sniffer

main/CMakeLists.txt

@@ -1,2 +1,2 @@
-idf_component_register(SRCS "main.cpp"
+idf_component_register(SRCS "main.cpp" "wifi.cpp"
                     INCLUDE_DIRS "")

main/main.cpp

@@ -1,45 +1,53 @@
 #include "main.h"
+#include "wifi.h"
 
-#include <inttypes.h>
-#include <string.h>
 #include "sdkconfig.h"
+#include <esp_event.h>
+#include <esp_wifi.h>
 #include <freertos/FreeRTOS.h>
 #include <freertos/task.h>
-#include <esp_wifi.h>
-#include <esp_event.h>
+#include <inttypes.h>
+#include <string.h>
 
-constexpr size_t max_wifi_records = 64;
+void packet_callback(void *buf, wifi_promiscuous_pkt_type_t type) {
+  auto *pkt = (wifi_promiscuous_pkt_t *)buf;
+  auto *rx_ctrl = &pkt->rx_ctrl;
+  auto *frame = (mac_frame *)pkt->payload;
+  print_frame_control_type(frame->frame_control);
 
+  printf("rssi: %d\n"
+         "channel: %u\n"
+         "sig_len: %u\n",
+         rx_ctrl->rssi, rx_ctrl->channel, rx_ctrl->sig_len);
 
-extern "C" void app_main(void)
-{
-  esp_netif_init();
-  esp_event_loop_create_default();
-  auto* sta_netif = esp_netif_create_default_wifi_sta();
+  printf("duration: %u\n", frame->duration);
 
-  wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();
-  esp_wifi_init(&cfg);
+  printf("receiver: ");
+  print_mac_address(frame->receiver_address);
 
-  wifi_ap_record_t* wifi_records = new wifi_ap_record_t[max_wifi_records];
-  memset(wifi_records, 0, max_wifi_records * sizeof(wifi_records[0]));
+  printf("transmitter: ");
+  print_mac_address(frame->transmitter_address);
 
+  printf("destination: ");
+  print_mac_address(frame->destination_address);
 
-  esp_wifi_set_mode(WIFI_MODE_STA);
-  esp_wifi_start();
-  esp_wifi_scan_start(NULL, true);
+  printf("source: ");
+  print_mac_address(frame->source_address);
 
-  uint16_t num_wifi_records = max_wifi_records;
+  printf("\n\n\n");
+}
 
-  esp_wifi_scan_get_ap_records(&num_wifi_records, wifi_records);
-  printf("Found %d wifi access points\n", num_wifi_records);
-  for (uint16_t i = 0; i < num_wifi_records; i++) {
-    printf("SSID: %s\n", wifi_records[i].ssid);
-  }
+extern "C" void app_main(void) {
+  esp_netif_init();
+  esp_event_loop_create_default();
+  auto *sta_netif = esp_netif_create_default_wifi_sta();
 
-  delete[] wifi_records;
+  wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();
+  esp_wifi_init(&cfg);
 
-  vTaskDelay(1000 / portTICK_PERIOD_MS);
+  esp_wifi_set_mode(WIFI_MODE_STA);
+  esp_wifi_start();
 
-  esp_restart();
+  esp_wifi_set_promiscuous(true);
+  esp_wifi_set_promiscuous_rx_cb(packet_callback);
 }
-

main/main.h

@@ -1,2 +1 @@
 #pragma once
-

main/wifi.cpp

@@ -0,0 +1,231 @@
+#include "wifi.h"
+
+#include <stdio.h>
+
+static void print_management_subtype(my_frame_control &frame_control) {
+  printf("Type: Management Subtype: ");
+  switch (frame_control.subtype) {
+  case 0b0000:
+    printf("Association Request");
+    break;
+
+  case 0b0001:
+    printf("Association Response");
+    break;
+
+  case 0b0010:
+    printf("Reassociation Request");
+    break;
+
+  case 0b0011:
+    printf("Reassociation Response");
+    break;
+
+  case 0b0100:
+    printf("Probe Request");
+    break;
+
+  case 0b0101:
+    printf("Probe Response");
+    break;
+
+  case 0b0110:
+    printf("Timing Advertisement");
+    break;
+
+  case 0b0111:
+  case 0b1111:
+    printf("Reserved");
+    break;
+
+  case 0b1000:
+    printf("Beacon");
+    break;
+
+  case 0b1001:
+    printf("ATIM");
+    break;
+
+  case 0b1010:
+    printf("Disassociation");
+    break;
+
+  case 0b1011:
+    printf("Authentication");
+    break;
+
+  case 0b1100:
+    printf("Deauthentication");
+    break;
+
+  case 0b1101:
+    printf("Action");
+    break;
+
+  case 0b1110:
+    printf("Action No Ack");
+    break;
+  }
+
+  printf("\n");
+}
+
+static void print_control_subtype(my_frame_control &frame_control) {
+  printf("Type: Control Subtype: ");
+
+  switch (frame_control.subtype) {
+  case 0b0000:
+  case 0b0001:
+  case 0b0010:
+  case 0b1111:
+    printf("Reserved");
+    break;
+
+  case 0b0011:
+    printf("TACK");
+    break;
+
+  case 0b0100:
+    printf("Beamforming Report Poll");
+    break;
+
+  case 0b0101:
+    printf("VHT NDP Announcement");
+    break;
+
+  case 0b0110:
+    printf("Control Frame Extension");
+    break;
+
+  case 0b0111:
+    printf("Control Wrapper");
+    break;
+
+  case 0b1000:
+    printf("Block Ack Request");
+    break;
+
+  case 0b1001:
+    printf("Block Ack");
+    break;
+
+  case 0b1010:
+    printf("PS-Poll");
+    break;
+
+  case 0b1011:
+    printf("RTS");
+    break;
+
+  case 0b1100:
+    printf("CTS");
+    break;
+
+  case 0b1101:
+    printf("Ack");
+    break;
+
+  case 0b1110:
+    printf("CF-End");
+    break;
+  }
+
+  printf("\n");
+}
+
+static void print_data_subtype(my_frame_control &frame_control) {
+  printf("Type: Data Subtype: ");
+
+  switch (frame_control.subtype) {
+  case 0b0000:
+    printf("Data");
+    break;
+
+  case 0b0001:
+  case 0b0010:
+  case 0b0011:
+  case 0b0101:
+  case 0b0110:
+  case 0b0111:
+  case 0b1101:
+    printf("Reserved");
+    break;
+
+  case 0b0100:
+    printf("Null");
+    break;
+
+  case 0b1000:
+    printf("QoS Data");
+    break;
+
+  case 0b1001:
+    printf("QoS Data +CF-Ack");
+    break;
+
+  case 0b1010:
+    printf("QoS Data +CF-Poll");
+    break;
+
+  case 0b1011:
+    printf("QoS Data +CF-Ack +CF-Poll");
+    break;
+
+  case 0b1100:
+    printf("QoS Null");
+    break;
+
+  case 0b1110:
+    printf("QoS CF-Poll");
+    break;
+
+  case 0b1111:
+    printf("QoS CF-Ack +CF-Poll");
+    break;
+  }
+
+  printf("\n");
+}
+
+static void print_extension_subtype(my_frame_control &frame_control) {
+  printf("Type: Extension Subtype: ");
+
+  switch (frame_control.subtype) {
+  case 0b0000:
+    printf("DMG Beacon");
+    break;
+
+  case 0b0001:
+    printf("SIG Beacon");
+    break;
+
+  default:
+    printf("Reserved");
+    break;
+  }
+
+  printf("\n");
+}
+
+void print_frame_control_type(my_frame_control &frame_control) {
+  switch (frame_control.type) {
+  case frame_control_type::management:
+    print_management_subtype(frame_control);
+    break;
+  case frame_control_type::control:
+    print_control_subtype(frame_control);
+    break;
+  case frame_control_type::data:
+    print_data_subtype(frame_control);
+    break;
+  case frame_control_type::extension:
+    print_extension_subtype(frame_control);
+    break;
+  }
+}
+
+void print_mac_address(mac_address &address) {
+  printf("%02x:%02x:%02x:%02x:%02x:%02x\n", address.bytes[0], address.bytes[1],
+         address.bytes[2], address.bytes[3], address.bytes[4],
+         address.bytes[5]);
+}

main/wifi.h

@@ -0,0 +1,51 @@
+#pragma once
+
+#include <stdint.h>
+
+struct mac_address {
+  uint8_t bytes[6];
+} __attribute((packed));
+
+static_assert(sizeof(mac_address) == 6);
+
+enum class frame_control_type : uint8_t {
+  management = 0b00,
+  control = 0b01,
+  data = 0b10,
+  extension = 0b11,
+};
+
+struct my_frame_control {
+  uint8_t protocol_version : 2;
+  frame_control_type type : 2;
+  uint8_t subtype : 4;
+  uint16_t unknown : 8;
+} __attribute((packed));
+
+static_assert(sizeof(my_frame_control) == 2);
+
+struct mac_frame {
+  my_frame_control frame_control;
+  uint16_t duration;
+  mac_address receiver_address;
+  mac_address transmitter_address;
+  mac_address destination_address;
+  mac_address source_address;
+} __attribute((packed));
+
+void print_mac_address(mac_address &address);
+
+void print_frame_control_type(my_frame_control &frame_control);
+
+constexpr mac_address create_mac_address(uint8_t b1, uint8_t b2, uint8_t b3,
+                                         uint8_t b4, uint8_t b5, uint8_t b6) {
+  mac_address address;
+  address.bytes[0] = b1;
+  address.bytes[1] = b2;
+  address.bytes[2] = b3;
+  address.bytes[3] = b4;
+  address.bytes[4] = b5;
+  address.bytes[5] = b6;
+
+  return address;
+}