1 //Russ Handorf wrote most of this in a fit of rage.
2 //Mike, all the love in the world for putting up with me and my bad coding.
3 //Demo code pulled from LORCON man pages and examples (thanks Brad Antoniewicz!)
4 //Run this at your own peril. It's bad code. Honest.
13 #include <lorcon2/lorcon.h>
14 #include <lorcon2/lorcon_packasm.h>
19 printf("There's really only one option right now:\n");
20 printf("\t-i <int> \tInterface\n");
23 void random_ssid(char *ssid) {
25 srand(time(NULL) + getpid()); //replace me im shit: fopen /dev/urandom in rb mode then fread(in_mac, 6, 1, fileptr)
27 static const char alphanum[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 ";
29 for (i = 0; i < len; i++) {
30 ssid[i] = alphanum[rand() % (sizeof(alphanum) - 1)];
35 void random_mac(uint8_t mac[6]){
37 srand(time(NULL) + getpid()); //replace me im shit: fopen /dev/urandom in rb mode then fread(in_mac, 6, 1, fileptr)
39 for (i = 0; i < 6; i++) {
40 mac[i] = rand() % 256;
44 int main(int argc, char *argv[]) {
45 char *interface = NULL;
48 lorcon_driver_t *drvlist, *driver;
50 lcpa_metapack_t *metapack;
51 lorcon_packet_t *txpack;
52 uint8_t src_mac[6], dst_mac[6];
57 int capabilities = 0x0421;
61 long ms; // Milliseconds
65 int randompacket=rand()%3;
66 char *packettype="UNK";
68 while ((c = getopt(argc, argv, "i:h")) != EOF) {
71 interface = strdup(optarg);
80 if ( interface == NULL ) {
81 printf ("ERROR: Interface not set.\n");
86 if ( (driver = lorcon_auto_driver(interface)) == NULL) {
87 printf("[!] Could not determine the driver for %s\n",interface);
90 printf("[+]\t Driver: %s\n",driver->name);
94 if ((context = lorcon_create(interface, driver)) == NULL) {
95 printf("[!]\t Failed to create context");
99 if (lorcon_open_injmon(context) < 0) {
100 printf("[!]\t Could not create Monitor Mode interface!\n");
103 printf("[+]\t Monitor Mode VAP: %s\n",lorcon_get_vap(context));
104 lorcon_free_driver_list(driver);
108 int finalchannels[255];
109 int channels24[15]={0,1,2,3,4,5,6,7,8,9,10,11,12,13,14};
110 int channels52[10]={0,36,40,44,48,52,56,60,64};
111 int channels58[17]={0,100,104,108,112,116,120,124,128,132,136,140,149,153,157,161,165};
112 uint8_t rates[] = "\x8c\x12\x98\x24\xb0\x48\x60\x6c";
117 //technically, I dont need the loops below anymore, and can just go from 1 to the max since it all goes in the array anyways
118 //he said after recovering from mucinex dm
119 int chanmax=sizeof(channels24) / sizeof(int);
120 for (tmpchan=1; tmpchan<chanmax; tmpchan++) {
121 //printf("Setting channel %d\n", channels24[tmpchan]);
122 tmpcode = lorcon_set_channel(context,channels24[tmpchan]);
125 finalchannels[chancount]=channels24[tmpchan];
129 chanmax=sizeof(channels52) / sizeof(int);
130 for (tmpchan=1; tmpchan<chanmax; tmpchan++) {
131 tmpcode = lorcon_set_channel(context,channels52[tmpchan]);
134 finalchannels[chancount]=channels52[tmpchan];
138 chanmax=sizeof(channels58) / sizeof(int);
139 for (tmpchan=1; tmpchan<chanmax; tmpchan++) {
140 tmpcode = lorcon_set_channel(context,channels58[tmpchan]);
143 finalchannels[chancount]=channels58[tmpchan];
148 if (channels24[0]==1) {
149 printf("[+]\t Enabling 2.4\n");
151 printf("[+]\t DISABLING 2.4\n");
154 if (channels52[0]==1) {
155 printf("[+]\t Enabling 5.2\n");
157 printf("[+]\t DISABLING 5.2\n");
160 if (channels58[0]==1) {
161 printf("[+]\t Enabling 5.8\n");
163 printf("[+]\t DISABLING 5.8\n");
166 printf("[+]\t Enabling a total of %d channels\n", chancount);
169 srand(time(NULL) + getpid());
172 logs = fopen ("eventlogs.txt","w");
173 fprintf (logs,"TIME, TYPE, SRC MAC, DST MAC, CHANNEL, SSID\n");
177 clock_gettime(CLOCK_REALTIME, &spec);
179 ms = round(spec.tv_nsec / 1.0e6); // Convert nanoseconds to milliseconds
184 gettimeofday(&time2, NULL);
185 timestamp = time2.tv_sec * 1000000 + time2.tv_usec;
187 // Initialize the LORCON metapack
188 metapack = lcpa_init();
190 // Create a Beacon frame from 00:DE:AD:BE:EF:00
195 channel = finalchannels[rand() % (chancount)];
196 lorcon_set_channel(context,channel);
198 randompacket=rand()%3;
199 switch(randompacket) {
202 lcpf_beacon(metapack, src_mac, dst_mac, 0x00, 0x00, 0x00, 0x00, timestamp, interval, capabilities);
205 packettype="PROBE REQUEST";
206 lcpf_probereq(metapack, src_mac, 0x00, 0x00, 0x00, 0x00);
209 packettype="PROBE RESPONSE";
210 lcpf_proberesp(metapack, dst_mac, src_mac, src_mac, 0x00, 0x00, 0x00, 0x00, timestamp, interval, capabilities);
214 // Append IE Tag 0 for SSID
215 lcpf_add_ie(metapack, 0, strlen(ssid),ssid);
217 // Most of the following IE tags are not needed, but added here as examples
219 // Append IE Tag 1 for rates
220 lcpf_add_ie(metapack, 1, sizeof(rates)-1, rates);
222 // Append IE Tag 3 for Channel
223 lcpf_add_ie(metapack, 3, 1, &channel);
225 // Append IE Tags 42/47 for ERP Info
226 lcpf_add_ie(metapack, 42, 1, "\x05");
227 lcpf_add_ie(metapack, 47, 1, "\x05");
229 // Convert the LORCON metapack to a LORCON packet for sending
230 txpack = (lorcon_packet_t *) lorcon_packet_from_lcpa(context, metapack);
232 if ( lorcon_inject(context,txpack) < 0 )
235 usleep(interval * 1000);
238 fprintf(logs,"%"PRIdMAX".%03ld, %s, %02x:%02x:%02x:%02x:%02x:%02x, %02x:%02x:%02x:%02x:%02x:%02x, %d, %s\n", (intmax_t)s, ms, packettype, src_mac[0], src_mac[1], src_mac[2], src_mac[3], src_mac[4], src_mac[5], dst_mac[0], dst_mac[1], dst_mac[2], dst_mac[3], dst_mac[4], dst_mac[5], channel, ssid);
239 printf("[+] Src Mac: %02x:%02x:%02x:%02x:%02x:%02x Dst Mac: %02x:%02x:%02x:%02x:%02x:%02x C: %d Sent %d frames, Hit CTRL + C to stop...", src_mac[0], src_mac[1], src_mac[2], src_mac[3], src_mac[4], src_mac[5], dst_mac[0], dst_mac[1], dst_mac[2], dst_mac[3], dst_mac[4], dst_mac[5], channel, count);
249 lorcon_close(context);
250 lorcon_free(context);