Packet monitor saves pcap files

2025-12-22 15:16:43 -08:00 · 2020-03-06 22:14:18 -05:00
parent 5b1f11ef56
commit e1de245ab5
7 changed files with 289 additions and 2 deletions
--- a/esp32_marauder/Buffer.cpp
+++ b/esp32_marauder/Buffer.cpp
@@ -0,0 +1,202 @@
+#include "Buffer.h"
+
+Buffer::Buffer(){
+  bufA = (uint8_t*)malloc(BUF_SIZE);
+  bufB = (uint8_t*)malloc(BUF_SIZE);
+}
+
+void Buffer::open(fs::FS* fs){
+  int i=0;
+  do{
+    fileName = "/"+(String)i+".pcap";
+    i++;
+  } while(fs->exists(fileName));
+
+  Serial.println(fileName);
+  
+  file = fs->open(fileName, FILE_WRITE);
+  file.close();
+
+  bufSizeA = 0;
+  bufSizeB = 0;
+  
+  writing = true;
+  
+  write(uint32_t(0xa1b2c3d4)); // magic number
+  write(uint16_t(2)); // major version number
+  write(uint16_t(4)); // minor version number
+  write(int32_t(0)); // GMT to local correction
+  write(uint32_t(0)); // accuracy of timestamps
+  write(uint32_t(SNAP_LEN)); // max length of captured packets, in octets
+  write(uint32_t(105)); // data link type
+
+  //useSD = true;
+}
+
+void Buffer::close(fs::FS* fs){
+  if(!writing) return;
+  forceSave(fs);
+  writing = false;
+  Serial.println("file closed");
+}
+
+void Buffer::addPacket(uint8_t* buf, uint32_t len){
+  
+  // buffer is full -> drop packet
+  if((useA && bufSizeA + len >= BUF_SIZE && bufSizeB > 0) || (!useA && bufSizeB + len >= BUF_SIZE && bufSizeA > 0)){
+    Serial.print(";"); 
+    return;
+  }
+  
+  if(useA && bufSizeA + len + 16 >= BUF_SIZE && bufSizeB == 0){
+    useA = false;
+    Serial.println("\nswitched to buffer B");
+  }
+  else if(!useA && bufSizeB + len + 16 >= BUF_SIZE && bufSizeA == 0){
+    useA = true;
+    Serial.println("\nswitched to buffer A");
+  }
+
+  uint32_t microSeconds = micros(); // e.g. 45200400 => 45s 200ms 400us
+  uint32_t seconds = (microSeconds/1000)/1000; // e.g. 45200400/1000/1000 = 45200 / 1000 = 45s
+
+  microSeconds -= seconds*1000*1000; // e.g. 45200400 - 45*1000*1000 = 45200400 - 45000000 = 400us (because we only need the offset)
+  
+  write(seconds); // ts_sec
+  write(microSeconds); // ts_usec
+  write(len); // incl_len
+  write(len); // orig_len
+  
+  write(buf, len); // packet payload
+}
+
+void Buffer::write(int32_t n){
+  uint8_t buf[4];
+  buf[0] = n;
+  buf[1] = n >> 8;
+  buf[2] = n >> 16;
+  buf[3] = n >> 24;
+  write(buf,4);
+}
+
+void Buffer::write(uint32_t n){
+  uint8_t buf[4];
+  buf[0] = n;
+  buf[1] = n >> 8;
+  buf[2] = n >> 16;
+  buf[3] = n >> 24;
+  write(buf,4);
+}
+
+void Buffer::write(uint16_t n){
+  uint8_t buf[2];
+  buf[0] = n;
+  buf[1] = n >> 8;
+  write(buf,2);
+}
+
+void Buffer::write(uint8_t* buf, uint32_t len){
+  if(!writing) return;
+  
+  if(useA){
+    memcpy(&bufA[bufSizeA], buf, len);
+    bufSizeA += len;
+  }else{
+    memcpy(&bufB[bufSizeB], buf, len);
+    bufSizeB += len;
+  }
+}
+
+void Buffer::save(fs::FS* fs){
+  if(saving) return; // makes sure the function isn't called simultaneously on different cores
+
+  // buffers are already emptied, therefor saving is unecessary
+  if((useA && bufSizeB == 0) || (!useA && bufSizeA == 0)){
+    //Serial.printf("useA: %s, bufA %u, bufB %u\n",useA ? "true" : "false",bufSizeA,bufSizeB); // for debug porpuses
+    return;
+  }
+  
+  Serial.println("saving file");
+  
+  uint32_t startTime = millis();
+  uint32_t finishTime;
+
+  file = fs->open(fileName, FILE_APPEND);
+  if (!file) {
+    Serial.println("Failed to open file '"+fileName+"'");
+    //useSD = false;
+    return;
+  }
+  
+  saving = true;
+  
+  uint32_t len;
+  
+  if(useA){
+    file.write(bufB, bufSizeB);
+    len = bufSizeB;
+    bufSizeB = 0;
+  }
+  else{
+    file.write(bufA, bufSizeA);
+    len = bufSizeA;
+    bufSizeA = 0;
+  }
+
+  file.close();
+  
+  finishTime = millis() - startTime;
+
+  Serial.printf("\n%u bytes written for %u ms\n", len, finishTime);
+  
+  saving = false;
+  
+}
+
+void Buffer::forceSave(fs::FS* fs){
+  uint32_t len = bufSizeA + bufSizeB;
+  if(len == 0) return;
+  
+  file = fs->open(fileName, FILE_APPEND);
+  if (!file) {
+    Serial.println("Failed to open file '"+fileName+"'");
+    //useSD = false;
+    return;
+  }
+
+  saving = true;
+  writing = false;
+  
+  if(useA){
+
+    if(bufSizeB > 0){
+      file.write(bufB, bufSizeB);
+      bufSizeB = 0;
+    }
+
+    if(bufSizeA > 0){
+      file.write(bufA, bufSizeA);
+      bufSizeA = 0;
+    }
+    
+  } else {
+
+    if(bufSizeA > 0){
+      file.write(bufA, bufSizeA);
+      bufSizeA = 0;
+    }
+    
+    if(bufSizeB > 0){
+      file.write(bufB, bufSizeB);
+      bufSizeB = 0;
+    }
+    
+  }
+
+  file.close();
+
+  Serial.printf("saved %u bytes\n",len);
+
+  saving = false;
+  writing = true;
+}
--- a/esp32_marauder/Buffer.h
+++ b/esp32_marauder/Buffer.h
@@ -0,0 +1,41 @@
+#ifndef Buffer_h
+#define Buffer_h
+
+#include "Arduino.h"
+#include "FS.h"
+//#include "SD_MMC.h"
+
+#define BUF_SIZE 24 * 1024
+#define SNAP_LEN 2324 // max len of each recieved packet
+
+//extern bool useSD;
+
+class Buffer {
+  public:
+    Buffer();
+    void open(fs::FS* fs);
+    void close(fs::FS* fs);
+    void addPacket(uint8_t* buf, uint32_t len);
+    void save(fs::FS* fs);
+    void forceSave(fs::FS* fs);
+  private:
+    void write(int32_t n);
+    void write(uint32_t n);
+    void write(uint16_t n);
+    void write(uint8_t* buf, uint32_t len);
+    
+    uint8_t* bufA;
+    uint8_t* bufB;
+
+    uint32_t bufSizeA = 0;
+    uint32_t bufSizeB = 0;
+
+    bool writing = false; // acceppting writes to buffer
+    bool useA = true; // writing to bufA or bufB
+    bool saving = false; // currently saving onto the SD card
+
+    String fileName = "/0.pcap";
+    File file;
+};
+
+#endif
--- a/esp32_marauder/SDInterface.cpp
+++ b/esp32_marauder/SDInterface.cpp
@@ -47,6 +47,30 @@ bool SDInterface::initSD() {
      this->card_sz = sz;
    }

+    buffer_obj = Buffer();
+
+    if (this->supported)
+      buffer_obj.open(&SD);
+    
    return true;
  }
 }
+
+void SDInterface::addPacket(uint8_t* buf, uint32_t len) {
+  if ((this->supported) && (this->do_save)) {
+    //Serial.println("Adding packet to buffer...");
+    buffer_obj.addPacket(buf, len);
+  }
+}
+
+void SDInterface::main() {
+  if ((this->supported) && (this->do_save)) {
+    //Serial.println("Saving packet...");
+    buffer_obj.save(&SD);
+  }
+}
+
+//void SDInterface::savePacket(uint8_t* buf, uint32_t len) {
+//  if (this->supported)
+//    buffer_obj.save(
+//}
--- a/esp32_marauder/SDInterface.h
+++ b/esp32_marauder/SDInterface.h
@@ -2,6 +2,9 @@
 #define SDInterface_h

 #include "SD.h"
+#include "Buffer.h"
+
+extern Buffer buffer_obj;

 #define SD_CS 12

@@ -16,10 +19,15 @@ class SDInterface {
    uint64_t cardSizeMB;
    uint64_t cardSizeGB;
    bool supported = false;
+    bool do_save = true;

    String card_sz;
  
    bool initSD();
+
+    void addPacket(uint8_t* buf, uint32_t len);
+    void main();
+    //void savePacket(uint8_t* buf, uint32_t len);
 };

 #endif
--- a/esp32_marauder/WiFiScan.cpp
+++ b/esp32_marauder/WiFiScan.cpp
@@ -150,8 +150,10 @@ void WiFiScan::StopScan(uint8_t scan_mode)
  (currentScanMode == WIFI_SCAN_ALL) ||
  (currentScanMode == WIFI_SCAN_DEAUTH) ||
  (currentScanMode == WIFI_ATTACK_BEACON_SPAM) ||
-  (currentScanMode == WIFI_ATTACK_RICK_ROLL))
+  (currentScanMode == WIFI_ATTACK_RICK_ROLL) ||
+  (currentScanMode == WIFI_PACKET_MONITOR))
  {
+    Serial.println("Ahhh yes...promiscuity will end");
    esp_wifi_set_promiscuous(false);
    WiFi.mode(WIFI_OFF);
  }
@@ -794,6 +796,7 @@ void WiFiScan::wifiSnifferCallback(void* buf, wifi_promiscuous_pkt_type_t type)

  if (type == WIFI_PKT_MGMT)
  {
+    len -= 4;
    int fctl = ntohs(frameControl->fctl);
    const wifi_ieee80211_packet_t *ipkt = (wifi_ieee80211_packet_t *)snifferPacket->payload;
    const WifiMgmtHdr *hdr = &ipkt->hdr;
@@ -811,6 +814,8 @@ void WiFiScan::wifiSnifferCallback(void* buf, wifi_promiscuous_pkt_type_t type)
    {
      num_probe++;
    }
+
+    sd_obj.addPacket(snifferPacket->payload, len);
  }
 }

@@ -1027,6 +1032,8 @@ void WiFiScan::packetMonitorMain(uint32_t currentTime)
      //delay(50);
    }

+    sd_obj.main();
+   
  }
  
  display_obj.tft.fillRect(127, 0, 193, 28, TFT_BLACK); //erase XY buttons and any lines behind them
--- a/esp32_marauder/WiFiScan.h
+++ b/esp32_marauder/WiFiScan.h
@@ -12,6 +12,7 @@
 #include "esp_wifi_types.h"
 #include "Display.h"
 #include "SDInterface.h"
+#include "Buffer.h"
 //#include "MenuFunctions.h"

 #define bad_list_length 3
@@ -36,6 +37,7 @@

 extern Display display_obj;
 extern SDInterface sd_obj;
+extern Buffer buffer_obj;

 esp_err_t esp_wifi_80211_tx(wifi_interface_t ifx, const void *buffer, int len, bool en_sys_seq);

--- a/esp32_marauder/esp32_marauder.ino
+++ b/esp32_marauder/esp32_marauder.ino
@@ -22,6 +22,7 @@ https://www.online-utility.org/image/convert/to/XBM
 #include "MenuFunctions.h"
 #include "SDInterface.h"
 #include "Web.h"
+#include "Buffer.h"
 //#include "icons.h"

 Display display_obj;
@@ -29,6 +30,7 @@ WiFiScan wifi_scan_obj;
 MenuFunctions menu_function_obj;
 SDInterface sd_obj;
 Web web_obj;
+Buffer buffer_obj;

 uint32_t currentTime  = 0;

@@ -78,6 +80,7 @@ void loop()
  {
    display_obj.main(); 
    wifi_scan_obj.main(currentTime);
+    sd_obj.main();
    //if ((wifi_scan_obj.currentScanMode != WIFI_ATTACK_BEACON_SPAM))
    if (wifi_scan_obj.currentScanMode != WIFI_PACKET_MONITOR)
      menu_function_obj.main();