Seems like you're asking how JamWIFI sends a disassociation packet rather than anything else so I'll answer that. Firstly, looking at the Git repo we see the following:
libpcap provides a good point of abstraction for sending/receiving raw 802.11 frames at the MAC layer
This is the first half of the answer to your question, he's using libpcap. If you haven't heard of it before, it is a very large packet capture library but it can also do a bunch more here's the documentation.
The second half of the answer to your question lies in the code. I am by no means an Objective-C or C dev, however, if you take a look inside ANClientKiller.m
we get an idea of how it sends a de-authentication request. Starting at the top of the code, we have the request itself defined as:
#define DEAUTH_REQ \
"\xC0\x00\x3A\x01\xCC\xCC\xCC\xCC\xCC\xCC\xBB\xBB\xBB\xBB\xBB\xBB" \
"\xBB\xBB\xBB\xBB\xBB\xBB\x00\x00\x07\x00"
You might be wondering what this packet does, so I'll tell you. The above packet is effectively an announcement which states that the receiver is no longer authenticated. Once this is sent, it causes the de-authentication, ironically in an attempt to re-authenticate. The trick here is that the request must be accepted & it must take immediate effect. That's all there really is to it. This is the same way that de-authentication takes place in Aircrack-ng. As well as other tools. Well, using the same packet at least.
As far as actually sending this packet goes, that is a bit more language specific. If you look further down the code you'll notice the following:
- (AN80211Packet *)deauthPacketForBSSID:(const unsigned char *)bssid client:(const unsigned char *)client {
char deauth[26];
memcpy(&deauth[0], DEAUTH_REQ, 26);
memcpy(&deauth[4], client, 6);
memcpy(&deauth[10], bssid, 6);
memcpy(&deauth[16], bssid, 6);
AN80211Packet * packet = [[AN80211Packet alloc] initWithData:[NSData dataWithBytes:deauth length:26]];
return packet;
}
This is where you'll need to read up about memcpy if you're wondering on the specifics. Basically, this bit of code is preparing the packet to be sent.
Using memcpy it is taking the bytes from DEAUTH_REQ
and copying the exact number of bytes to the destination. Once this is done we return the packet now with the DEAUTH_REQ
inside it, as well as the BSSID (MAC address of the access point) and the client. This packet is now ready to be sent for a de-authentication to take place. If you were to keep sending this packet, you would keep de-authenticating the client from the access point to which they're connected.
You'll notice I have not included the code where the packet actually gets sent. This is because that entirely depends on what language you using to achieve this and what library and so there are too many specifics/nuances.
Hopefully that answers your question. If you would like to implement this yourself in another language, you could more or less take the code from JamWIFI only changing the nuances of your language & it would work, regardless of being on a mac. There is plenty of de-authenticating WIFI client implementations online already so you wouldn't need to re-invent the wheel.
after running it, it actually does nothing
have you sniffed this? Are you sure the problem is on your Mac? Maybe it's on the "Victim" and you're doing it wrong. Have you captured the packets exiting the selected interface and proved that it actually does nothing? Try Wireshark.