From 40e11b71f07264b161e8083f9e5affd88b523c6b Mon Sep 17 00:00:00 2001
From: Just Call Me Koko <25190487+justcallmekoko@users.noreply.github.com>
Date: Sat, 21 Mar 2020 18:54:14 -0400
Subject: [PATCH] Capture EAPOL packets
---
README.md | 2 +-
esp32_marauder/Assets.h | 8 +-
esp32_marauder/BatteryInterface.cpp | 27 ++
esp32_marauder/BatteryInterface.h | 23 ++
esp32_marauder/Display.cpp | 7 +
esp32_marauder/Display.h | 3 +-
esp32_marauder/MenuFunctions.cpp | 21 +-
esp32_marauder/MenuFunctions.h | 3 +
esp32_marauder/SDInterface.cpp | 13 +-
esp32_marauder/SDInterface.h | 3 +-
esp32_marauder/WiFiScan.cpp | 407 +++++++++++++++++++++++++++-
esp32_marauder/WiFiScan.h | 9 +-
esp32_marauder/esp32_marauder.ino | 56 +++-
pictures/icons/eapol_22.bmp | Bin 0 -> 1606 bytes
14 files changed, 555 insertions(+), 27 deletions(-)
create mode 100644 esp32_marauder/BatteryInterface.cpp
create mode 100644 esp32_marauder/BatteryInterface.h
create mode 100644 pictures/icons/eapol_22.bmp
diff --git a/README.md b/README.md
index 46015ab..f39d74e 100644
--- a/README.md
+++ b/README.md
@@ -3,7 +3,7 @@
-# ESP32 Marauder v0.5.4
+# ESP32 Marauder v0.6.1
A suite of WiFi/Bluetooth offensive and defensive tools for the ESP32
diff --git a/esp32_marauder/Assets.h b/esp32_marauder/Assets.h
index 90d90f1..1de52be 100644
--- a/esp32_marauder/Assets.h
+++ b/esp32_marauder/Assets.h
@@ -129,7 +129,13 @@ PROGMEM static const unsigned char menu_icons[][66] = {
0xDD, 0xB6, 0x2D, 0xED, 0xB6, 0x2B, 0xED, 0xB6, 0x2B, 0x01, 0x00, 0x20,
0xED, 0xB6, 0x2B, 0xDD, 0xB6, 0x2D, 0xDB, 0xB6, 0x35, 0xDB, 0x96, 0x35,
0x07, 0x00, 0x38, 0x6F, 0x55, 0x3D, 0xDF, 0x94, 0x3E, 0x3F, 0x23, 0x3F,
- 0xFF, 0xC0, 0x3F, 0xFF, 0xFF, 0x3F}
+ 0xFF, 0xC0, 0x3F, 0xFF, 0xFF, 0x3F},
+ {0xFF, 0xFF, 0x3F, 0xFF, 0xFF, 0x3F, 0xFF, 0xFF, 0x3B, 0xFF, 0xFF, 0x39, // EAPOL: 21
+ 0xFF, 0xFF, 0x3C, 0xFF, 0x7F, 0x3A, 0xFF, 0x3F, 0x37, 0xFF, 0x9F, 0x3E,
+ 0xFF, 0xCF, 0x3D, 0xFF, 0xE7, 0x3F, 0xFF, 0xF3, 0x3F, 0xCF, 0xF9, 0x3F,
+ 0xB7, 0xFC, 0x3F, 0x77, 0xFE, 0x3F, 0xF7, 0xFE, 0x3F, 0xEF, 0xFD, 0x3F,
+ 0xDF, 0xFB, 0x3F, 0xBF, 0xFB, 0x3F, 0x7F, 0xFC, 0x3F, 0xFF, 0xFF, 0x3F,
+ 0xFF, 0xFF, 0x3F, 0xFF, 0xFF, 0x3F}
};
diff --git a/esp32_marauder/BatteryInterface.cpp b/esp32_marauder/BatteryInterface.cpp
new file mode 100644
index 0000000..f31c97e
--- /dev/null
+++ b/esp32_marauder/BatteryInterface.cpp
@@ -0,0 +1,27 @@
+#include "BatteryInterface.h"
+
+BatteryInterface::BatteryInterface() {
+
+}
+
+void BatteryInterface::RunSetup() {
+ Wire.begin(I2C_SDA, I2C_SCL);
+}
+
+int8_t BatteryInterface::getBatteryLevel() {
+ Wire.beginTransmission(IP5306_ADDR);
+ Wire.write(0x78);
+ if (Wire.endTransmission(false) == 0 &&
+ Wire.requestFrom(0x75, 1)) {
+ this->i2c_supported = true;
+ switch (Wire.read() & 0xF0) {
+ case 0xE0: return 25;
+ case 0xC0: return 50;
+ case 0x80: return 75;
+ case 0x00: return 100;
+ default: return 0;
+ }
+ }
+ this->i2c_supported = false;
+ return -1;
+}
diff --git a/esp32_marauder/BatteryInterface.h b/esp32_marauder/BatteryInterface.h
new file mode 100644
index 0000000..a298349
--- /dev/null
+++ b/esp32_marauder/BatteryInterface.h
@@ -0,0 +1,23 @@
+#ifndef BatteryInterface_h
+#define BatteryInterface_h
+
+#include
+
+#define I2C_SDA 33
+#define I2C_SCL 22
+#define IP5306_ADDR 0x75
+
+class BatteryInterface {
+ private:
+
+ public:
+ int8_t battery_level = 0;
+ bool i2c_supported = false;
+
+ BatteryInterface();
+
+ void RunSetup();
+ int8_t getBatteryLevel();
+};
+
+#endif
diff --git a/esp32_marauder/Display.cpp b/esp32_marauder/Display.cpp
index 9c3d05f..fcebc88 100644
--- a/esp32_marauder/Display.cpp
+++ b/esp32_marauder/Display.cpp
@@ -73,6 +73,13 @@ void Display::tftDrawGraphObjects(byte x_scale)
tft.setCursor(3, 228); tft.print("0"); // "-" at bottom of y axis
}
+void Display::tftDrawEapolColorKey()
+{
+ //Display color key
+ tft.setTextSize(1); tft.setTextColor(TFT_WHITE);
+ tft.fillRect(14, 0, 15, 8, TFT_CYAN); tft.setCursor(30, 0); tft.print(" - EAPOL");
+}
+
void Display::tftDrawColorKey()
{
//Display color key
diff --git a/esp32_marauder/Display.h b/esp32_marauder/Display.h
index 1e4c6b7..297d0be 100644
--- a/esp32_marauder/Display.h
+++ b/esp32_marauder/Display.h
@@ -56,7 +56,7 @@ class Display
TFT_eSPI tft = TFT_eSPI();
TFT_eSprite img = TFT_eSprite(&tft);
TFT_eSPI_Button key[BUTTON_ARRAY_LEN];
- String version_number = "v0.5.4";
+ String version_number = "v0.6.1";
bool printing = false;
bool loading = false;
@@ -92,6 +92,7 @@ class Display
int blank[19]; // We keep all the strings pixel lengths to optimise the speed of the top line blanking
void tftDrawGraphObjects(byte x_scale);
+ void tftDrawEapolColorKey();
void tftDrawColorKey();
void tftDrawXScaleButtons(byte x_scale);
void tftDrawYScaleButtons(byte y_scale);
diff --git a/esp32_marauder/MenuFunctions.cpp b/esp32_marauder/MenuFunctions.cpp
index 1b9e582..5e939b6 100644
--- a/esp32_marauder/MenuFunctions.cpp
+++ b/esp32_marauder/MenuFunctions.cpp
@@ -59,7 +59,6 @@ void MenuFunctions::main()
// Stop the current scan
if ((wifi_scan_obj.currentScanMode == WIFI_SCAN_PROBE) ||
(wifi_scan_obj.currentScanMode == WIFI_SCAN_AP) ||
- (wifi_scan_obj.currentScanMode == WIFI_SCAN_ST) ||
(wifi_scan_obj.currentScanMode == WIFI_SCAN_ALL) ||
(wifi_scan_obj.currentScanMode == WIFI_SCAN_DEAUTH) ||
(wifi_scan_obj.currentScanMode == WIFI_ATTACK_BEACON_SPAM) ||
@@ -234,20 +233,21 @@ void MenuFunctions::RunSetup()
// Build WiFi sniffer Menu
wifiSnifferMenu.parentMenu = &wifiMenu; // Main Menu is second menu parent
addNodes(&wifiSnifferMenu, "Back", TFT_LIGHTGREY, NULL, 0, [this](){changeMenu(wifiSnifferMenu.parentMenu);});
- addNodes(&wifiSnifferMenu, "Probe Request Sniff", TFT_CYAN, NULL, PROBE_SNIFF, [this](){wifi_scan_obj.StartScan(WIFI_SCAN_PROBE, TFT_CYAN);});
- addNodes(&wifiSnifferMenu, "Beacon Sniff", TFT_MAGENTA, NULL, BEACON_SNIFF, [this](){wifi_scan_obj.StartScan(WIFI_SCAN_AP, TFT_MAGENTA);});
- addNodes(&wifiSnifferMenu, "Deauth Sniff", TFT_RED, NULL, DEAUTH_SNIFF, [this](){wifi_scan_obj.StartScan(WIFI_SCAN_DEAUTH, TFT_RED);});
+ addNodes(&wifiSnifferMenu, "Probe Request Sniff", TFT_CYAN, NULL, PROBE_SNIFF, [this](){sd_obj.initSD(); wifi_scan_obj.StartScan(WIFI_SCAN_PROBE, TFT_CYAN);});
+ addNodes(&wifiSnifferMenu, "Beacon Sniff", TFT_MAGENTA, NULL, BEACON_SNIFF, [this](){sd_obj.initSD(); wifi_scan_obj.StartScan(WIFI_SCAN_AP, TFT_MAGENTA);});
+ addNodes(&wifiSnifferMenu, "Deauth Sniff", TFT_RED, NULL, DEAUTH_SNIFF, [this](){sd_obj.initSD(); wifi_scan_obj.StartScan(WIFI_SCAN_DEAUTH, TFT_RED);});
// Build WiFi scanner Menu
wifiScannerMenu.parentMenu = &wifiMenu; // Main Menu is second menu parent
addNodes(&wifiScannerMenu, "Back", TFT_LIGHTGREY, NULL, 0, [this](){changeMenu(wifiScannerMenu.parentMenu);});
- addNodes(&wifiScannerMenu, "Packet Monitor", TFT_BLUE, NULL, PACKET_MONITOR, [this](){wifi_scan_obj.StartScan(WIFI_PACKET_MONITOR, TFT_BLUE);});
+ addNodes(&wifiScannerMenu, "Packet Monitor", TFT_BLUE, NULL, PACKET_MONITOR, [this](){sd_obj.initSD(); wifi_scan_obj.StartScan(WIFI_PACKET_MONITOR, TFT_BLUE);});
+ addNodes(&wifiScannerMenu, "EAPOL Scan", TFT_VIOLET, NULL, EAPOL, [this](){sd_obj.initSD(); wifi_scan_obj.StartScan(WIFI_SCAN_EAPOL, TFT_VIOLET);});
// Build WiFi attack menu
wifiAttackMenu.parentMenu = &wifiMenu; // Main Menu is second menu parent
addNodes(&wifiAttackMenu, "Back", TFT_LIGHTGREY, NULL, 0, [this](){changeMenu(wifiAttackMenu.parentMenu);});
- addNodes(&wifiAttackMenu, "Beacon Spam Random", TFT_ORANGE, NULL, BEACON_SPAM, [this](){wifi_scan_obj.StartScan(WIFI_ATTACK_BEACON_SPAM, TFT_ORANGE);});
- addNodes(&wifiAttackMenu, "Rick Roll Beacon", TFT_YELLOW, NULL, RICK_ROLL, [this](){wifi_scan_obj.StartScan(WIFI_ATTACK_RICK_ROLL, TFT_YELLOW);});
+ addNodes(&wifiAttackMenu, "Beacon Spam Random", TFT_ORANGE, NULL, BEACON_SPAM, [this](){sd_obj.initSD(); wifi_scan_obj.StartScan(WIFI_ATTACK_BEACON_SPAM, TFT_ORANGE);});
+ addNodes(&wifiAttackMenu, "Rick Roll Beacon", TFT_YELLOW, NULL, RICK_ROLL, [this](){sd_obj.initSD(); wifi_scan_obj.StartScan(WIFI_ATTACK_RICK_ROLL, TFT_YELLOW);});
// Build Bluetooth Menu
bluetoothMenu.parentMenu = &mainMenu; // Second Menu is third menu parent
@@ -258,17 +258,17 @@ void MenuFunctions::RunSetup()
// Build bluetooth sniffer Menu
bluetoothSnifferMenu.parentMenu = &bluetoothMenu; // Second Menu is third menu parent
addNodes(&bluetoothSnifferMenu, "Back", TFT_LIGHTGREY, NULL, 0, [this](){changeMenu(bluetoothSnifferMenu.parentMenu);});
- addNodes(&bluetoothSnifferMenu, "Bluetooth Sniffer", TFT_GREEN, NULL, BLUETOOTH_SNIFF, [this](){wifi_scan_obj.StartScan(BT_SCAN_ALL, TFT_GREEN);});
+ addNodes(&bluetoothSnifferMenu, "Bluetooth Sniffer", TFT_GREEN, NULL, BLUETOOTH_SNIFF, [this](){sd_obj.initSD(); wifi_scan_obj.StartScan(BT_SCAN_ALL, TFT_GREEN);});
// Build bluetooth scanner Menu
bluetoothScannerMenu.parentMenu = &bluetoothMenu; // Second Menu is third menu parent
addNodes(&bluetoothScannerMenu, "Back", TFT_LIGHTGREY, NULL, 0, [this](){changeMenu(bluetoothScannerMenu.parentMenu);});
- addNodes(&bluetoothScannerMenu, "Detect Card Skimmers", TFT_MAGENTA, NULL, CC_SKIMMERS, [this](){wifi_scan_obj.StartScan(BT_SCAN_SKIMMERS, TFT_MAGENTA);});
+ addNodes(&bluetoothScannerMenu, "Detect Card Skimmers", TFT_MAGENTA, NULL, CC_SKIMMERS, [this](){sd_obj.initSD(); wifi_scan_obj.StartScan(BT_SCAN_SKIMMERS, TFT_MAGENTA);});
// General apps menu
generalMenu.parentMenu = &mainMenu;
addNodes(&generalMenu, "Back", TFT_LIGHTGREY, NULL, 0, [this](){display_obj.draw_tft = false; changeMenu(generalMenu.parentMenu);});
- addNodes(&generalMenu, "Draw", TFT_WHITE, NULL, DRAW, [this](){display_obj.clearScreen(); display_obj.draw_tft = true;});
+ addNodes(&generalMenu, "Draw", TFT_WHITE, NULL, DRAW, [this](){sd_obj.initSD(); display_obj.clearScreen(); display_obj.draw_tft = true;});
// Device menu
deviceMenu.parentMenu = &mainMenu;
@@ -309,6 +309,7 @@ void MenuFunctions::RunSetup()
// Function to change menu
void MenuFunctions::changeMenu(Menu* menu)
{
+ sd_obj.initSD();
display_obj.initScrollValues();
display_obj.setupScrollArea(TOP_FIXED_AREA, BOT_FIXED_AREA);
display_obj.tft.init();
diff --git a/esp32_marauder/MenuFunctions.h b/esp32_marauder/MenuFunctions.h
index 9bd417e..9f16142 100644
--- a/esp32_marauder/MenuFunctions.h
+++ b/esp32_marauder/MenuFunctions.h
@@ -4,10 +4,12 @@
#include "WiFiScan.h"
#include "Display.h"
#include "Web.h"
+#include "SDInterface.h"
extern Display display_obj;
extern WiFiScan wifi_scan_obj;
extern Web web_obj;
+extern SDInterface sd_obj;
// Keypad start position, key sizes and spacing
#define KEY_X 120 // Centre of key
@@ -46,6 +48,7 @@ extern Web web_obj;
#define DEVICE_INFO 18
#define SD_UPDATE 19
#define WEB_UPDATE 20
+#define EAPOL 21
struct Menu;
diff --git a/esp32_marauder/SDInterface.cpp b/esp32_marauder/SDInterface.cpp
index 7644308..cd6f563 100644
--- a/esp32_marauder/SDInterface.cpp
+++ b/esp32_marauder/SDInterface.cpp
@@ -8,7 +8,7 @@ bool SDInterface::initSD() {
this->supported = false;
return false;
}
- else {
+ else if (!this->supported){
this->supported = true;
this->cardType = SD.cardType();
if (cardType == CARD_MMC)
@@ -159,7 +159,16 @@ void SDInterface::performUpdate(Stream &updateSource, size_t updateSize) {
}
}
-void SDInterface::main() {
+void SDInterface::main(uint32_t currentTime) {
+ /*
+ if (currentTime != 0) {
+ if (currentTime - initTime >= 3000) {
+ //Serial.println("Checking for SD");
+ this->initTime = millis();
+ this->initSD();
+ }
+ }*/
+
if ((this->supported) && (this->do_save)) {
//Serial.println("Saving packet...");
buffer_obj.forceSave(&SD);
diff --git a/esp32_marauder/SDInterface.h b/esp32_marauder/SDInterface.h
index 1c59221..553c503 100644
--- a/esp32_marauder/SDInterface.h
+++ b/esp32_marauder/SDInterface.h
@@ -14,6 +14,7 @@ extern Display display_obj;
class SDInterface {
private:
+ uint32_t initTime = 0;
public:
uint8_t cardType;
@@ -32,7 +33,7 @@ class SDInterface {
void openCapture(String file_name = "");
void runUpdate();
void performUpdate(Stream &updateSource, size_t updateSize);
- void main();
+ void main(uint32_t currentTime = 0);
//void savePacket(uint8_t* buf, uint32_t len);
};
diff --git a/esp32_marauder/WiFiScan.cpp b/esp32_marauder/WiFiScan.cpp
index 835b5c5..6c9f125 100644
--- a/esp32_marauder/WiFiScan.cpp
+++ b/esp32_marauder/WiFiScan.cpp
@@ -6,6 +6,7 @@
int num_beacon = 0;
int num_deauth = 0;
int num_probe = 0;
+int num_eapol = 0;
class bluetoothScanAllCallback: public BLEAdvertisedDeviceCallbacks {
@@ -127,6 +128,8 @@ void WiFiScan::StartScan(uint8_t scan_mode, uint16_t color)
StopScan(scan_mode);
else if (scan_mode == WIFI_SCAN_PROBE)
RunProbeScan(scan_mode, color);
+ else if (scan_mode == WIFI_SCAN_EAPOL)
+ RunEapolScan(scan_mode, color);
else if (scan_mode == WIFI_SCAN_AP)
RunBeaconScan(scan_mode, color);
else if (scan_mode == WIFI_SCAN_DEAUTH)
@@ -150,7 +153,7 @@ void WiFiScan::StopScan(uint8_t scan_mode)
{
if ((currentScanMode == WIFI_SCAN_PROBE) ||
(currentScanMode == WIFI_SCAN_AP) ||
- (currentScanMode == WIFI_SCAN_ST) ||
+ (currentScanMode == WIFI_SCAN_EAPOL) ||
(currentScanMode == WIFI_SCAN_ALL) ||
(currentScanMode == WIFI_SCAN_DEAUTH) ||
(currentScanMode == WIFI_ATTACK_BEACON_SPAM) ||
@@ -160,6 +163,10 @@ void WiFiScan::StopScan(uint8_t scan_mode)
Serial.println("Ahhh yes...promiscuity will end");
esp_wifi_set_promiscuous(false);
WiFi.mode(WIFI_OFF);
+
+ esp_wifi_set_mode(WIFI_MODE_NULL);
+ esp_wifi_stop();
+ esp_wifi_deinit();
}
else if ((currentScanMode == BT_SCAN_ALL) ||
(currentScanMode == BT_SCAN_SKIMMERS))
@@ -275,9 +282,17 @@ void WiFiScan::RunInfo()
}
else {
display_obj.tft.println(" SD Card: Not Connected");
- display_obj.tft.print("SD Card Size: 0");
+ display_obj.tft.println("SD Card Size: 0");
}
+ battery_obj.battery_level = battery_obj.getBatteryLevel();
+ if (battery_obj.i2c_supported) {
+ display_obj.tft.println(" IP5306 I2C: supported");
+ display_obj.tft.println(" Battery Lvl: " + (String)battery_obj.battery_level + "%");
+ }
+ else
+ display_obj.tft.println(" IP5306 I2C: not supported");
+
}
@@ -440,6 +455,51 @@ void WiFiScan::RunDeauthScan(uint8_t scan_mode, uint16_t color)
initTime = millis();
}
+void WiFiScan::RunEapolScan(uint8_t scan_mode, uint16_t color)
+{
+ display_obj.tft.init();
+ display_obj.tft.setRotation(1);
+ display_obj.tft.fillScreen(TFT_BLACK);
+
+ sd_obj.openCapture("eapol");
+
+ #ifdef TFT_SHIELD
+ uint16_t calData[5] = { 391, 3491, 266, 3505, 7 }; // Landscape TFT Shield
+ Serial.println("Using TFT Shield");
+ #else if defined(TFT_DIY)
+ uint16_t calData[5] = { 213, 3469, 320, 3446, 1 }; // Landscape TFT DIY
+ Serial.println("Using TFT DIY");
+ #endif
+ display_obj.tft.setTouch(calData);
+
+ //display_obj.tft.setFreeFont(1);
+ display_obj.tft.setFreeFont(NULL);
+ display_obj.tft.setTextSize(1);
+ display_obj.tft.fillRect(127, 0, 193, 28, TFT_BLACK); // Buttons
+ display_obj.tft.fillRect(12, 0, 90, 32, TFT_BLACK); // color key
+
+ delay(10);
+
+ display_obj.tftDrawGraphObjects(x_scale); //draw graph objects
+ display_obj.tftDrawEapolColorKey();
+ //display_obj.tftDrawXScaleButtons(x_scale);
+ //display_obj.tftDrawYScaleButtons(y_scale);
+ display_obj.tftDrawChannelScaleButtons(set_channel);
+ display_obj.tftDrawExitScaleButtons();
+
+
+ wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();
+ esp_wifi_init(&cfg);
+ esp_wifi_set_storage(WIFI_STORAGE_RAM);
+ esp_wifi_set_mode(WIFI_MODE_NULL);
+ esp_wifi_start();
+ esp_wifi_set_promiscuous(true);
+ esp_wifi_set_promiscuous_filter(&filt);
+ esp_wifi_set_promiscuous_rx_cb(&eapolSnifferCallback);
+ esp_wifi_set_channel(set_channel, WIFI_SECOND_CHAN_NONE);
+ initTime = millis();
+}
+
// Function for running probe request scan
void WiFiScan::RunProbeScan(uint8_t scan_mode, uint16_t color)
@@ -844,6 +904,102 @@ void WiFiScan::broadcastRandomSSID(uint32_t currentTime) {
//Serial.println("Sent packets");
}
+void WiFiScan::eapolSnifferCallback(void* buf, wifi_promiscuous_pkt_type_t type)
+{
+ /*
+ wifi_promiscuous_pkt_t *snifferPacket = (wifi_promiscuous_pkt_t*)buf;
+ WifiMgmtHdr *frameControl = (WifiMgmtHdr*)snifferPacket->payload;
+ wifi_pkt_rx_ctrl_t ctrl = (wifi_pkt_rx_ctrl_t)snifferPacket->rx_ctrl;
+ int len = snifferPacket->rx_ctrl.sig_len;
+
+ String display_string = "";
+
+ if (type == WIFI_PKT_MGMT)
+ {
+ len -= 4;
+ int fctl = ntohs(frameControl->fctl);
+ const wifi_ieee80211_packet_t *ipkt = (wifi_ieee80211_packet_t *)snifferPacket->payload;
+ const WifiMgmtHdr *hdr = &ipkt->hdr;
+ }
+
+ if (( (snifferPacket->payload[30] == 0x88 && snifferPacket->payload[31] == 0x8e)|| ( snifferPacket->payload[32] == 0x88 && snifferPacket->payload[33] == 0x8e) )){
+ delay(random(0, 10));
+ Serial.print((String)random(0, 5) + "EAPOL: ");
+ char srcaddr[] = "00:00:00:00:00:00";
+ getMAC(srcaddr, snifferPacket->payload, 10);
+ Serial.print(srcaddr);
+ display_string.concat(srcaddr);
+
+ Serial.print(" -> ");
+ display_string.concat(" -> ");
+
+ char desaddr[] = "00:00:00:00:00:00";
+ getMAC(desaddr, snifferPacket->payload, 4);
+ Serial.print(desaddr);
+ display_string.concat(desaddr);
+
+ // Print spaces because of the rotating lines of the hardware scroll.
+ // The same characters print from previous lines so I just overwrite them
+ // with spaces.
+ for (int i = 0; i < 19 - snifferPacket->payload[37]; i++)
+ {
+ display_string.concat(" ");
+ }
+
+ if (display_obj.display_buffer->size() == 0)
+ {
+ //while (display_obj.printing)
+ // delay(1);
+ display_obj.loading = true;
+ display_obj.display_buffer->add(display_string);
+ display_obj.loading = false;
+ }
+
+ Serial.println();
+
+ sd_obj.addPacket(snifferPacket->payload, len);
+ }
+ */
+ wifi_promiscuous_pkt_t *snifferPacket = (wifi_promiscuous_pkt_t*)buf;
+ WifiMgmtHdr *frameControl = (WifiMgmtHdr*)snifferPacket->payload;
+ wifi_pkt_rx_ctrl_t ctrl = (wifi_pkt_rx_ctrl_t)snifferPacket->rx_ctrl;
+ int len = snifferPacket->rx_ctrl.sig_len;
+
+ if (type == WIFI_PKT_MGMT)
+ {
+ len -= 4;
+ int fctl = ntohs(frameControl->fctl);
+ const wifi_ieee80211_packet_t *ipkt = (wifi_ieee80211_packet_t *)snifferPacket->payload;
+ const WifiMgmtHdr *hdr = &ipkt->hdr;
+
+ // If we dont the buffer size is not 0, don't write or else we get CORRUPT_HEAP
+ /*
+ if (snifferPacket->payload[0] == 0x80)
+ {
+ num_beacon++;
+ }
+ else if ((snifferPacket->payload[0] == 0xA0 || snifferPacket->payload[0] == 0xC0 ))
+ {
+ num_deauth++;
+ }
+ else if (snifferPacket->payload[0] == 0x40)
+ {
+ num_probe++;
+ }
+ */
+
+ //sd_obj.addPacket(snifferPacket->payload, len);
+
+ if (( (snifferPacket->payload[30] == 0x88 && snifferPacket->payload[31] == 0x8e)|| ( snifferPacket->payload[32] == 0x88 && snifferPacket->payload[33] == 0x8e) ))
+ Serial.println("Oh god mgmt EAPOL");
+ }
+
+ if (( (snifferPacket->payload[30] == 0x88 && snifferPacket->payload[31] == 0x8e)|| ( snifferPacket->payload[32] == 0x88 && snifferPacket->payload[33] == 0x8e) )){
+ Serial.println("EAPOL!!");
+ sd_obj.addPacket(snifferPacket->payload, len);
+ num_eapol++;
+ }
+}
void WiFiScan::wifiSnifferCallback(void* buf, wifi_promiscuous_pkt_type_t type)
{
@@ -874,14 +1030,19 @@ void WiFiScan::wifiSnifferCallback(void* buf, wifi_promiscuous_pkt_type_t type)
}
sd_obj.addPacket(snifferPacket->payload, len);
+
+ if (( (snifferPacket->payload[30] == 0x88 && snifferPacket->payload[31] == 0x8e)|| ( snifferPacket->payload[32] == 0x88 && snifferPacket->payload[33] == 0x8e) ))
+ Serial.println("Oh god mgmt EAPOL");
+ }
+
+ if (( (snifferPacket->payload[30] == 0x88 && snifferPacket->payload[31] == 0x8e)|| ( snifferPacket->payload[32] == 0x88 && snifferPacket->payload[33] == 0x8e) )){
+ Serial.println("EAPOL!!");
+ //sd_obj.addPacket(snifferPacket->payload, len);
}
}
void WiFiScan::packetMonitorMain(uint32_t currentTime)
{
- //---------MAIN 'FOR' LOOP! THIS IS WHERE ALL THE ACTION HAPPENS! HAS TO BE FAST!!!!!---------\\
-
-
// for (x_pos = (11 + x_scale); x_pos <= 320; x_pos += x_scale) //go along every point on the x axis and do something, start over when finished
for (x_pos = (11 + x_scale); x_pos <= 320; x_pos = x_pos)
{
@@ -1106,6 +1267,237 @@ void WiFiScan::packetMonitorMain(uint32_t currentTime)
display_obj.tftDrawGraphObjects(x_scale);
}
+void WiFiScan::eapolMonitorMain(uint32_t currentTime)
+{
+ //---------MAIN 'FOR' LOOP! THIS IS WHERE ALL THE ACTION HAPPENS! HAS TO BE FAST!!!!!---------\\
+
+
+// for (x_pos = (11 + x_scale); x_pos <= 320; x_pos += x_scale) //go along every point on the x axis and do something, start over when finished
+ for (x_pos = (11 + x_scale); x_pos <= 320; x_pos = x_pos)
+ {
+ currentTime = millis();
+ do_break = false;
+
+ y_pos_x = 0;
+ y_pos_y = 0;
+ y_pos_z = 0;
+ boolean pressed = false;
+
+ uint16_t t_x = 0, t_y = 0; // To store the touch coordinates
+
+ // Do the touch stuff
+ pressed = display_obj.tft.getTouch(&t_x, &t_y);
+
+ if (pressed) {
+ Serial.print("Got touch | X: ");
+ Serial.print(t_x);
+ Serial.print(" Y: ");
+ Serial.println(t_y);
+ }
+
+
+ // Check buttons for presses
+ for (uint8_t b = 0; b < BUTTON_ARRAY_LEN; b++)
+ {
+ if (pressed && display_obj.key[b].contains(t_x, t_y))
+ {
+ display_obj.key[b].press(true);
+ } else {
+ display_obj.key[b].press(false);
+ }
+ }
+
+ // Which buttons pressed
+ for (uint8_t b = 0; b < BUTTON_ARRAY_LEN; b++)
+ {
+ if (display_obj.key[b].justPressed())
+ {
+ Serial.println("Bro, key pressed");
+ //do_break = true;
+ }
+
+ if (display_obj.key[b].justReleased())
+ {
+ do_break = true;
+
+ /*
+ // X - button pressed
+ if (b == 0) {
+ if (x_scale > 1) {
+ x_scale--;
+ delay(70);
+ display_obj.tft.fillRect(127, 0, 193, 28, TFT_BLACK);
+ display_obj.tftDrawXScaleButtons(x_scale);
+ display_obj.tftDrawYScaleButtons(y_scale);
+ display_obj.tftDrawChannelScaleButtons(set_channel);
+ display_obj.tftDrawExitScaleButtons();
+ break;
+ }
+ }
+ // X + button pressed
+ else if (b == 1) {
+ if (x_scale < 6) {
+ x_scale++;
+ delay(70);
+ display_obj.tft.fillRect(127, 0, 193, 28, TFT_BLACK);
+ display_obj.tftDrawXScaleButtons(x_scale);
+ display_obj.tftDrawYScaleButtons(y_scale);
+ display_obj.tftDrawChannelScaleButtons(set_channel);
+ display_obj.tftDrawExitScaleButtons();
+ break;
+ }
+ }
+
+ // Y - button pressed
+ else if (b == 2) {
+ if (y_scale > 1) {
+ y_scale--;
+ delay(70);
+ display_obj.tft.fillRect(127, 0, 193, 28, TFT_BLACK);
+ display_obj.tftDrawXScaleButtons(x_scale);
+ display_obj.tftDrawYScaleButtons(y_scale);
+ display_obj.tftDrawChannelScaleButtons(set_channel);
+ display_obj.tftDrawExitScaleButtons();
+ //updateMidway();
+ break;
+ }
+ }
+
+ // Y + button pressed
+ else if (b == 3) {
+ if (y_scale < 9) {
+ y_scale++;
+ delay(70);
+ display_obj.tft.fillRect(127, 0, 193, 28, TFT_BLACK);
+ display_obj.tftDrawXScaleButtons(x_scale);
+ display_obj.tftDrawYScaleButtons(y_scale);
+ display_obj.tftDrawChannelScaleButtons(set_channel);
+ display_obj.tftDrawExitScaleButtons();
+ //updateMidway();
+ break;
+ }
+ }*/
+
+ // Channel - button pressed
+ //else if (b == 4) {
+ if (b == 4) {
+ if (set_channel > 1) {
+ Serial.println("Shit channel down");
+ set_channel--;
+ delay(70);
+ display_obj.tft.fillRect(127, 0, 193, 28, TFT_BLACK);
+ //display_obj.tftDrawXScaleButtons(x_scale);
+ //display_obj.tftDrawYScaleButtons(y_scale);
+ display_obj.tftDrawChannelScaleButtons(set_channel);
+ display_obj.tftDrawExitScaleButtons();
+ changeChannel();
+ break;
+ }
+ }
+
+ // Channel + button pressed
+ else if (b == 5) {
+ if (set_channel < MAX_CHANNEL) {
+ Serial.println("Shit channel up");
+ set_channel++;
+ delay(70);
+ display_obj.tft.fillRect(127, 0, 193, 28, TFT_BLACK);
+ //display_obj.tftDrawXScaleButtons(x_scale);
+ //display_obj.tftDrawYScaleButtons(y_scale);
+ display_obj.tftDrawChannelScaleButtons(set_channel);
+ display_obj.tftDrawExitScaleButtons();
+ changeChannel();
+ break;
+ }
+ }
+ else if (b == 6) {
+ Serial.println("Exiting packet monitor...");
+ this->StartScan(WIFI_SCAN_OFF);
+ //display_obj.tft.init();
+ this->orient_display = true;
+ return;
+ }
+ }
+ }
+
+ if (currentTime - initTime >= (GRAPH_REFRESH * 5)) {
+ //Serial.println("-----------------------------------------");
+ //Serial.println("Time elapsed: " + (String)(currentTime - initTime) + "ms");
+ x_pos += x_scale;
+ initTime = millis();
+ y_pos_x = ((-num_eapol * (y_scale * 3)) + (HEIGHT_1 - 2)); // GREEN
+ //y_pos_y = ((-num_deauth * (y_scale * 3)) + (HEIGHT_1 - 2)); // RED
+ //y_pos_z = ((-num_probe * (y_scale * 3)) + (HEIGHT_1 - 2)); // BLUE
+
+ //Serial.println("num_beacon: " + (String)num_beacon);
+ //Serial.println("num_deauth: " + (String)num_deauth);
+ //Serial.println(" num_probe: " + (String)num_probe);
+
+ //num_beacon = 0;
+ //num_probe = 0;
+ //num_deauth = 0;
+
+ //CODE FOR PLOTTING CONTINUOUS LINES!!!!!!!!!!!!
+ //Plot "X" value
+ display_obj.tft.drawLine(x_pos - x_scale, y_pos_x_old, x_pos, y_pos_x, TFT_CYAN);
+ //Plot "Z" value
+ //display_obj.tft.drawLine(x_pos - x_scale, y_pos_z_old, x_pos, y_pos_z, TFT_BLUE);
+ //Plot "Y" value
+ //display_obj.tft.drawLine(x_pos - x_scale, y_pos_y_old, x_pos, y_pos_y, TFT_RED);
+
+ //Draw preceding black 'boxes' to erase old plot lines, !!!WEIRD CODE TO COMPENSATE FOR BUTTONS AND COLOR KEY SO 'ERASER' DOESN'T ERASE BUTTONS AND COLOR KEY!!!
+ //if ((x_pos <= 90) || ((x_pos >= 198) && (x_pos <= 320))) //above x axis
+ if ((x_pos <= 90) || ((x_pos >= 117) && (x_pos <= 320))) //above x axis
+ {
+ display_obj.tft.fillRect(x_pos+1, 28, 10, 93, TFT_BLACK); //compensate for buttons!
+ }
+ else
+ {
+ display_obj.tft.fillRect(x_pos+1, 0, 10, 121, TFT_BLACK); //don't compensate for buttons!
+ }
+ //if ((x_pos >= 254) && (x_pos <= 320)) //below x axis
+ //if (x_pos <= 90)
+ if (x_pos < 0) // below x axis
+ {
+ //tft.fillRect(x_pos+1, 121, 10, 88, TFT_BLACK);
+ display_obj.tft.fillRect(x_pos+1, 121, 10, 88, TFT_CYAN);
+ }
+ else
+ {
+ //tft.fillRect(x_pos+1, 121, 10, 119, TFT_BLACK);
+ display_obj.tft.fillRect(x_pos+1, 121, 10, 118, TFT_BLACK);
+ }
+
+ //tftDisplayTime();
+
+ if ( (y_pos_x == 120) || (y_pos_y == 120) || (y_pos_z == 120) )
+ {
+ display_obj.tft.drawFastHLine(10, 120, 310, TFT_WHITE); // x axis
+ }
+
+ y_pos_x_old = y_pos_x; //set old y pos values to current y pos values
+ //y_pos_y_old = y_pos_y;
+ //y_pos_z_old = y_pos_z;
+
+ //delay(50);
+ }
+
+ sd_obj.main();
+
+ }
+
+ display_obj.tft.fillRect(127, 0, 193, 28, TFT_BLACK); //erase XY buttons and any lines behind them
+ //tft.fillRect(56, 0, 66, 32, TFT_ORANGE); //erase time and color key and any stray lines behind them
+ display_obj.tft.fillRect(12, 0, 90, 32, TFT_BLACK); // key
+
+ //display_obj.tftDrawXScaleButtons(x_scale); //redraw stuff
+ //display_obj.tftDrawYScaleButtons(y_scale);
+ display_obj.tftDrawChannelScaleButtons(set_channel);
+ display_obj.tftDrawExitScaleButtons();
+ display_obj.tftDrawEapolColorKey();
+ display_obj.tftDrawGraphObjects(x_scale);
+}
+
//void WiFiScan::sniffer_callback(void* buf, wifi_promiscuous_pkt_type_t type) {
// wifi_promiscuous_pkt_t *snifferPacket = (wifi_promiscuous_pkt_t*)buf;
@@ -1136,7 +1528,6 @@ void WiFiScan::main(uint32_t currentTime)
// WiFi operations
if ((currentScanMode == WIFI_SCAN_PROBE) ||
(currentScanMode == WIFI_SCAN_AP) ||
- (currentScanMode == WIFI_SCAN_ST) ||
(currentScanMode == WIFI_SCAN_DEAUTH) ||
(currentScanMode == WIFI_SCAN_ALL))
{
@@ -1150,6 +1541,10 @@ void WiFiScan::main(uint32_t currentTime)
{
packetMonitorMain(currentTime);
}
+ else if (currentScanMode == WIFI_SCAN_EAPOL)
+ {
+ eapolMonitorMain(currentTime);
+ }
else if ((currentScanMode == WIFI_ATTACK_BEACON_SPAM))
{
// Need this for loop because getTouch causes ~10ms delay
diff --git a/esp32_marauder/WiFiScan.h b/esp32_marauder/WiFiScan.h
index 0b45d14..2c0c62c 100644
--- a/esp32_marauder/WiFiScan.h
+++ b/esp32_marauder/WiFiScan.h
@@ -14,6 +14,7 @@
#include "Display.h"
#include "SDInterface.h"
#include "Buffer.h"
+#include "BatteryInterface.h"
//#include "MenuFunctions.h"
#define bad_list_length 3
@@ -23,7 +24,7 @@
#define WIFI_SCAN_OFF 0
#define WIFI_SCAN_PROBE 1
#define WIFI_SCAN_AP 2
-#define WIFI_SCAN_ST 3
+#define WIFI_SCAN_EAPOL 3
#define WIFI_SCAN_DEAUTH 4
#define WIFI_SCAN_ALL 5
#define WIFI_PACKET_MONITOR 6
@@ -32,13 +33,14 @@
#define BT_SCAN_ALL 9
#define BT_SCAN_SKIMMERS 10
-#define GRAPH_REFRESH 50
+#define GRAPH_REFRESH 100
#define MAX_CHANNEL 14
extern Display display_obj;
extern SDInterface sd_obj;
extern Buffer buffer_obj;
+extern BatteryInterface battery_obj;
esp_err_t esp_wifi_80211_tx(wifi_interface_t ifx, const void *buffer, int len, bool en_sys_seq);
@@ -115,6 +117,7 @@ class WiFiScan
};
void packetMonitorMain(uint32_t currentTime);
+ void eapolMonitorMain(uint32_t currentTime);
void changeChannel();
void updateMidway();
void tftDrawXScalButtons();
@@ -128,6 +131,7 @@ class WiFiScan
void RunBeaconSpam(uint8_t scan_mode, uint16_t color);
void RunBeaconScan(uint8_t scan_mode, uint16_t color);
void RunDeauthScan(uint8_t scan_mode, uint16_t color);
+ void RunEapolScan(uint8_t scan_mode, uint16_t color);
void RunProbeScan(uint8_t scan_mode, uint16_t color);
void RunPacketMonitor(uint8_t scan_mode, uint16_t color);
void RunBluetoothScan(uint8_t scan_mode, uint16_t color);
@@ -154,6 +158,7 @@ class WiFiScan
static void beaconSnifferCallback(void* buf, wifi_promiscuous_pkt_type_t type);
static void deauthSnifferCallback(void* buf, wifi_promiscuous_pkt_type_t type);
static void probeSnifferCallback(void* buf, wifi_promiscuous_pkt_type_t type);
+ static void eapolSnifferCallback(void* buf, wifi_promiscuous_pkt_type_t type);
static void wifiSnifferCallback(void* buf, wifi_promiscuous_pkt_type_t type);
};
#endif
diff --git a/esp32_marauder/esp32_marauder.ino b/esp32_marauder/esp32_marauder.ino
index 270fec5..177ad2a 100644
--- a/esp32_marauder/esp32_marauder.ino
+++ b/esp32_marauder/esp32_marauder.ino
@@ -14,6 +14,7 @@ https://www.online-utility.org/image/convert/to/XBM
#include "freertos/task.h"
#include "esp_system.h"
#include
+#include
#include "Assets.h"
@@ -23,6 +24,7 @@ https://www.online-utility.org/image/convert/to/XBM
#include "SDInterface.h"
#include "Web.h"
#include "Buffer.h"
+#include "BatteryInterface.h"
//#include "icons.h"
Display display_obj;
@@ -31,21 +33,58 @@ MenuFunctions menu_function_obj;
SDInterface sd_obj;
Web web_obj;
Buffer buffer_obj;
+BatteryInterface battery_obj;
+
+Preferences preferences;
uint32_t currentTime = 0;
void setup()
{
+ Serial.begin(115200);
+
+ Serial.println("\n\n-------------------------------------\n");
pinMode(FLASH_BUTTON, INPUT);
pinMode(TFT_BL, OUTPUT);
digitalWrite(TFT_BL, LOW);
+ preferences.begin("my-app", false);
+
+ unsigned int counter = preferences.getUInt("counter", 0);
+
+ if (counter == 0) {
+ counter++;
+ // Print the counter to Serial Monitor
+ Serial.printf("Current counter value: %u\n", counter);
+
+ // Store the counter to the Preferences
+ preferences.putUInt("counter", counter);
+
+ // Close the Preferences
+ preferences.end();
+
+ Serial.println("Initial reboot...");
+
+ ESP.restart();
+ }
+ else {
+ Serial.println("Initial reboot complete");
+ counter = 0;
+ // Print the counter to Serial Monitor
+ Serial.printf("Current counter value: %u\n", counter);
+
+ // Store the counter to the Preferences
+ preferences.putUInt("counter", counter);
+
+ // Close the Preferences
+ preferences.end();
+ }
+
// Preset SPI CS pins to avoid bus conflicts
digitalWrite(TFT_CS, HIGH);
digitalWrite(SD_CS, HIGH);
- Serial.begin(115200);
Serial.println("\n\n--------------------------------\n");
Serial.println(" ESP32 Marauder \n");
Serial.println(" " + display_obj.version_number + "\n");
@@ -63,6 +102,16 @@ void setup()
// Build menus
menu_function_obj.RunSetup();
+
+ battery_obj.RunSetup();
+
+ battery_obj.battery_level = battery_obj.getBatteryLevel();
+
+ if (battery_obj.i2c_supported) {
+ Serial.println("IP5306 I2C Supported: true");
+ }
+ else
+ Serial.println("IP5306 I2C Supported: false");
}
@@ -80,9 +129,10 @@ void loop()
{
display_obj.main();
wifi_scan_obj.main(currentTime);
- sd_obj.main();
+ sd_obj.main(currentTime);
//if ((wifi_scan_obj.currentScanMode != WIFI_ATTACK_BEACON_SPAM))
- if (wifi_scan_obj.currentScanMode != WIFI_PACKET_MONITOR)
+ if ((wifi_scan_obj.currentScanMode != WIFI_PACKET_MONITOR) &&
+ (wifi_scan_obj.currentScanMode != WIFI_SCAN_EAPOL))
menu_function_obj.main();
if (wifi_scan_obj.currentScanMode == OTA_UPDATE)
web_obj.main();
diff --git a/pictures/icons/eapol_22.bmp b/pictures/icons/eapol_22.bmp
new file mode 100644
index 0000000000000000000000000000000000000000..c9a5a54675ce51ac52ce4c86025053f8e6b4d90c
GIT binary patch
literal 1606
zcmb`_F_IHO425AqZBc|o#0oh9v5J6@Ohhok^pd)NfVE!4IWbG|#DLnJd
zYxmgQqn`fq?dv-`Kc64WKGFJk^~T38By!Gfo>vAR!bQ
zV_`g|IgTSC6dJRoxs!o}P-x7S9Zm)kLZLCcB~F(x-S0tunen0;;GWFR3F8ndr7oeU&|
zLSy!IGl>*P2!+P%RwyR}38B!K-6rj1AR!bQb8aDxlYxX#XpA-Ww>bg{p>Q0tTg#mc
zB!og^cH4!MfrL&;Z>^taFOy6!FMc9f%k>wG@%S@w&y|Kp825AbKb
YpU;1+JbkbK$L&DZq3+(e*ZJ4J-{V4YCjbBd
literal 0
HcmV?d00001