DF-0326 / run.sh
#!/bin/sh # DF-0326 run script. # 1) code-level overflow proof (userspace replica of struct ieee80211_node tail) # 2) crafted-beacon generator (raw 802.11 frame bytes -> beacon.bin) # 3) reachability/environment probe on the live kernel set -e cd "$(dirname "$0")" echo "===== node_overflow (code-level proof) =====" ./node_overflow echo echo "===== beacon_gen 192 > beacon.bin =====" ./beacon_gen 192 > beacon.bin echo "first 96 bytes of the crafted beacon (hexdump -C):" hexdump -C beacon.bin | head -6 echo "beacon.bin size:" ls -l beacon.bin echo "--- decode: byte at offset 0x26 (38) is fc0 subtype, SSID IE tag+len at body offset 0x18..0x19 ---" echo echo "===== live-kernel reachability probe =====" echo "--- vulnerable symbols in /boot/kernel/kernel (T = live text) ---" nm /boot/kernel/kernel 2>/dev/null | grep -iE 'ieee80211_sta_join|ieee80211_init_neighbor|ieee80211_add_scan' || echo "(nm not available or symbols absent)" echo "--- SSID_INVALID status flag consumers (should be NONE) ---" echo "grep -c BPARSE_SSID_INVALID across the wlan tree: live kernel is closed-source; see env.txt host-side analysis" echo "--- 802.11 interfaces present (radio check) ---" ifconfig -l echo "RUN_OK" |