- 作者:
- 分类:项目&制作->小制作
- 阅读:1391
- 点赞:3
- 难度:
- 版权:CC BY-SA 4.0
- 创建:2019-10-14
- 更新:2019-10-21
使用一个 esp8266 开出多个热点(不可连接)
版权声明:本文为 neucrack 的原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接及本声明。
原文链接(持续更新):https://neucrack.com/p/187
原文链接(持续更新):https://neucrack.com/p/187
原理
根据802.11协议,发现热点使用的是广播,并且是明文,所以在混杂模式下发送beacon帧或者在接收到Probe request之后返回Probe response即可模拟一个热点,接收到Association request 或者其它请求可以不用理会,这里的目的只是生成一个假热点,不会实现连接认证等步骤
IEEE官方网站
可以在这里查看相关资料,也可以百度
beacon帧格式
WiFi的帧格式如下:
关于每个字段的意义,可以看这篇文章
beacon帧type=0,subtype=8。一个典型的beacon帧分析看这里
关于element ID,简单地,可以看这篇文章
beacon帧举例:
uint8_t beacon_frame[]={/*FC*/ 0x80 ,0x0 ,/*DID*/ 0x0 ,0x0 ,/*MAC Addr*/ 0xff ,0xff ,0xff ,0xff ,0xff ,0xff ,0x8 ,0x9b ,0x4b ,0x92 ,0x3e ,0xcd ,0x8 ,0x9b ,0x4b ,0x92 ,0x3e ,0xcd ,/*SC*/ 0x30 ,0x4f ,/*Timestamp*/ 0x80 ,0x51 ,0xcb ,0x68 ,0xd ,0x0 ,0x0 ,0x0 ,/*BeaconInterval*/0x64 ,0x0 ,/*CapabilityInfo*/0x31 ,0x0 ,/*SSID(ElementID(1 Byte)-Length(1 Byte)-Data(Length Bytes))*/0x0 ,28 ,'0','0','0','0','0','0','0','0','0','0','0','0','0','0','0','0','0','0','0','0','0','0','0','0','0','0','0','0',0x1 ,0x8 ,0x82 ,0x84 ,0x8b ,0x96 ,0xc ,0x12 ,0x18 ,0x24 ,/*Below same as SSID,elementID different*/0x3 ,0x1 ,0xb ,0x5 ,0x4 ,0x1 ,0x2 ,0x0 ,0x0 ,0x2a ,0x1 ,0x0 ,0x32 ,0x4 ,0x30 ,0x48 ,0x60 ,0x6c ,0x30 ,0x14 ,0x1 ,0x0 ,0x0 ,0xf ,0xac ,0x4 ,0x1 ,0x0 ,0x0 ,0xf ,0xac ,0x4 ,0x1 ,0x0 ,0x0 ,0xf ,0xac ,0x2 ,0xc ,0x0 ,0x2d ,0x1a ,0xed ,0x11 ,0x1b ,0xff ,0xff ,0x0 ,0x0 ,0x0 ,0x0 ,0x0 ,0x0 ,0x0 ,0x0 ,0x0 ,0x0 ,0x1 ,0x1 ,0x0 ,0xba ,0x0,0xa5, 0x10 ,0xf2 ,0x50 ,0x0 ,0x0 ,0x0 ,0x0 ,0x0 };
为保证所有的beacon帧都能被识别成一个热点,源mac地址应都不一样,最好信道也不一样,经测试,很多手机会过滤mac相同的beacon,只显示其中一个热点
实现
esp8266
8266支持混杂模式,在这个模式下可以接收和发送有限制的底层数据。station模式下进入混杂模式,发送WiFi beacon帧
注意:不能链接任何wifi,先调用wifi_station_disconnect();断开连接,避免自动连接上了wifi
每次发送要确保上一次已经发送完毕了(发送回调函数调用后)再发送
//汉字:2个字节+'\0'==>每个汉字3字节uint8_t ssids[4][28]={{"一、泉眼无声惜细流"},{"二、树阴照水爱晴柔"},{"三、小荷才露尖尖角"},{"四、早有蜻蜓立上头"}};void send_beacon(){static int count=0;wifi_set_channel(count+5);beacon_frame[10] = count+1;beacon_frame[16] = count+1;os_memcpy(beacon_frame+38,ssids[count],28);beacon_frame[78] = count+5;wifi_send_pkt_freedom(beacon_frame,sizeof(beacon_frame),0);os_printf("send %d bytes data,ssid:%s\n",sizeof(beacon_frame),ssids[count]);if(++count ==4)count=0;}void on_reedom_pkg_sent(uint8 status){if(status == 0){//sent succeedos_printf("send beacon success\n");}send_beacon();}wifi_set_opmode(STATION_MODE);wifi_promiscuous_enable(0);wifi_station_disconnect();wifi_set_promiscuous_rx_cb(on_wifi_promiscuous_received);wifi_promiscuous_enable(1);wifi_register_send_pkt_freedom_cb(on_reedom_pkg_sent);send_beacon();
linux
需要网卡及驱动支持混杂模式即可,原理相同
附录
esp8266混杂模式接收到的部分原始数据
接收到的数据先用十六进制输出,然后用ascll码输出
a6 10 15 51 0 0 0 0 0 0 0 0 80 0 0 0 ff ff ff ff ff ff b8 55 10 6 88 f b8 55 10 6 88 f e0 25 ac 3 33 7e 52 1 0 0 64 0 11 4 0 f 54 4f 54 4f 4c 49 4e 4b 5f 30 36 38 38 30 46 1 8 82 84 8b 96 c 12 18 24 3 1 b 5 4 0 1 0 0 2a 1 4 32 4 30 48 60 6c 2d 1a 6e 18 1e ff 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 3d 16 b 1 0 15 1�Q��������U��U��%�3~RdTOTOLINK_06880����$*20H`l-n�=b2 4b 1e 50 a 6a 0 7 40 0 b 0�KPj@a2 10 66 50 0 0 0 0 e2 0 0 0 8 42 0 0 ff ff ff ff ff ff bc d1 77 f ac 7c 0 e0 4c 4f 83 87 20 11 3 23 63 60 0 7 79 7a 70 31 32 30 1 0 66 0 20 11 0 e0 4c 4f 83 87�fPB��������w�|�LO�� #c`yzp120f �LO��b3 4b b7 50 a 4c 4 7 40 0 b 0�K�PL@bb 10 c3 50 0 0 0 0 0 0 0 0 80 0 0 0 ff ff ff ff ff ff 16 cf 92 37 bd a2 16 cf 92 37 bd a2 70 ed 80 b5 ed 73 52 1 0 0 64 0 31 4 0 7 70 72 69 6e 74 65 72 1 8 82 84 8b 96 c 12 18 24 3 1 b 5 4 1 2 0 0 7 6 30 30 20 1 b 14 2a 1 0 32 4 30 48 60 6c 30 14 1 0 0 f ac 4 1 0 0 f ac 4 1 0 0 f ac 2 c 0 2d 1a 6c 11 1b ff 0 0 0 1 0 c3 0��P�������ϒ7��ϒ7��p퀵�sRd1printe����$00*20H`l0���-l��ab 0 4 51 0 0 0 0 0 0 0 0 50 0 3a 1 e8 b4 c8 ad e2 47 b8 55 10 69 aa 82 b8 55 10 69 aa 82 20 61 2b 5e bc f6 28 3 0 0 64 0 11 4 0 4 31 30 31 31 1 8 82 84 8b 96 c 12 18 24 3 1 b 2a 1 0 32 4 30 48 60 6c 2d 1a 6e 18 1e ff ff 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 3d 16 b 7 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 4 1�QP:�ȭ�G�Ui���Ui�� a+^��(d101����$*20H`l-n��=a8 4b 12 50 85 7e 0 6 40 0 b 0�KP�~@ac 10 a 51 0 0 0 0 0 0 0 0 80 0 0 0 ff ff ff ff ff ff b8 55 10 69 aa 82 b8 55 10 69 aa 82 30 61 73 21 bd f6 28 3 0 0 64 0 11 4 0 4 31 30 31 31 1 8 82 84 8b 96 c 12 18 24 3 1 b 5 4 0 1 0 0 2a 1 4 32 4 30 48 60 6c 2d 1a 6e 18 1e ff ff 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 3d 16 b 7 0 0 0 0 0 0 0 0 0 0 1 0 a 1�Q��������Ui���Ui��0as!��(d101����$*20H`l-n��=a7 4b 12 50 85 70 0 6 40 0 b 0�KP�p@a3 10 2d 51 0 0 0 0 0 0 0 0 80 0 0 0 ff ff ff ff ff ff a8 ad 3d c1 32 14 a8 ad 3d c1 32 14 40 94 76 51 92 ff 2a 2 0 0 64 0 11 4 0 d 43 68 69 6e 61 4e 65 74 2d 4e 72 48 4b 1 8 82 84 8b 96 c 12 18 24 3 1 b 5 4 0 1 0 0 2a 1 4 32 4 30 48 60 6c 2d 1a 2c 18 1e ff ff 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 3d 16 b 0 0 1 0 2d 1�-Q���������=�2��=�2@�vQ��*dChinaNet-NrH����$*20H`l-,��=-b7 4b 99 50 7 fe 5 16 e2 0 0 0 88 42 2c 0 28 b2 bd 43 61 38 8 9b 4b 92 3e cd 0 1a 20 e0 2 ee 0 6b 0 0 2c 67 0 20 0 0 12 88 43 35 1 0 fe 5 0 6b 0 1a 20 e0 2 ee�K�P���B,(��Ca�K�>� ��k,g �C5�k ��b2 4b 18 50 b 5e 0 7 40 0 b 0�KP^@9e 10 d7 50 0 0 0 0 0 0 0 0 80 0 0 0 ff ff ff ff ff ff 24 69 68 c3 6a ee 24 69 68 c3 6a ee 30 8 7 9 9 af 51 0 0 0 64 0 31 4 0 b 4c 61 6f 43 68 61 6e 67 53 68 61 1 8 82 84 8b 96 c 12 18 24 3 1 b 5 7 0 1 0 0 0 0 0 2a 1 0 32 4 30 48 60 6c 2d 1a 6e 10 3 ff ff 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 3d 16 b 7 1 0 d7 0��P�������$ih�j�$ih�j�0 �Qd1LaoChangSh����$*20H`l-n��=�a6 4b 12 50 87 74 0 1f c3 0 b 0�KP�t�a7 10 15 51 0 0 0 0 0 0 0 0 80 0 0 0 ff ff ff ff ff ff b8 55 10 6 88 f b8 55 10 6 88 f 20 26 e6 41 39 7e 52 1 0 0 64 0 11 4 0 f 54 4f 54 4f 4c 49 4e 4b 5f 30 36 38 38 30 46 1 8 82 84 8b 96 c 12 18 24 3 1 b 5 4 0 1 0 0 2a 1 4 32 4 30 48 60 6c 2d 1a 6e 18 1e ff 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 3d 16 b 1 0 15 1�Q��������U��U� &�A9~RdTOTOLINK_06880����$*20H`l-n�=bc 10 c3 50 0 0 0 0 0 0 0 0 80 0 0 0 ff ff ff ff ff ff 16 cf 92 37 bd a2 16 cf 92 37 bd a2 a0 ed 81 65 f2 73 52 1 0 0 64 0 31 4 0 7 70 72 69 6e 74 65 72 1 8 82 84 8b 96 c 12 18 24 3 1 b 5 4 0 2 0 0 7 6 30 30 20 1 b 14 2a 1 0 32 4 30 48 60 6c 30 14 1 0 0 f ac 4 1 0 0 f ac 4 1 0 0 f ac 2 c 0 2d 1a 6c 11 1b ff 0 0 0 1 0 c3 0��P�������ϒ7��ϒ7����e�sRd1printe����$00*20H`l0���-l��a0 10 d7 50 0 0 0 0 0 0 0 0 80 0 0 0 ff ff ff ff ff ff 24 69 68 c3 6a ee 24 69 68 c3 6a ee 40 8 8 99 a af 51 0 0 0 64 0 31 4 0 b 4c 61 6f 43 68 61 6e 67 53 68 61 1 8 82 84 8b 96 c 12 18 24 3 1 b 5 7 0 1 0 0 0 0 0 2a 1 0 32 4 30 48 60 6c 2d 1a 6e 10 3 ff ff 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 3d 16 b 7 1 0 d7 0��P�������$ih�j�$ih�j�@�Qd1LaoChangSh����$*20H`l-n��=�aa 4b 12 50 85 8c 0 6 40 0 b 0�KP��@ad 10 a 51 0 0 0 0 0 0 0 0 80 0 0 0 ff ff ff ff ff ff b8 55 10 69 aa 82 b8 55 10 69 aa 82 60 61 73 d1 c1 f6 28 3 0 0 64 0 11 4 0 4 31 30 31 31 1 8 82 84 8b 96 c 12 18 24 3 1 b 5 4 0 1 0 0 2a 1 4 32 4 30 48 60 6c 2d 1a 6e 18 1e ff ff 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 3d 16 b 7 0 0 0 0 0 0 0 0 0 0 1 0 a 1�Q��������Ui���Ui��`as���(d101����$*20H`l-n��=be 10 c3 50 0 0 0 0 0 0 0 0 80 0 0 0 ff ff ff ff ff ff 16 cf 92 37 bd a2 16 cf 92 37 bd a2 b0 ed 80 f5 f3 73 52 1 0 0 64 0 31 4 0 7 70 72 69 6e 74 65 72 1 8 82 84 8b 96 c 12 18 24 3 1 b 5 4 1 2 0 0 7 6 30 30 20 1 b 14 2a 1 0 32 4 30 48 60 6c 30 14 1 0 0 f ac 4 1 0 0 f ac 4 1 0 0 f ac 2 c 0 2d 1a 6c 11 1b ff 0 0 0 1 0 c3 0��P�������ϒ7��ϒ7������sRd1printe����$00*20H`l0���-l��a7 4b 2a 50 87 55 2 1f c3 0 b 0�K*P�U�b5 10 ba 50 0 0 0 0 0 0 0 0 80 0 0 0 ff ff ff ff ff ff 8 9b 4b 92 3e cd 8 9b 4b 92 3e cd 10 72 a 64 67 10 b 0 0 0 64 0 31 0 0 6 76 61 6e 6b 69 61 1 8 82 84 8b 96 c 12 18 24 3 1 b 5 4 1 2 0 0 2a 1 0 32 4 30 48 60 6c 30 14 1 0 0 f ac 4 1 0 0 f ac 4 1 0 0 f ac 2 c 0 2d 1a ed 11 1b ff ff 0 0 0 0 0 0 0 0 0 0 1 1 0 ba 0��P�������K�>�K�>�rdgd1vanki����$*20H`l0���-����b7 4b 99 50 7 f8 5 16 e2 0 0 0 88 42 2c 0 28 b2 bd 43 61 38 8 9b 4b 92 3e cd 0 1a 20 e0 2 ee 50 6b 0 0 31 67 0 20 0 0 64 0 31 0 1 0 f8 5 50 6b 0 1a 20 e0 2 ee�K�P���B,(��Ca�K�>� ��Pk1g d1�Pk ��ab 4b 12 50 85 86 0 6 40 0 b 0�KP��@b2 4b 18 50 b 5e 0 7 40 0 b 0�KP^@b8 9 1e 50 0 0 0 0 0 0 0 0 c8 11 2c 0 8 9b 4b 92 3e cd 78 4f 43 67 9f e9 8 9b 4b 92 3e cd 50 bb 6 0 0 0 f5 db 51 a0 0 a8 6f ae 1 0 1e 0 50 bb 8 9b 4b 92 3e cd� P��K�>�xOCg��K�>�P���Q��o�P�K�>�ac 10 a 51 0 0 0 0 0 0 0 0 80 0 0 0 ff ff ff ff ff ff b8 55 10 69 aa 82 b8 55 10 69 aa 82 70 61 73 61 c3 f6 28 3 0 0 64 0 11 4 0 4 31 30 31 31 1 8 82 84 8b 96 c 12 18 24 3 1 b 5 4 0 1 0 0 2a 1 4 32 4 30 48 60 6c 2d 1a 6e 18 1e ff ff 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 3d 16 b 7 0 0 0 0 0 0 0 0 0 0 1 0 a 1�Q��������Ui���Ui��pasa��(d101����$*20H`l-n��=aa 4b 12 50 85 8b 0 6 40 0 b 0�KP��@a9 4b 12 50 85 7c 0 6 40 0 b 0�KP�|@b3 10 ba 50 0 0 0 0 0 0 0 0 80 0 0 0 ff ff ff ff ff ff 8 9b 4b 92 3e cd 8 9b 4b 92 3e cd 20 72 74 8 69 10 b 0 0 0 64 0 31 0 0 6 76 61 6e 6b 69 61 1 8 82 84 8b 96 c 12 18 24 3 1 b 5 4 0 2 0 0 2a 1 0 32 4 30 48 60 6c 30 14 1 0 0 f ac 4 1 0 0 f ac 4 1 0 0 f ac 2 c 0 2d 1a ed 11 1b ff ff 0 0 0 0 0 0 0 0 0 0 1 1 0 ba 0��P�������K�>�K�>� rid1vanki����$*20H`l0���-����a4 10 d8 50 0 0 0 0 0 0 0 0 80 0 0 0 ff ff ff ff ff ff 28 2c b2 80 a2 6 28 2c b2 80 a2 6 50 3b 80 e9 b1 76 52 1 0 0 64 0 31 4 0 c 63 68 69 70 72 69 73 65 30 30 30 31 1 8 82 84 8b 96 c 12 18 24 3 1 b 5 7 0 1 1 0 0 0 0 2a 1 0 32 4 30 48 60 6c 2d 1a 6e 10 3 ff ff 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 3d 16 b 1 0 d8 0��P�������(,���(,���P;��vRd1chiprise000����$*20H`l-n��=�a9 10 15 51 0 0 0 0 0 0 0 0 80 0 0 0 ff ff ff ff ff ff b8 55 10 6 88 f b8 55 10 6 88 f 50 26 24 f2 3d 7e 52 1 0 0 64 0 11 4 0 f 54 4f 54 4f 4c 49 4e 4b 5f 30 36 38 38 30 46 1 8 82 84 8b 96 c 12 18 24 3 1 b 5 4 0 1 0 0 2a 1 4 32 4 30 48 60 6c 2d 1a 6e 18 1e ff 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 3d 16 b 1 0 15 1�Q��������U��U�P&$�=~RdTOTOLINK_06880����$*20H`l-n�=c4 10 c3 50 0 0 0 0 0 0 0 0 80 0 0 0 ff ff ff ff ff ff 16 cf 92 37 bd a2 16 cf 92 37 bd a2 d0 ed 81 15 f7 73 52 1 0 0 64 0 31 4 0 7 70 72 69 6e 74 65 72 1 8 82 84 8b 96 c 12 18 24 3 1 b 5 4 1 2 0 0 7 6 30 30 20 1 b 14 2a 1 0 32 4 30 48 60 6c 30 14 1 0 0 f ac 4 1 0 0 f ac 4 1 0 0 f ac 2 c 0 2d 1a 6c 11 1b ff 0 0 0 1 0 c3 0��P�������ϒ7��ϒ7�����sRd1printe����$00*20H`l0���-l��bb 9 1e 50 0 0 0 0 0 0 0 0 c8 1 2c 0 8 9b 4b 92 3e cd 78 4f 43 67 9f e9 8 9b 4b 92 3e cd 60 bb 6 0 0 0 6 0 0 0 64 0 11 4 1 0 1e 0 60 bb 8 9b 4b 92 3e cd� P��K�>�xOCg��K�>�`�d`�K�>�
