Changeset 99

Timestamp:

02/22/07 16:37:48 (23 months ago)

Author:

dragorn

Message:

started forge rewrite (untested)

Location:

trunk

Files:

• lorcon_forge.c (modified) (3 diffs)
• lorcon_forge.h (modified) (1 diff)

trunk/lorcon_forge.c

@@ -26 +26 @@
 #include <stdio.h>
 
-#include "packetforge.h"
-#include "ieee80211.h"
 #include "endian_magic.h"
+
+#include "lorcon_forge.h"
 
 uint8_t *ouilist[] = {
@@ -57 +57 @@
 };
 
-void lcpf_createrandmac(uint8_t *addr) {
-    int listlen = 0;
+void lcpf_randmac(uint8_t *addr, int valid) {
+    static int listlen = 0;
 
-    while (ouilist[listlen] != NULL) {
-        listlen++;
-    };
+        if (listlen == 0) {
+                while (ouilist[listlen] != NULL) {
+                        listlen++;
+                };
+        }
 
-    memcpy(addr, ouilist[rand() % listlen], 3);
+        if (valid) {
+                memcpy(addr, ouilist[rand() % listlen], 3);
+        } else {
+                addr[0] = rand() % 255;
+                addr[1] = rand() % 255;
+                addr[2] = rand() % 255;
+        }
+
     addr[3] = rand() % 255;
     addr[4] = rand() % 255;
@@ -70 +79 @@
 }
 
-lcpf_packet *lcpf_packet_init(int in_carriermax, uint8_t in_type, uint8_t in_subtype, 
-                              uint8_t *in_addr0, uint8_t *in_addr1, uint8_t *in_addr2) {
-    lcpf_packet *pak;
+void lcpf_80211headers(metapacket *pack, unsigned int type, unsigned int subtype,
+                                           unsigned int fcflags, unsigned int duration,
+                                           uint8_t *mac1, uint8_t *mac2, uint8_t *mac3,
+                                           uint8_t *mac4, unsigned int fragment, 
+                                           unsigned int sequence) {
 
-    pak = (lcpf_packet *) malloc(sizeof(lcpf_packet));
-    pak->raw_buf = (uint8_t *) malloc(in_carriermax);
-    pak->maxlen = in_carriermax;
-    pak->len = IEEE80211_HDRLEN;
-    pak->ieee_header = &(pak->raw_buf[0]);
-    pak->append_ptr = &(pak->raw_buf[len]);
-    pak->nr_tagparms = 0;
+        /* Re-use a single buffer and use the copy ops, saves a malloc
+         * thrash */
+        uint8_t chunk[2];
+        uint16_t *sixptr;
 
-    memset(pak->ieee_header, 0, sizeof(ieee80211_hdr));
+        chunk[0] = ((type << 2) | (subtype << 4));
+        chunk[1] = (uint8_t) fcflags;
+        pack = pack_append_copy(pack, "80211FC", 2, chunk);
 
-    pak->ieee_header = host_to_le16((in_type << 2) | (in_subtype << 4));
+        sixptr = (uint16_t *) chunk;
+        *sixptr = htons((uint16_t) duration);
+        pack = pack_append_copy(pack, "80211DUR", 2, chunk);
 
-    memcpy(pak->ieee_header->addr1, in_addr1, 6);
-    memcpy(pak->ieee_header->addr2, in_addr2, 6);
-    memcpy(pak->ieee_header->addr3, in_addr3, 6);
+        if (mac1 != NULL)
+                pack = pack_append_copy(pack, "80211MAC1", 6, mac1);
+        if (mac2 != NULL)
+                pack = pack_append_copy(pack, "80211MAC2", 6, mac2);
+        if (mac3 != NULL)
+                pack = pack_append_copy(pack, "80211MAC3", 6, mac3);
+        if (mac4 != NULL)
+                pack = pack_append_copy(pack, "80211MAC4", 6, mac4);
 
-    return pak;
+        *sixptr = ((sequence << 4) | fragment);
+        pack = pack_append_copy(pack, "80211FRAGSEQ", 2, chunk);
 }
 
-void lcpf_packet_destroy(lcpf_packet *mod_packet) {
-    free(mod_packet->raw_buf);
-    free(mod_packet);
-}
+void lcpf_beacon(metapacket *pack, uint8_t *src, uint8_t *bssid, int framecontrol,
+                                 int duration, int fragment, int sequence, 
+                                 uint64_t timestamp, int beacon, int capabilities) {
+        uint8_t chunk[8];
+        uint16_t *sixptr = (uint16_t *) chunk;
+        uint64_t *ch64 = (uint64_t *) chunk;
 
-int lcpf_packet_addtagparm(int in_parm, int in_len, uint8_t *in_data, 
-                           lcpf_packet *mod_packet) {
-    if (mod_packet->
+        memcpy(chunk, "\xFF\xFF\xFF\xFF\xFF\xFF", 6);
+        lcpf_80211headers(pack, 0, 8, framecontrol, duration,
+                                          chunk, src, bssid, NULL,
+                                          fragment, sequence);
+
+        *ch64 = timestamp;
+        pack = pack_append_copy(pack, "BEACONBSSTIME", 8, chunk);
+
+        *sixptr = beacon;
+        pack = pack_append_copy(pack, "BEACONINT", 2, chunk);
+
+        *sixptr = capabilities;
+        pack = pack_append_copy(pack, "BEACONCAP", 2, chunk);
 
 }
 
-int PacketForgeDeauth(uint8_t *in_bssid, uint8_t *in_source, 
-                      uint8_t *in_dest, uint8_t **ret_frame) {
-    struct ieee80211_mgmt txheader;
-    int len;
-    
-    memset(&txheader, 0, sizeof(txheader));
-
-    txheader.frame_control = host_to_le16(WLAN_FC_TYPE_MGMT << 2) | 
-        (WLAN_FC_SUBTYPE_DEAUTH << 4);
-
-    // Fill in the addresses
-    memcpy(txheader.bssid, in_bssid, 6);
-    
-    if (in_source != NULL)
-        memcpy(txheader.sa, in_source, 6);
-    else
-        memcpy(txheader.sa, in_bssid, 6);
-
-    if (in_dest != NULL)
-        memcpy(txheader.da, in_dest, 6);
-    else
-        memset(txheader.da, 0xFF, 6);
-
-    // Fill in the reason
-    txheader.u.deauth.reason_code = host_to_le16(WLAN_REASON_PREV_AUTH_NOT_VALID);
-
-    // Alloc and copy it into the return buffer
-    len = (IEEE80211_HDRLEN + sizeof(txheader.u.deauth));
-
-    *ret_frame = new uint8_t[len];
-    memcpy(*ret_frame, &txheader, len);
-
-    return len;
-}
-
-int PacketForgeDisassoc(uint8_t *in_bssid, uint8_t *in_source,
-                        uint8_t *in_dest, uint8_t **ret_frame) {
-    struct ieee80211_mgmt txheader;
-    int len;
-
-    memset(&txheader, 0, sizeof(txheader));
-
-    txheader.frame_control = host_to_le16((WLAN_FC_TYPE_MGMT << 2) |
-        (WLAN_FC_SUBTYPE_DISASSOC << 4));
-
-    // Fill in the addresses
-    memcpy(txheader.bssid, in_bssid, 6);
-    
-    if (in_source != NULL)
-        memcpy(txheader.sa, in_source, 6);
-    else
-        memcpy(txheader.sa, in_bssid, 6);
-
-    if (in_dest != NULL)
-        memcpy(txheader.da, in_dest, 6);
-    else
-        memset(txheader.da, 0xFF, 6);
-
-    txheader.u.disassoc.reason_code = host_to_le16(WLAN_REASON_PREV_AUTH_NOT_VALID);
-
-    len = (IEEE80211_HDRLEN + sizeof(txheader.u.disassoc));
-    *ret_frame = new uint8_t[len];
-    memcpy(*ret_frame, &txheader, len);
-
-    return len;
-}
-
-int PacketForgeAssocReq(uint8_t *in_bssid, uint8_t *in_source, const char *in_ssid,
-                        int in_wep, uint8_t **ret_frame) {
-    // Highly influenced by some old airjack code and void11
-    struct ieee80211_mgmt txheader;
-    int len;
-    uint8_t *variable;
-    int vlen;
-
-    memset(&txheader, 0, sizeof(txheader));
-
-    // Variable = 1b tag 1b len Xb ssid 1b tag 1b size 4b supprates
-    vlen = 8 + strlen(in_ssid);
-    variable = new uint8_t[vlen];
-
-    txheader.frame_control = host_to_le16((WLAN_FC_TYPE_MGMT << 2) |
-        (WLAN_FC_SUBTYPE_ASSOCREQ << 4));
-
-    // Fill in random if we weren't given a source to assoc from
-    if (in_source == NULL) 
-        PacketForgeCreateRandmac(txheader.sa);
-    else
-        memcpy(txheader.sa, in_source, 6);
-
-    memcpy(txheader.da, in_bssid, 6);
-    memcpy(txheader.bssid, in_bssid, 6);
-
-    // Set the capability fields
-    txheader.u.assoc_req.capab_info = host_to_le16(WLAN_CAPABILITY_ESS);
-    if (in_wep)
-        txheader.u.assoc_req.capab_info |= host_to_le16(WLAN_CAPABILITY_PRIVACY);
-
-    txheader.u.assoc_req.listen_interval = host_to_le16(1);
-
-    int voff = 0;
-    variable[voff++] = WLAN_TAGPARM_SSID;
-    variable[voff++] = strlen(in_ssid);
-    memcpy(&(variable[voff]), in_ssid, strlen(in_ssid));
-    voff += strlen(in_ssid);
-    variable[voff++] = WLAN_TAGPARM_SUPPRATES;
-    variable[voff++] = 4;
-        variable[voff++] = 0x82; // 1mbit
-    variable[voff++] = 0x84; // 2mbit
-    variable[voff++] = 0x0b; // 5.5
-    variable[voff++] = 0x16; // 11
-
-    // Play some games copying the variable after the standard frame
-    len = (IEEE80211_HDRLEN + sizeof(txheader.u.assoc_req));
-    *ret_frame = new uint8_t[len + vlen];
-    memcpy(*ret_frame, &txheader, len);
-    memcpy((*ret_frame) + len, variable, vlen);
-    len += vlen;
-
-    delete[] variable;
-    return len;
-}
-
-int PacketForgeAuth(uint8_t *in_source, uint8_t *in_dest, uint8_t **ret_frame) {
-    // Highly influenced by some old airjack code and void11
-    struct ieee80211_mgmt txheader;
-    int len;
-
-    memset(&txheader, 0, sizeof(txheader));
-    
-    txheader.frame_control = host_to_le16((WLAN_FC_TYPE_MGMT << 2) |
-        (WLAN_FC_SUBTYPE_AUTH << 4));
-
-    // Fill in random if we weren't given a source to assoc from
-    if (in_source == NULL) 
-        PacketForgeCreateRandmac(txheader.sa);
-    else
-        memcpy(txheader.sa, in_source, 6);
-
-    memcpy(txheader.da, in_dest, 6);
-    memcpy(txheader.bssid, in_dest, 6);
-
-    txheader.u.auth.auth_alg = host_to_le16(0);
-    txheader.u.auth.auth_transaction = host_to_le16(1);
-    txheader.u.auth.status_code = host_to_le16(0);
-
-    len = (IEEE80211_HDRLEN + sizeof(txheader.u.auth));
-    *ret_frame = new uint8_t[len];
-    memcpy(*ret_frame, &txheader, len);
-    
-    return len;
-}
-
-int PacketForgeProbeReq(uint8_t *in_source, const char *in_ssid, uint8_t **ret_frame) {
-    // Highly influenced by some old airjack code and void11
-    struct ieee80211_mgmt txheader;
-    int len;
-    uint8_t *variable;
-    int vlen;
-
-    memset(&txheader, 0, sizeof(txheader));
-
-    // Variable = 1b tag 1b len Xb ssid 1b tag 1b size 4b supprates
-    vlen = 8 + strlen(in_ssid);
-    variable = new uint8_t[vlen];
-
-    txheader.frame_control = host_to_le16((WLAN_FC_TYPE_MGMT << 2) |
-        (WLAN_FC_SUBTYPE_PROBEREQ << 4));
-
-    // Fill in random if we weren't given a source to probe from
-    if (in_source == NULL) 
-        PacketForgeCreateRandmac(txheader.sa);
-    else
-        memcpy(txheader.sa, in_source, 6);
-
-    memset(txheader.da, 0xFF, 6);
-    memset(txheader.bssid, 0xFF, 6);
-
-    int voff = 0;
-    variable[voff++] = WLAN_TAGPARM_SSID;
-    variable[voff++] = strlen(in_ssid);
-    memcpy(&(variable[voff]), in_ssid, strlen(in_ssid));
-    voff += strlen(in_ssid);
-    variable[voff++] = WLAN_TAGPARM_SUPPRATES;
-    variable[voff++] = 4;
-        variable[voff++] = 0x82; // 1mbit
-    variable[voff++] = 0x84; // 2mbit
-    variable[voff++] = 0x0b; // 5.5
-    variable[voff++] = 0x16; // 11
-
-    // Play some games copying the variable after the standard frame
-    len = (IEEE80211_HDRLEN + sizeof(txheader.u.probe_req));
-    *ret_frame = new uint8_t[len + vlen];
-    memcpy(*ret_frame, &txheader, len);
-    memcpy((*ret_frame) + len, variable, vlen);
-    len += vlen;
-
-    delete[] variable;
-    return len;
-}
-

trunk/lorcon_forge.h

@@ -33 +33 @@
 #include "ieee_80211.h"
 
-// Tagged parameter in a frame
-typedef struct lcpf_tagparm {
-        uint8_t tag_num;
-        uint8_t tag_len;
-        uint8_t tag_data[0];
-} __attribute__ ((packed));
+#include "packet_assembly.h"
 
-#define lcpf_genstate_init          0
-#define lcpf_genstate_
+/*
+ * Lorcon Packet Forge
+ *
+ * Relatively simplistic mechanism for building 802.11 frames using the lorcon
+ * packet assembly utilities.
+ *
+ * Utility functions are included for most of the 802.11 packet types, as well
+ * as functions for adding to dynamically sized types.
+ *
+ * All lorcon packet forge functions use the lcpf_ namespace
+ */
 
-typedef struct lcpf_packet {
-        // Generation state (can't add tagparms after raw payload, for example)
-        uint8_t gen_state;
-        // Raw packet buffer
-        uint8_t *raw_buf;
-        // Current length and maximum possible length
-        unsigned int len;
-        unsigned int max_len;
-        // Pointer to where to append data
-        uint8_t *append_ptr;
+/* Create a random MAC address, optionally seeded with a valid wireless OUI
+ *
+ * addr must be allocated by the caller
+ */
+void lcpf_randmac(uint8_t *addr, int valid);
 
-        ieee802_hdr *ieee_header;
-        uint8_t *data_payload;
+/* Generate the common 802.11 headers.  Lower-level function which will generally
+ * be wrapped in packet-specific functions
+ *
+ * pack is expected to be an initialized, empty metapack.
+ *
+ * mac1 through mac4 are expected to contain NULL or a MAC address for that
+ * slot.  The interpretation of the MAC address in each slot will vary per
+ * 802.11 type, the caller is expected to provide the MACs in appropriate order.
+ *
+ */
+void lcpf_80211headers(metapacket *pack, unsigned int type, unsigned int subtype,
+                                           unsigned int fcflags, unsigned int duration,
+                                           uint8_t *mac1, uint8_t *mac2, uint8_t *mac3,
+                                           uint8_t *mac4, unsigned int fragment, 
+                                           unsigned int sequence);
 
-        struct {
-                uint8_t nr_tagparms;
-                lcpf_tagparm *tagparms;
-        } tagged_parameters;
-
-        struct ieee80211_mgmt *mgmt_header;
-};
-
-// Forge a random mac within a reasonable OUI
-void lcpf_createrandmac(uint8_t * addr);
-
-// Initialize a raw frame with the provided info
-lcpf_packet *lcpf_packet_init(int in_carriermax, uint8_t in_type,
-                              uint8_t in_subtype, uint8_t * in_addr0,
-                              uint8_t * in_addr1, uint8_t * in_addr2);
-
-// Add a tagged parameter to a packet
-int lcpf_packet_addtagparm(int in_parm, int in_len, uint8_t * in_data,
-                           lcpf_packet * mod_packet);
-
-// Add a data payload
-int lcpf_packet_addpayload(int in_len, uint8_t * in_data,
-                           lcpf_packet * mod_packet);
+/* Generate a beacon frame header with no IE tags (see lcpf_appendie)
+ *
+ * pack is expected to be an initialized, empty metapack
+ *
+ */
+void lcpf_beacon(metapacket *pack, uint8_t *src, uint8_t *bssid, int framecontrol,
+                                 int duration, int fragment, int sequence, 
+                                 uint64_t timestamp, int beacon, int capabilities);
 
 #endif