Hope to get esp32s3 support

Hex2424 / esp32_deauth_patch

Fixed esp32 ieee80211.a lib esp_wifi_80211_tx() function sanity check filter of deauth packets

12 stars 1 forks source link

Hope to get esp32s3 support #3

Open Walttttt opened 1 month ago

Walttttt commented 1 month ago

Hello,

I recently tested an ESP32 using IDF 5.3 (latest) on Windows 10 and encountered the following log message:' wifi: unsupported frame type: 0c0'. After spending a significant amount of time searching for a solution, I came across your project, which I greatly appreciate.

I then set up an Ubuntu virtual machine with IDF 5.2, but I encountered issues with the injected file, leading to repeated compilation failures.

I attempted to tackle the problem myself using IDA and found the sanity check function. However, I’m not very experienced with disassembling, and making indiscriminate modifications hasn’t worked.

I’m still facing this issue and would greatly appreciate any advice you can offer. Please contact me at walt.robin@foxmail.com if you have any suggestions.

Thank you!

Walttttt commented 1 month ago

btw im using esp32s3 and im not sure if the injected file for esp32 is suitable for esp32s3(from the test i assume it doesnt suit)

Walttttt commented 1 month ago

Fortunately,I modified the file to bypass the check and it can send 0xC0 now :)

Hex2424 commented 1 month ago

Hello, so what I understood from your comment no need help anymore? Yes if copying file before compilation fails to compile, you can try arc to archive .o to .a and then try with new .a, it should work. If that doesn't work it means that need use some tools like dhydra to dissasemble

Walttttt commented 1 month ago

Hi there! Now the issue I'm facing is I'm not sure if my modification works well...(I only judged it through the log. Orz) I tried both methods in your repo and all failed :( The current method I'm using is to dissasemble the .elf and directly bypass the function.(The IDA View-A below) ZH@P) EQEDAN6BP SQYGDHC Honestly I don't trust my dissasemble skill and I hope you can help me check if my patch is available.(I'm using IDF-v5.3 with ESP32S3)

Walttttt commented 1 month ago

Q()URM$A6Z}T2D _OWY7J T $L0TXQ_{F( QL ZGCG %F7IW$ After the length check I let it directly jump to the last area near the end(as I found the sanity check function will return 0x102 when error detected so I avoided it).When I analyzed your patched file I found nearly nothing different with the original sanity check function in .o file so I patched the .elf file by myself. (Maybe I missed something :P)