int cygwin_inject(void *buf, int len, struct tx_info *ti)
{
if (AirpcapWrite (airpcap_handle, buf, len) != 1)
return -1;
return len;
}
////////////////////////////////////////////////////////////////////////
// sendProbeResponse
////////////////////////////////////////////////////////////////////////
// Sends the echo request and looks for a response.
//
// Params: Ad - An open handle to a device.
// p_ppi - Pointer to the first byte of the request buffer
//
// Returns - None.
////////////////////////////////////////////////////////////////////////
void sendProbeResponse(PAirpcapHandle Ad, p_ppi_packet_header p_ppi)
{
int i;
p_probe_header src_pr_hdr, dst_pr_hdr;
p_ppi_80211_common_header dst_ppi_common_hdr, src_ppi_common_hdr;
//
// Match the transmit rate of the probe response to the
// recieve rate of the probe request. We must make sure that
// the needed section of PPI is in place before we start
// copying the rate, however.
//
if (((p_ppi_fieldheader)((u_int8*)p_ppi + sizeof(ppi_packet_header)))->pfh_type == 2 &&
((p_ppi_fieldheader)((u_int8*)p_ppi + sizeof(ppi_packet_header)))->pfh_datalen == 20)
{
dst_ppi_common_hdr = (p_ppi_80211_common_header)((u_int8*)probe + sizeof(ppi_packet_header) + sizeof(ppi_fieldheader));
src_ppi_common_hdr = (p_ppi_80211_common_header)((u_int8*)p_ppi + sizeof(ppi_packet_header) + sizeof(ppi_fieldheader));
dst_ppi_common_hdr->rate = src_ppi_common_hdr->rate;
}
//
// Get the Probe Request Header and the Probe Response Header
//
src_pr_hdr = (p_probe_header)((u_int8*)p_ppi + p_ppi->PphLength);
dst_pr_hdr = (p_probe_header)((u_int8*)probe + ((p_ppi_packet_header)(probe))->PphLength);
//
// Copy the source ethernet address from the probe request into
// the destination address of the probe response. Also copy the
// source ethernet address from the probe request to the BSSID
// address of the probe response.
//
memcpy(dst_pr_hdr->dst_eth.octet, src_pr_hdr->src_eth.octet, 6);
memcpy(dst_pr_hdr->bss_eth.octet, src_pr_hdr->src_eth.octet, 6);
//
// Send three times
//
for (i=0; i<3; i++)
{
AirpcapWrite(Ad, (char*)probe, probe_total_length);
Sleep(1);
}
}
int airpcap_send(struct tx80211 *in_tx, struct tx80211_packet *in_pkt)
{
struct airpcap_data *apcap = in_tx->extra;
struct tx80211_radiotap_header *rtaphdr;
PCHAR pkt;
int channel;
ULONG len;
len = (in_pkt->plen + TX80211_RTAP_LEN);
pkt = malloc(len);
if (pkt == NULL) {
snprintf(in_tx->errstr, TX80211_STATUS_MAX,
"Unable to allocate memory buffer "
"for send function");
return TX80211_ENOMEM;
}
memset(pkt, 0, len);
channel = tx80211_getchannel(in_tx);
/* Setup radiotap header */
rtaphdr = (struct tx80211_radiotap_header *)pkt;
rtaphdr->it_version = 0;
rtaphdr->it_pad = 0;
rtaphdr->it_len = tx80211_le16(TX80211_RTAP_LEN);
rtaphdr->it_present = tx80211_le32(TX80211_RTAP_PRESENT);
rtaphdr->wr_flags = 0;
if (in_pkt->txrate == 0) {
/* Airpcap can't handle a rate of 0, set to 2 Mbps as default */
rtaphdr->wr_rate = TX80211_RATE_2MB;
} else {
rtaphdr->wr_rate = in_pkt->txrate;
}
rtaphdr->wr_chan_freq = tx80211_chan2mhz(channel);
switch(in_pkt->modulation) {
case TX80211_MOD_DEFAULT:
rtaphdr->wr_chan_flags = 0;
break;
case TX80211_MOD_DSSS:
rtaphdr->wr_chan_flags =
tx80211_le16(TX80211_RTAP_CHAN_B);
break;
case TX80211_MOD_OFDM:
/* OFDM can be 802.11g or 802.11a */
if (channel <= 14) {
/* 802.11g network */
rtaphdr->wr_chan_flags =
tx80211_le16(TX80211_RTAP_CHAN_G);
} else {
rtaphdr->wr_chan_flags =
tx80211_le16(TX80211_RTAP_CHAN_A);
}
break;
case TX80211_MOD_TURBO:
/* Turbo can be 802.11g or 802.11a */
if (channel <= 14) {
/* 802.11g network */
rtaphdr->wr_chan_flags =
tx80211_le16(TX80211_RTAP_CHAN_TG);
} else {
rtaphdr->wr_chan_flags =
tx80211_le16(TX80211_RTAP_CHAN_TA);
}
break;
default:
snprintf(in_tx->errstr, TX80211_STATUS_MAX,
"Unsupported modulation mechanism "
"specified in send function.");
return TX80211_ENOTSUPP;
}
memcpy(pkt + TX80211_RTAP_LEN, in_pkt->packet, in_pkt->plen);
if (AirpcapWrite(apcap->ad, pkt, len) != 1) {
free(pkt);
snprintf(in_tx->errstr, TX80211_STATUS_MAX,
"Error sending packet: %s",
AirpcapGetLastError(apcap->ad));
return TX80211_ETXFAILED;
}
free(pkt);
return (len - TX80211_RTAP_LEN);
}
////////////////////////////////////////////////////////////////////////
// main
////////////////////////////////////////////////////////////////////////
int main(int argc, char **argv)
{
PAirpcapHandle Ad;
u_int channel;
char name[255];
char* p;
beacon_total_length = 0;
probe_total_length = 0;
//
// Ask the user to select an adapter. Configure it and open it.
//
Ad = getAirPcapAdapter();
if (Ad == NULL)
{
exitApp(-1);
}
//
// Get adapter channel
//
if (!AirpcapGetDeviceChannel(Ad, &channel))
{
printf("Error: error getting adapter channel.");
exitApp(-1);
}
while(TRUE)
{
//
// Get AP name from user
//
printf("AP Name: ");
flushall(); /* kill any characters left in buffer */
fgets(name, sizeof(name), stdin);
//
// Remove the ending \n from the string
//
if((p = strchr(name, '\n')) != NULL)
*p = '\0';
//
// Max length of AP name is 32 characters
//
if (strlen(name) <= 32)
{
break;
}
else
{
printf("Error: AP name too long. Name must be 32 characters or less.\n\n");
}
}
//
// Now that we know the AP name and channel we
// can make the beacon and probe response packets.
//
makePackets(name, (u_int8)channel);
//
// Start the listening thread
//
_beginthread(listenForProbeRequest, 0, Ad);
//
// Start looking for user exit key
//
_beginthread(waitForExit, 0, NULL);
//
// Notify the user that we are up and running
//
printf("\nStarted on channel %u!\n", channel);
while (TRUE)
{
//
// Send off a beacon
//
if (!AirpcapWrite(Ad, (char*)beacon, beacon_total_length))
{
printf("\nError sending beacon: %s\n", AirpcapGetLastError(Ad));
exitApp(-1);
}
//
// Wait 50ms
//
Sleep(50);
}
return 0;
}
