void
cleanup_interface(struct config_interfaces * target, int flag) {
/*
* Flag: 1st bit - 8021x is set.
* 2nd bit - WPA is set.
* 3rd bit - WEP is set.
* 4th bit - open auth is set.
*/
int wep_res , psk_res, wpa_res, s = -1;
struct ifreq ifr;
struct ieee80211_nwid nwid;
struct ieee80211_nwkey nwkey;
struct ieee80211_wpapsk psk;
struct ieee80211_wpaparams wpa;
s = open_socket(AF_INET);
memset(&nwkey, 0, sizeof(nwkey));
strlcpy(nwkey.i_name, target->if_name, sizeof(nwkey.i_name));
wep_res = ioctl(s, SIOCG80211NWKEY, (caddr_t) & nwkey);
printf("wep: %d\n", wep_res);
memset(&psk, 0, sizeof(psk));
strlcpy(psk.i_name, target->if_name, sizeof(psk.i_name));
psk_res = ioctl(s, SIOCG80211WPAPSK, (caddr_t) & psk);
printf("psk_res: %d\n", psk_res);
memset(&wpa, 0, sizeof(wpa));
strlcpy(wpa.i_name, target->if_name, sizeof(wpa.i_name));
wpa_res = ioctl(s, SIOCG80211WPAPARMS, &wpa);
printf("wpa_res: %d\n", wpa_res);
close(s);
printf("nwkey wep on: %d\n", nwkey.i_wepon);
if (nwkey.i_wepon && flag != 2) {
printf("removing wep stuff\n");
set_wep_key(0, NULL, 0);
}
printf("psk enabled: %d\n", psk.i_enabled);
if (psk.i_enabled && flag != 4) {
printf("removing psk stuff\n");
set_psk_key(0, 0, target->if_name, 0);
}
if ((wpa.i_akms & IEEE80211_WPA_AKM_8021X) && flag != 8) {
printf("removing 80211x stuff\n");
set_wpa8021x(target->if_name, 0);
set_bssid(NULL, target->if_name, 0);
if (target->supplicant_pid)
kill(target->supplicant_pid, SIGTERM);
target->supplicant_pid = 0;
}
}
void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *target, int passive, int mode, int source)
{
struct radio_tap_header *rt_header = NULL;
struct dot11_frame_header *frame_header = NULL;
struct libwps_data *wps = NULL;
enum encryption_type encryption = NONE;
char *bssid = NULL, *ssid = NULL, *lock_display = NULL;
int wps_parsed = 0, probe_sent = 0, channel = 0, rssi = 0;
static int channel_changed = 0;
char info_manufac[500];
char info_modelnum[500];
char info_modelserial[500];
wps = malloc(sizeof(struct libwps_data));
memset(wps, 0, sizeof(struct libwps_data));
if(packet == NULL || header == NULL || header->len < MIN_BEACON_SIZE)
{
goto end;
}
rt_header = (struct radio_tap_header *) radio_header(packet, header->len);
frame_header = (struct dot11_frame_header *) (packet + rt_header->len);
/* If a specific BSSID was specified, only parse packets from that BSSID */
if(!is_target(frame_header))
{
goto end;
}
set_ssid(NULL);
bssid = (char *) mac2str(frame_header->addr3, ':');
set_bssid((unsigned char *) frame_header->addr3);
if(bssid)
{
if((target == NULL) ||
(target != NULL && strcmp(bssid, target) == 0))
{
channel = parse_beacon_tags(packet, header->len);
rssi = signal_strength(packet, header->len);
ssid = (char *) get_ssid();
if(target != NULL && channel_changed == 0)
{
ualarm(0, 0);
change_channel(channel);
channel_changed = 1;
}
if(frame_header->fc.sub_type == PROBE_RESPONSE ||
frame_header->fc.sub_type == SUBTYPE_BEACON)
{
wps_parsed = parse_wps_parameters(packet, header->len, wps);
}
if(!is_done(bssid) && (get_channel() == channel || source == PCAP_FILE))
{
if(frame_header->fc.sub_type == SUBTYPE_BEACON &&
mode == SCAN &&
!passive &&
should_probe(bssid))
{
send_probe_request(get_bssid(), get_ssid());
probe_sent = 1;
}
if(!insert(bssid, ssid, wps, encryption, rssi))
{
update(bssid, ssid, wps, encryption);
}
else if(wps->version > 0)
{
switch(wps->locked)
{
case WPSLOCKED:
lock_display = YES;
break;
case UNLOCKED:
case UNSPECIFIED:
lock_display = NO;
break;
}
//ideas made by kcdtv
if(get_chipset_output == 1)
//if(1)
{
if (c_fix == 0)
{
//no use a fixed channel
cprintf(INFO,"Option (-g) REQUIRES a channel to be set with (-c)\n");
exit(0);
}
FILE *fgchipset=NULL;
char cmd_chipset[4000];
char cmd_chipset_buf[4000];
char buffint[5];
char *aux_cmd_chipset=NULL;
memset(cmd_chipset, 0, sizeof(cmd_chipset));
memset(cmd_chipset_buf, 0, sizeof(cmd_chipset_buf));
memset(info_manufac, 0, sizeof(info_manufac));
memset(info_modelnum, 0, sizeof(info_modelnum));
memset(info_modelserial, 0, sizeof(info_modelserial));
strcat(cmd_chipset,"reaver -0 -s y -vv -i "); //need option to stop reaver in m1 stage
strcat(cmd_chipset,get_iface());
strcat(cmd_chipset, " -b ");
strcat(cmd_chipset, mac2str(get_bssid(),':'));
strcat(cmd_chipset," -c ");
snprintf(buffint, sizeof(buffint), "%d",channel);
strcat(cmd_chipset, buffint);
//cprintf(INFO,"\n%s\n",cmd_chipset);
if ((fgchipset = popen(cmd_chipset, "r")) == NULL) {
printf("Error opening pipe!\n");
//return -1;
}
while (fgets(cmd_chipset_buf, 4000, fgchipset) != NULL)
{
//[P] WPS Manufacturer: xxx
//[P] WPS Model Number: yyy
//[P] WPS Model Serial Number: zzz
//cprintf(INFO,"\n%s\n",cmd_chipset_buf);
aux_cmd_chipset = strstr(cmd_chipset_buf,"[P] WPS Manufacturer:");
if(aux_cmd_chipset != NULL)
{
//bug fix by alxchk
strncpy(info_manufac, aux_cmd_chipset+21, sizeof(info_manufac));
}
aux_cmd_chipset = strstr(cmd_chipset_buf,"[P] WPS Model Number:");
if(aux_cmd_chipset != NULL)
{
//bug fix by alxchk
strncpy(info_modelnum, aux_cmd_chipset+21, sizeof(info_modelnum));
}
aux_cmd_chipset = strstr(cmd_chipset_buf,"[P] WPS Model Serial Number:");
if(aux_cmd_chipset != NULL)
{
//bug fix by alxchk
strncpy(info_modelserial, aux_cmd_chipset+28, sizeof(info_modelserial));
}
}
//cprintf(INFO,"\n%s\n",info_manufac);
info_manufac[strcspn ( info_manufac, "\n" )] = '\0';
info_modelnum[strcspn ( info_modelnum, "\n" )] = '\0';
info_modelserial[strcspn ( info_modelserial, "\n" )] = '\0';
if(pclose(fgchipset)) {
//printf("Command not found or exited with error status\n");
//return -1;
}
}
if (o_file_p == 0)
{
cprintf(INFO, "%17s %2d %.2d %d.%d %s %s\n", bssid, channel, rssi, (wps->version >> 4), (wps->version & 0x0F), lock_display, ssid);
}
else
{
if(get_chipset_output == 1)
{
cprintf(INFO, "%17s|%2d|%.2d|%d.%d|%s|%s|%s|%s|%s\n", bssid, channel, rssi, (wps->version >> 4), (wps->version & 0x0F), lock_display, ssid, info_manufac, info_modelnum, info_modelserial);
}else
{
cprintf(INFO, "%17s|%2d|%.2d|%d.%d|%s|%s\n", bssid, channel, rssi, (wps->version >> 4), (wps->version & 0x0F), lock_display, ssid);
}
}
/* Processes Reaver command line options */
int process_arguments(int argc, char **argv)
{
int ret_val = EXIT_SUCCESS;
int c = 0, channel = 0;
int long_opt_index = 0;
char bssid[MAC_ADDR_LEN] = { 0 };
char mac[MAC_ADDR_LEN] = { 0 };
char *short_options = "b:e:m:i:t:d:c:T:x:r:g:l:o:p:s:C:KZA5ELfnqvDShwN6J";
struct option long_options[] = {
{ "pixie-dust", no_argument, NULL, 'K' },
{ "interface", required_argument, NULL, 'i' },
{ "bssid", required_argument, NULL, 'b' },
{ "essid", required_argument, NULL, 'e' },
{ "mac", required_argument, NULL, 'm' },
{ "timeout", required_argument, NULL, 't' },
{ "m57-timeout", required_argument, NULL, 'T' },
{ "delay", required_argument, NULL, 'd' },
{ "lock-delay", required_argument, NULL, 'l' },
{ "fail-wait", required_argument, NULL, 'x' },
{ "channel", required_argument, NULL, 'c' },
{ "session", required_argument, NULL, 's' },
{ "recurring-delay", required_argument, NULL, 'r' },
{ "max-attempts", required_argument, NULL, 'g' },
{ "out-file", required_argument, NULL, 'o' },
{ "pin", required_argument, NULL, 'p' },
{ "exec", required_argument, NULL, 'C' },
{ "no-associate", no_argument, NULL, 'A' },
{ "ignore-locks", no_argument, NULL, 'L' },
{ "no-nacks", no_argument, NULL, 'N' },
{ "eap-terminate", no_argument, NULL, 'E' },
{ "dh-small", no_argument, NULL, 'S' },
{ "fixed", no_argument, NULL, 'f' },
{ "daemonize", no_argument, NULL, 'D' },
{ "5ghz", no_argument, NULL, '5' },
{ "repeat-m6", no_argument, NULL, '6' },
{ "nack", no_argument, NULL, 'n' },
{ "quiet", no_argument, NULL, 'q' },
{ "verbose", no_argument, NULL, 'v' },
{ "win7", no_argument, NULL, 'w' },
{ "help", no_argument, NULL, 'h' },
{ "timeout-is-nack", no_argument, NULL, 'J' },
{ 0, 0, 0, 0 }
};
/* Since this function may be called multiple times, be sure to set opt index to 0 each time */
optind = 0;
while((c = getopt_long(argc, argv, short_options, long_options, &long_opt_index)) != -1)
{
switch(c)
{
case 'Z':
case 'K':
pixie.do_pixie = 1;
break;
case 'i':
set_iface(optarg);
break;
case 'b':
str2mac(optarg, (unsigned char *) &bssid);
set_bssid((unsigned char *) &bssid);
break;
case 'e':
set_ssid(optarg);
break;
case 'm':
str2mac(optarg, (unsigned char *) &mac);
set_mac((unsigned char *) &mac);
break;
case 't':
set_rx_timeout(atoi(optarg));
break;
case 'T':
set_m57_timeout(strtof(optarg, NULL) * SEC_TO_US);
break;
case 'c':
channel = strtod(optarg, NULL);
set_fixed_channel(1);
break;
case '5':
set_wifi_band(AN_BAND);
break;
case '6':
set_repeat_m6(1);
break;
case 'd':
set_delay(atoi(optarg));
break;
case 'l':
set_lock_delay(atoi(optarg));
break;
case 'p':
parse_static_pin(optarg);
break;
case 's':
set_session(optarg);
break;
case 'C':
set_exec_string(optarg);
break;
case 'A':
set_external_association(1);
break;
case 'L':
set_ignore_locks(1);
break;
case 'o':
set_log_file(fopen(optarg, "w"));
break;
case 'x':
set_fail_delay(atoi(optarg));
break;
case 'r':
parse_recurring_delay(optarg);
break;
case 'g':
set_max_pin_attempts(atoi(optarg));
break;
case 'D':
daemonize();
break;
case 'E':
set_eap_terminate(1);
break;
case 'S':
set_dh_small(1);
break;
case 'n':
cprintf(INFO, "[+] ignoring obsolete -n switch\n");
break;
case 'J':
set_timeout_is_nack(1);
break;
case 'f':
set_fixed_channel(1);
break;
case 'v':
set_debug(get_debug() + 1);
break;
case 'q':
set_debug(CRITICAL);
break;
case 'w':
set_win7_compat(1);
break;
case 'N':
set_oo_send_nack(0);
break;
default:
ret_val = EXIT_FAILURE;
}
}
if(channel)
{
change_channel(channel);
}
return ret_val;
}
void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *target, int passive, int mode, int source)
{
struct radio_tap_header *rt_header = NULL;
struct dot11_frame_header *frame_header = NULL;
struct libwps_data *wps = NULL;
enum encryption_type encryption = NONE;
char *bssid = NULL, *ssid = NULL;
const char *lock_display = NULL;
int wps_parsed = 0, probe_sent = 0, channel = 0, rssi = 0;
static int channel_changed = 0;
wps = malloc(sizeof(struct libwps_data));
memset(wps, 0, sizeof(struct libwps_data));
if(packet == NULL || header == NULL || header->len < MIN_BEACON_SIZE)
{
goto end;
}
rt_header = (struct radio_tap_header *) radio_header(packet, header->len);
frame_header = (struct dot11_frame_header *) (packet + rt_header->len);
/* If a specific BSSID was specified, only parse packets from that BSSID */
if(!is_target(frame_header))
{
goto end;
}
set_ssid(NULL);
bssid = (char *) mac2str(frame_header->addr3, ':');
set_bssid((unsigned char *) frame_header->addr3);
if(bssid)
{
if((target == NULL) ||
(target != NULL && strcmp(bssid, target) == 0))
{
channel = parse_beacon_tags(packet, header->len);
rssi = signal_strength(packet, header->len);
ssid = (char *) get_ssid();
if(target != NULL && channel_changed == 0)
{
ualarm(0, 0);
change_channel(channel);
channel_changed = 1;
}
if(frame_header->fc.sub_type == PROBE_RESPONSE ||
frame_header->fc.sub_type == SUBTYPE_BEACON)
{
wps_parsed = parse_wps_parameters(packet, header->len, wps);
}
if(!is_done(bssid) && (get_channel() == channel || source == PCAP_FILE))
{
if(frame_header->fc.sub_type == SUBTYPE_BEACON &&
mode == SCAN &&
!passive &&
should_probe(bssid))
{
send_probe_request(get_bssid(), get_ssid());
probe_sent = 1;
}
if(!insert(bssid, ssid, wps, encryption, rssi))
{
update(bssid, ssid, wps, encryption);
}
else if(wps->version > 0)
{
switch(wps->locked)
{
case WPSLOCKED:
lock_display = YES;
break;
case UNLOCKED:
case UNSPECIFIED:
lock_display = NO;
break;
}
cprintf(INFO, "%17s %2d %.2d %d.%d %s %s\n", bssid, channel, rssi, (wps->version >> 4), (wps->version & 0x0F), lock_display, ssid);
}
if(probe_sent)
{
update_probe_count(bssid);
}
/*
* If there was no WPS information, then the AP does not support WPS and we should ignore it from here on.
* If this was a probe response, then we've gotten all WPS info we can get from this AP and should ignore it from here on.
*/
if(!wps_parsed || frame_header->fc.sub_type == PROBE_RESPONSE)
{
mark_ap_complete(bssid);
}
}
}
/* Only update received signal strength if we are on the same channel as the AP, otherwise power measurements are screwy */
if(channel == get_channel())
{
update_ap_power(bssid, rssi);
}
free(bssid);
bssid = NULL;
}
int
setup_wlaninterface(struct config_interfaces * target) {
int retries = 1, res = 0;
struct config_ssid *match, *all = all_matching_network(target);
char *if_name = target->if_name;
match = all;
if (!match)
return 0;
if (network_matches(if_name, match)) {
printf("already using matched ssid, we do nothing\n");
clear_ssid(all);
return 1;
}
while (match) {
printf("setting up network: %s\n", match->ssid_name);
set_network_id((char *) match->ssid_name, if_name);
printf("%s\n", match->ssid_auth);
update_status(CONNECTING, match->ssid_name);
if (strcmp(match->ssid_auth, "802.1x") == 0) {
printf("do 8021x stuff\n");
if (!target->supplicant_pid)
target->supplicant_pid = start_wpa_supplicant(target->if_name, target->supplicant_pid, 1);
cleanup_interface(target, 8);
set_bssid((char *) match->ssid_bssid, if_name, 1);
set_wpa8021x(if_name, 1);
sleep(3);
config_wpa_supplicant(if_name, match, 1);
} else if (strcmp(match->ssid_auth, "wpa") == 0) {
printf("do wpa stuff\n");
cleanup_interface(target, 4);
set_psk_key((char *) match->ssid_name, (char *) match->ssid_pass, if_name, 1);
} else if (strcmp(match->ssid_auth, "wep") == 0) {
printf("do wep stuff\n");
cleanup_interface(target, 2);
set_wep_key((char *) match->ssid_pass, if_name, 1);
} else if (strcmp(match->ssid_auth, "none") == 0) {
printf("no security has been set\n");
cleanup_interface(target, 1);
}
if (target->ipv6_auto)
set_ipv6_auto(if_name);
start_dhclient(if_name);
while (retries != 0) {
if (connection_active(if_name, 1)) {
/*
* If we are successfully connected to the network
* and we don't need additional auth, then we are good.
*/
sleep(1);
res = internet_connectivity_check(match);
if (res == 1) {
update_status(CONNECTED, match->ssid_name);
return 1;
} else if (res == 2) {
/*
* This is a hotspot; run user-defined command
* or open default web browser.
*/
if (!config->additional_auth_exec)
hotspot(match);
return 1;
} else {
printf("not active, waiting...\n");
sleep(5);
retries--;
}
}
}
match = match->next;
retries = 1;
}
clear_ssid(all);
return res;
}