James Sayer
/
smart2
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Fork of
ethspam
by 
Rolf Meyer
Embed:
(wiki syntax)
Show/hide line numbers
main.cpp
00001 #include "mbed.h" // Importing the mbed classes and tools. 00002 #include "Ethernet.h" 00003 #include "util/types.h" 00004 #include "net/net.h" 00005 #include "sniffer.h" 00006 00007 00008 using namespace mbed; 00009 00010 __packed // A __packed struct to have no gaps between the members http://en.wikipedia.org/wiki/Data_structure_alignment 00011 struct ethpkt { // Ethernet layer: http://en.wikipedia.org/wiki/Ethernet#Physical_layer 00012 unsigned char dest[6]; // Destination MAC 00013 unsigned char src[6]; // Source MAC 00014 unsigned short type; // Payload type. ARP is 0x0806 00015 // ARP layer: http://en.wikipedia.org/wiki/Address_Resolution_Protocol 00016 unsigned short hwtype; // Each data link layer protocol is assigned a number used in this field. Ethernet is 0x0001 00017 unsigned short proto; // Each protocol is assigned a number used in this field. IP is 0x0800. 00018 unsigned char hwlen; // Length in bytes of a hardware address. Ethernet addresses are 6 bytes long. 00019 unsigned char protolen; // Length in bytes of a logical address. IPv4 address are 4 bytes long. 00020 unsigned short opcode; // Specifies the operation the sender is performing: 00021 // 1 for request, 2 for reply, 3 for RARP request, and 4 for RARP reply. 00022 unsigned char shwaddr[6]; // Hardware address of the sender. 00023 unsigned char sipaddr[4]; // Protocol address of the sender. 00024 unsigned char dhwaddr[6]; // Hardware address of the intended receiver. This field is ignored in requests. 00025 unsigned char dipaddr[4]; // Protocol address of the intended receiver. 00026 }; 00027 Sniffer sniffer; 00028 Ethernet_MAC your_mac; 00029 //Ethernet eth; // The ethernet device 00030 DigitalOut led4(LED4); // A LED for showing activity 00031 00032 unsigned short htons(unsigned short n) { // Host short to network shor 00033 return ((n & 0xff) << 8) | ((n & 0xff00) >> 8); // Byte swapping 00034 } 00035 00036 #define PING_BUFEFERSIZE (sizeof(IP_PacketHeader) + sizeof(ICMP_Packet)) 00037 00038 void send(const char *ipaddr) { 00039 IP_Address dest_ip; 00040 IP_Address my_ip; 00041 str2ipaddr(ipaddr,&dest_ip); 00042 str2ipaddr("192.168.0.16",&my_ip); 00043 00044 u8 buffer[PING_BUFEFERSIZE]; 00045 IP_PacketHeader *ip_packet = (IP_PacketHeader*)buffer; 00046 ICMP_Packet *ping_packet = (ICMP_Packet*)ip_packet->data; 00047 00048 memset(buffer, '\0', PING_BUFEFERSIZE); 00049 00050 *ip_packet = (IP_PacketHeader){0x04, 5, 0, sizeof(IP_PacketHeader)+sizeof(ICMP_Packet), 0, 0, 0, 0, 0, 32, IPPROTO_ICMP, 0x00, my_ip, dest_ip}; 00051 *ping_packet = (ICMP_Packet){ICMP_ECHO_REQUEST, 0x00, 0x00, 0x00, 0x00}; 00052 00053 fix_endian_icmp(ping_packet); 00054 fix_endian_ip(ip_packet); 00055 ip_packet->header_checksum = checksum(ip_packet, sizeof(IP_PacketHeader), &ip_packet->header_checksum, 2); 00056 ping_packet->checksum = checksum(ping_packet, sizeof(ICMP_Packet), &ping_packet->checksum, 2); 00057 00058 00059 printf("PING sent...\n"); 00060 00061 sniffer.inject(your_mac, ETHERTYPE_IPV4, buffer, PING_BUFEFERSIZE); 00062 00063 00064 00065 // printf("a\n"); 00066 // IP_Address dest_ip; 00067 // IP_Address my_ip; 00068 // str2ipaddr(ipaddr,&dest_ip); 00069 // str2ipaddr("192.168.0.5",&my_ip); 00070 // printf("b\n"); 00071 // u8 buffer[PING_BUFEFERSIZE]; 00072 // IP_PacketHeader *ip_packet = (IP_PacketHeader*)buffer; 00073 // ICMP_Packet *ping_packet = (ICMP_Packet*)ip_packet->data; 00074 // printf("c\n"); 00075 // memset(buffer, '\0', PING_BUFEFERSIZE); 00076 // printf("d\n"); 00077 // *ip_packet = (IP_PacketHeader){0x4, 5, 0, sizeof(IP_PacketHeader)+sizeof(ICMP_Packet), 0, 0, 0, 0, 0, 32, IPPROTO_ICMP, 0x00, my_ip, dest_ip}; 00078 // *ping_packet = (ICMP_Packet){ICMP_ECHO_REQUEST, 0x00, 0x00, 0x00, 0x00}; 00079 // printf("e\n"); 00080 00081 00082 /// fix_endian_icmp(ping_packet); 00083 // fix_endian_ip(ip_packet); 00084 // printf("f\n"); 00085 // ip_packet->header_checksum = checksum(ip_packet, sizeof(IP_PacketHeader), &ip_packet->header_checksum, 2); 00086 // ping_packet->checksum = checksum(ping_packet, sizeof(ICMP_Packet), &ping_packet->checksum, 2); 00087 // printf("h\n"); 00088 // 00089 // print_icmp(ping_packet); 00090 // print_ip(ip_packet); 00091 // 00092 // printf("i\n"); 00093 // eth.write((char*)buffer, PING_BUFEFERSIZE); // Write the package 00094 // eth.send(); // Send the package 00095 // printf("j\n"); 00096 00097 // static char data[0x600]; // Packet buffer 00098 // const unsigned char arplen = 6; // Hardware address length 00099 // const unsigned char ethlen = 4; // IP address length 00100 // char hwaddr[arplen]; // Hardware address buffer 00101 // struct ethpkt *pkg = (struct ethpkt *) &data[0]; // Force the buffer to an ethpkg 00102 // unsigned char pos = arplen; // Hardware/IP address position 00103 // 00104 // eth.address(hwaddr); // Get own hardware address 00105 // 00106 // pkg->type = htons(0x0806); // Set type to ARP (0x0806) 00107 // pkg->hwtype = htons(0x0001); // Hardware type is Ethernet (0x0001) 00108 // pkg->proto = htons(0x0800); // Protocol is ARP Request (0x0800) 00109 // pkg->hwlen = arplen; // Hardware addresses are 6 Bytes long 00110 // pkg->protolen = ethlen; // And protocol addresses 4 Bytes 00111 // pkg->opcode = htons(0x0001); // Send: whois XX:XX:XX:XX:XX:XX? 00112 // 00113 // while(pos-- > 0) { // Write IP/MAC-Addresses (combined loop for all addresses) 00114 // pkg->src[pos] = hwaddr[pos]; // Set source MAC address to hwaddr on ethernet layer 00115 // pkg->dest[pos] = 0xFF; // Set destination MAC address to everybody (FF:FF:FF:FF:FF:FF) on ethernet layer 00116 // pkg->shwaddr[pos] = hwaddr[pos]; // Set source MAC address on ARP layer 00117 // pkg->dhwaddr[pos] = 0xFF; // Set destination MAC address on ARP layer 00118 // if(pos < ethlen) { // Check if we can copy IP addresses too. 00119 // pkg->sipaddr[pos] = 0xFF; // Set source ip address to 255.255.255.255 00120 // pkg->dipaddr[pos] = ipaddr[pos]; // Set destination ip address to ipaddr 00121 // } 00122 // } 00123 // 00124 // eth.write(data, 60); // Write the package 00125 // eth.send(); // Send the package 00126 } 00127 // In this example we would like to make ARP requests to ask for every ip address. 00128 int main() { // The programm starts here! 00129 unsigned int i = 1; // The integer we use as counter and target IP address. 00130 //char *c = (char *)&i; // We cast the integer to an array of char c[4] to handle it as IP address. 00131 00132 printf("Lowlevel Ethernet Spammer\n\n"); // Print out that the programm has been started. 00133 00134 while(1) { 00135 char* ip = "192.168.10.10"; // Do forever: 00136 send(ip); // Assamble and send our request. See eth_send function! 00137 i++; // Increment counter. What will increment the IP (c[4]) address as well. 00138 00139 led4 = 1; // Show activity, by blinking with led 4: 00140 wait(0.02); // 00141 led4 = 0; // Put the led on and wait for 0.2 seconds 00142 wait(0.02); // Put the led off and wait for 0.2 seconds 00143 } 00144 }
Generated on Fri Jul 15 2022 02:45:18 by
1.7.2