void chanhop(struct timeval* tv) {
unsigned long elapsed = 0;
if (gettimeofday(tv, NULL) == -1)
die(1, "gettimeofday()");
elapsed = elapsed_ms(tv, &chaninfo.last_hop);
// need to chan hop
if (elapsed >= hopfreq) {
int c;
c = chaninfo.chan + 1;
if (c > 11)
c = 1;
set_chan(c);
elapsed = hopfreq;
}
// how much can we sleep?
else {
elapsed = hopfreq - elapsed;
}
// ok calculate sleeping time...
tv->tv_sec = elapsed/1000;
tv->tv_usec = (elapsed - tv->tv_sec*1000)*1000;
}
void setup_if(char *dev) {
struct ifreq ifr;
unsigned int flags;
// set chan
memset(&chaninfo.ireq, 0, sizeof(chaninfo.ireq));
strcpy(chaninfo.ireq.i_name, dev);
chaninfo.ireq.i_type = IEEE80211_IOC_CHANNEL;
set_chan(1);
// set iface up and promisc
memset(&ifr, 0, sizeof(ifr));
strcpy(ifr.ifr_name, dev);
if (ioctl(ioctl_s, SIOCGIFFLAGS, &ifr) == -1)
die(1, "ioctl(SIOCGIFFLAGS)");
flags = (ifr.ifr_flags & 0xffff) | (ifr.ifr_flagshigh << 16);
flags |= IFF_UP | IFF_PPROMISC;
memset(&ifr, 0, sizeof(ifr));
strcpy(ifr.ifr_name, dev);
ifr.ifr_flags = flags & 0xffff;
ifr.ifr_flagshigh = flags >> 16;
if (ioctl(ioctl_s, SIOCSIFFLAGS, &ifr) == -1)
die(1, "ioctl(SIOCSIFFLAGS)");
}
void user_input() {
static char chan[3];
static int pos = 0;
int c;
c = getch();
switch (c) {
case 'w':
save_state();
break;
case 'q':
cleanup(0);
break;
case 'c':
chaninfo.locked = !chaninfo.locked;
break;
case ERR:
die(0, "getch()");
break;
case '0':
case '1':
case '2':
case '3':
case '4':
case '5':
case '6':
case '7':
case '8':
case '9':
chan[pos++] = c;
if (pos == 2) {
int ch = atoi(chan);
if (ch <= 11 && ch >= 1) {
set_chan(atoi(chan));
chaninfo.locked = 1;
}
pos = 0;
}
break;
default:
pos = 0;
break;
}
}
int main(void)
{
shell_t shell;
const char *disco_addr = DISCO_ADDR;
port[0] = (uint8_t)DISCO_PORT;
port[1] = (uint8_t)(DISCO_PORT >> 8);
ng_ipv6_addr_from_str(&addr, disco_addr);
char buf[100];
ng_ipv6_addr_to_str(buf, &addr, 100);
printf("got address: %s\n", buf);
set_chan(DISCO_CHANNEL);
shell_init(&shell, shell_commands, STDIO_RX_BUFSIZE, getchar, putchar);
shell_run(&shell);
return 0;
}
static int get_victim_ssid(struct wstate *ws, struct ieee80211_frame* wh,
int len)
{
unsigned char* ptr;
int x;
int gots = 0, gotc = 0;
if (len <= (int) sizeof(*wh)) {
time_print("Warning: short packet in get_victim_ssid()\n");
return 0;
}
ptr = (unsigned char*)wh + sizeof(*wh);
len -= sizeof(*wh);
// only wep baby
if ( !(IEEE80211_BEACON_CAPABILITY(ptr) & IEEE80211_CAPINFO_PRIVACY)) {
return 0;
}
// we want a specific victim
if (ws->ws_victim_mac) {
if (memcmp(wh->i_addr3, ws->ws_victim_mac, 6) != 0)
return 0;
}
// beacon header
x = 8 + 2 + 2;
if (len <= x) {
time_print("Warning short.\n");
return 0;
}
ptr += x;
len -= x;
// SSID
while(len > 2) {
int eid, elen;
eid = *ptr;
ptr++;
elen = *ptr;
ptr++;
len -= 2;
if (len < elen) {
time_print("Warning short....\n");
return 0;
}
// ssid
if (eid == 0) {
if (ws->ws_ssid)
free(ws->ws_ssid);
ws->ws_ssid = (char*) malloc(elen + 1);
if (!ws->ws_ssid) {
perror("malloc()");
exit(1);
}
memcpy(ws->ws_ssid, ptr, elen);
ws->ws_ssid[elen] = 0;
gots = 1;
}
// chan
else if(eid == 3) {
if( elen != 1) {
time_print("Warning len of chan not 1\n");
return 0;
}
ws->ws_apchan = *ptr;
gotc = 1;
}
ptr += elen;
len -= elen;
}
if (gots && gotc) {
memcpy(ws->ws_bss, wh->i_addr3, 6);
set_chan(ws, ws->ws_apchan);
ws->ws_state = FOUND_VICTIM;
time_print("Found SSID(%s) BSS=(%s) chan=%d\n",
ws->ws_ssid, mac2str(ws->ws_bss), ws->ws_apchan);
return 1;
}
return 0;
}