ProHoster > Блог > Gudanarwa > Yin caca tare da Wifi akan ESP32

Yin caca tare da Wifi akan ESP32

Yin caca tare da Wifi akan ESP32

Abin da ya ba ni ra'ayin yin kayan aikin aljihu don nazarin cibiyoyin sadarwar WiFi shine Wannan labarin.

Godiya gare su da ra'ayin. Ba ni da abin yi.

An yi duk aikin a matsayin wani ɓangare na sha'awa don manufar jin daɗi da faɗaɗa ilimina a fagen fasahar sadarwa. Sannu a hankali, awanni 1..4 a mako, tun farkon wannan shekara.
Ban shirya wani amfani mai amfani ba. Wadancan. Wannan ba kayan aikin hacker bane.

A halin yanzu, duk ayyukan da aka tsara suna aiki. Duk kafofin, shirye gaba daya don taro, buga nan. Hakanan akwai umarnin taro, da sauransu. A cikin wannan bayanin, ba zan kwafi bayanan da aka buga akan github ba. Zan gaya muku abin da na ga ya dace don bayyana daban.

Ra'ayi na akan "kayan aikin duniya" da dalilin zabar ESP32

Bana ikirarin nine gaskiya. Kowa yana da nasa. Zan yi ƙoƙarin tabbatar da zaɓi na kayan aikina.

Gabatarwa a cikin labarin yanayin amfani da haɗin haɗin Linux (da farko Rasberi Pi) + “Peripherals” a cikin nau'in mai sarrafawa (STM32) + CC1110 (8051 core) da shirin ɗaukar duk abin da zai yiwu a can (125kHz, NFC, 433mHz, USB, iButton, bluetooth,?) bai dace da ni ba. Duk da haka, wannan aikin Yana kama da zai kasance mai zaman kansa kuma a rufe (flipper-zero github "Wannan ƙungiyar ba ta da ma'ajiyar jama'a.") kuma ta tafi zuwa ga kayan aikin da ba na kowa ba.

Wataƙila na yi kuskure, kuma a nan gaba marubuta za su sa tushen software a bainar jama'a. Amma idan ba haka ba, to ba zan sayi irin wannan kayan aikin ba tare da lambar tushe ba.

Abubuwan bukatu na na "kayan aiki"

Akwatin ya kamata ya zama ƙarami (ƙarami mafi kyau).

Saboda haka:

  • Babu ginanniyar baturi da ake buƙata. Tare da na yanzu> 100 mA lokacin aiki tare da Wifi, ginanniyar baturin zai zama babba ko kuma ba zai daɗe ba. Don haka, bari “akwatin” ya kasance mai ƙarfi ta daidaitaccen bankin wutar lantarki. Ko ta yaya, koyaushe ina da bankin wutar lantarki a aljihuna/mota.
  • Ajiye "akwatin" Linux tare da kayan aiki a ciki, wanda aka rubuta tsawon shekaru da yawa a cikin duk harsuna Tare da ƙaramin allo da ƙaramin saitin maɓallin sarrafawa, ba shi da ma'ana. Za a iya duba/a sarrafa sakamakon akan kwamfutar tafi-da-gidanka ta al'ada tare da cikakken madannai da allo.
  • Yakamata a sami dama cikin sauƙi kuma ana sansu sosai (samuwa SDK, misalai da takardu da yawa).

Sakamakon haka, a gare ni, zaɓin ya kasance a bayyane - ESP32.

Ga duk ayyukan da aka bayyana a cikin labarin da suka sa in ɗauki mataki, iyawar ESP32 sun isa sosai. Ko da yake mafi yawan abin da nake so in yi shi ne:

  • Yi wasa tare da Bluetooth.
  • Yi wasa tare da kewayon 433mHz tare da kayan aiki mafi sauƙi (kawai juzu'in daidaitawa, wanda ya isa ga buƙatu masu amfani).

Tashi a cikin maganin shafawa a cikin ESP32

  • ESP32 SDK (IDF) ya ɗan daɗe.
  • Wasu daga cikin ayyukan (WiFi stack, alal misali) suna zuwa ba tare da lambar tushe ba a cikin nau'in ɗakunan karatu na tsaye.
  • Ƙungiya ta 5gHz ba ta da tallafi kuma akwai wasu iyakoki da rashin ƙarfi a cikin aiki tare da WiFi.

Amma farashin / girman gaba ɗaya yana rama waɗannan gazawar.

Babban aikin software

Zan yi bayani a taƙaice akan aiki da ra'ayina game da...

Sarrafa saituna da loda fayiloli daga SD

Ana yin duk sarrafa waje ta hanyar shafin yanar gizo mai sauƙi, wanda aka ƙaddamar a cikin wani abu na daban. ESP32 yana farawa a yanayin WiFi AP kuma yana nuna shafi a ƙayyadadden adireshin IP.

Ko da yake na'urorin ESP32 suna da sauri sosai, kamar yadda gwaje-gwajen suka nuna, aiki na lokaci guda na ginannen sabis na gidan yanar gizo da, alal misali, yanayin na'ura mai ba da hanya tsakanin hanyoyin sadarwa ba su dace sosai ba. Don haka, babu iko mai ƙarfi kuma ba a samun shafin a duk sauran hanyoyin.
Bugu da ƙari, ba a buƙatar iko mai ƙarfi don dalilai na bincike.

Yanayin aiki tare da fakitin Beacon

Hanyoyin banal kuma ba su da ban sha'awa sosai. An yi "saboda yana yiwuwa." Don dubawa.
Akwai misalai a cikin misalan Espressif na hukuma.

Yanayin duba lissafin lissafin AP.
A zahiri, kowane smartphone na iya yin wannan.
To, a cikin wannan yanayin za a adana jerin abubuwan AP.
Beacon spamer.
ESP32 yana farawa azaman AP tare da ɓoyayyiyar SSID da MAC bazuwar kuma ya fara aika [tauraron fitila] bisa ga jerin SSID da aka riga aka ƙirƙira (wanda aka ƙirƙira da hannu ko samu a baya ta hanyar bincika jerin AP)

Yanayin fakitin WiFi

Masu haɓaka Espressif sun kara da ikon software na aikace-aikacen don karɓar duk fakitin WiFi "yana tashi a cikin iska" ta hanyar aikin sake kira. A zahiri ba duka ba, tunda zaku iya saita yanayin don kafaffen tasha ɗaya kawai.

Ana ƙulla ƙayyadaddun ƙuntatawa na lokaci akan sarrafa aikin dawo da kira. Idan wannan bai haifar da matsala ga yanayin tarin ƙididdiga mai sauƙi ba, to don yanayin rikodin fayil na PCAP akan katin SD dole ne in yi tinker, shirya rikodin ta hanyar layi a cikin ƙwaƙwalwar ajiya da semaphores. Yin la'akari da fifikon cewa tsarin kiran dawo da kira yana gudana a kan tushen guda ɗaya, da tsarin da ke rubuta zuwa SD a cikin wani.

A lokacin "iska mai hayaniya", wasu fakiti sun ɓace (babu daki a cikin jerin gwano kuma an watsar da su), amma tare da "iska" na gida da yamma (5..7 APs a cikin ganuwa), yin rikodi a PCAP an kammala ba tare da asarar fakiti ba.

Bugu da ƙari, don kulawa da rikodi na PCAP, akwai yanayin tacewa dangane da jerin MAC a cikin fakitin kai.

Misali, zaku iya bin diddigin kamannin mutum a kulob/cafe kafin ma ya shiga ko ya bayyana a gani. Mutane kaɗan ne ke kashe WiFi da haɗin kai ta atomatik zuwa sanannun APs. (Ina kashe shi yanzu..)

Duban zirga-zirgar da aka yi rikodin a Wireshark ilimi ne kuma mai ban sha'awa don fahimtar taswira - duk yana aiki.

Yanayin aiki tare da fakitin mutuwa

Ta hanyar tsoho, an haramta aika waɗannan fakitin a cikin ɗakin karatu na libnet80211, wanda ya zo ba tare da tushe ba. Amma yana da sauƙi a gyara ta hanyar tweaking guda biyu. Da farko na yi shakka ko ya cancanci buga faci. Amma bayan zagayawa wurare daban-daban tare da kunna yanayin bincikar firam ɗin, na yi tunani: “menene jahannama.” Haka kuma, a cikin esp8266 ba a rufe isar da waɗannan fakitin kuma akwai majalisai akan github don esp8266.

A wurare da yawa (ba zan faɗi a ina ba) ana amfani da murkushe AP maras so ta wannan hanyar. Kuma waɗannan ba "masu zalunci" ba ne ...

Kuma na yi mamakin yadda ake rarraba Intanet daga wayata ba ta aiki a wasu wurare...

Yanayin bin lamba da RSSI na irin waɗannan fakiti suna da amfani sosai don fahimtar "inda APs na hagu ba sa son shi."

yanayin na'ura mai ba da hanya tsakanin hanyoyin sadarwa

Wannan fasalin tabbas shine mafi ban sha'awa na duk don bincika.

ESP32 yana goyan bayan aiki na lokaci ɗaya a cikin yanayin STA + SoftAP. Don haka, zaku iya aiwatar da na'ura mai ba da hanya tsakanin hanyoyin sadarwa na NAT a kai.

Don tallafawa tarin cibiyar sadarwa, Espressif yana amfani da cokali mai yatsu (kusan ba canzawa) na ɗakin karatu na lwip.

Amma, ta tsohuwa, a cikin madaidaicin ginin, ɗakin karatu na esp-lwip baya samar da isar da kai tsakanin netif interfaces 'ap' (SoftAP) da 'st' (STA).

Tabbas, zaku iya yin hakan ba tare da NAT ba, amma akwai matsala tare da haɗa STA biyu ko fiye a lokaci guda zuwa wurin 'ap' da daidaita adiresoshin IP daga cibiyar sadarwar 'st' zuwa 'ap'. Don haka matsalolin ba su da daraja kuma yana da sauƙi ta hanyar NAT.

Bugu da ƙari, akwai cokali mai yatsa esp-lwip daga martin-ger, wanda ke ƙara sauƙin aiwatar da NAT don IP4.

Ko da yake hannayena suna ƙaiƙayi don sake gyara shi da kayan kwalliya kawai (a ganina, ya fi sauƙi ba tare da cokali mai yatsa na aikin ba, amma ta hanyar LWIP).ƙugiya ayyuka da aka ayyana yayin taro), amma kasala ta yi nasara kuma ana amfani da zaɓi daga martin-ger kamar yadda yake.

A cikin yanayin mai amfani da na'ura mai ba da hanya tsakanin hanyoyin sadarwa, ana duba zirga-zirga mai shigowa da mai fita IP4.

Musamman, ana fitar da abubuwan masu zuwa daga gare ta don nunawa akan allo da tattara ƙididdiga cikin fayil:

  • Sunan na'urar da ta haɗa zuwa SoftAP ESP32 (fakitin DHCP)
  • URL daga buƙatun DNS ( tashar tashar UDP 53) daga na'urar da aka haɗa zuwa SoftAP ESP32.

Bugu da ƙari, zaku iya kunna rikodin zirga-zirga zuwa fayil na PCAP.

Wannan yanayin yana da matukar amfani, misali, don gane, misali, abin da wayarka ke aikawa zuwa cibiyar sadarwa da kuma inda ta shiga.

Kuna iya tunanin wasu hanyoyin da za a yi amfani da wannan yanayin, la'akari da ikon sarrafa gaba ɗaya softAP ESP32 mai shigowa da zirga-zirgar zirga-zirgar zirga-zirgar ababen hawa a matakin haɗin yanar gizo: Ehernet header (destMAC [6] + srcMAC [6] + type[2]) + kaya (IP4, IP6, DCHP, da dai sauransu nau'in).

A ka'ida, ESP32 yana da kyau sosai tare da aikin WiFi-> WiFi na'ura mai ba da hanya tsakanin hanyoyin sadarwa, yana wucewa ta al'ada zirga-zirga ba tare da wani jinkiri ba. A zahiri, jinkiri a wayar da aka haɗa ta hanyar mai ba da hanya tsakanin hanyoyin sadarwa akan ESP32 ba a iya gani.

Abin takaici, Espressif API ba shi da ikon saita tacewa don MAC da aka haɗa zuwa SoftAP EPS32. Madadin haka, an ba da shawarar cewa “bankwana” (esp_wifi_deauth_sta) zuwa STAs da aka riga aka haɗa waɗanda “ba a so”.

Tace ta MAC don haɗin STAs dole ne a yi ta hanyar esp_wifi_deauth_sta() kiran

A ƙarshe

Kodayake ban fito da wani sabon abu ba a cikin tsarin aiki tare da ESP32, watakila sakamakon (lambar tushe) zai zama mai ban sha'awa ga wani.

Ina so in lura cewa an rubuta lambar don dalilai na ilimi kawai. Don "hacking", da dai sauransu, an yi shi da gangan bai dace sosai ba.

Ban yi allon da'ira da aka buga ba saboda ya ɗauki sa'o'i 1.5-2 don siyar da gyale da aka gama da waya.

Kuma idan kun yi, kuna buƙatar tara shi ba daga allunan da aka shirya ba, amma daga abubuwan da aka haɗa. Sa'an nan kuma girma zai zama ma karami.

source: www.habr.com

Add a comment