/* send:
* Send the given data block down the channel. `size' is in bytes.
* Return zero if successful, otherwise return non-zero. Don't bother
* checking that the packet arrived at the destination though.
*/
static int local_send(NET_CHANNEL *chan, const void *buf, int size)
{
channel_data_t *data;
port_t *target;
packet_t *packet;
if (size > MAX_PACKET_SIZE)
return -1;
/* Strictly, we should be locking the port's queue, but this will do. */
MUTEX_LOCK(port_list);
data = chan->data;
target = find_port(data->target);
if (target && (next_packet(target->head) != target->tail)) {
target->head = next_packet(target->head);
packet = &target->packets[target->head];
packet->from = data->port->num;
packet->size = size;
memcpy(packet->data, buf, size);
}
/* Errors and successes all end up here, because no delivery
* checking occurs on channels. */
MUTEX_UNLOCK(port_list);
return 0;
}
/* recv:
* Receive a packet into the memory block given. `size' is the maximum
* number of bytes to receive. The sender's address will be put in `from'.
* Return the number of bytes received, or -1 if an error occured. A zero
* return value means there was no data to receive.
*
* Behaviour if more that `size' bytes are waiting is undecided -- either
* return an error, or read `size' bytes and return `size'. The remainder
* of the packet should probably be discarded, in either case. For now,
* it's the user's fault for not making the buffer big enough.
*/
static int local_recv(NET_CHANNEL *chan, void *buf, int size, char *from)
{
port_t *port;
packet_t *packet;
port = ((channel_data_t *)chan->data)->port;
/* Strictly we should be locking the port's queue, but this will do.
* We get the lock this early in case another channel is sharing the
* port. (I'm particularly concerned about overlapping `recv' calls
* here.) */
MUTEX_LOCK(port_list);
if (port->tail == port->head) {
MUTEX_UNLOCK(port_list);
return -1;
}
port->tail = next_packet(port->tail);
packet = &port->packets[port->tail];
if (packet->size < size)
size = packet->size;
memcpy(buf, packet->data, size);
if (from)
sprintf(from, "%d", packet->from);
MUTEX_UNLOCK(port_list);
return size;
}
/*
* Waits for a beacon packet from the target AP and populates the globule->ap_capabilities field.
* This is used for obtaining the capabilities field and AP SSID.
*/
void read_ap_beacon()
{
struct pcap_pkthdr header;
const unsigned char *packet = NULL;
struct radio_tap_header *rt_header = NULL;
struct dot11_frame_header *frame_header = NULL;
struct beacon_management_frame *beacon = NULL;
int channel = 0;
size_t tag_offset = 0;
time_t start_time = 0;
set_ap_capability(0);
start_time = time(NULL);
while(get_ap_capability() == 0)
{
packet = next_packet(&header);
if(packet == NULL)
{
break;
}
if(header.len >= MIN_BEACON_SIZE)
{
rt_header = (struct radio_tap_header *) radio_header(packet, header.len);
size_t rt_header_len = end_le16toh(rt_header->len);
frame_header = (struct dot11_frame_header *) (packet + rt_header_len);
if(is_target(frame_header))
{
if((frame_header->fc & end_htole16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) ==
end_htole16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_BEACON))
{
beacon = (struct beacon_management_frame *) (packet + rt_header_len + sizeof(struct dot11_frame_header));
set_ap_capability(end_le16toh(beacon->capability));
/* Obtain the SSID and channel number from the beacon packet */
tag_offset = rt_header_len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
channel = parse_beacon_tags(packet, header.len);
/* If no channel was manually specified, switch to the AP's current channel */
if(!get_fixed_channel() && get_auto_channel_select() && channel > 0 && channel != get_channel())
{
change_channel(channel);
set_channel(channel);
}
break;
}
}
}
/* If we haven't seen any beacon packets from the target within BEACON_WAIT_TIME seconds, try another channel */
if((time(NULL) - start_time) >= BEACON_WAIT_TIME)
{
next_channel();
start_time = time(NULL);
}
}
}
/*
* Waits for a beacon packet from the target AP and populates the globule->ap_capabilities field.
* This is used for obtaining the capabilities field and AP SSID.
*/
void read_ap_beacon()
{
struct pcap_pkthdr header;
const u_char *packet = NULL;
struct radio_tap_header *rt_header = NULL;
struct dot11_frame_header *frame_header = NULL;
struct beacon_management_frame *beacon = NULL;
int channel = 0;
time_t start_time = 0;
set_ap_capability(0);
start_time = time(NULL);
while(get_ap_capability() == 0)
{
packet = next_packet(&header);
if(packet == NULL)
{
break;
}
if(header.len >= MIN_BEACON_SIZE)
{
rt_header = (struct radio_tap_header *) radio_header(packet, header.len);
frame_header = (struct dot11_frame_header *) (packet + rt_header->len);
if(is_target(frame_header))
{
if(frame_header->fc.type == MANAGEMENT_FRAME && frame_header->fc.sub_type == SUBTYPE_BEACON)
{
beacon = (struct beacon_management_frame *) (packet + rt_header->len + sizeof(struct dot11_frame_header));
set_ap_capability(beacon->capability);
/* Obtain the SSID and channel number from the beacon packet */
channel = parse_beacon_tags(packet, header.len);
/* If no channel was manually specified, switch to the AP's current channel */
if(!get_fixed_channel() && get_auto_channel_select() && channel > 0 && channel != get_channel())
{
change_channel(channel);
set_channel(channel);
}
break;
}
}
}
/* If we haven't seen any beacon packets from the target within BEACON_WAIT_TIME seconds, try another channel */
if((time(NULL) - start_time) >= BEACON_WAIT_TIME)
{
next_channel();
start_time = time(NULL);
}
}
}
/* Waits for authentication and association responses from the target AP */
static int process_authenticate_associate_resp(int want_assoc)
{
struct pcap_pkthdr header;
unsigned char *packet;
struct radio_tap_header *rt_header;
struct dot11_frame_header *dot11_frame;
struct authentication_management_frame *auth_frame;
struct association_response_management_frame *assoc_frame;
int ret_val = 0;
start_timer();
while(!get_out_of_time())
{
if((packet = next_packet(&header)) == NULL) break;
if(header.len < MIN_AUTH_SIZE) continue;
rt_header = (void*) radio_header(packet, header.len);
size_t rt_header_len = end_le16toh(rt_header->len);
dot11_frame = (void*)(packet + rt_header_len);
if((memcmp(dot11_frame->addr3, get_bssid(), MAC_ADDR_LEN) != 0) ||
(memcmp(dot11_frame->addr1, get_mac(), MAC_ADDR_LEN) != 0))
continue;
int isMgmtFrame = (dot11_frame->fc & end_htole16(IEEE80211_FCTL_FTYPE)) == end_htole16(IEEE80211_FTYPE_MGMT);
if(!isMgmtFrame) continue;
void *ptr = (packet + sizeof(struct dot11_frame_header) + rt_header_len);
auth_frame = ptr;
assoc_frame = ptr;
int isAuthResp = (dot11_frame->fc & end_htole16(IEEE80211_FCTL_STYPE)) == end_htole16(IEEE80211_STYPE_AUTH);
int isAssocResp = (dot11_frame->fc & end_htole16(IEEE80211_FCTL_STYPE)) == end_htole16(IEEE80211_STYPE_ASSOC_RESP);
if(!isAuthResp && !isAssocResp) continue;
if(isAuthResp && want_assoc) continue;
/* Did we get an authentication packet with a successful status? */
if(isAuthResp && (auth_frame->status == end_htole16(AUTHENTICATION_SUCCESS))) {
ret_val = AUTH_OK;
break;
}
/* Did we get an association packet with a successful status? */
else if(isAssocResp && (assoc_frame->status == end_htole16(ASSOCIATION_SUCCESS))) {
ret_val = ASSOCIATE_OK;
break;
}
}
return ret_val;
}
int MPEGstream::copy_byte(void)
{
/* Get new data if necessary */
if ( data == stop ) {
if ( ! next_packet() ) {
return (-1);
}
}
pos ++;
return(*data++);
}
static gavl_source_status_t get_packet(void * priv, bgav_packet_t ** ret)
{
bgav_subtitle_converter_t * cnv = priv;
if(cnv->out_packet)
{
*ret = cnv->out_packet;
cnv->out_packet = NULL;
return GAVL_SOURCE_OK;
}
return next_packet(cnv, ret, 1);
}
bool Oggeyman::next_theora_packet(ogg_stream_state *state_ptr,
ogg_packet *packet_ptr, theora_state * theo_state_ptr) {
bool have_packet = false;
bool packet_ok = false;
do {
have_packet = next_packet(state_ptr, packet_ptr);
if (have_packet)
packet_ok =(theora_decode_packetin(theo_state_ptr, packet_ptr) >= 0);
} while (have_packet && !packet_ok);
return have_packet && packet_ok; // superfluous, but readable
}
/* Monitors an interface (or capture file) for WPS data in beacon packets or probe responses */
void monitor(char *bssid, int passive, int source, int channel, int mode)
{
struct sigaction act;
struct itimerval timer;
struct pcap_pkthdr header;
static int header_printed;
const u_char *packet = NULL;
memset(&act, 0, sizeof(struct sigaction));
memset(&timer, 0, sizeof(struct itimerval));
/* If we aren't reading from a pcap file, set the interface channel */
if(source == INTERFACE)
{
/*
* If a channel has been specified, set the interface to that channel.
* Else, set a recurring 1 second timer that will call sigalrm() and switch to
* a new channel.
*/
if(channel > 0)
{
change_channel(channel);
}
else
{
act.sa_handler = sigalrm_handler;
sigaction (SIGALRM, &act, 0);
ualarm(CHANNEL_INTERVAL, CHANNEL_INTERVAL);
change_channel(1);
}
}
if(!header_printed)
{
if (o_file_p == 0)
{
cprintf(INFO, "BSSID Channel RSSI WPS Version WPS Locked ESSID\n");
cprintf(INFO, "--------------------------------------------------------------------------------------\n");
header_printed = 1;
}
}
while((packet = next_packet(&header)))
{
parse_wps_settings(packet, &header, bssid, passive, mode, source);
#ifndef __APPLE__
memset((void *) packet, 0, header.len);
#endif
}
return;
}
/* Waits for authentication and association responses from the target AP */
int associate_recv_loop()
{
struct pcap_pkthdr header;
const u_char *packet = NULL;
struct radio_tap_header *rt_header = NULL;
struct dot11_frame_header *dot11_frame = NULL;
struct authentication_management_frame *auth_frame = NULL;
struct association_response_management_frame *assoc_frame = NULL;
int ret_val = 0, start_time = 0;
start_time = time(NULL);
while((time(NULL) - start_time) < ASSOCIATE_WAIT_TIME)
{
packet = next_packet(&header);
if(packet == NULL)
{
break;
}
if(header.len >= MIN_AUTH_SIZE)
{
rt_header = (struct radio_tap_header *) radio_header(packet, header.len);
dot11_frame = (struct dot11_frame_header *) (packet + rt_header->len);
if((memcmp(dot11_frame->addr3, get_bssid(), MAC_ADDR_LEN) == 0) &&
(memcmp(dot11_frame->addr1, get_mac(), MAC_ADDR_LEN) == 0))
{
if(dot11_frame->fc.type == MANAGEMENT_FRAME)
{
auth_frame = (struct authentication_management_frame *) (packet + sizeof(struct dot11_frame_header) + rt_header->len);
assoc_frame = (struct association_response_management_frame *) (packet + sizeof(struct dot11_frame_header) + rt_header->len);
/* Did we get an authentication packet with a successful status? */
if((dot11_frame->fc.sub_type == SUBTYPE_AUTHENTICATION) && (auth_frame->status == AUTHENTICATION_SUCCESS))
{
ret_val = AUTH_OK;
break;
}
/* Did we get an association packet with a successful status? */
else if((dot11_frame->fc.sub_type == SUBTYPE_ASSOCIATION) && (assoc_frame->status == ASSOCIATION_SUCCESS))
{
ret_val = ASSOCIATE_OK;
break;
}
}
}
}
}
return ret_val;
}
static int ogg_read_packet(AVFormatContext *avfcontext, AVPacket *pkt) {
ogg_packet op ;
if(next_packet(avfcontext, &op))
return -EIO ;
if(av_new_packet(pkt, sizeof(ogg_packet) + op.bytes) < 0)
return -EIO ;
pkt->stream_index = 0 ;
memcpy(pkt->data, &op, sizeof(ogg_packet)) ;
memcpy(pkt->data + sizeof(ogg_packet), op.packet, op.bytes) ;
return sizeof(ogg_packet) + op.bytes ;
}
bool Oggeyman::is_theora_stream(ogg_stream_state *probe_state_ptr, ogg_packet * probe_packet_ptr) {
bool found_theora_packet = false;
while (next_packet(probe_state_ptr, probe_packet_ptr)) {
// theo info and theo comment are private variables of the Oggeyman object
if (theora_decode_header(&theo_info, &theo_comment, probe_packet_ptr)>= 0) {
found_theora_packet = true;
// I need to go through all of them (or so the src code makes me believe)
// therefore, no break here
}
}
return found_theora_packet;
}
static int ogg_read_header(AVFormatContext *avfcontext, AVFormatParameters *ap)
{
OggContext *context = avfcontext->priv_data;
ogg_packet op ;
char *buf ;
ogg_page og ;
AVStream *ast ;
AVCodecContext *codec;
uint8_t *p;
int i;
ogg_sync_init(&context->oy) ;
buf = ogg_sync_buffer(&context->oy, DECODER_BUFFER_SIZE) ;
if(get_buffer(&avfcontext->pb, buf, DECODER_BUFFER_SIZE) <= 0)
return AVERROR_IO ;
ogg_sync_wrote(&context->oy, DECODER_BUFFER_SIZE) ;
ogg_sync_pageout(&context->oy, &og) ;
ogg_stream_init(&context->os, ogg_page_serialno(&og)) ;
ogg_stream_pagein(&context->os, &og) ;
/* currently only one vorbis stream supported */
ast = av_new_stream(avfcontext, 0) ;
if(!ast)
return AVERROR_NOMEM ;
av_set_pts_info(ast, 60, 1, AV_TIME_BASE);
codec= &ast->codec;
codec->codec_type = CODEC_TYPE_AUDIO;
codec->codec_id = CODEC_ID_VORBIS;
for(i=0; i<3; i++){
if(next_packet(avfcontext, &op)){
return -1;
}
if(op.bytes >= (1<<16) || op.bytes < 0)
return -1;
codec->extradata_size+= 2 + op.bytes;
codec->extradata= av_realloc(codec->extradata, codec->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE);
memset(codec->extradata + codec->extradata_size, 0, FF_INPUT_BUFFER_PADDING_SIZE);
p= codec->extradata + codec->extradata_size - 2 - op.bytes;
*(p++)= op.bytes>>8;
*(p++)= op.bytes&0xFF;
memcpy(p, op.packet, op.bytes);
}
return 0 ;
}
static int ogg_read_packet(AVFormatContext *avfcontext, AVPacket *pkt) {
ogg_packet op ;
if(next_packet(avfcontext, &op))
return AVERROR_IO ;
if(av_new_packet(pkt, op.bytes) < 0)
return AVERROR_IO ;
pkt->stream_index = 0 ;
memcpy(pkt->data, op.packet, op.bytes);
if(avfcontext->streams[0]->codec.sample_rate && op.granulepos!=-1)
pkt->pts= av_rescale(op.granulepos, AV_TIME_BASE, avfcontext->streams[0]->codec.sample_rate);
// printf("%lld %d %d\n", pkt->pts, (int)op.granulepos, avfcontext->streams[0]->codec.sample_rate);
return op.bytes;
}
/**
* parse_stream_block:
* @state: application state structure,
* @buf: data read from server or key frame,
* @buf_len: length of @buf.
*
* Parse a data stream block obtained either from the data server or a
* key frame. Calls either handle_car_packet() or handle_system_packet(),
* and is safe for those to result in further stream parsing calls.
**/
int
parse_stream_block (CurrentState *state,
const unsigned char *buf,
size_t buf_len)
{
Packet packet;
while (next_packet (state, &packet, &buf, &buf_len)) {
if (packet.car) {
handle_car_packet (state, &packet);
} else {
handle_system_packet (state, &packet);
}
}
return 0;
}
Uint32
MPEGstream:: copy_data(Uint8 *area, Sint32 size, bool short_read)
{
Uint32 copied = 0;
bool timestamped = false;
while ( (size > 0) && !eof()) {
Uint32 len;
/* Get new data if necessary */
if ( data == stop ) {
/* try to use the timestamp of the first packet */
if ( ! next_packet(true, (timestamp == -1) || !timestamped) ) {
break;
}
timestamped = true;
}
SDL_mutexP(mutex);
/* Copy as much as we need */
if ( size <= (Sint32)(stop-data) ) {
len = size;
} else {
len = (stop-data);
}
memcpy(area, data, len);
area += len;
data += len;
size -= len;
copied += len;
pos += len;
/* Allow 32-bit aligned short reads? */
if ( ((copied%4) == 0) && short_read ) {
break;
}
SDL_mutexV(mutex);
}
return(copied);
}
/*
* Determines if the target AP has locked its WPS state or not.
* Returns 0 if not locked, 1 if locked.
*/
int is_wps_locked()
{
int locked = 0;
struct libwps_data wps = { 0 };
struct pcap_pkthdr header;
const unsigned char *packet = NULL;
struct radio_tap_header *rt_header = NULL;
struct dot11_frame_header *frame_header = NULL;
while(1)
{
packet = next_packet(&header);
if(packet == NULL)
{
break;
}
if(header.len >= MIN_BEACON_SIZE)
{
rt_header = (struct radio_tap_header *) radio_header(packet, header.len);
size_t rt_header_len = end_le16toh(rt_header->len);
frame_header = (struct dot11_frame_header *) (packet + rt_header_len);
if(memcmp(frame_header->addr3, get_bssid(), MAC_ADDR_LEN) == 0)
{
if((frame_header->fc & end_htole16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) ==
end_htole16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_BEACON))
{
if(parse_wps_parameters(packet, header.len, &wps))
{
if(wps.locked == WPSLOCKED)
{
locked = 1;
}
break;
}
}
}
}
}
return locked;
}
/*
* Determines if the target AP has locked its WPS state or not.
* Returns 0 if not locked, 1 if locked.
*/
int is_wps_locked()
{
int locked = 0;
struct libwps_data wps = { 0 };
struct pcap_pkthdr header;
const u_char *packet = NULL;
struct radio_tap_header *rt_header = NULL;
struct dot11_frame_header *frame_header = NULL;
while(1)
{
packet = next_packet(&header);
if(packet == NULL)
{
break;
}
if(header.len >= MIN_BEACON_SIZE)
{
rt_header = (struct radio_tap_header *) radio_header(packet, header.len);
frame_header = (struct dot11_frame_header *) (packet + rt_header->len);
if(memcmp(frame_header->addr3, get_bssid(), MAC_ADDR_LEN) == 0)
{
if(frame_header->fc.type == MANAGEMENT_FRAME && frame_header->fc.sub_type == SUBTYPE_BEACON)
{
if(parse_wps_parameters(packet, header.len, &wps))
{
if(wps.locked == WPSLOCKED)
{
locked = 1;
}
break;
}
}
}
}
}
return locked;
}
static gavl_source_status_t peek_packet(void * priv, bgav_packet_t ** ret,
int force)
{
gavl_source_status_t st;
bgav_subtitle_converter_t * cnv = priv;
if(cnv->out_packet)
{
if(ret)
*ret = cnv->out_packet;
return GAVL_SOURCE_OK;
}
if((st = next_packet(cnv, &cnv->out_packet, force)) != GAVL_SOURCE_OK)
return st;
if(ret)
*ret = cnv->out_packet;
return GAVL_SOURCE_OK;
}
/* Main loop to listen for packets on a wireless card in monitor mode. */
enum wps_result do_wps_exchange() {
struct pcap_pkthdr header;
const u_char *packet = NULL;
enum wps_type packet_type = UNKNOWN, last_msg = UNKNOWN;
enum wps_result ret_val = KEY_ACCEPTED;
int premature_timeout = 0, terminated = 0, got_nack = 0;
int id_response_sent = 0, tx_type = 0;
int m2_sent = 0, m4_sent = 0, m6_sent = 0;
/* Initialize settings for this WPS exchange */
set_last_wps_state(0);
set_eap_id(0);
/* Initiate an EAP session */
send_eapol_start();
/*
* Loop until:
*
* o The pin has been cracked
* o An EAP_FAIL packet is received
* o We receive a NACK message
* o We hit an unrecoverable receive timeout
*/
while ((get_key_status() != KEY_DONE) &&
!terminated &&
!got_nack &&
!premature_timeout) {
tx_type = 0;
if (packet_type > last_msg) {
last_msg = packet_type;
}
packet = next_packet(&header);
if (packet == NULL) {
break;
}
packet_type = process_packet(packet, &header);
memset((void *) packet, 0, header.len);
switch (packet_type) {
case IDENTITY_REQUEST:
cprintf(VERBOSE, "[+] Received identity request\n");
tx_type = IDENTITY_RESPONSE;
id_response_sent = 1;
break;
case M1:
cprintf(VERBOSE, "[+] Received \033[1;35mM1\033[0m message\n");
if (id_response_sent && !m2_sent) {
tx_type = SEND_M2;
m2_sent = 1;
} else if (get_oo_send_nack()) {
tx_type = SEND_WSC_NACK;
terminated = 1;
}
break;
case M3:
cprintf(VERBOSE, "[+] Received \033[1;35mM3\033[0m message\n");
if (m2_sent && !m4_sent) {
if (globule->pixie_loop == 1) {
tx_type = SEND_WSC_NACK;
terminated = 1;
} else if (globule->pixie_loop == 0) {
tx_type = SEND_M4;
m4_sent = 1;
}
//tx_type = SEND_M4;
//m4_sent = 1;
} else if (get_oo_send_nack()) {
tx_type = SEND_WSC_NACK;
terminated = 1;
}
break;
case M5:
cprintf(VERBOSE, "[+] Received \033[1;35mM5\033[0m message\n");
if (get_key_status() == KEY1_WIP) {
set_key_status(KEY2_WIP);
}
if (m4_sent && !m6_sent) {
tx_type = SEND_M6;
m6_sent = 1;
} else if (get_oo_send_nack()) {
tx_type = SEND_WSC_NACK;
terminated = 1;
}
break;
case M7:
cprintf(VERBOSE, "[+] Received \033[1;35mM7\033[0m message\n");
//bug fix made by flatr0ze
if (!m6_sent) {
tx_type = SEND_WSC_NACK;
terminated = 1;
}
/* Fall through */
case DONE:
if (get_key_status() == KEY2_WIP) {
set_key_status(KEY_DONE);
}
tx_type = SEND_WSC_NACK;
break;
case NACK:
cprintf(VERBOSE, "[+] Received WSC NACK (reason: 0x%04X)\n", get_nack_reason());
got_nack = 1;
break;
case TERMINATE:
terminated = 1;
break;
default:
if (packet_type != 0) {
cprintf(VERBOSE, "[!] WARNING: Unexpected packet received (0x%.02X), terminating transaction\n", packet_type);
terminated = 1;
}
break;
}
if (tx_type == IDENTITY_RESPONSE) {
send_identity_response();
} else if (tx_type) {
send_msg(tx_type);
} /*
* If get_oo_send_nack is 0, then when out of order packets come, we don't
* NACK them. However, this also means that we wait infinitely for the expected
* packet, since the timer is started by send_msg. Manually start the timer to
* prevent infinite loops.
*/
else if (packet_type != 0) {
start_timer();
}
/* Check to see if our receive timeout has expired */
if (get_out_of_time()) {
/* If we have not sent an identity response, try to initiate an EAP session again */
if (!id_response_sent) {
/* Notify the user after EAPOL_START_MAX_TRIES eap start failures */
if (get_eapol_start_count() == EAPOL_START_MAX_TRIES) {
cprintf(WARNING, "[!] WARNING: %d successive start failures\n", EAPOL_START_MAX_TRIES);
set_eapol_start_count(0);
premature_timeout = 1;
}
send_eapol_start();
} else {
/* Treat all other time outs as unexpected errors */
premature_timeout = 1;
}
}
}
/*
* There are four states that can signify a pin failure:
*
* o Got NACK instead of an M5 message (first half of pin wrong)
* o Got NACK instead of an M5 message, when cracking second half (fake NACK)
* o Got NACK instead of an M7 message (second half of pin wrong)
* o Got receive timeout while waiting for an M5 message (first half of pin wrong)
* o Got receive timeout while waiting for an M7 message (second half of pin wrong)
*/
if (got_nack) {
/*
* If a NACK message was received, then the current wps->state value will be
* SEND_WSC_NACK, indicating that we need to reply with a NACK. So check the
* previous state to see what state we were in when the NACK was received.
*/
/* Warning the user about change of reason code for the received NACK message. */
if (!get_ignore_nack_reason()) {
if ((get_last_nack_reason() >= 0) && (get_nack_reason() != get_last_nack_reason())) {
cprintf(WARNING, "[!] WARNING: The reason code for NACK has been changed. Potential FAKE NACK!\n");
}
set_last_nack_reason(get_nack_reason());
}
/* Check NACK reason code for */
if ((get_fake_nack_reason() >= 0) && (get_nack_reason() == get_fake_nack_reason()) && (get_timeout_is_nack())) {
ret_val = FAKE_NACK;
} else {
if ((last_msg == M3) || (last_msg == M5)) {
/* The AP is properly sending WSC_NACKs, so don't treat future timeouts as pin failures. */
set_timeout_is_nack(0);
/* bug fix made by KokoSoft */
ret_val = ((last_msg == M3) && (get_key_status() == KEY2_WIP) && (get_timeout_is_nack())) ? FAKE_NACK : KEY_REJECTED;
} else {
ret_val = UNKNOWN_ERROR;
}
}
} else if (premature_timeout) {
/*
* Some WPS implementations simply drop the connection on the floor instead of sending a NACK.
* We need to be able to handle this, but at the same time using a timeout on the M5/M7 messages
* can result in false negatives. Thus, treating M5/M7 receive timeouts as NACKs can be disabled.
* Only treat the timeout as a NACK if this feature is enabled.
*/
if (get_timeout_is_nack() &&
//(last_msg == M3 || last_msg == M5))
((last_msg == M3 && (get_key_status() == KEY1_WIP)) || last_msg == M5)) //bug fix made by flatr0ze
{
ret_val = KEY_REJECTED;
} else {
/* If we timed out at any other point in the session, then we need to try the pin again */
ret_val = RX_TIMEOUT;
}
} /*
* If we got an EAP FAIL message without a preceeding NACK, then something went wrong.
* This should be treated the same as a RX_TIMEOUT by the caller: try the pin again.
*/
else if (terminated) {
ret_val = EAP_FAIL;
} else if (get_key_status() != KEY_DONE) {
ret_val = UNKNOWN_ERROR;
}
/*
* Always completely terminate the WPS session, else some WPS state machines may
* get stuck in their current state and won't accept new WPS registrar requests
* until rebooted.
*
* Stop the receive timer that is started by the termination transmission.
*/
send_wsc_nack();
stop_timer();
if (get_eap_terminate() || ret_val == EAP_FAIL) {
send_termination();
stop_timer();
}
return ret_val;
}
bool Oggeyman::get_next_frame(unsigned char *BGRAbuffer) {
if (stream_done)
return false;
timer_update();
#ifdef ANDR
//printf ("in get_next_frame: last_packet_time %12.2lf total_play_time %12.2lf \n", last_packet_time, total_play_time);
// "foo" will be used as a tag in LogCat
__android_log_print(ANDROID_LOG_INFO, "foo",
"in get_next_frame: last_packet_time %12.2lf total_play_time %12.2lf \n", last_packet_time, total_play_time );
# endif
if (last_packet_time > total_play_time)
return false;
// TODO: what's with this pp_level reduction business?
// do we have a leftover packet from the last page? (and is it really theora?)
#ifdef ANDR
struct timespec time1,time2;
clock_gettime(CLOCK_MONOTONIC, &time1);
# endif
bool packet_found = (next_packet(&ogg_theora_stream_state,
&ogg_theora_packet)
&& theora_decode_header(&theo_info, &theo_comment,
&ogg_theora_packet) >= 0);
#ifdef ANDR
clock_gettime(CLOCK_MONOTONIC, &time2);
__android_log_print(ANDROID_LOG_INFO, "foo",
"in get_next_frame: time to get next packet and decode header %6.2lf ms\n", (time2.tv_sec - time1.tv_sec)*1.e3 + (time2.tv_nsec - time1.tv_nsec)/1000.0f );
clock_gettime(CLOCK_MONOTONIC, &time1);
# endif
while (!packet_found && !stream_done) {
bool is_theora_page = false;
while (!stream_done && !is_theora_page) {
stream_done = !next_page();
if (stream_done) continue;
// submit the completed page to the streaming layer with ogg_stream_pagein.
// check out the return value - it will be < 0 it the page does not correspond
// to the stream whose state we are providing as the first argument
is_theora_page = (ogg_stream_pagein(&ogg_theora_stream_state,
¤t_ogg_page) >= 0);
}
if (stream_done) continue;
// Packets can span multiple pages, but next_packet, or rather ogg_stream_packetout,
// should take care of that - not return packets until they are complete.
packet_found = next_packet(&ogg_theora_stream_state, &ogg_theora_packet);
}
#ifdef ANDR
clock_gettime(CLOCK_MONOTONIC, &time2);
__android_log_print(ANDROID_LOG_INFO, "foo",
"in get_next_frame: looping for next packet %6.2lf ms\n", (time2.tv_sec - time1.tv_sec)*1.e3 + (time2.tv_nsec - time1.tv_nsec)/1000.0f );
# endif
if (packet_found) {
#ifdef ANDR
clock_gettime(CLOCK_MONOTONIC, &time1);
# endif
bool processing_ok = process_packet(BGRAbuffer);
#ifdef ANDR
clock_gettime(CLOCK_MONOTONIC, &time2);
__android_log_print(ANDROID_LOG_INFO, "foo",
"[Aug 2015] in get_next_frame: time to process the packet %6.2lf ms\n", (time2.tv_sec - time1.tv_sec)*1.e3 + (time2.tv_nsec - time1.tv_nsec)/1.e6 );
# endif
return processing_ok;
}
return false;
}
/***********************************************************************
* hb_bd_read
***********************************************************************
*
**********************************************************************/
hb_buffer_t * hb_bd_read( hb_bd_t * d )
{
int result;
int error_count = 0;
uint8_t buf[192];
BD_EVENT event;
uint64_t pos;
hb_buffer_t * b;
uint8_t discontinuity;
int new_chap = 0;
discontinuity = 0;
while ( 1 )
{
if ( d->next_chap != d->chapter )
{
new_chap = d->chapter = d->next_chap;
}
result = next_packet( d->bd, buf );
if ( result < 0 )
{
hb_error("bd: Read Error");
pos = bd_tell( d->bd );
bd_seek( d->bd, pos + 192 );
error_count++;
if (error_count > 10)
{
hb_error("bd: Error, too many consecutive read errors");
return 0;
}
continue;
}
else if ( result == 0 )
{
return 0;
}
error_count = 0;
while ( bd_get_event( d->bd, &event ) )
{
switch ( event.event )
{
case BD_EVENT_CHAPTER:
// The muxers expect to only get chapter 2 and above
// They write chapter 1 when chapter 2 is detected.
d->next_chap = event.param;
break;
case BD_EVENT_PLAYITEM:
discontinuity = 1;
hb_deep_log(2, "bd: Playitem %u", event.param);
break;
case BD_EVENT_STILL:
bd_read_skip_still( d->bd );
break;
default:
break;
}
}
// buf+4 to skip the BD timestamp at start of packet
b = hb_ts_decode_pkt( d->stream, buf+4 );
if ( b )
{
b->s.discontinuity = discontinuity;
b->s.new_chap = new_chap;
return b;
}
}
return NULL;
}
/***********************************************************************
* hb_bd_read
***********************************************************************
*
**********************************************************************/
hb_buffer_t * hb_bd_read( hb_bd_t * d )
{
int result;
int error_count = 0;
uint8_t buf[192];
BD_EVENT event;
uint64_t pos;
hb_buffer_t * out = NULL;
uint8_t discontinuity;
while ( 1 )
{
discontinuity = 0;
result = next_packet( d->bd, buf );
if ( result < 0 )
{
hb_error("bd: Read Error");
pos = bd_tell( d->bd );
bd_seek( d->bd, pos + 192 );
error_count++;
if (error_count > 10)
{
hb_error("bd: Error, too many consecutive read errors");
hb_set_work_error(d->h, HB_ERROR_READ);
return NULL;
}
continue;
}
else if ( result == 0 )
{
return NULL;
}
error_count = 0;
while ( bd_get_event( d->bd, &event ) )
{
switch ( event.event )
{
case BD_EVENT_CHAPTER:
// The muxers expect to only get chapter 2 and above
// They write chapter 1 when chapter 2 is detected.
if (event.param > d->chapter)
{
d->next_chap = event.param;
}
break;
case BD_EVENT_PLAYITEM:
discontinuity = 1;
hb_deep_log(2, "bd: Playitem %u", event.param);
break;
case BD_EVENT_STILL:
bd_read_skip_still( d->bd );
break;
default:
break;
}
}
// buf+4 to skip the BD timestamp at start of packet
if (d->chapter != d->next_chap)
{
d->chapter = d->next_chap;
out = hb_ts_decode_pkt(d->stream, buf+4, d->chapter, discontinuity);
}
else
{
out = hb_ts_decode_pkt(d->stream, buf+4, 0, discontinuity);
}
if (out != NULL)
{
return out;
}
}
return NULL;
}
int main(int argc, char *argv[])
{
pcap_t *session = NULL;
int link_type, i;
bpf_u_int32 netmask, ip;
struct bpf_program bpf;
/* Evaluate args with a simple O(n) loop */
for (i=1;i<argc;i++) {
if (!argv[i] || argv[i][0] != '-')
goto invalid_arg;
if (argv[i][1] == 'p') {
promisc = 1;
continue;
} else if (argv[i][1] == 'h')
usage(argv[0]);
/* Make sure we don't try to go beyond argv[]'s bounds */
if (i + 1 >= argc)
goto invalid_arg;
switch (argv[i][1]) {
case 'i':
strncpy(intf, argv[++i], IFNAMSIZ);
break;
case 's':
snaplen = atoi(argv[++i]);
break;
case 't':
timeout = atoi(argv[++i]);
break;
default:
goto invalid_arg;
}
}
/* Create a new capture session */
memset(errbuf, 0, PCAP_ERRBUF_SIZE);
session = pcap_open_live(intf, snaplen, promisc, timeout, errbuf);
if (!session) {
fprintf(stderr, "Unable to open '%s': %s\n",
intf, errbuf);
goto err;
}
/* Ensure that we support the interface's link-level header */
link_type = pcap_datalink(session);
if (link_type != DLT_LINUX_SLL && link_type != DLT_EN10MB &&
link_type != DLT_IPV4 && link_type != DLT_IPV6) {
fprintf(stderr, "Unsupported link type: %d\n", link_type);
goto err;
}
/* Get the IP and netmask (for the filter) */
if (pcap_lookupnet(intf, &ip, &netmask, errbuf) == -1) {
ip = 0;
netmask = 0;
}
/* Compile and apply our filter (without BPF optimization) */
if (pcap_compile(session, &bpf, filter, 0, netmask) == -1 ||
pcap_setfilter(session, &bpf) == -1) {
pcap_perror(session, "Error installing filter: ");
goto err;
}
/* Grab and dissect packets until an error occurs */
while (!next_packet(session, link_type));
err:
if (session) pcap_close(session);
return EXIT_FAILURE;
invalid_arg:
fprintf(stderr, "Invalid argument: %s\n", argv[i]);
usage(argv[0]);
return EXIT_FAILURE;
}
/**
* Initialize the socket and the Insim connection
* If "struct IS_VER *pack_ver" is set it will contain an IS_VER packet after returning. It's an optional argument
*/
int CInsim::init (char *addr, word port, char *product, char *admin, struct IS_VER *pack_ver, unsigned char prefix, word flags, word interval, word udpport)
{
// Initialise WinSock
// Only required on Windows
#ifdef CIS_WINDOWS
WSADATA wsadata;
if (WSAStartup(0x202, &wsadata) == SOCKET_ERROR) {
WSACleanup();
return -1;
}
#endif
// Create the TCP socket - this defines the type of socket
sock = socket(AF_INET, SOCK_STREAM, 0);
// Could we get the socket handle? If not the OS might be too busy or has run out of available socket descriptors
if (sock == INVALID_SOCKET) {
#ifdef CIS_WINDOWS
closesocket(sock);
WSACleanup();
#elif defined CIS_LINUX
close(sock);
#endif
return -1;
}
// Resolve the IP address
struct sockaddr_in saddr;
memset(&saddr, 0, sizeof(saddr));
saddr.sin_family = AF_INET;
struct hostent *hp;
hp = gethostbyname(addr);
if (hp != NULL)
saddr.sin_addr.s_addr = *((unsigned long*)hp->h_addr);
else
saddr.sin_addr.s_addr = inet_addr(addr);
// Set the port number in the socket structure - we convert it from host unsigned char order, to network
saddr.sin_port = htons(port);
// Now the socket address structure is full, lets try to connect
if (connect(sock, (struct sockaddr *) &saddr, sizeof(saddr)) < 0) {
#ifdef CIS_WINDOWS
closesocket(sock);
WSACleanup();
#elif defined CIS_LINUX
close(sock);
#endif
return -1;
}
// If the user asked for NLP or MCI packets and defined an udpport
if (udpport > 0) {
// Create the UDP socket - this defines the type of socket
sockudp = socket(AF_INET, SOCK_DGRAM, 0);
// Could we get the socket handle? If not the OS might be too busy or have run out of available socket descriptors
if (sockudp == INVALID_SOCKET) {
#ifdef CIS_WINDOWS
closesocket(sock);
closesocket(sockudp);
WSACleanup();
#elif defined CIS_LINUX
close(sock);
close(sockudp);
#endif
return -1;
}
// Resolve the IP address
struct sockaddr_in udp_saddr, my_addr;
memset(&udp_saddr, 0, sizeof(udp_saddr));
memset(&my_addr, 0, sizeof(my_addr));
// Bind the UDP socket to my specified udpport and address
my_addr.sin_family = AF_INET; // host unsigned char order
my_addr.sin_port = htons(udpport); // short, network unsigned char order
my_addr.sin_addr.s_addr = INADDR_ANY;
memset(my_addr.sin_zero, '\0', sizeof my_addr.sin_zero);
// don't forget your error checking for bind():
bind(sockudp, (struct sockaddr *)&my_addr, sizeof my_addr);
// Set the server address and the connect to it
udp_saddr.sin_family = AF_INET;
struct hostent *udp_hp;
udp_hp = gethostbyname(addr);
if (udp_hp != NULL)
udp_saddr.sin_addr.s_addr = *((unsigned long*)udp_hp->h_addr);
else
udp_saddr.sin_addr.s_addr = inet_addr(addr);
// Set the UDP port number in the UDP socket structure - we convert it from host unsigned char order, to network
udp_saddr.sin_port = htons(port);
// Connect the UDP using the same address as in the TCP socket
if (connect(sockudp, (struct sockaddr *) &udp_saddr, sizeof(udp_saddr)) < 0) {
#ifdef CIS_WINDOWS
closesocket(sock);
closesocket(sockudp);
WSACleanup();
#elif defined CIS_LINUX
close(sock);
close(sockudp);
#endif
return -1;
}
// We are using UDP!
using_udp = 1;
}
// Ok, so we're connected. First we need to let LFS know we're here by sending the IS_ISI packet
struct IS_ISI isi_p;
memset(&isi_p, 0, sizeof(struct IS_ISI));
isi_p.Size = sizeof(struct IS_ISI);
isi_p.Type = ISP_ISI;
if (pack_ver != NULL) // We request an ISP_VER if the caller asks for it
isi_p.ReqI = 1;
isi_p.Prefix = prefix;
isi_p.UDPPort = udpport;
isi_p.Flags = flags;
isi_p.Interval = interval;
memcpy(isi_p.IName, product, sizeof(isi_p.IName)-1);
memcpy(isi_p.Admin, admin, 16);
// Send the initialization packet
if(send_packet(&isi_p) < 0) {
if (using_udp) {
#ifdef CIS_WINDOWS
closesocket(sockudp);
#elif defined CIS_LINUX
close(sockudp);
#endif
}
#ifdef CIS_WINDOWS
closesocket(sock);
WSACleanup();
#elif defined CIS_LINUX
close(sock);
#endif
return -1;
}
// Set the timeout period
select_timeout.tv_sec = IS_TIMEOUT;
#ifdef CIS_WINDOWS
select_timeout.tv_usec = 0;
#elif defined CIS_LINUX
select_timeout.tv_nsec = 0;
#endif
// If an IS_VER packet was requested
if (pack_ver != NULL)
{
if (next_packet() < 0) { // Get next packet, supposed to be an IS_VER
if (isclose() < 0) {
if (using_udp) {
#ifdef CIS_WINDOWS
closesocket(sockudp);
#elif defined CIS_LINUX
close(sockudp);
#endif
}
#ifdef CIS_WINDOWS
closesocket(sock);
WSACleanup();
#elif defined CIS_LINUX
close(sock);
#endif
return -1;
}
return -1;
}
switch (peek_packet()) // Check if the packet returned was an IS_VER
{
case ISP_VER: // It was, get it!
memcpy(pack_ver, (struct IS_VER*)get_packet(), sizeof(struct IS_VER));
break;
default: // It wasn't, something went wrong. Quit
if (isclose() < 0) {
if (using_udp) {
#ifdef CIS_WINDOWS
closesocket(sockudp);
#elif defined CIS_LINUX
close(sockudp);
#endif
}
#ifdef CIS_WINDOWS
closesocket(sock);
WSACleanup();
#elif defined CIS_LINUX
close(sock);
#endif
}
return -1;
}
}
return 0;
}