ktwzk/tagger.ino

## tagger.ino

// ===== Settings ===== //
const uint8_t channels[] = {1, 6, 11}; // used Wi-Fi channels (available: 1-14)
const bool wpa2 = false; // WPA2 networks
const bool appendSpaces = true; // makes all SSIDs 32 characters long to improve performance

/*
  SSIDs:
  - don't forget the \n at the end of each SSID!
  - max. 32 characters per SSID
  - don't add duplicates! You have to change one character at least
*/
const char ssids[] PROGMEM = {
  "HOT SINGLES IN YOUR AREA\n"
  "INSTAGRAM @hot.singles\n"
  "STENOGRAFFIA\n"
  "H0T SINGLES IN YOUR AREA\n"
  "DSCamoe\n"
  "DSC TRIN\n"
  "HOT SINGLES IN Y0UR AREA\n"
  "TYK\n"
  "Wonder K\n"
  "КРУЗ\n"
  "ГОВЕЗ\n"
  "H0T SINGLES IN Y0UR AREA\n"
  "ВОНЬ\n"
  "SPACER\n"
  "NAMER\n"
  "JUICE\n"
  "COZEK\n"
  "CAPTEK\n"
  "H07 51NGL35 1N Y0UR 4R34\n"
  "ЗАЧЕМ\n"
  "DESTROYERS\n"
  "SEXY G DSC\n"
  "DSC OSK\n"
  "HOT SINGLES IN YOUR AREA!\n"
  "SYMBOL P\n"
  "РЕВАНШ\n"
  "!HOT SINGLES IN YOUR AREA!\n"
  "@stenograffia @hot.singles\n"
  "@vilkastakan @parfenovmaxim\n"
  "AKA6\n"
  "HOTSINGLESINYOURAREA\n"
  "YSK\n"
  "SLT\n"
  "SPEKTR.SPACE\n"
  "S-A XI\n"
  "HSYA\n"
  "hot singles in your area\n"
  "HotSinglesInYourArea\n"
  "HOT_SINGLES_IN_YOUR_AREA\n"
  "HOT.SINGLES.IN.YOUR.AREA\n"
  "@Hot.Singles\n"
  "hot_singles_in_your_area\n"
  "HOT.SINGLES\n"
  "AFISHA.DAILY NOTICE ME\n"
  "hsya\n"
  "hsya-wifi-tagging.com\n"
  "H o t S i n g l e s\n"
  "@motiv4g inside\n"
  "Spacecehuhntech\n"
};
// ==================== //

// ===== Includes ===== //
#include <ESP8266WiFi.h>

extern "C" {
#include "user_interface.h"
  typedef void (*freedom_outside_cb_t)(uint8 status);
  int wifi_register_send_pkt_freedom_cb(freedom_outside_cb_t cb);
  void wifi_unregister_send_pkt_freedom_cb(void);
  int wifi_send_pkt_freedom(uint8 *buf, int len, bool sys_seq);
}
// ==================== //

// run-time variables
char emptySSID[32];
uint8_t channelIndex = 0;
uint8_t macAddr[6];
uint8_t wifi_channel = 1;
uint32_t currentTime = 0;
uint32_t packetSize = 0;
uint32_t packetCounter = 0;
uint32_t attackTime = 0;
uint32_t packetRateTime = 0;

// beacon frame definition
uint8_t beaconPacket[109] = {
  /*  0 - 3  */ 0x80, 0x00, 0x00, 0x00, // Type/Subtype: managment beacon frame
  /*  4 - 9  */ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, // Destination: broadcast
  /* 10 - 15 */ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, // Source
  /* 16 - 21 */ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, // Source

  // Fixed parameters
  /* 22 - 23 */ 0x00, 0x00, // Fragment & sequence number (will be done by the SDK)
  /* 24 - 31 */ 0x83, 0x51, 0xf7, 0x8f, 0x0f, 0x00, 0x00, 0x00, // Timestamp
  /* 32 - 33 */ 0xe8, 0x03, // Interval: 0x64, 0x00 => every 100ms - 0xe8, 0x03 => every 1s
  /* 34 - 35 */ 0x31, 0x00, // capabilities Tnformation

  // Tagged parameters

  // SSID parameters
  /* 36 - 37 */ 0x00, 0x20, // Tag: Set SSID length, Tag length: 32
  /* 38 - 69 */ 0x20, 0x20, 0x20, 0x20,
  0x20, 0x20, 0x20, 0x20,
  0x20, 0x20, 0x20, 0x20,
  0x20, 0x20, 0x20, 0x20,
  0x20, 0x20, 0x20, 0x20,
  0x20, 0x20, 0x20, 0x20,
  0x20, 0x20, 0x20, 0x20,
  0x20, 0x20, 0x20, 0x20, // SSID

  // Supported Rates
  /* 70 - 71 */ 0x01, 0x08, // Tag: Supported Rates, Tag length: 8
  /* 72 */ 0x82, // 1(B)
  /* 73 */ 0x84, // 2(B)
  /* 74 */ 0x8b, // 5.5(B)
  /* 75 */ 0x96, // 11(B)
  /* 76 */ 0x24, // 18
  /* 77 */ 0x30, // 24
  /* 78 */ 0x48, // 36
  /* 79 */ 0x6c, // 54

  // Current Channel
  /* 80 - 81 */ 0x03, 0x01, // Channel set, length
  /* 82 */      0x01,       // Current Channel

  // RSN information
  /*  83 -  84 */ 0x30, 0x18,
  /*  85 -  86 */ 0x01, 0x00,
  /*  87 -  90 */ 0x00, 0x0f, 0xac, 0x02,
  /*  91 -  92 */ 0x02, 0x00,
  /*  93 - 100 */ 0x00, 0x0f, 0xac, 0x04, 0x00, 0x0f, 0xac, 0x04, /*Fix: changed 0x02(TKIP) to 0x04(CCMP) is default. WPA2 with TKIP not supported by many devices*/
  /* 101 - 102 */ 0x01, 0x00,
  /* 103 - 106 */ 0x00, 0x0f, 0xac, 0x02,
  /* 107 - 108 */ 0x00, 0x00
};

// goes to next channel
void nextChannel() {
  if(sizeof(channels) > 1){
    uint8_t ch = channels[channelIndex];
    channelIndex++;
    if (channelIndex > sizeof(channels)) channelIndex = 0;

    if (ch != wifi_channel && ch >= 1 && ch <= 14) {
      wifi_channel = ch;
      wifi_set_channel(wifi_channel);
    }
  }
}

// generates random MAC
void randomMac() {
  for (int i = 0; i < 6; i++)
    macAddr[i] = random(256);
}

void setup() {
  // create empty SSID
  for (int i = 0; i < 32; i++)
    emptySSID[i] = ' ';

  // for random generator
  randomSeed(os_random());

  // set packetSize
  packetSize = sizeof(beaconPacket);
  if (wpa2) {
    beaconPacket[34] = 0x31;
  } else {
    beaconPacket[34] = 0x21;
    packetSize -= 26;
  }

  // generate random mac address
  randomMac();

  // start serial
  Serial.begin(115200);
  Serial.println();

  // get time
  currentTime = millis();

  // start WiFi
  WiFi.mode(WIFI_OFF);
  wifi_set_opmode(STATION_MODE);

  // set channel
  wifi_set_channel(channels[0]);

  // print out saved SSIDs
  Serial.println("SSIDs:");
  int i = 0;
  int len = sizeof(ssids);
  while(i < len){
    Serial.print((char)pgm_read_byte(ssids + i));
    i++;
  }

  Serial.println();
  Serial.println("Started \\o/");
  Serial.println();
}

void loop() {
  currentTime = millis();

  // send out SSIDs
  if (currentTime - attackTime > 100) {
    attackTime = currentTime;

    // temp variables
    int i = 0;
    int j = 0;
    int ssidNum = 1;
    char tmp;
    int ssidsLen = strlen_P(ssids);
    bool sent = false;

    // go to next channel
    nextChannel();

    while (i < ssidsLen) {
      // read out next SSID
      j = 0;
      do {
        tmp = pgm_read_byte(ssids + i + j);
        j++;
      } while (tmp != '\n' && j <= 32 && i + j < ssidsLen);

      uint8_t ssidLen = j - 1;

      // set MAC address
      macAddr[5] = ssidNum;
      ssidNum++;

      // write MAC address into beacon frame
      memcpy(&beaconPacket[10], macAddr, 6);
      memcpy(&beaconPacket[16], macAddr, 6);

      // reset SSID
      memcpy(&beaconPacket[38], emptySSID, 32);

      // write new SSID into beacon frame
      memcpy_P(&beaconPacket[38], &ssids[i], ssidLen);

      // set channel for beacon frame
      beaconPacket[82] = wifi_channel;

      // send packet
      if(appendSpaces){
        for(int k=0;k<3;k++){
          packetCounter += wifi_send_pkt_freedom(beaconPacket, packetSize, 0) == 0;
          delay(1);
        }
      }

      // remove spaces
      else {

        uint16_t tmpPacketSize = (packetSize - 32) + ssidLen; // calc size
        uint8_t* tmpPacket = new uint8_t[tmpPacketSize]; // create packet buffer
        memcpy(&tmpPacket[0], &beaconPacket[0], 38 + ssidLen); // copy first half of packet into buffer
        tmpPacket[37] = ssidLen; // update SSID length byte
        memcpy(&tmpPacket[38 + ssidLen], &beaconPacket[70], wpa2 ? 39 : 13); // copy second half of packet into buffer

        // send packet
        for(int k=0;k<3;k++){
          packetCounter += wifi_send_pkt_freedom(tmpPacket, tmpPacketSize, 0) == 0;
          delay(1);
        }

        delete tmpPacket; // free memory of allocated buffer
      }

      i += j;
    }
  }

  // show packet-rate each second
  if (currentTime - packetRateTime > 1000) {
    packetRateTime = currentTime;
    Serial.print("Packets/s: ");
    Serial.println(packetCounter);
    packetCounter = 0;
  }
}

	// ===== Settings ===== //
	const uint8_t channels[] = {1, 6, 11}; // used Wi-Fi channels (available: 1-14)
	const bool wpa2 = false; // WPA2 networks
	const bool appendSpaces = true; // makes all SSIDs 32 characters long to improve performance

	/*
	SSIDs:
	- don't forget the \n at the end of each SSID!
	- max. 32 characters per SSID
	- don't add duplicates! You have to change one character at least
	*/
	const char ssids[] PROGMEM = {
	"HOT SINGLES IN YOUR AREA\n"
	"INSTAGRAM @hot.singles\n"
	"STENOGRAFFIA\n"
	"H0T SINGLES IN YOUR AREA\n"
	"DSCamoe\n"
	"DSC TRIN\n"
	"HOT SINGLES IN Y0UR AREA\n"
	"TYK\n"
	"Wonder K\n"
	"КРУЗ\n"
	"ГОВЕЗ\n"
	"H0T SINGLES IN Y0UR AREA\n"
	"ВОНЬ\n"
	"SPACER\n"
	"NAMER\n"
	"JUICE\n"
	"COZEK\n"
	"CAPTEK\n"
	"H07 51NGL35 1N Y0UR 4R34\n"
	"ЗАЧЕМ\n"
	"DESTROYERS\n"
	"SEXY G DSC\n"
	"DSC OSK\n"
	"HOT SINGLES IN YOUR AREA!\n"
	"SYMBOL P\n"
	"РЕВАНШ\n"
	"!HOT SINGLES IN YOUR AREA!\n"
	"@stenograffia @hot.singles\n"
	"@vilkastakan @parfenovmaxim\n"
	"AKA6\n"
	"HOTSINGLESINYOURAREA\n"
	"YSK\n"
	"SLT\n"
	"SPEKTR.SPACE\n"
	"S-A XI\n"
	"HSYA\n"
	"hot singles in your area\n"
	"HotSinglesInYourArea\n"
	"HOT_SINGLES_IN_YOUR_AREA\n"
	"HOT.SINGLES.IN.YOUR.AREA\n"
	"@Hot.Singles\n"
	"hot_singles_in_your_area\n"
	"HOT.SINGLES\n"
	"AFISHA.DAILY NOTICE ME\n"
	"hsya\n"
	"hsya-wifi-tagging.com\n"
	"H o t S i n g l e s\n"
	"@motiv4g inside\n"
	"Spacecehuhntech\n"
	};
	// ==================== //

	// ===== Includes ===== //
	#include <ESP8266WiFi.h>

	extern "C" {
	#include "user_interface.h"
	typedef void (*freedom_outside_cb_t)(uint8 status);
	int wifi_register_send_pkt_freedom_cb(freedom_outside_cb_t cb);
	void wifi_unregister_send_pkt_freedom_cb(void);
	int wifi_send_pkt_freedom(uint8 *buf, int len, bool sys_seq);
	}
	// ==================== //

	// run-time variables
	char emptySSID[32];
	uint8_t channelIndex = 0;
	uint8_t macAddr[6];
	uint8_t wifi_channel = 1;
	uint32_t currentTime = 0;
	uint32_t packetSize = 0;
	uint32_t packetCounter = 0;
	uint32_t attackTime = 0;
	uint32_t packetRateTime = 0;

	// beacon frame definition
	uint8_t beaconPacket[109] = {
	/* 0 - 3 */ 0x80, 0x00, 0x00, 0x00, // Type/Subtype: managment beacon frame
	/* 4 - 9 */ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, // Destination: broadcast
	/* 10 - 15 */ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, // Source
	/* 16 - 21 */ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, // Source

	// Fixed parameters
	/* 22 - 23 */ 0x00, 0x00, // Fragment & sequence number (will be done by the SDK)
	/* 24 - 31 */ 0x83, 0x51, 0xf7, 0x8f, 0x0f, 0x00, 0x00, 0x00, // Timestamp
	/* 32 - 33 */ 0xe8, 0x03, // Interval: 0x64, 0x00 => every 100ms - 0xe8, 0x03 => every 1s
	/* 34 - 35 */ 0x31, 0x00, // capabilities Tnformation

	// Tagged parameters

	// SSID parameters
	/* 36 - 37 */ 0x00, 0x20, // Tag: Set SSID length, Tag length: 32
	/* 38 - 69 */ 0x20, 0x20, 0x20, 0x20,
	0x20, 0x20, 0x20, 0x20,
	0x20, 0x20, 0x20, 0x20,
	0x20, 0x20, 0x20, 0x20,
	0x20, 0x20, 0x20, 0x20,
	0x20, 0x20, 0x20, 0x20,
	0x20, 0x20, 0x20, 0x20,
	0x20, 0x20, 0x20, 0x20, // SSID

	// Supported Rates
	/* 70 - 71 */ 0x01, 0x08, // Tag: Supported Rates, Tag length: 8
	/* 72 */ 0x82, // 1(B)
	/* 73 */ 0x84, // 2(B)
	/* 74 */ 0x8b, // 5.5(B)
	/* 75 */ 0x96, // 11(B)
	/* 76 */ 0x24, // 18
	/* 77 */ 0x30, // 24
	/* 78 */ 0x48, // 36
	/* 79 */ 0x6c, // 54

	// Current Channel
	/* 80 - 81 */ 0x03, 0x01, // Channel set, length
	/* 82 */ 0x01, // Current Channel

	// RSN information
	/* 83 - 84 */ 0x30, 0x18,
	/* 85 - 86 */ 0x01, 0x00,
	/* 87 - 90 */ 0x00, 0x0f, 0xac, 0x02,
	/* 91 - 92 */ 0x02, 0x00,
	/* 93 - 100 / 0x00, 0x0f, 0xac, 0x04, 0x00, 0x0f, 0xac, 0x04, /Fix: changed 0x02(TKIP) to 0x04(CCMP) is default. WPA2 with TKIP not supported by many devices*/
	/* 101 - 102 */ 0x01, 0x00,
	/* 103 - 106 */ 0x00, 0x0f, 0xac, 0x02,
	/* 107 - 108 */ 0x00, 0x00
	};

	// goes to next channel
	void nextChannel() {
	if(sizeof(channels) > 1){
	uint8_t ch = channels[channelIndex];
	channelIndex++;
	if (channelIndex > sizeof(channels)) channelIndex = 0;

	if (ch != wifi_channel && ch >= 1 && ch <= 14) {
	wifi_channel = ch;
	wifi_set_channel(wifi_channel);
	}
	}
	}

	// generates random MAC
	void randomMac() {
	for (int i = 0; i < 6; i++)
	macAddr[i] = random(256);
	}

	void setup() {
	// create empty SSID
	for (int i = 0; i < 32; i++)
	emptySSID[i] = ' ';

	// for random generator
	randomSeed(os_random());

	// set packetSize
	packetSize = sizeof(beaconPacket);
	if (wpa2) {
	beaconPacket[34] = 0x31;
	} else {
	beaconPacket[34] = 0x21;
	packetSize -= 26;
	}

	// generate random mac address
	randomMac();

	// start serial
	Serial.begin(115200);
	Serial.println();

	// get time
	currentTime = millis();

	// start WiFi
	WiFi.mode(WIFI_OFF);
	wifi_set_opmode(STATION_MODE);

	// set channel
	wifi_set_channel(channels[0]);

	// print out saved SSIDs
	Serial.println("SSIDs:");
	int i = 0;
	int len = sizeof(ssids);
	while(i < len){
	Serial.print((char)pgm_read_byte(ssids + i));
	i++;
	}

	Serial.println();
	Serial.println("Started \\o/");
	Serial.println();
	}

	void loop() {
	currentTime = millis();

	// send out SSIDs
	if (currentTime - attackTime > 100) {
	attackTime = currentTime;

	// temp variables
	int i = 0;
	int j = 0;
	int ssidNum = 1;
	char tmp;
	int ssidsLen = strlen_P(ssids);
	bool sent = false;

	// go to next channel
	nextChannel();

	while (i < ssidsLen) {
	// read out next SSID
	j = 0;
	do {
	tmp = pgm_read_byte(ssids + i + j);
	j++;
	} while (tmp != '\n' && j <= 32 && i + j < ssidsLen);

	uint8_t ssidLen = j - 1;

	// set MAC address
	macAddr[5] = ssidNum;
	ssidNum++;

	// write MAC address into beacon frame
	memcpy(&beaconPacket[10], macAddr, 6);
	memcpy(&beaconPacket[16], macAddr, 6);

	// reset SSID
	memcpy(&beaconPacket[38], emptySSID, 32);

	// write new SSID into beacon frame
	memcpy_P(&beaconPacket[38], &ssids[i], ssidLen);

	// set channel for beacon frame
	beaconPacket[82] = wifi_channel;

	// send packet
	if(appendSpaces){
	for(int k=0;k<3;k++){
	packetCounter += wifi_send_pkt_freedom(beaconPacket, packetSize, 0) == 0;
	delay(1);
	}
	}

	// remove spaces
	else {

	uint16_t tmpPacketSize = (packetSize - 32) + ssidLen; // calc size
	uint8_t* tmpPacket = new uint8_t[tmpPacketSize]; // create packet buffer
	memcpy(&tmpPacket[0], &beaconPacket[0], 38 + ssidLen); // copy first half of packet into buffer
	tmpPacket[37] = ssidLen; // update SSID length byte
	memcpy(&tmpPacket[38 + ssidLen], &beaconPacket[70], wpa2 ? 39 : 13); // copy second half of packet into buffer

	// send packet
	for(int k=0;k<3;k++){
	packetCounter += wifi_send_pkt_freedom(tmpPacket, tmpPacketSize, 0) == 0;
	delay(1);
	}

	delete tmpPacket; // free memory of allocated buffer
	}

	i += j;
	}
	}

	// show packet-rate each second
	if (currentTime - packetRateTime > 1000) {
	packetRateTime = currentTime;
	Serial.print("Packets/s: ");
	Serial.println(packetCounter);
	packetCounter = 0;
	}
	}