From 845501b351fca4c16b7a460b857c28b73302ee10 Mon Sep 17 00:00:00 2001 From: t6x Date: Thu, 4 Jun 2015 14:06:40 -0300 Subject: [PATCH] Bug fixes Makefile Cflag, parallel fix Fix some compiler warnings Fix drop faulty Wpsmon use less spcae in output Fix wash probe request --- README.md | 2 +- src/Makefile.in | 24 +++++++++---------- src/cracker.c | 53 +++++++++++++++++++++++++++++++++++++---- src/session.c | 7 ++++++ src/utils/common.c | 39 ++++++++++++++++++++++++++---- src/utils/common.h | 2 +- src/wps/Makefile | 20 ++++++++-------- src/wps/wps_dev_attr.c | 6 ++--- src/wps/wps_enrollee.c | 2 +- src/wps/wps_registrar.c | 2 ++ src/wpsmon.c | 17 ++++++++----- 11 files changed, 130 insertions(+), 44 deletions(-) diff --git a/README.md b/README.md index 5a605a2..2df6af2 100644 --- a/README.md +++ b/README.md @@ -129,7 +129,7 @@ #Contribution - Modifications made by t6_x, DataHead, Soxrok2212 + Modifications made by t6_x, DataHead, Soxrok2212, Wiire Some ideas made by nuroo, kcdtv diff --git a/src/Makefile.in b/src/Makefile.in index c0ca978..76ec142 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -16,22 +16,22 @@ reaver: wps libiw libwps.o argsparser.o globule.o init.o sigint.o sigalrm.o misc $(CC) $(CFLAGS) $(INC) wpscrack.c *.o $(LDFLAGS) -o reaver libwps.o: - (cd $(LIBWPS_DIR) && make) + (cd $(LIBWPS_DIR) && $(MAKE)) wps: libutils libcrypto - (cd wps && make) + (cd wps && $(MAKE)) libutils: - (cd utils && make) + (cd utils && $(MAKE)) libcrypto: libtls - (cd crypto && make) + (cd crypto && $(MAKE)) libtls: - (cd tls && make) + (cd tls && $(MAKE)) libiw: - (cd lwe && make BUILD_STATIC=y libiw.a) + (cd lwe && $(MAKE) BUILD_STATIC=y libiw.a) init.o: $(CC) $(CFLAGS) init.c -c @@ -93,12 +93,12 @@ install: cleanbin clean: rm -f *~ *.o reaver wash rm -rf *.cache config.status config.log - (cd utils && make clean) - (cd tls && make clean) - (cd crypto && make clean) - (cd wps && make clean) - (cd lwe && make realclean) - (cd $(LIBWPS_DIR) && make clean) + (cd utils && $(MAKE) clean) + (cd tls && $(MAKE) clean) + (cd crypto && $(MAKE) clean) + (cd wps && $(MAKE) clean) + (cd lwe && $(MAKE) realclean) + (cd $(LIBWPS_DIR) && $(MAKE) clean) rm -f Makefile config.h cleanbin: diff --git a/src/cracker.c b/src/cracker.c index 46e71a4..b3a8322 100644 --- a/src/cracker.c +++ b/src/cracker.c @@ -315,7 +315,52 @@ int get_pin_count() return pin_count; } -/* Displays the status and rate of cracking */ +char *get_max_time_remaining(int average, int attempts_remaining) +{ + char *max_time, hours[8], minutes[3], seconds[3]; + int max_hours = 0, max_minutes = 0, max_seconds = 0; + + max_time = malloc(16); + + if(!max_time) + exit(-1); + + if(average) + { + max_seconds = attempts_remaining * average; + if(max_seconds > 60) + { + max_minutes = max_seconds / 60; + max_seconds -= max_minutes * 60; + } + if(max_minutes > 60) + { + max_hours = max_minutes / 60; + max_minutes -= max_hours * 60; + } + + if(max_seconds < 0 || max_minutes < 0 || max_hours < 0) + { + free(max_time); + return NULL; + } + + sprintf(hours, "%d", max_hours); + sprintf(minutes, "%s%d", max_minutes > 9 ? "" : "0", max_minutes); + sprintf(seconds, "%s%d", max_seconds > 9 ? "" : "0", max_seconds); + + sprintf(max_time, "%s:%s:%s", hours, minutes, seconds); + } + else + { + free(max_time); + return NULL; + } + + return max_time; +} + +//Displays the status and rate of cracking void display_status(time_t start_time) { float percentage = 0; @@ -327,10 +372,8 @@ void display_status(time_t start_time) { attempts = get_p1_index() + get_p2_index(); } - /* - * If we've found the first half of the key, then the entire key1 keyspace - * has been exhausted/eliminated. Our output should reflect that. - */ + // If we've found the first half of the key, then the entire key1 keyspace + // has been exhausted/eliminated. Our output should reflect that. else if(get_key_status() == KEY2_WIP) { attempts = P1_SIZE + get_p2_index(); diff --git a/src/session.c b/src/session.c index 239af19..7127952 100644 --- a/src/session.c +++ b/src/session.c @@ -63,6 +63,7 @@ int restore_session() bssid = mac2str(get_bssid(), '\0'); snprintf(file, FILENAME_MAX, "%s/%s.%s", CONF_DIR, bssid, CONF_EXT); + //snprintf(file, FILENAME_MAX, "%s.%s", bssid, CONF_EXT); free(bssid); } @@ -199,6 +200,7 @@ int save_session() * If the configuration directory exists, save the session file there; else, save it to the * current working directory. */ + if(configuration_directory_exists()) { snprintf((char *) &file_name, FILENAME_MAX, "%s/%s.%s", CONF_DIR, bssid, CONF_EXT); @@ -207,6 +209,11 @@ int save_session() { snprintf((char *) &file_name, FILENAME_MAX, "%s.%s", bssid, CONF_EXT); } + + + + /* save session to the current directory - OpenWRT*/ + //snprintf((char *) &file_name, FILENAME_MAX, "%s.%s", bssid, CONF_EXT); } /* Don't bother saving anything if nothing has been done */ diff --git a/src/utils/common.c b/src/utils/common.c index a06355f..b5812ad 100755 --- a/src/utils/common.c +++ b/src/utils/common.c @@ -543,14 +543,11 @@ Tactical Network Solutions http://www.devttys0.com/2014/10/reversing-d-links-wps-pin-algorithm/ */ -int pingen_dlink(char *mac, char *serial, int len_serial, int add) +int pingen_dlink(char *mac, int add) { - int mac_len=0, serial_len=0, nic=0, pin=0; + int nic=0, pin=0; char buff[10]; - mac_len = strlen(mac); - serial_len = len_serial; - nic = hexToInt(strncpy(buff, mac+6, sizeof(buff))); nic = nic + add; @@ -570,3 +567,35 @@ int pingen_dlink(char *mac, char *serial, int len_serial, int add) return (pin * 10) + wps_checksum(pin); } + +//Zhaochunsheng algorithm/ +//mac to decimal by kib0rg +int pingen_zhaochunsheng(char *mac, int add) +{ + int default_pin=0, pin=0, i=0, pin_len = 9; + //char *bssid = mac2str(get_bssid(), ':'); + char *bssid_copy = (char *)malloc(strlen(mac) + 1); + char *bssid_parts, temp[7] = { 0 }; + + strcpy(bssid_copy, mac); + bssid_parts = strtok(bssid_copy, ":"); + + while(bssid_parts) + { + if(i > 2) + { + strcat(temp, bssid_parts); + } + + bssid_parts = strtok(NULL, ":"); + ++i; + } + + temp[6] = '\0'; + sscanf(temp, "%x", &default_pin); + default_pin = default_pin % 10000000; + + snprintf(pin, pin_len, "%08d", (default_pin * 10) + wps_checksum(default_pin)); + + return pin; +} diff --git a/src/utils/common.h b/src/utils/common.h index 0cc5431..a9faea4 100755 --- a/src/utils/common.h +++ b/src/utils/common.h @@ -445,7 +445,7 @@ int wpa_snprintf_hex_uppercase(char *buf, size_t buf_size, const u8 *data, size_t len); int pingen_belkin(char *mac, char *serial, int len_serial, int add); -int pingen_dlink(char *mac, char *serial, int len_serial, int add); +int pingen_dlink(char *mac, int add); #ifdef CONFIG_NATIVE_WINDOWS void wpa_unicode2ascii_inplace(TCHAR *str); diff --git a/src/wps/Makefile b/src/wps/Makefile index c3101a2..adcae4d 100755 --- a/src/wps/Makefile +++ b/src/wps/Makefile @@ -1,34 +1,34 @@ -CC=gcc +CC?=gcc INC=-I../utils -I ../ all: wps_attr_build.o wps_attr_parse.o wps_attr_process.o wps.o wps_common.o wps_dev_attr.o wps_enrollee.o wps_registrar.o wps_ufd.o wps_attr_build.o: - $(CC) $(INC) wps_attr_build.c -c + $(CC) $(CFLAGS) $(INC) wps_attr_build.c -c wps_attr_parse.o: - $(CC) $(INC) wps_attr_parse.c -c + $(CC) $(CFLAGS) $(INC) wps_attr_parse.c -c wps_attr_process.o: - $(CC) $(INC) wps_attr_process.c -c + $(CC) $(CFLAGS) $(INC) wps_attr_process.c -c wps.o: - $(CC) $(INC) wps.c -c + $(CC) $(CFLAGS) $(INC) wps.c -c wps_common.o: - $(CC) $(INC) wps_common.c -c + $(CC) $(CFLAGS) $(INC) wps_common.c -c wps_dev_attr.o: - $(CC) $(INC) wps_dev_attr.c -c + $(CC) $(CFLAGS) $(INC) wps_dev_attr.c -c wps_enrollee.o: - $(CC) $(INC) wps_enrollee.c -c + $(CC) $(CFLAGS) $(INC) wps_enrollee.c -c wps_registrar.o: - $(CC) $(INC) wps_registrar.c -c + $(CC) $(CFLAGS) $(INC) wps_registrar.c -c wps_ufd.o: - $(CC) $(INC) wps_ufd.c -c + $(CC) $(CFLAGS) $(INC) wps_ufd.c -c clean: rm -f *.o diff --git a/src/wps/wps_dev_attr.c b/src/wps/wps_dev_attr.c index c054921..ef0ec18 100644 --- a/src/wps/wps_dev_attr.c +++ b/src/wps/wps_dev_attr.c @@ -316,9 +316,9 @@ static int wps_process_serial_number(struct wps_device_data *dev, if(globule->op_gen_pin == 2) { printf("[Pin Gen] D-Link Default Pin Generator by devttys0 team\n"); - printf("[Pin Gen] Pin Generated : %08d\n",pingen_dlink(mac2str(get_bssid(),'\0'), str, str_len, 0)); - printf("[Pin Gen] Pin Generated (+1): %08d\n",pingen_dlink(mac2str(get_bssid(),'\0'), str, str_len, 1)); - printf("[Pin Gen] Pin Generated (-1): %08d\n\n",pingen_dlink(mac2str(get_bssid(),'\0'), str, str_len, -1)); + printf("[Pin Gen] Pin Generated : %08d\n",pingen_dlink(mac2str(get_bssid(),'\0'), 0)); + printf("[Pin Gen] Pin Generated (+1): %08d\n",pingen_dlink(mac2str(get_bssid(),'\0'), 1)); + printf("[Pin Gen] Pin Generated (-1): %08d\n\n",pingen_dlink(mac2str(get_bssid(),'\0'), -1)); exit(0); } diff --git a/src/wps/wps_enrollee.c b/src/wps/wps_enrollee.c index 19476af..33424ee 100755 --- a/src/wps/wps_enrollee.c +++ b/src/wps/wps_enrollee.c @@ -514,7 +514,7 @@ static int wps_process_uuid_r(struct wps_data *wps, const u8 *uuid_r) static int wps_process_pubkey(struct wps_data *wps, const u8 *pk, size_t pk_len) { -printf("--------------------------------------------------------------------------------------"); + if (pk == NULL || pk_len == 0) { wpa_printf(MSG_DEBUG, "WPS: No Public Key received"); return -1; diff --git a/src/wps/wps_registrar.c b/src/wps/wps_registrar.c index 0dc6208..7c0764a 100644 --- a/src/wps/wps_registrar.c +++ b/src/wps/wps_registrar.c @@ -1818,6 +1818,8 @@ static int wps_process_e_hash2(struct wps_data *wps, const u8 *e_hash2) os_memcpy(wps->peer_hash2, e_hash2, WPS_HASH_LEN); wpa_hexdump(MSG_DEBUG, "WPS: E-Hash2", wps->peer_hash2, WPS_HASH_LEN); + //get_debug() = 4(-vvv), use this to verbose all pixie msg + /****** ADD THIS PART ******/ memset(pixie_ehash2,0,sizeof(pixie_ehash2)); printf("[P] E-Hash2: "); diff --git a/src/wpsmon.c b/src/wpsmon.c index 46920f8..911c29e 100644 --- a/src/wpsmon.c +++ b/src/wpsmon.c @@ -285,8 +285,8 @@ void monitor(char *bssid, int passive, int source, int channel, int mode) { if (o_file_p == 0) { - cprintf(INFO, "BSSID Channel RSSI WPS Version WPS Locked ESSID\n"); - cprintf(INFO, "---------------------------------------------------------------------------------------------------------------\n"); + cprintf(INFO, "BSSID Channel RSSI WPS Version WPS Locked ESSID\n"); + cprintf(INFO, "--------------------------------------------------------------------------------------\n"); header_printed = 1; } @@ -324,6 +324,7 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char * } rt_header = (struct radio_tap_header *) radio_header(packet, header->len); + frame_header = (struct dot11_frame_header *) (packet + rt_header->len); /* If a specific BSSID was specified, only parse packets from that BSSID */ @@ -351,6 +352,10 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char * change_channel(channel); channel_changed = 1; } + + + + if(frame_header->fc.sub_type == PROBE_RESPONSE || frame_header->fc.sub_type == SUBTYPE_BEACON) @@ -360,7 +365,7 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char * if(!is_done(bssid) && (get_channel() == channel || source == PCAP_FILE)) { - if(frame_header->fc.sub_type == SUBTYPE_BEACON && + if(frame_header->fc.sub_type == SUBTYPE_BEACON && mode == SCAN && !passive && should_probe(bssid)) @@ -485,7 +490,7 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char * if (o_file_p == 0) { - cprintf(INFO, "%17s %2d %.2d %d.%d %s %s\n", bssid, channel, rssi, (wps->version >> 4), (wps->version & 0x0F), lock_display, ssid); + cprintf(INFO, "%17s %2d %.2d %d.%d %s %s\n", bssid, channel, rssi, (wps->version >> 4), (wps->version & 0x0F), lock_display, ssid); } else { @@ -507,7 +512,7 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char * update_probe_count(bssid); } - /* + /* * If there was no WPS information, then the AP does not support WPS and we should ignore it from here on. * If this was a probe response, then we've gotten all WPS info we can get from this AP and should ignore it from here on. */ @@ -573,7 +578,7 @@ void usage(char *prog) fprintf(stderr, "\t-5, --5ghz Use 5GHz 802.11 channels\n"); fprintf(stderr, "\t-s, --scan Use scan mode\n"); fprintf(stderr, "\t-u, --survey Use survey mode [default]\n"); - fprintf(stderr, "\t-P, --output-piped Allows Wash output to be piped. Example. wash x|y|z...\n"); + fprintf(stderr, "\t-P, --output-piped Allows Wash output to be piped. Example. wash x|y|z...\n"); fprintf(stderr, "\t-g, --get-chipset Pipes output and runs reaver alongside to get chipset\n"); fprintf(stderr, "\t-h, --help Show help\n");