run_ap.sh

#!/bin/bash
#
#########################################################################################
#
# SCRIPT  : run_ap.sh
# AUTHOR  : Rofi (Fixploit03)
# GITHUB  : https://github.com/fixploit03/run_ap
# LISENSI : MIT
#
#########################################################################################
#
# Script ini sepenuhnya FREE (alias GRATIS!)
#
#########################################################################################

set -e

#-------------- Cek Root --------------#
if [[ $EUID -ne 0 ]]; then
	echo "ERROR: Script ini harus dijalankan sebagai root!"
	exit 1
fi

#-------------- Tentang Script --------------#
readonly script="run_ap"
readonly deskripsi="Script Bash sederhana yang dirancang untuk mengelola Wireless Access Point di Linux"
readonly versi="v1.2.0"
readonly author="Rofi (Fixploit03)"
readonly github="https://github.com/fixploit03/run_ap"

#-------------- Fungsi untuk Bersih-Bersih --------------#
clean_up(){
	echo "INFO: Menghentikan run_ap..."

	# kill proses
	pkill dnsmasq || true
	pkill hostapd || true

	sleep 0.5 
	
	# start networkmanager
	if systemctl list-unit-files | grep -q "NetworkManager.service"; then
		systemctl start NetworkManager 2>/dev/null || true
	fi

	# start wpa_supplicant
	if systemctl list-unit-files | grep -q "wpa_supplicant.service"; then
		systemctl start wpa_supplicant 2>/dev/null || true
	fi

	# hapus rules iptables
	if [[ -n "${interface_internet}" ]]; then
		iptables -t nat -D POSTROUTING -o "${interface_internet}" -j MASQUERADE 2>/dev/null || true
		iptables -D FORWARD -i "${interface}" -o "${interface_internet}" -j ACCEPT 2>/dev/null || true
		iptables -D FORWARD -i "${interface_internet}" -o "${interface}" -m state --state RELATED,ESTABLISHED -j ACCEPT 2>/dev/null || true
		echo 0 > /proc/sys/net/ipv4/ip_forward
	fi

	# flush ip address
	if [[ -n "${interface}" ]]; then
		ip addr flush dev "${interface}"
		ip link set "${interface}" down
		sleep 0.5
		iw dev "${interface}" set type managed
		ip link set "${interface}" up
	fi

	# hapus file config
	rm -f "${config_dnsmasq}" "${config_hostapd}"

	echo "INFO: run_ap berhasil dihentikan!"
	exit 0
}

trap clean_up SIGINT SIGTERM

#-------------- Fungsi Konfirmasi --------------#
konfirmasi(){
	while true; do
		read -r -p "Apakah ingin menggunakannya? [Y/n] " confirm
		if [[ -z "${confirm}" || "${confirm}" == "y" || "${confirm}" == "Y" ]]; then
			break
		elif [[ "${confirm}" == "n" || "${confirm}" == "N" ]]; then
			echo "INFO: Proses dibatalkan."
			exit 0
		else
			echo "ERROR: Masukkan tidak valid. Harap masukkan 'Y/n'!"
			continue
		fi
	done
}

#-------------- Fungsi Alert Keamanan --------------#
alert_keamanan(){
	echo "WARNING: Keamanan '${keamanan}' sudah usang dan tidak disarankan untuk digunakan!"
	konfirmasi
}

#-------------- Fungsi Validasi Password WPA --------------#
validasi_password_wpa(){
	if [[ -n "${password}" ]]; then
		echo "ERROR: Opsi -p tidak dibutuhkan untuk keamanan '${keamanan}'!"
		exit 1
	fi
}

#-------------- Fungsi Validasi Autentikasi WEP --------------#
validasi_autentikasi_wep(){
	if [[ -n "${autentikasi_wep}" ]]; then
		echo "ERROR: Opsi -a tidak dibutuhkan untuk keamanan '${keamanan}'!"
		exit 1
	fi
}

#-------------- Fungsi Validasi Panjang Kunci WEP --------------#
validasi_panjang_kunci_wep(){
	if [[ -n "${panjang_kunci_wep}" ]]; then
		echo "ERROR: Opsi -l tidak dibutuhkan untuk keamanan '${keamanan}'!"
		exit 1
	fi
}

#-------------- Fungsi Validasi Secret Radius --------------#
validasi_secret_radius(){
	if [[ -n "${secret_radius}" ]]; then
		echo "ERROR: Opsi -S tidak dibutuhkan untuk keamanan '${keamanan}'!"
		exit 1
	fi
}

#-------------- Fungsi Validasi PMF --------------#
validasi_pmf(){
	# validasi pmf untuk keamanan opn - wpa-enterprise
	if [[ "${keamanan}" == "opn" || "${keamanan}" == "wep" || "${keamanan}" == "wpa-personal" || "${keamanan}" == "wpa-enterprise" ]]; then
		if [[ -z "${pmf}" ]]; then
			pmf="0"
		fi

		if [[ "${pmf}" != "0" ]]; then
			echo "ERROR: Keamanan '${keamanan}' tidak mendukung PMF (802.11w)!"
			exit 1
		fi
	# validasi pmf untuk keamanan wpa2-personal - wpa/wpa2-enterprise
	elif [[ "${keamanan}" == "wpa2-personal" || "${keamanan}" == "wpa2-enterprise" || "${keamanan}" == "wpa/wpa2-personal" || "${keamanan}" == "wpa/wpa2-enterprise" ]]; then
		if [[ -z "${pmf}" ]]; then
			pmf="0"
		fi

		if [[ "${pmf}" != "0" && "${pmf}" != "1" && "${pmf}" != "2" ]]; then
			echo "ERROR: Nilai PMF (802.11w) tidak valid!"
			exit 1
		fi

		if [[ "${pmf}" == "2" ]]; then
			echo "INFO: Nilai 2 untuk keamanan '${keamanan}' dapat memengaruhi kompatibilitas pada perangkat lama!"
			konfirmasi
		fi
	# validasi pmf untuk keamanan wpa2/wpa3-personal
	elif [[ "${keamanan}" == "wpa2/wpa3-personal" ]]; then
		if [[ -z "${pmf}" ]]; then
			pmf="1"
		fi

		# validasi nilai pmf
		if [[ "${pmf}" != "0" && "${pmf}" != "1" && "${pmf}" != "2" ]]; then
			echo "ERROR: Nilai PMF (802.11w) tidak valid!"
			exit 1
		fi

		if [[ "${pmf}" == "0" ]]; then
			echo "WARNING: Nilai PMF (802.11w) untuk keamanan '${keamanan}' harus bernilai 1!"
			konfirmasi
		fi
	# validasi pmf untuk keamanan wpa3-personal dan owe
	elif [[ "${keamanan}" == "wpa3-personal" || "${keamanan}" == "owe" ]]; then
		if [[ -z "${pmf}" ]]; then
			pmf="2"
		fi

		if [[ "${pmf}" != "2" ]]; then
			echo "ERROR: Nilai PMF (802.11w) untuk keamanan '${keamanan}' harus bernilai 2!"
			exit 1
		fi
	fi
}

#-------------- Fungsi Menampilkan Versi run_ap --------------#
versi_run_ap(){
	echo "INFO: Versi run_ap saat ini adalah versi: ${versi}"
	exit 0
}

#-------------- Cek Tools --------------#
tools=("hostapd" "dnsmasq" "iw" "iptables")

for t in "${tools[@]}"; do
	if ! command -v "${t}" &>/dev/null; then
		echo "ERROR: '${t}' belum diinstal, harap jalankan script 'build.sh' terlebih dahulu!"
		exit 1
	fi
done

#-------------- Usage --------------#
usage(){
	cat <<EOF
${script} ${versi} - ${deskripsi}
Dibuat oleh: ${author}
GitHub: ${github}

Penggunaan: sudo run_ap -i <interface_ap> [opsi]

Opsi:
  -h                      Menampilkan menu bantuan
  -v                      Menampilkan versi run_ap saat ini
  -i <interface_ap>       Interface AP (contoh: wlan0)
  -e <interface_internet> Interface internet (contoh: eth0, wlan1)
  -s <ssid>               SSID (default: run_ap)
  -b <mode>               Mode Wi-Fi (default: g)
                            - a = 5 GHz
                            - b = 2.4 GHz (legacy)
                            - g = 2.4 GHz
  -c <channel>            Channel Wi-Fi
                            - 2.4 GHz = 1-11 (default: 6)
                            - 5 GHz = 36-161 (default: 36)
  -C <country_code>       Country Code (default: ID)
  -k <keamanan>           Keamanan Wi-Fi (default: opn)
                            - opn
                            - wep
                            - wpa-personal
                            - wpa-enterprise
                            - wpa2-personal
                            - wpa2-enterprise
                            - wpa/wpa2-personal
                            - wpa/wpa2-enterprise
                            - wpa2/wpa3-personal
                            - wpa3-personal
                            - owe
  -W <0|1|2>              PMF (802.11w)
                            - 0 = Nonaktif
                            - 1 = Opsional
                            - 2 = Wajib
  -a <1|2|3>              Jenis autentikasi WEP (default: 1)
                            - 1 = OSA (Open System Authentication)
                            - 2 = SKA (Shared Key Authentication)
                            - 3 = Both (keduanya)
  -l <1|2>                Panjang kunci WEP (default: 1)
                            - 1 = 40-bit
                            - 2 = 104-bit
  -p <password>           Password Wi-Fi
                            - WEP 40-bit = 5/10 karakter
                            - WEP 104-bit = 13/26 karakter
                            - WPA-Personal = 8-63/64 karakter
  -I <ip_radius>          IP address RADIUS server (default: 127.0.0.1)
  -P <port_radius>        Port RADIUS server (default: 1812)
  -S <secret_radius>      Shared secret RADIUS
  -H <0|1>                Visibilitas SSID (default: 0)
                            - 0 = Broadcast
                            - 1 = Hidden
  -A <0|1>                AP Isolation (default: 0)
                            - 0 = Nonaktif
                            - 1 = Aktif

Contoh:
  - Wi-Fi OPN: sudo run_ap -i wlan0
  - Wi-Fi WPA2-Personal: sudo run_ap -i wlan0 -k wpa2-personal -p 12345678
  - Internet sharing: sudo run_ap -i wlan0 -e eth0 -k wpa2-personal -p 12345678
EOF
	exit 0
}

#-------------- GETOPTS --------------#
while getopts ":hvi:e:s:b:c:C:k:W:a:l:p:I:P:S:H:A:" opsi; do
	case "${opsi}" in
		h)
			usage
			;;
		v)
			versi_run_ap
			;;
		i)
			interface=$OPTARG
			;;
		e)
			interface_internet=$OPTARG
			;;
		s)
			ssid=$OPTARG
			;;
		b)
			mode=$OPTARG
			;;
		c)
			channel=$OPTARG
			;;
		C)
			country_code=$OPTARG
			;;
		k)
			keamanan=$OPTARG
			;;
		W)
			pmf=$OPTARG
			;;
		a)
			autentikasi_wep=$OPTARG
			;;
		l)
			panjang_kunci_wep=$OPTARG
			;;
		p)
			password=$OPTARG
			;;
		I)
			ip_radius=$OPTARG
			;;
		P)
			port_radius=$OPTARG
			;;
		S)
			secret_radius=$OPTARG
			;;
		H)
			visibilitas_ssid=$OPTARG
			;;
		A)
			ap_isolate=$OPTARG
			;;
		\?)
			echo "ERROR: Opsi tidak dikenal -${OPTARG}" >&2
			exit 1
			;;
		:)
			echo "ERROR: Opsi -${OPTARG} butuh argumen." >&2
			exit 1
			;;
	esac
done

#-------------- Validasi Interface AP --------------#
#
# panggil fungsi usage kalau nilai argumen interface_ap kosong
if [[ -z "${interface}" ]]; then
	usage
fi

# cek apakah interface ap ada atau tidak
if ! iw dev | awk '{print $2}' | grep -qw "${interface}"; then
	echo "ERROR: Interface '${interface}' tidak ditemukan!"
	exit 1
fi

phy=$(cat /sys/class/net/"${interface}"/phy80211/name)

# cek apakah interface ap mendukung mode ap atau tidak
if ! iw phy "${phy}" info | grep -q "\* AP$"; then
	echo "ERROR: Interface '${interface}' tidak mendukung mode AP!"
	exit 1
fi

#-------------- Validasi Interface Internet --------------#
if [[ -n "${interface_internet}" ]]; then
	# cek apakah interface internet ada atau tidak
	if ! ip link show "${interface_internet}" &>/dev/null; then
		echo "ERROR: Interface internet '${interface_internet}' tidak ditemukan!"
		exit 1
	fi

	# cek apakah interface internet sama dengan interface ap
	if [[ "${interface}" == "${interface_internet}" ]]; then
		echo "ERROR: Interface AP dengan interface internet tidak boleh sama!"
		exit 1
	fi

	# cek koneksi internet di interface internet
	if ! ping -c 1 -W 2 -I "${interface_internet}" 8.8.8.8 &>/dev/null; then
		echo "ERROR: Interface '${interface_internet}' tidak memiliki koneksi internet!"
		exit 1
	fi
fi

#-------------- Validasi SSID --------------#
#
# nilai default untuk ssid
if [[ -z "${ssid}" ]]; then
	ssid="run_ap"
fi

# cek panjang ssid
if [[ "${#ssid}" -gt 32 ]]; then
	echo "ERROR: Panjang SSID tidak valid!"
	exit 1
fi

#-------------- Validasi Mode Wi-Fi --------------#
#
# nilai default untuk mode wifi
if [[ -z "${mode}" ]]; then
	mode="g"
fi

# list mode wifi yang valid
mode_valid=("a" "b" "g")

valid=0

# validasi mode wifi
for m in "${mode_valid[@]}"; do
	if [[ "${m}" == "${mode}" ]]; then
		valid=1
		break
	fi
done

if [[ "${valid}" -ne 1 ]]; then
	echo "ERROR: Mode Wi-Fi tidak valid!"
	exit 1
fi

# cek apakah interface support 5 ghz atau tidak
if [[ "${mode}" == "a" ]]; then
	if ! iw phy "${phy}" info | grep -wq "Band 2"; then
		echo "ERROR: Interface '${interface}' tidak mendukung mode '${mode}'!"
		exit 1
	fi
fi

#-------------- Validasi Channel Wi-Fi --------------#
#
# nilai default untuk channel wifi
if [[ -z "${channel}" ]]; then
	if [[ "${mode}" == "a" ]]; then
		channel="36"
	else
		channel="6"
	fi
fi

# list channel yang valid
channel_valid_4=("1" "2" "3" "4" "5" "6" "7" "8" "9" "10" "11")
channel_valid_5=("36" "40" "44" "48" "52" "56" "60" "64" "149" "153" "157" "161")

# a = 5 GHz
if [[ "${mode}" == "a" ]]; then
	valid=0

	# validasi channel 5ghz
	for ch in "${channel_valid_5[@]}"; do
		if [[ "${ch}" == "${channel}" ]]; then
			valid=1
			break
		fi
	done

	if [[ "${valid}" -ne 1 ]]; then
		echo "ERROR: Channel Wi-Fi tidak valid!"
		exit 1
	fi
# b | g = 2.4 GHz
elif [[ "${mode}" == "b" || "${mode}" == "g" ]]; then
	valid=0

	# validasi channel 2.4 ghz
	for ch in "${channel_valid_4[@]}"; do
		if [[ "${ch}" == "${channel}" ]]; then
			valid=1
			break
		fi
	done

	if [[ "${valid}" -ne 1 ]]; then
		echo "ERROR: Channel Wi-Fi tidak valid!"
		exit 1
	fi
fi

#-------------- Validasi Country Code --------------#
#
# nilai default untuk country code
if [[ -z "${country_code}" ]]; then
	country_code="ID"
fi

# cek panjang karakter country code
if [[ "${#country_code}" -ne 2 ]]; then
	echo "ERROR: Country Code harus 2 karakter!"
	exit 1
fi

# list country code yang valid
country_code_valid=(
	"AD" "AE" "AF" "AG" "AI" "AL" "AM" "AO" "AQ" "AR" "AS" "AT" "AU" "AW" "AX" "AZ"
	"BA" "BB" "BD" "BE" "BF" "BG" "BH" "BI" "BJ" "BL" "BM" "BN" "BO" "BQ" "BR" "BS"
	"BT" "BV" "BW" "BY" "BZ" "CA" "CC" "CD" "CF" "CG" "CH" "CI" "CK" "CL" "CM" "CN"
	"CO" "CR" "CU" "CV" "CW" "CX" "CY" "CZ" "DE" "DJ" "DK" "DM" "DO" "DZ" "EC" "EE"
	"EG" "EH" "ER" "ES" "ET" "FI" "FJ" "FK" "FM" "FO" "FR" "GA" "GB" "GD" "GE" "GF"
	"GG" "GH" "GI" "GL" "GM" "GN" "GP" "GQ" "GR" "GS" "GT" "GU" "GW" "GY" "HK" "HM"
	"HN" "HR" "HT" "HU" "ID" "IE" "IL" "IM" "IN" "IO" "IQ" "IR" "IS" "IT" "JE" "JM"
	"JO" "JP" "KE" "KG" "KH" "KI" "KM" "KN" "KP" "KR" "KW" "KY" "KZ" "LA" "LB" "LC"
	"LI" "LK" "LR" "LS" "LT" "LU" "LV" "LY" "MA" "MC" "MD" "ME" "MF" "MG" "MH" "MK"
	"ML" "MM" "MN" "MO" "MP" "MQ" "MR" "MS" "MT" "MU" "MV" "MW" "MX" "MY" "MZ" "NA"
	"NC" "NE" "NF" "NG" "NI" "NL" "NO" "NP" "NR" "NU" "NZ" "OM" "PA" "PE" "PF" "PG"
	"PH" "PK" "PL" "PM" "PN" "PR" "PS" "PT" "PW" "PY" "QA" "RE" "RO" "RS" "RU" "RW"
	"SA" "SB" "SC" "SD" "SE" "SG" "SH" "SI" "SJ" "SK" "SL" "SM" "SN" "SO" "SR" "SS"
	"ST" "SV" "SX" "SY" "SZ" "TC" "TD" "TF" "TG" "TH" "TJ" "TK" "TL" "TM" "TN" "TO"
	"TR" "TT" "TV" "TW" "TZ" "UA" "UG" "UM" "US" "UY" "UZ" "VA" "VC" "VE" "VG" "VI"
	"VN" "VU" "WF" "WS" "YE" "YT" "ZA" "ZM" "ZW"
)

valid=0

# validasi country code
for c in "${country_code_valid[@]}"; do
	if [[ "${c}" == "${country_code}" ]]; then
		valid=1
		break
	fi
done

if [[ "${valid}" -ne 1 ]]; then
	echo "ERROR: Country Code tidak valid!"
	exit 1
fi

#-------------- Validasi Keamanan Wi-Fi --------------#
#
# nilai default untuk keamanan wifi
if [[ -z "${keamanan}" ]]; then
	keamanan="opn"
fi

# list keamanan wifi yang tersedia
keamanan_valid=("opn" "wep" "wpa-personal" "wpa-enterprise" "wpa2-personal" "wpa2-enterprise" "wpa/wpa2-personal" "wpa/wpa2-enterprise" "wpa2/wpa3-personal" "wpa3-personal" "owe")
valid=0

# validasi keamanan wifi
for k in "${keamanan_valid[@]}"; do
	if [[ "${k}" == "${keamanan}" ]]; then
		valid=1
		break
	fi
done

if [[ "${valid}" -ne 1 ]]; then
	echo "ERROR: Keamanan Wi-Fi tidak valid!"
	exit 1
fi

# opn
if [[ "${keamanan}" == "opn" ]]; then
	alert_keamanan
	validasi_autentikasi_wep
	validasi_panjang_kunci_wep
	validasi_password_wpa
	validasi_secret_radius
	validasi_pmf
# wep
elif [[ "${keamanan}" == "wep" ]]; then
	# cek apakah hostapd dicompile dengan dukungan wep
	if ! strings "$(which hostapd)" | grep -q "hostapd_config_read_wep"; then
		echo "ERROR: hostapd tidak dicompile dengan dukungan '${keamanan}'!"
		exit 1
	fi

	alert_keamanan
	validasi_secret_radius
	validasi_pmf

	# validasi password wep
	if [[ -z "${password}" ]]; then
		echo "ERROR: Opsi -p wajib diisi kalau menggunakan keamanan '${keamanan}'!"
		exit 1
	fi

	# nilai default untuk autentikasi wep
	if [[ -z "${autentikasi_wep}" ]]; then
		autentikasi_wep="1"
	fi

	# nilai default untuk panjang kunci wep
	if [[ -z "${panjang_kunci_wep}" ]]; then
		panjang_kunci_wep="1"
	fi

	# list autentikasi wep yang valid
	autentikasi_wep_valid=("1" "2" "3")
	# list panjang kunci wep yang valid
	panjang_kunci_wep_valid=("1" "2")

	# validasi jenis autentikasi wep
	valid=0

	for a in "${autentikasi_wep_valid[@]}"; do
		if [[ "${a}" == "${autentikasi_wep}" ]]; then
			valid=1
			break
		fi
	done

	if [[ "${valid}" -ne 1 ]]; then
		echo "ERROR: Jenis autentikasi WEP tidak valid!"
		exit 1
	fi

	# validasi panjang kunci wep
	valid=0

	for p in "${panjang_kunci_wep_valid[@]}"; do
		if [[ "${p}" == "${panjang_kunci_wep}" ]]; then
			valid=1
			break
		fi
	done

	if [[ "${valid}" -ne 1 ]]; then
		echo "ERROR: Panjang kunci WEP tidak valid!"
		exit 1
	fi

	# wep 40-bit
	if [[ "${panjang_kunci_wep}" == "1" ]]; then
		if [[ "${#password}" -ne 5 && "${#password}" -ne 10 ]]; then
			echo "ERROR: Panjang password Wi-Fi tidak valid!"
			exit 1
		fi

		if [[ "${#password}" -eq 5 ]]; then
			password="\"${password}\""
		fi

		if [[ "${#password}" -eq 10 ]]; then
			if [[ ! "${password}" =~ ^[0-9A-Fa-f]{10}$ ]]; then
				echo "ERROR: Password Wi-Fi tidak valid!"
				exit 1
			fi
		fi
	# wep 104-bit
	elif [[ "${panjang_kunci_wep}" == "2" ]]; then
		if [[ "${#password}" -ne 13 && "${#password}" -ne 26 ]]; then
			echo "ERROR: Panjang password Wi-Fi tidak valid!"
			exit 1
		fi

		if [[ "${#password}" -eq 13 ]]; then
			password="\"${password}\""
		fi

		if [[ "${#password}" -eq 26 ]]; then
			if [[ ! "${password}" =~ ^[0-9A-Fa-f]{26}$ ]]; then
				echo "ERROR: Password Wi-Fi tidak valid!"
				exit 1
			fi
		fi
	fi
# wpa-personal
elif [[ "${keamanan}" == "wpa-personal" || "${keamanan}" == "wpa2-personal" || "${keamanan}" == "wpa/wpa2-personal" || "${keamanan}" == "wpa2/wpa3-personal" || "${keamanan}" == "wpa3-personal" ]]; then
	# menampilkan alert kalau menggunakan keamanan wpa-personal
	if [[ "${keamanan}"  == "wpa-personal" ]]; then
		alert_keamanan
	# cek apakah hostapd dicompile dengan dukungan wpa3
	elif [[ "${keamanan}" == "wpa2/wpa3-personal" || "${keamanan}" == "wpa3-personal" ]]; then
		if ! strings "$(which hostapd)" | grep -q "SAE: Derive keys"; then
			echo "ERROR: hostapd tidak dicompile dengan dukungan '${keamanan}'!"
			exit 1
		fi
	fi

	validasi_autentikasi_wep
	validasi_panjang_kunci_wep
	validasi_secret_radius
	validasi_pmf

	# cek apakah password kosong atau tidak
	if [[ -z "${password}" ]]; then
		echo "ERROR: Opsi -p wajib diisi kalau menggunakan keamanan '${keamanan}'!"
		exit 1
	fi

	# cek apakah panjang password valid atau tidak
	if [[ "${#password}" -lt 8 || "${#password}" -gt 64 ]]; then
		echo "ERROR: Panjang password Wi-Fi tidak valid!"
		exit 1
	fi

	# cek format hex, kalau format password yang digunakan adalah hex
	if [[ "${#password}" -eq 64 ]]; then
		if [[ ! "${password}" =~ ^[0-9A-Fa-f]{64}$ ]]; then
			echo "ERROR: Password Wi-Fi tidak valid!"
			exit 1
		fi
	fi
# wpa enterprise
elif [[ "${keamanan}" == "wpa-enterprise" || "${keamanan}" == "wpa2-enterprise" || "${keamanan}" == "wpa/wpa2-enterprise" ]]; then
	# menampilkan alert kalau menggunakan keamanan wpa-enterprise
	if [[ "${keamanan}"  == "wpa-enterprise" ]]; then
		alert_keamanan
	fi

	validasi_autentikasi_wep
	validasi_panjang_kunci_wep
	validasi_password_wpa
	validasi_pmf

	# cek apakah secret radius kosong atau tidak
	if [[ -z "${secret_radius}" ]]; then
		echo "ERROR: Opsi -S wajib diisi kalau menggunakan keamanan '${keamanan}'!"
		exit 1
	fi

	# nilai default untuk ip address radius server
	if [[ -z "${ip_radius}" ]]; then
		ip_radius="127.0.0.1"
	fi

	# nilai default untuk port radius server
	if [[ -z "${port_radius}" ]]; then
		port_radius="1812"
	fi

	# cek apakah ip address radius server valid atau tidak
	if [[ ! "${ip_radius}" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; then
		echo "ERROR: IP RADIUS server tidak valid!"
		exit 1
	fi

	IFS='.' read -r -a oktet <<< "${ip_radius}"

	for o in "${oktet[@]}"; do
		if [[ "${o}" -lt 0 || "${o}" -gt 255 ]]; then
			echo "ERROR: IP RADIUS server tidak valid!"
			exit 1
		fi
	done

	# cek apakah port radius server valid atau tidak
	if [[ ! "${port_radius}" =~ ^[0-9]+$ ]]; then
		echo "ERROR: Port RADIUS server harus berupa angka!"
		exit 1
	fi

	if [[ "${port_radius}" -lt 1 || "${port_radius}" -gt 65535 ]]; then
		echo "ERROR: Port RADIUS server tidak valid!"
		exit 1
	fi
# owe
elif [[ "${keamanan}" == "owe" ]]; then
	# cek apakah hostapd dicompile dengan dukungan owe
	if ! strings "$(which hostapd)" | grep -q "owe_process_assoc_req"; then
		echo "ERROR: hostapd tidak dicompile dengan dukungan '${keamanan}'!"
		exit 1
	fi

	validasi_autentikasi_wep
	validasi_panjang_kunci_wep
	validasi_password_wpa
	validasi_secret_radius
	validasi_pmf
fi

#-------------- Validasi Visibilitas SSID --------------#
#
# nilai default untuk visibilitas ssid
if [[ -z "${visibilitas_ssid}" ]]; then
	visibilitas_ssid="0"
fi

# cek apakah nilai visibilitas ssid valid atau tidak
if [[ "${visibilitas_ssid}" != "0" && "${visibilitas_ssid}" != "1" ]]; then
	echo "ERROR: Visibilitas SSID tidak valid!"
	exit 1
fi

#-------------- Validasi AP Isolation --------------#
#
# nilai default untuk ap isolation
if [[ -z "${ap_isolate}" ]]; then
	ap_isolate="0"
fi

# cek apakah nilai ap isolation valid atau tidak
if [[ "${ap_isolate}" != "0" && "${ap_isolate}" != "1" ]]; then
	echo "ERROR: AP Isolation tidak valid!"
	exit 1
fi

#-------------- Set IP Address --------------#
ip addr flush dev "${interface}"
ip addr add 10.10.10.1/24 dev "${interface}"
ip link set "${interface}" up

#-------------- Internet Sharing --------------#
if [[ -n "${interface_internet}" ]]; then
	echo "INFO: Mengaktifkan internet sharing..."
	echo 1 > /proc/sys/net/ipv4/ip_forward

	# flush rules lama biar ga duplikat
	iptables -t nat -D POSTROUTING -o "${interface_internet}" -j MASQUERADE 2>/dev/null || true
	iptables -D FORWARD -i "${interface}" -o "${interface_internet}" -j ACCEPT 2>/dev/null || true
	iptables -D FORWARD -i "${interface_internet}" -o "${interface}" -m state --state RELATED,ESTABLISHED -j ACCEPT 2>/dev/null || true

	# tambah rules baru
	iptables -t nat -A POSTROUTING -o "${interface_internet}" -j MASQUERADE
	iptables -A FORWARD -i "${interface}" -o "${interface_internet}" -j ACCEPT
	iptables -A FORWARD -i "${interface_internet}" -o "${interface}" -m state --state RELATED,ESTABLISHED -j ACCEPT
fi

#-------------- Buat Config dnsmasq --------------#
# output config dnsmasq
config_dnsmasq=$(mktemp /tmp/dnsmasq_XXXXXXX.conf)
# buat config dnsmasq
cat <<EOF > "${config_dnsmasq}"
interface=${interface}
bind-interfaces
dhcp-authoritative
dhcp-range=10.10.10.2,10.10.10.254,255.255.255.0,12h
dhcp-option=3,10.10.10.1
dhcp-option=6,8.8.8.8,8.8.4.4,1.1.1.1
port=0
EOF

#-------------- Buat Config hostapd --------------#
# output config hostapd
config_hostapd=$(mktemp /tmp/hostapd_XXXXXXX.conf)

# config dasar
config_dasar="# run_ap
# Dibuat oleh: Rofi (Fixploit03)
# GitHub: https://github.com/fixploit03/run_ap

# Kontrol interface (buat hostapd_cli)
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0


# Konfigurasi interface
interface=${interface}
driver=nl80211

# Konfigurasi Wi-Fi
ssid=${ssid}
hw_mode=${mode}
channel=${channel}
country_code=${country_code}
ieee80211d=1"

# config mode wifi
# a = 5 GHz
if [[ "${mode}" == "a" ]]; then
	config_mode="ieee80211ac=1"
# b | g = 2.4 GHz
elif [[ "${mode}" == "b" || "${mode}" == "g" ]]; then
	config_mode="ieee80211n=1"
fi

# Config tambahan
config_tambahan="wmm_enabled=1"

# buat config hostapd
#
# opn
if [[ "${keamanan}" == "opn" ]]; then
	cat <<EOF > "${config_hostapd}"
${config_dasar}
${config_mode}
${config_tambahan}
ignore_broadcast_ssid=${visibilitas_ssid}
ap_isolate=${ap_isolate}

# Konfigurasi keamanan Wi-Fi
auth_algs=1
wpa=0
ieee80211w=${pmf}
EOF

# wep
elif [[ "${keamanan}" == "wep" ]]; then
	cat <<EOF > "${config_hostapd}"
${config_dasar}
ignore_broadcast_ssid=${visibilitas_ssid}
ap_isolate=${ap_isolate}

# Konfigurasi keamanan Wi-Fi
auth_algs=${autentikasi_wep}
wep_key0=${password}
wep_default_key=0
ieee80211w=${pmf}
EOF

# wpa-personal
elif [[ "${keamanan}" == "wpa-personal" ]]; then
	cat <<EOF > "${config_hostapd}"
${config_dasar}
${config_mode}
${config_tambahan}
ignore_broadcast_ssid=${visibilitas_ssid}
ap_isolate=${ap_isolate}

# Konfigurasi keamanan Wi-Fi
auth_algs=1
wpa=1
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
wpa_passphrase=${password}
ieee80211w=${pmf}
EOF

# wpa-enterprise
elif [[ "${keamanan}" == "wpa-enterprise" ]]; then
	cat <<EOF > "${config_hostapd}"
${config_dasar}
${config_mode}
${config_tambahan}
ignore_broadcast_ssid=${visibilitas_ssid}
ap_isolate=${ap_isolate}

# Konfigurasi keamanan Wi-Fi
auth_algs=1
wpa=1
wpa_key_mgmt=WPA-EAP
wpa_pairwise=TKIP
ieee80211w=${pmf}

# Konfigurasi RADIUS
ieee8021x=1
auth_server_addr=${ip_radius}
auth_server_port=${port_radius}
auth_server_shared_secret=${secret_radius}
EOF

# wpa2-personal
elif [[ "${keamanan}" == "wpa2-personal" ]]; then
	cat <<EOF > "${config_hostapd}"
${config_dasar}
${config_mode}
${config_tambahan}
ignore_broadcast_ssid=${visibilitas_ssid}
ap_isolate=${ap_isolate}

# Konfigurasi keamanan Wi-Fi
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
wpa_passphrase=${password}
ieee80211w=${pmf}
EOF

# wpa2-enterprise
elif [[ "${keamanan}" == "wpa2-enterprise" ]]; then
	cat <<EOF > "${config_hostapd}"
${config_dasar}
${config_mode}
${config_tambahan}
ignore_broadcast_ssid=${visibilitas_ssid}
ap_isolate=${ap_isolate}

# Konfigurasi keamanan Wi-Fi
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-EAP
rsn_pairwise=CCMP
ieee80211w=${pmf}

# Konfigurasi RADIUS
ieee8021x=1
auth_server_addr=${ip_radius}
auth_server_port=${port_radius}
auth_server_shared_secret=${secret_radius}
EOF

# wpa/wpa2-personal
elif [[ "${keamanan}" == "wpa/wpa2-personal" ]]; then
	cat <<EOF > "${config_hostapd}"
${config_dasar}
${config_mode}
${config_tambahan}
ignore_broadcast_ssid=${visibilitas_ssid}
ap_isolate=${ap_isolate}

# Konfigurasi keamanan Wi-Fi
auth_algs=1
wpa=3
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
wpa_passphrase=${password}
ieee80211w=${pmf}
EOF

# wpa/wpa2-enterprise
elif [[ "${keamanan}" == "wpa/wpa2-enterprise" ]]; then
	cat <<EOF > "${config_hostapd}"
${config_dasar}
${config_mode}
${config_tambahan}
ignore_broadcast_ssid=${visibilitas_ssid}
ap_isolate=${ap_isolate}

# Konfigurasi keamanan Wi-Fi
auth_algs=1
wpa=3
wpa_key_mgmt=WPA-EAP
wpa_pairwise=TKIP
rsn_pairwise=CCMP
ieee80211w=${pmf}

# Konfigurasi RADIUS
ieee8021x=1
auth_server_addr=${ip_radius}
auth_server_port=${port_radius}
auth_server_shared_secret=${secret_radius}
EOF

# wpa2/wpa3-personal
elif [[ "${keamanan}" == "wpa2/wpa3-personal" ]]; then
	cat <<EOF > "${config_hostapd}"
${config_dasar}
${config_mode}
${config_tambahan}
ignore_broadcast_ssid=${visibilitas_ssid}
ap_isolate=${ap_isolate}

# Konfigurasi keamanan Wi-Fi
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK SAE
rsn_pairwise=CCMP
wpa_passphrase=${password}
sae_password=${password}
sae_pwe=2
ieee80211w=${pmf}
EOF

# wpa3-personal
elif [[ "${keamanan}" == "wpa3-personal" ]]; then
	cat <<EOF > "${config_hostapd}"
${config_dasar}
${config_mode}
${config_tambahan}
ignore_broadcast_ssid=${visibilitas_ssid}
ap_isolate=${ap_isolate}

# Konfigurasi keamanan Wi-Fi
auth_algs=1
wpa=2
wpa_key_mgmt=SAE
rsn_pairwise=CCMP
sae_password=${password}
sae_pwe=2
ieee80211w=${pmf}
EOF

# owe
elif [[ "${keamanan}" == "owe" ]]; then
	cat <<EOF > "${config_hostapd}"
${config_dasar}
${config_mode}
${config_tambahan}
ignore_broadcast_ssid=${visibilitas_ssid}
ap_isolate=${ap_isolate}

# Konfigurasi keamanan Wi-Fi
auth_algs=1
wpa=2
wpa_key_mgmt=OWE
rsn_pairwise=CCMP
ieee80211w=${pmf}
EOF
fi

#-------------- Menjalankan Proses --------------#
# stop networkmanager
if pgrep -x "NetworkManager" &>/dev/null; then
	echo "INFO: Menghentikan NetworkManager..."
	systemctl stop NetworkManager
fi

# stop wpa_supplicant
if pgrep -x "wpa_supplicant" &>/dev/null; then
	echo "INFO: Menghentikan wpa_supplicant..."
	systemctl stop wpa_supplicant
fi

# menjalankan dhcp server (dnsmasq)
echo "INFO: Menjalankan DHCP server..."
if ! dnsmasq -C "${config_dnsmasq}"; then
	echo "ERROR: Gagal menjalankan DHCP server!"
	clean_up
fi

# kasih napas buat dnsmasq
sleep 0.5

# menjalankan access point (hostapd)
echo "INFO: Menjalankan Access Point..."
echo "INFO: Tekan [CTRL+C] untuk menghentikannya."
if ! hostapd "${config_hostapd}"; then
	echo "ERROR: Gagal menjalankan Access Point!"
	clean_up
fi