Browse Source

reaver: switch to reaver-wps-fork-t6x

Addresses #2872

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
lilik-openwrt-22.03
Yousong Zhou 7 years ago
parent
commit
9a35d5397d
8 changed files with 18 additions and 801 deletions
  1. +18
    -16
      net/reaver/Makefile
  2. +0
    -565
      net/reaver/patches/0001-wpscrack-big-endian-fixes.patch
  3. +0
    -53
      net/reaver/patches/0002-Use-the-current-directory-for-storing-and-loading-se.patch
  4. +0
    -38
      net/reaver/patches/0003-wash-wpsmon-use-less-useless-spaces-in-output-to-fit.patch
  5. +0
    -46
      net/reaver/patches/0004-Fixed-probe-request-bug-in-wash.patch
  6. +0
    -27
      net/reaver/patches/0100-Include-sys-types.h-for-definition-of-u_char.patch
  7. +0
    -11
      net/reaver/patches/0101-pcap-use-65536-as-snaplen.patch
  8. +0
    -45
      net/reaver/patches/0102-wps-cflags.patch

+ 18
- 16
net/reaver/Makefile View File

@ -1,5 +1,6 @@
#
# Copyright (C) 2012-2015 OpenWrt.org
# Copyright (C) 2017 Yousong Zhou
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
@ -8,47 +9,48 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=reaver
PKG_VERSION:=1.4
PKG_RELEASE:=3
PKG_VERSION:=1.6.3
PKG_RELEASE:=1
PKG_MAINTAINER:=Yousong Zhou <yszhou4tech@gmail.com>
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/reaver-wps
PKG_HASH:=add3050a4a05fe0ab6bfb291ee2de8e9b8a85f1e64ced93ee27a75744954b22d
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://github.com/t6x/reaver-wps-fork-t6x/releases/download/v$(PKG_VERSION)
PKG_HASH:=191f785f53030e4803260ada1a29ca4b42c848d56f6f3982e320d03b6117aaf2
PKG_LICENSE:=GPL-2.0
PKG_LICENSE_FILES:=docs/LICENSE
PKG_USE_MIPS16:=0
PKG_AUTOMAKE_PATHS:=src
PKG_FIXUP:=autoreconf
include $(INCLUDE_DIR)/package.mk
CONFIGURE_PATH:=src
MAKE_PATH:=src
EXTRA_CFLAGS=$(TARGET_CPPFLAGS)
define Package/reaver
SECTION:=net
CATEGORY:=Network
SUBMENU:=wireless
TITLE:=Efficient brute force attack against Wifi Protected Setup
URL:=https://code.google.com/p/reaver-wps/
DEPENDS:=+libpcap +libsqlite3
URL:=https://github.com/t6x/reaver-wps-fork-t6x
DEPENDS:=+libpcap
endef
define Package/reaver/description
Reaver targets the external registrar functionality mandated by the WiFi
Protected Setup specification.
Access points will provide authenticated registrars with their current
wireless configuration (including the WPA PSK), and also accept a new
configuration from the registrar.
Reaver has been designed to be a robust and practical attack against Wi-Fi
Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2
passphrases. It has been tested against a wide variety of access points and
WPS implementations.
This is reaver-wps-fork-t6x, a community forked version, which has included
various bug fixes and additional attack method (the offline Pixie Dust
attack).
endef
define Package/reaver/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/{reaver,wash} $(1)/usr/bin/
$(INSTALL_DIR) $(1)/etc/reaver
$(INSTALL_DATA) $(PKG_BUILD_DIR)/src/reaver.db $(1)/etc/reaver/
endef
$(eval $(call BuildPackage,reaver))

+ 0
- 565
net/reaver/patches/0001-wpscrack-big-endian-fixes.patch View File

@ -1,565 +0,0 @@
From 4e7af9f022996cb0a03b30f6af265b757807dfa2 Mon Sep 17 00:00:00 2001
From: Paul Fertser <fercerpav@gmail.com>
Date: Wed, 27 Jun 2012 17:44:55 +0400
Subject: [PATCH 1/3] wpscrack: big-endian fixes
This should fix access to the radiotap, 802.11, LLC/SNAP and WFA
headers' fields. Run-time tested on an ar71xx BE system.
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
---
src/80211.c | 65 +++++++++++++++++++------------
src/builder.c | 23 +++++------
src/defs.h | 116 +++++++++++++++++++++++++++++++++++++++-----------------
src/exchange.c | 23 ++++++-----
src/wpsmon.c | 13 ++++--
5 files changed, 151 insertions(+), 89 deletions(-)
diff --git a/src/80211.c b/src/80211.c
index c2aff59..19f1e92 100644
--- a/src/80211.c
+++ b/src/80211.c
@@ -90,17 +90,19 @@ void read_ap_beacon()
if(header.len >= MIN_BEACON_SIZE)
{
rt_header = (struct radio_tap_header *) radio_header(packet, header.len);
- frame_header = (struct dot11_frame_header *) (packet + rt_header->len);
-
+ size_t rt_header_len = __le16_to_cpu(rt_header->len);
+ frame_header = (struct dot11_frame_header *) (packet + rt_header_len);
+
if(is_target(frame_header))
{
- if(frame_header->fc.type == MANAGEMENT_FRAME && frame_header->fc.sub_type == SUBTYPE_BEACON)
+ if((frame_header->fc & __cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) ==
+ __cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_BEACON))
{
- beacon = (struct beacon_management_frame *) (packet + rt_header->len + sizeof(struct dot11_frame_header));
+ beacon = (struct beacon_management_frame *) (packet + rt_header_len + sizeof(struct dot11_frame_header));
set_ap_capability(beacon->capability);
/* Obtain the SSID and channel number from the beacon packet */
- tag_offset = rt_header->len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
+ tag_offset = rt_header_len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
channel = parse_beacon_tags(packet, header.len);
/* If no channel was manually specified, switch to the AP's current channel */
@@ -135,29 +137,31 @@ int8_t signal_strength(const u_char *packet, size_t len)
{
header = (struct radio_tap_header *) packet;
- if((header->flags & SSI_FLAG) == SSI_FLAG)
+ uint32_t flags = __le32_to_cpu(header->flags);
+
+ if((flags & SSI_FLAG) == SSI_FLAG)
{
- if((header->flags & TSFT_FLAG) == TSFT_FLAG)
+ if((flags & TSFT_FLAG) == TSFT_FLAG)
{
offset += TSFT_SIZE;
}
- if((header->flags & FLAGS_FLAG) == FLAGS_FLAG)
+ if((flags & FLAGS_FLAG) == FLAGS_FLAG)
{
offset += FLAGS_SIZE;
}
- if((header->flags & RATE_FLAG) == RATE_FLAG)
+ if((flags & RATE_FLAG) == RATE_FLAG)
{
offset += RATE_SIZE;
}
- if((header->flags & CHANNEL_FLAG) == CHANNEL_FLAG)
+ if((flags & CHANNEL_FLAG) == CHANNEL_FLAG)
{
offset += CHANNEL_SIZE;
}
- if((header->flags & FHSS_FLAG) == FHSS_FLAG)
+ if((flags & FHSS_FLAG) == FHSS_FLAG)
{
offset += FHSS_FLAG;
}
@@ -196,11 +200,13 @@ int is_wps_locked()
if(header.len >= MIN_BEACON_SIZE)
{
rt_header = (struct radio_tap_header *) radio_header(packet, header.len);
- frame_header = (struct dot11_frame_header *) (packet + rt_header->len);
+ size_t rt_header_len = __le16_to_cpu(rt_header->len);
+ frame_header = (struct dot11_frame_header *) (packet + rt_header_len);
if(memcmp(frame_header->addr3, get_bssid(), MAC_ADDR_LEN) == 0)
{
- if(frame_header->fc.type == MANAGEMENT_FRAME && frame_header->fc.sub_type == SUBTYPE_BEACON)
+ if((frame_header->fc & __cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) ==
+ __cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_BEACON))
{
if(parse_wps_parameters(packet, header.len, &wps))
{
@@ -411,24 +417,30 @@ int associate_recv_loop()
if(header.len >= MIN_AUTH_SIZE)
{
rt_header = (struct radio_tap_header *) radio_header(packet, header.len);
- dot11_frame = (struct dot11_frame_header *) (packet + rt_header->len);
+ size_t rt_header_len = __le16_to_cpu(rt_header->len);
+ dot11_frame = (struct dot11_frame_header *) (packet + rt_header_len);
if((memcmp(dot11_frame->addr3, get_bssid(), MAC_ADDR_LEN) == 0) &&
(memcmp(dot11_frame->addr1, get_mac(), MAC_ADDR_LEN) == 0))
{
- if(dot11_frame->fc.type == MANAGEMENT_FRAME)
+ if((dot11_frame->fc & __cpu_to_le16(IEEE80211_FCTL_FTYPE)) ==
+ __cpu_to_le16(IEEE80211_FTYPE_MGMT))
{
- auth_frame = (struct authentication_management_frame *) (packet + sizeof(struct dot11_frame_header) + rt_header->len);
- assoc_frame = (struct association_response_management_frame *) (packet + sizeof(struct dot11_frame_header) + rt_header->len);
+ auth_frame = (struct authentication_management_frame *) (packet + sizeof(struct dot11_frame_header) + rt_header_len);
+ assoc_frame = (struct association_response_management_frame *) (packet + sizeof(struct dot11_frame_header) + rt_header_len);
/* Did we get an authentication packet with a successful status? */
- if((dot11_frame->fc.sub_type == SUBTYPE_AUTHENTICATION) && (auth_frame->status == AUTHENTICATION_SUCCESS))
+ if((dot11_frame->fc & __cpu_to_le16(IEEE80211_FCTL_STYPE)) ==
+ __cpu_to_le16(IEEE80211_STYPE_AUTH)
+ && (auth_frame->status == __cpu_to_le16(AUTHENTICATION_SUCCESS)))
{
ret_val = AUTH_OK;
break;
}
/* Did we get an association packet with a successful status? */
- else if((dot11_frame->fc.sub_type == SUBTYPE_ASSOCIATION) && (assoc_frame->status == ASSOCIATION_SUCCESS))
+ else if((dot11_frame->fc & __cpu_to_le16(IEEE80211_FCTL_STYPE)) ==
+ __cpu_to_le16(IEEE80211_STYPE_ASSOC_RESP)
+ && (assoc_frame->status == __cpu_to_le16(ASSOCIATION_SUCCESS)))
{
ret_val = ASSOCIATE_OK;
break;
@@ -455,13 +467,14 @@ enum encryption_type supported_encryption(const u_char *packet, size_t len)
if(len > MIN_BEACON_SIZE)
{
rt_header = (struct radio_tap_header *) radio_header(packet, len);
- beacon = (struct beacon_management_frame *) (packet + rt_header->len + sizeof(struct dot11_frame_header));
- offset = tag_offset = rt_header->len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
+ size_t rt_header_len = __le16_to_cpu(rt_header->len);
+ beacon = (struct beacon_management_frame *) (packet + rt_header_len + sizeof(struct dot11_frame_header));
+ offset = tag_offset = rt_header_len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
tag_len = len - tag_offset;
tag_data = (const u_char *) (packet + tag_offset);
- if((beacon->capability & CAPABILITY_WEP) == CAPABILITY_WEP)
+ if((__le16_to_cpu(beacon->capability) & CAPABILITY_WEP) == CAPABILITY_WEP)
{
enc = WEP;
@@ -509,7 +522,7 @@ int parse_beacon_tags(const u_char *packet, size_t len)
struct radio_tap_header *rt_header = NULL;
rt_header = (struct radio_tap_header *) radio_header(packet, len);
- tag_offset = rt_header->len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
+ tag_offset = __le16_to_cpu(rt_header->len) + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
if(tag_offset < len)
{
@@ -548,7 +561,7 @@ int parse_beacon_tags(const u_char *packet, size_t len)
{
if(ie_len == 1)
{
- memcpy((int *) &channel, channel_data, ie_len);
+ channel = *(uint8_t*)channel_data;
}
free(channel_data);
}
@@ -603,13 +616,13 @@ int check_fcs(const u_char *packet, size_t len)
if(len > 4)
{
/* Get the packet's reported FCS (last 4 bytes of the packet) */
- memcpy((uint32_t *) &fcs, (packet + (len-4)), 4);
+ fcs = __le32_to_cpu(*(uint32_t*)(packet + (len-4)));
/* FCS is not calculated over the radio tap header */
if(has_rt_header())
{
rt_header = (struct radio_tap_header *) packet;
- offset += rt_header->len;
+ offset += __le16_to_cpu(rt_header->len);
}
if(len > offset)
diff --git a/src/builder.c b/src/builder.c
index 37f2de7..6bf89e7 100644
--- a/src/builder.c
+++ b/src/builder.c
@@ -44,9 +44,8 @@ const void *build_radio_tap_header(size_t *len)
memset((void *) buf, 0, sizeof(struct radio_tap_header));
rt_header = (struct radio_tap_header *) buf;
- rt_header->len = sizeof(struct radio_tap_header);
-
- *len = rt_header->len;
+ *len = sizeof(struct radio_tap_header);
+ rt_header->len = __cpu_to_le16(*len);
}
return buf;
@@ -67,9 +66,9 @@ const void *build_dot11_frame_header(uint16_t fc, size_t *len)
frag_seq += SEQ_MASK;
- header->duration = DEFAULT_DURATION;
- memcpy((void *) &header->fc, (void *) &fc, sizeof(struct frame_control));
- header->frag_seq = frag_seq;
+ header->duration = __cpu_to_le16(DEFAULT_DURATION);
+ header->fc = __cpu_to_le16(fc);
+ header->frag_seq = __cpu_to_le16(frag_seq);
memcpy((void *) header->addr1, get_bssid(), MAC_ADDR_LEN);
memcpy((void *) header->addr2, get_mac(), MAC_ADDR_LEN);
@@ -91,8 +90,8 @@ const void *build_authentication_management_frame(size_t *len)
memset((void *) buf, 0, *len);
frame = (struct authentication_management_frame *) buf;
- frame->algorithm = OPEN_SYSTEM;
- frame->sequence = 1;
+ frame->algorithm = __cpu_to_le16(OPEN_SYSTEM);
+ frame->sequence = __cpu_to_le16(1);
frame->status = 0;
}
@@ -111,8 +110,8 @@ const void *build_association_management_frame(size_t *len)
memset((void *) buf, 0, *len);
frame = (struct association_request_management_frame *) buf;
- frame->capability = get_ap_capability();
- frame->listen_interval = LISTEN_INTERVAL;
+ frame->capability = __cpu_to_le16(get_ap_capability());
+ frame->listen_interval = __cpu_to_le16(LISTEN_INTERVAL);
}
return buf;
@@ -133,7 +132,7 @@ const void *build_llc_header(size_t *len)
header->dsap = LLC_SNAP;
header->ssap = LLC_SNAP;
header->control_field = UNNUMBERED_FRAME;
- header->type = DOT1X_AUTHENTICATION;
+ header->type = __cpu_to_be16(DOT1X_AUTHENTICATION);
}
@@ -279,7 +278,7 @@ const void *build_wfa_header(uint8_t op_code, size_t *len)
header = (struct wfa_expanded_header *) buf;
memcpy(header->id, WFA_VENDOR_ID, sizeof(header->id));
- header->type = SIMPLE_CONFIG;
+ header->type = __cpu_to_be32(SIMPLE_CONFIG);
header->opcode = op_code;
}
diff --git a/src/defs.h b/src/defs.h
index b2f45ea..0c628e7 100644
--- a/src/defs.h
+++ b/src/defs.h
@@ -41,6 +41,7 @@
#include <string.h>
#include <time.h>
#include <pcap.h>
+#include <asm/byteorder.h>
#include "wps.h"
@@ -65,10 +66,10 @@
#define MANAGEMENT_FRAME 0x00
#define SUBTYPE_BEACON 0x08
-#define DOT1X_AUTHENTICATION 0x8E88
+#define DOT1X_AUTHENTICATION 0x888E
#define DOT1X_EAP_PACKET 0x00
-#define SIMPLE_CONFIG 0x01000000
+#define SIMPLE_CONFIG 0x00000001
#define P1_SIZE 10000
#define P2_SIZE 1000
@@ -282,66 +283,111 @@ enum wfa_elements
WEP_TRANSMIT_KEY = 0x10064
};
+#define IEEE80211_FCTL_VERS 0x0003
+#define IEEE80211_FCTL_FTYPE 0x000c
+#define IEEE80211_FCTL_STYPE 0x00f0
+#define IEEE80211_FCTL_TODS 0x0100
+#define IEEE80211_FCTL_FROMDS 0x0200
+#define IEEE80211_FCTL_MOREFRAGS 0x0400
+#define IEEE80211_FCTL_RETRY 0x0800
+#define IEEE80211_FCTL_PM 0x1000
+#define IEEE80211_FCTL_MOREDATA 0x2000
+#define IEEE80211_FCTL_PROTECTED 0x4000
+#define IEEE80211_FCTL_ORDER 0x8000
+
+#define IEEE80211_SCTL_FRAG 0x000F
+#define IEEE80211_SCTL_SEQ 0xFFF0
+
+#define IEEE80211_FTYPE_MGMT 0x0000
+#define IEEE80211_FTYPE_CTL 0x0004
+#define IEEE80211_FTYPE_DATA 0x0008
+
+/* management */
+#define IEEE80211_STYPE_ASSOC_REQ 0x0000
+#define IEEE80211_STYPE_ASSOC_RESP 0x0010
+#define IEEE80211_STYPE_REASSOC_REQ 0x0020
+#define IEEE80211_STYPE_REASSOC_RESP 0x0030
+#define IEEE80211_STYPE_PROBE_REQ 0x0040
+#define IEEE80211_STYPE_PROBE_RESP 0x0050
+#define IEEE80211_STYPE_BEACON 0x0080
+#define IEEE80211_STYPE_ATIM 0x0090
+#define IEEE80211_STYPE_DISASSOC 0x00A0
+#define IEEE80211_STYPE_AUTH 0x00B0
+#define IEEE80211_STYPE_DEAUTH 0x00C0
+#define IEEE80211_STYPE_ACTION 0x00D0
+
+/* control */
+#define IEEE80211_STYPE_BACK_REQ 0x0080
+#define IEEE80211_STYPE_BACK 0x0090
+#define IEEE80211_STYPE_PSPOLL 0x00A0
+#define IEEE80211_STYPE_RTS 0x00B0
+#define IEEE80211_STYPE_CTS 0x00C0
+#define IEEE80211_STYPE_ACK 0x00D0
+#define IEEE80211_STYPE_CFEND 0x00E0
+#define IEEE80211_STYPE_CFENDACK 0x00F0
+
+/* data */
+#define IEEE80211_STYPE_DATA 0x0000
+#define IEEE80211_STYPE_DATA_CFACK 0x0010
+#define IEEE80211_STYPE_DATA_CFPOLL 0x0020
+#define IEEE80211_STYPE_DATA_CFACKPOLL 0x0030
+#define IEEE80211_STYPE_NULLFUNC 0x0040
+#define IEEE80211_STYPE_CFACK 0x0050
+#define IEEE80211_STYPE_CFPOLL 0x0060
+#define IEEE80211_STYPE_CFACKPOLL 0x0070
+#define IEEE80211_STYPE_QOS_DATA 0x0080
+#define IEEE80211_STYPE_QOS_DATA_CFACK 0x0090
+#define IEEE80211_STYPE_QOS_DATA_CFPOLL 0x00A0
+#define IEEE80211_STYPE_QOS_DATA_CFACKPOLL 0x00B0
+#define IEEE80211_STYPE_QOS_NULLFUNC 0x00C0
+#define IEEE80211_STYPE_QOS_CFACK 0x00D0
+#define IEEE80211_STYPE_QOS_CFPOLL 0x00E0
+#define IEEE80211_STYPE_QOS_CFACKPOLL 0x00F0
+
#pragma pack(1)
struct radio_tap_header
{
uint8_t revision;
uint8_t pad;
- uint16_t len;
- uint32_t flags;
-};
-
-struct frame_control
-{
- unsigned version : 2;
- unsigned type : 2;
- unsigned sub_type : 4;
-
- unsigned to_ds : 1;
- unsigned from_ds : 1;
- unsigned more_frag : 1;
- unsigned retry : 1;
- unsigned pwr_mgt : 1;
- unsigned more_data : 1;
- unsigned protected_frame : 1;
- unsigned order : 1;
+ __le16 len;
+ __le32 flags;
};
struct dot11_frame_header
{
- struct frame_control fc;
- uint16_t duration;
+ __le16 fc;
+ __le16 duration;
unsigned char addr1[MAC_ADDR_LEN];
unsigned char addr2[MAC_ADDR_LEN];
unsigned char addr3[MAC_ADDR_LEN];
- uint16_t frag_seq;
+ __le16 frag_seq;
};
struct authentication_management_frame
{
- uint16_t algorithm;
- uint16_t sequence;
- uint16_t status;
+ __le16 algorithm;
+ __le16 sequence;
+ __le16 status;
};
struct association_request_management_frame
{
- uint16_t capability;
- uint16_t listen_interval;
+ __le16 capability;
+ __le16 listen_interval;
};
struct association_response_management_frame
{
- uint16_t capability;
- uint16_t status;
- uint16_t id;
+ __le16 capability;
+ __le16 status;
+ __le16 id;
};
struct beacon_management_frame
{
unsigned char timestamp[TIMESTAMP_LEN];
- uint16_t beacon_interval;
- uint16_t capability;
+ __le16 beacon_interval;
+ __le16 capability;
};
struct llc_header
@@ -350,7 +396,7 @@ struct llc_header
uint8_t ssap;
uint8_t control_field;
unsigned char org_code[3];
- uint16_t type;
+ __be16 type;
};
struct dot1X_header
@@ -371,7 +417,7 @@ struct eap_header
struct wfa_expanded_header
{
unsigned char id[3];
- uint32_t type;
+ __be32 type;
uint8_t opcode;
uint8_t flags;
};
diff --git a/src/exchange.c b/src/exchange.c
index 23c87e9..4f9a82b 100644
--- a/src/exchange.c
+++ b/src/exchange.c
@@ -306,26 +306,27 @@ enum wps_type process_packet(const u_char *packet, struct pcap_pkthdr *header)
/* Cast the radio tap and 802.11 frame headers and parse out the Frame Control field */
rt_header = (struct radio_tap_header *) packet;
- frame_header = (struct dot11_frame_header *) (packet+rt_header->len);
+ size_t rt_header_len = __le16_to_cpu(rt_header->len);
+ frame_header = (struct dot11_frame_header *) (packet+rt_header_len);
/* Does the BSSID/source address match our target BSSID? */
if(memcmp(frame_header->addr3, get_bssid(), MAC_ADDR_LEN) == 0)
{
/* Is this a data packet sent to our MAC address? */
- if(frame_header->fc.type == DATA_FRAME &&
- frame_header->fc.sub_type == SUBTYPE_DATA &&
- (memcmp(frame_header->addr1, get_mac(), MAC_ADDR_LEN) == 0))
+ if (((frame_header->fc & __cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) ==
+ __cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA)) &&
+ (memcmp(frame_header->addr1, get_mac(), MAC_ADDR_LEN) == 0))
{
llc = (struct llc_header *) (packet +
- rt_header->len +
+ rt_header_len +
sizeof(struct dot11_frame_header)
);
/* All packets in our exchanges will be 802.1x */
- if(llc->type == DOT1X_AUTHENTICATION)
+ if(llc->type == __cpu_to_be16(DOT1X_AUTHENTICATION))
{
dot1x = (struct dot1X_header *) (packet +
- rt_header->len +
+ rt_header_len +
sizeof(struct dot11_frame_header) +
sizeof(struct llc_header)
);
@@ -334,7 +335,7 @@ enum wps_type process_packet(const u_char *packet, struct pcap_pkthdr *header)
if(dot1x->type == DOT1X_EAP_PACKET && (header->len >= EAP_PACKET_SIZE))
{
eap = (struct eap_header *) (packet +
- rt_header->len +
+ rt_header_len +
sizeof(struct dot11_frame_header) +
sizeof(struct llc_header) +
sizeof(struct dot1X_header)
@@ -366,7 +367,7 @@ enum wps_type process_packet(const u_char *packet, struct pcap_pkthdr *header)
else if((eap->type == EAP_EXPANDED) && (header->len > WFA_PACKET_SIZE))
{
wfa = (struct wfa_expanded_header *) (packet +
- rt_header->len +
+ rt_header_len +
sizeof(struct dot11_frame_header) +
sizeof(struct llc_header) +
sizeof(struct dot1X_header) +
@@ -374,14 +375,14 @@ enum wps_type process_packet(const u_char *packet, struct pcap_pkthdr *header)
);
/* Verify that this is a WPS message */
- if(wfa->type == SIMPLE_CONFIG)
+ if(wfa->type == __cpu_to_be32(SIMPLE_CONFIG))
{
wps_msg_len = (size_t) ntohs(eap->len) -
sizeof(struct eap_header) -
sizeof(struct wfa_expanded_header);
wps_msg = (const void *) (packet +
- rt_header->len +
+ rt_header_len +
sizeof(struct dot11_frame_header) +
sizeof(struct llc_header) +
sizeof(struct dot1X_header) +
diff --git a/src/wpsmon.c b/src/wpsmon.c
index d976924..22a394f 100644
--- a/src/wpsmon.c
+++ b/src/wpsmon.c
@@ -295,7 +295,8 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *
}
rt_header = (struct radio_tap_header *) radio_header(packet, header->len);
- frame_header = (struct dot11_frame_header *) (packet + rt_header->len);
+ size_t rt_header_len = __le16_to_cpu(rt_header->len);
+ frame_header = (struct dot11_frame_header *) (packet + rt_header_len);
/* If a specific BSSID was specified, only parse packets from that BSSID */
if(!is_target(frame_header))
@@ -323,15 +324,17 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *
channel_changed = 1;
}
- if(frame_header->fc.sub_type == PROBE_RESPONSE ||
- frame_header->fc.sub_type == SUBTYPE_BEACON)
+ unsigned fsub_type = frame_header->fc & __cpu_to_le16(IEEE80211_FCTL_STYPE);
+
+ if(fsub_type == __cpu_to_le16(IEEE80211_STYPE_PROBE_RESP) ||
+ fsub_type == __cpu_to_le16(IEEE80211_STYPE_BEACON))
{
wps_parsed = parse_wps_parameters(packet, header->len, wps);
}
if(!is_done(bssid) && (get_channel() == channel || source == PCAP_FILE))
{
- if(frame_header->fc.sub_type == SUBTYPE_BEACON &&
+ if(fsub_type == __cpu_to_le16(IEEE80211_STYPE_BEACON) &&
mode == SCAN &&
!passive &&
should_probe(bssid))
@@ -369,7 +372,7 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *
* If there was no WPS information, then the AP does not support WPS and we should ignore it from here on.
* If this was a probe response, then we've gotten all WPS info we can get from this AP and should ignore it from here on.
*/
- if(!wps_parsed || frame_header->fc.sub_type == PROBE_RESPONSE)
+ if(!wps_parsed || fsub_type == __cpu_to_le16(IEEE80211_STYPE_PROBE_RESP))
{
mark_ap_complete(bssid);
}
--
1.7.7

+ 0
- 53
net/reaver/patches/0002-Use-the-current-directory-for-storing-and-loading-se.patch View File

@ -1,53 +0,0 @@
From cd444949f3176790101b8bdc9656831a03d8c01d Mon Sep 17 00:00:00 2001
From: Paul Fertser <fercerpav@gmail.com>
Date: Tue, 10 Jul 2012 11:13:29 +0400
Subject: [PATCH 2/3] Use the current directory for storing and loading
sessions
This allows the user to always explicitely choose (by changing the
current directory before launching the program) where the session
files should go. Useful e.g. to avoid hogging the precious space on
embedded devices, just cd /tmp before starting the app.
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
---
src/session.c | 16 +++-------------
1 files changed, 3 insertions(+), 13 deletions(-)
diff --git a/src/session.c b/src/session.c
index d3af0c3..308f213 100644
--- a/src/session.c
+++ b/src/session.c
@@ -62,7 +62,7 @@ int restore_session()
memset(file, 0, FILENAME_MAX);
bssid = mac2str(get_bssid(), '\0');
- snprintf(file, FILENAME_MAX, "%s/%s.%s", CONF_DIR, bssid, CONF_EXT);
+ snprintf(file, FILENAME_MAX, "%s.%s", bssid, CONF_EXT);
free(bssid);
}
@@ -199,18 +199,8 @@ int save_session()
}
else
{
- /*
- * If the configuration directory exists, save the session file there; else, save it to the
- * current working directory.
- */
- if(configuration_directory_exists())
- {
- snprintf((char *) &file_name, FILENAME_MAX, "%s/%s.%s", CONF_DIR, bssid, CONF_EXT);
- }
- else
- {
- snprintf((char *) &file_name, FILENAME_MAX, "%s.%s", bssid, CONF_EXT);
- }
+ /* save session to the current directory */
+ snprintf((char *) &file_name, FILENAME_MAX, "%s.%s", bssid, CONF_EXT);
}
/* Don't bother saving anything if nothing has been done */
--
1.7.7

+ 0
- 38
net/reaver/patches/0003-wash-wpsmon-use-less-useless-spaces-in-output-to-fit.patch View File

@ -1,38 +0,0 @@
From 638bb8d70d6c7e5dc99975e0bf57d8ce0455e2cc Mon Sep 17 00:00:00 2001
From: Paul Fertser <fercerpav@gmail.com>
Date: Tue, 10 Jul 2012 11:25:00 +0400
Subject: [PATCH 3/3] wash/wpsmon: use less useless spaces in output to fit
narrow terminals
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
---
src/wpsmon.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/wpsmon.c b/src/wpsmon.c
index 22a394f..e0948b3 100644
--- a/src/wpsmon.c
+++ b/src/wpsmon.c
@@ -262,8 +262,8 @@ void monitor(char *bssid, int passive, int source, int channel, int mode)
if(!header_printed)
{
- cprintf(INFO, "BSSID Channel RSSI WPS Version WPS Locked ESSID\n");
- cprintf(INFO, "---------------------------------------------------------------------------------------------------------------\n");
+ cprintf(INFO, "BSSID Channel RSSI WPS Version WPS Locked ESSID\n");
+ cprintf(INFO, "--------------------------------------------------------------------------------------\n");
header_printed = 1;
}
@@ -360,7 +360,7 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *
break;
}
- cprintf(INFO, "%17s %2d %.2d %d.%d %s %s\n", bssid, channel, rssi, (wps->version >> 4), (wps->version & 0x0F), lock_display, ssid);
+ cprintf(INFO, "%17s %2d %.2d %d.%d %s %s\n", bssid, channel, rssi, (wps->version >> 4), (wps->version & 0x0F), lock_display, ssid);
}
if(probe_sent)
--
1.7.7

+ 0
- 46
net/reaver/patches/0004-Fixed-probe-request-bug-in-wash.patch View File

@ -1,46 +0,0 @@
From a8edcc1ce2a55e0e02ee13c46c6a5f22dd7920e9 Mon Sep 17 00:00:00 2001
From: "cheffner@tacnetsol.com"
<cheffner@tacnetsol.com@027a3e96-2d37-f1c0-85d6-5ce5a08386c2>
Date: Tue, 27 Mar 2012 16:25:10 +0000
Subject: [PATCH] Fixed probe request bug in wash.
git-svn-id: http://reaver-wps.googlecode.com/svn/trunk@113 027a3e96-2d37-f1c0-85d6-5ce5a08386c2
---
src/wpsmon.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/wpsmon.c b/src/wpsmon.c
index da688b9..d976924 100644
--- a/src/wpsmon.c
+++ b/src/wpsmon.c
@@ -132,6 +132,11 @@ int main(int argc, char *argv[])
usage(argv[0]);
goto end;
}
+ else if(get_iface())
+ {
+ /* Get the MAC address of the specified interface */
+ read_iface_mac();
+ }
if(get_iface() && source == PCAP_FILE)
{
@@ -300,6 +305,7 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *
set_ssid(NULL);
bssid = (char *) mac2str(frame_header->addr3, ':');
+ set_bssid((unsigned char *) frame_header->addr3);
if(bssid)
{
@@ -383,6 +389,7 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *
end:
if(wps) free(wps);
+ set_bssid((unsigned char *) NULL_MAC);
return;
}
--
2.6.4

+ 0
- 27
net/reaver/patches/0100-Include-sys-types.h-for-definition-of-u_char.patch View File

@ -1,27 +0,0 @@
From 811f5c0b0a226edfbf5aa2f316e083f30ec3cd8d Mon Sep 17 00:00:00 2001
From: Yousong Zhou <yszhou4tech@gmail.com>
Date: Tue, 18 Aug 2015 14:34:26 +0800
Subject: [PATCH] Include <sys/types.h> for definition of u_char.
Fixes build with musl-libc.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
---
src/libwps/libwps.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/libwps/libwps.h b/src/libwps/libwps.h
index b04dd8b..bdd7b9a 100755
--- a/src/libwps/libwps.h
+++ b/src/libwps/libwps.h
@@ -17,6 +17,7 @@
#include <stdio.h>
#include <string.h>
#include <arpa/inet.h>
+#include <sys/types.h>
#define LIBWPS_MAX_STR_LEN 256
--
1.7.10.4

+ 0
- 11
net/reaver/patches/0101-pcap-use-65536-as-snaplen.patch View File

@ -1,11 +0,0 @@
--- a/src/init.c.orig 2016-12-08 13:23:17.386891467 +0800
+++ b/src/init.c 2016-12-08 13:23:20.850892551 +0800
@@ -121,7 +121,7 @@ pcap_t *capture_init(char *capture_sourc
pcap_t *handle = NULL;
char errbuf[PCAP_ERRBUF_SIZE] = { 0 };
- handle = pcap_open_live(capture_source, BUFSIZ, 1, 0, errbuf);
+ handle = pcap_open_live(capture_source, 65536, 1, 0, errbuf);
if(!handle)
{
handle = pcap_open_offline(capture_source, errbuf);

+ 0
- 45
net/reaver/patches/0102-wps-cflags.patch View File

@ -1,45 +0,0 @@
Index: reaver-1.4/src/wps/Makefile
===================================================================
--- reaver-1.4.orig/src/wps/Makefile
+++ reaver-1.4/src/wps/Makefile
@@ -4,31 +4,31 @@ INC=-I../utils -I ../
all: wps_attr_build.o wps_attr_parse.o wps_attr_process.o wps.o wps_common.o wps_dev_attr.o wps_enrollee.o wps_registrar.o wps_ufd.o
wps_attr_build.o:
- $(CC) $(INC) wps_attr_build.c -c
+ $(CC) $(CFLAGS) $(INC) wps_attr_build.c -c
wps_attr_parse.o:
- $(CC) $(INC) wps_attr_parse.c -c
+ $(CC) $(CFLAGS) $(INC) wps_attr_parse.c -c
wps_attr_process.o:
- $(CC) $(INC) wps_attr_process.c -c
+ $(CC) $(CFLAGS) $(INC) wps_attr_process.c -c
wps.o:
- $(CC) $(INC) wps.c -c
+ $(CC) $(CFLAGS) $(INC) wps.c -c
wps_common.o:
- $(CC) $(INC) wps_common.c -c
+ $(CC) $(CFLAGS) $(INC) wps_common.c -c
wps_dev_attr.o:
- $(CC) $(INC) wps_dev_attr.c -c
+ $(CC) $(CFLAGS) $(INC) wps_dev_attr.c -c
wps_enrollee.o:
- $(CC) $(INC) wps_enrollee.c -c
+ $(CC) $(CFLAGS) $(INC) wps_enrollee.c -c
wps_registrar.o:
- $(CC) $(INC) wps_registrar.c -c
+ $(CC) $(CFLAGS) $(INC) wps_registrar.c -c
wps_ufd.o:
- $(CC) $(INC) wps_ufd.c -c
+ $(CC) $(CFLAGS) $(INC) wps_ufd.c -c
clean:
rm -f *.o

Loading…
Cancel
Save