コード例 #1
0
ファイル: 80211.c プロジェクト: delta48/reaver-wps-fork-t6x
/* 
 * Waits for a beacon packet from the target AP and populates the globule->ap_capabilities field.
 * This is used for obtaining the capabilities field and AP SSID.
 */
void read_ap_beacon()
{
        struct pcap_pkthdr header;
        const unsigned char *packet = NULL;
        struct radio_tap_header *rt_header = NULL;
        struct dot11_frame_header *frame_header = NULL;
        struct beacon_management_frame *beacon = NULL;
	int channel = 0;
	size_t tag_offset = 0;
	time_t start_time = 0;

	set_ap_capability(0);
	start_time = time(NULL);
	
        while(get_ap_capability() == 0)
        {
                packet = next_packet(&header);
                if(packet == NULL)
                {
                        break;
                }

                if(header.len >= MIN_BEACON_SIZE)
                {
                        rt_header = (struct radio_tap_header *) radio_header(packet, header.len);
			size_t rt_header_len = end_le16toh(rt_header->len);
			frame_header = (struct dot11_frame_header *) (packet + rt_header_len);
			
			if(is_target(frame_header))
			{
                                if((frame_header->fc & end_htole16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) ==
				   end_htole16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_BEACON))
                                {
                                       	beacon = (struct beacon_management_frame *) (packet + rt_header_len + sizeof(struct dot11_frame_header));
                                       	set_ap_capability(end_le16toh(beacon->capability));

					/* Obtain the SSID and channel number from the beacon packet */
					tag_offset = rt_header_len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
					channel = parse_beacon_tags(packet, header.len);
					
					/* If no channel was manually specified, switch to the AP's current channel */
					if(!get_fixed_channel() && get_auto_channel_select() && channel > 0 && channel != get_channel())
					{
						change_channel(channel);
						set_channel(channel);
					}

                                       	break;
				}
			}
                }

		/* If we haven't seen any beacon packets from the target within BEACON_WAIT_TIME seconds, try another channel */
		if((time(NULL) - start_time) >= BEACON_WAIT_TIME)
		{
			next_channel();
			start_time = time(NULL);
		}
        }
}
コード例 #2
0
/* Given the tagged parameter sets from a beacon packet, locate the AP's SSID and return its current channel number */
int parse_beacon_tags(const u_char *packet, size_t len)
{
    char *ssid = NULL;
    const u_char *tag_data = NULL;
    unsigned char *ie = NULL, *channel_data = NULL;
    size_t ie_len = 0, ie_offset = 0, tag_len = 0, tag_offset = 0;
    int channel = 0;
    struct radio_tap_header *rt_header = NULL;

    rt_header = (struct radio_tap_header *) radio_header(packet, len);
    tag_offset = rt_header->len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);

    if(tag_offset < len)
    {
        tag_len = (len - tag_offset);
        tag_data = (const u_char *) (packet + tag_offset);

        /* If no SSID was manually specified, parse and save the AP SSID */
        if(get_ssid() == NULL)
        {
            ie = parse_ie_data(tag_data, tag_len, (uint8_t) SSID_TAG_NUMBER, &ie_len, &ie_offset);
            if(ie)
            {
                /* Return data is not null terminated; allocate ie_len+1 and memcpy string */
                ssid = malloc(ie_len+1);
                if(ssid)
                {
                    memset(ssid, 0, (ie_len+1));
                    memcpy(ssid, ie, ie_len);
                    set_ssid(ssid);
                    free(ssid);
                }

                free(ie);
            }
        }

        ie = parse_ie_data(tag_data, tag_len, (uint8_t) RATES_TAG_NUMBER, &ie_len, &ie_offset);
        if(ie)
        {
            set_ap_rates(ie, ie_len);
            free(ie);
        }

        channel_data = parse_ie_data(tag_data, tag_len, (uint8_t) CHANNEL_TAG_NUMBER, &ie_len, &ie_offset);
        if(channel_data)
        {
            if(ie_len  == 1)
            {
                memcpy((int *) &channel, channel_data, ie_len);
            }
            free(channel_data);
        }
    }

    return channel;
}
コード例 #3
0
/* 
 * Waits for a beacon packet from the target AP and populates the globule->ap_capabilities field.
 * This is used for obtaining the capabilities field and AP SSID.
 */
void read_ap_beacon()
{
    struct pcap_pkthdr header;
    const u_char *packet = NULL;
    struct radio_tap_header *rt_header = NULL;
    struct dot11_frame_header *frame_header = NULL;
    struct beacon_management_frame *beacon = NULL;
    int channel = 0;
    time_t start_time = 0;

    set_ap_capability(0);
    start_time = time(NULL);

    while(get_ap_capability() == 0)
    {
        packet = next_packet(&header);
        if(packet == NULL)
        {
            break;
        }

        if(header.len >= MIN_BEACON_SIZE)
        {
            rt_header = (struct radio_tap_header *) radio_header(packet, header.len);
            frame_header = (struct dot11_frame_header *) (packet + rt_header->len);

            if(is_target(frame_header))
            {
                if(frame_header->fc.type == MANAGEMENT_FRAME && frame_header->fc.sub_type == SUBTYPE_BEACON)
                {
                    beacon = (struct beacon_management_frame *) (packet + rt_header->len + sizeof(struct dot11_frame_header));
                    set_ap_capability(beacon->capability);

                    /* Obtain the SSID and channel number from the beacon packet */
                    channel = parse_beacon_tags(packet, header.len);

                    /* If no channel was manually specified, switch to the AP's current channel */
                    if(!get_fixed_channel() && get_auto_channel_select() && channel > 0 && channel != get_channel())
                    {
                        change_channel(channel);
                        set_channel(channel);
                    }

                    break;
                }
            }
        }

        /* If we haven't seen any beacon packets from the target within BEACON_WAIT_TIME seconds, try another channel */
        if((time(NULL) - start_time) >= BEACON_WAIT_TIME)
        {
            next_channel();
            start_time = time(NULL);
        }
    }
}
コード例 #4
0
ファイル: 80211.c プロジェクト: delta48/reaver-wps-fork-t6x
/* Given a beacon / probe response packet, returns the reported encryption type (WPA, WEP, NONE)
   THIS IS BROKE!!! DO NOT USE!!!
*/
enum encryption_type supported_encryption(const unsigned char *packet, size_t len)
{
	enum encryption_type enc = NONE;
	const unsigned char *tag_data = NULL;
	struct radio_tap_header *rt_header = NULL;
	size_t vlen = 0, voff = 0, tag_offset = 0, tag_len = 0, offset = 0;
	struct beacon_management_frame *beacon = NULL;

	if(len > MIN_BEACON_SIZE)
	{
		rt_header = (struct radio_tap_header *) radio_header(packet, len);
		size_t rt_header_len = end_le16toh(rt_header->len);
		beacon = (struct beacon_management_frame *) (packet + rt_header_len + sizeof(struct dot11_frame_header));
		offset = tag_offset = rt_header_len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
		
		tag_len = len - tag_offset;
		tag_data = (const unsigned char *) (packet + tag_offset);

		if((end_le16toh(beacon->capability) & CAPABILITY_WEP) == CAPABILITY_WEP)
		{
			enc = WEP;

			tag_data = parse_ie_data(tag_data, tag_len, (uint8_t) RSN_TAG_NUMBER, &vlen, &voff);
			if(tag_data && vlen > 0)
			{
				enc = WPA;
				free((void *) tag_data);
			}
			else
			{
				while(offset < len)
				{
					tag_len = len - offset;
					tag_data = (const unsigned char *) (packet + offset);

					tag_data = parse_ie_data(tag_data, tag_len, (uint8_t) VENDOR_SPECIFIC_TAG, &vlen, &voff);
					if(vlen > WPA_IE_ID_LEN)
					{
						if(memcmp(tag_data, WPA_IE_ID, WPA_IE_ID_LEN) == 0)
						{
							enc = WPA;
							break;
						}
						free((void *) tag_data);
					}

					offset = tag_offset + voff + vlen;
				}
			}
		}
	}

	return enc;
}
コード例 #5
0
ファイル: 80211.c プロジェクト: delta48/reaver-wps-fork-t6x
/* Waits for authentication and association responses from the target AP */
static int process_authenticate_associate_resp(int want_assoc)
{
	struct pcap_pkthdr header;
	unsigned char *packet;
	struct radio_tap_header *rt_header;
	struct dot11_frame_header *dot11_frame;
	struct authentication_management_frame *auth_frame;
	struct association_response_management_frame *assoc_frame;
	int ret_val = 0;

	start_timer();

	while(!get_out_of_time())
	{
		if((packet = next_packet(&header)) == NULL) break;

		if(header.len < MIN_AUTH_SIZE) continue;

		rt_header = (void*) radio_header(packet, header.len);
		size_t rt_header_len = end_le16toh(rt_header->len);
		dot11_frame = (void*)(packet + rt_header_len);

		if((memcmp(dot11_frame->addr3, get_bssid(), MAC_ADDR_LEN) != 0) ||
		   (memcmp(dot11_frame->addr1, get_mac(), MAC_ADDR_LEN) != 0))
			continue;

		int isMgmtFrame = (dot11_frame->fc & end_htole16(IEEE80211_FCTL_FTYPE)) == end_htole16(IEEE80211_FTYPE_MGMT);
		if(!isMgmtFrame) continue;

		void *ptr = (packet + sizeof(struct dot11_frame_header) + rt_header_len);
		auth_frame = ptr;
		assoc_frame = ptr;

		int isAuthResp = (dot11_frame->fc & end_htole16(IEEE80211_FCTL_STYPE)) == end_htole16(IEEE80211_STYPE_AUTH);
		int isAssocResp = (dot11_frame->fc & end_htole16(IEEE80211_FCTL_STYPE)) == end_htole16(IEEE80211_STYPE_ASSOC_RESP);

		if(!isAuthResp && !isAssocResp) continue;

		if(isAuthResp && want_assoc) continue;

		/* Did we get an authentication packet with a successful status? */
		if(isAuthResp && (auth_frame->status == end_htole16(AUTHENTICATION_SUCCESS))) {
			ret_val = AUTH_OK;
			break;
		}
		/* Did we get an association packet with a successful status? */
		else if(isAssocResp && (assoc_frame->status == end_htole16(ASSOCIATION_SUCCESS))) {
			ret_val = ASSOCIATE_OK;
			break;
		}
        }

        return ret_val;
}
コード例 #6
0
/* Waits for authentication and association responses from the target AP */
int associate_recv_loop()
{
    struct pcap_pkthdr header;
    const u_char *packet = NULL;
    struct radio_tap_header *rt_header = NULL;
    struct dot11_frame_header *dot11_frame = NULL;
    struct authentication_management_frame *auth_frame = NULL;
    struct association_response_management_frame *assoc_frame = NULL;
    int ret_val = 0, start_time = 0;

    start_time = time(NULL);

    while((time(NULL) - start_time) < ASSOCIATE_WAIT_TIME)
    {
        packet = next_packet(&header);
        if(packet == NULL)
        {
            break;
        }

        if(header.len >= MIN_AUTH_SIZE)
        {
            rt_header = (struct radio_tap_header *) radio_header(packet, header.len);
            dot11_frame = (struct dot11_frame_header *) (packet + rt_header->len);

            if((memcmp(dot11_frame->addr3, get_bssid(), MAC_ADDR_LEN) == 0) &&
                    (memcmp(dot11_frame->addr1, get_mac(), MAC_ADDR_LEN) == 0))
            {
                if(dot11_frame->fc.type == MANAGEMENT_FRAME)
                {
                    auth_frame = (struct authentication_management_frame *) (packet + sizeof(struct dot11_frame_header) + rt_header->len);
                    assoc_frame = (struct association_response_management_frame *) (packet + sizeof(struct dot11_frame_header) + rt_header->len);

                    /* Did we get an authentication packet with a successful status? */
                    if((dot11_frame->fc.sub_type == SUBTYPE_AUTHENTICATION) && (auth_frame->status == AUTHENTICATION_SUCCESS))
                    {
                        ret_val = AUTH_OK;
                        break;
                    }
                    /* Did we get an association packet with a successful status? */
                    else if((dot11_frame->fc.sub_type == SUBTYPE_ASSOCIATION) && (assoc_frame->status == ASSOCIATION_SUCCESS))
                    {
                        ret_val = ASSOCIATE_OK;
                        break;
                    }
                }
            }
        }
    }

    return ret_val;
}
コード例 #7
0
ファイル: 80211.c プロジェクト: delta48/reaver-wps-fork-t6x
/* 
 * Determines if the target AP has locked its WPS state or not.
 * Returns 0 if not locked, 1 if locked.
 */
int is_wps_locked()
{
	int locked = 0;
	struct libwps_data wps = { 0 };
	struct pcap_pkthdr header;
        const unsigned char *packet = NULL;
        struct radio_tap_header *rt_header = NULL;
        struct dot11_frame_header *frame_header = NULL;

	while(1)
	{
		packet = next_packet(&header);
        	if(packet == NULL)
		{
			break;
		}

		if(header.len >= MIN_BEACON_SIZE)
		{
			rt_header = (struct radio_tap_header *) radio_header(packet, header.len);
			size_t rt_header_len = end_le16toh(rt_header->len);
			frame_header = (struct dot11_frame_header *) (packet + rt_header_len);

			if(memcmp(frame_header->addr3, get_bssid(), MAC_ADDR_LEN) == 0)
			{
                                if((frame_header->fc & end_htole16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) ==
				   end_htole16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_BEACON))
				{
					if(parse_wps_parameters(packet, header.len, &wps))
					{
						if(wps.locked == WPSLOCKED)
						{
							locked = 1;
						}
						break;
					}
				}

                        }
		}
	}

	return locked;
}
コード例 #8
0
/* 
 * Determines if the target AP has locked its WPS state or not.
 * Returns 0 if not locked, 1 if locked.
 */
int is_wps_locked()
{
    int locked = 0;
    struct libwps_data wps = { 0 };
    struct pcap_pkthdr header;
    const u_char *packet = NULL;
    struct radio_tap_header *rt_header = NULL;
    struct dot11_frame_header *frame_header = NULL;

    while(1)
    {
        packet = next_packet(&header);
        if(packet == NULL)
        {
            break;
        }

        if(header.len >= MIN_BEACON_SIZE)
        {
            rt_header = (struct radio_tap_header *) radio_header(packet, header.len);
            frame_header = (struct dot11_frame_header *) (packet + rt_header->len);

            if(memcmp(frame_header->addr3, get_bssid(), MAC_ADDR_LEN) == 0)
            {
                if(frame_header->fc.type == MANAGEMENT_FRAME && frame_header->fc.sub_type == SUBTYPE_BEACON)
                {
                    if(parse_wps_parameters(packet, header.len, &wps))
                    {
                        if(wps.locked == WPSLOCKED)
                        {
                            locked = 1;
                        }
                        break;
                    }
                }

            }
        }
    }

    return locked;
}
コード例 #9
0
ファイル: wpsmon.c プロジェクト: siro20/reaver-wps
void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *target, int passive, int mode, int source)
{
	struct radio_tap_header *rt_header = NULL;
	struct dot11_frame_header *frame_header = NULL;
	struct libwps_data *wps = NULL;
	enum encryption_type encryption = NONE;
	char *bssid = NULL, *ssid = NULL, *lock_display = NULL;
	int wps_parsed = 0, probe_sent = 0, channel = 0, rssi = 0;
	static int channel_changed = 0;

	wps = malloc(sizeof(struct libwps_data));
	memset(wps, 0, sizeof(struct libwps_data));

	if(packet == NULL || header == NULL || header->len < MIN_BEACON_SIZE)
        {
                goto end;
        }

	rt_header = (struct radio_tap_header *) radio_header(packet, header->len);
	frame_header = (struct dot11_frame_header *) (packet + rt_header->len);

	/* If a specific BSSID was specified, only parse packets from that BSSID */
	if(!is_target(frame_header))
	{
		goto end;
	}

	set_ssid(NULL);
	bssid = (char *) mac2str(frame_header->addr3, ':');

	if(bssid)
	{
		if((target == NULL) ||
		   (target != NULL && strcmp(bssid, target) == 0))
		{
			channel = parse_beacon_tags(packet, header->len);
			rssi = signal_strength(packet, header->len);
			ssid = (char *) get_ssid();

			if(target != NULL && channel_changed == 0)
			{
				ualarm(0, 0);
				change_channel(channel);
				channel_changed = 1;
			}

			if(frame_header->fc.sub_type == PROBE_RESPONSE ||
                                   frame_header->fc.sub_type == SUBTYPE_BEACON)
			{
				wps_parsed = parse_wps_parameters(packet, header->len, wps);
			}
	
			if(!is_done(bssid) && (get_channel() == channel || source == PCAP_FILE || !get_channel()))
			{
				if(frame_header->fc.sub_type == SUBTYPE_BEACON && 
				   mode == SCAN && 
				   !passive && 
				   should_probe(bssid))
				{
					send_probe_request(get_bssid(), get_ssid());
					probe_sent = 1;
				}
		
				if(!insert(bssid, ssid, wps, encryption, rssi))
				{
					update(bssid, ssid, wps, encryption);
				}
				else if(wps->version > 0)
				{
					switch(wps->locked)
					{
						case WPSLOCKED:
							lock_display = YES;
							break;
						case UNLOCKED:
						case UNSPECIFIED:
							lock_display = NO;
							break;
					}

					cprintf(INFO, "%17s      %2d            %.2d        %d.%d               %s               %s\n", bssid, channel, rssi, (wps->version >> 4), (wps->version & 0x0F), lock_display, ssid);
				}

				if(probe_sent)
				{
					update_probe_count(bssid);
				}

				/* 
				 * If there was no WPS information, then the AP does not support WPS and we should ignore it from here on.
				 * If this was a probe response, then we've gotten all WPS info we can get from this AP and should ignore it from here on.
				 */
				if(!wps_parsed || frame_header->fc.sub_type == PROBE_RESPONSE)
				{
					mark_ap_complete(bssid);
				}
	
			}
		}

		/* Only update received signal strength if we are on the same channel as the AP, otherwise power measurements are screwy */
		if(channel == get_channel())
		{
			update_ap_power(bssid, rssi);
		}

		free(bssid);
		bssid = NULL;
	}
コード例 #10
0
ファイル: wpsmon.c プロジェクト: kib0rg/reaver-wps-fork-t6x
void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *target, int passive, int mode, int source)
{
    struct radio_tap_header *rt_header = NULL;
    struct dot11_frame_header *frame_header = NULL;
    struct libwps_data *wps = NULL;
    enum encryption_type encryption = NONE;
    char *bssid = NULL, *ssid = NULL, *lock_display = NULL;
    int wps_parsed = 0, probe_sent = 0, channel = 0, rssi = 0;
    static int channel_changed = 0;
    
    char info_manufac[500];
    char info_modelnum[500];
    char info_modelserial[500];

    wps = malloc(sizeof(struct libwps_data));
    memset(wps, 0, sizeof(struct libwps_data));

    if(packet == NULL || header == NULL || header->len < MIN_BEACON_SIZE)
    {
        goto end;
    }

    rt_header = (struct radio_tap_header *) radio_header(packet, header->len);
    frame_header = (struct dot11_frame_header *) (packet + rt_header->len);

    /* If a specific BSSID was specified, only parse packets from that BSSID */
    if(!is_target(frame_header))
    {
        goto end;
    }

    set_ssid(NULL);
    bssid = (char *) mac2str(frame_header->addr3, ':');
    set_bssid((unsigned char *) frame_header->addr3);

    if(bssid)
    {
        if((target == NULL) ||
                (target != NULL && strcmp(bssid, target) == 0))
        {
            channel = parse_beacon_tags(packet, header->len);
            rssi = signal_strength(packet, header->len);
            ssid = (char *) get_ssid();

            if(target != NULL && channel_changed == 0)
            {
                ualarm(0, 0);
                change_channel(channel);
                channel_changed = 1;
            }

            if(frame_header->fc.sub_type == PROBE_RESPONSE ||
                    frame_header->fc.sub_type == SUBTYPE_BEACON)
            {
                wps_parsed = parse_wps_parameters(packet, header->len, wps);
            }

            if(!is_done(bssid) && (get_channel() == channel || source == PCAP_FILE))
            {
                if(frame_header->fc.sub_type == SUBTYPE_BEACON && 
                        mode == SCAN && 
                        !passive && 
                        should_probe(bssid))
                {
                    send_probe_request(get_bssid(), get_ssid());
                    probe_sent = 1;
                }

                if(!insert(bssid, ssid, wps, encryption, rssi))
                {
                    update(bssid, ssid, wps, encryption);
                }
                else if(wps->version > 0)
                {
                    switch(wps->locked)
                    {
                        case WPSLOCKED:
                            lock_display = YES;
                            break;
                        case UNLOCKED:
                        case UNSPECIFIED:
                            lock_display = NO;
                            break;
                    }
					
					//ideas made by kcdtv
					
					if(get_chipset_output == 1)
					//if(1)
					{
						if (c_fix == 0)
						{
							//no use a fixed channel
							cprintf(INFO,"Option (-g) REQUIRES a channel to be set with (-c)\n");
							exit(0);
						}
						
						FILE *fgchipset=NULL;
						char cmd_chipset[4000];
						char cmd_chipset_buf[4000];
						char buffint[5];
						
						char *aux_cmd_chipset=NULL;
						

						
						memset(cmd_chipset, 0, sizeof(cmd_chipset));
						memset(cmd_chipset_buf, 0, sizeof(cmd_chipset_buf));
						memset(info_manufac, 0, sizeof(info_manufac));
                        memset(info_modelnum, 0, sizeof(info_modelnum));
                        memset(info_modelserial, 0, sizeof(info_modelserial));
						

						
						strcat(cmd_chipset,"reaver -0 -s y -vv -i "); //need option to stop reaver in m1 stage
						strcat(cmd_chipset,get_iface());
						
						strcat(cmd_chipset, " -b ");
						strcat(cmd_chipset, mac2str(get_bssid(),':'));
						
						strcat(cmd_chipset," -c ");
						snprintf(buffint, sizeof(buffint), "%d",channel);
						strcat(cmd_chipset, buffint);
						
						//cprintf(INFO,"\n%s\n",cmd_chipset);

						if ((fgchipset = popen(cmd_chipset, "r")) == NULL) {
							printf("Error opening pipe!\n");
							//return -1;
						}
						
						

						while (fgets(cmd_chipset_buf, 4000, fgchipset) != NULL) 
						{
							//[P] WPS Manufacturer: xxx
							//[P] WPS Model Number: yyy
							//[P] WPS Model Serial Number: zzz
							//cprintf(INFO,"\n%s\n",cmd_chipset_buf);

							aux_cmd_chipset = strstr(cmd_chipset_buf,"[P] WPS Manufacturer:");
							if(aux_cmd_chipset != NULL)
							{
								//bug fix by alxchk
								strncpy(info_manufac, aux_cmd_chipset+21, sizeof(info_manufac));							
							}

							aux_cmd_chipset = strstr(cmd_chipset_buf,"[P] WPS Model Number:");
							if(aux_cmd_chipset != NULL)
							{
                                //bug fix by alxchk
								strncpy(info_modelnum, aux_cmd_chipset+21, sizeof(info_modelnum));
								
							}

							aux_cmd_chipset = strstr(cmd_chipset_buf,"[P] WPS Model Serial Number:");
							if(aux_cmd_chipset != NULL)
							{
                                //bug fix by alxchk
								strncpy(info_modelserial, aux_cmd_chipset+28, sizeof(info_modelserial));
								
							}

						}
						
						//cprintf(INFO,"\n%s\n",info_manufac);
						info_manufac[strcspn ( info_manufac, "\n" )] = '\0';
						info_modelnum[strcspn ( info_modelnum, "\n" )] = '\0';
						info_modelserial[strcspn ( info_modelserial, "\n" )] = '\0';
						


                        if(pclose(fgchipset))  {
                        //printf("Command not found or exited with error status\n");
                        //return -1;
                        }

					

					}
					
					
					if (o_file_p == 0)
					{
						cprintf(INFO, "%17s      %2d            %.2d        %d.%d               %s               %s\n", bssid, channel, rssi, (wps->version >> 4), (wps->version & 0x0F), lock_display, ssid);
					}
					else
					{
						if(get_chipset_output == 1)
						{
							cprintf(INFO, "%17s|%2d|%.2d|%d.%d|%s|%s|%s|%s|%s\n", bssid, channel, rssi, (wps->version >> 4), (wps->version & 0x0F), lock_display, ssid, info_manufac, info_modelnum, info_modelserial);
							
						}else
						{
							cprintf(INFO, "%17s|%2d|%.2d|%d.%d|%s|%s\n", bssid, channel, rssi, (wps->version >> 4), (wps->version & 0x0F), lock_display, ssid);
							
						}
						
					}
コード例 #11
0
ファイル: 80211.c プロジェクト: delta48/reaver-wps-fork-t6x
/* Given the tagged parameter sets from a beacon packet, locate the AP's SSID and return its current channel number */
int parse_beacon_tags(const unsigned char *packet, size_t len)
{
	set_vendor(0, "\0\0\0");
	char *ssid = NULL;
	const unsigned char *tag_data = NULL;
	unsigned char *ie = NULL, *channel_data = NULL;
	size_t ie_len = 0, ie_offset = 0, tag_len = 0, tag_offset = 0;
	int channel = 0;
	struct radio_tap_header *rt_header = NULL;

	rt_header = (struct radio_tap_header *) radio_header(packet, len);
	tag_offset = end_le16toh(rt_header->len) + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);

	if(tag_offset < len)
	{
		tag_len = (len - tag_offset); /* this actually denotes length of the entire tag data area */
		tag_data = (const unsigned char *) (packet + tag_offset);

		/* If no SSID was manually specified, parse and save the AP SSID */
		if(get_ssid() == NULL)
		{
			ie = parse_ie_data(tag_data, tag_len, (uint8_t) SSID_TAG_NUMBER, &ie_len, &ie_offset);
			if(ie)
			{
				/* Return data is not null terminated; allocate ie_len+1 and memcpy string */
				ssid = malloc(ie_len+1);
				if(ssid)
				{
					memset(ssid, 0, (ie_len+1));
					memcpy(ssid, ie, ie_len);
					set_ssid(ssid);
					free(ssid);
				}

				free(ie);
			}
		}

		ie = parse_ie_data(tag_data, tag_len, HT_CAPS_TAG_NUMBER, &ie_len, &ie_offset);
		if(ie)
		{
			set_ap_htcaps(ie, ie_len);
			free(ie);
		}

		ie = parse_ie_data(tag_data, tag_len, (uint8_t) RATES_TAG_NUMBER, &ie_len, &ie_offset);
		if(ie)
		{
			set_ap_rates(ie, ie_len);
			free(ie);
		}

		ie = parse_ie_data(tag_data, tag_len, (uint8_t) ERATES_TAG_NUMBER, &ie_len, &ie_offset);
		if(ie)
		{
			set_ap_ext_rates(ie, ie_len);
			free(ie);
		}

		channel_data = parse_ie_data(tag_data, tag_len, (uint8_t) CHANNEL_TAG_NUMBER, &ie_len, &ie_offset);
		if(channel_data)
		{
			if(ie_len  == 1)
			{
				channel = *(uint8_t*)channel_data;
			}
			free(channel_data);
		}

		size_t ie_iterator = 0;
		do {
			const unsigned char *tag = tag_data + ie_iterator;
			// check for the length of the tag, and that its not microsoft
			if(tag[0] == VENDOR_SPECIFIC_TAG &&
			   ie_iterator+2+3 < tag_len &&
			   ((tag[1] < 11 && memcmp(tag+2, "\x00\x14\x6c", 3) && memcmp(tag+2, "\x00\x50\xf2", 3)) ||
			    (tag[1] == 30 && !(memcmp(tag+2, "\x00\x26\x86", 3))))) {
				set_vendor(1, tag + 2);
				break;
			}

		} while(get_next_ie(tag_data, tag_len, &ie_iterator));
	}

	return channel;
}