Skip to content

Inject 80211.c

Function gen_rand_str(int size, char *rand_char)

gen_rand_str: The function of gen_rand_str is to generate a random string of specified size and store it in the provided character array.

parameters: The parameters of this Function. · parameter1: int size - This parameter specifies the length of the random string to be generated.
· parameter2: char *rand_char - This is a pointer to a character array where the generated random string will be stored.

Code Description: The gen_rand_str function begins by initializing two integer variables, i and randNum, with randNum set to zero. The function seeds the random number generator using the provided size parameter, which helps ensure that the generated sequence of random numbers varies with different input sizes.

A for loop is then initiated, which iterates from 0 to size - 1. Within each iteration, a random number is generated by scaling the output of the rand() function. The expression 255 * (rand() / (RAND_MAX + 1.0)) generates a floating-point number between 0 and 255, which is then typecast to a character. This character is assigned to the rand_char array at the current index i.

Before assigning the character, the function checks if randNum equals zero. If it does, the loop decrements i to repeat the iteration without advancing the index, effectively skipping the assignment of a null character. This ensures that the generated string does not contain any null characters within it.

After the loop completes, a null terminator ('\0') is appended to the end of the rand_char array to signify the end of the string, making it a valid C-style string.

Note: It is important to ensure that the rand_char array has sufficient memory allocated to hold the generated string of size size + 1 to accommodate the null terminator. Additionally, the randomness of the generated string is dependent on the quality of the random number generator and the seed value provided.

graph TD
    A[Start gen_rand_str function] --> B[Initialize variables i and randNum]
    B --> C[Seed random number generator with size]
    C --> D[Start for loop from 0 to size]
    D --> E[Generate random number between 0 and 255]
    E --> F{Check if randNum is 0}
    F -- Yes --> G[Decrement i and continue loop]
    F -- No --> H[Type cast randNum to character and assign to rand_char[i]]
    H --> D
    D --> I[End for loop]
    I --> J[Assign null terminator to rand_char[i]]
    J --> K[End gen_rand_str function]

Function usage(void)

usage: The function of usage is to display the usage information and options for the inject_80211 program.

parameters: The parameters of this Function. · None

Code Description: The usage function is designed to provide users with essential information regarding how to use the inject_80211 program. It begins by printing copyright information and licensing details, acknowledging the contributions of various authors over the years. Following this, the function outlines the command-line syntax for the program, which is inject_80211 [options] <interface>.

The function then details the available options that users can specify when executing the program. Each option is accompanied by a brief description of its purpose and the expected values. For instance, users can set the hardware operation mode using the -m or --hw_mode option, which accepts values such as 'a', 'g', or 'n'. Similarly, the -r or --rate_index option allows users to specify a rate or MCS index ranging from 0 to 7.

Additional options include -t for packet type, -e for sub-type, and various address options (-a for addr1 and -b for addr2). The function also provides flags for short guard interval (-i), the number of packets to send (-n), payload size (-s), and delay between packets (-d). A help option (-h) is included to display the usage menu.

Finally, the function concludes with an example of how to set up a monitor interface and execute the inject_80211 command, providing practical guidance for users.

Note: It is important for users to ensure that they have the necessary permissions and that the specified interface is correctly configured before running the inject_80211 program. The usage function will terminate the program by calling exit(1) if invoked, indicating that the user should review the provided information.

graph TD
    A[Start usage function] --> B[Print license information]
    B --> C[Print usage instructions]
    C --> D[Print options list]
    D --> E[Print example usage]
    E --> F[Exit with status 1]
    F --> G[End usage function]

Function main(int argc, char *argv[])

main: The function of main is to initialize and manage the injection of 802.11 packets into a specified network interface.

parameters: The parameters of this Function. · parameter1: int argc - The count of command-line arguments passed to the program. · parameter2: char *argv[] - An array of command-line arguments.

Code Description: The main function begins by declaring and initializing various variables used for packet injection, including buffers, addresses, and configuration flags. It enters a loop to parse command-line options using getopt_long, allowing users to specify parameters such as hardware mode, rate index, packet type, addresses, and more. If the user requests help or provides invalid options, the function displays usage information.

After parsing the options, the function checks if a network interface has been specified. It attempts to open the specified interface using pcap_open_live, which prepares the interface for packet capture and injection. If the interface cannot be opened, an error message is displayed, and the function exits.

The function then retrieves the data link encapsulation type of the opened interface using pcap_datalink and prints the encapsulation type to the console. It sets the pcap handle to non-blocking mode.

Next, the function constructs the IEEE 802.11 header based on the specified packet type (data, management, or control). It populates the header fields with the provided addresses and subtype. If the packet type is unsupported, an error message is displayed, and the function exits.

A random payload string is generated, and the total packet size is calculated. The function checks if the packet size exceeds a predefined maximum buffer size, and if so, it exits with an error.

The buffer is cleared, and the radiotap header is inserted, followed by the IEEE header and the payload. The function then enters a loop to inject the specified number of packets into the network interface using pcap_inject. It provides feedback on the number of packets sent and respects any specified delay between injections.

Finally, the function returns 0 upon successful completion of the packet injection process.

Note: It is essential to ensure that the specified network interface supports the required encapsulation type and that the user has the necessary permissions to inject packets. Additionally, the packet size must not exceed the defined maximum buffer size to avoid injection errors.

Output Example: A successful execution of the program may produce output similar to the following: 

mode = 802.11n, rate index = 5, SHORT GI = 1, number of packets = 10 and packet size = 128 bytes, delay = 100000 usec
packet_type d sub_type 0x01 payload_len 64 ieee_hdr_len 24 addr1 01:23:45:67:89:ab addr2 01:23:45:67:89:cd
number of packets sent = 10


graph TD
    A[Start main function] --> B[Initialize variables]
    B --> C[Parse command line options]
    C --> D{Option parsed}
    D -->|Help option| E[Display usage information]
    D -->|Unknown option| F[Display unknown switch message]
    D -->|Valid option| G[Set corresponding variable]
    D -->|No more options| H[Check if arguments are provided]
    H -->|No arguments| E
    H -->|Arguments provided| I[Open interface in pcap]
    I --> J{Check if pcap opened successfully}
    J -->|Success| K[Get link encapsulation type]
    J -->|Failure| L[Display error message and return]
    K --> M{Link encapsulation type}
    M -->|DLT_PRISM_HEADER| N[Display DLT_PRISM_HEADER message]
    M -->|DLT_IEEE802_11_RADIO| O[Display DLT_IEEE802_11_RADIO message]
    M -->|Unknown| P[Display unknown encapsulation message and return]
    Q[Set pcap to non-blocking mode] --> R[Fill IEEE header based on packet type]
    R --> S{Packet type}
    S -->|Data packet| T[Fill data packet header]
    S -->|Management packet| U[Fill management packet header]
    S -->|Control packet| V[Fill control packet header]
    S -->|Invalid packet type| W[Display unsupported packet type message and return]
    X[Generate random string for payload] --> Y[Calculate packet size]
    Y --> Z{Check packet size}
    Z -->|Exceeds max buffer size| AA[Display packet size error message and return]
    Z -->|Valid size| AB[Clear storage buffer]
    AB --> AC[Insert default radiotap header]
    AC --> AD[Update radiotap header]
    AD --> AE[Insert IEEE header]
    AE --> AF[Insert payload]
    AF --> AG[Inject packets in a loop]
    AG --> AH{Check injection result}
    AH -->|Success| AI[Display number of packets sent]
    AH -->|Failure| AJ[Display injection error message and return]
    AG --> AK[Delay between packets]
    AK --> AG
    AI --> AL[End main function]