"Reprint" OpenWrt on the implementation of WiFi probe----MT7620A+RT2860V2

This article reproduces the website:

Http://www.aiuxian.com/article/p-1989767.html

What is a WiFi probe

See the probe, feel very tall on the look, in fact, is through the WiFi collection through this AP range of the MAC address of the phone, there is no profound things, know about this thing discussed a lot, some people feel very useful, can do a lot of value-added applications, some people think that no use, But that does not prevent us from technically implementing it.

802.11 protocol

In the protocol, each AP is required to broadcast beacon frames to the surrounding STA and AP every certain time (dozens of milliseconds to a few seconds), which is to tell the surrounding STA and other APs: I am xxxx (BSSID), come and even me! I am xxxx (BSSID), come to even me! Instantly feel each AP has a dissolute heart, there are wood! There's Wood there!

Each STA (can be understood as a mobile phone, notebook) In addition to silently listen to the surrounding AP sent Beacon Frame, but also secretly send probe frame: I am xxxx (MAC address), I can even you? I am xxxx (MAC address) can I even you? Full of a stuffy little chick, so every time I go out silently turn off the phone's WiFi, now the wireless environment is too insecure, see connection http://network.pconline.com.cn/587/5878836.html

Implementation on the 7620A

The basic idea is to record the MAC address and escalate it to the application layer via the proc file system after the AP is subject to a probe frame. Here's the code:

MAC Address Acquisition section:

In the function void Appeerprobereqaction (in Prtmp_adapter pad,in Mlme_queue_elem *elem), add

extern UCHAR Global_addrlocalnum;

extern UCHAR Global_addrlocal[addr_local_number][mac_addr_len];
Pframe_802_11 pframelxd = (pframe_802_11) elem->msg;
if (Global_addrlocalnum >addr_local_number | | Global_addrlocalnum = = Addr_local_number)
{
Global_addrlocalnum = 0;
}
Else
{
int index = 0;
BOOLEAN flag = 1;
for (index=0; index<global_addrlocalnum; index++)
{
if (Ndiscmpmemory (Global_addrlocal[index],pframelxd->hdr.addr2,mac_addr_len) ==0)
{
Flag = 0;
Break
}
}
COPY_MAC_ADDR (Global_addrlocal[global_addrlocalnum], PFRAMELXD->HDR.ADDR1);
global_addrlocalnum++;
COPY_MAC_ADDR (Global_addrlocal[global_addrlocalnum], PFRAMELXD->HDR.ADDR2);
global_addrlocalnum++;
if (flag)
{
COPY_MAC_ADDR (Global_addrlocal[global_addrlocalnum], PFRAMELXD->HDR.ADDR2);
global_addrlocalnum++;
}
}

Proc section:

The application layer writes "s" to the proc node, informing the driver that it needs to obtain the data of the STA, and the driver gives the captured maclist.

static struct Proc_dir_entry *entry_wl_beacon_mac;

UCHAR global_addrlocalnum = 0;
UCHAR Global_addrlocal[max_mcast_list_size][6];

static char *maclistbuffer;

static int maclist_proc_show (struct seq_file *m, void *v)
{
if (maclistbuffer[0] = = ' s ')
{
Maclistbuffer[0] = ' 0 ';
int index=0;
for (index=0;index<global_addrlocalnum;index++)
{
seq_printf (M, "%02x:%02x:%02x:%02x:%02x:%02x\n", Global_addrlocal[index][0],global_addrlocal[index][1],global_ ADDRLOCAL[INDEX][2],GLOBAL_ADDRLOCAL[INDEX][3],GLOBAL_ADDRLOCAL[INDEX][4],GLOBAL_ADDRLOCAL[INDEX][5]);
}
Global_addrlocalnum = 0;
}
Else
{
seq_printf (M, "STA number is%d, proc!\n", global_addrlocalnum);
seq_printf (M, "AP number is%d, proc!\n", GLOBAL_ADDRLOCALNUM1);
}
return 0;
}

static int Maclist_proc_open (struct inode *inode, struct file *file)
{
Return Single_open (file,maclist_proc_show,inode->i_private);
}

Static ssize_t maclist_proc_write (struct file *file, const char *buffer, size_t len, loff_t *off)
{
int user_len = 0;

if (Len > Max_maclist_length)
{
User_len = Max_maclist_length;
}
Else
{
User_len = Len;
}
if (Copy_from_user (maclistbuffer, buffer, User_len))
{
Return-efault;
}
return User_len;
}

"Reprint" OpenWrt on the implementation of WiFi probe----MT7620A+RT2860V2