Tag Archives: scripting

Garmin Wardriver – Part 2

I’m very happy to say, this is a simple project, to get working in its most basic form.  Note, I said it’s most basic form so no hate mail on the fact that this is nothing more than a quick script!  There are plans to actually go deeper, make this open to more than my device, not use already existing programs, etc.  But for the basic concept and starter, I’ve made this program use gpsbabel to get the gps information and iwlist to get the network information.  I had started with pywifi but found this to be a problem because there was an overbound error.  This bug will be reported, it seems it has a problem with converting an integer to a float on a 64bit machine.

So with no futher ado, here is the script:

#!/usr/bin/env python
import os, re, time

def die(msg):
	print ' [*] ERROR: %s' % msg

def checkroot():
	if os.getuid() != 0:
		die('Run this program as root.')

def getessid(dev):
	nets = os.popen('iwlist %s scan' % dev).read()
	pat  = re.compile(r'ESSID:".*"')
	mess = re.findall(pat, nets)
	found= []
	for find in mess:
	return found

def getposition(dev):
	pos = os.popen('gpsbabel -i garmin,get_posn -f %s' % dev).read()
	pos = pos.splitlines()[1].split(' ')
	return [pos[1],pos[2]]

def main():
	found = getessid('eth1')
	pos   = getposition('/dev/ttyUSB0')
	for find in found:
		print 'ESSID: %s @ %s | %s' % (find,pos[0],pos[1])

if __name__ == '__main__':

So what you see here is that I’m using os.popen() to call my programs to draw data.  Unfortunately, iwlist is painfully slow, to the point there’d be a five second delay on some slower machines between the call and having the data ready.  This is why I want to develop the application to not be dependent on other programs, but for the time being, this works as proof of concept in the data gathering stage.  It’s now just a matter of adjusting the code to run this constantly and load data to an overlay when entering and leaving an ESSID’s area.

Any comments for improvements?  Don’t forget, you can join this project any time on SourceForge!

A quick Python MySQLdb fix…

Okay, so I enjoy writing code in python a lot more than I ever would in php.  So when I came across the MySQLdb module, I was thrilled.  Now I could do anything that php could do and more, in my opinion.  Well, except php’s python comes with all sort of proctections such as mysql_real_escape()… hmm, what to do now.  Well, better come to a solution.  Here’s that solution in all of it’s glory:

#!/usr/bin/env python
## FILENAME: sql.py

def clean(unclean):
	cleaned = ""
	badchrs = "\\\/\"\'"
	temp    = ""
	for ch in unclean:
		temp = ch
		if temp in badchrs:
			temp = "\\" + temp
		cleaned += temp
	return cleaned

As for usage, just place this with your script (most likely in cgi-bin) and import it:

import sql
name    = sql.clean(form.getvalue('name'))

Obviously, there can be more escapes added but for the initial framework, this is the start of a simple fix! for discussion, what vulnerabilities are in this code? What are other ways to extend the MySQLdb module? Please comment…