Add commands for SAE sniff and attack

esp32_marauder/CommandLine.cpp

@@ -240,6 +240,7 @@ void CommandLine::runCommand(String input) {
     Serial.println(HELP_SNIFF_ESP_CMD);
     Serial.println(HELP_SNIFF_DEAUTH_CMD);
     Serial.println(HELP_SNIFF_PMKID_CMD);
+    Serial.println(HELP_SNIFF_SAE_CMD);
     Serial.println(HELP_STOPSCAN_CMD);
     #ifdef HAS_GPS
       Serial.println(HELP_WARDRIVE_CMD);
@@ -324,7 +325,8 @@ void CommandLine::runCommand(String input) {
   else if (cmd_args.get(0) == GPS_DATA_CMD) {
     #ifdef HAS_GPS
       if (gps_obj.getGpsModuleStatus()) {
-        Serial.println("Getting GPS Data. Stop with " + (String)STOPSCAN_CMD);
+        Serial.print(F("Getting GPS Data. Stop with "));
+        Serial.println((String)STOPSCAN_CMD);
         wifi_scan_obj.currentScanMode = WIFI_SCAN_GPS_DATA;
         #ifdef HAS_SCREEN
           menu_function_obj.changeMenu(&menu_function_obj.gpsInfoMenu);
@@ -389,7 +391,8 @@ void CommandLine::runCommand(String input) {
                 nmea_type="beidou_bd";
             }
             gps_obj.setType(nmea_type);
-            Serial.println("GPS Output Type Set To: " + nmea_type);
+            Serial.print(F("GPS Output Type Set To: "));
+            Serial.println(nmea_type);
           }
           else
             Serial.println(F("You did not provide a valid argument"));
@@ -467,12 +470,14 @@ void CommandLine::runCommand(String input) {
     int ch_set = this->argSearch(&cmd_args, "-s");
     
     if (cmd_args.size() == 1) {
-      Serial.println("Current channel: " + (String)wifi_scan_obj.set_channel);
+      Serial.print(F("Current channel: "));
+      Serial.println(wifi_scan_obj.set_channel);
     }
     else if (ch_set != -1) {
       wifi_scan_obj.set_channel = cmd_args.get(ch_set + 1).toInt();
       wifi_scan_obj.changeChannel();
-      Serial.println("Set channel: " + (String)wifi_scan_obj.set_channel);
+      Serial.print(F("Set channel: "));
+      Serial.println(wifi_scan_obj.set_channel);
     }
   }
   // Clear APs
@@ -530,7 +535,8 @@ void CommandLine::runCommand(String input) {
       }
 
       if (!result) {
-        Serial.println("Could not successfully update setting \"" + setting_name + "\"");
+        Serial.print(F("Could not successfully update setting \""));
+        Serial.println(setting_name + "\"");
         return;
       }
     }
@@ -548,7 +554,8 @@ void CommandLine::runCommand(String input) {
 
     // Signal strength scan
     if (cmd_args.get(0) == SIGSTREN_CMD) {
-      Serial.println("Starting Signal Strength Scan. Stop with " + (String)STOPSCAN_CMD);
+      Serial.print(F("Starting Signal Strength Scan. Stop with "));
+      Serial.println(STOPSCAN_CMD);
       #ifdef HAS_SCREEN
         display_obj.clearScreen();
         menu_function_obj.drawStatusBar();
@@ -558,7 +565,8 @@ void CommandLine::runCommand(String input) {
     }
     // Packet count
     else if (cmd_args.get(0) == PACKET_COUNT_CMD) {
-      Serial.println("Starting Packet Count Scan. Stop with " + (String)STOPSCAN_CMD);
+      Serial.print(F("Starting Packet Count Scan. Stop with "));
+      Serial.println(STOPSCAN_CMD);
       #ifdef HAS_SCREEN
         display_obj.clearScreen();
         menu_function_obj.drawStatusBar();
@@ -573,7 +581,8 @@ void CommandLine::runCommand(String input) {
           int flk_sw = this->argSearch(&cmd_args, "-f");
 
           if (flk_sw != -1) {
-            Serial.println("Starting Flock Wardrive. Stop with " + (String)STOPSCAN_CMD);
+            Serial.print(F("Starting Flock Wardrive. Stop with "));
+            Serial.println(STOPSCAN_CMD);
             #ifdef HAS_SCREEN
               display_obj.clearScreen();
               menu_function_obj.drawStatusBar();
@@ -581,7 +590,8 @@ void CommandLine::runCommand(String input) {
             wifi_scan_obj.StartScan(BT_SCAN_FLOCK_WARDRIVE, TFT_GREEN);
           }
           else if (sta_sw != -1) {
-            Serial.println("Starting Station Wardrive. Stop with " + (String)STOPSCAN_CMD);
+            Serial.print(F("Starting Station Wardrive. Stop with "));
+            Serial.println(STOPSCAN_CMD);
             #ifdef HAS_SCREEN
               display_obj.clearScreen();
               menu_function_obj.drawStatusBar();
@@ -736,6 +746,15 @@ void CommandLine::runCommand(String input) {
       #endif
       wifi_scan_obj.StartScan(WIFI_SCAN_AP, TFT_MAGENTA);
     }
+    // SAE sniff
+    else if (cmd_args.get(0) == SNIFF_SAE_CMD) {
+      Serial.println("Starting SAE Commit sniff. Stop with " + (String)STOPSCAN_CMD);
+      #ifdef HAS_SCREEN
+        display_obj.clearScreen();
+        menu_function_obj.drawStatusBar();
+      #endif
+      wifi_scan_obj.StartScan(WIFI_SCAN_SAE_COMMIT, TFT_MAGENTA);
+    }
     // Probe sniff
     else if (cmd_args.get(0) == SNIFF_PROBE_CMD) {
       Serial.println("Starting Probe sniff. Stop with " + (String)STOPSCAN_CMD);
@@ -1085,6 +1104,14 @@ void CommandLine::runCommand(String input) {
           #endif
           wifi_scan_obj.StartScan(WIFI_ATTACK_FUNNY_BEACON, TFT_CYAN);
         }
+        else if (attack_type == ATTACK_TYPE_SAE) {
+          Serial.println("Starting SAE Commit spam. Stop with " + (String)STOPSCAN_CMD);
+          #ifdef HAS_SCREEN
+            display_obj.clearScreen();
+            menu_function_obj.drawStatusBar();
+          #endif
+          wifi_scan_obj.StartScan(WIFI_ATTACK_SAE_COMMIT, TFT_CYAN);
+        }
         else {
           Serial.println(F("Attack type not properly defined"));
           return;

esp32_marauder/CommandLine.h

@@ -79,6 +79,7 @@ const char PROGMEM PING_CMD[] = "pingscan";
 const char PROGMEM PORT_SCAN_CMD[] = "portscan";
 const char PROGMEM ARP_SCAN_CMD[] = "arpscan";
 const char PROGMEM MAC_TRACK_CMD[] = "mactrack";
+const char PROGMEM SNIFF_SAE_CMD[] = "sniffsae";
 
 // WiFi attack
 const char PROGMEM ATTACK_CMD[] = "attack";
@@ -89,6 +90,7 @@ const char PROGMEM ATTACK_TYPE_FUNNY[] = "funny";
 const char PROGMEM ATTACK_TYPE_RR[] = "rickroll";
 const char PROGMEM ATTACK_TYPE_BM[] = "badmsg";
 const char PROGMEM ATTACK_TYPE_S[] = "sleep";
+const char PROGMEM ATTACK_TYPE_SAE[] = "sae";
 
 // WiFi Aux
 const char PROGMEM LIST_AP_CMD[] = "list";
@@ -154,9 +156,10 @@ const char PROGMEM HELP_PING_CMD[] = "pingscan";
 const char PROGMEM HELP_PORT_SCAN_CMD[] = "portscan [-a -t <ip index>]/[-s <ssh/telnet/dns/http/smtp/https/rdp>]";
 const char PROGMEM HELP_ARP_SCAN_CMD[] = "arpscan [-f]";
 const char PROGMEM HELP_MAC_TRACK_CMD[] = "mactrack";
+const char PROGMEM HELP_SNIFF_SAE_CMD[] = "sniffsae";
 
 // WiFi attack
-const char PROGMEM HELP_ATTACK_CMD[] = "attack -t <beacon [-l/-r/-a]/deauth [-c]/[-s <src mac>] [-d <dst mac>]/probe/rickroll/badmsg [-c]/sleep [-c]>";
+const char PROGMEM HELP_ATTACK_CMD[] = "attack -t <sae/beacon [-l/-r/-a]/deauth [-c]/[-s <src mac>] [-d <dst mac>]/probe/rickroll/badmsg [-c]/sleep [-c]>";
 
 // WiFi Aux
 const char PROGMEM HELP_LIST_AP_CMD_A[] = "list -s";

esp32_marauder/GpsInterface.cpp

@@ -16,28 +16,12 @@ static const uint32_t PROBE_MS = 1200;
 
 void GpsInterface::begin() {
 
-  /*#ifdef MARAUDER_MINI
-    pinMode(26, OUTPUT);
-
-    delay(1);
-
-    analogWrite(26, 243);
-    delay(1);
-
-    Serial.println("Activated GPS");
-    delay(100);
-  #endif*/
-
   
   Serial2.begin(9600, SERIAL_8N1, GPS_TX, GPS_RX);
 
   uint32_t gps_baud = this->initGpsBaudAndForce115200();
 
-  if (gps_baud == 9600)
-    Serial.println("GPS running at 9600");
-  else if (gps_baud == 115200)
-    Serial.println("GPS running at 115200");
-  else
+  if ((gps_baud != 9600) && (gps_baud != 115200))
     Serial.println("Could not detect GPS baudrate");
 
   delay(1000);
@@ -50,7 +34,6 @@ void GpsInterface::begin() {
   delay(1000);
 
   if (Serial2.available()) {
-    Serial.println("GPS Attached Successfully");
     this->gps_enabled = true;
     while (Serial2.available()) {
       //Fetch the character one by one

esp32_marauder/WiFiScan.cpp

@@ -7179,7 +7179,7 @@ void WiFiScan::multiSSIDSnifferCallback(void* buf, wifi_promiscuous_pkt_type_t t
   }
 }
 
-void WiFiScan::saeAttackLoop() {
+void WiFiScan::saeAttackLoop(uint32_t currentTime) {
   for (int i = 0; i < access_points->size(); i++) { // Find selected APs
     if (access_points->get(i).selected) {
       if (this->set_channel != access_points->get(i).channel) // Set channel to AP's channel
@@ -7197,6 +7197,51 @@ void WiFiScan::saeAttackLoop() {
       }
     }
   }
+
+  #ifdef HAS_SCREEN
+    if (currentTime - this->last_ui_update >= 1000) {
+      this->last_ui_update = millis();
+
+      uint8_t line_count = 0;
+      display_obj.tft.fillRect(0,
+                              (STATUS_BAR_WIDTH * 2) + 1 + EXT_BUTTON_WIDTH,
+                              TFT_WIDTH,
+                              TFT_HEIGHT - STATUS_BAR_WIDTH + 1,
+                              TFT_BLACK);
+
+      #ifndef HAS_MINI_SCREEN
+        display_obj.tft.setCursor(0, (STATUS_BAR_WIDTH * 4) + CHAR_WIDTH + EXT_BUTTON_WIDTH);
+      #else
+        display_obj.tft.setCursor(0, (STATUS_BAR_WIDTH * 3) + CHAR_WIDTH + EXT_BUTTON_WIDTH);
+      #endif
+
+      #ifndef HAS_MINI_SCREEN
+        display_obj.tft.setTextSize(3);
+      #else
+        display_obj.tft.setTextSize(2);
+      #endif
+      display_obj.tft.setTextColor(TFT_GREEN, TFT_BLACK);
+      display_obj.tft.print(F("SAE TX: "));
+      display_obj.tft.println(this->data_frames);
+
+      display_obj.tft.setTextColor(TFT_CYAN, TFT_BLACK);
+      display_obj.tft.print(F("SAE RX: "));
+      display_obj.tft.println((String)this->mgmt_frames + "\n");
+
+      #ifndef HAS_MINI_SCREEN
+        display_obj.tft.setTextSize(2);
+      #else
+        display_obj.tft.setTextSize(1);
+      #endif
+
+      display_obj.tft.setTextColor(TFT_WHITE, TFT_BLACK);
+      if (current_act)
+        display_obj.tft.print(F("ACT: SET"));
+      else
+        display_obj.tft.print(F("ACT: NOT SET"));
+
+    }
+  #endif
 }
 
 inline uint16_t WiFiScan::le16(const uint8_t *p) {
@@ -7308,6 +7353,8 @@ bool WiFiScan::sendSAECommitFrame(uint8_t* targ_addr, uint8_t* src_addr) {
   if (esp_wifi_80211_tx(WIFI_IF_STA, frame, current_index - frame, false) != ESP_OK)
     return false;
 
+  this->data_frames++;
+
   return true;
 }
 
@@ -8055,6 +8102,7 @@ void WiFiScan::beaconSnifferCallback(void* buf, wifi_promiscuous_pkt_type_t type
       String dst_addr_str = macToString(dst_addr);
 
       if (wifi_scan_obj.getSAEACT(snifferPacket->payload, len, group, act_len)) {
+        wifi_scan_obj.mgmt_frames++;
         if (wifi_scan_obj.currentScanMode != WIFI_ATTACK_SAE_COMMIT) {
           #ifdef HAS_SCREEN
             display_string.concat(WHITE_KEY);
@@ -11062,6 +11110,12 @@ void WiFiScan::main(uint32_t currentTime)
       channelHop();
     }
   }
+  else if (currentScanMode == WIFI_SCAN_SAE_COMMIT) {
+    if (currentTime - initTime >= 250) {
+      initTime = millis();
+      this->channelHop(true);
+    }
+  }
   else if (currentScanMode == WIFI_SCAN_DETECT_FOLLOW) {
     if (currentTime - initTime >= this->channel_hop_delay * HOP_DELAY) {
       initTime = millis();
@@ -11433,7 +11487,7 @@ void WiFiScan::main(uint32_t currentTime)
     }
   }
   else if (currentScanMode == WIFI_ATTACK_SAE_COMMIT) {
-    this->saeAttackLoop();
+    this->saeAttackLoop(currentTime);
   }
   else if (currentScanMode == WIFI_ATTACK_DEAUTH) {
     for (int i = 0; i < 55; i++) {

esp32_marauder/WiFiScan.h

@@ -594,7 +594,7 @@ class WiFiScan
     void executeSpoofAirtag();
     void executeSwiftpairSpam(EBLEPayloadType type);
     void startWardriverWiFi();
-    void saeAttackLoop();
+    void saeAttackLoop(uint32_t currentTime);
     //void generateRandomMac(uint8_t* mac);
     //void generateRandomName(char *name, size_t length);
     String processPwnagotchiBeacon(const uint8_t* frame, int length);