Yintoni eyandinika umbono wokwenza isixhobo sepokotho sokuhlalutya iinethiwekhi zeWiFi yayi .
Enkosi kubo ngombono. Ndandingenanto yokwenza.
Wonke umsebenzi wenziwa njengenxalenye yokuzilibazisa ngenjongo yokuzonwabisa kunye nokwandisa ulwazi lwam kwicandelo lobuchwepheshe benethiwekhi. Kancinci, iiyure ze-1..4 ngeveki, ukususela ekuqaleni kwalo nyaka.
Andizange ndicwangcise naluphi na ukusetyenziswa okubonakalayo. Ezo. Esi AYISIsixhobo se-hacker.
Okwangoku, yonke imisebenzi ecwangcisiweyo iyasebenza. Yonke imithombo, ilungele ngokupheleleyo ukuhlanganisana, . Kukho nemiyalelo yendibano, njl. Kule nqaku, andiyi kuphinda ndiphindaphinda ulwazi oluthunyelwe kwi-github. Ndiza kukuxelela kuphela into endiyibona iyimfuneko ukuyichaza ngokwahlukeneyo.
Uluvo lwam malunga "nesixhobo sendalo yonke" kunye nesizathu sokukhetha i-ESP32
Andibangi ukuba ndiyinyani. Wonke umntu uneyakhe. Ndiza kuzama ukuthethelela ukhetho lwam lwehardware.
imeko yokusetyenziswa kwendibaniselwano yeLinux (ekuqaleni iRaspberry Pi) + "iiperipherals" ngendlela yomlawuli (STM32) + CC1110 (8051 core) kunye nesicwangciso sokukrazula yonke into enokwenzeka apho (125kHz, NFC, 433mHz, USB, iButton, bluetooth, ?) ayikhange indifanelekele. Nangona kunjalo, Kubonakala ngathi iya kuhlala iyimfihlo kwaye ivaliwe (i-flipper-zero github "Lo mbutho awunazo iindawo zokugcina zikawonkewonke.") kwaye waya kwi-hardware eqhelekileyo.
Mhlawumbi andilunganga, kwaye kwixesha elizayo ababhali baya kwenza ukuba imithombo yesoftware ifumaneke esidlangalaleni. Kodwa ukuba akunjalo, ke andizukuthenga isiqwenga esinjalo sehardware ngaphandle kwekhowudi yomthombo.
Iimfuno zam ze "sixhobo"
Ibhokisi kufuneka ibe yincinci (incinci ingcono).
Ke ngoko:
- Akukho bhetri eyakhelwe-ngaphakathi efunekayo. Ngombane wangoku> 100 mA xa usebenza ne-Wifi, ibhetri eyakhelweyo iya kuba nkulu okanye ingahlali ixesha elide. Ngoko ke, vumela "ibhokisi" inikwe amandla yibhanki yamandla esemgangathweni. Ngapha koko, ndihlala ndinebhanki yamandla epokothweni/emotweni yam.
- Gcina "ibhokisi" yeLinux enezixhobo ngaphakathi, ibhalwe kwiminyaka emininzi kuzo zonke iilwimi Ngesikrini esincinci kunye neseti encinci yamaqhosha okulawula, ayinangqiqo. Iziphumo zinokujongwa/zisetyenzwe kwilaptop eqhelekileyo ngekhibhodi epheleleyo kunye nesikrini.
- Amacandelo kufuneka afikeleleke ngokulula kwaye aziwe ngokubanzi (i-SDK ekhoyo, imizekelo emininzi kunye namaxwebhu).
Ngenxa yoko, kum, ukhetho lwalucacile - ESP32.
Kuyo yonke imisebenzi echazwe kwinqaku elindikhuthaze ukuba ndithathe inyathelo, ubunakho be-ESP32 banele. Nangona eyona nto ndisafuna ukuyenza yile:
- Dlala ngeBluetooth.
- Dlala malunga noluhlu lwe-433mHz ngeyona nto ilula yehardware (kuphela kwe-amplitude modulation, eyaneleyo kwiimfuno ezisebenzayo).
Bhabha kwi-ointment kwi-ESP32
- I-ESP32 SDK (IDF) ayicacanga noko.
- Eminye yemisebenzi (isitaki seWiFi, umzekelo) siza ngaphandle kwekhowudi yomthombo ngendlela yeelayibrari ezimileyo ezidityanisiweyo.
- Ibhendi ye-5gHz ayixhaswanga kwaye kukho imida kunye nobunzima ekusebenzeni nge-WiFi.
Kodwa ixabiso / ubungakanani buhlawulela ngokupheleleyo ezi ntsilelo.
Ukusebenza kwesoftware ephambili
Ndiza kuchaza ngokufutshane ukusebenza kunye noluvo lwam malunga...
Ukulawula useto kunye nokufaka iifayile kwi-SD
Lonke ulawulo lwangaphandle lwenziwa ngephepha leWeb elilula, eliqaliswe kwinto yemenyu eyahlukileyo. I-ESP32 iqala kwimowudi ye-WiFi AP kwaye ibonisa iphepha kwidilesi ye-IP esisigxina.
Nangona ii-cores ze-ESP32 zikhawuleza kakhulu, njengoko uvavanyo lubonisile, ukusebenza ngaxeshanye kwenkonzo yeWebhu eyakhelweyo kwaye, umzekelo, imowudi ye-router ayihambelani kakhulu. Ngoko ke, akukho ulawulo oluguquguqukayo kwaye iphepha alifumaneki kuzo zonke ezinye iindlela.
Ngaphezu koko, ulawulo oluguquguqukayo alufuneki ngeenjongo zophando.
Indlela yokusebenza ngeephakheji zeBeacon
Iimowudi zi-banal kwaye azinomdla kakhulu. Yenziwe "kuba inokwenzeka." Ukuze itshekhi.
Kukho imizekelo kwimizekelo esemthethweni ye-Espressif.
Uluhlu lwe-AP lwemowudi yokuskena.
Ngokwenyani, nayiphi na i-smartphone inokwenza oku.
Ewe, kule mowudi uluhlu lwe-AP luya kugcinwa.
Beacon spammer.
I-ESP32 iqala njenge-AP nge-SSID efihliweyo kunye ne-MAC engahleliwe kwaye iqala ukuthumela [isakhelo sebhikhoni] ngokoluhlu oludalwe kwangaphambili lwe-SSIDs (eyenziwe ngesandla okanye efunyenwe ngaphambili ngokuskena uluhlu lwe-AP)
Imowudi yokusezela ipakethi yeWiFi
Abaphuhlisi be-Espressif bongeze amandla esoftware yesicelo ukufumana zonke iipakethi zeWiFi "ezibhabha emoyeni" ngomsebenzi wokufowuna. Ngokwenyani ayizizo zonke, kuba unokuseta kuphela indlela yetshaneli enye esisigxina.
Izithintelo zexesha ezingqongqo kakhulu zibekwe ekuqhubeni umsebenzi wokufowuna. Ukuba oku akubangeli iingxaki kwimowudi yokuqokelela izibalo ezilula, ngoko kwimodi yokurekhoda yefayile ye-PCAP kwikhadi le-SD kwafuneka ndifake i-tinker, ndiququzelele ukurekhoda ngomgca kwimemori kunye ne-semaphores. Ukuthathela ingqalelo into ekhethekileyo yokuba inkqubo yokufowuna i-callback iqhuba kumbindi omnye, kunye nenkqubo ebhalela i-SD kwenye.
Ngexesha "lomoya onomsindo", ezinye iipakethi zilahlekile (akukho ndawo emgceni kwaye zilahliwe), kodwa "ngomoya" oqhelekileyo wendlu ngokuhlwa (5..7 APs ngaphakathi kokubonakala), ukurekhoda kwi-PCAP igqityiwe ngaphandle kokulahleka kwepakethi.
Ukongezelela, kwi-PCAP yokubeka iliso kunye nokurekhoda, kukho imodi yokucoca ngokusekelwe kuluhlu lwe-MAC kwiintloko zepakethe.
Umzekelo, unokujonga inkangeleko yomntu kwiklabhu / kwikhefi ngaphambi kokuba angene okanye avele emehlweni. Bambalwa abantu abakhubaza i-WiFi kunye noqhagamshelo oluzenzekelayo kwii-APs ezaziwayo. (ndiyayicima ngoku..)
Ukujonga itrafikhi erekhodiweyo eWireshark kuyafundisa kwaye kunomdla wokuqonda iimephu-konke kuyasebenza.
Imowudi yokusebenza ngeepakethe zokuthetha
Ngokungagqibekanga, ukuthumela ezi phakheji akuvumelekanga kwithala leencwadi libnet80211, eliza ngaphandle kwemithombo. Kodwa kulula ukuyilungisa ngokudibanisa amasuntswana ambalwa. Ekuqaleni ndiye ndathandabuza ukuba kufanelekile ukuthumela ipatch. Kodwa emva kokujikeleza iindawo ezahlukeneyo kuvuliwe imowudi yesakhelo sokunganyaniseki, ndacinga: "yintoni isihogo." Ngaphezu koko, kwi-esp8266 ukuhanjiswa kwezi phakheji akuvaliwe kwaye kukho iindibano kwi-github ye-esp8266.
Kwiindawo ezininzi (andiyi kuthetha phi) ukunyanzeliswa kwee-AP ezingafunekiyo ngale ndlela isetyenziswa. Kwaye aba ayingo "bullies"...
Kwaye ndothuswa kukuba ukuhanjiswa kwam kwi-Intanethi kwifowuni yam akuzange kusebenze kwezinye iindawo...
Imowudi yokulandelela inombolo kunye ne-RSSI yeepakethi ezinjalo iluncedo kakhulu ukuqonda "apho ii-APs zasekhohlo zingathandi."
imowudi yerouter
Olu phawu mhlawumbi lolona lunomdla kuzo zonke ukuba luphonononge.
I-ESP32 ixhasa ukusebenza ngaxeshanye kwimo ye-STA + SoftAP. Ke ngoko, unokusebenzisa i-router ye-NAT yakudala kuyo.
Ukuxhasa istaki sothungelwano, i-Espressif isebenzisa ifolokhwe (engatshintshwanga ngokupheleleyo) yelayibrari ye-lwip.
Kodwa, ngokungagqibekanga, kulwakhiwo olusemgangathweni, ilayibrari ye-esp-lwip ayiboneleli phambili phakathi kwe-netif yojongano 'ap' (SoftAP) kunye ne'st' (STA).
Ewe, ungayenza ngaphandle kwe-NAT, kodwa kukho ingxaki ngokudibanisa ngaxeshanye ii-STA ezimbini okanye ngaphezulu kujongano lwe-'ap' kunye nongqamaniso lweedilesi ze-IP ukusuka kujongano lwenethiwekhi 'st' ukuya 'ap'. Ke ubunzima abufanelanga kwaye kulula nge-NAT.
Ngaphezu koko, kukho ifolokhwe esp-lwip esuka kwi-martin-ger, eyongeza ukuphunyezwa okulula kwe-NAT ye-IP4.
Nangona izandla zam zazirhawuzelelwa ukuyibuyisela ngokucokisekileyo (ngokoluvo lwam, bekulula ngaphandle kwefolokhwe yeprojekthi, kodwa nge-LWIPumkhala imisebenzi echazwe ngexesha lendibano), kodwa ukonqena kwabakho kwaye ukhetho oluvela kwi-martin-ger lusetyenziswa njengoko lunjalo.
Kwimowudi ye-router, i-IP4 traffic engenayo nephumayo ijongwa.
Ngokukodwa, oku kulandelayo kutsalwa kuyo ukuze kuboniswe kwiscreen kunye nokuqokelela izibalo kwifayile:
- Igama lesixhobo esiqhagamshelwe kwiSoftAP ESP32 (iipakethi zeDHCP)
- I-URL evela kwizicelo ze-DNS (i-UDP port 53) ukusuka kwisixhobo esiqhagamshelwe kwiSoftAP ESP32.
Ukongeza, unokwenza ukurekhoda kwetrafikhi kwifayile yePCAP.
Le ndlela iluncedo kakhulu, umzekelo, ukuqonda, umzekelo, ukuba ifowuni yakho ithumela ntoni kwinethiwekhi kunye nalapho iya khona.
Unokucinga ngezinye iindlela zokusebenzisa le mowudi, uthathela ingqalelo amandla okulawula ngokupheleleyo i-softAP ESP32 yetrafikhi engenayo nephumayo kwinqanaba lojongano lwenethiwekhi: I-header ye-Ehernet (destMAC[6]+srcMAC[6]+uhlobo[2]) + umthwalo wokuhlawula (IP4, IP6, DCHP, njl. uhlobo).
Ngokomgaqo, i-ESP32 ihlangabezana kakuhle ne-WiFi-> WiFi router umsebenzi, idlula kwi-traffic eqhelekileyo ngaphandle kokulibaziseka okukhethekileyo. Ngokufanelekileyo, ukulibaziseka kwifowuni eqhagamshelwe nge-router kwi-ESP32 ayibonakali.
Ngelishwa, i-Espressif API ayinakho ukuseta isihluzi se-MAC esiqhagamshelwe kwiSoftAP EPS32. Endaweni yoko, kucetywa ukuba kuthiwe "goodbye" (esp_wifi_deauth_sta) kwii-STA esele ziqhagamshelwe "ezingafunwayo".
Uhluzo nge-MAC yee-STAs eziqhagamshelweyo kwafuneka zenziwe nge- esp_wifi_deauth_sta() umnxeba.
Ekugqibeleni
Nangona andizange ndize nantoni na entsha ngaphakathi kwesakhelo sokusebenza kunye ne-ESP32, mhlawumbi umphumo (ikhowudi yomthombo) iya kuba nomdla kumntu.
Ndingathanda ukuqaphela ukuba ikhowudi yabhalelwa kuphela iinjongo zemfundo. Ukwenzela "i-hacking", njl., yenziwe ngamabom ukuba ingabi lula kakhulu.
Andizange ndenze ibhodi yesiphaluka eprintiweyo kuba kuthathe iiyure ze-1.5-2 ukuthengisa izikhafu ezigqityiweyo ngocingo.
Kwaye ukuba wenza, kufuneka udibanise kungekhona kwiibhodi esele zenziwe, kodwa kumacandelo ngamanye. Emva koko imilinganiselo iya kuba yincinci ngakumbi.
umthombo: www.habr.com