-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathRTL8720dn-Handshake-Capture.ino
130 lines (111 loc) · 4.59 KB
/
RTL8720dn-Handshake-Capture.ino
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
/*
* Deauth made possible by tesa-kelebeband. https://github.com/tesa-klebeband/
* Sniffer code by Nickguitar. https://github.com/Nickguitar/
* Forked by Cancro29. https://github.com/Cancro29/
*
* ABOUT
* This program captures WPA/WPA2 4-way handshake that performed during reauthentication and stores it as PCAP file
* HOW IT WORKS
* When attack is started, RTL8720dn sends deauthentication packets to the target AP. Affected clients will get disconnected
* and will attempt to reconnect. During reconnect, RTL8720dn will sniff for EAPOL frames. Captured data will be served as downloadable PCAP file
*
* See defines.h to configure this code
*/
#include <WiFi.h>
#include <wifi_conf.h>
#include "WiFiServer.h"
#include "WiFiClient.h"
#include "vector"
#include "map"
#include "wifi_cust_tx.h"
#include "defines.h"
#include "handshake.h"
#include "webserver.h"
void setup() {
Serial.begin(115200);
Serial.println("AP:" + AP_SSID);
Serial.println(AP_SSID.length());
Serial.println("Pass:" + AP_Password);
Serial.println(AP_Password.length());
AP_SSID.toCharArray(ap_ssid, 33);
AP_Password.toCharArray(ap_pass, 33);
AP_Channel.toCharArray(ap_channel, 4);
status = WiFi.apbegin(ap_ssid, ap_pass, ap_channel, ssid_status);
if (status == WL_CONNECTED) {
Serial.println(F("AP Started!"));
} else {
Serial.println(F("Failed to start AP!"));
while (true)
; // Halt execution if AP fails to start
}
webServer.begin();
performScan();
}
void loop() {
webServer_handleClient();
if (readyToSniff == true){deauthAndSniff();}
}
void performScan(){
uint8_t ap_count_list[] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
int32_t peak_list[] = {RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR, RSSI_FLOOR};
// int16_t peak_id_list[] = {-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1};
int32_t channel;
uint16_t idx;
int32_t rssi;
String ssid;
// int16_t offset;
// scan for existing networks:
Serial.println(F("/////////////////////// Scanning available networks..."));
int n = scanNetworks();
if (n == 0)
{
Serial.println(F("No networks found"));
}
else
{
for (int i = 0; i < n; i++)
{
channel = _networkChannel[i];
idx = channelIdx(channel);
rssi = _networkRssi[i];
// channel peak stat
if (peak_list[idx] < rssi)
{
peak_list[idx] = rssi;
// peak_id_list[idx] = i;
}
ap_count_list[idx]++;
}
//Serial.print(n);
//Serial.println(" networks (2.4 GHz)");
for (idx = 0; idx < 14; idx++)
{
channel = channel_legend[idx];
// offset = (idx + 2) * channel24_width;
if (channel > 0)
{
//Serial.print(channel);
}
if (ap_count_list[idx] > 0)
{
//Serial.println(ap_count_list[idx]);
}
}
//Serial.println("");
//Serial.println(" networks (5 GHz)");
// draw 5 GHz graph base axle
for (idx = 14; idx < 71; idx++)
{
channel = channel_legend[idx];
// offset = (idx - 14 + 2) * channel50_width;
if (channel > 0)
{
//Serial.println(channel);
}
if (ap_count_list[idx] > 0)
{
//Serial.print(ap_count_list[idx]);
}
}
}
}