search

justcallmekoko / ESP32Marauder

A suite of WiFi/Bluetooth offensive and defensive tools for the ESP32
5.79k stars 629 forks source link

Beacon spam does not work after restarting attack #47

Closed justcallmekoko closed 4 years ago

justcallmekoko commented 4 years ago

If you've noticed, you can execute a beacon spam or rick rollleelle attack and it will work just fine.

If you exit the attack and restart it, the packets/sec will drop significantly. I actually suspect packets aren't even being sent because access points don't even show up. I need to verify this will an actual scan and not just listing wifi network on iphone and PC.

justcallmekoko commented 4 years ago

hey @justcallmekoko check this out. What differences do you notice between these two functions?

void WiFiScan::RunRickRoll(uint8_t scan_mode, uint16_t color)
{
  //Serial.println("Rick Roll...");
  display_obj.TOP_FIXED_AREA_2 = 48;
  display_obj.tteBar = true;
  display_obj.print_delay_1 = 15;
  display_obj.print_delay_2 = 10;
  //display_obj.clearScreen();
  display_obj.initScrollValues(true);
  display_obj.tft.setTextWrap(false);
  display_obj.tft.setTextColor(TFT_BLACK, color);
  display_obj.tft.fillRect(0,16,240,16, color);
  display_obj.tft.drawCentreString(" Rick Roll Beacon ",120,16,2);
  display_obj.touchToExit();
  display_obj.tft.setTextColor(TFT_GREEN, TFT_BLACK);
  packets_sent = 0;
  //esp_wifi_set_mode(WIFI_MODE_STA);
  WiFi.mode(WIFI_AP_STA);
  esp_wifi_start();
  esp_wifi_set_promiscuous_filter(NULL);
  esp_wifi_set_promiscuous(true);
  esp_wifi_set_max_tx_power(78);
  initTime = millis();
  //display_obj.clearScreen();
  //Serial.println("End of func");
}
void WiFiScan::RunEspressifScan(uint8_t scan_mode, uint16_t color) {
  sd_obj.openCapture("espressif");

  display_obj.TOP_FIXED_AREA_2 = 48;
  display_obj.tteBar = true;
  display_obj.print_delay_1 = 15;
  display_obj.print_delay_2 = 10;
  //display_obj.clearScreen();
  display_obj.initScrollValues(true);
  display_obj.tft.setTextWrap(false);
  display_obj.tft.setTextColor(TFT_WHITE, color);
  display_obj.tft.fillRect(0,16,240,16, color);
  display_obj.tft.drawCentreString(" Detect Espressif ",120,16,2);
  display_obj.touchToExit();
  display_obj.tft.setTextColor(TFT_GREEN, TFT_BLACK);
  display_obj.setupScrollArea(display_obj.TOP_FIXED_AREA_2, BOT_FIXED_AREA);
  wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();
  esp_wifi_init(&cfg);
  esp_wifi_set_storage(WIFI_STORAGE_RAM);
  esp_wifi_set_mode(WIFI_MODE_NULL);
  esp_wifi_start();
  esp_wifi_set_promiscuous(true);
  esp_wifi_set_promiscuous_filter(&filt);
  esp_wifi_set_promiscuous_rx_cb(&espressifSnifferCallback);
  esp_wifi_set_channel(set_channel, WIFI_SECOND_CHAN_NONE);
  initTime = millis();
}

...Still don't see it? You stupid idiot, @justcallmekoko! When you start a WiFi attack for the first time, the ESP32 WiFi is already initialized. When you stop the attack, the ESP32 WiFi is deinitialized (as it should be). but if you look at the setup functions for your beacon spam and rick roleorl, YOU NEVER REINITIALIZE ESP32 WiFi, you jack wagon.

Modify your setup functions for beacons like this...

void WiFiScan::RunRickRoll(uint8_t scan_mode, uint16_t color)
{
  //Serial.println("Rick Roll...");
  display_obj.TOP_FIXED_AREA_2 = 48;
  display_obj.tteBar = true;
  display_obj.print_delay_1 = 15;
  display_obj.print_delay_2 = 10;
  //display_obj.clearScreen();
  display_obj.initScrollValues(true);
  display_obj.tft.setTextWrap(false);
  display_obj.tft.setTextColor(TFT_BLACK, color);
  display_obj.tft.fillRect(0,16,240,16, color);
  display_obj.tft.drawCentreString(" Rick Roll Beacon ",120,16,2);
  display_obj.touchToExit();
  display_obj.tft.setTextColor(TFT_GREEN, TFT_BLACK);
  packets_sent = 0;
  //esp_wifi_set_mode(WIFI_MODE_STA);
  wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();
  esp_wifi_init(&cfg);
  esp_wifi_set_storage(WIFI_STORAGE_RAM);
  WiFi.mode(WIFI_AP_STA);
  esp_wifi_start();
  esp_wifi_set_promiscuous_filter(NULL);
  esp_wifi_set_promiscuous(true);
  esp_wifi_set_max_tx_power(78);
  initTime = millis();
  //display_obj.clearScreen();
  //Serial.println("End of func");
}

// Function to prepare for beacon spam
void WiFiScan::RunBeaconSpam(uint8_t scan_mode, uint16_t color)
{
  //Serial.println("Beacon Spam...");
  display_obj.TOP_FIXED_AREA_2 = 48;
  display_obj.tteBar = true;
  display_obj.print_delay_1 = 15;
  display_obj.print_delay_2 = 10;
  //display_obj.clearScreen();
  display_obj.initScrollValues(true);
  display_obj.tft.setTextWrap(false);
  display_obj.tft.setTextColor(TFT_BLACK, color);
  display_obj.tft.fillRect(0,16,240,16, color);
  display_obj.tft.drawCentreString(" Beacon Spam Random ",120,16,2);
  display_obj.touchToExit();
  display_obj.tft.setTextColor(TFT_GREEN, TFT_BLACK);
  packets_sent = 0;
  //esp_wifi_set_mode(WIFI_MODE_STA);
  wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();
  esp_wifi_init(&cfg);
  esp_wifi_set_storage(WIFI_STORAGE_RAM);
  WiFi.mode(WIFI_AP_STA);
  esp_wifi_start();
  esp_wifi_set_promiscuous_filter(NULL);
  esp_wifi_set_promiscuous(true);
  esp_wifi_set_max_tx_power(78);
  initTime = millis();
  //display_obj.clearScreen();
  //Serial.println("End of func");
}

That way when you restart an attack, you aren't trying to send out packets without any WiFi

justcallmekoko commented 4 years ago

Implemented in f86b5a4df0bd87ef8b3c6c3ea4cf5918f4a8ef1a