suggestion made by kcdtv, -g option in wash

README.md

@@ -26,7 +26,8 @@
 
 	sudo make install
 
-#Usage
+#Usage Reaver
+
 	Reaver v1.5.1 WiFi Protected Setup Attack Tool
 	Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
 	mod by t6_x <t6_x@hotmail.com>
@@ -72,24 +73,58 @@
 			-X, --exhaustive                Set exhaustive mode from the beginning of the session [False]
 			-1, --p1-index                  Set initial array index for the first half of the pin [False]
 			-2, --p2-index                  Set initial array index for the second half of the pin [False]
-			-P, --pixiepust-loop            Set Into PixieLoop mode ( doesnt send M4, and loops through to M3 [False]
+			-P, --pixiedust-loop            Set Into PixieLoop mode ( doesnt send M4, and loops through to M3 [False]
 
 	Example:
 			reaver -i mon0 -b 00:90:4C:C1:AC:21 -vv -K 1
-        
-        
-
+			
 #Option (K)
+
 	The -K option 1 run pixiewps without PKR and the hash1 = hash2 = 0
 	The -K option 2 runs pixiewps without PKR and the hash1 = hash2 = 0 but using the -n option of pixiewps (E-Once)
-	The -K option 3 runs pixiewps with PKR and the hash1 = hash2 = e-once
+	The -K option 3 runs pixiewps with PKR and the hash1 = hash2 = e-once	
+
+	**Use the reaver with the option -S when you take your test without the PKR	
 
-	**Use the reaver with the option -S when you take your test without the pkr
 
+#Usage Wash
 
+	Wash v1.5.1 WiFi Protected Setup Scan Tool
+	Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
+	mod by t6_x <t6_x@hotmail.com>
+	mod by DataHead
+
+	Required Arguments:
+			-i, --interface=<iface>              Interface to capture packets on
+			-f, --file [FILE1 FILE2 FILE3 ...]   Read packets from capture files
+
+	Optional Arguments:
+			-c, --channel=<num>                  Channel to listen on [auto]
+			-o, --out-file=<file>                Write data to file
+			-n, --probes=<num>                   Maximum number of probes to send to each AP in scan mode [15]
+			-D, --daemonize                      Daemonize wash
+			-C, --ignore-fcs                     Ignore frame checksum errors
+			-5, --5ghz                           Use 5GHz 802.11 channels
+			-s, --scan                           Use scan mode
+			-u, --survey                         Use survey mode [default]
+			-P, --file-output-piped              Output Piped x|y|z...
+			-g, --get-chipset                    Output Piped and tries to read the chipset with reaver
+			-h, --help                           Show help
+
+	Example:
+			wash -i mon0
+			
+			
+#Option (g)
+		The option -g of wash, automatically runs the reaver to receive the chipset data. 
+		If the AP does not respond to them quickly, this option will be slow to display the data,
+		because the reaver will stay running until getting the data or until you reach your timeout limit (30 secs)		
+
+
 
 #Contribution
 	Modifications made by t6_x
 	Modifications made by DataHead
 
 	Some ideas made by nooro
+	Some ideas made by kcdtv

src/argsparser.c

@@ -41,8 +41,9 @@ int process_arguments(int argc, char **argv)
     int long_opt_index = 0;
     char bssid[MAC_ADDR_LEN] = { 0 };
     char mac[MAC_ADDR_LEN] = { 0 };
-    char *short_options = "K:b:e:m:i:t:d:c:T:x:r:g:l:o:p:s:C:1:2:ZaA5ELfnqvDShwXNP";
+    char *short_options = "K:b:e:m:i:t:d:c:T:x:r:g:l:o:p:s:C:1:2:ZaA5ELfnqvDShwXNP0";
     struct option long_options[] = {
+		{ "stop-in-m1", no_argument, NULL, '0' },
         { "pixie-dust", required_argument, NULL, 'K' },
         { "no-auto-pass", no_argument, NULL, 'Z' },
         { "interface", required_argument, NULL, 'i' },
@@ -89,6 +90,10 @@ int process_arguments(int argc, char **argv)
     {
         switch(c)
         {
+			case '0':
+                //set valor para auto get pass
+                set_stop_in_m1(1);
+                break;
             case 'Z':
                 //set valor para auto get pass
                 set_op_autopass(0);
@@ -236,6 +241,7 @@ void init_default_settings(void)
     set_op_pixie(0);
     set_op_autopass(1);
     set_pixie_loop(0);
+	set_stop_in_m1(0);
 }
 
 /* Parses the recurring delay optarg */

src/globule.c

@@ -611,6 +611,11 @@ void set_op_autopass(int index)
     globule->op_autopass = index;
 }
 
+void set_stop_in_m1(int index)
+{
+    globule->stop_in_m1 = index;
+}
+
 void set_cmd_reaver_test(char *string)
 {
 /*

src/globule.h

@@ -145,6 +145,7 @@ struct globals
     int op_pixie;					/*make pixiewps*/	
     char cmd_reaver_test[4000];		/*auto reaver with pin */
     int op_autopass;				/*auto reaver with pin*/
+	int stop_in_m1;
 
 } *globule;
 

src/wps/wps_dev_attr.c

@@ -12,6 +12,8 @@
  * See README and COPYING for more details.
  */
 
+ #include "globule.h"
+
 #include "includes.h"
 
 #include "common.h"
@@ -245,6 +247,12 @@ static int wps_process_model_number(struct wps_device_data *dev, const u8 *str,
     }
     printf("\n");
     /******/
+
+	if(globule->stop_in_m1 == 1)
+	{
+		//exit reaver, need this to get manufac and model for the wash option
+		exit(0);
+	}
 
     os_free(dev->model_number);
     dev->model_number = os_malloc(str_len + 1);

src/wps/wps_registrar.c

@@ -1842,6 +1842,8 @@ static int wps_process_e_hash2(struct wps_data *wps, const u8 *e_hash2)
     {
 
         FILE *fpixe;
+
+		//printf(" -- cmd pixie : %s",cmd_pixie);
 
         if ((fpixe = popen(cmd_pixie, "r")) == NULL) {
             printf("Error opening pipe!\n");
@@ -1994,7 +1996,7 @@ static int wps_process_e_snonce1(struct wps_data *wps, const u8 *e_snonce1)
     addr[3] = wpabuf_head(wps->dh_pubkey_r);
     len[3] = wpabuf_len(wps->dh_pubkey_r);
     hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
-
+	
     if (os_memcmp(wps->peer_hash1, hash, WPS_HASH_LEN) != 0) {
         wpa_printf(MSG_DEBUG, "WPS: E-Hash1 derived from E-S1 does "
                 "not match with the pre-committed value");

src/wpscrack.c

@@ -194,7 +194,7 @@ int usage(char *prog_name)
     fprintf(stderr, "\t-X, --exhaustive                Set exhaustive mode from the beginning of the session [False]\n");
     fprintf(stderr, "\t-1, --p1-index                  Set initial array index for the first half of the pin [False]\n");
     fprintf(stderr, "\t-2, --p2-index                  Set initial array index for the second half of the pin [False]\n");
-    fprintf(stderr, "\t-P, --pixiepust-loop            Set Into PixieLoop mode ( doesnt send M4, and loops through to M3 [False]\n");
+    fprintf(stderr, "\t-P, --pixiedust-loop            Set Into PixieLoop mode ( doesnt send M4, and loops through to M3 [False]\n");
 
     fprintf(stderr, "\nExample:\n\t%s -i mon0 -b 00:90:4C:C1:AC:21 -vv -K 1\n\n", prog_name);
 

src/wpsmon.c

@@ -34,6 +34,10 @@
 #include "wpsmon.h"
 
 int o_file_p = 0;
+int get_chipset_output = 0;
+int c_fix = 0;
+char info_manufac[1000];
+char info_modelnum[1000];
 
 int main(int argc, char *argv[])
 {
@@ -43,8 +47,9 @@ int main(int argc, char *argv[])
     int source = INTERFACE, ret_val = EXIT_FAILURE;
     struct bpf_program bpf = { 0 };
     char *out_file = NULL, *last_optarg = NULL, *target = NULL, *bssid = NULL;
-    char *short_options = "i:c:n:o:b:5sfuCDhP";
+    char *short_options = "i:c:n:o:b:5sfuCDhPg";
     struct option long_options[] = {
+		{ "get-chipset", no_argument, NULL, 'g' },
 	{ "file-output-piped", no_argument, NULL, 'P' },
         { "bssid", required_argument, NULL, 'b' },
         { "interface", required_argument, NULL, 'i' },
@@ -75,6 +80,10 @@ int main(int argc, char *argv[])
     {
         switch(c)
         {
+			case 'g':
+                get_chipset_output = 1;
+				o_file_p = 1;
+                break;
 			case 'P':
                 o_file_p = 1;
                 break;
@@ -90,6 +99,7 @@ int main(int argc, char *argv[])
             case 'c':
                 channel = atoi(optarg);
                 set_fixed_channel(1);
+				c_fix = 1;
                 break;
             case '5':
                 set_wifi_band(AN_BAND);
@@ -374,13 +384,108 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *
                             break;
                     }
 
+					//ideas made by kcdtv
+
+					if(get_chipset_output == 1)
+					//if(1)
+					{
+						if (c_fix == 0)
+						{
+							//no use a fixed channel
+							cprintf(INFO,"This option needs a fixed channel (-c option)\n");
+							exit(0);
+						}
+
+						FILE *fgchipset=NULL;
+						char cmd_chipset[4000];
+						char cmd_chipset_buf[4000];
+						char buffint[5];
+
+						char *aux_cmd_chipset=NULL;
+
+
+
+						memset(cmd_chipset, 0, sizeof(cmd_chipset));
+						memset(cmd_chipset_buf, 0, sizeof(cmd_chipset_buf));
+						memset(info_manufac, 0, sizeof(info_manufac));
+						memset(info_modelnum, 0, sizeof(info_modelnum));
+
+
+
+						strcat(cmd_chipset,"reaver -0 -s y -vv -i "); //need option to stop reaver in m1 stage
+						strcat(cmd_chipset,get_iface());
+
+						strcat(cmd_chipset, " -b ");
+						strcat(cmd_chipset, mac2str(get_bssid(),':'));
+
+						strcat(cmd_chipset," -c ");
+						snprintf(buffint, sizeof(buffint), "%d",channel);
+						strcat(cmd_chipset, buffint);
+
+						//cprintf(INFO,"\n%s\n",cmd_chipset);
+
+						if ((fgchipset = popen(cmd_chipset, "r")) == NULL) {
+							printf("Error opening pipe!\n");
+							//return -1;
+						}
+
+
+
+						while (fgets(cmd_chipset_buf, 4000, fgchipset) != NULL) 
+						{
+							//[P] WPS Manufacturer: xxx
+							//[P] WPS Model Number: yyy
+							//cprintf(INFO,"\n%s\n",cmd_chipset_buf);
+
+							aux_cmd_chipset = strstr(cmd_chipset_buf,"[P] WPS Manufacturer:");
+							if(aux_cmd_chipset != NULL)
+							{
+								//md_chipset_buf
+								strncpy(info_manufac, aux_cmd_chipset+21, sizeof(cmd_chipset_buf));
+							}
+
+							aux_cmd_chipset = strstr(cmd_chipset_buf,"[P] WPS Model Number:");
+							if(aux_cmd_chipset != NULL)
+							{
+								strncpy(info_modelnum, aux_cmd_chipset+21, sizeof(cmd_chipset_buf));
+
+							}
+
+
+
+
+						}
+
+						//cprintf(INFO,"\n%s\n",info_manufac);
+						info_manufac[strcspn ( info_manufac, "\n" )] = '\0';
+						info_modelnum[strcspn ( info_modelnum, "\n" )] = '\0';
+
+						if(pclose(fgchipset))  {
+						//printf("Command not found or exited with error status\n");
+						//return -1;
+						}
+
+
+
+					}
+
+
 					if (o_file_p == 0)
 					{
 						cprintf(INFO, "%17s      %2d            %.2d        %d.%d               %s               %s\n", bssid, channel, rssi, (wps->version >> 4), (wps->version & 0x0F), lock_display, ssid);
 					}
 					else
 					{
-						cprintf(INFO, "%17s|%2d|%.2d|%d.%d|%s|%s\n", bssid, channel, rssi, (wps->version >> 4), (wps->version & 0x0F), lock_display, ssid);
+						if(get_chipset_output == 1)
+						{
+							cprintf(INFO, "%17s|%2d|%.2d|%d.%d|%s|%s|%s|%s\n", bssid, channel, rssi, (wps->version >> 4), (wps->version & 0x0F), lock_display, ssid,info_manufac,info_modelnum);
+
+						}else
+						{
+							cprintf(INFO, "%17s|%2d|%.2d|%d.%d|%s|%s\n", bssid, channel, rssi, (wps->version >> 4), (wps->version & 0x0F), lock_display, ssid);
+
+						}
+
 					}
                 }
 
@@ -455,7 +560,8 @@ void usage(char *prog)
     fprintf(stderr, "\t-5, --5ghz                           Use 5GHz 802.11 channels\n");
     fprintf(stderr, "\t-s, --scan                           Use scan mode\n");
     fprintf(stderr, "\t-u, --survey                         Use survey mode [default]\n");
-    fprintf(stderr, "\t-P, --file-output-piped              Output Piped (x|y|z)");
+    fprintf(stderr, "\t-P, --file-output-piped              Output Piped x|y|z...\n");
+	fprintf(stderr, "\t-g, --get-chipset                    Output Piped and tries to read the chipset with reaver\n");
     fprintf(stderr, "\t-h, --help                           Show help\n");
 
     fprintf(stderr, "\nExample:\n");