Added draw function

README.md

@@ -33,13 +33,12 @@ You can check out the marauder article written [here](https://www.hackster.io/ne
 - Probe Request Sniff: Sniff for WiFi [probe request frames](https://mrncciew.com/2014/10/27/cwap-802-11-probe-requestresponse/) sent by wireless devices
 - Beacon Sniff: Sniff [beacon frames](https://en.wikipedia.org/wiki/Beacon_frame) sent by wireless acccess points
 - Beacon Spam Random: Spam hundreds of random beacon frames to wireless devices within range
+- Rick Roll Beacon: Broadcast the rick roll lyrics as WiFi access points
 - Bluetooth Sniffer: Sniff bluetooth devices within range
 - Detect Card Skimmers: Detect bluetooth enabled credit card skimmers
 
 ### Developing
 - Emulate Bluetooth: Emulate a bluetooth device with a specific name
-- Bluetooth Spam: Spam hundreds of fake bluetooth devices
-- Rick Roll: Broadcast the rick roll lyrics as WiFi access points
 - Packet Monitor: Show WiFi packet density on a given channel using a time bar graph
 
 # Do It Yourself

esp32_marauder/Display.cpp

@@ -224,6 +224,23 @@ void Display::drawJpeg(const char *filename, int xpos, int ypos) {
   }
 }
 
+void Display::drawStylus()
+{
+  uint16_t x = 0, y = 0; // To store the touch coordinates
+
+  // Pressed will be set true is there is a valid touch on the screen
+  boolean pressed = tft.getTouch(&x, &y);
+
+  // Draw a white spot at the detected coordinates
+  if (pressed) {
+    tft.fillCircle(x, y, 2, TFT_WHITE);
+    //Serial.print("x,y = ");
+    //Serial.print(x);
+    //Serial.print(",");
+    //Serial.println(y);
+  }
+}
+
 //====================================================================================
 //   Decode and render the Jpeg image onto the TFT screen
 //====================================================================================

esp32_marauder/Display.h

@@ -52,6 +52,7 @@ class Display
     bool printing = false;
     bool loading = false;
     bool tteBar = false;
+    bool draw_tft = false;
 
     int TOP_FIXED_AREA_2 = 32;
     int print_delay_1, print_delay_2 = 10;
@@ -83,6 +84,7 @@ class Display
     void clearScreen();
     void displayBuffer(bool do_clear = false);
     void drawJpeg(const char *filename, int xpos, int ypos);
+    void drawStylus();
     void getTouchWhileFunction(bool pressed);
     void initScrollValues(bool tte = false);
     void jpegInfo();

esp32_marauder/MenuFunctions.cpp

@@ -14,7 +14,8 @@ void MenuFunctions::main()
 
   // Get the display buffer out of the way
   if ((wifi_scan_obj.currentScanMode != WIFI_SCAN_OFF ) &&
-      (wifi_scan_obj.currentScanMode != WIFI_ATTACK_BEACON_SPAM))
+      (wifi_scan_obj.currentScanMode != WIFI_ATTACK_BEACON_SPAM) &&
+      (wifi_scan_obj.currentScanMode != WIFI_ATTACK_RICK_ROLL))
     display_obj.displayBuffer();
 
 
@@ -40,6 +41,7 @@ void MenuFunctions::main()
     (wifi_scan_obj.currentScanMode == WIFI_SCAN_ST) ||
     (wifi_scan_obj.currentScanMode == WIFI_SCAN_ALL) || 
     (wifi_scan_obj.currentScanMode == WIFI_ATTACK_BEACON_SPAM) ||
+    (wifi_scan_obj.currentScanMode == WIFI_ATTACK_RICK_ROLL) ||
     (wifi_scan_obj.currentScanMode == BT_SCAN_ALL) ||
     (wifi_scan_obj.currentScanMode == BT_SCAN_SKIMMERS))
     {
@@ -61,7 +63,8 @@ void MenuFunctions::main()
   
   // Check if any key coordinate boxes contain the touch coordinates
   // This is for when on a menu
-  if ((wifi_scan_obj.currentScanMode != WIFI_ATTACK_BEACON_SPAM))
+  if ((wifi_scan_obj.currentScanMode != WIFI_ATTACK_BEACON_SPAM) &&
+      (wifi_scan_obj.currentScanMode != WIFI_ATTACK_RICK_ROLL))
   {
     // Need this to set all keys to false
     for (uint8_t b = 0; b < BUTTON_ARRAY_LEN; b++) {
@@ -96,10 +99,13 @@ void MenuFunctions::main()
 // Function to build the menus
 void MenuFunctions::RunSetup()
 {
-  // Main menu stuff
+  // root menu stuff
   mainMenu.list = new SimpleList<MenuNode>(); // Get list in first menu ready
+
+  // Main menu stuff
   wifiMenu.list = new SimpleList<MenuNode>(); // Get list in second menu ready
   bluetoothMenu.list = new SimpleList<MenuNode>(); // Get list in third menu ready
+  generalMenu.list = new SimpleList<MenuNode>();
 
   // WiFi menu stuff
   wifiSnifferMenu.list = new SimpleList<MenuNode>();
@@ -113,6 +119,7 @@ void MenuFunctions::RunSetup()
   // Work menu names
   mainMenu.name = " ESP32 Marauder ";
   wifiMenu.name = " WiFi ";
+  generalMenu.name = " General Apps ";
   bluetoothMenu.name = " Bluetooth ";
   wifiSnifferMenu.name = " WiFi Sniffers ";
   wifiScannerMenu.name = " WiFi Scanners";
@@ -124,7 +131,8 @@ void MenuFunctions::RunSetup()
   mainMenu.parentMenu = NULL;
   addNodes(&mainMenu, "WiFi", TFT_GREEN, NULL, 0, [this](){changeMenu(&wifiMenu);});
   addNodes(&mainMenu, "Bluetooth", TFT_CYAN, NULL, 1, [this](){changeMenu(&bluetoothMenu);});
-  addNodes(&mainMenu, "Reboot", TFT_LIGHTGREY, NULL, 2, [](){ESP.restart();});
+  addNodes(&mainMenu, "General Apps", TFT_MAGENTA, NULL, 2, [this](){changeMenu(&generalMenu);});
+  addNodes(&mainMenu, "Reboot", TFT_LIGHTGREY, NULL, 3, [](){ESP.restart();});
 
   // Build WiFi Menu
   wifiMenu.parentMenu = &mainMenu; // Main Menu is second menu parent
@@ -147,6 +155,7 @@ void MenuFunctions::RunSetup()
   wifiAttackMenu.parentMenu = &wifiMenu; // Main Menu is second menu parent
   addNodes(&wifiAttackMenu, "Back", TFT_RED, NULL, 0, [this](){changeMenu(wifiAttackMenu.parentMenu);});
   addNodes(&wifiAttackMenu, "Beacon Spam Random", TFT_ORANGE, NULL, 1, [this](){wifi_scan_obj.StartScan(WIFI_ATTACK_BEACON_SPAM, TFT_ORANGE);});
+  addNodes(&wifiAttackMenu, "Rick Roll Beacon", TFT_YELLOW, NULL, 1, [this](){wifi_scan_obj.StartScan(WIFI_ATTACK_RICK_ROLL, TFT_YELLOW);});
   
   // Build Bluetooth Menu
   bluetoothMenu.parentMenu = &mainMenu; // Second Menu is third menu parent
@@ -164,6 +173,10 @@ void MenuFunctions::RunSetup()
   addNodes(&bluetoothScannerMenu, "Back", TFT_RED, NULL, 0, [this](){changeMenu(bluetoothScannerMenu.parentMenu);});
   addNodes(&bluetoothScannerMenu, "Detect Card Skimmers", TFT_MAGENTA, NULL, 2, [this](){wifi_scan_obj.StartScan(BT_SCAN_SKIMMERS, TFT_MAGENTA);});
 
+  generalMenu.parentMenu = &mainMenu;
+  addNodes(&generalMenu, "Back", TFT_RED, NULL, 0, [this](){display_obj.draw_tft = false; changeMenu(generalMenu.parentMenu);});
+  addNodes(&generalMenu, "Draw", TFT_WHITE, NULL, 1, [this](){display_obj.clearScreen(); display_obj.draw_tft = true;});
+
 
   // Set the current menu to the mainMenu
   changeMenu(&mainMenu);

esp32_marauder/MenuFunctions.h

@@ -48,8 +48,10 @@ class MenuFunctions
 
     // Main menu stuff
     Menu mainMenu;
+    
     Menu wifiMenu;
     Menu bluetoothMenu;
+    Menu generalMenu;
 
     // WiFi menu stuff
     Menu wifiSnifferMenu;

esp32_marauder/WiFiScan.cpp

@@ -122,6 +122,8 @@ void WiFiScan::StartScan(uint8_t scan_mode, uint16_t color)
     RunBeaconScan(scan_mode, color);
   else if (scan_mode == WIFI_ATTACK_BEACON_SPAM)
     RunBeaconSpam(scan_mode, color);
+  else if (scan_mode == WIFI_ATTACK_RICK_ROLL)
+    RunRickRoll(scan_mode, color);
   else if (scan_mode == BT_SCAN_ALL)
     RunBluetoothScan(scan_mode, color);
   else if (scan_mode == BT_SCAN_SKIMMERS)
@@ -137,7 +139,8 @@ void WiFiScan::StopScan(uint8_t scan_mode)
   (currentScanMode == WIFI_SCAN_AP) ||
   (currentScanMode == WIFI_SCAN_ST) ||
   (currentScanMode == WIFI_SCAN_ALL) ||
-  (currentScanMode == WIFI_ATTACK_BEACON_SPAM))
+  (currentScanMode == WIFI_ATTACK_BEACON_SPAM) ||
+  (currentScanMode == WIFI_ATTACK_RICK_ROLL))
   {
     esp_wifi_set_promiscuous(false);
     WiFi.mode(WIFI_OFF);
@@ -158,6 +161,32 @@ void WiFiScan::StopScan(uint8_t scan_mode)
   display_obj.tteBar = false;
 }
 
+void WiFiScan::RunRickRoll(uint8_t scan_mode, uint16_t color)
+{
+  //Serial.println("Rick Roll...");
+  display_obj.TOP_FIXED_AREA_2 = 32;
+  display_obj.tteBar = true;
+  display_obj.print_delay_1 = 15;
+  display_obj.print_delay_2 = 10;
+  display_obj.clearScreen();
+  display_obj.initScrollValues(true);
+  display_obj.tft.setTextWrap(false);
+  display_obj.tft.setTextColor(TFT_BLACK, color);
+  display_obj.tft.fillRect(0,0,240,16, color);
+  display_obj.tft.drawCentreString(" Rick Roll Beacon ",120,0,2);
+  display_obj.touchToExit();
+  display_obj.tft.setTextColor(TFT_GREEN, TFT_BLACK);
+  packets_sent = 0;
+  //esp_wifi_set_mode(WIFI_MODE_STA);
+  WiFi.mode(WIFI_AP_STA);
+  esp_wifi_set_promiscuous_filter(NULL);
+  esp_wifi_set_promiscuous(true);
+  esp_wifi_set_max_tx_power(78);
+  initTime = millis();
+  //display_obj.clearScreen();
+  //Serial.println("End of func");
+}
+
 // Function to prepare for beacon spam
 void WiFiScan::RunBeaconSpam(uint8_t scan_mode, uint16_t color)
 {
@@ -414,6 +443,67 @@ void WiFiScan::probeSnifferCallback(void* buf, wifi_promiscuous_pkt_type_t type)
   }
 }
 
+// Function to send beacons with random ESSID length
+void WiFiScan::broadcastSetSSID(uint32_t current_time, char* ESSID) {
+  set_channel = random(1,12); 
+  esp_wifi_set_channel(set_channel, WIFI_SECOND_CHAN_NONE);
+  delay(1);  
+
+  // Randomize SRC MAC
+  packet[10] = packet[16] = random(256);
+  packet[11] = packet[17] = random(256);
+  packet[12] = packet[18] = random(256);
+  packet[13] = packet[19] = random(256);
+  packet[14] = packet[20] = random(256);
+  packet[15] = packet[21] = random(256);
+
+  
+  /////////////////////////////
+  //int essid_len = random(6, 10);
+
+  // random prefix to beacon essid
+  //uint8_t rand_reg[essid_len] = {};
+  //for (int i = 0; i < essid_len; i++)
+  //  rand_reg[i] = alfa[random(65)];
+
+  int ssidLen = strlen(ESSID);
+  //int rand_len = sizeof(rand_reg);
+  int fullLen = ssidLen;
+  packet[37] = fullLen;
+
+  // Insert random prefix
+  //for (int i = 0; i < rand_len; i++)
+  //  packet[38+i] = rand_reg[i];
+
+  // Insert my tag
+  for(int i = 0; i < ssidLen; i++)
+    packet[38 + i] = ESSID[i];
+
+  /////////////////////////////
+  
+  packet[50 + fullLen] = set_channel;
+
+  uint8_t postSSID[13] = {0x01, 0x08, 0x82, 0x84, 0x8b, 0x96, 0x24, 0x30, 0x48, 0x6c, //supported rate
+                      0x03, 0x01, 0x04 /*DSSS (Current Channel)*/ };
+
+
+
+  // Add everything that goes after the SSID
+  for(int i = 0; i < 12; i++) 
+    packet[38 + fullLen + i] = postSSID[i];
+  
+
+  esp_wifi_80211_tx(WIFI_IF_AP, packet, sizeof(packet), false);
+  esp_wifi_80211_tx(WIFI_IF_AP, packet, sizeof(packet), false);
+  esp_wifi_80211_tx(WIFI_IF_AP, packet, sizeof(packet), false);
+  //esp_wifi_80211_tx(WIFI_IF_AP, packet, sizeof(packet), false);
+  //esp_wifi_80211_tx(WIFI_IF_AP, packet, sizeof(packet), false);
+  //esp_wifi_80211_tx(WIFI_IF_AP, packet, sizeof(packet), false);
+
+  packets_sent = packets_sent + 3;
+  
+}
+
 // Function for sending crafted beacon frames
 void WiFiScan::broadcastRandomSSID(uint32_t currentTime) {
 
@@ -508,6 +598,34 @@ void WiFiScan::main(uint32_t currentTime)
     for (int i = 0; i < 55; i++)
       broadcastRandomSSID(currentTime);
 
+    if (currentTime - initTime >= 1000)
+    {
+      initTime = millis();
+      //Serial.print("packets/sec: ");
+      //Serial.println(packets_sent);
+      String displayString = "";
+      String displayString2 = "";
+      displayString.concat("packets/sec: ");
+      displayString.concat(packets_sent);
+      for (int x = 0; x < STANDARD_FONT_CHAR_LIMIT; x++)
+        displayString2.concat(" ");
+      display_obj.showCenterText(displayString2, 160);
+      display_obj.showCenterText(displayString, 160);
+      packets_sent = 0;
+    }
+  }
+  else if ((currentScanMode == WIFI_ATTACK_RICK_ROLL))
+  {
+    // Need this for loop because getTouch causes ~10ms delay
+    // which makes beacon spam less effective
+    for (int i = 0; i < 7; i++)
+    {
+      for (int x = 0; x < (sizeof(rick_roll)/sizeof(char *)); x++)
+      {
+        broadcastSetSSID(currentTime, rick_roll[x]);
+      }
+    }
+
     if (currentTime - initTime >= 1000)
     {
       initTime = millis();

esp32_marauder/WiFiScan.h

@@ -20,8 +20,9 @@
 #define WIFI_SCAN_ST 3
 #define WIFI_SCAN_ALL 4
 #define WIFI_ATTACK_BEACON_SPAM 5
-#define BT_SCAN_ALL 6
-#define BT_SCAN_SKIMMERS 7
+#define WIFI_ATTACK_RICK_ROLL 6
+#define BT_SCAN_ALL 7
+#define BT_SCAN_SKIMMERS 8
 
 extern Display display_obj;
 
@@ -40,6 +41,17 @@ class WiFiScan
 
     String alfa = "1234567890qwertyuiopasdfghjkklzxcvbnm QWERTYUIOPASDFGHJKLZXCVBNM_";
 
+    char* rick_roll[8] = {
+      "01 Never gonna give you up",
+      "02 Never gonna let you down",
+      "03 Never gonna run around",
+      "04 and desert you",
+      "05 Never gonna make you cry",
+      "06 Never gonna say goodbye",
+      "07 Never gonna tell a lie",
+      "08 and hurt you"
+    };
+
     char* prefix = "G";
 
     typedef struct
@@ -72,6 +84,8 @@ class WiFiScan
                     };
 
     void broadcastRandomSSID(uint32_t currentTime);
+    void broadcastSetSSID(uint32_t current_time, char* ESSID);
+    void RunRickRoll(uint8_t scan_mode, uint16_t color);
     void RunBeaconSpam(uint8_t scan_mode, uint16_t color);
     void RunBeaconScan(uint8_t scan_mode, uint16_t color);
     void RunProbeScan(uint8_t scan_mode, uint16_t color);

esp32_marauder/esp32_marauder.ino

@@ -51,14 +51,20 @@ void loop()
   currentTime = millis();
 
   // Update all of our objects
-  display_obj.main(); 
-  wifi_scan_obj.main(currentTime);
-  //if ((wifi_scan_obj.currentScanMode != WIFI_ATTACK_BEACON_SPAM))
-  menu_function_obj.main();
+  if (!display_obj.draw_tft)
+  {
+    display_obj.main(); 
+    wifi_scan_obj.main(currentTime);
+    //if ((wifi_scan_obj.currentScanMode != WIFI_ATTACK_BEACON_SPAM))
+    menu_function_obj.main();
+    delay(1);
+  }
+  else
+  {
+    display_obj.drawStylus();
+  }
 
   //Serial.print("Run Time: ");
   //Serial.print(millis() - currentTime);
   //Serial.println("ms");
-
-  delay(1);
 }