-
Notifications
You must be signed in to change notification settings - Fork 20
/
Copy pathwifi_cust_tx.cpp
56 lines (52 loc) · 2.31 KB
/
wifi_cust_tx.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
#include "wifi_cust_tx.h"
/*
* Transmits a raw 802.11 frame with a given length.
* The frame must be valid and have a sequence number of 0 as it will be set automatically.
* The frame check sequence is added automatically and must not be included in the length.
* @param frame A pointer to the raw frame
* @param size The size of the frame
*/
void wifi_tx_raw_frame(void* frame, size_t length) {
void *ptr = (void *)**(uint32_t **)(rltk_wlan_info + 0x10);
void *frame_control = alloc_mgtxmitframe(ptr + 0xae0);
if (frame_control != 0) {
update_mgntframe_attrib(ptr, frame_control + 8);
memset((void *)*(uint32_t *)(frame_control + 0x80), 0, 0x68);
uint8_t *frame_data = (uint8_t *)*(uint32_t *)(frame_control + 0x80) + 0x28;
memcpy(frame_data, frame, length);
*(uint32_t *)(frame_control + 0x14) = length;
*(uint32_t *)(frame_control + 0x18) = length;
dump_mgntframe(ptr, frame_control);
}
}
/*
* Transmits a 802.11 deauth frame on the active channel
* @param src_mac An array of bytes containing the mac address of the sender. The array has to be 6 bytes in size
* @param dst_mac An array of bytes containing the destination mac address or FF:FF:FF:FF:FF:FF to broadcast the deauth
* @param reason A reason code according to the 802.11 spec. Optional
*/
void wifi_tx_deauth_frame(void* src_mac, void* dst_mac, uint16_t reason) {
DeauthFrame frame;
memcpy(&frame.source, src_mac, 6);
memcpy(&frame.access_point, src_mac, 6);
memcpy(&frame.destination, dst_mac, 6);
frame.reason = reason;
wifi_tx_raw_frame(&frame, sizeof(DeauthFrame));
}
/*
* Transmits a very basic 802.11 beacon with the given ssid on the active channel
* @param src_mac An array of bytes containing the mac address of the sender. The array has to be 6 bytes in size
* @param dst_mac An array of bytes containing the destination mac address or FF:FF:FF:FF:FF:FF to broadcast the beacon
* @param ssid '\0' terminated array of characters representing the SSID
*/
void wifi_tx_beacon_frame(void* src_mac, void* dst_mac, const char *ssid) {
BeaconFrame frame;
memcpy(&frame.source, src_mac, 6);
memcpy(&frame.access_point, src_mac, 6);
memcpy(&frame.destination, dst_mac, 6);
for (int i = 0; ssid[i] != '\0'; i++) {
frame.ssid[i] = ssid[i];
frame.ssid_length++;
}
wifi_tx_raw_frame(&frame, 38 + frame.ssid_length);
}