data = (char*) (wh + 1);
/* algo */
*data++ = 0;
*data++ = 0;
/* transaction no. */
*data++ = 1;
*data++ = 0;
/* status code */
*data++ = 0;
*data++ = 0;
len = data - (char*)wh;
send_frame(p, buf, len);
}
void send_auth(struct params* p, char *mac)
{
char buf[4096];
struct ieee80211_frame *wh;
unsigned short *ptr;
int len;
wh = (struct ieee80211_frame*) buf;
memset(buf, 0, sizeof(buf));
fill_basic(wh, p);
memcpy(wh->i_addr1, mac, 6);
memcpy(wh->i_addr3, p->mac, 6);
wh->i_fc[0] |= IEEE80211_FC0_TYPE_MGT;
wh->i_fc[0] |= IEEE80211_FC0_SUBTYPE_AUTH;
ptr = (unsigned short*) (wh+1);
*ptr++ = htole16(0);
*ptr++ = htole16(2);
*ptr++ = htole16(0);
len = ((char*)ptr) - ((char*) wh);
printf("sending auth\n");
send_frame(p, wh, len);
}
void send_probe_request(struct params *p)
{
char buf[2048];
struct ieee80211_frame *wh;
char *data;
int len;
memset(buf, 0, sizeof(buf));
wh = (struct ieee80211_frame*) buf;
fill_basic(wh, p);
wh->i_fc[0] |= IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_REQ;
memset(wh->i_addr1, 0xFF, 6);
memset(wh->i_addr3, 0xFF, 6);
data = (char*) (wh + 1);
*data++ = 0; /* SSID */
*data++ = strlen(p->ssid);
strcpy(data, p->ssid);
data += strlen(p->ssid);
*data++ = 1; /* rates */
*data++ = 4;
*data++ = 2 | 0x80;
*data++ = 4 | 0x80;
*data++ = 11;
*data++ = 22;
len = data - (char*)wh;
send_frame(p, buf, len);
}
void send_assoc(struct params *p, char *mac)
{
char buf[4096];
struct ieee80211_frame *wh;
char *ptr;
int len;
wh = (struct ieee80211_frame*) buf;
memset(buf, 0, sizeof(buf));
fill_basic(wh, p);
memcpy(wh->i_addr1, mac, 6);
memcpy(wh->i_addr3, p->mac, 6);
wh->i_fc[0] |= IEEE80211_FC0_TYPE_MGT;
wh->i_fc[0] |= IEEE80211_FC0_SUBTYPE_ASSOC_RESP;
ptr = (char*) (wh+1);
*ptr |= IEEE80211_CAPINFO_ESS;
ptr += 2; /* cap */
ptr += 2; /* status */
ptr += 2; /* aid */
/* rates */
*ptr++ = 1;
*ptr++ = 4;
*ptr++ = 2 | 0x80;
*ptr++ = 4 | 0x80;
*ptr++ = 11;
*ptr++ = 22;
len = ptr - ((char*) wh);
printf("sending assoc response\n");
send_frame(p, wh, len);
}
void send_beacon(struct params *p)
{
char buf[4096];
struct ieee80211_frame *wh;
int len;
char *ptr;
wh = (struct ieee80211_frame*) buf;
memset(buf, 0, sizeof(buf));
fill_basic(wh, p);
memset(wh->i_addr1, 0xff, 6);
memcpy(wh->i_addr3, p->mac, 6);
wh->i_fc[0] |= IEEE80211_FC0_TYPE_MGT;
wh->i_fc[0] |= IEEE80211_FC0_SUBTYPE_BEACON;
len = fill_beacon(p, wh);
/* TIM */
ptr = (char*)wh + len;
*ptr++ = 5;
*ptr++ = 4;
len += 2+4;
#if 0
printf("sending beacon\n");
#endif
send_frame(p, wh, len);
if (gettimeofday(&p->blast, NULL) == -1)
err(1, "gettimeofday()");
}
static void prepare_fragstate(struct wstate *ws, struct frag_state* fs, int pad)
{
fs->fs_waiting_relay = 0;
fs->fs_len = 8 + 8 + 20 + pad;
fs->fs_data = (unsigned char*) malloc(fs->fs_len);
if(!fs->fs_data) {
perror("malloc()");
exit(1);
}
fs->fs_ptr = fs->fs_data;
do_llc(fs->fs_data, ETHERTYPE_ARP);
do_arp(&fs->fs_data[8], ARPOP_REQUEST,
ws->ws_mymac, ws->ws_myip,
(unsigned char*) "\x00\x00\x00\x00\x00\x00", "192.168.0.1");
memset(&fs->fs_wh, 0, sizeof(fs->fs_wh));
fill_basic(ws, &fs->fs_wh);
memset(fs->fs_wh.i_addr3, 0xff, 6);
fs->fs_wh.i_fc[0] |= IEEE80211_FC0_TYPE_DATA;
fs->fs_wh.i_fc[1] |= IEEE80211_FC1_DIR_TODS |
IEEE80211_FC1_MORE_FRAG |
IEEE80211_FC1_WEP;
memset(&fs->fs_data[8+8+20], 0, pad);
}
static void send_auth(struct wstate *ws)
{
unsigned char buf[128];
struct ieee80211_frame* wh = (struct ieee80211_frame*) buf;
unsigned short* n;
memset(buf, 0, sizeof(buf));
fill_basic(ws, wh);
wh->i_fc[0] |= IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_AUTH;
n = (unsigned short*) ((unsigned char*) wh + sizeof(*wh));
n++;
*n = htole16(1);
send_frame(ws, buf, sizeof(*wh) + 2 + 2 + 2);
}
static void send_assoc(struct wstate *ws)
{
unsigned char buf[128];
struct ieee80211_frame* wh = (struct ieee80211_frame*) buf;
unsigned char* body;
int ssidlen;
memset(buf, 0, sizeof(buf));
fill_basic(ws, wh);
wh->i_fc[0] |= IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_ASSOC_REQ;
body = (unsigned char*) wh + sizeof(*wh);
*body = 1 | IEEE80211_CAPINFO_PRIVACY; // cap
// cap + interval
body += 2 + 2;
// ssid
*body++ = 0;
ssidlen = strlen(ws->ws_ssid);
*body++ = ssidlen;
memcpy(body, ws->ws_ssid, ssidlen);
body += ssidlen;
// rates
*body++ = IEEE80211_ELEMID_RATES;
*body++ = 8;
*body++ = 2 | 0x80;
*body++ = 4 | 0x80;
*body++ = 11 | 0x80;
*body++ = 22 | 0x80;
*body++ = 12 | 0x80;
*body++ = 24 | 0x80;
*body++ = 48 | 0x80;
*body++ = 72;
/* x-rates */
*body++ = IEEE80211_ELEMID_XRATES;
*body++ = 4;
*body++ = 48;
*body++ = 72;
*body++ = 96;
*body++ = 108;
send_frame(ws, buf, (unsigned long)body - (unsigned long)buf);
}
void send_assoc(struct params *p)
{
union {
struct ieee80211_frame w;
char buf[2048];
} u;
struct ieee80211_frame *wh;
char *data;
int len, capinfo, lintval;
memset(&u, 0, sizeof(u));
wh = (struct ieee80211_frame*) &u.w;
fill_basic(wh, p);
wh->i_fc[0] |= IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_ASSOC_REQ;
data = (char*) (wh + 1);
/* capability */
capinfo = IEEE80211_CAPINFO_ESS;
if (p->wep_len)
capinfo |= IEEE80211_CAPINFO_PRIVACY;
*(uint16_t *)data = htole16(capinfo);
data += 2;
/* listen interval */
*(uint16_t *)data = htole16(100);
data += 2;
data = ieee80211_add_ssid(data, p->ssid, strlen(p->ssid));
*data++ = 1; /* rates */
*data++ = 4;
*data++ = 2 | 0x80;
*data++ = 4 | 0x80;
*data++ = 11;
*data++ = 22;
len = data - (char*)wh;
send_frame(p, u.buf, len);
}
void send_pres(struct params *p, char *mac)
{
char buf[4096];
struct ieee80211_frame *wh;
int len;
wh = (struct ieee80211_frame*) buf;
memset(buf, 0, sizeof(buf));
fill_basic(wh, p);
memcpy(wh->i_addr1, mac, 6);
memcpy(wh->i_addr3, p->mac, 6);
wh->i_fc[0] |= IEEE80211_FC0_TYPE_MGT;
wh->i_fc[0] |= IEEE80211_FC0_SUBTYPE_PROBE_RESP;
len = fill_beacon(p, wh);
printf("sending probe response\n");
send_frame(p, wh, len);
}
void read_tap(struct params *p)
{
char buf[4096];
char *ptr;
int len = sizeof(buf);
int offset;
char src[6], dst[6];
struct ieee80211_frame *wh;
int rd;
ptr = buf;
offset = sizeof(struct ieee80211_frame) + 8 - 14;
if (p->wep_len)
offset += 4;
ptr += offset;
len -= offset;
/* read packet */
memset(buf, 0, sizeof(buf));
rd = read(p->tap, ptr, len);
if (rd == -1)
err(1, "read()");
/* 802.11 header */
wh = (struct ieee80211_frame*) buf;
memcpy(dst, ptr, sizeof(dst));
memcpy(src, ptr+6, sizeof(src));
fill_basic(wh, p);
memcpy(wh->i_addr3, src, sizeof(wh->i_addr3));
memcpy(wh->i_addr1, dst, sizeof(wh->i_addr1));
wh->i_fc[0] |= IEEE80211_FC0_TYPE_DATA;
wh->i_fc[1] |= IEEE80211_FC1_DIR_FROMDS;
if (p->wep_len)
wh->i_fc[1] |= IEEE80211_FC1_PROTECTED;
/* LLC & SNAP */
ptr = (char*) (wh+1);
if (p->wep_len)
ptr += 4;
*ptr++ = 0xAA;
*ptr++ = 0xAA;
*ptr++ = 0x03;
*ptr++ = 0x00;
*ptr++ = 0x00;
*ptr++ = 0x00;
/* ether type overlaps w00t */
rd += offset;
/* WEP */
if (p->wep_len) {
ptr = (char*) (wh+1);
memcpy(ptr, &p->wep_iv, 3);
ptr[3] = 0;
p->wep_iv++;
wep_encrypt(wh, rd, p->wep_key, p->wep_len);
rd += 4; /* ICV */
}
send_frame(p, wh, rd);
}
