#!/usr/bin/python
# coding: utf-8

# $ iw dev wlan0 interface add mon0 type monitor
interface = "mon0"

beacon_interval = 0.4
beacon1_ssid = "internet"
beacon1_mac = "02:03:04:05:06:07"

beacon2_ssid = ["ᖵᕕ", "¬Γٮ Ξ /Δɱ", "ᒣᒥ☐ᙿᐬᗑ", "ᒣᒥ∐ ̿ ᐟᐃ∏",
        "┐┌┗┛=/△ㄇ", "┓┏ 凵 =╱⊿┌┬┐", "=╱⊿┌┬┐'"]
beacon2_timeout = 20 # sec.
#######################################################
from scapy.all import *
import time
import sys
import threading

destinations = dict() # key: mac, value:count-down

def build_beacon(daddr, addr, symbol,enc=False):
    p = (Dot11(addr1=daddr,addr2=addr,addr3=addr)/
          Dot11Beacon(cap="ESS")/
          Dot11Elt(ID="SSID",info=symbol)/
          Dot11Elt(ID="Rates",info='\x82\x84\x0b\x16')/
          Dot11Elt(ID="DSset",info="\x03")/
          Dot11Elt(ID="TIM",info="\x00\x01\x00\x00") )
    if enc:
        p = p / Dot11Elt(ID="RSNinfo", info="\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x02\x00\x00")
    return RadioTap()  /  p

def build_deauth(ap_addr, client_addr):
    p = (Dot11(addr1=ap_addr, addr2=client_addr, addr3=ap_addr) /
            Dot11Deauth(reason=5)) # 5: Disassociated because AP is unable to handle all currently associated STAs
    return RadioTap() / p

def sniffer_run(*_):
    while True:
        p = sniff(count=1, iface=interface)[0]
        #print repr(p)

        if p.haslayer(Dot11Auth) and \
                p.addr1 == beacon1_mac and \
                p.addr2 not in destinations.keys():
            print "Registered via dot11auth {addr}".format(addr=p.addr2)
            destinations[p.addr2] = time.time()
            sendp(build_deauth(beacon1_mac, p.addr2), iface=interface, verbose=False)
            continue

        if p.haslayer(Dot11ProbeReq):
            for layer in p.getlayer(Dot11Elt):
                field_id, value = p.getlayer(Dot11Elt).getfield_and_val("ID")
                if field_id.i2s[value] == "SSID":
                    if layer.info == beacon1_ssid and p.addr2 not in destinations.keys():
                        print "registered via Dot11ProbeReq {addr2}".format(addr2=p.addr2)
                        destinations[p.addr2] = time.time()                        
                        sendp(build_deauth(beacon1_mac, p.addr2), iface=interface, verbose=False)
                        continue

def sender_run(*_):
    beacon = build_beacon("ff:ff:ff:ff:ff:ff",beacon1_mac, beacon1_ssid)
    last_ts = time.time()
    while True:
        d = time.time() - last_ts
        if beacon_interval - d > 0:
            time.sleep(beacon_interval - d)
        last_ts = time.time()
        sendp(beacon,iface=interface,verbose=False)
        for addr,timestamp in destinations.items():
            if time.time() - timestamp > beacon2_timeout:
                print "{addr} timed out".format(addr=addr)
                destinations.pop(addr)
                continue


            print "Send beacons to {addr}".format(addr=addr)
            for i,symbol in zip(range(len(beacon2_ssid)), beacon2_ssid):
                bssid = "02:00:00:00:{0:02x}:{1:02x}".format(i/0xff, i%0xff)
                p = build_beacon(addr, bssid, symbol, enc=True)
                sendp(p, iface=interface, verbose=False)

sniffer_thread = threading.Thread()
sniffer_thread.run = sniffer_run
sniffer_thread.daemon = True
sniffer_thread.start()

sender_thread = threading.Thread()
sender_thread.run = sender_run
sender_thread.daemon = True
sender_thread.start()

try:
    while True:
        sender_thread.join(1)
        if (not sender_thread.is_alive() or
                not sniffer_thread.is_alive()):
            sys.exit(0)
except KeyboardInterrupt:
    sys.exit(1)