Hidden essid causes a crash in screen.py

[wszacowny]

Hello,

During network scanning, I had a systematic crash in screen.py:

Exception in thread Verbose Sniffer:
Traceback (most recent call last):
File "/usr/lib/python2.7/threading.py", line 801, in __bootstrap_inner                                                                                
self.run()
File "/usr/lib/python2.7/threading.py", line 754, in run
self.__target(*self.__args, **self.__kwargs)
File "/home/WiFiBroot/screen.py", line 82, in Shifter
self.screen.addstr(1, 0, "\n"+tabulate(tabulator__, headers=__HEADERS)+"\n")
TypeError: int,int,str

Some of my AP do not boardcast their ESSID and I think it caused this issue.

I edited the code to add a basic print in screen.Shifter function:

for ap in self.__WiFiAP:
	if self.verbose:
		tabulator__.append([ap['count'], ap['essid'], ap['pwr'], ap['auth'], ap['cipher'], \
				ap['psk'], ap['channel'], ap['bssid'].upper(), ap['vendor'], ap['clients']])
	else:
		tabulator__.append([ap['count'], ap['essid'], ap['pwr'], ap['auth'], ap['cipher'], \
				ap['psk'], ap['channel'], ap['bssid'].upper()])
print(tabulator__)
self.screen.addstr(0, 0, "[%s] Channel [%s] Time Elapsed [%d] Networks Found"\
						% (self.cch(iface_instance.cch), self.c_time(), len(tabulator__)))
self.screen.addstr(1, 0, "\n"+tabulate(tabulator__, headers=__HEADERS)+"\n")
self.screen.refresh()

Here the last 2 prints just before TypeError:

[[1, u'NETGEAR', -24, u'WPA2', u'CCMP', u'PSK', u'9', u'3C:37:86:97:XX:XX', u'unknown', 0], [2, u'land', -61, u'WPA', u'TKIP', u'PSK', u'6', u'44:CE:7D:7A:XX:XX', u'unknown', 2], [3, u'WiFi FON', -78, u'OPEN', u'', u'', u'1', u'BA:7E:CB:64:XX:XX', u'unknown', 0], [4, u'WiFi Mobile', -79, u'WPA2', u'CCMP', u'MGT', u'1', u'BA:7E:CB:64:XX:XX', u'unknown', 0], [5, u'7F70', -80, u'WPA', u'TKIP', u'PSK', u'1', u'30:7E:CB:64:XX:XX', u'unknown', 0], [6, u'SFR_80A0', -84, u'WPA2/WPA', u'TKIP', u'PSK', u'11', u'E0:A1:D7:45:XX:XX', u'unknown', 0], [7, u'WiFi FON', -84, u'OPEN', u'', u'', u'11', u'D2:A1:D7:45:XX:XX', u'unknown', 0], [8, u'WiFi Mobile', -84, u'WPA2', u'CCMP', u'MGT', u'11', u'D2:A1:D7:45:XX:XX', u'unknown', 0]]
[[1, u'NETGEAR', -24, u'WPA2', u'CCMP', u'PSK', u'9', u'3C:37:86:97:XX:XX', u'unknown', 0], [2, u'land', -61, u'WPA', u'TKIP', u'PSK', u'6', u'44:CE:7D:7A:XX:XX', u'unknown', 2], [3, u'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', -64, u'WPA2', u'CCMP', u'PSK', u'6', u'FE:65:DE:B6:XX:XX', u'unknown', 0], [4, u'WiFi FON', -78, u'OPEN', u'', u'', u'1', u'BA:7E:CB:64:XX:XX', u'unknown', 0], [5, u'WiFi Mobile', -79, u'WPA2', u'CCMP', u'MGT', u'1', u'BA:7E:CB:64:XX:XX', u'unknown', 0], [6, u'7F70', -80, u'WPA', u'TKIP', u'PSK', u'1', u'30:7E:CB:64:XX:XX', u'unknown', 0], [7, u'SFR_80A0', -84, u'WPA2/WPA', u'TKIP', u'PSK', u'11', u'E0:A1:D7:45:XX:XX', u'SFR', 0], [8, u'WiFi FON', -84, u'OPEN', u'', u'', u'11', u'D2:A1:D7:45:XX:XX', u'unknown', 0], [9, u'WiFi Mobile', -84, u'WPA2', u'CCMP', u'MGT', u'11', u'D2:A1:D7:45:XX:XX', u'unknown', 0]]

Noticed the apparition of this value in the last iteration:
u'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'

I just added a condition to grep this string in ap['essid'] and set it to ' ', everything worked fine after that.

[hash3liZer]

I've checked and this seems to be a bug within WiFiBroot when layers are dissected. Will fix it up and update

[hash3liZer]

@wszacowny Can you make a pull request or show me the code you modified?

[wszacowny]

I assumed that ESSID lenght cannot exceed 32 characters, so I just added one line here :

for ap in self.__WiFiAP:
	ap['essid'] = ' ' if len(ap['essid']) > 32 else ap['essid']
	if self.verbose:
		tabulator__.append([ap['count'], ap['essid'], ap['pwr'], ap['auth'], ap['cipher'], \
				ap['psk'], ap['channel'], ap['bssid'].upper(), ap['vendor'], ap['clients']])
	else:
		tabulator__.append([ap['count'], ap['essid'], ap['pwr'], ap['auth'], ap['cipher'], \
				ap['psk'], ap['channel'], ap['bssid'].upper()])

Probably not perfect but it fixed my case.

[mirfansulaiman]

I assumed that ESSID lenght cannot exceed 32 characters, so I just added one line here :

for ap in self.__WiFiAP:
	ap['essid'] = ' ' if len(ap['essid']) > 32 else ap['essid']
	if self.verbose:
		tabulator__.append([ap['count'], ap['essid'], ap['pwr'], ap['auth'], ap['cipher'], \
				ap['psk'], ap['channel'], ap['bssid'].upper(), ap['vendor'], ap['clients']])
	else:
		tabulator__.append([ap['count'], ap['essid'], ap['pwr'], ap['auth'], ap['cipher'], \
				ap['psk'], ap['channel'], ap['bssid'].upper()])

Probably not perfect but it fixed my case.

I can't use that, still an error.

But I have a workaround to fix that, we can strip value \x00 from ap['essid']

ap['essid'] = ap['essid'].rstrip('\x00')

And it's work for me as well. Tested on Backbox Linux (Ubuntu 18)

for ap in self.__WiFiAP:
				ap['essid'] = ap['essid'].rstrip('\x00')
				if self.verbose:
			 		tabulator__.append([ap['count'], ap['essid'], ap['pwr'], ap['auth'], ap['cipher'], \
			 				ap['psk'], ap['channel'], ap['bssid'].upper(), ap['vendor'], ap['clients']])
			 	else:
			 		tabulator__.append([ap['count'], ap['essid'], ap['pwr'], ap['auth'], ap['cipher'], \
			 				ap['psk'], ap['channel'], ap['bssid'].upper()])

That ESSID has indicated as Hidden ESSID.

[hash3liZer]

Hi, thanks for the workaround. Can you open pull request for this? I would not be able to look at this for atleast a month.

[hash3liZer]

@mirfansulaiman

[mirfansulaiman]

Hi, thanks for the workaround. Can you open pull request for this? I would not be able to look at this for atleast a month.

Sure :)

[hash3liZer]

@mirfansulaiman Thanks. Closing it now and putting it in solved.