Q3-Send-deauth

Topics in this section,

• Learnings in this section

• Version Info

• Problem Statement

• Approach and code flow

• Actual change and Patch

• Wireshark capture

Learnings in this section

• In this section, you are going to learn

• How to send de-authentication packet once every 30 seconds

Version Info

#	Version
Ubuntu	Ubuntu 22.04 64 bit
Linux Kernel	6.9.2
Supplicant	wpa_supplicant 2.10

Problem Statement

• Send De-Authentication packet once every 30 seconds

• Add a configuration parameter called “periodic_deauth=30” in supplicant conf file

• If “periodic_deauth=0”, then this feature is disabled

• If “periodic_deauth=5”, then deauth is sent at every 5th second

Approach and code flow

• Call flow for send de-authentication packet once every 30 seconds

nl80211_global_init ()
  wpa_driver_nl80211_init_nl_global ()
    send_scan_event ()
      process_global_event ()                   
	do_process_drv_event ()                 
	 mlme_event ()  
	   send_scan_event ()
	     mlme_event_auth () 
	       mlme_event_assoc ()      
		 wpa_supplicant_event ()
		   wpa_supplicant_event_assoc ()
		     wpa_supplicant_set_state () 
			sta_send_deauth ()

Actual change and Patch

• Download the below patch file

send_deauth_pkt_every_30sec.patch

See the full content of patch file

diff -crB original/wpa_supplicant-2.10/src/utils/os.h changed/wpa_supplicant-2.10/src/utils/os.h
*** original/wpa_supplicant-2.10/src/utils/os.h	2022-01-17 02:21:29.000000000 +0530
--- changed/wpa_supplicant-2.10/src/utils/os.h	2024-07-25 16:27:00.553596397 +0530
***************
*** 42,47 ****
--- 42,48 ----
   */
  int os_get_reltime(struct os_reltime *t);
  
+ void sta_get_curtime();
  
  /* Helpers for handling struct os_time */
  
diff -crB original/wpa_supplicant-2.10/src/utils/os_unix.c changed/wpa_supplicant-2.10/src/utils/os_unix.c
*** original/wpa_supplicant-2.10/src/utils/os_unix.c	2022-01-17 02:21:29.000000000 +0530
--- changed/wpa_supplicant-2.10/src/utils/os_unix.c	2024-07-25 16:26:54.853596485 +0530
***************
*** 72,77 ****
--- 72,88 ----
  	return res;
  }
  
+ void sta_get_curtime()
+ {
+         struct timeval tv;
+         struct timezone tz;
+         struct tm *today;
+ 
+         gettimeofday(&tv, &tz);
+ 
+         today = localtime(&tv.tv_sec);
+ 
+ }
  
  int os_get_reltime(struct os_reltime *t)
  {
diff -crB original/wpa_supplicant-2.10/wpa_supplicant/config_file.c changed/wpa_supplicant-2.10/wpa_supplicant/config_file.c
*** original/wpa_supplicant-2.10/wpa_supplicant/config_file.c	2022-01-17 02:21:29.000000000 +0530
--- changed/wpa_supplicant-2.10/wpa_supplicant/config_file.c	2024-07-25 16:32:05.149591670 +0530
***************
*** 329,335 ****
  	}
  
  	while (wpa_config_get_line(buf, sizeof(buf), f, &line, &pos)) {
! 		if (os_strcmp(pos, "network={") == 0) {
  			ssid = wpa_config_read_network(f, &line, id++);
  			if (ssid == NULL) {
  				wpa_printf(MSG_ERROR, "Line %d: failed to "
--- 329,338 ----
  	}
  
  	while (wpa_config_get_line(buf, sizeof(buf), f, &line, &pos)) {
!                 if (os_strncmp(pos, "periodic_deauth=",16) == 0) {
!                         config->periodic_deauth = atoi(pos+16);;
! 
!                 } else if (os_strcmp(pos, "network={") == 0) {
  			ssid = wpa_config_read_network(f, &line, id++);
  			if (ssid == NULL) {
  				wpa_printf(MSG_ERROR, "Line %d: failed to "
diff -crB original/wpa_supplicant-2.10/wpa_supplicant/config.h changed/wpa_supplicant-2.10/wpa_supplicant/config.h
*** original/wpa_supplicant-2.10/wpa_supplicant/config.h	2022-01-17 02:21:29.000000000 +0530
--- changed/wpa_supplicant-2.10/wpa_supplicant/config.h	2024-07-25 16:27:21.757596068 +0530
***************
*** 1699,1704 ****
--- 1699,1705 ----
  
  #endif /* CONFIG_TESTING_OPTIONS */
  #endif /* CONFIG_PASN*/
+         int periodic_deauth;
  };
  
  
diff -crB original/wpa_supplicant-2.10/wpa_supplicant/wpa_supplicant.c changed/wpa_supplicant-2.10/wpa_supplicant/wpa_supplicant.c
*** original/wpa_supplicant-2.10/wpa_supplicant/wpa_supplicant.c	2022-01-17 02:21:29.000000000 +0530
--- changed/wpa_supplicant-2.10/wpa_supplicant/wpa_supplicant.c	2024-07-25 16:33:46.837590092 +0530
***************
*** 905,910 ****
--- 905,922 ----
  	}
  }
  
+ #define SME_WIFI_TIMEOUT 30
+ static int onetime_deauth_entry;
+ 
+ static void sta_send_deauth(void *eloop_ctx, void *timeout_ctx)
+ {
+         struct wpa_supplicant *wpa_s = eloop_ctx;
+ 
+         sta_get_curtime();
+         eloop_register_timeout(wpa_s->conf->periodic_deauth, 0, sta_send_deauth, wpa_s, NULL);
+         wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
+ 
+ }
  
  /**
   * wpa_supplicant_set_state - Set current connection state
***************
*** 926,932 ****
  		wpa_supplicant_state_txt(wpa_s->wpa_state),
  		wpa_supplicant_state_txt(state));
  
! 	if (state == WPA_COMPLETED &&
  	    os_reltime_initialized(&wpa_s->roam_start)) {
  		os_reltime_age(&wpa_s->roam_start, &wpa_s->roam_time);
  		wpa_s->roam_start.sec = 0;
--- 938,947 ----
  		wpa_supplicant_state_txt(wpa_s->wpa_state),
  		wpa_supplicant_state_txt(state));
  
! 	if (state == WPA_COMPLETED && !(onetime_deauth_entry)) {
! 		onetime_deauth_entry = 1;
! 		eloop_register_timeout(SME_WIFI_TIMEOUT, 0, sta_send_deauth, wpa_s, NULL);
! 	} else if (state == WPA_COMPLETED &&
  	    os_reltime_initialized(&wpa_s->roam_start)) {
  		os_reltime_age(&wpa_s->roam_start, &wpa_s->roam_time);
  		wpa_s->roam_start.sec = 0;

test:~$ pwd
/home/test

• Make sure internet is available in laptop to download supplicant package

test:~$ sudo wget https://w1.fi/releases/wpa_supplicant-2.10.tar.gz

• Create a directory

test:~$ mkdir supplicant

• Change directory to supplicant

test:~$ cd supplicant

• Note : Your present working directory should be supplicant

test:~$ pwd
/home/test/supplicant/

• Extract wpa_supplicant

test:~$ sudo tar -xvf ~/wpa_supplicant-2.10.tar.gz

• Run the below command to apply patch

test:~$ patch -p1 < send_deauth_pkt_every_30sec.patch
patching file wpa_supplicant-2.10/src/utils/os.h
patching file wpa_supplicant-2.10/src/utils/os_unix.c
patching file wpa_supplicant-2.10/wpa_supplicant/config_file.c
patching file wpa_supplicant-2.10/wpa_supplicant/config.h
patching file wpa_supplicant-2.10/wpa_supplicant/wpa_supplicant.c

• Change directory to wpa_supplicant

test:~$ cd wpa_supplicant-2.10/wpa_supplicant/

• Check the current working directory using pwd command

• Make sure your current working directory is wpa_supplicant

test:~$ pwd
/home/test/supplicant/wpa_supplicant-2.10/wpa_supplicant

• Copy the contents of defconfig file to .config file

test:~$ sudo cp defconfig .config

• Compile wpa_supplicant

test:~$ sudo make

• Create run_supplicant.conf

test:~$ sudo vim ./run_supplicant.conf

ctrl_interface=/run/wpa_supplicant
update_config=1
periodic_deauth=30

network={
ssid="test_open"
key_mgmt=NONE
}

• Run wpa_supplicant

test:~$ sudo ./wpa_supplicant -Dnl80211 -i wlan1 -c ./run_supplicant.conf

Wireshark capture

• Download file to check wireshark output

send_deauth_pkt_every_30sec.pcapng

• Check for de-authentication packet

• Apply display filter

• wlan.addr == 02:00:00:00:01:00 && wlan.fc.type_subtype == 12

• Observe the de-authentication packets with 30 sec time interval