Spacehuhn's minimalistic deauth detector shimmed for ESP32 and ESP8266

deauth_detector.ino

/*

Original project: 
  https://github.com/spacehuhn/DeauthDetector
Applied/adapted these PRs:
  https://github.com/spacehuhn/DeauthDetector/pull/4
  https://github.com/spacehuhn/PacketMonitor/pull/3/files?diff=split

*/


#if defined(ESP8266)
#include <ESP8266WiFi.h>
#else
#include <WiFi.h>
#endif
#include "Mac.h"

#if defined(ESP8266)
  extern "C" {
    #include "user_interface.h"
  }
#else
  #include "esp_wifi.h"
  const wifi_promiscuous_filter_t filt={
      .filter_mask=WIFI_PROMIS_FILTER_MASK_MGMT|WIFI_PROMIS_FILTER_MASK_DATA
  };
    
  typedef struct {
    uint8_t mac[6];
  } __attribute__((packed)) MacAddr;
  
  typedef struct {
    int16_t fctl;
    int16_t duration;
    MacAddr da;
    MacAddr sa;
    MacAddr bssid;
    int16_t seqctl;
    unsigned char payload[];
  } __attribute__((packed)) WifiMgmtHdr;
#endif

//===== SETTINGS =====//
#define channel 1 //the channel to start scanning (1-14)
#define channelHopping true //scan on all channels
#define maxChannel 11 //US = 11, EU = 13, Japan = 14
#define ledPin 2 //led pin ( 2 = built-in LED)
#define inverted true // invert HIGH/LOW for the LED
#define packetRate 3 //min. packets before it gets recognized as an attack

#define scanTime 500 //scan time per channel in ms

unsigned long count = 0;
unsigned long prevTime = 0;
int curChannel = channel;

void dumpPacket(uint8_t* buf, uint16_t len) {
  if(buf == nullptr || len <= 27)
    return;
    
  Mac from(buf[16],buf[17],buf[18],buf[19],buf[20],buf[21]);
  Mac to(buf[22],buf[23],buf[24],buf[25],buf[26],buf[27]);

  Serial.print("Chan ");
  Serial.println(curChannel);
  Serial.print("From ");
  from._println();
  Serial.print("To ");
  to._println();
  Serial.println();
}


#if defined(ESP8266)
  void sniffer(uint8_t *buf, uint16_t len) 
#else
  void sniffer(void* buf, wifi_promiscuous_pkt_type_t type) 
#endif
  {
#if defined(ESP8266)
    if(buf[12] == 0xA0 || buf[12] == 0xC0){
      count++;
    }
#else
    if (type == WIFI_PKT_MGMT) {
      wifi_promiscuous_pkt_t *p = (wifi_promiscuous_pkt_t*)buf;
      int len = p->rx_ctrl.sig_len;
      WifiMgmtHdr *wh = (WifiMgmtHdr*)p->payload;
      len -= sizeof(WifiMgmtHdr);
      if (len < 0) return;
      int fctl = ntohs(wh->fctl);
      if (fctl & 0x0F00 == 0x0A00 || fctl & 0x0F00 == 0x0C00) {
        count++;
        Serial.println("DEAUTH:");
      }
    }
#endif
  }


void setup() {
  Serial.begin(115200);
  #if defined(ESP8266)
    wifi_set_opmode(STATION_MODE);
    wifi_promiscuous_enable(0);
    WiFi.disconnect();
    wifi_set_promiscuous_rx_cb(sniffer);
    wifi_set_channel(curChannel);
    wifi_promiscuous_enable(1);
  #else
    wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();
    esp_wifi_init(&cfg);
    //esp_wifi_set_country(WIFI_COUNTRY_EU);
    esp_wifi_set_storage(WIFI_STORAGE_RAM);
    esp_wifi_set_mode(WIFI_MODE_NULL);
    esp_wifi_start();
    esp_wifi_set_promiscuous(true);
    esp_wifi_set_promiscuous_filter(&filt);
    esp_wifi_set_promiscuous_rx_cb(&sniffer);
    esp_wifi_set_channel(curChannel, WIFI_SECOND_CHAN_NONE);
  #endif
  pinMode(ledPin, OUTPUT);
  Serial.println("starting!");
}

void loop() {
  unsigned long curTime = millis();
  unsigned long delta = curTime - prevTime;
  if (delta < scanTime)
    delay(scanTime - delta);

  digitalWrite(ledPin, (count >= packetRate) ^ inverted);  

  Serial.print(curChannel);
  Serial.print(": ");
  Serial.println(count);
  
  prevTime = curTime;
  count = 0;

  if(channelHopping){
    curChannel = curChannel % maxChannel + 1;
    #if defined(ESP8266)
      wifi_set_channel(curChannel);
    #else
      esp_wifi_set_channel(curChannel, WIFI_SECOND_CHAN_NONE);
    #endif
  }
}

Mac.cpp

#include "Mac.h"

Mac::Mac(){
  for(int i=0;i<6;i++){
    adress[i] = 0x00;
  }
}

Mac::Mac(uint8_t first, uint8_t second, uint8_t third, uint8_t fourth, uint8_t fifth, uint8_t sixth){
  adress[0] = first;
  adress[1] = second;
  adress[2] = third;
  adress[3] = fourth;
  adress[4] = fifth;
  adress[5] = sixth;
}

void Mac::set(uint8_t first, uint8_t second, uint8_t third, uint8_t fourth, uint8_t fifth, uint8_t sixth){
  adress[0] = first;
  adress[1] = second;
  adress[2] = third;
  adress[3] = fourth;
  adress[4] = fifth;
  adress[5] = sixth;
}

void Mac::setAt(uint8_t first, int num){
  if(num > -1 && num < 6) adress[num] = first;
}

void Mac::setMac(Mac adr){
  for(int i=0;i<6;i++){
    adress[i] = adr._get(i);
  }
}

bool Mac::valid(){
  for(int i=0;i<6;i++){
    if(adress[i] != 0xFF && adress[i] != 0x00) return true;
  }
  return false;
}

String Mac::toString(){
  String value = "";
  for(int i=0; i<6; i++) {
    if(adress[i]<0x10) {
      value += "0";
    }
    value += String(adress[i],HEX);
    if(i<5) value += ":";
  }
  return value;
}

void Mac::_print(){Serial.print(Mac::toString());}

void Mac::_println(){Serial.println(Mac::toString());}

uint8_t Mac::_get(int num){return adress[num];}

bool Mac::compare(Mac target){
  for(int i=0;i<6;i++){
    if(adress[i] != target._get(i)) return false;
  }
  return true;
}

Mac.h

#ifndef Mac_h
#define Mac_h

#include <Arduino.h>

class Mac
{
  public:
    Mac();
    Mac(uint8_t first, uint8_t second, uint8_t third, uint8_t fourth, uint8_t fifth, uint8_t sixth);
    
    void set(uint8_t first, uint8_t second, uint8_t third, uint8_t fourth, uint8_t fifth, uint8_t sixth);
    void setAt(uint8_t first, int num);
    void setMac(Mac adr);
    String toString();
    void _print();
    void _println();
    uint8_t _get(int num);
    bool compare(Mac target);
    bool valid();

  private:
    uint8_t adress[6];
};

#endif

it's hidden in one of the pull requests as mentioned at the top of the first file but I've found and added the missing Mac.h and Mac.cpp to this gist

Hello, can anybody confirm that an esp32 (like m5-stack) can detect deauth-packets? my esp32 with these sketch show’s 0 deauth packets. With an esp8266 it‘s working.

Hello tobozo,
thx for your sketch. With an ESP8266 it works perfect, with different esp32's i only get 0 deauth packets. Is it possible, the sketch can't detect deauth packets because the esp32 issue (espressif/esp-idf#886) isn't fix here? Can you test/confirm if your sketch is working on esp32?

Greets ymd

whoops I haven't checked this script for a while, I'm not sure it's related to esp-idf though.
If you're using a M5Stack, maybe try the ESP32-WiFi-Hash-Monster?
It has a fancy UI and does support deauth detection.

thx for your quick response. i have only a m5-stack atom lite and an atom matrix, so i search for something without display ... ;-)