5 #include <sys/socket.h>
6 #include <bluetooth/bluetooth.h>
7 #include <bluetooth/rfcomm.h>
9 #include <netinet/in.h>
10 #include <arpa/inet.h>
12 int parse_packet(unsigned char *buf, unsigned bytes, int sock)
18 ptr = strtok((char *)buf, "\n");
20 if (strncmp(ptr, "*NETWORK: ", 10) == 0) {
22 int crypted, weak, signal, noise;
23 if (sscanf(ptr, "*NETWORK: %s %d %d %d %d", bssid, &crypted, &weak, &signal, &noise) != 5) {
24 printf("Couldn't parse NETWORK packet\n");
26 if (strcmp(bssid, "00:0D:54:A0:27:7F") == 0) {
27 char str1[64], str2[64], str3[64], str4[64];
29 sprintf(str1, "Crypted: %d", crypted);
30 sprintf(str2, "Weak IVs: %d", weak);
31 sprintf(str3, "Signal level: %d dB", signal);
32 sprintf(str4, "Noise level: %d dB", noise);
34 write(sock, "\000\001", 2);
35 len = htons(2 * 4 + strlen(str1) + strlen(str2) + strlen(str3) + strlen(str4));
36 write(sock, (char*)&len, 2);
38 len = htons(strlen(str1));
39 write(sock, (char*)&len, 2);
40 write(sock, str1, strlen(str1));
42 len = htons(strlen(str2));
43 write(sock, (char*)&len, 2);
44 write(sock, str2, strlen(str2));
46 len = htons(strlen(str3));
47 write(sock, (char*)&len, 2);
48 write(sock, str3, strlen(str3));
50 len = htons(strlen(str4));
51 write(sock, (char*)&len, 2);
52 write(sock, str4, strlen(str4));
58 ptr = strtok(NULL, "\n");
64 int main(int argc, char **argv)
66 struct sockaddr_rc loc_addr = { 0 }, rem_addr = { 0 };
67 struct sockaddr_in addr;
68 unsigned char buf[1024] = { 0 };
69 char initstr[] = "!1 ENABLE NETWORK bssid,cryptpackets,weakpackets,signal,noise\n";
70 int s, client, kismet, bytes_read;
71 size_t opt = sizeof(rem_addr);
75 s = socket(AF_BLUETOOTH, SOCK_STREAM, BTPROTO_RFCOMM);
77 // bind socket to port 1 of the first available
78 // local bluetooth adapter
79 loc_addr.rc_family = AF_BLUETOOTH;
80 loc_addr.rc_bdaddr = *BDADDR_ANY;
81 loc_addr.rc_channel = (uint8_t) 1;
82 bind(s, (struct sockaddr *)&loc_addr, sizeof(loc_addr));
84 // put socket into listening mode
87 // accept one connection
88 client = accept(s, (struct sockaddr *)&rem_addr, &opt);
90 ba2str( &rem_addr.rc_bdaddr, buf );
91 fprintf(stderr, "accepted connection from %s\n", buf);
92 memset(buf, 0, sizeof(buf));
94 ioctl(client, FIONBIO, &one);
97 kismet = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
98 addr.sin_family = AF_INET;
99 addr.sin_addr.s_addr = inet_addr("127.0.0.1");
100 addr.sin_port = htons(2501);
102 if (connect(kismet, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
106 ioctl(kismet, FIONBIO, &one);
107 write(kismet, initstr, strlen(initstr));
109 printf("Connected to Kismet.\n");
111 // read data from the client
115 // gobble up data from the phone
116 bytes_read = read(client, buf, sizeof(buf) - 1);
117 if( bytes_read > 0 ) {
119 printf("received [");
120 for (i = 0; i < bytes_read; ++i)
121 printf("0x%02x ", buf[i]);
126 bytes_read = read(kismet, buf, sizeof(buf));
127 if( bytes_read > 0 ) {
129 for (i = 0; i < bytes_read; ++i)
130 printf("%c", buf[i]);
132 flag = parse_packet(buf, bytes_read, client);
137 write(client, "\000\012\000\000", 4);