SDK 0.9.4: promiscuous mode capture packets

[reaper7]

We are using nice and very usefull project for remote setup ESP to connect to AP (who called SMARTLINK)
original project:
https://github.com/ly0/esp8266-smartlink

mod version compiled both on 9.3 and 9.4:
http://www.esp8266.com/viewtopic.php?f=6&t=536#p5085

so, on SDK 9.3 we got necessary packets received in promiscuous mode for configure AP,
but on SDK 9.4 seems that some packets are ignored, as author wrote:
https://github.com/ly0/esp8266-smartlink/issues/1

maybe this cause are associated with this change:
"Update sniffer to support capture HT20/HT40 packet；"

[ESP_Faye]

Yes, sniffer changed in sdk_v0.9.4 .
We don't offer detail data info, but length of packet and some head info..

By the way, your smartlink seems hard to be commercial use，everyone can capture packets and get your ssid/password info ？

[reaper7]

Summarizing, in current 0.9.4 and future versions of SDK will not be able to receive these packets ?

P.S. - this is not "my smartlink" but for me is very useful (for non commercial usage of course),
if You change home ap password or installing modules in a new place, You can simply change ssid/pass on all esp devices in 5 seconds
without physical access to them.

Of course in this case ssid/pass are send in plain text, but each user can decide if it's worth to use.
You can also send encoded (in some basic way) text, there are several possibilities.

And Yes, every one can capture these packets and gets this info
(if they do not use software based on sniffer like in 9.4 )

[ESP_Faye]

Hi，our engineer has already solved your problem on github.
Please take a look and feel free to contact us if you have any question.

[reaper7]

@Espressif_Faye - many tnx for fast action!

[reaper7]

unfortunately half solved

if length of (SSID + TOKEN + PASS) <=22 everything is OK
but for length >22 chars, result PASSWORD contain chars from outside struct item sniffer_buf->buf (network_80211.h)
because buf item from this struct can accommodate only 48 elements

look at 2 examples (printable elements are shown as chars, rest as hex):

1. VIRTUAL SSID: abcdefgh<!-SL-!>ijklmnop

Code: Select all

promiscuous_rx:
WIFI SMARTLINK RX LEN[64]
00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
-----------------------------------------------
 @ 00 00 00 ff ff ff ff ff ff  0 a8 db a4 19 91
ff ff ff ff ff ff    05 00 18  a  b  c  d  e  f
 g  h  <  !  -  S  L  -  !  >  i  j  k  l  m  n
01 00  ~ 00 f0 bf ff  ?  P 00 00 00 00 a3  d b6
-----------------------------------------------
-user/wifi.c-wifi_smartlink_promiscuous_rx WIFI SMARTLINK RECEIVED SSID:[abcdefgh] PASSWORD:[ijklmn ]

2. VIRTUAL SSID: abcdefgh<!-SL-!>ijklmn

Code: Select all

promiscuous_rx:
WIFI SMARTLINK RX LEN[64]
00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
-----------------------------------------------
 @ 00 00 00 ff ff ff ff ff ff  0 a8 db a4 19 91
ff ff ff ff ff ff  P  & 00 16  a  b  c  d  e  f
 g  h  <  !  -  S  L  -  !  >  i  j  k  l  m  n
01 00  | 00 f0 bf ff  ?  P 00 00 00 00 a3  d b6
-----------------------------------------------
-user/wifi.c-wifi_smartlink_promiscuous_rx WIFI SMARTLINK RECEIVED SSID:[abcdefgh] PASSWORD:[ijklmn]

in 1 example (WRONG RESULT) final PASSWORD: ijklmn after char "n" contains hex 0x01 but I can't show it on forum

it seems that some buffer is too small because in theory(IEEE) SSID may contains 32 chars

[ESP_Faye]

Yes, our buffer is limited here ... We will think it over.. Sorry for the inconvenience..
Thanks for your interest in ESP8266!

[jackon]

unfortunately half solved

if length of (SSID + TOKEN + PASS) <=22 everything is OK
but for length >22 chars, result PASSWORD contain chars from outside struct item sniffer_buf->buf (network_80211.h)
because buf item from this struct can accommodate only 48 elements

look at 2 examples (printable elements are shown as chars, rest as hex):

1. VIRTUAL SSID: abcdefgh<!-SL-!>ijklmnop

Code: Select all

promiscuous_rx:
WIFI SMARTLINK RX LEN[64]
00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
-----------------------------------------------
 @ 00 00 00 ff ff ff ff ff ff  0 a8 db a4 19 91
ff ff ff ff ff ff    05 00 18  a  b  c  d  e  f
 g  h  <  !  -  S  L  -  !  >  i  j  k  l  m  n
01 00  ~ 00 f0 bf ff  ?  P 00 00 00 00 a3  d b6
-----------------------------------------------
-user/wifi.c-wifi_smartlink_promiscuous_rx WIFI SMARTLINK RECEIVED SSID:[abcdefgh] PASSWORD:[ijklmn ]

2. VIRTUAL SSID: abcdefgh<!-SL-!>ijklmn

Code: Select all

promiscuous_rx:
WIFI SMARTLINK RX LEN[64]
00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
-----------------------------------------------
 @ 00 00 00 ff ff ff ff ff ff  0 a8 db a4 19 91
ff ff ff ff ff ff  P  & 00 16  a  b  c  d  e  f
 g  h  <  !  -  S  L  -  !  >  i  j  k  l  m  n
01 00  | 00 f0 bf ff  ?  P 00 00 00 00 a3  d b6
-----------------------------------------------
-user/wifi.c-wifi_smartlink_promiscuous_rx WIFI SMARTLINK RECEIVED SSID:[abcdefgh] PASSWORD:[ijklmn]

in 1 example (WRONG RESULT) final PASSWORD: ijklmn after char "n" contains hex 0x01 but I can't show it on forum

it seems that some buffer is too small because in theory(IEEE) SSID may contains 32 chars

hi, reaper7
we expand buf from 48 to 112 in v0.9.5, so the method you used is workable.
pls have a try.

[reaper7]

@jackon - Yes, yes, I know and I wrote about this in this post viewtopic.php?f=7&t=155#p554

for me this problem is solved, tnx!

[mlebel]

Hi All,

Its all understood from the ESP2866 side, but the Android/iOS/PC side?

Is someone have an example of Android/iOS/PC app (source code) to send this type of packets?

Tn'x in advance,

Meir Lebel