fixed cowpatty

2025-12-06 08:25:01 +01:00 · 2009-02-25 04:04:38 +00:00 · 2009-02-25 04:04:38 +00:00 · 469fea852b
commit 469fea852b
parent 1bed76483e
3 changed files with 256 additions and 0 deletions
--- a/net-wireless/cowpatty/cowpatty-4.3-r1.ebuild
+++ b/net-wireless/cowpatty/cowpatty-4.3-r1.ebuild
@ -0,0 +1,29 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+
+DESCRIPTION="WLAN tools for bruteforcing 802.11 WPA/WPA2 keys"
+HOMEPAGE="http://www.willhackforsushi.com/Cowpatty.html"
+SRC_URI="http://www.willhackforsushi.com/code/${PN}/${PV}/${P}.tgz"
+
+inherit eutils
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="amd64 x86"
+
+IUSE=""
+
+DEPEND="dev-libs/openssl"
+RDEPEND="${DEPEND}"
+
+src_compile() {
+	epatch ${FILESDIR}/cowpatty-4.3-fixup.patch
+	epatch ${FILESDIR}/cowpatty-4.3-hashfix.patch
+	emake || die "emake failed"
+}
+
+src_install() {
+        dobin cowpatty genpmk  || die "dobin failed"
+        dodoc AUTHORS CHANGELOG FAQ INSTALL README TODO dict *.dump
+}
--- a/net-wireless/cowpatty/files/cowpatty-4.3-fixup.patch
+++ b/net-wireless/cowpatty/files/cowpatty-4.3-fixup.patch
@ -0,0 +1,215 @@
+diff -uNr cowpatty-4.3/cowpatty.c cowpatty-4.3-fixup/cowpatty.c
+--- cowpatty-4.3/cowpatty.c	2008-03-20 09:49:38.000000000 -0700
+++ cowpatty-4.3-fixup/cowpatty.c	2008-10-27 20:14:56.000000000 -0700
+@@ -71,7 +71,7 @@
+ void cleanup();
+ void parseopts(struct user_opt *opt, int argc, char **argv);
+ void closepcap(struct capture_data *capdata);
+-void handle_dot1x(struct crack_data *cdata, struct capture_data *capdata);
+void handle_dot1x(struct crack_data *cdata, struct capture_data *capdata, struct user_opt *opt);
+ void dump_all_fields(struct crack_data cdata);
+ void printstats(struct timeval start, struct timeval end,
+ 		unsigned long int wordcount);
+@@ -389,7 +389,7 @@
+ 	return (ret);
+ }
+ 
+-void handle_dot1x(struct crack_data *cdata, struct capture_data *capdata)
+void handle_dot1x(struct crack_data *cdata, struct capture_data *capdata, struct user_opt *opt)
+ {
+ 	struct ieee8021x *dot1xhdr;
+ 	struct wpa_eapol_key *eapolkeyhdr;
+@@ -415,8 +415,8 @@
+ 	cdata->ver = key_info & WPA_KEY_INFO_TYPE_MASK;
+ 	index = key_info & WPA_KEY_INFO_KEY_INDEX_MASK;
+ 
+-	/* Check for EAPOL version 1, type EAPOL-Key */
+-	if (dot1xhdr->version != 1 || dot1xhdr->type != 3) {
+	/* Check for type EAPOL-Key */
+	if (dot1xhdr->type != 3) {
+ 		return;
+ 	}
+ 
+@@ -432,54 +432,73 @@
+ 			return;
+ 		}
+ 	} else if (cdata->ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
+-		if (eapolkeyhdr->type != 2 ||
+		if ((eapolkeyhdr->type != 2 && eapolkeyhdr->type != 254) ||
+ 				(key_info & WPA_KEY_INFO_KEY_TYPE) == 0) {
+ 			return;
+ 		}
+ 	}
+ 
+	if (opt->verbose > 2) {
+		printf ("WPA_KEY_INFO_TYPE_HMAC_MD5_RC4: %d\n", WPA_KEY_INFO_TYPE_HMAC_MD5_RC4);
+		printf ("WPA_KEY_INFO_TYPE_HMAC_SHA1_AES: %d\n", WPA_KEY_INFO_TYPE_HMAC_SHA1_AES);
+		printf ("key version: %d\n", cdata->ver);
+		printf ("eapol key header type: %d\n", eapolkeyhdr->type);
+	}
+
+	/* Check for frame 1 of the 4-way handshake */
+	if ((key_info & WPA_KEY_INFO_MIC) == 0 
+	   && (key_info & WPA_KEY_INFO_ACK)
+	   && (key_info & WPA_KEY_INFO_INSTALL) == 0 ) {
+                /* All we need from this frame is the authenticator nonce */
+		memcpy(cdata->anonce, eapolkeyhdr->key_nonce,
+			sizeof(cdata->anonce));
+		cdata->anonceset = 1;
+ 
+ 	/* Check for frame 2 of the 4-way handshake */
+-	if ((key_info & WPA_KEY_INFO_MIC) && (key_info & WPA_KEY_INFO_ACK) == 0
+-	    && (key_info & WPA_KEY_INFO_INSTALL) == 0
+-	    && eapolkeyhdr->key_data_length > 0) {
+-		/* All we need from this frame is the authenticator nonce */
+-		memcpy(cdata->snonce, eapolkeyhdr->key_nonce,
+-		       sizeof(cdata->snonce));
+-		cdata->snonceset = 1;
+	} else if ((key_info & WPA_KEY_INFO_MIC)
+	  && (key_info & WPA_KEY_INFO_INSTALL) == 0
+	  && (key_info & WPA_KEY_INFO_ACK) == 0
+	  && eapolkeyhdr->key_data_length > 0) {
+ 
+-	} else if (		/* Check for frame 3 of the 4-way handshake */
+-			  (key_info & WPA_KEY_INFO_MIC)
+-			  && (key_info & WPA_KEY_INFO_INSTALL)
+-			  && (key_info & WPA_KEY_INFO_ACK)) {
+		cdata->eapolframe_size = ( packet[capdata->dot1x_offset + 2] << 8 )
+				+   packet[capdata->dot1x_offset + 3] + 4;
+ 
+ 		memcpy(cdata->spa, &packet[capdata->dstmac_offset],
+-		       sizeof(cdata->spa));
+-		memcpy(cdata->aa, &packet[capdata->srcmac_offset],
+-		       sizeof(cdata->aa));
+-		memcpy(cdata->anonce, eapolkeyhdr->key_nonce,
+-		       sizeof(cdata->anonce));
+-		cdata->aaset = 1;
+-		cdata->spaset = 1;
+-		cdata->anonceset = 1;
+-		/* We save the replay counter value in the 3rd frame to match
+-		   against the 4th frame of the four-way handshake */
+-		memcpy(cdata->replay_counter, eapolkeyhdr->replay_counter, 8);
+-
+-	} else if (		/* Check for frame 4 of the four-way handshake */
+-			  (key_info & WPA_KEY_INFO_MIC)
+-			  && (key_info & WPA_KEY_INFO_ACK) == 0
+-			  && (key_info & WPA_KEY_INFO_INSTALL) == 0
+-			  &&
+-			  (memcmp
+-			   (cdata->replay_counter, eapolkeyhdr->replay_counter,
+-			    8) == 0)) {
+			sizeof(cdata->spa));
+       	        memcpy(cdata->aa, &packet[capdata->srcmac_offset],
+			sizeof(cdata->aa));
+		memcpy(cdata->snonce, eapolkeyhdr->key_nonce,
+			 sizeof(cdata->snonce));
+                cdata->aaset = 1;
+                cdata->spaset = 1;
+		cdata->snonceset = 1;
+ 
+ 		memcpy(cdata->keymic, eapolkeyhdr->key_mic,
+-		       sizeof(cdata->keymic));
+			sizeof(cdata->keymic));
+ 		memcpy(cdata->eapolframe, &packet[capdata->dot1x_offset],
+-		       sizeof(cdata->eapolframe));
+			cdata->eapolframe_size);
+
+ 		cdata->keymicset = 1;
+ 		cdata->eapolframeset = 1;
+
+	/* Check for frame 3 of the 4-way handshake */
+	}  else if ((key_info & WPA_KEY_INFO_MIC)
+		   && (key_info & WPA_KEY_INFO_ACK)
+		   && (key_info & WPA_KEY_INFO_INSTALL)) {
+		/* All we need from this frame is the authenticator nonce */
+		memcpy(cdata->anonce, eapolkeyhdr->key_nonce,
+			sizeof(cdata->anonce));
+		cdata->anonceset = 1;
+
+	}
+
+	if (opt->verbose > 2) {
+		printf("aaset: %d\n",cdata->aaset);
+		printf("spaset: %d\n",cdata->spaset);
+		printf("snonceset: %d\n",cdata->snonceset);
+	        printf("keymicset: %d\n",cdata->keymicset);
+	        printf("eapolframeset: %d\n",cdata->eapolframeset);
+	        printf("anonceset: %d\n", cdata->anonceset);
+ 	}
+ }
+ 
+@@ -507,8 +526,7 @@
+ 	printf("\n");
+ 
+ 	printf("eapolframe is:");
+-	lamont_hdump(cdata.eapolframe, 99);	/* Bug in lamont_hdump makes this look
+-						   wrong, only shows 98 bytes */
+		lamont_hdump(cdata.eapolframe, cdata.eapolframe_size);
+ 	printf("\n");
+ 
+ }
+@@ -706,7 +724,7 @@
+ 		}
+ 
+ 		hmac_hash(cdata->ver, ptkset->mic_key, 16, cdata->eapolframe,
+-			 sizeof(cdata->eapolframe), keymic);
+			cdata->eapolframe_size, keymic);
+ 
+ 		if (opt->verbose > 2) {
+ 			printf("Calculated MIC with \"%s\" is", passphrase);
+@@ -815,7 +833,7 @@
+ 		}
+ 
+ 		hmac_hash(cdata->ver, ptkset->mic_key, 16, cdata->eapolframe,
+-			 sizeof(cdata->eapolframe), keymic);
+			cdata->eapolframe_size, keymic);
+ 
+ 		if (opt->verbose > 2) {
+ 			printf("Calculated MIC with \"%s\" is", passphrase);
+@@ -874,7 +892,7 @@
+ 		    0 && (h->len >
+ 			capdata.l2type_offset + sizeof(struct wpa_eapol_key))) {
+ 			/* It's a dot1x frame, process it */
+-			handle_dot1x(&cdata, &capdata);
+			handle_dot1x(&cdata, &capdata, &opt);
+ 			if (cdata.aaset && cdata.spaset && cdata.snonceset &&
+ 			    cdata.anonceset && cdata.keymicset
+ 			    && cdata.eapolframeset) {
+@@ -909,7 +927,6 @@
+ 	eapkeypacket =
+ 	    (struct wpa_eapol_key *)&cdata.eapolframe[EAPDOT1XOFFSET];
+ 	memset(&eapkeypacket->key_mic, 0, sizeof(eapkeypacket->key_mic));
+-	eapkeypacket->key_data_length = 0;
+ 
+ 	printf("Starting dictionary attack.  Please be patient.\n");
+ 	fflush(stdout);
+diff -uNr cowpatty-4.3/cowpatty.h cowpatty-4.3-fixup/cowpatty.h
+--- cowpatty-4.3/cowpatty.h	2008-03-20 09:49:38.000000000 -0700
+++ cowpatty-4.3-fixup/cowpatty.h	2008-10-27 17:25:48.000000000 -0700
+@@ -94,7 +94,7 @@
+ 	u16 length;
+ } __attribute__ ((packed));
+ 
+-#define MAXPASSLEN 63
+#define MAXPASSLEN 64
+ #define MEMORY_DICT 0
+ #define STDIN_DICT 1
+ #define EAPDOT1XOFFSET 4
+@@ -166,7 +166,8 @@
+ 	u8 spa[6];
+ 	u8 snonce[32];
+ 	u8 anonce[32];
+-	u8 eapolframe[99];	/* Length the same for all packets? */
+	u8 eapolframe[99];
+	u8 eapolframe2[125];
+ 	u8 keymic[16];
+ 	u8 aaset;
+ 	u8 spaset;
+@@ -177,6 +178,7 @@
+ 	u8 replay_counter[8];
+ 
+ 	int ver; /* Hashing algo, MD5 or AES-CBC-MAC */
+	int eapolframe_size;
+ };
+ 
+ struct hashdb_head {
--- a/net-wireless/cowpatty/files/cowpatty-4.3-hashfix.patch
+++ b/net-wireless/cowpatty/files/cowpatty-4.3-hashfix.patch
@ -0,0 +1,12 @@
+diff -uNr cowpatty-4.3/cowpatty.c cowpatty-4.3-hashfix/cowpatty.c
+--- cowpatty-4.3/cowpatty.c	2008-03-20 09:49:38.000000000 -0700
+++ cowpatty-4.3-hashfix/cowpatty.c	2008-10-19 23:29:22.000000000 -0700
+@@ -202,7 +202,7 @@
+ 	}
+ 
+ 	/* Test that the files specified exist and are greater than 0 bytes */
+-	if (!IsBlank(opt->hashfile)) {
+	if (!IsBlank(opt->hashfile) && strncmp(opt->hashfile, "-", 1) != 0) {
+ 		if (stat(opt->hashfile, &teststat)) {
+ 			usage("Could not stat hashfile.  Check file path.");
+ 			exit(-1);