WiFi packet sniffing and injection now supported!

[kwilliams]

Hello everyone,

It is my first post on the forum and I hope everyone enjoys the progress I've had with being able to sniff and inject raw wifi packets. I spent the last week getting 802.11 promiscuous mode and packet injection working in micropython v1.12 (v1.12-256-geae495a71-dirty) using ESP-IDF v4.0. I've uploaded the firmware.bin and example python code to github.

https://github.com/NicheSecTech/esp32-m ... iff-inject

When you look at the example, it may seem like a strange way of getting the wifi packets over a UDP socket, but after many attempts with calling a python function from inside a C callback, and several days reading frustrating posts on this forum, I found this way works.

Long story short, code like this:

Code: Select all

STATIC void esp_sniffer_cb(void *recv_buf, wifi_promiscuous_pkt_type_t type){
  mp_obj_t step_function = mp_load_global(qstr_from_str("testme"));
  mp_call_function_1(step_function, mp_obj_new_int(12345));
....

does NOT work from inside a C callback function that is being called from C. My best guess is that all the networking is being done on Core 0 and micropython is running on Core 1 of the ESP32, and code from tasks (processes) on one core are not able to call functions running on the other core. I'm not %100 sure on that and probably missing something, but the workaround was to use a UDP socket from C to send the wifi packets back to python on localhost (127.0.0.1). Receiving packets on UDP port 20001 in python will actually be wifi packets after you have started the sniffer(). The example on github should help get you started.

I hope you enjoy it and use it responsibly.
Cheers!

[jimmo]

Long story short, code like this:
...
does NOT work from inside a C callback function that is being called from C. My best guess is that all the networking is being done on Core 0 and micropython is running on Core 1 of the ESP32, and code from tasks (processes) on one core are not able to call functions running on the other core.

Yep. The issue here isn't that it's being called from C, but rather that it's being called from a different IDF (FreeRTOS) task which does not have any MicroPython thread context.

You either need a way to buffer the data back to MicroPython (e.g. via mp_sched_schedule -- see how modbluetooth.c does this with a ringbuffer), or we need to find a way to make it possible to do this more generally with the IDF (the people working on RMT support are also in a similar situation).

[nissim]

Hello Mr. kwilliams

Your project WiFi packet sniffing and injection are very interesting to me for my students.
unfortunately, my ESP32 wrover does not show any WiFi packet sniffing, do I do something wrong?
I did:
esptool --chip esp32 --port COM18 --baud 460800 write_flash -z 0x1000 micropython-v1.12-256-geae495a71-dirty_wifi_sniffer_injection_esp32-20200426.bin

and load and run micropython_sniffer_injection_example.py using ampy

My target to show all wifi prob sent from all students' phones nearby.
Can you help?
Can you send me an email to nissim.zur@gmail.com
If the file micropython_sniffer_injection_example.py needs to be modified, I am willing to pay for your help.
Thank you
Dr. Nissim Zur