commit dd3b04669d147d130d51dcc79bc874dcdce9d0e0 parent b2e02304f7834d6b41736e2bb3ebfa5965945e12 Author: parazyd <parazyd@dyne.org> Date: Mon, 9 May 2016 12:34:20 +0200 net-wireless/reaver-wps-fork-t6x: Add 1.5.2 Diffstat:
7 files changed, 929 insertions(+), 0 deletions(-)
diff --git a/net-wireless/reaver-wps-fork-t6x/files/0001-wpscrack-big-endian-fixes.patch b/net-wireless/reaver-wps-fork-t6x/files/0001-wpscrack-big-endian-fixes.patch @@ -0,0 +1,565 @@ +From 4e7af9f022996cb0a03b30f6af265b757807dfa2 Mon Sep 17 00:00:00 2001 +From: Paul Fertser <fercerpav@gmail.com> +Date: Wed, 27 Jun 2012 17:44:55 +0400 +Subject: [PATCH 1/3] wpscrack: big-endian fixes + +This should fix access to the radiotap, 802.11, LLC/SNAP and WFA +headers' fields. Run-time tested on an ar71xx BE system. + +Signed-off-by: Paul Fertser <fercerpav@gmail.com> +--- + src/80211.c | 65 +++++++++++++++++++------------ + src/builder.c | 23 +++++------ + src/defs.h | 116 +++++++++++++++++++++++++++++++++++++++----------------- + src/exchange.c | 23 ++++++----- + src/wpsmon.c | 13 ++++-- + 5 files changed, 151 insertions(+), 89 deletions(-) + +diff --git a/src/80211.c b/src/80211.c +index c2aff59..19f1e92 100644 +--- a/src/80211.c ++++ b/src/80211.c +@@ -90,17 +90,19 @@ void read_ap_beacon() + if(header.len >= MIN_BEACON_SIZE) + { + rt_header = (struct radio_tap_header *) radio_header(packet, header.len); +- frame_header = (struct dot11_frame_header *) (packet + rt_header->len); +- ++ size_t rt_header_len = __le16_to_cpu(rt_header->len); ++ frame_header = (struct dot11_frame_header *) (packet + rt_header_len); ++ + if(is_target(frame_header)) + { +- if(frame_header->fc.type == MANAGEMENT_FRAME && frame_header->fc.sub_type == SUBTYPE_BEACON) ++ if((frame_header->fc & __cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) == ++ __cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_BEACON)) + { +- beacon = (struct beacon_management_frame *) (packet + rt_header->len + sizeof(struct dot11_frame_header)); ++ beacon = (struct beacon_management_frame *) (packet + rt_header_len + sizeof(struct dot11_frame_header)); + set_ap_capability(beacon->capability); + + /* Obtain the SSID and channel number from the beacon packet */ +- tag_offset = rt_header->len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame); ++ tag_offset = rt_header_len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame); + channel = parse_beacon_tags(packet, header.len); + + /* If no channel was manually specified, switch to the AP's current channel */ +@@ -135,29 +137,31 @@ int8_t signal_strength(const u_char *packet, size_t len) + { + header = (struct radio_tap_header *) packet; + +- if((header->flags & SSI_FLAG) == SSI_FLAG) ++ uint32_t flags = __le32_to_cpu(header->flags); ++ ++ if((flags & SSI_FLAG) == SSI_FLAG) + { +- if((header->flags & TSFT_FLAG) == TSFT_FLAG) ++ if((flags & TSFT_FLAG) == TSFT_FLAG) + { + offset += TSFT_SIZE; + } + +- if((header->flags & FLAGS_FLAG) == FLAGS_FLAG) ++ if((flags & FLAGS_FLAG) == FLAGS_FLAG) + { + offset += FLAGS_SIZE; + } + +- if((header->flags & RATE_FLAG) == RATE_FLAG) ++ if((flags & RATE_FLAG) == RATE_FLAG) + { + offset += RATE_SIZE; + } + +- if((header->flags & CHANNEL_FLAG) == CHANNEL_FLAG) ++ if((flags & CHANNEL_FLAG) == CHANNEL_FLAG) + { + offset += CHANNEL_SIZE; + } + +- if((header->flags & FHSS_FLAG) == FHSS_FLAG) ++ if((flags & FHSS_FLAG) == FHSS_FLAG) + { + offset += FHSS_FLAG; + } +@@ -196,11 +200,13 @@ int is_wps_locked() + if(header.len >= MIN_BEACON_SIZE) + { + rt_header = (struct radio_tap_header *) radio_header(packet, header.len); +- frame_header = (struct dot11_frame_header *) (packet + rt_header->len); ++ size_t rt_header_len = __le16_to_cpu(rt_header->len); ++ frame_header = (struct dot11_frame_header *) (packet + rt_header_len); + + if(memcmp(frame_header->addr3, get_bssid(), MAC_ADDR_LEN) == 0) + { +- if(frame_header->fc.type == MANAGEMENT_FRAME && frame_header->fc.sub_type == SUBTYPE_BEACON) ++ if((frame_header->fc & __cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) == ++ __cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_BEACON)) + { + if(parse_wps_parameters(packet, header.len, &wps)) + { +@@ -411,24 +417,30 @@ int associate_recv_loop() + if(header.len >= MIN_AUTH_SIZE) + { + rt_header = (struct radio_tap_header *) radio_header(packet, header.len); +- dot11_frame = (struct dot11_frame_header *) (packet + rt_header->len); ++ size_t rt_header_len = __le16_to_cpu(rt_header->len); ++ dot11_frame = (struct dot11_frame_header *) (packet + rt_header_len); + + if((memcmp(dot11_frame->addr3, get_bssid(), MAC_ADDR_LEN) == 0) && + (memcmp(dot11_frame->addr1, get_mac(), MAC_ADDR_LEN) == 0)) + { +- if(dot11_frame->fc.type == MANAGEMENT_FRAME) ++ if((dot11_frame->fc & __cpu_to_le16(IEEE80211_FCTL_FTYPE)) == ++ __cpu_to_le16(IEEE80211_FTYPE_MGMT)) + { +- auth_frame = (struct authentication_management_frame *) (packet + sizeof(struct dot11_frame_header) + rt_header->len); +- assoc_frame = (struct association_response_management_frame *) (packet + sizeof(struct dot11_frame_header) + rt_header->len); ++ auth_frame = (struct authentication_management_frame *) (packet + sizeof(struct dot11_frame_header) + rt_header_len); ++ assoc_frame = (struct association_response_management_frame *) (packet + sizeof(struct dot11_frame_header) + rt_header_len); + + /* Did we get an authentication packet with a successful status? */ +- if((dot11_frame->fc.sub_type == SUBTYPE_AUTHENTICATION) && (auth_frame->status == AUTHENTICATION_SUCCESS)) ++ if((dot11_frame->fc & __cpu_to_le16(IEEE80211_FCTL_STYPE)) == ++ __cpu_to_le16(IEEE80211_STYPE_AUTH) ++ && (auth_frame->status == __cpu_to_le16(AUTHENTICATION_SUCCESS))) + { + ret_val = AUTH_OK; + break; + } + /* Did we get an association packet with a successful status? */ +- else if((dot11_frame->fc.sub_type == SUBTYPE_ASSOCIATION) && (assoc_frame->status == ASSOCIATION_SUCCESS)) ++ else if((dot11_frame->fc & __cpu_to_le16(IEEE80211_FCTL_STYPE)) == ++ __cpu_to_le16(IEEE80211_STYPE_ASSOC_RESP) ++ && (assoc_frame->status == __cpu_to_le16(ASSOCIATION_SUCCESS))) + { + ret_val = ASSOCIATE_OK; + break; +@@ -455,13 +467,14 @@ enum encryption_type supported_encryption(const u_char *packet, size_t len) + if(len > MIN_BEACON_SIZE) + { + rt_header = (struct radio_tap_header *) radio_header(packet, len); +- beacon = (struct beacon_management_frame *) (packet + rt_header->len + sizeof(struct dot11_frame_header)); +- offset = tag_offset = rt_header->len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame); ++ size_t rt_header_len = __le16_to_cpu(rt_header->len); ++ beacon = (struct beacon_management_frame *) (packet + rt_header_len + sizeof(struct dot11_frame_header)); ++ offset = tag_offset = rt_header_len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame); + + tag_len = len - tag_offset; + tag_data = (const u_char *) (packet + tag_offset); + +- if((beacon->capability & CAPABILITY_WEP) == CAPABILITY_WEP) ++ if((__le16_to_cpu(beacon->capability) & CAPABILITY_WEP) == CAPABILITY_WEP) + { + enc = WEP; + +@@ -509,7 +522,7 @@ int parse_beacon_tags(const u_char *packet, size_t len) + struct radio_tap_header *rt_header = NULL; + + rt_header = (struct radio_tap_header *) radio_header(packet, len); +- tag_offset = rt_header->len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame); ++ tag_offset = __le16_to_cpu(rt_header->len) + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame); + + if(tag_offset < len) + { +@@ -548,7 +561,7 @@ int parse_beacon_tags(const u_char *packet, size_t len) + { + if(ie_len == 1) + { +- memcpy((int *) &channel, channel_data, ie_len); ++ channel = *(uint8_t*)channel_data; + } + free(channel_data); + } +@@ -603,13 +616,13 @@ int check_fcs(const u_char *packet, size_t len) + if(len > 4) + { + /* Get the packet's reported FCS (last 4 bytes of the packet) */ +- memcpy((uint32_t *) &fcs, (packet + (len-4)), 4); ++ fcs = __le32_to_cpu(*(uint32_t*)(packet + (len-4))); + + /* FCS is not calculated over the radio tap header */ + if(has_rt_header()) + { + rt_header = (struct radio_tap_header *) packet; +- offset += rt_header->len; ++ offset += __le16_to_cpu(rt_header->len); + } + + if(len > offset) +diff --git a/src/builder.c b/src/builder.c +index 37f2de7..6bf89e7 100644 +--- a/src/builder.c ++++ b/src/builder.c +@@ -44,9 +44,8 @@ const void *build_radio_tap_header(size_t *len) + memset((void *) buf, 0, sizeof(struct radio_tap_header)); + rt_header = (struct radio_tap_header *) buf; + +- rt_header->len = sizeof(struct radio_tap_header); +- +- *len = rt_header->len; ++ *len = sizeof(struct radio_tap_header); ++ rt_header->len = __cpu_to_le16(*len); + } + + return buf; +@@ -67,9 +66,9 @@ const void *build_dot11_frame_header(uint16_t fc, size_t *len) + + frag_seq += SEQ_MASK; + +- header->duration = DEFAULT_DURATION; +- memcpy((void *) &header->fc, (void *) &fc, sizeof(struct frame_control)); +- header->frag_seq = frag_seq; ++ header->duration = __cpu_to_le16(DEFAULT_DURATION); ++ header->fc = __cpu_to_le16(fc); ++ header->frag_seq = __cpu_to_le16(frag_seq); + + memcpy((void *) header->addr1, get_bssid(), MAC_ADDR_LEN); + memcpy((void *) header->addr2, get_mac(), MAC_ADDR_LEN); +@@ -91,8 +90,8 @@ const void *build_authentication_management_frame(size_t *len) + memset((void *) buf, 0, *len); + frame = (struct authentication_management_frame *) buf; + +- frame->algorithm = OPEN_SYSTEM; +- frame->sequence = 1; ++ frame->algorithm = __cpu_to_le16(OPEN_SYSTEM); ++ frame->sequence = __cpu_to_le16(1); + frame->status = 0; + } + +@@ -111,8 +110,8 @@ const void *build_association_management_frame(size_t *len) + memset((void *) buf, 0, *len); + frame = (struct association_request_management_frame *) buf; + +- frame->capability = get_ap_capability(); +- frame->listen_interval = LISTEN_INTERVAL; ++ frame->capability = __cpu_to_le16(get_ap_capability()); ++ frame->listen_interval = __cpu_to_le16(LISTEN_INTERVAL); + } + + return buf; +@@ -133,7 +132,7 @@ const void *build_llc_header(size_t *len) + header->dsap = LLC_SNAP; + header->ssap = LLC_SNAP; + header->control_field = UNNUMBERED_FRAME; +- header->type = DOT1X_AUTHENTICATION; ++ header->type = __cpu_to_be16(DOT1X_AUTHENTICATION); + + } + +@@ -279,7 +278,7 @@ const void *build_wfa_header(uint8_t op_code, size_t *len) + header = (struct wfa_expanded_header *) buf; + + memcpy(header->id, WFA_VENDOR_ID, sizeof(header->id)); +- header->type = SIMPLE_CONFIG; ++ header->type = __cpu_to_be32(SIMPLE_CONFIG); + header->opcode = op_code; + } + +diff --git a/src/defs.h b/src/defs.h +index b2f45ea..0c628e7 100644 +--- a/src/defs.h ++++ b/src/defs.h +@@ -41,6 +41,7 @@ + #include <string.h> + #include <time.h> + #include <pcap.h> ++#include <asm/byteorder.h> + + #include "wps.h" + +@@ -65,10 +66,10 @@ + #define MANAGEMENT_FRAME 0x00 + #define SUBTYPE_BEACON 0x08 + +-#define DOT1X_AUTHENTICATION 0x8E88 ++#define DOT1X_AUTHENTICATION 0x888E + #define DOT1X_EAP_PACKET 0x00 + +-#define SIMPLE_CONFIG 0x01000000 ++#define SIMPLE_CONFIG 0x00000001 + + #define P1_SIZE 10000 + #define P2_SIZE 1000 +@@ -282,66 +283,111 @@ enum wfa_elements + WEP_TRANSMIT_KEY = 0x10064 + }; + ++#define IEEE80211_FCTL_VERS 0x0003 ++#define IEEE80211_FCTL_FTYPE 0x000c ++#define IEEE80211_FCTL_STYPE 0x00f0 ++#define IEEE80211_FCTL_TODS 0x0100 ++#define IEEE80211_FCTL_FROMDS 0x0200 ++#define IEEE80211_FCTL_MOREFRAGS 0x0400 ++#define IEEE80211_FCTL_RETRY 0x0800 ++#define IEEE80211_FCTL_PM 0x1000 ++#define IEEE80211_FCTL_MOREDATA 0x2000 ++#define IEEE80211_FCTL_PROTECTED 0x4000 ++#define IEEE80211_FCTL_ORDER 0x8000 ++ ++#define IEEE80211_SCTL_FRAG 0x000F ++#define IEEE80211_SCTL_SEQ 0xFFF0 ++ ++#define IEEE80211_FTYPE_MGMT 0x0000 ++#define IEEE80211_FTYPE_CTL 0x0004 ++#define IEEE80211_FTYPE_DATA 0x0008 ++ ++/* management */ ++#define IEEE80211_STYPE_ASSOC_REQ 0x0000 ++#define IEEE80211_STYPE_ASSOC_RESP 0x0010 ++#define IEEE80211_STYPE_REASSOC_REQ 0x0020 ++#define IEEE80211_STYPE_REASSOC_RESP 0x0030 ++#define IEEE80211_STYPE_PROBE_REQ 0x0040 ++#define IEEE80211_STYPE_PROBE_RESP 0x0050 ++#define IEEE80211_STYPE_BEACON 0x0080 ++#define IEEE80211_STYPE_ATIM 0x0090 ++#define IEEE80211_STYPE_DISASSOC 0x00A0 ++#define IEEE80211_STYPE_AUTH 0x00B0 ++#define IEEE80211_STYPE_DEAUTH 0x00C0 ++#define IEEE80211_STYPE_ACTION 0x00D0 ++ ++/* control */ ++#define IEEE80211_STYPE_BACK_REQ 0x0080 ++#define IEEE80211_STYPE_BACK 0x0090 ++#define IEEE80211_STYPE_PSPOLL 0x00A0 ++#define IEEE80211_STYPE_RTS 0x00B0 ++#define IEEE80211_STYPE_CTS 0x00C0 ++#define IEEE80211_STYPE_ACK 0x00D0 ++#define IEEE80211_STYPE_CFEND 0x00E0 ++#define IEEE80211_STYPE_CFENDACK 0x00F0 ++ ++/* data */ ++#define IEEE80211_STYPE_DATA 0x0000 ++#define IEEE80211_STYPE_DATA_CFACK 0x0010 ++#define IEEE80211_STYPE_DATA_CFPOLL 0x0020 ++#define IEEE80211_STYPE_DATA_CFACKPOLL 0x0030 ++#define IEEE80211_STYPE_NULLFUNC 0x0040 ++#define IEEE80211_STYPE_CFACK 0x0050 ++#define IEEE80211_STYPE_CFPOLL 0x0060 ++#define IEEE80211_STYPE_CFACKPOLL 0x0070 ++#define IEEE80211_STYPE_QOS_DATA 0x0080 ++#define IEEE80211_STYPE_QOS_DATA_CFACK 0x0090 ++#define IEEE80211_STYPE_QOS_DATA_CFPOLL 0x00A0 ++#define IEEE80211_STYPE_QOS_DATA_CFACKPOLL 0x00B0 ++#define IEEE80211_STYPE_QOS_NULLFUNC 0x00C0 ++#define IEEE80211_STYPE_QOS_CFACK 0x00D0 ++#define IEEE80211_STYPE_QOS_CFPOLL 0x00E0 ++#define IEEE80211_STYPE_QOS_CFACKPOLL 0x00F0 ++ + #pragma pack(1) + struct radio_tap_header + { + uint8_t revision; + uint8_t pad; +- uint16_t len; +- uint32_t flags; +-}; +- +-struct frame_control +-{ +- unsigned version : 2; +- unsigned type : 2; +- unsigned sub_type : 4; +- +- unsigned to_ds : 1; +- unsigned from_ds : 1; +- unsigned more_frag : 1; +- unsigned retry : 1; +- unsigned pwr_mgt : 1; +- unsigned more_data : 1; +- unsigned protected_frame : 1; +- unsigned order : 1; ++ __le16 len; ++ __le32 flags; + }; + + struct dot11_frame_header + { +- struct frame_control fc; +- uint16_t duration; ++ __le16 fc; ++ __le16 duration; + unsigned char addr1[MAC_ADDR_LEN]; + unsigned char addr2[MAC_ADDR_LEN]; + unsigned char addr3[MAC_ADDR_LEN]; +- uint16_t frag_seq; ++ __le16 frag_seq; + }; + + struct authentication_management_frame + { +- uint16_t algorithm; +- uint16_t sequence; +- uint16_t status; ++ __le16 algorithm; ++ __le16 sequence; ++ __le16 status; + }; + + struct association_request_management_frame + { +- uint16_t capability; +- uint16_t listen_interval; ++ __le16 capability; ++ __le16 listen_interval; + }; + + struct association_response_management_frame + { +- uint16_t capability; +- uint16_t status; +- uint16_t id; ++ __le16 capability; ++ __le16 status; ++ __le16 id; + }; + + struct beacon_management_frame + { + unsigned char timestamp[TIMESTAMP_LEN]; +- uint16_t beacon_interval; +- uint16_t capability; ++ __le16 beacon_interval; ++ __le16 capability; + }; + + struct llc_header +@@ -350,7 +396,7 @@ struct llc_header + uint8_t ssap; + uint8_t control_field; + unsigned char org_code[3]; +- uint16_t type; ++ __be16 type; + }; + + struct dot1X_header +@@ -371,7 +417,7 @@ struct eap_header + struct wfa_expanded_header + { + unsigned char id[3]; +- uint32_t type; ++ __be32 type; + uint8_t opcode; + uint8_t flags; + }; +diff --git a/src/exchange.c b/src/exchange.c +index 23c87e9..4f9a82b 100644 +--- a/src/exchange.c ++++ b/src/exchange.c +@@ -306,26 +306,27 @@ enum wps_type process_packet(const u_char *packet, struct pcap_pkthdr *header) + + /* Cast the radio tap and 802.11 frame headers and parse out the Frame Control field */ + rt_header = (struct radio_tap_header *) packet; +- frame_header = (struct dot11_frame_header *) (packet+rt_header->len); ++ size_t rt_header_len = __le16_to_cpu(rt_header->len); ++ frame_header = (struct dot11_frame_header *) (packet+rt_header_len); + + /* Does the BSSID/source address match our target BSSID? */ + if(memcmp(frame_header->addr3, get_bssid(), MAC_ADDR_LEN) == 0) + { + /* Is this a data packet sent to our MAC address? */ +- if(frame_header->fc.type == DATA_FRAME && +- frame_header->fc.sub_type == SUBTYPE_DATA && +- (memcmp(frame_header->addr1, get_mac(), MAC_ADDR_LEN) == 0)) ++ if (((frame_header->fc & __cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) == ++ __cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA)) && ++ (memcmp(frame_header->addr1, get_mac(), MAC_ADDR_LEN) == 0)) + { + llc = (struct llc_header *) (packet + +- rt_header->len + ++ rt_header_len + + sizeof(struct dot11_frame_header) + ); + + /* All packets in our exchanges will be 802.1x */ +- if(llc->type == DOT1X_AUTHENTICATION) ++ if(llc->type == __cpu_to_be16(DOT1X_AUTHENTICATION)) + { + dot1x = (struct dot1X_header *) (packet + +- rt_header->len + ++ rt_header_len + + sizeof(struct dot11_frame_header) + + sizeof(struct llc_header) + ); +@@ -334,7 +335,7 @@ enum wps_type process_packet(const u_char *packet, struct pcap_pkthdr *header) + if(dot1x->type == DOT1X_EAP_PACKET && (header->len >= EAP_PACKET_SIZE)) + { + eap = (struct eap_header *) (packet + +- rt_header->len + ++ rt_header_len + + sizeof(struct dot11_frame_header) + + sizeof(struct llc_header) + + sizeof(struct dot1X_header) +@@ -366,7 +367,7 @@ enum wps_type process_packet(const u_char *packet, struct pcap_pkthdr *header) + else if((eap->type == EAP_EXPANDED) && (header->len > WFA_PACKET_SIZE)) + { + wfa = (struct wfa_expanded_header *) (packet + +- rt_header->len + ++ rt_header_len + + sizeof(struct dot11_frame_header) + + sizeof(struct llc_header) + + sizeof(struct dot1X_header) + +@@ -374,14 +375,14 @@ enum wps_type process_packet(const u_char *packet, struct pcap_pkthdr *header) + ); + + /* Verify that this is a WPS message */ +- if(wfa->type == SIMPLE_CONFIG) ++ if(wfa->type == __cpu_to_be32(SIMPLE_CONFIG)) + { + wps_msg_len = (size_t) ntohs(eap->len) - + sizeof(struct eap_header) - + sizeof(struct wfa_expanded_header); + + wps_msg = (const void *) (packet + +- rt_header->len + ++ rt_header_len + + sizeof(struct dot11_frame_header) + + sizeof(struct llc_header) + + sizeof(struct dot1X_header) + +diff --git a/src/wpsmon.c b/src/wpsmon.c +index d976924..22a394f 100644 +--- a/src/wpsmon.c ++++ b/src/wpsmon.c +@@ -295,7 +295,8 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char * + } + + rt_header = (struct radio_tap_header *) radio_header(packet, header->len); +- frame_header = (struct dot11_frame_header *) (packet + rt_header->len); ++ size_t rt_header_len = __le16_to_cpu(rt_header->len); ++ frame_header = (struct dot11_frame_header *) (packet + rt_header_len); + + /* If a specific BSSID was specified, only parse packets from that BSSID */ + if(!is_target(frame_header)) +@@ -323,15 +324,17 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char * + channel_changed = 1; + } + +- if(frame_header->fc.sub_type == PROBE_RESPONSE || +- frame_header->fc.sub_type == SUBTYPE_BEACON) ++ unsigned fsub_type = frame_header->fc & __cpu_to_le16(IEEE80211_FCTL_STYPE); ++ ++ if(fsub_type == __cpu_to_le16(IEEE80211_STYPE_PROBE_RESP) || ++ fsub_type == __cpu_to_le16(IEEE80211_STYPE_BEACON)) + { + wps_parsed = parse_wps_parameters(packet, header->len, wps); + } + + if(!is_done(bssid) && (get_channel() == channel || source == PCAP_FILE)) + { +- if(frame_header->fc.sub_type == SUBTYPE_BEACON && ++ if(fsub_type == __cpu_to_le16(IEEE80211_STYPE_BEACON) && + mode == SCAN && + !passive && + should_probe(bssid)) +@@ -369,7 +372,7 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char * + * If there was no WPS information, then the AP does not support WPS and we should ignore it from here on. + * If this was a probe response, then we've gotten all WPS info we can get from this AP and should ignore it from here on. + */ +- if(!wps_parsed || frame_header->fc.sub_type == PROBE_RESPONSE) ++ if(!wps_parsed || fsub_type == __cpu_to_le16(IEEE80211_STYPE_PROBE_RESP)) + { + mark_ap_complete(bssid); + } +-- +1.7.7 + diff --git a/net-wireless/reaver-wps-fork-t6x/files/0002-Use-the-current-directory-for-storing-and-loading-se.patch b/net-wireless/reaver-wps-fork-t6x/files/0002-Use-the-current-directory-for-storing-and-loading-se.patch @@ -0,0 +1,53 @@ +From cd444949f3176790101b8bdc9656831a03d8c01d Mon Sep 17 00:00:00 2001 +From: Paul Fertser <fercerpav@gmail.com> +Date: Tue, 10 Jul 2012 11:13:29 +0400 +Subject: [PATCH 2/3] Use the current directory for storing and loading + sessions + +This allows the user to always explicitely choose (by changing the +current directory before launching the program) where the session +files should go. Useful e.g. to avoid hogging the precious space on +embedded devices, just cd /tmp before starting the app. + +Signed-off-by: Paul Fertser <fercerpav@gmail.com> +--- + src/session.c | 16 +++------------- + 1 files changed, 3 insertions(+), 13 deletions(-) + +diff --git a/src/session.c b/src/session.c +index d3af0c3..308f213 100644 +--- a/src/session.c ++++ b/src/session.c +@@ -62,7 +62,7 @@ int restore_session() + memset(file, 0, FILENAME_MAX); + + bssid = mac2str(get_bssid(), '\0'); +- snprintf(file, FILENAME_MAX, "%s/%s.%s", CONF_DIR, bssid, CONF_EXT); ++ snprintf(file, FILENAME_MAX, "%s.%s", bssid, CONF_EXT); + free(bssid); + } + +@@ -199,18 +199,8 @@ int save_session() + } + else + { +- /* +- * If the configuration directory exists, save the session file there; else, save it to the +- * current working directory. +- */ +- if(configuration_directory_exists()) +- { +- snprintf((char *) &file_name, FILENAME_MAX, "%s/%s.%s", CONF_DIR, bssid, CONF_EXT); +- } +- else +- { +- snprintf((char *) &file_name, FILENAME_MAX, "%s.%s", bssid, CONF_EXT); +- } ++ /* save session to the current directory */ ++ snprintf((char *) &file_name, FILENAME_MAX, "%s.%s", bssid, CONF_EXT); + } + + /* Don't bother saving anything if nothing has been done */ +-- +1.7.7 + diff --git a/net-wireless/reaver-wps-fork-t6x/files/0003-wash-wpsmon-use-less-useless-spaces-in-output-to-fit.patch b/net-wireless/reaver-wps-fork-t6x/files/0003-wash-wpsmon-use-less-useless-spaces-in-output-to-fit.patch @@ -0,0 +1,38 @@ +From 638bb8d70d6c7e5dc99975e0bf57d8ce0455e2cc Mon Sep 17 00:00:00 2001 +From: Paul Fertser <fercerpav@gmail.com> +Date: Tue, 10 Jul 2012 11:25:00 +0400 +Subject: [PATCH 3/3] wash/wpsmon: use less useless spaces in output to fit + narrow terminals + +Signed-off-by: Paul Fertser <fercerpav@gmail.com> +--- + src/wpsmon.c | 6 +++--- + 1 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/wpsmon.c b/src/wpsmon.c +index 22a394f..e0948b3 100644 +--- a/src/wpsmon.c ++++ b/src/wpsmon.c +@@ -262,8 +262,8 @@ void monitor(char *bssid, int passive, int source, int channel, int mode) + + if(!header_printed) + { +- cprintf(INFO, "BSSID Channel RSSI WPS Version WPS Locked ESSID\n"); +- cprintf(INFO, "---------------------------------------------------------------------------------------------------------------\n"); ++ cprintf(INFO, "BSSID Channel RSSI WPS Version WPS Locked ESSID\n"); ++ cprintf(INFO, "--------------------------------------------------------------------------------------\n"); + header_printed = 1; + } + +@@ -360,7 +360,7 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char * + break; + } + +- cprintf(INFO, "%17s %2d %.2d %d.%d %s %s\n", bssid, channel, rssi, (wps->version >> 4), (wps->version & 0x0F), lock_display, ssid); ++ cprintf(INFO, "%17s %2d %.2d %d.%d %s %s\n", bssid, channel, rssi, (wps->version >> 4), (wps->version & 0x0F), lock_display, ssid); + } + + if(probe_sent) +-- +1.7.7 + diff --git a/net-wireless/reaver-wps-fork-t6x/files/0004-wash-probe-request.patch b/net-wireless/reaver-wps-fork-t6x/files/0004-wash-probe-request.patch @@ -0,0 +1,31 @@ +diff -urN reaver-1.4/src/wpsmon.c reaver-wps-read-only/src/wpsmon.c +--- reaver-1.4/src/wpsmon.c 2012-01-18 17:02:39.000000000 +0800 ++++ reaver-wps-read-only/src/wpsmon.c 2012-10-10 06:45:52.271329168 +0800 +@@ -132,6 +132,11 @@ + usage(argv[0]); + goto end; + } ++ else if(get_iface()) ++ { ++ /* Get the MAC address of the specified interface */ ++ read_iface_mac(); ++ } + + if(get_iface() && source == PCAP_FILE) + { +@@ -300,6 +305,7 @@ + + set_ssid(NULL); + bssid = (char *) mac2str(frame_header->addr3, ':'); ++ set_bssid((unsigned char *) frame_header->addr3); + + if(bssid) + { +@@ -383,6 +389,7 @@ + + end: + if(wps) free(wps); ++ set_bssid((unsigned char *) NULL_MAC); + + return; + } diff --git a/net-wireless/reaver-wps-fork-t6x/files/0005-soreau-show-status-r2.patch b/net-wireless/reaver-wps-fork-t6x/files/0005-soreau-show-status-r2.patch @@ -0,0 +1,97 @@ +Index: cracker.c +=================================================================== +--- cracker.c (revision 113) ++++ cracker.c (working copy) +@@ -285,18 +285,65 @@ + } + } + ++char *get_max_time_remaining(int average, int attempts_remaining) ++{ ++ char *max_time, hours[8], minutes[3], seconds[3]; ++ int max_hours = 0, max_minutes = 0, max_seconds = 0; ++ ++ max_time = malloc(16); ++ ++ if(!max_time) ++ exit(-1); ++ ++ if(average) ++ { ++ max_seconds = attempts_remaining * average; ++ if(max_seconds > 60) ++ { ++ max_minutes = max_seconds / 60; ++ max_seconds -= max_minutes * 60; ++ } ++ if(max_minutes > 60) ++ { ++ max_hours = max_minutes / 60; ++ max_minutes -= max_hours * 60; ++ } ++ ++ if(max_seconds < 0 || max_minutes < 0 || max_hours < 0) ++ { ++ free(max_time); ++ return NULL; ++ } ++ ++ sprintf(hours, "%d", max_hours); ++ sprintf(minutes, "%s%d", max_minutes > 9 ? "" : "0", max_minutes); ++ sprintf(seconds, "%s%d", max_seconds > 9 ? "" : "0", max_seconds); ++ ++ sprintf(max_time, "%s:%s:%s", hours, minutes, seconds); ++ } ++ else ++ { ++ free(max_time); ++ return NULL; ++ } ++ ++ return max_time; ++} ++ + /* Displays the status and rate of cracking */ + void display_status(float pin_count, time_t start_time) + { + float percentage = 0; + int attempts = 0, average = 0; ++ int attempts_remaining = 0; + time_t now = 0, diff = 0; + struct tm *tm_p = NULL; +- char time_s[256] = { 0 }; ++ char time_s[256] = { 0 }, *max_time; + + if(get_key_status() == KEY1_WIP) + { + attempts = get_p1_index() + get_p2_index(); ++ attempts_remaining = 11000 - attempts; + } + /* + * If we've found the first half of the key, then the entire key1 keyspace +@@ -305,10 +352,12 @@ + else if(get_key_status() == KEY2_WIP) + { + attempts = P1_SIZE + get_p2_index(); ++ attempts_remaining = 11000 - attempts; + } + else if(get_key_status() == KEY_DONE) + { + attempts = P1_SIZE + P2_SIZE; ++ attempts_remaining = 0; + } + + percentage = (float) (((float) attempts / (P1_SIZE + P2_SIZE)) * 100); +@@ -335,7 +384,12 @@ + average = 0; + } + ++ max_time = get_max_time_remaining(average, attempts_remaining); ++ + cprintf(INFO, "[+] %.2f%% complete @ %s (%d seconds/pin)\n", percentage, time_s, average); ++ cprintf(INFO, "[+] Max time remaining at this rate: %s (%d pins left to try)\n", max_time ? max_time : "(undetermined)", attempts_remaining); + ++ free(max_time); ++ + return; + } diff --git a/net-wireless/reaver-wps-fork-t6x/files/0005-soreau-show-status.patch b/net-wireless/reaver-wps-fork-t6x/files/0005-soreau-show-status.patch @@ -0,0 +1,97 @@ +Index: cracker.c +=================================================================== +--- cracker.c (revision 113) ++++ cracker.c (working copy) +@@ -285,18 +285,65 @@ + } + } + ++char *get_max_time_remaining(int average, int attempts_remaining) ++{ ++ char *max_time, hours[12], minutes[2], seconds[2]; ++ int max_hours = 0, max_minutes = 0, max_seconds = 0; ++ ++ max_time = malloc(16); ++ ++ if(!max_time) ++ exit(-1); ++ ++ if(average) ++ { ++ max_seconds = attempts_remaining * average; ++ if(max_seconds > 60) ++ { ++ max_minutes = max_seconds / 60; ++ max_seconds -= max_minutes * 60; ++ } ++ if(max_minutes > 60) ++ { ++ max_hours = max_minutes / 60; ++ max_minutes -= max_hours * 60; ++ } ++ ++ if(max_seconds < 0 || max_minutes < 0 || max_hours < 0) ++ { ++ free(max_time); ++ return NULL; ++ } ++ ++ sprintf(hours, "%d", max_hours); ++ sprintf(minutes, "%s%d", max_minutes > 9 ? "" : "0", max_minutes); ++ sprintf(seconds, "%s%d", max_seconds > 9 ? "" : "0", max_seconds); ++ ++ sprintf(max_time, "%s:%s:%s", hours, minutes, seconds); ++ } ++ else ++ { ++ free(max_time); ++ return NULL; ++ } ++ ++ return max_time; ++} ++ + /* Displays the status and rate of cracking */ + void display_status(float pin_count, time_t start_time) + { + float percentage = 0; + int attempts = 0, average = 0; ++ int attempts_remaining = 0; + time_t now = 0, diff = 0; + struct tm *tm_p = NULL; +- char time_s[256] = { 0 }; ++ char time_s[256] = { 0 }, *max_time; + + if(get_key_status() == KEY1_WIP) + { + attempts = get_p1_index() + get_p2_index(); ++ attempts_remaining = 11000 - attempts; + } + /* + * If we've found the first half of the key, then the entire key1 keyspace +@@ -305,10 +352,12 @@ + else if(get_key_status() == KEY2_WIP) + { + attempts = P1_SIZE + get_p2_index(); ++ attempts_remaining = 11000 - attempts; + } + else if(get_key_status() == KEY_DONE) + { + attempts = P1_SIZE + P2_SIZE; ++ attempts_remaining = 0; + } + + percentage = (float) (((float) attempts / (P1_SIZE + P2_SIZE)) * 100); +@@ -335,7 +384,12 @@ + average = 0; + } + ++ max_time = get_max_time_remaining(average, attempts_remaining); ++ + cprintf(INFO, "[+] %.2f%% complete @ %s (%d seconds/pin)\n", percentage, time_s, average); ++ cprintf(INFO, "[+] Max time remaining at this rate: %s (%d pins left to try)\n", max_time ? max_time : "(undetermined)", attempts_remaining); + ++ free(max_time); ++ + return; + }+ \ No newline at end of file diff --git a/net-wireless/reaver-wps-fork-t6x/reaver-wps-fork-t6x-1.5.2_p20160220.ebuild b/net-wireless/reaver-wps-fork-t6x/reaver-wps-fork-t6x-1.5.2_p20160220.ebuild @@ -0,0 +1,47 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +AUTOTOOLS_IN_SOURCE_BUILD="1" +inherit autotools-utils eutils git-r3 + +DESCRIPTION="Utilise Pixie Dust Attack to find the correct WPS PIN." +HOMEPAGE="https://github.com/t6x/reaver-wps-fork-t6x" +EGIT_REPO_URI="https://github.com/t6x/reaver-wps-fork-t6x.git" +EGIT_COMMIT="6e60ee25e86ec798de2e23971b029d555e9dc398" + +ECONF_SOURCE="${S}/src" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="" + +DEPEND="!net-wireless/reaver + net-libs/libpcap + dev-db/sqlite:3" +RDEPEND="${DEPEND}" + +#S="${WORKDIR}/${P}/src" + +ECONF_SOURCE="${S}/src" + +#these patches need to be verified and pushed upstream +#src_prepare() { +# epatch "${FILESDIR}" /000[1-4]*.patch + #http://code.google.com/p/reaver-wps/issues/detail?id=420 +# epatch "${FILESDIR}" /0005-soreau-show-status-r2.patch +#} + +src_install() { + cd src + dobin wash reaver + + insinto "/etc/reaver" + doins reaver.db + + doman ../docs/reaver.1.gz + dodoc ../docs/README ../docs/README.REAVER ../docs/README.WASH +}