airjack.h File Reference

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures
struct	aj_config
struct	a3_80211
Defines
#define	mh_fc   fc1.fc1_frame_control
#define	mh_version   fc1.fc2.fc2_version
#define	mh_type   fc1.fc2.fc2_type
#define	mh_subtype   fc1.fc2.fc2_subtype
#define	mh_to_ds   fc1.fc2.fc2_to_ds
#define	mh_from_ds   fc1.fc2.fc2_from_ds
#define	mh_more_frag   fc1.fc2.fc2_more_frag
#define	mh_retry   fc1.fc2.fc2_retry
#define	mh_pwr_man   fc1.fc2.fc2_pwr_man
#define	mh_more_data   fc1.fc2.fc2_more_data
#define	mh_wep   fc1.fc2.fc2_wep
#define	mh_order   fc1.fc2.fc2_order
#define	mh_aid   mh_duration_id
#define	mh_ra   mh_mac1
#define	mh_da   mh_mac1
#define	mh_ps_bssid   mh_mac1
#define	mh_cf_bssid   mh_mac2
#define	mh_ta   mh_mac2
#define	mh_sa   mh_mac2
#define	mh_bssid   mh_mac3
#define	mh_seq   seq1.seq1_seq
#define	mh_frag_num   seq1.seq2.seq2_frag_num
#define	mh_seq_num   seq1.seq2.seq2_seq_num
#define	FC_TYPE_MGT   0x00
#define	FC_TYPE_CTL   0x01
#define	FC_TYPE_DATA   0x02
#define	FC_TYPE_RESR   0x03
#define	MGT_AS_RQ   0x00
#define	MGT_AS_RS   0x01
#define	MGT_REAS_RQ   0x02
#define	MGT_REAS_RS   0x03
#define	MGT_PB_RQ   0x04
#define	MGT_PB_RS   0x05
#define	MGT_RESERV1   0x06
#define	MGT_RESERV2   0x07
#define	MGT_BEACON   0x08
#define	MGT_ATIM   0x09
#define	MGT_DISAS   0x0A
#define	MGT_AUTH   0x0B
#define	MGT_DEAUTH   0x0C
#define	MGT_RESERV3   0x0D
#define	MGT_RESERV4   0x0E
#define	MGT_RESERV5   0x0F
#define	SIOCAJSMODE   SIOCDEVPRIVATE
#define	SIOCAJGMODE   SIOCAJSMODE + 1
Functions
int	selectChannelAIRJACK (char *devname, int channel)
int	shutCardAIRJACK (char *devname)
int	openCardAIRJACK (char *devname)
int	getPacketAIRJACK (p80211_caphdr_t *wlan_header, UINT8 *buf, int maxlen)
int	openPacketAIRJACK (char *devname)
void	closePacketAIRJACK (void)
void	sendDeauth (UINT8 dest[WLAN_ADDR_LEN], UINT8 bssid[WLAN_ADDR_LEN], UINT8 channel)

---

Define Documentation

#define mh_fc   fc1.fc1_frame_control

Definition at line 76 of file airjack.h.

#define mh_version   fc1.fc2.fc2_version

Definition at line 77 of file airjack.h.

#define mh_type   fc1.fc2.fc2_type

Definition at line 78 of file airjack.h.

#define mh_subtype   fc1.fc2.fc2_subtype

Definition at line 79 of file airjack.h.

#define mh_to_ds   fc1.fc2.fc2_to_ds

Definition at line 80 of file airjack.h.

#define mh_from_ds   fc1.fc2.fc2_from_ds

Definition at line 81 of file airjack.h.

#define mh_more_frag   fc1.fc2.fc2_more_frag

Definition at line 82 of file airjack.h.

#define mh_retry   fc1.fc2.fc2_retry

Definition at line 83 of file airjack.h.

#define mh_pwr_man   fc1.fc2.fc2_pwr_man

Definition at line 84 of file airjack.h.

#define mh_more_data   fc1.fc2.fc2_more_data

Definition at line 85 of file airjack.h.

#define mh_wep   fc1.fc2.fc2_wep

Definition at line 86 of file airjack.h.

#define mh_order   fc1.fc2.fc2_order

Definition at line 87 of file airjack.h.

#define mh_aid   mh_duration_id

Definition at line 88 of file airjack.h.

#define mh_ra   mh_mac1

Definition at line 89 of file airjack.h.

#define mh_da   mh_mac1

Definition at line 90 of file airjack.h.

#define mh_ps_bssid   mh_mac1

Definition at line 91 of file airjack.h.

#define mh_cf_bssid   mh_mac2

Definition at line 92 of file airjack.h.

#define mh_ta   mh_mac2

Definition at line 93 of file airjack.h.

#define mh_sa   mh_mac2

Definition at line 94 of file airjack.h.

#define mh_bssid   mh_mac3

Definition at line 95 of file airjack.h.

#define mh_seq   seq1.seq1_seq

Definition at line 96 of file airjack.h.

#define mh_frag_num   seq1.seq2.seq2_frag_num

Definition at line 97 of file airjack.h.

#define mh_seq_num   seq1.seq2.seq2_seq_num

Definition at line 98 of file airjack.h.

#define FC_TYPE_MGT   0x00

Definition at line 102 of file airjack.h.

Referenced by sendDeauth().

#define FC_TYPE_CTL   0x01

Definition at line 103 of file airjack.h.

#define FC_TYPE_DATA   0x02

Definition at line 104 of file airjack.h.

#define FC_TYPE_RESR   0x03

Definition at line 105 of file airjack.h.

#define MGT_AS_RQ   0x00

Definition at line 108 of file airjack.h.

#define MGT_AS_RS   0x01

Definition at line 109 of file airjack.h.

#define MGT_REAS_RQ   0x02

Definition at line 110 of file airjack.h.

#define MGT_REAS_RS   0x03

Definition at line 111 of file airjack.h.

#define MGT_PB_RQ   0x04

Definition at line 112 of file airjack.h.

#define MGT_PB_RS   0x05

Definition at line 113 of file airjack.h.

#define MGT_RESERV1   0x06

Definition at line 114 of file airjack.h.

#define MGT_RESERV2   0x07

Definition at line 115 of file airjack.h.

#define MGT_BEACON   0x08

Definition at line 116 of file airjack.h.

#define MGT_ATIM   0x09

Definition at line 117 of file airjack.h.

#define MGT_DISAS   0x0A

Definition at line 118 of file airjack.h.

#define MGT_AUTH   0x0B

Definition at line 119 of file airjack.h.

#define MGT_DEAUTH   0x0C

Definition at line 120 of file airjack.h.

Referenced by sendDeauth().

#define MGT_RESERV3   0x0D

Definition at line 121 of file airjack.h.

#define MGT_RESERV4   0x0E

Definition at line 122 of file airjack.h.

#define MGT_RESERV5   0x0F

Definition at line 123 of file airjack.h.

#define SIOCAJSMODE   SIOCDEVPRIVATE

Definition at line 126 of file airjack.h.

Referenced by selectChannelAIRJACK().

#define SIOCAJGMODE   SIOCAJSMODE + 1

Definition at line 127 of file airjack.h.

Referenced by selectChannelAIRJACK().

---

Function Documentation

int selectChannelAIRJACK	(	char *	devname,
		int	channel
	)

Definition at line 71 of file airjack.c.

References aj_conf, aj_config::channel, debug, aj_config::monitor, req, SIOCAJGMODE, SIOCAJSMODE, sockfd, and STR_MAX.

Referenced by selectChannel(), and sendDeauth().

{
#define STR_MAX 80
  int result = 0;
#if 0
  char str[STR_MAX];
  snprintf(str, STR_MAX, "set_channel -c %d -i %s 2>/dev/null",
           channel, devname);
  debug(3, "%s\n", str);
  result += system(str);
#else
  req.ifr_data = (char *) &aj_conf;

  /* populate the structure */
  if (ioctl(sockfd, SIOCAJGMODE, &req) < 0) {
    return (-4);
  }

  aj_conf.channel = channel;
  aj_conf.monitor = 1;

  if (ioctl(sockfd, SIOCAJSMODE, &req) < 0) {
    return (-4);
  }
#endif
  return result;
}

int shutCardAIRJACK

(

char *

devname

)

Definition at line 99 of file airjack.c.

References IfconfigSetFlags().

Referenced by shutCard().

{
  return IfconfigSetFlags(devname, IFF_UP);
}

int openCardAIRJACK

(

char *

devname

)

Definition at line 104 of file airjack.c.

References aj_conf, IfconfigSetFlags(), req, and sockfd.

Referenced by openCard().

{
  int result = 0;
  struct sockaddr_ll addr;

  // Turn on monitor mode
  result += IfconfigSetFlags(devname, IFF_UP + IFF_PROMISC);

  /* open the link layer socket */
  if ((sockfd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL))) < 0) {
    return (-1);
  }

  /* get the interface index */
  memset(&req, 0, sizeof(struct ifreq));
  memset(&aj_conf, 0, sizeof(struct aj_config));
  strncpy(req.ifr_name, devname, IFNAMSIZ);

  if (ioctl(sockfd, SIOCGIFINDEX, &req) < 0) {
    return (-2);
  }

  /* bind the socket to the interface */
  memset(&addr, 0, sizeof(struct sockaddr_ll));
  addr.sll_ifindex = req.ifr_ifindex;
  addr.sll_protocol = htons(ETH_P_ALL);
  addr.sll_family = AF_PACKET;
  if (bind(sockfd, (struct sockaddr *) &addr, sizeof(struct sockaddr_ll)) <
      0) {
    return (-3);
  }


  return result;
}

int getPacketAIRJACK	(	p80211_caphdr_t *	wlan_header,
		UINT8 *	buf,
		int	maxlen
	)

Definition at line 142 of file airjack.c.

References p80211_caphdr::antenna, p80211_caphdr::channel, p80211_caphdr::datarate, p80211_caphdr::encoding, p80211_caphdr::hosttime, p80211_caphdr::length, p80211_caphdr::mactime, memcpy_buff(), CaptureArg_t::pcap, p80211_caphdr::phytype, p80211_caphdr::preamble, p80211_caphdr::priority, p80211_caphdr::ssi_noise, p80211_caphdr::ssi_signal, p80211_caphdr::ssi_type, and p80211_caphdr::version.

Referenced by getPacket().

{
  struct pcap_pkthdr pktHdr;
  u_char *ret;
  fd_set rs;

  FD_ZERO(&rs);
  FD_SET(0, &rs);

  ret = (u_char *) pcap_next(ca.pcap, &pktHdr);
  // If no problem and packet is enought big (with data)
  if ((ret) && (pktHdr.len >= 1)) {
    if (memcpy_buff(buf, ret, pktHdr.len) == NULL)
      return 0;
    // Fill Header
    // TODO : find this information in any maner ?!
    wlan_header->version = 0;    // It's a reduced capture frame format
    wlan_header->length = 0;     // Not used for now
    wlan_header->mactime = 0;
    wlan_header->hosttime = 0;
    wlan_header->phytype = 0;    // Not used for now
    wlan_header->channel = 0;
    wlan_header->datarate = 0;   // datarate is in units of 100kbps.
    wlan_header->antenna = 0;    // Not used for now
    wlan_header->priority = 0;   // Not used for now
    wlan_header->ssi_type = 0;   // Not used for now
    wlan_header->ssi_signal = 0;
    wlan_header->ssi_noise = 0;
    wlan_header->preamble = 0;   // Not used for now
    wlan_header->encoding = 0;   // Not used for now

    return pktHdr.len;
  } else {
    return (0);                 // Noting to read
  }
}

int openPacketAIRJACK

(

char *

devname

)

Definition at line 179 of file airjack.c.

References debug, DLT_PRISM_HEADER, errbuf, CaptureArg_t::offset, and CaptureArg_t::pcap.

Referenced by openPacket().

{
  int DataLink;

  ca.pcap = pcap_open_live(devname, 3000, 1, 0, errbuf);
  if (ca.pcap) {
    pcap_setnonblock(ca.pcap, 1, errbuf);
    DataLink = pcap_datalink(ca.pcap);
    switch (DataLink) {
    case DLT_PRISM_HEADER:
      debug(2,
            "pcap_datalink(ca.pcap) = %d = DLT_PRISM_HEADER\n", DataLink);
      ca.offset = 0x90;
      break;
    case DLT_IEEE802_11:
      debug(2, "pcap_datalink(ca.pcap) = %d = DLT_IEEE802_11\n", DataLink);
      ca.offset = 0;
      break;
    case DLT_AIRONET_HEADER:
      debug(2,
            "pcap_datalink(ca.pcap) = %d = DLT_AIRONET_HEADER:\n",
            DataLink);
      ca.offset = 0;
      break;
    default:                   //COOKED
      debug(2, "pcap_datalink(ca.pcap) = %d = COOKED:\n", DataLink);
      ca.offset = 160;
    }
    return 1;
  }
  return -1;
}

void closePacketAIRJACK

(

void

)

Definition at line 212 of file airjack.c.

References CaptureArg_t::pcap.

Referenced by closePacket().

{
  pcap_close(ca.pcap);
}

void sendDeauth	(	UINT8	dest[WLAN_ADDR_LEN],
		UINT8	bssid[WLAN_ADDR_LEN],
		UINT8	channel
	)

Definition at line 217 of file airjack.c.

References debug, ConfigStruct::devname, FC_TYPE_MGT, MGT_DEAUTH, ScanResult_t::SChannel, selectChannelAIRJACK(), sockfd, and warning().

Referenced by LogPutIsAP(), and Send_To_All_BSSID_A_Deauth().

{
  struct {
    struct a3_80211 hdr;
    unsigned short int reason;
  } __attribute__ ((packed)) frame;
  UINT8 OldChannel = 0;

  /* setup the frame */
  memset(&frame, 0, sizeof(frame));
  memcpy(frame.hdr.mh_mac1, dest, sizeof(frame.hdr.mh_mac1));
  memcpy(frame.hdr.mh_mac2, bssid, sizeof(frame.hdr.mh_mac2));
  memcpy(frame.hdr.mh_mac3, bssid, sizeof(frame.hdr.mh_mac3));

  frame.hdr.mh_type = FC_TYPE_MGT;
  frame.hdr.mh_subtype = MGT_DEAUTH;
  frame.hdr.mh_from_ds = 1;
  frame.reason = 2;             /* previous authentication is no longer valid */

  if (channel != 0) {           // Backup channel and change to the channel of the AP
    OldChannel = Res.SChannel;
    selectChannelAIRJACK(config.devname, channel);
  }

  if (write(sockfd, &frame, sizeof(frame)) < 0) {
    warning("AIRJACK error : write\n");
  }

  debug(2, "Send De-auth -- BSSID: %02X:%02X:%02X:%02X:%02X:%02X --"
        " DEST: %02X:%02X:%02X:%02X:%02X:%02X -- Channel: %d\n",
        bssid[0], bssid[1], bssid[2], bssid[3], bssid[4], bssid[5],
        dest[0], dest[1], dest[2], dest[3], dest[4], dest[5], channel);

  if (channel != 0) {           // restore channel
    Res.SChannel = OldChannel;
    selectChannelAIRJACK(config.devname, OldChannel);
  }
}