Backup_Repos/pentoo-overlay
1
0
Fork 0
mirror of https://github.com/pentoo/pentoo-overlay synced 2026-05-05 19:11:57 +02:00
Code Issues Projects Releases Wiki Activity

reaver-wps-fork-t6x: fork of fork of reaver

Browse source
This commit is contained in:
Anton Bolshakov 2015-05-17 08:21:04 +00:00
parent 99b2bdb78f
commit 07d3270bfd
8 changed files with 935 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
net-wireless/reaver-wps-fork-t6x/Manifest Normal file
View file

@ -0,0 +1,7 @@
AUX 0001-wpscrack-big-endian-fixes.patch 21117 SHA256 dd44a966424a5c207db5658374ce68232a7a3cacdcce90772f7c610c441c7d26 SHA512 e6de886ba2f63cee8fd9324c512e5060164fe5eef35633b105ccb5aea11bbf1f3d43ca5b84a81b6312085d03be098945d231655dab4beb5719f45abfdb128f17 WHIRLPOOL adf26ab9c6ee24c44556e77d82fe42d869d44ac42f36becc4f6e95af0de680fa23de6caf81c612af0d723f20a585ea242d1fb1fba97efee952350d465b06001b
AUX 0002-Use-the-current-directory-for-storing-and-loading-se.patch 1672 SHA256 8decc8453936f10df1ec5af8ce5322c527853ed7fde3fccf2996d92f64ecc691 SHA512 3fa5ba7e0b3784bfe4d28efa63dd9ef64d496c33d6538d38fc867c669ac978d1a4512334a1103eb9bf0f898e12b839dbe287bddad6238f54979b17ba0ffd095e WHIRLPOOL a944fecee470fc57fe2211a335d08ead2a7976839b7da2159b49929e93c1d2027ca64b0ad8ed49bb4ceeed67ed1407f7a1d626316ca536d1972aeb4e540e22a6
AUX 0003-wash-wpsmon-use-less-useless-spaces-in-output-to-fit.patch 1604 SHA256 02ecd27516806917d2970d67f408139f50644bb3bdfed94300ea4703e295b468 SHA512 8960223cf5f84a7b999b2b79d195d2b5e690dd66338f97549a931df9b4156823190b03f37702317fb3af6aac91712b46866dba955b0ee60f6dd4a3630f1b7fd5 WHIRLPOOL 8f4335d3786e893ceedf6a6949903b6fecd29566746ccb4fd95e57236195ea23fa68548e769d1e1cbd3ac2e8cfca2167b99242d7a3a086460f47676ce9191df4
AUX 0004-wash-probe-request.patch 687 SHA256 66b27d18353ba85612dfd4806a730ca004027a86b80de5bc8a0c869800e429a9 SHA512 cdf1bf370b2915dd87afe93aa8df4db0ad9124eb076ce1398a384afe1b5e66c9499c891857b21ec7897d0d52a1fea0ad635163d796eca981db7956d8bb7c7c6e WHIRLPOOL ae381d3598721151beed7eef46678e0208baf64905bb1200eda547be7d500ea7d6a9cd27033385982cea0b117bca167848f6c5fd93808000ec792f95b10a04e8
AUX 0005-soreau-show-status-r2.patch 2378 SHA256 ff0b84b2c31fe69a990a2a3b2a161fd83d6b05d9fafc27cbe61d76e2862c5f82 SHA512 558c1c393276bb5c65ef8a32e9b0cdbd1cf55c08a11ddcfdd73f90a901a709f2306d89f2eeab509f97478f9807401784fcb1bad0159c97b1f64f85701cfbab6a WHIRLPOOL c6b180ed58ae5bfbfa62ffbfef2ba812c0d8ee54a52520c98411a0aad4fac6ad2ea9f9a76663e6781af00f324573c52b4381157cc9867ca1a1db505b66821523
AUX 0005-soreau-show-status.patch 2378 SHA256 0c7ef676d989139b599da93de20586bc78a8f18208696ff3b76144791720fbe7 SHA512 9211353efe8c47defe924b2afce2f3412089ce810bbe48e8dbf47b7a648972d09ef74b9d1ca2de907975bb28b5aace70d86c1656b326e65d0298f023a5bb0936 WHIRLPOOL cda5ddcc3a976b2d9519ffe4ecc2c870caebd4a5daa62f6ce130e84338e843eb01efb36dce0c63ebb1197f4daecd99921cca9473809a94e5006be73f2f6acb7f
EBUILD reaver-wps-fork-t6x-1.5.2_p20150516.ebuild 1077 SHA256 7c25376a68e2239e48063175506fd1d820d2887a748232f7366e01c783de1578 SHA512 eefc69d005f587cda4cc18fc6dd7794fe393e42920cc56aa7764b6e69b7650575d59970c3714c3de6ce84d80ca96c2d21240ab5a3fa71f154ac8f3b52fc57671 WHIRLPOOL 7eb8681f5fe9bcd43aaeab579fa7196defac003fded530a5013dd7f93c579df99aac855c44a073c8df437d5bbe734e2ec98761b4fd5cb2c0f6b587ba859b579e

565
net-wireless/reaver-wps-fork-t6x/files/0001-wpscrack-big-endian-fixes.patch Normal file
View file

@ -0,0 +1,565 @@
From 4e7af9f022996cb0a03b30f6af265b757807dfa2 Mon Sep 17 00:00:00 2001
From: Paul Fertser <fercerpav@gmail.com>
Date: Wed, 27 Jun 2012 17:44:55 +0400
Subject: [PATCH 1/3] wpscrack: big-endian fixes
This should fix access to the radiotap, 802.11, LLC/SNAP and WFA
headers' fields. Run-time tested on an ar71xx BE system.
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
---
src/80211.c | 65 +++++++++++++++++++------------
src/builder.c | 23 +++++------
src/defs.h | 116 +++++++++++++++++++++++++++++++++++++++-----------------
src/exchange.c | 23 ++++++-----
src/wpsmon.c | 13 ++++--
5 files changed, 151 insertions(+), 89 deletions(-)
diff --git a/src/80211.c b/src/80211.c
index c2aff59..19f1e92 100644
--- a/src/80211.c
+++ b/src/80211.c
@@ -90,17 +90,19 @@ void read_ap_beacon()
if(header.len >= MIN_BEACON_SIZE)
{
rt_header = (struct radio_tap_header *) radio_header(packet, header.len);
- frame_header = (struct dot11_frame_header *) (packet + rt_header->len);
-
+ size_t rt_header_len = __le16_to_cpu(rt_header->len);
+ frame_header = (struct dot11_frame_header *) (packet + rt_header_len);
+
if(is_target(frame_header))
{
- if(frame_header->fc.type == MANAGEMENT_FRAME && frame_header->fc.sub_type == SUBTYPE_BEACON)
+ if((frame_header->fc & __cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) ==
+ __cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_BEACON))
{
- beacon = (struct beacon_management_frame *) (packet + rt_header->len + sizeof(struct dot11_frame_header));
+ beacon = (struct beacon_management_frame *) (packet + rt_header_len + sizeof(struct dot11_frame_header));
set_ap_capability(beacon->capability);
/* Obtain the SSID and channel number from the beacon packet */
- tag_offset = rt_header->len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
+ tag_offset = rt_header_len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
channel = parse_beacon_tags(packet, header.len);
/* If no channel was manually specified, switch to the AP's current channel */
@@ -135,29 +137,31 @@ int8_t signal_strength(const u_char *packet, size_t len)
{
header = (struct radio_tap_header *) packet;
- if((header->flags & SSI_FLAG) == SSI_FLAG)
+ uint32_t flags = __le32_to_cpu(header->flags);
+
+ if((flags & SSI_FLAG) == SSI_FLAG)
{
- if((header->flags & TSFT_FLAG) == TSFT_FLAG)
+ if((flags & TSFT_FLAG) == TSFT_FLAG)
{
offset += TSFT_SIZE;
}
- if((header->flags & FLAGS_FLAG) == FLAGS_FLAG)
+ if((flags & FLAGS_FLAG) == FLAGS_FLAG)
{
offset += FLAGS_SIZE;
}
- if((header->flags & RATE_FLAG) == RATE_FLAG)
+ if((flags & RATE_FLAG) == RATE_FLAG)
{
offset += RATE_SIZE;
}
- if((header->flags & CHANNEL_FLAG) == CHANNEL_FLAG)
+ if((flags & CHANNEL_FLAG) == CHANNEL_FLAG)
{
offset += CHANNEL_SIZE;
}
- if((header->flags & FHSS_FLAG) == FHSS_FLAG)
+ if((flags & FHSS_FLAG) == FHSS_FLAG)
{
offset += FHSS_FLAG;
}
@@ -196,11 +200,13 @@ int is_wps_locked()
if(header.len >= MIN_BEACON_SIZE)
{
rt_header = (struct radio_tap_header *) radio_header(packet, header.len);
- frame_header = (struct dot11_frame_header *) (packet + rt_header->len);
+ size_t rt_header_len = __le16_to_cpu(rt_header->len);
+ frame_header = (struct dot11_frame_header *) (packet + rt_header_len);
if(memcmp(frame_header->addr3, get_bssid(), MAC_ADDR_LEN) == 0)
{
- if(frame_header->fc.type == MANAGEMENT_FRAME && frame_header->fc.sub_type == SUBTYPE_BEACON)
+ if((frame_header->fc & __cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) ==
+ __cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_BEACON))
{
if(parse_wps_parameters(packet, header.len, &wps))
{
@@ -411,24 +417,30 @@ int associate_recv_loop()
if(header.len >= MIN_AUTH_SIZE)
{
rt_header = (struct radio_tap_header *) radio_header(packet, header.len);
- dot11_frame = (struct dot11_frame_header *) (packet + rt_header->len);
+ size_t rt_header_len = __le16_to_cpu(rt_header->len);
+ dot11_frame = (struct dot11_frame_header *) (packet + rt_header_len);
if((memcmp(dot11_frame->addr3, get_bssid(), MAC_ADDR_LEN) == 0) &&
(memcmp(dot11_frame->addr1, get_mac(), MAC_ADDR_LEN) == 0))
{
- if(dot11_frame->fc.type == MANAGEMENT_FRAME)
+ if((dot11_frame->fc & __cpu_to_le16(IEEE80211_FCTL_FTYPE)) ==
+ __cpu_to_le16(IEEE80211_FTYPE_MGMT))
{
- auth_frame = (struct authentication_management_frame *) (packet + sizeof(struct dot11_frame_header) + rt_header->len);
- assoc_frame = (struct association_response_management_frame *) (packet + sizeof(struct dot11_frame_header) + rt_header->len);
+ auth_frame = (struct authentication_management_frame *) (packet + sizeof(struct dot11_frame_header) + rt_header_len);
+ assoc_frame = (struct association_response_management_frame *) (packet + sizeof(struct dot11_frame_header) + rt_header_len);
/* Did we get an authentication packet with a successful status? */
- if((dot11_frame->fc.sub_type == SUBTYPE_AUTHENTICATION) && (auth_frame->status == AUTHENTICATION_SUCCESS))
+ if((dot11_frame->fc & __cpu_to_le16(IEEE80211_FCTL_STYPE)) ==
+ __cpu_to_le16(IEEE80211_STYPE_AUTH)
+ && (auth_frame->status == __cpu_to_le16(AUTHENTICATION_SUCCESS)))
{
ret_val = AUTH_OK;
break;
}
/* Did we get an association packet with a successful status? */
- else if((dot11_frame->fc.sub_type == SUBTYPE_ASSOCIATION) && (assoc_frame->status == ASSOCIATION_SUCCESS))
+ else if((dot11_frame->fc & __cpu_to_le16(IEEE80211_FCTL_STYPE)) ==
+ __cpu_to_le16(IEEE80211_STYPE_ASSOC_RESP)
+ && (assoc_frame->status == __cpu_to_le16(ASSOCIATION_SUCCESS)))
{
ret_val = ASSOCIATE_OK;
break;
@@ -455,13 +467,14 @@ enum encryption_type supported_encryption(const u_char *packet, size_t len)
if(len > MIN_BEACON_SIZE)
{
rt_header = (struct radio_tap_header *) radio_header(packet, len);
- beacon = (struct beacon_management_frame *) (packet + rt_header->len + sizeof(struct dot11_frame_header));
- offset = tag_offset = rt_header->len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
+ size_t rt_header_len = __le16_to_cpu(rt_header->len);
+ beacon = (struct beacon_management_frame *) (packet + rt_header_len + sizeof(struct dot11_frame_header));
+ offset = tag_offset = rt_header_len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
tag_len = len - tag_offset;
tag_data = (const u_char *) (packet + tag_offset);
- if((beacon->capability & CAPABILITY_WEP) == CAPABILITY_WEP)
+ if((__le16_to_cpu(beacon->capability) & CAPABILITY_WEP) == CAPABILITY_WEP)
{
enc = WEP;
@@ -509,7 +522,7 @@ int parse_beacon_tags(const u_char *packet, size_t len)
struct radio_tap_header *rt_header = NULL;
rt_header = (struct radio_tap_header *) radio_header(packet, len);
- tag_offset = rt_header->len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
+ tag_offset = __le16_to_cpu(rt_header->len) + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
if(tag_offset < len)
{
@@ -548,7 +561,7 @@ int parse_beacon_tags(const u_char *packet, size_t len)
{
if(ie_len == 1)
{
- memcpy((int *) &channel, channel_data, ie_len);
+ channel = *(uint8_t*)channel_data;
}
free(channel_data);
}
@@ -603,13 +616,13 @@ int check_fcs(const u_char *packet, size_t len)
if(len > 4)
{
/* Get the packet's reported FCS (last 4 bytes of the packet) */
- memcpy((uint32_t *) &fcs, (packet + (len-4)), 4);
+ fcs = __le32_to_cpu(*(uint32_t*)(packet + (len-4)));
/* FCS is not calculated over the radio tap header */
if(has_rt_header())
{
rt_header = (struct radio_tap_header *) packet;
- offset += rt_header->len;
+ offset += __le16_to_cpu(rt_header->len);
}
if(len > offset)
diff --git a/src/builder.c b/src/builder.c
index 37f2de7..6bf89e7 100644
--- a/src/builder.c
+++ b/src/builder.c
@@ -44,9 +44,8 @@ const void *build_radio_tap_header(size_t *len)
memset((void *) buf, 0, sizeof(struct radio_tap_header));
rt_header = (struct radio_tap_header *) buf;
- rt_header->len = sizeof(struct radio_tap_header);
-
- *len = rt_header->len;
+ *len = sizeof(struct radio_tap_header);
+ rt_header->len = __cpu_to_le16(*len);
}
return buf;
@@ -67,9 +66,9 @@ const void *build_dot11_frame_header(uint16_t fc, size_t *len)
frag_seq += SEQ_MASK;
- header->duration = DEFAULT_DURATION;
- memcpy((void *) &header->fc, (void *) &fc, sizeof(struct frame_control));
- header->frag_seq = frag_seq;
+ header->duration = __cpu_to_le16(DEFAULT_DURATION);
+ header->fc = __cpu_to_le16(fc);
+ header->frag_seq = __cpu_to_le16(frag_seq);
memcpy((void *) header->addr1, get_bssid(), MAC_ADDR_LEN);
memcpy((void *) header->addr2, get_mac(), MAC_ADDR_LEN);
@@ -91,8 +90,8 @@ const void *build_authentication_management_frame(size_t *len)
memset((void *) buf, 0, *len);
frame = (struct authentication_management_frame *) buf;
- frame->algorithm = OPEN_SYSTEM;
- frame->sequence = 1;
+ frame->algorithm = __cpu_to_le16(OPEN_SYSTEM);
+ frame->sequence = __cpu_to_le16(1);
frame->status = 0;
}
@@ -111,8 +110,8 @@ const void *build_association_management_frame(size_t *len)
memset((void *) buf, 0, *len);
frame = (struct association_request_management_frame *) buf;
- frame->capability = get_ap_capability();
- frame->listen_interval = LISTEN_INTERVAL;
+ frame->capability = __cpu_to_le16(get_ap_capability());
+ frame->listen_interval = __cpu_to_le16(LISTEN_INTERVAL);
}
return buf;
@@ -133,7 +132,7 @@ const void *build_llc_header(size_t *len)
header->dsap = LLC_SNAP;
header->ssap = LLC_SNAP;
header->control_field = UNNUMBERED_FRAME;
- header->type = DOT1X_AUTHENTICATION;
+ header->type = __cpu_to_be16(DOT1X_AUTHENTICATION);
}
@@ -279,7 +278,7 @@ const void *build_wfa_header(uint8_t op_code, size_t *len)
header = (struct wfa_expanded_header *) buf;
memcpy(header->id, WFA_VENDOR_ID, sizeof(header->id));
- header->type = SIMPLE_CONFIG;
+ header->type = __cpu_to_be32(SIMPLE_CONFIG);
header->opcode = op_code;
}
diff --git a/src/defs.h b/src/defs.h
index b2f45ea..0c628e7 100644
--- a/src/defs.h
+++ b/src/defs.h
@@ -41,6 +41,7 @@
#include <string.h>
#include <time.h>
#include <pcap.h>
+#include <asm/byteorder.h>
#include "wps.h"
@@ -65,10 +66,10 @@
#define MANAGEMENT_FRAME 0x00
#define SUBTYPE_BEACON 0x08
-#define DOT1X_AUTHENTICATION 0x8E88
+#define DOT1X_AUTHENTICATION 0x888E
#define DOT1X_EAP_PACKET 0x00
-#define SIMPLE_CONFIG 0x01000000
+#define SIMPLE_CONFIG 0x00000001
#define P1_SIZE 10000
#define P2_SIZE 1000
@@ -282,66 +283,111 @@ enum wfa_elements
WEP_TRANSMIT_KEY = 0x10064
};
+#define IEEE80211_FCTL_VERS 0x0003
+#define IEEE80211_FCTL_FTYPE 0x000c
+#define IEEE80211_FCTL_STYPE 0x00f0
+#define IEEE80211_FCTL_TODS 0x0100
+#define IEEE80211_FCTL_FROMDS 0x0200
+#define IEEE80211_FCTL_MOREFRAGS 0x0400
+#define IEEE80211_FCTL_RETRY 0x0800
+#define IEEE80211_FCTL_PM 0x1000
+#define IEEE80211_FCTL_MOREDATA 0x2000
+#define IEEE80211_FCTL_PROTECTED 0x4000
+#define IEEE80211_FCTL_ORDER 0x8000
+
+#define IEEE80211_SCTL_FRAG 0x000F
+#define IEEE80211_SCTL_SEQ 0xFFF0
+
+#define IEEE80211_FTYPE_MGMT 0x0000
+#define IEEE80211_FTYPE_CTL 0x0004
+#define IEEE80211_FTYPE_DATA 0x0008
+
+/* management */
+#define IEEE80211_STYPE_ASSOC_REQ 0x0000
+#define IEEE80211_STYPE_ASSOC_RESP 0x0010
+#define IEEE80211_STYPE_REASSOC_REQ 0x0020
+#define IEEE80211_STYPE_REASSOC_RESP 0x0030
+#define IEEE80211_STYPE_PROBE_REQ 0x0040
+#define IEEE80211_STYPE_PROBE_RESP 0x0050
+#define IEEE80211_STYPE_BEACON 0x0080
+#define IEEE80211_STYPE_ATIM 0x0090
+#define IEEE80211_STYPE_DISASSOC 0x00A0
+#define IEEE80211_STYPE_AUTH 0x00B0
+#define IEEE80211_STYPE_DEAUTH 0x00C0
+#define IEEE80211_STYPE_ACTION 0x00D0
+
+/* control */
+#define IEEE80211_STYPE_BACK_REQ 0x0080
+#define IEEE80211_STYPE_BACK 0x0090
+#define IEEE80211_STYPE_PSPOLL 0x00A0
+#define IEEE80211_STYPE_RTS 0x00B0
+#define IEEE80211_STYPE_CTS 0x00C0
+#define IEEE80211_STYPE_ACK 0x00D0
+#define IEEE80211_STYPE_CFEND 0x00E0
+#define IEEE80211_STYPE_CFENDACK 0x00F0
+
+/* data */
+#define IEEE80211_STYPE_DATA 0x0000
+#define IEEE80211_STYPE_DATA_CFACK 0x0010
+#define IEEE80211_STYPE_DATA_CFPOLL 0x0020
+#define IEEE80211_STYPE_DATA_CFACKPOLL 0x0030
+#define IEEE80211_STYPE_NULLFUNC 0x0040
+#define IEEE80211_STYPE_CFACK 0x0050
+#define IEEE80211_STYPE_CFPOLL 0x0060
+#define IEEE80211_STYPE_CFACKPOLL 0x0070
+#define IEEE80211_STYPE_QOS_DATA 0x0080
+#define IEEE80211_STYPE_QOS_DATA_CFACK 0x0090
+#define IEEE80211_STYPE_QOS_DATA_CFPOLL 0x00A0
+#define IEEE80211_STYPE_QOS_DATA_CFACKPOLL 0x00B0
+#define IEEE80211_STYPE_QOS_NULLFUNC 0x00C0
+#define IEEE80211_STYPE_QOS_CFACK 0x00D0
+#define IEEE80211_STYPE_QOS_CFPOLL 0x00E0
+#define IEEE80211_STYPE_QOS_CFACKPOLL 0x00F0
+
#pragma pack(1)
struct radio_tap_header
{
uint8_t revision;
uint8_t pad;
- uint16_t len;
- uint32_t flags;
-};
-
-struct frame_control
-{
- unsigned version : 2;
- unsigned type : 2;
- unsigned sub_type : 4;
-
- unsigned to_ds : 1;
- unsigned from_ds : 1;
- unsigned more_frag : 1;
- unsigned retry : 1;
- unsigned pwr_mgt : 1;
- unsigned more_data : 1;
- unsigned protected_frame : 1;
- unsigned order : 1;
+ __le16 len;
+ __le32 flags;
};
struct dot11_frame_header
{
- struct frame_control fc;
- uint16_t duration;
+ __le16 fc;
+ __le16 duration;
unsigned char addr1[MAC_ADDR_LEN];
unsigned char addr2[MAC_ADDR_LEN];
unsigned char addr3[MAC_ADDR_LEN];
- uint16_t frag_seq;
+ __le16 frag_seq;
};
struct authentication_management_frame
{
- uint16_t algorithm;
- uint16_t sequence;
- uint16_t status;
+ __le16 algorithm;
+ __le16 sequence;
+ __le16 status;
};
struct association_request_management_frame
{
- uint16_t capability;
- uint16_t listen_interval;
+ __le16 capability;
+ __le16 listen_interval;
};
struct association_response_management_frame
{
- uint16_t capability;
- uint16_t status;
- uint16_t id;
+ __le16 capability;
+ __le16 status;
+ __le16 id;
};
struct beacon_management_frame
{
unsigned char timestamp[TIMESTAMP_LEN];
- uint16_t beacon_interval;
- uint16_t capability;
+ __le16 beacon_interval;
+ __le16 capability;
};
struct llc_header
@@ -350,7 +396,7 @@ struct llc_header
uint8_t ssap;
uint8_t control_field;
unsigned char org_code[3];
- uint16_t type;
+ __be16 type;
};
struct dot1X_header
@@ -371,7 +417,7 @@ struct eap_header
struct wfa_expanded_header
{
unsigned char id[3];
- uint32_t type;
+ __be32 type;
uint8_t opcode;
uint8_t flags;
};
diff --git a/src/exchange.c b/src/exchange.c
index 23c87e9..4f9a82b 100644
--- a/src/exchange.c
+++ b/src/exchange.c
@@ -306,26 +306,27 @@ enum wps_type process_packet(const u_char *packet, struct pcap_pkthdr *header)
/* Cast the radio tap and 802.11 frame headers and parse out the Frame Control field */
rt_header = (struct radio_tap_header *) packet;
- frame_header = (struct dot11_frame_header *) (packet+rt_header->len);
+ size_t rt_header_len = __le16_to_cpu(rt_header->len);
+ frame_header = (struct dot11_frame_header *) (packet+rt_header_len);
/* Does the BSSID/source address match our target BSSID? */
if(memcmp(frame_header->addr3, get_bssid(), MAC_ADDR_LEN) == 0)
{
/* Is this a data packet sent to our MAC address? */
- if(frame_header->fc.type == DATA_FRAME &&
- frame_header->fc.sub_type == SUBTYPE_DATA &&
- (memcmp(frame_header->addr1, get_mac(), MAC_ADDR_LEN) == 0))
+ if (((frame_header->fc & __cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) ==
+ __cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA)) &&
+ (memcmp(frame_header->addr1, get_mac(), MAC_ADDR_LEN) == 0))
{
llc = (struct llc_header *) (packet +
- rt_header->len +
+ rt_header_len +
sizeof(struct dot11_frame_header)
);
/* All packets in our exchanges will be 802.1x */
- if(llc->type == DOT1X_AUTHENTICATION)
+ if(llc->type == __cpu_to_be16(DOT1X_AUTHENTICATION))
{
dot1x = (struct dot1X_header *) (packet +
- rt_header->len +
+ rt_header_len +
sizeof(struct dot11_frame_header) +
sizeof(struct llc_header)
);
@@ -334,7 +335,7 @@ enum wps_type process_packet(const u_char *packet, struct pcap_pkthdr *header)
if(dot1x->type == DOT1X_EAP_PACKET && (header->len >= EAP_PACKET_SIZE))
{
eap = (struct eap_header *) (packet +
- rt_header->len +
+ rt_header_len +
sizeof(struct dot11_frame_header) +
sizeof(struct llc_header) +
sizeof(struct dot1X_header)
@@ -366,7 +367,7 @@ enum wps_type process_packet(const u_char *packet, struct pcap_pkthdr *header)
else if((eap->type == EAP_EXPANDED) && (header->len > WFA_PACKET_SIZE))
{
wfa = (struct wfa_expanded_header *) (packet +
- rt_header->len +
+ rt_header_len +
sizeof(struct dot11_frame_header) +
sizeof(struct llc_header) +
sizeof(struct dot1X_header) +
@@ -374,14 +375,14 @@ enum wps_type process_packet(const u_char *packet, struct pcap_pkthdr *header)
);
/* Verify that this is a WPS message */
- if(wfa->type == SIMPLE_CONFIG)
+ if(wfa->type == __cpu_to_be32(SIMPLE_CONFIG))
{
wps_msg_len = (size_t) ntohs(eap->len) -
sizeof(struct eap_header) -
sizeof(struct wfa_expanded_header);
wps_msg = (const void *) (packet +
- rt_header->len +
+ rt_header_len +
sizeof(struct dot11_frame_header) +
sizeof(struct llc_header) +
sizeof(struct dot1X_header) +
diff --git a/src/wpsmon.c b/src/wpsmon.c
index d976924..22a394f 100644
--- a/src/wpsmon.c
+++ b/src/wpsmon.c
@@ -295,7 +295,8 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *
}
rt_header = (struct radio_tap_header *) radio_header(packet, header->len);
- frame_header = (struct dot11_frame_header *) (packet + rt_header->len);
+ size_t rt_header_len = __le16_to_cpu(rt_header->len);
+ frame_header = (struct dot11_frame_header *) (packet + rt_header_len);
/* If a specific BSSID was specified, only parse packets from that BSSID */
if(!is_target(frame_header))
@@ -323,15 +324,17 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *
channel_changed = 1;
}
- if(frame_header->fc.sub_type == PROBE_RESPONSE ||
- frame_header->fc.sub_type == SUBTYPE_BEACON)
+ unsigned fsub_type = frame_header->fc & __cpu_to_le16(IEEE80211_FCTL_STYPE);
+
+ if(fsub_type == __cpu_to_le16(IEEE80211_STYPE_PROBE_RESP) ||
+ fsub_type == __cpu_to_le16(IEEE80211_STYPE_BEACON))
{
wps_parsed = parse_wps_parameters(packet, header->len, wps);
}
if(!is_done(bssid) && (get_channel() == channel || source == PCAP_FILE))
{
- if(frame_header->fc.sub_type == SUBTYPE_BEACON &&
+ if(fsub_type == __cpu_to_le16(IEEE80211_STYPE_BEACON) &&
mode == SCAN &&
!passive &&
should_probe(bssid))
@@ -369,7 +372,7 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *
* If there was no WPS information, then the AP does not support WPS and we should ignore it from here on.
* If this was a probe response, then we've gotten all WPS info we can get from this AP and should ignore it from here on.
*/
- if(!wps_parsed || frame_header->fc.sub_type == PROBE_RESPONSE)
+ if(!wps_parsed || fsub_type == __cpu_to_le16(IEEE80211_STYPE_PROBE_RESP))
{
mark_ap_complete(bssid);
}
--
1.7.7

53
net-wireless/reaver-wps-fork-t6x/files/0002-Use-the-current-directory-for-storing-and-loading-se.patch Normal file
View file

@ -0,0 +1,53 @@
From cd444949f3176790101b8bdc9656831a03d8c01d Mon Sep 17 00:00:00 2001
From: Paul Fertser <fercerpav@gmail.com>
Date: Tue, 10 Jul 2012 11:13:29 +0400
Subject: [PATCH 2/3] Use the current directory for storing and loading
sessions
This allows the user to always explicitely choose (by changing the
current directory before launching the program) where the session
files should go. Useful e.g. to avoid hogging the precious space on
embedded devices, just cd /tmp before starting the app.
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
---
src/session.c | 16 +++-------------
1 files changed, 3 insertions(+), 13 deletions(-)
diff --git a/src/session.c b/src/session.c
index d3af0c3..308f213 100644
--- a/src/session.c
+++ b/src/session.c
@@ -62,7 +62,7 @@ int restore_session()
memset(file, 0, FILENAME_MAX);
bssid = mac2str(get_bssid(), '\0');
- snprintf(file, FILENAME_MAX, "%s/%s.%s", CONF_DIR, bssid, CONF_EXT);
+ snprintf(file, FILENAME_MAX, "%s.%s", bssid, CONF_EXT);
free(bssid);
}
@@ -199,18 +199,8 @@ int save_session()
}
else
{
- /*
- * If the configuration directory exists, save the session file there; else, save it to the
- * current working directory.
- */
- if(configuration_directory_exists())
- {
- snprintf((char *) &file_name, FILENAME_MAX, "%s/%s.%s", CONF_DIR, bssid, CONF_EXT);
- }
- else
- {
- snprintf((char *) &file_name, FILENAME_MAX, "%s.%s", bssid, CONF_EXT);
- }
+ /* save session to the current directory */
+ snprintf((char *) &file_name, FILENAME_MAX, "%s.%s", bssid, CONF_EXT);
}
/* Don't bother saving anything if nothing has been done */
--
1.7.7

38
net-wireless/reaver-wps-fork-t6x/files/0003-wash-wpsmon-use-less-useless-spaces-in-output-to-fit.patch Normal file
View file

@ -0,0 +1,38 @@
From 638bb8d70d6c7e5dc99975e0bf57d8ce0455e2cc Mon Sep 17 00:00:00 2001
From: Paul Fertser <fercerpav@gmail.com>
Date: Tue, 10 Jul 2012 11:25:00 +0400
Subject: [PATCH 3/3] wash/wpsmon: use less useless spaces in output to fit
narrow terminals
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
---
src/wpsmon.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/wpsmon.c b/src/wpsmon.c
index 22a394f..e0948b3 100644
--- a/src/wpsmon.c
+++ b/src/wpsmon.c
@@ -262,8 +262,8 @@ void monitor(char *bssid, int passive, int source, int channel, int mode)
if(!header_printed)
{
- cprintf(INFO, "BSSID Channel RSSI WPS Version WPS Locked ESSID\n");
- cprintf(INFO, "---------------------------------------------------------------------------------------------------------------\n");
+ cprintf(INFO, "BSSID Channel RSSI WPS Version WPS Locked ESSID\n");
+ cprintf(INFO, "--------------------------------------------------------------------------------------\n");
header_printed = 1;
}
@@ -360,7 +360,7 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *
break;
}
- cprintf(INFO, "%17s %2d %.2d %d.%d %s %s\n", bssid, channel, rssi, (wps->version >> 4), (wps->version & 0x0F), lock_display, ssid);
+ cprintf(INFO, "%17s %2d %.2d %d.%d %s %s\n", bssid, channel, rssi, (wps->version >> 4), (wps->version & 0x0F), lock_display, ssid);
}
if(probe_sent)
--
1.7.7

31
net-wireless/reaver-wps-fork-t6x/files/0004-wash-probe-request.patch Normal file
View file

@ -0,0 +1,31 @@
diff -urN reaver-1.4/src/wpsmon.c reaver-wps-read-only/src/wpsmon.c
--- reaver-1.4/src/wpsmon.c 2012-01-18 17:02:39.000000000 +0800
+++ reaver-wps-read-only/src/wpsmon.c 2012-10-10 06:45:52.271329168 +0800
@@ -132,6 +132,11 @@
usage(argv[0]);
goto end;
}
+ else if(get_iface())
+ {
+ /* Get the MAC address of the specified interface */
+ read_iface_mac();
+ }
if(get_iface() && source == PCAP_FILE)
{
@@ -300,6 +305,7 @@
set_ssid(NULL);
bssid = (char *) mac2str(frame_header->addr3, ':');
+ set_bssid((unsigned char *) frame_header->addr3);
if(bssid)
{
@@ -383,6 +389,7 @@
end:
if(wps) free(wps);
+ set_bssid((unsigned char *) NULL_MAC);
return;
}

97
net-wireless/reaver-wps-fork-t6x/files/0005-soreau-show-status-r2.patch Normal file
View file

@ -0,0 +1,97 @@
Index: cracker.c
===================================================================
--- cracker.c (revision 113)
+++ cracker.c (working copy)
@@ -285,18 +285,65 @@
}
}
+char *get_max_time_remaining(int average, int attempts_remaining)
+{
+ char *max_time, hours[8], minutes[3], seconds[3];
+ int max_hours = 0, max_minutes = 0, max_seconds = 0;
+
+ max_time = malloc(16);
+
+ if(!max_time)
+ exit(-1);
+
+ if(average)
+ {
+ max_seconds = attempts_remaining * average;
+ if(max_seconds > 60)
+ {
+ max_minutes = max_seconds / 60;
+ max_seconds -= max_minutes * 60;
+ }
+ if(max_minutes > 60)
+ {
+ max_hours = max_minutes / 60;
+ max_minutes -= max_hours * 60;
+ }
+
+ if(max_seconds < 0 || max_minutes < 0 || max_hours < 0)
+ {
+ free(max_time);
+ return NULL;
+ }
+
+ sprintf(hours, "%d", max_hours);
+ sprintf(minutes, "%s%d", max_minutes > 9 ? "" : "0", max_minutes);
+ sprintf(seconds, "%s%d", max_seconds > 9 ? "" : "0", max_seconds);
+
+ sprintf(max_time, "%s:%s:%s", hours, minutes, seconds);
+ }
+ else
+ {
+ free(max_time);
+ return NULL;
+ }
+
+ return max_time;
+}
+
/* Displays the status and rate of cracking */
void display_status(float pin_count, time_t start_time)
{
float percentage = 0;
int attempts = 0, average = 0;
+ int attempts_remaining = 0;
time_t now = 0, diff = 0;
struct tm *tm_p = NULL;
- char time_s[256] = { 0 };
+ char time_s[256] = { 0 }, *max_time;
if(get_key_status() == KEY1_WIP)
{
attempts = get_p1_index() + get_p2_index();
+ attempts_remaining = 11000 - attempts;
}
/*
* If we've found the first half of the key, then the entire key1 keyspace
@@ -305,10 +352,12 @@
else if(get_key_status() == KEY2_WIP)
{
attempts = P1_SIZE + get_p2_index();
+ attempts_remaining = 11000 - attempts;
}
else if(get_key_status() == KEY_DONE)
{
attempts = P1_SIZE + P2_SIZE;
+ attempts_remaining = 0;
}
percentage = (float) (((float) attempts / (P1_SIZE + P2_SIZE)) * 100);
@@ -335,7 +384,12 @@
average = 0;
}
+ max_time = get_max_time_remaining(average, attempts_remaining);
+
cprintf(INFO, "[+] %.2f%% complete @ %s (%d seconds/pin)\n", percentage, time_s, average);
+ cprintf(INFO, "[+] Max time remaining at this rate: %s (%d pins left to try)\n", max_time ? max_time : "(undetermined)", attempts_remaining);
+ free(max_time);
+
return;
}

97
net-wireless/reaver-wps-fork-t6x/files/0005-soreau-show-status.patch Normal file
View file

@ -0,0 +1,97 @@
Index: cracker.c
===================================================================
--- cracker.c (revision 113)
+++ cracker.c (working copy)
@@ -285,18 +285,65 @@
}
}
+char *get_max_time_remaining(int average, int attempts_remaining)
+{
+ char *max_time, hours[12], minutes[2], seconds[2];
+ int max_hours = 0, max_minutes = 0, max_seconds = 0;
+
+ max_time = malloc(16);
+
+ if(!max_time)
+ exit(-1);
+
+ if(average)
+ {
+ max_seconds = attempts_remaining * average;
+ if(max_seconds > 60)
+ {
+ max_minutes = max_seconds / 60;
+ max_seconds -= max_minutes * 60;
+ }
+ if(max_minutes > 60)
+ {
+ max_hours = max_minutes / 60;
+ max_minutes -= max_hours * 60;
+ }
+
+ if(max_seconds < 0 || max_minutes < 0 || max_hours < 0)
+ {
+ free(max_time);
+ return NULL;
+ }
+
+ sprintf(hours, "%d", max_hours);
+ sprintf(minutes, "%s%d", max_minutes > 9 ? "" : "0", max_minutes);
+ sprintf(seconds, "%s%d", max_seconds > 9 ? "" : "0", max_seconds);
+
+ sprintf(max_time, "%s:%s:%s", hours, minutes, seconds);
+ }
+ else
+ {
+ free(max_time);
+ return NULL;
+ }
+
+ return max_time;
+}
+
/* Displays the status and rate of cracking */
void display_status(float pin_count, time_t start_time)
{
float percentage = 0;
int attempts = 0, average = 0;
+ int attempts_remaining = 0;
time_t now = 0, diff = 0;
struct tm *tm_p = NULL;
- char time_s[256] = { 0 };
+ char time_s[256] = { 0 }, *max_time;
if(get_key_status() == KEY1_WIP)
{
attempts = get_p1_index() + get_p2_index();
+ attempts_remaining = 11000 - attempts;
}
/*
* If we've found the first half of the key, then the entire key1 keyspace
@@ -305,10 +352,12 @@
else if(get_key_status() == KEY2_WIP)
{
attempts = P1_SIZE + get_p2_index();
+ attempts_remaining = 11000 - attempts;
}
else if(get_key_status() == KEY_DONE)
{
attempts = P1_SIZE + P2_SIZE;
+ attempts_remaining = 0;
}
percentage = (float) (((float) attempts / (P1_SIZE + P2_SIZE)) * 100);
@@ -335,7 +384,12 @@
average = 0;
}
+ max_time = get_max_time_remaining(average, attempts_remaining);
+
cprintf(INFO, "[+] %.2f%% complete @ %s (%d seconds/pin)\n", percentage, time_s, average);
+ cprintf(INFO, "[+] Max time remaining at this rate: %s (%d pins left to try)\n", max_time ? max_time : "(undetermined)", attempts_remaining);
+ free(max_time);
+
return;
}

47
net-wireless/reaver-wps-fork-t6x/reaver-wps-fork-t6x-1.5.2_p20150516.ebuild Normal file
View file

@ -0,0 +1,47 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: blshkv $
EAPI=5
AUTOTOOLS_IN_SOURCE_BUILD="1"
inherit autotools-utils eutils git-r3
DESCRIPTION="Utilise Pixie Dust Attack to find the correct WPS PIN."
HOMEPAGE="https://github.com/t6x/reaver-wps-fork-t6x"
EGIT_REPO_URI="https://github.com/t6x/reaver-wps-fork-t6x.git"
EGIT_COMMIT="368ccc6380095c3aa02699b6ca9b776cf7018fc3"
ECONF_SOURCE="${S}/src"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~amd64 ~x86"
IUSE=""
DEPEND="!net-wireless/reaver
net-libs/libpcap
dev-db/sqlite:3"
RDEPEND="${DEPEND}"
#S="${WORKDIR}/${P}/src"
ECONF_SOURCE="${S}/src"
#these patches need to be verified and pushed to upstream
#src_prepare() {
# epatch "${FILESDIR}"/000[1-4]*.patch
#http://code.google.com/p/reaver-wps/issues/detail?id=420
# epatch "${FILESDIR}"/0005-soreau-show-status-r2.patch
#}
src_install() {
cd src
dobin wash reaver
insinto "/etc/reaver"
doins reaver.db
doman ../docs/reaver.1.gz
dodoc ../docs/README ../docs/README.REAVER ../docs/README.WASH
}