Merge branch 'dev' into prerelease

README.md

@@ -56,15 +56,14 @@ Minino can operate in 6 different technologies:
 - [x] Analyzer
 - [ ] Wireshark integration
 ### BLE
-- [ ] BLE Sniffer
+- [x] BLE ADV Sniffer (Wireshark Integration)
 - [x] BLE Spammer
 - [x] BLE Spoffing (HID device, audio control)
 - [x] BLE Trackers Scanner (AirTags, Tile, etc)
-- [x] Wireshark integration
 ### Zigbee
 - [x] Zigbee sniffer
 - [x] Zigbee spoofing (Switch End Device)
-- [ ] Wardriving
+- [x] Wardriving
 - [x] Wireshark integration
 
 ### Thread

firmware/Makefile

@@ -21,6 +21,11 @@ clean:
 	rm sdkconfig
 	make setup
 
+ff:
+	make test_port
+	idf.py -p $(PORT) erase-flash
+		make flash monitor
+
 all: flash monitor
 
 .PHONY: test_port setup compile flash monitor clean all

firmware/README.md

@@ -183,3 +183,33 @@ BLE_SCAN_FILTER_ALLOW_ALL           = 0x0,  /*!< Accept all :
                                                   2. directed advertising packets where the initiator address is a resolvable private address, and
                                                   3. directed advertising packets addressed to this device.*/
 ```
+
+## WIFI
+
+### DoS test
+First run a python simple server with:
+`python3 -m http.server`
+
+Next open the DoS app in minino and if you haven't a AP saved in the serial terminal you need to add your AP:
+```
+Welcome to the Minino Console.
+Type 'help' to get the list of commands.
+Use UP/DOWN arrows to navigate through command history.
+Press TAB when typing command name to auto-complete.
+Press Enter or Ctrl+C will terminate the console environment.
+minino> save AP_NAME PASSWORD
+```
+
+The minino will try to connect to AP.
+Once you have a AP saved if the minino app do not show the AP's exit and come back to the app to load AP, once minino found a AP available this will try to connect and if done, the next screen will show the target, if target is not configured, you need to introduce manually in the serial terminal:
+```
+Welcome to the Minino Console.
+Type 'help' to get the list of commands.
+Use UP/DOWN arrows to navigate through command history.
+Press TAB when typing command name to auto-complete.
+Press Enter or Ctrl+C will terminate the console environment.
+minino> web_config IP_VICTIM PORT_VICTIM _PATH_VICTIM
+```
+In this case our victim server are our pc so the command will be like this: `web_config 192.168.0.178 8000 /`
+
+Then we can execute the command `catdos` to start the attack.

firmware/components/ieee_sniffer/ieee_sniffer.c

@@ -10,10 +10,13 @@
 #include "freertos/queue.h"
 #include "freertos/task.h"
 
+#define HOPPING_TIME 3500
+
 static esp_err_t err;
 static QueueHandle_t packet_rx_queue = NULL;
 static ieee_sniffer_cb_t packet_callback = NULL;
 static int current_channel = IEEE_SNIFFER_CHANNEL_DEFAULT;
+static bool running = false;
 
 static void debug_print_packet(uint8_t* packet, uint8_t packet_length);
 static void debug_handler_task(void* pvParameters);
@@ -34,6 +37,14 @@ void ieee_sniffer_register_cb(ieee_sniffer_cb_t callback) {
   packet_callback = callback;
 }
 
+uint8_t ieee_sniffer_get_channel() {
+  return current_channel;
+}
+
+int8_t ieee_sniffer_get_rssi() {
+  return esp_ieee802154_get_recent_rssi();
+}
+
 void ieee_sniffer_set_channel(int channel) {
   current_channel = channel;
   if (channel < IEEE_SNIFFER_CHANNEL_MIN) {
@@ -51,7 +62,7 @@ void ieee_sniffer_set_channel(int channel) {
   ESP_LOGI(TAG_IEEE_SNIFFER, "Channel set to %d", current_channel);
 }
 
-void ieee_sniffer_begin(void) {
+static void ieee_sniffer_configure() {
 #if !defined(CONFIG_IEEE_SNIFFER_DEBUG)
   esp_log_level_set(TAG_IEEE_SNIFFER, ESP_LOG_NONE);
 #endif
@@ -92,13 +103,33 @@ void ieee_sniffer_begin(void) {
   }
   esp_ieee802154_set_extended_address(eui64_rev);
   ESP_ERROR_CHECK(esp_ieee802154_receive());
+}
 
-  while (true) {
+void ieee_sniffer_begin(void) {
+  running = true;
+  ieee_sniffer_configure();
+  while (running) {
     vTaskDelay(10 / portTICK_PERIOD_MS);
   }
+  vTaskDelete(NULL);
+}
+
+void ieee_sniffer_channel_hop() {
+  running = true;
+  ieee_sniffer_configure();
+  esp_ieee802154_disable();
+  while (running) {
+    esp_ieee802154_enable();
+    ieee_sniffer_set_channel(current_channel + 1);
+    esp_ieee802154_receive();
+    vTaskDelay(HOPPING_TIME / portTICK_PERIOD_MS);
+    esp_ieee802154_disable();
+  }
+  vTaskDelete(NULL);
 }
 
 void ieee_sniffer_stop(void) {
+  running = false;
   err = esp_ieee802154_disable();
   if (err != ESP_OK) {
     ESP_LOGE(TAG_IEEE_SNIFFER, "Error disabling IEEE 802.15.4 driver: %s",

firmware/components/ieee_sniffer/ieee_sniffer.h

@@ -78,4 +78,10 @@ void ieee_sniffer_stop(void);
  * @param channel The channel to set
  */
 void ieee_sniffer_set_channel(int channel);
+
+uint8_t ieee_sniffer_get_channel();
+int8_t ieee_sniffer_get_rssi();
+
+void ieee_sniffer_channel_hop();
+
 #endif  // IEEE_SNIFFER_H

firmware/components/minino_config/Kconfig.projbuild

@@ -642,6 +642,21 @@ config ZIGBEE_APP_SPOOFING
     help
       Enable or disable the Zigbee Spoofing application.
 
+if ZIGBEE_APP_SPOOFING
+
+config ZIGBEE_APP_SPOOFING_SWITCH
+    bool "Enable Spoofing Switch App"
+    default true
+    help
+      Enable or disable the Zigbee Spoofing Switch application.
+
+config ZIGBEE_APP_SNIFFER_LIGHT
+    bool "Enable Spoofing Light App"
+    default true
+    help
+      Enable or disable the Zigbee Spoofing Light application.
+endif # ZIGBEE_APP_SPOOFING
+
 config ZIGBEE_APP_SNIFFER
     bool "Enable Sniffer App"
     default true
@@ -687,6 +702,12 @@ config GPS_APP_WARDRIVING
     default true
     help
       Enable or disable the GPS Wardriving application.
+
+config GPS_APP_WARDRIVING_ZB
+	bool "Enable Wardriving Zigbee App"
+	default true
+	help
+		Enable or disable the GPS Wardriving Zigbee application.
 endif # GPS_APPS_ENABLE
 
 ################################# OTA ###################################

firmware/components/sd_card/include/sd_card.h

@@ -139,3 +139,5 @@ esp_err_t sd_card_write_file(const char* path, char* data);
  * @return sd_card_info_t
  */
 sd_card_info_t sd_card_get_info();
+
+esp_err_t sd_card_append_to_file(const char* path, char* data);

firmware/components/sd_card/sd_card.c

@@ -272,6 +272,11 @@ esp_err_t sd_card_read_file(const char* path) {
     return ESP_FAIL;
   }
 
+  if (path == NULL) {
+    ESP_LOGE(TAG, "Path is NULL");
+    return ESP_FAIL;
+  }
+
   uint8_t path_len = strlen(path);
   char full_path[path_len + 1 + strlen(MOUNT_POINT)];
   sprintf(full_path, "%s/%s", MOUNT_POINT, path);
@@ -308,7 +313,7 @@ esp_err_t sd_card_write_file(const char* path, char* data) {
   char full_path[path_len + 1 + strlen(MOUNT_POINT)];
   sprintf(full_path, "%s/%s", MOUNT_POINT, path);
 
-  ESP_LOGI(TAG, "Opening file %s", full_path);
+  ESP_LOGI(TAG, "Opening file w %s", full_path);
   FILE* file = fopen(full_path, "w");
   if (file == NULL) {
     ESP_LOGE(TAG, "Failed to open file for writing");
@@ -321,6 +326,29 @@ esp_err_t sd_card_write_file(const char* path, char* data) {
   return ESP_OK;
 }
 
+esp_err_t sd_card_append_to_file(const char* path, char* data) {
+  if (sd_card_is_not_mounted()) {
+    ESP_LOGE(TAG, "SD card not mounted");
+    return ESP_FAIL;
+  }
+
+  uint8_t path_len = strlen(path);
+  char full_path[path_len + 1 + strlen(MOUNT_POINT)];
+  sprintf(full_path, "%s/%s", MOUNT_POINT, path);
+
+  ESP_LOGI(TAG, "Opening file a %s", full_path);
+  FILE* file = fopen(full_path, "a");
+  if (file == NULL) {
+    ESP_LOGE(TAG, "Failed to open file for writing");
+    return ESP_FAIL;
+  }
+  fprintf(file, data);
+  fclose(file);
+  ESP_LOGI(TAG, "File written");
+
+  return ESP_OK;
+}
+
 size_t sd_card_get_file_size(FILE* file) {
   if (file == NULL) {
     return 0;

firmware/components/wifi_scanner/wifi_scanner.c

@@ -18,16 +18,44 @@ void wifi_scanner_module_scan() {
   if (err != ESP_OK) {
     ESP_LOGE(TAG_WIFI_SCANNER_MODULE, "Failed to create event loop: %s",
              esp_err_to_name(err));
+    esp_event_loop_delete_default();
+    esp_event_loop_create_default();
   }
 
   ap_records.count = CONFIG_SCAN_MAX_AP;
-  ESP_ERROR_CHECK(esp_wifi_start());
-  ESP_ERROR_CHECK(esp_wifi_clear_ap_list());
-  ESP_ERROR_CHECK(esp_wifi_scan_start(NULL, true));
+  wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();
+  err = esp_wifi_init(&cfg);
+  if (err != ESP_OK) {
+    ESP_LOGE(TAG_WIFI_SCANNER_MODULE, "Failed to init wifi: %s",
+             esp_err_to_name(err));
+    return;
+  }
+  err = esp_wifi_start();
+  if (err != ESP_OK) {
+    ESP_LOGE(TAG_WIFI_SCANNER_MODULE, "Failed to start wifi: %s",
+             esp_err_to_name(err));
+    return;
+  }
+  err = esp_wifi_clear_ap_list();
+  if (err != ESP_OK) {
+    ESP_LOGE(TAG_WIFI_SCANNER_MODULE, "Failed to clear AP list: %s",
+             esp_err_to_name(err));
+    return;
+  }
+  err = esp_wifi_scan_start(NULL, true);
+  if (err != ESP_OK) {
+    ESP_LOGE(TAG_WIFI_SCANNER_MODULE, "Failed to start scan: %s",
+             esp_err_to_name(err));
+    return;
+  }
   ESP_LOGI(TAG_WIFI_SCANNER_MODULE, "Max AP number ap_info can hold = %u",
            ap_records.count);
-  ESP_ERROR_CHECK(
-      esp_wifi_scan_get_ap_records(&ap_records.count, ap_records.records));
+  err = esp_wifi_scan_get_ap_records(&ap_records.count, ap_records.records);
+  if (err != ESP_OK) {
+    ESP_LOGE(TAG_WIFI_SCANNER_MODULE, "Failed to get AP records: %s",
+             esp_err_to_name(err));
+    return;
+  }
   ESP_LOGI(TAG_WIFI_SCANNER_MODULE, "Found %u APs.", ap_records.count);
   ESP_LOGD(TAG_WIFI_SCANNER_MODULE, "Scan done.");
 }

firmware/components/wifi_sniffer/cmd_pcap.c

@@ -157,7 +157,6 @@ static esp_err_t pcap_open(pcap_cmd_runtime_t* pcap) {
   } else {
     ESP_LOGE(TAG, "pcap file destination hasn't specified");
   }
-
   ESP_GOTO_ON_FALSE(fp, ESP_FAIL, err, TAG, "open file failed");
   pcap_config_t pcap_config = {
       .fp = fp,
@@ -465,7 +464,7 @@ int do_pcap_cmd(int argc, char** argv) {
   }
 
   if (pcap_args.open->count) {
-    pcap_open(&pcap_cmd_rt);
+    ret = pcap_open(&pcap_cmd_rt);
   }
 err:
   return ret;

firmware/components/wifi_sniffer/cmd_sniffer.c

@@ -45,9 +45,11 @@ static wlan_filter_table_t wifi_filter_hash_table[SNIFFER_WLAN_FILTER_MAX] = {
 static sniffer_cb_t sniffer_cb = NULL;
 static sniffer_animation_cb_t sniffer_animation_start_cb = NULL;
 static sniffer_animation_cb_t sniffer_animation_stop_cb = NULL;
+static void (*out_of_mem_cb)();
 
-void wifi_sniffer_register_cb(sniffer_cb_t callback) {
+void wifi_sniffer_register_cb(sniffer_cb_t callback, void* _out_of_mem_cb) {
   sniffer_cb = callback;
+  out_of_mem_cb = _out_of_mem_cb;
 }
 
 void wifi_sniffer_register_animation_cbs(sniffer_animation_cb_t start_cb,
@@ -69,6 +71,7 @@ static uint32_t hash_func(const char* str, uint32_t max_num) {
 }
 
 static void create_wifi_filter_hashtable(void) {
+  memset(wifi_filter_hash_table, 0, sizeof(wifi_filter_hash_table));
   char* wifi_filter_keys[SNIFFER_WLAN_FILTER_MAX] = {
       "mgmt", "data", "ctrl", "misc", "mpdu", "ampdu", "fcsfail"};
   uint32_t wifi_filter_values[SNIFFER_WLAN_FILTER_MAX] = {
@@ -146,6 +149,7 @@ static void wifi_sniffer_cb(void* recv_buf, wifi_promiscuous_pkt_type_t type) {
 static void sniffer_task(void* parameters) {
   sniffer_packet_info_t packet_info;
   sniffer_runtime_t* sniffer = (sniffer_runtime_t*) parameters;
+  bool force_exit = false;
   if (sniffer_animation_start_cb) {
     sniffer_animation_start_cb();
   }
@@ -171,6 +175,11 @@ static void sniffer_task(void* parameters) {
                        packet_info.seconds,
                        packet_info.microseconds) != ESP_OK) {
       ESP_LOGW(TAG, "save captured packet failed");
+      if (out_of_mem_cb) {
+        xSemaphoreGive(sniffer->sem_task_over);
+        force_exit = true;
+        out_of_mem_cb();
+      }
     }
     free(packet_info.payload);
     if (sniffer->packets_to_sniff > 0) {
@@ -186,7 +195,9 @@ static void sniffer_task(void* parameters) {
   }
   /* notify that sniffer task is over */
   if (sniffer->packets_to_sniff != 0) {
-    xSemaphoreGive(sniffer->sem_task_over);
+    if (!force_exit) {
+      xSemaphoreGive(sniffer->sem_task_over);
+    }
   }
   if (sniffer_cb) {
     sniffer_cb(sniffer);
@@ -322,6 +333,7 @@ static esp_err_t sniffer_start(sniffer_runtime_t* sniffer) {
 err_queue:
   sniffer->is_running = false;
 err:
+  out_of_mem_cb();
   return ret;
 }
 

firmware/components/wifi_sniffer/include/cmd_sniffer.h

@@ -64,7 +64,7 @@ typedef void (*sniffer_animation_cb_t)(void);
 
 void register_sniffer_cmd(void);
 int do_sniffer_cmd(int argc, char** argv);
-void wifi_sniffer_register_cb(sniffer_cb_t callback);
+void wifi_sniffer_register_cb(sniffer_cb_t callback, void* _out_of_mem_cb);
 void wifi_sniffer_register_animation_cbs(sniffer_animation_cb_t start_cb,
                                          sniffer_animation_cb_t stop_cb);
 

firmware/components/wifi_sniffer/include/wifi_sniffer.h

@@ -24,7 +24,7 @@ void wifi_sniffer_begin();
  *
  * @return void
  */
-void wifi_sniffer_start();
+esp_err_t wifi_sniffer_start();
 
 /**
  * @brief Stop the wifi sniffer