Created
April 4, 2025 21:17
-
-
Save khanzf/f05fcb44954d6e5470006c0d8a5f7027 to your computer and use it in GitHub Desktop.
Create a beacon frame in userspace
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdint.h> | |
| #include <stdlib.h> | |
| #include <string.h> | |
| #define IEEE80211_ADDR_LEN 6 | |
| #define IEEE80211_ELEMID_SSID 0 | |
| #define IEEE80211_ELEMID_RATES 1 | |
| #define IEEE80211_FC0_TYPE_MGT 0x00 | |
| #define IEEE80211_FC0_SUBTYPE_BEACON 0x80 | |
| #define IEEE80211_FC1_DIR_NODS 0x00 /* STA->STA */ | |
| #define IEEE80211_RATE_SIZE 8 | |
| #define SSID "NAFISA" | |
| #define SSID_LEN 6 | |
| struct ieee80211_frame { | |
| uint8_t i_fc[2]; | |
| uint8_t i_dur[2]; | |
| uint8_t i_addr1[IEEE80211_ADDR_LEN]; | |
| uint8_t i_addr2[IEEE80211_ADDR_LEN]; | |
| uint8_t i_addr3[IEEE80211_ADDR_LEN]; | |
| uint8_t i_seq[2]; | |
| } __packed; | |
| #include <stdio.h> | |
| #include <stdint.h> | |
| void print_hex(const void *buffer, size_t length) { | |
| const uint8_t *buf = (const uint8_t *)buffer; | |
| for (size_t i = 0; i < length; i += 16) { | |
| printf("00%04zX: ", i); // Print offset starting with "00" | |
| for (size_t j = 0; j < 16 && (i + j) < length; j++) { | |
| printf("%02X ", buf[i + j]); // Print each byte in hex | |
| } | |
| printf("\n"); | |
| } | |
| } | |
| int main() { | |
| struct ieee80211_frame *wh; | |
| uint8_t *frm; | |
| int frame_len; | |
| //wh = mtod(m, struct ieee80211_frame *); | |
| wh = malloc(100); | |
| memset(wh, 0, sizeof(struct ieee80211_frame)); | |
| wh->i_fc[0] = IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_BEACON; | |
| wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; | |
| /* Set destination, source, and BSSID to broadcast */ | |
| memset(wh->i_addr1, 0xff, IEEE80211_ADDR_LEN); // Broadcast | |
| memset(wh->i_addr2, 0xaa, IEEE80211_ADDR_LEN); // Fake source MAC | |
| memset(wh->i_addr3, 0xaa, IEEE80211_ADDR_LEN); // Fake BSSID | |
| /* Frame body starts after the header */ | |
| frm = (uint8_t *)(wh + 1); | |
| /* SSID element */ | |
| *frm++ = IEEE80211_ELEMID_SSID; | |
| *frm++ = SSID_LEN; | |
| memcpy(frm, SSID, SSID_LEN); | |
| frm += SSID_LEN; | |
| /* Rates */ | |
| *frm++ = IEEE80211_ELEMID_RATES; | |
| *frm++ = 0x8; // Size of 8 | |
| memcpy(frm, "\x82\x84\x8b\x96\x24\x30\x48\x6c", 8); | |
| frm += 8; | |
| frame_len = frm - (uint8_t *)wh; | |
| printf("Frame length: %d\n", frame_len); | |
| print_hex(wh, frame_len); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment