SDK 0.9.4: promiscuous mode capture packets

reaper7
Posts: 25
Joined: Fri Oct 24, 2014 7:26 pm

SDK 0.9.4: promiscuous mode capture packets

Postby reaper7 » Sun Dec 21, 2014 5:28 pm

We are using nice and very usefull project for remote setup ESP to connect to AP (who called SMARTLINK)
original project:
https://github.com/ly0/esp8266-smartlink

mod version compiled both on 9.3 and 9.4:
http://www.esp8266.com/viewtopic.php?f=6&t=536#p5085

so, on SDK 9.3 we got necessary packets received in promiscuous mode for configure AP,
but on SDK 9.4 seems that some packets are ignored, as author wrote:
https://github.com/ly0/esp8266-smartlink/issues/1

maybe this cause are associated with this change:
"Update sniffer to support capture HT20/HT40 packet;"

ESP_Faye
Posts: 1641
Joined: Mon Oct 27, 2014 11:08 am

Re: SDK 0.9.4: promiscuous mode capture packets

Postby ESP_Faye » Mon Dec 22, 2014 1:14 pm

Yes, sniffer changed in sdk_v0.9.4 .
We don't offer detail data info, but length of packet and some head info..

By the way, your smartlink seems hard to be commercial use,everyone can capture packets and get your ssid/password info ?

reaper7
Posts: 25
Joined: Fri Oct 24, 2014 7:26 pm

Re: SDK 0.9.4: promiscuous mode capture packets

Postby reaper7 » Mon Dec 22, 2014 2:56 pm

Summarizing, in current 0.9.4 and future versions of SDK will not be able to receive these packets ?

P.S. - this is not "my smartlink" but for me is very useful (for non commercial usage of course),
if You change home ap password or installing modules in a new place, You can simply change ssid/pass on all esp devices in 5 seconds
without physical access to them.

Of course in this case ssid/pass are send in plain text, but each user can decide if it's worth to use.
You can also send encoded (in some basic way) text, there are several possibilities.

And Yes, every one can capture these packets and gets this info
(if they do not use software based on sniffer like in 9.4 ;) )

ESP_Faye
Posts: 1641
Joined: Mon Oct 27, 2014 11:08 am

Re: SDK 0.9.4: promiscuous mode capture packets

Postby ESP_Faye » Tue Dec 23, 2014 6:52 pm

Hi,our engineer has already solved your problem on github. ;)
Please take a look and feel free to contact us if you have any question.

reaper7
Posts: 25
Joined: Fri Oct 24, 2014 7:26 pm

Re: SDK 0.9.4: promiscuous mode capture packets

Postby reaper7 » Tue Dec 23, 2014 6:56 pm

@Espressif_Faye - many tnx for fast action!

reaper7
Posts: 25
Joined: Fri Oct 24, 2014 7:26 pm

Re: SDK 0.9.4: promiscuous mode capture packets

Postby reaper7 » Wed Dec 24, 2014 1:07 am

unfortunately half solved :(

if length of (SSID + TOKEN + PASS) <=22 everything is OK
but for length >22 chars, result PASSWORD contain chars from outside struct item sniffer_buf->buf (network_80211.h)
because buf item from this struct can accommodate only 48 elements

look at 2 examples (printable elements are shown as chars, rest as hex):

1. VIRTUAL SSID: abcdefgh<!-SL-!>ijklmnop

Code: Select all

promiscuous_rx:
WIFI SMARTLINK RX LEN[64]
00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
-----------------------------------------------
 @ 00 00 00 ff ff ff ff ff ff  0 a8 db a4 19 91
ff ff ff ff ff ff    05 00 18  a  b  c  d  e  f
 g  h  <  !  -  S  L  -  !  >  i  j  k  l  m  n
01 00  ~ 00 f0 bf ff  ?  P 00 00 00 00 a3  d b6
-----------------------------------------------
-user/wifi.c-wifi_smartlink_promiscuous_rx WIFI SMARTLINK RECEIVED SSID:[abcdefgh] PASSWORD:[ijklmn ]


2. VIRTUAL SSID: abcdefgh<!-SL-!>ijklmn

Code: Select all

promiscuous_rx:
WIFI SMARTLINK RX LEN[64]
00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
-----------------------------------------------
 @ 00 00 00 ff ff ff ff ff ff  0 a8 db a4 19 91
ff ff ff ff ff ff  P  & 00 16  a  b  c  d  e  f
 g  h  <  !  -  S  L  -  !  >  i  j  k  l  m  n
01 00  | 00 f0 bf ff  ?  P 00 00 00 00 a3  d b6
-----------------------------------------------
-user/wifi.c-wifi_smartlink_promiscuous_rx WIFI SMARTLINK RECEIVED SSID:[abcdefgh] PASSWORD:[ijklmn]


in 1 example (WRONG RESULT) final PASSWORD: ijklmn after char "n" contains hex 0x01 but I can't show it on forum :(

it seems that some buffer is too small because in theory(IEEE) SSID may contains 32 chars

ESP_Faye
Posts: 1641
Joined: Mon Oct 27, 2014 11:08 am

Re: SDK 0.9.4: promiscuous mode capture packets

Postby ESP_Faye » Fri Dec 26, 2014 5:24 pm

Yes, our buffer is limited here ... We will think it over.. Sorry for the inconvenience..
Thanks for your interest in ESP8266!

jackon
Posts: 28
Joined: Thu Oct 23, 2014 9:05 am

Re: SDK 0.9.4: promiscuous mode capture packets

Postby jackon » Tue Jan 27, 2015 4:10 pm

reaper7 wrote:unfortunately half solved :(

if length of (SSID + TOKEN + PASS) <=22 everything is OK
but for length >22 chars, result PASSWORD contain chars from outside struct item sniffer_buf->buf (network_80211.h)
because buf item from this struct can accommodate only 48 elements

look at 2 examples (printable elements are shown as chars, rest as hex):

1. VIRTUAL SSID: abcdefgh<!-SL-!>ijklmnop

Code: Select all

promiscuous_rx:
WIFI SMARTLINK RX LEN[64]
00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
-----------------------------------------------
 @ 00 00 00 ff ff ff ff ff ff  0 a8 db a4 19 91
ff ff ff ff ff ff    05 00 18  a  b  c  d  e  f
 g  h  <  !  -  S  L  -  !  >  i  j  k  l  m  n
01 00  ~ 00 f0 bf ff  ?  P 00 00 00 00 a3  d b6
-----------------------------------------------
-user/wifi.c-wifi_smartlink_promiscuous_rx WIFI SMARTLINK RECEIVED SSID:[abcdefgh] PASSWORD:[ijklmn ]


2. VIRTUAL SSID: abcdefgh<!-SL-!>ijklmn

Code: Select all

promiscuous_rx:
WIFI SMARTLINK RX LEN[64]
00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
-----------------------------------------------
 @ 00 00 00 ff ff ff ff ff ff  0 a8 db a4 19 91
ff ff ff ff ff ff  P  & 00 16  a  b  c  d  e  f
 g  h  <  !  -  S  L  -  !  >  i  j  k  l  m  n
01 00  | 00 f0 bf ff  ?  P 00 00 00 00 a3  d b6
-----------------------------------------------
-user/wifi.c-wifi_smartlink_promiscuous_rx WIFI SMARTLINK RECEIVED SSID:[abcdefgh] PASSWORD:[ijklmn]


in 1 example (WRONG RESULT) final PASSWORD: ijklmn after char "n" contains hex 0x01 but I can't show it on forum :(

it seems that some buffer is too small because in theory(IEEE) SSID may contains 32 chars


hi, reaper7
we expand buf from 48 to 112 in v0.9.5, so the method you used is workable.
pls have a try.

reaper7
Posts: 25
Joined: Fri Oct 24, 2014 7:26 pm

Re: SDK 0.9.4: promiscuous mode capture packets

Postby reaper7 » Tue Jan 27, 2015 4:16 pm

@jackon - Yes, yes, I know and I wrote about this in this post viewtopic.php?f=7&t=155#p554

for me this problem is solved, tnx!

mlebel
Posts: 1
Joined: Wed Dec 17, 2014 10:11 pm

Re: SDK 0.9.4: promiscuous mode capture packets

Postby mlebel » Tue Feb 24, 2015 4:22 pm

Hi All,

Its all understood from the ESP2866 side, but the Android/iOS/PC side?

Is someone have an example of Android/iOS/PC app (source code) to send this type of packets?

Tn'x in advance,

Meir Lebel

Who is online

Users browsing this forum: No registered users and 2 guests