Raw Wifi Packets

[kissste]

I'm playing with raw wifi packets.

wext_send_mgnt function sends packets, but after a certain time/number of messages it stops and then the chip reboots.
wext_send_mgnt function calls iw_ioctl function which calls rltk_wlan_control that call a ROM function

problem here is that it stops and reboots.

I have tried another path:
rtw_send_mgnt function - unfortunately, can't get anything out
that calls dump_mgntframe function which I believe, eventually calls rtw_hal_mgnt_xmit,
rtl8195ab_mgnt_xmit

Any suggestions are welcome. Thank you

 

[kissste]

It dies after ~23seconds regardless how many packets are send. Adding a sleep will result in less packets send, yet it dies @ around 23 seconds

Maybe it's 30 seconds since to boot.

.prep B 2975
tx,rx,en = 0,0,1
.prep B 2976
tx,rx,en = 0,0,1
.prep B 2977
tx,rx,en = 0,0,1
.prep B 2978
tx,rx,en = 0,0,1

I have tried changing to 60seconds/disabling Watchdog, did not help.
I have tried adding taskYIELD(); - no help

            char wlan0[10] = "wlan0";
            u8 alfa[65] = "1234567890qwertyuiopasdfghjklzxcvbnm QWERTYUIOPASDFGHJKLZXCVBNM_.";
            u8 packet[128] = { 0x80, 0x00, 0x00, 0x00,
                /*4*/   0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
                /*10*/  0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
                /*16*/  0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
                /*22*/  0xc0, 0x6c,
                /*24*/  0x83, 0x51, 0xf7, 0x8f, 0x0f, 0x00, 0x00, 0x00,
                /*32*/  0x64, 0x00,
                /*34*/  0x01, 0x04,
                /* SSID */
                /*36*/  0x00, 0x06, 0x72, 0x72, 0x72, 0x72, 0x72, 0x72,
                        0x01, 0x08, 0x82, 0x84,
                        0x8b, 0x96, 0x24, 0x30, 0x48, 0x6c, 0x03, 0x01,
                /*56*/  0x04};                 
            u8 channel;
            //_adapter *ad0 = rltk_wlan_info[0].dev;
            channel = 1; //RandSK(11)+1;
            // Source MAC Address
            packet[10] = packet[16] = 1;//RandSK256();
            packet[11] = packet[17] = 1;//RandSK256();
            packet[12] = packet[18] = 1;//RandSK256();
            packet[13] = packet[19] = 1;//RandSK256();
            packet[14] = packet[20] = 1;//RandSK256();
            packet[15] = packet[21] = 1;//RandSK256();       
            // Randomize SSID (Fixed size 6. Lazy right?)
            packet[38] = alfa[RandSK(65)];
            packet[39] = alfa[RandSK(65)];
            packet[40] = alfa[RandSK(65)];
            packet[41] = alfa[RandSK(65)];
            packet[42] = alfa[RandSK(65)];
            packet[43] = alfa[RandSK(65)];
       
            packet[56] = channel;
            wext_set_channel(wlan0, channel);
            rtw_msleep_os(100);       
            //while(1) {
                for(int i=0;i<10000;i++) {
                    printf("prep B %d\n",i);
                    printf("tx,rx,en = %d,%d,%d\n", rltk_wlan_info[0].tx_busy, rltk_wlan_info[0].rx_busy, rltk_wlan_info[0].enable);               
                    //rtw_send_mgnt(ad0, &packet, 57, NULL);
                    wext_send_mgnt(wlan0, &packet, 57, NULL);
                    //rtw_msleep_os(100);
                    printf(".");
taskYIELD();
                }
                //rtw_msleep_os(1000);
            //}
            printf("prep C\n");



u8 RandSK(u8 max) {
    u8 buf;
    do {
        rtw_get_random_bytes(&buf, 1);
    } while (buf>max);
    return buf;
}

 

[kissste]

Problem found,
#define DEF_WIFI_MODE RTW_MODE_STA
changed to
#define DEF_WIFI_MODE RTW_MODE_AP

there was a disconnect from STA @ 20th second and then in 4 seconds the packets sending has stopped.

with AP it's running non-stop.

 

[pvvx]

Передает это?
Проект с кодами.
"atrp" ...