Open ExploiTR opened 5 years ago
I found some comment at : src/com/gat3way/airpirate/Rtl8192Card.java
Will re-open the issue in case I need more help.
Deauth is not being sent, instead deassotiation frames are sent as in practice it turned out that it works much more reliably against different devices.
P.S didn't read carefully, yes, rtl8192card extends usbsource and overrides the senddeauth.
@gat3way Well, it's working now. But it's halfway better. I was having problem with the USB endpoint & got "failed to do bulkio"..
After some code changes it's working fine, the WNA1000m is lightened up and I'm getting RX/TX values too.
But, I'm not getting any station / network data.
So, what I tried is, I modified the actual deAuth
method to use channel 13 as I configured my router to use this :
@Override
public void sendDeauth(String bssid, String hwaddr) {
int val, val1, val2, val3, val4, val5, val6, val7;
int pktlen = 26;
byte[] packet = new byte[26 + 32];
byte[] s_bssid = new byte[6];
byte[] s_hwaddr = new byte[6];
int channel = 13;
/* // lock on the appropriate channel
Band band = Band.instance();
channel = 0;
for (int i = 0; i < band.networks.size(); i++)
if (band.networks.get(i).bssid.equals(bssid))
channel = band.networks.get(i).channel;*/
bulkTransfer
output by int x = mConnection.bulkTransfer(mInjBulkEndpoint, packet, packet.length, 100);
and I'm getting 58
each time.And, I'm calling sendDeauth like this : using a Handler loop
updateDeviceStringOnUi(deviceName);
updateDeviceStatusStringOnUi("Running.");
Log.d(TAG, "Started rtl8192")
final Handler handler = new Handler(Looper.getMainLooper());
handler.post(new Runnable() {
@Override
public void run() {
sendDeauth("B4:xx:xx:xx:F4:3D", "80:xx:xx:xx:57:7b");
handler.postDelayed(this,1000);
}
});
I'm ignoring the station/network problem and setting everything on my own. But still, the deauth doesn't work.
I also checked WireShark with "wlan.fc.type_subtype == 0xc" filter and it didn't detect a single disassoc packet
@gat3way any help? @gat3way
The pre-compiled binary didn't work. So, I tried to build it upon myself.
But, after going through the sources, trying to find the actual
deauth
method.. I couldn't any one function actually doing the work.What I've found is :
Band.sendDeauth()
which actually points to the below snippet :So, my question is how it will do the work. ?
I mean, I just need some help to understand the matter here