From d9eef3618e5d1213bd3eead787dbc48ec2fa16b1 Mon Sep 17 00:00:00 2001 From: Russ Handorf Date: Tue, 1 Mar 2016 20:17:51 -0500 Subject: [PATCH] Haha, fixed some sillyness with the client in c. --- client-wifi/README | 8 +- client-wifi/disect5/Makefile | 14 - client-wifi/disect5/interface-setup.txt | 6 - client-wifi/disect5/platform.h | 23 -- client-wifi/disect5/radiotap.c | 396 ------------------------ client-wifi/disect5/radiotap.h | 290 ----------------- client-wifi/disect5/radiotap_iter.h | 96 ------ client-wifi/disect5/soho-sigint-wifi.c | 245 --------------- client-wifi/kismet.pl | 94 ------ client-wifi/ssh.sh | 3 - 10 files changed, 7 insertions(+), 1168 deletions(-) delete mode 100644 client-wifi/disect5/Makefile delete mode 100644 client-wifi/disect5/interface-setup.txt delete mode 100644 client-wifi/disect5/platform.h delete mode 100644 client-wifi/disect5/radiotap.c delete mode 100644 client-wifi/disect5/radiotap.h delete mode 100644 client-wifi/disect5/radiotap_iter.h delete mode 100644 client-wifi/disect5/soho-sigint-wifi.c delete mode 100755 client-wifi/kismet.pl delete mode 100755 client-wifi/ssh.sh diff --git a/client-wifi/README b/client-wifi/README index a89d47d..d77e5ec 100644 --- a/client-wifi/README +++ b/client-wifi/README @@ -1,5 +1,11 @@ Step 1 - Give dragorn a big hug : http://kismetwireless.net/ -Step 2 - Compile the latest kismet from scratch + +Step 2a - Instructions below + client-c : This is the client that you should try to compile and use. You will need libpcap, curl and json. + apt-get install build-essential libssl-dev libjson-c-dev libcurl4-openssl-dev libpcap-dev + If that fails, go to Step 2b. + +Step 2b - Compile the latest kismet from scratch Step 3 - Plug in your USB Wifi Adapter Step 4 - Make sure you have the Kismet Perl Client modules installed (perl -MCPAN -e 'install Net::Kismet') Step 5 - Create a SSH private key and push it onto the webserver diff --git a/client-wifi/disect5/Makefile b/client-wifi/disect5/Makefile deleted file mode 100644 index 4f6961a..0000000 --- a/client-wifi/disect5/Makefile +++ /dev/null @@ -1,14 +0,0 @@ -CFLAGS= -std=gnu99 -DEPS = endian.h -LIBS=$(LDFLAGS) -L. -lpcap -OBJ = soho-sigint-wifi.o radiotap.o - -%.o: %.c $(DEPS) - $(CC) -c -o $@ $< - -soho-sigint-wifi: $(OBJ) - $(CC) -o $@ $^ $(CFLAGS) $(LIBS) - -clean: - rm -rf *.o - rm -rf soho-sigint-wifi diff --git a/client-wifi/disect5/interface-setup.txt b/client-wifi/disect5/interface-setup.txt deleted file mode 100644 index 17e7045..0000000 --- a/client-wifi/disect5/interface-setup.txt +++ /dev/null @@ -1,6 +0,0 @@ -iw phy phy0 interface add mon0 type monitor -iw dev wlan0 del -ifconfig mon0 up -iw dev mon0 set freq 2412 -iw dev mon0 set freq 2437 -iw dev mon0 set freq 2462 diff --git a/client-wifi/disect5/platform.h b/client-wifi/disect5/platform.h deleted file mode 100644 index 980fe6f..0000000 --- a/client-wifi/disect5/platform.h +++ /dev/null @@ -1,23 +0,0 @@ -#include -#include -#ifndef _BSD_SOURCE -#define _BSD_SOURCE -#endif -#ifdef __FreeBSD__ - #include -#else - #include -#endif - -#define le16_to_cpu le16toh -#define le32_to_cpu le32toh -#define get_unaligned(p) \ -({ \ - struct packed_dummy_struct { \ - typeof(*(p)) __val; \ - } __attribute__((packed)) *__ptr = (void *) (p); \ - \ - __ptr->__val; \ -}) -#define get_unaligned_le16(p) le16_to_cpu(get_unaligned((uint16_t *)(p))) -#define get_unaligned_le32(p) le32_to_cpu(get_unaligned((uint32_t *)(p))) diff --git a/client-wifi/disect5/radiotap.c b/client-wifi/disect5/radiotap.c deleted file mode 100644 index 8827a86..0000000 --- a/client-wifi/disect5/radiotap.c +++ /dev/null @@ -1,396 +0,0 @@ -/* - * Radiotap parser - * - * Copyright 2007 Andy Green - * Copyright 2009 Johannes Berg - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as - * published by the Free Software Foundation. - * - * Alternatively, this software may be distributed under the terms of BSD - * license. - * - * See COPYING for more details. - */ -#include "radiotap_iter.h" -#include "platform.h" -#if defined(ANDROID) || defined(__ANDROID__) - #include "../byteorder.h" -#endif - -/* function prototypes and related defs are in radiotap_iter.h */ - -static const struct radiotap_align_size rtap_namespace_sizes[] = { - [IEEE80211_RADIOTAP_TSFT] = { .align = 8, .size = 8, }, - [IEEE80211_RADIOTAP_FLAGS] = { .align = 1, .size = 1, }, - [IEEE80211_RADIOTAP_RATE] = { .align = 1, .size = 1, }, - [IEEE80211_RADIOTAP_CHANNEL] = { .align = 2, .size = 4, }, - [IEEE80211_RADIOTAP_FHSS] = { .align = 2, .size = 2, }, - [IEEE80211_RADIOTAP_DBM_ANTSIGNAL] = { .align = 1, .size = 1, }, - [IEEE80211_RADIOTAP_DBM_ANTNOISE] = { .align = 1, .size = 1, }, - [IEEE80211_RADIOTAP_LOCK_QUALITY] = { .align = 2, .size = 2, }, - [IEEE80211_RADIOTAP_TX_ATTENUATION] = { .align = 2, .size = 2, }, - [IEEE80211_RADIOTAP_DB_TX_ATTENUATION] = { .align = 2, .size = 2, }, - [IEEE80211_RADIOTAP_DBM_TX_POWER] = { .align = 1, .size = 1, }, - [IEEE80211_RADIOTAP_ANTENNA] = { .align = 1, .size = 1, }, - [IEEE80211_RADIOTAP_DB_ANTSIGNAL] = { .align = 1, .size = 1, }, - [IEEE80211_RADIOTAP_DB_ANTNOISE] = { .align = 1, .size = 1, }, - [IEEE80211_RADIOTAP_RX_FLAGS] = { .align = 2, .size = 2, }, - [IEEE80211_RADIOTAP_TX_FLAGS] = { .align = 2, .size = 2, }, - [IEEE80211_RADIOTAP_RTS_RETRIES] = { .align = 1, .size = 1, }, - [IEEE80211_RADIOTAP_DATA_RETRIES] = { .align = 1, .size = 1, }, - [IEEE80211_RADIOTAP_MCS] = { .align = 1, .size = 3, }, - [IEEE80211_RADIOTAP_AMPDU_STATUS] = { .align = 4, .size = 8, }, - /* - * add more here as they are defined in radiotap.h - */ -}; - -static const struct ieee80211_radiotap_namespace radiotap_ns = { - .n_bits = sizeof(rtap_namespace_sizes) / sizeof(rtap_namespace_sizes[0]), - .align_size = rtap_namespace_sizes, -}; - -/** - * ieee80211_radiotap_iterator_init - radiotap parser iterator initialization - * @iterator: radiotap_iterator to initialize - * @radiotap_header: radiotap header to parse - * @max_length: total length we can parse into (eg, whole packet length) - * - * Returns: 0 or a negative error code if there is a problem. - * - * This function initializes an opaque iterator struct which can then - * be passed to ieee80211_radiotap_iterator_next() to visit every radiotap - * argument which is present in the header. It knows about extended - * present headers and handles them. - * - * How to use: - * call __ieee80211_radiotap_iterator_init() to init a semi-opaque iterator - * struct ieee80211_radiotap_iterator (no need to init the struct beforehand) - * checking for a good 0 return code. Then loop calling - * __ieee80211_radiotap_iterator_next()... it returns either 0, - * -ENOENT if there are no more args to parse, or -EINVAL if there is a problem. - * The iterator's @this_arg member points to the start of the argument - * associated with the current argument index that is present, which can be - * found in the iterator's @this_arg_index member. This arg index corresponds - * to the IEEE80211_RADIOTAP_... defines. - * - * Radiotap header length: - * You can find the CPU-endian total radiotap header length in - * iterator->max_length after executing ieee80211_radiotap_iterator_init() - * successfully. - * - * Alignment Gotcha: - * You must take care when dereferencing iterator.this_arg - * for multibyte types... the pointer is not aligned. Use - * get_unaligned((type *)iterator.this_arg) to dereference - * iterator.this_arg for type "type" safely on all arches. - * - * Example code: parse.c - */ - -int ieee80211_radiotap_iterator_init( - struct ieee80211_radiotap_iterator *iterator, - struct ieee80211_radiotap_header *radiotap_header, - int max_length, const struct ieee80211_radiotap_vendor_namespaces *vns) -{ - /* must at least have the radiotap header */ - if (max_length < (int)sizeof(struct ieee80211_radiotap_header)) - return -EINVAL; - - /* Linux only supports version 0 radiotap format */ - if (radiotap_header->it_version) - return -EINVAL; - - /* sanity check for allowed length and radiotap length field */ - if (max_length < get_unaligned_le16(&radiotap_header->it_len)) - return -EINVAL; - - iterator->_rtheader = radiotap_header; - iterator->_max_length = get_unaligned_le16(&radiotap_header->it_len); - iterator->_arg_index = 0; - iterator->_bitmap_shifter = get_unaligned_le32(&radiotap_header->it_present); - iterator->_arg = (uint8_t *)radiotap_header + sizeof(*radiotap_header); - iterator->_reset_on_ext = 0; - iterator->_next_bitmap = &radiotap_header->it_present; - iterator->_next_bitmap++; - iterator->_vns = vns; - iterator->current_namespace = &radiotap_ns; - iterator->is_radiotap_ns = 1; -#ifdef RADIOTAP_SUPPORT_OVERRIDES - iterator->n_overrides = 0; - iterator->overrides = NULL; -#endif - - /* find payload start allowing for extended bitmap(s) */ - - if (iterator->_bitmap_shifter & (1<_arg - - (unsigned long)iterator->_rtheader + sizeof(uint32_t) > - (unsigned long)iterator->_max_length) - return -EINVAL; - while (get_unaligned_le32(iterator->_arg) & - (1 << IEEE80211_RADIOTAP_EXT)) { - iterator->_arg += sizeof(uint32_t); - - /* - * check for insanity where the present bitmaps - * keep claiming to extend up to or even beyond the - * stated radiotap header length - */ - - if ((unsigned long)iterator->_arg - - (unsigned long)iterator->_rtheader + - sizeof(uint32_t) > - (unsigned long)iterator->_max_length) - return -EINVAL; - } - - iterator->_arg += sizeof(uint32_t); - - /* - * no need to check again for blowing past stated radiotap - * header length, because ieee80211_radiotap_iterator_next - * checks it before it is dereferenced - */ - } - - iterator->this_arg = iterator->_arg; - - /* we are all initialized happily */ - - return 0; -} - -static void find_ns(struct ieee80211_radiotap_iterator *iterator, - uint32_t oui, uint8_t subns) -{ - int i; - - iterator->current_namespace = NULL; - - if (!iterator->_vns) - return; - - for (i = 0; i < iterator->_vns->n_ns; i++) { - if (iterator->_vns->ns[i].oui != oui) - continue; - if (iterator->_vns->ns[i].subns != subns) - continue; - - iterator->current_namespace = &iterator->_vns->ns[i]; - break; - } -} - -#ifdef RADIOTAP_SUPPORT_OVERRIDES -static int find_override(struct ieee80211_radiotap_iterator *iterator, - int *align, int *size) -{ - int i; - - if (!iterator->overrides) - return 0; - - for (i = 0; i < iterator->n_overrides; i++) { - if (iterator->_arg_index == iterator->overrides[i].field) { - *align = iterator->overrides[i].align; - *size = iterator->overrides[i].size; - if (!*align) /* erroneous override */ - return 0; - return 1; - } - } - - return 0; -} -#endif - - -/** - * ieee80211_radiotap_iterator_next - return next radiotap parser iterator arg - * @iterator: radiotap_iterator to move to next arg (if any) - * - * Returns: 0 if there is an argument to handle, - * -ENOENT if there are no more args or -EINVAL - * if there is something else wrong. - * - * This function provides the next radiotap arg index (IEEE80211_RADIOTAP_*) - * in @this_arg_index and sets @this_arg to point to the - * payload for the field. It takes care of alignment handling and extended - * present fields. @this_arg can be changed by the caller (eg, - * incremented to move inside a compound argument like - * IEEE80211_RADIOTAP_CHANNEL). The args pointed to are in - * little-endian format whatever the endianess of your CPU. - * - * Alignment Gotcha: - * You must take care when dereferencing iterator.this_arg - * for multibyte types... the pointer is not aligned. Use - * get_unaligned((type *)iterator.this_arg) to dereference - * iterator.this_arg for type "type" safely on all arches. - */ - -int ieee80211_radiotap_iterator_next( - struct ieee80211_radiotap_iterator *iterator) -{ - while (1) { - int hit = 0; - int pad, align, size, subns; - uint32_t oui; - - /* if no more EXT bits, that's it */ - if ((iterator->_arg_index % 32) == IEEE80211_RADIOTAP_EXT && - !(iterator->_bitmap_shifter & 1)) - return -ENOENT; - - if (!(iterator->_bitmap_shifter & 1)) - goto next_entry; /* arg not present */ - - /* get alignment/size of data */ - switch (iterator->_arg_index % 32) { - case IEEE80211_RADIOTAP_RADIOTAP_NAMESPACE: - case IEEE80211_RADIOTAP_EXT: - align = 1; - size = 0; - break; - case IEEE80211_RADIOTAP_VENDOR_NAMESPACE: - align = 2; - size = 6; - break; - default: -#ifdef RADIOTAP_SUPPORT_OVERRIDES - if (find_override(iterator, &align, &size)) { - /* all set */ - } else -#endif - if (!iterator->current_namespace || - iterator->_arg_index >= iterator->current_namespace->n_bits) { - if (iterator->current_namespace == &radiotap_ns) - return -ENOENT; - align = 0; - } else { - align = iterator->current_namespace->align_size[iterator->_arg_index].align; - size = iterator->current_namespace->align_size[iterator->_arg_index].size; - } - if (!align) { - /* skip all subsequent data */ - iterator->_arg = iterator->_next_ns_data; - /* give up on this namespace */ - iterator->current_namespace = NULL; - goto next_entry; - } - break; - } - - /* - * arg is present, account for alignment padding - * - * Note that these alignments are relative to the start - * of the radiotap header. There is no guarantee - * that the radiotap header itself is aligned on any - * kind of boundary. - * - * The above is why get_unaligned() is used to dereference - * multibyte elements from the radiotap area. - */ - - pad = ((unsigned long)iterator->_arg - - (unsigned long)iterator->_rtheader) & (align - 1); - - if (pad) - iterator->_arg += align - pad; - - if (iterator->_arg_index % 32 == IEEE80211_RADIOTAP_VENDOR_NAMESPACE) { - int vnslen; - - if ((unsigned long)iterator->_arg + size - - (unsigned long)iterator->_rtheader > - (unsigned long)iterator->_max_length) - return -EINVAL; - - oui = (*iterator->_arg << 16) | - (*(iterator->_arg + 1) << 8) | - *(iterator->_arg + 2); - subns = *(iterator->_arg + 3); - - find_ns(iterator, oui, subns); - - vnslen = get_unaligned_le16(iterator->_arg + 4); - iterator->_next_ns_data = iterator->_arg + size + vnslen; - if (!iterator->current_namespace) - size += vnslen; - } - - /* - * this is what we will return to user, but we need to - * move on first so next call has something fresh to test - */ - iterator->this_arg_index = iterator->_arg_index; - iterator->this_arg = iterator->_arg; - iterator->this_arg_size = size; - - /* internally move on the size of this arg */ - iterator->_arg += size; - - /* - * check for insanity where we are given a bitmap that - * claims to have more arg content than the length of the - * radiotap section. We will normally end up equalling this - * max_length on the last arg, never exceeding it. - */ - - if ((unsigned long)iterator->_arg - - (unsigned long)iterator->_rtheader > - (unsigned long)iterator->_max_length) - return -EINVAL; - - /* these special ones are valid in each bitmap word */ - switch (iterator->_arg_index % 32) { - case IEEE80211_RADIOTAP_VENDOR_NAMESPACE: - iterator->_reset_on_ext = 1; - - iterator->is_radiotap_ns = 0; - /* - * If parser didn't register this vendor - * namespace with us, allow it to show it - * as 'raw. Do do that, set argument index - * to vendor namespace. - */ - iterator->this_arg_index = - IEEE80211_RADIOTAP_VENDOR_NAMESPACE; - if (!iterator->current_namespace) - hit = 1; - goto next_entry; - case IEEE80211_RADIOTAP_RADIOTAP_NAMESPACE: - iterator->_reset_on_ext = 1; - iterator->current_namespace = &radiotap_ns; - iterator->is_radiotap_ns = 1; - goto next_entry; - case IEEE80211_RADIOTAP_EXT: - /* - * bit 31 was set, there is more - * -- move to next u32 bitmap - */ - iterator->_bitmap_shifter = - get_unaligned_le32(iterator->_next_bitmap); - iterator->_next_bitmap++; - if (iterator->_reset_on_ext) - iterator->_arg_index = 0; - else - iterator->_arg_index++; - iterator->_reset_on_ext = 0; - break; - default: - /* we've got a hit! */ - hit = 1; - next_entry: - iterator->_bitmap_shifter >>= 1; - iterator->_arg_index++; - } - - /* if we found a valid arg earlier, return it now */ - if (hit) - return 0; - } -} diff --git a/client-wifi/disect5/radiotap.h b/client-wifi/disect5/radiotap.h deleted file mode 100644 index fb5ea68..0000000 --- a/client-wifi/disect5/radiotap.h +++ /dev/null @@ -1,290 +0,0 @@ -/*- - * Copyright (c) 2003, 2004 David Young. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of David Young may not be used to endorse or promote - * products derived from this software without specific prior - * written permission. - * - * THIS SOFTWARE IS PROVIDED BY DAVID YOUNG ``AS IS'' AND ANY - * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, - * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A - * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL DAVID - * YOUNG BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND - * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY - * OF SUCH DAMAGE. - */ - -/* - * Modifications to fit into the linux IEEE 802.11 stack, - * Mike Kershaw (dragorn@kismetwireless.net) - */ - -#ifndef IEEE80211RADIOTAP_H -#define IEEE80211RADIOTAP_H - -#include - -/* Base version of the radiotap packet header data */ -#define PKTHDR_RADIOTAP_VERSION 0 - -/* A generic radio capture format is desirable. There is one for - * Linux, but it is neither rigidly defined (there were not even - * units given for some fields) nor easily extensible. - * - * I suggest the following extensible radio capture format. It is - * based on a bitmap indicating which fields are present. - * - * I am trying to describe precisely what the application programmer - * should expect in the following, and for that reason I tell the - * units and origin of each measurement (where it applies), or else I - * use sufficiently weaselly language ("is a monotonically nondecreasing - * function of...") that I cannot set false expectations for lawyerly - * readers. - */ - -/* The radio capture header precedes the 802.11 header. - * All data in the header is little endian on all platforms. - */ -struct ieee80211_radiotap_header { - uint8_t it_version; /* Version 0. Only increases - * for drastic changes, - * introduction of compatible - * new fields does not count. - */ - uint8_t it_pad; - uint16_t it_len; /* length of the whole - * header in bytes, including - * it_version, it_pad, - * it_len, and data fields. - */ - uint32_t it_present; /* A bitmap telling which - * fields are present. Set bit 31 - * (0x80000000) to extend the - * bitmap by another 32 bits. - * Additional extensions are made - * by setting bit 31. - */ -}; - -/* Name Data type Units - * ---- --------- ----- - * - * IEEE80211_RADIOTAP_TSFT __le64 microseconds - * - * Value in microseconds of the MAC's 64-bit 802.11 Time - * Synchronization Function timer when the first bit of the - * MPDU arrived at the MAC. For received frames, only. - * - * IEEE80211_RADIOTAP_CHANNEL 2 x uint16_t MHz, bitmap - * - * Tx/Rx frequency in MHz, followed by flags (see below). - * - * IEEE80211_RADIOTAP_FHSS uint16_t see below - * - * For frequency-hopping radios, the hop set (first byte) - * and pattern (second byte). - * - * IEEE80211_RADIOTAP_RATE u8 500kb/s - * - * Tx/Rx data rate - * - * IEEE80211_RADIOTAP_DBM_ANTSIGNAL s8 decibels from - * one milliwatt (dBm) - * - * RF signal power at the antenna, decibel difference from - * one milliwatt. - * - * IEEE80211_RADIOTAP_DBM_ANTNOISE s8 decibels from - * one milliwatt (dBm) - * - * RF noise power at the antenna, decibel difference from one - * milliwatt. - * - * IEEE80211_RADIOTAP_DB_ANTSIGNAL u8 decibel (dB) - * - * RF signal power at the antenna, decibel difference from an - * arbitrary, fixed reference. - * - * IEEE80211_RADIOTAP_DB_ANTNOISE u8 decibel (dB) - * - * RF noise power at the antenna, decibel difference from an - * arbitrary, fixed reference point. - * - * IEEE80211_RADIOTAP_LOCK_QUALITY uint16_t unitless - * - * Quality of Barker code lock. Unitless. Monotonically - * nondecreasing with "better" lock strength. Called "Signal - * Quality" in datasheets. (Is there a standard way to measure - * this?) - * - * IEEE80211_RADIOTAP_TX_ATTENUATION uint16_t unitless - * - * Transmit power expressed as unitless distance from max - * power set at factory calibration. 0 is max power. - * Monotonically nondecreasing with lower power levels. - * - * IEEE80211_RADIOTAP_DB_TX_ATTENUATION uint16_t decibels (dB) - * - * Transmit power expressed as decibel distance from max power - * set at factory calibration. 0 is max power. Monotonically - * nondecreasing with lower power levels. - * - * IEEE80211_RADIOTAP_DBM_TX_POWER s8 decibels from - * one milliwatt (dBm) - * - * Transmit power expressed as dBm (decibels from a 1 milliwatt - * reference). This is the absolute power level measured at - * the antenna port. - * - * IEEE80211_RADIOTAP_FLAGS u8 bitmap - * - * Properties of transmitted and received frames. See flags - * defined below. - * - * IEEE80211_RADIOTAP_ANTENNA u8 antenna index - * - * Unitless indication of the Rx/Tx antenna for this packet. - * The first antenna is antenna 0. - * - * IEEE80211_RADIOTAP_RX_FLAGS uint16_t bitmap - * - * Properties of received frames. See flags defined below. - * - * IEEE80211_RADIOTAP_TX_FLAGS uint16_t bitmap - * - * Properties of transmitted frames. See flags defined below. - * - * IEEE80211_RADIOTAP_RTS_RETRIES u8 data - * - * Number of rts retries a transmitted frame used. - * - * IEEE80211_RADIOTAP_DATA_RETRIES u8 data - * - * Number of unicast retries a transmitted frame used. - * - * IEEE80211_RADIOTAP_MCS u8, u8, u8 unitless - * - * Contains a bitmap of known fields/flags, the flags, and - * the MCS index. - * - * IEEE80211_RADIOTAP_AMPDU_STATUS u32, u16, u8, u8 unitlesss - * - * Contains the AMPDU information for the subframe. - */ -enum ieee80211_radiotap_type { - IEEE80211_RADIOTAP_TSFT = 0, - IEEE80211_RADIOTAP_FLAGS = 1, - IEEE80211_RADIOTAP_RATE = 2, - IEEE80211_RADIOTAP_CHANNEL = 3, - IEEE80211_RADIOTAP_FHSS = 4, - IEEE80211_RADIOTAP_DBM_ANTSIGNAL = 5, - IEEE80211_RADIOTAP_DBM_ANTNOISE = 6, - IEEE80211_RADIOTAP_LOCK_QUALITY = 7, - IEEE80211_RADIOTAP_TX_ATTENUATION = 8, - IEEE80211_RADIOTAP_DB_TX_ATTENUATION = 9, - IEEE80211_RADIOTAP_DBM_TX_POWER = 10, - IEEE80211_RADIOTAP_ANTENNA = 11, - IEEE80211_RADIOTAP_DB_ANTSIGNAL = 12, - IEEE80211_RADIOTAP_DB_ANTNOISE = 13, - IEEE80211_RADIOTAP_RX_FLAGS = 14, - IEEE80211_RADIOTAP_TX_FLAGS = 15, - IEEE80211_RADIOTAP_RTS_RETRIES = 16, - IEEE80211_RADIOTAP_DATA_RETRIES = 17, - - IEEE80211_RADIOTAP_MCS = 19, - IEEE80211_RADIOTAP_AMPDU_STATUS = 20, - - /* valid in every it_present bitmap, even vendor namespaces */ - IEEE80211_RADIOTAP_RADIOTAP_NAMESPACE = 29, - IEEE80211_RADIOTAP_VENDOR_NAMESPACE = 30, - IEEE80211_RADIOTAP_EXT = 31 -}; - -/* Channel flags. */ -#define IEEE80211_CHAN_TURBO 0x0010 /* Turbo channel */ -#define IEEE80211_CHAN_CCK 0x0020 /* CCK channel */ -#define IEEE80211_CHAN_OFDM 0x0040 /* OFDM channel */ -#define IEEE80211_CHAN_2GHZ 0x0080 /* 2 GHz spectrum channel. */ -#define IEEE80211_CHAN_5GHZ 0x0100 /* 5 GHz spectrum channel */ -#define IEEE80211_CHAN_PASSIVE 0x0200 /* Only passive scan allowed */ -#define IEEE80211_CHAN_DYN 0x0400 /* Dynamic CCK-OFDM channel */ -#define IEEE80211_CHAN_GFSK 0x0800 /* GFSK channel (FHSS PHY) */ - -/* For IEEE80211_RADIOTAP_FLAGS */ -#define IEEE80211_RADIOTAP_F_CFP 0x01 /* sent/received - * during CFP - */ -#define IEEE80211_RADIOTAP_F_SHORTPRE 0x02 /* sent/received - * with short - * preamble - */ -#define IEEE80211_RADIOTAP_F_WEP 0x04 /* sent/received - * with WEP encryption - */ -#define IEEE80211_RADIOTAP_F_FRAG 0x08 /* sent/received - * with fragmentation - */ -#define IEEE80211_RADIOTAP_F_FCS 0x10 /* frame includes FCS */ -#define IEEE80211_RADIOTAP_F_DATAPAD 0x20 /* frame has padding between - * 802.11 header and payload - * (to 32-bit boundary) - */ -#define IEEE80211_RADIOTAP_F_BADFCS 0x40 /* frame failed FCS check */ - -/* For IEEE80211_RADIOTAP_RX_FLAGS */ -#define IEEE80211_RADIOTAP_F_RX_BADPLCP 0x0002 /* bad PLCP */ - -/* For IEEE80211_RADIOTAP_TX_FLAGS */ -#define IEEE80211_RADIOTAP_F_TX_FAIL 0x0001 /* failed due to excessive - * retries */ -#define IEEE80211_RADIOTAP_F_TX_CTS 0x0002 /* used cts 'protection' */ -#define IEEE80211_RADIOTAP_F_TX_RTS 0x0004 /* used rts/cts handshake */ - -/* For IEEE80211_RADIOTAP_AMPDU_STATUS */ -#define IEEE80211_RADIOTAP_AMPDU_REPORT_ZEROLEN 0x0001 -#define IEEE80211_RADIOTAP_AMPDU_IS_ZEROLEN 0x0002 -#define IEEE80211_RADIOTAP_AMPDU_LAST_KNOWN 0x0004 -#define IEEE80211_RADIOTAP_AMPDU_IS_LAST 0x0008 -#define IEEE80211_RADIOTAP_AMPDU_DELIM_CRC_ERR 0x0010 -#define IEEE80211_RADIOTAP_AMPDU_DELIM_CRC_KNOWN 0x0020 - -/* For IEEE80211_RADIOTAP_MCS */ -#define IEEE80211_RADIOTAP_MCS_HAVE_BW 0x01 -#define IEEE80211_RADIOTAP_MCS_HAVE_MCS 0x02 -#define IEEE80211_RADIOTAP_MCS_HAVE_GI 0x04 -#define IEEE80211_RADIOTAP_MCS_HAVE_FMT 0x08 -#define IEEE80211_RADIOTAP_MCS_HAVE_FEC 0x10 -#define IEEE80211_RADIOTAP_MCS_HAVE_STBC 0x20 -#define IEEE80211_RADIOTAP_MCS_HAVE_NESS 0x40 -#define IEEE80211_RADIOTAP_MCS_NESS_BIT1 0x80 - - -#define IEEE80211_RADIOTAP_MCS_BW_MASK 0x03 -#define IEEE80211_RADIOTAP_MCS_BW_20 0 -#define IEEE80211_RADIOTAP_MCS_BW_40 1 -#define IEEE80211_RADIOTAP_MCS_BW_20L 2 -#define IEEE80211_RADIOTAP_MCS_BW_20U 3 -#define IEEE80211_RADIOTAP_MCS_SGI 0x04 -#define IEEE80211_RADIOTAP_MCS_FMT_GF 0x08 -#define IEEE80211_RADIOTAP_MCS_FEC_LDPC 0x10 -#define IEEE80211_RADIOTAP_MCS_STBC_MASK 0x60 -#define IEEE80211_RADIOTAP_MCS_STBC_SHIFT 5 -#define IEEE80211_RADIOTAP_MCS_STBC_1 1 -#define IEEE80211_RADIOTAP_MCS_STBC_2 2 -#define IEEE80211_RADIOTAP_MCS_STBC_3 3 -#define IEEE80211_RADIOTAP_MCS_NESS_BIT0 0x80 - -#endif /* IEEE80211_RADIOTAP_H */ diff --git a/client-wifi/disect5/radiotap_iter.h b/client-wifi/disect5/radiotap_iter.h deleted file mode 100644 index 5ee4cfb..0000000 --- a/client-wifi/disect5/radiotap_iter.h +++ /dev/null @@ -1,96 +0,0 @@ -#ifndef __RADIOTAP_ITER_H -#define __RADIOTAP_ITER_H - -#include -#include "radiotap.h" - -/* Radiotap header iteration - * implemented in radiotap.c - */ - -struct radiotap_override { - uint8_t field; - uint8_t align:4, size:4; -}; - -struct radiotap_align_size { - uint8_t align:4, size:4; -}; - -struct ieee80211_radiotap_namespace { - const struct radiotap_align_size *align_size; - int n_bits; - uint32_t oui; - uint8_t subns; -}; - -struct ieee80211_radiotap_vendor_namespaces { - const struct ieee80211_radiotap_namespace *ns; - int n_ns; -}; - -/** - * struct ieee80211_radiotap_iterator - tracks walk thru present radiotap args - * @this_arg_index: index of current arg, valid after each successful call - * to ieee80211_radiotap_iterator_next() - * @this_arg: pointer to current radiotap arg; it is valid after each - * call to ieee80211_radiotap_iterator_next() but also after - * ieee80211_radiotap_iterator_init() where it will point to - * the beginning of the actual data portion - * @this_arg_size: length of the current arg, for convenience - * @current_namespace: pointer to the current namespace definition - * (or internally %NULL if the current namespace is unknown) - * @is_radiotap_ns: indicates whether the current namespace is the default - * radiotap namespace or not - * - * @overrides: override standard radiotap fields - * @n_overrides: number of overrides - * - * @_rtheader: pointer to the radiotap header we are walking through - * @_max_length: length of radiotap header in cpu byte ordering - * @_arg_index: next argument index - * @_arg: next argument pointer - * @_next_bitmap: internal pointer to next present u32 - * @_bitmap_shifter: internal shifter for curr u32 bitmap, b0 set == arg present - * @_vns: vendor namespace definitions - * @_next_ns_data: beginning of the next namespace's data - * @_reset_on_ext: internal; reset the arg index to 0 when going to the - * next bitmap word - * - * Describes the radiotap parser state. Fields prefixed with an underscore - * must not be used by users of the parser, only by the parser internally. - */ - -struct ieee80211_radiotap_iterator { - struct ieee80211_radiotap_header *_rtheader; - const struct ieee80211_radiotap_vendor_namespaces *_vns; - const struct ieee80211_radiotap_namespace *current_namespace; - - unsigned char *_arg, *_next_ns_data; - uint32_t *_next_bitmap; - - unsigned char *this_arg; -#ifdef RADIOTAP_SUPPORT_OVERRIDES - const struct radiotap_override *overrides; - int n_overrides; -#endif - int this_arg_index; - int this_arg_size; - - int is_radiotap_ns; - - int _max_length; - int _arg_index; - uint32_t _bitmap_shifter; - int _reset_on_ext; -}; - -extern int ieee80211_radiotap_iterator_init( - struct ieee80211_radiotap_iterator *iterator, - struct ieee80211_radiotap_header *radiotap_header, - int max_length, const struct ieee80211_radiotap_vendor_namespaces *vns); - -extern int ieee80211_radiotap_iterator_next( - struct ieee80211_radiotap_iterator *iterator); - -#endif /* __RADIOTAP_ITER_H */ diff --git a/client-wifi/disect5/soho-sigint-wifi.c b/client-wifi/disect5/soho-sigint-wifi.c deleted file mode 100644 index e75b098..0000000 --- a/client-wifi/disect5/soho-sigint-wifi.c +++ /dev/null @@ -1,245 +0,0 @@ -/********************************************************************** -This is a wireless pcap capture and parser by example. -By: Russell Handorf -**********************************************************************/ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "radiotap.h" -#include "radiotap_iter.h" - -const struct pcap_pkthdr* callback_header; - -static const struct radiotap_align_size align_size_000000_00[] = { - [0] = { .align = 1, .size = 4, }, - [52] = { .align = 1, .size = 4, }, -}; - -typedef struct { - u_int8_t it_version; - u_int8_t it_pad; - u_int16_t it_len; - u_int32_t it_present; - - u_int32_t pad; - u_int8_t flags; - u_int8_t rate; - u_int16_t wr_chan_freq; - int8_t ant_sig; - int8_t lock_quality; - u_int8_t ant; - -} __attribute__((__packed__)) ieee80211_radiotap; - -typedef struct { - unsigned short fc; - unsigned short durid; - u_char a1[6]; - u_char a2[6]; - u_char a3[6]; - unsigned short seq; - u_char a4[6]; -} __attribute__((__packed__)) dot11_header; - - -void format_mac(u_char * mac, char * f) { - sprintf(f, "%02x:%02x:%02x:%02x:%02x:%02x", mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]); -} - -void my_callback(u_char *args,const struct pcap_pkthdr* pkthdr,const u_char* packet) { - - //printf("packet size: %d\n", pkthdr->len); - //printf("packet: %02x \n", packet); - //printf("%u\n", packet); - int err, radiotap_header_len, ssid_len, i; - int8_t rssi, rate; - u_int16_t channel; - char client_mac[18]; - char ssid[38]; - - struct ieee80211_radiotap_iterator iter; - - radiotap_header_len = iter._max_length; - dot11_header * dot_head = (dot11_header*) (packet + radiotap_header_len * sizeof(char) ); - - err = ieee80211_radiotap_iterator_init(&iter, (void*)packet, pkthdr->caplen, NULL); - if (err > 0) { - } - - radiotap_header_len = iter._max_length; - - while (!(err = ieee80211_radiotap_iterator_next(&iter))) { - if (iter.this_arg_index == IEEE80211_RADIOTAP_DBM_ANTSIGNAL) { - rssi = (int8_t)iter.this_arg[0]; - } - if (iter.this_arg_index == IEEE80211_RADIOTAP_CHANNEL) { - channel = (*(uint16_t *)iter.this_arg); - } - if (iter.this_arg_index == IEEE80211_RADIOTAP_RATE) { - rate = (u_int8_t)iter.this_arg[0]; - } - /* if (iter.this_arg_index == IEEE80211_RADIOTAP_DBM_ANTNOISE) { */ - /* noise = (int8_t)iter.this_arg[0]; */ - /* } */ - }; - - if (pkthdr->len >= 24) { - u_int8_t hlen; - hlen = packet[2]+(packet[3]<<8); //Usually 18 or 13 in some cases - switch (packet[hlen]) { - case 0x40: - //memset(ssid, 0, sizeof(ssid)); - printf("Probe request\n"); - printf("probe request client mac: %02x:%02x:%02x:%02x:%02x:%02x\n", packet[44], packet[45],packet[46],packet[47],packet[48],packet[49]); - ssid_len=packet[59]; - printf("probe size: %d\n", ssid_len); - if (ssid_len>0) { - for (i=0;ia2, client_mac); - - printf("rate: %d channel: %04x rssi: %d\n", rate, channel, rssi); -} - -int main(int argc,char **argv) -{ - int c; - char *dev = NULL; - char errbuf[PCAP_ERRBUF_SIZE]; - pcap_t* pcap; - struct bpf_program fp; /* hold compiled program */ - bpf_u_int32 maskp; /* subnet mask */ - bpf_u_int32 netp; /* ip */ - u_char* args = NULL; - char filter_exp[] = ""; - char *totpacket = NULL; - - while ((c = getopt (argc, argv, "ha:i:")) != -1) - switch (c) { - case 'a': - totpacket = optarg; - break; - case 'i': - dev = optarg; - break; - case 'h': - printf("./disect -a -i\n\t-a : number of packets to sniff. (default 10)\n\t-i : wlan interface.\n"); - exit(0); - default: - return 0; - } - - if (totpacket == NULL) { - totpacket="-1"; - printf("-a not specified... setting to 10.\n"); - } - - if (dev == NULL) { - printf("You forgot -i\n"); - exit(0); - } - - printf ("%s %s\n", totpacket, dev); - - if(dev == NULL) { - printf("%s\n",errbuf); - exit(1); - } - - /* ask pcap for the network address and mask of the device */ - pcap_lookupnet(dev,&netp,&maskp,errbuf); - - /* open device for reading. NOTE: defaulting to - * promiscuous mode*/ - pcap = pcap_open_live(dev,BUFSIZ,1,-1,errbuf); - pcap_set_promisc(pcap, 1); - - if(pcap == NULL) { - printf("pcap_open_live(): %s\n",errbuf); - exit(1); - } - - pcap_set_datalink(pcap, DLT_IEEE802_11); - pcap_set_datalink(pcap, DLT_IEEE802_11_RADIO_AVS); - pcap_set_datalink(pcap, DLT_IEEE802_11_RADIO); - - pcap_setnonblock(pcap, 1, errbuf); - - int link_layer_type = pcap_datalink(pcap); - - //printf("type: %d\n", link_layer_type); - - if (link_layer_type == DLT_PRISM_HEADER || - link_layer_type == DLT_IEEE802_11_RADIO || - link_layer_type == DLT_IEEE802_11_RADIO_AVS || - link_layer_type == DLT_IEEE802_11 || - link_layer_type == DLT_PPI || - link_layer_type == 127 ) { - if (pcap_compile(pcap, &fp, filter_exp, 0, netp) == -1) { - fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(pcap)); - exit(EXIT_FAILURE); - } - if (pcap_setfilter(pcap, &fp) == -1) { - fprintf(stderr, "Couldn't install filter %s: %s\n", - filter_exp, pcap_geterr(pcap)); - exit(EXIT_FAILURE); - } - printf("starting\n"); - - pcap_loop(pcap,atoi(totpacket),my_callback,NULL); - } else { - fprintf(stderr, "Not using the Wi-Fi interface, are you testing something?\n"); - } - fprintf(stdout,"\nfinished\n"); - return 0; -} - diff --git a/client-wifi/kismet.pl b/client-wifi/kismet.pl deleted file mode 100755 index c784ee8..0000000 --- a/client-wifi/kismet.pl +++ /dev/null @@ -1,94 +0,0 @@ -#!/usr/bin/perl - -use Net::Kismet; -use DBI; - -my $dbh = DBI->connect("DBI:mysql:database=wireless;host=127.0.0.1", - "USERNAME", "PASSWORD", - {'RaiseError' => 1}); - -$k = new Net::Kismet('localhost', 2501); -$k->register('SSID', \&ssidhandler, '*'); -$k->register('BSSID', \&bssidhandler, '*'); -$k->register('CLIENT', \&clienthandler, '*'); -#$k->timer_register(\&timer, 5); -KismetRun($k); - - -sub ssidhandler { - my $vars = shift; - my $ssid = ""; - if ($vars->{'ssid'} eq "") { - $ssid = ""; - } else { - $ssid = $vars->{'ssid'}; - } - #print $vars->{'mac'}."\n"; - #print "lt: ".$vars->{'lasttime'}."\n"; - #print "INSERT INTO ssid VALUES ('". $ssid. "', '" . $vars->{'mac'} . "', " . $vars->{'lasttime'} . ")"; - #print "\n"; - my $sth = $dbh->prepare("SELECT LASTSEEN from ssid where SSID=? and MAC='" . $vars->{'mac'} . "'"); - $sth->execute($ssid); - if ($sth->rows() > 0) { - $sth = $dbh->prepare("UPDATE ssid set LASTSEEN=" . $vars->{'lasttime'} . " where SSID=? and MAC = '" . $vars->{'mac'} . "'"); - } else { - $sth = $dbh->prepare("INSERT INTO ssid VALUES (?, '" . $vars->{'mac'} . "', " . $vars->{'lasttime'} . ")"); - } - $sth->execute($ssid); -} - -sub bssidhandler { - my $vars = shift; - #print $vars->{'bssid'}."\n"; - #print "lt: ".$vars->{'lasttime'}."\n"; - #print "INSERT INTO bssid VALUES ('". $vars->{'bssid'}. "', " . $vars->{'lasttime'} . ")"; - my $sth = $dbh->prepare("SELECT LASTSEEN from bssid where BSSID='" . $vars->{'bssid'} . "'"); - $sth->execute(); - if ($sth->rows() > 0) { - $dbh->do("UPDATE bssid set LASTSEEN=" . $vars->{'lasttime'} . " where BSSID = '" . $vars->{'bssid'} . "'"); - } else { - $dbh->do("INSERT INTO bssid VALUES ('". $vars->{'bssid'}. "', " . $vars->{'lasttime'} . ")"); - } - #$dbh->do("INSERT INTO bssid VALUES ('". $vars->{'bssid'}. "', " . $vars->{'lasttime'} . ")"); -} - -sub clienthandler { - my $vars = shift; - #print $vars->{'bssid'}."\n"; - #print $vars->{'mac'}."\n"; - #print "lt: ".$vars->{'lasttime'}."\n"; - my $sth = $dbh->prepare("SELECT LASTSEEN from clients where BSSID='". $vars->{'bssid'}. "' and MAC='" . $vars->{'mac'} . "'"); - $sth->execute(); - if ($sth->rows() > 0) { - $dbh->do("UPDATE clients set LASTSEEN=" . $vars->{'lasttime'} . " where BSSID = '". $vars->{'bssid'}. "' and MAC = '" . $vars->{'mac'} . "'"); - } else { - $dbh->do("INSERT INTO clients VALUES ('". $vars->{'bssid'}. "', '" . $vars->{'mac'} . "', " . $vars->{'lasttime'} . ")"); - #$dbh->do("INSERT INTO clients VALUES ('". $ssid. "', '" . $vars->{'mac'} . "', " . $vars->{'lasttime'} . ")"); - } - - #print "INSERT INTO clients VALUES ('". $vars->{'bssid'}. "', '" . $vars->{'mac'} . "', " . $vars->{'lasttime'} . ")"; - #print "\n"; - #$dbh->do("INSERT INTO clients VALUES ('". $vars->{'bssid'}. "', '" . $vars->{'mac'} . "', " . $vars->{'lasttime'} . ")"); -} - - - -sub timer { - print "<>\n"; - # check for lame threads and kill if hung - my $rin = ""; - vec ( $rin, fileno ("PREAD00"), 1 ) = 1; - #while (1) { - if ( $nfound = select($rout=$rin, undef, undef, 0) ) { - $line = ; - #print "TIMER: $line"; - } - #} -} - -sub print_hash { - my $href = shift; - while( my( $key, $val ) = each %{$href} ) { - print "$key\t=>$val\n"; - } -} diff --git a/client-wifi/ssh.sh b/client-wifi/ssh.sh deleted file mode 100755 index 02e9435..0000000 --- a/client-wifi/ssh.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash -kismet_server -n > /dev/null 2>&1 & -ssh username@server -L 3306:127.0.0.1:3306 -N > /dev/null 2>&1 & -- 2.34.1