Wata rana ina buƙatar bincika hanyoyin sadarwar Wi-Fi daga aikace-aikacen Android kuma in sami cikakkun bayanai game da wuraren shiga.
A nan mun fuskanci matsaloli da yawa:
Wannan labarin ya tattauna yadda ake samun cikakkun bayanai game da yanayin Wi-Fi daga lambar Android ba tare da NDK ba, hacks, amma ta amfani da Android API kawai da fahimtar yadda ake fassara shi.
Kada mu jinkirta mu fara rubuta code.
1. Ƙirƙiri aikin
Wannan bayanin an yi shi ne ga waɗanda suka ƙirƙiri aikin Android fiye da sau ɗaya, don haka mun bar cikakkun bayanai game da wannan abun. Za a gabatar da lambar da ke ƙasa a cikin Kotlin, minSdkVersion=23.
2. Samun izini
Don aiki tare da Wi-Fi daga aikace-aikacen, kuna buƙatar samun izini da yawa daga mai amfani. Daidai da
Don haka, a cikin AndroidManifest.xml za mu ƙara:
<uses-permission android_name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android_name="android.permission.ACCESS_WIFI_STATE" />
<uses-permission android_name="android.permission.CHANGE_WIFI_STATE" />
<uses-permission android_name="android.permission.ACCESS_FINE_LOCATION"/>
Kuma a cikin lambar da ta ƙunshi hanyar haɗi zuwa Ayyukan yanzu:
import android.app.Activity
import android.content.Context
import android.location.LocationManager
import androidx.core.app.ActivityCompat
....
if (android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.O) {
ActivityCompat.requestPermissions(
activity,
arrayOf(Manifest.permission.ACCESS_FINE_LOCATION, Manifest.permission.CHANGE_WIFI_STATE),
1
)
makeEnableLocationServices(activity.applicationContext)
} else {
ActivityCompat.requestPermissions(
activity,
arrayOf(Manifest.permission.CHANGE_WIFI_STATE),
1
)
}
/* включает экран включения службы по определению местоположения */
fun makeEnableLocationServices(context: Context) {
// TODO: перед вызовом этой функции надо рассказать пользователю, зачем Вам доступ к местоположению
val lm: LocationManager =
context.applicationContext.getSystemService(Context.LOCATION_SERVICE) as LocationManager
val gpsEnabled: Boolean = lm.isProviderEnabled(LocationManager.GPS_PROVIDER);
val networkEnabled: Boolean = lm.isProviderEnabled(LocationManager.NETWORK_PROVIDER);
if (!gpsEnabled && !networkEnabled) {
context.startActivity(Intent(ACTION_LOCATION_SOURCE_SETTINGS));
}
}
3. Ƙirƙiri mai karɓar Watsa shirye-shirye da biyan kuɗi zuwa abubuwan sabunta bayanai game da duba yanayin cibiyar sadarwar Wi-Fi
val wifiManager = context.getSystemService(Context.WIFI_SERVICE) as WifiManager
val wifiScanReceiver = object : BroadcastReceiver() {
override fun onReceive(context: Context, intent: Intent) {
val success = intent.getBooleanExtra(WifiManager.EXTRA_RESULTS_UPDATED, false)
if (success) {
scanSuccess()
}
}
}
val intentFilter = IntentFilter()
/* подписываемся на сообщения о получении новых результатов сканирования */
intentFilter.addAction(WifiManager.SCAN_RESULTS_AVAILABLE_ACTION)
context.registerReceiver(wifiScanReceiver, intentFilter)
val success = wifiManager.startScan()
if (!success) {
/* что-то не получилось при запуске сканирования, проверьте выданые разрешения */
}
....
private fun scanSuccess() {
/* вот они, результаты сканирования */
val results: List<ScanResult> = wifiManager.scanResults
}
Hanyar WiFiManager.startScan a cikin takaddun ana yiwa alama a matsayin wanda aka yanke tun daga sigar API 28, amma a kashe.
Gabaɗaya, mun karɓi jerin abubuwa
4. Dubi ScanResult kuma ku fahimci sharuɗɗan
Bari mu kalli wasu fagagen wannan ajin mu bayyana ma’anarsu:
SSID — Sabis Saitin Identifier shine sunan cibiyar sadarwa
BSSID - Mai gano Saitin Sabis na asali - adireshin MAC na adaftar cibiyar sadarwa (maki Wi-Fi)
matakin - Alamar Ƙarfin Sigin da aka karɓa [dBm (DBm na Rasha) - Decibel, ikon tunani 1 mW.] - Mai nuna ƙarfin siginar da aka karɓa. Yana ɗaukar ƙima daga 0 zuwa -100, ƙari daga 0, ƙarin ƙarfin sigina ya ɓace akan hanya daga wurin Wi-Fi zuwa na'urarka. Ana iya samun ƙarin cikakkun bayanai, misali, a
val wifiManager = context.applicationContext.getSystemService(Context.WIFI_SERVICE) as WifiManager
val numberOfLevels = 5
val level = WifiManager.calculateSignalLevel(level, numberOfLevels)
mita - Mitar aiki na wurin Wi-Fi [Hz]. Baya ga mitar kanta, kuna iya sha'awar abin da ake kira tashar. Kowane batu yana da tsarkin aikinsa. A lokacin rubutu, mafi mashahuri kewayon Wi-Fi maki shine 2.4 GHz. Amma, don zama madaidaici, batu yana aika bayanai zuwa wayarka a mitoci masu lamba kusa da wanda ake suna. Yawan tashoshi da mitoci masu dacewa
/* по частоте определяем номер канала */
val channel: Int
get() {
return if (frequency in 2412..2484) {
(frequency - 2412) / 5 + 1
} else if (frequency in 5170..5825) {
(frequency - 5170) / 5 + 34
} else {
-1
}
}
damar - filin mafi ban sha'awa don bincike, aiki tare da wanda ya buƙaci lokaci mai yawa. Anan an rubuta "ikon" na batu a cikin layi. A wannan yanayin, ba dole ba ne ka nemi cikakkun bayanai na fassarar kirtani a cikin takaddun. Ga wasu misalan abin da zai iya kasancewa cikin wannan layin:
[WPA-PSK-TKIP+CCMP][WPA2-PSK-TKIP+CCMP][WPS][ESS]
[WPA2-PSK-CCMP][ESS]
[WPA2-PSK-CCMP+TKIP][ESS]
[WPA-PSK-CCMP+TKIP][WPA2-PSK-CCMP+TKIP][ESS]
[ESS][WPS]
5. Fahimtar gajarta da iyawa
Yana da kyau a ambata cewa azuzuwan kunshin android.net.wifi.* ana amfani da su a ƙarƙashin kaho ta hanyar amfani da Linux.
Za mu yi aiki akai-akai. Bari mu fara yin la’akari da fitowar sigar da aka raba abubuwan da ke cikin baka da alamar “-“:
[WPA-PSK-TKIP+CCMP]
[WPA2-PSK-CCMP]
Ma'anar farko tana kwatanta abin da ake kira. hanyar tabbatarwa. Wato, wane jerin ayyuka dole ne na'urar da wurin shiga su yi domin wurin samun damar yin amfani da kansa da kuma yadda za a ɓoye abin da aka biya. A lokacin rubuta wannan sakon, zaɓin da aka fi sani shine WPA da WPA2, wanda ko dai kowace na'urar da aka haɗa kai tsaye ko ta hanyar abin da ake kira. Sabar RADIUS (WPA-Enterprice) tana ba da kalmar sirri ta hanyar rufaffen tasha. Mafi mahimmanci, wurin shiga cikin gidanku yana ba da haɗin kai bisa ga wannan makirci. Bambanci tsakanin sigar ta biyu da ta farko ita ce tana da ƙarfi mai ƙarfi: AES tare da TKIP mara tsaro. WPA3, wanda ya fi rikitarwa kuma ya ci gaba, shi ma a hankali ana ƙaddamar da shi. A ka'ida, ana iya samun zaɓi tare da CCKM (Cisco Centralized Key Management), amma ban taɓa cin karo da shi ba.
Wataƙila an saita wurin shiga don tantancewa ta adireshin MAC. Ko, idan wurin samun damar yana ba da bayanai ta amfani da tsohuwar WEP algorithm, to, babu wani tabbaci (maɓallin sirri a nan shine maɓallin ɓoyewa). Muna rarraba irin waɗannan zaɓuɓɓuka kamar SAURAN.
Haka kuma akwai hanyar da ta shahara a cikin wi-fi na jama'a tare da ɓoye Portal Detection - buƙatun tantancewa ta hanyar burauza. Irin waɗannan wuraren samun damar suna bayyana ga na'urar daukar hotan takardu a matsayin a buɗe (wanda suke daga mahangar haɗin jiki). Saboda haka, mun rarraba su a matsayin OPEN.
Ana iya nuna ƙima ta biyu azaman key management algorithm. Wannan siga ce ta hanyar tantancewa da aka kwatanta a sama. Yayi magana akan ainihin yadda ake musayar maɓallan ɓoyewa. Bari mu yi la'akari da yiwuwar zažužžukan. EAP - ana amfani da shi a cikin WPA-Enterprice da aka ambata, yana amfani da bayanai don tabbatar da shigar da bayanan tabbatarwa. SAE - ana amfani da shi a cikin ci gaba WPA3, mafi juriya ga ƙarfi. PSK - zaɓin da aka fi sani da shi, ya haɗa da shigar da kalmar sirri da watsa shi a cikin rufaffen tsari. IEEE8021X - bisa ga ma'auni na duniya (bambanta da wanda dangin WPA ke goyan bayan). OWE (Yin boye-boye mara waya ta dama) kari ne na ma'aunin IEEE 802.11 don maki da muka rarraba a matsayin OPEN. OWE yana tabbatar da tsaron bayanan da ake watsawa akan hanyar sadarwa mara tsaro ta hanyar rufaffen su. Wani zaɓi kuma yana yiwuwa lokacin da babu maɓallan shiga, bari mu kira wannan zaɓin BA KOWA.
Siga na uku shine abin da ake kira. tsare-tsaren boye-boye - yadda ake amfani da sifar daidai don kare bayanan da aka watsa. Bari mu lissafa zaɓuɓɓukan. WEP - yana amfani da madaidaicin rafi na RC4, maɓalli na sirri shine maɓallin ɓoyewa, wanda ake ganin ba za'a yarda da shi ba a duniyar cryptography na zamani. TKIP - ana amfani dashi a WPA, CKIP - a cikin WPA2. TKIP+CKIP - za'a iya ƙayyade shi a cikin maki masu iya WPA da WPA2 don dacewa ta baya.
Maimakon abubuwa uku, zaku iya samun alamar WEP kaɗai:
[WEP]
Kamar yadda muka tattauna a sama, wannan ya isa kada a ƙayyade algorithm don amfani da maɓalli, wanda ba ya wanzu, da kuma hanyar ɓoyewa, wanda yake daidai da tsoho.
Yanzu la'akari da wannan sashi:
[ESS]
wannan Yanayin aiki na Wi-Fi ko Wi-Fi cibiyar sadarwa topology. Kuna iya haɗu da yanayin BSS (Basic Service Set) - lokacin da akwai wurin shiga guda ɗaya wanda na'urorin da aka haɗa ta hanyar sadarwa suke. Ana iya samunsu akan cibiyoyin sadarwar gida. A matsayinka na mai mulki, ana buƙatar wuraren samun dama don haɗa na'urori daga cibiyoyin sadarwa na gida daban-daban, don haka suna cikin ɓangaren Ƙarfafa Sabis - ESS. Nau'in IBSSs (Independent Basic Service Sets) yana nuna cewa na'urar wani yanki ne na hanyar sadarwa na Peer-to-Peer.
Hakanan kuna iya ganin tutar WPS:
[WPS]
WPS ( Saitin Kariyar Wi-Fi) ƙa'ida ce don fara aikin cibiyar sadarwa ta Wi-Fi Semi-atomatik. Don farawa, mai amfani ko dai ya shigar da kalmar sirri mai haruffa 8 ko kuma ya danna maballin akan na'ura mai ba da hanya tsakanin hanyoyin sadarwa. Idan wurin samun damar ku na nau'in farko ne kuma wannan akwati ya bayyana kusa da sunan wurin samun damar ku, ana ba ku shawarar zuwa rukunin gudanarwa kuma ku kashe damar WPS. Gaskiyar ita ce sau da yawa ana iya gano lambar PIN mai lamba 8 ta adireshin MAC, ko kuma ana iya daidaita shi a cikin wani lokaci mai yiwuwa, wanda wani cikin rashin gaskiya zai iya amfani da shi.
6. Ƙirƙirar samfuri da aikin tantancewa
Dangane da abin da muka gano a sama, za mu bayyana abin da ya faru ta amfani da azuzuwan bayanai:
/* схема аутентификации */
enum class AuthMethod {
WPA3,
WPA2,
WPA, // Wi-Fi Protected Access
OTHER, // включает в себя Shared Key Authentication и др. использующие mac-address-based и WEP
CCKM, // Cisco
OPEN // Open Authentication. Может быть со скрытым Captive Portal Detection - запрос аутентификации через браузер
}
/* алгоритм ввода ключей */
enum class KeyManagementAlgorithm {
IEEE8021X, // по стандарту
EAP, // Extensible Authentication Protocol, расширяемый протокол аутентификации
PSK, // Pre-Shared Key — каждый узел вводит пароль для доступа к сети
WEP, // в WEP пароль является ключом шифрования (No auth key)
SAE, // Simultaneous Authentication of Equals - может быть в WPA3
OWE, // Opportunistic Wireless Encryption - в роутерах новых поколений, публичных сетях типа OPEN
NONE // может быть без шифрования в OPEN, OTHER
}
/* метод шифрования */
enum class CipherMethod {
WEP, // Wired Equivalent Privacy, Аналог шифрования трафика в проводных сетях
TKIP, // Temporal Key Integrity Protocol
CCMP, // Counter Mode with Cipher Block Chaining Message Authentication Code Protocol,
// протокол блочного шифрования с кодом аутентичности сообщения и режимом сцепления блоков и счетчика
// на основе AES
NONE // может быть без шифрования в OPEN, OTHER
}
/* набор методов шифрования и протоколов, по которым может работать точка */
data class Capability(
var authScheme: AuthMethod? = null,
var keyManagementAlgorithm: KeyManagementAlgorithm? = null,
var cipherMethod: CipherMethod? = null
)
/* Режим работы WiFi (или топология сетей WiFi) */
enum class TopologyMode {
IBSS, // Эпизодическая сеть (Ad-Hoc или IBSS – Independent Basic Service Set).
BSS, // Основная зона обслуживания Basic Service Set (BSS) или Infrastructure Mode.
ESS // Расширенная зона обслуживания ESS – Extended Service Set.
}
Yanzu bari mu rubuta aikin da zai rarraba filin iya aiki:
private fun parseCapabilities(capabilitiesString: String): List < Capability > {
val capabilities: List < Capability > = capabilitiesString
.splitByBrackets()
.filter {
!it.isTopology() && !it.isWps()
}
.flatMap {
parseCapability(it)
}
return
if (!capabilities.isEmpty()) {
capabilities
} else {
listOf(Capability(AuthMethod.OPEN, KeyManagementAlgorithm.NONE, CipherMethod.NONE))
}
}
private fun parseCapability(part: String): List < Capability > {
if (part.contains("WEP")) {
return listOf(Capability(
AuthMethod.OTHER,
KeyManagementAlgorithm.WEP,
CipherMethod.WEP
))
}
val authScheme = when {
part.contains("WPA3") - > AuthMethod.WPA3
part.contains("WPA2") - > AuthMethod.WPA2
part.contains("WPA") - > AuthMethod.WPA
else - > null
}
val keyManagementAlgorithm = when {
part.contains("OWE") - > KeyManagementAlgorithm.OWE
part.contains("SAE") - > KeyManagementAlgorithm.SAE
part.contains("IEEE802.1X") - > KeyManagementAlgorithm.IEEE8021X
part.contains("EAP") - > KeyManagementAlgorithm.EAP
part.contains("PSK") - > KeyManagementAlgorithm.PSK
else - > null
}
val capabilities = ArrayList < Capability > ()
if (part.contains("TKIP") || part.contains("CCMP")) {
if (part.contains("TKIP")) {
capabilities.add(Capability(
authScheme ? : AuthMethod.OPEN,
keyManagementAlgorithm ? : KeyManagementAlgorithm.NONE,
CipherMethod.TKIP
))
}
if (part.contains("CCMP")) {
capabilities.add(Capability(
authScheme ? : AuthMethod.OPEN,
keyManagementAlgorithm ? : KeyManagementAlgorithm.NONE,
CipherMethod.CCMP
))
}
} else if (authScheme != null || keyManagementAlgorithm != null) {
capabilities.add(Capability(
authScheme ? : AuthMethod.OPEN,
keyManagementAlgorithm ? : KeyManagementAlgorithm.NONE,
CipherMethod.NONE
))
}
return capabilities
}
private fun parseTopologyMode(capabilitiesString: String): TopologyMode ? {
return capabilitiesString
.splitByBrackets()
.mapNotNull {
when {
it.contains("ESS") - > TopologyMode.ESS
it.contains("BSS") - > TopologyMode.BSS
it.contains("IBSS") - > TopologyMode.IBSS
else - > null
}
}
.firstOrNull()
}
private fun parseWPSAvailable(capabilitiesString: String): Boolean {
return capabilitiesString
.splitByBrackets()
.any {
it.isWps()
}
}
private fun String.splitByBrackets(): List < String > {
val m = Pattern.compile("[(.*?)]").matcher(this)
val parts = ArrayList < String > ()
while (m.find()) {
parts.add(m.group().replace("[", "").replace("]", ""))
}
return parts
}
private fun String.isTopology(): Boolean {
return TopologyMode.values().any {
this == it.name
}
}
private fun String.isWps(): Boolean {
return this == "WPS"
}
8. Duba sakamakon
Zan duba hanyar sadarwar kuma in nuna muku abin da na samo. An nuna sakamakon sauƙi mai sauƙi ta hanyar Log.d:
Capability of Home-Home [WPA2-PSK-CCMP][ESS][WPS]
...
capabilities=[Capability(authScheme=WPA2, keyManagementAlgorithm=PSK, cipherMethod=CCMP)], topologyMode=ESS, availableWps=true
Ba a bincika batun haɗa zuwa cibiyar sadarwar daga lambar aikace-aikacen ba. Zan ce kawai don karanta kalmar sirri da aka adana daga OS na na'urar hannu, kuna buƙatar haƙƙin tushen haƙƙin haƙƙin haƙƙin haƙƙin haƙƙin haƙƙin haƙƙin haƙƙin haƙƙin haƙƙin haƙƙin haƙƙin haƙƙin haƙƙin tsarin fayil don karanta wpa_supplicant.conf. Idan dabarar aikace-aikacen na buƙatar shigar da kalmar wucewa daga waje, ana iya haɗa haɗin ta cikin aji
Спасибо
Idan kuna tunanin akwai buƙatar ƙara ko gyara wani abu, rubuta a cikin sharhi :)
source: www.habr.com