Open sst2001 opened 5 years ago
I don't think that is possible, according to the API guide it is only possible to send "beacon, probe request, probe response, action" frames with esp_wifi_80211_tx
. If you want to send more frames with this, I'm afraid you'll have to do some reverse engineering yourself.
You are so right. Do you have a clue why did they limit it in esp_wifi_80211_tx? this doesn't really stop the attackers to do it (reverse eng), but make hard on good usage of it. I could see that this function is part of libnet80211.a but they do not provide its source code. Is there a system call I can use to simply access the lowest level and send frame I build directly to a MAC address?
I don't know if there is some lower-level API that you could use. I think the best thing you could do is to take a look at the assembly instructions in libnet80211.a
using some RE tool such as cutter, you can also find the instruction set online. I've had some success in reverse engineering some other parts of the ESP32 firmware, but it is a very tedious and painstakingly slow process...
Thank you so much! Is there a mail I can reach you?
Yes, you can find it in my GitHub profile, on the left: https://github.com/Jeija
Here I was fixing some frames sanity check in assembly to make it able send, can check my repo: https://github.com/Hex2424/esp32_deauth_patch I needed send deauth but esp unvalidates that, so had dig deeper and overcome it
Here I was fixing some frames sanity check in assembly to make it able send, can check my repo: https://github.com/Hex2424/esp32_deauth_patch I needed send deauth but esp unvalidates that, so had dig deeper and overcome it
It is actually possible to bypass deauth packet restriction by fiddling with bypass function, boards definition, and weakened link tag. I've managed to develop my deauther project using Arduino for ESP32 without reverse engineering the library. But there is a problem, deauthentication cannot be sent if a station is connected to SoftAP. If you want to discuss this further, contact me at nethercap.dev@gmail.com
What can I do to send such a management frame, currently limited to 0x80, etc...