/* Wrapper function for Radio Tap / Dot11 / LLC */
const void *build_snap_packet(size_t *len)
{
const void *rt_header = NULL, *dot11_header = NULL, *llc_header = NULL, *packet = NULL;
size_t rt_len = 0, dot11_len = 0, llc_len = 0, packet_len = 0;
rt_header = build_radio_tap_header(&rt_len);
dot11_header = build_dot11_frame_header(FC_STANDARD, &dot11_len);
llc_header = build_llc_header(&llc_len);
if(rt_header && dot11_header && llc_header)
{
packet_len = rt_len + dot11_len + llc_len;
packet = malloc(packet_len);
if(packet)
{
memset((void *) packet, 0, packet_len);
memcpy((void *) packet, rt_header, rt_len);
memcpy((void *) ((char *) packet+rt_len), dot11_header, dot11_len);
memcpy((void *) ((char *) packet+rt_len+dot11_len), llc_header, llc_len);
*len = packet_len;
}
free((void *) rt_header);
free((void *) dot11_header);
free((void *) llc_header);
}
return packet;
}
/* Authenticate ourselves with the AP */
void authenticate()
{
const void *radio_tap = NULL, *dot11_frame = NULL, *management_frame = NULL, *packet = NULL;
size_t radio_tap_len = 0, dot11_frame_len = 0, management_frame_len = 0, packet_len = 0;
radio_tap = build_radio_tap_header(&radio_tap_len);
dot11_frame = build_dot11_frame_header(FC_AUTHENTICATE, &dot11_frame_len);
management_frame = build_authentication_management_frame(&management_frame_len);
packet_len = radio_tap_len + dot11_frame_len + management_frame_len;
if(radio_tap && dot11_frame && management_frame)
{
packet = malloc(packet_len);
if(packet)
{
memset((void *) packet, 0, packet_len);
memcpy((void *) packet, radio_tap, radio_tap_len);
memcpy((void *) ((char *) packet+radio_tap_len), dot11_frame, dot11_frame_len);
memcpy((void *) ((char *) packet+radio_tap_len+dot11_frame_len), management_frame, management_frame_len);
pcap_inject(get_handle(), packet, packet_len);
free((void *) packet);
}
}
if(radio_tap) free((void *) radio_tap);
if(dot11_frame) free((void *) dot11_frame);
if(management_frame) free((void *) management_frame);
return;
}
/* Deauthenticate ourselves from the AP */
void deauthenticate()
{
const void *radio_tap = NULL, *dot11_frame = NULL, *packet = NULL;
size_t radio_tap_len = 0, dot11_frame_len = 0, packet_len = 0;
radio_tap = build_radio_tap_header(&radio_tap_len);
dot11_frame = build_dot11_frame_header(FC_DEAUTHENTICATE, &dot11_frame_len);
packet_len = radio_tap_len + dot11_frame_len + DEAUTH_REASON_CODE_SIZE;
if(radio_tap && dot11_frame)
{
packet = malloc(packet_len);
if(packet)
{
memset((void *) packet, 0, packet_len);
memcpy((void *) packet, radio_tap, radio_tap_len);
memcpy((void *) ((char *) packet+radio_tap_len), dot11_frame, dot11_frame_len);
memcpy((void *) ((char *) packet+radio_tap_len+dot11_frame_len), DEAUTH_REASON_CODE, DEAUTH_REASON_CODE_SIZE);
pcap_inject(get_handle(), packet, packet_len);
free((void *) packet);
}
}
if(radio_tap) free((void *) radio_tap);
if(dot11_frame) free((void *) dot11_frame);
return;
}
/* Authenticate ourselves with the AP */
static void authenticate(void)
{
size_t radio_tap_len, dot11_frame_len, management_frame_len, packet_len, offset;
struct radio_tap_header radio_tap;
struct dot11_frame_header dot11_frame;
struct authentication_management_frame management_frame;
radio_tap_len = build_radio_tap_header(&radio_tap);
dot11_frame_len = build_dot11_frame_header(&dot11_frame, FC_AUTHENTICATE);
management_frame_len = build_authentication_management_frame(&management_frame);
packet_len = radio_tap_len + dot11_frame_len + management_frame_len;
unsigned char packet[ sizeof (struct radio_tap_header)
+ sizeof (struct dot11_frame_header)
+ sizeof (struct authentication_management_frame)];
assert(packet_len == sizeof packet);
offset = 0;
memcpy(packet + offset, &radio_tap, radio_tap_len);
offset += radio_tap_len;
memcpy(packet + offset, &dot11_frame, dot11_frame_len);
offset += dot11_frame_len;
memcpy(packet + offset, &management_frame, management_frame_len);
send_packet(packet, packet_len, 1);
cprintf(VERBOSE, "[+] Sending authentication request\n");
}
/* Associate with the AP */
static void associate(void)
{
size_t radio_tap_len, dot11_frame_len, management_frame_len, ssid_tag_len,
wps_tag_len, rates_tag_len, ht_tag_len, packet_len, offset = 0;
struct radio_tap_header radio_tap;
struct dot11_frame_header dot11_frame;
struct association_request_management_frame management_frame;
char *essid = get_ssid();
if(!essid) essid = "";
unsigned char ssid_tag[sizeof (struct tagged_parameter) + IW_ESSID_MAX_SIZE];
unsigned char rates_tag[128];
unsigned char wps_tag[sizeof (struct tagged_parameter) + WPS_TAG_SIZE];
unsigned char ht_tag[128];
radio_tap_len = build_radio_tap_header(&radio_tap);
dot11_frame_len = build_dot11_frame_header(&dot11_frame, FC_ASSOCIATE);
management_frame_len = build_association_management_frame(&management_frame);
ssid_tag_len = build_ssid_tagged_parameter(ssid_tag, essid);
rates_tag_len = build_supported_rates_tagged_parameter(rates_tag, sizeof rates_tag);
wps_tag_len = build_wps_tagged_parameter(wps_tag);
if(!NO_REPLAY_HTCAPS) {
ht_tag_len = build_htcaps_parameter(ht_tag, sizeof ht_tag);
} else {
ht_tag_len = 0;
}
packet_len = radio_tap_len + dot11_frame_len + management_frame_len + ssid_tag_len + wps_tag_len + rates_tag_len + ht_tag_len;
unsigned char packet[512];
assert(packet_len < sizeof packet);
memcpy(packet, &radio_tap, radio_tap_len);
offset += radio_tap_len;
memcpy(packet+offset, &dot11_frame, dot11_frame_len);
offset += dot11_frame_len;
memcpy(packet+offset, &management_frame, management_frame_len);
offset += management_frame_len;
memcpy(packet+offset, ssid_tag, ssid_tag_len);
offset += ssid_tag_len;
memcpy(packet+offset, rates_tag, rates_tag_len);
offset += rates_tag_len;
memcpy(packet+offset, ht_tag, ht_tag_len);
offset += ht_tag_len;
memcpy(packet+offset, wps_tag, wps_tag_len);
send_packet(packet, packet_len, 1);
cprintf(VERBOSE, "[+] Sending association request\n");
}
const void *build_wps_probe_request(unsigned char *bssid, char *essid, size_t *len)
{
struct tagged_parameter ssid_tag = { 0 };
const void *rt_header = NULL, *dot11_header = NULL, *packet = NULL;
size_t offset = 0, rt_len = 0, dot11_len = 0, ssid_tag_len = 0, packet_len = 0;
if(essid != NULL)
{
ssid_tag.len = (uint8_t) strlen(essid);
}
else
{
ssid_tag.len = 0;
}
ssid_tag.number = SSID_TAG_NUMBER;
ssid_tag_len = ssid_tag.len + sizeof(struct tagged_parameter);
rt_header = build_radio_tap_header(&rt_len);
dot11_header = build_dot11_frame_header(FC_PROBE_REQUEST, &dot11_len);
if(rt_header && dot11_header)
{
packet_len = rt_len + dot11_len + ssid_tag_len + WPS_PROBE_IE_SIZE;
packet = malloc(packet_len);
if(packet)
{
memset((void *) packet, 0, packet_len);
memcpy((void *) packet, rt_header, rt_len);
offset += rt_len;
memcpy((void *) ((char *) packet+offset), dot11_header, dot11_len);
offset += dot11_len;
memcpy((void *) ((char *) packet+offset), (void *) &ssid_tag, sizeof(ssid_tag));
offset += sizeof(ssid_tag);
memcpy((void *) ((char *) packet+offset), essid, ssid_tag.len);
offset += ssid_tag.len;
memcpy((void *) ((char *) packet+offset), WPS_PROBE_IE, WPS_PROBE_IE_SIZE);
offset += WPS_PROBE_IE_SIZE;
*len = packet_len;
}
}
if(rt_header) free((void *) rt_header);
if(dot11_header) free((void *) dot11_header);
return packet;
}
/* Associate with the AP */
void associate()
{
const void *radio_tap = NULL, *dot11_frame = NULL, *management_frame = NULL, *ssid_tag = NULL, *wps_tag = NULL, *rates_tag = NULL, *packet = NULL;
size_t radio_tap_len = 0, dot11_frame_len = 0, management_frame_len = 0, ssid_tag_len = 0, wps_tag_len = 0, rates_tag_len = 0, packet_len = 0, offset = 0;
radio_tap = build_radio_tap_header(&radio_tap_len);
dot11_frame = build_dot11_frame_header(FC_ASSOCIATE, &dot11_frame_len);
management_frame = build_association_management_frame(&management_frame_len);
ssid_tag = build_ssid_tagged_parameter(&ssid_tag_len);
rates_tag = build_supported_rates_tagged_parameter(&rates_tag_len);
wps_tag = build_wps_tagged_parameter(&wps_tag_len);
packet_len = radio_tap_len + dot11_frame_len + management_frame_len + ssid_tag_len + wps_tag_len + rates_tag_len;
if(radio_tap && dot11_frame && management_frame && ssid_tag && wps_tag && rates_tag)
{
packet = malloc(packet_len);
if(packet)
{
memset((void *) packet, 0, packet_len);
memcpy((void *) packet, radio_tap, radio_tap_len);
offset += radio_tap_len;
memcpy((void *) ((char *) packet+offset), dot11_frame, dot11_frame_len);
offset += dot11_frame_len;
memcpy((void *) ((char *) packet+offset), management_frame, management_frame_len);
offset += management_frame_len;
memcpy((void *) ((char *) packet+offset), ssid_tag, ssid_tag_len);
offset += ssid_tag_len;
memcpy((void *) ((char *) packet+offset), rates_tag, rates_tag_len);
offset += rates_tag_len;
memcpy((void *) ((char *) packet+offset), wps_tag, wps_tag_len);
pcap_inject(get_handle(), packet, packet_len);
free((void *) packet);
}
}
if(radio_tap) free((void *) radio_tap);
if(dot11_frame) free((void *) dot11_frame);
if(management_frame) free((void *) management_frame);
if(ssid_tag) free((void *) ssid_tag);
if(wps_tag) free((void *) wps_tag);
if(rates_tag) free((void *) rates_tag);
return;
}
/* Deauthenticate ourselves from the AP */
static void deauthenticate(void)
{
size_t radio_tap_len, dot11_frame_len, packet_len, offset = 0;
struct radio_tap_header radio_tap;
struct dot11_frame_header dot11_frame;
radio_tap_len = build_radio_tap_header(&radio_tap);
dot11_frame_len = build_dot11_frame_header(&dot11_frame, FC_DEAUTHENTICATE);
packet_len = radio_tap_len + dot11_frame_len + DEAUTH_REASON_CODE_SIZE;
unsigned char packet[sizeof radio_tap + sizeof dot11_frame + DEAUTH_REASON_CODE_SIZE];
assert(sizeof packet == packet_len);
memcpy(packet, &radio_tap, radio_tap_len);
offset += radio_tap_len;
memcpy(packet + offset, &dot11_frame, dot11_frame_len);
offset += dot11_frame_len;
memcpy(packet + offset, DEAUTH_REASON_CODE, DEAUTH_REASON_CODE_SIZE);
send_packet(packet, packet_len, 1);
}
