feat: Fix DoS stack memory

ElectronicCats · Nov 21, 2024 · e285cd6 · e285cd6
1 parent eccb1c4
commit e285cd6
Show file tree

Hide file tree

Showing 3 changed files with 74 additions and 20 deletions.
diff --git a/firmware/README.md b/firmware/README.md
@@ -181,4 +181,34 @@ BLE_SCAN_FILTER_ALLOW_ALL           = 0x0,  /*!< Accept all :
                                                   1. advertisement packets from devices where the advertiser’s address is in the White list, and
                                                   2. directed advertising packets where the initiator address is a resolvable private address, and
                                                   3. directed advertising packets addressed to this device.*/
-```
+```
+
+## WIFI
+
+### DoS test
+First run a python simple server with:
+`python3 -m http.server`
+
+Next open the DoS app in minino and if you haven't a AP saved in the serial terminal you need to add your AP:
+```
+Welcome to the Minino Console.
+Type 'help' to get the list of commands.
+Use UP/DOWN arrows to navigate through command history.
+Press TAB when typing command name to auto-complete.
+Press Enter or Ctrl+C will terminate the console environment.
+minino> save AP_NAME PASSWORD
+```
+
+The minino will try to connect to AP.
+Once you have a AP saved if the minino app do not show the AP's exit and come back to the app to load AP, once minino found a AP available this will try to connect and if done, the next screen will show the target, if target is not configured, you need to introduce manually in the serial terminal:
+```
+Welcome to the Minino Console.
+Type 'help' to get the list of commands.
+Use UP/DOWN arrows to navigate through command history.
+Press TAB when typing command name to auto-complete.
+Press Enter or Ctrl+C will terminate the console environment.
+minino> web_config IP_VICTIM PORT_VICTIM _PATH_VICTIM
+```
+In this case our victim server are our pc so the command will be like this: `web_config 192.168.0.178 8000 /`
+
+Then we can execute the command `catdos` to start the attack.
diff --git a/firmware/main/modules/cat_dos/cat_console.c b/firmware/main/modules/cat_dos/cat_console.c
@@ -56,7 +56,7 @@ static void initialize_console(void) {
   esp_console_repl_config_t repl_config = ESP_CONSOLE_REPL_CONFIG_DEFAULT();
   // initialize_filesystem();
   // repl_config.history_save_path = HISTORY_FILE_PATH;
-  repl_config.prompt = "bsides>";
+  repl_config.prompt = "minino>";
 
   esp_console_dev_usb_serial_jtag_config_t usbjtag_config =
       ESP_CONSOLE_DEV_USB_SERIAL_JTAG_CONFIG_DEFAULT();

diff --git a/firmware/main/modules/cat_dos/catdos_module.c b/firmware/main/modules/cat_dos/catdos_module.c
@@ -35,6 +35,7 @@ static const char* CATDOS_TAG = "catdos_module";
 static int selected_item = 0;
 static int total_items = 0;
 static int max_items = 6;
+static bool is_exit = false;
 
 static TaskHandle_t task_atack = NULL;
 
@@ -64,11 +65,8 @@ static void catdos_module_show_target();
 static void catdos_module_display_attack_animation() {
   oled_screen_clear(OLED_DISPLAY_NORMAL);
   while (running_attack) {
-    for (int i = 0; i < 4; i++) {
-      oled_screen_clear(OLED_DISPLAY_NORMAL);
-      oled_screen_display_text_center("Attacking", 0, OLED_DISPLAY_NORMAL);
-      vTaskDelay(250 / portTICK_PERIOD_MS);
-    }
+    oled_screen_clear(OLED_DISPLAY_NORMAL);
+    oled_screen_display_text_center("Attacking", 0, OLED_DISPLAY_NORMAL);
     vTaskDelay(1000 / portTICK_PERIOD_MS);
   }
 }
@@ -375,11 +373,8 @@ static void http_get_task(void* pvParameters) {
     // ESP_LOGI(CATDOS_TAG, "... socket send success");
     close(s);
   }
-  running_attack = false;
-  if (task_atack) {
-    vTaskSuspend(task_atack);
-    vTaskDelete(task_atack);
-  }
+  // running_attack = false;
+  vTaskDelete(NULL);
 }
 
 void catdos_module_send_attack() {
@@ -428,12 +423,14 @@ void catdos_module_send_attack() {
   assert(res == 0);
   res = pthread_join(thread8, NULL);
   assert(res == 0);
+
+  vTaskDelete(NULL);
 }
 
 void catdos_module_begin() {
-#if !defined(CONFIG_CATDOS_MODULE_DEBUG)
-  esp_log_level_set(CATDOS_TAG, ESP_LOG_NONE);
-#endif
+  // #if !defined(CONFIG_CATDOS_MODULE_DEBUG)
+  //   esp_log_level_set(CATDOS_TAG, ESP_LOG_NONE);
+  // #endif
   // ESP_ERROR_CHECK(esp_event_loop_create_default());
   menus_module_set_app_state(true, catdos_module_state_machine);
 
@@ -447,25 +444,40 @@ void catdos_module_begin() {
 
   bool wifi_connection = preferences_get_bool("wifi_connected", false);
 
+  int total_items = preferences_get_int("count_ap", 0);
+  ESP_LOGI(CATDOS_TAG, "Total items: %d", total_items);
+
   if (wifi_connection) {
     oled_screen_display_text_center("WIFI Connection", 1, OLED_DISPLAY_NORMAL);
     catdos_state = CATDOS_STATE_CONFIG_TARGET;
+    catdos_module_show_target();
   } else {
     catdos_state = CATDOS_STATE_CONFIG_WIFI;
     int total_items = preferences_get_int("count_ap", 0);
+    ESP_LOGI(CATDOS_TAG, "Total items: %d", total_items);
     if (total_items == 0) {
       oled_screen_display_text_center("No WIFI", 1, OLED_DISPLAY_NORMAL);
       oled_screen_display_text_center("Add WiFi", 2, OLED_DISPLAY_NORMAL);
       oled_screen_display_text_center("From console", 3, OLED_DISPLAY_NORMAL);
       return;
     }
-    catdos_module_display_wifi();
+    // }else{
+    //   catdos_module_display_wifi();
+    // }
   }
 }
 
 static void catdos_module_display_wifi() {
   oled_screen_clear();
-  oled_screen_display_text_center("Selected WIFI", 0, OLED_DISPLAY_NORMAL);
+  oled_screen_display_text_center("Select WIFI", 0, OLED_DISPLAY_NORMAL);
+  int total_items = preferences_get_int("count_ap", 0);
+
+  if (total_items == 0) {
+    oled_screen_display_text_center("No WIFI", 1, OLED_DISPLAY_NORMAL);
+    oled_screen_display_text_center("Add WIFI", 2, OLED_DISPLAY_NORMAL);
+    oled_screen_display_text_center("From console", 3, OLED_DISPLAY_NORMAL);
+    return;
+  }
 
   for (int i = selected_item; i < max_items + selected_item; i++) {
     char wifi_ap[100];
@@ -474,7 +486,7 @@ static void catdos_module_display_wifi() {
     esp_err_t err = preferences_get_string(wifi_ap, wifi_ssid, 100);
     if (err != ESP_OK) {
       ESP_LOGW(__func__, "Error getting AP %d", i);
-      return;
+      continue;
     }
     char wifi_text[120];
     if (strlen(wifi_ssid) > 16) {
@@ -509,6 +521,9 @@ static void catdos_module_cb_connection(bool state) {
       catdos_state = CATDOS_STATE_CONFIG_TARGET;
     }
   } else {
+    if (is_exit) {
+      return;
+    }
     oled_screen_display_text_center("WIFI", 0, OLED_DISPLAY_NORMAL);
     oled_screen_display_text_center("Error", 1, OLED_DISPLAY_NORMAL);
     vTaskDelay(2000 / portTICK_PERIOD_MS);
@@ -537,6 +552,10 @@ static void catdos_module_show_target() {
     ESP_LOGE(CATDOS_TAG, "Error getting endpoint");
     return;
   }
+  bool is_target = catdos_module_is_config_target();
+  if (is_target) {
+    catdos_state = CATDOS_STATE_ATTACK;
+  }
   oled_screen_display_text_center("Target", 0, OLED_DISPLAY_INVERT);
   oled_screen_display_text_center("Host", 1, OLED_DISPLAY_NORMAL);
   oled_screen_display_text_center(host, 2, OLED_DISPLAY_NORMAL);
@@ -626,10 +645,15 @@ static void catdos_module_state_machine(uint8_t button_name,
     case CATDOS_STATE_ATTACK: {
       switch (button_name) {
         case BUTTON_LEFT:
-          menus_module_exit_app();
+          is_exit = true;
+          menus_module_reset();
           break;
         case BUTTON_RIGHT:
-          catdos_module_send_attack();
+          xTaskCreate(&catdos_module_send_attack, "http_send_task", 4096, NULL,
+                      5, NULL);
+          xTaskCreate(&catdos_module_display_attack_animation, "http_an_task",
+                      4096, NULL, 5, NULL);
+          // catdos_module_send_attack();
           break;
         case BUTTON_UP:
         case BUTTON_DOWN: