static void
PyLorcon2_Context_dealloc(PyLorcon2_Context *self)
{
if(self->context != NULL)
lorcon_free(self->context);
self->ob_type->tp_free((PyObject*)self);
}
int main(int argc, char *argv[]) {
char *interface = NULL, *ssid = NULL;
int c, channel;
unsigned int count=0;
lorcon_driver_t *drvlist, *driver; // Needed to set up interface/context
lorcon_t *context; // LORCON context
// Beacon Interval
int interval = 100;
// Raw packet bytes (from capture_example.c included within LORCON)
unsigned char packet[115] = {
0x80, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, // dur ffff
0xff, 0xff, 0x00, 0x0f, 0x66, 0xe3, 0xe4, 0x03,
0x00, 0x0f, 0x66, 0xe3, 0xe4, 0x03, 0x00, 0x00, // 0x0000 - seq no.
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, // BSS timestamp
0x64, 0x00, 0x11, 0x00, 0x00, 0x0f, 0x73, 0x6f,
0x6d, 0x65, 0x74, 0x68, 0x69, 0x6e, 0x67, 0x63,
0x6c, 0x65, 0x76, 0x65, 0x72, 0x01, 0x08, 0x82,
0x84, 0x8b, 0x96, 0x24, 0x30, 0x48, 0x6c, 0x03,
0x01, 0x01, 0x05, 0x04, 0x00, 0x01, 0x00, 0x00,
0x2a, 0x01, 0x05, 0x2f, 0x01, 0x05, 0x32, 0x04,
0x0c, 0x12, 0x18, 0x60, 0xdd, 0x05, 0x00, 0x10,
0x18, 0x01, 0x01, 0xdd, 0x16, 0x00, 0x50, 0xf2,
0x01, 0x01, 0x00, 0x00, 0x50, 0xf2, 0x02, 0x01,
0x00, 0x00, 0x50, 0xf2, 0x02, 0x01, 0x00, 0x00,
0x50, 0xf2, 0x02};
printf ("%s - Simple 802.11 beacon flooder\n", argv[0]);
printf ("-----------------------------------------------------\n\n");
/*
This handles all of the command line arguments
*/
while ((c = getopt(argc, argv, "i:s:hc:")) != EOF) {
switch (c) {
case 'i':
interface = strdup(optarg);
break;
case 'c':
channel = atoi(optarg);
break;
case 'h':
usage(argv);
break;
default:
usage(argv);
break;
}
}
if ( interface == NULL ) {
printf ("ERROR: Interface not set (see -h for more info)\n");
return -1;
}
printf("[+] Using interface %s\n",interface);
/*
The following is all of the standard interface, driver, and context setup
*/
// Automatically determine the driver of the interface
if ( (driver = lorcon_auto_driver(interface)) == NULL) {
printf("[!] Could not determine the driver for %s\n",interface);
return -1;
} else {
printf("[+]\t Driver: %s\n",driver->name);
}
// Create LORCON context
if ((context = lorcon_create(interface, driver)) == NULL) {
printf("[!]\t Failed to create context");
return -1;
}
// Create Monitor Mode Interface
if (lorcon_open_injmon(context) < 0) {
printf("[!]\t Could not create Monitor Mode interface!\n");
return -1;
} else {
printf("[+]\t Monitor Mode VAP: %s\n",lorcon_get_vap(context));
lorcon_free_driver_list(driver);
}
// Set the channel we'll be injecting on
lorcon_set_channel(context, channel);
printf("[+]\t Using channel: %d\n\n",channel);
/*
The following is the packet creation and sending code
*/
// Keep sending frames until interrupted
while(1) {
// Send and exit if error
if ( lorcon_send_bytes(context, sizeof(packet), packet) < 0 )
return -1;
// Wait interval before next beacon
usleep(interval * 1000);
// Print nice and pretty
printf("\033[K\r");
printf("[+] Sent %d frames, Hit CTRL + C to stop...", count);
fflush(stdout);
count++;
}
/*
The following is all of the standard cleanup stuff
*/
// Close the interface
lorcon_close(context);
// Free the LORCON Context
lorcon_free(context);
return 0;
}
void DeviceProxy_dot11::disconnect() {
// Free the LORCON Context
lorcon_free(context);
p_is_connected = false;
}
void Lorcon_free(struct rldev *rld) {
if (rld->context != NULL)
lorcon_free(rld->context);
}
int main(int argc, char *argv[])
{
// WEP encrypted packet
unsigned char packet[108] = {
0x08, 0x41, 0x0a, 0x00, 0x00, 0x03, 0x1b, 0xc2,
0x45, 0x33, 0x00, 0x1b, 0x4b, 0x29, 0x61, 0xb1,
0xff, 0x10, 0x07, 0x00, 0x12, 0x53, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3e, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00,
0x00, 0x00, 0x75, 0x41, 0x37, 0x5a, 0x4b, 0xbc,
0x55, 0x69, 0x07, 0x58, 0x4c, 0x03, 0xf4, 0xa7,
0x69, 0xbc, 0xdf, 0x46, 0x27, 0x4d, 0xd0, 0xb6,
0xcc, 0x7c, 0x8b, 0x8b, 0x46, 0x06, 0x30, 0x72,
0x67, 0x72, 0x5d, 0x49, 0xe6, 0x0a, 0xfb, 0x74,
0xef, 0x59, 0x1c, 0x24, 0x0b, 0x07, 0x60, 0xee,
0x1b, 0x87, 0xf1, 0x6f, 0x3a, 0x88, 0x54, 0x25,
0x5a, 0x90, 0xb4, 0x68
};
//ACK frame
/*
unsigned char packet[10] = {
0xd4, 0x00, 0x00, 0x00, 0x00, 0x0f, 0x66, 0xe3,
0x76, 0x3b};
*/
// Beacon frame
/*
unsigned char packet[115] = {
0x80, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, // dur ffff
0xff, 0xff, 0x00, 0x0f, 0x66, 0xe3, 0xe4, 0x03,
0x00, 0x0f, 0x66, 0xe3, 0xe4, 0x03, 0x00, 0x00, // 0x0000 - seq no.
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, // BSS timestamp
0x64, 0x00, 0x11, 0x00, 0x00, 0x0f, 0x73, 0x6f,
0x6d, 0x65, 0x74, 0x68, 0x69, 0x6e, 0x67, 0x63,
0x6c, 0x65, 0x76, 0x65, 0x72, 0x01, 0x08, 0x82,
0x84, 0x8b, 0x96, 0x24, 0x30, 0x48, 0x6c, 0x03,
0x01, 0x01, 0x05, 0x04, 0x00, 0x01, 0x00, 0x00,
0x2a, 0x01, 0x05, 0x2f, 0x01, 0x05, 0x32, 0x04,
0x0c, 0x12, 0x18, 0x60, 0xdd, 0x05, 0x00, 0x10,
0x18, 0x01, 0x01, 0xdd, 0x16, 0x00, 0x50, 0xf2,
0x01, 0x01, 0x00, 0x00, 0x50, 0xf2, 0x02, 0x01,
0x00, 0x00, 0x50, 0xf2, 0x02, 0x01, 0x00, 0x00,
0x50, 0xf2, 0x02};
*/
// small fragmented WEP packet
/*
unsigned char packet[] = {
0x08, 0x45, 0xd5, 0x00, 0x00, 0x0f, 0x66, 0xe3,
0x76, 0x3b, 0x00, 0x02, 0x6f, 0x35, 0x73, 0x0f,
0x00, 0x0f, 0x66, 0xe3, 0xe4, 0x01, 0xa3, 0x4c,
0xa8, 0x34, 0x00, 0x00, 0xc4, 0x42, 0x86, 0x90,
0x4f, 0x76, 0xa5, 0x4d};
*/
/*
char packet[] = {
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
*/
lorcon_driver_t *drvlist, *dri;
char *driver = NULL, *interface = NULL;
int cnt = 1, delay = 0, ret = 0, c = 0, channel = 0, txcnt = 0;
lorcon_t *ctx;
while ((c = getopt(argc, argv, "n:i:d:c:s:")) != EOF) {
switch (c) {
case 's':
if (sscanf(optarg, "%d", &delay) != 1) {
fprintf(stderr, "%s: Illegal delay on cmd line\n", argv[0]);
usage();
return -1;
}
break;
case 'n':
if (sscanf(optarg, "%d", &cnt) != 1) {
fprintf(stderr, "%s: Illegal count on cmd line.\n", argv[0]);
usage();
return -1;
}
break;
case 'i':
interface = strdup(optarg);
break;
case 'd':
driver = strdup(optarg);
break;
case 'c':
if (sscanf(optarg, "%d", &channel) != 1) {
fprintf(stderr, "%s: Illegal channel on cmd line.\n", argv[0]);
usage();
return -1;
}
break;
default:
break;
}
}
if (interface == NULL) {
fprintf(stderr, "Must specify an interface\n");
usage();
return -1;
}
if (driver != NULL) {
dri = lorcon_find_driver(driver);
if (dri == NULL) {
fprintf(stderr, "Couldn't find driver %s for %s\n", driver,
interface);
usage();
return -1;
}
} else {
dri = lorcon_auto_driver(interface);
if (dri == NULL) {
fprintf(stderr, "Couldn't detect driver or no supported driver "
"for %s\n", interface);
return -1;
}
printf("Detected driver %s for %s\n", dri->name, interface);
}
if ((ctx = lorcon_create(interface, dri)) == NULL) {
fprintf(stderr, "Failed to create LORCON context for %s %s\n",
interface, dri->name);
return -1;
}
if (lorcon_open_injmon(ctx) < 0) {
fprintf(stderr, "Failed to open %s %s in injmon: %s\n",
lorcon_get_capiface(ctx), dri->name, lorcon_get_error(ctx));
return -1;
}
if (channel > 0) {
if (lorcon_set_channel(ctx, channel) < 0) {
fprintf(stderr, "Failed to set channel %d on %s %s: %s\n",
channel, lorcon_get_capiface(ctx), dri->name,
lorcon_get_error(ctx));
return -1;
}
}
/* Send the packets */
for (; cnt > 0; cnt--) {
ret = lorcon_send_bytes(ctx, sizeof(packet), packet);
if (ret < 0) {
fprintf(stderr, "Failed to transmit packet on %s %s: %s\n",
lorcon_get_capiface(ctx), dri->name,
lorcon_get_error(ctx));
return -1;
}
txcnt++;
if (delay > 0) {
usleep(delay);
}
}
printf("%d packets transmitted on %s %s channel %d.\n",
txcnt, lorcon_get_capiface(ctx), dri->name,
lorcon_get_channel(ctx));
lorcon_free(ctx);
return 0;
}
