int main(int argc, char *argv[])
{
struct params p;
char *iface = "wlan0";
char *tap = "tap0";
int ch;
memset(&p, 0, sizeof(p));
memcpy(p.mac, "\x00\x00\xde\xfa\xce\xd", 6);
p.seq = getpid();
memcpy(p.mcast, "\x01\x00\x5e\x00\x00", 5);
while ((ch = getopt(argc, argv, "hb:t:")) != -1) {
switch (ch) {
case 't':
tap = optarg;
break;
case 'b':
if (str2mac(p.ap, optarg) == -1) {
printf("Can't parse BSSID\n");
exit(1);
}
break;
case 'h':
default:
usage(argv[0]);
break;
}
}
if ((p.rx = open_rx(iface)) == -1)
err(1, "open_rx()");
if ((p.tx = open_tx(iface)) == -1)
err(1, "open_tx()");
if ((p.tap = open_tap(tap)) == -1)
err(1, "open_tap()");
if (set_iface_mac(tap, p.mac) == -1)
err(1, "set_iface_mac()");
p.state = S_START;
while (1)
own(&p);
exit(0);
}
int main(int argc, char **argv)
{
int c, n, i, proto, packet_size, pause_us, retransmit, file_size, num_packets, npacket;
char *end;
libnet_t *ln_ctx;
char ln_errbuf[LIBNET_ERRBUF_SIZE];
struct libnet_ether_addr *ln_hwaddr;
libnet_ptag_t ln_ptag;
pcap_t *pcap_ctx;
char pcap_errbuf[PCAP_ERRBUF_SIZE], pcap_fp_str[64];
struct bpf_program pcap_fp;
struct pcap_pkthdr pcap_hdr;
FILE *fp;
unsigned char buf[ETH_DATA_LEN], dest_mac_addr[ETH_ALEN];
struct pkt_hdr *pkt_hdr;
struct vlan_eth_hdr *vlan_eth_hdr;
proto = 0xCAFE;
packet_size = ETH_DATA_LEN - PKT_HDR_SIZE;
pause_us = 1000;
retransmit = 3;
while ((c = getopt(argc, argv, "p:s:w:r:")) != -1)
{
switch (c)
{
case 'p':
proto = strtol(optarg, &end, 0);
if ((*end != '\0'))
usage(argv[0]);
break;
case 's':
packet_size = strtol(optarg, &end, 0);
if ((*end != '\0'))
usage(argv[0]);
if ((packet_size <= 0) || (packet_size > (ETH_DATA_LEN - PKT_HDR_SIZE)))
packet_size = ETH_DATA_LEN - PKT_HDR_SIZE;
break;
case 'w':
pause_us = strtol(optarg, &end, 0);
if ((*end != '\0'))
usage(argv[0]);
if (pause_us <= 0)
pause_us = 1;
break;
case 'r':
retransmit = strtol(optarg, &end, 0);
if ((*end != '\0'))
usage(argv[0]);
if (retransmit < 0)
retransmit = 0;
break;
case '?':
default:
fprintf(stderr, "unrecognized option: %c\n", c);
usage(argv[0]);
}
}
if (argc != (optind + 3))
usage(argv[0]);
if (strlen(argv[optind]) <= 0)
usage(argv[0]);
ln_ctx = libnet_init(LIBNET_LINK, argv[optind], ln_errbuf);
if (ln_ctx == NULL)
{
fprintf(stderr, "couldn't initialize libnet context: %s\n", ln_errbuf);
exit(1);
}
if (str2mac(argv[optind + 1], dest_mac_addr) != 0)
usage(argv[0]);
pcap_ctx = pcap_open_live(argv[optind], BUFSIZ, 1, 1000, pcap_errbuf);
if (pcap_ctx == NULL)
{
fprintf(stderr, "couldn't initialize pcap context: %s\n", pcap_errbuf);
exit(1);
}
sprintf(pcap_fp_str, "ether proto 0x%04x and ether src %02x:%02x:%02x:%02x:%02x:%02x",
proto, dest_mac_addr[0], dest_mac_addr[1], dest_mac_addr[2], dest_mac_addr[3],
dest_mac_addr[4], dest_mac_addr[5]);
printf("pcap filter: %s\n", pcap_fp_str);
if (pcap_compile(pcap_ctx, &pcap_fp, pcap_fp_str, 0, PCAP_NETMASK_UNKNOWN) == -1)
{
fprintf(stderr, "couldn't compile pcap filter: %s\n", pcap_geterr(pcap_ctx));
exit(1);
}
if (pcap_setfilter(pcap_ctx, &pcap_fp) == -1)
{
fprintf(stderr, "couldn't set pcap filter: %s\n", pcap_geterr(pcap_ctx));
exit(1);
}
fp = fopen(argv[optind + 2], "r");
if (fp == NULL)
{
fprintf(stderr, "couldn't open file '%s'\n", argv[optind + 2]);
exit(1);
}
fseek(fp, 0, SEEK_END);
file_size = ftell(fp);
fseek(fp, 0, SEEK_SET);
printf("file size #%d\n", file_size);
if (file_size == 0)
{
printf("file is empty, terminating\n");
exit(0);
}
ln_hwaddr = libnet_get_hwaddr(ln_ctx);
ln_ptag = libnet_build_ethernet(dest_mac_addr, (u_int8_t *) ln_hwaddr,
proto, NULL, 0, ln_ctx, 0);
if (ln_ptag == -1)
{
fprintf(stderr, "couldn't create libnet packet: %s\n", libnet_geterror(ln_ctx));
exit(1);
}
num_packets = (file_size + packet_size - 1) / packet_size;
npacket = 0;
while ((n = fread(buf + PKT_HDR_SIZE, 1, packet_size, fp)) > 0)
{
pkt_hdr = (struct pkt_hdr *) buf;
memset(pkt_hdr, 0, PKT_HDR_SIZE);
pkt_hdr->magic = htonl(PKT_MAGIC);
pkt_hdr->offset = htonl(npacket * packet_size);
pkt_hdr->size = htonl(n);
if (n < packet_size)
pkt_hdr->flags |= PKT_FLAG_LAST;
pkt_hdr->flags = htonl(pkt_hdr->flags);
npacket++;
if (libnet_build_ethernet(dest_mac_addr, (u_int8_t *) ln_hwaddr,
proto, buf, n + PKT_HDR_SIZE, ln_ctx, ln_ptag) == -1)
{
fprintf(stderr, "couldn't modify libnet packet #%d: %s\n",
npacket, libnet_geterror(ln_ctx));
exit(1);
}
for (i = 0; i < retransmit + 1; i++)
{
printf("sending packet #%d of #%d\n", npacket, num_packets);
if ((libnet_write(ln_ctx)) == -1)
{
fprintf(stderr, "couldn't send packet #%d: %s\n", npacket, libnet_geterror(ln_ctx));
exit(1);
}
/*vlan_eth_hdr = (struct vlan_eth_hdr *) pcap_next(pcap_ctx, &pcap_hdr);
if (vlan_eth_hdr == NULL)
{
fprintf(stderr, "timeout ack for packet #%d\n", npacket);
goto next;
}*/
/*if (pcap_hdr.len < (VLAN_ETH_HLEN + PKT_HDR_SIZE))
{
fprintf(stderr, "invalid ack for packet #%d\n", npacket);
goto next;
}
pkt_hdr = (struct pkt_hdr *) (vlan_eth_hdr + 1);
pkt_hdr->offset = ntohl(pkt_hdr->offset);
if (pkt_hdr->offset == ((npacket - 1) * packet_size + n))
{
printf("received ack for packet #%d\n", npacket);
break;
}
else
{
fprintf(stderr, "bad ack for packet #%d, offset 0x%x\n",
npacket, pkt_hdr->offset);
goto next;
}*/
next:
usleep(1000);
}
if (i == (retransmit + 1))
{
//fprintf(stderr, "no ack received for packet #%d\n", npacket);
//exit(1);
}
if (pause_us > 0)
usleep(pause_us);
}
fclose(fp);
pcap_close(pcap_ctx);
libnet_destroy(ln_ctx);
exit(0);
}
/* Processes Reaver command line options */
int process_arguments(int argc, char **argv)
{
int ret_val = EXIT_SUCCESS;
int c = 0, channel = 0;
int long_opt_index = 0;
char bssid[MAC_ADDR_LEN] = { 0 };
char mac[MAC_ADDR_LEN] = { 0 };
char *short_options = "b:e:m:i:t:d:c:T:x:r:g:l:o:p:s:C:KZA5ELfnqvDShwN6J";
struct option long_options[] = {
{ "pixie-dust", no_argument, NULL, 'K' },
{ "interface", required_argument, NULL, 'i' },
{ "bssid", required_argument, NULL, 'b' },
{ "essid", required_argument, NULL, 'e' },
{ "mac", required_argument, NULL, 'm' },
{ "timeout", required_argument, NULL, 't' },
{ "m57-timeout", required_argument, NULL, 'T' },
{ "delay", required_argument, NULL, 'd' },
{ "lock-delay", required_argument, NULL, 'l' },
{ "fail-wait", required_argument, NULL, 'x' },
{ "channel", required_argument, NULL, 'c' },
{ "session", required_argument, NULL, 's' },
{ "recurring-delay", required_argument, NULL, 'r' },
{ "max-attempts", required_argument, NULL, 'g' },
{ "out-file", required_argument, NULL, 'o' },
{ "pin", required_argument, NULL, 'p' },
{ "exec", required_argument, NULL, 'C' },
{ "no-associate", no_argument, NULL, 'A' },
{ "ignore-locks", no_argument, NULL, 'L' },
{ "no-nacks", no_argument, NULL, 'N' },
{ "eap-terminate", no_argument, NULL, 'E' },
{ "dh-small", no_argument, NULL, 'S' },
{ "fixed", no_argument, NULL, 'f' },
{ "daemonize", no_argument, NULL, 'D' },
{ "5ghz", no_argument, NULL, '5' },
{ "repeat-m6", no_argument, NULL, '6' },
{ "nack", no_argument, NULL, 'n' },
{ "quiet", no_argument, NULL, 'q' },
{ "verbose", no_argument, NULL, 'v' },
{ "win7", no_argument, NULL, 'w' },
{ "help", no_argument, NULL, 'h' },
{ "timeout-is-nack", no_argument, NULL, 'J' },
{ 0, 0, 0, 0 }
};
/* Since this function may be called multiple times, be sure to set opt index to 0 each time */
optind = 0;
while((c = getopt_long(argc, argv, short_options, long_options, &long_opt_index)) != -1)
{
switch(c)
{
case 'Z':
case 'K':
pixie.do_pixie = 1;
break;
case 'i':
set_iface(optarg);
break;
case 'b':
str2mac(optarg, (unsigned char *) &bssid);
set_bssid((unsigned char *) &bssid);
break;
case 'e':
set_ssid(optarg);
break;
case 'm':
str2mac(optarg, (unsigned char *) &mac);
set_mac((unsigned char *) &mac);
break;
case 't':
set_rx_timeout(atoi(optarg));
break;
case 'T':
set_m57_timeout(strtof(optarg, NULL) * SEC_TO_US);
break;
case 'c':
channel = strtod(optarg, NULL);
set_fixed_channel(1);
break;
case '5':
set_wifi_band(AN_BAND);
break;
case '6':
set_repeat_m6(1);
break;
case 'd':
set_delay(atoi(optarg));
break;
case 'l':
set_lock_delay(atoi(optarg));
break;
case 'p':
parse_static_pin(optarg);
break;
case 's':
set_session(optarg);
break;
case 'C':
set_exec_string(optarg);
break;
case 'A':
set_external_association(1);
break;
case 'L':
set_ignore_locks(1);
break;
case 'o':
set_log_file(fopen(optarg, "w"));
break;
case 'x':
set_fail_delay(atoi(optarg));
break;
case 'r':
parse_recurring_delay(optarg);
break;
case 'g':
set_max_pin_attempts(atoi(optarg));
break;
case 'D':
daemonize();
break;
case 'E':
set_eap_terminate(1);
break;
case 'S':
set_dh_small(1);
break;
case 'n':
cprintf(INFO, "[+] ignoring obsolete -n switch\n");
break;
case 'J':
set_timeout_is_nack(1);
break;
case 'f':
set_fixed_channel(1);
break;
case 'v':
set_debug(get_debug() + 1);
break;
case 'q':
set_debug(CRITICAL);
break;
case 'w':
set_win7_compat(1);
break;
case 'N':
set_oo_send_nack(0);
break;
default:
ret_val = EXIT_FAILURE;
}
}
if(channel)
{
change_channel(channel);
}
return ret_val;
}
static void setup_tun_net(char *arg)
{
struct device *dev;
struct net_info *net_info = malloc(sizeof(*net_info));
int ipfd;
u32 ip = INADDR_ANY;
bool bridging = false;
char tapif[IFNAMSIZ], *p;
struct virtio_net_config conf;
net_info->tunfd = get_tun_device(tapif);
dev = new_device("net", VIRTIO_ID_NET);
dev->priv = net_info;
add_virtqueue(dev, VIRTQUEUE_NUM, net_input);
add_virtqueue(dev, VIRTQUEUE_NUM, net_output);
ipfd = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
if (ipfd < 0)
err(1, "opening IP socket");
if (!strncmp(BRIDGE_PFX, arg, strlen(BRIDGE_PFX))) {
arg += strlen(BRIDGE_PFX);
bridging = true;
}
p = strchr(arg, ':');
if (p) {
str2mac(p+1, conf.mac);
add_feature(dev, VIRTIO_NET_F_MAC);
*p = '\0';
}
if (bridging)
add_to_bridge(ipfd, tapif, arg);
else
ip = str2ip(arg);
configure_device(ipfd, tapif, ip);
add_feature(dev, VIRTIO_NET_F_CSUM);
add_feature(dev, VIRTIO_NET_F_GUEST_CSUM);
add_feature(dev, VIRTIO_NET_F_GUEST_TSO4);
add_feature(dev, VIRTIO_NET_F_GUEST_TSO6);
add_feature(dev, VIRTIO_NET_F_GUEST_ECN);
add_feature(dev, VIRTIO_NET_F_HOST_TSO4);
add_feature(dev, VIRTIO_NET_F_HOST_TSO6);
add_feature(dev, VIRTIO_NET_F_HOST_ECN);
add_feature(dev, VIRTIO_RING_F_INDIRECT_DESC);
set_config(dev, sizeof(conf), &conf);
close(ipfd);
devices.device_num++;
if (bridging)
verbose("device %u: tun %s attached to bridge: %s\n",
devices.device_num, tapif, arg);
else
verbose("device %u: tun %s: %s\n",
devices.device_num, tapif, arg);
}
int main(int argc, char *argv[])
{
char *iface = "wlan0";
char *tap = "tap0";
struct params p;
int ch;
/* default params */
memset(&p, 0, sizeof(p));
memcpy(p.mac, "\x00\x00\xde\xfa\xce\x0d", 6);
strcpy(p.ssid, "sorbo");
p.bint = 500*1000;
p.seq = getpid();
if (gettimeofday(&p.blast, NULL) == -1)
err(1, "gettimeofday()");
p.chan = 3;
while ((ch = getopt(argc, argv, "hi:s:m:w:c:t:")) != -1) {
switch (ch) {
case 'i':
iface = optarg;
break;
case 't':
tap = optarg;
break;
case 'c':
p.chan = atoi(optarg);
break;
case 's':
strncpy(p.ssid, optarg, sizeof(p.ssid)-1);
p.ssid[sizeof(p.ssid)-1] = 0;
break;
case 'm':
str2mac(p.mac, optarg);
break;
case 'w':
if (str2wep(p.wep_key, &p.wep_len, optarg)) {
printf("Error parsing WEP key\n");
exit(1);
}
break;
case 'h':
default:
usage(argv[0]);
break;
}
}
/* init */
if ((p.tx = open_tx(iface)) == -1)
err(1, "open_tx()");
if ((p.rx = open_rx(iface)) == -1)
err(1, "open_rx()");
if ((p.tap = open_tap(tap)) == -1)
err(1, "open_tap()");
if (set_iface_mac(tap, p.mac) == -1)
err(1, "set_iface_mac()");
while (1) {
next_event(&p);
}
exit(0);
}
/* Brute force all possible WPS pins for a given access point */
void crack()
{
unsigned char *bssid = NULL;
char *pin = NULL;
int fail_count = 0, loop_count = 0, sleep_count = 0, assoc_fail_count = 0;
float pin_count = 0;
time_t start_time = 0;
enum wps_result result = 0;
/* MAC CHANGER VARIABLES */
int mac_changer_counter = 0;
char mac[MAC_ADDR_LEN] = { 0 };
unsigned char mac_string [] = "ZZ:ZZ:ZZ:ZZ:ZZ:ZZ";
unsigned char* new_mac = &mac_string[0];
char last_digit = '0';
if(!get_iface())
{
return;
}
if(get_max_pin_attempts() == -1)
{
cprintf(CRITICAL, "[X] ERROR: This device has been blacklisted and is not supported.\n");
return;
}
/* Initialize network interface */
set_handle(capture_init(get_iface()));
if(get_handle() != NULL)
{
generate_pins();
/* Restore any previously saved session */
if(get_static_p1() == NULL)
{
restore_session();
}
/* Convert BSSID to a string */
bssid = mac2str(get_bssid(), ':');
/*
* We need to get some basic info from the AP, and also want to make sure the target AP
* actually exists, so wait for a beacon packet
*/
cprintf(INFO, "[+] Waiting for beacon from %s\n", bssid);
read_ap_beacon();
process_auto_options();
/* I'm fairly certian there's a reason I put this in twice. Can't remember what it was now though... */
if(get_max_pin_attempts() == -1)
{
cprintf(CRITICAL, "[X] ERROR: This device has been blacklisted and is not supported.\n");
return;
}
/* This initial association is just to make sure we can successfully associate */
while(!reassociate())
{
if(assoc_fail_count == MAX_ASSOC_FAILURES)
{
assoc_fail_count = 0;
cprintf(CRITICAL, "[!] WARNING: Failed to associate with %s (ESSID: %s)\n", bssid, get_ssid());
}
else
{
assoc_fail_count++;
}
}
cprintf(INFO, "[+] Associated with %s (ESSID: %s)\n", bssid, get_ssid());
/* Used to calculate pin attempt rates */
start_time = time(NULL);
/* If the key status hasn't been explicitly set by restore_session(), ensure that it is set to KEY1_WIP */
if(get_key_status() <= KEY1_WIP)
{
set_key_status(KEY1_WIP);
}
/*
* If we're starting a session at KEY_DONE, that means we've already cracked the pin and the AP is being re-attacked.
* Re-set the status to KEY2_WIP so that we properly enter the main cracking loop.
*/
else if(get_key_status() == KEY_DONE)
{
set_key_status(KEY2_WIP);
}
//copy the current mac to the new_mac variable for mac changer
if (get_mac_changer() == 1) {
strncpy(new_mac, mac2str(get_mac(), ':'), 16);
}
/* Main cracking loop */
for(loop_count=0, sleep_count=0; get_key_status() != KEY_DONE; loop_count++, sleep_count++)
{
//MAC Changer switch/case to define the last mac address digit
if (get_mac_changer() == 1) {
switch (mac_changer_counter) {
case 0:
last_digit = '0';
break;
case 1:
last_digit = '1';
break;
case 2:
last_digit = '2';
break;
case 3:
last_digit = '3';
break;
case 4:
last_digit = '4';
break;
case 5:
last_digit = '5';
break;
case 6:
last_digit = '6';
break;
case 7:
last_digit = '7';
break;
case 8:
last_digit = '8';
break;
case 9:
last_digit = '9';
break;
case 10:
last_digit = 'A';
break;
case 11:
last_digit = 'B';
break;
case 12:
last_digit = 'C';
break;
case 13:
last_digit = 'D';
break;
case 14:
last_digit = 'E';
break;
case 15:
last_digit = 'F';
mac_changer_counter = -1;
break;
}
mac_changer_counter++;
new_mac[16] = last_digit;
//transform the string to a MAC and define the MAC
str2mac((unsigned char *) new_mac, (unsigned char *) &mac);
set_mac((unsigned char *) &mac);
cprintf(WARNING, "[+] Using MAC %s \n", mac2str(get_mac(), ':'));
}
/*
* Some APs may do brute force detection, or might not be able to handle an onslaught of WPS
* registrar requests. Using a delay here can help prevent the AP from locking us out.
*/
pcap_sleep(get_delay());
/* Users may specify a delay after x number of attempts */
if((get_recurring_delay() > 0) && (sleep_count == get_recurring_delay_count()))
{
cprintf(VERBOSE, "[+] Entering recurring delay of %d seconds\n", get_recurring_delay());
pcap_sleep(get_recurring_delay());
sleep_count = 0;
}
/*
* Some APs identify brute force attempts and lock themselves for a short period of time (typically 5 minutes).
* Verify that the AP is not locked before attempting the next pin.
*/
while(get_ignore_locks() == 0 && is_wps_locked())
{
cprintf(WARNING, "[!] WARNING: Detected AP rate limiting, waiting %d seconds before re-checking\n", get_lock_delay());
pcap_sleep(get_lock_delay());
}
/* Initialize wps structure */
set_wps(initialize_wps_data());
if(!get_wps())
{
cprintf(CRITICAL, "[-] Failed to initialize critical data structure\n");
break;
}
/* Try the next pin in the list */
pin = build_next_pin();
if(!pin)
{
cprintf(CRITICAL, "[-] Failed to generate the next payload\n");
break;
}
else
{
cprintf(WARNING, "[+] Trying pin %s\n", pin);
}
/*
* Reassociate with the AP before each WPS exchange. This is necessary as some APs will
* severely limit our pin attempt rate if we do not.
*/
assoc_fail_count = 0;
while(!reassociate())
{
if(assoc_fail_count == MAX_ASSOC_FAILURES)
{
assoc_fail_count = 0;
cprintf(CRITICAL, "[!] WARNING: Failed to associate with %s (ESSID: %s)\n", bssid, get_ssid());
}
else
{
assoc_fail_count++;
}
}
/*
* Enter receive loop. This will block until a receive timeout occurs or a
* WPS transaction has completed or failed.
*/
result = do_wps_exchange();
switch(result)
{
/*
* If the last pin attempt was rejected, increment
* the pin counter, clear the fail counter and move
* on to the next pin.
*/
case KEY_REJECTED:
fail_count = 0;
pin_count++;
advance_pin_count();
break;
/* Got it!! */
case KEY_ACCEPTED:
break;
/* Unexpected timeout or EAP failure...try this pin again */
default:
cprintf(VERBOSE, "[!] WPS transaction failed (code: 0x%.2X), re-trying last pin\n", result);
fail_count++;
break;
}
/* If we've had an excessive number of message failures in a row, print a warning */
if(fail_count == WARN_FAILURE_COUNT)
{
cprintf(WARNING, "[!] WARNING: %d failed connections in a row\n", fail_count);
fail_count = 0;
pcap_sleep(get_fail_delay());
}
/* Display status and save current session state every DISPLAY_PIN_COUNT loops */
if(loop_count == DISPLAY_PIN_COUNT)
{
save_session();
display_status(pin_count, start_time);
loop_count = 0;
}
/*
* The WPA key and other settings are stored in the globule->wps structure. If we've
* recovered the WPS pin and parsed these settings, don't free this structure. It
* will be freed by wpscrack_free() at the end of main().
*/
if(get_key_status() != KEY_DONE)
{
wps_deinit(get_wps());
set_wps(NULL);
}
/* If we have cracked the pin, save a copy */
else
{
set_pin(pin);
}
free(pin);
pin = NULL;
/* If we've hit our max number of pin attempts, quit */
if((get_max_pin_attempts() > 0) &&
(pin_count == get_max_pin_attempts()))
{
cprintf(VERBOSE, "[+] Quitting after %d crack attempts\n", get_max_pin_attempts());
break;
}
}
if(bssid) free(bssid);
if(get_handle())
{
pcap_close(get_handle());
set_handle(NULL);
}
}
else
{
cprintf(CRITICAL, "[-] Failed to initialize interface '%s'\n", get_iface());
}
}
int init_leases_list()
{
DHCPLIST *temp;
int i, j;
u8b chaddr[16];
FILE *config;
char line[80];
char textsubnet[16];
char textlease[5];
char textrouter[16];
char textmask[16];
char textlowrange[4], texthighrange[4];
char textserver[16];
u8b ip0, ip1, ip2, ip3;
u8b lowrange, highrange;
u8b textmac[17], textip[16];
u32b lease;
/* Be nice variables and behave yourselves */
for( j = 0; j < 16; j++ )
{
chaddr[j] = 0;
textsubnet[j] = 0;
textrouter[j] = 0;
textmask[j] = 0;
textip[j] = 0;
textmac[j] = 0;
}
textlease[0] = 0;
textlowrange[0] = 0;
texthighrange[0] = 0;
/* Now we can read our configuration file */
config = fopen( "dhcp.conf", "r" );
if( !config )
{
perror("Reading config files");
exit( 0 );
}
/* We _DO_ need a better parser */
list = (DHCPLIST *)malloc( sizeof( DHCPLIST ));
temp = list;
temp->back = NULL;
while( (!feof( config )) && ( line ))
{
fscanf( config, "%s", line);
if( !strcmp( line, "subnet" ))
/* Read subnet parameters */
fscanf( config, "%s", textsubnet );
if( !strcmp( line, "lease" ))
/* read lease parameters */
fscanf( config, "%s", textlease );
if( !strcmp( line, "router" ))
fscanf( config, "%s", textrouter );
if( !strcmp( line, "mask" ))
fscanf( config, "%s", textmask );
if( !strcmp( line, "range" ))
fscanf( config, "%s %s", textlowrange, texthighrange );
if( !strcmp( line, "server" ))
fscanf( config, "%s", textserver );
if( !strcmp( line, "host" ))
{
/* Host Specific Configuration */
fscanf( config, "%s %s", textmac, textip );
str2mac( textmac, temp->chaddr );
temp->type = STATIC;
temp->data.ip = inet_addr( textip );
temp->next = (DHCPLIST *)malloc( sizeof( DHCPLIST ));
temp->next->back = temp;
temp = temp->next;
temp->next =NULL;
}
}
fclose( config );
lowrange = (u8b)atoi( textlowrange );
highrange = (u8b)atoi( texthighrange );
lease = (u32b)atoi( textlease );
/* Creating Static IP */
for( temp = list; temp->next; temp = temp->next )
{
temp->available = FREE;
temp->xid = 0;
temp->data.router = inet_addr( textrouter );
temp->data.mask = inet_addr( textmask );
temp->data.lease = lease;
temp->data.siaddr = inet_addr( textserver );
}
/* Creating Dynamic IP */
for( i = lowrange; i < (highrange + 1); i++ )
{
temp->available = FREE;
temp->xid = 0;
temp->type = DYNAMIC;
maccpy( temp->chaddr, chaddr );
split_ip( textsubnet, &ip0, 0 );
split_ip( textsubnet, &ip1, 1 );
split_ip( textsubnet, &ip2, 2 );
temp->data.ip = i;
temp->data.ip = temp->data.ip << 8;
temp->data.ip += ip2;
temp->data.ip = temp->data.ip << 8;
temp->data.ip += ip1;
temp->data.ip = temp->data.ip << 8;
temp->data.ip += ip0;
temp->data.router = inet_addr( textrouter );
temp->data.mask = inet_addr( textmask );
temp->data.lease = lease;
temp->data.siaddr = inet_addr( textserver );
temp->next = (DHCPLIST *)malloc( sizeof( DHCPLIST ));
temp->next->back = temp;
temp = temp->next;
}
return 0;
}
int load_conf_line( struct portal_pkg_t *pkg, char *line )
{
char *temp;
int i;
struct in_addr addr;
unsigned long time;
#if 0
userip=192.168.1.1
errcode=0
pkgtype=0x36
username=aaaa
password=bbbb
challenge=0x00112233445566778899aabbccddeeff
chappasswd=0x00112233445566778899aabbccddeeff
usermac=00:11:22:33:44:55
ua=ieee
basip=1.2.3.4
starttime=123456789
stoptime=1234569411
nasid=99887666555
#endif
if(line[0]=='#') {
return 0;
}
temp = strchr(line,'=');
if( NULL == temp ) {
return 0;
}
*temp = 0;
temp++;
for( i=0; temp[i]!=0; i++ ) {
if( 0x0a == temp[i] || 0x0b == temp[i] ) {
temp[i] = 0;
}
}
if( 0 == strcmp("userip",line) ) {
inet_aton(temp, &addr );
pkg->user_ip = ntohl(addr.s_addr);
} else if( 0 == strcmp("errcode",line) ) {
pkg->err_code = atol(temp);
} else if( 0 == strcmp("pkgtype",line) ) {
pkg->pkg_type = strtol(temp,NULL,16);
} else if( 0 == strcmp("username",line) ) {
eag_portal_pkg_add_attr(pkg, ATTR_USERNAME,temp,strlen(temp));
} else if( 0 == strcmp("password",line) ) {
eag_portal_pkg_add_attr(pkg, ATTR_PASSWORD,temp,strlen(temp));
} else if( 0 == strcmp("challenge",line) ) {
} else if( 0 == strcmp("chappasswd",line) ) {
} else if( 0 == strcmp("usermac",line) ) {
unsigned char mac[6];
str2mac(mac, 6, temp);
eag_portal_pkg_add_attr(pkg,ATTR_USERMAC,mac,6);
} else if( 0 == strcmp("ua",line) ) {
eag_portal_pkg_add_attr(pkg,ATTR_USER_AGENT,temp,strlen(temp));
} else if( 0 == strcmp("basip",line) ) {
unsigned long ip;
inet_aton(temp, &addr );
ip = ntohl(addr.s_addr);
eag_portal_pkg_add_attr( pkg,ATTR_BASIP,&ip,4);
} else if( 0 == strcmp("starttime",line) ) {
time = atol(temp);
eag_portal_pkg_add_attr( pkg, ATTR_SESS_START, &time, 4);
} else if( 0 == strcmp("stoptime",line) ) {
time = atol(temp);
eag_portal_pkg_add_attr( pkg, ATTR_SESS_STOP, &time, 4);
}
else if( 0 == strcmp("sesstime",line) ) {
time = atol(temp);
eag_portal_pkg_add_attr( pkg, ATTR_SESS_TIME, &time, 4);
}
else if( 0 == strcmp("nasid",line) ) {
eag_portal_pkg_add_attr( pkg, ATTR_NASID, temp, strlen(temp));
}
}
/*L:195
* Our network is a Host<->Guest network. This can either use bridging or
* routing, but the principle is the same: it uses the "tun" device to inject
* packets into the Host as if they came in from a normal network card. We
* just shunt packets between the Guest and the tun device.
*/
static void setup_tun_net(char *arg)
{
struct device *dev;
struct net_info *net_info = malloc(sizeof(*net_info));
int ipfd;
u32 ip = INADDR_ANY;
bool bridging = false;
char tapif[IFNAMSIZ], *p;
struct virtio_net_config conf;
net_info->tunfd = get_tun_device(tapif);
/* First we create a new network device. */
dev = new_device("net", VIRTIO_ID_NET);
dev->priv = net_info;
/* Network devices need a recv and a send queue, just like console. */
add_virtqueue(dev, VIRTQUEUE_NUM, net_input);
add_virtqueue(dev, VIRTQUEUE_NUM, net_output);
/*
* We need a socket to perform the magic network ioctls to bring up the
* tap interface, connect to the bridge etc. Any socket will do!
*/
ipfd = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
if (ipfd < 0)
err(1, "opening IP socket");
/* If the command line was --tunnet=bridge:<name> do bridging. */
if (!strncmp(BRIDGE_PFX, arg, strlen(BRIDGE_PFX))) {
arg += strlen(BRIDGE_PFX);
bridging = true;
}
/* A mac address may follow the bridge name or IP address */
p = strchr(arg, ':');
if (p) {
str2mac(p+1, conf.mac);
add_feature(dev, VIRTIO_NET_F_MAC);
*p = '\0';
}
/* arg is now either an IP address or a bridge name */
if (bridging)
add_to_bridge(ipfd, tapif, arg);
else
ip = str2ip(arg);
/* Set up the tun device. */
configure_device(ipfd, tapif, ip);
/* Expect Guest to handle everything except UFO */
add_feature(dev, VIRTIO_NET_F_CSUM);
add_feature(dev, VIRTIO_NET_F_GUEST_CSUM);
add_feature(dev, VIRTIO_NET_F_GUEST_TSO4);
add_feature(dev, VIRTIO_NET_F_GUEST_TSO6);
add_feature(dev, VIRTIO_NET_F_GUEST_ECN);
add_feature(dev, VIRTIO_NET_F_HOST_TSO4);
add_feature(dev, VIRTIO_NET_F_HOST_TSO6);
add_feature(dev, VIRTIO_NET_F_HOST_ECN);
/* We handle indirect ring entries */
add_feature(dev, VIRTIO_RING_F_INDIRECT_DESC);
set_config(dev, sizeof(conf), &conf);
/* We don't need the socket any more; setup is done. */
close(ipfd);
devices.device_num++;
if (bridging)
verbose("device %u: tun %s attached to bridge: %s\n",
devices.device_num, tapif, arg);
else
verbose("device %u: tun %s: %s\n",
devices.device_num, tapif, arg);
}
/*===========================================================================
METHOD:
GobiUSBNetProbe (Public Method)
DESCRIPTION:
Run usbnet_probe
Setup QMI device
PARAMETERS
pIntf [ I ] - Pointer to interface
pVIDPIDs [ I ] - Pointer to VID/PID table
RETURN VALUE:
int - 0 for success
Negative errno for error
===========================================================================*/
int GobiUSBNetProbe(
struct usb_interface * pIntf,
const struct usb_device_id * pVIDPIDs )
{
int status;
struct usbnet * pDev;
sGobiUSBNet * pGobiDev;
sEndpoints * pEndpoints;
int pipe;
unsigned char my_mac_addr[ETH_ALEN];
struct sockaddr addr;
#if (LINUX_VERSION_CODE >= KERNEL_VERSION( 2,6,29 ))
struct net_device_ops * pNetDevOps;
#endif
pEndpoints = GatherEndpoints( pIntf );
if (pEndpoints == NULL)
{
return -ENODEV;
}
status = usbnet_probe( pIntf, pVIDPIDs );
if (status < 0)
{
DBG( "usbnet_probe failed %d\n", status );
return status;
}
#if (LINUX_VERSION_CODE >= KERNEL_VERSION( 2,6,19 ))
pIntf->needs_remote_wakeup = 1;
#endif
#if (LINUX_VERSION_CODE > KERNEL_VERSION( 2,6,23 ))
pDev = usb_get_intfdata( pIntf );
#else
pDev = (struct usbnet *)pIntf->dev.platform_data;
#endif
if (pDev == NULL || pDev->net == NULL)
{
DBG( "failed to get netdevice\n" );
usbnet_disconnect( pIntf );
kfree( pEndpoints );
return -ENXIO;
}
//modify Mac from param arthur 20140122
if(mac_addr != NULL){
str2mac(mac_addr,my_mac_addr);
addr.sa_family = 1;
memset(addr.sa_data,0,ETH_ALEN);
memcpy(addr.sa_data, my_mac_addr, ETH_ALEN);
#if (LINUX_VERSION_CODE < KERNEL_VERSION( 2,6,29 ))
pDev->net->set_mac_address(pDev->net,&addr);
#else
pDev->net->netdev_ops->ndo_set_mac_address(pDev->net,&addr);
#endif
}
//check the first 4 bits of MAC addr , for they can't be 4 or 6 arthur 20140122
if(((pDev->net->dev_addr[0] & 0xf0) == 0x40) ||
((pDev->net->dev_addr[0] & 0xf0) == 0x60))
{
printk("Need to Modify Mac\n" );
addr.sa_family = 1;
memset(addr.sa_data,0,ETH_ALEN);
memcpy(addr.sa_data, pDev->net->dev_addr, ETH_ALEN);
addr.sa_data[0] |= 0x10;
#if (LINUX_VERSION_CODE < KERNEL_VERSION( 2,6,29 ))
pDev->net->set_mac_address(pDev->net,&addr);
#else
pDev->net->netdev_ops->ndo_set_mac_address(pDev->net,&addr);
#endif
}
pGobiDev = kmalloc( sizeof( sGobiUSBNet ), GFP_KERNEL );
if (pGobiDev == NULL)
{
DBG( "falied to allocate device buffers" );
usbnet_disconnect( pIntf );
kfree( pEndpoints );
return -ENOMEM;
}
pDev->data[0] = (unsigned long)pGobiDev;
pGobiDev->mpNetDev = pDev;
pGobiDev->mpEndpoints = pEndpoints;
// Clearing endpoint halt is a magic handshake that brings
// the device out of low power (airplane) mode
// NOTE: FCC verification should be done before this, if required
pipe = usb_sndbulkpipe( pGobiDev->mpNetDev->udev,
pGobiDev->mpEndpoints->mBlkOutEndp );
usb_clear_halt( pGobiDev->mpNetDev->udev, pipe );
// Overload PM related network functions
#if (LINUX_VERSION_CODE < KERNEL_VERSION( 2,6,29 ))
pGobiDev->mpUSBNetOpen = pDev->net->open;
pDev->net->open = GobiUSBNetOpen;
pGobiDev->mpUSBNetStop = pDev->net->stop;
pDev->net->stop = GobiUSBNetStop;
// pDev->net->hard_start_xmit = GobiUSBNetStartXmit;
// pDev->net->tx_timeout = GobiUSBNetTXTimeout;
#else
pNetDevOps = kmalloc( sizeof( struct net_device_ops ), GFP_KERNEL );
if (pNetDevOps == NULL)
{
DBG( "falied to allocate net device ops" );
usbnet_disconnect( pIntf );
return -ENOMEM;
}
memcpy( pNetDevOps, pDev->net->netdev_ops, sizeof( struct net_device_ops ) );
pGobiDev->mpUSBNetOpen = pNetDevOps->ndo_open;
pNetDevOps->ndo_open = GobiUSBNetOpen;
pGobiDev->mpUSBNetStop = pNetDevOps->ndo_stop;
pNetDevOps->ndo_stop = GobiUSBNetStop;
// pNetDevOps->ndo_start_xmit = GobiUSBNetStartXmit;
// pNetDevOps->ndo_tx_timeout = GobiUSBNetTXTimeout;
pDev->net->netdev_ops = pNetDevOps;
#endif
#if (LINUX_VERSION_CODE < KERNEL_VERSION( 2,6,31 ))
memset( &(pGobiDev->mpNetDev->stats), 0, sizeof( struct net_device_stats ) );
#else
memset( &(pGobiDev->mpNetDev->net->stats), 0, sizeof( struct net_device_stats ) );
#endif
pGobiDev->mpIntf = pIntf;
memset( &(pGobiDev->mMEID), '0', 14 );
DBG( "Mac Address:\n" );
PrintHex( &pGobiDev->mpNetDev->net->dev_addr[0], 6 );
pGobiDev->mbQMIValid = false;
memset( &pGobiDev->mQMIDev, 0, sizeof( sQMIDev ) );
pGobiDev->mQMIDev.mbCdevIsInitialized = false;
pGobiDev->mQMIDev.mpDevClass = gpClass;
init_completion( &pGobiDev->mAutoPM.mThreadDoWork );
spin_lock_init( &pGobiDev->mQMIDev.mClientMemLock );
// Default to device down
pGobiDev->mDownReason = 0;
GobiSetDownReason( pGobiDev, NO_NDIS_CONNECTION );
GobiSetDownReason( pGobiDev, NET_IFACE_STOPPED );
// Register QMI
status = RegisterQMIDevice( pGobiDev );
if (status != 0)
{
// usbnet_disconnect() will call GobiNetDriverUnbind() which will call
// DeregisterQMIDevice() to clean up any partially created QMI device
usbnet_disconnect( pIntf );
return status;
}
// Success
return 0;
}
int cmd_wol(int argc, char **argv)
{
int i=1, ret=0;
int port = 9;
char *ip = NULL, *pmac = NULL, *if_name = NULL;
char broad[16] = "255.255.255.255";
unsigned char mac[6] = {0}, pwd[6] = {0};
unsigned char data[108] = {0};
int sock, len=102, have_pwd = 0;
while(argv[++i])
{
if( strcmp(argv[i], "-i") == 0 && argv[++i]){
ip = argv[i];
if(!ip_check(ip)){
printf("invalid ip: %s \n", argv[i]);
return -1;
}
}
else if( strcmp(argv[i], "-p") == 0 && argv[++i]){
port = atoi(argv[i]);
if(port <= 0 || port >= 65535){
printf("invalid port: %s \n", argv[i]);
return -1;
}
}
else if( strcmp(argv[i], "-o") == 0 && argv[++i]){
if_name = argv[i];
}
else if( strcmp(argv[i], "--passwd") == 0 && argv[++i]){
if( str2mac(argv[i], pwd) < 0){
printf("invalid pwd: %s \n", argv[i]);
return -1;
}
}
else{
pmac = argv[i];
if( str2mac(argv[i], mac) < 0){
printf("invalid mac: %s \n", argv[i]);
return -1;
}
}
}
memset(data, 0xff, 6);
for(i=6; i<102; i+=6){
memcpy(&data[i], mac, 6);
}
if(have_pwd){
memcpy(&data[102], pwd, 6);
len = 108;
}
if(NULL == ip)
ip = &broad[0];
ret = sock = wf_udp_socket(0, 1, if_name);
if(sock > 0)
ret = wf_sendto_ip(sock, data, len, 0, ip, port);
printf("sending magic packet to %s:%d with %s %s%s \n", ip, port, pmac, ret<0 ? "[failed: " : "", ret<0 ? wf_socket_error(NULL) : "" );
return 0;
}
static int plt_tx_cont(struct nl80211_state *state, struct nl_cb *cb,
struct nl_msg *msg, int argc, char **argv)
{
struct nlattr *key;
struct wl1271_cmd_pkt_params prms = {
.src_mac = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff },
};
if (argc != 15)
return 1;
#if 0
printf("%s> delay (%d) rate (%08x) size (%d) amount (%d) power (%d) "
"seed (%d) pkt_mode (%d) DCF (%d) GI (%d) preamble (%d) type "
"(%d) scramble (%d) CLPC (%d), SeqNbrMode (%d) DestMAC (%s)\n",
__func__,
atoi(argv[0]), atoi(argv[1]), atoi(argv[2]), atoi(argv[3]),
atoi(argv[4]), atoi(argv[5]), atoi(argv[6]), atoi(argv[7]),
atoi(argv[8]), atoi(argv[9]), atoi(argv[10]), atoi(argv[11]),
atoi(argv[12]), atoi(argv[13]), argv[14]
);
#endif
memset((void *)&prms, 0, sizeof(struct wl1271_cmd_pkt_params));
prms.test.id = TEST_CMD_FCC;
prms.delay = atoi(argv[0]);
prms.rate = atoi(argv[1]);
prms.size = (unsigned short)atoi(argv[2]);
prms.amount = (unsigned short)atoi(argv[3]);
prms.power = atoi(argv[4]);
prms.seed = (unsigned short)atoi(argv[5]);
prms.pkt_mode = (unsigned char)atoi(argv[6]);
prms.dcf_enable = (unsigned char)atoi(argv[7]);
prms.g_interval = (unsigned char)atoi(argv[8]);
prms.preamble = (unsigned char)atoi(argv[9]);
prms.type = (unsigned char)atoi(argv[10]);
prms.scramble = (unsigned char)atoi(argv[11]);
prms.clpc_enable = (unsigned char)atoi(argv[12]);
prms.seq_nbr_mode = (unsigned char)atoi(argv[13]);
str2mac(prms.dst_mac, argv[14]);
if (get_mac_addr(0, prms.src_mac))
fprintf(stderr, "fail to get MAC addr\n");
printf("%02X:%02X:%02X:%02X:%02X:%02X\n",
prms.src_mac[0], prms.src_mac[1], prms.src_mac[2],
prms.src_mac[3], prms.src_mac[4], prms.src_mac[5]);
key = nla_nest_start(msg, NL80211_ATTR_TESTDATA);
if (!key) {
fprintf(stderr, "fail to nla_nest_start()\n");
return 1;
}
NLA_PUT_U32(msg, WL1271_TM_ATTR_CMD_ID, WL1271_TM_CMD_TEST);
NLA_PUT(msg, WL1271_TM_ATTR_DATA, sizeof(prms), &prms);
nla_nest_end(msg, key);
return 0;
nla_put_failure:
fprintf(stderr, "%s> building message failed\n", __func__);
return 2;
}