/****************************************************************************** * AirSend, v.1.10 * * * * by * * * * L. Padilla (e-mail: padilla at domain "gae ucm es") * * * * Madrid, April 2005 - January 2007 * * * * Compile with: cc -O -lpcap -o airsend airsend.c * * Latest version at http://www.gae.ucm.es/~padilla/extrawork/airsend.c * ******************************************************************************/ #include #include #include #include #include #include #include #include #include int main (int argc, char * argv[]) { char * data, errbuf[PCAP_ERRBUF_SIZE]; unsigned short fc = 0; int j = 0, b = 0, r = 1, fd_raw; long i, c = 0, d = -1, a1l, a1h, a2l, a2h, a3l, a3h; unsigned long bf = 0, biv[257] = {12664766, 12599485, 10510493, 7442286, 8486782, 4308798, 14753758, 6397790, 2154525, 14688477, 9465997, 4243517, 10575774, 13709262, 4961608, 7377005, 9531278, 11685551, 6332509, 15732973, 2219806, 7115881, 7050600, 15798254, 11620270, 3264302, 3329583, 13643981, 3199021, 11554989, 15276006, 7899253, 253, 3655988, 13056452, 5549137, 11163303, 3786550, 1240591, 5288013, 5418575, 7311724, 9139592, 8421501, 5157451, 11293865, 1175310, 13839824, 13578700, 15602411, 783624, 14166229, 1958682, 131070, 7833972, 6920038, 15471849, 4831046, 11098022, 6071385, 979467, 15341287, 8747906, 6136666, 1501715, 6006104, 848905, 11881394, 522500, 10249369, 14819039, 10706336, 1110029, 6789476, 3851831, 15667692, 10641055, 14296791, 10836898, 16451064, 10314650, 11032741, 12011956, 3460145, 1762839, 8029815, 1893401, 6724195, 16189940, 2742054, 10967460, 7181162, 11489708, 1566996, 14949601, 16124659, 12077237, 5353294, 16385783, 16516345, 12925890, 6854757, 12273080, 9400716, 12403642, 4374079, 16581626, 9596559, 11424427, 914186, 457219, 4112955, 3590707, 6201947, 11228584, 2285087, 14100948, 14427353, 5744980, 3721269, 587781, 8356220, 13448138, 6593633, 3133740, 13382857, 12207799, 11946675, 1828120, 11816113, 16255221, 14492634, 718343, 12534204, 5026889, 13905105, 6985319, 16059378, 8095096, 15994097, 7768691, 4504641, 653062, 1371153, 10445212, 3003178, 3394864, 2676773, 9074311, 5614418, 10771617, 2546211, 15406568, 16320502, 3982393, 2350368, 13317576, 4635203, 4178236, 5483856, 9922964, 1044748, 15210725, 5810261, 10902179, 9661840, 11750832, 8943749, 15928816, 5222732, 391938, 8290939, 326657, 9204873, 1632277, 5875542, 7507567, 4896327, 13513419, 9009030, 2937897, 16712188, 15014882, 2807335, 7246443, 9335435, 8160377, 8682625, 15537130, 5940823, 14557915, 2611492, 12338361, 8225658, 9270154, 4700484, 8878468, 15080163, 14035667, 2480930, 15863535, 12468923, 7572848, 12991171, 14884320, 3525426, 3068459, 8813187, 13970386, 6658914, 4047674, 9727121, 6528352, 13252295, 2089244, 14231510, 7964534, 9792402, 15145444, 13187014, 9857683, 12860609, 16646907, 9988245, 196097, 7703410, 6463071, 2872616, 12142518, 3917112, 6267228, 1436434, 13774543, 11359146, 14623196, 7638129, 13121733, 10379931, 196606, 2023963, 2415649, 5679699, 4765765, 10118807, 1697558, 4569922, 1305872, 14362072, 5092170, 10184088, 10053526, 261376, 8617344, 12730047, 8552063, 4439360, 12795328}; unsigned long long a1 = 0, a2 = 0, a3 = 0; pcap_t * fd_pcap; struct ifreq ifr; struct sockaddr_ll to; struct pcap_pkthdr ph; /* Process command line arguments */ if (argc < 3) { printf ("\nUsage: airsend [ -b <0-256> ]"); printf (" [ -c ]\n [ -d ] [ -fc hhhh ] "); printf ("[ -a1 hhhhhhhhhhhh ]\n [ -a2 hhhhhhhhhhhh ] "); printf ("[ -a3 hhhhhhhhhhhh ]\n\n"); return 1; } else if (argc > 3) { for (i = 3; i < argc; i++) { if (strcmp (argv[i], "-b") == 0) { b = 1; i++; if (i < argc) { j = atoi (argv[i]); } else { printf ("Parameter -b error!\n\n"); return -1; } } else if (strcmp (argv[i], "-c") == 0) { i++; if (i < argc) { c = atol (argv[i]); } else { printf ("Parameter -c error!\n\n"); return -1; } } else if (strcmp (argv[i], "-d") == 0) { i++; if (i < argc) { d = atol (argv[i]); } else { printf ("Parameter -d error!\n\n"); return -1; } } else if (strcmp (argv[i], "-fc") == 0) { i++; if (i < argc) { fc = (short) strtoul (argv[i], NULL, 16); } else { printf ("Parameter -fc error!\n\n"); return -1; } } else if (strcmp (argv[i], "-a1") == 0) { i++; if (i < argc) { a1 = strtoull (argv[i], NULL, 16); } else { printf ("Parameter -a1 error!\n\n"); return -1; } } else if (strcmp (argv[i], "-a2") == 0) { i++; if (i < argc) { a2 = strtoull (argv[i], NULL, 16); } else { printf ("Parameter -a2 error!\n\n"); return -1; } } else if (strcmp (argv[i], "-a3") == 0) { i++; if (i < argc) { a3 = strtoull (argv[i], NULL, 16); } else { printf ("Parameter -a3 error!\n\n"); return -1; } } else { printf ("\nUsage: airsend [ -b ]"); printf (" [ -c ] [ -d ]\n"); printf (" [ -fc hhhh ] [ -a1 hhhhhhhhhhhh ] [ -a2 hhhhhhhhhhhh ] "); printf ("[ -a3 hhhhhhhhhhhh ]\n\n"); return 1; } } } /* Open packet file */ if ((fd_pcap = pcap_open_offline (argv[2], errbuf)) == NULL) { perror ("pcap"); return -1; } /* Open raw socket */ if ((fd_raw = socket (PF_PACKET, SOCK_RAW, 0)) < 0) { perror ("socket"); pcap_close (fd_pcap); return -1; } /* Configure socket */ memset (& ifr, 0, sizeof (ifr)); memset (& to , 0, sizeof (to )); to.sll_family = AF_PACKET; strncpy (ifr.ifr_name, argv[1], sizeof (ifr.ifr_name) - 1); if (ioctl (fd_raw, SIOCGIFINDEX, & ifr) < 0) { perror ("ioctl"); close (fd_raw); pcap_close (fd_pcap); return -1; } to.sll_ifindex = ifr.ifr_ifindex; /* Prepare 802.11 header if required (tested only in x86) */ if (fc) fc = htons (fc); if (a1) { a1l = htonl ((long) (0xFFFFFFFF & a1)); a1h = htonl ((long) (a1>>32)); } if (a2) { a2l = htonl ((long) (0xFFFFFFFF & a2)); a2h = htonl ((long) (a2>>32)); } if (a3) { a3l = htonl ((long) (0xFFFFFFFF & a3)); a3h = htonl ((long) (a3>>32)); } for (i = 0; ((1 - b) * c ? i < c : 1); i++) /* Repetition loop */ { while ((data = (char *) pcap_next (fd_pcap, & ph)) != NULL) { /* Packet file loop */ /* Change 802.11 header if required (tested only in x86) */ if (fc) memcpy (data, & fc, 2); if (a1) { memcpy (data + 4, (char *) & a1h + 2, 2); memcpy (data + 6, & a1l, 4); } if (a2) { memcpy (data + 10, (char *) & a2h + 2, 2); memcpy (data + 12, & a2l, 4); } if (a3) { memcpy (data + 16, (char *) & a3h + 2, 2); memcpy (data + 18, & a3l, 4); } if (b) { memcpy (data + 24, (char *) (& biv[j]) + 2, 1); memcpy (data + 25, (char *) (& biv[j]) + 1, 1); memcpy (data + 26, & biv[j] , 1); memcpy (data + 30, & bf, 3); if (b && r < c) { r++; } else { bf++; r = 1; } if (bf > 0x00FFFFFF) { bf = 0; j++; if (j > 256) j = 0; } } /* Send packet */ while (ph.caplen <= 1500 && sendto (fd_raw, data, ph.caplen, MSG_DONTWAIT, (struct sockaddr *) & to, sizeof (to)) != ph.caplen) usleep (1); /* Wait if busy */ /* Wait if required */ if (d >= 0) usleep (d); } /* Rewind packet file for repetition */ fseek (pcap_file (fd_pcap), 24, SEEK_SET); } /* Close socket and packet file */ close (fd_raw); pcap_close (fd_pcap); return 0; }