/* * Waits for a beacon packet from the target AP and populates the globule->ap_capabilities field. * This is used for obtaining the capabilities field and AP SSID. */ void read_ap_beacon() { struct pcap_pkthdr header; const unsigned char *packet = NULL; struct radio_tap_header *rt_header = NULL; struct dot11_frame_header *frame_header = NULL; struct beacon_management_frame *beacon = NULL; int channel = 0; size_t tag_offset = 0; time_t start_time = 0; set_ap_capability(0); start_time = time(NULL); while(get_ap_capability() == 0) { packet = next_packet(&header); if(packet == NULL) { break; } if(header.len >= MIN_BEACON_SIZE) { rt_header = (struct radio_tap_header *) radio_header(packet, header.len); size_t rt_header_len = end_le16toh(rt_header->len); frame_header = (struct dot11_frame_header *) (packet + rt_header_len); if(is_target(frame_header)) { if((frame_header->fc & end_htole16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) == end_htole16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_BEACON)) { beacon = (struct beacon_management_frame *) (packet + rt_header_len + sizeof(struct dot11_frame_header)); set_ap_capability(end_le16toh(beacon->capability)); /* Obtain the SSID and channel number from the beacon packet */ tag_offset = rt_header_len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame); channel = parse_beacon_tags(packet, header.len); /* If no channel was manually specified, switch to the AP's current channel */ if(!get_fixed_channel() && get_auto_channel_select() && channel > 0 && channel != get_channel()) { change_channel(channel); set_channel(channel); } break; } } } /* If we haven't seen any beacon packets from the target within BEACON_WAIT_TIME seconds, try another channel */ if((time(NULL) - start_time) >= BEACON_WAIT_TIME) { next_channel(); start_time = time(NULL); } } }
/* * Waits for a beacon packet from the target AP and populates the globule->ap_capabilities field. * This is used for obtaining the capabilities field and AP SSID. */ void read_ap_beacon() { struct pcap_pkthdr header; const u_char *packet = NULL; struct radio_tap_header *rt_header = NULL; struct dot11_frame_header *frame_header = NULL; struct beacon_management_frame *beacon = NULL; int channel = 0; time_t start_time = 0; set_ap_capability(0); start_time = time(NULL); while(get_ap_capability() == 0) { packet = next_packet(&header); if(packet == NULL) { break; } if(header.len >= MIN_BEACON_SIZE) { rt_header = (struct radio_tap_header *) radio_header(packet, header.len); frame_header = (struct dot11_frame_header *) (packet + rt_header->len); if(is_target(frame_header)) { if(frame_header->fc.type == MANAGEMENT_FRAME && frame_header->fc.sub_type == SUBTYPE_BEACON) { beacon = (struct beacon_management_frame *) (packet + rt_header->len + sizeof(struct dot11_frame_header)); set_ap_capability(beacon->capability); /* Obtain the SSID and channel number from the beacon packet */ channel = parse_beacon_tags(packet, header.len); /* If no channel was manually specified, switch to the AP's current channel */ if(!get_fixed_channel() && get_auto_channel_select() && channel > 0 && channel != get_channel()) { change_channel(channel); set_channel(channel); } break; } } } /* If we haven't seen any beacon packets from the target within BEACON_WAIT_TIME seconds, try another channel */ if((time(NULL) - start_time) >= BEACON_WAIT_TIME) { next_channel(); start_time = time(NULL); } } }
void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *target, int passive, int mode, int source) { struct radio_tap_header *rt_header = NULL; struct dot11_frame_header *frame_header = NULL; struct libwps_data *wps = NULL; enum encryption_type encryption = NONE; char *bssid = NULL, *ssid = NULL, *lock_display = NULL; int wps_parsed = 0, probe_sent = 0, channel = 0, rssi = 0; static int channel_changed = 0; wps = malloc(sizeof(struct libwps_data)); memset(wps, 0, sizeof(struct libwps_data)); if(packet == NULL || header == NULL || header->len < MIN_BEACON_SIZE) { goto end; } rt_header = (struct radio_tap_header *) radio_header(packet, header->len); frame_header = (struct dot11_frame_header *) (packet + rt_header->len); /* If a specific BSSID was specified, only parse packets from that BSSID */ if(!is_target(frame_header)) { goto end; } set_ssid(NULL); bssid = (char *) mac2str(frame_header->addr3, ':'); if(bssid) { if((target == NULL) || (target != NULL && strcmp(bssid, target) == 0)) { channel = parse_beacon_tags(packet, header->len); rssi = signal_strength(packet, header->len); ssid = (char *) get_ssid(); if(target != NULL && channel_changed == 0) { ualarm(0, 0); change_channel(channel); channel_changed = 1; } if(frame_header->fc.sub_type == PROBE_RESPONSE || frame_header->fc.sub_type == SUBTYPE_BEACON) { wps_parsed = parse_wps_parameters(packet, header->len, wps); } if(!is_done(bssid) && (get_channel() == channel || source == PCAP_FILE || !get_channel())) { if(frame_header->fc.sub_type == SUBTYPE_BEACON && mode == SCAN && !passive && should_probe(bssid)) { send_probe_request(get_bssid(), get_ssid()); probe_sent = 1; } if(!insert(bssid, ssid, wps, encryption, rssi)) { update(bssid, ssid, wps, encryption); } else if(wps->version > 0) { switch(wps->locked) { case WPSLOCKED: lock_display = YES; break; case UNLOCKED: case UNSPECIFIED: lock_display = NO; break; } cprintf(INFO, "%17s %2d %.2d %d.%d %s %s\n", bssid, channel, rssi, (wps->version >> 4), (wps->version & 0x0F), lock_display, ssid); } if(probe_sent) { update_probe_count(bssid); } /* * If there was no WPS information, then the AP does not support WPS and we should ignore it from here on. * If this was a probe response, then we've gotten all WPS info we can get from this AP and should ignore it from here on. */ if(!wps_parsed || frame_header->fc.sub_type == PROBE_RESPONSE) { mark_ap_complete(bssid); } } } /* Only update received signal strength if we are on the same channel as the AP, otherwise power measurements are screwy */ if(channel == get_channel()) { update_ap_power(bssid, rssi); } free(bssid); bssid = NULL; }
void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *target, int passive, int mode, int source) { struct radio_tap_header *rt_header = NULL; struct dot11_frame_header *frame_header = NULL; struct libwps_data *wps = NULL; enum encryption_type encryption = NONE; char *bssid = NULL, *ssid = NULL, *lock_display = NULL; int wps_parsed = 0, probe_sent = 0, channel = 0, rssi = 0; static int channel_changed = 0; char info_manufac[500]; char info_modelnum[500]; char info_modelserial[500]; wps = malloc(sizeof(struct libwps_data)); memset(wps, 0, sizeof(struct libwps_data)); if(packet == NULL || header == NULL || header->len < MIN_BEACON_SIZE) { goto end; } rt_header = (struct radio_tap_header *) radio_header(packet, header->len); frame_header = (struct dot11_frame_header *) (packet + rt_header->len); /* If a specific BSSID was specified, only parse packets from that BSSID */ if(!is_target(frame_header)) { goto end; } set_ssid(NULL); bssid = (char *) mac2str(frame_header->addr3, ':'); set_bssid((unsigned char *) frame_header->addr3); if(bssid) { if((target == NULL) || (target != NULL && strcmp(bssid, target) == 0)) { channel = parse_beacon_tags(packet, header->len); rssi = signal_strength(packet, header->len); ssid = (char *) get_ssid(); if(target != NULL && channel_changed == 0) { ualarm(0, 0); change_channel(channel); channel_changed = 1; } if(frame_header->fc.sub_type == PROBE_RESPONSE || frame_header->fc.sub_type == SUBTYPE_BEACON) { wps_parsed = parse_wps_parameters(packet, header->len, wps); } if(!is_done(bssid) && (get_channel() == channel || source == PCAP_FILE)) { if(frame_header->fc.sub_type == SUBTYPE_BEACON && mode == SCAN && !passive && should_probe(bssid)) { send_probe_request(get_bssid(), get_ssid()); probe_sent = 1; } if(!insert(bssid, ssid, wps, encryption, rssi)) { update(bssid, ssid, wps, encryption); } else if(wps->version > 0) { switch(wps->locked) { case WPSLOCKED: lock_display = YES; break; case UNLOCKED: case UNSPECIFIED: lock_display = NO; break; } //ideas made by kcdtv if(get_chipset_output == 1) //if(1) { if (c_fix == 0) { //no use a fixed channel cprintf(INFO,"Option (-g) REQUIRES a channel to be set with (-c)\n"); exit(0); } FILE *fgchipset=NULL; char cmd_chipset[4000]; char cmd_chipset_buf[4000]; char buffint[5]; char *aux_cmd_chipset=NULL; memset(cmd_chipset, 0, sizeof(cmd_chipset)); memset(cmd_chipset_buf, 0, sizeof(cmd_chipset_buf)); memset(info_manufac, 0, sizeof(info_manufac)); memset(info_modelnum, 0, sizeof(info_modelnum)); memset(info_modelserial, 0, sizeof(info_modelserial)); strcat(cmd_chipset,"reaver -0 -s y -vv -i "); //need option to stop reaver in m1 stage strcat(cmd_chipset,get_iface()); strcat(cmd_chipset, " -b "); strcat(cmd_chipset, mac2str(get_bssid(),':')); strcat(cmd_chipset," -c "); snprintf(buffint, sizeof(buffint), "%d",channel); strcat(cmd_chipset, buffint); //cprintf(INFO,"\n%s\n",cmd_chipset); if ((fgchipset = popen(cmd_chipset, "r")) == NULL) { printf("Error opening pipe!\n"); //return -1; } while (fgets(cmd_chipset_buf, 4000, fgchipset) != NULL) { //[P] WPS Manufacturer: xxx //[P] WPS Model Number: yyy //[P] WPS Model Serial Number: zzz //cprintf(INFO,"\n%s\n",cmd_chipset_buf); aux_cmd_chipset = strstr(cmd_chipset_buf,"[P] WPS Manufacturer:"); if(aux_cmd_chipset != NULL) { //bug fix by alxchk strncpy(info_manufac, aux_cmd_chipset+21, sizeof(info_manufac)); } aux_cmd_chipset = strstr(cmd_chipset_buf,"[P] WPS Model Number:"); if(aux_cmd_chipset != NULL) { //bug fix by alxchk strncpy(info_modelnum, aux_cmd_chipset+21, sizeof(info_modelnum)); } aux_cmd_chipset = strstr(cmd_chipset_buf,"[P] WPS Model Serial Number:"); if(aux_cmd_chipset != NULL) { //bug fix by alxchk strncpy(info_modelserial, aux_cmd_chipset+28, sizeof(info_modelserial)); } } //cprintf(INFO,"\n%s\n",info_manufac); info_manufac[strcspn ( info_manufac, "\n" )] = '\0'; info_modelnum[strcspn ( info_modelnum, "\n" )] = '\0'; info_modelserial[strcspn ( info_modelserial, "\n" )] = '\0'; if(pclose(fgchipset)) { //printf("Command not found or exited with error status\n"); //return -1; } } if (o_file_p == 0) { cprintf(INFO, "%17s %2d %.2d %d.%d %s %s\n", bssid, channel, rssi, (wps->version >> 4), (wps->version & 0x0F), lock_display, ssid); } else { if(get_chipset_output == 1) { cprintf(INFO, "%17s|%2d|%.2d|%d.%d|%s|%s|%s|%s|%s\n", bssid, channel, rssi, (wps->version >> 4), (wps->version & 0x0F), lock_display, ssid, info_manufac, info_modelnum, info_modelserial); }else { cprintf(INFO, "%17s|%2d|%.2d|%d.%d|%s|%s\n", bssid, channel, rssi, (wps->version >> 4), (wps->version & 0x0F), lock_display, ssid); } }