pax_global_header00006660000000000000000000000064142320017640014511gustar00rootroot0000000000000052 comment=23b1fb3bafc2fe1c558f22b7aa031a9b57b1d532 hcxtools-6.2.7/000077500000000000000000000000001423200176400133705ustar00rootroot00000000000000hcxtools-6.2.7/.gitignore000066400000000000000000000002221423200176400153540ustar00rootroot00000000000000hcxeiutool hcxessidtool hcxhash2cap hcxhashcattool hcxhashtool hcxmactool hcxpcapngtool hcxpmkidtool hcxpsktool hcxwltool whoismac wlancap2wpasec hcxtools-6.2.7/.travis.yml000066400000000000000000000033761423200176400155120ustar00rootroot00000000000000dist: trusty sudo: false cache: ccache: true language: none matrix: include: - os: linux addons: apt: sources: - ubuntu-toolchain-r-test packages: - gcc-5 - ccache - make - libcurl4-gnutls-dev env: - MATRIX_EVAL="CC=gcc-5" - os: linux addons: apt: sources: - ubuntu-toolchain-r-test packages: - gcc-6 - ccache - make - libcurl4-gnutls-dev env: - MATRIX_EVAL="CC=gcc-6" - os: linux addons: apt: sources: - ubuntu-toolchain-r-test packages: - gcc-7 - ccache - make - libcurl4-gnutls-dev env: - MATRIX_EVAL="CC=gcc-7 DO_INSTALL=1" - os: linux addons: apt: sources: - ubuntu-toolchain-r-test - llvm-toolchain-trusty-4.0 packages: - clang-4.0 - ccache - make - libcurl4-gnutls-dev env: - MATRIX_EVAL="CC=clang-4.0" - os: linux addons: apt: sources: - ubuntu-toolchain-r-test - llvm-toolchain-trusty-5.0 packages: - clang-5.0 - ccache - make - libcurl4-gnutls-dev env: - MATRIX_EVAL="CC=clang-5.0" - os: linux addons: apt: sources: - ubuntu-toolchain-r-test - llvm-toolchain-trusty packages: - clang - ccache - make - libcurl4-gnutls-dev env: - MATRIX_EVAL="CC=clang" before_install: - eval "${MATRIX_EVAL}" - export "CC=ccache $CC" script: - "make" hcxtools-6.2.7/Makefile000066400000000000000000000051671423200176400150410ustar00rootroot00000000000000PRODUCTION := 1 PRODUCTION_VERSION := 6.2.7 PRODUCTION_YEAR := 2022 ifeq ($(PRODUCTION),1) VERSION_TAG := $(PRODUCTION_VERSION) else VERSION_TAG := $(shell git describe --tags || echo $(PRODUCTION_VERSION)) endif VERSION_YEAR := $(shell echo $(PRODUCTION_YEAR)) PREFIX ?= /usr BINDIR = $(DESTDIR)$(PREFIX)/bin HOSTOS := $(shell uname -s) CC ?= gcc CFLAGS ?= -O3 -Wall -Wextra CFLAGS += -std=gnu99 DEFS = -DVERSION_TAG=\"$(VERSION_TAG)\" -DVERSION_YEAR=\"$(VERSION_YEAR)\" DEFS += -DWANTZLIB INSTALL ?= install INSTFLAGS = PKG_CONFIG ?= pkg-config ifeq ($(HOSTOS), Linux) INSTFLAGS += -D endif OPENSSL_LIBS=$(shell $(PKG_CONFIG) --libs openssl) OPENSSL_CFLAGS=$(shell $(PKG_CONFIG) --cflags openssl) CURL_LIBS=$(shell $(PKG_CONFIG) --libs libcurl) CURL_CFLAGS=$(shell $(PKG_CONFIG) --cflags libcurl) Z_LIBS=$(shell $(PKG_CONFIG) --libs zlib) Z_CFLAGS=$(shell $(PKG_CONFIG) --cflags zlib) TOOLS= TOOLS+=hcxpcapngtool hcxpcapngtool_libs=$(OPENSSL_LIBS) $(Z_LIBS) hcxpcapngtool_cflags=$(OPENSSL_CFLAGS) $(Z_CFLAGS) TOOLS+=hcxhashtool hcxhashtool_libs=$(OPENSSL_LIBS) $(CURL_LIBS) hcxhashtool_cflags=$(OPENSSL_CFLAGS) $(CURL_CFLAGS) TOOLS+=hcxpsktool hcxpsktool_libs=$(OPENSSL_LIBS) hcxpsktool_cflags=$(OPENSSL_CFLAGS) TOOLS+=hcxpmktool hcxpmktool_libs=$(OPENSSL_LIBS) hcxpmktool_cflags=$(OPENSSL_CFLAGS) TOOLS+=hcxeiutool TOOLS+=hcxwltool TOOLS+=hcxhash2cap TOOLS+=wlancap2wpasec wlancap2wpasec_libs=$(OPENSSL_LIBS) $(CURL_LIBS) wlancap2wpasec_cflags=$(OPENSSL_CFLAGS) $(CURL_CFLAGS) TOOLS+=whoismac whoismac_libs=$(OPENSSL_LIBS) $(CURL_LIBS) whoismac_cflags=$(OPENSSL_CFLAGS) $(CURL_CFLAGS) TOOLS+=hcxpmkidtool TOOLS+=hcxhashcattool hcxhashcattool_libs=-lpthread $(OPENSSL_LIBS) hcxhashcattool_cflags=$(OPENSSL_CFLAGS) hcxpmkidtool_libs=-lpthread $(OPENSSL_LIBS) hcxpmkidtool_cflags=$(OPENSSL_CFLAGS) TOOLS+=hcxmactool TOOLS+=hcxessidtool .PHONY: all build install clean uninstall all: build build: $(TOOLS) .deps: mkdir -p .deps # $1: tool name define tool-build $(1)_src ?= $(1).c $(1)_libs ?= $(1)_cflags ?= $(1): $$($(1)_src) | .deps $$(CC) $$(CFLAGS) $$($(1)_cflags) $$(CPPFLAGS) -MMD -MF .deps/$$@.d -o $$@ $$($(1)_src) $$($(1)_libs) $$(LDFLAGS) $$(DEFS) .deps/$(1).d: $(1) .PHONY: $(1).install $(1).install: $(1) $$(INSTALL) $$(INSTFLAGS) -m 0755 $(1) $$(BINDIR)/$(1) .PHONY: $(1).clean $(1).clean: rm -f .deps/$(1).d rm -f $(1) .PHONY: $(1).uninstall $(1).uninstall: rm -rf $$(BINDIR)/$(1) endef $(foreach tool,$(TOOLS),$(eval $(call tool-build,$(tool)))) install: $(patsubst %,%.install,$(TOOLS)) clean: $(patsubst %,%.clean,$(TOOLS)) rm -rf .deps rm -f *.o *~ uninstall: $(patsubst %,%.uninstall,$(TOOLS)) -include .deps/*.d hcxtools-6.2.7/README.md000066400000000000000000000173171423200176400146600ustar00rootroot00000000000000hcxtools ============== Small set of tools convert packets from captures (h = hash, c = capture, convert and calculate candidates, x = different hashtypes) for the use with latest hashcat or John the Ripper. The tools are 100% compatible to hashcat and John the Ripper and recommended by hashcat. This branch is pretty closely synced to hashcat git and John the Ripper git. Support of hashcat hash-modes: 4800, 5500, 2200x, 16100, 250x (deprecated), 1680x (deprecated) Support of John the Ripper hash-modes: WPAPSK-PMK, PBKDF2-HMAC-SHA1, chap, netntlm, tacacs-plus Support of gzip (.gz) single file compression. Main purpose is to detect weak points within own WiFi networks by analyzing the hashes. Therefore convert the dump file to WPA-PBKDF2-PMKID+EAPOL hash file and check if wlan-key or plainmasterkey was transmitted unencrypted. Or upload the "uncleaned" dump file (pcapng, pcap, cap) here https://wpa-sec.stanev.org/?submit to find out if your ap or the client is vulnerable by using common wordlists or a weak password generation algorithm. Brief description -------------- Multiple stand-alone binaries - designed to run on Arch Linux, but other Linux distributions should work, too. All of these utilities are designed to execute only one specific function. hcxdumptool moved to: https://github.com/ZerBea/hcxdumptool Read this post: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats (https://hashcat.net/forum/thread-6661.html) Read this post: New attack on WPA/WPA2 using PMKID (https://hashcat.net/forum/thread-7717.html) Read this post: Hash mode 22000 explained (https://hashcat.net/forum/thread-10253.html) Read this wiki: https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2 Unsupported: Windows OS, macOS, Android, emulators or wrappers and NETLINK! Detailed description -------------- | Tool | Description | | -------------- | ---------------------------------------------------------------------------------------------------------------------- | | hcxpcapngtool | Provide new hashcat format 22000 | | hcxhashtool | Provide various filter operations on new PMKID/EAPOL hash line | | hcxpsktool | Calculates candidates for hashcat and john based on based on hcxpcapngtool output or commandline input | | hcxpmktool | Calculate and verify a PSK and/or a PMK | | hcxeiutool | Prepare -E -I -U output of hcxpcapngtool for use by hashcat + rule or JtR + rule | | hcxwltool | Calculates candidates for hashcat and john based on mixed wordlists | | hcxhash2cap | Converts hash file (PMKID&EAPOL, PMKID, EAPOL-hccapx, EAPOL-hccap, WPAPSK-john) to cap | | wlancap2wpasec | Upload multiple (gzip compressed) pcapng, pcap and cap files to https://wpa-sec.stanev.org | | whoismac | Show vendor information and/or download oui reference list | | deprecated | obsolete and - no longer under maintenance - will be removed, when OpenSSL switching to version 3.0.0 | | -------------- | ---------------------------------------------------------------------------------------------------------------------- | | hcxmactool | Various MAC based filter operations on HCCAPX and PMKID files - convert hccapx and/or PMKID to new hashline format | | hcxpmkidtool | CPU based tools to verify a PMKID | | hcxessidtool | Various ESSID based filter operations on HCCAPX and PMKID files | | hcxhashcattool | Convert old hashcat (<= 5.1.0) separate potfile (2500 and/or 16800) to new potfile format | Workflow -------------- hcxdumptool -> hcxpcapngtool -> hcxhashtool (additional hcxpsktool/hcxeiutool) -> hashcat or JtR hcxdumptool: attack and capture everything (depending on options) hcxpcapngtool: convert everything hcxhashtool: filter hashes hcxpsktool: get weak PSK candidates hcxeiutool: calculate wordlists from ESSID hashcat or JtR: get PSK from hash Get source -------------- ``` git clone https://github.com/ZerBea/hcxtools.git cd hcxtools ``` Compile -------------- ``` make make install (as super user) ``` Or install via packet manager of your distribution -------------- ### Arch Linux [Arch Linux](https://www.archlinux.org/) `pacman -S hcxtools` ### Arch Linux ARM [Arch Linux ARM ](https://archlinuxarm.org/) `pacman -S hcxtools` ### BlackArch [Black Arch](https://blackarch.org/) is an Arch Linux-based penetration testing distribution for penetration testers and security researchers `pacman -S hcxtools` ### Kali Linux `apt install hcxtools` ### OpenWRT `opkg install hcxtools` ### macOS [Homebrew](https://brew.sh/) is 3-rd party package manager for macOS `brew install hcxtools` Requirements -------------- * knowledge of radio technology * knowledge of electromagnetic-wave engineering * detailed knowledge of 802.11 protocol * detailed knowledge of key derivation functions * detailed knowledge of Linux * Linux (recommended Arch Linux, but other distros should work, too (no support for other distributions). * gcc >= 11 recommended (deprecated versions are not supported: https://gcc.gnu.org/) * libopenssl and openssl-dev installed * librt and librt-dev installed (should be installed by default) * zlib and zlib-dev installed (for gzip compressed cap/pcap/pcapng files) * libcurl and curl-dev installed (used by whoismac and wlancap2wpasec) * libpthread and pthread-dev installed (used by hcxhashcattool) * pkg-config installed To install requirements on Kali use the following 'apt-get install pkg-config libcurl4-openssl-dev libssl-dev zlib1g-dev' If you decide to compile latest git head, make sure that your distribution is updated on latest version. Useful scripts -------------- | Script | Description | | ------------ | -------------------------------------------------------- | | piwritecard | Example script to restore SD-Card | | piwreadcard | Example script to backup SD-Card | | hcxgrep.py | Extract records from m22000 hashline/hccapx/pmkid file based on regexp | Notice -------------- Most output files will be appended to existing files (with the exception of pcapng, pcap, cap files). It is recommended to use hash mode 22000 (22001) instead of deprecated hash modes 2500 (2501) and 16800 (16801) hcxtools are designed to be analysis tools. This means that everything is converted by default and unwanted information must be filtered out! Bitmask message pair field (hcxpcapngtool) -------------- bit 0-2 000 = M1+M2, EAPOL from M2 (challenge) 001 = M1+M4, EAPOL from M4 if not zeroed (authorized) 010 = M2+M3, EAPOL from M2 (authorized) 011 = M2+M3, EAPOL from M3 (authorized) - unused 100 = M3+M4, EAPOL from M3 (authorized) - unused 101 = M3+M4, EAPOL from M4 if not zeroed (authorized) 3: reserved 4: ap-less attack (set to 1) - no nonce-error-corrections necessary 5: LE router detected (set to 1) - nonce-error-corrections only for LE necessary 6: BE router detected (set to 1) - nonce-error-corrections only for BE necessary 7: not replaycount checked (set to 1) - replaycount not checked, nonce-error-corrections definitely necessary hcxtools-6.2.7/changelog000066400000000000000000001636631423200176400152610ustar00rootroot0000000000000026.04.2022 ========== hcxpsktool: fixed stdout bug release v6.2.7 22.04.2022 ========== release v6.2.6 still supporting OpenSSL 1.1 09.04.2022 ========== hcxpsktool: added new option --alticeoptimum : include weak Altice/Optimum candidates (MyAltice) 01.12.2021 ========== release v6.2.5 still supporting OpenSSL 1.1 23.10.2021 ========== added generic hcxtools.1 man page 22.10.2021 ========== removed manpages, because they are only a duplicate of the help menu moved installation path from /usr/local/bin to /usr/bin 14.10.2021 ========== hcxpsktool: renamed option --askeyarris to --spectrum 25.09.2021 ========== hcxhashtool: added new option to filter by replay count not checked (nonce-error-corrections mandatory) --rc-not : filter EAPOL pairs by replaycount status not checked 17.09.2021 ========== hcxhashtool: renamed option --notauthorized to --challenge added additional information about filtered MESSAGE PAIRS for this options 14.09.2021 ========== release v6.2.4 This is the last version, supporting OpenSSL 1.1 Next version 6.3.0 will need OpenSSL 3.0.0 01.09.2021 ========== hcxpcapngtool: added new option to retrieve information about the ACCESS POINT As initial start, if transmitted, MAC_AP, MANUFACTURER, MODELNAME, SERIALNUMBER and DEVICENAME are stored (delimited by tab). -D : output device information list format MAC MANUFACTURER MODELNAME SERIALNUMBER DEVICENAME UUID E 28.08.2021 ========== wlancap2wpasec: added upload progress information whoismac: added download progress information hcxhashtool: added download progress information hcxhashtool: added more info options (https://github.com/ZerBea/hcxtools/issues/195) --info= : output detailed information about content of hash file not in combination with --vendor, --vendor-ap or --vendor-client --info=stdout : stdout output detailed information about content of hash file not in combination with --vendor, --vendor-ap or --vendor-client --info-vendor= : output detailed information about ACCESS POINT and CLIENT VENDORs not in combination with --vendor, --vendor-ap or --vendor-client --info-vendor-ap= : output detailed information about ACCESS POINT VENDORs not in combination with --vendor, --vendor-ap or --vendor-client --info-vendor-client= : output detailed information about ACCESS POINT VENDORs not in combination with --vendor, --vendor-ap or --vendor-client --info-vendor=stdout : stdout output detailed information about ACCESS POINT and CLIENT VENDORs not in combination with --vendor, --vendor-ap or --vendor-client --info-vendor-ap=stdout : stdout output detailed information about ACCESS POINT VENDORs not in combination with --vendor, --vendor-ap or --vendor-client --info-vendor-client=stdout : stdout output detailed information about ACCESS POINT VENDORs not in combination with --vendor, --vendor-ap or --vendor-client 27.08.2021 ========== hcxhashtool: VENDOR search is not longer case sensitive (https://github.com/ZerBea/hcxtools/issues/195) hcxhashtool: improved filtering by VENDOR --vendor= : filter AP or CLIENT by (part of) VENDOR name --vendor-ap= : filter AP by (part of) VENDOR name --vendor-client= : filter CLIENT by (part of) VENDOR name 25.08.2021 ========== hcxpcapngtool: advanced handling of BEACON and PROBERESPOSNE frames distinguish between SSID set, SSID unset and SSID zeroed 20.06.2021 ========== Makefile: added compiler flag to disable zlib support 04.06.2021 ========== hcxpcapngtool: improved CSV output: --csv= : output ACCESS POINT information in CSV format delimiter: tabulator (0x08) columns: YYYY-MM-DD HH:MM:SS MAC_AP ESSID ENC_TYPE CIPHER AKM COUNTRY_INFO CHANNEL RSSI GPS(DM.m) GPS(D.d) GPSFIX to convert it to other formats, use bash tools or scripting languages GPS FIX: 0 = fix not available or invalid 1 = fix valid (GPS SPS mode) 2 = fix valid (differential GPS SPS Mode) 3 = not supported 4 = not supported 5 = not supported 6 = fix valid (Dead Reckoning Mode) 28.05.2021 ========== hcxpsktool: added new option to use an exclude ESSID combinations --noessidcombination: exclude ESSID combinations 17.05.2021 ========== release v 6.2.0 get ready for gcc 11.1.0 fixed CVE-2021-32286 12.05.2021 ========== hcxpsktool: added new option to print only candidates based on ACCESS POINT MAC --maconly : print only candidates based on ACCESS POINT MAC 17.03.2021 ========== hcxhashtool: added new option to use an exclude MAC filter list --mac-skiplist= : exclude MAC from file format: 001122334455, 00:11:22:33:44:55, 00-11-22-33-44-55 (hex) 09.03.2021 ========== release v 6.1.5 get ready for OpenSSL 3.0 28.02.2021 ========== added new tool to calculate a PMK and verify a 22000 hashline hcxpmktool 6.1.5-72-g585fe37 (C) 2021 ZeroBeat usage : hcxpmktool short options: -i : input hashcat hash line (-m 22000) -e : input ESSID default: use ESSID from hash line -p : input Pre Shared Key -m : input Plain Master KEY long options: --help : show this help --version : show version 09.02.2021 ========== started to prepare to use openssl 3.0 Many structures have been made opaque in OpenSSL 3.0 since OpenSSL 1.0.2 https://wiki.openssl.org/index.php/OpenSSL_3.0 it is recommended to upgrade to at least OpenSSL 1.1 04.02.2021 ========== hcxpcapngtool: fixed handling of BE pcapng files on BE systems 14.01.2021 ========== release v 6.1.5 02.01.2021 ========== hcxhashtool: added new option --mac-list --mac-list= : filter by MAC file : format: 001122334455, 00:11:22:33:44:55, 00-11-22-33-44-55 (hex) 31.12.2020 ========== hcxpcapngtool: added new option --csv --csv= : output ACCESS POINT information in CSV format delimiter: tabulator (0x08) columns: YYYY-MM-DD HH:MM:SS MAC_AP ESSID ENC_TYPE CIPHER AKM COUNTRY_INFO CHANNEL RSSI LATITUDE QUADRANT LONGITUDE QUADRANT 10.12.2020 ========== Makefile: make use of pkg-config 02.12.2020 ========== release v 6.1.4 21.11.2020 ========== hcxhashtool: added new option to filter by ESSID list --essid-list= : filter by ESSID file hcxpcapngtool: show openSSL version in status 27.10.2020 ========== hcxeiutool: new tool to prepare -E -I -U output of hcxpcapngtool for use by hashcat + rule $ hcxeiutool -h hcxeiutool 6.1.3-37-gbdc5a67 (C) 2020 ZeroBeat usage: hcxeiutool options: -i : input wordlist -d : output digit wordlist -x : output xdigit wordlist -c : output character wordlist (A-Za-z - other characters removed) -s : output character wordlist (A-Za-z - other characters replaced by 0x0d) -h : show this help -v : show version --help : show this help --version : show version example: $ hcxdumptool -i -o dump.pcapng --enable_status=31 $ hcxpcapngtool -o test.22000 -E elist dump.pcapng $ hcxeiutool -i elist -d digitlist -x xdigitlist -c charlist -s sclist $ cat elist digitlist xdigitlist charlist sclist > wordlisttmp $ hashcat --stdout -r charlist >> wordlisttmp $ hashcat --stdout -r sclist >> wordlisttmp $ cat wordlisttmp | sort | uniq > wordlist $ hashcat -m 22000 dump.pcapng wordlist 15.10.2020 ========== hcxpcapngtool: added handling of BSD loopback header (DLT_NULL) 13.10.2020 ========== hcxpcapngtool: added new option --tacacs-plus --tacacs-plus= : output TACACS+ (hashcat -m 16100, john tacacs-plus) hcxpcapngtool: merged options --eapleap and --eapmschapv2 to --eapleap due to same hash format --eapleap= : output EAP LEAP and MSCHAPV2 CHALLENGE (hashcat -m 5500, john netntlm) --prefix= : convert everything to lists using this prefix (overrides single options): -o : output PMKID/EAPOL hash file -E : output wordlist (autohex enabled on non ASCII characters) to use as input wordlist for cracker -I : output unsorted identity list to use as input wordlist for cracker -U : output unsorted username list to use as input wordlist for cracker --eapmd5= : output EAP MD5 CHALLENGE (hashcat -m 4800) --eapleap= : output EAP LEAP and MSCHAPV2 CHALLENGE (hashcat -m 5500, john netntlm) --nmea= : output GPS data in NMEA format 12.10.2020 ========== hcxpcapngtool: added new option --eapmschapv2 --eapmschapv2= : output EAP MSCHAPV2 CHALLENGE (hashcat -m 5500, john netntlm) 11.10.2020 ========== hcxpsktool: added new option --ee --ee : include weak EE BrightBox candidates 09.10.2020 ========== release v 6.1.3 05.10.2020 ========== refactored weak candidate list based on wpa-sec analysis 28.09.2020 ========== removed deprecated wlanpmk2hcx 18.09.2020 ========== hcxpcapngtool: added new option -R -R : output wordlist (autohex enabled on non ASCII characters) to use as input wordlist for cracker retrieved from PROBEREQUEST frames only 17.09.2020 ========== release v 6.1.2 10.09.2020 ========== removed deprecated wlanhcx2ssid, wlanhcxinfo aand wlanhcxcat 07.09.2020 ========== removed deprecated wlanhcx2john, wlanjohn2hcx and wlanwkp2hcx 04.09.2020 ========== removed deprecated hcxpcaptool - use hcxpcapngtool instead 19.08.2020 ========== hcxpsktool: added new option: --egn : include Bulgarian EGN 06.08.2020 ========== release v 6.1.1 improved warnings fixed handling of short options added several new weak candidates 29.06.2020 ========== release v 6.1.0 27.07.2020 ========== hcxhashtool: added new options to get full benefit aof reuse of PBKDF2 --hcx-min= : disregard hashes with occurrence lower than hcx-min/ESSID --hcx-max= : disregard hashes with occurrence higher than hcx-min/ESSID 19.06.2020 ========== hcxpsktool: splitted NETGEAR and ASKEY/ARRIS weak candidate list --netgear : include weak NETGEAR / ORBI candidates --askeyarris : include weak MySpectrumWiFI / SpectrumSetup / MyCharterWiFI candidates 15.06.2020 ========== release v 6.0.3 27.05.2020 ========== hcxpcapngtool: added counter for AKM defined EAPOL messages ASSOCIATIONREQUEST (SAE SHA256)..........: 1 ... EAPOL M1 messages........................: 44361 EAPOL M1 messages (AKM defined)..........: 2 EAPOL M2 messages........................: 1631 EAPOL M2 messages (AKM defined)..........: 3 20.05.2020 ========== hcxpcapngtool: print warning if out of sequence time stamps detected hcxdumptool < 6.0.5 was affected, too and hcxpcapngtool will show you this warning hcxdumptool 6.0.6 is fixed improved conversion speed 18.05.2020 ========== hcxpcapngtool: handle wrong time stamps in pwnagotchi cap files on --nonce-error-corrections > 0 In that case we can't rely on EAPOL TIME OUT 01.05.2020 ========== hcxpcapngtool: handle vendor defined action frames (eg: AWDL) 06.04.2020 ========== release v 6.0.2 hcxpcapngtool: improved NC speed and more bug fixes 03.04.2020 ========== release v 6.0.1 hcxpcapngtool: improved NC speed and some bug fixes removed deprecated wlanhc2hcx removed deprecated wlancow2hcxpmk 02.04.2020 ========== release v 6.0.0 30.03.2020 ========== hcxhash2cap: added new option to convert PMKID&EAPOL (hashcat -m 22000) to cap file --pmkid-eapol= : input PMKID EAPOL combi hash file 14.03.2020 ========== moved to v 6.0.0 complete rewrite from scratch full support of new hashline PMKID+EAPOL (hashcat -m 22000 and JtR) https://github.com/hashcat/hashcat/issues/1816 https://github.com/magnumripper/JohnTheRipper/issues/4183 support EAP-LEAP support EAP-MD5 several bug fixes improved summary improved detection of cipher and AKM suites improved detection of malformed frames (caused by device, driver or monitor mode) read more about monitor mode caused bit errors here: http://www.ict-optimix.eu/images/a/ad/WiFiBitError.pdf In monitor mode the adapter does not check to see if the cyclic redundancy check (CRC) values are correct for packets captured, so some captured packets may be corrupted. hcxpsktool: added new weak candidates hcxpcapngtool: new tool $ hcxpcapngtool -h hcxpcapngtool 6.0.0 (C) 2020 ZeroBeat usage: hcxpcapngtool hcxpcapngtool input.pcapng hcxpcapngtool *.pcapng hcxpcapngtool *.pcap hcxpcapngtool *.cap hcxpcapngtool *.* short options: -o : output PMKID/EAPOL hash file hashcat -m 22000/22001 and JtR wpapsk-opencl/wpapsk-pmk-opencl -E : output wordlist (autohex enabled on non ASCII characters) to use as input wordlist for cracker -I : output unsorted identity list to use as input wordlist for cracker -U : output unsorted username list to use as input wordlist for cracker -h : show this help -v : show version long options: --all : convert all possible hashes instead of only the best one that can lead to much overhead hashes use hcxhashtool to filter hashes need hashcat --nonce-error-corrections >= 8 --eapoltimeout= : set EAPOL TIMEOUT (milliseconds) : default: 5000 ms --nonce-error-corrections= : set nonce error correction warning: values > 0 can lead to uncrackable handshakes : default: 0 --ignore-ie : do not use CIPHER and AKM information this will convert all frames regadless of CIPHER and/OR AKM information, and can lead to uncrackable hashes --max-essids= : maximum allowed ESSIDs default: 1 ESSID disregard ESSID changes and take ESSID with highest ranking --eapmd5= : output EAP MD5 CHALLENGE (hashcat -m 4800) --eapmd5-john= : output EAP MD5 CHALLENGE (john chap) --eapleap= : output EAP LEAP CHALLENGE (hashcat -m 5500, john netntlm) --nmea= : output GPS data in NMEA format format: NMEA 0183 $GPGGA, $GPRMC, $GPWPL to convert it to gpx, use GPSBabel: gpsbabel -i nmea -f hcxdumptool.nmea -o gpx -F file.gpx to display the track, open file.gpx with viking --log= : output logfile --raw-out= : output frames in HEX ASCII : format: TIMESTAMP*LINKTYPE*FRAME*CHECKSUM --raw-in= : input frames in HEX ASCII : format: TIMESTAMP*LINKTYPE*FRAME*CHECKSUM --pmkid= : output deprecated PMKID file (delimter *) --hccapx= : output deprecated hccapx v4 file --hccap= : output deprecated hccap file --john= : output deprecated PMKID/EAPOL (JtR wpapsk-opencl/wpapsk-pmk-opencl) --prefix= : convert everything to lists using this prefix (overrides single options): -o : output PMKID/EAPOL hash file -E : output wordlist (autohex enabled on non ASCII characters) to use as input wordlist for cracker -I : output unsorted identity list to use as input wordlist for cracker -U : output unsorted username list to use as input wordlist for cracker --eapmd5= : output EAP MD5 CHALLENGE (hashcat -m 4800) --eapleap= : output EAP LEAP CHALLENGE (hashcat -m 5500, john netntlm) --nmea= : output GPS data in NMEA format --help : show this help --version : show version bitmask for message pair field: 0: MP info (https://hashcat.net/wiki/doku.php?id=hccapx) 1: MP info (https://hashcat.net/wiki/doku.php?id=hccapx) 2: MP info (https://hashcat.net/wiki/doku.php?id=hccapx) 3: x (unused) 4: ap-less attack (set to 1) - no nonce-error-corrections necessary 5: LE router detected (set to 1) - nonce-error-corrections only for LE necessary 6: BE router detected (set to 1) - nonce-error-corrections only for BE necessary 7: not replaycount checked (set to 1) - replaycount not checked, nonce-error-corrections definitely necessary Do not edit, merge or convert pcapng files! This will remove optional comment fields! Detection of bit errors does not work on cleaned dump files! Do not use hcxpcapngtool in combination with third party cap/pcap/pcapng cleaning tools (except: tshark and/or Wireshark)! It is much better to run gzip to compress the files. Wireshark, tshark and hcxpcapngtool will understand this. hcxhashtool: new tool $ hcxhashtool -h hcxhashtool 6.0.0 (C) 2020 ZeroBeat usage: hcxhashtool options: -i : input PMKID/EAPOL hash file -o : output PMKID/EAPOL hash file -E : output ESSID list (autohex enabled) -d : download http://standards-oui.ieee.org/oui.txt : and save to ~/.hcxtools/oui.txt : internet connection required -h : show this help -v : show version --essid-group : convert to ESSID groups in working directory full advantage of reuse of PBKDF2 not on old hash formats --oui-group : convert to OUI groups in working directory not on old hash formats --mac-group-ap : convert APs to MAC groups in working directory not on old hash formats --mac-group-client : convert CLIENTs to MAC groups in working directory not on old hash formats --type : filter by hash type : default PMKID (1) and EAPOL (2) --essid-len : filter by ESSID length : default ESSID length: 0...32 --essid-min : filter by ESSID minimum length : default ESSID minimum length: 0 --essid-max : filter by ESSID maximum length : default ESSID maximum length: 32 --essid= : filter by ESSID --essid-part= : filter by part of ESSID --mac-ap= : filter AP by MAC : format: 001122334455, 00:11:22:33:44:55, 00-11-22-33-44-55 (hex) --mac-client= : filter CLIENT by MAC : format: 001122334455, 00:11:22:33:44:55, 00-11-22-33-44-55 (hex) --oui-ap= : filter AP by OUI : format: 001122, 00:11:22, 00-11-22 (hex) --oui-client= : filter CLIENT by OUI : format: 001122, 00:11:22, 00-11-22 (hex) --vendor= : filter by (part of) VENDOR name --authorized : filter EAPOL pairs by status authorized --notauthorized : filter EAPOL pairs by status not authorized --rc : filter EAPOL pairs by replaycount status checked --apless : filter EAPOL pairs by status M2 requested from client --info= : output detailed information about content of hash file --info=stdout : stdout output detailed information about content of hash file --vendorlist : stdout output VENDOR list sorted by OUI --psk= : pre-shared key to test : due to PBKDF2 calculation this is a very slow process : no nonce error corrections --pmk= : plain master key to test : no nonce error corrections --hccapx= : output to deprecated hccapx file --hccap= : output to ancient hccap file --hccap-single : output to ancient hccap single files (MAC + count) --john= : output to deprecated john file --help : show this help --version : show version | deprecated | obsolete when hashcat and JtR moved to new PMKID/EAPOL hash line - no longer under maintenance | | -------------- | -------------------------------------------------------------------------------------------------------------------- | | whoismac | Show vendor information and/or download oui reference list | | hcxmactool | Various MAC based filter operations on HCCAPX and PMKID files - convert hccapx and/or PMKID to new hashline format | | hcxpcaptool | Shows info of pcap/pcapng file and convert it to other hashformats accepted by hashcat and John the Ripper | | hcxpmkidtool | CPU based tools to verfiy a PMKID | | hcxessidtool | Various ESSID based filter operations on HCCAPX and PMKID files | | hcxhashcattool | Convert old hashcat (<= 5.1.0) separate potfile (2500 and/or 16800) to new potfile format | | wlanhc2hcx | Converts hccap to hccapx | | wlanwkp2hcx | Converts wpk (ELMCOMSOFT EWSA projectfile) to hccapx | | wlanhcx2ssid | Strips BSSID, ESSID, OUI | | wlanhcxinfo | Shows detailed info from contents of hccapxfile | | wlanhcxcat | Simple password recovery tool for WPA/WPA2/WPA2 SHA256 AES-128-CMAC (hash-modes 2500, 2501) | | wlanpmk2hcx | Converts plainmasterkey and ESSID for use with hashcat hash-mode 12000 or john PBKDF2-HMAC-SHA1 | | wlanjohn2hcx | Converts john wpapsk hashfiles for use with hashcat hash-modes 2500, 2501 | | wlancow2hcxpmk | Converts pre-computed cowpatty hashfiles for use with hashcat hash-mode 2501 | | wlanhcx2john | Converts hccapx to format expected by John the Ripper | 05.01.2020 ========== hcxhashtool: added new options -d : download http://standards-oui.ieee.org/oui.txt : and save to ~/.hcxtools/oui.txt : internet connection required --info= : output detailed information about content of hash file --info=stdout : stdout output detailed information about content of hash file 03.01.2020 ========== started to remove deprecated tools wlanhcxmnc: removed 19.12.2019 ========== hacxhashtool: added new tool initial this tool will work on new PMKID EAPOL hash line and replace all older hcxtools when all functions implemented. 19.12.2019 ========== hcxpcapngtool: move -j to --john because format is deprecated and JtR will move to new format, too https://github.com/hashcat/hashcat/issues/1816#issuecomment-567423392 17.12.2019 ========== hcxpsktool: added support for hashcat 22000 (crossover PMKID - EAPOL hashline) -c : input PMKID/EAPOL hash file (hashcat -m 22000) 16.12.2019 ========== prepare new tool hcxpcapngtool for hashcat hashmode 22000 (crossover PMKID - EAPOL hashline) highly experemental not all features build in format of hashmode 22000 may change on hashcat and hcxpcapngtool until final release hcxpcaptool will replaced by hcxpcapngtool if everything is working like expected only testing purpose to verify hashcat's new hash mode 22000 09.12.2019 ========== hcxpsktool : added new weak candidates --phome : include PEGATRON HOME candidates 08.12.2019 ========== move to v5.3.0 29.09.2019 ========== hcxpmkidtool: added new tool to verify a PMKID (CPU based) options: -p : input PMKID PMKID:MAC_AP:MAC_STA:ESSID(XDIGIT) PMKID*MAC_AP*MAC_STA*ESSID(XDIGIT) -w : input wordlist (8...63 characters) output: PMK:ESSID (XDIGIT):password -W : input single word (8...63 characters) output: PMK:ESSID (XDIGIT):password -K : input single PMK output: PMK:ESSID (XDIGIT) format: -h : show this help -v : show version --help : show this help --version : show version hcxpmkidtool is designed to verify an existing PSK or and existing PMK. It is not designed to run big wordlists! 25.09.2019 ========== wlanhashhcx: removed hcxmactool: added new tool (MAC based counterpart to ESSID based hcxessidtool) options: -o : filter access point by OUI -n : filter access point by NIC -m : filter access point by MAC -a : filter access point by VENDOR name -O : filter client by OUI -N : filter client point by NIC -M : filter client point by MAC -A : filter client by VENDOR name -h : show this help -v : show version --pmkidin= : input PMKID file 1 --pmkidout= : output PMKID file 1 --hccapxin= : input HCCAPX file --hccapxout= : output HCCAPX file --help : show this help --version : show version 24.09.2019 ========== hcxessidtool: added new options and improved help --pmkidgroupout= : output ESSID groups from ESSIDs present in PMKID1 --hccapxgroupout=: output ESSID groups from ESSIDs present in HCCAPX1 15.09.2019 ========== hcxpcaptool: added new option and improved help --ignore-mac : do not check MAC addresses this will allow to use ESSIDs from frames with damaged broadcast MAC address 14.09.2019 ========== hcxpcaptool : improved detection of damaged ESSIDs 13.09.2019 ========== hcxessidtool: added new options --essidout= : output ESSID list --essidmacapout= : output MAC_AP:ESSID list 12.09.2019 ========== removed : wlanhcx2essid (deprecated) added : hcxessidtool options: -e : filter by ESSID -E : filter by part of ESSID -l : filter by ESSID length -h : show this help -v : show version --pmkid1= : input PMKID file 1 --pmkid2= : input PMKID file 2 --pmkidout12= : output only lines present in both PMKID file 1 and PMKID file 2 --pmkidout1= : output only lines present in PMKID file 1 --pmkidout2= : output only lines present in PMKID file 2 --pmkidout= : output only ESSID filtered lines present in PMKID file 1 --hccapx1= : input HCCAPX file 1 --hccapx2= : input HCCAPX file 2 --hccapxout12= : output only lines present in both HCCAPX file 1 and HCCAPX file 2 --hccapxout1= : output only lines present in HCCAPX file1 --hccapxout2= : output only lines present in HCCAPX file 2 --hccapxout= : output only ESSID filtered lines present in HCCAPX file 1 --help : show this help --version : show version Main purpose is to get full adcantage or reuse of PBKDF2 while merging (only) the same ESSIDs from different hash files examples: hcxessidtool --pmkid1=file1.16800 --pmkid2=file2.16800 --pmkidout12=joint.16800 hcxessidtool --pmkid1=file1.16800 -l 10 --pmkidout=filtered.16800 03.09.2019 ========== move to v5.2.2 fixed bug in damaged ESSID handling 01.09.2019 ========== hcxpcaptool: show capture device vendor 28.08.2019 ========== moved to v5.2.1 hcxpsktool : added new weak candidates hcxdumptool: added additional warnings about handling of pcapng files ( im imrpoved status out: count zeroed PMKIDs 19.08.2019 ========== move to v5.2.0 11.08.2019 ========== hcxpcaptool: print time of first packet and time of last packet this will not work on cap files with zeroed time stamps 10.08.2019 ========== hcxpcaptool: removed option --replaycountcheck added option --ignore-replaycount to allow conversion of not replaycount checked handshakes if we have no replaycount matching handshake - in that case nc must be used! Remarks: total best handshakes and total best PMKIDs can be different to realy written ones: best handshakes (total)..........: 190 (ap-less: 122) best PMKIDs (total)..............: 30 summary output file(s): ----------------------- 175 handshake(s) written to /tmp/test.hccapx message pair M12E2...............: 157 message pair M32E2...............: 16 message pair M34E4...............: 2 29 PMKID(s) written to /tmp/test.16800 That depend on this additional options and the quality of the cap file: --ignore-fake-frames : do not convert fake frames --ignore-zeroed-pmks : do not convert frames which use a zeroed plainmasterkey (PMK) --ignore-replaycount : allow not replaycount checked best handshakes --time-error-corrections= : maximum time gap between EAPOL frames - EAPOL TIMEOUT (default: 600s) --nonce-error-corrections= : maximum replycount/nonce gap to be converted (default: 8) example: --nonce-error-corrections=60 convert handshakes up to a possible packetloss of 59 packets hashcat nonce-error-corrections should be twice as much as hcxpcaptool value --max-essid-changes= : allow maximum ESSID changes (default: 1 - no ESSID change is allowed) 09.08.2019 ========== hcxpcaptool: added summary (replaycount check) and print warning if result is not replaycount checked (in this case nc is necessary) added warning if an ESSID change is detected. this can be handled by increase the value of option --max-essid-changes added new option --replaycountcheck --replaycountcheck : convert only replaycount checked frames 26.06.2019 ========== hcxpcaptool: added new option --max-essid-changes --max-essid-changes= : allow maximum ESSID changes (default: 8) useful on merged cap files with many ESSID changes for a single mac_ap or on damaged ESSIDs 23.06.2019 ========== hcxpcaptool: fixed several big endian issues show information about handshakes and PMKIDs calculated by a zeroed PMK added new options --ignore-zeroed-pmks and --prefix-out= --ignore-zeroed-pmks : do not convert frames which use a zeroed plainmasterkey (PMK) This option is useful to reduce the commandline length if all lists are requested: --prefix-out= : convert everything to lists using this prefix (overrides single options): hccapx (-o) file.hccapx PMKID (-k) file.16800 netntlm (--netntlm-out) file.5500 md5 (--md5-out) file.4800 tacacsplus (--tacacsplus) file.16100 wordlist (-E) file.essidlist identitylist (-I) file.identitylist usernamelist (-U) file.userlist imsilist (-M) file.imsilist networklist (-network-out) file.networklist trafficlist (-T) file.networklist clientlist (-X) file.clientlist deviceinfolist (-D) file.deviceinfolist 20.06.2019 ========== hcxpcaptool: complete refactoring of pcapng engine 19.06.2019 ========== hcxpcaptool: added new option -D -D : output unsorted device information list format = MAC:DEVICEINFO string 16.06.2019 ========== hcxpcaptool: refactored complete tag walk engine due to several stack smashing issues (fsanitize=address) added new option to detect known fake frames --ignore-fake-frames : do not convert fake frames 14.06.2019 ========== hcxpcaptool: complete rewrite of RSN-IE PMKID detection within association frames and reassociation frames 07.06.2019 ========== hcxpcaptool: added new option to filter output by a single MAC address all packets which doesn't contain this MAC in address 1, address 2 or address 3 are ignored. --filtermac= : filter output by MAC address format: 112233445566 07.06.2019 ========== hcxpcaptool: detect and convert PMKIDs from clients read more here: https://hashcat.net/forum/thread-6661-post-44869.html#pid44869 30.05.2019 ========== hcxtools moved to v5.1.6 due to a bug in v5.1.5 hcxpcaptool: added 2 new options to convert raw PMKIDs -K : output raw PMKID file (hashcat hashmode -m 16801 new format) -Z : output raw PMKID file (hashcat hashmode -m 16801 old format and john) use this options if you would like to verify a PMKID and yo don't have an ESSID read more here: https://github.com/ZerBea/hcxtools/issues/92#issuecomment-497128717 19.05.2019 ========== added new useful script: hcxgrep.py Works like grep, but for hccapx/pmkid hashfiles - those are detected automagically. It also can read from stdin and writes on stdout. It tries to be as close to grep commandline options, this is -h: usage: hcxgrep.py [-h] [-f FILE] [-v] [-t {essid,mac_ap,mac_sta}] [PATTERNS] [infile] Extract records from hccapx/pmkid file based on regexp positional arguments: PATTERNS RegExp pattern infile hccapx/pmkid file to process optional arguments: -h, --help show this help message and exit -f FILE, --file FILE Obtain patterns from FILE, one per line. -v, --invert-match Invert the sense of matching, to select non-matching nets -t {essid,mac_ap,mac_sta}, --type {essid,mac_ap,mac_sta} Field to apply matching, default essid By default it greps by essid, but you can choose with -t also to grep over mac_ap or mac_sta, passed as lowercase hex strings. It also can read multiple patterns from external file, like those attached. It's composed from routerkeygen and matches essids with _ or - in them. Of course this have many false positives and the default PSK can be changed, but one can easy get those nets he needs to try custom wordlists or etc. 16.04.2019 ========== finally removed wlanhcx2psk in favor of hcxpsktool 08.04.2019 ========== hcxpcaptool: from now on only PBKDF2 based hashes (EAPOL and PMKID) are converted running options -k -z and -o raw option -O will convert all EAPOL handshakes. 02.04.2019 ========== Due to hashcat changes: "WPA/WPA2 cracking: In the potfile, replace password with PMK in order to detect already cracked networks across all WPA modes" https://github.com/hashcat/hashcat/commit/b8d609ba1604f4fed62198ae5000e205dcc87f70 hcxpcaptool: added new option -k to convert dumpfile to new hashcat PMKID format -k : output PMKID file (hashcat hashmode -m 16800 new format) -z : output PMKID file (hashcat hashmode -m 16800 old format and john) use hcxhashcattool to convert old 2500 and old 16800 potfile to new hashcat potfile Format: -p : input old hashcat potfile accepted potfiles: 2500 or 16800 -P : output new potfile file (PMK:ESSID:PSK) hcxhashcattool -p oldhashcat.2500.pot -P newhashcat.potfile hcxhashcattool -p oldhashcat.16800.pot -P newhashcat.potfile 30.03.2019 ========== hcxpcaptool: retrieve IMSI from UMTS Authentication and Key Agreement (EAP-AKA) and EAP-SIM (GSM Subscriber Modules) Authentication 19.03.2019 ========== wlanhcx2ssid: use systemwide oui.txt (/usr/share/ieee-data/oui.txt), if exist whoismac: use systemwide oui.txt (/usr/share/ieee-data/oui.txt), if exist 18.03.2019 ========== wlancap2wpasec: added man 1 page hcxpcaptool: added new option -M to collect IMSI numbers -M : output unsorted IMSI number list 17.03.2019 ========== hcxpcaptool: added man 1 page hcxpsktool: added man 1 page hcxhash2cap: added man 1 page 09.03.2019 ========== hcxtools moved to version 5.1.3 due to change of pcapng comment field 07.03.2019 ========== hcxpcaptool added GPX comment field for GPS time from GPS device test3.gpx dntest.pcapng 129.500000 1af87c9124a3 GPS-TIME:2019-03-06T22:28:00Z 26.02.2019 ========== hcxtools moved to version 5.1.3 due to several bug fixes 18.02.2019 ========== hcxtools moved to version 5.1.2 due to implementation of serveral new options 14.02.2019 ========== wlancap2wpasec: added new option -e -e : set email address, if requiered 13.02.2019 ========== hcxpsktool added full support (option -j) for john -i : input EAPOL hash file (hashcat) -j : input EAPOL hash file (john) -z : input PMKID hash file (hashcat and john) 12.02.2019 ========== hcxpcaptool: added new option -X -X : output client probelist : format: mac_sta:probed ESSID (autohex enabled) added new tool: hcxwltool while hcxpsktool is designed to run on hcxpcaptool -o and -z output, hcxwltool is designed to run on hcapcaptool -E, -I and -U output $ hcxwltool -h hcxwltool 5.1.1 (C) 2019 ZeroBeat usage: hcxwltool options: -i : input worlist -o : output wordlist to file -h : show this help -v : show version --straight : output format untouched --digit : output format only digits --xdigit : output format only xdigits --lower : output format only lower --upper : output format only upper --capital : output format only capital --length= : password lenght (8...32) --help : show this help --version : show version examples: hcxwltool -i wordlist --straight | sort | uniq | | sort | uniq | hashcat -m 2500 hashfile.hccapx hcxwltool -i wordlist --gigit --length=10 | sort | uniq | | sort | uniq | hashcat -m 2500 hashfile.hccapx hcxwltool -i wordlist --digit | sort | uniq | hashcat -m 16800 hashfile.16800 hcxwltool -i wordlist --xdigit | sort | uniq | john --stdin --format=wpapsk-opencl hashfile.16800 11.02.2019 ========== whoismac: added two new options to convert ESSID HEX to ASCII or ESSID ASCII to HEX -e : input ESSID -x : input ESSID in hex example: $ whoismac -e default 64656661756c74 now search for this essid, running simple bash commands: cat hashfile.16800 | grep 64656661756c74 02.02.2019 ========== release hcxtools v 5.1.1 removed....: wlanhcx2psk replaced by: hcxpsktool removed....: wlanhcx2cap replaced by: hcxhash2cap no more libcap dependency! 01.02.2019 ========== hcxhash2cap: added new option to canvert john WPAPSK has file to cap hcxhash2cap will replace wlanhcx2cap, soon $ hcxhash2cap -h hcxhash2cap 5.1.0 (C) 2019 ZeroBeat usage: hcxhash2cap options: -c : output cap file if no cap file is selected, output will be written to single cap files format: mac_sta.cap (mac_sta.cap_x) --pmkid= : input PMKID hash file --hccapx= : input hashcat hccapx file --hccap= : input hashcat hccap file --john= : input John the Ripper WPAPSK hash file --help : show this help --version : show version 31.01.2019 ========== hcxhash2cap: added new options to convert hccapx to cap and hccap to cap 29.01.2019 ========== aded new tool: hcxhash2cap 22.01.2019 ========== hcxpcaptool: in preparation of hccapx successor, hcxpcaptool now count oversized (>0xff) EAPOLframes EAPOL packets (oversized)....: xx read more here: https://github.com/hashcat/hashcat/issues/1816 13.12.2018 ========== hcxpcaptool: removed options -x and -X (old hccap format) hcxpcaptool: added options --hccap-out and --hccap-raw-out (old hccap format) --hccap-out= : output old hccap file (hashcat -m 2500) --hccap-raw-out= : output raw old hccap file (hashcat -m 2500) 09.12.2018 ========== hcxpcaptool: detect EAPOL GROUP KEYs hcxpcaptool: move option -H to --hexdump-out hcxpcaptool: added new options (--eapol-out, --network-out) --eapol-out= : output EAPOL packets in hex format = mac_ap:mac_sta:eapol --network-out= : output network information format = mac_ap:ESSID --hexdump-out= : output dump raw packets in hex 05.12.2018 ========== moved to v 5.1.0 (according to hashcat) hcxpcaptool: detect EAPOL RC4 KEYs 04.12.2018 ========== hcxpcaptool: fixed bug in FCS on BE systems hcxpcaptool: detect MESH-IDs 26.11.2018 ========== several big endian fixes switched to version 5.0.1 19.11.2018 ========== hcxpcaptool: improved detection of ESSID changes in merged capfiles 30.10.2018 ========== hcxtools moved to version 5.0.0 hcxpsktool: added NETGEARxx list --netgear : include NETGEAR candidates 03.10.2018 ========== hcxpcaptool: use GMT time 30.09.2018 ========== hcxhashcattool: accept 16800 potfiles 29.09.2018 ========== hcxpcaptool: removed option -Z Allow hashfile for -m 16800 to be used with -m 16801 https://github.com/hashcat/hashcat/commit/1b980cf01000c81dfd0ca085593f8c1d66d43188 added new option -g -g : output GPS file\n" format = GPX (accepted for example by Viking and GPSBabel)\n" 24.09.2018 ========== whoismac new option to get VENDOR information from a hashcat 2500 potfile line -P : input EAPOL hashline from potfile 20.09.2018 ========== prepare new tool (experimental): hcxpsktool (supports hccapx and 16800 hashfile) hcxpsktool will replace wlanhcx2psk, when all wlanhcx2psk functions are added 15.09.2018 ========== hcxpcaptool: added detection of Cisco Systems, Inc VENDOR information in authentication 06.09.2018 ========== hcxpcaptool: added detection of Netgear VENDOR information in authentication 04.09.2018 ========== hcxpcaptool: try to detect and remove damaged ESSIDs 26.08.2018 ========== whoismac added new option -p to get information about VENDOR and print ESSID in ASCII "-p : input PMKID hashline\n" 17.08.2018 ========== hcxpcaptool skip unknown option (thanks to magnumripper) hcxpcaptool detect Wilibox Delibrant Group LLC authentication hcxpcaptool detect NETWORK EAP authentication system 07.08.2018 ========== added communication between hcxdumtool and hcxpcaptool via pcapng option fields: 62108 for REPLAYCOUNT uint64_t 62109 for ANONCE uint8_t[32] 03.08.2018 ========== hcxtools release 4.2.0 Todo: hcxdumptool 4.2.0 will randomize ap-less attacks. hcxpcaptool will convert this handshakes correctly, but will not detect them as ap-less attack This feature will be added in hcxtools 4.2.1 01.08.2018 ========== moved raspberry pi stuff and dumper stuff to hcxdumptool repository from now on hcxtools only includes conversion tools 25.07.2018 ========== hcxtools moved to 4.2.0 rc1 hcxpcaptool: added hashmodes -m 16800 and -m 16801 and new options: -z : output PMKID file (hashcat hashmode -m 16800 - WPA*-PMKID-PBKDF2) -Z : output PMKID file (hashcat hashmode -m 16801 - WPA*-PMKID-PMK) use hcxpcaptool as dumper/attacker, convert with hcxpcaptool, retrieve PSK using hashcat removed wlandump-ng (old scool, deprecated) removed wlancap2hcx (old scool, deprecated) 17.07.2018 ========== hcxpcaptool: show detailed file stats on pcapng files - go in sync with (upcomming) hcxdumptool 4.2.0 17.07.2018 ========== hcxpcaptool: added detection of all EAP types: EAP_PACKET EAPOL_START EAPOL_LOGOFF EAPOL_KEY EAPOL_ASF EAPOL_MKA 15.07.2018 ========== wlanhcx2psk: added more weak candidates based on OSINT from wpa-sec 07.07.2018 ========== hcxpcaptool: added detection of BROADCOM specific authentication 01.07.2018 ========== hcxpcaptool: added detection of FILS authentication algorithm 27.06.2018 ========== hcxpcaptool: added detection of authentication algorithms 23.06.2018 ========== hcxpcaptool: added full support for AVS header (DLT_IEEE802_11_RADIO_AVS) 22.06.2018 ========== hcxpcaptool: added full support for TaZmen Sniffer Protocol (TZSP) 21.06.2018 ========== hcxpcaptool: added detection of TaZmen Sniffer Protocol (TZSP) 20.06.2018 ========== hcxpcaptool: added conversion of WDS packets 19.06.2018 ========== hcxpcaptool: added detection of RADIUS authentication with Ethernet II header 05.05.2018 ========== hcxpcaptool: improved detection of broken ESSIDs improved detection of broken EAPOL frames wlanhcx2ssid (option -F): improved detection of broken ESSIDs omproved detection of broken EAPOL frames 12.03.2018 ========== moved to v 4.1.5 added new options wlancap2wpasec $ wlancap2wpasec -h wlancap2wpasec 4.1.5 (C) 2018 ZeroBeat usage: wlancap2wpasec [input.cap] [input.cap] ... wlancap2wpasec *.cap wlancap2wpasec *.* options: -k : wpa-sec user key -u : set user defined URL default = https://wpa-sec.stanev.org -t : set connection timeout default = 30 seconds -R : remove cap if upload was successful -h : this help 25.02.2018 ========== split repository! moved hcxdumptool to https://github.com/ZerBea/hcxdumptool move pioff to https://github.com/ZerBea/hcxdumptool/hcxpioff from now on, hcxtools will be the mostly "portable part" 17.02.2018 ========== hcxpcaptool added nonce fuzzing logic for john and old hashcat (hccap) according to bitmask: 0: MP info 1: MP info 2: MP inf 3: x (unused) 4: ap-less attack (set to 1) - no nonce-error-corrections neccessary 5: LE router detected (set to 1) - nonce-error-corrections only for LE neccessary 6: BE router detected (set to 1) - nonce-error-corrections only for BE neccessary 7: not replaycount checked (set to 1) - replaycount not checked, nonce-error-corrections definitely neccessary 15.02.2018 ========== hcxpcaptool added detection of router endianess and ap-less attacks: bitmask for message_pair file: 0: MP info 1: MP info 2: MP inf 3: x (unused) 4: ap-less attack (set to 1) - no nonce-error-corrections neccessary 5: LE router detected (set to 1) - nonce-error-corrections only for LE neccessary 6: BE router detected (set to 1) - nonce-error-corrections only for BE neccessary 7: not replaycount checked (set to 1) - replaycount not checked, nonce-error-corrections definitely neccessary using bit 4 to 7, hcxtools are able to interact with hascat - that will increase speed for hashcat. 09.02.2018 ========== hcxpcaptool added full implementation of PPP-CHAP authentication added detection of RADIUS (UDP destination 1812) new dependency: libopenssl 07.02.2018 ========== hcxpcaptool added full implementation of TACACS+ --tacacsplus-out= : output TACACS+ authentication file (hashcat -m 16100, john tacacs-plus) 05.02.2018 ========== hcxpcaptool improved help menu ignore empty usernames added new option --md5-john-out= : output MD5 challenge file (john chap) 04.02.2018 ========== hcxpcaptool continued implementation of EAP (RADIUS): netNTLMv1, MD5 challenge added new options -U : output username list (unsorted) --netntlm-out= : output netNTLMv1 file (hashcat -m 5500, john netntlm) --md5-out= : output MD5 challenge file (hashcat -m 4800, john chap) 03.02.2018 ========== added hcxphashcattool (calculate PMKs from hashcat -m 2500 potfile) $ hcxhashcattool -h hcxhashcattool 4.1.0 (C) 2018 ZeroBeat usage: hcxhashcattool options: -p : input hashcat -m 2500 potfile -P : output PMK file (PMK:ESSID:PSK) -h : show this help -v : show version 01.02.2018 ========== hcxpcaptool added detection of TCP and UDP network protocol neccessary for IP based authentications 31.01.2018 ========== hcxtools moved to v 4.1.0 and starts into the 3. generation with - hcxdumptool (will replace wlandump-ng) and - hcxpcaptool (will replace wlancap2hcx) 29.01.2018 ========== hcxpcaptool improved detection of handshakes removed options -A -S ( will improve them and add them later again) 17.01.2018 ========== hcxpcaptool added new options -O : output raw hccapx file -x : output hccap file -X : output raw hccap file -j : output john WPAPSK-PMK file -J : output raw john WPAPSK-PMK file --time-error-corrections : maximum allowed time gap (default: 10000ms) --nonce-error-corrections : maximum allowed nonce gap (default: 8) : should be the same value as in hashcat option -O is designed for third party tools which like to strip handshakes by themselves options -x and -X are designed for use on older systems and old hashcat version 16.01.2018 ========== hcxpcaptool added new option -o -o : output hccapx file convert cap/pcap/pcapng to hccapx 15.01.2018 ========== hcxpcaptool added new option -V -V : verbose (but slow) status output Running hcxpcaptool without options on cap/pcap/pcapng files shows only limited stauts output If you need detailed informations, use -V 14.01.2018 ========== hcxpcaptool added suport for gzip compressed cap/pcap/pcapng files new dependency: zlib 14.01.2018 ========== hcxpcaptool added new options -P -I -I : output identities list -P : output possible WPA/WPA2 plainmasterkey list 13.01.2018 ========== hcxpcaptool added new option -S : output station EAPOL information list date::timestamp:mac_sta:mac_ap:epol_len:eapol moved internal to tv_usec timestamp 12.01.2018 ========== hcxdumptool added new option -C : comma separated scanlist (1,3,5,7...) support for scanlist hcxpcaptool added new option -A : output access point anonce information list (forensics purpose) date:mac_sta:mac_ap:keyver(1=M1, 2=M3, 3=M1+M3):replaycount(in hex):anonce 11.01.2018 ========== hcxpcaptool added new options -E : output wordlist (autohex enabled) to use as wordlist -T : output traffic information list 10.01.2018 ========== hcxpcaptool added option -H -H : dump raw packets in hex 09.01.2018 ========== - move hcxtools to v 4.0.2 - renamed wlandump-rs to hcxdumptool - removed wlancapinfo -> replaced by hcxpcaptool +get rid of libpcap dependency) +added full pcapng support $ hcxpcaptool -h hcxpcaptool 4.0.2 (C) 2017 ZeroBeat usage: hcxpcaptool hcxpcaptool [input.pcap] [input.pcap] ... hcxpcaptool *.cap hcxpcaptool *.* options: -h : show this help -v : show version 07.01.2018 ========== wlandump-rs added option -l -l : enable capture of IPv4/IPv6 packets 06.01.2018 ========== wlandump-ng added option -l -l : enable capture of IPv4/IPv6 packets 21.12.2017 ========== wlancap2hcx removed option -x now wlancap2hcx looks first for association/re-associationrequests or for directed proberequests or for proberesponseses and at last (if no other frames found in the cap) for a beacon 21.12.2017 ========== wlancap2hcx added new option to remove handshakes that that belong to the same authentication sequence -D : remove handshakes that belong to the same authentication sequence : you must use nonce-error-corrections on that file! wlanhcx2ssid added new option to remove handshakes that that belong to the same authentication sequence -D : remove handshakes that belong to the same authentication sequence : you must use nonce-error-corrections on that file! 17.12.2017 ========== moved to version 4.0.1 added wlandump-rs - use raw sockets instead of libpcap - faster and more aggressive than wlandump-ng - able to capture more handchakes than wlandump-ng - automatic use channel 14 and 5GHz channels if driver supports this - improvements on scan engine - improvements on authentication engine - use ap blacklist instead of BPF $ wlandump-rs -h wlandump-rs 4.0.1 (C) 2017 ZeroBeat usage: wlandump-rs options: -i : interface -o : output file in pcapformat including radiotap header (LINKTYPE_IEEE802_11_RADIOTAP) -c : set channel (default = channel 1) -t : stay time on channel before hopping to the next channel : default = 5 seconds -B : blacklist (do not deauthenticate clients from this hosts - format: xxxxxxxxxxxx) -I : show suitable wlan interfaces and quit -T : terminate after maximal errors : default: 1000000 -D : enable to transmit deauthentication- and disassociation-frames -P : enable poweroff -s : enable status messages -h : show this help -v : show version 16.12.2017 ========== wlancap2wpasec ----------- added option to remove cap file if upload was successful -R : remove cap if upload was successful 05.12.2017 ========== wlanhcx2ssid ----------- added option to strip damaged records from hccapx file -F : strip bad records and write only flawless records to hccapx file Detected errors (more follows later): - bad keytype in EAPOL frame 21.11.2017 ========== wlancap2hcx ----------- added detection and conversation of TACACS+ Authentication -t : output TACACS+ file (hashcat -m 16100, john tacacs-plus) 21.11.2017 ========== wlandump-ng ----------- added new option -P for use with hard coded GPIO switch -P : terminate program and poweroff raspberry pi by GPIO switch : default: terminate program and do not power off 20.11.2017 ========== wlandump-ng ----------- do not terminate wlandum-ng if channel set failed instead reset channel back to 1 31.10.2017 ========== wlandump-ng ----------- improved status: added beacons, proberequests, proberesponses, associationrequests and reassociationrequests warning in help mennu that driver must support 5GHz 29.10.2017 ========== wlanrcascan ----------- added option -l (loopcount) wlandump-ng ----------- added detection of fast BSS transition (fast roaming) wlancap2hcx ----------- added detection of fast BSS transition (fast roaming) 28.10.2017 ========== - added changelog - merged wlanresponse and wlandump-ng bash_profile ------------ adapted to new wlandump-ng wlanresponse ------------ - removed wlandump-ng ----------- - waterfall status - improved deauthentication stop when retrieved one complete handshake (M1-M4) from ap <-> client - improved disassociation stop when retrieved one complete handshake (M1-M4) from ap <-> client - send one undirected proberequest to broadcast after channel change - improved expanded EAPOL handling - improved authentication - improved beaconing on proberequests - now wlandump-ng is passive by default (only receive) - transmit must be enabled - changed / new options: -R : enable to respond to all requests -D : enable deauthentications -d : enable disassociations -E : stop deauthentications and disassociations if xx complete handshakes received : default = 1 complete handshake (M1-M4) -U : send one undirected proberequest to broadcast after channel change -B : enable beaconing on last proberequest "-s : enable status messages\n" localtime, channel, mac_ap, mac_sta, information 11:02:52 11 xxxxxxxxxxxx <-> xxxxxxxxxxxx M1M2 handshake (forced) 11:01:45 11 xxxxxxxxxxxx <-> xxxxxxxxxxxx M1M2 handshake (forced-retransmission) 11:03:57 11 xxxxxxxxxxxx <-> xxxxxxxxxxxx M1M2 handshake (not verified) 11:03:57 11 xxxxxxxxxxxx <-> xxxxxxxxxxxx M2M3 handshake (verified) 11:03:57 11 xxxxxxxxxxxx <-> xxxxxxxxxxxx M3M4 handshake (established) 16:36:13 1 xxxxxxxxxxxx --> xxxxxxxxxxxx identity request: hello 16:36:13 1 xxxxxxxxxxxx <-- xxxxxxxxxxxx identity response: WFA-SimpleConfig-Registrar-1-0 16:36:14 1 xxxxxxxxxxxx --> xxxxxxxxxxxx WPS-M1 message 16:36:14 1 xxxxxxxxxxxx <-- xxxxxxxxxxxx WPS-M2 message 16:36:16 1 xxxxxxxxxxxx --> xxxxxxxxxxxx WPS-M3 message 16:36:16 1 xxxxxxxxxxxx <-- xxxxxxxxxxxx WPS-M4 message 16:36:16 1 xxxxxxxxxxxx --> xxxxxxxxxxxx WPS-M5 message 16:36:16 1 xxxxxxxxxxxx <-- xxxxxxxxxxxx WPS-M6 message 16:36:16 1 xxxxxxxxxxxx --> xxxxxxxxxxxx WPS-M7 message 16:36:16 1 xxxxxxxxxxxx <-- xxxxxxxxxxxx WPS-M8 message hcxtools-6.2.7/hcxeiutool.c000066400000000000000000000167411423200176400157300ustar00rootroot00000000000000#define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include "include/hcxeiutool.h" /*===========================================================================*/ /* global variable */ static FILE *fh_digitlist; static FILE *fh_xdigitlist; static FILE *fh_charlist; static FILE *fh_cslist; /*===========================================================================*/ static void separatewords(int len, char *line) { static int c, cl, cs, cw, cd, cx; static char word[LINE_MAX][WORD_MAX]; cs = 0; cw = 0; cd = 0; cx = 0; cl = CSWORD; memset(word, 0, sizeof(word)); for(c = 0; c < len; c++) { if((line[c] >= '0') && (line[c] <= '9')) { word[DIGITWORD][cd] = line[c]; cd++; } if(isxdigit((unsigned char)line[c])) { word[XDIGITWORD][cx] = line[c]; cx++; } if(((line[c] >= 'A') && (line[c] <= 'Z')) || ((line[c] >= 'a') && (line[c] <= 'z'))) { word[CHARWORD][cw] = line[c]; word[cl][cs] = line[c]; cw++; cs++; } else { cl++; cs = 0; } } if(memcmp(word[DIGITWORD], word[XDIGITWORD], WORD_MAX) == 0) word[XDIGITWORD][0] = 0; if(memcmp(word[CSWORD], word[XDIGITWORD], WORD_MAX) == 0) word[XDIGITWORD][0] = 0; if(memcmp(word[CSWORD], word[CHARWORD], WORD_MAX) == 0) word[CHARWORD][0] = 0; if(fh_digitlist != NULL) { if(strnlen(word[DIGITWORD], WORD_MAX) > 3) fprintf(fh_digitlist, "%s\n", word[DIGITWORD]); } if(fh_xdigitlist != NULL) { if(strnlen(word[XDIGITWORD], WORD_MAX) > 3) fprintf(fh_xdigitlist, "%s\n", word[XDIGITWORD]); } if(fh_charlist != NULL) { if(strnlen(word[CHARWORD], WORD_MAX) > 3) fprintf(fh_charlist, "%s\n", word[CHARWORD]); } if(fh_cslist != NULL) { for(c = CSWORD; c < LINE_MAX; c++) { if(strnlen(word[c], WORD_MAX) > 3) fprintf(fh_cslist, "%s\n", word[c]); } } return; } /*===========================================================================*/ /*===========================================================================*/ static inline size_t chop(char *buffer, size_t len) { static char *ptr; ptr = buffer +len -1; while(len) { if (*ptr != '\n') break; *ptr-- = 0; len--; } while(len) { if (*ptr != '\r') break; *ptr-- = 0; len--; } return len; } /*---------------------------------------------------------------------------*/ static inline int fgetline(FILE *inputstream, size_t size, char *buffer) { static size_t len; static char *buffptr; if(feof(inputstream)) return -1; buffptr = fgets (buffer, size, inputstream); if(buffptr == NULL) return -1; len = strlen(buffptr); len = chop(buffptr, len); return len; } /*===========================================================================*/ static void processwordlist(FILE *fh_in) { static int len; static char hexid[] = "$HEX["; static char linein[LINEIN_MAX]; while((len = fgetline(fh_in, LINEIN_MAX, linein)) != -1) { if(memcmp(&linein, &hexid, 5) == 0) continue; if(len < 64) separatewords(len, linein); } return; } /*===========================================================================*/ __attribute__ ((noreturn)) static void version(char *eigenname) { fprintf(stdout, "%s %s (C) %s ZeroBeat\n", eigenname, VERSION_TAG, VERSION_YEAR); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) static void usage(char *eigenname) { fprintf(stdout, "%s %s (C) %s ZeroBeat\n" "usage:\n" "%s \n" "\n" "options:\n" "-i : input wordlist\n" "-d : output digit wordlist\n" "-x : output xdigit wordlist\n" "-c : output character wordlist (A-Za-z - other characters removed)\n" "-s : output character wordlist (A-Za-z - other characters replaced by 0x0d)\n" " recommended option for processing with rules\n" "-h : show this help\n" "-v : show version\n" "\n" "--help : show this help\n" "--version : show version\n" "\n" "example:\n" "$ hcxdumptool -i -o dump.pcapng --enable_status=31\n" "$ hcxpcapngtool -o hash.22000 -E elist dump.pcapng\n" "$ hcxeiutool -i elist -d digitlist -x xdigitlist -c charlist -s sclist\n" "$ cat elist digitlist xdigitlist charlist sclist > wordlisttmp\n" "$ hashcat --stdout -r charlist >> wordlisttmp\n" "$ hashcat --stdout -r sclist >> wordlisttmp\n" "$ cat wordlisttmp | sort | uniq > wordlist\n" "$ hashcat -m 22000 hash.22000 wordlist\n" "\n", eigenname, VERSION_TAG, VERSION_YEAR, eigenname); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) static void usageerror(char *eigenname) { fprintf(stdout, "%s %s (C) %s by ZeroBeat\n" "usage: %s -h for help\n", eigenname, VERSION_TAG, VERSION_YEAR, eigenname); exit(EXIT_FAILURE); } /*===========================================================================*/ int main(int argc, char *argv[]) { static int auswahl; static int index; static FILE *fh_wordlistin = NULL; static char *wordlistinname = NULL; static char *digitname = NULL; static char *xdigitname = NULL; static char *charname = NULL; static char *csname = NULL; static const char *short_options = "i:d:x:c:s:hv"; static const struct option long_options[] = { {"version", no_argument, NULL, HCX_VERSION}, {"help", no_argument, NULL, HCX_HELP}, {NULL, 0, NULL, 0} }; auswahl = -1; index = 0; optind = 1; optopt = 0; fh_digitlist = NULL; fh_xdigitlist = NULL; fh_charlist = NULL; fh_cslist = NULL; while((auswahl = getopt_long (argc, argv, short_options, long_options, &index)) != -1) { switch (auswahl) { case HCX_INPUT_WORDLIST: wordlistinname = optarg; break; case HCX_OUTPUT_DIGITLIST: digitname = optarg; break; case HCX_OUTPUT_XDIGITLIST: xdigitname = optarg; break; case HCX_OUTPUT_CHARLIST: charname = optarg; break; case HCX_OUTPUT_CSLIST: csname = optarg; break; case HCX_HELP: usage(basename(argv[0])); break; case HCX_VERSION: version(basename(argv[0])); break; case '?': usageerror(basename(argv[0])); break; } } if(argc < 2) { fprintf(stderr, "no option selected\n"); return EXIT_SUCCESS; } if(wordlistinname == NULL) { fprintf(stderr, "no input wordlist selected\n"); return EXIT_SUCCESS; } if((fh_wordlistin = fopen(wordlistinname, "r")) == NULL) { fprintf(stderr, "error opening file %s: %s\n", wordlistinname, strerror(errno)); exit(EXIT_FAILURE); } if(digitname != NULL) { if((fh_digitlist = fopen(digitname, "a+")) == NULL) { fprintf(stderr, "error opening file %s: %s\n", digitname, strerror(errno)); exit(EXIT_FAILURE); } } if(xdigitname != NULL) { if((fh_xdigitlist = fopen(xdigitname, "a+")) == NULL) { fprintf(stderr, "error opening file %s: %s\n", xdigitname, strerror(errno)); exit(EXIT_FAILURE); } } if(charname != NULL) { if((fh_charlist = fopen(charname, "a+")) == NULL) { fprintf(stderr, "error opening file %s: %s\n", charname, strerror(errno)); exit(EXIT_FAILURE); } } if(csname != NULL) { if((fh_cslist = fopen(csname, "a+")) == NULL) { fprintf(stderr, "error opening file %s: %s\n", csname, strerror(errno)); exit(EXIT_FAILURE); } } processwordlist(fh_wordlistin); if(fh_cslist != NULL) fclose(fh_cslist); if(fh_charlist != NULL) fclose(fh_charlist); if(fh_xdigitlist != NULL) fclose(fh_xdigitlist); if(fh_digitlist != NULL) fclose(fh_digitlist); fclose(fh_wordlistin); return EXIT_SUCCESS; } /*===========================================================================*/ hcxtools-6.2.7/hcxessidtool.c000066400000000000000000001036771423200176400162620ustar00rootroot00000000000000#define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #if defined(__APPLE__) || defined(__OpenBSD__) #include #else #include #endif #include "include/hcxessidtool.h" #include "include/strings.c" #include "include/fileops.c" /*===========================================================================*/ /* global var */ static int essidonlylen = 0; static int essidfilterlen = 0; static int essidpartfilterlen = 0; static char *essidfiltername = NULL; static char *essidpartfiltername = NULL; static int pmkid1count = 0; static int pmkid2count = 0; static char *pmkid1name = NULL; static char *pmkid2name = NULL; static char *pmkid12outname = NULL; static char *pmkid1outname = NULL; static char *pmkid2outname = NULL; static char *pmkidoutname = NULL; static intpmkid_t *pmkid1list = NULL, *pmkidzeiger1 = NULL, *pmkidzeigerakt1 = NULL; static intpmkid_t *pmkid2list = NULL, *pmkidzeiger2 = NULL, *pmkidzeigerakt2 = NULL; static int hccapx1count = 0; static int hccapx2count = 0;; static char *hccapx1name = NULL; static char *hccapx2name = NULL; static char *hccapx12outname = NULL; static char *hccapx1outname = NULL; static char *hccapx2outname = NULL; static char *hccapxoutname = NULL; static bool pmkidgroupflag = false; static bool hccapxgroupflag = false; static inthccapx_t *hccapx1list = NULL, *hccapxzeiger1 = NULL, *hccapxzeigerakt1 = NULL; static inthccapx_t *hccapx2list = NULL, *hccapxzeiger2 = NULL, *hccapxzeigerakt2 = NULL; static char *essidoutname = NULL; static char *essidmacapoutname = NULL; static char separator = ':'; /*===========================================================================*/ static void globalclose() { if(pmkid1list != NULL) { free(pmkid1list); } if(pmkid2list != NULL) { free(pmkid2list); } if(hccapx1list != NULL) { free(hccapx1list); } if(hccapx2list != NULL) { free(hccapx2list); } return; } /*===========================================================================*/ static void writeessidmacaphccapx(char *sourcefile, inthccapx_t *hccapxlist, int hccapxcount) { static int written; static FILE *fh_file; static inthccapx_t *zeiger, *zeigernext; if((fh_file = fopen(essidmacapoutname, "a")) == NULL) { fprintf(stderr, "failed to open ESSID file %s\n", essidmacapoutname); return; } written = 0; zeiger = hccapxlist; for(zeiger = hccapxlist; zeiger < (hccapxlist +hccapxcount); zeiger++) { zeigernext = zeiger; zeigernext++; if(zeigernext->essidlen != zeiger->essidlen) { fwriteaddr1(zeiger->macap, fh_file); fwriteessidstr(zeiger->essidlen, zeiger->essid, fh_file); written++; } else { if((memcmp(zeigernext->macap, zeiger->macap, 6) != 0) || (memcmp(zeigernext->essid, zeiger->essid, zeiger->essidlen) != 0)) { fwriteaddr1(zeiger->macap, fh_file); fwriteessidstr(zeiger->essidlen, zeiger->essid, fh_file); written++; } } } fclose(fh_file); printf("%d ESSID(s) written to %s from %s\n", written, basename(essidmacapoutname), basename(sourcefile)); return; } /*===========================================================================*/ static void writeessidmacappmkid(char *sourcefile, intpmkid_t *pmkidlist, int pmkidcount) { static int written; static FILE *fh_file; static intpmkid_t *zeiger, *zeigernext; if((fh_file = fopen(essidmacapoutname, "a")) == NULL) { fprintf(stderr, "failed to open ESSID file %s\n", essidmacapoutname); return; } written = 0; zeiger = pmkidlist; for(zeiger = pmkidlist; zeiger < (pmkidlist +pmkidcount); zeiger++) { zeigernext = zeiger; zeigernext++; if(zeigernext->essidlen != zeiger->essidlen) { fwriteaddr1(zeiger->macap, fh_file); fwriteessidstr(zeiger->essidlen, zeiger->essid, fh_file); written++; } else { if((memcmp(zeigernext->macap, zeiger->macap, 6) != 0) || (memcmp(zeigernext->essid, zeiger->essid, zeiger->essidlen) != 0)) { fwriteaddr1(zeiger->macap, fh_file); fwriteessidstr(zeiger->essidlen, zeiger->essid, fh_file); written++; } } } fclose(fh_file); printf("%d ESSID(s) written to %s from %s\n", written, basename(essidmacapoutname), basename(sourcefile)); return; } /*===========================================================================*/ static void writeessidhccapx(char *sourcefile, inthccapx_t *hccapxlist, int hccapxcount) { static int written; static FILE *fh_file; static inthccapx_t *zeiger, *zeigernext; if((fh_file = fopen(essidoutname, "a")) == NULL) { fprintf(stderr, "failed to open ESSID file %s\n", essidoutname); return; } written = 0; zeiger = hccapxlist; for(zeiger = hccapxlist; zeiger < (hccapxlist +hccapxcount); zeiger++) { zeigernext = zeiger; zeigernext++; if(zeigernext->essidlen != zeiger->essidlen) { fwriteessidstr(zeiger->essidlen, zeiger->essid, fh_file); written++; } else { if(memcmp(zeigernext->essid, zeiger->essid, zeiger->essidlen) != 0) { fwriteessidstr(zeiger->essidlen, zeiger->essid, fh_file); written++; } } } fclose(fh_file); printf("%d ESSID(s) written to %s from %s\n", written, basename(essidoutname), basename(sourcefile)); return; } /*===========================================================================*/ static void writeessidpmkid(char *sourcefile, intpmkid_t *pmkidlist, int pmkidcount) { static int written; static FILE *fh_file; static intpmkid_t *zeiger, *zeigernext; if((fh_file = fopen(essidoutname, "a")) == NULL) { fprintf(stderr, "failed to open ESSID file %s\n", essidoutname); return; } written = 0; zeiger = pmkidlist; for(zeiger = pmkidlist; zeiger < (pmkidlist +pmkidcount); zeiger++) { zeigernext = zeiger; zeigernext++; if(zeigernext->essidlen != zeiger->essidlen) { fwriteessidstr(zeiger->essidlen, zeiger->essid, fh_file); written++; } else { if(memcmp(zeigernext->essid, zeiger->essid, zeiger->essidlen) != 0) { fwriteessidstr(zeiger->essidlen, zeiger->essid, fh_file); written++; } } } fclose(fh_file); printf("%d ESSID(s) written to %s from %s\n", written, basename(essidoutname), basename(sourcefile)); return; } /*===========================================================================*/ static int writehccapxline(int fd_file, inthccapx_t *hccapxline, int written) { static int c; static bool foundflag; if(essidonlylen > 0) { if(hccapxline->essidlen != essidonlylen) { return written; } } if(essidfilterlen > 0) { if(hccapxline->essidlen != essidfilterlen) { return written; } if(memcmp(hccapxline->essid, essidfiltername, essidfilterlen) != 0) { return written; } } if(essidpartfilterlen > 0) { if(hccapxline->essidlen < essidpartfilterlen) { return written; } foundflag = false; for(c = 0; c <= hccapxline->essidlen -essidpartfilterlen; c++) { if(memcmp(&hccapxline->essid[0], essidpartfiltername, essidpartfilterlen) == 0) { foundflag = true; break; } } if(foundflag == false) { return written; } } if((write(fd_file, hccapxline, INTHCCAPX_SIZE)) == -1) { perror("failed to write hccapx record"); } written++; return written; } /*===========================================================================*/ static void writehccapxgroups() { static int written; static int fd_file; static int cei; static int ceo; char digit[16] = {'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'}; char groupoutname[256]; written = 0; hccapxzeiger1 = hccapx1list; for(hccapxzeiger1 = hccapx1list; hccapxzeiger1 < (hccapx1list +hccapx1count); hccapxzeiger1++) { if(essidonlylen > 0) { if(hccapxzeiger1->essidlen != essidonlylen) { continue; } } ceo = 0; for (cei = 0; cei < hccapxzeiger1->essidlen; cei++) { groupoutname[ceo] = digit[(hccapxzeiger1->essid[cei] & 0xff) >> 4]; ceo++; groupoutname[ceo] = digit[hccapxzeiger1->essid[cei] & 0x0f]; ceo++; } groupoutname[ceo] = 0; strcat(&groupoutname[ceo], ".hccapx"); if((fd_file = open(groupoutname, O_WRONLY | O_CREAT | O_APPEND, 0644)) == -1) { perror("f"); fprintf(stderr, "failed to open HCCAPX file %s\n",groupoutname); return; } written = writehccapxline(fd_file, hccapxzeiger1, written); close(fd_file); } printf("%d hashes written to HCCAPX groups\n", written); return; } /*===========================================================================*/ static bool findhccapx21() { for(hccapxzeiger1 = hccapxzeigerakt1; hccapxzeiger1 < (hccapx1list +hccapx1count); hccapxzeiger1++) { if(memcmp(hccapxzeiger2->essid, hccapxzeiger1->essid, ESSID_LEN_MAX) == 0) { hccapxzeigerakt1 = hccapxzeiger1; return true; } if(memcmp(hccapxzeiger2->essid, hccapxzeiger1->essid, ESSID_LEN_MAX) > 0) { return false; } } return false; } /*===========================================================================*/ static bool findhccapx12() { for(hccapxzeiger2 = hccapx2list; hccapxzeiger2 < (hccapx2list +hccapx2count); hccapxzeiger2++) { if(memcmp(hccapxzeiger1->essid, hccapxzeiger2->essid, ESSID_LEN_MAX) == 0) { hccapxzeigerakt2 = hccapxzeiger2; return true; } if(memcmp(hccapxzeiger1->essid, hccapxzeiger2->essid, ESSID_LEN_MAX) > 0) { return false; } } return false; } /*===========================================================================*/ static void writehccapx() { static int written; static int fd_file; if((fd_file = open(hccapxoutname, O_WRONLY | O_CREAT | O_APPEND, 0644)) == -1) { perror("f"); fprintf(stderr, "failed to open HCCAPX file %s\n", hccapxoutname); return; } written = 0; hccapxzeiger1 = hccapx1list; for(hccapxzeiger1 = hccapx1list; hccapxzeiger1 < (hccapx1list +hccapx1count); hccapxzeiger1++) { written = writehccapxline(fd_file, hccapxzeiger1, written); } close(fd_file); printf("%d record(s) written to %s\n", written, basename(hccapxoutname)); return; } /*===========================================================================*/ static void writehccapx2() { static int written; static int fd_file; if((fd_file = open(hccapx2outname, O_WRONLY | O_CREAT | O_APPEND, 0644)) == -1) { fprintf(stderr, "failed to open HCCAPX file %s\n", hccapx2outname); return; } written = 0; hccapxzeiger1 = hccapx1list; hccapxzeiger2 = hccapx2list; hccapxzeigerakt1 = hccapx1list; hccapxzeigerakt2 = hccapx2list; for(hccapxzeiger2 = hccapx2list; hccapxzeiger2 < (hccapx2list +hccapx2count); hccapxzeiger2++) { if(findhccapx21() == true) { written = writehccapxline(fd_file, hccapxzeiger2, written); } } close(fd_file); printf("%d record(s) written to %s\n", written, basename(hccapx2outname)); return; } /*===========================================================================*/ static void writehccapx1() { static int written; static int fd_file; printf("%s\n", hccapx1outname); if((fd_file = open(hccapx1outname, O_WRONLY | O_CREAT | O_APPEND, 0644)) == -1) { fprintf(stderr, "failed to open HCCAPX file %s\n", hccapx1outname); return; } written = 0; hccapxzeiger1 = hccapx1list; hccapxzeiger2 = hccapx2list; hccapxzeigerakt1 = hccapx1list; hccapxzeigerakt2 = hccapx2list; for(hccapxzeiger1 = hccapx1list; hccapxzeiger1 < (hccapx1list +hccapx1count); hccapxzeiger1++) { if(findhccapx12() == true) { written = writehccapxline(fd_file, hccapxzeiger1, written); } } close(fd_file); printf("%d record(s) written to %s\n", written, basename(hccapx1outname)); return; } /*===========================================================================*/ static void writehccapx12() { static int written; static int fd_file; if((fd_file = open(hccapx12outname, O_WRONLY | O_CREAT, 0644)) == -1) { perror("f"); fprintf(stderr, "failed to open HCCAPX file %s\n", hccapx12outname); return; } written = 0; hccapxzeiger1 = hccapx1list; hccapxzeiger2 = hccapx2list; hccapxzeigerakt1 = hccapx1list; hccapxzeigerakt2 = hccapx2list; for(hccapxzeiger1 = hccapx1list; hccapxzeiger1 < (hccapx1list +hccapx1count); hccapxzeiger1++) { if(findhccapx12() == true) { written = writehccapxline(fd_file, hccapxzeiger1, written); } } hccapxzeiger1 = hccapx1list; hccapxzeiger2 = hccapx2list; hccapxzeigerakt1 = hccapx1list; hccapxzeigerakt2 = hccapx2list; for(hccapxzeiger2 = hccapx2list; hccapxzeiger2 < (hccapx2list +hccapx2count); hccapxzeiger2++) { if(findhccapx21() == true) { written = writehccapxline(fd_file, hccapxzeiger2, written); } } close(fd_file); printf("%d record(s) written to %s\n", written, basename(hccapx12outname)); return; } /*===========================================================================*/ static bool readhccapx2file() { static int count; static inthccapx_t *zeiger; static struct stat st; static int fd_file; if(stat(hccapx2name, &st) == -1) { perror("stat HCCAPX2 failed\n"); return false; } if((st.st_size %INTHCCAPX_SIZE) != 0) { fprintf(stderr, "failed to open corrupt HCCAPX file %s\n", hccapx2name); return false; } hccapx2list = malloc(st.st_size +INTHCCAPX_SIZE); if(hccapx2list == NULL) { printf("failed to allocate memory\n"); return false; } if((fd_file = open(hccapx2name, O_RDONLY)) == -1) { fprintf(stderr, "failed to open hccapx file %s\n", hccapx2name); return false; } hccapx2count = 0; zeiger = hccapx2list; while((count = read(fd_file, zeiger, INTHCCAPX_SIZE))) { if(zeiger->signature != HCCAPX_SIGNATURE) { fprintf(stderr, "%d record has a wrong HCCAPX signature\n", hccapx2count); break; } hccapx2count++; zeiger++; } memset(zeiger, 0, INTHCCAPX_SIZE); close(fd_file); if(hccapx2count > 0) { qsort(hccapx2list, hccapx2count, INTHCCAPX_SIZE, sort_inthccapx_by_essid); } printf("%d record(s) read from %s\n", hccapx2count, hccapx2name); return true; } /*===========================================================================*/ static bool readhccapx1file() { static int count; static inthccapx_t *zeiger; static struct stat st; static int fd_file; if(stat(hccapx1name, &st) == -1) { perror("stat HCCAPX1 failed\n"); return false; } if((st.st_size %INTHCCAPX_SIZE) != 0) { fprintf(stderr, "failed to open corrupt HCCAPX file %s\n", hccapx1name); return false; } hccapx1list = malloc(st.st_size +INTHCCAPX_SIZE); if(hccapx1list == NULL) { printf("failed to allocate memory\n"); return false; } if((fd_file = open(hccapx1name, O_RDONLY)) == -1) { fprintf(stderr, "failed to open hccapx file %s\n", hccapx1name); return false; } hccapx1count = 0; zeiger = hccapx1list; while((count = read(fd_file, zeiger, INTHCCAPX_SIZE))) { if(zeiger->signature != HCCAPX_SIGNATURE) { fprintf(stderr, "%d record has a wrong HCCAPX signature\n", hccapx1count); break; } hccapx1count++; zeiger++; } memset(zeiger, 0, INTHCCAPX_SIZE); close(fd_file); if(hccapx1count > 0) { qsort(hccapx1list, hccapx1count, INTHCCAPX_SIZE, sort_inthccapx_by_essid); } printf("%d record(s) read from %s\n", hccapx1count, hccapx1name); return true; } /*===========================================================================*/ static int writepmkidline(FILE *fh_file, intpmkid_t *pmkidline, int written) { static int c; static bool foundflag; if(essidonlylen > 0) { if(pmkidline->essidlen != essidonlylen) { return written; } } if(essidfilterlen > 0) { if(pmkidline->essidlen != essidfilterlen) { return written; } if(memcmp(pmkidline->essid, essidfiltername, essidfilterlen) != 0) { return written; } } if(essidpartfilterlen > 0) { if(pmkidline->essidlen < essidpartfilterlen) { return written; } foundflag = false; for(c = 0; c <= pmkidline->essidlen -essidpartfilterlen; c++) { if(memcmp(&pmkidline->essid[0], essidpartfiltername, essidpartfilterlen) == 0) { foundflag = true; break; } } if(foundflag == false) { return written; } } for(c = 0; c < 16; c++) { fprintf(fh_file, "%02x", pmkidline->pmkid[c]); } fprintf(fh_file, "%c", separator); for(c = 0; c < 6; c++) { fprintf(fh_file, "%02x", pmkidline->macap[c]); } fprintf(fh_file, "%c", separator); for(c = 0; c < 6; c++) { fprintf(fh_file, "%02x", pmkidline->macsta[c]); } fprintf(fh_file, "%c", separator); for(c = 0; c < pmkidline->essidlen; c++) { fprintf(fh_file, "%02x", pmkidline->essid[c]); } fprintf(fh_file, "\n"); written++; return written; } /*===========================================================================*/ static void writepmkidgroups() { static int written; static FILE *fh_file; static int cei; static int ceo; char digit[16] = {'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'}; char groupoutname[256]; written = 0; pmkidzeiger1 = pmkid1list; for(pmkidzeiger1 = pmkid1list; pmkidzeiger1 < (pmkid1list +pmkid1count); pmkidzeiger1++) { if(essidonlylen > 0) { if(pmkidzeiger1->essidlen != essidonlylen) { continue; } } ceo = 0; for (cei = 0; cei < pmkidzeiger1->essidlen; cei++) { groupoutname[ceo] = digit[(pmkidzeiger1->essid[cei] & 0xff) >> 4]; ceo++; groupoutname[ceo] = digit[pmkidzeiger1->essid[cei] & 0x0f]; ceo++; } groupoutname[ceo] = 0; strcat(&groupoutname[ceo], ".16800"); if((fh_file = fopen(groupoutname, "a")) == NULL) { perror("f"); fprintf(stderr, "failed to open pmkid file %s\n", groupoutname); return; } written = writepmkidline(fh_file, pmkidzeiger1, written); fclose(fh_file); } printf("%d record(s) written to PMKID groups\n", written); return; } /*===========================================================================*/ static bool findpmkid21() { for(pmkidzeiger1 = pmkidzeigerakt1; pmkidzeiger1 < (pmkid1list +pmkid1count); pmkidzeiger1++) { if(memcmp(pmkidzeiger2->essid, pmkidzeiger1->essid, ESSID_LEN_MAX) == 0) { pmkidzeigerakt1 = pmkidzeiger1; return true; } if(memcmp(pmkidzeiger2->essid, pmkidzeiger1->essid, ESSID_LEN_MAX) > 0) { return false; } } return false; } /*===========================================================================*/ static bool findpmkid12() { for(pmkidzeiger2 = pmkid2list; pmkidzeiger2 < (pmkid2list +pmkid2count); pmkidzeiger2++) { if(memcmp(pmkidzeiger1->essid, pmkidzeiger2->essid, ESSID_LEN_MAX) == 0) { pmkidzeigerakt2 = pmkidzeiger2; return true; } if(memcmp(pmkidzeiger1->essid, pmkidzeiger2->essid, ESSID_LEN_MAX) > 0) { return false; } } return false; } /*===========================================================================*/ static void writepmkid() { static int written; static FILE *fh_file; if((fh_file = fopen(pmkidoutname, "a")) == NULL) { fprintf(stderr, "failed to open PMKID file %s\n", pmkidoutname); return; } written = 0; pmkidzeiger1 = pmkid1list; for(pmkidzeiger1 = pmkid1list; pmkidzeiger1 < (pmkid1list +pmkid1count); pmkidzeiger1++) { written = writepmkidline(fh_file, pmkidzeiger1, written); } fclose(fh_file); printf("%d record(s) written to %s\n", written, basename(pmkidoutname)); return; } /*===========================================================================*/ static void writepmkid2() { static int written; static FILE *fh_file; if((fh_file = fopen(pmkid2outname, "a")) == NULL) { fprintf(stderr, "failed to open PMKID file %s\n", pmkid2outname); return; } written = 0; pmkidzeiger2 = pmkid2list; pmkidzeigerakt1 = pmkid1list; pmkidzeigerakt2 = pmkid2list; for(pmkidzeiger2 = pmkid2list; pmkidzeiger2 < (pmkid2list +pmkid2count); pmkidzeiger2++) { if(findpmkid21() == false) { written = writepmkidline(fh_file, pmkidzeiger2, written); } } fclose(fh_file); printf("%d record(s) written to %s\n", written, basename(pmkid2outname)); return; } /*===========================================================================*/ static void writepmkid1() { static int written; static FILE *fh_file; if((fh_file = fopen(pmkid1outname, "a")) == NULL) { fprintf(stderr, "failed to open PMKID file %s\n", pmkid1outname); return; } written = 0; pmkidzeiger1 = pmkid1list; pmkidzeigerakt1 = pmkid1list; pmkidzeigerakt2 = pmkid2list; for(pmkidzeiger1 = pmkid1list; pmkidzeiger1 < (pmkid1list +pmkid1count); pmkidzeiger1++) { if(findpmkid12() == false) { written = writepmkidline(fh_file, pmkidzeiger1, written); } } fclose(fh_file); printf("%d record(s) written to %s\n", written, basename(pmkid1outname)); return; } /*===========================================================================*/ static void writepmkid12() { static int written; static FILE *fh_file; if((fh_file = fopen(pmkid12outname, "w+")) == NULL) { fprintf(stderr, "failed to open PMKID file %s\n", pmkid12outname); return; } written = 0; pmkidzeiger1 = pmkid1list; pmkidzeiger2 = pmkid2list; pmkidzeigerakt1 = pmkid1list; pmkidzeigerakt2 = pmkid2list; for(pmkidzeiger1 = pmkid1list; pmkidzeiger1 < (pmkid1list +pmkid1count); pmkidzeiger1++) { if(findpmkid12() == true) { written = writepmkidline(fh_file, pmkidzeiger1, written); } } pmkidzeiger1 = pmkid1list; pmkidzeiger2 = pmkid2list; pmkidzeigerakt1 = pmkid1list; pmkidzeigerakt2 = pmkid2list; for(pmkidzeiger2 = pmkid2list; pmkidzeiger2 < (pmkid2list +pmkid2count); pmkidzeiger2++) { if(findpmkid21() == true) { written = writepmkidline(fh_file, pmkidzeiger2, written); } } fclose(fh_file); printf("%d record(s) written to %s\n", written, basename(pmkid12outname)); return; } /*===========================================================================*/ static size_t chop(char *buffer, size_t len) { static char *ptr; ptr = buffer +len -1; while(len) { if (*ptr != '\n') break; *ptr-- = 0; len--; } while(len) { if (*ptr != '\r') break; *ptr-- = 0; len--; } return len; } /*---------------------------------------------------------------------------*/ static int fgetline(FILE *inputstream, size_t size, char *buffer) { static size_t len; static char *buffptr; if(feof(inputstream)) return -1; buffptr = fgets (buffer, size, inputstream); if(buffptr == NULL) return -1; len = strlen(buffptr); len = chop(buffptr, len); return len; } /*===========================================================================*/ static bool readpmkid2file() { static int len; static int aktread; static intpmkid_t *zeiger; static struct stat st; static FILE *fh_file; static char linein[PMKID_LINE_LEN]; if(stat(pmkid2name, &st) == -1) { perror("stat PMKID2 file failed\n"); return false; } pmkid2list = malloc(st.st_size +INTPMKID_SIZE); if(pmkid2list == NULL) { printf("failed to allocate memory\n"); return false; } if((fh_file = fopen(pmkid2name, "r")) == NULL) { fprintf(stderr, "failed to open PMKID file %s\n", pmkid2name); return false; } pmkid2count = 0; zeiger = pmkid2list; while(1) { memset(zeiger, 0, INTPMKID_SIZE); if((len = fgetline(fh_file, PMKID_LINE_LEN, linein)) == -1) { break; } if((len < 61) || ((len > 59 +(ESSID_LEN_MAX *2)))) { fprintf(stderr, "skipping line %d: %s\n", aktread, linein); aktread++; continue; } if((linein[32] == ':') && (linein[45] == ':') && (linein[58] == ':')) { separator = ':'; } else if((linein[32] == '*') && (linein[45] == '*') && (linein[58] == '*')) { separator = '*'; } else { fprintf(stderr, "skipping line %d: %s\n", aktread, linein); aktread++; continue; } if(hex2bin(&linein[0], zeiger->pmkid, 16) == false) { fprintf(stderr, "skipping line %d: %s:\n", aktread, linein); aktread++; continue; } if(hex2bin(&linein[33], zeiger->macap, 6) == false) { fprintf(stderr, "skipping line %d: %s:\n", aktread, linein); aktread++; continue; } if(hex2bin(&linein[46], zeiger->macsta, 6) == false) { fprintf(stderr, "skipping line %d: %s:\n", aktread, linein); aktread++; continue; } zeiger->essidlen = len -59; if((zeiger->essidlen == 0) || (zeiger->essidlen > 64) || ((zeiger->essidlen %2) != 0)) { fprintf(stderr, "skipping line %d: %s:\n", aktread, linein); aktread++; continue; } zeiger->essidlen = zeiger->essidlen /2; if(hex2bin(&linein[59], zeiger->essid, zeiger->essidlen) ==false) { fprintf(stderr, "skipping line %d: %s:\n", aktread, linein); aktread++; continue; } pmkid2count++; zeiger++; aktread++; } fclose(fh_file); if(pmkid2count > 0) { qsort(pmkid2list, pmkid2count, INTPMKID_SIZE, sort_intpmkid_by_essid); } printf("%d record(s) read from %s\n", pmkid2count, pmkid2name); return true; } /*===========================================================================*/ static bool readpmkid1file() { static int len; static int aktread; static intpmkid_t *zeiger; static struct stat st; static FILE *fh_file; static char linein[PMKID_LINE_LEN]; if(stat(pmkid1name, &st) == -1) { perror("stat PMKID1 file failed\n"); return false; } pmkid1list = malloc(st.st_size +INTPMKID_SIZE); if(pmkid1list == NULL) { printf("failed to allocate memory\n"); return false; } if((fh_file = fopen(pmkid1name, "r")) == NULL) { fprintf(stderr, "failed to read PMKID file %s\n", pmkid1name); return false; } pmkid1count = 0; zeiger = pmkid1list; while(1) { memset(zeiger, 0, INTPMKID_SIZE); if((len = fgetline(fh_file, PMKID_LINE_LEN, linein)) == -1) { break; } if((len < 61) || ((len > 59 +(ESSID_LEN_MAX *2)))) { fprintf(stderr, "skipping line %d: %s\n", aktread, linein); aktread++; continue; } if((linein[32] == ':') && (linein[45] == ':') && (linein[58] == ':')) { separator = ':'; } else if((linein[32] == '*') && (linein[45] == '*') && (linein[58] == '*')) { separator = '*'; } else { fprintf(stderr, "skipping line %d: %s\n", aktread, linein); aktread++; continue; } if(hex2bin(&linein[0], zeiger->pmkid, 16) == false) { fprintf(stderr, "skipping line %d: %s:\n", aktread, linein); aktread++; continue; } if(hex2bin(&linein[33], zeiger->macap, 6) == false) { fprintf(stderr, "skipping line %d: %s:\n", aktread, linein); aktread++; continue; } if(hex2bin(&linein[46], zeiger->macsta, 6) == false) { fprintf(stderr, "skipping line %d: %s:\n", aktread, linein); aktread++; continue; } zeiger->essidlen = len -59; if((zeiger->essidlen == 0) || (zeiger->essidlen > 64) || ((zeiger->essidlen %2) != 0)) { fprintf(stderr, "skipping line %d: %s:\n", aktread, linein); aktread++; continue; } zeiger->essidlen = zeiger->essidlen /2; if(hex2bin(&linein[59], zeiger->essid, zeiger->essidlen) ==false) { fprintf(stderr, "skipping line %d: %s:\n", aktread, linein); aktread++; continue; } pmkid1count++; zeiger++; aktread++; } fclose(fh_file); if(pmkid1count > 0) { qsort(pmkid1list, pmkid1count, INTPMKID_SIZE, sort_intpmkid_by_essid); } printf("%d record(s) read from %s\n", pmkid1count, pmkid1name); return true; } /*===========================================================================*/ /*===========================================================================*/ __attribute__ ((noreturn)) static void version(char *eigenname) { printf("%s %s (C) %s ZeroBeat\n", eigenname, VERSION_TAG, VERSION_YEAR); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) static void usage(char *eigenname) { printf("%s %s (C) %s ZeroBeat\n" "usage:\n" "%s \n" "\n" "options:\n" "-e : filter by ESSID\n" "-E : filter by part of ESSID\n" "-l : filter by ESSID length\n" "-h : show this help\n" "-v : show version\n" "\n" "--pmkid1= : input PMKID file 1\n" "--pmkid2= : input PMKID file 2\n" "--pmkidout12= : output only lines present in both PMKID1 and PMKID2\n" "--pmkidout1= : output only lines present in PMKID1\n" "--pmkidout2= : output only lines present in PMKID2\n" "--pmkidout= : output only ESSID filtered lines present in PMKID1\n" "--pmkidgroupout= : output ESSID groups from ESSIDs present in PMKID1\n" "--hccapx1= : input HCCAPX1\n" "--hccapx2= : input HCCAPX2\n" "--hccapxout12= : output only lines present in both HCCAPX1 and HCCAPX2\n" "--hccapxout1= : output only lines present in HCCAPX1\n" "--hccapxout2= : output only lines present in HCCAPX2\n" "--hccapxout= : output only ESSID filtered lines present in HCCAPX1\n" "--hccapxgroupout=: output ESSID groups from ESSIDs present in HCCAPX1\n" "--essidout= : output ESSID list\n" "--essidmacapout= : output MAC_AP:ESSID list\n" "--help : show this help\n" "--version : show version\n" "\n" "Main purpose is to get full advantage of reuse of PBKDF2\n" "while merging (only) the same ESSIDs from different hash files\n" "examples:\n" "hcxessidtool --pmkid1=file1.16800 --pmkid2=file2.16800 --pmkidout12=joint.16800\n" "hcxessidtool --pmkid1=file1.16800 -l 10 --pmkidout=filtered.16800\n" "\n", eigenname, VERSION_TAG, VERSION_YEAR, eigenname); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) static void usageerror(char *eigenname) { printf("%s %s (C) %s by ZeroBeat\n" "usage: %s -h for help\n", eigenname, VERSION_TAG, VERSION_YEAR, eigenname); exit(EXIT_FAILURE); } /*===========================================================================*/ int main(int argc, char *argv[]) { static int auswahl; static int index; static const char *short_options = "e:E:l:hv"; static const struct option long_options[] = { {"pmkid1", required_argument, NULL, HCXD_PMKID1}, {"pmkid2", required_argument, NULL, HCXD_PMKID2}, {"pmkidout12", required_argument, NULL, HCXD_WRITE_PMKID12}, {"pmkidout1", required_argument, NULL, HCXD_WRITE_PMKID1}, {"pmkidout2", required_argument, NULL, HCXD_WRITE_PMKID2}, {"pmkidout", required_argument, NULL, HCXD_WRITE_PMKID}, {"pmkidgroupout", no_argument, NULL, HCXD_WRITE_PMKID_GROUP}, {"hccapx1", required_argument, NULL, HCXD_HCCAPX1}, {"hccapx2", required_argument, NULL, HCXD_HCCAPX2}, {"hccapxout12", required_argument, NULL, HCXD_WRITE_HCCAPX12}, {"hccapxout1", required_argument, NULL, HCXD_WRITE_HCCAPX1}, {"hccapxout2", required_argument, NULL, HCXD_WRITE_HCCAPX2}, {"hccapxout", required_argument, NULL, HCXD_WRITE_HCCAPX}, {"hccapxgroupout", no_argument, NULL, HCXD_WRITE_HCCAPX_GROUP}, {"essidout", required_argument, NULL, HCXD_WRITE_ESSIDLIST}, {"essidmacapout", required_argument, NULL, HCXD_WRITE_ESSID_MACAP_LIST}, {"version", no_argument, NULL, HCXD_VERSION}, {"help", no_argument, NULL, HCXD_HELP}, {NULL, 0, NULL, 0} }; auswahl = -1; index = 0; optind = 1; optopt = 0; while((auswahl = getopt_long (argc, argv, short_options, long_options, &index)) != -1) { switch (auswahl) { case HCXD_PMKID1: pmkid1name = optarg; break; case HCXD_PMKID2: pmkid2name = optarg; break; case HCXD_WRITE_PMKID12: pmkid12outname = optarg; break; case HCXD_WRITE_PMKID1: pmkid1outname = optarg; break; case HCXD_WRITE_PMKID2: pmkid2outname = optarg; break; case HCXD_WRITE_PMKID: pmkidoutname = optarg; break; case HCXD_WRITE_PMKID_GROUP: pmkidgroupflag = true; break; case HCXD_HCCAPX1: hccapx1name = optarg; break; case HCXD_HCCAPX2: hccapx2name = optarg; break; case HCXD_WRITE_HCCAPX12: hccapx12outname = optarg; break; case HCXD_WRITE_HCCAPX1: hccapx1outname = optarg; break; case HCXD_WRITE_HCCAPX2: hccapx2outname = optarg; break; case HCXD_WRITE_HCCAPX: hccapxoutname = optarg; break; case HCXD_WRITE_HCCAPX_GROUP: hccapxgroupflag = true; break; case HCXD_WRITE_ESSIDLIST: essidoutname = optarg; break; case HCXD_WRITE_ESSID_MACAP_LIST: essidmacapoutname = optarg; break; case HCXD_ESSID_LEN: essidonlylen = strtoull(optarg, NULL, 10); if((essidonlylen < 1) || (essidonlylen > 32)) { printf("wrong ESSID length (allowed 1...32 characters)\n"); exit(EXIT_FAILURE); } break; case HCXD_ESSID: essidfiltername = optarg; essidfilterlen = strlen(optarg); if((essidfilterlen < 1) || (essidfilterlen > 32)) { printf("wrong ESSID length (allowed 1...32 characters)\n"); exit(EXIT_FAILURE); } break; case HCXD_ESSID_PART: essidpartfiltername = optarg; essidpartfilterlen = strlen(optarg); if((essidpartfilterlen < 1) || (essidpartfilterlen > 32)) { printf("wrong ESSID length (allowed 1...32 characters)\n"); exit(EXIT_FAILURE); } break; case HCXD_HELP: usage(basename(argv[0])); break; case HCXD_VERSION: version(basename(argv[0])); break; case '?': usageerror(basename(argv[0])); break; } } if(argc < 2) { fprintf(stderr, "no option selected\n"); return EXIT_SUCCESS; } if(pmkid1name != NULL) { readpmkid1file(); } if(pmkid2name != NULL) { readpmkid2file(); } if((pmkid12outname != NULL) && (pmkid1count > 0) && (pmkid2count > 0)) { writepmkid12(); } if((pmkid1outname != NULL) && (pmkid1count > 0) && (pmkid2count > 0)) { writepmkid1(); } if((pmkid2outname != NULL) && (pmkid1count > 0) && (pmkid2count > 0)) { writepmkid2(); } if((pmkidoutname != NULL) && (pmkid1count > 0)) { writepmkid(); } if((pmkidgroupflag == true) && (pmkid1count > 0)) { writepmkidgroups(); } if(hccapx1name != NULL) { readhccapx1file(); } if(hccapx2name != NULL) { readhccapx2file(); } if((hccapx12outname != NULL) && (hccapx1count > 0) && (hccapx2count > 0)) { writehccapx12(); } if((hccapx1outname != NULL) && (hccapx1count > 0) && (hccapx2count > 0)) { writehccapx1(); } if((hccapx2outname != NULL) && (hccapx1count > 0) && (hccapx2count > 0)) { writehccapx2(); } if((hccapxoutname != NULL) && (hccapx1count > 0)) { writehccapx(); } if((hccapxgroupflag == true) && (hccapx1count > 0)) { writehccapxgroups(); } if((essidoutname != NULL) && (pmkid1count > 0)) { writeessidpmkid(pmkid1name, pmkid1list, pmkid1count); } if((essidoutname != NULL) && (pmkid2count > 0)) { writeessidpmkid(pmkid2name, pmkid2list, pmkid2count); } if((essidoutname != NULL) && (hccapx1count > 0)) { writeessidhccapx(hccapx1name, hccapx1list, hccapx1count); } if((essidoutname != NULL) && (hccapx2count > 0)) { writeessidhccapx(hccapx2name, hccapx2list, hccapx2count); } if((essidmacapoutname != NULL) && (pmkid1count > 0)) { writeessidmacappmkid(pmkid1name, pmkid1list, pmkid1count); } if((essidmacapoutname != NULL) && (pmkid2count > 0)) { writeessidmacappmkid(pmkid2name, pmkid2list, pmkid2count); } if((essidmacapoutname != NULL) && (hccapx1count > 0)) { writeessidmacaphccapx(hccapx1name, hccapx1list, hccapx1count); } if((essidmacapoutname != NULL) && (hccapx2count > 0)) { writeessidhccapx(hccapx2name, hccapx2list, hccapx2count); } globalclose(); return EXIT_SUCCESS; } /*===========================================================================*/ hcxtools-6.2.7/hcxhash2cap.c000066400000000000000000001416741423200176400157450ustar00rootroot00000000000000#define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #if defined (__APPLE__) || defined(__OpenBSD__) #include #else #include #endif #include "include/hcxhash2cap.h" #include "include/hashcatops.h" #include "include/pcap.c" #include "include/ieee80211.c" #include "include/strings.c" #include "include/byteops.c" #define ARCH_INDEX(x) ((unsigned int)(unsigned char)(x)) /*===========================================================================*/ /* global var */ struct timeval tv; static uint64_t timestamp; static int mybeaconsequence; static int myaponlinetime; static uint8_t myapchannel; static unsigned long long int pmkideapolcapwritten; static unsigned long long int pmkideapolcapskipped; static unsigned long long int pmkcapwritten; static unsigned long long int pmkcapskipped; static unsigned long long int hccapxcapwritten; static unsigned long long int hccapxcapskipped; static unsigned long long int hccapcapwritten; static unsigned long long int hccapcapskipped; static unsigned long long int johnwritten; static unsigned long long int johnskipped; /*===========================================================================*/ static void globalinit() { srand(time(NULL)); gettimeofday(&tv, NULL); timestamp = ((uint64_t)tv.tv_sec * 1000000) + tv.tv_usec; mybeaconsequence = rand() %4096; myaponlinetime = rand(); myapchannel = (rand() %12) +1; pmkcapwritten = 0; pmkcapskipped = 0; hccapxcapwritten = 0; hccapxcapskipped = 0; hccapcapwritten = 0; hccapcapskipped = 0; johnwritten = 0; johnskipped = 0; } /*===========================================================================*/ static void writecapm1wpa1(int fd_cap, uint8_t *macsta, uint8_t *macap, uint8_t *anonce, uint8_t keyversion, uint16_t keylen, uint64_t rc) { static int c; static pcaprec_hdr_t *pcaph; static mac_t *mach; static wpakey_t *wpak; static const uint8_t m1wpa1data[] = { 0x88, 0x02, 0x3a, 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x00, 0x00, 0x06, 0x00, 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00, 0x88, 0x8e, 0x01, 0x03, 0x00, 0x5f, 0xfe, 0x00, 0x89, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xed, 0x57, 0x5c, 0x4b, 0xca, 0xa7, 0x7a, 0xf1, 0x9e, 0x32, 0x94, 0x32, 0x63, 0x91, 0xad, 0x7d, 0x9c, 0xbc, 0x6a, 0xb4, 0xad, 0x04, 0xf1, 0x23, 0x80, 0xb4, 0x44, 0xbe, 0xb5, 0x8d, 0x2a, 0xdd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, }; #define M1WPA1DATA_SIZE sizeof(m1wpa1data) static uint8_t packetout[0xff]; memset(&packetout, 0, 0xff); pcaph = (pcaprec_hdr_t*)packetout; pcaph->ts_sec = timestamp /1000000; pcaph->ts_usec = timestamp %1000000; pcaph->incl_len = M1WPA1DATA_SIZE; pcaph->orig_len = pcaph->incl_len; timestamp++; memcpy(&packetout[PCAPREC_SIZE], &m1wpa1data, M1WPA1DATA_SIZE); mach = (mac_t*)(packetout +PCAPREC_SIZE); memcpy(mach->addr1, macsta, 6); memcpy(mach->addr2, macap, 6); memcpy(mach->addr3, macap, 6); packetout[PCAPREC_SIZE +0x22] = keyversion; wpak = (wpakey_t*)(packetout +PCAPREC_SIZE +0x26); #ifdef BIG_ENDIAN_HOST rc = byte_swap_64(rc); #endif wpak->keylen = keylen; wpak->replaycount = rc; for(c = 0; c < 32; c++) { packetout[PCAPREC_SIZE +0x33 +c] = anonce[c]; } if(write(fd_cap, packetout, PCAPREC_SIZE +M1WPA1DATA_SIZE) < 0) { perror("\nfailed to write EAPOL packet"); } return; } /*===========================================================================*/ static void writecapm1wpa2(int fd_cap, uint8_t *macsta, uint8_t *macap, uint8_t *anonce, uint8_t keyversion, uint16_t keylen, uint64_t rc) { static int c; static pcaprec_hdr_t *pcaph; static mac_t *mach; static wpakey_t *wpak; static const uint8_t m1wpa2data[] = { 0x88, 0x02, 0x3a, 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x00, 0x00, 0x06, 0x00, 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00, 0x88, 0x8e, 0x02, 0x03, 0x00, 0x5f, 0x02, 0x00, 0x8a, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xed, 0x57, 0x5c, 0x4b, 0xca, 0xa7, 0x7a, 0xf1, 0x9e, 0x32, 0x94, 0x32, 0x63, 0x91, 0xad, 0x7d, 0x9c, 0xbc, 0x6a, 0xb4, 0xad, 0x04, 0xf1, 0x23, 0x80, 0xb4, 0x44, 0xbe, 0xb5, 0x8d, 0x2a, 0xdd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, }; #define M1WPA2DATA_SIZE sizeof(m1wpa2data) static uint8_t packetout[0xff]; memset(&packetout, 0, 0xff); pcaph = (pcaprec_hdr_t*)packetout; pcaph->ts_sec = timestamp /1000000; pcaph->ts_usec = timestamp %1000000; pcaph->incl_len = M1WPA2DATA_SIZE; pcaph->orig_len = pcaph->incl_len; timestamp++; memcpy(&packetout[PCAPREC_SIZE], &m1wpa2data, M1WPA2DATA_SIZE); mach = (mac_t*)(packetout +PCAPREC_SIZE); memcpy(mach->addr1, macsta, 6); memcpy(mach->addr2, macap, 6); memcpy(mach->addr3, macap, 6); packetout[PCAPREC_SIZE +0x22] = keyversion; wpak = (wpakey_t*)(packetout +PCAPREC_SIZE +0x26); #ifdef BIG_ENDIAN_HOST rc = byte_swap_64(rc); #endif wpak->keylen = keylen; wpak->replaycount = rc; for(c = 0; c < 32; c++) { packetout[PCAPREC_SIZE +0x33 +c] = anonce[c]; } if(write(fd_cap, packetout, PCAPREC_SIZE +M1WPA2DATA_SIZE) < 0) { perror("\nfailed to write EAPOL packet"); } return; } /*===========================================================================*/ static void writecapm1wpa2keyver3(int fd_cap, uint8_t *macsta, uint8_t *macap, uint8_t *anonce, uint8_t keyversion, uint16_t keylen, uint64_t rc) { static int c; static pcaprec_hdr_t *pcaph; static mac_t *mach; static wpakey_t *wpak; static const uint8_t m1wpa2keyver3data[] = { 0x88, 0x02, 0x3a, 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x00, 0x00, 0x06, 0x00, 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00, 0x88, 0x8e, 0x02, 0x03, 0x00, 0x5f, 0x02, 0x00, 0x8b, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xed, 0x57, 0x5c, 0x4b, 0xca, 0xa7, 0x7a, 0xf1, 0x9e, 0x32, 0x94, 0x32, 0x63, 0x91, 0xad, 0x7d, 0x9c, 0xbc, 0x6a, 0xb4, 0xad, 0x04, 0xf1, 0x23, 0x80, 0xb4, 0x44, 0xbe, 0xb5, 0x8d, 0x2a, 0xdd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, }; #define M1WPA2KEYVER3DATA_SIZE sizeof(m1wpa2keyver3data) static uint8_t packetout[0xff]; memset(&packetout, 0, 0xff); pcaph = (pcaprec_hdr_t*)packetout; pcaph->ts_sec = timestamp /1000000; pcaph->ts_usec = timestamp %1000000; pcaph->incl_len = M1WPA2KEYVER3DATA_SIZE; pcaph->orig_len = pcaph->incl_len; timestamp++; memcpy(&packetout[PCAPREC_SIZE], &m1wpa2keyver3data, M1WPA2KEYVER3DATA_SIZE); mach = (mac_t*)(packetout +PCAPREC_SIZE); memcpy(mach->addr1, macsta, 6); memcpy(mach->addr2, macap, 6); memcpy(mach->addr3, macap, 6); packetout[PCAPREC_SIZE +0x22] = keyversion; wpak = (wpakey_t*)(packetout +PCAPREC_SIZE +0x26); #ifdef BIG_ENDIAN_HOST rc = byte_swap_64(rc); #endif wpak->keylen = keylen; wpak->replaycount = rc; for(c = 0; c < 32; c++) { packetout[PCAPREC_SIZE +0x33 +c] = anonce[c]; } if(write(fd_cap, packetout, PCAPREC_SIZE +M1WPA2KEYVER3DATA_SIZE) < 0) { perror("\nfailed to write EAPOL packet"); } return; } /*===========================================================================*/ static void writecappmkidwpa2(int fd_cap, uint8_t *macsta, uint8_t *macap, uint8_t *pmkid) { static pcaprec_hdr_t *pcaph; static mac_t *mach; static const uint8_t pmkiddata[] = { 0x88, 0x02, 0x3a, 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x00, 0x00, 0x06, 0x00, 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00, 0x88, 0x8e, 0x02, 0x03, 0x00, 0x75, 0x02, 0x00, 0x8a, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x91, 0x1b, 0xd9, 0xcb, 0x88, 0x9a, 0xcf, 0x5b, 0x0f, 0x62, 0xbf, 0x0d, 0x87, 0x6c, 0x33, 0x30, 0x8a, 0xbf, 0x58, 0x8b, 0xc3, 0x80, 0x4c, 0x15, 0xc0, 0x42, 0x3c, 0xf2, 0x4c, 0x07, 0xa7, 0x25, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, 0xdd, 0x14, 0x00, 0x0f, 0xac, 0x04, 0x7e, 0xf1, 0x33, 0x3c, 0xb6, 0xf9, 0x03, 0x73, 0xfc, 0x2a, 0xc7, 0x59, 0x37, 0xfd, 0x24, 0x3a }; #define PMKIDDATA_SIZE sizeof(pmkiddata) static uint8_t packetout[0xff]; memset(&packetout, 0, 0xff); pcaph = (pcaprec_hdr_t*)packetout; pcaph->ts_sec = timestamp /1000000; pcaph->ts_usec = timestamp %1000000; pcaph->incl_len = PMKIDDATA_SIZE; pcaph->orig_len = pcaph->incl_len; timestamp++; memcpy(&packetout[PCAPREC_SIZE], &pmkiddata, PMKIDDATA_SIZE); mach = (mac_t*)(packetout +PCAPREC_SIZE); memcpy(mach->addr1, macsta, 6); memcpy(mach->addr2, macap, 6); memcpy(mach->addr3, macap, 6); memcpy(&packetout[PCAPREC_SIZE +0x8b], pmkid, 16); if(write(fd_cap, packetout, PCAPREC_SIZE +PMKIDDATA_SIZE) < 0) { perror("\nfailed to write EAPOL packet"); } return; } /*===========================================================================*/ static void writecapm2(int fd_cap, uint8_t *macsta, uint8_t *macap, uint8_t eapollen, uint8_t *eapol, uint8_t *mic) { static pcaprec_hdr_t *pcaph; static mac_t *mach; static const uint8_t m2data[] = { 0x88, 0x01, 0x3a, 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x00, 0x00, 0x06, 0x00, 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00, 0x88, 0x8e, }; #define M2DATA_SIZE sizeof(m2data) static uint8_t packetout[0xff]; memset(&packetout, 0, 0xff); pcaph = (pcaprec_hdr_t*)packetout; pcaph->ts_sec = timestamp /1000000; pcaph->ts_usec = timestamp %1000000; pcaph->incl_len = M2DATA_SIZE +eapollen; pcaph->orig_len = pcaph->incl_len; timestamp++; memcpy(&packetout[PCAPREC_SIZE], &m2data, M2DATA_SIZE); mach = (mac_t*)(packetout +PCAPREC_SIZE); memcpy(mach->addr1, macap, 6); memcpy(mach->addr2, macsta, 6); memcpy(mach->addr3, macap, 6); memcpy(&packetout[PCAPREC_SIZE +M2DATA_SIZE], eapol, eapollen); memcpy(&packetout[PCAPREC_SIZE +M2DATA_SIZE +0x51], mic, 16); if(write(fd_cap, packetout, PCAPREC_SIZE +M2DATA_SIZE +eapollen) < 0) { perror("\nfailed to write EAPOL packet"); } return; } /*===========================================================================*/ static void writecapbeaconwpa1(int fd_cap, uint8_t *macap, uint8_t essidlen, uint8_t *essid) { static pcaprec_hdr_t *pcaph; static mac_t *mach; static capap_t *capap; static const uint8_t beacondata[] = { 0x01, 0x08, 0x82, 0x84, 0x8b, 0x96, 0x8c, 0x12, 0x98, 0x24, 0x03, 0x01, 0x06, 0xdd, 0x16, 0x00, 0x50, 0xf2, 0x01, 0x01, 0x00, 0x00, 0x50, 0xf2, 0x04, 0x01, 0x00, 0x00, 0x50, 0xf2, 0x04, 0x01, 0x00, 0x00, 0x50, 0xf2, 0x02, 0xdd, 0x17, 0xff, 0xff, 0xff, 0x00, 0xd9, 0x20, 0x21, 0x9b, 0x9b, 0x6a, 0xc9, 0x59, 0x49, 0x42, 0xe6, 0x55, 0x6a, 0x06, 0xa3, 0x23, 0x94, 0x2d, 0x94 }; #define BEACONDATA_SIZE sizeof(beacondata) static uint8_t packetout[0xff]; memset(&packetout, 0, 0xff); pcaph = (pcaprec_hdr_t*)packetout; pcaph->ts_sec = timestamp /1000000; pcaph->ts_usec = timestamp %1000000; pcaph->incl_len = MAC_SIZE_NORM +CAPABILITIESAP_SIZE +2 +essidlen +BEACONDATA_SIZE; pcaph->orig_len = pcaph->incl_len; timestamp++; mach = (mac_t*)(packetout +PCAPREC_SIZE); mach->type = IEEE80211_FTYPE_MGMT; mach->subtype = IEEE80211_STYPE_BEACON; memcpy(mach->addr1, &mac_broadcast, 6); memcpy(mach->addr2, macap, 6); memcpy(mach->addr3, macap, 6); mach->sequence = mybeaconsequence++ << 4; if(mybeaconsequence >= 4096) { mybeaconsequence = 0; } capap = (capap_t*)(packetout +PCAPREC_SIZE +MAC_SIZE_NORM); capap->timestamp = myaponlinetime++; capap->beaconintervall = 0x64; capap->capabilities = 0x431; packetout[PCAPREC_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE +1] = essidlen; memcpy(&packetout[PCAPREC_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE +2], essid, essidlen); memcpy(&packetout[PCAPREC_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE +2 +essidlen], &beacondata, BEACONDATA_SIZE); packetout[PCAPREC_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE +2 +essidlen +0x0c] = myapchannel; if(write(fd_cap, packetout, PCAPREC_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE +2 +essidlen +BEACONDATA_SIZE) < 0) { perror("\nfailed to write beacon packet"); } return; } /*===========================================================================*/ static void writecapbeaconwpa2(int fd_cap, uint8_t *macap, uint8_t essidlen, uint8_t *essid) { static pcaprec_hdr_t *pcaph; static mac_t *mach; static capap_t *capap; static const uint8_t beacondata[] = { 0x01, 0x08, 0x82, 0x84, 0x8b, 0x96, 0x8c, 0x12, 0x98, 0x24, 0x03, 0x01, 0x06, 0x30, 0x14, 0x01, 0x00, 0x00, 0x0f, 0xac, 0x04, 0x01, 0x00, 0x00, 0x0f, 0xac, 0x04, 0x01, 0x00, 0x00, 0x0f, 0xac, 0x02, 0x0c, 0x00, 0xdd, 0x17, 0xff, 0xff, 0xff, 0x00, 0xd9, 0x20, 0x21, 0x9b, 0x9b, 0x6a, 0xc9, 0x59, 0x49, 0x42, 0xe6, 0x55, 0x6a, 0x06, 0xa3, 0x23, 0x94, 0x2d, 0x94 }; #define BEACONDATA_SIZE sizeof(beacondata) static uint8_t packetout[0xff]; memset(&packetout, 0, 0xff); pcaph = (pcaprec_hdr_t*)packetout; pcaph->ts_sec = timestamp /1000000; pcaph->ts_usec = timestamp %1000000; pcaph->incl_len = MAC_SIZE_NORM +CAPABILITIESAP_SIZE +2 +essidlen +BEACONDATA_SIZE; pcaph->orig_len = pcaph->incl_len; timestamp++; mach = (mac_t*)(packetout +PCAPREC_SIZE); mach->type = IEEE80211_FTYPE_MGMT; mach->subtype = IEEE80211_STYPE_BEACON; memcpy(mach->addr1, &mac_broadcast, 6); memcpy(mach->addr2, macap, 6); memcpy(mach->addr3, macap, 6); mach->sequence = mybeaconsequence++ << 4; if(mybeaconsequence >= 4096) { mybeaconsequence = 0; } capap = (capap_t*)(packetout +PCAPREC_SIZE +MAC_SIZE_NORM); capap->timestamp = myaponlinetime++; capap->beaconintervall = 0x64; capap->capabilities = 0x431; packetout[PCAPREC_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE +1] = essidlen; memcpy(&packetout[PCAPREC_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE +2], essid, essidlen); memcpy(&packetout[PCAPREC_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE +2 +essidlen], &beacondata, BEACONDATA_SIZE); packetout[PCAPREC_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE +2 +essidlen +0x0c] = myapchannel; if(write(fd_cap, packetout, PCAPREC_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE +2 +essidlen +BEACONDATA_SIZE) < 0) { perror("\nfailed to write beacon packet"); } return; } /*===========================================================================*/ static void writecapbeaconwpa2keyver3(int fd_cap, uint8_t *macap, uint8_t essidlen, uint8_t *essid) { static pcaprec_hdr_t *pcaph; static mac_t *mach; static capap_t *capap; static const uint8_t beacondata[] = { 0x01, 0x08, 0x82, 0x84, 0x8b, 0x96, 0x8c, 0x12, 0x98, 0x24, 0x03, 0x01, 0x06, 0x30, 0x14, 0x01, 0x00, 0x00, 0x0f, 0xac, 0x04, 0x01, 0x00, 0x00, 0x0f, 0xac, 0x04, 0x01, 0x00, 0x00, 0x0f, 0xac, 0x06, 0xcc, 0x00, 0xdd, 0x17, 0xff, 0xff, 0xff, 0x00, 0xd9, 0x20, 0x21, 0x9b, 0x9b, 0x6a, 0xc9, 0x59, 0x49, 0x42, 0xe6, 0x55, 0x6a, 0x06, 0xa3, 0x23, 0x94, 0x2d, 0x94 }; #define BEACONDATA_SIZE sizeof(beacondata) static uint8_t packetout[0xff]; memset(&packetout, 0, 0xff); pcaph = (pcaprec_hdr_t*)packetout; pcaph->ts_sec = timestamp /1000000; pcaph->ts_usec = timestamp %1000000; pcaph->incl_len = MAC_SIZE_NORM +CAPABILITIESAP_SIZE +2 +essidlen +BEACONDATA_SIZE; pcaph->orig_len = pcaph->incl_len; timestamp++; mach = (mac_t*)(packetout +PCAPREC_SIZE); mach->type = IEEE80211_FTYPE_MGMT; mach->subtype = IEEE80211_STYPE_BEACON; memcpy(mach->addr1, &mac_broadcast, 6); memcpy(mach->addr2, macap, 6); memcpy(mach->addr3, macap, 6); mach->sequence = mybeaconsequence++ << 4; if(mybeaconsequence >= 4096) { mybeaconsequence = 0; } capap = (capap_t*)(packetout +PCAPREC_SIZE +MAC_SIZE_NORM); capap->timestamp = myaponlinetime++; capap->beaconintervall = 0x64; capap->capabilities = 0x431; packetout[PCAPREC_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE +1] = essidlen; memcpy(&packetout[PCAPREC_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE +2], essid, essidlen); memcpy(&packetout[PCAPREC_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE +2 +essidlen], &beacondata, BEACONDATA_SIZE); packetout[PCAPREC_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE +2 +essidlen +0x0c] = myapchannel; if(write(fd_cap, packetout, PCAPREC_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE +2 +essidlen +BEACONDATA_SIZE) < 0) { perror("\nfailed to write beacon packet"); } return; } /*===========================================================================*/ static size_t chop(char *buffer, size_t len) { static char *ptr; ptr = buffer +len -1; while(len) { if (*ptr != '\n') break; *ptr-- = 0; len--; } while(len) { if (*ptr != '\r') break; *ptr-- = 0; len--; } return len; } /*---------------------------------------------------------------------------*/ static int fgetline(FILE *inputstream, size_t size, char *buffer) { static size_t len; static char *buffptr; if(feof(inputstream)) return -1; buffptr = fgets (buffer, size, inputstream); if(buffptr == NULL) return -1; len = strlen(buffptr); len = chop(buffptr, len); return len; } static uint16_t getfield(char *lineptr, size_t bufflen, uint8_t *buff) { static size_t p; static uint8_t idx0; static uint8_t idx1; static const uint8_t hashmap[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, // 01234567 0x08, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 89:;<=>? 0x00, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00, // @ABCDEFG 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // HIJKLMNO 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // PQRSTUVW 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // XYZ[\]^_ 0x00, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00, // `abcdefg 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // hijklmno }; memset(buff, 0, bufflen); p = 0; while((lineptr[p] != '*') && (lineptr[p] != 0) && (p /2 <= bufflen)) { if(! isxdigit((unsigned char)lineptr[p +0])) return 0; if(! isxdigit((unsigned char)lineptr[p +1])) return 0; if((lineptr[p +1] == '*') && (lineptr[p +1] == 0)) return 0; idx0 = ((uint8_t)lineptr[p +0] &0x1F) ^0x10; idx1 = ((uint8_t)lineptr[p +1] &0x1F) ^0x10; buff[p /2] = (uint8_t)(hashmap[idx0] <<4) | hashmap[idx1]; p += 2; if((p /2) > PMKIDEAPOL_BUFFER_LEN) return 0; } return p /2; } /*===========================================================================*/ static void processpmkideapolfile(char *pmkideapolname, int fd_cap) { static int len; static int oflen; static int aktread = 1; static FILE *fhpmkideapol; static uint16_t essidlen; static uint16_t noncelen; static uint16_t eapauthlen; static uint16_t mplen; static int fd_singlecap; static eapauth_t *eapa; static wpakey_t *wpak; static uint16_t keyinfo; static uint8_t keyver; static uint64_t rc; static const char wpa01[] = { "WPA*01*" }; static const char wpa02[] = { "WPA*02*" }; static char linein[PMKIDEAPOL_LINE_LEN +1]; static uint8_t buffer[PMKIDEAPOL_LINE_LEN +1]; static uint8_t macap[6]; static uint8_t macsta[6]; static uint8_t hash[16]; static uint8_t anonce[32]; static uint8_t eapol[EAPOL_AUTHLEN_MAX]; static uint8_t essid[ESSID_LEN_MAX]; static char singlecapname[PATH_MAX +2]; if((fhpmkideapol = fopen(pmkideapolname, "r")) == NULL) { fprintf(stderr, "opening hash file failed %s\n", pmkideapolname); return; } while(1) { if((len = fgetline(fhpmkideapol, PMKIDEAPOL_LINE_LEN, linein)) == -1) break; aktread++; if(len < 68) { pmkideapolcapskipped++; continue; } if((memcmp(&linein, &wpa01, 7) != 0) && (memcmp(&linein, &wpa02, 7) != 0)) { pmkideapolcapskipped++; continue; } if((linein[39] != '*') && (linein[52] != '*') && (linein[65] != '*')) { pmkideapolcapskipped++; continue; } if(getfield(&linein[7], PMKIDEAPOL_LINE_LEN, buffer) != 16) { pmkideapolcapskipped++; continue; } memcpy(&hash, &buffer, 16); if(getfield(&linein[40], PMKIDEAPOL_LINE_LEN, buffer) != 6) { pmkideapolcapskipped++; continue; } memcpy(&macap, &buffer, 6); if(getfield(&linein[53], PMKIDEAPOL_LINE_LEN, buffer) != 6) { pmkideapolcapskipped++; continue; } memcpy(&macsta, &buffer, 6); essidlen = getfield(&linein[66], PMKIDEAPOL_LINE_LEN, buffer); if(essidlen > 32) { pmkideapolcapskipped++; continue; } memcpy(&essid, &buffer, essidlen); if(memcmp(&linein, &wpa01, 7) == 0) { if(fd_cap == 0) { snprintf(singlecapname, 18, "%02x%02x%02x%02x%02x%02x.cap", macsta[0], macsta[1], macsta[2], macsta[3], macsta[4], macsta[5]); fd_singlecap = hcxopencapdump(singlecapname); if(fd_singlecap == -1) { fprintf(stderr, "could not create cap file\n"); exit(EXIT_FAILURE); } writecapbeaconwpa2(fd_singlecap, macap, essidlen, essid); writecappmkidwpa2(fd_singlecap, macsta, macap, hash); pmkideapolcapwritten++; close(fd_singlecap); } else { writecapbeaconwpa2(fd_cap, macap, essidlen, essid); writecappmkidwpa2(fd_cap, macsta, macap, hash); pmkideapolcapwritten++; } } else if(memcmp(&linein, &wpa02, 7) == 0) { oflen = 66 +essidlen *2 +1; noncelen = getfield(&linein[oflen], PMKIDEAPOL_LINE_LEN, buffer); if(noncelen > 32) { pmkideapolcapskipped++; continue; } memcpy(&anonce, &buffer, 32); oflen += 65; eapauthlen = getfield(&linein[oflen], PMKIDEAPOL_LINE_LEN, buffer); if(eapauthlen > EAPOL_AUTHLEN_MAX) { pmkideapolcapskipped++; continue; } memcpy(&eapol, &buffer, eapauthlen); oflen += eapauthlen *2 +1; mplen = getfield(&linein[oflen], PMKIDEAPOL_LINE_LEN, buffer); if(mplen > 1) { pmkideapolcapskipped++; continue; } eapa = (eapauth_t*)eapol; if(eapa->type != EAPOL_KEY) { pmkideapolcapskipped++; continue; } if(eapauthlen != ntohs(eapa->len) +4) { pmkideapolcapskipped++; continue; } wpak = (wpakey_t*)(eapol +EAPAUTH_SIZE); keyver = ntohs(wpak->keyinfo) & WPA_KEY_INFO_TYPE_MASK; if((keyver == 0) || (keyver > 3)) { pmkideapolcapskipped++; continue; } keyinfo = (getkeyinfo(ntohs(wpak->keyinfo))); if(keyinfo == 3) { pmkideapolcapskipped++; continue; } rc = wpak->replaycount; #ifdef BIG_ENDIAN_HOST rc = byte_swap_64(rc); #endif if(keyinfo == 4) { rc--; } if(fd_cap == 0) { snprintf(singlecapname, 18, "%02x%02x%02x%02x%02x%02x.cap", macsta[0], macsta[1], macsta[2], macsta[3], macsta[4], macsta[5]); fd_singlecap = hcxopencapdump(singlecapname); if(fd_singlecap == -1) { fprintf(stderr, "could not create cap file\n"); exit(EXIT_FAILURE); } if(keyver == 1) { writecapbeaconwpa1(fd_singlecap, macap, essidlen, essid); writecapm1wpa1(fd_singlecap, macsta, macap, anonce, eapa->version, wpak->keylen, rc); writecapm2(fd_singlecap, macsta, macap, eapauthlen, eapol, hash); pmkideapolcapwritten++; } else if(keyver == 2) { writecapbeaconwpa2(fd_singlecap, macap, essidlen, essid); writecapm1wpa2(fd_singlecap, macsta, macap, anonce, eapa->version, wpak->keylen, rc); writecapm2(fd_singlecap, macsta, macap, eapauthlen, eapol, hash); pmkideapolcapwritten++; } else if(keyver == 3) { writecapbeaconwpa2keyver3(fd_singlecap, macap, essidlen, essid); writecapm1wpa2keyver3(fd_singlecap, macsta, macap, anonce, eapa->version, wpak->keylen, rc); writecapm2(fd_singlecap, macsta, macap, eapauthlen, eapol, hash); pmkideapolcapwritten++; } close(fd_singlecap); } else { if(keyver == 1) { writecapbeaconwpa1(fd_cap, macap, essidlen, essid); writecapm1wpa1(fd_cap, macsta, macap, anonce, eapa->version, wpak->keylen, rc); writecapm2(fd_cap, macsta, macap, eapauthlen, eapol, hash); pmkideapolcapwritten++; } else if(keyver == 2) { writecapbeaconwpa2(fd_cap, macap, essidlen, essid); writecapm1wpa2(fd_cap, macsta, macap, anonce, eapa->version, wpak->keylen, rc); writecapm2(fd_cap, macsta, macap, eapauthlen, eapol, hash); pmkideapolcapwritten++; } else if(keyver == 3) { writecapbeaconwpa2keyver3(fd_cap, macap, essidlen, essid); writecapm1wpa2keyver3(fd_cap, macsta, macap, anonce, eapa->version, wpak->keylen, rc); writecapm2(fd_cap, macsta, macap, eapauthlen, eapol, hash); pmkideapolcapwritten++; } } } else { pmkideapolcapskipped++; continue; } } return; } /*===========================================================================*/ static void processpmkidfile(char *pmkidname, int fd_cap) { static int len; static int aktread = 1; static int essidlen; static int fd_singlecap; static FILE *fhpmkid; static char linein[PMKID_LINE_LEN]; static uint8_t macap[6]; static uint8_t macsta[6]; static uint8_t pmkid[16]; static uint8_t essid[ESSID_LEN_MAX]; static char singlecapname[PATH_MAX +2]; if((fhpmkid = fopen(pmkidname, "r")) == NULL) { fprintf(stderr, "opening hash file failed %s\n", pmkidname); return; } while(1) { if((len = fgetline(fhpmkid, PMKID_LINE_LEN, linein)) == -1) { break; } if((len < 61) || ((len > 59 +(ESSID_LEN_MAX *2)))) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); aktread++; pmkcapskipped++; continue; } if(((linein[32] != '*') && (linein[45] != '*') && (linein[58] != '*')) && ((linein[32] != ':') && (linein[45] != ':') && (linein[58] != ':'))) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); aktread++; pmkcapskipped++; continue; } essidlen = len -59; if((essidlen %2) != 0) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); aktread++; pmkcapskipped++; continue; } if((essidlen < 2) || (essidlen > 64)) { fprintf(stderr, "reading ESSID %d failed: %s\n", aktread, linein); aktread++; pmkcapskipped++; continue; } if(hex2bin(&linein[0], pmkid, 16) != true) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); pmkcapskipped++; continue; } if(hex2bin(&linein[33], macap, 6) != true) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); pmkcapskipped++; continue; } if(hex2bin(&linein[46], macsta, 6) != true) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); pmkcapskipped++; continue; } if(hex2bin(&linein[59], essid, essidlen/2) != true) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); pmkcapskipped++; continue; } if(fd_cap == 0) { snprintf(singlecapname, 18, "%02x%02x%02x%02x%02x%02x.cap", macsta[0], macsta[1], macsta[2], macsta[3], macsta[4], macsta[5]); fd_singlecap = hcxopencapdump(singlecapname); if(fd_singlecap == -1) { fprintf(stderr, "could not create cap file\n"); exit(EXIT_FAILURE); } writecapbeaconwpa2(fd_singlecap, macap, essidlen /2, essid); writecappmkidwpa2(fd_singlecap, macsta, macap, pmkid); pmkcapwritten++; close(fd_singlecap); } else { writecapbeaconwpa2(fd_cap, macap, essidlen /2, essid); writecappmkidwpa2(fd_cap, macsta, macap, pmkid); pmkcapwritten++; } aktread++; } fclose(fhpmkid); return; } /*===========================================================================*/ static void processhccapxfile(char *hccapxname, int fd_cap) { static struct stat statinfo; static hccapx_t *hcxptr; static int fd_singlecap; static FILE *fhhcx; static eapauth_t *eapa; static wpakey_t *wpak; static uint16_t keyinfo; static uint8_t keyver; static uint64_t rc; static uint8_t hcxdata[HCCAPX_SIZE]; static char singlecapname[PATH_MAX +2]; if(stat(hccapxname, &statinfo) != 0) { fprintf(stderr, "can't stat %s\n", hccapxname); return; } if((statinfo.st_size %HCCAPX_SIZE) != 0) { fprintf(stderr, "file corrupt\n"); return; } if((fhhcx = fopen(hccapxname, "r")) == NULL) { fprintf(stderr, "error opening file %s", hccapxname); return; } hcxptr = (hccapx_t*)hcxdata; while(fread(&hcxdata, HCCAPX_SIZE, 1, fhhcx) == 1) { if(hcxptr->signature != HCCAPX_SIGNATURE) { hccapxcapskipped++; continue; } if((hcxptr->version != 3) && (hcxptr->version != 4)) { hccapxcapskipped++; continue; } if((hcxptr->essid_len == 0) || (hcxptr->essid_len > ESSID_LEN_MAX)) { hccapxcapskipped++; continue; } eapa = (eapauth_t*)hcxptr->eapol; if(eapa->type != EAPOL_KEY) { hccapxcapskipped++; continue; } if(hcxptr->eapol_len != ntohs(eapa->len) +4) { hccapxcapskipped++; continue; } wpak = (wpakey_t*)(hcxptr->eapol +EAPAUTH_SIZE); keyver = ntohs(wpak->keyinfo) & WPA_KEY_INFO_TYPE_MASK; if(keyver != hcxptr->keyver) { hccapxcapskipped++; continue; } if(keyver > 3) { hccapxcapskipped++; continue; } keyinfo = (getkeyinfo(ntohs(wpak->keyinfo))); if(keyinfo == 3) { hccapxcapskipped++; continue; } rc = wpak->replaycount; #ifdef BIG_ENDIAN_HOST rc = byte_swap_64(rc); #endif if(keyinfo == 4) { rc--; } if(fd_cap == 0) { snprintf(singlecapname, 18, "%02x%02x%02x%02x%02x%02x.cap", hcxptr->mac_sta[0], hcxptr->mac_sta[1], hcxptr->mac_sta[2], hcxptr->mac_sta[3], hcxptr->mac_sta[4], hcxptr->mac_sta[5]); fd_singlecap = hcxopencapdump(singlecapname); if(fd_singlecap == -1) { fprintf(stderr, "could not create cap file\n"); exit(EXIT_FAILURE); } if(keyver == 1) { writecapbeaconwpa1(fd_singlecap, hcxptr->mac_ap, hcxptr->essid_len, hcxptr->essid); if(memcmp(wpak->nonce, hcxptr->nonce_ap, 32) != 0) { writecapm1wpa1(fd_singlecap, hcxptr->mac_sta, hcxptr->mac_ap, hcxptr->nonce_ap, eapa->version, wpak->keylen, rc); } else { writecapm1wpa1(fd_singlecap, hcxptr->mac_sta, hcxptr->mac_ap, hcxptr->nonce_sta, eapa->version, wpak->keylen, rc); } writecapm2(fd_singlecap, hcxptr->mac_sta, hcxptr->mac_ap, hcxptr->eapol_len, hcxptr->eapol, hcxptr->keymic); hccapxcapwritten++; } else if(keyver == 2) { writecapbeaconwpa2(fd_singlecap, hcxptr->mac_ap, hcxptr->essid_len, hcxptr->essid); if(memcmp(wpak->nonce, hcxptr->nonce_ap, 32) != 0) { writecapm1wpa2(fd_singlecap, hcxptr->mac_sta, hcxptr->mac_ap, hcxptr->nonce_ap, eapa->version, wpak->keylen, rc); } else { writecapm1wpa2(fd_singlecap, hcxptr->mac_sta, hcxptr->mac_ap, hcxptr->nonce_sta, eapa->version, wpak->keylen, rc); } writecapm2(fd_singlecap, hcxptr->mac_sta, hcxptr->mac_ap, hcxptr->eapol_len, hcxptr->eapol, hcxptr->keymic); hccapxcapwritten++; } else if(keyver == 3) { writecapbeaconwpa2keyver3(fd_singlecap, hcxptr->mac_ap, hcxptr->essid_len, hcxptr->essid); if(memcmp(wpak->nonce, hcxptr->nonce_ap, 32) != 0) { writecapm1wpa2keyver3(fd_singlecap, hcxptr->mac_sta, hcxptr->mac_ap, hcxptr->nonce_ap, eapa->version, wpak->keylen, rc); } else { writecapm1wpa2keyver3(fd_singlecap, hcxptr->mac_sta, hcxptr->mac_ap, hcxptr->nonce_sta, eapa->version, wpak->keylen, rc); } writecapm2(fd_singlecap, hcxptr->mac_sta, hcxptr->mac_ap, hcxptr->eapol_len, hcxptr->eapol, hcxptr->keymic); hccapxcapwritten++; } close(fd_singlecap); } else { if(keyver == 1) { writecapbeaconwpa1(fd_cap, hcxptr->mac_ap, hcxptr->essid_len, hcxptr->essid); if(memcmp(wpak->nonce, hcxptr->nonce_ap, 32) != 0) { writecapm1wpa1(fd_cap, hcxptr->mac_sta, hcxptr->mac_ap, hcxptr->nonce_ap, eapa->version, wpak->keylen, rc); } else { writecapm1wpa1(fd_cap, hcxptr->mac_sta, hcxptr->mac_ap, hcxptr->nonce_sta, eapa->version, wpak->keylen, rc); } writecapm2(fd_cap, hcxptr->mac_sta, hcxptr->mac_ap, hcxptr->eapol_len, hcxptr->eapol, hcxptr->keymic); hccapxcapwritten++; } else if(keyver == 2) { writecapbeaconwpa2(fd_cap, hcxptr->mac_ap, hcxptr->essid_len, hcxptr->essid); if(memcmp(wpak->nonce, hcxptr->nonce_ap, 32) != 0) { writecapm1wpa2(fd_cap, hcxptr->mac_sta, hcxptr->mac_ap, hcxptr->nonce_ap, eapa->version, wpak->keylen, rc); } else { writecapm1wpa2(fd_cap, hcxptr->mac_sta, hcxptr->mac_ap, hcxptr->nonce_sta, eapa->version, wpak->keylen, rc); } writecapm2(fd_cap, hcxptr->mac_sta, hcxptr->mac_ap, hcxptr->eapol_len, hcxptr->eapol, hcxptr->keymic); hccapxcapwritten++; } else if(keyver == 3) { writecapbeaconwpa2keyver3(fd_cap, hcxptr->mac_ap, hcxptr->essid_len, hcxptr->essid); if(memcmp(wpak->nonce, hcxptr->nonce_ap, 32) != 0) { writecapm1wpa2keyver3(fd_cap, hcxptr->mac_sta, hcxptr->mac_ap, hcxptr->nonce_ap, eapa->version, wpak->keylen, rc); } else { writecapm1wpa2keyver3(fd_cap, hcxptr->mac_sta, hcxptr->mac_ap, hcxptr->nonce_sta, eapa->version, wpak->keylen, rc); } writecapm2(fd_cap, hcxptr->mac_sta, hcxptr->mac_ap, hcxptr->eapol_len, hcxptr->eapol, hcxptr->keymic); hccapxcapwritten++; } } } fclose(fhhcx); return; } /*===========================================================================*/ static void processhccapfile(char *hccapname, int fd_cap) { static struct stat statinfo; static hccap_t *hcptr; static int fd_singlecap; static FILE *fhhc; static uint8_t essidlen; static int c; static eapauth_t *eapa; static wpakey_t *wpak; static uint16_t keyinfo; static uint8_t keyver; static uint64_t rc; static uint8_t hcdata[HCCAP_SIZE]; static char singlecapname[PATH_MAX +2]; if(stat(hccapname, &statinfo) != 0) { fprintf(stderr, "can't stat %s\n", hccapname); return; } if((statinfo.st_size %HCCAP_SIZE) != 0) { fprintf(stderr, "file corrupt\n"); return; } if((fhhc = fopen(hccapname, "r")) == NULL) { fprintf(stderr, "error opening file %s", hccapname); return; } hcptr = (hccap_t*)hcdata; while(fread(&hcdata, HCCAP_SIZE, 1, fhhc) == 1) { essidlen = 0; for(c = 0; c < ESSID_LEN_MAX; c++) { if(hcptr->essid[c] == 0) { break; } essidlen++; } if((essidlen == 0) || (essidlen > ESSID_LEN_MAX)) { hccapcapskipped++; continue; } eapa = (eapauth_t*)hcptr->eapol; if(eapa->type != EAPOL_KEY) { hccapcapskipped++; continue; } if(hcptr->eapol_size != ntohs(eapa->len) +4) { hccapcapskipped++; continue; } wpak = (wpakey_t*)(hcptr->eapol +EAPAUTH_SIZE); keyver = ntohs(wpak->keyinfo) & WPA_KEY_INFO_TYPE_MASK; if(keyver != hcptr->keyver) { hccapcapskipped++; continue; } if(keyver > 3) { hccapcapskipped++; continue; } keyinfo = (getkeyinfo(ntohs(wpak->keyinfo))); if(keyinfo == 3) { hccapcapskipped++; continue; } rc = wpak->replaycount; #ifdef BIG_ENDIAN_HOST rc = byte_swap_64(rc); #endif if(keyinfo == 4) { rc--; } if(fd_cap == 0) { snprintf(singlecapname, 18, "%02x%02x%02x%02x%02x%02x.cap", hcptr->mac2[0], hcptr->mac2[1], hcptr->mac2[2], hcptr->mac2[3], hcptr->mac2[4], hcptr->mac2[5]); fd_singlecap = hcxopencapdump(singlecapname); if(fd_singlecap == -1) { fprintf(stderr, "could not create cap file\n"); exit(EXIT_FAILURE); } if(keyver == 1) { writecapbeaconwpa1(fd_singlecap, hcptr->mac1, essidlen, (uint8_t*)hcptr->essid); if(memcmp(wpak->nonce, hcptr->nonce1, 32) != 0) { writecapm1wpa1(fd_singlecap, hcptr->mac2, hcptr->mac1, hcptr->nonce1, eapa->version, wpak->keylen, rc); } else { writecapm1wpa1(fd_singlecap, hcptr->mac2, hcptr->mac1, hcptr->nonce2, eapa->version, wpak->keylen, rc); } writecapm2(fd_singlecap, hcptr->mac2, hcptr->mac1, hcptr->eapol_size, hcptr->eapol, hcptr->keymic); hccapcapwritten++; } else if(keyver == 2) { writecapbeaconwpa2(fd_singlecap, hcptr->mac1, essidlen, (uint8_t*)hcptr->essid); if(memcmp(wpak->nonce, hcptr->nonce1, 32) != 0) { writecapm1wpa2(fd_singlecap, hcptr->mac2, hcptr->mac1, hcptr->nonce1, eapa->version, wpak->keylen, rc); } else { writecapm1wpa2(fd_singlecap, hcptr->mac2, hcptr->mac1, hcptr->nonce2, eapa->version, wpak->keylen, rc); } writecapm2(fd_singlecap, hcptr->mac2, hcptr->mac1, hcptr->eapol_size, hcptr->eapol, hcptr->keymic); hccapcapwritten++; } else if(keyver == 3) { writecapbeaconwpa2keyver3(fd_singlecap, hcptr->mac1, essidlen, (uint8_t*)hcptr->essid); if(memcmp(wpak->nonce, hcptr->nonce1, 32) != 0) { writecapm1wpa2keyver3(fd_singlecap, hcptr->mac2, hcptr->mac1, hcptr->nonce1, eapa->version, wpak->keylen, rc); } else { writecapm1wpa2keyver3(fd_singlecap, hcptr->mac2, hcptr->mac1, hcptr->nonce2, eapa->version, wpak->keylen, rc); } writecapm2(fd_singlecap, hcptr->mac2, hcptr->mac1, hcptr->eapol_size, hcptr->eapol, hcptr->keymic); hccapcapwritten++; } close(fd_singlecap); } else { if(keyver == 1) { writecapbeaconwpa1(fd_cap, hcptr->mac1, essidlen, (uint8_t*)hcptr->essid); if(memcmp(wpak->nonce, hcptr->nonce1, 32) != 0) { writecapm1wpa1(fd_cap, hcptr->mac2, hcptr->mac1, hcptr->nonce1, eapa->version, wpak->keylen, rc); } else { writecapm1wpa1(fd_cap, hcptr->mac2, hcptr->mac1, hcptr->nonce2, eapa->version, wpak->keylen, rc); } writecapm2(fd_cap, hcptr->mac2, hcptr->mac1, hcptr->eapol_size, hcptr->eapol, hcptr->keymic); hccapcapwritten++; } else if(keyver == 2) { writecapbeaconwpa2(fd_cap, hcptr->mac1, essidlen, (uint8_t*)hcptr->essid); if(memcmp(wpak->nonce, hcptr->nonce1, 32) != 0) { writecapm1wpa2(fd_cap, hcptr->mac2, hcptr->mac1, hcptr->nonce1, eapa->version, wpak->keylen, rc); } else { writecapm1wpa2(fd_cap, hcptr->mac2, hcptr->mac1, hcptr->nonce2, eapa->version, wpak->keylen, rc); } writecapm2(fd_cap, hcptr->mac2, hcptr->mac1, hcptr->eapol_size, hcptr->eapol, hcptr->keymic); hccapcapwritten++; } else if(keyver == 3) { writecapbeaconwpa2keyver3(fd_cap, hcptr->mac1, essidlen, (uint8_t*)hcptr->essid); if(memcmp(wpak->nonce, hcptr->nonce1, 32) != 0) { writecapm1wpa2keyver3(fd_cap, hcptr->mac2, hcptr->mac1, hcptr->nonce1, eapa->version, wpak->keylen, rc); } else { writecapm1wpa2keyver3(fd_cap, hcptr->mac2, hcptr->mac1, hcptr->nonce2, eapa->version, wpak->keylen, rc); } writecapm2(fd_cap, hcptr->mac2, hcptr->mac1, hcptr->eapol_size, hcptr->eapol, hcptr->keymic); hccapcapwritten++; } } } fclose(fhhc); return; } /*===========================================================================*/ static void processjohnfile(char *johnname, int fd_cap) { static int len; static int i; static FILE *fhjohn; static int essidlen; static int hashlen; static char *ptressid; static char *ptreapol; static char *ptreapol2; static uint8_t *johnptr; static const char *pos; static hccap_t *hcptr; static int fd_singlecap; static eapauth_t *eapa; static wpakey_t *wpak; static uint16_t keyinfo; static uint8_t keyver; static uint64_t rc; static const char itoa64[64] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; static char singlecapname[PATH_MAX +2]; static char linein[JOHN_LINE_LEN]; static uint8_t hcdata[HCCAP_SIZE]; static unsigned char atoi64[0x100]; if((fhjohn = fopen(johnname, "r")) == NULL) { fprintf(stderr, "opening hash file failed %s\n", johnname); return; } memset(atoi64, 0x7F, sizeof(atoi64)); for(pos = itoa64; pos <= &itoa64[63]; pos++) { atoi64[ARCH_INDEX(*pos)] = pos - itoa64; } hcptr = (hccap_t*)hcdata; while(1) { if((len = fgetline(fhjohn, JOHN_LINE_LEN, linein)) == -1) { break; } if(len < 534) { johnskipped++; continue; } ptressid =strstr(linein, ":$WPAPSK$"); if(ptressid == NULL) { johnskipped++; continue; } ptressid += 9; ptreapol =strrchr(linein, '#'); if(ptreapol == NULL) { johnskipped++; continue; } ptreapol++; essidlen = ptreapol -ptressid -1; if((essidlen == 0) || (essidlen > ESSID_LEN_MAX)) { johnskipped++; continue; } ptreapol2 = strchr(ptreapol, ':'); if(ptreapol2 == NULL) { johnskipped++; continue; } hashlen = ptreapol2 - ptreapol; if(hashlen != 475) { johnskipped++; continue; } memset(&hcdata, 0, HCCAP_SIZE); memcpy(&hcdata, ptressid, essidlen); johnptr = hcdata +36; for (i = 0; i < 118; i++) { johnptr[0] = (atoi64[ARCH_INDEX(ptreapol[0])] << 2) | (atoi64[ARCH_INDEX(ptreapol[1])] >> 4); johnptr[1] = (atoi64[ARCH_INDEX(ptreapol[1])] << 4) | (atoi64[ARCH_INDEX(ptreapol[2])] >> 2); johnptr[2] = (atoi64[ARCH_INDEX(ptreapol[2])] << 6) | (atoi64[ARCH_INDEX(ptreapol[3])]); johnptr += 3; ptreapol += 4; } johnptr[0] = (atoi64[ARCH_INDEX(ptreapol[0])] << 2) | (atoi64[ARCH_INDEX(ptreapol[1])] >> 4); johnptr[1] = (atoi64[ARCH_INDEX(ptreapol[1])] << 4) | (atoi64[ARCH_INDEX(ptreapol[2])] >> 2); eapa = (eapauth_t*)hcptr->eapol; if(eapa->type != EAPOL_KEY) { johnskipped++; continue; } if(hcptr->eapol_size != ntohs(eapa->len) +4) { johnskipped++; continue; } wpak = (wpakey_t*)(hcptr->eapol +EAPAUTH_SIZE); keyver = ntohs(wpak->keyinfo) & WPA_KEY_INFO_TYPE_MASK; if(keyver != hcptr->keyver) { johnskipped++; continue; } if(keyver > 3) { johnskipped++; continue; } keyinfo = (getkeyinfo(ntohs(wpak->keyinfo))); if(keyinfo == 3) { johnskipped++; continue; } rc = wpak->replaycount; #ifdef BIG_ENDIAN_HOST rc = byte_swap_64(rc); #endif if(keyinfo == 4) { rc--; } if(fd_cap == 0) { snprintf(singlecapname, 18, "%02x%02x%02x%02x%02x%02x.cap", hcptr->mac2[0], hcptr->mac2[1], hcptr->mac2[2], hcptr->mac2[3], hcptr->mac2[4], hcptr->mac2[5]); fd_singlecap = hcxopencapdump(singlecapname); if(fd_singlecap == -1) { fprintf(stderr, "could not create cap file\n"); exit(EXIT_FAILURE); } if(keyver == 1) { writecapbeaconwpa1(fd_singlecap, hcptr->mac1, essidlen, (uint8_t*)hcptr->essid); if(memcmp(wpak->nonce, hcptr->nonce1, 32) != 0) { writecapm1wpa1(fd_singlecap, hcptr->mac2, hcptr->mac1, hcptr->nonce1, eapa->version, wpak->keylen, rc); } else { writecapm1wpa1(fd_singlecap, hcptr->mac2, hcptr->mac1, hcptr->nonce2, eapa->version, wpak->keylen, rc); } writecapm2(fd_singlecap, hcptr->mac2, hcptr->mac1, hcptr->eapol_size, hcptr->eapol, hcptr->keymic); hccapcapwritten++; } else if(keyver == 2) { writecapbeaconwpa2(fd_singlecap, hcptr->mac1, essidlen, (uint8_t*)hcptr->essid); if(memcmp(wpak->nonce, hcptr->nonce1, 32) != 0) { writecapm1wpa2(fd_singlecap, hcptr->mac2, hcptr->mac1, hcptr->nonce1, eapa->version, wpak->keylen, rc); } else { writecapm1wpa2(fd_singlecap, hcptr->mac2, hcptr->mac1, hcptr->nonce2, eapa->version, wpak->keylen, rc); } writecapm2(fd_singlecap, hcptr->mac2, hcptr->mac1, hcptr->eapol_size, hcptr->eapol, hcptr->keymic); hccapcapwritten++; } else if(keyver == 3) { writecapbeaconwpa2keyver3(fd_singlecap, hcptr->mac1, essidlen, (uint8_t*)hcptr->essid); if(memcmp(wpak->nonce, hcptr->nonce1, 32) != 0) { writecapm1wpa2keyver3(fd_singlecap, hcptr->mac2, hcptr->mac1, hcptr->nonce1, eapa->version, wpak->keylen, rc); } else { writecapm1wpa2keyver3(fd_singlecap, hcptr->mac2, hcptr->mac1, hcptr->nonce2, eapa->version, wpak->keylen, rc); } writecapm2(fd_singlecap, hcptr->mac2, hcptr->mac1, hcptr->eapol_size, hcptr->eapol, hcptr->keymic); hccapcapwritten++; } close(fd_singlecap); } else { if(keyver == 1) { writecapbeaconwpa1(fd_cap, hcptr->mac1, essidlen, (uint8_t*)hcptr->essid); if(memcmp(wpak->nonce, hcptr->nonce1, 32) != 0) { writecapm1wpa1(fd_cap, hcptr->mac2, hcptr->mac1, hcptr->nonce1, eapa->version, wpak->keylen, rc); } else { writecapm1wpa1(fd_cap, hcptr->mac2, hcptr->mac1, hcptr->nonce2, eapa->version, wpak->keylen, rc); } writecapm2(fd_cap, hcptr->mac2, hcptr->mac1, hcptr->eapol_size, hcptr->eapol, hcptr->keymic); hccapcapwritten++; } else if(keyver == 2) { writecapbeaconwpa2(fd_cap, hcptr->mac1, essidlen, (uint8_t*)hcptr->essid); if(memcmp(wpak->nonce, hcptr->nonce1, 32) != 0) { writecapm1wpa2(fd_cap, hcptr->mac2, hcptr->mac1, hcptr->nonce1, eapa->version, wpak->keylen, rc); } else { writecapm1wpa2(fd_cap, hcptr->mac2, hcptr->mac1, hcptr->nonce2, eapa->version, wpak->keylen, rc); } writecapm2(fd_cap, hcptr->mac2, hcptr->mac1, hcptr->eapol_size, hcptr->eapol, hcptr->keymic); hccapcapwritten++; } else if(keyver == 3) { writecapbeaconwpa2keyver3(fd_cap, hcptr->mac1, essidlen, (uint8_t*)hcptr->essid); if(memcmp(wpak->nonce, hcptr->nonce1, 32) != 0) { writecapm1wpa2keyver3(fd_cap, hcptr->mac2, hcptr->mac1, hcptr->nonce1, eapa->version, wpak->keylen, rc); } else { writecapm1wpa2keyver3(fd_cap, hcptr->mac2, hcptr->mac1, hcptr->nonce2, eapa->version, wpak->keylen, rc); } writecapm2(fd_cap, hcptr->mac2, hcptr->mac1, hcptr->eapol_size, hcptr->eapol, hcptr->keymic); hccapcapwritten++; } } } fclose(fhjohn); return; } /*===========================================================================*/ static void removeemptycap(char *filenametoremove) { struct stat statinfo; if(filenametoremove == NULL) { return; } if(stat(filenametoremove, &statinfo) != 0) { return; } if(statinfo.st_size == 24) { remove(filenametoremove); return; } return; } /*===========================================================================*/ __attribute__ ((noreturn)) static void version(char *eigenname) { fprintf(stdout, "%s %s (C) %s ZeroBeat\n", eigenname, VERSION_TAG, VERSION_YEAR); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) static void usage(char *eigenname) { fprintf(stdout, "%s %s (C) %s ZeroBeat\n" "usage:\n" "%s \n" "\n" "options:\n" "-c : output cap file\n" " if no cap file is selected, output will be written to single cap files\n" " format: mac_sta.cap (mac_sta.cap_x)\n" "-h : show this help\n" "-v : show version\n" "\n" "--pmkid-eapol= : input PMKID EAPOL (22000) combi hash file\n" "--pmkid= : input deprecated PMKID (16800) hash file\n" "--hccapx= : input deprecated hccapx (2500) hash file\n" "--hccap= : input ancient hccap (2500) file\n" "--john= : input John the Ripper WPAPSK hash file\n" "--help : show this help\n" "--version : show version\n" "\n", eigenname, VERSION_TAG, VERSION_YEAR, eigenname); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) static void usageerror(char *eigenname) { fprintf(stdout, "%s %s (C) %s by ZeroBeat\n" "usage: %s -h for help\n", eigenname, VERSION_TAG, VERSION_YEAR, eigenname); exit(EXIT_FAILURE); } /*===========================================================================*/ int main(int argc, char *argv[]) { static int auswahl; static int index; static int fd_cap = 0; static char *pmkideapolname = NULL; static char *pmkidname = NULL; static char *hccapxname = NULL; static char *hccapname = NULL; static char *johnname = NULL; static char *capname = NULL; static const char *short_options = "c:hv"; static const struct option long_options[] = { {"pmkid-eapol", required_argument, NULL, HCXP_PMKID_EAPOL}, {"pmkid", required_argument, NULL, HCXP_PMKID}, {"hccapx", required_argument, NULL, HCXP_HCCAPX}, {"hccap", required_argument, NULL, HCXP_HCCAP}, {"john", required_argument, NULL, HCXP_JOHN}, {"version", no_argument, NULL, HCXP_VERSION}, {"help", no_argument, NULL, HCXP_HELP}, {NULL, 0, NULL, 0} }; auswahl = -1; index = 0; optind = 1; optopt = 0; while((auswahl = getopt_long (argc, argv, short_options, long_options, &index)) != -1) { switch (auswahl) { case HCXP_PMKID_EAPOL: pmkideapolname = optarg; break; case HCXP_PMKID: pmkidname = optarg; break; case HCXP_HCCAPX: hccapxname = optarg; break; case HCXP_HCCAP: hccapname = optarg; break; case HCXP_JOHN: johnname = optarg; break; case HCXP_CAP: capname = optarg; break; case HCXP_HELP: usage(basename(argv[0])); break; case HCXP_VERSION: version(basename(argv[0])); break; case '?': usageerror(basename(argv[0])); break; } } if(argc < 2) { fprintf(stderr, "no option selected\n"); return EXIT_SUCCESS; } globalinit(); if(capname != NULL) { fd_cap = hcxopencapdump(capname); if(fd_cap == -1) { fprintf(stderr, "could not create cap file\n"); exit(EXIT_FAILURE); } } if(pmkideapolname != NULL) { processpmkideapolfile(pmkideapolname, fd_cap); } if(pmkidname != NULL) { processpmkidfile(pmkidname, fd_cap); } if(hccapxname != NULL) { processhccapxfile(hccapxname, fd_cap); } if(hccapname != NULL) { processhccapfile(hccapname, fd_cap); } if(johnname != NULL) { processjohnfile(johnname, fd_cap); } if(fd_cap != 0) { close(fd_cap); removeemptycap(capname); } if(pmkideapolcapwritten > 0) { fprintf(stdout, "PMKIDs/EAPOL messages written to capfile(s): %llu (%llu skipped)\n", pmkideapolcapwritten, pmkideapolcapskipped); } if(pmkcapwritten > 0) { fprintf(stdout, "PMKIDs written to capfile(s): %llu (%llu skipped)\n", pmkcapwritten, pmkcapskipped); } if(hccapxcapwritten > 0) { fprintf(stdout, "EAPOLs written to capfile(s): %llu (%llu skipped)\n", hccapxcapwritten, hccapxcapskipped); } if(hccapcapwritten > 0) { fprintf(stdout, "EAPOLs written to capfile(s): %llu (%llu skipped)\n", hccapcapwritten, hccapcapskipped); } if(johnwritten > 0) { fprintf(stdout, "EAPOLs written to capfile(s): %llu (%llu skipped)\n", johnwritten, johnskipped); } return EXIT_SUCCESS; } /*===========================================================================*/ hcxtools-6.2.7/hcxhashcattool.c000066400000000000000000000315741423200176400165620ustar00rootroot00000000000000#define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #if defined (__APPLE__) || defined(__OpenBSD__) #include #else #include #endif #include #include #include "include/hashcatops.h" #include "include/strings.c" struct argument_s { pmklist_t *pmkpos; unsigned long long int pmkct; } __attribute__((__packed__)); typedef struct argument_s argument_t; /*===========================================================================*/ /* globale Variablen */ bool progende = false; pmklist_t *pmkliste; unsigned long long int pmkcount; /*===========================================================================*/ void programmende(int signum) { if((signum == SIGINT) || (signum == SIGTERM) || (signum == SIGKILL)) { progende = true; } return; } /*===========================================================================*/ static int sort_pmklist_by_essid(const void *a, const void *b) { const pmklist_t *ia = (const pmklist_t *)a; const pmklist_t *ib = (const pmklist_t *)b; if(ia->essidlen > ib->essidlen) { return 1; } else if(ia->essidlen < ib->essidlen) { return -1; } if(memcmp(ia->essid, ib->essid, ia->essidlen) > 0) { return 1; } else if(memcmp(ia->essid, ib->essid, ia->essidlen) < 0) { return -1; } return 0; } /*===========================================================================*/ void writenewpmkfile(char *pmkname) { pmklist_t *zeiger; unsigned long long int c; int d, p; FILE *fhpmk; qsort(pmkliste, pmkcount, PMKLIST_SIZE, sort_pmklist_by_essid); if((fhpmk = fopen(pmkname, "w")) == NULL) { return; } zeiger = pmkliste; for(c = 0; c < pmkcount; c++) { for(d = 0; d < 32; d++) { fprintf(fhpmk, "%02x", zeiger->pmk[d]); } fprintf(fhpmk, "*"); for(p = 0; p < zeiger->essidlen; p++) { fprintf(fhpmk, "%02x",zeiger->essid[p]); } fprintf(fhpmk, ":"); if(zeiger->pskflag == false) { fprintf(fhpmk, "%.*s", zeiger->psklen, zeiger->psk); } else { fprintf(fhpmk, "$HEX["); for(d = 0; d < zeiger->psklen; d++) { fprintf(fhpmk, "%02x", zeiger->psk[d]); } fprintf(fhpmk, "]"); } fprintf(fhpmk, "\n"); zeiger++; } fclose(fhpmk); return; } /*===========================================================================*/ void *calculatethread(void *arg) { unsigned long long int c, pmkcountthread; argument_t *realarg = (argument_t *)arg; pmklist_t *zeiger; uint8_t emptypmk[32]; zeiger = realarg->pmkpos; pmkcountthread = realarg->pmkct; memset(&emptypmk, 0, 32); for(c = 0; c < pmkcountthread; c++) { if(memcmp(&emptypmk, zeiger->pmk, 32) == 0) { if(PKCS5_PBKDF2_HMAC_SHA1((const char*)zeiger->psk, zeiger->psklen, (unsigned char*)zeiger->essid, zeiger->essidlen, 4096, 32, zeiger->pmk) == 0) { fprintf(stdout, "failed to calculate PMK\n"); exit(EXIT_FAILURE); } } zeiger++; } return NULL; } /*===========================================================================*/ void calculatepmk() { pmklist_t *zeiger; unsigned long long int c, ct, cpucount; int ret; pthread_t thread[17]; argument_t args[17]; uint8_t emptypmk[32]; cpucount = sysconf( _SC_NPROCESSORS_ONLN ); if(cpucount > 16) { cpucount = 16; } zeiger = pmkliste; fprintf(stdout, "threads started.......: %llu (be patient!)\n", cpucount); ct = pmkcount/cpucount; if(ct > 1600) { for(c = 0; c < cpucount; c++) { args[c].pmkpos = zeiger; args[c].pmkct = ct; ret = pthread_create( &thread[c], NULL, &calculatethread, &args[c]); if(ret != 0) { fprintf(stdout, "failed to create thread\n"); exit(EXIT_FAILURE); } zeiger += ct; } for(c = 0; c < cpucount; c++) { pthread_join(thread[c], NULL); } ct = pmkcount %cpucount; } else { ct = pmkcount; } if(ct > 0) { memset(&emptypmk, 0, 32); for(c = 0; c < ct; c++) { if(memcmp(&emptypmk, zeiger->pmk, 32) == 0) { if(PKCS5_PBKDF2_HMAC_SHA1((const char*)zeiger->psk, zeiger->psklen, (unsigned char*)zeiger->essid, zeiger->essidlen, 4096, 32, zeiger->pmk) == 0) { fprintf(stdout, "failed to calculate PMK\n"); exit(EXIT_FAILURE); } } zeiger++; } } return; } /*===========================================================================*/ void addentry(pmklist_t *pmktmp) { unsigned long long int c; pmklist_t *zeiger; if(pmkliste == NULL) { pmkliste = malloc(PMKLIST_SIZE); if(pmkliste == NULL) { fprintf(stdout, "failed to allocate memory\n"); exit(EXIT_FAILURE); } memset(pmkliste, 0, PMKLIST_SIZE); memcpy(pmkliste->pmk, pmktmp->pmk, 32); pmkliste->essidflag = pmktmp->essidflag; pmkliste->essidlen = pmktmp->essidlen; memcpy(pmkliste->essid, pmktmp->essid, pmktmp->essidlen); pmkliste->pskflag = pmktmp->pskflag; pmkliste->psklen = pmktmp->psklen; memcpy(pmkliste->psk, pmktmp->psk, pmktmp->psklen); pmkcount++; return; } zeiger = pmkliste; for(c = 0; c < pmkcount; c++) { if((zeiger->essidlen == pmktmp->essidlen) && (zeiger->psklen == pmktmp->psklen)) { if((memcmp(zeiger->essid, pmktmp->essid, pmktmp->essidlen) == 0) && (memcmp(zeiger->psk, pmktmp->psk, pmktmp->psklen) == 0)) { return; } } zeiger++; } zeiger = realloc(pmkliste, (pmkcount +1) *PMKLIST_SIZE); if(zeiger == NULL) { fprintf(stderr, "failed to allocate memory\n"); exit(EXIT_FAILURE); } pmkliste = zeiger; zeiger = pmkliste +pmkcount; memset(zeiger, 0, PMKLIST_SIZE); memcpy(zeiger->pmk, pmktmp->pmk, 32); zeiger->essidflag = pmktmp->essidflag; zeiger->essidlen = pmktmp->essidlen; memcpy(zeiger->essid, pmktmp->essid, pmktmp->essidlen); zeiger->pskflag = pmktmp->pskflag; zeiger->psklen = pmktmp->psklen; memcpy(zeiger->psk, pmktmp->psk, pmktmp->psklen); pmkcount++; } /*===========================================================================*/ void addpotline(int potlinelen, char *potline) { char *essidptr; char *pskptr; uint8_t c, essidlen, psklen; pmklist_t pmktmp; memset(&pmktmp, 0, PMKLIST_SIZE); if(potlinelen < 59) { fprintf(stdout, "line length exception: %s\n", potline); return; } if((potline[32] != ':') && (potline[32] != '*')) { fprintf(stdout, "sperator doesn't match: %s\n", potline); return; } if((potline[45] != ':') && (potline[45] != '*')) { fprintf(stdout, "sperator doesn't match: %s\n", potline); return; } if((potline[58] != ':') && (potline[58] != '*')) { fprintf(stdout, "sperator doesn't match: %s\n", potline); return; } essidptr = potline +59; pskptr = strchr(potline +59, ':'); if (pskptr == NULL) { fprintf(stdout, "sperator doesn't match: %s\n", potline); return; } pskptr[0] = 0; pskptr++; if(potline[58] == ':') { essidlen = ishexify(essidptr); if((essidlen > 0) && (essidlen <= 32)) { if(hex2bin(essidptr +5, pmktmp.essid, essidlen) == false) { fprintf(stdout, "%s\n", potline); return; } pmktmp.essidflag = true; } else { essidlen = strlen(essidptr); if((essidlen < 1) || (essidlen > 32)) { fprintf(stdout, "%s\n", potline); return; } memcpy(&pmktmp.essid, essidptr, essidlen); pmktmp.essidflag = false; } pmktmp.essidlen = essidlen; } else if(potline[58] == '*') { essidlen = strlen(essidptr) /2; if(hex2bin(essidptr, pmktmp.essid, essidlen) == false) { fprintf(stdout, "%s\n", potline); return; } pmktmp.essidlen = essidlen; } else { fprintf(stdout, "sperator doesn't match: %s\n", potline); return; } psklen = ishexify(pskptr); if((psklen > 0) && (psklen <= 63)) { if(hex2bin(pskptr +5, pmktmp.psk, psklen) == false) { fprintf(stdout, "%s\n", potline); return; } pmktmp.pskflag = true; } else { psklen = strlen(pskptr); if((psklen < 1) || (psklen > 64)) { fprintf(stdout, "%s\n", potline); return; } memcpy(&pmktmp.psk, pskptr, psklen); pmktmp.pskflag = false; for(c = 0; c < psklen; c++) { if((pmktmp.psk[c] < 0x20) || (pmktmp.psk[c] > 0x7e) || (pmktmp.psk[c] == ':')) { pmktmp.pskflag = true; break; } } } pmktmp.psklen = psklen; addentry(&pmktmp); return; } /*===========================================================================*/ void addpmkline(int pmklinelen, char *pmkline) { char *essid_ptr; char *psk_ptr; uint8_t essidlen, psklen, pmklen; pmklist_t pmktmp; memset(&pmktmp, 0, PMKLIST_SIZE); if(pmklinelen < 69) { return; } if(pmkline[64] != ':') { return; } pmkline[64] = 0; pmklen = strlen(pmkline); if(pmklen != 64) { return; } if(hex2bin(pmkline, pmktmp.pmk, 32) == false) { return; } essid_ptr = pmkline +65; psk_ptr = strchr(essid_ptr, ':'); if(psk_ptr == NULL) { return; } essidlen = psk_ptr -essid_ptr; if((essidlen %2) != 0) { return; } if(essidlen > 64) { return; } psk_ptr[0] = 0; psk_ptr++; if(hex2bin(essid_ptr, pmktmp.essid, essidlen) == false) { return; } pmktmp.essidlen = essidlen /2; psklen = ishexify(psk_ptr); if((psklen > 0) && (psklen <= 63)) { if(hex2bin(psk_ptr +5, pmktmp.psk, psklen) == false) { return; } pmktmp.pskflag = true; } else { psklen = strlen(psk_ptr); if((psklen < 1) || (psklen > 64)) { return; } memcpy(&pmktmp.psk, psk_ptr, psklen); pmktmp.pskflag = false; } pmktmp.psklen = psklen; addentry(&pmktmp); return; } /*===========================================================================*/ size_t chop(char *buffer, size_t len) { char *ptr = buffer +len -1; while(len) { if (*ptr != '\n') break; *ptr-- = 0; len--; } while(len) { if (*ptr != '\r') break; *ptr-- = 0; len--; } return len; } /*---------------------------------------------------------------------------*/ int fgetline(FILE *inputstream, size_t size, char *buffer) { if(feof(inputstream)) return -1; char *buffptr = fgets (buffer, size, inputstream); if(buffptr == NULL) return -1; size_t len = strlen(buffptr); len = chop(buffptr, len); return len; } /*===========================================================================*/ void processpotfile(char *potname) { FILE *fhpot; int potlinelen; unsigned long long int potcount, pmkoldcount; char potline[256]; if((fhpot = fopen(potname, "r")) == NULL) { return; } potcount = 0; pmkoldcount = pmkcount; while((potlinelen = fgetline(fhpot, 256, potline)) != -1) { addpotline(potlinelen, potline); potcount++; } fprintf(stdout, "POT file lines read...: %llu (%llu skipped)\n", potcount, potcount -(pmkcount -pmkoldcount)); fclose(fhpot); return; } /*===========================================================================*/ void processpmkfile(char *pmkname) { FILE *fhpmk; int pmklinelen; unsigned long long int pmkoldcount; char pmkline[256]; if((fhpmk = fopen(pmkname, "r")) == NULL) { return; } pmkoldcount = 0; while((pmklinelen = fgetline(fhpmk, 256, pmkline)) != -1) { addpmkline(pmklinelen, pmkline); pmkoldcount++; } fprintf(stdout, "PMK file lines read...: %llu (%llu skipped)\n", pmkoldcount, pmkoldcount - pmkcount); fclose(fhpmk); return; } /*===========================================================================*/ void makepmklist(char *potname, char *pmkname) { pmkliste = NULL; pmkcount = 0; processpmkfile(pmkname); processpotfile(potname); if(pmkliste != NULL) { calculatepmk(); writenewpmkfile(pmkname); fprintf(stdout, "total PMKs calculated.: %llu\n", pmkcount); free(pmkliste); } return; } /*===========================================================================*/ __attribute__ ((noreturn)) void version(char *eigenname) { fprintf(stdout, "%s %s (C) %s ZeroBeat\n", eigenname, VERSION_TAG, VERSION_YEAR); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) void usage(char *eigenname) { fprintf(stdout, "%s %s (C) %s ZeroBeat\n" "usage:\n" "%s \n" "\n" "options:\n" "-p : input old hashcat potfile (<= 5.1.0)\n" " accepted potfiles: 2500 or 16800\n" "-P : output new potfile file (PMK*ESSID:PSK)\n" "-h : show this help\n" "-v : show version\n" "\n", eigenname, VERSION_TAG, VERSION_YEAR, eigenname); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) void usageerror(char *eigenname) { fprintf(stdout, "%s %s (C) %s by ZeroBeat\n" "usage: %s -h for help\n", eigenname, VERSION_TAG, VERSION_YEAR, eigenname); exit(EXIT_FAILURE); } /*===========================================================================*/ int main(int argc, char *argv[]) { int auswahl; char *potname = NULL; char *pmkname = NULL; setbuf(stdout, NULL); while ((auswahl = getopt(argc, argv, "p:P:hv")) != -1) { switch (auswahl) { case 'p': potname = optarg; break; case 'P': pmkname = optarg; break; case 'h': usage(basename(argv[0])); break; case 'v': version(basename(argv[0])); break; case '?': usageerror(basename(argv[0])); break; } } if(argc < 2) { fprintf(stderr, "no option selected\n"); return EXIT_SUCCESS; } if((potname != NULL) && (pmkname != NULL)) { makepmklist(potname, pmkname); } return EXIT_SUCCESS; } /*===========================================================================*/ hcxtools-6.2.7/hcxhashtool.c000066400000000000000000002673361423200176400161010ustar00rootroot00000000000000#define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #if defined (__APPLE__) || defined(__OpenBSD__) #include #include #else #include #endif #ifdef __linux__ #include #endif #include "include/hcxhashtool.h" #include "include/strings.c" #include "include/fileops.c" #include "include/ieee80211.h" #include "include/byteops.c" /*===========================================================================*/ /* global var */ static const char *usedoui; static int ouicount; static int ouilistcount; static ouilist_t *ouilist; static hashlist_t *hashlist; static long int pbkdf2count; static long int pbkdf2readerrorcount; static long int hashlistcount; static long int readcount; static long int readerrorcount; static long int pmkideapolcount; static long int pmkidcount; static long int eapolcount; static long int pmkidwrittencount; static long int eapolwrittencount; static long int essidwrittencount; static long int hccapxwrittencount; static long int hccapwrittencount; static long int johnwrittencount; static int hashtype; static int essidlen; static int essidlenmin; static int essidlenmax; static int filteressidlen; static char *filteressidptr; static int filteressidpartlen; static char *filteressidpartptr; static char *filtervendorptr; static char *filtervendorapptr; static char *filtervendorclientptr; static bool flagpsk; static bool flagpmk; static bool flagessidgroup; static bool flagmacapgroup; static bool flagmacclientgroup; static bool flagouigroup; static bool flagvendorout; static bool flaghccapsingleout; static bool flagfiltermacap; static uint8_t filtermacap[6]; static bool flagfiltermacclient; static uint8_t filtermacclient[6]; static bool flagfilterouiap; static uint8_t filterouiap[3]; static bool flagfilterouiclient; static uint8_t filterouiclient[3]; static bool flagfilterauthorized; static bool flagfilterchallenge; static bool flagfilterrcchecked; static bool flagfilterrcnotchecked; static bool flagfilterapless; static int pskptrlen; static char *pskptr; static uint8_t pmk[32]; /*===========================================================================*/ static void closelists() { if(hashlist != NULL) free(hashlist); if(ouilist != NULL) free(ouilist); EVP_cleanup(); CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); return; } /*===========================================================================*/ static bool initlists() { ouicount = 0; ouilistcount = OUILIST_MAX; hashlistcount = HASHLIST_MAX; readcount = 0; readerrorcount = 0; pmkideapolcount = 0; pmkidcount = 0; eapolcount = 0; pmkidwrittencount = 0; eapolwrittencount = 0; essidwrittencount = 0; hccapxwrittencount = 0; hccapwrittencount = 0; ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); if((hashlist = (hashlist_t*)calloc(hashlistcount, HASHLIST_SIZE)) == NULL) return false; if((ouilist = (ouilist_t*)calloc(ouilistcount, OUILIST_SIZE)) == NULL) return false; return true; } /*===========================================================================*/ static char *getvendor(uint8_t *mac) { static ouilist_t * zeiger; static char *unknown = "Unknown"; for(zeiger = ouilist; zeiger < ouilist +ouicount; zeiger++) { if(memcmp(zeiger->oui, mac, 3) == 0) return zeiger->vendor; if(memcmp(zeiger->oui, mac, 3) > 0) return unknown; } return unknown; } /*===========================================================================*/ static void printstatus() { static char *vendor; fprintf(stdout, "\nOUI information file..........: %s\n", usedoui); if(ouicount > 0) fprintf(stdout, "OUI entires...................: %d\n", ouicount); if(readcount > 0) fprintf(stdout, "total lines read..............: %ld\n", readcount); if(flagvendorout == true) { fprintf(stdout, "\n"); return; } if(pbkdf2count > 0) fprintf(stdout, "PBKDF2 lines..................: %ld\n", pbkdf2count); if(pbkdf2readerrorcount > 0) fprintf(stdout, "PBKDF2 errors.................: %ld\n", pbkdf2readerrorcount); if(readerrorcount > 0) fprintf(stdout, "read errors...................: %ld\n", readerrorcount); if(pmkideapolcount > 0) fprintf(stdout, "valid hash lines..............: %ld\n", pmkideapolcount); if(pmkidcount > 0) fprintf(stdout, "PMKID hash lines..............: %ld\n", pmkidcount); if(eapolcount > 0) fprintf(stdout, "EAPOL hash lines..............: %ld\n", eapolcount); if(essidlenmin != 0) fprintf(stdout, "filter by ESSID len min.......: %d\n", essidlenmin); if(essidlenmax != 32) fprintf(stdout, "filter by ESSID len max.......: %d\n", essidlenmax); if(filteressidptr != NULL) fprintf(stdout, "filter by ESSID...............: %s\n", filteressidptr); if(filteressidpartptr != NULL) fprintf(stdout, "filter by part of ESSID.......: %s\n", filteressidpartptr); if(flagfiltermacap == true) { vendor = getvendor(filtermacap); fprintf(stdout, "filter by MAC.................: %02x%02x%02x%02x%02x%02x (%s)\n", filtermacap[0], filtermacap[1], filtermacap[2], filtermacap[3], filtermacap[4], filtermacap[5], vendor); } if(flagfiltermacclient == true) { vendor = getvendor(filtermacclient); fprintf(stdout, "filter by MAC.................: %02x%02x%02x%02x%02x%02x (%s)\n", filtermacclient[0], filtermacclient[1], filtermacclient[2], filtermacclient[3], filtermacclient[4], filtermacclient[5], vendor); } if(flagfilterouiap == true) { vendor = getvendor(filterouiap); fprintf(stdout, "filter AP by OUI..............: %02x%02x%02x (%s)\n", filterouiap[0], filterouiap[1], filterouiap[2], vendor); } if(filtervendorptr != NULL) fprintf(stdout, "filter AP and CLIENT by VENDOR: %s\n", filtervendorptr); if(filtervendorapptr != NULL) fprintf(stdout, "filter AP by VENDOR...........: %s\n", filtervendorapptr); if(filtervendorclientptr != NULL) fprintf(stdout, "filter CLIENT by VENDOR.......: %s\n", filtervendorclientptr); if(flagfilterouiclient == true) { vendor = getvendor(filterouiclient); fprintf(stdout, "filter CLIENT by OUI..........: %02x%02x%02x (%s)\n", filterouiclient[0], filterouiclient[1], filterouiclient[2], vendor); } if(flagfilterapless == true) fprintf(stdout, "filter by M2..................: requested from client (AP-LESS)\n"); if(flagfilterrcchecked == true) fprintf(stdout, "filter by replaycount.........: checked\n"); if(flagfilterrcnotchecked == true) fprintf(stdout, "filter by replaycount.........: not checked\n"); if(flagfilterauthorized == true) fprintf(stdout, "filter by status..............: authorized (M1M4, M2M3 or M3M4)\n"); if(flagfilterchallenge == true) fprintf(stdout, "filter by status..............: challenge (M1M2)\n"); if(pmkidwrittencount > 0) fprintf(stdout, "PMKID written.................: %ld\n", pmkidwrittencount); if(eapolwrittencount > 0) fprintf(stdout, "EAPOL written.................: %ld\n", eapolwrittencount); if(hccapxwrittencount > 0) fprintf(stdout, "EAPOL written to hccapx.......: %ld\n", hccapxwrittencount); if(hccapwrittencount > 0) fprintf(stdout, "EAPOL written to hccap........: %ld\n", hccapwrittencount); if(johnwrittencount > 0) fprintf(stdout, "EAPOL written to john.........: %ld\n", johnwrittencount); if(essidwrittencount > 0) fprintf(stdout, "ESSID (unique) written........: %ld\n", essidwrittencount); fprintf(stdout, "\n"); return; } /*===========================================================================*/ static void testeapolpmk(hashlist_t *zeiger) { static int keyver; static int p; static wpakey_t *wpak; static uint8_t *pkeptr; static size_t testptklen; static size_t testmiclen; static EVP_MD_CTX *mdctx; static EVP_PKEY *pkey; static uint8_t pkedata[102]; static uint8_t testptk[EVP_MAX_MD_SIZE]; static uint8_t testmic[EVP_MAX_MD_SIZE]; wpak = (wpakey_t*)&zeiger->eapol[EAPAUTH_SIZE]; keyver = ntohs(wpak->keyinfo) & WPA_KEY_INFO_TYPE_MASK; if(keyver == 2) { memset(&pkedata, 0, sizeof(pkedata)); memset(&testptk, 0, sizeof(testptk)); memset(&testmic, 0, sizeof(testptk)); pkeptr = pkedata; memcpy(pkeptr, "Pairwise key expansion", 23); if(memcmp(zeiger->ap, zeiger->client, 6) < 0) { memcpy(pkeptr +23, zeiger->ap, 6); memcpy(pkeptr +29, zeiger->client, 6); } else { memcpy(pkeptr +23, zeiger->client, 6); memcpy(pkeptr +29, zeiger->ap, 6); } if(memcmp(zeiger->nonce, wpak->nonce, 32) < 0) { memcpy (pkeptr +35, zeiger->nonce, 32); memcpy (pkeptr +67, wpak->nonce, 32); } else { memcpy (pkeptr +35, wpak->nonce, 32); memcpy (pkeptr +67, zeiger->nonce, 32); } testptklen = 32; mdctx = EVP_MD_CTX_new(); if(mdctx == 0) return; pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, pmk, 32); if(pkey == NULL) { EVP_MD_CTX_free(mdctx); return; } if(EVP_DigestSignInit(mdctx, NULL, EVP_sha1(), NULL, pkey) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return; } if(EVP_DigestSignUpdate(mdctx, pkedata, 100) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return; } if(EVP_DigestSignFinal(mdctx, testptk, &testptklen) <= 0) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return; } EVP_PKEY_free(pkey); EVP_MD_CTX_reset(mdctx); testmiclen = 16; pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, testptk, 16); if(pkey == NULL) { EVP_MD_CTX_free(mdctx); return; } if(EVP_DigestSignInit(mdctx, NULL, EVP_sha1(), NULL, pkey) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return; } if(EVP_DigestSignUpdate(mdctx, zeiger->eapol, zeiger->eapauthlen) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return; } if(EVP_DigestSignFinal(mdctx, testmic, &testmiclen) <= 0) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return; } EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); if(memcmp(zeiger->hash, &testmic, 16) == 0) { for(p = 0; p < 6; p++) fprintf(stdout, "%02x", zeiger->client[p]); fprintf(stdout, ":"); for(p = 0; p < 6; p++) fprintf(stdout, "%02x", zeiger->ap[p]); if(zeiger->essidlen != 0) { if(ispotfilestring(zeiger->essidlen, (char*)zeiger->essid) == true) fprintf(stdout, ":%.*s", zeiger->essidlen, zeiger->essid); else { fprintf(stdout, ":$HEX["); for(p = 0; p < zeiger->essidlen; p++) fprintf(stdout, "%02x", zeiger->essid[p]); fprintf(stdout, "]"); } } else fprintf(stdout, ":"); fprintf(stdout, ":%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", pmk[0], pmk[1], pmk[2], pmk[3], pmk[4], pmk[5], pmk[6], pmk[7], pmk[8], pmk[9], pmk[10], pmk[11], pmk[12], pmk[13], pmk[14], pmk[15], pmk[16], pmk[17], pmk[18], pmk[19], pmk[20], pmk[21], pmk[22], pmk[23], pmk[24], pmk[25], pmk[26], pmk[27], pmk[28], pmk[29], pmk[30], pmk[31]); if(pskptr != NULL) { if(ispotfilestring(pskptrlen, pskptr) == true) fprintf(stdout, ":%s", pskptr); else { fprintf(stdout, ":$HEX["); for(p = 0; p < pskptrlen; p++) fprintf(stdout, "%02x", pskptr[p]); fprintf(stdout, "]"); } } fprintf(stdout, "\n"); } return; } else if(keyver == 1) { memset(&pkedata, 0, sizeof(pkedata)); memset(&testptk, 0, sizeof(testptk)); memset(&testmic, 0, sizeof(testptk)); pkeptr = pkedata; memcpy(pkeptr, "Pairwise key expansion", 23); if(memcmp(zeiger->ap, zeiger->client, 6) < 0) { memcpy(pkeptr +23, zeiger->ap, 6); memcpy(pkeptr +29, zeiger->client, 6); } else { memcpy(pkeptr +23, zeiger->client, 6); memcpy(pkeptr +29, zeiger->ap, 6); } if(memcmp(zeiger->nonce, wpak->nonce, 32) < 0) { memcpy (pkeptr +35, zeiger->nonce, 32); memcpy (pkeptr +67, wpak->nonce, 32); } else { memcpy (pkeptr +35, wpak->nonce, 32); memcpy (pkeptr +67, zeiger->nonce, 32); } testptklen = 32; mdctx = EVP_MD_CTX_new(); if(mdctx == 0) return; pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, pmk, 32); if(pkey == NULL) { EVP_MD_CTX_free(mdctx); return; } if(EVP_DigestSignInit(mdctx, NULL, EVP_sha1(), NULL, pkey) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return; } if(EVP_DigestSignUpdate(mdctx, pkedata, 100) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return; } if(EVP_DigestSignFinal(mdctx, testptk, &testptklen) <= 0) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return; } EVP_PKEY_free(pkey); EVP_MD_CTX_reset(mdctx); testmiclen = 16; pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, testptk, 16); if(pkey == NULL) { EVP_MD_CTX_free(mdctx); return; } if(EVP_DigestSignInit(mdctx, NULL, EVP_md5(), NULL, pkey) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return; } if(EVP_DigestSignUpdate(mdctx, zeiger->eapol, zeiger->eapauthlen) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return; } if(EVP_DigestSignFinal(mdctx, testmic, &testmiclen) <= 0) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return; } EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); if(memcmp(zeiger->hash, &testmic, 16) == 0) { for(p = 0; p < 6; p++) fprintf(stdout, "%02x", zeiger->client[p]); fprintf(stdout, ":"); for(p = 0; p < 6; p++) fprintf(stdout, "%02x", zeiger->ap[p]); if(zeiger->essidlen != 0) { if(ispotfilestring(zeiger->essidlen, (char*)zeiger->essid) == true) fprintf(stdout, ":%.*s", zeiger->essidlen, zeiger->essid); else { fprintf(stdout, ":$HEX["); for(p = 0; p < zeiger->essidlen; p++) fprintf(stdout, "%02x", zeiger->essid[p]); fprintf(stdout, "]"); } } else fprintf(stdout, ":"); fprintf(stdout, ":%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", pmk[0], pmk[1], pmk[2], pmk[3], pmk[4], pmk[5], pmk[6], pmk[7], pmk[8], pmk[9], pmk[10], pmk[11], pmk[12], pmk[13], pmk[14], pmk[15], pmk[16], pmk[17], pmk[18], pmk[19], pmk[20], pmk[21], pmk[22], pmk[23], pmk[24], pmk[25], pmk[26], pmk[27], pmk[28], pmk[29], pmk[30], pmk[31]); if(pskptr != NULL) { if(ispotfilestring(pskptrlen, pskptr) == true) fprintf(stdout, ":%s", pskptr); else { fprintf(stdout, ":$HEX["); for(p = 0; p < pskptrlen; p++) fprintf(stdout, "%02x", pskptr[p]); fprintf(stdout, "]"); } } fprintf(stdout, "\n"); } return; } else if(keyver == 3) { memset(&pkedata, 0, sizeof(pkedata)); memset(&testptk, 0, sizeof(testptk)); memset(&testmic, 0, sizeof(testptk)); pkedata[0] = 1; pkedata[1] = 0; pkeptr = pkedata +2; memcpy(pkeptr, "Pairwise key expansion", 22); if(memcmp(zeiger->ap, zeiger->client, 6) < 0) { memcpy(pkeptr +22, zeiger->ap, 6); memcpy(pkeptr +28, zeiger->client, 6); } else { memcpy(pkeptr +22, zeiger->client, 6); memcpy(pkeptr +28, zeiger->ap, 6); } if(memcmp(zeiger->nonce, wpak->nonce, 32) < 0) { memcpy (pkeptr +34, zeiger->nonce, 32); memcpy (pkeptr +66, wpak->nonce, 32); } else { memcpy (pkeptr +34, wpak->nonce, 32); memcpy (pkeptr +66, zeiger->nonce, 32); } pkedata[100] = 0x80; pkedata[101] = 1; testptklen = 32; mdctx = EVP_MD_CTX_new(); if(mdctx == 0) return; pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, pmk, 32); if(pkey == NULL) { EVP_MD_CTX_free(mdctx); return; } if(EVP_DigestSignInit(mdctx, NULL, EVP_sha256(), NULL, pkey) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return; } if(EVP_DigestSignUpdate(mdctx, pkedata, 102) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return; } if(EVP_DigestSignFinal(mdctx, testptk, &testptklen) <= 0) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return; } EVP_PKEY_free(pkey); EVP_MD_CTX_reset(mdctx); testmiclen = 16; pkey = EVP_PKEY_new_CMAC_key(NULL, testptk, 16, EVP_aes_128_cbc()); if(pkey == NULL) { EVP_MD_CTX_free(mdctx); return; } if(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, pkey) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return; } if(EVP_DigestSignUpdate(mdctx, zeiger->eapol, zeiger->eapauthlen) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return; } if(EVP_DigestSignFinal(mdctx, testmic, &testmiclen) <= 0) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return; } EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); if(memcmp(zeiger->hash, &testmic, 16) == 0) { for(p = 0; p < 6; p++) fprintf(stdout, "%02x", zeiger->client[p]); fprintf(stdout, ":"); for(p = 0; p < 6; p++) fprintf(stdout, "%02x", zeiger->ap[p]); if(zeiger->essidlen != 0) { if(ispotfilestring(zeiger->essidlen, (char*)zeiger->essid) == true) fprintf(stdout, ":%.*s", zeiger->essidlen, zeiger->essid); else { fprintf(stdout, ":$HEX["); for(p = 0; p < zeiger->essidlen; p++) fprintf(stdout, "%02x", zeiger->essid[p]); fprintf(stdout, "]"); } } else fprintf(stdout, ":"); fprintf(stdout, ":%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", pmk[0], pmk[1], pmk[2], pmk[3], pmk[4], pmk[5], pmk[6], pmk[7], pmk[8], pmk[9], pmk[10], pmk[11], pmk[12], pmk[13], pmk[14], pmk[15], pmk[16], pmk[17], pmk[18], pmk[19], pmk[20], pmk[21], pmk[22], pmk[23], pmk[24], pmk[25], pmk[26], pmk[27], pmk[28], pmk[29], pmk[30], pmk[31]); if(pskptr != NULL) { if(ispotfilestring(pskptrlen, pskptr) == true) fprintf(stdout, ":%s", pskptr); else { fprintf(stdout, ":$HEX["); for(p = 0; p < pskptrlen; p++) fprintf(stdout, "%02x", pskptr[p]); fprintf(stdout, "]"); } } fprintf(stdout, "\n"); } } return; } /*===========================================================================*/ static void testpmkidpmk(hashlist_t *zeiger) { static int p; static size_t testpmkidlen; static EVP_MD_CTX *mdctx; static EVP_PKEY *pkey; static char *pmkname = "PMK Name"; static uint8_t message[32]; static uint8_t testpmkid[EVP_MAX_MD_SIZE]; memcpy(&message, pmkname, 8); memcpy(&message[8], zeiger->ap, 6); memcpy(&message[14], zeiger->client, 6); testpmkidlen = 16; mdctx = EVP_MD_CTX_new(); if(mdctx == 0) return; pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, pmk, 32); if(pkey == NULL) { EVP_MD_CTX_free(mdctx); return; } if(EVP_DigestSignInit(mdctx, NULL, EVP_sha1(), NULL, pkey) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return; } if(EVP_DigestSignUpdate(mdctx, message, 20) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return; } if(EVP_DigestSignFinal(mdctx, testpmkid, &testpmkidlen) <= 0) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return; } EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); if(memcmp(&testpmkid, zeiger->hash, 16) == 0) { for(p = 0; p < 6; p++) fprintf(stdout, "%02x", zeiger->client[p]); fprintf(stdout, ":"); for(p = 0; p < 6; p++) fprintf(stdout, "%02x", zeiger->ap[p]); if(zeiger->essidlen != 0) { if(ispotfilestring(zeiger->essidlen, (char*)zeiger->essid) == true) fprintf(stdout, ":%.*s", zeiger->essidlen, zeiger->essid); else { fprintf(stdout, ":$HEX["); for(p = 0; p < zeiger->essidlen; p++) fprintf(stdout, "%02x", zeiger->essid[p]); fprintf(stdout, "]"); } } else fprintf(stdout, ":"); fprintf(stdout, ":%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", pmk[0], pmk[1], pmk[2], pmk[3], pmk[4], pmk[5], pmk[6], pmk[7], pmk[8], pmk[9], pmk[10], pmk[11], pmk[12], pmk[13], pmk[14], pmk[15], pmk[16], pmk[17], pmk[18], pmk[19], pmk[20], pmk[21], pmk[22], pmk[23], pmk[24], pmk[25], pmk[26], pmk[27], pmk[28], pmk[29], pmk[30], pmk[31]); if(pskptr != NULL) { if(ispotfilestring(pskptrlen, pskptr) == true) fprintf(stdout, ":%s", pskptr); else { fprintf(stdout, ":$HEX["); for(p = 0; p < pskptrlen; p++) fprintf(stdout, "%02x", pskptr[p]); fprintf(stdout, "]"); } } fprintf(stdout, "\n"); } return; } /*===========================================================================*/ static void testhashfilepmk() { static hashlist_t *zeiger; for(zeiger = hashlist; zeiger < hashlist +pmkideapolcount; zeiger++) { if(zeiger->type == HCX_TYPE_PMKID) testpmkidpmk(zeiger); else if (zeiger->type == HCX_TYPE_EAPOL) testeapolpmk(zeiger); } return; } /*===========================================================================*/ static bool dopbkdf2(int psklen, char *psk, int essidlen, uint8_t *essid) { if(PKCS5_PBKDF2_HMAC_SHA1(psk, psklen, essid, essidlen, 4096, 32, pmk) == 0) return false; return true; } /*===========================================================================*/ static void testhashfilepsk() { static hashlist_t *zeiger, *zeigerold; zeigerold = hashlist; if(dopbkdf2(pskptrlen, pskptr, zeigerold->essidlen, zeigerold->essid) == true) { if(zeigerold->type == HCX_TYPE_PMKID) testpmkidpmk(zeigerold); if(zeigerold->type == HCX_TYPE_EAPOL) testeapolpmk(zeigerold); } for(zeiger = hashlist +1; zeiger < hashlist +pmkideapolcount; zeiger++) { if((zeigerold->essidlen == zeiger->essidlen) && (memcmp(zeigerold->essid, zeiger->essid, zeigerold->essidlen) == 0)) { if(zeiger->type == HCX_TYPE_PMKID) testpmkidpmk(zeiger); if(zeiger->type == HCX_TYPE_EAPOL) testeapolpmk(zeiger); } else { if(dopbkdf2(pskptrlen, pskptr, zeiger->essidlen, zeiger->essid) == true) { if(zeiger->type == HCX_TYPE_PMKID) testpmkidpmk(zeiger); if(zeiger->type == HCX_TYPE_EAPOL) testeapolpmk(zeiger); } } zeigerold = zeiger; } return; } /*===========================================================================*/ static bool isoui(uint8_t *macap, uint8_t *macclient) { static ouilist_t *zeiger; for(zeiger = ouilist; zeiger < ouilist +ouicount; zeiger++) { if(((zeiger->type &TYPE_AP) == TYPE_AP) && (memcmp(macap, zeiger->oui, 3) == 0)) return true; if(((zeiger->type &TYPE_CLIENT) == TYPE_CLIENT) && (memcmp(macclient, zeiger->oui, 3) == 0)) return true; } return false; } /*===========================================================================*/ static bool ispartof(int plen, uint8_t *pbuff, int slen, uint8_t *sbuff) { static int p; if(plen > slen) return false; for(p = 0; p <= slen -plen; p++) { if(memcmp(&sbuff[p], pbuff, plen) == 0) return true; } return false; } /*===========================================================================*/ static void hccap2base(unsigned char *in, unsigned char b, FILE *fh_john) { static const char itoa64[64] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; fprintf(fh_john, "%c", (itoa64[in[0] >> 2])); fprintf(fh_john, "%c", (itoa64[((in[0] & 0x03) << 4) | (in[1] >> 4)])); if(b) { fprintf(fh_john, "%c", (itoa64[((in[1] & 0x0f) << 2) | (in[2] >> 6)])); fprintf(fh_john, "%c", (itoa64[in[2] & 0x3f])); } else fprintf(fh_john, "%c", (itoa64[((in[1] & 0x0f) << 2)])); return; } /*===========================================================================*/ static void writejohnrecord(FILE *fh_john, hashlist_t *zeiger) { struct hccap_s { char essid[36]; unsigned char ap[6]; unsigned char client[6]; unsigned char snonce[32]; unsigned char anonce[32]; unsigned char eapol[256]; int eapol_size; int keyver; unsigned char keymic[16]; }; typedef struct hccap_s hccap_t; #define HCCAP_SIZE (sizeof(hccap_t)) static wpakey_t *wpak; static int i; static unsigned char *hcpos; static hccap_t hccap; if(zeiger->type == HCX_TYPE_PMKID) return; if((zeiger->essidlen < essidlenmin) || (zeiger->essidlen > essidlenmax)) return; if(((zeiger->type &hashtype) != HCX_TYPE_PMKID) && ((zeiger->type &hashtype) != HCX_TYPE_EAPOL)) return; if(flagfiltermacap == true) if(memcmp(&filtermacap, zeiger->ap, 6) != 0) return; if(flagfiltermacclient == true) if(memcmp(&filtermacclient, zeiger->client, 6) != 0) return; if(flagfilterouiap == true) if(memcmp(&filterouiap, zeiger->ap, 3) != 0) return; if(flagfilterouiclient == true) if(memcmp(&filterouiclient, zeiger->client, 3) != 0) return; if(filteressidptr != NULL) { if(zeiger->essidlen != filteressidlen) return; if(memcmp(zeiger->essid, filteressidptr, zeiger->essidlen) != 0) return; } if(filteressidpartptr != NULL) { if(ispartof(filteressidpartlen, (uint8_t*)filteressidpartptr, zeiger->essidlen, zeiger->essid) == false) return; } if((filtervendorptr != NULL) || (filtervendorapptr != NULL) || (filtervendorclientptr != NULL)) { if(isoui(zeiger->ap, zeiger->client) == false) return; } if((flagfilterapless == true) && ((zeiger->mp &0x10) != 0x10)) return; if((flagfilterrcchecked == true) && ((zeiger->mp &0x80) == 0x80)) return; if((flagfilterrcnotchecked == true) && ((zeiger->mp &0x80) != 0x80)) return; if((flagfilterauthorized == true) && ((zeiger->mp &0x07) == 0x00)) return; if((flagfilterchallenge == true) && ((zeiger->mp &0x07) != 0x01)) return; wpak = (wpakey_t*)(zeiger->eapol +EAPAUTH_SIZE); memset(&hccap, 0, sizeof(hccap_t)); memcpy(&hccap.essid, zeiger->essid, zeiger->essidlen); memcpy(&hccap.ap, zeiger->ap, 6); memcpy(&hccap.client, zeiger->client, 6); memcpy(&hccap.anonce, zeiger->nonce, 32); memcpy(&hccap.snonce, wpak->nonce, 32); memcpy(&hccap.keymic, zeiger->hash, 16); hccap.keyver = ntohs(wpak->keyinfo) & WPA_KEY_INFO_TYPE_MASK; hccap.eapol_size = zeiger->eapauthlen; memcpy(&hccap.eapol, zeiger->eapol, zeiger->eapauthlen); #ifdef BIG_ENDIAN_HOST hccap.eapol_size = byte_swap_16(hccap.eapol_size); #endif fprintf(fh_john, "%.*s:$WPAPSK$%.*s#", zeiger->essidlen, zeiger->essid, zeiger->essidlen, zeiger->essid); hcpos = (unsigned char*)&hccap; for (i = 36; i + 3 < (int)HCCAP_SIZE; i += 3) hccap2base(&hcpos[i], 1, fh_john); hccap2base(&hcpos[i], 0, fh_john); fprintf(fh_john, ":%02x-%02x-%02x-%02x-%02x-%02x:%02x-%02x-%02x-%02x-%02x-%02x:%02x%02x%02x%02x%02x%02x", zeiger->client[0], zeiger->client[1], zeiger->client[2], zeiger->client[3], zeiger->client[4], zeiger->client[5], zeiger->ap[0], zeiger->ap[1], zeiger->ap[2], zeiger->ap[3], zeiger->ap[4], zeiger->ap[5], zeiger->ap[0], zeiger->ap[1], zeiger->ap[2], zeiger->ap[3], zeiger->ap[4], zeiger->ap[5]); if(hccap.keyver == 1) fprintf(fh_john, "::WPA"); else fprintf(fh_john, "::WPA2"); if((zeiger->mp &0x7) == 0) fprintf(fh_john, ":not verified"); else fprintf(fh_john, ":verified"); fprintf(fh_john, ":converted by hcxhastool\n"); johnwrittencount++; return; } /*===========================================================================*/ static void writejohnfile(char *johnoutname) { static FILE *fh_john; static hashlist_t *zeiger; static struct stat statinfo; if(johnoutname != NULL) { if((fh_john = fopen(johnoutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", johnoutname, strerror(errno)); return; } } for(zeiger = hashlist; zeiger < hashlist +pmkideapolcount; zeiger++) writejohnrecord(fh_john, zeiger); if(fh_john != NULL) fclose(fh_john); if(johnoutname != NULL) { if(stat(johnoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(johnoutname); } } return; } /*===========================================================================*/ static void writehccaprecord(FILE *fh_hccap, hashlist_t *zeiger) { struct hccap_s { char essid[36]; unsigned char ap[6]; unsigned char client[6]; unsigned char snonce[32]; unsigned char anonce[32]; unsigned char eapol[256]; int eapol_size; int keyver; unsigned char keymic[16]; }; typedef struct hccap_s hccap_t; #define HCCAP_SIZE (sizeof(hccap_t)) static wpakey_t *wpak; static hccap_t hccap; if(zeiger->type == HCX_TYPE_PMKID) return; if((zeiger->essidlen < essidlenmin) || (zeiger->essidlen > essidlenmax)) return; if(((zeiger->type &hashtype) != HCX_TYPE_PMKID) && ((zeiger->type &hashtype) != HCX_TYPE_EAPOL)) return; if(flagfiltermacap == true) if(memcmp(&filtermacap, zeiger->ap, 6) != 0) return; if(flagfiltermacclient == true) if(memcmp(&filtermacclient, zeiger->client, 6) != 0) return; if(flagfilterouiap == true) if(memcmp(&filterouiap, zeiger->ap, 3) != 0) return; if(flagfilterouiclient == true) if(memcmp(&filterouiclient, zeiger->client, 3) != 0) return; if(filteressidptr != NULL) { if(zeiger->essidlen != filteressidlen) return; if(memcmp(zeiger->essid, filteressidptr, zeiger->essidlen) != 0) return; } if(filteressidpartptr != NULL) { if(ispartof(filteressidpartlen, (uint8_t*)filteressidpartptr, zeiger->essidlen, zeiger->essid) == false) return; } if((filtervendorptr != NULL) || (filtervendorapptr != NULL) || (filtervendorclientptr != NULL)) { if(isoui(zeiger->ap, zeiger->client) == false) return; } if((flagfilterapless == true) && ((zeiger->mp &0x10) != 0x10)) return; if((flagfilterrcchecked == true) && ((zeiger->mp &0x80) == 0x80)) return; if((flagfilterrcnotchecked == true) && ((zeiger->mp &0x80) != 0x80)) return; if((flagfilterauthorized == true) && ((zeiger->mp &0x07) == 0x00)) return; if((flagfilterchallenge == true) && ((zeiger->mp &0x07) != 0x01)) return; wpak = (wpakey_t*)(zeiger->eapol +EAPAUTH_SIZE); memset(&hccap, 0, sizeof(hccap_t)); memcpy(&hccap.essid, zeiger->essid, zeiger->essidlen); memcpy(&hccap.ap, zeiger->ap, 6); memcpy(&hccap.client, zeiger->client, 6); memcpy(&hccap.anonce, zeiger->nonce, 32); memcpy(&hccap.snonce, wpak->nonce, 32); memcpy(&hccap.keymic, zeiger->hash, 16); hccap.keyver = ntohs(wpak->keyinfo) & WPA_KEY_INFO_TYPE_MASK; hccap.eapol_size = zeiger->eapauthlen; memcpy(&hccap.eapol, zeiger->eapol, zeiger->eapauthlen); #ifdef BIG_ENDIAN_HOST hccap.eapol_size = byte_swap_16(hccap.eapol_size); #endif fwrite(&hccap, HCCAP_SIZE, 1, fh_hccap); hccapwrittencount++; return; } /*===========================================================================*/ static void writehccapsinglefile() { static int c; static FILE *fh_hccap; static hashlist_t *zeiger; static struct stat statinfo; static char groupoutname[PATH_MAX]; for(zeiger = hashlist; zeiger < hashlist +pmkideapolcount; zeiger++) { c = 0; do { snprintf(groupoutname, PATH_MAX -1, "%02x%02x%02x%02x%02x%02x-%04d.hccap", zeiger->ap[0], zeiger->ap[1], zeiger->ap[2], zeiger->ap[3], zeiger->ap[4], zeiger->ap[5], c); c++; } while (stat(groupoutname, &statinfo) == 0); if((fh_hccap = fopen(groupoutname, "a")) == NULL) continue; writehccaprecord(fh_hccap, zeiger); if(fh_hccap != NULL) fclose(fh_hccap); if(stat(groupoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(groupoutname); } } return; } /*===========================================================================*/ static void writehccapfile(char *hccapoutname) { static FILE *fh_hccap; static hashlist_t *zeiger; static struct stat statinfo; if(hccapoutname != NULL) { if((fh_hccap = fopen(hccapoutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", hccapoutname, strerror(errno)); return; } } for(zeiger = hashlist; zeiger < hashlist +pmkideapolcount; zeiger++) writehccaprecord(fh_hccap, zeiger); if(fh_hccap != NULL) fclose(fh_hccap); if(hccapoutname != NULL) { if(stat(hccapoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(hccapoutname); } } return; } /*===========================================================================*/ static void writehccapxrecord(FILE *fh_hccapx, hashlist_t *zeiger) { struct hccapx_s { uint32_t signature; #define HCCAPX_SIGNATURE 0x58504348 uint32_t version; #define HCCAPX_VERSION 4 uint8_t message_pair; uint8_t essid_len; uint8_t essid[32]; uint8_t keyver; uint8_t keymic[16]; uint8_t ap[6]; uint8_t anonce[32]; uint8_t client[6]; uint8_t snonce[32]; uint16_t eapol_len; uint8_t eapol[256]; } __attribute__((packed)); typedef struct hccapx_s hccapx_t; #define HCCAPX_SIZE (sizeof(hccapx_t)) static wpakey_t *wpak; static hccapx_t hccapx; if(zeiger->type == HCX_TYPE_PMKID) return; if((zeiger->essidlen < essidlenmin) || (zeiger->essidlen > essidlenmax)) return; if(((zeiger->type &hashtype) != HCX_TYPE_PMKID) && ((zeiger->type &hashtype) != HCX_TYPE_EAPOL)) return; if(flagfiltermacap == true) if(memcmp(&filtermacap, zeiger->ap, 6) != 0) return; if(flagfiltermacclient == true) if(memcmp(&filtermacclient, zeiger->client, 6) != 0) return; if(flagfilterouiap == true) if(memcmp(&filterouiap, zeiger->ap, 3) != 0) return; if(flagfilterouiclient == true) if(memcmp(&filterouiclient, zeiger->client, 3) != 0) return; if(filteressidptr != NULL) { if(zeiger->essidlen != filteressidlen) return; if(memcmp(zeiger->essid, filteressidptr, zeiger->essidlen) != 0) return; } if(filteressidpartptr != NULL) { if(ispartof(filteressidpartlen, (uint8_t*)filteressidpartptr, zeiger->essidlen, zeiger->essid) == false) return; } if((filtervendorptr != NULL) || (filtervendorapptr != NULL) || (filtervendorclientptr != NULL)) { if(isoui(zeiger->ap, zeiger->client) == false) return; } if((flagfilterapless == true) && ((zeiger->mp &0x10) != 0x10)) return; if((flagfilterrcchecked == true) && ((zeiger->mp &0x80) == 0x80)) return; if((flagfilterrcnotchecked == true) && ((zeiger->mp &0x80) != 0x80)) return; if((flagfilterauthorized == true) && ((zeiger->mp &0x07) == 0x00)) return; if((flagfilterchallenge == true) && ((zeiger->mp &0x07) != 0x01)) return; wpak = (wpakey_t*)(zeiger->eapol +EAPAUTH_SIZE); memset (&hccapx, 0, sizeof(hccapx_t)); hccapx.signature = HCCAPX_SIGNATURE; hccapx.version = HCCAPX_VERSION; hccapx.message_pair = zeiger->mp; hccapx.essid_len = zeiger->essidlen; memcpy(&hccapx.essid, zeiger->essid, zeiger->essidlen); memcpy(&hccapx.ap, zeiger->ap, 6); memcpy(&hccapx.client, zeiger->client, 6); memcpy(&hccapx.anonce, zeiger->nonce, 32); memcpy(&hccapx.snonce, wpak->nonce, 32); hccapx.eapol_len = zeiger->eapauthlen; memcpy(&hccapx.eapol, zeiger->eapol, zeiger->eapauthlen); hccapx.keyver = ntohs(wpak->keyinfo) & WPA_KEY_INFO_TYPE_MASK; memcpy(&hccapx.keymic, zeiger->hash, 16); #ifdef BIG_ENDIAN_HOST hccapx.signature = byte_swap_32(hccapx.signature); hccapx.version = byte_swap_32(hccapx.version); hccapx.eapol_len = byte_swap_16(hccapx.eapol_len); #endif fwrite (&hccapx, sizeof(hccapx_t), 1, fh_hccapx); hccapxwrittencount++; return; } /*===========================================================================*/ static void writehccapxfile(char *hccapxoutname) { static FILE *fh_hccapx; static hashlist_t *zeiger; static struct stat statinfo; if(hccapxoutname != NULL) { if((fh_hccapx = fopen(hccapxoutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", hccapxoutname, strerror(errno)); return; } } for(zeiger = hashlist; zeiger < hashlist +pmkideapolcount; zeiger++) writehccapxrecord(fh_hccapx, zeiger); if(fh_hccapx != NULL) fclose(fh_hccapx); if(hccapxoutname != NULL) { if(stat(hccapxoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(hccapxoutname); } } return; } /*===========================================================================*/ static void processessid(char *essidoutname) { static long int pc; static hashlist_t *zeiger, *zeigerold; static FILE *fh_essid; static struct stat statinfo; if((fh_essid = fopen(essidoutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", essidoutname, strerror(errno)); return; } zeigerold = NULL; qsort(hashlist, pmkideapolcount, HASHLIST_SIZE, sort_hashlist_by_essid); for(pc = 0; pc < pmkideapolcount; pc++) { zeiger = hashlist +pc; if(zeigerold != NULL) { if(memcmp(zeiger->essid, zeigerold->essid, ESSID_LEN_MAX) == 0) continue; } fwriteessidstr(zeiger->essidlen, zeiger->essid, fh_essid); essidwrittencount++; zeigerold = zeiger; } fclose(fh_essid); if(stat(essidoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(essidoutname); } return; } /*===========================================================================*/ static void writepmkideapolhashline(FILE *fh_pmkideapol, hashlist_t *zeiger) { static int p; if((zeiger->essidlen < essidlenmin) || (zeiger->essidlen > essidlenmax)) return; if(((zeiger->type &hashtype) != HCX_TYPE_PMKID) && ((zeiger->type &hashtype) != HCX_TYPE_EAPOL)) return; if(flagfiltermacap == true) if(memcmp(&filtermacap, zeiger->ap, 6) != 0) return; if(flagfiltermacclient == true) if(memcmp(&filtermacclient, zeiger->client, 6) != 0) return; if(flagfilterouiap == true) if(memcmp(&filterouiap, zeiger->ap, 3) != 0) return; if(flagfilterouiclient == true) if(memcmp(&filterouiclient, zeiger->client, 3) != 0) return; if(filteressidptr != NULL) { if(zeiger->essidlen != filteressidlen) return; if(memcmp(zeiger->essid, filteressidptr, zeiger->essidlen) != 0) return; } if(filteressidpartptr != NULL) { if(ispartof(filteressidpartlen, (uint8_t*)filteressidpartptr, zeiger->essidlen, zeiger->essid) == false) return; } if((filtervendorptr != NULL) || (filtervendorapptr != NULL) || (filtervendorclientptr != NULL)) { if(isoui(zeiger->ap, zeiger->client) == false) return; } if((flagfilterapless == true) && ((zeiger->mp &0x10) != 0x10)) return; if((flagfilterrcchecked == true) && ((zeiger->mp &0x80) == 0x80)) return; if((flagfilterrcnotchecked == true) && ((zeiger->mp &0x80) != 0x80)) return; if((flagfilterauthorized == true) && ((zeiger->mp &0x07) == 0x00)) return; if((flagfilterchallenge == true) && ((zeiger->mp &0x07) != 0x01)) return; if(zeiger->type == HCX_TYPE_PMKID) { fprintf(fh_pmkideapol, "WPA*%02d*%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x*", zeiger->type, zeiger->hash[0], zeiger->hash[1], zeiger->hash[2], zeiger->hash[3], zeiger->hash[4], zeiger->hash[5], zeiger->hash[6], zeiger->hash[7], zeiger->hash[8], zeiger->hash[9], zeiger->hash[10], zeiger->hash[11], zeiger->hash[12], zeiger->hash[13], zeiger->hash[14], zeiger->hash[15], zeiger->ap[0], zeiger->ap[1], zeiger->ap[2], zeiger->ap[3], zeiger->ap[4], zeiger->ap[5], zeiger->client[0], zeiger->client[1], zeiger->client[2], zeiger->client[3], zeiger->client[4], zeiger->client[5]); for(p = 0; p < zeiger->essidlen; p++) fprintf(fh_pmkideapol, "%02x", zeiger->essid[p]); fprintf(fh_pmkideapol, "***\n"); pmkidwrittencount++; return; } if(zeiger->type == HCX_TYPE_EAPOL) { fprintf(fh_pmkideapol, "WPA*%02d*%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x*", zeiger->type, zeiger->hash[0], zeiger->hash[1], zeiger->hash[2], zeiger->hash[3], zeiger->hash[4], zeiger->hash[5], zeiger->hash[6], zeiger->hash[7], zeiger->hash[8], zeiger->hash[9], zeiger->hash[10], zeiger->hash[11], zeiger->hash[12], zeiger->hash[13], zeiger->hash[14], zeiger->hash[15], zeiger->ap[0], zeiger->ap[1], zeiger->ap[2], zeiger->ap[3], zeiger->ap[4], zeiger->ap[5], zeiger->client[0], zeiger->client[1], zeiger->client[2], zeiger->client[3], zeiger->client[4], zeiger->client[5]); for(p = 0; p < zeiger->essidlen; p++) fprintf(fh_pmkideapol, "%02x", zeiger->essid[p]); fprintf(fh_pmkideapol, "*"); fprintf(fh_pmkideapol, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x*", zeiger->nonce[0], zeiger->nonce[1], zeiger->nonce[2], zeiger->nonce[3], zeiger->nonce[4], zeiger->nonce[5], zeiger->nonce[6], zeiger->nonce[7], zeiger->nonce[8], zeiger->nonce[9], zeiger->nonce[10], zeiger->nonce[11], zeiger->nonce[12], zeiger->nonce[13], zeiger->nonce[14], zeiger->nonce[15], zeiger->nonce[16], zeiger->nonce[17], zeiger->nonce[18], zeiger->nonce[19], zeiger->nonce[20], zeiger->nonce[21], zeiger->nonce[22], zeiger->nonce[23], zeiger->nonce[24], zeiger->nonce[25], zeiger->nonce[26], zeiger->nonce[27], zeiger->nonce[28], zeiger->nonce[29], zeiger->nonce[30], zeiger->nonce[31]); for(p = 0; p < zeiger->eapauthlen; p++) fprintf(fh_pmkideapol, "%02x", zeiger->eapol[p]); fprintf(fh_pmkideapol, "*%02x\n", zeiger->mp); eapolwrittencount++; } return; } /*===========================================================================*/ static void writeeapolpmkidessidgroups() { static int cei; static int ceo; static hashlist_t *zeiger; static FILE *fh_pmkideapol; static struct stat statinfo; static const char digit[16] = {'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'}; static char groupoutname[PATH_MAX]; qsort(hashlist, pmkideapolcount, HASHLIST_SIZE, sort_hashlist_by_essid); for(zeiger = hashlist; zeiger < hashlist +pmkideapolcount; zeiger++) { groupoutname[0] = 0; if((zeiger->essidlen < essidlenmin) || (zeiger->essidlen > essidlenmax)) continue; if(((zeiger->type &hashtype) != HCX_TYPE_PMKID) && ((zeiger->type &hashtype) != HCX_TYPE_EAPOL)) continue; ceo = 0; for (cei = 0; cei < zeiger->essidlen; cei++) { groupoutname[ceo] = digit[(zeiger->essid[cei] & 0xff) >> 4]; ceo++; groupoutname[ceo] = digit[zeiger->essid[cei] & 0x0f]; ceo++; } groupoutname[ceo] = 0; strcat(&groupoutname[ceo], ".22000"); if((fh_pmkideapol = fopen(groupoutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", groupoutname, strerror(errno)); return; } writepmkideapolhashline(fh_pmkideapol, zeiger); if(fh_pmkideapol != NULL) fclose(fh_pmkideapol); if(groupoutname[0] != 0) { if(stat(groupoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(groupoutname); } } } return; } /*===========================================================================*/ static void writeeapolpmkidouigroups() { static hashlist_t *zeiger; static FILE *fh_pmkideapol; static struct stat statinfo; static char groupoutname[PATH_MAX]; qsort(hashlist, pmkideapolcount, HASHLIST_SIZE, sort_hashlist_by_essid); for(zeiger = hashlist; zeiger < hashlist +pmkideapolcount; zeiger++) { snprintf(groupoutname, PATH_MAX -1, "%02x%02x%02x.22000", zeiger->ap[0], zeiger->ap[1], zeiger->ap[2]); if((fh_pmkideapol = fopen(groupoutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", groupoutname, strerror(errno)); return; } writepmkideapolhashline(fh_pmkideapol, zeiger); if(fh_pmkideapol != NULL) fclose(fh_pmkideapol); if(groupoutname[0] != 0) { if(stat(groupoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(groupoutname); } } } return; } /*===========================================================================*/ static void writeeapolpmkidmacapgroups() { static hashlist_t *zeiger; static FILE *fh_pmkideapol; static struct stat statinfo; static char groupoutname[PATH_MAX]; qsort(hashlist, pmkideapolcount, HASHLIST_SIZE, sort_hashlist_by_essid); for(zeiger = hashlist; zeiger < hashlist +pmkideapolcount; zeiger++) { snprintf(groupoutname, PATH_MAX -1, "%02x%02x%02x%02x%02x%02x.22000", zeiger->ap[0], zeiger->ap[1], zeiger->ap[2], zeiger->ap[3], zeiger->ap[4], zeiger->ap[5]); if((fh_pmkideapol = fopen(groupoutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", groupoutname, strerror(errno)); return; } writepmkideapolhashline(fh_pmkideapol, zeiger); if(fh_pmkideapol != NULL) fclose(fh_pmkideapol); if(groupoutname[0] != 0) { if(stat(groupoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(groupoutname); } } } return; } /*===========================================================================*/ static void writeeapolpmkidmacclientgroups() { static hashlist_t *zeiger; static FILE *fh_pmkideapol; static struct stat statinfo; static char groupoutname[PATH_MAX]; qsort(hashlist, pmkideapolcount, HASHLIST_SIZE, sort_hashlist_by_essid); for(zeiger = hashlist; zeiger < hashlist +pmkideapolcount; zeiger++) { snprintf(groupoutname, PATH_MAX -1, "%02x%02x%02x%02x%02x%02x.22000", zeiger->client[0], zeiger->client[1], zeiger->client[2], zeiger->client[3], zeiger->client[4], zeiger->client[5]); if((fh_pmkideapol = fopen(groupoutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", groupoutname, strerror(errno)); return; } writepmkideapolhashline(fh_pmkideapol, zeiger); if(fh_pmkideapol != NULL) fclose(fh_pmkideapol); if(groupoutname[0] != 0) { if(stat(groupoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(groupoutname); } } } return; } /*===========================================================================*/ static void writelceapolpmkidfile(char *pmkideapoloutname, long int lcmin, long int lcmax) { static long int lc; static FILE *fh_pmkideapol; static hashlist_t *zeiger; static hashlist_t *zeiger2; static hashlist_t *zeigerbegin; static hashlist_t *zeigerend; static struct stat statinfo; if(lcmax == 0) lcmax = pmkideapolcount; if(lcmin > lcmax) return; if(pmkideapoloutname != NULL) { if((fh_pmkideapol = fopen(pmkideapoloutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", pmkideapoloutname, strerror(errno)); return; } } qsort(hashlist, pmkideapolcount, HASHLIST_SIZE, sort_hashlist_by_essid); zeigerbegin = hashlist; lc = 0; for(zeiger = hashlist +1; zeiger < hashlist +pmkideapolcount; zeiger++) { if(memcmp(zeigerbegin->essid, zeiger->essid, ESSID_LEN_MAX) == 0) { zeigerend = zeiger; lc++; } else { if(((zeigerend -zeigerbegin) >= lcmin) && ((zeigerend -zeigerbegin) <= lcmax)) { for(zeiger2 = zeigerbegin; zeiger2 <= zeigerend; zeiger2++) writepmkideapolhashline(fh_pmkideapol, zeiger2); } lc = 0; zeigerbegin = zeiger; } } if(fh_pmkideapol != NULL) fclose(fh_pmkideapol); if(pmkideapoloutname != NULL) { if(stat(pmkideapoloutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(pmkideapoloutname); } } return; } /*===========================================================================*/ static void writeeapolpmkidfile(char *pmkideapoloutname) { static FILE *fh_pmkideapol; static hashlist_t *zeiger; static struct stat statinfo; if(pmkideapoloutname != NULL) { if((fh_pmkideapol = fopen(pmkideapoloutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", pmkideapoloutname, strerror(errno)); return; } } for(zeiger = hashlist; zeiger < hashlist +pmkideapolcount; zeiger++) writepmkideapolhashline(fh_pmkideapol, zeiger); if(fh_pmkideapol != NULL) fclose(fh_pmkideapol); if(pmkideapoloutname != NULL) { if(stat(pmkideapoloutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(pmkideapoloutname); } } return; } /*===========================================================================*/ static void writepmkideapolhashlineinfo(FILE *fh_pmkideapol, hashlist_t *zeiger) { static eapauth_t *eapa; static wpakey_t *wpak; static uint8_t keyver; static uint64_t rc; static char *vendor; if((zeiger->essidlen < essidlenmin) || (zeiger->essidlen > essidlenmax)) return; if(((zeiger->type &hashtype) != HCX_TYPE_PMKID) && ((zeiger->type &hashtype) != HCX_TYPE_EAPOL)) return; if(flagfiltermacap == true) if(memcmp(&filtermacap, zeiger->ap, 6) != 0) return; if(flagfiltermacclient == true) if(memcmp(&filtermacclient, zeiger->client, 6) != 0) return; if(flagfilterouiap == true) if(memcmp(&filterouiap, zeiger->ap, 3) != 0) return; if(flagfilterouiclient == true) if(memcmp(&filterouiclient, zeiger->client, 3) != 0) return; if(filteressidptr != NULL) { if(zeiger->essidlen != filteressidlen) return; if(memcmp(zeiger->essid, filteressidptr, zeiger->essidlen) != 0) return; } if(filteressidpartptr != NULL) { if(ispartof(filteressidpartlen, (uint8_t*)filteressidpartptr, zeiger->essidlen, zeiger->essid) == false) return; } if((filtervendorptr != NULL) || (filtervendorapptr != NULL) || (filtervendorclientptr != NULL)) { if(isoui(zeiger->ap, zeiger->client) == false) return; } if((flagfilterapless == true) && ((zeiger->mp &0x10) != 0x10)) return; if((flagfilterrcchecked == true) && ((zeiger->mp &0x80) == 0x80)) return; if((flagfilterrcnotchecked == true) && ((zeiger->mp &0x80) != 0x80)) return; if((flagfilterauthorized == true) && ((zeiger->mp &0x07) == 0x00)) return; if((flagfilterchallenge == true) && ((zeiger->mp &0x07) != 0x01)) return; fprintf(fh_pmkideapol, "SSID.......: %.*s\n", zeiger->essidlen, zeiger->essid); vendor = getvendor(zeiger->ap); fprintf(fh_pmkideapol, "MAC_AP.....: %02x%02x%02x%02x%02x%02x (%s)\n", zeiger->ap[0], zeiger->ap[1], zeiger->ap[2], zeiger->ap[3], zeiger->ap[4], zeiger->ap[5], vendor); vendor = getvendor(zeiger->client); fprintf(fh_pmkideapol, "MAC_CLIENT.: %02x%02x%02x%02x%02x%02x (%s)\n", zeiger->client[0], zeiger->client[1], zeiger->client[2], zeiger->client[3], zeiger->client[4], zeiger->client[5], vendor); if(zeiger->type == HCX_TYPE_PMKID) { fprintf(fh_pmkideapol, "PMKID......: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n", zeiger->hash[0], zeiger->hash[1], zeiger->hash[2], zeiger->hash[3], zeiger->hash[4], zeiger->hash[5], zeiger->hash[6], zeiger->hash[7], zeiger->hash[8], zeiger->hash[9], zeiger->hash[10], zeiger->hash[11], zeiger->hash[12], zeiger->hash[13], zeiger->hash[14], zeiger->hash[15]); } if(zeiger->type == HCX_TYPE_EAPOL) { eapa = (eapauth_t*)zeiger->eapol; wpak = (wpakey_t*)&zeiger->eapol[EAPAUTH_SIZE]; if(eapa->version == 1) fprintf(fh_pmkideapol, "VERSION....: 802.1X-2001 (1)\n"); if(eapa->version == 2) fprintf(fh_pmkideapol, "VERSION....: 802.1X-2004 (2)\n"); keyver = ntohs(wpak->keyinfo) & WPA_KEY_INFO_TYPE_MASK; if(keyver == 1) fprintf(fh_pmkideapol, "KEY VERSION: WPA1\n"); if(keyver == 2) fprintf(fh_pmkideapol, "KEY VERSION: WPA2\n"); if(keyver == 3) fprintf(fh_pmkideapol, "KEY VERSION: WPA2 key version 3\n"); #ifndef BIG_ENDIAN_HOST rc = byte_swap_64(wpak->replaycount); #else rc = wpak->replaycount; #endif fprintf(fh_pmkideapol, "REPLAYCOUNT: %" PRIu64 "\n", rc); if((zeiger->mp & 0x10) == 0x10) fprintf(fh_pmkideapol, "RC INFO....: ROGUE attack / NC not required\n"); else if((zeiger->mp & 0x80) == 0x00) fprintf(fh_pmkideapol, "RC INFO....: NC not required\n"); else if((zeiger->mp & 0x80) == 0x80) fprintf(fh_pmkideapol, "RC INFO....: NC suggested\n"); if((zeiger->mp & 0xe0) == 0x20) fprintf(fh_pmkideapol, "RC INFO....: little endian router / NC LE suggested\n"); if((zeiger->mp & 0xe0) == 0x40) fprintf(fh_pmkideapol, "RC INFO....: big endian router / NC BE suggested\n"); if((zeiger->mp & 0x07) == 0x00) fprintf(fh_pmkideapol, "MP M1M2 E2.: challenge\n"); if((zeiger->mp & 0x07) == 0x01) fprintf(fh_pmkideapol, "MP M1M4 E4.: authorized\n"); if((zeiger->mp & 0x07) == 0x02) fprintf(fh_pmkideapol, "MP M2M3 E2.: authorized\n"); if((zeiger->mp & 0x07) == 0x03) fprintf(fh_pmkideapol, "MP M2M3 E3.: authorized\n"); if((zeiger->mp & 0x07) == 0x04) fprintf(fh_pmkideapol, "MP M3M4 E3.: authorized\n"); if((zeiger->mp & 0x07) == 0x05) fprintf(fh_pmkideapol, "MP M3M4 E4.: authorized\n"); fprintf(fh_pmkideapol, "MIC........: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n", zeiger->hash[0], zeiger->hash[1], zeiger->hash[2], zeiger->hash[3], zeiger->hash[4], zeiger->hash[5], zeiger->hash[6], zeiger->hash[7], zeiger->hash[8], zeiger->hash[9], zeiger->hash[10], zeiger->hash[11], zeiger->hash[12], zeiger->hash[13], zeiger->hash[14], zeiger->hash[15]); } fprintf(fh_pmkideapol, "HASHLINE...: "); writepmkideapolhashline(fh_pmkideapol, zeiger); fprintf(fh_pmkideapol, "\n"); return; } /*===========================================================================*/ static void writevendorapinfofile(char *vendorinfooutname) { static char *vendor; static hashlist_t *zeiger; static FILE *fh_info; qsort(hashlist, pmkideapolcount, HASHLIST_SIZE, sort_hashlist_by_macap); if(strcmp(vendorinfooutname, "stdout") != 0) { if((fh_info = fopen(vendorinfooutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", vendorinfooutname, strerror(errno)); return; } vendor = getvendor(hashlist->ap); fprintf(fh_info, "%02x%02x%02x\t%s\t[ACCESS POINT]\n", hashlist->ap[0], hashlist->ap[1], hashlist->ap[2], vendor); for(zeiger = hashlist +1; zeiger < hashlist +pmkideapolcount; zeiger++) { if(memcmp((zeiger -1)->ap, zeiger->ap, 3) != 0) { vendor = getvendor(zeiger->ap); fprintf(fh_info, "%02x%02x%02x\t%s\t[ACCESS POINT]\n", zeiger->ap[0], zeiger->ap[1], zeiger->ap[2], vendor); } } fclose(fh_info); } else { vendor = getvendor(hashlist->ap); fprintf(stdout, "%02x%02x%02x\t%s\t[ACCESS POINT]\n", hashlist->ap[0], hashlist->ap[1], hashlist->ap[2], vendor); for(zeiger = hashlist +1; zeiger < hashlist +pmkideapolcount; zeiger++) { if(memcmp((zeiger -1)->ap, zeiger->ap, 3) != 0) { vendor = getvendor(zeiger->ap); fprintf(stdout, "%02x%02x%02x\t%s\t[ACCESS POINT]\n", zeiger->ap[0], zeiger->ap[1], zeiger->ap[2], vendor); } } } return; } /*===========================================================================*/ static void writevendorclientinfofile(char *vendorinfooutname) { static char *vendor; static hashlist_t *zeiger; static FILE *fh_info; qsort(hashlist, pmkideapolcount, HASHLIST_SIZE, sort_hashlist_by_macclient); if(strcmp(vendorinfooutname, "stdout") != 0) { if((fh_info = fopen(vendorinfooutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", vendorinfooutname, strerror(errno)); return; } vendor = getvendor(hashlist->client); fprintf(fh_info, "%02x%02x%02x\t%s\t[CLIENT]\n", hashlist->client[0], hashlist->client[1], hashlist->client[2], vendor); for(zeiger = hashlist +1; zeiger < hashlist +pmkideapolcount; zeiger++) { if(memcmp((zeiger -1)->client, zeiger->client, 3) != 0) { vendor = getvendor(zeiger->client); fprintf(fh_info, "%02x%02x%02x\t%s\t[CLIENT]\n", zeiger->client[0], zeiger->client[1], zeiger->client[2], vendor); } } fclose(fh_info); } else { vendor = getvendor(hashlist->ap); fprintf(stdout, "%02x%02x%02x\t%s\t[CLIENT]\n", hashlist->ap[0], hashlist->ap[1], hashlist->ap[2], vendor); for(zeiger = hashlist +1; zeiger < hashlist +pmkideapolcount; zeiger++) { if(memcmp((zeiger -1)->ap, zeiger->ap, 3) != 0) { vendor = getvendor(zeiger->ap); fprintf(stdout, "%02x%02x%02x\t%s\t[CLIENT]\n", zeiger->ap[0], zeiger->ap[1], zeiger->ap[2], vendor); } } } return; } /*===========================================================================*/ static void writeinfofile(char *infooutname) { static hashlist_t *zeiger; static FILE *fh_info; if(strcmp(infooutname, "stdout") != 0) { if((fh_info = fopen(infooutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", infooutname, strerror(errno)); return; } for(zeiger = hashlist; zeiger < hashlist +pmkideapolcount; zeiger++) writepmkideapolhashlineinfo(fh_info, zeiger); fclose(fh_info); } else { for(zeiger = hashlist; zeiger < hashlist +pmkideapolcount; zeiger++) writepmkideapolhashlineinfo(stdout, zeiger); } return; } /*===========================================================================*/ static uint16_t getfield(char *lineptr, size_t bufflen, uint8_t *buff) { static size_t p; static uint8_t idx0; static uint8_t idx1; static const uint8_t hashmap[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, // 01234567 0x08, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 89:;<=>? 0x00, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00, // @ABCDEFG 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // HIJKLMNO 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // PQRSTUVW 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // XYZ[\]^_ 0x00, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00, // `abcdefg 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // hijklmno }; memset(buff, 0, bufflen); p = 0; while((lineptr[p] != '*') && (lineptr[p] != 0) && (p /2 <= bufflen)) { if(!isxdigit((unsigned char)lineptr[p +0])) return 0; if(!isxdigit((unsigned char)lineptr[p +1])) return 0; if((lineptr[p +1] == '*') && (lineptr[p +1] == 0)) return 0; idx0 = ((uint8_t)lineptr[p +0] &0x1F) ^0x10; idx1 = ((uint8_t)lineptr[p +1] &0x1F) ^0x10; buff[p /2] = (uint8_t)(hashmap[idx0] <<4) | hashmap[idx1]; p += 2; } return p /2; } /*===========================================================================*/ static size_t chop(char *buffer, size_t len) { static char *ptr; ptr = buffer +len -1; while(len) { if (*ptr != '\n') break; *ptr-- = 0; len--; } while(len) { if (*ptr != '\r') break; *ptr-- = 0; len--; } return len; } /*---------------------------------------------------------------------------*/ static int fgetline(FILE *inputstream, size_t size, char *buffer) { static size_t len; static char *buffptr; if(feof(inputstream)) return -1; buffptr = fgets (buffer, size, inputstream); if(buffptr == NULL) return -1; len = strlen(buffptr); len = chop(buffptr, len); return len; } /*===========================================================================*/ static void removepmkideapol(char *macskipname) { static int len; static int p1, p2; static FILE *fh_maclistin; static long int i, f, r; static int maclistskipcount, maclistskipmax; static maclist_t *maclistskip, *zeiger, *maclistskipnew; static hashlist_t *zeigerhash; static char linein[PMKIDEAPOL_BUFFER_LEN]; maclistskipmax = 1000; if((maclistskip = (maclist_t*)calloc(maclistskipmax, MACLIST_SIZE)) == NULL) return; if((fh_maclistin = fopen(macskipname, "r")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", macskipname, strerror(errno)); return; } zeiger = maclistskip; maclistskipcount = 0; while(1) { if((len = fgetline(fh_maclistin, PMKIDEAPOL_BUFFER_LEN, linein)) == -1) break; if(len == 17) { p2 = 0; for(p1 = 0; p1 < 17; p1++) { if(isxdigit((unsigned char)linein[p1])) { linein[p2] = linein[p1]; p2++; } } linein[p2] = 0; len = p2; } if(len != 12) continue; if(getfield(linein, 6, zeiger->mac) != 6) continue; maclistskipcount++; if(maclistskipcount >= maclistskipmax) { maclistskipmax += 1000; maclistskipnew = realloc(maclistskip, maclistskipmax *MACLIST_SIZE); if(maclistskipnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } maclistskip = maclistskipnew; } zeiger = maclistskip +maclistskipcount; } if(fh_maclistin != NULL) fclose(fh_maclistin); qsort(maclistskip, maclistskipcount, MACLIST_SIZE, sort_maclistin); qsort(hashlist, pmkideapolcount, HASHLIST_SIZE, sort_hashlist_by_macap); zeigerhash = hashlist; zeiger = maclistskip; f = 0; r = 0; for(i = 0; i < pmkideapolcount; i++) { if(memcmp((zeigerhash +i)->ap, (zeiger +f)->mac, 6) > 0) while(f < maclistskipcount) { if(memcmp((zeiger +f)->mac, (zeigerhash +i)->ap, 6) >= 0) break; f++; } if(memcmp((zeigerhash +i)->ap, (zeiger +f)->mac, 6) == 0) { (zeigerhash +i)->type = HS_REMOVED; r++; } } qsort(hashlist, pmkideapolcount, HASHLIST_SIZE, sort_hashlist_by_type); pmkidcount -= r; qsort(hashlist, pmkideapolcount, HASHLIST_SIZE, sort_hashlist_by_macclient); zeigerhash = hashlist; zeiger = maclistskip; f = 0; r = 0; for(i = 0; i < pmkideapolcount; i++) { if(memcmp((zeigerhash +i)->client, (zeiger +f)->mac, 6) > 0) while(f < maclistskipcount) { if(memcmp((zeiger +f)->mac, (zeigerhash +i)->client, 6) >= 0) break; f++; } if(memcmp((zeigerhash +i)->client, (zeiger +f)->mac, 6) == 0) { (zeigerhash +i)->type = HS_REMOVED; r++; } } qsort(hashlist, pmkideapolcount, HASHLIST_SIZE, sort_hashlist_by_type); pmkidcount -= r; if(maclistskip != NULL) free(maclistskip); return; } /*===========================================================================*/ static void processmacfile(char *maclistinname, char *pmkideapoloutname) { static int len; static int p1, p2; static FILE *fh_maclistin; static FILE *fh_pmkideapol; static struct stat statinfo; static int maclistincount, maclistinmax; static maclist_t *maclistin, *zeiger, *maclistinnew; static hashlist_t *zeigerhash; static int i, o; static char linein[PMKIDEAPOL_BUFFER_LEN]; maclistinmax = 1000; if((maclistin = (maclist_t*)calloc(maclistinmax, MACLIST_SIZE)) == NULL) return; if((fh_maclistin = fopen(maclistinname, "r")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", maclistinname, strerror(errno)); return; } zeiger = maclistin; maclistincount = 0; while(1) { if((len = fgetline(fh_maclistin, PMKIDEAPOL_BUFFER_LEN, linein)) == -1) break; if(len == 17) { p2 = 0; for(p1 = 0; p1 < 17; p1++) { if(isxdigit((unsigned char)linein[p1])) { linein[p2] = linein[p1]; p2++; } } linein[p2] = 0; len = p2; } if(len != 12) continue; if(getfield(linein, 6, zeiger->mac) != 6) continue; maclistincount++; if(maclistincount >= maclistinmax) { maclistinmax += 1000; maclistinnew = realloc(maclistin, maclistinmax *MACLIST_SIZE); if(maclistinnew == NULL) { fprintf(stdout, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } maclistin = maclistinnew; } zeiger = maclistin +maclistincount; } if(fh_maclistin != NULL) fclose(fh_maclistin); qsort(maclistin, maclistincount, MACLIST_SIZE, sort_maclistin); if(pmkideapoloutname != NULL) { if((fh_pmkideapol = fopen(pmkideapoloutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", pmkideapoloutname, strerror(errno)); free(maclistin); return; } } qsort(hashlist, pmkideapolcount, HASHLIST_SIZE, sort_hashlist_by_macap); zeiger = maclistin; zeigerhash = hashlist; o = 0; for(i = 0; i < maclistincount; i++) { while(o < pmkideapolcount) { if(memcmp((zeigerhash +o)->ap, (zeiger +i)->mac, 6) > 0) break; if(memcmp((zeigerhash +o)->ap, (zeiger +i)->mac, 6) == 0) writepmkideapolhashline(fh_pmkideapol, zeigerhash +o); o++; } } qsort(hashlist, pmkideapolcount, HASHLIST_SIZE, sort_hashlist_by_macclient); zeiger = maclistin; zeigerhash = hashlist; o = 0; for(i = 0; i < maclistincount; i++) { while(o < pmkideapolcount) { if(memcmp((zeigerhash +o)->client, (zeiger +i)->mac, 6) > 0) break; if(memcmp((zeigerhash +o)->client, (zeiger +i)->mac, 6) == 0) writepmkideapolhashline(fh_pmkideapol, zeigerhash +o); o++; } } if(fh_pmkideapol != NULL) fclose(fh_pmkideapol); if(pmkideapoloutname != NULL) { if(stat(pmkideapoloutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(pmkideapoloutname); } } if(maclistin != NULL) free(maclistin); return; } /*===========================================================================*/ static void processessidfile(char *essidlistinname, char *pmkideapoloutname) { static int len; static int i, o; static FILE *fh_essidlistin; static FILE *fh_pmkideapol; static struct stat statinfo; static int essidlistincount, essidlistinmax; static essidlist_t *essidlistin, *zeiger, *essidlistinnew; static hashlist_t *zeigerhash; static char hexpfx[] = { "$HEX[" }; static char linein[PMKIDEAPOL_BUFFER_LEN]; essidlistinmax = 1000; if((essidlistin = (essidlist_t*)calloc(essidlistinmax, ESSIDLIST_SIZE)) == NULL) return; if((fh_essidlistin = fopen(essidlistinname, "r")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", essidlistinname, strerror(errno)); return; } zeiger = essidlistin; essidlistincount = 0; while(1) { if((len = fgetline(fh_essidlistin, PMKIDEAPOL_BUFFER_LEN, linein)) == -1) break; if((len < 1) || (len > 70)) continue; memset(zeiger->essid, 0, 33); if((len >= 8) && ((len %2) == 0) && (linein[len -1] == ']') && (memcmp(linein, hexpfx, 5) == 0)) { linein[len -1] = 0; zeiger->essidlen = getfield(&linein[5], 32, zeiger->essid); } else if(len <= 32) { zeiger->essidlen = len; memcpy(zeiger->essid, linein, len); } else continue; essidlistincount++; if(essidlistincount >= essidlistinmax) { essidlistinmax += 1000; essidlistinnew = realloc(essidlistin, essidlistinmax *ESSIDLIST_SIZE); if(essidlistinnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } essidlistin = essidlistinnew; } zeiger = essidlistin +essidlistincount; } if(fh_essidlistin != NULL) fclose(fh_essidlistin); qsort(essidlistin, essidlistincount, ESSIDLIST_SIZE, sort_essidlistin); qsort(hashlist, pmkideapolcount, HASHLIST_SIZE, sort_hashlist_by_essidlen); if(pmkideapoloutname == NULL) { if(essidlistin != NULL) free(essidlistin); return; } if((fh_pmkideapol = fopen(pmkideapoloutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", pmkideapoloutname, strerror(errno)); free(essidlistin); return; } zeiger = essidlistin; zeigerhash = hashlist; o = 0; for(i = 0; i < essidlistincount; i++) { while(o < pmkideapolcount) { if((zeigerhash +o)->essidlen < (zeiger +i)->essidlen) { o++; continue; } if((zeigerhash +o)->essidlen > (zeiger +i)->essidlen) break; if((memcmp((zeigerhash +o)->essid, (zeiger +i)->essid, (zeigerhash +o)->essidlen)) > 0) break; if((memcmp((zeigerhash +o)->essid, (zeiger +i)->essid, (zeigerhash +o)->essidlen)) == 0) writepmkideapolhashline(fh_pmkideapol, zeigerhash +o); o++; } } if(fh_pmkideapol != NULL) fclose(fh_pmkideapol); if(pmkideapoloutname != NULL) { if(stat(pmkideapoloutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(pmkideapoloutname); } } if(essidlistin != NULL) free(essidlistin); return; } /*===========================================================================*/ static bool readpmkideapolfile(FILE *fh_pmkideapol) { static int len; static int oflen; static uint16_t essidlen; static uint16_t noncelen; static uint16_t eapauthlen; static uint16_t mplen; static hashlist_t *zeiger, *hashlistnew; static const char wpa01[] = { "WPA*01*" }; static const char wpa02[] = { "WPA*02*" }; static char linein[PMKIDEAPOL_LINE_LEN +1]; static uint8_t buffer[PMKIDEAPOL_LINE_LEN +1]; zeiger = hashlist; while(1) { if((len = fgetline(fh_pmkideapol, PMKIDEAPOL_LINE_LEN, linein)) == -1) break; readcount++; if(len < 68) { readerrorcount++; continue; } if((memcmp(&linein, &wpa01, 7) != 0) && (memcmp(&linein, &wpa02, 7) != 0)) { readerrorcount++; continue; } if((linein[39] != '*') && (linein[52] != '*') && (linein[65] != '*')) { readerrorcount++; continue; } if(getfield(&linein[7], PMKIDEAPOL_LINE_LEN, buffer) != 16) { readerrorcount++; continue; } memcpy(zeiger->hash, &buffer, 16); if(getfield(&linein[40], PMKIDEAPOL_LINE_LEN, buffer) != 6) { readerrorcount++; continue; } memcpy(zeiger->ap, &buffer, 6); if(getfield(&linein[53], PMKIDEAPOL_LINE_LEN, buffer) != 6) { readerrorcount++; continue; } memcpy(zeiger->client, &buffer, 6); essidlen = getfield(&linein[66], PMKIDEAPOL_LINE_LEN, buffer); if(essidlen > 32) { readerrorcount++; continue; } memcpy(zeiger->essid, &buffer, essidlen); zeiger->essidlen = essidlen; if(memcmp(&linein, &wpa01, 7) == 0) { zeiger->type = HS_PMKID; pmkidcount++; } else if(memcmp(&linein, &wpa02, 7) == 0) { oflen = 66 +essidlen *2 +1; noncelen = getfield(&linein[oflen], PMKIDEAPOL_LINE_LEN, buffer); if(noncelen > 32) { readerrorcount++; continue; } memcpy(zeiger->nonce, &buffer, 32); oflen += 65; eapauthlen = getfield(&linein[oflen], PMKIDEAPOL_LINE_LEN, buffer); if(eapauthlen > EAPOL_AUTHLEN_MAX) { readerrorcount++; continue; } memcpy(zeiger->eapol, &buffer, eapauthlen); zeiger->eapauthlen = eapauthlen; oflen += eapauthlen *2 +1; mplen = getfield(&linein[oflen], PMKIDEAPOL_LINE_LEN, buffer); if(mplen > 1) { readerrorcount++; continue; } zeiger->mp = buffer[0]; zeiger->type = HS_EAPOL; eapolcount++; } else { readerrorcount++; continue; } pmkideapolcount = pmkidcount +eapolcount; if(pmkideapolcount >= hashlistcount) { hashlistcount += HASHLIST_MAX; hashlistnew = realloc(hashlist, hashlistcount *HASHLIST_SIZE); if(hashlistnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } hashlist = hashlistnew; } zeiger = hashlist +pmkideapolcount; } return true; } /*===========================================================================*/ static bool readbpkdf2file(char *pkdf2inname) { static int len; static char *pskpos; static FILE *fh_pbkdf2; static char linein[PBKDF2_LINE_LEN +1]; if((fh_pbkdf2 = fopen(pkdf2inname, "r")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", pkdf2inname, strerror(errno)); return false; } pbkdf2count = 0; pbkdf2readerrorcount = 0; while(1) { if((len = fgetline(fh_pbkdf2, PBKDF2_LINE_LEN, linein)) == -1) break; if(len < 76) { pbkdf2readerrorcount++; continue; } if(linein[64] != '*') { pbkdf2readerrorcount++; continue; } pskpos = strchr(&linein[65], ':'); if(pskpos == NULL) { pbkdf2readerrorcount++; continue; } pskpos[0] = 0; fprintf(stdout, "%s %s\n", &linein[65], pskpos +1); pbkdf2count++; } fclose(fh_pbkdf2); return true; } /*===========================================================================*/ static void showvendorlist() { static ouilist_t *zeiger; fprintf(stdout, "\n"); for(zeiger = ouilist; zeiger < ouilist +ouicount; zeiger++) fprintf(stdout, "%02x%02x%02x %s\n", zeiger->oui[0], zeiger->oui[1], zeiger->oui[2], zeiger->vendor); return; } /*===========================================================================*/ static int isvendor(int len, char *linein) { static int c; static int ret; for(c = 7; c < len; c++) { if(islower((unsigned char)linein[c])) linein[c] = toupper((unsigned char)linein[c]); } ret = 0; if(filtervendorptr != NULL) { if(strstr(&linein[7], filtervendorptr) != NULL) ret |= TYPE_AP + TYPE_CLIENT; } if(filtervendorapptr != NULL) { if(strstr(&linein[7], filtervendorapptr) != NULL) ret |= TYPE_AP; } if(filtervendorclientptr != NULL) { if(strstr(&linein[7], filtervendorclientptr) != NULL) ret |= TYPE_CLIENT; } return ret; } /*===========================================================================*/ static void readoui() { static int len; static uid_t uid; static struct passwd *pwd; static struct stat statinfo; static ouilist_t *zeiger, *ouilistnew; static FILE *fh_oui; static char *vendorptr; static const char *ouinameuser = "/.hcxtools/oui.txt"; static const char *ouinamesystemwide = "/usr/share/ieee-data/oui.txt"; static const char *ouina = "N/A"; static char ouinameuserpath[PATH_MAX +1]; static char linein[OUI_LINE_LEN +1]; usedoui = ouina; uid = getuid(); pwd = getpwuid(uid); if(pwd == NULL) return; strncpy(ouinameuserpath, pwd->pw_dir, PATH_MAX -1); strncat(ouinameuserpath, ouinameuser, PATH_MAX -1); if(stat(ouinameuserpath, &statinfo) == 0) usedoui = ouinameuserpath; else if(stat(ouinameuser, &statinfo) == 0) usedoui = ouinamesystemwide; else return; if((fh_oui = fopen(usedoui, "r")) == NULL) return; zeiger = ouilist; while(1) { if((len = fgetline(fh_oui, OUI_LINE_LEN, linein)) == -1) break; if(len < 20) continue; linein[6] = 0; if(getfield(linein, OUI_LINE_LEN, zeiger->oui) != 3) continue; if(strstr(&linein[7], "(base 16)") == NULL) continue; zeiger->type = 0; if((filtervendorptr != NULL) || (filtervendorapptr != NULL) || (filtervendorclientptr != NULL)) { zeiger->type = isvendor(len, linein); if(zeiger->type == 0) continue; } vendorptr = strrchr(&linein[7], '\t'); if(vendorptr == NULL) continue; if(vendorptr++ == 0) continue; strncpy(zeiger->vendor, vendorptr, VENDOR_LEN_MAX -1); ouicount++; if(ouicount >= ouilistcount) { ouilistcount += OUILIST_MAX; ouilistnew = realloc(ouilist, ouilistcount *OUILIST_SIZE); if(ouilistnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } ouilist = ouilistnew; } zeiger = ouilist +ouicount; } fclose(fh_oui); qsort(ouilist, ouicount, OUILIST_SIZE, sort_ouilist_by_oui); return; } /*===========================================================================*/ static void downloadoui() { static uid_t uid; static struct passwd *pwd; static CURLcode ret; static CURL *hnd; static FILE* fhoui; static struct stat statinfo; static const char *ouipath = "/.hcxtools"; static const char *ouiname = "/oui.txt"; static char ouinameuserpath[PATH_MAX]; uid = getuid(); pwd = getpwuid(uid); if(pwd == NULL) return; strncpy(ouinameuserpath, pwd->pw_dir, PATH_MAX -1); strncat(ouinameuserpath, ouipath, PATH_MAX -1); if(stat(ouinameuserpath, &statinfo) == -1) { if(mkdir(ouinameuserpath, 0755) == -1) { fprintf(stderr, "failed to create conf dir\n"); return; } } strncat(ouinameuserpath, ouiname, PATH_MAX -1); fprintf(stdout, "start downloading oui from http://standards-oui.ieee.org to: %s\n", ouinameuserpath); if((fhoui = fopen(ouinameuserpath, "w")) == NULL) { fprintf(stdout, "error creating file %s", ouiname); return; } hnd = curl_easy_init (); curl_easy_setopt(hnd, CURLOPT_URL, "http://standards-oui.ieee.org/oui/oui.txt"); curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 5L); curl_easy_setopt(hnd, CURLOPT_WRITEDATA, fhoui) ; curl_easy_setopt(hnd, CURLOPT_NOPROGRESS, 0L); ret = curl_easy_perform(hnd); curl_easy_cleanup(hnd); fclose(fhoui); if(ret != 0) { fprintf(stdout, "download not successful"); return; } fprintf(stdout, "download finished\n"); return; } /*===========================================================================*/ __attribute__ ((noreturn)) static void version(char *eigenname) { fprintf(stdout, "%s %s (C) %s ZeroBeat\n", eigenname, VERSION_TAG, VERSION_YEAR); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) static void usage(char *eigenname) { fprintf(stdout, "%s %s (C) %s ZeroBeat\n" "usage:\n" "%s \n" "\n" "options:\n" "-i : input PMKID/EAPOL hash file\n" "-o : output PMKID/EAPOL hash file\n" "-E : output ESSID list (autohex enabled)\n" "-d : download http://standards-oui.ieee.org/oui.txt\n" " and save to ~/.hcxtools/oui.txt\n" " internet connection required\n" // "-p : input PBKDF2 file (hashcat potfile 22000 format)\n" "-h : show this help\n" "-v : show version\n" "\n" "--essid-group : convert to ESSID groups in working directory\n" " full advantage of reuse of PBKDF2\n" " not on old hash formats\n" "--oui-group : convert to OUI groups in working directory\n" " not on old hash formats\n" "--mac-group-ap : convert APs to MAC groups in working directory\n" " not on old hash formats\n" "--mac-group-client : convert CLIENTs to MAC groups in working directory\n" " not on old hash formats\n" "--type= : filter by hash type\n" " bitmask:\n" " 1 = PMKID\n" " 2 = EAPOL\n" " default PMKID and EAPOL (1+2=3)\n" "--hcx-min= : disregard hashes with occurrence lower than hcx-min/ESSID\n" "--hcx-max= : disregard hashes with occurrence higher than hcx-max/ESSID\n" "--essid-len : filter by ESSID length\n" " default ESSID length: %d...%d\n" "--essid-min : filter by ESSID minimum length\n" " default ESSID minimum length: %d\n" "--essid-max : filter by ESSID maximum length\n" " default ESSID maximum length: %d\n" "--essid= : filter by ESSID\n" "--essid-part= : filter by part of ESSID\n" "--essid-list= : filter by ESSID file\n" "--mac-ap= : filter AP by MAC\n" " format: 001122334455, 00:11:22:33:44:55, 00-11-22-33-44-55 (hex)\n" "--mac-client= : filter CLIENT by MAC\n" " format: 001122334455, 00:11:22:33:44:55, 00-11-22-33-44-55 (hex)\n" "--mac-list= : filter by MAC file\n" " format: 001122334455, 00:11:22:33:44:55, 00-11-22-33-44-55 (hex)\n" "--mac-skiplist= : exclude MAC from file\n" " format: 001122334455, 00:11:22:33:44:55, 00-11-22-33-44-55 (hex)\n" "--oui-ap= : filter AP by OUI\n" " format: 001122, 00:11:22, 00-11-22 (hex)\n" "--oui-client= : filter CLIENT by OUI\n" " format: 001122, 00:11:22, 00-11-22 (hex)\n" "--vendor= : filter AP or CLIENT by (part of) VENDOR name\n" "--vendor-ap= : filter AP by (part of) VENDOR name\n" "--vendor-client= : filter CLIENT by (part of) VENDOR name\n" "--authorized : filter EAPOL pairs by status authorized (M2M3, M3M4, M1M4)\n" "--challenge : filter EAPOL pairs by status CHALLENGE (M1M2, M1M2ROGUE)\n" "--rc : filter EAPOL pairs by replaycount status checked\n" "--rc-not : filter EAPOL pairs by replaycount status not checked\n" "--apless : filter EAPOL pairs by status M1M2ROGUE (M2 requested from CLIENT)\n" "--info= : output detailed information about content of hash file\n" " no filter options available\n" "--info=stdout : stdout output detailed information about content of hash file\n" " no filter options available\n" "--info-vendor= : output detailed information about ACCESS POINT and CLIENT VENDORs\n" " no filter options available\n" "--info-vendor-ap= : output detailed information about ACCESS POINT VENDORs\n" " no filter options available\n" "--info-vendor-client= : output detailed information about ACCESS POINT VENDORs\n" " no filter options available\n" "--info-vendor=stdout : stdout output detailed information about ACCESS POINT and CLIENT VENDORs\n" " no filter options available\n" "--info-vendor-ap=stdout : stdout output detailed information about ACCESS POINT VENDORs\n" " no filter options available\n" "--info-vendor-client=stdout : stdout output detailed information about ACCESS POINT VENDORs\n" " no filter options available\n" "--psk= : pre-shared key to test\n" " due to PBKDF2 calculation this is a very slow process\n" " no nonce error corrections\n" "--pmk= : plain master key to test\n" " no nonce error corrections\n" "--hccapx= : output to deprecated hccapx file\n" "--hccap= : output to ancient hccap file\n" "--hccap-single : output to ancient hccap single files (MAC + count)\n" "--john= : output to deprecated john file\n" "--vendorlist : stdout output complete OUI list sorted by OUI\n" "--help : show this help\n" "--version : show version\n" "\n", eigenname, VERSION_TAG, VERSION_YEAR, eigenname, ESSID_LEN_MIN, ESSID_LEN_MAX, ESSID_LEN_MIN, ESSID_LEN_MAX); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) static void usageerror(char *eigenname) { fprintf(stdout, "%s %s (C) %s by ZeroBeat\n" "usage: %s -h for help\n", eigenname, VERSION_TAG, VERSION_YEAR, eigenname); exit(EXIT_FAILURE); } /*===========================================================================*/ int main(int argc, char *argv[]) { static int auswahl; static int index; static int l; static int lcmin; static int lcmax; static int p1, p2; static int hashtypein; static int essidlenin; static FILE *fh_pmkideapol; static char *pbkdf2inname; static char *pmkideapolinname; static char *pmkideapoloutname; static char *essidoutname; static char *essidinname; static char *macinname; static char *macskipname; static char *hccapxoutname; static char *hccapoutname; static char *johnoutname; static char *infooutname; static char *infovendoroutname; static char *infovendorapoutname; static char *infovendorclientoutname; static char *ouiinstring; static char *macinstring; static char *pmkinstring; static const char *short_options = "i:o:E:dp:hv"; static const struct option long_options[] = { {"type", required_argument, NULL, HCX_HASH_TYPE}, {"hcx-min", required_argument, NULL, HCX_HASH_MIN}, {"hcx-max", required_argument, NULL, HCX_HASH_MAX}, {"essid-min", required_argument, NULL, HCX_ESSID_MIN}, {"essid-group", no_argument, NULL, HCX_ESSID_GROUP}, {"essid-len", required_argument, NULL, HCX_ESSID_LEN}, {"essid-min", required_argument, NULL, HCX_ESSID_MIN}, {"essid-max", required_argument, NULL, HCX_ESSID_MAX}, {"essid", required_argument, NULL, HCX_FILTER_ESSID}, {"essid-part", required_argument, NULL, HCX_FILTER_ESSID_PART}, {"essid-list", required_argument, NULL, HCX_FILTER_ESSID_LIST_IN}, {"mac-ap", required_argument, NULL, HCX_FILTER_MAC_AP}, {"mac-client", required_argument, NULL, HCX_FILTER_MAC_CLIENT}, {"mac-list", required_argument, NULL, HCX_FILTER_MAC_LIST_IN}, {"mac-skiplist", required_argument, NULL, HCX_FILTER_MAC_LIST_SKIP}, {"mac-group-ap", no_argument, NULL, HCX_MAC_GROUP_AP}, {"mac-group-client", no_argument, NULL, HCX_MAC_GROUP_CLIENT}, {"oui-group", no_argument, NULL, HCX_OUI_GROUP}, {"oui-ap", required_argument, NULL, HCX_FILTER_OUI_AP}, {"oui-client", required_argument, NULL, HCX_FILTER_OUI_CLIENT}, {"vendor", required_argument, NULL, HCX_FILTER_VENDOR}, {"vendor-ap", required_argument, NULL, HCX_FILTER_VENDOR_AP}, {"vendor-client", required_argument, NULL, HCX_FILTER_VENDOR_CLIENT}, {"rc", no_argument, NULL, HCX_FILTER_RC}, {"rc-not", no_argument, NULL, HCX_FILTER_RC_NOT}, {"authorized", no_argument, NULL, HCX_FILTER_M12}, {"challenge", no_argument, NULL, HCX_FILTER_M1234}, {"apless", no_argument, NULL, HCX_FILTER_M1M2ROGUE}, {"psk", required_argument, NULL, HCX_PSK}, {"pmk", required_argument, NULL, HCX_PMK}, {"info", required_argument, NULL, HCX_INFO_OUT}, {"info-vendor", required_argument, NULL, HCX_INFO_VENDOR_OUT}, {"info-vendor-ap", required_argument, NULL, HCX_INFO_VENDOR_AP_OUT}, {"info-vendor-client", required_argument, NULL, HCX_INFO_VENDOR_CLIENT_OUT}, {"hccapx", required_argument, NULL, HCX_HCCAPX_OUT}, {"hccap", required_argument, NULL, HCX_HCCAP_OUT}, {"hccap-single", no_argument, NULL, HCX_HCCAP_SINGLE_OUT}, {"john", required_argument, NULL, HCX_JOHN_OUT}, {"vendorlist", no_argument, NULL, HCX_VENDOR_OUT}, {"version", no_argument, NULL, HCX_VERSION}, {"help", no_argument, NULL, HCX_HELP}, {NULL, 0, NULL, 0} }; auswahl = -1; index = 0; optind = 1; optopt = 0; pbkdf2inname = NULL; fh_pmkideapol = NULL; pmkideapolinname = NULL; pmkideapoloutname = NULL; essidoutname = NULL; essidinname = NULL; macinname = NULL; macskipname = NULL; infooutname = NULL; infovendoroutname = NULL; infovendorapoutname = NULL; infovendorclientoutname = NULL; hccapxoutname = NULL; hccapoutname = NULL; johnoutname = NULL; ouiinstring = NULL; macinstring = NULL; pmkinstring = NULL; filteressidptr = NULL; filteressidpartptr = NULL; filtervendorptr = NULL; filtervendorapptr = NULL; filtervendorclientptr = NULL; flagfiltermacap = false; flagfiltermacclient = false; flagfilterouiap = false; flagfilterouiclient = false; flagfilterauthorized = false; flagfilterchallenge = false; flagfilterrcchecked = false; flagfilterrcnotchecked = false; flagfilterapless = false; flagpsk = false; flagpmk = false; flagessidgroup = false; flagmacapgroup = false; flagmacclientgroup = false; flagouigroup = false; flagvendorout = false; flaghccapsingleout = false; hashtypein = 0; hashtype = HCX_TYPE_PMKID | HCX_TYPE_EAPOL; essidlenin = ESSID_LEN_MAX; essidlen = ESSID_LEN_MAX; essidlenmin = ESSID_LEN_MIN; essidlenmax = ESSID_LEN_MAX; lcmin = 0; lcmax = 0; while((auswahl = getopt_long (argc, argv, short_options, long_options, &index)) != -1) { switch (auswahl) { case HCX_PMKIDEAPOL_IN: pmkideapolinname = optarg; break; case HCX_PMKIDEAPOL_OUT: pmkideapoloutname = optarg; break; case HCX_ESSID_OUT: essidoutname = optarg; break; case HCX_VENDOR_OUT: flagvendorout = true; break; case HCX_INFO_OUT: infooutname = optarg; break; case HCX_INFO_VENDOR_OUT: infovendoroutname = optarg; break; case HCX_INFO_VENDOR_AP_OUT: infovendorapoutname = optarg; break; case HCX_INFO_VENDOR_CLIENT_OUT: infovendorclientoutname = optarg; break; case HCX_ESSID_GROUP: flagessidgroup = true; break; case HCX_HASH_TYPE: hashtypein |= strtol(optarg, NULL, 10); if((hashtypein < HCX_TYPE_PMKID) || (hashtypein > (HCX_TYPE_PMKID + HCX_TYPE_EAPOL))) { fprintf(stderr, "only hash types 1 and 2 allowed (values 1, 2 or 3)\n"); exit(EXIT_FAILURE); } break; case HCX_ESSID_LEN: essidlenin = strtol(optarg, NULL, 10); if((essidlenin < 0) || (essidlenin > ESSID_LEN_MAX)) { fprintf(stderr, "only values 0...32 allowed\n"); exit(EXIT_FAILURE); } essidlenmin = essidlenin; essidlenmax = essidlenin; break; case HCX_ESSID_MIN: essidlenin = strtol(optarg, NULL, 10); if((essidlenin < 0) || (essidlenin > ESSID_LEN_MAX)) { fprintf(stderr, "only values 0...32 allowed\n"); exit(EXIT_FAILURE); } essidlenmin = essidlenin; break; case HCX_ESSID_MAX: essidlenin = strtol(optarg, NULL, 10); if((essidlenin < 0) || (essidlenin > ESSID_LEN_MAX)) { fprintf(stderr, "only values 0...32 allowed\n"); exit(EXIT_FAILURE); } essidlenmax = essidlenin; break; case HCX_FILTER_ESSID: filteressidptr = optarg; filteressidlen = strlen(filteressidptr); if((filteressidlen < 1) || (filteressidlen > ESSID_LEN_MAX)) { fprintf(stderr, "only values 0...32 allowed\n"); exit(EXIT_FAILURE); } break; case HCX_FILTER_ESSID_PART: filteressidpartptr = optarg; filteressidpartlen = strlen(filteressidpartptr); if((filteressidpartlen < 1) || (filteressidpartlen > ESSID_LEN_MAX)) { fprintf(stderr, "only values 0...32 allowed\n"); exit(EXIT_FAILURE); } break; case HCX_FILTER_ESSID_LIST_IN: essidinname = optarg; break; case HCX_HASH_MIN: lcmin = strtol(optarg, NULL, 10); break; case HCX_HASH_MAX: lcmax = strtol(optarg, NULL, 10); break; case HCX_MAC_GROUP_AP: flagmacapgroup = true; break; case HCX_MAC_GROUP_CLIENT: flagmacclientgroup = true; break; case HCX_OUI_GROUP: flagouigroup = true; break; case HCX_FILTER_OUI_AP: l= strlen(optarg); p2 = 0; for(p1 = 0; p1 < l; p1++) { if(isxdigit((unsigned char)optarg[p1])) { optarg[p2] = optarg[p1]; p2++; } } optarg[6] = 0; ouiinstring = optarg; if(getfield(ouiinstring, 3, filterouiap) != 3) { fprintf(stderr, "wrong OUI format\n"); exit(EXIT_FAILURE); } flagfilterouiap = true; break; case HCX_FILTER_MAC_AP: l= strlen(optarg); p2 = 0; for(p1 = 0; p1 < l; p1++) { if(isxdigit((unsigned char)optarg[p1])) { optarg[p2] = optarg[p1]; p2++; } } optarg[12] = 0; macinstring = optarg; if(getfield(macinstring, 6, filtermacap) != 6) { fprintf(stderr, "wrong MAC format $\n"); exit(EXIT_FAILURE); } flagfiltermacap = true; break; case HCX_FILTER_MAC_CLIENT: l= strlen(optarg); p2 = 0; for(p1 = 0; p1 < l; p1++) { if(isxdigit((unsigned char)optarg[p1])) { optarg[p2] = optarg[p1]; p2++; } } optarg[12] = 0; macinstring = optarg; if(getfield(macinstring, 6, filtermacclient) != 6) { fprintf(stderr, "wrong MAC format\n"); exit(EXIT_FAILURE); } flagfiltermacclient = true; break; case HCX_FILTER_MAC_LIST_IN: macinname = optarg; break; case HCX_FILTER_MAC_LIST_SKIP: macskipname = optarg; break; case HCX_FILTER_OUI_CLIENT: l= strlen(optarg); p2 = 0; for(p1 = 0; p1 < l; p1++) { if(isxdigit((unsigned char)optarg[p1])) { optarg[p2] = optarg[p1]; p2++; } } optarg[6] = 0; ouiinstring = optarg; if(getfield(ouiinstring, 3, filterouiclient) != 3) { fprintf(stderr, "wrong OUI format\n"); exit(EXIT_FAILURE); } flagfilterouiclient = true; break; case HCX_FILTER_VENDOR: filtervendorptr = optarg; l = strlen(filtervendorptr); if(l < 3) { fprintf(stderr, "at least three characters of the VENDOR name are mandatory\n"); exit(EXIT_FAILURE); } for(p1 = 0; p1 < l; p1++) { if(islower((unsigned char)filtervendorptr[p1])) filtervendorptr[p1] = toupper((unsigned char)filtervendorptr[p1]); } break; case HCX_FILTER_VENDOR_AP: filtervendorapptr = optarg; l = strlen(filtervendorapptr); if(l < 3) { fprintf(stderr, "at least three characters of the VENDOR name are mandatory\n"); exit(EXIT_FAILURE); } for(p1 = 0; p1 < l; p1++) { if(islower((unsigned char)filtervendorapptr[p1])) filtervendorapptr[p1] = toupper((unsigned char)filtervendorapptr[p1]); } break; case HCX_FILTER_VENDOR_CLIENT: filtervendorclientptr = optarg; l = strlen(filtervendorclientptr); if(l < 3) { fprintf(stderr, "at least three characters of the VENDOR name are mandatory\n"); exit(EXIT_FAILURE); } for(p1 = 0; p1 < l; p1++) { if(islower((unsigned char)filtervendorclientptr[p1])) filtervendorclientptr[p1] = toupper((unsigned char)filtervendorclientptr[p1]); } break; case HCX_FILTER_RC: flagfilterrcchecked = true; break; case HCX_FILTER_RC_NOT: flagfilterrcnotchecked = true; break; case HCX_FILTER_M12: flagfilterauthorized = true; break; case HCX_FILTER_M1234: flagfilterchallenge = true; break; case HCX_FILTER_M1M2ROGUE: flagfilterapless = true; break; case HCX_PSK: pskptr = optarg; pskptrlen = strlen(pskptr); if((pskptrlen < 0) || (pskptrlen > 63)) { fprintf(stderr, "only 0...63 characters allowed\n"); exit(EXIT_FAILURE); } flagpsk = true; break; case HCX_PMK: pmkinstring = optarg; if(getfield(pmkinstring, 32, pmk) != 32) { fprintf(stderr, "wrong PMK length \n"); exit(EXIT_FAILURE); } flagpmk = true; break; case HCX_DOWNLOAD_OUI: downloadoui(); break; case HCX_PBKDF2_IN: // pbkdf2inname = optarg; break; case HCX_HCCAPX_OUT: hccapxoutname = optarg; break; case HCX_HCCAP_OUT: hccapoutname = optarg; break; case HCX_HCCAP_SINGLE_OUT: flaghccapsingleout = true; break; case HCX_JOHN_OUT: johnoutname = optarg; break; case HCX_HELP: usage(basename(argv[0])); break; case HCX_VERSION: version(basename(argv[0])); break; case '?': usageerror(basename(argv[0])); break; } } if(essidlenmin > essidlenmax) { fprintf(stderr, "minimum ESSID length is > maximum ESSID length\n"); exit(EXIT_FAILURE); } if(argc < 2) { fprintf(stderr, "no option selected\n"); return EXIT_SUCCESS; } if(initlists() == false) exit(EXIT_FAILURE); if(pbkdf2inname != NULL) readbpkdf2file(pbkdf2inname); if((infooutname != NULL) || (infovendoroutname != NULL) || (infovendorapoutname != NULL) || (infovendorclientoutname != NULL)) { filtervendorptr = NULL; filtervendorapptr = NULL; filtervendorclientptr = NULL; } readoui(); if((ouicount > 0) && (flagvendorout == true)) { showvendorlist(); printstatus(); closelists(); return EXIT_SUCCESS; } if(pmkideapolinname != NULL) { if((fh_pmkideapol = fopen(pmkideapolinname, "r")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", pmkideapolinname, strerror(errno)); closelists(); exit(EXIT_FAILURE); } } if(fh_pmkideapol != NULL) readpmkideapolfile(fh_pmkideapol); if(pmkideapolcount == 0) { fprintf(stdout, "no hashes loaded\n"); if(fh_pmkideapol != NULL) fclose(fh_pmkideapol); closelists(); return EXIT_SUCCESS; } if(infooutname != NULL) { writeinfofile(infooutname); if(fh_pmkideapol != NULL) fclose(fh_pmkideapol); closelists(); return EXIT_SUCCESS; } if(infovendoroutname != NULL) { writevendorapinfofile(infovendoroutname); writevendorclientinfofile(infovendoroutname); if(fh_pmkideapol != NULL) fclose(fh_pmkideapol); closelists(); return EXIT_SUCCESS; } else if(infovendorapoutname != NULL) { writevendorapinfofile(infovendorapoutname); if(fh_pmkideapol != NULL) fclose(fh_pmkideapol); closelists(); return EXIT_SUCCESS; } else if(infovendorclientoutname != NULL) { writevendorclientinfofile(infovendorclientoutname); if(fh_pmkideapol != NULL) fclose(fh_pmkideapol); closelists(); return EXIT_SUCCESS; } if(macskipname != NULL) removepmkideapol(macskipname); if(hashtypein > 0) hashtype = hashtypein; if(essidoutname != NULL) processessid(essidoutname); if((pmkideapoloutname != NULL) && (essidinname == NULL)) { if((lcmin == 0) && (lcmax == 0)) writeeapolpmkidfile(pmkideapoloutname); else writelceapolpmkidfile(pmkideapoloutname, lcmin, lcmax); } if(flagessidgroup == true) writeeapolpmkidessidgroups(); if(flagmacapgroup == true) writeeapolpmkidmacapgroups(); if(flagmacclientgroup == true) writeeapolpmkidmacclientgroups(); if(flagouigroup == true) writeeapolpmkidouigroups(); if(flagpsk == true) testhashfilepsk(); if(flagpmk == true) testhashfilepmk(); if(hccapxoutname != NULL) writehccapxfile(hccapxoutname); if(hccapoutname != NULL) writehccapfile(hccapoutname); if(flaghccapsingleout == true) writehccapsinglefile(); if(johnoutname != NULL) writejohnfile(johnoutname); if((pmkideapoloutname != NULL) && (essidinname != NULL)) processessidfile(essidinname, pmkideapoloutname); if(macinname != NULL) processmacfile(macinname, pmkideapoloutname); printstatus(); if(fh_pmkideapol != NULL) fclose(fh_pmkideapol); closelists(); return EXIT_SUCCESS; } /*===========================================================================*/ hcxtools-6.2.7/hcxmactool.c000066400000000000000000000653141423200176400157060ustar00rootroot00000000000000#define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #if defined(__APPLE__) || defined(__OpenBSD__) #include #else #include #endif #include "include/hcxmactool.h" #include "include/strings.c" #include "include/fileops.c" #include "include/ieee80211.c" /*===========================================================================*/ /* global var */ static int ouicount; static int pmkidcount = 0; static int hccapxcount = 0; static intoui_t *ouilist = NULL; static intpmkid_t *pmkidlist = NULL; static inthccapx_t *hccapxlist = NULL; static char *hccapxinname = NULL; static char *pmkidinname = NULL; static char *pmkideapoloutname = NULL; static char *hccapxoutname = NULL; static char *pmkidoutname = NULL; static char *vendorapname = NULL; static char *vendorstaname = NULL; static bool ouiapflag = false; static bool nicapflag = false; static bool macapflag = false; static bool vendorapflag = false; static bool ouistaflag = false; static bool nicstaflag = false; static bool macstaflag = false; static bool vendorstaflag = false; static uint8_t ouiap[3]; static uint8_t nicap[3]; static uint8_t macap[6]; static uint8_t ouista[3]; static uint8_t nicsta[3]; static uint8_t macsta[6]; static char separator = ':'; /*===========================================================================*/ static void globalclose() { if(ouilist != NULL) { free(ouilist); } if(pmkidlist != NULL) { free(pmkidlist); } if(hccapxlist != NULL) { free(hccapxlist); } return; } /*===========================================================================*/ static bool isvendorsta(uint8_t *macsta) { static intoui_t *zeiger; if(ouicount == 0) { return false; } zeiger = ouilist; for(zeiger = ouilist; zeiger < (ouilist +ouicount); zeiger++) { if(memcmp(zeiger->oui, macsta, 3) == 0) { if(strstr(zeiger->vendor, vendorstaname) != NULL) { return true; } } } return false; } /*===========================================================================*/ static bool isvendorap(uint8_t *macap) { static intoui_t *zeiger; if(ouicount == 0) { return false; } zeiger = ouilist; for(zeiger = ouilist; zeiger < (ouilist +ouicount); zeiger++) { if(memcmp(zeiger->oui, macap, 3) == 0) { if(strstr(zeiger->vendor, vendorapname) != NULL) { return true; } } if(memcmp(zeiger->oui, macap, 3) > 0) { return false; } } return false; } /*===========================================================================*/ static int writehccapxline(int fd_file, inthccapx_t *hccapxline, int written) { if((write(fd_file, hccapxline, INTHCCAPX_SIZE)) == -1) { perror("failed to write hccapx record"); } written++; return written; } /*===========================================================================*/ static void writehccapxfile() { static int written; static int fd_file; static inthccapx_t *zeiger; if((fd_file = open(hccapxoutname, O_WRONLY | O_CREAT | O_APPEND, 0644)) == -1) { perror("f"); fprintf(stderr, "failed to open HCCAPX file %s\n", hccapxoutname); return; } written = 0; zeiger = hccapxlist; for(zeiger = hccapxlist; zeiger < (hccapxlist +hccapxcount); zeiger++) { if((ouiapflag == true) && (memcmp(zeiger->macap, ouiap, 3) == 0)) { written = writehccapxline(fd_file, zeiger, written); continue; } if((nicapflag == true) && (memcmp(&zeiger->macap[3], nicap, 3) == 0)) { written = writehccapxline(fd_file, zeiger, written); continue; } if((macapflag == true) && (memcmp(zeiger->macap, macap, 6) == 0)) { written = writehccapxline(fd_file, zeiger, written); continue; } if((vendorapflag == true) && (isvendorap(zeiger->macap) == true)) { written = writehccapxline(fd_file, zeiger, written); continue; } if((ouistaflag == true) && (memcmp(zeiger->macsta, ouista, 3) == 0)) { written = writehccapxline(fd_file, zeiger, written); continue; } if((nicstaflag == true) && (memcmp(&zeiger->macsta[3], nicsta, 3) == 0)) { written = writehccapxline(fd_file, zeiger, written); continue; } if((macstaflag == true) && (memcmp(zeiger->macsta, macsta, 6) == 0)) { written = writehccapxline(fd_file, zeiger, written); continue; } if((vendorstaflag == true) && (isvendorsta(zeiger->macsta) == true)) { written = writehccapxline(fd_file, zeiger, written); continue; } if((ouiapflag != true) && (nicapflag != true) && (macapflag != true) && (vendorapflag != true) && (ouistaflag != true) && (nicstaflag != true) && (macstaflag != true) && (vendorstaflag != true)) { written = writehccapxline(fd_file, zeiger, written); continue; } } close(fd_file); printf("%d record(s) written to %s\n", written, basename(hccapxoutname)); return; } /*===========================================================================*/ static int writeeapollinee(FILE *fh_pmkideapol, inthccapx_t *hccapx, int written) { static int p; static wpakey_t *wpak; static uint8_t anoncetemp[32]; wpak = (wpakey_t*)(hccapx->eapol +EAPAUTH_SIZE); if(memcmp(hccapx->nonceap, hccapx->noncesta, 32) == 0) return written; if(memcmp(hccapx->nonceap, wpak->nonce, 32) == 0) { memcpy(&anoncetemp, wpak->nonce, 32); memcpy(wpak->nonce, hccapx->noncesta, 32); memcpy(hccapx->noncesta, &anoncetemp, 32); } //WPA*TYPE*PMKID-ODER-MIC*MACAP*MACSTA*ESSID_HEX*ANONCE*EAPOL*ZUSATZINFO fprintf(fh_pmkideapol, "WPA*%02d*%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x*", HCX_TYPE_EAPOL, hccapx->keymic[0], hccapx->keymic[1], hccapx->keymic[2], hccapx->keymic[3], hccapx->keymic[4], hccapx->keymic[5], hccapx->keymic[6], hccapx->keymic[7], hccapx->keymic[8], hccapx->keymic[9], hccapx->keymic[10], hccapx->keymic[11], hccapx->keymic[12], hccapx->keymic[13], hccapx->keymic[14], hccapx->keymic[15], hccapx->macap[0], hccapx->macap[1], hccapx->macap[2], hccapx->macap[3], hccapx->macap[4], hccapx->macap[5], hccapx->macsta[0], hccapx->macsta[1], hccapx->macsta[2], hccapx->macsta[3], hccapx->macsta[4], hccapx->macsta[5]); for(p = 0; p < hccapx->essidlen; p++) fprintf(fh_pmkideapol, "%02x", hccapx->essid[p]); fprintf(fh_pmkideapol, "*"); fprintf(fh_pmkideapol, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x*", hccapx->nonceap[0], hccapx->nonceap[1], hccapx->nonceap[2], hccapx->nonceap[3], hccapx->nonceap[4], hccapx->nonceap[5], hccapx->nonceap[6], hccapx->nonceap[7], hccapx->nonceap[8], hccapx->nonceap[9], hccapx->nonceap[10], hccapx->nonceap[11], hccapx->nonceap[12], hccapx->nonceap[13], hccapx->nonceap[14], hccapx->nonceap[15], hccapx->nonceap[16], hccapx->nonceap[17], hccapx->nonceap[18], hccapx->nonceap[19], hccapx->nonceap[20], hccapx->nonceap[21], hccapx->nonceap[22], hccapx->nonceap[23], hccapx->nonceap[24], hccapx->nonceap[25], hccapx->nonceap[26], hccapx->nonceap[27], hccapx->nonceap[28], hccapx->nonceap[29], hccapx->nonceap[30], hccapx->nonceap[31]); for(p = 0; p < hccapx->eapollen; p++) fprintf(fh_pmkideapol, "%02x", hccapx->eapol[p]); fprintf(fh_pmkideapol, "*%02x\n", hccapx->message_pair); written++; return written; } /*===========================================================================*/ static void writepmkideapolefile() { static int written; static FILE *fh_file; static inthccapx_t *zeiger; if((fh_file = fopen(pmkideapoloutname, "a+")) == NULL) { printf("error opening file %s: %s\n", pmkideapoloutname, strerror(errno)); return; } written = 0; zeiger = hccapxlist; for(zeiger = hccapxlist; zeiger < (hccapxlist +hccapxcount); zeiger++) { if((ouiapflag == true) && (memcmp(zeiger->macap, ouiap, 3) == 0)) { written = writeeapollinee(fh_file, zeiger, written); continue; } if((nicapflag == true) && (memcmp(&zeiger->macap[3], nicap, 3) == 0)) { written = writeeapollinee(fh_file, zeiger, written); continue; } if((macapflag == true) && (memcmp(zeiger->macap, macap, 6) == 0)) { written = writeeapollinee(fh_file, zeiger, written); continue; } if((vendorapflag == true) && (isvendorap(zeiger->macap) == true)) { written = writeeapollinee(fh_file, zeiger, written); continue; } if((ouistaflag == true) && (memcmp(zeiger->macsta, ouista, 3) == 0)) { written = writeeapollinee(fh_file, zeiger, written); continue; } if((nicstaflag == true) && (memcmp(&zeiger->macsta[3], nicsta, 3) == 0)) { written = writeeapollinee(fh_file, zeiger, written); continue; } if((macstaflag == true) && (memcmp(zeiger->macsta, macsta, 6) == 0)) { written = writeeapollinee(fh_file, zeiger, written); continue; } if((vendorstaflag == true) && (isvendorsta(zeiger->macsta) == true)) { written = writeeapollinee(fh_file, zeiger, written); continue; } if((ouiapflag != true) && (nicapflag != true) && (macapflag != true) && (vendorapflag != true) && (ouistaflag != true) && (nicstaflag != true) && (macstaflag != true) && (vendorstaflag != true)) { written = writeeapollinee(fh_file, zeiger, written); continue; } } fclose(fh_file); printf("%d record(s) written to %s\n", written, basename(pmkideapoloutname)); return; } /*===========================================================================*/ static bool readhccapxfile() { static int count; static inthccapx_t *zeiger; static struct stat st; static int fd_file; if(stat(hccapxinname, &st) == -1) { perror("stat hccapx failed\n"); return false; } if((st.st_size %INTHCCAPX_SIZE) != 0) { fprintf(stderr, "failed to open corrupt HCCAPX file %s\n", hccapxinname); return false; } hccapxlist = malloc(st.st_size +INTHCCAPX_SIZE); if(hccapxlist == NULL) { printf("failed to allocate memory\n"); return false; } if((fd_file = open(hccapxinname, O_RDONLY)) == -1) { fprintf(stderr, "failed to open hccapx file %s\n", hccapxinname); return false; } hccapxcount = 0; zeiger = hccapxlist; while((count = read(fd_file, zeiger, INTHCCAPX_SIZE))) { if(zeiger->signature != HCCAPX_SIGNATURE) { fprintf(stderr, "%d record has a wrong HCCAPX signature\n", hccapxcount); break; } hccapxcount++; zeiger++; } memset(zeiger, 0, INTHCCAPX_SIZE); close(fd_file); if(hccapxcount > 0) { qsort(hccapxlist, hccapxcount, INTHCCAPX_SIZE, sort_inthccapx_by_macap); } printf("%d record(s) read from %s\n", hccapxcount, hccapxinname); return true; } /*===========================================================================*/ /*===========================================================================*/ static int writepmkidline(FILE *fh_file, intpmkid_t *pmkidline, int written) { static int c; for(c = 0; c < 16; c++) { fprintf(fh_file, "%02x", pmkidline->pmkid[c]); } fprintf(fh_file, "%c", separator); for(c = 0; c < 6; c++) { fprintf(fh_file, "%02x", pmkidline->macap[c]); } fprintf(fh_file, "%c", separator); for(c = 0; c < 6; c++) { fprintf(fh_file, "%02x", pmkidline->macsta[c]); } fprintf(fh_file, "%c", separator); for(c = 0; c < pmkidline->essidlen; c++) { fprintf(fh_file, "%02x", pmkidline->essid[c]); } fprintf(fh_file, "\n"); written++; return written; } /*===========================================================================*/ static void writepmkidfile() { static int written; static FILE *fh_file; static intpmkid_t *zeiger; if((fh_file = fopen(pmkidoutname, "a")) == NULL) { fprintf(stderr, "failed to open PMKID file %s\n", pmkidoutname); return; } written = 0; zeiger = pmkidlist; for(zeiger = pmkidlist; zeiger < (pmkidlist +pmkidcount); zeiger++) { if((ouiapflag == true) && (memcmp(zeiger->macap, ouiap, 3) == 0)) { written = writepmkidline(fh_file, zeiger, written); continue; } if((nicapflag == true) && (memcmp(&zeiger->macap[3], nicap, 3) == 0)) { written = writepmkidline(fh_file, zeiger, written); continue; } if((macapflag == true) && (memcmp(zeiger->macap, macap, 6) == 0)) { written = writepmkidline(fh_file, zeiger, written); continue; } if((vendorapflag == true) && (isvendorap(zeiger->macap) == true)) { written = writepmkidline(fh_file, zeiger, written); continue; } if((ouistaflag == true) && (memcmp(zeiger->macsta, ouista, 3) == 0)) { written = writepmkidline(fh_file, zeiger, written); continue; } if((nicstaflag == true) && (memcmp(&zeiger->macsta[3], nicsta, 3) == 0)) { written = writepmkidline(fh_file, zeiger, written); continue; } if((macstaflag == true) && (memcmp(zeiger->macsta, macsta, 6) == 0)) { written = writepmkidline(fh_file, zeiger, written); continue; } if((vendorstaflag == true) && (isvendorsta(zeiger->macsta) == true)) { written = writepmkidline(fh_file, zeiger, written); continue; } if((ouiapflag != true) && (nicapflag != true) && (macapflag != true) && (vendorapflag != true) && (ouistaflag != true) && (nicstaflag != true) && (macstaflag != true) && (vendorstaflag != true)) { written = writepmkidline(fh_file, zeiger, written); continue; } } fclose(fh_file); printf("%d record(s) written to %s\n", written, basename(pmkidoutname)); return; } /*===========================================================================*/ static int writepmkideapollinep(FILE *fh_pmkideapol, intpmkid_t *pmkidline, int written) { static int p; //WPA*TYPE*PMKID-ODER-MIC*MACAP*MACSTA*ESSID_HEX*ANONCE*EAPOL*ZUSATZINFO fprintf(fh_pmkideapol, "WPA*%02d*%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x*", HCX_TYPE_PMKID, pmkidline->pmkid[0], pmkidline->pmkid[1], pmkidline->pmkid[2], pmkidline->pmkid[3], pmkidline->pmkid[4], pmkidline->pmkid[5], pmkidline->pmkid[6], pmkidline->pmkid[7], pmkidline->pmkid[8], pmkidline->pmkid[9], pmkidline->pmkid[10], pmkidline->pmkid[11], pmkidline->pmkid[12], pmkidline->pmkid[13], pmkidline->pmkid[14], pmkidline->pmkid[15], pmkidline->macap[0], pmkidline->macap[1], pmkidline->macap[2], pmkidline->macap[3], pmkidline->macap[4], pmkidline->macap[5], pmkidline->macsta[0], pmkidline->macsta[1], pmkidline->macsta[2], pmkidline->macsta[3], pmkidline->macsta[4], pmkidline->macsta[5]); for(p = 0; p < pmkidline->essidlen; p++) fprintf(fh_pmkideapol, "%02x", pmkidline->essid[p]); fprintf(fh_pmkideapol, "***\n"); written++; return written; } /*===========================================================================*/ static void writepmkideapolpfile() { static int written; static FILE *fh_file; static intpmkid_t *zeiger; if((fh_file = fopen(pmkideapoloutname, "a")) == NULL) { fprintf(stderr, "failed to open PMKID file %s\n", pmkideapoloutname); return; } written = 0; zeiger = pmkidlist; for(zeiger = pmkidlist; zeiger < (pmkidlist +pmkidcount); zeiger++) { if((ouiapflag == true) && (memcmp(zeiger->macap, ouiap, 3) == 0)) { written = writepmkideapollinep(fh_file, zeiger, written); continue; } if((nicapflag == true) && (memcmp(&zeiger->macap[3], nicap, 3) == 0)) { written = writepmkideapollinep(fh_file, zeiger, written); continue; } if((macapflag == true) && (memcmp(zeiger->macap, macap, 6) == 0)) { written = writepmkideapollinep(fh_file, zeiger, written); continue; } if((vendorapflag == true) && (isvendorap(zeiger->macap) == true)) { written = writepmkideapollinep(fh_file, zeiger, written); continue; } if((ouistaflag == true) && (memcmp(zeiger->macsta, ouista, 3) == 0)) { written = writepmkideapollinep(fh_file, zeiger, written); continue; } if((nicstaflag == true) && (memcmp(&zeiger->macsta[3], nicsta, 3) == 0)) { written = writepmkideapollinep(fh_file, zeiger, written); continue; } if((macstaflag == true) && (memcmp(zeiger->macsta, macsta, 6) == 0)) { written = writepmkideapollinep(fh_file, zeiger, written); continue; } if((vendorapflag == true) && (isvendorsta(zeiger->macsta) == true)) { written = writepmkideapollinep(fh_file, zeiger, written); continue; } if((ouiapflag != true) && (nicapflag != true) && (macapflag != true) && (vendorapflag != true) && (ouistaflag != true) && (nicstaflag != true) && (macstaflag != true) && (vendorstaflag != true)) { written = writepmkideapollinep(fh_file, zeiger, written); continue; } } fclose(fh_file); printf("%d record(s) written to %s\n", written, basename(pmkideapoloutname)); return; } /*===========================================================================*/ static size_t chop(char *buffer, size_t len) { static char *ptr; ptr = buffer +len -1; while(len) { if (*ptr != '\n') break; *ptr-- = 0; len--; } while(len) { if (*ptr != '\r') break; *ptr-- = 0; len--; } return len; } /*---------------------------------------------------------------------------*/ static int fgetline(FILE *inputstream, size_t size, char *buffer) { static size_t len; static char *buffptr; if(feof(inputstream)) return -1; buffptr = fgets (buffer, size, inputstream); if(buffptr == NULL) return -1; len = strlen(buffptr); len = chop(buffptr, len); return len; } /*===========================================================================*/ static bool readpmkidfile() { static int len; static int aktread; static intpmkid_t *zeiger; static struct stat st; static FILE *fh_file; static char linein[PMKID_LINE_LEN]; if(stat(pmkidinname, &st) == -1) { perror("stat pmkid file failed\n"); return false; } pmkidlist = malloc(st.st_size +INTPMKID_SIZE); if(pmkidlist == NULL) { printf("failed to allocate memory\n"); return false; } if((fh_file = fopen(pmkidinname, "r")) == NULL) { fprintf(stderr, "failed to read PMKID file %s\n", pmkidinname); return false; } pmkidcount = 0; zeiger = pmkidlist; while(1) { memset(zeiger, 0, INTPMKID_SIZE); if((len = fgetline(fh_file, PMKID_LINE_LEN, linein)) == -1) { break; } if((len < 61) || ((len > 59 +(ESSID_LEN_MAX *2)))) { fprintf(stderr, "skipping line %d: %s\n", aktread, linein); aktread++; continue; } if((linein[32] == ':') && (linein[45] == ':') && (linein[58] == ':')) { separator = ':'; } else if((linein[32] == '*') && (linein[45] == '*') && (linein[58] == '*')) { separator = '*'; } else { fprintf(stderr, "skipping line %d: %s\n", aktread, linein); aktread++; continue; } if(hex2bin(&linein[0], zeiger->pmkid, 16) == false) { fprintf(stderr, "skipping line %d: %s:\n", aktread, linein); aktread++; continue; } if(hex2bin(&linein[33], zeiger->macap, 6) == false) { fprintf(stderr, "skipping line %d: %s:\n", aktread, linein); aktread++; continue; } if(hex2bin(&linein[46], zeiger->macsta, 6) == false) { fprintf(stderr, "skipping line %d: %s:\n", aktread, linein); aktread++; continue; } zeiger->essidlen = len -59; if((zeiger->essidlen == 0) || (zeiger->essidlen > 64) || ((zeiger->essidlen %2) != 0)) { fprintf(stderr, "skipping line %d: %s:\n", aktread, linein); aktread++; continue; } zeiger->essidlen = zeiger->essidlen /2; if(hex2bin(&linein[59], zeiger->essid, zeiger->essidlen) ==false) { fprintf(stderr, "skipping line %d: %s:\n", aktread, linein); aktread++; continue; } pmkidcount++; zeiger++; aktread++; } fclose(fh_file); if(pmkidcount > 0) { qsort(pmkidlist, pmkidcount, INTPMKID_SIZE, sort_intpmkid_by_macap); } printf("%d record(s) read from %s\n", pmkidcount, pmkidinname); return true; } /*===========================================================================*/ static void readouifile() { static int len; static int uid; struct passwd *pwd; static intoui_t *zeiger; static struct stat st; static FILE *fh_file; static char *ouiname = NULL; static char *vendorname = NULL; static char *ouinameuser = "/.hcxtools/oui.txt"; static char *ouinamesystemwide = "/usr/share/ieee-data/oui.txt"; static char ouinameuserhome[PATH_MAX +1]; static char linein[OUI_LINE_LEN]; if(stat(ouinamesystemwide, &st) == 0) { ouiname = ouinamesystemwide; } uid = getuid(); pwd = getpwuid(uid); if(pwd != NULL) { strncpy(ouinameuserhome, pwd->pw_dir, PATH_MAX); strncat(ouinameuserhome, ouinameuser, PATH_MAX); if(stat(ouinameuserhome, &st) == 0) { ouiname = ouinameuserhome; } } if(ouiname == NULL) { printf("no oui file found\n"); return; } printf("using oui from %s\n", ouiname); ouilist = malloc(st.st_size +INTOUI_SIZE); if(ouilist == NULL) { printf("failed to allocate memory\n"); return; } if((fh_file = fopen(ouiname, "r")) == NULL) { fprintf(stderr, "failed to read OUI file %s\n", ouiname); return; } ouicount = 0; zeiger = ouilist; while(1) { memset(zeiger, 0, INTOUI_SIZE); if((len = fgetline(fh_file, OUI_LINE_LEN, linein)) == -1) { break; } if(strstr(linein, "(base 16)") == NULL) { continue; } if(hex2bin(&linein[0], zeiger->oui, 3) == false) { continue; } vendorname = strrchr(linein, '\t'); if(vendorname == NULL) { continue; } strncpy(zeiger->vendor, vendorname, OUI_LINE_LEN -1); ouicount++; zeiger++; } fclose(fh_file); if(ouicount > 0) { qsort(ouilist, ouicount, INTOUI_SIZE, sort_intoui_by_oui); } return; } /*===========================================================================*/ __attribute__ ((noreturn)) static void version(char *eigenname) { printf("%s %s (C) %s ZeroBeat\n", eigenname, VERSION_TAG, VERSION_YEAR); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) static void usage(char *eigenname) { printf("%s %s (C) %s ZeroBeat\n" "usage:\n" "%s \n" "\n" "options:\n" "-o : filter access point by OUI\n" "-n : filter access point by NIC\n" "-m : filter access point by MAC\n" "-a : filter access point by VENDOR name\n" "-O : filter client by OUI\n" "-N : filter client by NIC\n" "-M : filter client by MAC\n" "-A : filter client by VENDOR name\n" "-h : show this help\n" "-v : show version\n" "\n" "--pmkideapolout= : output PMKID/EAPOL hash line (22000 format)\n" "--pmkidin= : input PMKID file\n" "--pmkidout= : output PMKID file\n" "--hccapxin= : input HCCAPX file\n" "--hccapxout= : output HCCAPX file\n" "--help : show this help\n" "--version : show version\n" "\n", eigenname, VERSION_TAG, VERSION_YEAR, eigenname); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) static void usageerror(char *eigenname) { printf("%s %s (C) %s by ZeroBeat\n" "usage: %s -h for help\n", eigenname, VERSION_TAG, VERSION_YEAR, eigenname); exit(EXIT_FAILURE); } /*===========================================================================*/ int main(int argc, char *argv[]) { static int auswahl; static int index; unsigned long long int macinput; static const char *short_options = "e:E:l:o:n:m:a:O:N:M:A:hv"; static const struct option long_options[] = { {"pmkideapolout", required_argument, NULL, HCXD_PMKIDEAPOL_OUT}, {"pmkidin", required_argument, NULL, HCXD_PMKID_IN}, {"pmkidout", required_argument, NULL, HCXD_PMKID_OUT}, {"hccapxin", required_argument, NULL, HCXD_HCCAPX_IN}, {"hccapxout", required_argument, NULL, HCXD_HCCAPX_OUT}, {"version", no_argument, NULL, HCXD_VERSION}, {"help", no_argument, NULL, HCXD_HELP}, {NULL, 0, NULL, 0} }; auswahl = -1; index = 0; optind = 1; optopt = 0; while((auswahl = getopt_long (argc, argv, short_options, long_options, &index)) != -1) { switch (auswahl) { case HCXD_PMKIDEAPOL_OUT: pmkideapoloutname = optarg; break; case HCXD_PMKID_IN: pmkidinname = optarg; break; case HCXD_PMKID_OUT: pmkidoutname = optarg; break; case HCXD_HCCAPX_IN: hccapxinname = optarg; break; case HCXD_HCCAPX_OUT: hccapxoutname = optarg; break; case HCXD_FILTER_OUI_AP: if(strlen(optarg) != 6) { fprintf(stderr, "wrong OUI format (allowed: 112233)\n"); exit(EXIT_FAILURE); } macinput = strtoull(optarg, NULL, 16); ouiap[2] = macinput & 0xff; ouiap[1] = (macinput >> 8) & 0xff; ouiap[0] = (macinput >> 16) & 0xff; ouiapflag = true; break; case HCXD_FILTER_NIC_AP: if(strlen(optarg) != 6) { fprintf(stderr, "wrong OUI format (allowed: 112233)\n"); exit(EXIT_FAILURE); } macinput = strtoull(optarg, NULL, 16); nicap[2] = macinput & 0xff; nicap[1] = (macinput >> 8) & 0xff; nicap[0] = (macinput >> 16) & 0xff; nicapflag = true; break; case HCXD_FILTER_MAC_AP: if(strlen(optarg) != 12) { fprintf(stderr, "wrong OUI format (allowed: 112233445566)\n"); exit(EXIT_FAILURE); } macinput = strtoull(optarg, NULL, 16); macap[5] = macinput & 0xff; macap[4] = (macinput >> 8) & 0xff; macap[3] = (macinput >> 16) & 0xff; macap[2] = (macinput >> 24) & 0xff; macap[1] = (macinput >> 32) & 0xff; macap[0] = (macinput >> 40) & 0xff; macapflag = true; break; case HCXD_FILTER_VENDOR_AP: vendorapname = optarg; vendorapflag = true; break; case HCXD_FILTER_OUI_STA: if(strlen(optarg) != 6) { fprintf(stderr, "wrong OUI format (allowed: 112233)\n"); exit(EXIT_FAILURE); } macinput = strtoull(optarg, NULL, 16); ouista[2] = macinput & 0xff; ouista[1] = (macinput >> 8) & 0xff; ouista[0] = (macinput >> 16) & 0xff; ouistaflag = true; break; case HCXD_FILTER_NIC_STA: if(strlen(optarg) != 6) { fprintf(stderr, "wrong OUI format (allowed: 112233)\n"); exit(EXIT_FAILURE); } macinput = strtoull(optarg, NULL, 16); nicsta[2] = macinput & 0xff; nicsta[1] = (macinput >> 8) & 0xff; nicsta[0] = (macinput >> 16) & 0xff; nicstaflag = true; break; case HCXD_FILTER_MAC_STA: if(strlen(optarg) != 12) { fprintf(stderr, "wrong OUI format (allowed: 112233445566)\n"); exit(EXIT_FAILURE); } macinput = strtoull(optarg, NULL, 16); macsta[5] = macinput & 0xff; macsta[4] = (macinput >> 8) & 0xff; macsta[3] = (macinput >> 16) & 0xff; macsta[2] = (macinput >> 24) & 0xff; macsta[1] = (macinput >> 32) & 0xff; macsta[0] = (macinput >> 40) & 0xff; macstaflag = true; break; case HCXD_FILTER_VENDOR_STA: vendorstaname = optarg; vendorstaflag = true; break; case HCXD_HELP: usage(basename(argv[0])); break; case HCXD_VERSION: version(basename(argv[0])); break; case '?': usageerror(basename(argv[0])); break; } } if(argc < 2) { fprintf(stderr, "no option selected\n"); return EXIT_SUCCESS; } readouifile(); if(((vendorapflag == true) || (vendorstaflag == true)) && (ouicount == 0)) { fprintf(stderr, "VENDOR requested, but no OUI file found)\n"); globalclose(); exit(EXIT_FAILURE); } if(pmkidinname != NULL) { readpmkidfile(); } if(hccapxinname != NULL) { readhccapxfile(); } if((pmkideapoloutname != NULL) && (pmkidcount > 0)) { writepmkideapolpfile(); } if((pmkideapoloutname != NULL) && (hccapxcount > 0)) { writepmkideapolefile(); } if((pmkidoutname != NULL) && (pmkidcount > 0)) { writepmkidfile(); } if((hccapxoutname != NULL) && (hccapxcount > 0)) { writehccapxfile(); } globalclose(); return EXIT_SUCCESS; } /*===========================================================================*/ hcxtools-6.2.7/hcxpcapngtool.c000066400000000000000000007274741423200176400164320ustar00rootroot00000000000000#define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #if defined (__APPLE__) || defined(__OpenBSD__) #include #include #else #include #endif #ifdef __linux__ #include #endif #if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ #define BIG_ENDIAN_HOST #endif #include "include/hcxpcapngtool.h" #include "include/ieee80211.c" #include "include/strings.c" #include "include/byteops.c" #include "include/fileops.c" #include "include/hashops.c" #include "include/pcap.c" #include "include/gzops.c" /*===========================================================================*/ struct hccap_s { char essid[36]; unsigned char ap[6]; unsigned char client[6]; unsigned char snonce[32]; unsigned char anonce[32]; unsigned char eapol[256]; int eapol_size; int keyver; unsigned char keymic[16]; }; typedef struct hccap_s hccap_t; #define HCCAP_SIZE (sizeof(hccap_t)) /*===========================================================================*/ struct hccapx_s { uint32_t signature; #define HCCAPX_SIGNATURE 0x58504348 uint32_t version; #define HCCAPX_VERSION 4 uint8_t message_pair; uint8_t essid_len; uint8_t essid[32]; uint8_t keyver; uint8_t keymic[16]; uint8_t ap[6]; uint8_t anonce[32]; uint8_t client[6]; uint8_t snonce[32]; uint16_t eapol_len; uint8_t eapol[256]; } __attribute__((packed)); typedef struct hccapx_s hccapx_t; #define HCCAPX_SIZE (sizeof(hccapx_t)) /*===========================================================================*/ /*===========================================================================*/ /* global var */ static maclist_t *aplist, *aplistptr; static messagelist_t *messagelist; static handshakelist_t *handshakelist, *handshakelistptr; static pmkidlist_t *pmkidlist, *pmkidlistptr; static eapmd5msglist_t *eapmd5msglist; static eapmd5hashlist_t *eapmd5hashlist, *eapmd5hashlistptr; static eapleaphashlist_t *eapleaphashlist, *eapleaphashlistptr; static eapleapmsglist_t *eapleapmsglist; static eapmschapv2hashlist_t *eapmschapv2hashlist, *eapmschapv2hashlistptr; static eapmschapv2msglist_t *eapmschapv2msglist; static tacacsplist_t *tacacsplist, *tacacsplistptr; static char *jtrbasenamedeprecated; static FILE *fh_pmkideapol; static FILE *fh_eapmd5; static FILE *fh_eapmd5john; static FILE *fh_eapleap; static FILE *fh_tacacsp; static FILE *fh_essid; static FILE *fh_essidproberequest; static FILE *fh_deviceinfo; static FILE *fh_identity; static FILE *fh_username; static FILE *fh_nmea; static FILE *fh_csv; static FILE *fh_raw_out; static FILE *fh_log; static FILE *fh_pmkideapoljtrdeprecated; static FILE *fh_pmkiddeprecated; static FILE *fh_hccapxdeprecated; static FILE *fh_hccapdeprecated; static int maclistmax; static int handshakelistmax; static int pmkidlistmax; static int eapmd5hashlistmax; static int eapleaphashlistmax; static int eapmschapv2hashlistmax; static int tacacsplistmax; static int fd_pcap; static int gzipstat; static int pcapngstat; static int capstat; static int pcapngstat; static int endianess; static uint16_t versionmajor; static uint16_t versionminor; static int opensslversionmajor; static int opensslversionminor; static uint32_t iface; static uint32_t dltlinktype[MAX_INTERFACE_ID +1]; static uint32_t timeresolval[MAX_INTERFACE_ID +1]; static long int radiotaperrorcount; static long int nmeacount; static long int nmeaerrorcount; static long int rawpacketcount; static long int pcapreaderrors; static long int skippedpacketcount; static long int zeroedtimestampcount; static long int fcsframecount; static long int band24count; static long int band5count; static long int band6count; static long int wdscount; static long int actioncount; static long int actionessidcount; static long int awdlcount; static long int beaconcount; static long int beaconssidunsetcount; static long int beaconssidzeroedcount; static long int beaconssidoversizedcount; static long int beaconhcxcount; static long int beaconerrorcount; static long int broadcastmacerrorcount; static long int pagcount; static long int proberesponsecount; static long int proberesponsessidunsetcount; static long int proberesponsessidzeroedcount; static long int proberequestcount; static long int proberequestdirectedcount; static long int mgtreservedcount; static long int deauthenticationcount; static long int disassociationcount; static long int authenticationcount; static long int authopensystemcount; static long int authseacount; static long int authsharedkeycount; static long int authfbtcount; static long int authfilscount; static long int authfilspfs; static long int authfilspkcount; static long int authnetworkeapcount; static long int authunknowncount; static long int associationrequestcount; static long int associationrequestpskcount; static long int associationrequestftpskcount; static long int associationrequestpsk256count; static long int associationrequestsae256count; static long int associationrequestsae384bcount; static long int associationrequestowecount; static long int reassociationrequestcount; static long int reassociationrequestpskcount; static long int reassociationrequestftpskcount; static long int reassociationrequestpsk256count; static long int reassociationrequestsae256count; static long int reassociationrequestsae384bcount; static long int reassociationrequestowecount; static long int ipv4count; static long int icmp4count; static long int ipv6count; static long int icmp6count; static long int tcpcount; static long int udpcount; static long int grecount; static long int protochapcount; static long int protochapreqcount; static long int protochaprespcount; static long int protochapsuccesscount; static long int protopapcount; static long int tacacspcount; static long int tacacspwrittencount; static long int wepenccount; static long int wpaenccount; static long int eapcount; static long int eapsimcount; static long int eapakacount; static long int eappeapcount; static long int eapmd5count; static long int eapmd5hashcount; static long int eapleapcount; static long int eapleaphashcount; static long int eapmschapv2count; static long int eapmschapv2hashcount; static long int eaptlscount; static long int eapexpandedcount; static long int eapidcount; static long int eapcodereqcount; static long int eapcoderespcount; static long int zeroedpmkidpskcount; static long int zeroedpmkidpmkcount; static long int zeroedeapolpskcount; static long int zeroedeapolpmkcount; static long int zeroedeapolpskcount; static long int pmkidcount; static long int pmkidbestcount; static long int pmkidroguecount; static long int pmkiduselesscount; static long int pmkidwrittenhcount; static long int pmkidwrittenjcountdeprecated; static long int pmkidwrittencountdeprecated; static long int eapolrc4count; static long int eapolrsncount; static long int eapolwpacount; static long int eapolmsgcount; static long int eapolnccount; static long int eapolmsgerrorcount; static long int eapolmsgtimestamperrorcount; static long int eapolmpcount; static long int eapolmpbestcount; static long int eapolm1count; static long int eapolm1kdv0count; static long int eapolm1ancount; static long int eapolm1errorcount; static long int eapolm2count; static long int eapolm2kdv0count; static long int eapolm2ftpskcount; static long int eapolm2errorcount; static long int eapolm3count; static long int eapolm3kdv0count; static long int eapolm3errorcount; static long int eapolm4count; static long int eapolm4kdv0count; static long int eapolm4errorcount; static long int eapolwrittencount; static long int eapolncwrittencount; static long int eapolaplesscount; static long int eapolwrittenjcountdeprecated; static long int eapolwrittenhcpxcountdeprecated; static long int eapolncwrittenhcpxcountdeprecated; static long int eapolwrittenhcpcountdeprecated; static long int eapolm12e2count; static long int eapolm14e4count; static long int eapolm32e2count; static long int eapolm32e3count; static long int eapolm34e3count; static long int eapolm34e4count; static long int eapmd5writtencount; static long int eapmd5johnwrittencount; static long int eapleapwrittencount; static long int eapmschapv2writtencount; static long int identitycount; static long int usernamecount; static uint64_t rcgapmax; static long int taglenerrorcount; static long int essidcount; static long int essiderrorcount; static long int deviceinfocount; static long int sequenceerrorcount; static long int essiddupemax; static long int malformedcount; static uint64_t timestampstart; static uint64_t timestampmin; static uint64_t timestampmax; static uint64_t eaptimegapmax; static uint64_t captimestampold; static uint64_t eapoltimeoutvalue; static uint64_t ncvalue; static int essidsvalue; static uint16_t frequency; static int nmealen; static bool ignoreieflag; static bool donotcleanflag; static bool ancientdumpfileformat; static bool radiotappresent; static const uint8_t fakenonce1[] = { 0x07, 0xbc, 0x92, 0xea, 0x2f, 0x5a, 0x1e, 0xe2, 0x54, 0xf6, 0xb1, 0xb7, 0xe0, 0xaa, 0xd3, 0x53, 0xf4, 0x5b, 0x0a, 0xac, 0xf9, 0xc9, 0x90, 0x2f, 0x90, 0xd8, 0x78, 0x80, 0xb7, 0x03, 0x0a, 0x20 }; static const uint8_t fakenonce2[] = { 0x95, 0x30, 0xd1, 0xc7, 0xc3, 0x55, 0xb9, 0xab, 0xe6, 0x83, 0xd6, 0xf3, 0x7e, 0xcb, 0x78, 0x02, 0x75, 0x1f, 0x53, 0xcc, 0xb5, 0x81, 0xd1, 0x52, 0x3b, 0xb4, 0xba, 0xad, 0x23, 0xab, 0x01, 0x07 }; static char rssi; static int interfacechannel; static uint8_t myaktap[6]; static uint8_t myaktclient[6]; static uint8_t myaktanonce[32]; static uint8_t myaktsnonce[32]; static uint64_t myaktreplaycount; static char pcapnghwinfo[OPTIONLEN_MAX]; static char pcapngosinfo[OPTIONLEN_MAX]; static char pcapngapplinfo[OPTIONLEN_MAX]; static char pcapngoptioninfo[OPTIONLEN_MAX]; static char pcapngweakcandidate[OPTIONLEN_MAX]; static uint8_t pcapngdeviceinfo[6]; static uint8_t pcapngtimeresolution; static char nmeasentence[OPTIONLEN_MAX]; static char gpwplold[OPTIONLEN_MAX]; static char zeroedpsk[8]; static uint8_t zeroedpmk[32]; static uint8_t calculatedpmk[32]; static uint16_t usedfrequency[0xffff]; static uint8_t beaconchannel[CHANNEL_MAX]; /*===========================================================================*/ /* static inline void debugprint(int len, uint8_t *ptr) { static int p; fprintf(stdout, "\nRAW: "); for(p = 0; p < len; p++) { fprintf(stdout, "%02x", ptr[p]); } fprintf(stdout, "\n"); return; } */ /*===========================================================================*/ static void closelists() { if(aplist != NULL) free(aplist); if(messagelist != NULL) free(messagelist); if(handshakelist != NULL) free(handshakelist); if(pmkidlist != NULL) free(pmkidlist); if(eapmd5msglist != NULL) free(eapmd5msglist); if(eapmd5hashlist != NULL) free(eapmd5hashlist); if(eapleapmsglist != NULL) free(eapleapmsglist); if(eapleaphashlist != NULL) free(eapleaphashlist); if(eapmschapv2msglist != NULL) free(eapmschapv2msglist); if(eapmschapv2hashlist != NULL) free(eapmschapv2hashlist); if(tacacsplist != NULL) free(tacacsplist); EVP_cleanup(); CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); return; } /*===========================================================================*/ static bool initlists() { static unsigned long opensslversion; static const char nastring[] = { "N/A" }; ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); opensslversion = OpenSSL_version_num(); opensslversionmajor = (opensslversion & 0x10000000L) >> 28; opensslversionminor = (opensslversion & 0x01100000L) >> 20; maclistmax = MACLIST_MAX; if((aplist = (maclist_t*)calloc((maclistmax +1), MACLIST_SIZE)) == NULL) return false; aplistptr = aplist; if((messagelist = (messagelist_t*)calloc((MESSAGELIST_MAX +1), MESSAGELIST_SIZE)) == NULL) return false; handshakelistmax = HANDSHAKELIST_MAX; if((handshakelist = (handshakelist_t*)calloc((handshakelistmax +1), HANDSHAKELIST_SIZE)) == NULL) return false; handshakelistptr = handshakelist; pmkidlistmax = PMKIDLIST_MAX; if((pmkidlist = (pmkidlist_t*)calloc((pmkidlistmax +1),PMKIDLIST_SIZE)) == NULL) return false; pmkidlistptr = pmkidlist; if((eapmd5msglist = (eapmd5msglist_t*)calloc((EAPMD5MSGLIST_MAX +1), EAPMD5MSGLIST_SIZE)) == NULL) return false; eapmd5hashlistmax = EAPMD5HASHLIST_MAX; if((eapmd5hashlist = (eapmd5hashlist_t*)calloc((eapmd5hashlistmax +1), EAPMD5HASHLIST_SIZE)) == NULL) return false; eapmd5hashlistptr = eapmd5hashlist; if((eapleapmsglist = (eapleapmsglist_t*)calloc((EAPLEAPMSGLIST_MAX +1), EAPLEAPMSGLIST_SIZE)) == NULL) return false; eapleaphashlistmax = EAPLEAPHASHLIST_MAX; if((eapleaphashlist = (eapleaphashlist_t*)calloc((eapleaphashlistmax +1), EAPLEAPHASHLIST_SIZE)) == NULL) return false; eapleaphashlistptr = eapleaphashlist; if((eapmschapv2msglist = (eapmschapv2msglist_t*)calloc((EAPMSCHAPV2MSGLIST_MAX +1), EAPMSCHAPV2MSGLIST_SIZE)) == NULL) return false; eapmschapv2hashlistmax = EAPMSCHAPV2HASHLIST_MAX; if((eapmschapv2hashlist = (eapmschapv2hashlist_t*)calloc((eapmschapv2hashlistmax +1), EAPMSCHAPV2HASHLIST_SIZE)) == NULL) return false; eapmschapv2hashlistptr = eapmschapv2hashlist; tacacsplistmax = TACACSPLIST_MAX; if((tacacsplist = (tacacsplist_t*)calloc((TACACSPLIST_MAX +1), TACACSPLIST_SIZE)) == NULL) return false; tacacsplistptr = tacacsplist; memset(&pcapnghwinfo, 0, OPTIONLEN_MAX); memset(&pcapngosinfo, 0, OPTIONLEN_MAX); memset(&pcapngapplinfo, 0, OPTIONLEN_MAX); memset(&pcapngoptioninfo, 0, OPTIONLEN_MAX); memset(&pcapngweakcandidate, 0 ,OPTIONLEN_MAX); memset(&pcapngdeviceinfo, 0 ,6); pcapngtimeresolution = TSRESOL_USEC; memset(&myaktap, 0 ,6); memset(&myaktclient, 0 ,6); memset(&nmeasentence, 0, OPTIONLEN_MAX); memset(&gpwplold, 0, OPTIONLEN_MAX); memcpy(&pcapnghwinfo, nastring, 3); memcpy(&pcapngosinfo, nastring, 3); memcpy(&pcapngapplinfo, nastring, 3); memcpy(&pcapngoptioninfo, nastring, 3); memcpy(&pcapngweakcandidate, nastring, 3); radiotaperrorcount = 0; nmeacount = 0; nmeaerrorcount = 0; endianess = 0; rawpacketcount = 0; pcapreaderrors = 0; skippedpacketcount = 0; zeroedtimestampcount = 0; fcsframecount = 0; band24count = 0; band5count = 0; band6count = 0; wdscount = 0; actioncount = 0; actionessidcount = 0; awdlcount = 0; beaconcount = 0; beaconssidunsetcount = 0; beaconssidzeroedcount = 0; beaconssidoversizedcount = 0; beaconhcxcount = 0; beaconerrorcount = 0; broadcastmacerrorcount = 0; pagcount = 0; proberesponsecount = 0; proberesponsessidunsetcount = 0; proberesponsessidzeroedcount = 0; proberequestcount = 0; proberequestdirectedcount = 0; mgtreservedcount = 0; deauthenticationcount = 0; disassociationcount = 0; authenticationcount = 0; authopensystemcount = 0; authseacount = 0; authsharedkeycount = 0; authfbtcount = 0; authfilscount = 0; authfilspfs = 0; authfilspkcount = 0; authnetworkeapcount = 0; authunknowncount = 0; associationrequestcount = 0; associationrequestpskcount = 0; associationrequestftpskcount = 0; associationrequestpsk256count = 0; associationrequestsae256count = 0; associationrequestsae384bcount = 0; associationrequestowecount = 0; reassociationrequestcount = 0; reassociationrequestpskcount = 0; reassociationrequestpsk256count = 0; reassociationrequestsae256count = 0; reassociationrequestsae384bcount = 0; reassociationrequestowecount = 0; ipv4count = 0; icmp4count = 0; ipv6count = 0; icmp6count = 0; tcpcount = 0; udpcount = 0; grecount = 0; protochapcount = 0; protochapreqcount = 0; protochaprespcount = 0; protochapsuccesscount = 0; protopapcount = 0; tacacspcount = 0; tacacspwrittencount = 0; wepenccount = 0; wpaenccount = 0; eapcount = 0; eapsimcount = 0; eapakacount = 0; eappeapcount = 0; eapmd5count = 0; eapmd5hashcount = 0; eapleapcount = 0; eapleaphashcount = 0; eapmschapv2count = 0; eapmschapv2hashcount = 0; eaptlscount = 0; eapexpandedcount = 0; eapidcount = 0; eapcodereqcount = 0; eapcoderespcount = 0; zeroedpmkidpskcount = 0; zeroedpmkidpmkcount = 0; zeroedeapolpskcount = 0; zeroedeapolpmkcount = 0; pmkidcount = 0; pmkidbestcount = 0; pmkidroguecount = 0; pmkiduselesscount = 0; pmkidwrittenhcount = 0; eapolwrittenjcountdeprecated = 0; pmkidwrittenjcountdeprecated = 0; pmkidwrittencountdeprecated = 0; eapolrc4count = 0; eapolrsncount = 0; eapolwpacount = 0; eapolmsgcount = 0; eapolnccount = 0; eapolmsgerrorcount = 0; eapolmsgtimestamperrorcount = 0; eapolmpbestcount = 0; eapolmpcount = 0; eapolm1count = 0; eapolm1kdv0count = 0; eapolm1ancount = 0; eapolm1errorcount = 0; eapolm2count = 0; eapolm2kdv0count = 0; eapolm2ftpskcount = 0; eapolm2errorcount = 0; eapolm3count = 0; eapolm3kdv0count = 0; eapolm3errorcount = 0; eapolm4count = 0; eapolm4kdv0count = 0; eapolm4errorcount = 0; eapolwrittencount = 0; eapolncwrittencount = 0; eapolaplesscount = 0; eapolwrittenjcountdeprecated = 0; eapolwrittenhcpxcountdeprecated = 0; eapolwrittenhcpcountdeprecated = 0; eapolm12e2count = 0; eapolm14e4count = 0; eapolm32e2count = 0; eapolm32e3count = 0; eapolm34e3count = 0; eapolm34e4count = 0; eapmd5writtencount = 0; eapmd5johnwrittencount = 0; eapleapwrittencount = 0; eapmschapv2writtencount = 0; identitycount = 0; usernamecount = 0; taglenerrorcount = 0; essidcount = 0; essiderrorcount = 0; deviceinfocount = 0; sequenceerrorcount = 0; essiddupemax = 0; rcgapmax = 0; eaptimegapmax = 0; malformedcount = 0; timestampmin = 0; timestampmax = 0; timestampstart = 0; captimestampold = 0; memset(&zeroedpsk, 0, 8); memset(&zeroedpmk, 0, 32); memset(&beaconchannel, 0, sizeof(beaconchannel)); memset(&usedfrequency, 0, sizeof(usedfrequency)); return true; } /*===========================================================================*/ static void printcontentinfo() { static int c; static uint8_t i; static uint16_t p; if(nmeacount > 0) fprintf(stdout, "NMEA sentence............................: %ld\n", nmeacount); if(nmeaerrorcount > 0) fprintf(stdout, "NMEA sentence checksum errors............: %ld\n", nmeaerrorcount); if(endianess == 0) fprintf(stdout, "endianess (capture system)...............: little endian\n"); else fprintf(stdout, "endianess (capture system)...............: big endian\n"); if(rawpacketcount > 0) fprintf(stdout, "packets inside...........................: %ld\n", rawpacketcount); if(skippedpacketcount > 0) fprintf(stdout, "skipped packets..........................: %ld\n", skippedpacketcount); if(fcsframecount > 0) fprintf(stdout, "frames with correct FCS..................: %ld\n", fcsframecount); if(band24count > 0) fprintf(stdout, "packets received on 2.4 GHz..............: %ld\n", band24count); if(band5count > 0) fprintf(stdout, "packets received on 5 GHz................: %ld\n", band5count); if(band6count > 0) fprintf(stdout, "packets received on 6 GHz................: %ld\n", band6count); if(wdscount > 0) fprintf(stdout, "WIRELESS DISTRIBUTION SYSTEM.............: %ld\n", wdscount); if(deviceinfocount > 0) fprintf(stdout, "frames containing device information.....: %ld\n", deviceinfocount); if(essidcount > 0) fprintf(stdout, "ESSID (total unique).....................: %ld\n", essidcount); if(essiddupemax > 0) { if((essidsvalue > 1) || (donotcleanflag == true)) fprintf(stdout, "ESSID changes (detected maximum).........: %ld\n", essiddupemax); else fprintf(stdout, "ESSID changes (detected maximum).........: %ld (information: option --max-essids=%ld and --all recommended)\n", essiddupemax, essiddupemax +1); } if(beaconcount > 0) { fprintf(stdout, "BEACON (total)...........................: %ld\n", beaconcount); if((beaconchannel[0] &GHZ24) == GHZ24) { fprintf(stdout, "BEACON on 2.4 GHz channel (from IE_TAG)..: "); for(i = 1; i <= 14; i++) { if(beaconchannel[i] != 0) fprintf(stdout, "%d ", i); } fprintf(stdout, "\n"); } if((beaconchannel[0] &GHZ5) == GHZ5) { fprintf(stdout, "BEACON on 5/6 GHz channel (from IE-TAG)..: "); for(i = 15; i < CHANNEL_MAX; i++) { if(beaconchannel[i] != 0) fprintf(stdout, "%d ", i); } fprintf(stdout, "\n"); } } if(beaconssidunsetcount > 0) fprintf(stdout, "BEACON (SSID wildcard/unset).............: %ld\n", beaconssidunsetcount); if(beaconssidzeroedcount > 0) fprintf(stdout, "BEACON (SSID zeroed).....................: %ld\n", beaconssidzeroedcount); if(beaconssidoversizedcount > 0) fprintf(stdout, "BEACON (oversized SSID length)...........: %ld\n", beaconssidoversizedcount); if(pagcount > 0) fprintf(stdout, "BEACON (pwnagotchi)......................: %ld\n", pagcount); if(beaconhcxcount > 0) fprintf(stdout, "BEACON (hcxhash2cap).....................: %ld\n", beaconhcxcount); if(actioncount > 0) fprintf(stdout, "ACTION (total)...........................: %ld\n", actioncount); if(actionessidcount > 0) fprintf(stdout, "ACTION (containing ESSID)................: %ld\n", actionessidcount); if(awdlcount > 0) fprintf(stdout, "AWDL (Apple Wireless Direct Link)........: %ld\n", awdlcount); if(proberequestcount > 0) fprintf(stdout, "PROBEREQUEST.............................: %ld\n", proberequestcount); if(proberequestdirectedcount > 0) fprintf(stdout, "PROBEREQUEST (directed)..................: %ld\n", proberequestdirectedcount); if(proberesponsecount > 0) fprintf(stdout, "PROBERESPONSE (total)....................: %ld\n", proberesponsecount); if(proberesponsessidunsetcount > 0) fprintf(stdout, "PROBERESPONSE (SSID unset)...............: %ld\n", proberesponsessidunsetcount); if(proberesponsessidzeroedcount > 0) fprintf(stdout, "PROBERESPONSE (SSID zeroed)..............: %ld\n", proberesponsessidzeroedcount); if(deauthenticationcount > 0) fprintf(stdout, "DEAUTHENTICATION (total).................: %ld\n", deauthenticationcount); if(disassociationcount > 0) fprintf(stdout, "DISASSOCIATION (total)...................: %ld\n", disassociationcount); if(authenticationcount > 0) fprintf(stdout, "AUTHENTICATION (total)...................: %ld\n", authenticationcount); if(authopensystemcount > 0) fprintf(stdout, "AUTHENTICATION (OPEN SYSTEM).............: %ld\n", authopensystemcount); if(authseacount > 0) fprintf(stdout, "AUTHENTICATION (SAE).....................: %ld\n", authseacount); if(authsharedkeycount > 0) fprintf(stdout, "AUTHENTICATION (SHARED KEY)..............: %ld\n", authsharedkeycount); if(authfbtcount > 0) fprintf(stdout, "AUTHENTICATION (FBT).....................: %ld\n", authfbtcount); if(authfilscount > 0) fprintf(stdout, "AUTHENTICATION (FILS)....................: %ld\n", authfilscount); if(authfilspfs > 0) fprintf(stdout, "AUTHENTICATION (FILS PFS)................: %ld\n", authfilspfs); if(authfilspkcount > 0) fprintf(stdout, "AUTHENTICATION (FILS PK..................: %ld\n", authfilspkcount); if(authnetworkeapcount > 0) fprintf(stdout, "AUTHENTICATION (NETWORK EAP).............: %ld\n", authnetworkeapcount); if(authunknowncount > 0) fprintf(stdout, "AUTHENTICATION (unknown).................: %ld\n", authunknowncount); if(associationrequestcount > 0) fprintf(stdout, "ASSOCIATIONREQUEST (total)...............: %ld\n", associationrequestcount); if(associationrequestpskcount > 0) fprintf(stdout, "ASSOCIATIONREQUEST (PSK).................: %ld\n", associationrequestpskcount); if(associationrequestftpskcount > 0) fprintf(stdout, "ASSOCIATIONREQUEST (FT using PSK)........: %ld\n", associationrequestftpskcount); if(associationrequestpsk256count > 0) fprintf(stdout, "ASSOCIATIONREQUEST (PSK SHA256)..........: %ld\n", associationrequestpsk256count); if(associationrequestsae256count > 0) fprintf(stdout, "ASSOCIATIONREQUEST (SAE SHA256)..........: %ld\n", associationrequestsae256count); if(associationrequestsae384bcount > 0) fprintf(stdout, "ASSOCIATIONREQUEST (SAE SHA384 SUITE B)..: %ld\n", associationrequestsae384bcount); if(associationrequestowecount > 0) fprintf(stdout, "ASSOCIATIONREQUEST (OWE).................: %ld\n", associationrequestowecount); if(reassociationrequestcount > 0) fprintf(stdout, "REASSOCIATIONREQUEST (total).............: %ld\n", reassociationrequestcount); if(reassociationrequestpskcount > 0) fprintf(stdout, "REASSOCIATIONREQUEST (PSK)...............: %ld\n", reassociationrequestpskcount); if(reassociationrequestftpskcount > 0) fprintf(stdout, "REASSOCIATIONREQUEST (FT using PSK)......: %ld\n", reassociationrequestftpskcount); if(reassociationrequestpsk256count > 0) fprintf(stdout, "REASSOCIATIONREQUEST (PSK SHA256)........: %ld\n", reassociationrequestpsk256count); if(reassociationrequestsae256count > 0) fprintf(stdout, "REASSOCIATIONREQUEST (SAE SHA256)........: %ld\n", reassociationrequestsae256count); if(reassociationrequestsae384bcount > 0)fprintf(stdout, "REASSOCIATIONREQUEST (SAE SHA384 SUITE B): %ld\n", reassociationrequestsae384bcount); if(reassociationrequestowecount > 0) fprintf(stdout, "REASSOCIATIONREQUEST (OWE)...............: %ld\n", reassociationrequestowecount); if(mgtreservedcount > 0) fprintf(stdout, "RESERVED MANAGEMENT frame................: %ld\n", mgtreservedcount); if(wpaenccount > 0) fprintf(stdout, "WPA encrypted............................: %ld\n", wpaenccount); if(wepenccount > 0) fprintf(stdout, "WEP encrypted............................: %ld\n", wepenccount); if(ipv4count > 0) fprintf(stdout, "IPv4 (total).............................: %ld\n", ipv4count); if(icmp4count > 0) fprintf(stdout, "ICMPv4...................................: %ld\n", icmp4count); if(ipv6count > 0) fprintf(stdout, "IPv6 (total).............................: %ld\n", ipv6count); if(icmp6count > 0) fprintf(stdout, "ICMPv6...................................: %ld\n", icmp6count); if(tcpcount > 0) fprintf(stdout, "TCP (total)..............................: %ld\n", tcpcount); if(udpcount > 0) fprintf(stdout, "UDP (total)..............................: %ld\n", udpcount); if(grecount > 0) fprintf(stdout, "GRE (total)..............................: %ld\n", grecount); if(protochapcount > 0) fprintf(stdout, "PPP-CHAP (total).........................: %ld\n", protochapcount); if(protochapreqcount > 0) fprintf(stdout, "PPP-CHAP request.........................: %ld\n", protochapreqcount); if(protochaprespcount > 0) fprintf(stdout, "PPP-CHAP response........................: %ld\n", protochaprespcount); if(protochapsuccesscount > 0) fprintf(stdout, "PPP-CHAP success.........................: %ld\n", protochapsuccesscount); if(protopapcount > 0) fprintf(stdout, "PPP-PAP..................................: %ld\n", protopapcount); if(tacacspcount > 0) fprintf(stdout, "TACACS+..................................: %ld\n", tacacspcount); if(tacacspwrittencount > 0) fprintf(stdout, "TACACS+ written..........................: %ld\n", tacacspwrittencount); if(identitycount > 0) fprintf(stdout, "IDENTITIES...............................: %ld\n", identitycount); if(usernamecount > 0) fprintf(stdout, "USERNAMES................................: %ld\n", usernamecount); if(eapcount > 0) fprintf(stdout, "EAP (total)..............................: %ld\n", eapcount); if(eapexpandedcount > 0) fprintf(stdout, "EAP-EXPANDED.............................: %ld\n", eapexpandedcount); if(eapcodereqcount > 0) fprintf(stdout, "EAP CODE request.........................: %ld\n", eapcodereqcount); if(eapcoderespcount > 0) fprintf(stdout, "EAP CODE response........................: %ld\n", eapcoderespcount); if(eapidcount > 0) fprintf(stdout, "EAP ID...................................: %ld\n", eapidcount); if(eapsimcount > 0) fprintf(stdout, "EAP-SIM..................................: %ld\n", eapsimcount); if(eapakacount > 0) fprintf(stdout, "EAP-AKA..................................: %ld\n", eapakacount); if(eappeapcount > 0) fprintf(stdout, "EAP-PEAP.................................: %ld\n", eappeapcount); if(eapmd5count > 0) fprintf(stdout, "EAP-MD5 messages.........................: %ld\n", eapmd5count); if(eapmd5hashcount > 0) fprintf(stdout, "EAP-MD5 pairs............................: %ld\n", eapmd5hashcount); if(eapmd5writtencount > 0) fprintf(stdout, "EAP-MD5 pairs written....................: %ld\n", eapmd5writtencount); if(eapmd5johnwrittencount > 0) fprintf(stdout, "EAP-MD5 pairs written to JtR.............: %ld\n", eapmd5johnwrittencount); if(eapleapcount > 0) fprintf(stdout, "EAP-LEAP messages........................: %ld\n", eapleapcount); if(eapleapwrittencount > 0) fprintf(stdout, "EAP-LEAP pairs written...................: %ld\n", eapleapwrittencount); if(eapmschapv2count > 0) fprintf(stdout, "EAP-MSCHAPV2 messages....................: %ld\n", eapmschapv2count); if(eapmschapv2writtencount > 0) fprintf(stdout, "EAP-MSCHAPV2 pairs written...............: %ld\n", eapmschapv2writtencount); if(eaptlscount > 0) fprintf(stdout, "EAP-TLS messages.........................: %ld\n", eaptlscount); if(eapolmsgcount > 0) fprintf(stdout, "EAPOL messages (total)...................: %ld\n", eapolmsgcount); if(eapolrc4count > 0) fprintf(stdout, "EAPOL RC4 messages.......................: %ld\n", eapolrc4count); if(eapolrsncount > 0) fprintf(stdout, "EAPOL RSN messages.......................: %ld\n", eapolrsncount); if(eapolwpacount > 0) fprintf(stdout, "EAPOL WPA messages.......................: %ld\n", eapolwpacount); if(eaptimegapmax > 0) fprintf(stdout, "EAPOLTIME gap (measured maximum usec)....: %" PRId64 "\n", eaptimegapmax); if((eapolnccount > 0) && (eapolmpcount > 0)) { printf ("EAPOL ANONCE error corrections (NC)......: working\n"); if(rcgapmax > 0) fprintf(stdout, "REPLAYCOUNT gap (suggested NC)...........: %" PRIu64 "\n", rcgapmax); if(rcgapmax == 0) fprintf(stdout, "REPLAYCOUNT gap (recommended NC).........: 8\n"); } if(eapolnccount == 0) { fprintf(stdout, "EAPOL ANONCE error corrections (NC)......: not detected\n"); if(rcgapmax > 0) fprintf(stdout, "REPLAYCOUNT gap (measured maximum).......: %" PRIu64 "\n", rcgapmax); } if(eapolm1count > 0) fprintf(stdout, "EAPOL M1 messages (total)................: %ld\n", eapolm1count); if(eapolm1kdv0count > 0) fprintf(stdout, "EAPOL M1 messages (KDV:0 AKM defined)....: %ld\n", eapolm1kdv0count); if(eapolm2count > 0) fprintf(stdout, "EAPOL M2 messages (total)................: %ld\n", eapolm2count); if(eapolm2kdv0count > 0) fprintf(stdout, "EAPOL M2 messages (KDV:0 AKM defined)....: %ld\n", eapolm2kdv0count); if(eapolm2ftpskcount > 0) fprintf(stdout, "EAPOL M2 messages (FT using PSK).........: %ld\n", eapolm2ftpskcount); if(eapolm3count > 0) fprintf(stdout, "EAPOL M3 messages (total)................: %ld\n", eapolm3count); if(eapolm3kdv0count > 0) fprintf(stdout, "EAPOL M3 messages (KDV:0 AKM defined)....: %ld\n", eapolm3kdv0count); if(eapolm4count > 0) fprintf(stdout, "EAPOL M4 messages (total)................: %ld\n", eapolm4count); if(eapolm4kdv0count > 0) fprintf(stdout, "EAPOL M4 messages (KDV:0 AKM defined)....: %ld\n", eapolm4kdv0count); if(eapolmpcount > 0) fprintf(stdout, "EAPOL pairs (total)......................: %ld\n", eapolmpcount); if(zeroedeapolpskcount > 0) fprintf(stdout, "EAPOL (from zeroed PSK)..................: %ld\n", zeroedeapolpskcount); if(zeroedeapolpmkcount > 0) fprintf(stdout, "EAPOL (from zeroed PMK)..................: %ld\n", zeroedeapolpmkcount); if(donotcleanflag == false) { if(eapolmpbestcount > 0) fprintf(stdout, "EAPOL pairs (best).......................: %ld\n", eapolmpbestcount); } else { if(eapolmpbestcount > 0) fprintf(stdout, "EAPOL pairs (useful).....................: %ld\n", eapolmpbestcount); } if(eapolaplesscount > 0) fprintf(stdout, "EAPOL ROGUE pairs........................: %ld\n", eapolaplesscount); if(eapolwrittencount > 0) fprintf(stdout, "EAPOL pairs written to 22000 hash file...: %ld (RC checked)\n", eapolwrittencount); if(eapolncwrittencount > 0) fprintf(stdout, "EAPOL pairs written to 22000 hash file...: %ld (RC not checked)\n", eapolncwrittencount); if(eapolwrittenhcpxcountdeprecated > 0) fprintf(stdout, "EAPOL pairs written to old format hccapx.: %ld (RC checked)\n", eapolwrittenhcpxcountdeprecated); if(eapolncwrittenhcpxcountdeprecated > 0) fprintf(stdout, "EAPOL pairs written to old format hccapx.: %ld (RC not checked)\n", eapolncwrittenhcpxcountdeprecated); if(eapolwrittenhcpcountdeprecated > 0) fprintf(stdout, "EAPOL pairs written to old format hccap..: %ld (RC checked)\n", eapolwrittenhcpcountdeprecated); if(eapolwrittenjcountdeprecated > 0) fprintf(stdout, "EAPOL pairs written to old format JtR....: %ld (RC checked)\n", eapolwrittenjcountdeprecated); if(eapolm12e2count > 0) fprintf(stdout, "EAPOL M12E2 (challenge)..................: %ld\n", eapolm12e2count); if(eapolm14e4count > 0) fprintf(stdout, "EAPOL M14E4 (authorized).................: %ld\n", eapolm14e4count); if(eapolm32e2count > 0) fprintf(stdout, "EAPOL M32E2 (authorized).................: %ld\n", eapolm32e2count); if(eapolm32e3count > 0) fprintf(stdout, "EAPOL M32E3 (authorized).................: %ld\n", eapolm32e3count); if(eapolm34e3count > 0) fprintf(stdout, "EAPOL M34E3 (authorized).................: %ld\n", eapolm34e3count); if(eapolm34e4count > 0) fprintf(stdout, "EAPOL M34E4 (authorized).................: %ld\n", eapolm34e4count); if(pmkiduselesscount > 0) fprintf(stdout, "PMKID (useless)..........................: %ld\n", pmkiduselesscount); if(pmkidcount > 0) fprintf(stdout, "PMKID (total)............................: %ld\n", pmkidcount); if(zeroedpmkidpskcount > 0) fprintf(stdout, "PMKID (from zeroed PSK)..................: %ld\n", zeroedpmkidpskcount); if(zeroedpmkidpmkcount > 0) fprintf(stdout, "PMKID (from zeroed PMK)..................: %ld\n", zeroedpmkidpmkcount); if(donotcleanflag == false) { if(pmkidbestcount > 0) fprintf(stdout, "PMKID (best).............................: %ld\n", pmkidbestcount); } else { if(pmkidbestcount > 0) fprintf(stdout, "PMKID (useful)...........................: %ld\n", pmkidbestcount); } if(pmkidroguecount > 0) fprintf(stdout, "PMKID ROGUE..............................: %ld\n", pmkidroguecount); if(pmkidwrittenhcount > 0) fprintf(stdout, "PMKID written to 22000 hash file.........: %ld\n", pmkidwrittenhcount); if(pmkidwrittenjcountdeprecated > 0) fprintf(stdout, "PMKID written to old format JtR..........: %ld\n", pmkidwrittenjcountdeprecated); if(pmkidwrittencountdeprecated > 0) fprintf(stdout, "PMKID written to old format (1680x)......: %ld\n", pmkidwrittencountdeprecated); if(pcapreaderrors > 0) fprintf(stdout, "packet read error........................: %ld\n", pcapreaderrors); if(radiotaperrorcount > 0) fprintf(stdout, "packet with damaged radiotap header......: %ld\n", radiotaperrorcount); if(zeroedtimestampcount > 0) fprintf(stdout, "packets with zeroed timestamps...........: %ld\n", zeroedtimestampcount); if(eapolmsgtimestamperrorcount > 0) fprintf(stdout, "EAPOL frames with wrong timestamp........: %ld\n", eapolmsgtimestamperrorcount); malformedcount = beaconerrorcount +broadcastmacerrorcount +taglenerrorcount +essiderrorcount +eapolmsgerrorcount; if(malformedcount > 0) fprintf(stdout, "malformed packets (total)................: %ld\n", malformedcount); beaconerrorcount += broadcastmacerrorcount; if(beaconerrorcount > 0) fprintf(stdout, "BEACON error (total malformed packets)...: %ld\n", beaconerrorcount); if(broadcastmacerrorcount > 0) fprintf(stdout, "BROADCAST MAC error (malformed packets)..: %ld\n", broadcastmacerrorcount); if(taglenerrorcount > 0) fprintf(stdout, "IE TAG length error (malformed packets)..: %ld\n", taglenerrorcount); if(essiderrorcount > 0) fprintf(stdout, "ESSID error (malformed packets)..........: %ld\n", essiderrorcount); eapolmsgerrorcount = eapolmsgerrorcount +eapolm1errorcount +eapolm2errorcount +eapolm3errorcount +eapolm4errorcount; if(eapolmsgerrorcount > 0) fprintf(stdout, "EAPOL messages (malformed packets).......: %ld\n", eapolmsgerrorcount); c = 0; fprintf(stdout, "\nfrequency statistics from radiotap header (frequency: received packets)\n" "-----------------------------------------------------------------------\n"); for(p = 2400; p < 7000; p ++) { if(usedfrequency[p] != 0) { fprintf(stdout, "% 5d: %d\t", p, usedfrequency[p]); c++; if((c %4) == 0) fprintf(stdout, "\n"); } } if(c == 0) fprintf(stdout, "not available due to missing radiotap header"); fprintf(stdout, "\n"); if((eapolwrittencount +eapolncwrittencount +eapolwrittenhcpxcountdeprecated +eapolncwrittenhcpxcountdeprecated +eapolwrittenhcpcountdeprecated +eapolwrittenjcountdeprecated +pmkidwrittenhcount +pmkidwrittenjcountdeprecated +pmkidwrittencountdeprecated +eapmd5writtencount +eapmd5johnwrittencount +eapleapwrittencount +eapmschapv2writtencount +tacacspwrittencount) == 0) { printf( "\nInformation: no hashes written to hash files\n"); } if(sequenceerrorcount > 0) { fprintf(stdout, "\nWarning: out of sequence timestamps!\n" "This dump file contains frames with out of sequence timestamps.\n" "That is a bug of the capturing tool.\n"); } if(zeroedtimestampcount > 0) { fprintf(stdout, "\nWarning: missing timestamps!\n" "This dump file contains frames with zeroed timestamps.\n" "It prevent calculation of EAPOL TIMEOUT values.\n" "That is a bug of the capturing/cleaning tool.\n"); } if(eapolmsgtimestamperrorcount > 0) { fprintf(stdout, "\nWarning: wrong timestamps!\n" "This dump file contains frames with wrong timestamps.\n" "It prevent calculation of EAPOL TIMEOUT values.\n" "That is a bug of the capturing tool.\n"); } if(((deauthenticationcount +disassociationcount) >= 100) && ((deauthenticationcount +disassociationcount) <= 10000)) { fprintf(stdout, "\nWarning: too many deauthentication/disassociation frames detected!\n" "That can cause that an ACCESS POINT change channel, reset EAPOL TIMER,\n" "renew ANONCE and set PMKID to zero.\n" "This could prevent to calculate a valid EAPOL MESSAGE PAIR\n" "or to get a valid PMKID.\n"); } if((deauthenticationcount +disassociationcount) > 10000) { fprintf(stdout, "\nWarning: excessive number of deauthentication/disassociation frames detected!\n" "That can cause that an ACCESS POINT change channel, reset EAPOL TIMER,\n" "renew ANONCE and set PMKID to zero.\n" "This could prevent to calculate a valid EAPOL MESSAGE PAIR\n" "or to get a valid PMKID.\n"); } if(ancientdumpfileformat == true) { fprintf(stdout, "\nInformation: limited dump file format detected!\n" "This file format is a very basic format to save captured network data.\n" "It is recommended to use PCAP Next Generation dump file format (or pcapng for short) instead.\n" "The PCAP Next Generation dump file format is an attempt to overcome the limitations\n" "of the currently widely used (but limited) libpcap (cap, pcap) format.\n" "https://www.wireshark.org/docs/wsug_html_chunked/AppFiles.html#ChAppFilesCaptureFilesSection\n" "https://github.com/pcapng/pcapng\n"); } if(radiotappresent == false) { fprintf(stdout, "\nInformation: radiotap header is missing!\n" "Radiotap is a de facto standard for 802.11 frame injection and reception.\n" "The radiotap header format is a mechanism to supply additional information about frames,\n" "from the driver to userspace applications.\n" "https://www.radiotap.org/\n"); } if(((beaconcount + proberesponsecount) == 0) && ((associationrequestcount + reassociationrequestcount) == 0)) { fprintf(stdout, "\nInformation: missing frames!\n" "This dump file does not contain BEACON or PROBERESPONSE frames.\n" "This frames contain the ESSID which is mandatory to calculate a PMK.\n" "It always happens if the capture file was cleaned or\n" "it could happen if filter options are used during capturing.\n" "That makes it impossible to recover the PSK.\n"); } if(proberequestcount == 0) { fprintf(stdout, "\nInformation: missing frames!\n" "This dump file does not contain undirected proberequest frames.\n" "An undirected proberequest may contain information about the PSK.\n" "It always happens if the capture file was cleaned or\n" "it could happen if filter options are used during capturing.\n" "That makes it hard to recover the PSK.\n"); } if((authenticationcount +associationrequestcount +reassociationrequestcount) == 0) { fprintf(stdout, "\nInformation: missing frames!\n" "This dump file does not contain important frames like\n" "authentication, association or reassociation.\n" "It always happens if the capture file was cleaned or\n" "it could happen if filter options are used during capturing.\n" "That makes it hard to recover the PSK.\n"); } if(eapolm1ancount <= 1) { fprintf(stdout, "\nInformation: missing frames!\n" "This dump file does not contain enough EAPOL M1 frames.\n" "It always happens if the capture file was cleaned or\n" "it could happen if filter options are used during capturing.\n" "That makes it impossible to calculate nonce-error-correction values.\n"); } if(malformedcount > 5) { printf( "\nInformation: malformed packets detected!\n" "In monitor mode the adapter does not check to see if the cyclic redundancy check (CRC)\n" "values are correct for packets captured. The device is able to detect the Physical Layer\n" "Convergence Procedure (PLCP) preamble and is able to synchronize to it, but if there is\n" "a bit error in the payload it can lead to unexpected results.\n" "Please analyze the dump file with tshark or Wireshark or make a better capture!\n"); } fprintf(stdout, "\n"); return; } /*===========================================================================*/ static void printlinklayerinfo() { static uint32_t c; static struct timeval tvmin; static struct timeval tvmax; static char timestringmin[32]; static char timestringmax[32]; radiotappresent = false; tvmin.tv_sec = timestampmin /1000000; tvmin.tv_usec = timestampmin %1000000; strftime(timestringmin, 32, "%d.%m.%Y %H:%M:%S", localtime(&tvmin.tv_sec)); tvmax.tv_sec = timestampmax /1000000; tvmax.tv_usec = timestampmax %1000000; strftime(timestringmax, 32, "%d.%m.%Y %H:%M:%S", localtime(&tvmax.tv_sec)); fprintf(stdout, "timestamp minimum (GMT)..................: %s\n", timestringmin); fprintf(stdout, "timestamp maximum (GMT)..................: %s\n", timestringmax); fprintf(stdout, "used capture interfaces..................: %d\n", iface); for(c = 0; c < iface; c++) { if(c > 0) { if(dltlinktype[c] == dltlinktype[c -1]) continue; } if(dltlinktype[c] == DLT_IEEE802_11_RADIO) { fprintf(stdout, "link layer header type...................: DLT_IEEE802_11_RADIO (%d)\n", dltlinktype[c]); radiotappresent = true; } else if(dltlinktype[c] == DLT_IEEE802_11) fprintf(stdout, "link layer header type...................: DLT_IEEE802_11 (%d) very basic format without any additional information about the quality\n", dltlinktype[c]); else if(dltlinktype[c] == DLT_PPI) fprintf(stdout, "link layer header type...................: DLT_PPI (%d)\n", dltlinktype[c]); else if(dltlinktype[c] == DLT_PRISM_HEADER) fprintf(stdout, "link layer header type...................: DLT_PRISM_HEADER (%d)\n", dltlinktype[c]); else if(dltlinktype[c] == DLT_IEEE802_11_RADIO_AVS) fprintf(stdout, "link layer header type...................: DLT_IEEE802_11_RADIO_AVS (%d)\n", dltlinktype[c]); else if(dltlinktype[c] == DLT_EN10MB) fprintf(stdout, "link layer header type...................: DLT_EN10MB (%d)\n", dltlinktype[c]); else if(dltlinktype[c] == DLT_NULL) fprintf(stdout, "link layer header type...................: DLT_NULL (BSD LO) (%d)\n", dltlinktype[c]); } return; } /*===========================================================================*/ static void outputwordlists() { static int wecl; static maclist_t *zeigermac, *zeigermacold; zeigermacold = NULL; qsort(aplist, aplistptr -aplist, MACLIST_SIZE, sort_maclist_by_essidlen); wecl = strlen(pcapngweakcandidate); if((wecl > 0) && (wecl < 64) && (strcmp(pcapngweakcandidate, "N/A") != 0)) { if(fh_essid != NULL) fprintf(fh_essid, "%s\n", pcapngweakcandidate); } for(zeigermac = aplist; zeigermac < aplistptr; zeigermac++) { if((zeigermacold != NULL) && (zeigermac->essidlen == zeigermacold->essidlen)) { if(memcmp(zeigermac->essid, zeigermacold->essid, zeigermac->essidlen) == 0) continue; } if(fh_essid != NULL) fwriteessidstr(zeigermac->essidlen, zeigermac->essid, fh_essid); if((fh_essidproberequest != NULL) && (zeigermac->status == ST_PROBE_REQ)) fwriteessidstr(zeigermac->essidlen, zeigermac->essid, fh_essidproberequest); if((fh_essidproberequest != NULL) && (zeigermac->status == ST_ACT_MR_REQ)) fwriteessidstr(zeigermac->essidlen, zeigermac->essid, fh_essidproberequest); essidcount++; zeigermacold = zeigermac; } return; } /*===========================================================================*/ static void outputdeviceinfolist() { static int p; static maclist_t *zeigermac; if(fh_deviceinfo == NULL) return; qsort(aplist, aplistptr -aplist, MACLIST_SIZE, sort_maclist_by_manufacturer); for(zeigermac = aplist; zeigermac < aplistptr; zeigermac++) { if((zeigermac->manufacturerlen == 0) && (zeigermac->modellen == 0) && (zeigermac->serialnumberlen == 0) && (zeigermac->devicenamelen == 0) && (zeigermac->enrolleelen == 0)) continue; if((zeigermac->manufacturer[0] == 0) && (zeigermac->model[0] == 0) && (zeigermac->serialnumber[0] == 0) && (zeigermac->devicename[0] == 0)) continue; for(p = 0; p < 6; p++) fprintf(fh_deviceinfo, "%02x", zeigermac->addr[p]); fwritedeviceinfostr(zeigermac->manufacturerlen, zeigermac->manufacturer, fh_deviceinfo); fwritedeviceinfostr(zeigermac->modellen, zeigermac->model, fh_deviceinfo); fwritedeviceinfostr(zeigermac->serialnumberlen, zeigermac->serialnumber, fh_deviceinfo); fwritedeviceinfostr(zeigermac->devicenamelen, zeigermac->devicename, fh_deviceinfo); if(zeigermac->enrolleelen != 0) { fprintf(fh_deviceinfo, "\t"); for(p = 0; p < zeigermac->enrolleelen; p++) fprintf(fh_deviceinfo, "%02x", zeigermac->enrollee[p]); } fprintf(fh_deviceinfo, "\n"); deviceinfocount++; } return; } /*===========================================================================*/ static void writecsv(uint64_t timestamp, uint8_t *mac, tags_t *tags) { static int c; static int p; static struct timeval tvo; static float latitude; static char ew; static float longitude; static float latm, lonm; static int fix; static int satcount; static float hdop; static float altitude; static char altunit; static char ns; static const char gpgga[] = "$GPGGA"; static const char gprmc[] = "$GPRMC"; static char timestring[24]; if(tags->essidlen == 0) return; if(tags->essid[0] == 0) return; tvo.tv_sec = timestamp /1000000; tvo.tv_usec = 0; strftime(timestring, 24, "%Y-%m-%d\t%H:%M:%S", gmtime(&tvo.tv_sec)); if((tags->essidlen != 0) && (tags->essid[0] != 0)) fprintf(fh_csv, "%s\t%02x:%02x:%02x:%02x:%02x:%02x\t%.*s\t", timestring, mac[0], mac[1], mac[2], mac[3], mac[4], mac[5], tags->essidlen, tags->essid); else fprintf(fh_csv, "%s\t%02x:%02x:%02x:%02x:%02x:%02x\t\t", timestring, mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]); if(tags->kdversion == 0) fprintf(fh_csv, "OPEN"); if((tags->kdversion & KV_WPAIE) == KV_WPAIE) fprintf(fh_csv, "[WPA1]"); if((tags->kdversion & KV_RSNIE) == KV_RSNIE) fprintf(fh_csv, "[WPA2]"); fprintf(fh_csv, "\t"); if((tags->cipher & TCS_TKIP) == TCS_TKIP) fprintf(fh_csv, "[TKIP]"); if((tags->cipher & TCS_CCMP) == TCS_CCMP) fprintf(fh_csv, "[CCMP]"); if((tags->cipher & TCS_WEP40) == TCS_WEP40) fprintf(fh_csv, "[WEP40]"); if((tags->cipher & TCS_WEP104) == TCS_WEP104) fprintf(fh_csv, "[WEP104]"); if((tags->cipher & TCS_WRAP) == TCS_WRAP) fprintf(fh_csv, "[WRAP]"); if((tags->cipher & TCS_BIP) == TCS_BIP) fprintf(fh_csv, "[BIP]"); if((tags->cipher & TCS_NOT_ALLOWED) == TCS_NOT_ALLOWED) fprintf(fh_csv, "[NOT_ALLOWED]"); fprintf(fh_csv, "\t"); if((tags->akm & TAK_PSK) == TAK_PSK) fprintf(fh_csv, "[PSK]"); if((tags->akm & TAK_PSKSHA256) == TAK_PSKSHA256) fprintf(fh_csv, "[PSK_SHA256]"); if((tags->akm & TAK_PMKSA) == TAK_PMKSA) fprintf(fh_csv, "[PMKSA]"); if((tags->akm & TAK_PMKSA256) == TAK_PMKSA256) fprintf(fh_csv, "[PMKSA_SHA256]"); if((tags->akm & TAK_FT) == TAK_FT) fprintf(fh_csv, "[FT]"); if((tags->akm & TAK_FT_PSK) == TAK_FT_PSK) fprintf(fh_csv, "[FT_PSK]"); if((tags->akm & TAK_FT_SAE) == TAK_FT_SAE) fprintf(fh_csv, "[FT_SAE]"); if((tags->akm & TAK_TDLS) == TAK_TDLS) fprintf(fh_csv, "[TDLS]"); if((tags->akm & TAK_SAE_SHA256) == TAK_SAE_SHA256) fprintf(fh_csv, "[SAE_SHA256]"); if((tags->akm & TAK_SAE_SHA256B) == TAK_SAE_SHA256B) fprintf(fh_csv, "[SAE_SHA256B]"); if((tags->akm & TAK_SAE_SHA384B) == TAK_SAE_SHA384B) fprintf(fh_csv, "[SAE_SHA384B]"); if((tags->akm & TAK_AP_PKA) == TAK_AP_PKA) fprintf(fh_csv, "[AP_PKA]"); if((tags->akm & TAK_OWE) == TAK_OWE) fprintf(fh_csv, "[OWE]"); fprintf(fh_csv, "\t"); if((tags->country[0] >= 'A') && (tags->country[0] <= 'Z') && (tags->country[1] >= 'A') && (tags->country[1] <= 'Z')) fprintf(fh_csv,"%c%c\t", tags->country[0], tags->country[1]); else fprintf(fh_csv,"00\t"); if(tags->channel != 0) fprintf(fh_csv,"%d\t", tags->channel); else fprintf(fh_csv,"%d\t", interfacechannel); fprintf(fh_csv, "%d\t", rssi); p = 7; c = 0; latitude = 0; longitude = 0; ew = 'E'; ns = 'S'; latm = 0; lonm = 0; fix = 0; satcount = 0; hdop = 0; altitude = 0; altunit = 'M'; if(nmealen < 48) { fprintf(fh_csv, "%f\t%c\t%f\t%c\t%f\t%f\t%d\t%d\t%f\t%f\t%c\n", latitude, ew, longitude, ns, latm, lonm, fix, satcount, hdop, altitude, altunit); return; } if(memcmp(&gpgga, nmeasentence, 6) == 0) { while((nmeasentence[p] != 0) && (c < 1)) { if(nmeasentence[p] == ',') c++; p++; } sscanf(&nmeasentence[p],"%f,%c,%f,%c,%d,%d,%f,%f,%c", &latitude, &ew, &longitude, &ns, &fix, &satcount, &hdop, &altitude, &altunit); if(latitude != 0) latm = ((int)latitude) /100 + (((int)latitude) %100 +latitude -(int)latitude)/60; if(longitude != 0) lonm = ((int)longitude) /100 + (((int)longitude) %100 +longitude -(int)longitude)/60; if(ew == 'W') latm =-latm; if(ns == 'S') lonm =-lonm; fprintf(fh_csv, "%f\t%c\t%f\t%c\t%f\t%f\t%d\t%d\t%f\t%f\t%c\n", latitude, ew, longitude, ns, latm, lonm, fix, satcount, hdop, altitude, altunit); return; } if(memcmp(&gprmc, nmeasentence, 6) == 0) { while((nmeasentence[p] != 0) && (c < 2)) { if(nmeasentence[p] == ',') c++; p++; } sscanf(&nmeasentence[p],"%f,%c,%f,%c", &latitude, &ew, &longitude, &ns); if(latitude != 0) latm = ((int)latitude) /100 + (((int)latitude) %100 +latitude -(int)latitude)/60; if(longitude != 0) lonm = ((int)longitude) /100 + (((int)longitude) %100 +longitude -(int)longitude)/60; if(ew == 'W') latm =-latm; if(ns == 'S') lonm =-lonm; fprintf(fh_csv, "%f\t%c\t%f\t%c\t%f\t%f\t%d\t%d\t%f\t%f\t%c\n", latitude, ew, longitude, ns, latm, lonm, fix, satcount, hdop, altitude, altunit); return; } return; } /*===========================================================================*/ static void writegpwpl(uint8_t *mac) { static int c; static int cs; static int cc, ca, ce; static int gpwpllen; static char *gpwplptr; static const char gpgga[] = "$GPGGA"; static const char gprmc[] = "$GPRMC"; static char gpwpl[NMEA_MAX]; if(nmealen < 48) return; gpwpl[0] = 0; c = 0; cc = 0; ca = 0; ce = 0; if(memcmp(&gprmc, nmeasentence, 6) == 0) { while(nmeasentence[c] != 0) { if(nmeasentence[c] == ',') { cc++; if(cc == 3) ca = c +1; if(cc == 7) { ce = c; break; } } c++; } if(ce > ca) snprintf(gpwpl, NMEA_MAX-1, "$GPWPL,%.*s,%02x%02x%02x%02x%02x%02x*", ce-ca, &nmeasentence[ca], mac[0] , mac[1], mac[2], mac[3], mac[4], mac[5]); } else if(memcmp(&gpgga, nmeasentence, 6) == 0) { while(nmeasentence[c] != 0) { if(nmeasentence[c] == ',') { cc++; if(cc == 2) ca = c +1; if(cc == 6) { ce = c; break; } } c++; } if(ce > ca) snprintf(gpwpl, NMEA_MAX-1, "$GPWPL,%.*s,%02x%02x%02x%02x%02x%02x*", ce-ca, &nmeasentence[ca], mac[0] , mac[1], mac[2], mac[3], mac[4], mac[5]); } else return; if(gpwpl[0] == 0) return; gpwplptr = gpwpl+1; c = 0; cs = 0; while(gpwplptr[c] != '*') { cs ^= gpwplptr[c]; gpwplptr++; } snprintf(gpwplptr +1, NMEA_MAX -44, "%02x", cs); gpwpllen = strlen(gpwpl); if(memcmp(&gpwplold, &gpwpl, gpwpllen) != 0) fprintf(fh_nmea, "%s\n", gpwpl); memcpy(&gpwplold, &gpwpl, gpwpllen); return; } /*===========================================================================*/ static void outputtacacsplist() { static uint32_t c; static tacacsplist_t *zeiger, *zeigerold; if(tacacsplist == tacacsplistptr) return; zeiger = tacacsplist; zeigerold = tacacsplist; if(fh_tacacsp != NULL) { fprintf(fh_tacacsp, "$tacacs-plus$0$%08x$", zeiger->sessionid); for(c = 0; c < zeiger->len; c++) fprintf(fh_tacacsp, "%02x", zeiger->data[c]); fprintf(fh_tacacsp, "$%02x%02x\n", zeiger->version, zeiger->sequencenr); tacacspwrittencount++; } for(zeiger = tacacsplist +1; zeiger < tacacsplistptr; zeiger++) { if((zeigerold->sessionid == zeiger->sessionid) && (zeigerold->sequencenr == zeiger->sequencenr) && (zeigerold->len == zeiger->len) && (memcmp(zeigerold->data, zeiger->data, zeiger->len) == 0)) continue; if(fh_tacacsp != NULL) { fprintf(fh_tacacsp, "$tacacs-plus$0$%08x$", zeiger->sessionid); for(c = 0; c < zeiger->len; c++) fprintf(fh_tacacsp, "%02x", zeiger->data[c]); fprintf(fh_tacacsp, "$%02x%02x\n", zeiger->version, zeiger->sequencenr); tacacspwrittencount++; } zeigerold = zeiger; } return; } /*===========================================================================*/ void processtacacsppacket(uint32_t restlen, uint8_t *tacacspptr) { static uint32_t authlen; static tacacsp_t *tacacsp; static tacacsplist_t *tacacsplistnew; if(restlen < (uint32_t)TACACSP_SIZE) return; tacacsp = (tacacsp_t*)tacacspptr; if(tacacsp->type != TACACS_AUTHENTICATION) return; authlen = ntohl(tacacsp->len); if((authlen > restlen -TACACSP_SIZE) || (authlen > TACACSPMAX_LEN)) return; if(tacacsplistptr >= tacacsplist +tacacsplistmax) { tacacsplistnew = realloc(tacacsplist, (tacacsplistmax +TACACSPLIST_MAX) *TACACSPLIST_SIZE); if(tacacsplistnew == NULL) { printf("failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } tacacsplist = tacacsplistnew; tacacsplistptr = tacacsplistnew +tacacsplistmax; tacacsplistmax += TACACSPLIST_MAX; } memset(tacacsplistptr, 0, TACACSPLIST_SIZE); tacacsplistptr->version = tacacsp->version; tacacsplistptr->sequencenr = tacacsp->sequencenr; tacacsplistptr->sessionid = ntohl(tacacsp->sessionid); tacacsplistptr->len = authlen; memcpy(tacacsplistptr->data, tacacsp->data, authlen); tacacsplistptr++; tacacspcount++; return; } /*===========================================================================*/ static void processprotochappacket(uint32_t restlen, uint8_t *chapptr) { static chap_t *chap; if(restlen < (uint32_t)CHAP_SIZE) return; chap = (chap_t*)chapptr; if(chap->code == CHAP_CODE_REQ) protochapreqcount++; else if(chap->code == CHAP_CODE_RESP) protochaprespcount++; else if(chap->code == CHAP_CODE_SUCCESS) protochapsuccesscount++; protochapcount++; return; } /*===========================================================================*/ static void processprotopapppacket() { protopapcount++; return; } /*===========================================================================*/ static void processptppacket(uint32_t restlen, uint8_t *ptpptr) { static ptp_t *ptp; if(restlen < (uint32_t)PTP_SIZE) return; ptp = (ptp_t*)ptpptr; if(ntohs(ptp->type) == PROTO_CHAP) processprotochappacket(restlen -PTP_SIZE, ptpptr +PTP_SIZE); else if(ntohs(ptp->type) == PROTO_PAP) processprotopapppacket(); return; } /*===========================================================================*/ static void processgrepacket(uint32_t restlen, uint8_t *greptr) { static gre_t *gre; static uint32_t ofco; if(restlen < (uint32_t)GRE_SIZE) return; gre = (gre_t*)greptr; if((ntohs(gre->flags) & GRE_MASK_VERSION) != 0x1) return; /* only GRE v1 supported */ ofco = 0; if((ntohs(gre->flags) & GRE_FLAG_SNSET) == GRE_FLAG_SNSET) ofco += 4; if((ntohs(gre->flags) & GRE_FLAG_ACKSET) == GRE_FLAG_ACKSET) ofco +=4; if(ntohs(gre->type) == GREPROTO_PPP) processptppacket(restlen -GRE_SIZE -ofco, greptr +GRE_SIZE +ofco); grecount++; return; } /*===========================================================================*/ static void processudppacket(uint64_t timestamp, uint32_t restlen, uint8_t *udpptr) { static udp_t *udp; static uint16_t udplen; if(restlen < UDP_SIZE) return; udp = (udp_t*)udpptr; udplen = ntohs(udp->len); if(restlen < udplen) return; udpcount++; //dummy code to satisfy gcc untill full code is implemented timestamp = timestamp; return; } /*===========================================================================*/ static void processtcppacket(uint64_t timestamp, uint32_t restlen, uint8_t *tcpptr) { static uint32_t tcplen; static tcp_t *tcp; static tacacsp_t *tacacsp; if(restlen < TCP_SIZE_MIN) return; tcp = (tcp_t*)tcpptr; tcplen = byte_swap_8(tcp->len) *4; if(restlen < tcplen) return; if(restlen >= (uint32_t)TCP_SIZE_MIN +(uint32_t)TACACSP_SIZE) { tacacsp = (tacacsp_t*)(tcpptr +tcplen); if(tacacsp->version == TACACSP_VERSION) processtacacsppacket(restlen -tcplen, tcpptr +tcplen); } tcpcount++; //dummy code to satisfy gcc untill full code is implemented timestamp = timestamp; return; } /*===========================================================================*/ static void processicmp4() { icmp4count++; return; } /*===========================================================================*/ static void processipv4(uint64_t timestamp, uint32_t restlen, uint8_t *ipv4ptr) { static ipv4_t *ipv4; static uint32_t ipv4len; if(restlen < IPV4_SIZE_MIN) return; ipv4 = (ipv4_t*)ipv4ptr; if((ipv4->ver_hlen & 0xf0) != 0x40) return; ipv4len = (ipv4->ver_hlen & 0x0f) *4; if(restlen < ipv4len) return; if(ipv4->nextprotocol == NEXTHDR_TCP) processtcppacket(timestamp, ntohs(ipv4->len) -ipv4len, ipv4ptr +ipv4len); else if(ipv4->nextprotocol == NEXTHDR_UDP) processudppacket(timestamp, ntohs(ipv4->len) -ipv4len, ipv4ptr +ipv4len); else if(ipv4->nextprotocol == NEXTHDR_ICMP4) processicmp4(); else if(ipv4->nextprotocol == NEXTHDR_GRE) processgrepacket(ntohs(ipv4->len) -ipv4len, ipv4ptr +ipv4len); ipv4count++; return; } /*===========================================================================*/ static void processicmp6() { icmp6count++; return; } /*===========================================================================*/ static void processipv6(uint64_t timestamp, uint16_t restlen, uint8_t *ipv6ptr) { static ipv6_t *ipv6; if(restlen < IPV6_SIZE) return; ipv6 = (ipv6_t*)ipv6ptr; if((ntohl(ipv6->ver_class) & 0xf0000000) != 0x60000000) return; if(restlen < ntohs(ipv6->len)) return; if(ipv6->nextprotocol == NEXTHDR_TCP) processtcppacket(timestamp, restlen, ipv6ptr +IPV6_SIZE); else if(ipv6->nextprotocol == NEXTHDR_UDP) processudppacket(timestamp, restlen, ipv6ptr +IPV6_SIZE); else if(ipv6->nextprotocol == NEXTHDR_ICMP6) processicmp6(); else if(ipv6->nextprotocol == NEXTHDR_GRE) processgrepacket(restlen, ipv6ptr +IPV6_SIZE); ipv6count++; return; } /*===========================================================================*/ static inline bool mschapv2_challenge_hash(uint8_t *peer_challenge, uint8_t *auth_challenge, uint8_t *username, size_t usernamelen, uint8_t *challenge) { static unsigned int shalen; static EVP_MD_CTX* mdctx; static uint8_t shahash[EVP_MAX_MD_SIZE]; shalen = 40; mdctx = EVP_MD_CTX_create(); if(mdctx == NULL) return false; if(EVP_DigestInit_ex(mdctx, EVP_sha1(), NULL) == 0) { EVP_MD_CTX_free(mdctx); return false; } shalen = MSCHAPV2_CHALLENGE_LEN_MAX; if(EVP_DigestUpdate(mdctx, peer_challenge, MSCHAPV2_CHALLENGE_PEER_LEN_MAX) == 0) { EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestUpdate(mdctx, auth_challenge, MSCHAPV2_CHALLENGE_PEER_LEN_MAX) == 0) { EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestUpdate(mdctx, username, usernamelen) == 0) { EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestFinal_ex(mdctx, shahash, &shalen) == 0) { EVP_MD_CTX_free(mdctx); return false; } EVP_MD_CTX_free(mdctx); memcpy(challenge, shahash, MSCHAPV2_CHALLENGE_LEN_MAX); return true; } /*===========================================================================*/ static inline size_t mschapv2_username_clean(uint8_t *username, size_t usernamelen, uint8_t *usernameclean) { static char *ptr; ptr = memchr(username, '\\', usernamelen); if(ptr == NULL) { memcpy(usernameclean, username, usernamelen); return usernamelen; } memcpy(usernameclean, ptr +1, username +usernamelen -(uint8_t*)ptr -1); return (username +usernamelen -(uint8_t*)ptr -1); } /*===========================================================================*/ static void outputeapmschapv2hashlist() { static eapmschapv2hashlist_t *zeiger, *zeigerold; static uint8_t challenge[MSCHAPV2_CHALLENGE_LEN_MAX]; static uint8_t usernameclean[MSCHAPV2USERNAME_LEN_MAX]; static size_t usernamecleanlen; zeiger = eapmschapv2hashlist; zeigerold = NULL; qsort(eapmschapv2hashlist, eapmschapv2hashlistptr -eapmschapv2hashlist, EAPMSCHAPV2HASHLIST_SIZE, sort_eapmschapv2hashlist_by_id); for(zeiger = eapmschapv2hashlist; zeiger < eapmschapv2hashlistptr; zeiger++) { if((zeigerold != NULL) && (zeigerold->id == zeiger->id) && (zeigerold->mschapv2usernamelen == zeiger->mschapv2usernamelen) && (memcmp(zeigerold->mschapv2username, zeiger->mschapv2username, zeiger->mschapv2usernamelen) == 0) && (memcmp(zeigerold->mschapv2request, zeiger->mschapv2request, MSCHAPV2REQ_LEN_MAX) == 0) && (memcmp(zeigerold->mschapv2response, zeiger->mschapv2response, MSCHAPV2RESP_LEN_MAX) == 0)) continue; if(fh_eapleap != NULL) { usernamecleanlen = mschapv2_username_clean(zeiger->mschapv2username, zeiger->mschapv2usernamelen, usernameclean); if(mschapv2_challenge_hash(zeiger->mschapv2response, zeiger->mschapv2request, usernameclean, usernamecleanlen, challenge) == false) continue; fprintf(fh_eapleap, "%.*s::::%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x%02x%02x\n", (int)zeiger->mschapv2usernamelen, zeiger->mschapv2username, zeiger->mschapv2response[24], zeiger->mschapv2response[25], zeiger->mschapv2response[26], zeiger->mschapv2response[27], zeiger->mschapv2response[28], zeiger->mschapv2response[29], zeiger->mschapv2response[30], zeiger->mschapv2response[31], zeiger->mschapv2response[32], zeiger->mschapv2response[33], zeiger->mschapv2response[34], zeiger->mschapv2response[35], zeiger->mschapv2response[36], zeiger->mschapv2response[37], zeiger->mschapv2response[38], zeiger->mschapv2response[39], zeiger->mschapv2response[40], zeiger->mschapv2response[41], zeiger->mschapv2response[42], zeiger->mschapv2response[43], zeiger->mschapv2response[44], zeiger->mschapv2response[45], zeiger->mschapv2response[46], zeiger->mschapv2response[47], challenge[0], challenge[1], challenge[2], challenge[3], challenge[4], challenge[5], challenge[6], challenge[7]); eapmschapv2writtencount++; } zeigerold = zeiger; } return; } /*===========================================================================*/ static void addeapmschapv2hash(uint8_t id, uint8_t mschapv2usernamelen, uint8_t *mschapv2username, uint8_t *mschapv2request, uint8_t *mschapv2response) { static eapmschapv2hashlist_t *eapmschapv2hashlistnew; eapmschapv2hashcount++; if(eapmschapv2hashlistptr >= eapmschapv2hashlist +eapmschapv2hashlistmax) { eapmschapv2hashlistnew = realloc(eapmschapv2hashlist, (eapmschapv2hashlistmax +EAPMSCHAPV2HASHLIST_MAX) *EAPMSCHAPV2HASHLIST_SIZE); if(eapmschapv2hashlistnew == NULL) { printf("failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } eapmschapv2hashlist = eapmschapv2hashlistnew; eapmschapv2hashlistptr = eapmschapv2hashlistnew +eapmschapv2hashlistmax; eapmschapv2hashlistmax += EAPMSCHAPV2HASHLIST_MAX; } memset(eapmschapv2hashlistptr, 0, EAPMSCHAPV2HASHLIST_SIZE); eapmschapv2hashlistptr->id = id; memcpy(eapmschapv2hashlistptr->mschapv2request, mschapv2request, MSCHAPV2REQ_LEN_MAX); memcpy(eapmschapv2hashlistptr->mschapv2response, mschapv2response, MSCHAPV2RESP_LEN_MAX); eapmschapv2hashlistptr->mschapv2usernamelen = mschapv2usernamelen; memcpy(eapmschapv2hashlistptr->mschapv2username, mschapv2username, mschapv2usernamelen); eapmschapv2hashlistptr++; return; } /*===========================================================================*/ static void processexteapmschapv2(uint64_t eaptimestamp, uint8_t *macto, uint8_t *macfm, uint8_t eapcode, uint32_t restlen, uint8_t *eapmschapv2ptr) { static eapmschapv2_t *eapmschapv2; static uint16_t eaplen; static uint16_t mschapv2len; static eapmschapv2msglist_t *zeiger; static uint32_t mschapv2usernamelen; static uint8_t *mschapv2usernameptr; eapmschapv2count++; eapmschapv2 = (eapmschapv2_t*)eapmschapv2ptr; eaplen = ntohs(eapmschapv2->eaplen); mschapv2len = ntohs(eapmschapv2->mschapv2len); if(eaplen > restlen) return; if((eapcode == EAP_CODE_REQ) && (eapmschapv2->opcode == EAP_MSCHAPV2_OPCODE_REQ)) { zeiger = eapmschapv2msglist +EAPMSCHAPV2MSGLIST_MAX; if(eapmschapv2->mschapv2valuesize != MSCHAPV2REQ_LEN_MAX) return; memset(zeiger, 0, EAPMSCHAPV2MSGLIST_SIZE); zeiger->timestamp = eaptimestamp; memcpy(zeiger->ap, macfm, 6); memcpy(zeiger->client, macto, 6); zeiger->type = EAP_CODE_REQ; zeiger->id = eapmschapv2->id; memcpy(zeiger->mschapv2request, eapmschapv2->mschapv2data, eapmschapv2->mschapv2valuesize); mschapv2usernamelen = eaplen -EAPMSCHAPV2_SIZE -eapmschapv2->mschapv2valuesize; if(mschapv2usernamelen > MSCHAPV2USERNAME_LEN_MAX) return; if(EAPMSCHAPV2_SIZE +MSCHAPV2REQ_LEN_MAX +mschapv2usernamelen > restlen) return; mschapv2usernameptr = eapmschapv2ptr +EAPMSCHAPV2_SIZE +eapmschapv2->mschapv2valuesize; if((fh_identity != 0) && (mschapv2usernamelen > 0)) { fwritestring(mschapv2usernamelen, mschapv2usernameptr, fh_identity); identitycount++; } qsort(eapmschapv2msglist, EAPMSCHAPV2MSGLIST_MAX +1, EAPMSCHAPV2MSGLIST_SIZE, sort_eapmschapv2msglist_by_timestamp); } else if((eapcode == EAP_CODE_RESP) && (eapmschapv2->opcode == EAP_MSCHAPV2_OPCODE_RESP)) { zeiger = eapmschapv2msglist +EAPMSCHAPV2MSGLIST_MAX; if(mschapv2len != eaplen -EXTEAP_SIZE) return; if(memcmp(&zeroed32, eapmschapv2->mschapv2data +MSCHAPV2_CHALLENGE_PEER_LEN_MAX +MSCHAPV2_RESERVED_LEN_MAX, MSCHAPV2_NTRESPONSE_LEN_MAX) == 0) return; if(eapmschapv2->mschapv2valuesize != MSCHAPV2RESP_LEN_MAX) return; memset(zeiger, 0, EAPMSCHAPV2MSGLIST_SIZE); zeiger->timestamp = eaptimestamp; memcpy(zeiger->ap, macto, 6); memcpy(zeiger->client, macfm, 6); zeiger->type = EAP_CODE_RESP; zeiger->id = eapmschapv2->id; memcpy(zeiger->mschapv2response, eapmschapv2->mschapv2data, eapmschapv2->mschapv2valuesize); mschapv2usernamelen = restlen -EAPMSCHAPV2_SIZE -eapmschapv2->mschapv2valuesize; if(mschapv2usernamelen == 0) return; if(mschapv2usernamelen > MSCHAPV2USERNAME_LEN_MAX) return; if(EAPMSCHAPV2_SIZE +MSCHAPV2REQ_LEN_MAX +mschapv2usernamelen > restlen) return; mschapv2usernameptr = eapmschapv2ptr +EAPMSCHAPV2_SIZE +eapmschapv2->mschapv2valuesize; zeiger->mschapv2usernamelen = mschapv2usernamelen; memcpy(zeiger->mschapv2username, mschapv2usernameptr, mschapv2usernamelen); if(fh_username != 0) { fwritestring(mschapv2usernamelen, mschapv2usernameptr, fh_username); usernamecount++; } for(zeiger = eapmschapv2msglist; zeiger < eapmschapv2msglist +EAPMSCHAPV2MSGLIST_MAX; zeiger++) { if((zeiger->type) != EAP_CODE_REQ) continue; if((zeiger->id) != eapmschapv2->id) continue; if(memcmp(zeiger->ap, macto, 6) != 0) continue; if(memcmp(zeiger->client, macfm, 6) != 0) continue; zeiger->mschapv2usernamelen = mschapv2usernamelen; memcpy(zeiger->mschapv2username, mschapv2usernameptr, mschapv2usernamelen); addeapmschapv2hash(eapmschapv2->id, zeiger->mschapv2usernamelen, zeiger->mschapv2username, zeiger->mschapv2request, eapmschapv2->mschapv2data); } qsort(eapmschapv2msglist, EAPMSCHAPV2MSGLIST_MAX +1, EAPMSCHAPV2MSGLIST_SIZE, sort_eapmschapv2msglist_by_timestamp); } return; } /*===========================================================================*/ static void outputeapleaphashlist() { static eapleaphashlist_t *zeiger, *zeigerold; zeiger = eapleaphashlist; zeigerold = eapleaphashlist; if(memcmp(&zeroed32, zeiger->leaprequest, LEAPREQ_LEN_MAX) == 0) return; qsort(eapleaphashlist, eapleaphashlistptr -eapleaphashlist, EAPLEAPHASHLIST_SIZE, sort_eapleaphashlist_by_id); if(fh_eapleap != NULL) { fprintf(fh_eapleap, "%.*s::::%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x%02x%02x\n", zeiger->leapusernamelen, zeiger->leapusername, zeiger->leapresponse[0], zeiger->leapresponse[1], zeiger->leapresponse[2], zeiger->leapresponse[3], zeiger->leapresponse[4], zeiger->leapresponse[5], zeiger->leapresponse[6], zeiger->leapresponse[7], zeiger->leapresponse[8], zeiger->leapresponse[9], zeiger->leapresponse[10], zeiger->leapresponse[11], zeiger->leapresponse[12], zeiger->leapresponse[13], zeiger->leapresponse[14], zeiger->leapresponse[15], zeiger->leapresponse[16], zeiger->leapresponse[17], zeiger->leapresponse[18], zeiger->leapresponse[19], zeiger->leapresponse[20], zeiger->leapresponse[21], zeiger->leapresponse[22], zeiger->leapresponse[23], zeiger->leaprequest[0], zeiger->leaprequest[1], zeiger->leaprequest[2], zeiger->leaprequest[3], zeiger->leaprequest[4], zeiger->leaprequest[5], zeiger->leaprequest[6], zeiger->leaprequest[7]); eapleapwrittencount++; } for(zeiger = eapleaphashlist +1; zeiger < eapleaphashlistptr; zeiger++) { if((zeigerold->id == zeiger->id) && (zeigerold->leapusernamelen == zeiger->leapusernamelen) && (memcmp(zeigerold->leapusername, zeiger->leapusername, zeiger->leapusernamelen) == 0) && (memcmp(zeigerold->leaprequest, zeiger->leaprequest, LEAPREQ_LEN_MAX) == 0) && (memcmp(zeigerold->leapresponse, zeiger->leapresponse, LEAPRESP_LEN_MAX) == 0)) continue; if(fh_eapleap != NULL) { fprintf(fh_eapleap, "%.*s::::%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x%02x%02x\n", zeiger->leapusernamelen, zeiger->leapusername, zeiger->leapresponse[0], zeiger->leapresponse[1], zeiger->leapresponse[2], zeiger->leapresponse[3], zeiger->leapresponse[4], zeiger->leapresponse[5], zeiger->leapresponse[6], zeiger->leapresponse[7], zeiger->leapresponse[8], zeiger->leapresponse[9], zeiger->leapresponse[10], zeiger->leapresponse[11], zeiger->leapresponse[12], zeiger->leapresponse[13], zeiger->leapresponse[14], zeiger->leapresponse[15], zeiger->leapresponse[16], zeiger->leapresponse[17], zeiger->leapresponse[18], zeiger->leapresponse[19], zeiger->leapresponse[20], zeiger->leapresponse[21], zeiger->leapresponse[22], zeiger->leapresponse[23], zeiger->leaprequest[0], zeiger->leaprequest[1], zeiger->leaprequest[2], zeiger->leaprequest[3], zeiger->leaprequest[4], zeiger->leaprequest[5], zeiger->leaprequest[6], zeiger->leaprequest[7]); eapleapwrittencount++; } zeigerold = zeiger; } return; } /*===========================================================================*/ static void addeapleaphash(uint8_t id, uint8_t leapusernamelen, uint8_t *leapusername, uint8_t *leaprequest, uint8_t *leapresponse) { static eapleaphashlist_t *eapleaphashlistnew; eapleaphashcount++; if(eapleaphashlistptr >= eapleaphashlist +eapleaphashlistmax) { eapleaphashlistnew = realloc(eapleaphashlist, (eapleaphashlistmax +EAPLEAPHASHLIST_MAX) *EAPLEAPHASHLIST_SIZE); if(eapleaphashlistnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } eapleaphashlist = eapleaphashlistnew; eapleaphashlistptr = eapleaphashlistnew +eapleaphashlistmax; eapleaphashlistmax += EAPLEAPHASHLIST_MAX; } memset(eapleaphashlistptr, 0, EAPLEAPHASHLIST_SIZE); eapleaphashlistptr->id = id; memcpy(eapleaphashlistptr->leaprequest, leaprequest, LEAPREQ_LEN_MAX); memcpy(eapleaphashlistptr->leapresponse, leapresponse, LEAPRESP_LEN_MAX); eapleaphashlistptr->leapusernamelen = leapusernamelen; memcpy(eapleaphashlistptr->leapusername, leapusername, leapusernamelen); eapleaphashlistptr++; return; } /*===========================================================================*/ static void processexteapleap(uint64_t eaptimestamp, uint8_t *macto, uint8_t *macfm, uint8_t eapcode, uint32_t restlen, uint8_t *eapleapptr) { static eapleap_t *eapleap; static uint32_t eapleaplen; static eapleapmsglist_t *zeiger; static uint32_t leapusernamelen; static uint8_t *leapusernameptr; eapleapcount++; eapleap = (eapleap_t*)eapleapptr; eapleaplen = ntohs(eapleap->eapleaplen); if(eapleaplen > restlen) return; if(eapleap->version != 1) return; if(eapleap->reserved != 0) return; if(eapcode == EAP_CODE_REQ) { zeiger = eapleapmsglist +EAPLEAPMSGLIST_MAX; if(eapleap->leaplen != LEAPREQ_LEN_MAX) return; if(eapleap->leaplen > eapleaplen -EAPLEAP_SIZE) return; if(eapleap->leaplen == eapleaplen -EAPLEAP_SIZE) return; if(memcmp(&zeroed32, eapleap->leapdata, LEAPREQ_LEN_MAX) == 0) return; memset(zeiger, 0, EAPLEAPMSGLIST_SIZE); zeiger->timestamp = eaptimestamp; memcpy(zeiger->ap, macfm, 6); memcpy(zeiger->client, macto, 6); zeiger->type = EAP_CODE_REQ; zeiger->id = eapleap->id; memcpy(zeiger->leaprequest, eapleap->leapdata, LEAPREQ_LEN_MAX); leapusernamelen = eapleaplen -EAPLEAP_SIZE -LEAPREQ_LEN_MAX; if(leapusernamelen == 0) return; if(leapusernamelen > LEAPUSERNAME_LEN_MAX) return; if(EAPLEAP_SIZE +LEAPREQ_LEN_MAX +leapusernamelen > restlen) return; leapusernameptr = eapleapptr +EAPLEAP_SIZE +LEAPREQ_LEN_MAX; zeiger->leapusernamelen = leapusernamelen; memcpy(zeiger->leapusername, leapusernameptr, leapusernamelen); if(fh_username != 0) { fwritestring(leapusernamelen, leapusernameptr, fh_username); usernamecount++; } qsort(eapleapmsglist, EAPLEAPMSGLIST_MAX +1, EAPLEAPMSGLIST_SIZE, sort_eapleapmsglist_by_timestamp); } else if(eapcode == EAP_CODE_RESP) { zeiger = eapleapmsglist +EAPLEAPMSGLIST_MAX; if(eapleap->leaplen != LEAPRESP_LEN_MAX) return; if(eapleap->leaplen > eapleaplen -EAPLEAP_SIZE) return; if(memcmp(&zeroed32, eapleap->leapdata, LEAPRESP_LEN_MAX) == 0) return; memset(zeiger, 0, EAPLEAPMSGLIST_SIZE); zeiger->timestamp = eaptimestamp; memcpy(zeiger->ap, macto, 6); memcpy(zeiger->client, macfm, 6); zeiger->type = EAP_CODE_RESP; zeiger->id = eapleap->id; memcpy(zeiger->leapresponse, eapleap->leapdata, LEAPRESP_LEN_MAX); for(zeiger = eapleapmsglist; zeiger < eapleapmsglist +EAPLEAPMSGLIST_MAX; zeiger++) { if((zeiger->type) != EAP_CODE_REQ) continue; if((zeiger->id) != eapleap->id) continue; if(memcmp(zeiger->ap, macto, 6) != 0) continue; if(memcmp(zeiger->client, macfm, 6) != 0) continue; addeapleaphash(eapleap->id, zeiger->leapusernamelen, zeiger->leapusername, zeiger->leaprequest, eapleap->leapdata); } qsort(eapleapmsglist, EAPLEAPMSGLIST_MAX +1, EAPLEAPMSGLIST_SIZE, sort_eapleapmsglist_by_timestamp); } return; } /*===========================================================================*/ static void outputeapmd5hashlist() { static eapmd5hashlist_t *zeiger, *zeigerold; zeiger = eapmd5hashlist; zeigerold = eapmd5hashlist; if(memcmp(&zeroed32, zeiger->md5request, EAPMD5_LEN_MAX) == 0) return; qsort(eapmd5hashlist, eapmd5hashlistptr -eapmd5hashlist, EAPMD5HASHLIST_SIZE, sort_eapmd5hashlist_by_id); if(fh_eapmd5 != 0) { fprintf(fh_eapmd5, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x:%02x\n", zeiger->md5response[0], zeiger->md5response[1], zeiger->md5response[2], zeiger->md5response[3], zeiger->md5response[4], zeiger->md5response[5], zeiger->md5response[6], zeiger->md5response[7], zeiger->md5response[8], zeiger->md5response[9], zeiger->md5response[10], zeiger->md5response[11], zeiger->md5response[12], zeiger->md5response[13], zeiger->md5response[14], zeiger->md5response[15], zeiger->md5request[0], zeiger->md5request[1], zeiger->md5request[2], zeiger->md5request[3], zeiger->md5request[4], zeiger->md5request[5], zeiger->md5request[6], zeiger->md5request[7], zeiger->md5request[8], zeiger->md5request[9], zeiger->md5request[10], zeiger->md5request[11], zeiger->md5request[12], zeiger->md5request[13], zeiger->md5request[14], zeiger->md5request[15], zeiger->id); eapmd5writtencount++; } if(fh_eapmd5john != 0) { fprintf(fh_eapmd5john, "$chap$%x*%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n", zeiger->id, zeiger->md5request[0], zeiger->md5request[1], zeiger->md5request[2], zeiger->md5request[3], zeiger->md5request[4], zeiger->md5request[5], zeiger->md5request[6], zeiger->md5request[7], zeiger->md5request[8], zeiger->md5request[9], zeiger->md5request[10], zeiger->md5request[11], zeiger->md5request[12], zeiger->md5request[13], zeiger->md5request[14], zeiger->md5request[15], zeiger->md5response[0], zeiger->md5response[1], zeiger->md5response[2], zeiger->md5response[3], zeiger->md5response[4], zeiger->md5response[5], zeiger->md5response[6], zeiger->md5response[7], zeiger->md5response[8], zeiger->md5response[9], zeiger->md5response[10], zeiger->md5response[11], zeiger->md5response[12], zeiger->md5response[13], zeiger->md5response[14], zeiger->md5response[15]); eapmd5johnwrittencount++; } for(zeiger = eapmd5hashlist +1; zeiger < eapmd5hashlistptr; zeiger++) { if((zeigerold->id == zeiger->id) && (memcmp(zeigerold->md5request, zeiger->md5request, EAPMD5_LEN_MAX) == 0) && (memcmp(zeigerold->md5response, zeiger->md5response, EAPMD5_LEN_MAX) == 0)) continue; if(fh_eapmd5 != 0) { fprintf(fh_eapmd5, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x:%02x\n", zeiger->md5response[0], zeiger->md5response[1], zeiger->md5response[2], zeiger->md5response[3], zeiger->md5response[4], zeiger->md5response[5], zeiger->md5response[6], zeiger->md5response[7], zeiger->md5response[8], zeiger->md5response[9], zeiger->md5response[10], zeiger->md5response[11], zeiger->md5response[12], zeiger->md5response[13], zeiger->md5response[14], zeiger->md5response[15], zeiger->md5request[0], zeiger->md5request[1], zeiger->md5request[2], zeiger->md5request[3], zeiger->md5request[4], zeiger->md5request[5], zeiger->md5request[6], zeiger->md5request[7], zeiger->md5request[8], zeiger->md5request[9], zeiger->md5request[10], zeiger->md5request[11], zeiger->md5request[12], zeiger->md5request[13], zeiger->md5request[14], zeiger->md5request[15], zeiger->id); eapmd5writtencount++; } if(fh_eapmd5john != 0) { fprintf(fh_eapmd5john, "$chap$%x*%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n", zeiger->id, zeiger->md5request[0], zeiger->md5request[1], zeiger->md5request[2], zeiger->md5request[3], zeiger->md5request[4], zeiger->md5request[5], zeiger->md5request[6], zeiger->md5request[7], zeiger->md5request[8], zeiger->md5request[9], zeiger->md5request[10], zeiger->md5request[11], zeiger->md5request[12], zeiger->md5request[13], zeiger->md5request[14], zeiger->md5request[15], zeiger->md5response[0], zeiger->md5response[1], zeiger->md5response[2], zeiger->md5response[3], zeiger->md5response[4], zeiger->md5response[5], zeiger->md5response[6], zeiger->md5response[7], zeiger->md5response[8], zeiger->md5response[9], zeiger->md5response[10], zeiger->md5response[11], zeiger->md5response[12], zeiger->md5response[13], zeiger->md5response[14], zeiger->md5response[15]); eapmd5johnwrittencount++; } zeigerold = zeiger; } return; } /*===========================================================================*/ static void addeapmd5hash(uint8_t id, uint8_t *challenge, uint8_t *response) { static eapmd5hashlist_t *eapmd5hashlistnew; eapmd5hashcount++; if(eapmd5hashlistptr >= eapmd5hashlist +eapmd5hashlistmax) { eapmd5hashlistnew = realloc(eapmd5hashlist, (eapmd5hashlistmax +EAPMD5HASHLIST_MAX) *EAPMD5HASHLIST_SIZE); if(eapmd5hashlistnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } eapmd5hashlist = eapmd5hashlistnew; eapmd5hashlistptr = eapmd5hashlistnew +eapmd5hashlistmax; eapmd5hashlistmax += EAPMD5HASHLIST_MAX; } memset(eapmd5hashlistptr, 0, EAPMD5HASHLIST_SIZE); eapmd5hashlistptr->id = id; memcpy(eapmd5hashlistptr->md5request, challenge, EAPMD5_LEN_MAX); memcpy(eapmd5hashlistptr->md5response, response, EAPMD5_LEN_MAX); eapmd5hashlistptr++; return; } /*===========================================================================*/ static void processexteapmd5(uint64_t eaptimestamp, uint8_t *macto, uint8_t *macfm, uint8_t eapcode, uint32_t restlen, uint8_t *eapmd5ptr) { static eapmd5_t *eapmd5; static uint32_t eapmd5len; static eapmd5msglist_t *zeiger; eapmd5count++; eapmd5 = (eapmd5_t*)eapmd5ptr; eapmd5len = ntohs(eapmd5->eapmd5len); if(eapmd5len != restlen) return; if(eapmd5->md5len != EAPMD5_LEN_MAX) return; if(memcmp(&zeroed32, eapmd5->md5data, EAPMD5_LEN_MAX) == 0) return; if(eapcode == EAP_CODE_REQ) { zeiger = eapmd5msglist +EAPMD5MSGLIST_MAX; memset(zeiger, 0, EAPMD5MSGLIST_SIZE ); zeiger->timestamp = eaptimestamp; memcpy(zeiger->ap, macfm, 6); memcpy(zeiger->client, macto, 6); zeiger->type = EAP_CODE_REQ; zeiger->id = eapmd5->id; memcpy(zeiger->md5, eapmd5->md5data, EAPMD5_LEN_MAX); qsort(eapmd5msglist, EAPMD5MSGLIST_MAX +1, EAPMD5MSGLIST_SIZE, sort_eapmd5msglist_by_timestamp); } else if(eapcode == EAP_CODE_RESP) { zeiger = eapmd5msglist +EAPMD5MSGLIST_MAX; memset(zeiger, 0, EAPMD5MSGLIST_SIZE ); zeiger->timestamp = eaptimestamp; memcpy(zeiger->ap, macto, 6); memcpy(zeiger->client, macfm, 6); zeiger->type = EAP_CODE_RESP; zeiger->id = eapmd5->id; memcpy(zeiger->md5, eapmd5->md5data, EAPMD5_LEN_MAX); for(zeiger = eapmd5msglist; zeiger < eapmd5msglist +EAPMD5MSGLIST_MAX; zeiger++) { if((zeiger->type) != EAP_CODE_REQ) continue; if((zeiger->id) != eapmd5->id) continue; if(memcmp(zeiger->ap, macto, 6) != 0) continue; if(memcmp(zeiger->client, macfm, 6) != 0) continue; addeapmd5hash(eapmd5->id, zeiger->md5, eapmd5->md5data); } qsort(eapmd5msglist, EAPMD5MSGLIST_MAX +1, EAPMD5MSGLIST_SIZE, sort_eapmd5msglist_by_timestamp); } return; } /*===========================================================================*/ static void hccap2base(unsigned char *in, unsigned char b) { static const char itoa64[64] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; fprintf(fh_pmkideapoljtrdeprecated, "%c", (itoa64[in[0] >> 2])); fprintf(fh_pmkideapoljtrdeprecated, "%c", (itoa64[((in[0] & 0x03) << 4) | (in[1] >> 4)])); if(b) { fprintf(fh_pmkideapoljtrdeprecated, "%c", (itoa64[((in[1] & 0x0f) << 2) | (in[2] >> 6)])); fprintf(fh_pmkideapoljtrdeprecated, "%c", (itoa64[in[2] & 0x3f])); } else fprintf(fh_pmkideapoljtrdeprecated, "%c", (itoa64[((in[1] & 0x0f) << 2)])); return; } /*===========================================================================*/ static bool testpmkid(uint8_t *testpmk, uint8_t *macsta, uint8_t *macap, uint8_t *pmkid) { static size_t testpmkidlen; static EVP_MD_CTX *mdctx; static EVP_PKEY *pkey; static char *pmkname = "PMK Name"; static uint8_t message[32]; static uint8_t testpmkid[EVP_MAX_MD_SIZE]; memcpy(&message, pmkname, 8); memcpy(&message[8], macap, 6); memcpy(&message[14], macsta, 6); testpmkidlen = 16; mdctx = EVP_MD_CTX_new(); if(mdctx == 0) return false; pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, testpmk, 32); if(pkey == NULL) { EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignInit(mdctx, NULL, EVP_sha1(), NULL, pkey) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignUpdate(mdctx, message, 20) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignFinal(mdctx, testpmkid, &testpmkidlen) <= 0) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); if(memcmp(&testpmkid, pmkid, 16) == 0) return true; return false; } /*===========================================================================*/ static bool testeapolpmk(uint8_t *testpmk, uint8_t keyver, uint8_t *macsta, uint8_t *macap, uint8_t *nonceap, uint8_t eapollen, uint8_t *eapolmessage) { static uint8_t *pkeptr; static wpakey_t *wpakzero, *wpak; static size_t testptklen; static size_t testmiclen; static EVP_MD_CTX *mdctx; static EVP_PKEY *pkey; static uint8_t pkedata[102]; static uint8_t testptk[EVP_MAX_MD_SIZE]; static uint8_t eapoldata[0xff]; static uint8_t testmic[EVP_MAX_MD_SIZE]; memcpy(&eapoldata, eapolmessage, eapollen); wpakzero = (wpakey_t*)(eapoldata +EAPAUTH_SIZE); memset(wpakzero->keymic, 0, 16); wpak = (wpakey_t*)(eapolmessage +EAPAUTH_SIZE); if(keyver == 2) { memset(&pkedata, 0, sizeof(pkedata)); memset(&testptk, 0, sizeof(testptk)); memset(&testmic, 0, sizeof(testptk)); pkeptr = pkedata; memcpy(pkeptr, "Pairwise key expansion", 23); if(memcmp(macap, macsta, 6) < 0) { memcpy(pkeptr +23, macap, 6); memcpy(pkeptr +29, macsta, 6); } else { memcpy(pkeptr +23, macsta, 6); memcpy(pkeptr +29, macap, 6); } if(memcmp(nonceap, wpak->nonce, 32) < 0) { memcpy (pkeptr +35, nonceap, 32); memcpy (pkeptr +67, wpak->nonce, 32); } else { memcpy (pkeptr +35, wpak->nonce, 32); memcpy (pkeptr +67, nonceap, 32); } testptklen = 32; mdctx = EVP_MD_CTX_new(); if(mdctx == 0) return false; pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, testpmk, 32); if(pkey == NULL) { EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignInit(mdctx, NULL, EVP_sha1(), NULL, pkey) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignUpdate(mdctx, pkedata, 100) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignFinal(mdctx, testptk, &testptklen) <= 0) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } EVP_PKEY_free(pkey); EVP_MD_CTX_reset(mdctx); testmiclen = 16; pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, testptk, 16); if(pkey == NULL) { EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignInit(mdctx, NULL, EVP_sha1(), NULL, pkey) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignUpdate(mdctx, eapoldata, eapollen) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignFinal(mdctx, testmic, &testmiclen) <= 0) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); if(memcmp(&testmic, wpak->keymic, 16) == 0) return true; } else if(keyver == 1) { memset(&pkedata, 0, sizeof(pkedata)); memset(&testptk, 0, sizeof(testptk)); memset(&testmic, 0, sizeof(testptk)); pkeptr = pkedata; memcpy(pkeptr, "Pairwise key expansion", 23); if(memcmp(macap, macsta, 6) < 0) { memcpy(pkeptr +23, macap, 6); memcpy(pkeptr +29, macsta, 6); } else { memcpy(pkeptr +23, macsta, 6); memcpy(pkeptr +29, macap, 6); } if(memcmp(nonceap, wpak->nonce, 32) < 0) { memcpy (pkeptr +35, nonceap, 32); memcpy (pkeptr +67, wpak->nonce, 32); } else { memcpy (pkeptr +35, wpak->nonce, 32); memcpy (pkeptr +67, nonceap, 32); } testptklen = 32; mdctx = EVP_MD_CTX_new(); if(mdctx == 0) return false; pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, testpmk, 32); if(pkey == NULL) { EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignInit(mdctx, NULL, EVP_sha1(), NULL, pkey) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignUpdate(mdctx, pkedata, 100) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignFinal(mdctx, testptk, &testptklen) <= 0) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } EVP_PKEY_free(pkey); EVP_MD_CTX_reset(mdctx); testmiclen = 16; mdctx = EVP_MD_CTX_new(); if(mdctx == 0) return false; pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, testptk, 16); if(pkey == NULL) { EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignInit(mdctx, NULL, EVP_md5(), NULL, pkey) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignUpdate(mdctx, eapoldata, eapollen) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignFinal(mdctx, testmic, &testmiclen) <= 0) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); if(memcmp(&testmic, wpak->keymic, 16) == 0) return true; } else if(keyver == 3) { memset(&pkedata, 0, sizeof(pkedata)); memset(&testptk, 0, sizeof(testptk)); memset(&testmic, 0, sizeof(testptk)); pkedata[0] = 1; pkedata[1] = 0; pkeptr = pkedata +2; memcpy(pkeptr, "Pairwise key expansion", 22); if(memcmp(macap, macsta, 6) < 0) { memcpy(pkeptr +22, macap, 6); memcpy(pkeptr +28, macsta, 6); } else { memcpy(pkeptr +22, macsta, 6); memcpy(pkeptr +28, macap, 6); } if(memcmp(nonceap, wpak->nonce, 32) < 0) { memcpy (pkeptr +34, nonceap, 32); memcpy (pkeptr +66, wpak->nonce, 32); } else { memcpy (pkeptr +34, wpak->nonce, 32); memcpy (pkeptr +66, nonceap, 32); } pkedata[100] = 0x80; pkedata[101] = 1; testptklen = 32; mdctx = EVP_MD_CTX_new(); if(mdctx == 0) return false; pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, testpmk, 32); if(pkey == NULL) { EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignInit(mdctx, NULL, EVP_sha256(), NULL, pkey) <= 0) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignUpdate(mdctx, pkedata, 102) <= 0) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignFinal(mdctx, testptk, &testptklen) <= 0) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } EVP_PKEY_free(pkey); EVP_MD_CTX_reset(mdctx); testmiclen = 16; mdctx = EVP_MD_CTX_new(); if(mdctx == 0) return false; pkey = EVP_PKEY_new_CMAC_key(NULL, testptk, 16, EVP_aes_128_cbc()); if(pkey == NULL) { EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, pkey) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignUpdate(mdctx, eapoldata, eapollen) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignFinal(mdctx, testmic, &testmiclen) <= 0) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); if(memcmp(&testmic, wpak->keymic, 16) == 0) return true; } return false; } /*===========================================================================*/ static bool testzeroedpsk(uint8_t essidlen, uint8_t *essid) { if(PKCS5_PBKDF2_HMAC_SHA1(zeroedpsk, 8, essid, essidlen, 4096, 32, calculatedpmk) == 0) return false; return true; } /*===========================================================================*/ static void getnc(handshakelist_t *zeigerhsakt) { static handshakelist_t *zeigerhs, *zeigerhsold; zeigerhsold = zeigerhsakt; for(zeigerhs = zeigerhsakt; zeigerhs < handshakelistptr; zeigerhs++) { if(memcmp(zeigerhs->ap, zeigerhsold->ap, 6) != 0) return; { zeigerhsakt->status |= zeigerhs->status &0xe0; zeigerhsold->status |= zeigerhs->status &0xe0; } zeigerhsold = zeigerhs; } return; } /*===========================================================================*/ static handshakelist_t *gethandshake(maclist_t *zeigermac, handshakelist_t *zeigerhsakt) { static int p; static handshakelist_t *zeigerhs, *zeigerhsold; static wpakey_t *wpak, *wpaktemp; static int i; static unsigned char *hcpos; static uint8_t keyvertemp; static uint8_t eapoltemp[EAPOL_AUTHLEN_MAX]; static hccapx_t hccapx; static hccap_t hccap; zeigerhsold = NULL; for(zeigerhs = zeigerhsakt; zeigerhs < handshakelistptr; zeigerhs++) { if(donotcleanflag == false) { if(memcmp(&mac_broadcast, zeigerhs->client, 6) == 0) continue; if(memcmp(&mac_broadcast, zeigerhs->ap, 6) == 0) continue; if(zeigerhsold != NULL) { if((memcmp(zeigerhs->ap, zeigerhsold->ap, 6) == 0) && (memcmp(zeigerhs->client, zeigerhsold->client, 6) == 0)) { if((zeigerhs->status &ST_APLESS) != ST_APLESS) getnc(zeigerhs); continue; } } } if(memcmp(zeigermac->addr, zeigerhs->ap, 6) == 0) { eapolmpbestcount++; if((zeigerhs->status &ST_APLESS) != ST_APLESS) getnc(zeigerhs); if((zeigerhs->status &ST_APLESS) == ST_APLESS) eapolaplesscount++; if((zeigerhs->status &7) == ST_M12E2) eapolm12e2count++; if((zeigerhs->status &7) == ST_M14E4) eapolm14e4count++; if((zeigerhs->status &7) == ST_M32E2) eapolm32e2count++; if((zeigerhs->status &7) == ST_M32E3) eapolm32e3count++; if((zeigerhs->status &7) == ST_M34E3) eapolm34e3count++; if((zeigerhs->status &7) == ST_M34E4) eapolm34e4count++; wpak = (wpakey_t*)(zeigerhs->eapol +EAPAUTH_SIZE); keyvertemp = ntohs(wpak->keyinfo) & WPA_KEY_INFO_TYPE_MASK; memcpy(&eapoltemp, zeigerhs->eapol, zeigerhs->eapauthlen); wpaktemp = (wpakey_t*)(eapoltemp +EAPAUTH_SIZE); memset(wpaktemp->keymic, 0, 16); if(donotcleanflag == false) { if(testzeroedpsk(zeigermac->essidlen, zeigermac->essid) == true) { if(testeapolpmk(calculatedpmk, keyvertemp, zeigerhs->client, zeigerhs->ap, zeigerhs->anonce, zeigerhs->eapauthlen, zeigerhs->eapol) == true) { zeroedeapolpskcount++; eapolmpbestcount--; continue; } } } if(fh_pmkideapol != 0) { //WPA*TYPE*PMKID-ODER-MIC*MACAP*MACSTA*ESSID_HEX*ANONCE*EAPOL*MP fprintf(fh_pmkideapol, "WPA*%02d*%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x*", HCX_TYPE_EAPOL, wpak->keymic[0], wpak->keymic[1], wpak->keymic[2], wpak->keymic[3], wpak->keymic[4], wpak->keymic[5], wpak->keymic[6], wpak->keymic[7], wpak->keymic[8], wpak->keymic[9], wpak->keymic[10], wpak->keymic[11], wpak->keymic[12], wpak->keymic[13], wpak->keymic[14], wpak->keymic[15], zeigerhs->ap[0], zeigerhs->ap[1], zeigerhs->ap[2], zeigerhs->ap[3], zeigerhs->ap[4], zeigerhs->ap[5], zeigerhs->client[0], zeigerhs->client[1], zeigerhs->client[2], zeigerhs->client[3], zeigerhs->client[4], zeigerhs->client[5]); for(p = 0; p < zeigermac->essidlen; p++) fprintf(fh_pmkideapol, "%02x", zeigermac->essid[p]); fprintf(fh_pmkideapol, "*"); fprintf(fh_pmkideapol, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x*", zeigerhs->anonce[0], zeigerhs->anonce[1], zeigerhs->anonce[2], zeigerhs->anonce[3], zeigerhs->anonce[4], zeigerhs->anonce[5], zeigerhs->anonce[6], zeigerhs->anonce[7], zeigerhs->anonce[8], zeigerhs->anonce[9], zeigerhs->anonce[10], zeigerhs->anonce[11], zeigerhs->anonce[12], zeigerhs->anonce[13], zeigerhs->anonce[14], zeigerhs->anonce[15], zeigerhs->anonce[16], zeigerhs->anonce[17], zeigerhs->anonce[18], zeigerhs->anonce[19], zeigerhs->anonce[20], zeigerhs->anonce[21], zeigerhs->anonce[22], zeigerhs->anonce[23], zeigerhs->anonce[24], zeigerhs->anonce[25], zeigerhs->anonce[26], zeigerhs->anonce[27], zeigerhs->anonce[28], zeigerhs->anonce[29], zeigerhs->anonce[30], zeigerhs->anonce[31]); for(p = 0; p < zeigerhs->eapauthlen; p++) fprintf(fh_pmkideapol, "%02x", eapoltemp[p]); fprintf(fh_pmkideapol, "*%02x\n", zeigerhs->status); if(zeigerhs->rcgap == 0) eapolwrittencount++; else eapolncwrittencount++; } if((fh_pmkideapoljtrdeprecated != 0) && (zeigerhs->rcgap == 0)) { memset (&hccap, 0, sizeof(hccap_t)); memcpy(&hccap.ap, zeigerhs->ap, 6); memcpy(&hccap.client, zeigerhs->client, 6); memcpy(&hccap.anonce, zeigerhs->anonce, 32); memcpy(&hccap.snonce, wpak->nonce, 32); memcpy(&hccap.keymic, &wpak->keymic, 16); hccap.keyver = keyvertemp; hccap.eapol_size = zeigerhs->eapauthlen; memcpy(&hccap.eapol, &eapoltemp, zeigerhs->eapauthlen); #ifdef BIG_ENDIAN_HOST hccap.eapol_size = byte_swap_16(hccap.eapol_size); #endif fprintf(fh_pmkideapoljtrdeprecated, "%.*s:$WPAPSK$%.*s#", zeigermac->essidlen, zeigermac->essid, zeigermac->essidlen, zeigermac->essid); hcpos = (unsigned char*)&hccap; for (i = 36; i + 3 < (int)HCCAP_SIZE; i += 3) hccap2base(&hcpos[i], 1); hccap2base(&hcpos[i], 0); fprintf(fh_pmkideapoljtrdeprecated, ":%02x-%02x-%02x-%02x-%02x-%02x:%02x-%02x-%02x-%02x-%02x-%02x:%02x%02x%02x%02x%02x%02x", zeigerhs->client[0], zeigerhs->client[1], zeigerhs->client[2], zeigerhs->client[3], zeigerhs->client[4], zeigerhs->client[5], zeigerhs->ap[0], zeigerhs->ap[1], zeigerhs->ap[2], zeigerhs->ap[3], zeigerhs->ap[4], zeigerhs->ap[5], zeigerhs->ap[0], zeigerhs->ap[1], zeigerhs->ap[2], zeigerhs->ap[3], zeigerhs->ap[4], zeigerhs->ap[5]); if(keyvertemp == 1) fprintf(fh_pmkideapoljtrdeprecated, "::WPA"); else fprintf(fh_pmkideapoljtrdeprecated, "::WPA2"); if((zeigerhs->status &0x7) == 0) fprintf(fh_pmkideapoljtrdeprecated, ":not verified"); else fprintf(fh_pmkideapoljtrdeprecated, ":verified"); fprintf(fh_pmkideapoljtrdeprecated, ":%s\n", basename(jtrbasenamedeprecated)); eapolwrittenjcountdeprecated++; } if(fh_hccapxdeprecated != 0) { memset (&hccapx, 0, sizeof(hccapx_t)); hccapx.signature = HCCAPX_SIGNATURE; hccapx.version = HCCAPX_VERSION; hccapx.message_pair = zeigerhs->status; hccapx.essid_len = zeigermac->essidlen; memcpy(&hccapx.essid, zeigermac->essid, zeigermac->essidlen); memcpy(&hccapx.ap, zeigerhs->ap, 6); memcpy(&hccapx.client, zeigerhs->client, 6); memcpy(&hccapx.anonce, zeigerhs->anonce, 32); memcpy(&hccapx.snonce, wpak->nonce, 32); hccapx.eapol_len = zeigerhs->eapauthlen; memcpy(&hccapx.eapol, &eapoltemp, zeigerhs->eapauthlen); hccapx.keyver = keyvertemp; memcpy(&hccapx.keymic, wpak->keymic, 16); #ifdef BIG_ENDIAN_HOST hccapx.signature = byte_swap_32(hccapx.signature); hccapx.version = byte_swap_32(hccapx.version); hccapx.eapol_len = byte_swap_16(hccapx.eapol_len); #endif fwrite (&hccapx, sizeof(hccapx_t), 1, fh_hccapxdeprecated); if(zeigerhs->rcgap == 0) eapolwrittenhcpxcountdeprecated++; else eapolncwrittenhcpxcountdeprecated++; } if((fh_hccapdeprecated != 0) && (zeigerhs->rcgap == 0)) { memset(&hccap, 0, sizeof(hccap_t)); memcpy(&hccap.essid, zeigermac->essid, zeigermac->essidlen); memcpy(&hccap.ap, zeigerhs->ap, 6); memcpy(&hccap.client, zeigerhs->client, 6); memcpy(&hccap.anonce, zeigerhs->anonce, 32); memcpy(&hccap.snonce, wpak->nonce, 32); memcpy(&hccap.keymic, wpak->keymic, 16); hccap.keyver = keyvertemp; hccap.eapol_size = zeigerhs->eapauthlen; memcpy(&hccap.eapol, &eapoltemp, zeigerhs->eapauthlen); #ifdef BIG_ENDIAN_HOST hccap.eapol_size = byte_swap_16(hccap.eapol_size); #endif fwrite(&hccap, HCCAP_SIZE, 1, fh_hccapdeprecated); eapolwrittenhcpcountdeprecated++; } } if(memcmp(zeigerhs->ap, zeigermac->addr, 6) > 0) { zeigerhsakt = zeigerhs; return zeigerhsakt; } zeigerhsold = zeigerhs; } return zeigerhsakt; } /*===========================================================================*/ static pmkidlist_t *getpmkid(maclist_t *zeigermac, pmkidlist_t *zeigerpmkidakt) { static int p; static pmkidlist_t *zeigerpmkid, *zeigerpmkidold; zeigerpmkidold = NULL; for(zeigerpmkid = zeigerpmkidakt; zeigerpmkid < pmkidlistptr; zeigerpmkid++) { if(donotcleanflag == false) { if(memcmp(&mac_broadcast, zeigerpmkid->client, 6) == 0) continue; if(memcmp(&mac_broadcast, zeigerpmkid->ap, 6) == 0) continue; if(zeigerpmkidold != NULL) { if((memcmp(zeigerpmkid->ap, zeigerpmkidold->ap, 6) == 0) && (memcmp(zeigerpmkid->client, zeigerpmkidold->client, 6) == 0)) continue; } } if(memcmp(zeigermac->addr, zeigerpmkid->ap, 6) == 0) { if(donotcleanflag == false) { if(testzeroedpsk(zeigermac->essidlen, zeigermac->essid) == true) { if(testpmkid(calculatedpmk, zeigerpmkid->client, zeigerpmkid->ap, zeigerpmkid->pmkid) == true) { zeroedpmkidpskcount++; continue; } } } if(memcmp(&myaktclient, zeigerpmkid->client, 6) == 0) pmkidroguecount++; pmkidbestcount++; if(fh_pmkideapol != 0) { //WPA*TYPE*PMKID-ODER-MIC*MACAP*MACSTA*ESSID_HEX*ANONCE*EAPOL*MP fprintf(fh_pmkideapol, "WPA*%02d*%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x*", HCX_TYPE_PMKID, zeigerpmkid->pmkid[0], zeigerpmkid->pmkid[1], zeigerpmkid->pmkid[2], zeigerpmkid->pmkid[3], zeigerpmkid->pmkid[4], zeigerpmkid->pmkid[5], zeigerpmkid->pmkid[6], zeigerpmkid->pmkid[7], zeigerpmkid->pmkid[8], zeigerpmkid->pmkid[9], zeigerpmkid->pmkid[10], zeigerpmkid->pmkid[11], zeigerpmkid->pmkid[12], zeigerpmkid->pmkid[13], zeigerpmkid->pmkid[14], zeigerpmkid->pmkid[15], zeigerpmkid->ap[0], zeigerpmkid->ap[1], zeigerpmkid->ap[2], zeigerpmkid->ap[3], zeigerpmkid->ap[4], zeigerpmkid->ap[5], zeigerpmkid->client[0], zeigerpmkid->client[1], zeigerpmkid->client[2], zeigerpmkid->client[3], zeigerpmkid->client[4], zeigerpmkid->client[5]); for(p = 0; p < zeigermac->essidlen; p++) fprintf(fh_pmkideapol, "%02x", zeigermac->essid[p]); fprintf(fh_pmkideapol, "***\n"); pmkidwrittenhcount++; } if(fh_pmkideapoljtrdeprecated != 0) { fprintf(fh_pmkideapoljtrdeprecated, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x*", zeigerpmkid->pmkid[0], zeigerpmkid->pmkid[1], zeigerpmkid->pmkid[2], zeigerpmkid->pmkid[3], zeigerpmkid->pmkid[4], zeigerpmkid->pmkid[5], zeigerpmkid->pmkid[6], zeigerpmkid->pmkid[7], zeigerpmkid->pmkid[8], zeigerpmkid->pmkid[9], zeigerpmkid->pmkid[10], zeigerpmkid->pmkid[11], zeigerpmkid->pmkid[12], zeigerpmkid->pmkid[13], zeigerpmkid->pmkid[14], zeigerpmkid->pmkid[15], zeigerpmkid->ap[0], zeigerpmkid->ap[1], zeigerpmkid->ap[2], zeigerpmkid->ap[3], zeigerpmkid->ap[4], zeigerpmkid->ap[5], zeigerpmkid->client[0], zeigerpmkid->client[1], zeigerpmkid->client[2], zeigerpmkid->client[3], zeigerpmkid->client[4], zeigerpmkid->client[5]); for(p = 0; p < zeigermac->essidlen; p++) fprintf(fh_pmkideapoljtrdeprecated, "%02x", zeigermac->essid[p]); fprintf(fh_pmkideapoljtrdeprecated, "\n"); pmkidwrittenjcountdeprecated++; } if(fh_pmkiddeprecated != 0) { fprintf(fh_pmkiddeprecated, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x*", zeigerpmkid->pmkid[0], zeigerpmkid->pmkid[1], zeigerpmkid->pmkid[2], zeigerpmkid->pmkid[3], zeigerpmkid->pmkid[4], zeigerpmkid->pmkid[5], zeigerpmkid->pmkid[6], zeigerpmkid->pmkid[7], zeigerpmkid->pmkid[8], zeigerpmkid->pmkid[9], zeigerpmkid->pmkid[10], zeigerpmkid->pmkid[11], zeigerpmkid->pmkid[12], zeigerpmkid->pmkid[13], zeigerpmkid->pmkid[14], zeigerpmkid->pmkid[15], zeigerpmkid->ap[0], zeigerpmkid->ap[1], zeigerpmkid->ap[2], zeigerpmkid->ap[3], zeigerpmkid->ap[4], zeigerpmkid->ap[5], zeigerpmkid->client[0], zeigerpmkid->client[1], zeigerpmkid->client[2], zeigerpmkid->client[3], zeigerpmkid->client[4], zeigerpmkid->client[5]); for(p = 0; p < zeigermac->essidlen; p++) fprintf(fh_pmkiddeprecated, "%02x", zeigermac->essid[p]); fprintf(fh_pmkiddeprecated, "\n"); pmkidwrittencountdeprecated++; } } if(memcmp(zeigerpmkid->ap, zeigermac->addr, 6) > 0) { zeigerpmkidakt = zeigerpmkid; return zeigerpmkidakt; } zeigerpmkidold = zeigerpmkid; } return zeigerpmkidakt; } /*===========================================================================*/ static void outputwpalists() { static maclist_t *zeigermac, *zeigermacold; static handshakelist_t *zeigerhsakt; static pmkidlist_t *zeigerpmkidakt; static int essiddupecount; qsort(aplist, aplistptr -aplist, MACLIST_SIZE, sort_maclist_by_mac_count); qsort(pmkidlist, pmkidlistptr -pmkidlist, PMKIDLIST_SIZE, sort_pmkidlist_by_mac); if(ncvalue == 0) qsort(handshakelist, handshakelistptr -handshakelist, HANDSHAKELIST_SIZE, sort_handshakelist_by_timegap); else qsort(handshakelist, handshakelistptr -handshakelist, HANDSHAKELIST_SIZE, sort_handshakelist_by_rcgap); zeigerhsakt = handshakelist; zeigerpmkidakt = pmkidlist; zeigermacold = aplist; if(zeigermacold->type == AP) { if(zeigermacold->essidlen != 0) { if(ignoreieflag == true) { zeigerpmkidakt = getpmkid(zeigermacold, zeigerpmkidakt); zeigerhsakt = gethandshake(zeigermacold, zeigerhsakt); } else { if(((zeigermacold->akm &TAK_PSK) == TAK_PSK) || ((zeigermacold->akm &TAK_PSKSHA256) == TAK_PSKSHA256)) { zeigerpmkidakt = getpmkid(zeigermacold, zeigerpmkidakt); zeigerhsakt = gethandshake(zeigermacold, zeigerhsakt); } } } } essiddupecount = 0; for(zeigermac = aplist +1; zeigermac < aplistptr; zeigermac++) { if(zeigermac->essidlen == 0) continue; if(zeigermac->type != AP) { essiddupecount = 0; continue; } if(zeigermacold->type == AP) { if(memcmp(zeigermacold->addr, zeigermac->addr, 6) == 0) { essiddupecount++; if(essiddupecount >= essiddupemax) essiddupemax = essiddupecount; if(essiddupecount >= essidsvalue) continue; } else essiddupecount = 0; } if(ignoreieflag == true) { zeigerpmkidakt = getpmkid(zeigermac, zeigerpmkidakt); zeigerhsakt = gethandshake(zeigermac, zeigerhsakt); } else { if(((zeigermac->akm &TAK_PSK) == TAK_PSK) || ((zeigermac->akm &TAK_PSKSHA256) == TAK_PSKSHA256)) { zeigerpmkidakt = getpmkid(zeigermac, zeigerpmkidakt); zeigerhsakt = gethandshake(zeigermac, zeigerhsakt); } } zeigermacold = zeigermac; } return; } /*===========================================================================*/ static void cleanupmac() { static maclist_t *zeiger; static maclist_t *zeigerold; if(aplistptr == aplist) return; qsort(aplist, aplistptr -aplist, MACLIST_SIZE, sort_maclist_by_mac); zeigerold = aplist; for(zeiger = aplist +1; zeiger < aplistptr; zeiger++) { if(memcmp(zeigerold->addr, zeiger->addr, 6) == 0) { if(zeigerold->essidlen == zeiger->essidlen) { if(memcmp(zeigerold->essid, zeiger->essid, zeigerold->essidlen) == 0) { zeigerold->timestamp = zeiger->timestamp; zeigerold->type |= zeiger->type; zeigerold->status |= zeiger->status; zeigerold->count += 1; zeigerold->groupcipher |= zeiger->groupcipher; zeigerold->cipher |= zeiger->cipher; zeigerold->akm |= zeiger->akm; if(zeigerold->manufacturerlen == 0) { memcpy(zeigerold->manufacturer, zeiger->manufacturer, zeiger->manufacturerlen); zeigerold->manufacturerlen = zeiger->manufacturerlen; } if(zeigerold->modellen == 0) { memcpy(zeigerold->model, zeiger->model, zeiger->modellen); zeigerold->modellen = zeiger->modellen; } if(zeigerold->serialnumberlen == 0) { memcpy(zeigerold->serialnumber, zeiger->serialnumber, zeiger->serialnumberlen); zeigerold->serialnumberlen = zeiger->serialnumberlen; } if(zeigerold->devicenamelen == 0) { memcpy(zeigerold->devicename, zeiger->devicename, zeiger->devicenamelen); zeigerold->devicenamelen = zeiger->devicenamelen; } if(zeigerold->enrolleelen == 0) { memcpy(zeigerold->enrollee, zeiger->enrollee, zeiger->enrolleelen); zeigerold->enrolleelen = zeiger->enrolleelen; } zeiger->type = REMOVED; continue; } } } zeigerold = zeiger; } return; } /*===========================================================================*/ static bool cleanbackhandshake() { static int c; static handshakelist_t *zeiger; if(donotcleanflag == true) return false; zeiger = handshakelistptr; for(c = 0; c < 20; c ++) { zeiger--; if(zeiger < handshakelist) return false; if(memcmp(zeiger->ap, handshakelistptr->ap, 6) != 0) continue; if(memcmp(zeiger->client, handshakelistptr->client, 6) != 0) continue; if(memcmp(zeiger->anonce, handshakelistptr->anonce, 32) != 0) continue; if(zeiger->eapauthlen != handshakelistptr->eapauthlen) continue; if(memcmp(zeiger->eapol, handshakelistptr->eapol, handshakelistptr->eapauthlen) != 0) continue; if(zeiger->timestampgap > handshakelistptr->timestampgap) zeiger->timestampgap = handshakelistptr->timestampgap; if(zeiger->rcgap > handshakelistptr->rcgap) zeiger->rcgap = (zeiger->rcgap &0xe0) | handshakelistptr->rcgap; if(zeiger->status < handshakelistptr->status) zeiger->status = handshakelistptr->status; zeiger->messageap |= handshakelistptr->messageap; zeiger->messageclient |= handshakelistptr->messageclient; return true; } return false; } /*===========================================================================*/ static void addhandshake(uint64_t eaptimegap, uint64_t rcgap, messagelist_t *msgclient, messagelist_t *msgap, uint8_t keyver, uint8_t mpfield) { static handshakelist_t *handshakelistnew; static messagelist_t *zeiger; eapolmpcount++; if((mpfield &ST_APLESS) != ST_APLESS) { for(zeiger = messagelist; zeiger < messagelist +MESSAGELIST_MAX; zeiger++) { if((zeiger->status &ST_APLESS) != ST_APLESS) { if(memcmp(msgap->ap, zeiger->ap, 6) == 0) mpfield |= zeiger->status & 0xe0; } } } if(msgap->timestamp == msgclient->timestamp) eapolmsgtimestamperrorcount++; if(testeapolpmk(zeroedpmk, keyver, msgclient->client, msgap->ap, msgap->nonce, msgclient->eapauthlen, msgclient->eapol) == false) { if(handshakelistptr >= handshakelist +handshakelistmax) { handshakelistnew = realloc(handshakelist, (handshakelistmax +HANDSHAKELIST_MAX) *HANDSHAKELIST_SIZE); if(handshakelistnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } handshakelist = handshakelistnew; handshakelistptr = handshakelistnew +handshakelistmax; handshakelistmax += HANDSHAKELIST_MAX; } memset(handshakelistptr, 0, HANDSHAKELIST_SIZE); handshakelistptr->timestampgap = eaptimegap; handshakelistptr->status = mpfield; handshakelistptr->rcgap = rcgap; if(handshakelistptr->rcgap > 0) handshakelistptr->status |= ST_NC; handshakelistptr->messageap = msgap->message; handshakelistptr->messageclient = msgclient->message; memcpy(handshakelistptr->ap, msgap->ap, 6); memcpy(handshakelistptr->client, msgclient->client, 6); memcpy(handshakelistptr->anonce, msgap->nonce, 32); memcpy(handshakelistptr->pmkid, msgap->pmkid, 32); handshakelistptr->eapauthlen = msgclient->eapauthlen; memcpy(handshakelistptr->eapol, msgclient->eapol, msgclient->eapauthlen); if(cleanbackhandshake() == false) handshakelistptr++; } else { zeroedeapolpmkcount++; if(donotcleanflag == true) { if(handshakelistptr >= handshakelist +handshakelistmax) { handshakelistnew = realloc(handshakelist, (handshakelistmax +HANDSHAKELIST_MAX) *HANDSHAKELIST_SIZE); if(handshakelistnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } handshakelist = handshakelistnew; handshakelistptr = handshakelistnew +handshakelistmax; handshakelistmax += HANDSHAKELIST_MAX; } memset(handshakelistptr, 0, HANDSHAKELIST_SIZE); handshakelistptr->timestampgap = eaptimegap; handshakelistptr->status = mpfield; handshakelistptr->rcgap = rcgap; if(handshakelistptr->rcgap > 0) handshakelistptr->status |= ST_NC; handshakelistptr->messageap = msgap->message; handshakelistptr->messageclient = msgclient->message; memcpy(handshakelistptr->ap, msgap->ap, 6); memcpy(handshakelistptr->client, msgclient->client, 6); memcpy(handshakelistptr->anonce, msgap->nonce, 32); memcpy(handshakelistptr->pmkid, msgap->pmkid, 32); handshakelistptr->eapauthlen = msgclient->eapauthlen; memcpy(handshakelistptr->eapol, msgclient->eapol, msgclient->eapauthlen); if(cleanbackhandshake() == false) handshakelistptr++; } } return; } /*===========================================================================*/ static bool cleanbackpmkid() { static int c; static pmkidlist_t *zeiger; if(donotcleanflag == true) return false; zeiger = pmkidlistptr; for(c = 0; c < 20; c ++) { zeiger--; if(zeiger < pmkidlist) return false; if(memcmp(zeiger->ap, pmkidlistptr->ap, 6) != 0) continue; if(memcmp(zeiger->client, pmkidlistptr->client, 6) != 0) continue; if(memcmp(zeiger->pmkid, pmkidlistptr->pmkid, 16) != 0) continue; return true; } return false; } /*===========================================================================*/ static void addpmkid(uint8_t *macclient, uint8_t *macap, uint8_t *pmkid) { static pmkidlist_t *pmkidlistnew; pmkidcount++; if(testpmkid(zeroedpmk, macclient, macap, pmkid) == false) { if(pmkidlistptr >= pmkidlist +pmkidlistmax) { pmkidlistnew = realloc(pmkidlist, (pmkidlistmax +PMKIDLIST_MAX) *PMKIDLIST_SIZE); if(pmkidlistnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } pmkidlist = pmkidlistnew; pmkidlistptr = pmkidlistnew +pmkidlistmax; pmkidlistmax += PMKIDLIST_MAX; } memset(pmkidlistptr, 0, PMKIDLIST_SIZE); memcpy(pmkidlistptr->ap, macap, 6); memcpy(pmkidlistptr->client, macclient, 6); memcpy(pmkidlistptr->pmkid, pmkid, 16); if(cleanbackpmkid() == false) pmkidlistptr++; } else { zeroedpmkidpmkcount++; if(donotcleanflag == true) { if(pmkidlistptr >= pmkidlist +pmkidlistmax) { pmkidlistnew = realloc(pmkidlist, (pmkidlistmax +PMKIDLIST_MAX) *PMKIDLIST_SIZE); if(pmkidlistnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } pmkidlist = pmkidlistnew; pmkidlistptr = pmkidlistnew +maclistmax; pmkidlistmax += PMKIDLIST_MAX; } memset(pmkidlistptr, 0, PMKIDLIST_SIZE); memcpy(pmkidlistptr->ap, macap, 6); memcpy(pmkidlistptr->client, macclient, 6); memcpy(pmkidlistptr->pmkid, pmkid, 16); if(cleanbackpmkid() == false) pmkidlistptr++; } } return; } /*===========================================================================*/ static void process80211exteap(uint64_t eaptimestamp, uint8_t *macto, uint8_t *macfm, uint32_t restlen, uint8_t *eapptr) { static eapauth_t *eapauth; static uint32_t authlen; static exteap_t *exteap; static uint32_t exteaplen; static uint32_t idstrlen; eapcount++; if(restlen < (int)EAPAUTH_SIZE) return; eapauth = (eapauth_t*)eapptr; authlen = ntohs(eapauth->len); if(authlen > restlen) return; exteap = (exteap_t*)(eapptr +EAPAUTH_SIZE); exteaplen = ntohs(exteap->len); if(exteaplen > authlen) return; idstrlen = exteaplen -EXTEAP_SIZE; if(exteap->type == EAP_TYPE_SIM) eapsimcount++; else if(exteap->type == EAP_TYPE_AKA) eapakacount++; else if(exteap->type == EAP_TYPE_PEAP) eappeapcount++; else if(exteap->type == EAP_TYPE_TLS) eaptlscount++; else if(exteap->type == EAP_TYPE_EXPAND) eapexpandedcount++; else if(exteap->type == EAP_TYPE_MD5) processexteapmd5(eaptimestamp, macto, macfm, exteap->code, exteaplen, eapptr +EAPAUTH_SIZE); else if(exteap->type == EAP_TYPE_LEAP) processexteapleap(eaptimestamp, macto, macfm, exteap->code, exteaplen, eapptr +EAPAUTH_SIZE); else if(exteap->type == EAP_TYPE_MSEAP) processexteapmschapv2(eaptimestamp, macto, macfm, exteap->code, exteaplen, eapptr +EAPAUTH_SIZE); if(exteap->code == EAP_CODE_REQ) { eapcodereqcount++; if(exteap->type == EAP_TYPE_ID) { if(idstrlen > 1) { if(eapptr[EAPAUTH_SIZE +EXTEAP_SIZE] != 0) { identitycount++; if(fh_identity != NULL) fwritestring(idstrlen, &eapptr[EAPAUTH_SIZE +EXTEAP_SIZE], fh_identity); } else if(eapptr[EAPAUTH_SIZE +EXTEAP_SIZE +1] != 0) { identitycount++; if(fh_identity != NULL) fwritestring(idstrlen -1, &eapptr[EAPAUTH_SIZE +EXTEAP_SIZE +1], fh_identity); } } eapidcount++; } } else if(exteap->code == EAP_CODE_RESP) { eapcoderespcount++; if(exteap->type == EAP_TYPE_ID) { if(idstrlen > 1) { if(eapptr[EAPAUTH_SIZE +EXTEAP_SIZE] != 0) { identitycount++; if(fh_identity != NULL) fwritestring(idstrlen, &eapptr[EAPAUTH_SIZE +EXTEAP_SIZE], fh_identity); } else if(eapptr[EAPAUTH_SIZE +EXTEAP_SIZE +1] != 0) { identitycount++; if(fh_identity != NULL) fwritestring(idstrlen -1, &eapptr[EAPAUTH_SIZE +EXTEAP_SIZE +1], fh_identity); } } eapidcount++; } } return; } /*===========================================================================*/ static bool gettagwps(int wpslen, uint8_t *tagptr, tags_t *zeiger) { static wpsie_t *wpsptr; wpslen -= WPSVENDOR_SIZE; tagptr += WPSVENDOR_SIZE; if(wpslen < (int)WPSIE_SIZE) return true; zeiger->wpsinfo = 1; wpsptr = (wpsie_t*)tagptr; if(ntohs(wpsptr->type) != WPS_VERSION) return true; if(ntohs(wpsptr->len) != 1) return true; if(wpsptr->data[0] != 0x10) return true; tagptr += ntohs(wpsptr->len) +WPSIE_SIZE; wpslen -= ntohs(wpsptr->len) +WPSIE_SIZE; while(0 < wpslen) { wpsptr = (wpsie_t*)tagptr; if((ntohs(wpsptr->type) == WPS_MANUFACTURER) && (ntohs(wpsptr->len) > 0) && (ntohs(wpsptr->len) < DEVICE_INFO_MAX)) { zeiger->manufacturerlen = ntohs(wpsptr->len); memcpy(zeiger->manufacturer, wpsptr->data, zeiger->manufacturerlen); } else if((ntohs(wpsptr->type) == WPS_MODELNAME) && (ntohs(wpsptr->len) > 0) && (ntohs(wpsptr->len) < DEVICE_INFO_MAX)) { zeiger->modellen = ntohs(wpsptr->len); memcpy(zeiger->model, wpsptr->data, zeiger->modellen); } else if((ntohs(wpsptr->type) == WPS_SERIALNUMBER) && (ntohs(wpsptr->len) > 0) && (ntohs(wpsptr->len) < DEVICE_INFO_MAX)) { zeiger->serialnumberlen = ntohs(wpsptr->len); memcpy(zeiger->serialnumber, wpsptr->data, zeiger->serialnumberlen); } else if((ntohs(wpsptr->type) == WPS_DEVICENAME) && (ntohs(wpsptr->len) > 0) && (ntohs(wpsptr->len) < DEVICE_INFO_MAX)) { zeiger->devicenamelen = ntohs(wpsptr->len); memcpy(zeiger->devicename, wpsptr->data, zeiger->devicenamelen); } else if((ntohs(wpsptr->type) == WPS_UUIDE) && (ntohs(wpsptr->len) == WPS_ENROLLEE_LEN)) { zeiger->enrolleelen = ntohs(wpsptr->len); memcpy(zeiger->enrollee, wpsptr->data, zeiger->enrolleelen); } tagptr += ntohs(wpsptr->len) +WPSIE_SIZE; wpslen -= ntohs(wpsptr->len) +WPSIE_SIZE; } if(wpslen != 0) return false; return true; } /*===========================================================================*/ static bool gettagwpa(int wpalen, uint8_t *ieptr, tags_t *zeiger) { static int c; static wpaie_t *wpaptr; static int wpatype; static suite_t *gsuiteptr; static suitecount_t *csuitecountptr; static suite_t *csuiteptr; static int csuitecount; static suitecount_t *asuitecountptr; static suite_t *asuiteptr; static int asuitecount; wpaptr = (wpaie_t*)ieptr; wpalen -= WPAIE_SIZE; ieptr += WPAIE_SIZE; #ifndef BIG_ENDIAN_HOST wpatype = wpaptr->type; #else wpatype = byte_swap_16(wpaptr->type); #endif if(wpatype != VT_WPA_IE) return false; zeiger->kdversion |= KV_WPAIE; gsuiteptr = (suite_t*)ieptr; if(memcmp(gsuiteptr->oui, &ouimscorp, 3) == 0) { if(gsuiteptr->type == CS_WEP40) zeiger->groupcipher |= TCS_WEP40; if(gsuiteptr->type == CS_TKIP) zeiger->groupcipher |= TCS_TKIP; if(gsuiteptr->type == CS_WRAP) zeiger->groupcipher |= TCS_WRAP; if(gsuiteptr->type == CS_CCMP) zeiger->groupcipher |= TCS_CCMP; if(gsuiteptr->type == CS_WEP104) zeiger->groupcipher |= TCS_WEP104; if(gsuiteptr->type == CS_BIP) zeiger->groupcipher |= TCS_BIP; if(gsuiteptr->type == CS_NOT_ALLOWED) zeiger->groupcipher = TCS_NOT_ALLOWED; } wpalen -= SUITE_SIZE; ieptr += SUITE_SIZE; csuitecountptr = (suitecount_t*)ieptr; wpalen -= SUITECOUNT_SIZE; ieptr += SUITECOUNT_SIZE; #ifndef BIG_ENDIAN_HOST csuitecount = csuitecountptr->count; #else csuitecount = byte_swap_16(csuitecountptr->count); #endif if(csuitecount *4 > wpalen) { taglenerrorcount++; return false; } for(c = 0; c < csuitecount; c++) { csuiteptr = (suite_t*)ieptr; if(memcmp(csuiteptr->oui, &ouimscorp, 3) == 0) { if(csuiteptr->type == CS_WEP40) zeiger->cipher |= TCS_WEP40; if(csuiteptr->type == CS_TKIP) zeiger->cipher |= TCS_TKIP; if(csuiteptr->type == CS_WRAP) zeiger->cipher |= TCS_WRAP; if(csuiteptr->type == CS_CCMP) zeiger->cipher |= TCS_CCMP; if(csuiteptr->type == CS_WEP104) zeiger->cipher |= TCS_WEP104; if(csuiteptr->type == CS_BIP) zeiger->cipher |= TCS_BIP; if(csuiteptr->type == CS_NOT_ALLOWED) zeiger->cipher |= TCS_NOT_ALLOWED; } wpalen -= SUITE_SIZE; ieptr += SUITE_SIZE; if(wpalen == 0) return true; if(wpalen < 0) return false; } asuitecountptr = (suitecount_t*)ieptr; wpalen -= SUITECOUNT_SIZE; ieptr += SUITECOUNT_SIZE; #ifndef BIG_ENDIAN_HOST asuitecount = asuitecountptr->count; #else asuitecount = byte_swap_16(asuitecountptr->count); #endif if(asuitecount *4 > wpalen) { taglenerrorcount++; return false; } for(c = 0; c < asuitecount; c++) { asuiteptr = (suite_t*)ieptr; if(memcmp(asuiteptr->oui, &ouimscorp, 3) == 0) { if(asuiteptr->type == AK_PMKSA) zeiger->akm |= TAK_PMKSA; if(asuiteptr->type == AK_PSK) zeiger->akm |= TAK_PSK; if(asuiteptr->type == AK_FT) zeiger->akm |= TAK_FT; if(asuiteptr->type == AK_FT_PSK) zeiger->akm |= TAK_FT_PSK; if(asuiteptr->type == AK_PMKSA256) zeiger->akm |= TAK_PMKSA256; if(asuiteptr->type == AK_PSKSHA256) zeiger->akm |= TAK_PSKSHA256; if(asuiteptr->type == AK_TDLS) zeiger->akm |= TAK_TDLS; if(asuiteptr->type == AK_SAE_SHA256) zeiger->akm |= TAK_SAE_SHA256; if(asuiteptr->type == AK_FT_SAE) zeiger->akm |= TAK_FT_SAE; if(asuiteptr->type == AK_SAE_SHA384B) zeiger->akm |= TAK_SAE_SHA384B; if(asuiteptr->type == AK_OWE) zeiger->akm |= TAK_OWE; } wpalen -= SUITE_SIZE; ieptr += SUITE_SIZE; if(wpalen == 0) return true; if(wpalen < 0) return false; } return true; } /*===========================================================================*/ static bool gettagvendor(int vendorlen, uint8_t *ieptr, tags_t *zeiger) { static wpaie_t *wpaptr; static const uint8_t hcxoui[] = { 0xff, 0xff, 0xff, 0x00, 0xd9, 0x20, 0x21, 0x9b, 0x9b, 0x6a, 0xc9, 0x59, 0x49, 0x42, 0xe6, 0x55, 0x6a, 0x06, 0xa3, 0x23, 0x94, 0x2d, 0x94 }; wpaptr = (wpaie_t*)ieptr; if(memcmp(wpaptr->oui, &ouimscorp, 3) == 0) { if((wpaptr->ouitype == VT_WPA_IE) && (vendorlen >= WPAIE_LEN_MIN)) { if(gettagwpa(vendorlen, ieptr, zeiger) == false) return false; return true; } if((wpaptr->ouitype == VT_WPS_IE) && (vendorlen >= (int)WPSIE_SIZE)) { if(gettagwps(vendorlen, ieptr, zeiger) == false) return false; return true; } return true; } if(vendorlen == 0x17) { if(memcmp(&hcxoui, ieptr, 0x17) == 0) beaconhcxcount++; } return true; } /*===========================================================================*/ static bool gettagrsn(int rsnlen, uint8_t *ieptr, tags_t *zeiger) { static int c; static rsnie_t *rsnptr; static int rsnver; static suite_t *gsuiteptr; static suitecount_t *csuitecountptr; static suite_t *csuiteptr; static int csuitecount; static suitecount_t *asuitecountptr; static suite_t *asuiteptr; static int asuitecount; static rsnpmkidlist_t *rsnpmkidlistptr; static int rsnpmkidcount; static const uint8_t foxtrott[4] = { 0xff, 0xff, 0xff, 0xff }; rsnptr = (rsnie_t*)ieptr; #ifndef BIG_ENDIAN_HOST rsnver = rsnptr->version; #else rsnver = byte_swap_16(rsnptr->version); #endif if(rsnver != 1) return true; zeiger->kdversion |= KV_RSNIE; rsnlen -= RSNIE_SIZE; ieptr += RSNIE_SIZE; gsuiteptr = (suite_t*)ieptr; if(memcmp(gsuiteptr->oui, &suiteoui, 3) == 0) { if(gsuiteptr->type == CS_WEP40) zeiger->groupcipher |= TCS_WEP40; if(gsuiteptr->type == CS_TKIP) zeiger->groupcipher |= TCS_TKIP; if(gsuiteptr->type == CS_WRAP) zeiger->groupcipher |= TCS_WRAP; if(gsuiteptr->type == CS_CCMP) zeiger->groupcipher |= TCS_CCMP; if(gsuiteptr->type == CS_GCMP) zeiger->groupcipher |= TCS_GCMP; if(gsuiteptr->type == CS_WEP104) zeiger->groupcipher |= TCS_WEP104; if(gsuiteptr->type == CS_BIP) zeiger->groupcipher |= TCS_BIP; if(gsuiteptr->type == CS_NOT_ALLOWED) zeiger->groupcipher |= TCS_NOT_ALLOWED; } rsnlen -= SUITE_SIZE; ieptr += SUITE_SIZE; csuitecountptr = (suitecount_t*)ieptr; rsnlen -= SUITECOUNT_SIZE; ieptr += SUITECOUNT_SIZE; #ifndef BIG_ENDIAN_HOST csuitecount = csuitecountptr->count; #else csuitecount = byte_swap_16(csuitecountptr->count); #endif if(csuitecount *4 > rsnlen) { taglenerrorcount++; return false; } for(c = 0; c < csuitecount; c++) { csuiteptr = (suite_t*)ieptr; if(memcmp(csuiteptr->oui, &suiteoui, 3) == 0) { if(csuiteptr->type == CS_WEP40) zeiger->cipher |= TCS_WEP40; if(csuiteptr->type == CS_TKIP) zeiger->cipher |= TCS_TKIP; if(csuiteptr->type == CS_WRAP) zeiger->cipher |= TCS_WRAP; if(csuiteptr->type == CS_CCMP) zeiger->cipher |= TCS_CCMP; if(csuiteptr->type == CS_GCMP) zeiger->cipher |= TCS_GCMP; if(csuiteptr->type == CS_WEP104) zeiger->cipher |= TCS_WEP104; if(csuiteptr->type == CS_BIP) zeiger->cipher |= TCS_BIP; if(csuiteptr->type == CS_NOT_ALLOWED) zeiger->cipher |= TCS_NOT_ALLOWED; } rsnlen -= SUITE_SIZE; ieptr += SUITE_SIZE; if(rsnlen < 0) return false; if(rsnlen == 0) return true; } asuitecountptr = (suitecount_t*)ieptr; rsnlen -= SUITECOUNT_SIZE; ieptr += SUITECOUNT_SIZE; #ifndef BIG_ENDIAN_HOST asuitecount = asuitecountptr->count; #else asuitecount = byte_swap_16(asuitecountptr->count); #endif if(asuitecount *4 > rsnlen) { taglenerrorcount++; return false; } for(c = 0; c < asuitecount; c++) { asuiteptr = (suite_t*)ieptr; if(memcmp(asuiteptr->oui, &suiteoui, 3) == 0) { if(asuiteptr->type == AK_PMKSA) zeiger->akm |= TAK_PMKSA; if(asuiteptr->type == AK_PSK) zeiger->akm |= TAK_PSK; if(asuiteptr->type == AK_FT) zeiger->akm |= TAK_FT; if(asuiteptr->type == AK_FT_PSK) zeiger->akm |= TAK_FT_PSK; if(asuiteptr->type == AK_PMKSA256) zeiger->akm |= TAK_PMKSA256; if(asuiteptr->type == AK_PSKSHA256) zeiger->akm |= TAK_PSKSHA256; if(asuiteptr->type == AK_TDLS) zeiger->akm |= TAK_TDLS; if(asuiteptr->type == AK_SAE_SHA256) zeiger->akm |= TAK_SAE_SHA256; if(asuiteptr->type == AK_FT_SAE) zeiger->akm |= TAK_FT_SAE; if(asuiteptr->type == AK_SAE_SHA384B) zeiger->akm |= TAK_SAE_SHA384B; if(asuiteptr->type == AK_OWE) zeiger->akm |= TAK_OWE; } rsnlen -= SUITE_SIZE; ieptr += SUITE_SIZE; if(rsnlen < 0) return false; if(rsnlen == 0) return true; } rsnlen -= RSNCAPABILITIES_SIZE; ieptr += RSNCAPABILITIES_SIZE; if(rsnlen <= 0) return true; rsnpmkidlistptr = (rsnpmkidlist_t*)ieptr; #ifndef BIG_ENDIAN_HOST rsnpmkidcount = rsnpmkidlistptr->count; #else rsnpmkidcount = byte_swap_16(rsnpmkidlistptr->count); #endif if(rsnpmkidcount == 0) return true; rsnlen -= RSNPMKIDLIST_SIZE; ieptr += RSNPMKIDLIST_SIZE; if(rsnlen < 16) return true; if(((zeiger->akm &TAK_PSK) == TAK_PSK) || ((zeiger->akm &TAK_PSKSHA256) == TAK_PSKSHA256)) { if(memcmp(&zeroed32, ieptr, 16) == 0) return true; for(c = 0; c < 12; c++) { if(memcmp(&zeroed32, &ieptr[c], 4) == 0) return false; if(memcmp(&foxtrott, &ieptr[c], 4) == 0) return false; } memcpy(zeiger->pmkid, ieptr, 16); } return true; } /*===========================================================================*/ static bool isessidvalid(int essidlen, uint8_t *essid) { static int c; static const uint8_t foxtrott[4] = { 0xff, 0xff, 0xff, 0xff }; if(essidlen > ESSID_LEN_MAX) return false; if(essidlen == 0) return true; if(memcmp(&zeroed32, essid, essidlen) == 0) return true; if(essid[essidlen -1] == 0) { essiderrorcount++; return false; } for(c = 0; c< essidlen -4; c++) { if(memcmp(&zeroed32, &essid[c], 4) == 0) { essiderrorcount++; return false; } if(memcmp(&foxtrott, &essid[c], 4) == 0) { essiderrorcount++; return false; } } return true; } /*===========================================================================*/ static bool gettags(int infolen, uint8_t *infoptr, tags_t *zeiger) { static ietag_t *tagptr; memset(zeiger, 0, TAGS_SIZE); while(0 < infolen) { if(infolen == 4) return true; tagptr = (ietag_t*)infoptr; if(tagptr->len == 0) { infoptr += tagptr->len +IETAG_SIZE; infolen -= tagptr->len +IETAG_SIZE; continue; } if(tagptr->len > infolen) return false; if(tagptr->id == TAG_SSID) { if(tagptr->len > ESSID_LEN_MAX) { taglenerrorcount++; return false; } if(isessidvalid(tagptr->len, &tagptr->data[0]) == false) return false; { memcpy(zeiger->essid, &tagptr->data[0], tagptr->len); zeiger->essidlen = tagptr->len; } } else if(tagptr->id == TAG_CHAN) { if(tagptr->len == 1) zeiger->channel = tagptr->data[0]; } else if(tagptr->id == TAG_COUNTRY) { if(tagptr->len > 2) { zeiger->country[0] = tagptr->data[0]; zeiger->country[1] = tagptr->data[1]; } } else if(tagptr->id == TAG_RSN) { if(tagptr->len >= RSNIE_LEN_MIN) { if(gettagrsn(tagptr->len, tagptr->data, zeiger) == false) return false; } } else if(tagptr->id == TAG_VENDOR) { if(tagptr->len >= VENDORIE_SIZE) { if(gettagvendor(tagptr->len, tagptr->data, zeiger) == false) return false; } } infoptr += tagptr->len +IETAG_SIZE; infolen -= tagptr->len +IETAG_SIZE; } if((infolen != 0) && (infolen != 4)) return false; return true; } /*===========================================================================*/ static void process80211eapol_m4(uint64_t eaptimestamp, uint8_t *macap, uint8_t *macclient, uint32_t restlen, uint8_t *eapauthptr) { static int c; static messagelist_t *zeiger; static uint8_t *wpakptr; static wpakey_t *wpak; static eapauth_t *eapauth; static uint32_t authlen; static uint64_t eaptimegap; static uint8_t keyver; static uint64_t rc; static uint64_t rcgap; static uint8_t mpfield; static const uint8_t foxtrott[4] = { 0xff, 0xff, 0xff, 0xff }; eapolm4count++; eapolmsgcount++; eapauth = (eapauth_t*)eapauthptr; authlen = ntohs(eapauth->len); if(authlen +EAPAUTH_SIZE > restlen) return; if(authlen +EAPAUTH_SIZE > EAPOL_AUTHLEN_MAX) return; wpakptr = eapauthptr +EAPAUTH_SIZE; wpak = (wpakey_t*)wpakptr; keyver = ntohs(wpak->keyinfo) & WPA_KEY_INFO_TYPE_MASK; if((keyver == 0) || (keyver > 3)) { eapolm4kdv0count++; return; } if(ntohs(wpak->wpadatalen) > (restlen -EAPAUTH_SIZE -WPAKEY_SIZE)) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M4 wpa data len > eap authentication len: %ld\n", rawpacketcount); eapolm4errorcount++; return; } #ifndef BIG_ENDIAN_HOST rc = byte_swap_64(wpak->replaycount); #else rc = wpak->replaycount; #endif if(memcmp(&zeroed32, wpak->keymic, 16) == 0) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M4 key mic zeroed: %ld\n", rawpacketcount); eapolm4errorcount++; return; } for(c = 0; c < 12; c++) { if(memcmp(&zeroed32, &wpak->keymic[c], 4) == 0) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M4 key mic possible plcp bit error: %ld\n", rawpacketcount); eapolm4errorcount++; return; } if(memcmp(&foxtrott, &wpak->keymic[c], 4) == 0) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M4 key mic possible plcp bit error: %ld\n", rawpacketcount); eapolm4errorcount++; return; } } if(memcmp(&zeroed32, wpak->keyid, 8) != 0) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M4 key id != 0: %ld\n", rawpacketcount); eapolm4errorcount++; return; } if(memcmp(&zeroed32, wpak->nonce, 32) == 0) return; if((memcmp(&fakenonce1, wpak->nonce, 32) == 0) && (rc == 17)) return; if((memcmp(&fakenonce2, wpak->nonce, 32) == 0) && (rc == 17)) return; zeiger = messagelist +MESSAGELIST_MAX; memset(zeiger, 0, MESSAGELIST_SIZE); zeiger->timestamp = eaptimestamp; zeiger->eapolmsgcount = eapolmsgcount; memcpy(zeiger->client, macclient, 6); memcpy(zeiger->ap, macap, 6); zeiger->message = HS_M4; zeiger->rc = rc; memcpy(zeiger->nonce, wpak->nonce, 32); zeiger->eapauthlen = authlen +EAPAUTH_SIZE; memcpy(zeiger->eapol, eapauthptr, zeiger->eapauthlen); for(zeiger = messagelist; zeiger < messagelist +MESSAGELIST_MAX; zeiger++) { if((zeiger->message &HS_M3) == HS_M3) { if(memcmp(zeiger->client, macclient, 6) != 0) continue; if(memcmp(zeiger->ap, macap, 6) != 0) continue; if(zeiger->rc >= rc) rcgap = zeiger->rc -rc; else rcgap = rc -zeiger->rc; if(rcgap > rcgapmax) rcgapmax = rcgap; if(rcgap > ncvalue) continue; if(eaptimestamp > zeiger->timestamp) eaptimegap = eaptimestamp -zeiger->timestamp; else eaptimegap = zeiger->timestamp -eaptimestamp; mpfield = ST_M34E4; if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap; if(eaptimegap <= eapoltimeoutvalue) addhandshake(eaptimegap, rcgap, messagelist +MESSAGELIST_MAX, zeiger, keyver, mpfield); } if((zeiger->message &HS_M1) != HS_M1) continue; if(memcmp(zeiger->client, macclient, 6) != 0) continue; if(memcmp(zeiger->ap, macap, 6) != 0) continue; if(zeiger->rc >= rc -1) rcgap = zeiger->rc -rc +1; else rcgap = rc +1 -zeiger->rc; if(zeiger->rc != myaktreplaycount) { if(rcgap > rcgapmax) rcgapmax = rcgap; } if(rcgap > ncvalue) continue; if(eaptimestamp > zeiger->timestamp) eaptimegap = eaptimestamp -zeiger->timestamp; else eaptimegap = zeiger->timestamp -eaptimestamp; mpfield = ST_M14E4; if(myaktreplaycount > 0) { if(zeiger->rc == myaktreplaycount) continue; } if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap; if(eaptimegap <= eapoltimeoutvalue) addhandshake(eaptimegap, rcgap, messagelist +MESSAGELIST_MAX, zeiger, keyver, mpfield); } qsort(messagelist, MESSAGELIST_MAX +1, MESSAGELIST_SIZE, sort_messagelist_by_epcount); return; } /*===========================================================================*/ static void process80211eapol_m3(uint64_t eaptimestamp, uint8_t *macclient, uint8_t *macap, uint32_t restlen, uint8_t *eapauthptr) { static int c; static messagelist_t *zeiger; static messagelist_t *zeigerakt; static uint8_t *wpakptr; static wpakey_t *wpak; static eapauth_t *eapauth; static uint32_t authlen; static uint64_t eaptimegap; static uint8_t keyver; static uint64_t rc; static uint64_t rcgap; static uint8_t mpfield; static const uint8_t foxtrott[4] = { 0xff, 0xff, 0xff, 0xff }; eapolm3count++; eapolmsgcount++; zeigerakt = messagelist +MESSAGELIST_MAX; eapauth = (eapauth_t*)eapauthptr; authlen = ntohs(eapauth->len); if(authlen > restlen) return; wpakptr = eapauthptr +EAPAUTH_SIZE; wpak = (wpakey_t*)wpakptr; keyver = ntohs(wpak->keyinfo) & WPA_KEY_INFO_TYPE_MASK; if((keyver == 0) || (keyver > 3)) { eapolm3kdv0count++; return; } if(ntohs(wpak->wpadatalen) > (restlen -EAPAUTH_SIZE -WPAKEY_SIZE)) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M3 wpa data len > eap authentication len: %ld\n", rawpacketcount); eapolm3errorcount++; return; } #ifndef BIG_ENDIAN_HOST rc = byte_swap_64(wpak->replaycount); #else rc = wpak->replaycount; #endif if(memcmp(&zeroed32, wpak->keymic, 16) == 0) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M3 key mic zeroed: %ld\n", rawpacketcount); eapolm3errorcount++; return; } for(c = 0; c < 12; c++) { if(memcmp(&zeroed32, &wpak->keymic[c], 4) == 0) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M3 key mic possible plcp bit error: %ld\n", rawpacketcount); eapolm3errorcount++; return; } if(memcmp(&foxtrott, &wpak->keymic[c], 4) == 0) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M3 key mic possible plcp bit error: %ld\n", rawpacketcount); eapolm3errorcount++; return; } } if(memcmp(&zeroed32, wpak->keyid, 8) != 0) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M3 key id != 0: %ld\n", rawpacketcount); eapolm3errorcount++; return; } memset(zeigerakt, 0, MESSAGELIST_SIZE); zeigerakt->timestamp = eaptimestamp; zeigerakt->eapolmsgcount = eapolmsgcount; memcpy(zeigerakt->client, macclient, 6); memcpy(zeigerakt->ap, macap, 6); zeigerakt->message = HS_M3; zeigerakt->rc = rc; memcpy(zeigerakt->nonce, wpak->nonce, 32); for(zeiger = messagelist; zeiger < messagelist +MESSAGELIST_MAX; zeiger++) { if(((zeiger->message &HS_M1) == HS_M1) || ((zeiger->message &HS_M3) == HS_M3)) { if((memcmp(zeiger->nonce, wpak->nonce, 28) == 0) && (memcmp(&zeiger->nonce[29], &wpak->nonce[29], 4) != 0)) { zeiger->status |= ST_NC; zeigerakt->status |= ST_NC; if(zeiger->nonce[31] != wpak->nonce[31]) zeiger->status |= ST_LE; else if(zeiger->nonce[28] != wpak->nonce[28]) zeiger->status |= ST_BE; eapolnccount++; } } if((zeiger->message &HS_M2) == HS_M2) { if(memcmp(zeiger->ap, macap, 6) != 0) continue; if(memcmp(zeiger->client, macclient, 6) != 0) continue; if(zeiger->rc >= rc -1) rcgap = zeiger->rc -rc +1; else rcgap = rc +1 -zeiger->rc; if(zeiger->rc != myaktreplaycount) { if(rcgap > rcgapmax) rcgapmax = rcgap; } if(rcgap > ncvalue) continue; if(eaptimestamp > zeiger->timestamp) eaptimegap = eaptimestamp -zeiger->timestamp; else eaptimegap = zeiger->timestamp -eaptimestamp; mpfield = ST_M32E2; if(myaktreplaycount > 0) { if(zeiger->rc == myaktreplaycount) continue; } if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap; if(eaptimegap <= eapoltimeoutvalue) addhandshake(eaptimegap, rcgap, zeiger, messagelist +MESSAGELIST_MAX, keyver, mpfield); } if((zeiger->message &HS_M4) != HS_M4) continue; if(memcmp(zeiger->ap, macap, 6) != 0) continue; if(memcmp(zeiger->client, macclient, 6) != 0) continue; if(zeiger->rc >= rc) rcgap = zeiger->rc -rc; else rcgap = rc -zeiger->rc; if(rcgap > rcgapmax) rcgapmax = rcgap; if(rcgap > ncvalue) continue; if(eaptimestamp > zeiger->timestamp) eaptimegap = eaptimestamp -zeiger->timestamp; else eaptimegap = zeiger->timestamp -eaptimestamp; mpfield = ST_M34E4; if(myaktreplaycount > 0) { if(zeiger->rc == myaktreplaycount) continue; } if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap; if(eaptimegap <= eapoltimeoutvalue) addhandshake(eaptimegap, rcgap, zeiger, messagelist +MESSAGELIST_MAX, keyver, mpfield); } qsort(messagelist, MESSAGELIST_MAX +1, MESSAGELIST_SIZE, sort_messagelist_by_epcount); return; } /*===========================================================================*/ static void process80211eapol_m2(uint64_t eaptimestamp, uint8_t *macap, uint8_t *macclient, uint32_t restlen, uint8_t *eapauthptr) { static int c; static messagelist_t *zeiger; static uint8_t *wpakptr; static wpakey_t *wpak; static eapauth_t *eapauth; static uint32_t authlen; static uint64_t eaptimegap; static uint8_t keyver; static uint64_t rc; static uint64_t rcgap; static uint8_t mpfield; static uint16_t wpainfolen; static tags_t tags; static const uint8_t foxtrott[4] = { 0xff, 0xff, 0xff, 0xff }; eapolm2count++; eapolmsgcount++; eapauth = (eapauth_t*)eapauthptr; authlen = ntohs(eapauth->len); if(authlen +EAPAUTH_SIZE > restlen) return; if(authlen +EAPAUTH_SIZE > EAPOL_AUTHLEN_MAX) return; wpakptr = eapauthptr +EAPAUTH_SIZE; wpak = (wpakey_t*)wpakptr; keyver = ntohs(wpak->keyinfo) & WPA_KEY_INFO_TYPE_MASK; if((keyver == 0) || (keyver > 3)) { eapolm2kdv0count++; return; } wpainfolen = ntohs(wpak->wpadatalen); if(wpainfolen > (restlen -EAPAUTH_SIZE -WPAKEY_SIZE)) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M2 wpa data len > eap authentication len: %ld\n", rawpacketcount); eapolm2errorcount++; return; } #ifndef BIG_ENDIAN_HOST rc = byte_swap_64(wpak->replaycount); #else rc = wpak->replaycount; #endif if(memcmp(&zeroed32, wpak->nonce, 32) == 0) return; if(memcmp(&zeroed32, wpak->keymic, 16) == 0) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M2 key mic zeroed: %ld\n", rawpacketcount); eapolm2errorcount++; return; } for(c = 0; c < 12; c++) { if(memcmp(&zeroed32, &wpak->keymic[c], 4) == 0) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M2 key mic possible plcp bit error: %ld\n", rawpacketcount); eapolm2errorcount++; return; } if(memcmp(&foxtrott, &wpak->keymic[c], 4) == 0) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M2 key mic possible plcp bit error: %ld\n", rawpacketcount); eapolm2errorcount++; return; } } if(memcmp(&zeroed32, wpak->keyiv, 16) != 0) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M2 key iv != 0: %ld\n", rawpacketcount); eapolm2errorcount++; return; } if(wpak->keyrsc != 0) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M2 key rsc != 0: %ld\n", rawpacketcount); eapolm2errorcount++; return; } if(memcmp(&zeroed32, wpak->keyid, 8) != 0) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M2 key id != 0: %ld\n", rawpacketcount); eapolm2errorcount++; return; } if((memcmp(&fakenonce1, wpak->nonce, 32) == 0) && (rc == 17)) return; if((memcmp(&fakenonce2, wpak->nonce, 32) == 0) && (rc == 17)) return; zeiger = messagelist +MESSAGELIST_MAX; memset(zeiger, 0, MESSAGELIST_SIZE); zeiger->timestamp = eaptimestamp; zeiger->eapolmsgcount = eapolmsgcount; memcpy(zeiger->client, macclient, 6); memcpy(zeiger->ap, macap, 6); zeiger->message = HS_M2; zeiger->rc = rc; memcpy(zeiger->nonce, wpak->nonce, 32); zeiger->eapauthlen = authlen +EAPAUTH_SIZE; memcpy(zeiger->eapol, eapauthptr, zeiger->eapauthlen); if(wpainfolen >= RSNIE_LEN_MIN) { if(gettags(wpainfolen, wpakptr +WPAKEY_SIZE, &tags) == false) return; if((tags.akm &TAK_FT_PSK) == TAK_FT_PSK) eapolm2ftpskcount++; if(((tags.akm &TAK_PSK) != TAK_PSK) && ((tags.akm &TAK_PSKSHA256) != TAK_PSKSHA256)) { if(ignoreieflag == false) return; } if(memcmp(&zeroed32, tags.pmkid, 16) != 0) { zeiger->message |= HS_PMKID; memcpy(zeiger->pmkid, tags.pmkid, 16); addpmkid(macclient, macap, tags.pmkid); } } for(zeiger = messagelist; zeiger < messagelist +MESSAGELIST_MAX; zeiger++) { if((zeiger->message &HS_M1) == HS_M1) { if(memcmp(zeiger->client, macclient, 6) != 0) continue; if(memcmp(zeiger->ap, macap, 6) != 0) continue; if(zeiger->rc >= rc) rcgap = zeiger->rc -rc; else rcgap = rc -zeiger->rc; if((rc != myaktreplaycount) && (zeiger->rc != myaktreplaycount)) { if(rcgap > rcgapmax) rcgapmax = rcgap; } if(rcgap > ncvalue) continue; if(eaptimestamp > zeiger->timestamp) eaptimegap = eaptimestamp -zeiger->timestamp; else eaptimegap = zeiger->timestamp -eaptimestamp; mpfield = ST_M12E2; if(myaktreplaycount > 0) { if((rc == myaktreplaycount) && (memcmp(&myaktanonce, zeiger->nonce, 32) == 0)) { eaptimegap = 0; mpfield |= ST_APLESS; } if(rcgap != 0) continue; } if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap; if(eaptimegap <= eapoltimeoutvalue) addhandshake(eaptimegap, rcgap, messagelist +MESSAGELIST_MAX, zeiger, keyver, mpfield); } if((zeiger->message &HS_M3) != HS_M3) continue; if(memcmp(zeiger->client, macclient, 6) != 0) continue; if(memcmp(zeiger->ap, macap, 6) != 0) continue; if(zeiger->rc >= rc +1) rcgap = zeiger->rc -rc -1; else rcgap = rc +1 -zeiger->rc; if(rc != myaktreplaycount) { if(rcgap > rcgapmax) rcgapmax = rcgap; } if(rcgap > ncvalue) continue; if(eaptimestamp > zeiger->timestamp) eaptimegap = eaptimestamp -zeiger->timestamp; else eaptimegap = zeiger->timestamp -eaptimestamp; mpfield = ST_M32E2; if(myaktreplaycount > 0) { if((rc == myaktreplaycount) && (memcmp(&myaktanonce, zeiger->nonce, 32) == 0)) { eaptimegap = 0; mpfield |= ST_APLESS; } if(rcgap != 0) continue; } if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap; if(eaptimegap <= eapoltimeoutvalue) addhandshake(eaptimegap, rcgap, messagelist +MESSAGELIST_MAX, zeiger, keyver, mpfield); } qsort(messagelist, MESSAGELIST_MAX +1, MESSAGELIST_SIZE, sort_messagelist_by_epcount); return; } /*===========================================================================*/ static void process80211eapol_m1(uint64_t eaptimestamp, uint8_t *macclient, uint8_t *macap, uint8_t *macsrc, uint32_t restlen, uint8_t *eapauthptr) { static int c; static messagelist_t *zeiger; static uint8_t *wpakptr; static wpakey_t *wpak; static eapauth_t *eapauth; static uint32_t authlen; static pmkid_t *pmkid; static uint8_t keyver; static uint64_t rc; static const uint8_t foxtrott[4] = { 0xff, 0xff, 0xff, 0xff }; eapolm1count++; eapolmsgcount++; eapauth = (eapauth_t*)eapauthptr; authlen = ntohs(eapauth->len); if(authlen > restlen) return; wpakptr = eapauthptr +EAPAUTH_SIZE; wpak = (wpakey_t*)wpakptr; keyver = ntohs(wpak->keyinfo) & WPA_KEY_INFO_TYPE_MASK; if((keyver == 0) || (keyver > 3)) { eapolm1kdv0count++; return; } if(ntohs(wpak->wpadatalen) > (restlen -EAPAUTH_SIZE -WPAKEY_SIZE)) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M1 wpa data len > eap authentication len: %ld\n", rawpacketcount); eapolm1errorcount++; return; } #ifndef BIG_ENDIAN_HOST rc = byte_swap_64(wpak->replaycount); #else rc = wpak->replaycount; #endif if(wpak->keyrsc != 0) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M1 key rc != 0: %ld\n", rawpacketcount); eapolm1errorcount++; return; } if(memcmp(&zeroed32, wpak->keyid, 8) != 0) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M1 key id != 0: %ld\n", rawpacketcount); eapolm1errorcount++; return; } if((memcmp(&fakenonce1, wpak->nonce, 32) == 0) && (rc == 17)) return; if((memcmp(&fakenonce2, wpak->nonce, 32) == 0) && (rc == 17)) return; zeiger = messagelist +MESSAGELIST_MAX; memset(zeiger, 0, MESSAGELIST_SIZE); zeiger->timestamp = eaptimestamp; zeiger->eapolmsgcount = eapolmsgcount; memcpy(zeiger->client, macclient, 6); memcpy(zeiger->ap, macap, 6); zeiger->message = HS_M1; zeiger->rc = rc; memcpy(zeiger->nonce, wpak->nonce, 32); if((zeiger->rc == myaktreplaycount) && (memcmp(&myaktanonce, zeiger->nonce, 32) == 0)) { zeiger->status |= ST_APLESS; eapolm1ancount++; qsort(messagelist, MESSAGELIST_MAX +1, MESSAGELIST_SIZE, sort_messagelist_by_epcount); return; } if(authlen >= (int)(WPAKEY_SIZE +PMKID_SIZE)) { pmkid = (pmkid_t*)(wpakptr +WPAKEY_SIZE); if(pmkid->id != TAG_VENDOR) return; if((pmkid->len == 0x14) && (pmkid->type == 0x04)) { zeiger->message |= HS_PMKID; if(memcmp(&zeroed32, pmkid->pmkid, 16) == 0) { pmkiduselesscount++; } else { for(c = 0; c < 12; c++) { if(memcmp(&zeroed32, &pmkid->pmkid[c], 4) == 0) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M1 possible plcp bit error: %ld\n", rawpacketcount); eapolm1errorcount++; return; } if(memcmp(&foxtrott, &pmkid->pmkid[c], 4) == 0) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M1 possible plcp bit error: %ld\n", rawpacketcount); eapolm1errorcount++; return; } } memcpy(zeiger->pmkid, pmkid->pmkid, 16); addpmkid(macclient, macsrc, pmkid->pmkid); } } else pmkiduselesscount++; } for(zeiger = messagelist; zeiger < messagelist +MESSAGELIST_MAX +1; zeiger++) { if(((zeiger->message &HS_M1) != HS_M1) && ((zeiger->message &HS_M3) != HS_M3)) continue; if(memcmp(zeiger->ap, macap, 6) != 0) continue; eapolm1ancount++; if((memcmp(zeiger->nonce, wpak->nonce, 28) == 0) && (memcmp(&zeiger->nonce[28], &wpak->nonce[28], 4) != 0)) { eapolnccount++; zeiger->status |= ST_NC; if(zeiger->nonce[31] != wpak->nonce[31]) zeiger->status |= ST_LE; else if(zeiger->nonce[28] != wpak->nonce[28]) zeiger->status |= ST_BE; } } qsort(messagelist, MESSAGELIST_MAX +1, MESSAGELIST_SIZE, sort_messagelist_by_epcount); return; } /*===========================================================================*/ static void process80211rc4key() { eapolrc4count++; return; } /*===========================================================================*/ static void process80211eapol(uint64_t eaptimestamp, uint8_t *macto, uint8_t *macfm, uint8_t *macsrc, uint32_t eapauthlen, uint8_t *eapauthptr) { static eapauth_t *eapauth; static uint32_t authlen; static uint8_t *wpakptr; static wpakey_t *wpak; static uint16_t keyinfo; static uint16_t keylen; eapauth = (eapauth_t*)eapauthptr; authlen = ntohs(eapauth->len); if(authlen > eapauthlen) { eapolmsgerrorcount++; return; } if(authlen < WPAKEY_SIZE) { eapolmsgerrorcount++; return; } wpakptr = eapauthptr +EAPAUTH_SIZE; wpak = (wpakey_t*)wpakptr; keyinfo = (getkeyinfo(ntohs(wpak->keyinfo))); if(wpak->keydescriptor == EAP_KDT_RC4) { process80211rc4key(); return; } else if(wpak->keydescriptor == EAP_KDT_WPA) eapolwpacount++; else if(wpak->keydescriptor == EAP_KDT_RSN) eapolrsncount++; else return; keylen = ntohs(wpak->keylen); if((keylen != 0) && (keylen != 16) && (keylen != 32)) { eapolmsgerrorcount++; return; } if(keyinfo == 1) process80211eapol_m1(eaptimestamp, macto, macfm, macsrc, eapauthlen, eapauthptr); else if(keyinfo == 2) { if(authlen != 0x5f) process80211eapol_m2(eaptimestamp, macto, macfm, eapauthlen, eapauthptr); else process80211eapol_m4(eaptimestamp, macto, macfm, eapauthlen, eapauthptr); } else if(keyinfo == 3) process80211eapol_m3(eaptimestamp, macto, macfm, eapauthlen, eapauthptr); else if(keyinfo == 4) process80211eapol_m4(eaptimestamp, macto, macfm, eapauthlen, eapauthptr); return; } /*===========================================================================*/ static void process80211eap(uint64_t eaptimestamp, uint8_t *macto, uint8_t *macfm, uint8_t *macsrc, uint32_t restlen, uint8_t *eapptr) { static eapauth_t *eapauth; eapauth = (eapauth_t*)eapptr; if(restlen < (int)EAPAUTH_SIZE) return; if(eapauth->type == EAPOL_KEY) { process80211eapol(eaptimestamp, macto, macfm, macsrc, restlen, eapptr); } else if(eapauth->type == EAP_PACKET) process80211exteap(eaptimestamp, macto, macfm, restlen, eapptr); //else if(eapauth->type == EAPOL_ASF) process80211exteap_asf(); //else if(eapauth->type == EAPOL_MKA) process80211exteap_mka(); else if(eapauth->type == EAPOL_START) { } else if(eapauth->type == EAPOL_START) { } else if(eapauth->type == EAPOL_LOGOFF) { } if(fh_nmea != NULL) writegpwpl(macfm); return; } /*===========================================================================*/ static bool cleanbackmac() { static int c; static maclist_t *zeiger; zeiger = aplistptr; for(c = 0; c < 20; c ++) { zeiger--; if(zeiger < aplist) return false; if(zeiger->type != aplistptr->type) continue; if(zeiger->essidlen != aplistptr->essidlen) continue; if(memcmp(zeiger->addr, aplistptr->addr, 6) != 0) continue; if(memcmp(zeiger->essid, aplistptr->essid, aplistptr->essidlen) != 0) continue; zeiger->timestamp = aplistptr->timestamp; zeiger->count += 1; zeiger->status |= aplistptr->status; zeiger->type |= aplistptr->type; zeiger->groupcipher |= aplistptr->groupcipher; zeiger->cipher |= aplistptr->cipher; zeiger->akm |= aplistptr->akm; if(zeiger->manufacturerlen == 0) { memcpy(zeiger->manufacturer, aplistptr->manufacturer, aplistptr->manufacturerlen); zeiger->manufacturerlen = aplistptr->manufacturerlen; } if(zeiger->modellen == 0) { memcpy(zeiger->model, aplistptr->model, aplistptr->modellen); zeiger->modellen = aplistptr->modellen; } if(zeiger->serialnumberlen == 0) { memcpy(zeiger->serialnumber, aplistptr->serialnumber, aplistptr->serialnumberlen); zeiger->serialnumberlen = aplistptr->serialnumberlen; } if(zeiger->devicenamelen == 0) { memcpy(zeiger->devicename, aplistptr->devicename, aplistptr->devicenamelen); zeiger->devicenamelen = aplistptr->devicenamelen; } if(zeiger->enrolleelen == 0) { memcpy(zeiger->enrollee, aplistptr->enrollee, aplistptr->enrolleelen); zeiger->enrolleelen = aplistptr->enrolleelen; } return true; } return false; } /*===========================================================================*/ static void process80211reassociation_req(uint64_t reassociationrequesttimestamp, uint8_t *macclient, uint8_t *macap, uint32_t reassociationrequestlen, uint8_t *reassociationrequestptr) { static int clientinfolen; static uint8_t *clientinfoptr; static maclist_t *aplistnew; static tags_t tags; reassociationrequestcount++; clientinfoptr = reassociationrequestptr +CAPABILITIESREQSTA_SIZE; clientinfolen = reassociationrequestlen -CAPABILITIESREQSTA_SIZE; if(clientinfolen < (int)IETAG_SIZE) return; if(gettags(clientinfolen, clientinfoptr, &tags) == false) return; if(tags.essidlen == 0) return; if(tags.essid[0] == 0) return; if(aplistptr >= aplist +maclistmax) { aplistnew = realloc(aplist, (maclistmax +MACLIST_MAX) *MACLIST_SIZE); if(aplistnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } aplist = aplistnew; aplistptr = aplistnew +maclistmax; maclistmax += MACLIST_MAX; } if(fh_nmea != NULL) writegpwpl(macclient); memset(aplistptr, 0, MACLIST_SIZE); aplistptr->timestamp = reassociationrequesttimestamp; aplistptr->count = 1; aplistptr->type = AP; memcpy(aplistptr->addr, macap, 6); aplistptr->essidlen = tags.essidlen; memcpy(aplistptr->essid, tags.essid, tags.essidlen); aplistptr->groupcipher = tags.groupcipher; aplistptr->cipher = tags.cipher; aplistptr->akm = tags.akm; if(ignoreieflag == true) { if(memcmp(&zeroed32, tags.pmkid, 16) != 0) addpmkid(macclient, macap, tags.pmkid); } else if(((tags.akm &TAK_PSK) == TAK_PSK) || ((tags.akm &TAK_PSKSHA256) == TAK_PSKSHA256)) { if(memcmp(&zeroed32, tags.pmkid, 16) != 0) addpmkid(macclient, macap, tags.pmkid); } else if((tags.akm &TAK_FT_PSK) == TAK_FT_PSK) reassociationrequestftpskcount++; if((tags.akm &TAK_PSK) == TAK_PSK) reassociationrequestpskcount++; else if((tags.akm &TAK_FT_PSK) == TAK_FT_PSK) reassociationrequestftpskcount++; else if((tags.akm &TAK_PSKSHA256) == TAK_PSKSHA256) reassociationrequestpsk256count++; else if((tags.akm &TAK_SAE_SHA256) == TAK_SAE_SHA256) reassociationrequestsae256count++; else if((tags.akm &TAK_SAE_SHA384B) == TAK_SAE_SHA384B) reassociationrequestsae384bcount++; else if((tags.akm &TAK_OWE) == TAK_OWE) reassociationrequestowecount++; if(cleanbackmac() == false) aplistptr++; if(aplistptr >= aplist +maclistmax) { aplistnew = realloc(aplist, (maclistmax +MACLIST_MAX) *MACLIST_SIZE); if(aplistnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } aplist = aplistnew; aplistptr = aplistnew +maclistmax; maclistmax += MACLIST_MAX; } memset(aplistptr, 0, MACLIST_SIZE); aplistptr->timestamp = reassociationrequesttimestamp; aplistptr->count = 1; aplistptr->status = ST_REASSOC_REQ; aplistptr->type = CLIENT; memcpy(aplistptr->addr, macclient, 6); aplistptr->essidlen = tags.essidlen; memcpy(aplistptr->essid, tags.essid, tags.essidlen); aplistptr->groupcipher = tags.groupcipher; aplistptr->cipher = tags.cipher; aplistptr->akm = tags.akm; if(cleanbackmac() == false) aplistptr++; if(fh_nmea != NULL) writegpwpl(macclient); return; } /*===========================================================================*/ static void process80211association_req(uint64_t associationrequesttimestamp, uint8_t *macclient, uint8_t *macap, uint32_t associationrequestlen, uint8_t *associationrequestptr) { static int clientinfolen; static uint8_t *clientinfoptr; static maclist_t *aplistnew; static tags_t tags; associationrequestcount++; clientinfoptr = associationrequestptr +CAPABILITIESSTA_SIZE; clientinfolen = associationrequestlen -CAPABILITIESSTA_SIZE; if(clientinfolen < (int)IETAG_SIZE) return; if(gettags(clientinfolen, clientinfoptr, &tags) == false) return; if(tags.essidlen == 0) return; if(tags.essid[0] == 0) return; if(aplistptr >= aplist +maclistmax) { aplistnew = realloc(aplist, (maclistmax +MACLIST_MAX) *MACLIST_SIZE); if(aplistnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } aplist = aplistnew; aplistptr = aplistnew +maclistmax; maclistmax += MACLIST_MAX; } memset(aplistptr, 0, MACLIST_SIZE); aplistptr->timestamp = associationrequesttimestamp; aplistptr->count = 1; aplistptr->status = ST_ASSOC_REQ; aplistptr->type = AP; memcpy(aplistptr->addr, macap, 6); aplistptr->essidlen = tags.essidlen; memcpy(aplistptr->essid, tags.essid, tags.essidlen); aplistptr->groupcipher = tags.groupcipher; aplistptr->cipher = tags.cipher; aplistptr->akm = tags.akm; if(ignoreieflag == true) { if(memcmp(&zeroed32, tags.pmkid, 16) != 0) addpmkid(macclient, macap, tags.pmkid); } else if(((tags.akm &TAK_PSK) == TAK_PSK) || ((tags.akm &TAK_PSKSHA256) == TAK_PSKSHA256)) { if(memcmp(&zeroed32, tags.pmkid, 16) != 0) addpmkid(macclient, macap, tags.pmkid); } if((tags.akm &TAK_PSK) == TAK_PSK) associationrequestpskcount++; else if((tags.akm &TAK_FT_PSK) == TAK_FT_PSK) associationrequestftpskcount++; else if((tags.akm &TAK_PSKSHA256) == TAK_PSKSHA256) associationrequestpsk256count++; else if((tags.akm &TAK_SAE_SHA256) == TAK_SAE_SHA256) associationrequestsae256count++; else if((tags.akm &TAK_SAE_SHA384B) == TAK_SAE_SHA384B) associationrequestsae384bcount++; else if((tags.akm &TAK_OWE) == TAK_OWE) associationrequestowecount++; if(cleanbackmac() == false) aplistptr++; if(aplistptr >= aplist +maclistmax) { aplistnew = realloc(aplist, (maclistmax +MACLIST_MAX) *MACLIST_SIZE); if(aplistnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } aplist = aplistnew; aplistptr = aplistnew +maclistmax; maclistmax += MACLIST_MAX; } memset(aplistptr, 0, MACLIST_SIZE); aplistptr->timestamp = associationrequesttimestamp; aplistptr->count = 1; aplistptr->status = ST_ASSOC_REQ; aplistptr->type = CLIENT; memcpy(aplistptr->addr, macclient, 6); aplistptr->essidlen = tags.essidlen; memcpy(aplistptr->essid, tags.essid, tags.essidlen); aplistptr->groupcipher = tags.groupcipher; aplistptr->cipher = tags.cipher; aplistptr->akm = tags.akm; if(cleanbackmac() == false) aplistptr++; if(fh_nmea != NULL) writegpwpl(macclient); return; } /*===========================================================================*/ static inline void process80211authentication(uint8_t *macfm, uint32_t authenticationlen, uint8_t *authenticationptr) { static authf_t *auth; authenticationcount++; auth = (authf_t*)authenticationptr; if(authenticationlen < (int)AUTHENTICATIONFRAME_SIZE) return; if(auth->algorithm == OPEN_SYSTEM) authopensystemcount++; else if(auth->algorithm == SAE) authseacount++; else if(auth->algorithm == SHARED_KEY) authsharedkeycount++; else if(auth->algorithm == FBT) authfbtcount++; else if(auth->algorithm == FILS) authfilscount++; else if(auth->algorithm == FILSPFS) authfilspfs++; else if(auth->algorithm == FILSPK) authfilspkcount++; else if(auth->algorithm == NETWORKEAP) authnetworkeapcount++; else authunknowncount++; if(fh_nmea != NULL) writegpwpl(macfm); return; } /*===========================================================================*/ static void process80211probe_req_direct(uint64_t proberequesttimestamp, uint8_t *macclient, uint8_t *macap, uint32_t proberequestlen, uint8_t *proberequestptr) { static maclist_t *aplistnew; static tags_t tags; proberequestdirectedcount++; if(proberequestlen < (int)IETAG_SIZE) return; if(gettags(proberequestlen, proberequestptr, &tags) == false) return; if(tags.essidlen == 0) return; if(tags.essid[0] == 0) return; if(aplistptr >= aplist +maclistmax) { aplistnew = realloc(aplist, (maclistmax +MACLIST_MAX) *MACLIST_SIZE); if(aplistnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } aplist = aplistnew; aplistptr = aplistnew +maclistmax; maclistmax += MACLIST_MAX; } memset(aplistptr, 0, MACLIST_SIZE); aplistptr->timestamp = proberequesttimestamp; aplistptr->count = 1; aplistptr->status = ST_PROBE_REQ; aplistptr->type = AP; memcpy(aplistptr->addr, macap, 6); aplistptr->essidlen = tags.essidlen; memcpy(aplistptr->essid, tags.essid, tags.essidlen); if(cleanbackmac() == false) aplistptr++; if(aplistptr >= aplist +maclistmax) { aplistnew = realloc(aplist, (maclistmax +MACLIST_MAX) *MACLIST_SIZE); if(aplistnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } aplist = aplistnew; aplistptr = aplistnew +maclistmax; maclistmax += MACLIST_MAX; } memset(aplistptr, 0, MACLIST_SIZE); aplistptr->timestamp = proberequesttimestamp; aplistptr->count = 1; aplistptr->status = ST_PROBE_REQ; aplistptr->type = CLIENT; memcpy(aplistptr->addr, macclient, 6); aplistptr->essidlen = tags.essidlen; memcpy(aplistptr->essid, tags.essid, tags.essidlen); if(cleanbackmac() == false) aplistptr++; return; } /*===========================================================================*/ static void process80211probe_req(uint64_t proberequesttimestamp, uint8_t *macclient, uint32_t proberequestlen, uint8_t *proberequestptr) { static maclist_t *aplistnew; static tags_t tags; proberequestcount++; if(proberequestlen < (int)IETAG_SIZE) return; if(gettags(proberequestlen, proberequestptr, &tags) == false) return; if(tags.essidlen == 0) return; if(tags.essid[0] == 0) return; if(aplistptr >= aplist +maclistmax) { aplistnew = realloc(aplist, (maclistmax +MACLIST_MAX) *MACLIST_SIZE); if(aplistnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } aplist = aplistnew; aplistptr = aplistnew +maclistmax; maclistmax += MACLIST_MAX; } memset(aplistptr, 0, MACLIST_SIZE); aplistptr->timestamp = proberequesttimestamp; aplistptr->count = 1; aplistptr->status = ST_PROBE_REQ; aplistptr->type = CLIENT; memcpy(aplistptr->addr, macclient, 6); aplistptr->essidlen = tags.essidlen; memcpy(aplistptr->essid, tags.essid, tags.essidlen); if(cleanbackmac() == false) aplistptr++; return; } /*===========================================================================*/ static void process80211probe_resp(uint64_t proberesponsetimestamp, uint8_t *macap, uint32_t proberesponselen, uint8_t *proberesponseptr) { static int apinfolen; static maclist_t *aplistnew; static uint8_t *apinfoptr; static tags_t tags; proberesponsecount++; apinfoptr = proberesponseptr +CAPABILITIESAP_SIZE; apinfolen = proberesponselen -CAPABILITIESAP_SIZE; if(proberesponselen < (int)IETAG_SIZE) return; if(gettags(apinfolen, apinfoptr, &tags) == false) return; if(tags.essidlen == 0) { proberesponsessidunsetcount++; return; } if(memcmp(&tags.essid, &zeroed32, tags.essidlen) == 0) { proberesponsessidzeroedcount++; return; } if(tags.essid[0] == 0) return; if(aplistptr >= aplist +maclistmax) { aplistnew = realloc(aplist, (maclistmax +MACLIST_MAX) *MACLIST_SIZE); if(aplistnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } aplist = aplistnew; aplistptr = aplistnew +maclistmax; maclistmax += MACLIST_MAX; } memset(aplistptr, 0, MACLIST_SIZE); aplistptr->timestamp = proberesponsetimestamp; aplistptr->count = 1; aplistptr->status = ST_PROBE_RESP; aplistptr->type = AP; memcpy(aplistptr->addr, macap, 6); aplistptr->essidlen = tags.essidlen; memcpy(aplistptr->essid, tags.essid, tags.essidlen); aplistptr->groupcipher = tags.groupcipher; aplistptr->cipher = tags.cipher; aplistptr->akm = tags.akm; aplistptr->manufacturerlen = tags.manufacturerlen; memcpy(aplistptr->manufacturer, tags.manufacturer, tags.manufacturerlen); aplistptr->modellen = tags.modellen; memcpy(aplistptr->model, tags.model, tags.modellen); aplistptr->serialnumberlen = tags.serialnumberlen; memcpy(aplistptr->serialnumber, tags.serialnumber, tags.serialnumberlen); aplistptr->devicenamelen = tags.devicenamelen; memcpy(aplistptr->devicename, tags.devicename, tags.devicenamelen); aplistptr->enrolleelen = tags.enrolleelen; memcpy(aplistptr->enrollee, tags.enrollee, tags.enrolleelen); if(fh_csv != NULL) writecsv(proberesponsetimestamp, macap, &tags); if(cleanbackmac() == false) aplistptr++; if(fh_nmea != NULL) writegpwpl(macap); return; } /*===========================================================================*/ static inline bool processpag(uint8_t *macap, int vendorlen, uint8_t *ieptr) { static int c, p; static const uint8_t mac_pwag[6] = { 0xde, 0xad, 0xbe, 0xef, 0xde, 0xad }; if(ieptr[1] != 0xff) return false; if(vendorlen <= 0x78) return false; if(memcmp(&mac_pwag, macap, 6) != 0) return false; for(p = 2; p < vendorlen -75 ; p++) { if(memcmp(&ieptr[p], "identity", 8) == 0) { for(c = 0; c < 64; c++) { if(!isxdigit((unsigned char)ieptr[p +11 +c])) return false; } pagcount++; return true; } } return false; } /*===========================================================================*/ static void process80211beacon(uint64_t beacontimestamp, uint8_t *macbc, uint8_t *macap, uint32_t beaconlen, uint8_t *beaconptr) { static int apinfolen; static uint8_t *apinfoptr; static maclist_t *aplistnew; static tags_t tags; beaconcount++; if(memcmp(&mac_broadcast, macbc, 6) != 0) { broadcastmacerrorcount++; return; } apinfoptr = beaconptr +CAPABILITIESAP_SIZE; apinfolen = beaconlen -CAPABILITIESAP_SIZE; if(apinfoptr[0] == TAG_PAG) { if(processpag(macap, apinfolen, apinfoptr) == true) return; } if(beaconlen < (int)IETAG_SIZE) { beaconerrorcount++; return; } if(gettags(apinfolen, apinfoptr, &tags) == false) { beaconerrorcount++; if(tags.essidlen > 32) beaconssidoversizedcount++; return; } if(tags.essidlen == 0) { beaconssidunsetcount++; return; } if(memcmp(&tags.essid, &zeroed32, tags.essidlen) == 0) { beaconssidzeroedcount++; return; } if((tags.channel > 0) && (tags.channel <= 14)) { beaconchannel[0] |= GHZ24; beaconchannel[tags.channel]++; } if((tags.channel > 14) && (tags.channel < CHANNEL_MAX)) { beaconchannel[0] |= GHZ5; beaconchannel[tags.channel]++; } if(tags.essid[0] == 0) return; if(aplistptr >= aplist +maclistmax) { aplistnew = realloc(aplist, (maclistmax +MACLIST_MAX) *MACLIST_SIZE); if(aplistnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } aplist = aplistnew; aplistptr = aplistnew +maclistmax; maclistmax += MACLIST_MAX; } memset(aplistptr, 0, MACLIST_SIZE); aplistptr->timestamp = beacontimestamp; aplistptr->count = 1; aplistptr->status = ST_BEACON; aplistptr->type = AP; memcpy(aplistptr->addr, macap, 6); aplistptr->essidlen = tags.essidlen; memcpy(aplistptr->essid, tags.essid, tags.essidlen); aplistptr->groupcipher = tags.groupcipher; aplistptr->cipher = tags.cipher; aplistptr->akm = tags.akm; aplistptr->manufacturerlen = tags.manufacturerlen; memcpy(aplistptr->manufacturer, tags.manufacturer, tags.manufacturerlen); aplistptr->modellen = tags.modellen; memcpy(aplistptr->model, tags.model, tags.modellen); aplistptr->serialnumberlen = tags.serialnumberlen; memcpy(aplistptr->serialnumber, tags.serialnumber, tags.serialnumberlen); aplistptr->devicenamelen = tags.devicenamelen; memcpy(aplistptr->devicename, tags.devicename, tags.devicenamelen); aplistptr->enrolleelen = tags.enrolleelen; memcpy(aplistptr->enrollee, tags.enrollee, tags.enrolleelen); if(fh_csv != NULL) writecsv(beacontimestamp, macap, &tags); if(cleanbackmac() == false) aplistptr++; if(fh_nmea != NULL) writegpwpl(macap); return; } /*===========================================================================*/ static void process80211actionmeasurement(uint64_t actiontimestamp, uint8_t *macclient, uint32_t packetlen, uint8_t *packetptr) { static maclist_t *aplistnew; static tags_t tags; static actmm_t *actmm; if(packetlen < ACTIONMEASUREMENTFRAME_SIZE) return; actmm = (actmm_t*)packetptr; if(actmm->actioncode != ACT_MM_NRREQ) return; packetlen -= (int)ACTIONMEASUREMENTFRAME_SIZE; packetptr += (int)ACTIONMEASUREMENTFRAME_SIZE; if(packetlen < (int)IETAG_SIZE) return; if(gettags(packetlen, packetptr, &tags) == false) return; if(tags.essidlen == 0) return; if(tags.essid[0] == 0) return; if(aplistptr >= aplist +maclistmax) { aplistnew = realloc(aplist, (maclistmax +MACLIST_MAX) *MACLIST_SIZE); if(aplistnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } aplist = aplistnew; aplistptr = aplistnew +maclistmax; maclistmax += MACLIST_MAX; } memset(aplistptr, 0, MACLIST_SIZE); aplistptr->timestamp = actiontimestamp; aplistptr->count = 1; aplistptr->status = ST_ACT_MR_REQ; aplistptr->type = CLIENT; memcpy(aplistptr->addr, macclient, 6); aplistptr->essidlen = tags.essidlen; memcpy(aplistptr->essid, tags.essid, tags.essidlen); if(cleanbackmac() == false) aplistptr++; actionessidcount++; return; } /*===========================================================================*/ static void process80211actionvendor(uint32_t packetlen, uint8_t *packetptr) { static actvf_t *actvf; if(packetlen < ACTIONVENDORFRAME_SIZE) return; actvf = (actvf_t*)packetptr; if(memcmp(actvf->vendor, &ouiapple, 3) == 0) awdlcount++; return; } /*===========================================================================*/ static void process80211action(uint64_t actiontimestamp, uint8_t *macclient, uint32_t packetlen, uint8_t *packetptr) { static actf_t *actf; if(packetlen < ACTIONFRAME_SIZE) return; actf = (actf_t*)packetptr; actioncount++; if(actf->categoriecode == CAT_VENDOR) process80211actionvendor(packetlen, packetptr); else if(actf->categoriecode == CAT_RADIO_MEASUREMENT) process80211actionmeasurement(actiontimestamp, macclient, packetlen, packetptr); return; } /*===========================================================================*/ static void process80211packet(uint64_t packetimestamp, uint32_t packetlen, uint8_t *packetptr) { static mac_t *macfrx; static uint32_t payloadlen; static uint8_t *payloadptr; static uint8_t *llcptr; static llc_t *llc; static uint8_t *mpduptr; static mpdu_t *mpdu; if(packetlen < (int)MAC_SIZE_NORM) return; macfrx = (mac_t*)packetptr; if((macfrx->from_ds == 1) && (macfrx->to_ds == 1)) { payloadptr = packetptr +MAC_SIZE_LONG; payloadlen = packetlen -MAC_SIZE_LONG; wdscount++; } else { payloadptr = packetptr +MAC_SIZE_NORM; payloadlen = packetlen -MAC_SIZE_NORM; } if(macfrx->type == IEEE80211_FTYPE_MGMT) { if(macfrx->subtype == IEEE80211_STYPE_BEACON) process80211beacon(packetimestamp, macfrx->addr1, macfrx->addr2, payloadlen, payloadptr); else if(macfrx->subtype == IEEE80211_STYPE_PROBE_RESP) process80211probe_resp(packetimestamp, macfrx->addr2, payloadlen, payloadptr); else if(macfrx->subtype == IEEE80211_STYPE_AUTH) process80211authentication(macfrx->addr2, payloadlen, payloadptr); else if(macfrx->subtype == IEEE80211_STYPE_ASSOC_REQ) process80211association_req(packetimestamp, macfrx->addr2, macfrx->addr1, payloadlen, payloadptr); else if(macfrx->subtype == IEEE80211_STYPE_REASSOC_REQ) process80211reassociation_req(packetimestamp, macfrx->addr2, macfrx->addr1, payloadlen, payloadptr); else if(macfrx->subtype == IEEE80211_STYPE_PROBE_REQ) { if(memcmp(&mac_broadcast, macfrx->addr1, 6) == 0) process80211probe_req(packetimestamp, macfrx->addr2, payloadlen, payloadptr); else process80211probe_req_direct(packetimestamp, macfrx->addr2, macfrx->addr1, payloadlen, payloadptr); } else if(macfrx->subtype == IEEE80211_STYPE_ACTION) process80211action(packetimestamp, macfrx->addr2, payloadlen, payloadptr); else if(macfrx->subtype == IEEE80211_STYPE_DEAUTH) deauthenticationcount++; else if(macfrx->subtype == IEEE80211_STYPE_DISASSOC) disassociationcount++; else if(macfrx->subtype == IEEE80211_STYPE_MGTRESERVED) mgtreservedcount++; } else if(macfrx->type == IEEE80211_FTYPE_DATA) { if((macfrx->subtype &IEEE80211_STYPE_QOS_DATA) == IEEE80211_STYPE_QOS_DATA) { payloadptr += QOS_SIZE; payloadlen -= QOS_SIZE; } if(payloadlen < (int)LLC_SIZE) return; llcptr = payloadptr; llc = (llc_t*)llcptr; if(((ntohs(llc->type)) == LLC_TYPE_AUTH) && (llc->dsap == LLC_SNAP) && (llc->ssap == LLC_SNAP)) { process80211eap(packetimestamp, macfrx->addr1, macfrx->addr2, macfrx->addr3, payloadlen -LLC_SIZE, payloadptr +LLC_SIZE); } else if(((ntohs(llc->type)) == LLC_TYPE_IPV4) && (llc->dsap == LLC_SNAP) && (llc->ssap == LLC_SNAP)) { processipv4(packetimestamp, payloadlen -LLC_SIZE, payloadptr +LLC_SIZE); } else if(((ntohs(llc->type)) == LLC_TYPE_IPV6) && (llc->dsap == LLC_SNAP) && (llc->ssap == LLC_SNAP)) { processipv6(packetimestamp, payloadlen -LLC_SIZE, payloadptr +LLC_SIZE); } else if(macfrx->prot ==1) { mpduptr = payloadptr; mpdu = (mpdu_t*)mpduptr; if(((mpdu->keyid >> 5) &1) == 1) wpaenccount++; else if(((mpdu->keyid >> 5) &1) == 0) wepenccount++; } } return; } /*===========================================================================*/ void processethernetpacket(uint64_t timestamp, uint32_t caplen, uint8_t *packetptr) { static eth2_t *eth2; if(caplen < LLC_SIZE) return; eth2 = (eth2_t*)packetptr; if(ntohs(eth2->ether_type) == LLC_TYPE_IPV4) { processipv4(timestamp, caplen -ETH2_SIZE, packetptr +ETH2_SIZE); } else if(ntohs(eth2->ether_type) == LLC_TYPE_IPV6) { processipv6(timestamp, caplen -ETH2_SIZE, packetptr +ETH2_SIZE); } /* if(ntohs(eth2->ether_type) == LLC_TYPE_AUTH) { process80211networkauthentication(tv_sec, tv_usec, caplen, eth2->addr1, eth2->addr2, packet_ptr); } */ return; } /*===========================================================================*/ void processlobapacket(uint64_t timestamp, uint32_t caplen, uint8_t *packetptr) { static loba_t *loba; if(caplen < LOBA_SIZE) return; loba = (loba_t*)packetptr; #ifdef BIG_ENDIAN_HOST loba->family = byte_swap_32(loba->family); #endif if(loba->family == LOBA_IPV4) processipv4(timestamp, caplen -LOBA_SIZE, packetptr +LOBA_SIZE); else if(loba->family == LOBA_IPV624) processipv6(timestamp, caplen -LOBA_SIZE, packetptr +LOBA_SIZE); else if(loba->family == LOBA_IPV628) processipv6(timestamp, caplen -LOBA_SIZE, packetptr +LOBA_SIZE); else if(loba->family == LOBA_IPV630) processipv6(timestamp, caplen -LOBA_SIZE, packetptr +LOBA_SIZE); return; } /*===========================================================================*/ static void getradiotapfield(uint16_t rthlen, uint32_t caplen, uint8_t *capptr) { static int i; static uint16_t pf; static rth_t *rth; static uint32_t *pp; frequency = 0; rth = (rth_t*)capptr; pf = RTH_SIZE; if((rth->it_present & IEEE80211_RADIOTAP_DBM_ANTSIGNAL) != IEEE80211_RADIOTAP_DBM_ANTSIGNAL) return; if((rth->it_present & IEEE80211_RADIOTAP_EXT) == IEEE80211_RADIOTAP_EXT) { pp = (uint32_t*)capptr; for(i = 2; i < rthlen /4; i++) { #ifdef BIG_ENDIAN_HOST pp[i] = byte_swap_32(pp[i]); #endif pf += 4; if((pp[i] & IEEE80211_RADIOTAP_EXT) != IEEE80211_RADIOTAP_EXT) break; } } if((rth->it_present & IEEE80211_RADIOTAP_TSFT) == IEEE80211_RADIOTAP_TSFT) pf += 8; if((rth->it_present & IEEE80211_RADIOTAP_FLAGS) == IEEE80211_RADIOTAP_FLAGS) pf += 1; if((rth->it_present & IEEE80211_RADIOTAP_RATE) == IEEE80211_RADIOTAP_RATE) pf += 1; if((rth->it_present & IEEE80211_RADIOTAP_CHANNEL) == IEEE80211_RADIOTAP_CHANNEL) { if(pf > caplen) return; if((pf %2) != 0) pf += 1; frequency = (capptr[pf +1] << 8) + capptr[pf]; usedfrequency[frequency] += 1; if((frequency >= 2407) && (frequency <= 2474)) { interfacechannel = (frequency -2407)/5; band24count++; } else if((frequency >= 2481) && (frequency <= 2487)) { interfacechannel = (frequency -2412)/5; band24count++; } else if((frequency >= 5005) && (frequency <= 5980)) { interfacechannel = (frequency -5000)/5; band5count++; } else if((frequency >= 5955) && (frequency <= 6415)) { interfacechannel = (frequency -5950)/5; band6count++; } pf += 4; } if((rth->it_present & IEEE80211_RADIOTAP_FHSS) == IEEE80211_RADIOTAP_FHSS) { if((pf %2) != 0) pf += 1; pf += 2; } if((rth->it_present & IEEE80211_RADIOTAP_DBM_ANTSIGNAL) == IEEE80211_RADIOTAP_DBM_ANTSIGNAL) { if(pf > caplen) return; rssi = capptr[pf]; } return; } /*===========================================================================*/ static void processlinktype(uint64_t captimestamp, uint32_t linktype, uint32_t caplen, uint8_t *capptr) { static uint8_t cs; static uint32_t p; static rth_t *rth; static uint32_t packetlen; static uint8_t *packetptr; static ppi_t *ppi; static prism_t *prism; static avs_t *avs; static fcs_t *fcs; static uint32_t crc; rssi = 0; interfacechannel = 0; if(fh_raw_out != NULL) { cs = captimestamp &0xff; cs ^= (captimestamp >> 8) &0xff; cs ^= (captimestamp >> 16) &0xff; cs ^= (captimestamp >> 24) &0xff; cs ^= (captimestamp >> 32) &0xff; cs ^= (captimestamp >> 40) &0xff; cs ^= (captimestamp >> 48) &0xff; cs ^= (captimestamp >> 56) &0xff; cs ^= linktype &0xff; cs ^= (linktype >> 8) &0xff; cs ^= (linktype >> 16) &0xff; cs ^= (linktype >> 24) &0xff; #ifndef BIG_ENDIAN_HOST fprintf(fh_raw_out, "%016" PRIx64 "*%08x*", captimestamp, linktype); #else fprintf(fh_raw_out, "%016" PRIx64 "*%08x*", byte_swap_64(captimestamp), byte_swap_32(linktype)); #endif for(p = 0; p < caplen; p++) { fprintf(fh_raw_out, "%02x", capptr[p]); cs ^= capptr[p]; } fprintf(fh_raw_out, "*%02x\n", cs); } if(captimestamp < captimestampold) sequenceerrorcount++; captimestampold = captimestamp; if(timestampmin == 0) timestampmin = captimestamp; if(timestampmin > captimestamp) timestampmin = captimestamp; if(timestampmax < captimestamp) timestampmax = captimestamp; if(captimestamp == 0) { captimestamp = timestampstart; timestampstart += (eapoltimeoutvalue -2); zeroedtimestampcount++; } if(linktype == DLT_IEEE802_11_RADIO) { if(caplen < RTH_SIZE) { pcapreaderrors++; radiotaperrorcount++; if(fh_log != NULL) fprintf(fh_log, "failed to read radiotap header: %ld\n", rawpacketcount); return; } rth = (rth_t*)capptr; #ifdef BIG_ENDIAN_HOST rth->it_len = byte_swap_16(rth->it_len); rth->it_present = byte_swap_32(rth->it_present); #endif if(rth->it_len > caplen) { pcapreaderrors++; radiotaperrorcount++; if(fh_log != NULL) fprintf(fh_log, "failed to read radiotap header: %ld\n", rawpacketcount); return; } if(rth->it_version != 0) { pcapreaderrors++; radiotaperrorcount++; if(fh_log != NULL) fprintf(fh_log, "unsupported radiotap header version: %ld\n", rawpacketcount); return; } getradiotapfield(rth->it_len, caplen, capptr); packetlen = caplen -rth->it_len; packetptr = capptr +rth->it_len; } else if(linktype == DLT_IEEE802_11) { packetptr = capptr; packetlen = caplen; } else if(linktype == DLT_PPI) { if(caplen < PPI_SIZE) { pcapreaderrors++; fprintf(stdout, "failed to read ppi header\n"); if(fh_log != NULL) fprintf(fh_log, "failed to read ppi header: %ld\n", rawpacketcount); return; } ppi = (ppi_t*)capptr; #ifdef BIG_ENDIAN_HOST ppi->pph_len = byte_swap_16(ppi->pph_len); #endif if(ppi->pph_len > caplen) { pcapreaderrors++; fprintf(stdout, "failed to read ppi header\n"); if(fh_log != NULL) fprintf(fh_log, "failed to read ppi header: %ld\n", rawpacketcount); return; } packetlen = caplen -ppi->pph_len; packetptr = capptr +ppi->pph_len; } else if(linktype == DLT_PRISM_HEADER) { if(caplen < PRISM_SIZE) { pcapreaderrors++; fprintf(stdout, "failed to read prism header\n"); if(fh_log != NULL) fprintf(fh_log, "failed to read prism header: %ld\n", rawpacketcount); return; } prism = (prism_t*)capptr; #ifdef BIG_ENDIAN_HOST prism->msgcode = byte_swap_32(prism->msgcode); prism->msglen = byte_swap_32(prism->msglen); prism->frmlen.data = byte_swap_32(prism->frmlen.data); #endif if(prism->msglen > caplen) { if(prism->frmlen.data > caplen) { pcapreaderrors++; fprintf(stdout, "failed to read prism header\n"); if(fh_log != NULL) fprintf(fh_log, "failed to read prism header: %ld\n", rawpacketcount); return; } prism->msglen = caplen -prism->frmlen.data; } packetlen = caplen -prism->msglen; packetptr = capptr +prism->msglen; } else if(linktype == DLT_IEEE802_11_RADIO_AVS) { if(caplen < AVS_SIZE) { pcapreaderrors++; fprintf(stdout, "failed to read avs header\n"); if(fh_log != NULL) fprintf(fh_log, "failed to read avs header: %ld\n", rawpacketcount); return; } avs = (avs_t*)capptr; #ifdef BIG_ENDIAN_HOST avs->len = byte_swap_32(avs->len); #endif if(avs->len > caplen) { pcapreaderrors++; fprintf(stdout, "failed to read avs header\n"); if(fh_log != NULL) fprintf(fh_log, "failed to read avs header: %ld\n", rawpacketcount); return; } packetlen = caplen -avs->len; packetptr = capptr +avs->len; } else if(linktype == DLT_EN10MB) { if(caplen < ETH2_SIZE) { pcapreaderrors++; fprintf(stdout, "failed to read ethernet header\n"); if(fh_log != NULL) fprintf(fh_log, "failed to read ethernet header: %ld\n", rawpacketcount); return; } processethernetpacket(captimestamp, caplen, capptr); return; } else if(linktype == DLT_NULL) { if(caplen < LOBA_SIZE) { pcapreaderrors++; fprintf(stdout, "failed to read loopback header\n"); if(fh_log != NULL) fprintf(fh_log, "failed to read loopback header: %ld\n", rawpacketcount); return; } processlobapacket(captimestamp, caplen, capptr); return; } else { fprintf(stdout, "unsupported network type %d\n", linktype); if(fh_log != NULL) fprintf(fh_log, "unsupported network type %d: %ld\n", linktype, rawpacketcount); return; } if(packetlen < 4) { pcapreaderrors++; fprintf(stdout, "failed to read packet\n"); if(fh_log != NULL) fprintf(fh_log, "failed to read packet (len < 4): %ld\n", rawpacketcount); return; } fcs = (fcs_t*)(packetptr +packetlen -4); crc = fcscrc32check(packetptr, packetlen -4); #ifdef BIG_ENDIAN_HOST crc = byte_swap_32(crc); #endif if(crc == fcs->fcs) { fcsframecount++; packetlen -= 4; } process80211packet(captimestamp, packetlen, packetptr); return; } /*===========================================================================*/ void processcap(int fd, char *eigenname, char *pcaporgname, char *pcapinname) { static unsigned int res; static off_t resseek; static pcap_hdr_t pcapfhdr; static pcaprec_hdr_t pcaprhdr; static uint64_t timestampcap; static uint8_t packet[MAXPACPSNAPLEN]; ancientdumpfileformat = true; fprintf(stdout, "%s %s reading from %s...\n", basename(eigenname), VERSION_TAG, basename(pcapinname)); iface = 1; res = read(fd, &pcapfhdr, PCAPHDR_SIZE); if(res != PCAPHDR_SIZE) { pcapreaderrors++; fprintf(stdout, "failed to read pcap header\n"); if(fh_log != NULL) fprintf(fh_log, "failed to read pcap header: %s\n", basename(pcapinname)); return; } #ifdef BIG_ENDIAN_HOST pcapfhdr.magic_number = byte_swap_32(pcapfhdr.magic_number); pcapfhdr.version_major = byte_swap_16(pcapfhdr.version_major); pcapfhdr.version_minor = byte_swap_16(pcapfhdr.version_minor); pcapfhdr.thiszone = byte_swap_32(pcapfhdr.thiszone); pcapfhdr.sigfigs = byte_swap_32(pcapfhdr.sigfigs); pcapfhdr.snaplen = byte_swap_32(pcapfhdr.snaplen); pcapfhdr.network = byte_swap_32(pcapfhdr.network); #endif if(pcapfhdr.magic_number == PCAPMAGICNUMBERBE) { pcapfhdr.magic_number = byte_swap_32(pcapfhdr.magic_number); pcapfhdr.version_major = byte_swap_16(pcapfhdr.version_major); pcapfhdr.version_minor = byte_swap_16(pcapfhdr.version_minor); pcapfhdr.thiszone = byte_swap_32(pcapfhdr.thiszone); pcapfhdr.sigfigs = byte_swap_32(pcapfhdr.sigfigs); pcapfhdr.snaplen = byte_swap_32(pcapfhdr.snaplen); pcapfhdr.network = byte_swap_32(pcapfhdr.network); endianess = 1; } versionmajor = pcapfhdr.version_major; versionminor = pcapfhdr.version_minor; dltlinktype[0] = pcapfhdr.network; if(pcapfhdr.version_major != PCAP_MAJOR_VER) { pcapreaderrors++; fprintf(stdout, "unsupported major pcap version\n"); if(fh_log != NULL) fprintf(fh_log, "unsupported major pcap version: %d\n", pcapfhdr.version_major); return; } if(pcapfhdr.version_minor != PCAP_MINOR_VER) { pcapreaderrors++; fprintf(stdout, "unsupported minor pcap version\n"); if(fh_log != NULL) fprintf(fh_log, "unsupported minor pcap version: %d\n", pcapfhdr.version_minor); return; } if(pcapfhdr.snaplen > MAXPACPSNAPLEN) { pcapreaderrors++; fprintf(stdout, "detected oversized snaplen (%d)\n", pcapfhdr.snaplen); if(fh_log != NULL) fprintf(fh_log, "detected oversized snaplen (%d): %d\n", pcapfhdr.snaplen, pcapfhdr.version_minor); } while(1) { res = read(fd, &pcaprhdr, PCAPREC_SIZE); if(res == 0) break; if(res != PCAPREC_SIZE) { pcapreaderrors++; fprintf(stdout, "failed to read pcap packet header for packet %ld\n", rawpacketcount); if(fh_log != NULL) fprintf(fh_log, "failed to read pcap packet header: %ld\n", rawpacketcount); break; } #ifdef BIG_ENDIAN_HOST pcaprhdr.ts_sec = byte_swap_32(pcaprhdr.ts_sec); pcaprhdr.ts_usec = byte_swap_32(pcaprhdr.ts_usec); pcaprhdr.incl_len = byte_swap_32(pcaprhdr.incl_len); pcaprhdr.orig_len = byte_swap_32(pcaprhdr.orig_len); #endif if(endianess == 1) { pcaprhdr.ts_sec = byte_swap_32(pcaprhdr.ts_sec); pcaprhdr.ts_usec = byte_swap_32(pcaprhdr.ts_usec); pcaprhdr.incl_len = byte_swap_32(pcaprhdr.incl_len); pcaprhdr.orig_len = byte_swap_32(pcaprhdr.orig_len); } if(pcaprhdr.incl_len > pcapfhdr.snaplen) { pcapreaderrors++; if(fh_log != NULL) fprintf(fh_log, "inclusive length > snaplen: %ld\n", rawpacketcount); } if(pcaprhdr.incl_len < MAXPACPSNAPLEN) { rawpacketcount++; res = read(fd, &packet, pcaprhdr.incl_len); if(res != pcaprhdr.incl_len) { pcapreaderrors++; fprintf(stdout, "failed to read packet %ld\n", rawpacketcount); if(fh_log != NULL) fprintf(fh_log, "packet error: %ld\n", rawpacketcount); break; } } else { skippedpacketcount++; resseek = lseek(fd, pcaprhdr.incl_len, SEEK_CUR); if(resseek < 0) { pcapreaderrors++; fprintf(stdout, "failed to set file pointer\n"); if(fh_log != NULL) fprintf(fh_log, "failed to set file pointer: %s\n", basename(pcapinname)); break; } continue; } if(pcaprhdr.incl_len > 0) { timestampcap = ((uint64_t)pcaprhdr.ts_sec *1000000) + pcaprhdr.ts_usec; processlinktype(timestampcap, pcapfhdr.network, pcaprhdr.incl_len, packet); } } fprintf(stdout, "\nsummary capture file\n" "--------------------\n" "file name................................: %s\n" "version (pcap/cap).......................: %d.%d (very basic format without any additional information)\n" , basename(pcaporgname), versionmajor, versionminor ); printlinklayerinfo(); cleanupmac(); outputdeviceinfolist(); outputwpalists(); outputeapmd5hashlist(); outputeapleaphashlist(); outputeapmschapv2hashlist(); outputtacacsplist(); outputwordlists(); printcontentinfo(); return; } /*===========================================================================*/ int pcapngoptionwalk(uint32_t blocktype, uint8_t *optr, int restlen) { static int csn, csc, pn; static int padding; static option_header_t *option; while(0 < restlen) { option = (option_header_t*)optr; #ifdef BIG_ENDIAN_HOST option->option_code = byte_swap_16(option->option_code); option->option_length = byte_swap_16(option->option_length); #endif if(endianess == 1) { option->option_code = byte_swap_16(option->option_code); option->option_length = byte_swap_16(option->option_length); } if(option->option_code == SHB_EOC) return 0; padding = 0; if(option->option_length > OPTIONLEN_MAX) return option->option_length; if((option->option_length %4)) padding = 4 -(option->option_length %4); if(option->option_code == SHB_HARDWARE) { if(option->option_length < OPTIONLEN_MAX) { memset(&pcapnghwinfo, 0, OPTIONLEN_MAX); memcpy(&pcapnghwinfo, option->data, option->option_length); } } else if(option->option_code == SHB_OS) { if(option->option_length < OPTIONLEN_MAX) { memset(&pcapngosinfo, 0, OPTIONLEN_MAX); memcpy(&pcapngosinfo, option->data, option->option_length); } } else if(option->option_code == SHB_USER_APPL) { if(option->option_length < OPTIONLEN_MAX) { memset(&pcapngapplinfo, 0, OPTIONLEN_MAX); memcpy(&pcapngapplinfo, option->data, option->option_length); } } else if(option->option_code == IF_MACADDR) { if(option->option_length == 6) { memset(&pcapngdeviceinfo, 0, 6); memcpy(&pcapngdeviceinfo, option->data, 6); } } else if(option->option_code == IF_TSRESOL) { if(option->option_length == 1) pcapngtimeresolution = option->data[0]; } else if(option->option_code == SHB_CUSTOM_OPT) { if(option->option_length > 40) { if((memcmp(&option->data[0], &hcxmagic, 4) == 0) && (memcmp(&option->data[4], &hcxmagic, 32) == 0)) restlen = pcapngoptionwalk(blocktype, optr +OH_SIZE +36, option->option_length -36); else if((memcmp(&option->data[1], &hcxmagic, 4) == 0) && (memcmp(&option->data[5], &hcxmagic, 32) == 0)) restlen = pcapngoptionwalk(blocktype, optr +OH_SIZE +1 +36, option->option_length -36); } } else if(option->option_code == OPTIONCODE_MACORIG) { if(option->option_length == 6) { memset(&pcapngdeviceinfo, 0, 6); memcpy(&pcapngdeviceinfo, option->data, 6); } } else if(option->option_code == OPTIONCODE_MACAP) { if(option->option_length == 6) memcpy(&myaktap, &option->data, 6); } else if(option->option_code == OPTIONCODE_RC) { if(option->option_length == 8) { myaktreplaycount = option->data[0x07] & 0xff; myaktreplaycount = (myaktreplaycount << 8) + (option->data[0x06] & 0xff); myaktreplaycount = (myaktreplaycount << 8) + (option->data[0x05] & 0xff); myaktreplaycount = (myaktreplaycount << 8) + (option->data[0x04] & 0xff); myaktreplaycount = (myaktreplaycount << 8) + (option->data[0x03] & 0xff); myaktreplaycount = (myaktreplaycount << 8) + (option->data[0x02] & 0xff); myaktreplaycount = (myaktreplaycount << 8) + (option->data[0x01] & 0xff); myaktreplaycount = (myaktreplaycount << 8) + (option->data[0x00] & 0xff); if(endianess == 1) myaktreplaycount = byte_swap_64(myaktreplaycount); } } else if(option->option_code == OPTIONCODE_ANONCE) { if(option->option_length == 32) memcpy(&myaktanonce, &option->data, 32); } else if(option->option_code == OPTIONCODE_MACCLIENT) { if(option->option_length == 6) memcpy(&myaktclient, &option->data, 6); } else if(option->option_code == OPTIONCODE_SNONCE) { if(option->option_length == 32) memcpy(&myaktsnonce, &option->data, 32); } else if(option->option_code == OPTIONCODE_WEAKCANDIDATE) { if(option->option_length < 64) memcpy(&pcapngweakcandidate, &option->data, option->option_length); } else if(option->option_code == OPTIONCODE_NMEA) { memset(&nmeasentence, 0, OPTIONLEN_MAX); if(option->option_length >= 48) { nmealen = option->option_length; memcpy(&nmeasentence, &option->data, option->option_length); csc = 0; csn = 0; pn = 1; while((nmeasentence[pn] != 0) && (nmeasentence[pn] != '*')) { csn ^= nmeasentence[pn]; pn++; } if(nmeasentence[pn] == '*') { csc = strtol(&nmeasentence[option->option_length -2], NULL, 16); if(csn == csc) { if(fh_nmea!= NULL) fprintf(fh_nmea, "%s\n", nmeasentence); nmeacount++; } else { nmealen = 0; nmeaerrorcount++; } } } } optr += option->option_length +padding +OH_SIZE; restlen -= option->option_length +padding +OH_SIZE; } return 0; } /*===========================================================================*/ void processpcapng(int fd, char *eigenname, char *pcaporgname, char *pcapinname) { static unsigned int res; static off_t fdsize; static off_t aktseek; static off_t resseek; static uint32_t snaplen; static uint32_t blocktype; static uint32_t blocklen; static uint32_t blockmagic; static uint64_t timestamppcapng; static int padding; static block_header_t *pcapngbh; static section_header_block_t *pcapngshb; static interface_description_block_t *pcapngidb; static packet_block_t *pcapngpb; static enhanced_packet_block_t *pcapngepb; static custom_block_t *pcapngcb; static int interfaceid[MAX_INTERFACE_ID]; static uint8_t pcpngblock[2 *MAXPACPSNAPLEN]; static uint8_t packet[MAXPACPSNAPLEN]; ancientdumpfileformat = false; fprintf(stdout, "%s %s reading from %s...\n", basename(eigenname), VERSION_TAG, basename(pcapinname)); iface = 0; nmealen = 0; memset(&interfaceid, 0, sizeof(int) *MAX_INTERFACE_ID); fdsize = lseek(fd, 0, SEEK_END); if(fdsize < 0) { pcapreaderrors++; fprintf(stdout, "failed to get file size\n"); if(fh_log != NULL) fprintf(fh_log, "failed to get file size: %s\n", basename(pcapinname)); return; } aktseek = lseek(fd, 0L, SEEK_SET); if(aktseek < 0) { pcapreaderrors++; fprintf(stdout, "failed to set file pointer\n"); if(fh_log != NULL) fprintf(fh_log, "failed to set file pointer: %s\n", basename(pcapinname)); return; } snaplen = 0; memset(&packet, 0, MAXPACPSNAPLEN); while(1) { aktseek = lseek(fd, 0, SEEK_CUR); if(aktseek < 0) { pcapreaderrors++; fprintf(stdout, "failed to set file pointer\n"); if(fh_log != NULL) fprintf(fh_log, "failed to set file pointer: %s\n", basename(pcapinname)); break; } res = read(fd, &pcpngblock, BH_SIZE); if(res == 0) { break; } if(res != BH_SIZE) { pcapreaderrors++; fprintf(stdout, "failed to read block header\n"); if(fh_log != NULL) fprintf(fh_log, "failed to read block header: %s\n", basename(pcapinname)); break; } pcapngbh = (block_header_t*)pcpngblock; blocktype = pcapngbh->block_type; blocklen = pcapngbh->total_length; blockmagic = pcapngbh->byte_order_magic; #ifdef BIG_ENDIAN_HOST blocktype = byte_swap_32(blocktype); blocklen = byte_swap_32(blocklen); blockmagic = byte_swap_32(blockmagic); #endif if(blocktype == PCAPNGBLOCKTYPE) { if(blockmagic == PCAPNGMAGICNUMBERBE) endianess = 1; } if(endianess == 1) { blocktype = byte_swap_32(blocktype); blocklen = byte_swap_32(blocklen); } if((blocklen > (2 *MAXPACPSNAPLEN)) || ((blocklen %4) != 0)) { pcapreaderrors++; fprintf(stdout, "failed to read pcapng block header\n"); if(fh_log != NULL) fprintf(fh_log, "failed to read pcapng block header: %ld\n", rawpacketcount); break; } resseek = lseek(fd, aktseek, SEEK_SET); if(resseek < 0) { pcapreaderrors++; fprintf(stdout, "failed to set file pointer\n"); if(fh_log != NULL) fprintf(fh_log, "failed to set file pointer: %s\n", basename(pcapinname)); break; } res = read(fd, &pcpngblock, blocklen); if((res < BH_SIZE) || (res != blocklen)) { pcapreaderrors++; fprintf(stdout, "failed to read pcapng block header\n"); if(fh_log != NULL) fprintf(fh_log, "failed to read pcapng block header: %ld\n", rawpacketcount); break; } if(memcmp(&pcpngblock[4], &pcpngblock[ blocklen -4], 4) != 0) { pcapreaderrors++; fprintf(stdout, "failed to read pcapng block header \n"); if(fh_log != NULL) fprintf(fh_log, "failed to read pcapng block header: %ld\n", rawpacketcount); break; } if(blocktype == PCAPNGBLOCKTYPE) { pcapngshb = (section_header_block_t*)pcpngblock; #ifdef BIG_ENDIAN_HOST pcapngshb->major_version = byte_swap_16(pcapngshb->major_version); pcapngshb->minor_version = byte_swap_16(pcapngshb->minor_version); pcapngshb->section_length = byte_swap_64(pcapngshb->section_length); #endif if(endianess == 1) { pcapngshb->major_version = byte_swap_16(pcapngshb->major_version); pcapngshb->minor_version = byte_swap_16(pcapngshb->minor_version); pcapngshb->section_length = byte_swap_64(pcapngshb->section_length); } versionmajor = pcapngshb->major_version; versionminor = pcapngshb->minor_version; if(pcapngshb->major_version != PCAPNG_MAJOR_VER) { pcapreaderrors++; fprintf(stdout, "unsupported major pcapng version\n"); if(fh_log != NULL) fprintf(fh_log, "unsupported major pcapng version: %d\n", pcapngshb->major_version); break; } if(pcapngshb->minor_version != PCAPNG_MINOR_VER) { pcapreaderrors++; fprintf(stdout, "unsupported minor pcapng version\n"); if(fh_log != NULL) fprintf(fh_log, "unsupported minor pcapng version: %d\n", pcapngshb->minor_version); break; } if(pcapngoptionwalk(blocktype, pcapngshb->data, blocklen -SHB_SIZE) != 0) pcapreaderrors++; } else if(blocktype == IDBID) { pcapngidb = (interface_description_block_t*)pcpngblock; #ifdef BIG_ENDIAN_HOST pcapngidb->linktype = byte_swap_16(pcapngidb->linktype); pcapngidb->snaplen = byte_swap_32(pcapngidb->snaplen); #endif if(endianess == 1) { pcapngidb->linktype = byte_swap_16(pcapngidb->linktype); pcapngidb->snaplen = byte_swap_32(pcapngidb->snaplen); } snaplen = pcapngidb->snaplen; if(pcapngoptionwalk(blocktype, pcapngidb->data, blocklen -IDB_SIZE) != 0) pcapreaderrors++; if(snaplen > MAXPACPSNAPLEN) { pcapreaderrors++; fprintf(stdout, "detected oversized snaplen (%d)\n", snaplen); if(fh_log != NULL) fprintf(fh_log, "detected oversized snaplen: %ld\n", rawpacketcount); } if(iface >= MAX_INTERFACE_ID) { pcapreaderrors++; fprintf(stdout, "maximum of supported interfaces reached: %d\n", iface); if(fh_log != NULL) fprintf(fh_log, "maximum of supported interfaces reached: %d\n", iface); continue; } dltlinktype[iface] = pcapngidb->linktype; timeresolval[iface] = pcapngtimeresolution; iface++; } else if(blocktype == PBID) { pcapngpb = (packet_block_t*)pcpngblock; #ifdef BIG_ENDIAN_HOST pcapngpb->caplen = byte_swap_32(pcapngpb->caplen); #endif if(endianess == 1) pcapngpb->caplen = byte_swap_32(pcapngpb->caplen); timestamppcapng = 0; if(pcapngpb->caplen > MAXPACPSNAPLEN) { pcapreaderrors++; fprintf(stdout, "caplen > MAXSNAPLEN (%d > %d)\n", pcapngpb->caplen, MAXPACPSNAPLEN); if(fh_log != NULL) fprintf(fh_log, "caplen > MAXSNAPLEN: %ld\n", rawpacketcount); continue; } if(pcapngpb->caplen > blocklen) { pcapreaderrors++; fprintf(stdout, "caplen > blocklen (%d > %d)\n", pcapngpb->caplen, blocklen); if(fh_log != NULL) fprintf(fh_log, "caplen > blocklen: %ld\n", rawpacketcount); continue; } rawpacketcount++; processlinktype(timestamppcapng, dltlinktype[0], pcapngpb->caplen, pcapngpb->data); } else if(blocktype == SPBID) continue; else if(blocktype == NRBID) continue; else if(blocktype == ISBID) continue; else if(blocktype == EPBID) { pcapngepb = (enhanced_packet_block_t*)pcpngblock; #ifdef BIG_ENDIAN_HOST pcapngepb->interface_id = byte_swap_32(pcapngepb->interface_id); pcapngepb->timestamp_high = byte_swap_32(pcapngepb->timestamp_high); pcapngepb->timestamp_low = byte_swap_32(pcapngepb->timestamp_low); pcapngepb->caplen = byte_swap_32(pcapngepb->caplen); pcapngepb->len = byte_swap_32(pcapngepb->len); #endif if(endianess == 1) { pcapngepb->interface_id = byte_swap_32(pcapngepb->interface_id); pcapngepb->timestamp_high = byte_swap_32(pcapngepb->timestamp_high); pcapngepb->timestamp_low = byte_swap_32(pcapngepb->timestamp_low); pcapngepb->caplen = byte_swap_32(pcapngepb->caplen); pcapngepb->len = byte_swap_32(pcapngepb->len); } if(pcapngepb->interface_id >= iface) { pcapreaderrors++; fprintf(stdout, "maximum of supported interfaces reached: %d\n", iface); if(fh_log != NULL) fprintf(stdout, "maximum of supported interfaces reached: %d\n", iface); continue; } timestamppcapng = pcapngepb->timestamp_high; timestamppcapng = (timestamppcapng << 32) +pcapngepb->timestamp_low; if(timeresolval[pcapngepb->interface_id] == TSRESOL_NSEC) { timestamppcapng = pcapngepb->timestamp_high / 1000; timestamppcapng = (timestamppcapng << 32) +pcapngepb->timestamp_low; } if(pcapngepb->caplen != pcapngepb->len) { pcapreaderrors++; fprintf(stdout, "caplen != len (%d != %d)\n", pcapngepb->caplen, pcapngepb->len); if(fh_log != NULL) fprintf(fh_log, "caplen != len: %ld\n", rawpacketcount); continue; } if(pcapngepb->caplen > MAXPACPSNAPLEN) { pcapreaderrors++; fprintf(stdout, "caplen > MAXSNAPLEN (%d > %d)\n", pcapngepb->caplen, MAXPACPSNAPLEN); if(fh_log != NULL) fprintf(fh_log, "caplen > MAXSNAPLEN: %ld\n", rawpacketcount); continue; } if(pcapngepb->caplen > blocklen) { pcapreaderrors++; fprintf(stdout, "caplen > blocklen (%d > %d)\n", pcapngepb->caplen, blocklen); if(fh_log != NULL) fprintf(fh_log, "caplen > blocklen: %ld\n", rawpacketcount); continue; } rawpacketcount++; processlinktype(timestamppcapng, dltlinktype[pcapngepb->interface_id], pcapngepb->caplen, pcapngepb->data); padding = 0; if((pcapngepb->caplen %4) != 0) padding = 4 -(pcapngepb->caplen %4); if(pcapngoptionwalk(blocktype, pcapngepb->data +pcapngepb->caplen +padding, blocklen -EPB_SIZE -pcapngepb->caplen -padding) != 0) pcapreaderrors++; } else if(blocktype == CBID) { pcapngcb = (custom_block_t*)pcpngblock; if(blocklen < CB_SIZE) { skippedpacketcount++; continue; } if(memcmp(pcapngcb->pen, &hcxmagic, 4) != 0) { skippedpacketcount++; continue; } if(memcmp(pcapngcb->hcxm, &hcxmagic, 32) != 0) { skippedpacketcount++; continue; } if(pcapngoptionwalk(blocktype, pcapngcb->data, blocklen -CB_SIZE) != 0) pcapreaderrors++; } else { skippedpacketcount++; } } fprintf(stdout, "\nsummary capture file\n" "--------------------\n" "file name................................: %s\n" "version (pcapng).........................: %d.%d\n" "operating system.........................: %s\n" "application..............................: %s\n" "interface name...........................: %s\n" "interface vendor.........................: %02x%02x%02x\n" "openSSL version..........................: %d.%d\n" "weak candidate...........................: %s\n" "MAC ACCESS POINT.........................: %02x%02x%02x%02x%02x%02x (incremented on every new client)\n" "MAC CLIENT...............................: %02x%02x%02x%02x%02x%02x\n" "REPLAYCOUNT..............................: %" PRIu64 "\n" "ANONCE...................................: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n" "SNONCE...................................: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n" , basename(pcaporgname), versionmajor, versionminor, pcapngosinfo, pcapngapplinfo, pcapnghwinfo, pcapngdeviceinfo[0], pcapngdeviceinfo[1], pcapngdeviceinfo[2], opensslversionmajor, opensslversionminor, pcapngweakcandidate, myaktap[0], myaktap[1], myaktap[2], myaktap[3], myaktap[4], myaktap[5], myaktclient[0], myaktclient[1], myaktclient[2], myaktclient[3], myaktclient[4], myaktclient[5], myaktreplaycount, myaktanonce[0], myaktanonce[1], myaktanonce[2], myaktanonce[3], myaktanonce[4], myaktanonce[5], myaktanonce[6], myaktanonce[7], myaktanonce[8], myaktanonce[9], myaktanonce[10], myaktanonce[11], myaktanonce[12], myaktanonce[13], myaktanonce[14], myaktanonce[15], myaktanonce[16], myaktanonce[17], myaktanonce[18], myaktanonce[19], myaktanonce[20], myaktanonce[21], myaktanonce[22], myaktanonce[23], myaktanonce[24], myaktanonce[25], myaktanonce[26], myaktanonce[27], myaktanonce[28], myaktanonce[29], myaktanonce[30], myaktanonce[31], myaktsnonce[0], myaktsnonce[1], myaktsnonce[2], myaktsnonce[3], myaktsnonce[4], myaktsnonce[5], myaktsnonce[6], myaktsnonce[7], myaktsnonce[8], myaktsnonce[9], myaktsnonce[10], myaktsnonce[11], myaktsnonce[12], myaktsnonce[13], myaktsnonce[14], myaktsnonce[15], myaktsnonce[16], myaktsnonce[17], myaktsnonce[18], myaktsnonce[19], myaktsnonce[20], myaktsnonce[21], myaktsnonce[22], myaktsnonce[23], myaktsnonce[24], myaktsnonce[25], myaktsnonce[26], myaktsnonce[27], myaktsnonce[28], myaktsnonce[29], myaktsnonce[30], myaktsnonce[31] ); printlinklayerinfo(); cleanupmac(); outputdeviceinfolist(); outputwpalists(); outputwordlists(); outputeapmd5hashlist(); outputeapleaphashlist(); outputeapmschapv2hashlist(); outputtacacsplist(); printcontentinfo(); return; } /*===========================================================================*/ static bool processcapfile(char *eigenname, char *pcapinname) { static int resseek; static uint32_t magicnumber; static char *pcapnameptr; #ifdef WANTZLIB static char *pcaptempnameptr; static char tmpoutname[PATH_MAX +1]; #endif #ifdef WANTZLIB pcaptempnameptr = NULL; #endif pcapnameptr = pcapinname; #ifdef WANTZLIB ancientdumpfileformat = false; radiotappresent = false; if(testgzipfile(pcapinname) == true) { memset(&tmpoutname, 0, PATH_MAX); snprintf(tmpoutname, PATH_MAX, "/tmp/%s.tmp", basename(pcapinname)); if(decompressgz(pcapinname, tmpoutname) == false) return false; gzipstat++; pcaptempnameptr = tmpoutname; pcapnameptr = tmpoutname; } #endif jtrbasenamedeprecated = pcapinname; fd_pcap = open(pcapnameptr, O_RDONLY); if(fd_pcap == -1) { perror("failed to open file"); return false; } magicnumber = getmagicnumber(fd_pcap); resseek = lseek(fd_pcap, 0L, SEEK_SET); if(resseek < 0) { pcapreaderrors++; fprintf(stdout, "failed to set file pointer\n"); if(fh_log != NULL) fprintf(fh_log, "failed to set file pointer: %s\n", pcapinname); return false; } if(magicnumber == PCAPNGBLOCKTYPE) { if(initlists() == true) { processpcapng(fd_pcap, eigenname, pcapinname, pcapnameptr); pcapngstat++; close(fd_pcap); closelists(); } } else if((magicnumber == PCAPMAGICNUMBER) || (magicnumber == PCAPMAGICNUMBERBE)) { if(magicnumber == PCAPMAGICNUMBERBE) endianess = 1; if(initlists() == true) { processcap(fd_pcap, eigenname, pcapinname, pcapnameptr); capstat++; close(fd_pcap); closelists(); } } else { fprintf(stdout, "unsupported dump file format: %s\n", pcapinname); return false; } #ifdef WANTZLIB if(pcaptempnameptr != NULL) remove(pcaptempnameptr); #endif return true; } /*===========================================================================*/ static inline size_t chop(char *buffer, size_t len) { static char *ptr; ptr = buffer +len -1; while(len) { if(*ptr != '\n') break; *ptr-- = 0; len--; } while(len) { if(*ptr != '\r') break; *ptr-- = 0; len--; } return len; } /*---------------------------------------------------------------------------*/ static inline int fgetline(FILE *inputstream, size_t size, char *buffer) { static size_t len; static char *buffptr; if(feof(inputstream)) return -1; buffptr = fgets (buffer, size, inputstream); if(buffptr == NULL) return -1; len = strlen(buffptr); len = chop(buffptr, len); return len; } /*===========================================================================*/ static bool processrawfile(char *rawinname) { static int len; static int pos; static long int linecount; static FILE *fh_raw_in; static uint64_t timestampraw; static uint16_t linktyperaw; static uint8_t cs, ct; static uint32_t caplenraw; uint8_t idx0; uint8_t idx1; static char *csptr; static char *stopptr = NULL; uint8_t hashmap[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, // 01234567 0x08, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 89:;<=>? 0x00, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00, // @ABCDEFG 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // HIJKLMNO 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // PQRSTUVW 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // XYZ[\]^_ 0x00, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00, // `abcdefg 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // hijklmno }; static char linein[RAW_LEN_MAX]; static uint8_t packet[MAXPACPSNAPLEN]; if(initlists() == false) return false; if((fh_raw_in = fopen(rawinname, "r")) == NULL) { fprintf(stderr, "failed to open raw file %s\n", rawinname); return false; } linecount = 0; while(1) { if((len = fgetline(fh_raw_in, RAW_LEN_MAX, linein)) == -1) break; linecount++; if(len < 30) continue; if((linein[16] != '*') && (linein[25] != '*')) { fprintf(stdout, "delimiter error line: %ld\n", linecount); if(fh_log != NULL) fprintf(fh_log, "delimiter error line: %ld\n", linecount); pcapreaderrors++; continue; } csptr = strchr(linein +26, '*'); if(csptr == NULL) { fprintf(stdout, "delimiter error line: %ld\n", linecount); if(fh_log != NULL) fprintf(fh_log, "delimiter error line: %ld\n", linecount); pcapreaderrors++; continue; } if(((csptr -linein) %2) != 0) { fprintf(stdout, "delimiter error line: %ld\n", linecount); if(fh_log != NULL) fprintf(fh_log, "delimiter error line: %ld\n", linecount); pcapreaderrors++; continue; } if((len -(csptr -linein)) < 3) { fprintf(stdout, "delimiter error line: %ld\n", linecount); if(fh_log != NULL) fprintf(fh_log, "delimiter error line: %ld\n", linecount); pcapreaderrors++; continue; } timestampraw = strtoull(linein, &stopptr, 16); if((stopptr == NULL) || ((stopptr -linein) != 16)) { fprintf(stdout, "timestamp error line: %ld\n", linecount); if(fh_log != NULL) fprintf(fh_log, "timestamp error line: %ld\n", linecount); pcapreaderrors++; continue; } #ifdef BIG_ENDIAN_HOST timestampraw = byte_swap_64(timestampraw); #endif linktyperaw = strtoul(&linein[17], &stopptr, 16); if((stopptr == NULL) || ((stopptr -linein) != 25)) { fprintf(stdout, "linktype error line: %ld\n", linecount); if(fh_log != NULL) fprintf(fh_log, "linktype error line: %ld\n", linecount); pcapreaderrors++; continue; } #ifdef BIG_ENDIAN_HOST linktyperaw = byte_swap_16(linktyperaw); #endif cs = timestampraw &0xff; cs ^= (timestampraw >> 8) &0xff; cs ^= (timestampraw >> 16) &0xff; cs ^= (timestampraw >> 24) &0xff; cs ^= (timestampraw >> 32) &0xff; cs ^= (timestampraw >> 40) &0xff; cs ^= (timestampraw >> 48) &0xff; cs ^= (timestampraw >> 56) &0xff; cs ^= linktyperaw &0xff; cs ^= (linktyperaw >> 8) &0xff; cs ^= (linktyperaw >> 16) &0xff; cs ^= (linktyperaw >> 24) &0xff; caplenraw = 0; for (pos = 0; ((pos < MAXPACPSNAPLEN) && (pos < RAW_LEN_MAX)); pos += 2) { if(linein[26 +pos] == 0) { fprintf(stdout, "frame error line: %ld\n", linecount); if(fh_log != NULL) fprintf(fh_log, "frame error line: %ld\n", linecount); pcapreaderrors++; continue; } if(linein[26 +pos] == '*') break; idx0 = ((uint8_t)linein[26 +pos +0] & 0x1F) ^ 0x10; idx1 = ((uint8_t)linein[26 +pos +1] & 0x1F) ^ 0x10; packet[pos/2] = (uint8_t)(hashmap[idx0] << 4) | hashmap[idx1]; cs ^= packet[pos/2]; caplenraw++; }; if((len -pos -26) < 3) { fprintf(stdout, "line length error: %ld\n", linecount); if(fh_log != NULL) fprintf(fh_log, "line length error: %ld\n", linecount); pcapreaderrors++; continue; } ct = strtoul(&linein[26 +pos +1], &stopptr, 16); if((stopptr == NULL) || ((stopptr -linein) != len)) { fprintf(stdout, "line length error: %ld\n", linecount); if(fh_log != NULL) fprintf(fh_log, "line length error: %ld\n", linecount); pcapreaderrors++; continue; } if(ct != cs) { fprintf(stdout, "checksum error: %ld\n", linecount); if(fh_log != NULL) fprintf(fh_log, "checksum error: %ld\n", linecount); pcapreaderrors++; continue; } processlinktype(timestampraw, linktyperaw, caplenraw, packet); rawpacketcount++; } fprintf(stdout, "\nsummary raw file\n" "----------------\n" "file name................................: %s\n" "lines read...............................: %ld\n" , basename(rawinname),linecount); printlinklayerinfo(); cleanupmac(); outputdeviceinfolist(); outputwpalists(); outputwordlists(); outputeapmd5hashlist(); outputeapleaphashlist(); outputeapmschapv2hashlist(); printcontentinfo(); fclose(fh_raw_in); return true ; } /*===========================================================================*/ static bool testfilename(char *filename1, char *filename2) { if(filename1 == NULL) return false; if(filename2 == NULL) return false; if(strcmp(filename1, filename2) != 0) return false; fprintf(stdout, "same file names for different file types is not allowed: %s - %s\n", filename1, filename2); return true; } /*===========================================================================*/ __attribute__ ((noreturn)) void version(char *eigenname) { fprintf(stdout, "%s %s (C) %s ZeroBeat\n", eigenname, VERSION_TAG, VERSION_YEAR); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) void usage(char *eigenname) { fprintf(stdout, "%s %s (C) %s ZeroBeat\n" "convert pcapng, pcap and cap files to hash formats that hashcat and JtR use\n" "usage:\n" "%s \n" "%s input.pcapng\n" "%s *.pcapng\n" "%s *.pcap\n" "%s *.cap\n" "%s *.*\n" "\n" "short options:\n" "-o : output WPA-PBKDF2-PMKID+EAPOL hash file (hashcat -m 22000)\n" " get full advantage of reuse of PBKDF2 on PMKID and EAPOL\n" "-E : output wordlist (autohex enabled on non ASCII characters) to use as input wordlist for cracker\n" " retrieved from every frame that contain an ESSID\n" "-R : output wordlist (autohex enabled on non ASCII characters) to use as input wordlist for cracker\n" " retrieved from PROBEREQUEST frames only\n" "-I : output unsorted identity list to use as input wordlist for cracker\n" "-U : output unsorted username list to use as input wordlist for cracker\n" "-D : output device information list\n" " format MAC MANUFACTURER MODELNAME SERIALNUMBER DEVICENAME UUID\n" "-h : show this help\n" "-v : show version\n" "\n" "long options:\n" "--all : convert all possible hashes instead of only the best one\n" " that can lead to much overhead hashes\n" " use hcxhashtool to filter hashes\n" " need hashcat --nonce-error-corrections >= 8\n" "--eapoltimeout= : set EAPOL TIMEOUT (milliseconds)\n" " : default: %d ms\n" "--nonce-error-corrections= : set nonce error correction\n" " warning: values > 0 can lead to uncrackable handshakes\n" " : default: %d\n" "--ignore-ie : do not use CIPHER and AKM information\n" " this will convert all frames regadless of\n" " CIPHER and/OR AKM information,\n" " and can lead to uncrackable hashes\n" "--max-essids= : maximum allowed ESSIDs\n" " default: %d ESSID\n" " disregard ESSID changes and take ESSID with highest ranking\n" "--eapmd5= : output EAP MD5 CHALLENGE (hashcat -m 4800)\n" "--eapmd5-john= : output EAP MD5 CHALLENGE (john chap)\n" "--eapleap= : output EAP LEAP and MSCHAPV2 CHALLENGE (hashcat -m 5500, john netntlm)\n" "--tacacs-plus= : output TACACS PLUS (hashcat -m 16100, john tacacs-plus)\n" "--nmea= : output GPS data in NMEA format\n" " format: NMEA 0183 $GPGGA, $GPRMC, $GPWPL\n" " to convert it to gpx, use GPSBabel:\n" " gpsbabel -i nmea -f hcxdumptool.nmea -o gpx,gpxver=1.1 -F hcxdumptool.gpx\n" " to display the track, open file.gpx with viking\n" "--csv= : output ACCESS POINT information in CSV format\n" " delimiter: tabulator (0x08)\n" " columns:\n" " YYYY-MM-DD HH:MM:SS MAC_AP ESSID ENC_TYPE CIPHER AKM COUNTRY_INFO CHANNEL RSSI GPS(DM.m) GPS(D.d) GPSFIX SATCOUNT HDOP ALTITUDE UNIT\n" " to convert it to other formats, use bash tools or scripting languages\n" " GPS FIX:\n" " 0 = fix not available or invalid\n" " 1 = fix valid (GPS SPS mode)\n" " 2 = fix valid (differential GPS SPS Mode)\n" " 3 = not supported\n" " 4 = not supported\n" " 5 = not supported\n" " 6 = fix valid (Dead Reckoning Mode)\n" "--log= : output logfile\n" "--raw-out= : output frames in HEX ASCII\n" " : format: TIMESTAMP*LINKTYPE*FRAME*CHECKSUM\n" "--raw-in= : input frames in HEX ASCII\n" " : format: TIMESTAMP*LINKTYPE*FRAME*CHECKSUM\n" "--pmkid= : output deprecated PMKID file (delimter *)\n" "--hccapx= : output deprecated hccapx v4 file\n" "--hccap= : output deprecated hccap file\n" "--john= : output deprecated PMKID/EAPOL (JtR wpapsk-opencl/wpapsk-pmk-opencl)\n" "--prefix= : convert everything to lists using this prefix (overrides single options):\n" " -o : output PMKID/EAPOL hash file\n" " -E : output wordlist (autohex enabled on non ASCII characters) to use as input wordlist for cracker\n" " -I : output unsorted identity list to use as input wordlist for cracker\n" " -U : output unsorted username list to use as input wordlist for cracker\n" " --eapmd5= : output EAP MD5 CHALLENGE (hashcat -m 4800)\n" " --eapleap= : output EAP LEAP and MSCHAPV2 CHALLENGE (hashcat -m 5500, john netntlm)\n" " --tacacs-plus= : output TACACS+ (hashcat -m 16100, john tacacs-plus)\n" " --nmea= : output GPS data in NMEA format\n" "--help : show this help\n" "--version : show version\n" "\n" "bitmask of message pair field:\n" "2,1,0:\n" " 000 = M1+M2, EAPOL from M2 (challenge)\n" " 001 = M1+M4, EAPOL from M4 (authorized) - usable if NONCE_CLIENT is not zeroed \n" " 010 = M2+M3, EAPOL from M2 (authorized)\n" " 011 = M2+M3, EAPOL from M3 (authorized) - unused\n" " 100 = M3+M4, EAPOL from M3 (authorized) - unused\n" " 101 = M3+M4, EAPOL from M4 (authorized) - usable if NONCE_CLIENT is not zeroed\n" "3: reserved\n" "4: ap-less attack (set to 1) - nonce-error-corrections not required\n" "5: LE router detected (set to 1) - nonce-error-corrections required only on LE\n" "6: BE router detected (set to 1) - nonce-error-corrections required only on BE\n" "7: not replaycount checked (set to 1) - replaycount not checked, nonce-error-corrections mandatory\n" "\n" "Do not edit, merge or convert pcapng files! This will remove optional comment fields!\n" "Detection of bit errors does not work on cleaned dump files!\n" "Do not use %s in combination with third party cap/pcap/pcapng cleaning tools (except: tshark and/or Wireshark)!\n" "It is much better to run gzip to compress the files. Wireshark, tshark and hcxpcapngtool will understand this.\n" "Recommended tools to show additional 802.11 fields or to decrypt WiFi traffic: Wireshark and/or tshark\n" "Recommended tool to filter converted hash by several options: hcxhashtool\n" "Recommended tool to get default or standard PSKs: hcxpsktool\n" "Recommended tool to calculate wordlists based on ESSID: hcxeiutool\n" "Recommended tools to retrieve PSK from hash: hashcat, JtR\n" "\n", eigenname, VERSION_TAG, VERSION_YEAR, eigenname, eigenname, eigenname, eigenname, eigenname, eigenname, EAPOLTIMEOUT /1000, NONCEERRORCORRECTION, ESSIDSMAX, eigenname); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) void usageerror(char *eigenname) { fprintf(stdout, "%s %s (C) %s by ZeroBeat\n" "usage: %s -h for help\n", eigenname, VERSION_TAG, VERSION_YEAR, eigenname); exit(EXIT_FAILURE); } /*===========================================================================*/ int main(int argc, char *argv[]) { static int auswahl; static int index; static int exitcode; static char *pmkideapoloutname; static char *eapmd5outname; static char *eapmd5johnoutname; static char *eapleapoutname; static char *tacacspoutname; static char *essidoutname; static char *essidproberequestoutname; static char *deviceinfooutname; static char *identityoutname; static char *usernameoutname; static char *nmeaoutname; static char *csvoutname; static char *logoutname; static char *rawoutname; static char *rawinname; static char *pmkideapoljtroutnamedeprecated; static char *pmkidoutnamedeprecated; static char *hccapxoutnamedeprecated; static char *hccapoutnamedeprecated; static const char *prefixoutname; static const char *pmkideapolsuffix = ".22000"; static const char *eapmd5suffix = ".4800"; static const char *eapleapsuffix = ".5500"; static const char *tacacspsuffix = ".16100"; static const char *essidsuffix = ".essid"; static const char *essidproberequestsuffix = ".essidproberequest"; static const char *identitysuffix = ".identity"; static const char *usernamesuffix = ".username"; static const char *nmeasuffix = ".nmea"; static const char *csvsuffix = ".csv"; static const char *deviceinfosuffix = ".deviceinfo"; static char pmkideapolprefix[PATH_MAX]; static char eapmd5prefix[PATH_MAX]; static char eapleapprefix[PATH_MAX]; static char tacacspprefix[PATH_MAX]; static char essidprefix[PATH_MAX]; static char essidproberequestprefix[PATH_MAX]; static char identityprefix[PATH_MAX]; static char usernameprefix[PATH_MAX]; static char nmeaprefix[PATH_MAX]; static char csvprefix[PATH_MAX]; static char deviceinfoprefix[PATH_MAX]; struct timeval tv; static struct stat statinfo; static const char *short_options = "o:E:R:I:U:D:hv"; static const struct option long_options[] = { {"all", no_argument, NULL, HCX_CONVERT_ALL}, {"eapoltimeout", required_argument, NULL, HCX_EAPOL_TIMEOUT}, {"nonce-error-corrections", required_argument, NULL, HCX_NC}, {"ignore-ie", no_argument, NULL, HCX_IE}, {"max-essids", required_argument, NULL, HCX_ESSIDS}, {"nmea", required_argument, NULL, HCX_NMEA_OUT}, {"csv", required_argument, NULL, HCX_CSV_OUT}, {"raw-out", required_argument, NULL, HCX_RAW_OUT}, {"raw-in", required_argument, NULL, HCX_RAW_IN}, {"log", required_argument, NULL, HCX_LOG_OUT}, {"pmkid", required_argument, NULL, HCX_PMKID_OUT_DEPRECATED}, {"eapmd5", required_argument, NULL, HCX_EAPMD5_OUT}, {"eapmd5-john", required_argument, NULL, HCX_EAPMD5_JOHN_OUT}, {"eapleap", required_argument, NULL, HCX_EAPLEAP_OUT}, {"tacacs-plus", required_argument, NULL, HCX_TACACSP_OUT}, {"hccapx", required_argument, NULL, HCX_HCCAPX_OUT_DEPRECATED}, {"hccap", required_argument, NULL, HCX_HCCAP_OUT_DEPRECATED}, {"john", required_argument, NULL, HCX_PMKIDEAPOLJTR_OUT_DEPRECATED}, {"prefix", required_argument, NULL, HCX_PREFIX_OUT}, {"version", no_argument, NULL, HCX_VERSION}, {"help", no_argument, NULL, HCX_HELP}, {NULL, 0, NULL, 0} }; auswahl = -1; index = 0; optind = 1; optopt = 0; exitcode = EXIT_SUCCESS; ignoreieflag = false; donotcleanflag = false; eapoltimeoutvalue = EAPOLTIMEOUT; ncvalue = NONCEERRORCORRECTION; essidsvalue = ESSIDSMAX; pmkideapoloutname = NULL; eapmd5outname = NULL; eapmd5johnoutname = NULL; eapleapoutname = NULL; tacacspoutname = NULL; essidoutname = NULL; essidproberequestoutname = NULL; identityoutname = NULL; usernameoutname = NULL; deviceinfooutname = NULL; nmeaoutname = NULL; csvoutname = NULL; logoutname = NULL; rawoutname = NULL; rawinname = NULL; prefixoutname = NULL; pmkideapoljtroutnamedeprecated = NULL; pmkidoutnamedeprecated = NULL; hccapxoutnamedeprecated = NULL; hccapoutnamedeprecated = NULL; fh_pmkideapol = NULL; fh_eapmd5 = NULL; fh_eapmd5john = NULL; fh_eapleap = NULL; fh_tacacsp = NULL; fh_essid = NULL; fh_essidproberequest = NULL; fh_deviceinfo= NULL; fh_identity = NULL; fh_username = NULL; fh_nmea = NULL; fh_csv = NULL; fh_log = NULL; fh_raw_out = NULL; fh_pmkideapoljtrdeprecated = NULL; fh_pmkiddeprecated = NULL; fh_hccapxdeprecated = NULL; fh_hccapdeprecated = NULL; gzipstat = 0; capstat = 0; pcapngstat = 0; while((auswahl = getopt_long (argc, argv, short_options, long_options, &index)) != -1) { switch (auswahl) { case HCX_EAPOL_TIMEOUT: eapoltimeoutvalue = strtoull(optarg, NULL, 10); if(eapoltimeoutvalue <= 0) { fprintf(stderr, "EAPOL TIMEOUT must be > 0\n"); exit(EXIT_FAILURE); } eapoltimeoutvalue *= 1000; break; case HCX_NC: ncvalue = strtol(optarg, NULL, 10); break; case HCX_IE: ignoreieflag = true; break; case HCX_CONVERT_ALL: donotcleanflag = true; break; case HCX_ESSIDS: essidsvalue = strtol(optarg, NULL, 10); break; case HCX_PMKIDEAPOL_OUT: pmkideapoloutname = optarg; break; case HCX_EAPMD5_OUT: eapmd5outname = optarg; break; case HCX_EAPMD5_JOHN_OUT: eapmd5johnoutname = optarg; break; case HCX_EAPLEAP_OUT: eapleapoutname = optarg; break; case HCX_TACACSP_OUT: tacacspoutname = optarg; break; case HCX_ESSID_OUT: essidoutname = optarg; break; case HCX_ESSIDPROBEREQUEST_OUT: essidproberequestoutname = optarg; break; case HCX_IDENTITY_OUT: identityoutname = optarg; break; case HCX_USERNAME_OUT: usernameoutname = optarg; break; case HCX_DEVICEINFO_OUT: deviceinfooutname = optarg; break; case HCX_NMEA_OUT: nmeaoutname = optarg; break; case HCX_CSV_OUT: csvoutname = optarg; break; case HCX_RAW_OUT: rawoutname = optarg; break; case HCX_RAW_IN: rawinname = optarg; break; case HCX_LOG_OUT: logoutname = optarg; break; case HCX_PMKIDEAPOLJTR_OUT_DEPRECATED: pmkideapoljtroutnamedeprecated = optarg; break; case HCX_PMKID_OUT_DEPRECATED: pmkidoutnamedeprecated = optarg; break; case HCX_HCCAPX_OUT_DEPRECATED: hccapxoutnamedeprecated = optarg; break; case HCX_HCCAP_OUT_DEPRECATED: hccapoutnamedeprecated = optarg; break; case HCX_HELP: usage(basename(argv[0])); break; case HCX_PREFIX_OUT: prefixoutname = optarg; if(strlen(prefixoutname) > PREFIX_BUFFER_MAX) { fprintf(stderr, "prefix must be < %d\n", PATH_MAX -12); exit(EXIT_FAILURE); } break; case HCX_VERSION: version(basename(argv[0])); break; case '?': usageerror(basename(argv[0])); break; } } gettimeofday(&tv, NULL); timestampstart = ((uint64_t)tv.tv_sec *1000000) + tv.tv_usec; if(argc < 2) { fprintf(stdout, "no option selected\n"); return EXIT_SUCCESS; } if((optind == argc) && (rawinname == NULL)) { fprintf(stdout, "no input file(s) selected\n"); exit(EXIT_FAILURE); } if(testfilename(pmkideapoloutname, essidoutname) == true) exit(EXIT_FAILURE); if(testfilename(pmkideapoloutname, essidproberequestoutname) == true) exit(EXIT_FAILURE); if(testfilename(pmkideapoloutname, identityoutname) == true) exit(EXIT_FAILURE); if(testfilename(pmkideapoloutname, usernameoutname) == true) exit(EXIT_FAILURE); if(testfilename(pmkideapoloutname, deviceinfooutname) == true) exit(EXIT_FAILURE); if(testfilename(pmkideapoloutname, eapmd5outname) == true) exit(EXIT_FAILURE); if(testfilename(pmkideapoloutname, eapmd5johnoutname) == true) exit(EXIT_FAILURE); if(testfilename(pmkideapoloutname, eapleapoutname) == true) exit(EXIT_FAILURE); if(testfilename(pmkideapoloutname, tacacspoutname) == true) exit(EXIT_FAILURE); if(testfilename(pmkideapoloutname, nmeaoutname) == true) exit(EXIT_FAILURE); if(testfilename(pmkideapoloutname, csvoutname) == true) exit(EXIT_FAILURE); if(testfilename(pmkideapoloutname, rawoutname) == true) exit(EXIT_FAILURE); if(testfilename(pmkideapoloutname, logoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapmd5outname, essidoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapmd5outname, essidproberequestoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapmd5outname, identityoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapmd5outname, usernameoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapmd5outname, deviceinfooutname) == true) exit(EXIT_FAILURE); if(testfilename(eapmd5outname, eapmd5johnoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapmd5outname, eapleapoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapmd5outname, tacacspoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapmd5outname, nmeaoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapmd5outname, csvoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapmd5outname, rawoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapmd5outname, logoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapleapoutname, essidoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapleapoutname, essidproberequestoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapleapoutname, identityoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapleapoutname, usernameoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapleapoutname, deviceinfooutname) == true) exit(EXIT_FAILURE); if(testfilename(eapleapoutname, eapmd5johnoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapleapoutname, tacacspoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapleapoutname, nmeaoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapleapoutname, csvoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapleapoutname, rawoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapleapoutname, logoutname) == true) exit(EXIT_FAILURE); if(testfilename(tacacspoutname, essidoutname) == true) exit(EXIT_FAILURE); if(testfilename(tacacspoutname, essidproberequestoutname) == true) exit(EXIT_FAILURE); if(testfilename(tacacspoutname, identityoutname) == true) exit(EXIT_FAILURE); if(testfilename(tacacspoutname, usernameoutname) == true) exit(EXIT_FAILURE); if(testfilename(tacacspoutname, deviceinfooutname) == true) exit(EXIT_FAILURE); if(testfilename(tacacspoutname, eapmd5johnoutname) == true) exit(EXIT_FAILURE); if(testfilename(tacacspoutname, nmeaoutname) == true) exit(EXIT_FAILURE); if(testfilename(tacacspoutname, csvoutname) == true) exit(EXIT_FAILURE); if(testfilename(tacacspoutname, rawoutname) == true) exit(EXIT_FAILURE); if(testfilename(tacacspoutname, logoutname) == true) exit(EXIT_FAILURE); if(testfilename(nmeaoutname, essidoutname) == true) exit(EXIT_FAILURE); if(testfilename(nmeaoutname, essidproberequestoutname) == true) exit(EXIT_FAILURE); if(testfilename(nmeaoutname, identityoutname) == true) exit(EXIT_FAILURE); if(testfilename(nmeaoutname, usernameoutname) == true) exit(EXIT_FAILURE); if(testfilename(nmeaoutname, deviceinfooutname) == true) exit(EXIT_FAILURE); if(testfilename(nmeaoutname, eapmd5johnoutname) == true) exit(EXIT_FAILURE); if(testfilename(nmeaoutname, rawoutname) == true) exit(EXIT_FAILURE); if(testfilename(nmeaoutname, logoutname) == true) exit(EXIT_FAILURE); if(testfilename(rawoutname, essidoutname) == true) exit(EXIT_FAILURE); if(testfilename(rawoutname, essidproberequestoutname) == true) exit(EXIT_FAILURE); if(testfilename(rawoutname, identityoutname) == true) exit(EXIT_FAILURE); if(testfilename(rawoutname, usernameoutname) == true) exit(EXIT_FAILURE); if(testfilename(rawoutname, deviceinfooutname) == true) exit(EXIT_FAILURE); if(testfilename(rawoutname, eapmd5johnoutname) == true) exit(EXIT_FAILURE); if(testfilename(rawoutname, logoutname) == true) exit(EXIT_FAILURE); if(testfilename(logoutname, essidoutname) == true) exit(EXIT_FAILURE); if(testfilename(logoutname, essidproberequestoutname) == true) exit(EXIT_FAILURE); if(testfilename(logoutname, identityoutname) == true) exit(EXIT_FAILURE); if(testfilename(logoutname, usernameoutname) == true) exit(EXIT_FAILURE); if(testfilename(logoutname, deviceinfooutname) == true) exit(EXIT_FAILURE); if(testfilename(logoutname, eapmd5johnoutname) == true) exit(EXIT_FAILURE); if(prefixoutname != NULL) { strncpy(pmkideapolprefix, prefixoutname, PREFIX_BUFFER_MAX); strncat(pmkideapolprefix, pmkideapolsuffix, PREFIX_BUFFER_MAX); pmkideapoloutname = pmkideapolprefix; strncpy(essidprefix, prefixoutname, PREFIX_BUFFER_MAX); strncat(essidprefix, essidsuffix, PREFIX_BUFFER_MAX); essidoutname = essidprefix; strncpy(essidproberequestprefix, prefixoutname, PREFIX_BUFFER_MAX); strncat(essidproberequestprefix, essidproberequestsuffix, PREFIX_BUFFER_MAX); essidproberequestoutname = essidprefix; strncpy(identityprefix, prefixoutname, PREFIX_BUFFER_MAX); strncat(identityprefix, identitysuffix, PREFIX_BUFFER_MAX); identityoutname = identityprefix; strncpy(usernameprefix, prefixoutname, PREFIX_BUFFER_MAX); strncat(usernameprefix, usernamesuffix, PREFIX_BUFFER_MAX); usernameoutname = usernameprefix; strncpy(deviceinfoprefix, prefixoutname, PREFIX_BUFFER_MAX); strncat(deviceinfoprefix, deviceinfosuffix, PREFIX_BUFFER_MAX); deviceinfooutname = deviceinfoprefix; strncpy(eapmd5prefix, prefixoutname, PREFIX_BUFFER_MAX); strncat(eapmd5prefix, eapmd5suffix, PREFIX_BUFFER_MAX); eapmd5outname = eapmd5prefix; strncpy(eapleapprefix, prefixoutname, PREFIX_BUFFER_MAX); strncat(eapleapprefix, eapleapsuffix, PREFIX_BUFFER_MAX); eapleapoutname = eapleapprefix; strncpy(tacacspprefix, prefixoutname, PREFIX_BUFFER_MAX); strncat(tacacspprefix, tacacspsuffix, PREFIX_BUFFER_MAX); tacacspoutname = tacacspprefix; strncpy(nmeaprefix, prefixoutname, PREFIX_BUFFER_MAX); strncat(nmeaprefix, nmeasuffix, PREFIX_BUFFER_MAX); nmeaoutname = nmeaprefix; strncpy(csvprefix, prefixoutname, PREFIX_BUFFER_MAX); strncat(csvprefix, csvsuffix, PREFIX_BUFFER_MAX); csvoutname = csvprefix; } if((pmkideapoloutname != NULL) && (nmeaoutname != NULL)) { if(strcmp(pmkideapoloutname, nmeaoutname) == 0) { fprintf(stdout, "same file names for different file types not allowed: %s - %s\n", pmkideapoloutname, usernameoutname); exit(EXIT_FAILURE); } } if(pmkideapoloutname != NULL) { if((fh_pmkideapol = fopen(pmkideapoloutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", pmkideapoloutname, strerror(errno)); exit(EXIT_FAILURE); } } if(eapmd5outname != NULL) { if((fh_eapmd5 = fopen(eapmd5outname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", eapmd5outname, strerror(errno)); exit(EXIT_FAILURE); } } if(eapmd5johnoutname != NULL) { if((fh_eapmd5john = fopen(eapmd5johnoutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", eapmd5johnoutname, strerror(errno)); exit(EXIT_FAILURE); } } if(eapleapoutname != NULL) { if((fh_eapleap = fopen(eapleapoutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", eapleapoutname, strerror(errno)); exit(EXIT_FAILURE); } } if(tacacspoutname != NULL) { if((fh_tacacsp = fopen(tacacspoutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", tacacspoutname, strerror(errno)); exit(EXIT_FAILURE); } } if(essidoutname != NULL) { if((fh_essid = fopen(essidoutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", essidoutname, strerror(errno)); exit(EXIT_FAILURE); } } if(essidproberequestoutname != NULL) { if((fh_essidproberequest = fopen(essidproberequestoutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", essidproberequestoutname, strerror(errno)); exit(EXIT_FAILURE); } } if(identityoutname != NULL) { if((fh_identity = fopen(identityoutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", identityoutname, strerror(errno)); exit(EXIT_FAILURE); } } if(usernameoutname != NULL) { if((fh_username = fopen(usernameoutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", usernameoutname, strerror(errno)); exit(EXIT_FAILURE); } } if(deviceinfooutname != NULL) { if((fh_deviceinfo = fopen(deviceinfooutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", deviceinfooutname, strerror(errno)); exit(EXIT_FAILURE); } } if(nmeaoutname != NULL) { if((fh_nmea = fopen(nmeaoutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", nmeaoutname, strerror(errno)); exit(EXIT_FAILURE); } } if(csvoutname != NULL) { if((fh_csv = fopen(csvoutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", csvoutname, strerror(errno)); exit(EXIT_FAILURE); } } if(rawoutname != NULL) { if((fh_raw_out = fopen(rawoutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n",rawoutname, strerror(errno)); exit(EXIT_FAILURE); } } if(logoutname != NULL) { if((fh_log = fopen(logoutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n",logoutname, strerror(errno)); exit(EXIT_FAILURE); } } if(pmkideapoljtroutnamedeprecated != NULL) { if((fh_pmkideapoljtrdeprecated = fopen(pmkideapoljtroutnamedeprecated, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", pmkideapoljtroutnamedeprecated, strerror(errno)); exit(EXIT_FAILURE); } } if(pmkidoutnamedeprecated != NULL) { if((fh_pmkiddeprecated = fopen(pmkidoutnamedeprecated, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", pmkidoutnamedeprecated, strerror(errno)); exit(EXIT_FAILURE); } } if(hccapxoutnamedeprecated != NULL) { if((fh_hccapxdeprecated = fopen(hccapxoutnamedeprecated, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", hccapxoutnamedeprecated, strerror(errno)); exit(EXIT_FAILURE); } } if(hccapoutnamedeprecated != NULL) { if((fh_hccapdeprecated = fopen(hccapoutnamedeprecated, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", hccapoutnamedeprecated, strerror(errno)); exit(EXIT_FAILURE); } } for(index = optind; index < argc; index++) { if(processcapfile(argv[0], argv[index]) == false) exitcode = EXIT_FAILURE; } if(rawinname != NULL) processrawfile(rawinname); if(fh_pmkideapol != NULL) fclose(fh_pmkideapol); if(fh_eapmd5 != NULL) fclose(fh_eapmd5); if(fh_eapmd5john != NULL) fclose(fh_eapmd5john); if(fh_eapleap != NULL) fclose(fh_eapleap); if(fh_tacacsp != NULL) fclose(fh_tacacsp); if(fh_essid != NULL) fclose(fh_essid); if(fh_essidproberequest != NULL) fclose(fh_essidproberequest); if(fh_identity != NULL) fclose(fh_identity); if(fh_username != NULL) fclose(fh_username); if(fh_deviceinfo != NULL) fclose(fh_deviceinfo); if(fh_nmea != NULL) fclose(fh_nmea); if(fh_csv != NULL) fclose(fh_csv); if(fh_raw_out != NULL) fclose(fh_raw_out); if(fh_log != NULL) fclose(fh_log); if(fh_pmkideapoljtrdeprecated != NULL) fclose(fh_pmkideapoljtrdeprecated); if(fh_pmkiddeprecated != NULL) fclose(fh_pmkiddeprecated); if(fh_hccapxdeprecated != NULL) fclose(fh_hccapxdeprecated); if(fh_hccapdeprecated != NULL) fclose(fh_hccapdeprecated); if(pmkideapoloutname != NULL) { if(stat(pmkideapoloutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(pmkideapoloutname); } } if(eapmd5outname != NULL) { if(stat(eapmd5outname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(eapmd5outname); } } if(eapmd5johnoutname != NULL) { if(stat(eapmd5johnoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(eapmd5johnoutname); } } if(eapleapoutname != NULL) { if(stat(eapleapoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(eapleapoutname); } } if(tacacspoutname != NULL) { if(stat(tacacspoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(tacacspoutname); } } if(essidoutname != NULL) { if(stat(essidoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(essidoutname); } } if(essidproberequestoutname != NULL) { if(stat(essidproberequestoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(essidproberequestoutname); } } if(identityoutname != NULL) { if(stat(identityoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(identityoutname); } } if(usernameoutname != NULL) { if(stat(usernameoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(usernameoutname); } } if(deviceinfooutname != NULL) { if(stat(deviceinfooutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(deviceinfooutname); } } if(nmeaoutname != NULL) { if(stat(nmeaoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(nmeaoutname); } } if(csvoutname != NULL) { if(stat(csvoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(csvoutname); } } if(rawoutname != NULL) { if(stat(rawoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(rawoutname); } } if(logoutname != NULL) { if(stat(logoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(logoutname); } } if(pmkideapoljtroutnamedeprecated != NULL) { if(stat(pmkideapoljtroutnamedeprecated, &statinfo) == 0) { if(statinfo.st_size == 0) remove(pmkideapoljtroutnamedeprecated); } } if(pmkidoutnamedeprecated != NULL) { if(stat(pmkidoutnamedeprecated, &statinfo) == 0) { if(statinfo.st_size == 0) remove(pmkidoutnamedeprecated); } } if(hccapxoutnamedeprecated != NULL) { if(stat(hccapxoutnamedeprecated, &statinfo) == 0) { if(statinfo.st_size == 0) remove(hccapxoutnamedeprecated); } } if(hccapoutnamedeprecated != NULL) { if(stat(hccapoutnamedeprecated, &statinfo) == 0) { if(statinfo.st_size == 0) remove(hccapoutnamedeprecated); } } if((gzipstat == 0) && (pcapngstat == 0) && (capstat == 0)) return exitcode; fprintf(stdout, "\nsession summary\n---------------\n"); if(gzipstat > 0) fprintf(stdout, "gzip compressed dump files............: %d\n", gzipstat); if(pcapngstat > 0) fprintf(stdout, "processed pcapng files................: %d\n", pcapngstat); if(capstat > 0) fprintf(stdout, "processed cap files...................: %d\n", capstat); fprintf(stdout, "\n"); return exitcode; } /*===========================================================================*/ hcxtools-6.2.7/hcxpmkidtool.c000066400000000000000000000311631423200176400162450ustar00rootroot00000000000000#define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #if defined(__APPLE__) || defined(__OpenBSD__) #include #else #include #endif #include "include/hcxpmkidtool.h" #include "include/strings.c" /*===========================================================================*/ /* global var */ int cores; int workitems; FILE *fh_file; intpsk_t *wordlist; int essidlen; int pskoutlen; bool pskfoundflag; bool pmkfoundflag; char separator = ':'; uint8_t macsta[6]; uint8_t macap[6]; uint8_t essid[32]; uint8_t pmkid[16]; uint8_t pmkout[32]; uint8_t pskout[64]; /*===========================================================================*/ bool globalclose() { if(wordlist != NULL) { free(wordlist); } return true; } /*===========================================================================*/ bool globalinit() { pskfoundflag = false; pmkfoundflag = false; if((cores = sysconf(_SC_NPROCESSORS_ONLN)) == -1) { printf("failed to get CPU information\n"); return false; } if(cores < 1) { printf("no cores available\n"); return false; } if(cores > 256) { cores = 256; } workitems = cores *PSKCOUNT; wordlist = malloc(workitems *INTPSK_SIZE); if(wordlist == NULL) { printf("failed to allocate workload memory\n"); return false; } return true; } /*===========================================================================*/ bool isasciisepstring(int len, uint8_t *buffer) { uint8_t p; for(p = 0; p < len; p++) { if((buffer[p] < 0x20) || (buffer[p] > 0x7e) || (buffer[p] == separator)) { return false; } } return true; } /*===========================================================================*/ size_t chop(char *buffer, size_t len) { char *ptr; ptr = buffer +len -1; while(len) { if (*ptr != '\n') break; *ptr-- = 0; len--; } while(len) { if (*ptr != '\r') break; *ptr-- = 0; len--; } return len; } /*---------------------------------------------------------------------------*/ int fgetline(FILE *inputstream, size_t size, char *buffer) { size_t len; char *buffptr; if(feof(inputstream)) return -1; buffptr = fgets (buffer, size, inputstream); if(buffptr == NULL) return -1; len = strlen(buffptr); len = chop(buffptr, len); return len; } /*===========================================================================*/ void *calculatethread(void *args) { int c; argument_t *arg = (argument_t *)args; intpsk_t *zeiger; char *pmkname = "PMK Name"; uint8_t pmk[32]; uint8_t salt[32]; uint8_t mypmkid[32]; zeiger = arg->pos; arg->found = false; for(c = 0; c < arg->sc; c++) { if(PKCS5_PBKDF2_HMAC_SHA1(zeiger->psk, zeiger->len, essid, essidlen, 4096, 32, pmk) == 0) { return NULL; } memcpy(&salt, pmkname, 8); memcpy(&salt[8], &macap, 6); memcpy(&salt[14], &macsta, 6); HMAC(EVP_sha1(), &pmk, 32, salt, 20, mypmkid, NULL); if(memcmp(&mypmkid, &pmkid, 16) == 0) { arg->found = true; memcpy(arg->pmk, &pmk, 32); arg->psklen = zeiger->len; memset(arg->psk, 0, 64); memcpy(arg->psk, zeiger->psk, zeiger->len); return NULL; } zeiger++; } return NULL; } /*===========================================================================*/ int readitems() { int pskcount; intpsk_t *zeiger; int plen; char hm[] = { "$HEX[" }; char pskinline[PSKLEN *2 +5]; pskcount = 0; zeiger = wordlist; while(pskcount < workitems) { if((plen = fgetline(fh_file, PSKLEN *2 +5, pskinline)) == -1) { break; } if(plen < 8) { continue; } if((memcmp(pskinline, &hm, 5) == 0) && (pskinline[plen -1] == ']')) { zeiger->len = (plen -6); if((zeiger->len %2) != 0) { continue; } zeiger->len = zeiger->len /2; if(zeiger->len > 64) { continue; } if(hex2bin(&pskinline[5], (uint8_t*)zeiger->psk, zeiger->len) == false) { continue; } zeiger++; pskcount++; continue; } if(plen < 64) { zeiger->len = plen; memset(zeiger->psk, 0, PSKLEN); memcpy(zeiger->psk, &pskinline, plen); } zeiger++; pskcount++; } return pskcount; } /*===========================================================================*/ void processwordlist(char *wordlistname) { int ret; int c; int pskcount; pthread_t thread[256]; argument_t args[256]; if((fh_file = fopen(wordlistname, "r")) == NULL) { fprintf(stderr, "failed to open file %s\n", wordlistname); return; } pskcount = workitems; while(1) { if(pskfoundflag == true) { fclose(fh_file); return; } pskcount = readitems(); if(pskcount == 0) { fclose(fh_file); return; } if(pskcount == workitems) { for(c = 0; c < cores; c++) { args[c].pos = wordlist +(c *PSKCOUNT); args[c].sc = PSKCOUNT; ret = pthread_create(&thread[c], NULL, &calculatethread, &args[c]); if(ret != 0) { fclose(fh_file); printf("failed to create thread\n"); return; } } for(c = 0; c < cores; c++) { pthread_join(thread[c], NULL); if(args[c].found == true) { pskfoundflag = true; memcpy(&pmkout, args[c].pmk, 32); pskoutlen = args[c].psklen; memset(&pskout, 0, 64); memcpy(&pskout, args[c].psk, args[c].psklen); } } } if(pskcount < workitems) { break; } } for(c = 0; c < cores; c++) { args[c].pos = wordlist +(c *((pskcount/cores) + (pskcount%cores))); args[c].sc = (pskcount/cores) + (pskcount%cores); ret = pthread_create(&thread[c], NULL, &calculatethread, &args[c]); if(ret != 0) { fclose(fh_file); printf("failed to create thread\n"); return; } } for(c = 0; c < cores; c++) { pthread_join(thread[c], NULL); if(args[c].found == true) { pskfoundflag = true; memcpy(&pmkout, args[c].pmk, 32); pskoutlen = args[c].psklen; memset(&pskout, 0, 64); memcpy(&pskout, args[c].psk, args[c].psklen); } } fclose(fh_file); return; } /*===========================================================================*/ void processpmkname(char *pmkname) { int plen; char *pmkn = "PMK Name"; uint8_t pmk[32]; uint8_t salt[32]; uint8_t mypmkid[32]; plen = strlen(pmkname); if(plen != 64) { return; } if(hex2bin(pmkname, pmk, 32) == false) { return; } memcpy(&salt, pmkn, 8); memcpy(&salt[8], &macap, 6); memcpy(&salt[14], &macsta, 6); HMAC(EVP_sha1(), &pmk, 32, salt, 20, mypmkid, NULL); if(memcmp(&mypmkid, &pmkid, 16) == 0) { pmkfoundflag = true; memcpy(&pmkout, &pmk, 32); } return; } /*===========================================================================*/ void processwordname(char *wordname) { int plen; int len; char *pmkname = "PMK Name"; char hm[] = { "$HEX[" }; char psk[PSKLEN]; uint8_t pmk[32]; uint8_t salt[32]; uint8_t mypmkid[32]; plen = strlen(wordname); if(plen < 8) { return; } if((memcmp(wordname, &hm, 5) == 0) && (wordname[plen -1] == ']')) { len = (plen -6); if((len %2) != 0) { return; } len = len /2; if(len > 64) { return; } if(hex2bin(&wordname[5], (uint8_t*)psk, len) == false) { return; } } else if(plen < 64) { len = plen; memset(&psk, 0, PSKLEN); memcpy(&psk, wordname, len); } else { return; } if(PKCS5_PBKDF2_HMAC_SHA1(psk, len, essid, essidlen, 4096, 32, pmk) == 0) { return; } memcpy(&salt, pmkname, 8); memcpy(&salt[8], &macap, 6); memcpy(&salt[14], &macsta, 6); HMAC(EVP_sha1(), &pmk, 32, salt, 20, mypmkid, NULL); if(memcmp(&mypmkid, &pmkid, 16) == 0) { pskfoundflag = true; memcpy(&pmkout, &pmk, 32); pskoutlen = len; memset(&pskout, 0, 64); memcpy(&pskout, psk, len); } return; } /*===========================================================================*/ bool processpmkid(char *pmkidline) { int pmkidlen; pmkidlen = strlen(pmkidline); if((pmkidlen < 61) || ((pmkidlen > 59 +(ESSID_LEN_MAX *2)))) { return false; } if((pmkidline[32] == ':') && (pmkidline[45] == ':') && (pmkidline[58] == ':')) { separator = ':'; } else if((pmkidline[32] == '*') && (pmkidline[45] == '*') && (pmkidline[58] == '*')) { separator = '*'; } else { return false; } if(hex2bin(&pmkidline[0], pmkid, 16) == false) { return false; } if(hex2bin(&pmkidline[33], macap, 6) == false) { return false; } if(hex2bin(&pmkidline[46], macsta, 6) == false) { return false; } essidlen = pmkidlen -59; if((essidlen == 0) || (essidlen > 64) || ((essidlen %2) != 0)) { return false; } essidlen = essidlen /2; if(hex2bin(&pmkidline[59], essid, essidlen) ==false) { return false; } return true; } /*===========================================================================*/ __attribute__ ((noreturn)) void version(char *eigenname) { printf("%s %s (C) %s ZeroBeat\n", eigenname, VERSION_TAG, VERSION_YEAR); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) void usage(char *eigenname) { printf("%s %s (C) %s ZeroBeat\n" "usage:\n" "%s \n" "\n" "options:\n" "-p : input PMKID\n" " PMKID:MAC_AP:MAC_STA:ESSID(XDIGIT)\n" " PMKID*MAC_AP*MAC_STA*ESSID(XDIGIT)\n" "-w : input wordlist (8...63 characters)\n" " output: PMK:ESSID (XDIGIT):password\n" "-W : input single word (8...63 characters)\n" " output: PMK:ESSID (XDIGIT):password\n" "-K : input single PMK\n" " format:\n" " output: PMK:ESSID (XDIGIT)\n" "-h : show this help\n" "-v : show version\n" "\n" "--help : show this help\n" "--version : show version\n" "\n" "hcxpmkidtool designed to verify an existing PSK or and existing PMK.\n" "It is not designed to run big wordlists!\n" "\n", eigenname, VERSION_TAG, VERSION_YEAR, eigenname); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) void usageerror(char *eigenname) { printf("%s %s (C) %s by ZeroBeat\n" "usage: %s -h for help\n", eigenname, VERSION_TAG, VERSION_YEAR, eigenname); exit(EXIT_FAILURE); } /*===========================================================================*/ int main(int argc, char *argv[]) { int auswahl; int index; int c; char *wordlistname = NULL; char *wordname = NULL; char *pmkidname = NULL; char *pmkname = NULL; const char *short_options = "w:W:K:p:hv"; const struct option long_options[] = { {"version", no_argument, NULL, HCXD_VERSION}, {"help", no_argument, NULL, HCXD_HELP}, {NULL, 0, NULL, 0} }; auswahl = -1; index = 0; optind = 1; optopt = 0; while((auswahl = getopt_long (argc, argv, short_options, long_options, &index)) != -1) { switch (auswahl) { case HCXD_WORD_IN: wordname = optarg; if((strlen(wordname) < 8) || (strlen(wordname) > 63)) { fprintf(stderr, "only 8...63 characters allowed\n"); exit(EXIT_FAILURE); } break; case HCXD_WORDLIST_IN: wordlistname = optarg; break; case HCXD_PMK_IN: pmkname = optarg; if(strlen(pmkname) != 64) { fprintf(stderr, "only 64 (XDIGIT) characters allowed\n"); exit(EXIT_FAILURE); } break; case HCXD_PMKID_IN: pmkidname = optarg; break; case HCXD_HELP: usage(basename(argv[0])); break; case HCXD_VERSION: version(basename(argv[0])); break; case '?': usageerror(basename(argv[0])); break; } } if(argc < 2) { fprintf(stderr, "no option selected\n"); exit(EXIT_FAILURE); } if(globalinit() == false) { fprintf(stderr, "initialization failed\n"); exit(EXIT_FAILURE); } if(processpmkid(pmkidname) == false) { fprintf(stderr, "wrong pmkidformat\n"); exit(EXIT_FAILURE); } if((wordname != NULL) && (pskfoundflag == false)) { processwordname(wordname); } if((wordlistname != NULL) && (pskfoundflag == false)) { processwordlist(wordlistname); } if((pmkname != NULL) && (pmkfoundflag == false)) { processpmkname(pmkname); } if(globalclose() == false) { fprintf(stderr, "deinitialization failed\n"); exit(EXIT_FAILURE); } if(pskfoundflag == true) { printf("verified:"); for(c = 0; c < 32; c++) { printf("%02x", pmkout[c]); } printf("%c", separator); for(c = 0; c < essidlen; c++) { printf("%02x", essid[c]); } printf("%c", separator); if(isasciisepstring(pskoutlen, pskout) == true) { printf("%s\n", pskout); } else { printf("$HEX["); for(c = 0; c < pskoutlen; c++) { printf("%02x", pskout[c]); } printf("]/n"); } return EXIT_SUCCESS; } if(pmkfoundflag == true) { printf("verified:"); for(c = 0; c < 32; c++) { printf("%02x", pmkout[c]); } printf("%c", separator); for(c = 0; c < essidlen; c++) { printf("%02x", essid[c]); } printf("\n"); return EXIT_SUCCESS; } return EXHAUSTED; } /*===========================================================================*/ hcxtools-6.2.7/hcxpmktool.c000077500000000000000000000622231423200176400157340ustar00rootroot00000000000000#define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "include/hcxpmktool.h" #include "include/ieee80211.h" static uint8_t pmkcalculated[32]; static uint8_t pmkopt[32]; static uint8_t pmkidcalculated[EVP_MAX_MD_SIZE]; static uint8_t miccalculated[EVP_MAX_MD_SIZE]; static hashlist_t hashlist; /*===========================================================================*/ /*===========================================================================*/ static bool calculatemic(uint8_t *pmk) { static int keyver; static wpakey_t *wpak; static uint8_t *pkeptr; static size_t testptklen; static size_t testmiclen; static EVP_MD_CTX *mdctx; static EVP_PKEY *pkey; static hashlist_t hashlisttmp; static uint8_t pkedata[102]; static uint8_t testptk[EVP_MAX_MD_SIZE]; memcpy(&hashlisttmp, &hashlist, sizeof(hashlist)); wpak = (wpakey_t*)&hashlisttmp.eapol[EAPAUTH_SIZE]; keyver = ntohs(wpak->keyinfo) & WPA_KEY_INFO_TYPE_MASK; if(keyver == 2) { memset(&pkedata, 0, sizeof(pkedata)); memset(&testptk, 0, sizeof(testptk)); memset(&miccalculated, 0, sizeof(testptk)); pkeptr = pkedata; memcpy(pkeptr, "Pairwise key expansion", 23); if(memcmp(hashlisttmp.ap, hashlisttmp.client, 6) < 0) { memcpy(pkeptr +23, hashlisttmp.ap, 6); memcpy(pkeptr +29, hashlisttmp.client, 6); } else { memcpy(pkeptr +23, hashlisttmp.client, 6); memcpy(pkeptr +29, hashlisttmp.ap, 6); } if(memcmp(hashlisttmp.nonce, wpak->nonce, 32) < 0) { memcpy (pkeptr +35, hashlisttmp.nonce, 32); memcpy (pkeptr +67, wpak->nonce, 32); } else { memcpy (pkeptr +35, wpak->nonce, 32); memcpy (pkeptr +67, hashlisttmp.nonce, 32); } testptklen = 32; mdctx = EVP_MD_CTX_new(); if(mdctx == 0) return false; pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, pmk, 32); if(pkey == NULL) { EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignInit(mdctx, NULL, EVP_sha1(), NULL, pkey) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignUpdate(mdctx, pkedata, 100) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignFinal(mdctx, testptk, &testptklen) <= 0) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } EVP_PKEY_free(pkey); EVP_MD_CTX_reset(mdctx); testmiclen = 16; pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, testptk, 16); if(pkey == NULL) { EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignInit(mdctx, NULL, EVP_sha1(), NULL, pkey) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignUpdate(mdctx, hashlisttmp.eapol, hashlisttmp.eapauthlen) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignFinal(mdctx, miccalculated, &testmiclen) <= 0) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return true; } else if(keyver == 1) { memset(&pkedata, 0, sizeof(pkedata)); memset(&testptk, 0, sizeof(testptk)); memset(&miccalculated, 0, sizeof(testptk)); pkeptr = pkedata; memcpy(pkeptr, "Pairwise key expansion", 23); if(memcmp(hashlisttmp.ap, hashlisttmp.client, 6) < 0) { memcpy(pkeptr +23, hashlisttmp.ap, 6); memcpy(pkeptr +29, hashlisttmp.client, 6); } else { memcpy(pkeptr +23, hashlisttmp.client, 6); memcpy(pkeptr +29, hashlisttmp.ap, 6); } if(memcmp(hashlisttmp.nonce, wpak->nonce, 32) < 0) { memcpy (pkeptr +35, hashlisttmp.nonce, 32); memcpy (pkeptr +67, wpak->nonce, 32); } else { memcpy (pkeptr +35, wpak->nonce, 32); memcpy (pkeptr +67, hashlisttmp.nonce, 32); } testptklen = 32; mdctx = EVP_MD_CTX_new(); if(mdctx == 0) return false; pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, pmk, 32); if(pkey == NULL) { EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignInit(mdctx, NULL, EVP_sha1(), NULL, pkey) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignUpdate(mdctx, pkedata, 100) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignFinal(mdctx, testptk, &testptklen) <= 0) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } EVP_PKEY_free(pkey); EVP_MD_CTX_reset(mdctx); testmiclen = 16; pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, testptk, 16); if(pkey == NULL) { EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignInit(mdctx, NULL, EVP_md5(), NULL, pkey) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignUpdate(mdctx, hashlisttmp.eapol, hashlisttmp.eapauthlen) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignFinal(mdctx, miccalculated, &testmiclen) <= 0) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return true; } else if(keyver == 3) { memset(&pkedata, 0, sizeof(pkedata)); memset(&testptk, 0, sizeof(testptk)); memset(&miccalculated, 0, sizeof(testptk)); pkedata[0] = 1; pkedata[1] = 0; pkeptr = pkedata +2; memcpy(pkeptr, "Pairwise key expansion", 22); if(memcmp(hashlisttmp.ap, hashlisttmp.client, 6) < 0) { memcpy(pkeptr +22, hashlisttmp.ap, 6); memcpy(pkeptr +28, hashlisttmp.client, 6); } else { memcpy(pkeptr +22, hashlisttmp.client, 6); memcpy(pkeptr +28, hashlisttmp.ap, 6); } if(memcmp(hashlisttmp.nonce, wpak->nonce, 32) < 0) { memcpy (pkeptr +34, hashlisttmp.nonce, 32); memcpy (pkeptr +66, wpak->nonce, 32); } else { memcpy (pkeptr +34, wpak->nonce, 32); memcpy (pkeptr +66, hashlisttmp.nonce, 32); } pkedata[100] = 0x80; pkedata[101] = 1; testptklen = 32; mdctx = EVP_MD_CTX_new(); if(mdctx == 0) return false; pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, pmk, 32); if(pkey == NULL) { EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignInit(mdctx, NULL, EVP_sha256(), NULL, pkey) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignUpdate(mdctx, pkedata, 102) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignFinal(mdctx, testptk, &testptklen) <= 0) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } EVP_PKEY_free(pkey); EVP_MD_CTX_reset(mdctx); testmiclen = 16; pkey = EVP_PKEY_new_CMAC_key(NULL, testptk, 16, EVP_aes_128_cbc()); if(pkey == NULL) { EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, pkey) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignUpdate(mdctx, hashlisttmp.eapol, hashlisttmp.eapauthlen) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignFinal(mdctx, miccalculated, &testmiclen) <= 0) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); } return true; } /*===========================================================================*/ static bool calculatepmkid(uint8_t *pmk) { static size_t pmkidcalculatedlen; static EVP_MD_CTX *mdctx; static EVP_PKEY *pkey; static char *pmkname = "PMK Name"; static uint8_t message[32]; memcpy(&message, pmkname, 8); memcpy(&message[8], hashlist.ap, 6); memcpy(&message[14], hashlist.client, 6); pmkidcalculatedlen = 16; mdctx = EVP_MD_CTX_new(); if(mdctx == 0) return false; pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, pmk, 32); if(pkey == NULL) { EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignInit(mdctx, NULL, EVP_sha1(), NULL, pkey) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignUpdate(mdctx, message, 20) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestSignFinal(mdctx, pmkidcalculated, &pmkidcalculatedlen) <= 0) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return false; } EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); return true; } /*===========================================================================*/ static bool dopbkdf2(int psklen, char *psk, int essidlen, uint8_t *essid) { if((essid == NULL) || (psk == NULL)) return false; if(PKCS5_PBKDF2_HMAC_SHA1(psk, psklen, essid, essidlen, 4096, 32, pmkcalculated) == 0) return false; return true; } /*===========================================================================*/ static void base64(const unsigned char* buffer, size_t len, char** b64text) { static BIO *bio, *b64; static BUF_MEM *bufferPtr; b64 = BIO_new(BIO_f_base64()); bio = BIO_new(BIO_s_mem()); bio = BIO_push(b64, bio); BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL); BIO_write(bio, buffer, len); (void) BIO_flush(bio); BIO_get_mem_ptr(bio, &bufferPtr); (void) BIO_set_close(bio, BIO_NOCLOSE); BIO_free_all(bio); *b64text=(*bufferPtr).data; return; } /*===========================================================================*/ static size_t getfield(char *lineptr, size_t bufflen, uint8_t *buff) { static size_t p; static uint8_t idx0; static uint8_t idx1; static const uint8_t hashmap[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, // 01234567 0x08, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 89:;<=>? 0x00, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00, // @ABCDEFG 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // HIJKLMNO 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // PQRSTUVW 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // XYZ[\]^_ 0x00, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00, // `abcdefg 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // hijklmno }; memset(buff, 0, bufflen); p = 0; while((lineptr[p] != '*') && (lineptr[p] != 0) && (p /2 <= bufflen)) { if(!isxdigit((unsigned char)lineptr[p +0])) return 0; if(!isxdigit((unsigned char)lineptr[p +1])) return 0; if((lineptr[p +1] == '*') && (lineptr[p +1] == 0)) return 0; idx0 = ((uint8_t)lineptr[p +0] &0x1F) ^0x10; idx1 = ((uint8_t)lineptr[p +1] &0x1F) ^0x10; buff[p /2] = (uint8_t)(hashmap[idx0] <<4) | hashmap[idx1]; p += 2; if((p /2) > bufflen) return 0; } return p /2; } /*===========================================================================*/ static bool gethashlinefields(char *hashlinestring) { static char *hashlinedupa; static char *token; static size_t len; static size_t p; static char wpaf[] = { "WPA" }; memset(&hashlist, 0, sizeof(hashlist_t)); if(hashlinestring == NULL) return false; len = strlen(hashlinestring); if(len < 69) return false; if((hashlinestring[3] != '*') || (hashlinestring[6] != '*') || (hashlinestring[39] != '*') || (hashlinestring[52] != '*') || (hashlinestring[65] != '*')) for(p = 7; p < len; p++) { if((!isxdigit((unsigned char)hashlinestring[p])) && (hashlinestring[p] != '*')) return false; } hashlinedupa = strndup(hashlinestring, len +1); if(hashlinedupa == NULL) return false; token = strsep(&hashlinedupa, "*"); if(token == NULL) return false; len = strlen(token); if(len != 3) return false; if(memcmp(&wpaf, token, 3) != 0) return false; token = strsep(&hashlinedupa, "*"); if(token == NULL) return false; len = strlen(token); if(len != 2) return false; hashlist.type = strtol(token, NULL, 10); if((hashlist.type != 1) && (hashlist.type != 2)) return false; token = strsep(&hashlinedupa, "*"); if(token == NULL) return false; len = strlen(token); if(len != 32) return false; if(getfield(token, HASH_LEN, hashlist.hash) != HASH_LEN) return false; token = strsep(&hashlinedupa, "*"); if(token == NULL) return false; len = strlen(token); if(len != 12) return false; if(getfield(token, 6, hashlist.ap) != 6) return false; token = strsep(&hashlinedupa, "*"); if(token == NULL) return false; len = strlen(token); if(len != 12) return false; if(getfield(token, 6, hashlist.client) != 6) return false; token = strsep(&hashlinedupa, "*"); len = strlen(token); if(((len %2) != 0) || (len > 64)) return false; hashlist.essidlen = len /2; if(getfield(token, hashlist.essidlen, hashlist.essid) != hashlist.essidlen) return false; if(hashlist.type == 1) return true; token = strsep(&hashlinedupa, "*"); len = strlen(token); if(len != 64) return false; if(getfield(token, 32, hashlist.nonce) != 32) return false; token = strsep(&hashlinedupa, "*"); len = strlen(token); if(((len %2) != 0) || (len > EAPOL_AUTHLEN_MAX *2)) return false; if(getfield(token, EAPOL_AUTHLEN_MAX, hashlist.eapol) != len /2) return false; hashlist.eapauthlen = len /2; token = strsep(&hashlinedupa, "*"); len = strlen(token); if(len != 2) return false; hashlist.mp = strtol(token, NULL, 10); free(hashlinedupa); return true; } /*===========================================================================*/ static void showstandardinfohashlineessidpsk(char *hashlinestring, char *essidstring, char *pskstring) { size_t p; size_t psklen; size_t essidlen; if(gethashlinefields(hashlinestring) == false) { fprintf(stdout, "hash line exception\n"); return; } essidlen = strlen(essidstring); if((essidlen == 0) || (essidlen > ESSID_LEN_MAX)) { fprintf(stdout, "ESSID length exception\n"); return; } psklen = strlen(pskstring); if((psklen == 63) || (psklen > 63)) { fprintf(stdout, "PSK length exception\n"); return; } if(dopbkdf2(psklen, pskstring, essidlen, (uint8_t*)essidstring) == false) { fprintf(stdout, "PBKDF2 calculation error\n"); return; } if(calculatepmkid(pmkcalculated) == false) { fprintf(stdout, "MIC calculation error\n"); return; } else if(hashlist.type == HS_EAPOL) { if(calculatemic(pmkcalculated) == false) { fprintf(stdout, "MIC calculation error\n"); return; } } fprintf(stdout, "ESSID (option)....: %s\n", essidstring); fprintf(stdout, "ESSID (hash line).: %.*s\n", hashlist.essidlen, hashlist.essid); fprintf(stdout, "PSK...............: %s\n", pskstring); fprintf(stdout, "PMK (ESSID option): "); for(p = 0; p < PMK_LEN; p++) fprintf(stdout, "%02x", pmkcalculated[p]); fprintf(stdout, "\n"); fprintf(stdout, "PMKID (calculated): "); for(p = 0; p < HASH_LEN; p++) fprintf(stdout, "%02x", pmkidcalculated[p]); fprintf(stdout, "\n"); if(hashlist.type == HS_PMKID) { fprintf(stdout, "PMKID (hash line).: "); for(p = 0; p < HASH_LEN; p++) fprintf(stdout, "%02x", hashlist.hash[p]); if(memcmp(&pmkidcalculated, &hashlist.hash, HASH_LEN) == 0) fprintf(stdout, " (equal)\n"); else fprintf(stdout, " (not equal)\n"); } else if(hashlist.type == HS_EAPOL) { fprintf(stdout, "MIC (calculated)..: "); for(p = 0; p < HASH_LEN; p++) fprintf(stdout, "%02x", miccalculated[p]); fprintf(stdout, "\n"); fprintf(stdout, "MIC (hash line)...: "); for(p = 0; p < HASH_LEN; p++) fprintf(stdout, "%02x", hashlist.hash[p]); if(memcmp(&miccalculated, &hashlist.hash, HASH_LEN) == 0) fprintf(stdout, " (equal)\n"); else fprintf(stdout, " (not equal)\n"); } return; } /*===========================================================================*/ static void showstandardinfohashlinepmk(char *hashlinestring, char *pmkstring) { size_t p; size_t pmklen; if(gethashlinefields(hashlinestring) == false) { fprintf(stdout, "hash line exception\n"); return; } pmklen = strlen(pmkstring); if(pmklen != 64) { fprintf(stdout, "PMK length exception\n"); return; } if(getfield(pmkstring, 32, pmkopt) != 32) { fprintf(stdout, "PMK length exception\n"); return; } if(calculatepmkid(pmkopt) == false) { fprintf(stdout, "MIC calculation error\n"); return; } else if(hashlist.type == HS_EAPOL) { if(calculatemic(pmkopt) == false) { fprintf(stdout, "MIC calculation error\n"); return; } } fprintf(stdout, "ESSID.............: %.*s\n", hashlist.essidlen, hashlist.essid); fprintf(stdout, "PMK...............: "); for(p = 0; p < PMK_LEN; p++) fprintf(stdout, "%02x", pmkopt[p]); fprintf(stdout, "\n"); fprintf(stdout, "PMKID (calculated): "); for(p = 0; p < HASH_LEN; p++) fprintf(stdout, "%02x", pmkidcalculated[p]); fprintf(stdout, "\n"); if(hashlist.type == HS_PMKID) { fprintf(stdout, "PMKID (hash line).: "); for(p = 0; p < HASH_LEN; p++) fprintf(stdout, "%02x", hashlist.hash[p]); if(memcmp(&pmkidcalculated, &hashlist.hash, HASH_LEN) == 0) fprintf(stdout, " (equal)\n"); else fprintf(stdout, " (not equal)\n"); } else if(hashlist.type == HS_EAPOL) { fprintf(stdout, "MIC (calculated)..: "); for(p = 0; p < HASH_LEN; p++) fprintf(stdout, "%02x", miccalculated[p]); fprintf(stdout, "\n"); fprintf(stdout, "MIC (hash line)...: "); for(p = 0; p < HASH_LEN; p++) fprintf(stdout, "%02x", hashlist.hash[p]); if(memcmp(&miccalculated, &hashlist.hash, HASH_LEN) == 0) fprintf(stdout, " (equal)\n"); else fprintf(stdout, " (not equal)\n"); } return; } /*===========================================================================*/ static void showstandardinfohashlinepsk(char *hashlinestring, char *pskstring) { size_t p; size_t psklen; if(gethashlinefields(hashlinestring) == false) { fprintf(stdout, "hash line exception\n"); return; } psklen = strlen(pskstring); if((psklen == 63) || (psklen > 63)) { fprintf(stdout, "PSK length exception\n"); return; } if(dopbkdf2(psklen, pskstring, hashlist.essidlen, hashlist.essid) == false) { fprintf(stdout, "PBKDF2 calculation error\n"); return; } if(calculatepmkid(pmkcalculated) == false) { fprintf(stdout, "MIC calculation error\n"); return; } else if(hashlist.type == HS_EAPOL) { if(calculatemic(pmkcalculated) == false) { fprintf(stdout, "MIC calculation error\n"); return; } } fprintf(stdout, "ESSID.............: %.*s\n", hashlist.essidlen, hashlist.essid); fprintf(stdout, "PSK .............: %s\n", pskstring); fprintf(stdout, "PMK...............: "); for(p = 0; p < PMK_LEN; p++) fprintf(stdout, "%02x", pmkcalculated[p]); fprintf(stdout, "\n"); fprintf(stdout, "PMKID (calculated): "); for(p = 0; p < HASH_LEN; p++) fprintf(stdout, "%02x", pmkidcalculated[p]); fprintf(stdout, "\n"); if(hashlist.type == HS_PMKID) { fprintf(stdout, "PMKID (hash line).: "); for(p = 0; p < HASH_LEN; p++) fprintf(stdout, "%02x", hashlist.hash[p]); if(memcmp(&pmkidcalculated, &hashlist.hash, HASH_LEN) == 0) fprintf(stdout, " (equal)\n"); else fprintf(stdout, " (not equal)\n"); } else if(hashlist.type == HS_EAPOL) { fprintf(stdout, "MIC (calculated)..: "); for(p = 0; p < HASH_LEN; p++) fprintf(stdout, "%02x", miccalculated[p]); fprintf(stdout, "\n"); fprintf(stdout, "MIC (hash line)...: "); for(p = 0; p < HASH_LEN; p++) fprintf(stdout, "%02x", hashlist.hash[p]); if(memcmp(&miccalculated, &hashlist.hash, HASH_LEN) == 0) fprintf(stdout, " (equal)\n"); else fprintf(stdout, " (not equal)\n"); } return; } /*===========================================================================*/ static void showstandardinfobase64(char *essidstring, char *pmkstring) { static size_t p; static size_t pmklen; static size_t essidlen; static char *baseline; essidlen = strlen(essidstring); if((essidlen == 0) || (essidlen > ESSID_LEN_MAX)) { fprintf(stdout, "ESSID length exception\n"); return; } pmklen = strlen(pmkstring); if(pmklen != 64) { fprintf(stdout, "PMK length exception\n"); return; } if(getfield(pmkstring, 32, pmkopt) != 32) { fprintf(stdout, "PMK length exception\n"); return; } fprintf(stdout, "ESSID............: %s\n", essidstring); fprintf(stdout, "PMK..............: "); for(p = 0; p < PMK_LEN; p++) fprintf(stdout, "%02x", pmkopt[p]); fprintf(stdout, "\n"); base64((unsigned char*)essidstring, essidlen, &baseline); fprintf(stdout, "PBKDF2-HMAC-SHA1.: sha1:4096:%s:", baseline); free(baseline); base64((unsigned char*)pmkopt, 32, &baseline); fprintf(stdout, "%s\n\nuse hashcat -m 12000 to recover the PSK\n", baseline); free(baseline); return; } /*===========================================================================*/ static void showstandardinfopmk(char *pskstring, char *essidstring, char *pmkstring) { static size_t p; static size_t pmklen; static size_t essidlen; static size_t psklen; essidlen = strlen(essidstring); if((essidlen == 0) || (essidlen > ESSID_LEN_MAX)) { fprintf(stdout, "ESSID length exception\n"); return; } psklen = strlen(pskstring); if((psklen == 63) || (psklen > 63)) { fprintf(stdout, "PSK length exception\n"); return; } pmklen = strlen(pmkstring); if(pmklen != 64) { fprintf(stdout, "PMK length exception\n"); return; } if(getfield(pmkstring, 32, pmkopt) != 32) { fprintf(stdout, "PMK length exception\n"); return; } if(dopbkdf2(psklen, pskstring, essidlen, (uint8_t*)essidstring) == false) { fprintf(stdout, "PBKDF2 calculation error\n"); return; } fprintf(stdout, "ESSID............: %s\n", essidstring); fprintf(stdout, "PSK..............: %s\n", pskstring); fprintf(stdout, "PMK (calculated).: "); for(p = 0; p < PMK_LEN; p++) fprintf(stdout, "%02x", pmkcalculated[p]); fprintf(stdout, "\n"); fprintf(stdout, "PMK (from option): "); for(p = 0; p < PMK_LEN; p++) fprintf(stdout, "%02x", pmkopt[p]); if(memcmp(&pmkcalculated, &pmkopt, PMK_LEN) == 0) fprintf(stdout, " (equal)\n"); else fprintf(stdout, " (not equal)\n"); return; } /*===========================================================================*/ static void showstandardinfo(char *pskstring, char *essidstring) { static size_t p; static size_t essidlen; static size_t psklen; essidlen = strlen(essidstring); if((essidlen == 0) || (essidlen > ESSID_LEN_MAX)) { fprintf(stdout, "ESSID length exception\n"); return; } psklen = strlen(pskstring); if((psklen == 63) || (psklen > 63)) { fprintf(stdout, "PSK length exception\n"); return; } if(dopbkdf2(psklen, pskstring, essidlen, (uint8_t*)essidstring) == false) { fprintf(stdout, "PBKDF2 calculation error\n"); return; } fprintf(stdout, "ESSID: %s\n", essidstring); fprintf(stdout, "PSK..: %s\n", pskstring); fprintf(stdout, "PMK..: "); for(p = 0; p < PMK_LEN; p++) fprintf(stdout, "%02x", pmkcalculated[p]); fprintf(stdout, "\n"); return; } /*===========================================================================*/ __attribute__ ((noreturn)) static inline void version(char *eigenname) { fprintf(stdout, "%s %s (C) %s ZeroBeat\n", eigenname, VERSION_TAG, VERSION_YEAR); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) static inline void usage(char *eigenname) { fprintf(stdout, "%s %s (C) %s ZeroBeat\n" "usage : %s \n" "\n" "short options:\n" "-i : input hashcat hash line (-m 22000)\n" "-e : input ESSID\n" "-p : input Pre Shared Key\n" "-m : input Plain Master KEY\n" "\n" "long options:\n" "--help : show this help\n" "--version : show version\n", eigenname, VERSION_TAG, VERSION_YEAR, eigenname); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) static inline void usageerror(char *eigenname) { fprintf(stdout, "%s %s (C) %s by ZeroBeat\n" "usage: %s -h for help\n", eigenname, VERSION_TAG, VERSION_YEAR, eigenname); exit(EXIT_FAILURE); } /*===========================================================================*/ int main(int argc, char *argv[]) { static int auswahl; static int index; static char *hashlinestring; static char *essidstring; static char *pskstring; static char *pmkstring; static const char *short_options = "i:e:p:m:hv"; static const struct option long_options[] = { {"version", no_argument, NULL, HCX_VERSION}, {"help", no_argument, NULL, HCX_HELP}, {NULL, 0, NULL, 0} }; auswahl = -1; index = 0; optind = 1; optopt = 0; hashlinestring = NULL; essidstring = NULL; pskstring = NULL; pmkstring = NULL; while((auswahl = getopt_long(argc, argv, short_options, long_options, &index)) != -1) { switch (auswahl) { case HCX_HASHLINE: hashlinestring = optarg; break; case HCX_ESSID: essidstring = optarg; break; case HCX_PSK: pskstring = optarg; break; case HCX_PMK: pmkstring = optarg; break; case HCX_HELP: usage(basename(argv[0])); break; case HCX_VERSION: version(basename(argv[0])); break; case '?': usageerror(basename(argv[0])); break; } } ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); fprintf(stdout, "\n"); if((essidstring != NULL) && (pskstring != NULL) && (pmkstring == NULL) && (hashlinestring == NULL)) { showstandardinfo(pskstring, essidstring); } else if((essidstring != NULL) && (pskstring != NULL) && (pmkstring != NULL) && (hashlinestring == NULL)) { showstandardinfopmk(pskstring, essidstring, pmkstring); } else if((essidstring != NULL) && (pskstring == NULL) && (pmkstring != NULL) && (hashlinestring == NULL)) { showstandardinfobase64(essidstring, pmkstring); } else if((essidstring == NULL) && (pskstring != NULL) && (pmkstring == NULL) && (hashlinestring != NULL)) { showstandardinfohashlinepsk(hashlinestring, pskstring); } else if((essidstring == NULL) && (pskstring == NULL) && (pmkstring != NULL) && (hashlinestring != NULL)) { showstandardinfohashlinepmk(hashlinestring, pmkstring); } else if((essidstring != NULL) && (pskstring != NULL) && (pmkstring == NULL) && (hashlinestring != NULL)) { showstandardinfohashlineessidpsk(hashlinestring, essidstring, pskstring); } fprintf(stdout, "\n"); EVP_cleanup(); CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); return EXIT_SUCCESS; } /*===========================================================================*/ hcxtools-6.2.7/hcxpsktool.c000066400000000000000000003034741423200176400157450ustar00rootroot00000000000000#define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #if defined(__APPLE__) || defined(__OpenBSD__) #include #else #include #endif #include "include/hcxpsktool.h" #include "include/hashcatops.h" #include "include/strings.c" /*===========================================================================*/ /* global var */ static apessidl_t *apessidliste; static int apessidcount; static unsigned int thisyear; static bool airtelflag; static bool alticeoptimumflag; static bool spectrumflag; static bool digit10flag; static bool easyboxflag; static bool eeflag; static bool egnflag; static bool eudateflag; static bool hb5flag; static bool maconlyflag; static bool netgearflag; static bool noessidcombinationflag; static bool phomeflag; static bool podaflag; static bool tendaflag; static bool ukrtelecomflag; static bool usdateflag; static bool weakpassflag; static bool wpskeysflag; static bool znidflag; uint8_t essidglen; /*===========================================================================*/ static void globalinit() { static time_t t; static struct tm *tm; apessidliste = NULL; apessidcount = 0; essidglen = 32; t = time(NULL); tm = localtime(&t); thisyear = tm->tm_year +1900; ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); return; } /*===========================================================================*/ /*===========================================================================*/ static void writepsk(FILE *fhout, const char *pskstring) { static bool lflag = false; static bool uflag = false; static int p, l; static char lowerpskstring[PSKSTRING_LEN_MAX] = {}; static char upperpskstring[PSKSTRING_LEN_MAX] = {}; l = strlen(pskstring); if((l < 8) || (l > PSKSTRING_LEN_MAX)) return; fprintf(fhout,"%s\n", pskstring); for(p = 0; p < l; p++) { if(islower((unsigned char)pskstring[p])) { upperpskstring[p] = toupper((unsigned char)pskstring[p]); uflag = true; } else upperpskstring[p] = pskstring[p]; if(isupper((unsigned char)pskstring[p])) { lowerpskstring[p] = tolower((unsigned char)pskstring[p]); lflag = true; } else lowerpskstring[p] = pskstring[p]; } upperpskstring[p] = 0; lowerpskstring[p] = 0; if(uflag == true) fprintf(fhout,"%s\n", upperpskstring); if(lflag == true) fprintf(fhout,"%s\n", lowerpskstring); if((lowerpskstring[0] >= 'a') && (lowerpskstring[0] <= 'z')) { lowerpskstring[0] = toupper((unsigned char)lowerpskstring[0]); fprintf(fhout,"%s\n", lowerpskstring); } return; } /*===========================================================================*/ static void keywritedigit10(FILE *fhout) { static int i; static uint16_t f1, f2; static unsigned long long int ec, el, eu; static unsigned int digestmd5len; static EVP_MD_CTX* mdctx; static uint32_t fixseed1[] = { 0xb100, 0xb300, 0xf200, 0xf800, 0xf900, 0xfa00 }; #define FIXSEED1_SIZE sizeof(fixseed1) /sizeof(uint32_t) static char message[PSKSTRING_LEN_MAX]; static uint8_t digestmd5[EVP_MAX_MD_SIZE]; for(f1 = 0; f1 < FIXSEED1_SIZE; f1++) { for(f2 = 0; f2 <=0xff; f2++) { for(ec = 0; ec <= 0xffff; ec++) { snprintf(message, PSKSTRING_LEN_MAX, "D0542D-01%010lld", ec | (fixseed1[f1] +f2) << 16); digestmd5len = 16; mdctx = EVP_MD_CTX_create(); if(mdctx == NULL) continue; if(EVP_DigestInit_ex(mdctx, EVP_md5(), NULL) == 0) { EVP_MD_CTX_free(mdctx); continue; } if(EVP_DigestUpdate(mdctx, message, 19) == 0) { EVP_MD_CTX_free(mdctx); continue; } if(EVP_DigestFinal_ex(mdctx, digestmd5, &digestmd5len) == 0) { EVP_MD_CTX_free(mdctx); continue; } EVP_MD_CTX_free(mdctx); } el = 0; eu = 0; for(i = 0; i < 8; i++) { eu = (el >> 0x18 | ((eu << 8) &0xffffffff)) &0xffffffff; el = (((el << 8) &0xffffffff) | digestmd5[i + 8]) &0xffffffff; } fprintf(fhout, "%010lld\n", ((eu << 32) +el) %0x2540be400); } } return; } /*===========================================================================*/ static void keywritenetgear(FILE *fhout) { static size_t ca, cs; static int cn; static char pskstring[PSKSTRING_LEN_MAX] = {}; static const char *firstword[] = { "ancient", "aquatic", "basic", "black", "blue", "bold", "brave", "breezy", "bright", "brown", "calm", "cheerful", "chummy", "classy", "clever", "cloudy", "cool", "crispy", "curly", "daily", "deep", "delightful", "dizzy", "dynamic", "eagle", "elated", "elegant", "epic", "excited", "exotic", "fancy", "fearless", "festive", "fluffy", "free", "fresh", "friendly", "fuzzy", "gentle", "gifted", "gigantic", "graceful", "grand", "great", "green", "happy", "heavy", "helpful", "hungry", "husky", "icy", "imaginary", "jagged", "jolly", "joyous", "kind", "large", "little", "lively", "lucky", "lunar", "magical", "manic", "melodic", "mighty", "misty", "modern", "narrow", "new", "nifty", "noisy", "odd", "orange", "pastel", "perfect", "phobic", "pink", "polite", "precious", "purple", "quaint", "quick", "quiet", "rapid", "red", "rocky", "round", "royal", "rustic", "savage", "shiny", "silent", "silky", "silly", "slow", "smiley", "smiling", "smooth", "strong", "sunny", "sweet", "tablet", "thirsty", "thoughtful", "tiny", "uneven", "unusual", "vanilla", "vast", "watery", "wide", "windy", "witty", "wonderful", "yellow", "young", "zany" }; static const char *secondword[] = { "airplane", "apple", "balloon", "banana", "bay", "berry", "bird", "boat", "bolt", "box", "brain", "breeze", "bug", "butter", "canary", "canoe", "car", "carrot", "cartoon", "cello", "chair", "cheese", "coconut", "comet", "cream", "curtain", "daisy", "diamond", "domain", "earth", "ecasa", "elephant", "finch", "fire", "fish", "flamingo", "flower", "flute", "gadfly", "giant", "grasshopper", "hat", "hill", "hippo", "house", "ink", "iris", "jade", "jet", "jetcar", "jungle", "kangaroo", "kayak", "lake", "lightning", "link", "lotus", "mango", "mesa", "mint", "mobile", "moon", "mountain", "nest", "oboe", "ocean", "octopus", "onion", "orchestra", "owl", "panda", "phoenix", "piano", "pineapple", "planet", "plum", "pond", "poodle", "potato", "prairie", "quail", "rabbit", "raccoon", "raven", "river", "road", "rosebud", "sea", "sheep", "ship", "shoe", "shrub", "skates", "sky", "snail", "socks", "sparrow", "spider", "stone", "squash", "squirrel", "star", "street", "sun", "table", "tail", "teapot", "time", "tomato", "trail", "train", "tree", "trumpet", "tuba", "tulip", "turkey", "umbrella", "unicorn", "unit", "valley", "vase", "violet", "violin", "water", "wind", "window", "zoo" }; for(ca = 0; ca < (sizeof(firstword) / sizeof(char *)); ca++) { for(cs = 0; cs < (sizeof(secondword) / sizeof(char *)); cs++) { if(strcmp(firstword[ca], secondword[cs]) == 0) continue; for (cn = 0; cn < 1000; cn++) { snprintf(pskstring, PSKSTRING_LEN_MAX, "%s%s%03d", firstword[ca], secondword[cs], cn); fprintf(fhout,"%s\n", pskstring); } } } for(ca = 0; ca < (sizeof(firstword) / sizeof(char *)); ca++) { for(cs = 0; cs < (sizeof(secondword) / sizeof(char *)); cs++) { if(strcmp(firstword[ca], secondword[cs]) == 0) continue; for (cn = 0; cn < 100; cn++) { snprintf(pskstring, PSKSTRING_LEN_MAX, "%s%s%02d", firstword[ca], secondword[cs], cn); fprintf(fhout,"%s\n", pskstring); } } } for(ca = 0; ca < (sizeof(firstword) / sizeof(char *)); ca++) { for(cs = 0; cs < (sizeof(secondword) / sizeof(char *)); cs++) { if(strcmp(firstword[ca], secondword[cs]) == 0) continue; for (cn = 0; cn < 10; cn++) { snprintf(pskstring, PSKSTRING_LEN_MAX, "%s%s%d", firstword[ca], secondword[cs], cn); fprintf(fhout,"%s\n", pskstring); } } } for(ca = 0; ca < (sizeof(firstword) / sizeof(char *)); ca++) { for(cs = 0; cs < (sizeof(secondword) / sizeof(char *)); cs++) { if(strcmp(firstword[ca], secondword[cs]) == 0) continue; snprintf(pskstring, PSKSTRING_LEN_MAX, "%s%s", firstword[ca], secondword[cs]); fprintf(fhout,"%s\n", pskstring); } } return; } /*===========================================================================*/ static void keywritespectrum(FILE *fhout) { static size_t ca, cs; static int cn; static char pskstring[PSKSTRING_LEN_MAX] = {}; static const char *firstword[] = { "absurd", "acre", "actual", "adorable", "agency", "ago", "album", "all", "alter", "anchor", "ancient", "angry", "apart", "aquatic", "author", "away", "bakery", "barrel", "basic", "basket", "bench", "better", "black", "blue", "bold", "born", "botany", "brave", "breezy", "brew", "bridge", "brief", "bright", "broad", "brown", "calm", "camera", "chance", "check", "chilly", "choice", "chorus", "chummy", "classy", "clean", "clerk", "clever", "close", "cloudy", "clumsy", "coffee", "cold", "common", "content", "cool", "cosmic", "crispy", "curly", "daily", "damp", "decent", "deep", "degree", "desert", "direct", "dizzy", "domain", "due", "dusty", "duty", "dynamic", "each", "eager", "eagle", "easy", "elated", "elegant", "empty", "energy", "engine", "entire", "epic", "errand", "even", "exact", "excited", "exotic", "fair", "famous", "fancy", "farmer", "fast", "fearless", "festive", "few", "finish", "first", "fit", "fluent", "fluffy", "formal", "free", "fresh", "friend", "front", "funny", "furry", "future", "fuzzy", "gallon", "genius", "gentle", "giddy", "gifted", "global", "gold", "goofy", "grain", "grand", "great", "green", "grumpy", "guitar", "happy", "harbor", "hearty", "heavy", "height", "helpful", "high", "hockey", "honest", "honor", "hotel", "hungry", "husky", "icy", "idea", "immune", "input", "invent", "island", "jacket", "jagged", "jazz", "jeans", "jewel", "jolly", "joyous", "judge", "kettle", "key", "kind", "kite", "knight", "known", "ladder", "large", "latter", "lazy", "leader", "left", "legal", "less", "light", "like", "little", "lively", "long", "lost", "lotus", "loud", "loyal", "lucky", "magical", "major", "manic", "many", "marble", "market", "master", "mellow", "melodic", "middle", "mighty", "minute", "mirror", "misty", "mobile", "modern", "month", "much", "museum", "narrow", "nature", "nearby", "neat", "nest", "new", "nifty", "nine", "noble", "noisy", "normal", "north", "oasis", "object", "ocean", "odd", "olive", "open", "orange", "oxygen", "palm", "parade", "past", "pastel", "patron", "perfect", "phobic", "phone", "pink", "plain", "plane", "pledge", "pocket", "polite", "praise", "precious", "prior", "prize", "proper", "prose", "proud", "purple", "quaint", "quick", "quiet", "quote", "rain", "rainy", "rapid", "rare", "ready", "reason", "red", "remedy", "review", "reward", "rich", "rocket", "rocky", "round", "royal", "runner", "rustic", "safety", "salt", "salute", "scary", "scout", "select", "shelf", "shiny", "short", "silent", "silky", "silly", "silver", "sleepy", "slow", "small", "smart", "smiley", "smiling", "smooth", "soccer", "some", "space", "spare", "square", "stable", "statue", "stealth", "stock", "street", "strict", "strong", "studio", "such", "sudden", "summit", "sunny", "super", "sweet", "swift", "tablet", "tall", "teal", "terrific", "theory", "thick", "thirsty", "this", "tight", "timber", "tiny", "town", "turtle", "uneven", "union", "unique", "unite", "unusual", "upset", "urban", "useful", "usual", "valley", "vanilla", "vast", "verse", "violet", "violin", "voyage", "wagon", "walnut", "warm", "watch", "watery", "weekly", "west", "wide", "windy", "wine", "witty", "wonderful", "wooden", "writer", "yacht", "yard", "year", "yellow", "young", "zany", "zeal", "zebra", "zone" }; static const char *secondword[] = { "acre", "actor", "ad", "advice", "agency", "air", "airplane", "album", "anchor", "apple", "area", "aspect", "author", "ave", "bakery", "ball", "balloon", "banana", "barrel", "basket", "beach", "bead", "bear", "bench", "berry", "bike", "bird", "board", "boat", "bolt", "bonus", "book", "boot", "botany", "box", "brain", "bread", "breeze", "bridge", "bubble", "bug", "bunny", "bus", "butter", "camera", "canoe", "car", "carrot", "cartoon", "cello", "chair", "check", "cheek", "cheese", "chorus", "city", "clerk", "clock", "coat", "coconut", "coffee", "comet", "cookie", "cosmic", "country", "county", "cow", "cream", "crown", "curtain", "daisy", "data", "dealer", "deer", "degree", "desert", "desk", "diamond", "dinner", "dirt", "dog", "doll", "domain", "drama", "duty", "eagle", "ear", "earth", "editor", "effort", "energy", "engine", "epic", "errand", "error", "estate", "extent", "famous", "farmer", "field", "finch", "finish", "fire", "fish", "flower", "fluent", "flute", "form", "formal", "fox", "friend", "gadfly", "gallon", "garden", "gate", "genius", "giant", "global", "grain", "guitar", "guppy", "hair", "hall", "hand", "harbor", "hat", "height", "hill", "hippo", "hockey", "home", "honor", "horse", "hotel", "house", "idea", "idol", "immune", "income", "ink", "input", "invent", "iris", "island", "jacket", "jade", "jazz", "jeans", "jet", "jewel", "judge", "jungle", "kayak", "kettle", "key", "kite", "knight", "ladder", "lake", "law", "lawn", "leader", "lemon", "length", "light", "lion", "lotus", "loyal", "major", "mango", "marble", "market", "math", "menu", "mesa", "method", "mint", "mirror", "mobile", "month", "moon", "mud", "museum", "music", "nation", "nature", "nest", "noble", "north", "oasis", "object", "oboe", "ocean", "octopus", "onion", "orange", "outlet", "owl", "owner", "oxygen", "palm", "panda", "pant", "paper", "parade", "park", "patron", "peach", "pear", "pencil", "people", "phoenix", "phone", "piano", "pizza", "place", "planet", "player", "pledge", "plum", "pocket", "poem", "poet", "poetry", "pond", "poodle", "potato", "prairie", "praise", "prose", "puppy", "quail", "quaint", "quick", "quote", "rabbit", "raccoon", "raft", "rain", "raven", "reason", "remedy", "review", "reward", "river", "road", "robin", "rock", "rocket", "role", "rose", "rosebud", "runner", "safety", "salute", "scout", "sea", "seed", "series", "shark", "sheep", "shelf", "ship", "shoe", "shrub", "singer", "skates", "sky", "sled", "snail", "snake", "soccer", "socks", "sofa", "space", "spark", "sparrow", "spider", "spoon", "squash", "squirrel", "stable", "star", "state", "statue", "storm", "stove", "straw", "street", "studio", "study", "summit", "sun", "table", "tablet", "tea", "teapot", "teen", "tent", "theory", "tiger", "timber", "tomato", "tooth", "topic", "town", "trail", "train", "tree", "truck", "trumpet", "truth", "tuba", "tulip", "turkey", "turtle", "two", "unicorn", "union", "unit", "unite", "urban", "useful", "valley", "value", "vase", "verse", "video", "violet", "violin", "volume", "voyage", "wagon", "walnut", "watch", "water", "wealth", "week", "west", "whale", "wind", "window", "windy", "wolf", "world", "writer", "yacht", "yard", "year", "youth", "zeal", "zebra", "zone", "zoo" }; for(ca = 0; ca < (sizeof(firstword) / sizeof(char *)); ca++) { for(cs = 0; cs < (sizeof(secondword) / sizeof(char *)); cs++) { if(strcmp(firstword[ca], secondword[cs]) == 0) continue; for (cn = 0; cn < 1000; cn++) { snprintf(pskstring, PSKSTRING_LEN_MAX, "%s%s%03d", firstword[ca], secondword[cs], cn); fprintf(fhout,"%s\n", pskstring); } } } for(ca = 0; ca < (sizeof(firstword) / sizeof(char *)); ca++) { for(cs = 0; cs < (sizeof(secondword) / sizeof(char *)); cs++) { if(strcmp(firstword[ca], secondword[cs]) == 0) continue; for (cn = 0; cn < 100; cn++) { snprintf(pskstring, PSKSTRING_LEN_MAX, "%s%s%02d", firstword[ca], secondword[cs], cn); fprintf(fhout,"%s\n", pskstring); } } } for(ca = 0; ca < (sizeof(firstword) / sizeof(char *)); ca++) { for(cs = 0; cs < (sizeof(secondword) / sizeof(char *)); cs++) { if(strcmp(firstword[ca], secondword[cs]) == 0) continue; for (cn = 0; cn < 10; cn++) { snprintf(pskstring, PSKSTRING_LEN_MAX, "%s%s%d", firstword[ca], secondword[cs], cn); fprintf(fhout,"%s\n", pskstring); } } } for(ca = 0; ca < (sizeof(firstword) / sizeof(char *)); ca++) { for(cs = 0; cs < (sizeof(secondword) / sizeof(char *)); cs++) { if(strcmp(firstword[ca], secondword[cs]) == 0) continue; snprintf(pskstring, PSKSTRING_LEN_MAX, "%s%s", firstword[ca], secondword[cs]); fprintf(fhout,"%s\n", pskstring); } } return; } /*===========================================================================*/ static void keywritephome(FILE *fhout) { static size_t ca, cs; static int cn; static char pskstring[PSKSTRING_LEN_MAX] = {}; static const char *five[] = { "about", "again", "aisle", "alley", "amaze", "angle", "apron", "attic", "award", "bacon", "badge", "bagel", "beard", "begin", "being", "berry", "bloom", "board", "bread", "brick", "bring", "brush", "brook", "build", "built", "cause", "chair", "charm", "chart", "charm", "chase", "check", "chime", "chord", "chore", "chose", "cough", "class", "clear", "coast", "cough", "cover", "court", "creak", "curve", "daily", "daisy", "dance", "diner", "dodge", "dough", "dozed", "drain", "drink", "eager", "eagle", "earth", "eight", "elect", "empty", "enter", "equal", "event", "exact", "fancy", "favor", "feast", "fence", "fever", "field", "fifty" }; static const char *six[] = { "across", "action", "always", "amount", "animal", "answer", "anyone", "appear", "arctic", "autumn", "basket", "become", "beside", "better", "bottle", "breezy", "bridge", "bright", "button", "cactus", "called", "carpet", "camera", "candid", "canvas", "canyon", "castle", "cattle", "caught", "celery", "cellar", "chance", "change", "charge", "cheery", "chores", "chosen", "circle", "cities", "collar", "column", "comedy", "copied", "county", "create", "degree", "depend", "design", "detail", "dimmed", "dinner", "direct", "effect", "eighty", "eleven", "engine", "factor", "famous", "filter", "finish", "flight", "flower", "follow", "forest", "garden", "gather", "harbor", "hardly", "health" }; for(ca = 0; ca < (sizeof(five) / sizeof(char *)); ca++) { for(cs = 0; cs < (sizeof(six) / sizeof(char *)); cs++) { for (cn = 0; cn < 10000; cn++) { snprintf(pskstring, PSKSTRING_LEN_MAX, "%s%04d%s", five[ca], cn, six[cs]); fprintf(fhout,"%s\n", pskstring); } } } for(ca = 0; ca < (sizeof(six) / sizeof(char *)); ca++) { for(cs = 0; cs < (sizeof(five) / sizeof(char *)); cs++) { for (cn = 0; cn < 10000; cn++) { snprintf(pskstring, PSKSTRING_LEN_MAX, "%s%04d%s", six[ca], cn, five[cs]); fprintf(fhout,"%s\n", pskstring); } } } return; } /*===========================================================================*/ static void keywritetenda1(FILE *fhout) { static size_t ca, cs; static int cn; static char pskstring[PSKSTRING_LEN_MAX] = {}; static const char *word1[] = { "card", "cash", "feed", "jade", "name" }; static const char *word2[] = { "dash", "more", "ride", "think", "wind" }; for(ca = 0; ca < (sizeof(word1) / sizeof(char *)); ca++) { for(cs = 0; cs < (sizeof(word2) / sizeof(char *)); cs++) { for (cn = 0; cn < 1000; cn++) { snprintf(pskstring, PSKSTRING_LEN_MAX, "%s%s%03d", word1[ca], word2[cs], cn); fprintf(fhout,"%s\n", pskstring); } } } return; } /*===========================================================================*/ static void keywritetenda2(FILE *fhout) { static size_t ca; static int cn; static char pskstring[PSKSTRING_LEN_MAX] = {}; static const char *word1[] = { "apple", "east", "give", "lable", "light", "north", "pace", "south", "west" }; for(ca = 0; ca < (sizeof(word1) / sizeof(char *)); ca++) { for (cn = 0; cn < 10000; cn++) { snprintf(pskstring, PSKSTRING_LEN_MAX, "%s%04d", word1[ca], cn); fprintf(fhout,"%s\n", pskstring); } } return; } /*===========================================================================*/ static void keywriteee(FILE *fhout) { static size_t w3, w4, w5; static char pskstring[16] = {}; const char *pskmask = "%s-%s-%s\n"; char** uword3; char** uword4; char** uword5; static const char *word3[] = { "abs", "ace", "act", "add", "ado", "age", "ago", "aid", "ail", "aim", "all", "amp", "any", "ape", "apt", "art", "ask", "bad", "bay", "beg", "bet", "bid", "big", "bow", "box", "bud", "bun", "bus", "buy", "cad", "cam", "can", "cog", "cop", "cud", "cup", "cut", "dam", "did", "die", "dig", "dim", "dip", "dog", "dry", "dub", "due", "dug", "ear", "ego", "elk", "end", "era", "eye", "fab", "fan", "far", "fat", "fax", "fee", "few", "fit", "fix", "fly", "fog", "fox", "fry", "gap", "gel", "gem", "get", "god", "hem", "hid", "hip", "hit", "hop", "hot", "how", "hub", "icy", "ink", "inn", "jar", "job", "jog", "jot", "key", "lay", "led", "leg", "let", "lid", "lie", "lip", "lit", "lob", "lot", "low", "mad", "map", "max", "mid", "mix", "mob", "mop", "mow", "mud", "mug", "nag", "nap", "net", "new", "nod", "nor", "not", "now", "oar", "oat", "odd", "off", "oil", "old", "one", "opt", "our", "out", "owe", "own", "pal", "pay", "pea", "pen", "per", "pet", "pie", "pin", "ply", "pop", "pub", "put", "ran", "rat", "raw", "red", "rid", "rig", "rob", "rot", "run", "sad", "set", "sew", "shy", "sim", "sin", "sip", "sir", "sit", "six", "sow", "spy", "tad", "tag", "tap", "tax", "ten", "tic", "tip", "ton", "top", "tow", "toy", "try", "two", "use", "vex", "vow", "wet", "win", "won" }; static const char *word4[] = { "able", "acre", "aqua", "bait", "bake", "bald", "ball", "bark", "base", "bath", "bats", "bead", "bell", "best", "boat", "boil", "bold", "bore", "both", "busy", "calm", "camp", "cape", "card", "case", "cash", "cent", "chef", "city", "clad", "clay", "club", "clue", "coat", "cool", "cope", "copy", "cute", "dame", "damp", "dare", "dash", "date", "days", "deaf", "deal", "desk", "dive", "door", "dove", "down", "draw", "drop", "each", "east", "edge", "edit", "epic", "even", "ever", "exit", "face", "fair", "fake", "fall", "fast", "fine", "firm", "flag", "flee", "foam", "fold", "foot", "four", "full", "fuse", "gaps", "gate", "gave", "gift", "gown", "gray", "half", "hang", "hard", "hats", "head", "heat", "hide", "high", "hint", "hire", "hold", "hook", "huge", "hurt", "hymn", "idea", "iron", "jets", "joke", "judo", "keen", "kiss", "lace", "lack", "land", "late", "lawn", "lazy", "less", "link", "live", "loaf", "loan", "logo", "lord", "loss", "loud", "menu", "mill", "mine", "mint", "mist", "most", "move", "much", "name", "neat", "need", "nest", "noon", "nude", "oars", "oust", "pads", "page", "paid", "pain", "pale", "pane", "pars", "part", "pass", "past", "pear", "pegs", "pens", "pier", "pine", "pins", "pint", "pity", "plan", "poem", "poet", "pond", "pool", "poor", "post", "pure", "rare", "real", "rest", "rich", "riot", "ripe", "road", "roam", "room", "root", "rude", "safe", "sail", "sale", "same", "sand", "save", "scan", "seal", "seat", "seem", "send", "sent", "shin", "shop", "sick", "side", "sift", "sign", "silk", "sing", "skip", "slim", "slip", "slum", "soap", "solo", "sore", "sour", "spit", "stew", "sure", "tall", "teak", "team", "tear", "tent", "then", "tide", "time", "tone", "tour", "trim", "trod", "true", "tune", "turn", "used", "vain", "vast", "vend", "vote", "wait", "want", "warn", "wave", "west", "wild", "wind", "wing", "wise", "worm" }; static const char *word5[] = { "aback", "acres", "adapt", "agent", "agony", "ahead", "alarm", "alert", "alien", "allot", "amble", "angle", "ankle", "armed", "arrow", "audio", "beams", "bland", "blank", "boast", "boost", "bored", "bread", "broke", "cable", "cakes", "cards", "cargo", "cause", "chair", "cheap", "chips", "choke", "climb", "clove", "coact", "coins", "comic", "count", "cover", "crane", "crash", "crude", "cruel", "cubic", "curry", "dance", "dense", "desks", "diner", "dines", "dozen", "draft", "dream", "drink", "drown", "drunk", "dusty", "early", "elder", "enter", "equal", "equip", "erode", "evens", "event", "exact", "excel", "extra", "fancy", "fares", "fence", "fibre", "fifty", "filed", "files", "final", "floor", "flour", "flute", "focus", "foggy", "front", "fruit", "genie", "giant", "glare", "gleam", "glows", "grave", "great", "grids", "group", "grove", "guess", "guest", "harps", "hawks", "heavy", "house", "humor", "ideal", "index", "inked", "ivory", "judge", "knock", "laces", "large", "learn", "light", "lilac", "linen", "loose", "lucky", "lunar", "lyric", "madam", "major", "malts", "manor", "maple", "marry", "merit", "moist", "molar", "motto", "mourn", "mouse", "muddy", "nacho", "novel", "optic", "pages", "panda", "pause", "pedal", "pesto", "piece", "piety", "pings", "pious", "pivot", "place", "plant", "pound", "prime", "prize", "probe", "prose", "prune", "puppy", "pylon", "quiet", "rally", "refer", "remit", "renew", "repel", "roach", "rocky", "roofs", "rooks", "rough", "royal", "rusty", "salad", "scarf", "scoop", "scoot", "scope", "score", "scorn", "shaft", "sharp", "sheds", "shine", "shiny", "shirt", "shore", "shrub", "silly", "sixty", "skate", "socks", "sound", "spade", "spare", "spend", "spent", "squad", "stack", "stand", "stars", "start", "stats", "steam", "stick", "stoop", "storm", "story", "sunny", "sweat", "swift", "swing", "sword", "tally", "tempt", "tents", "these", "thick", "thief", "tidal", "tiger", "title", "today", "track", "train", "trick", "trust", "tuned", "twigs", "twist", "unbid", "unbox", "uncap", "upend", "upper", "upset", "valid", "vends", "vines", "visit", "weary", "wheel", "whole", "worth", "wound", "wrist", "yeast", "zooms" }; uword3 = create_upper_array(word3, sizeof(word3) / sizeof(char *)); uword4 = create_upper_array(word4, sizeof(word4) / sizeof(char *)); uword5 = create_upper_array(word5, sizeof(word5) / sizeof(char *)); for(w3 = 0; w3 < (sizeof(word3) / sizeof(char *)); w3++) { for(w4 = 0; w4 < (sizeof(word4) / sizeof(char *)); w4++) { for(w5 = 0; w5 < (sizeof(word5) / sizeof(char *)); w5++) { snprintf(pskstring, 16, pskmask, word3[w3], word4[w4], word5[w5]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, uword3[w3], word4[w4], word5[w5]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, word3[w3], uword4[w4], word5[w5]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, word3[w3], word4[w4], uword5[w5]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, word3[w3], word5[w5], word4[w4]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, uword3[w3], word5[w5], word4[w4]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, word3[w3], uword5[w5], word4[w4]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, word3[w3], word5[w5], uword4[w4]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, word4[w4], word3[w3], word5[w5]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, uword4[w4], word3[w3], word5[w5]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, word4[w4], uword3[w3], word5[w5]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, word4[w4], word3[w3], uword5[w5]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, word4[w4], word5[w5], word3[w3]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, uword4[w4], word5[w5], word3[w3]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, word4[w4], uword5[w5], word3[w3]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, word4[w4], word5[w5], uword3[w3]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, word5[w5], word3[w3], word4[w4]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, uword5[w5], word3[w3], word4[w4]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, word5[w5], uword3[w3], word4[w4]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, word5[w5], word3[w3], uword4[w4]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, word5[w5], word4[w4], word3[w3]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, uword5[w5], word4[w4], word3[w3]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, word5[w5], uword4[w4], word3[w3]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, word5[w5], word4[w4], uword3[w3]); fputs(pskstring, fhout); } } } free_array(uword3, sizeof(word3) / sizeof(char *)); free_array(uword4, sizeof(word4) / sizeof(char *)); free_array(uword5, sizeof(word5) / sizeof(char *)); return; } /*===========================================================================*/ /* source: soxrok2212, https://github.com/soxrok2212/PSKracker/tree/master/dicts/altice-optimum */ static void keywritealticeoptimum(FILE *fhout) { static unsigned int w, i, j; // w1 static const char *word[] = { "amber", "aqua", "brick", "bronze", "burgundy", "chestnut", "cobalt", "copper", "coral", "cordovan", "crimson", "cyan", "emerald", "garnet", "gold", "green", "grey", "indigo", "lavender", "lemon", "magenta", "olive", "orchid", "peach", "periwinkle", "pewter", "plum", "purple", "rose", "sage", "sepia", "silver", "teal", "turquoise" }; for (w = 0; w < (sizeof(word) / sizeof(char *)); w++ ) { for (i = 0; i < 10000; i++) { for (j = 0; j < 10000; j++) { // 2-2 test /* if (i < 100 && j < 100) { fprintf(fhout, "%s-%02d-%02d\n", word[w], i, j); fprintf(fhout, "%02d-%s-%02d\n", i, word[w], j); fprintf(fhout, "%02d-%02d-%s\n", i, j, word[w]); } */ // 2-3 test /* if (i < 100 && j < 1000) { fprintf(fhout, "%s-%02d-%03d\n", word[w], i, j); fprintf(fhout, "%02d-%s-%03d\n", i, word[w], j); fprintf(fhout, "%02d-%03d-%s\n", i, j, word[w]); } */ // 2-4 if (i < 100 && j < 10000) { //fprintf(fhout, "%s-%02d-%04d\n", word[w], i, j); // test fprintf(fhout, "%02d-%s-%04d\n", i, word[w], j); //fprintf(fhout, "%02d-%04d-%s\n", i, j, word[w]); // test } // 3-2 test /* if (i < 1000 && j < 100) { fprintf(fhout, "%s-%03d-%02d\n", word[w], i, j); fprintf(fhout, "%03d-%s-%02d\n", i, word[w], j); fprintf(fhout, "%03d-%02d-%s\n", i, j, word[w]); } */ // 3-3 if (i < 1000 && j < 1000) { fprintf(fhout, "%s-%03d-%03d\n", word[w], i, j); fprintf(fhout, "%03d-%s-%03d\n", i, word[w], j); fprintf(fhout, "%03d-%03d-%s\n", i, j, word[w]); } // 4-2 if (i < 10000 && j < 100) { fprintf(fhout, "%s-%04d-%02d\n", word[w], i, j); fprintf(fhout, "%04d-%s-%02d\n", i, word[w], j); //fprintf(fhout, "%04d-%02d-%s\n", i, j, word[w]); // test } } // test two words /* for (w1 = 0; w1 < (sizeof(word) / sizeof(char *)); w1++ ) { //if (w == w1) continue; if (i < 10) { fprintf(fhout, "%s-%01d-%s\n", word[w], i, word[w1]); fprintf(fhout, "%01d-%s-%s\n", i, word[w], word[w1]); fprintf(fhout, "%s-%s-%01d\n", word[w], word[w1], i); } if (i < 100) { fprintf(fhout, "%s-%02d-%s\n", word[w], i, word[w1]); fprintf(fhout, "%02d-%s-%s\n", i, word[w], word[w1]); fprintf(fhout, "%s-%s-%02d\n", word[w], word[w1], i); } if (i < 1000) { fprintf(fhout, "%s-%03d-%s\n", word[w], i, word[w1]); fprintf(fhout, "%03d-%s-%s\n", i, word[w], word[w1]); fprintf(fhout, "%s-%s-%03d\n", word[w], word[w1], i); } if (i < 10000) { fprintf(fhout, "%s-%04d-%s\n", word[w], i, word[w1]); fprintf(fhout, "%04d-%s-%s\n", i, word[w], word[w1]); fprintf(fhout, "%s-%s-%04d\n", word[w], word[w1], i); } } */ } } return; } /*===========================================================================*/ static void keywriteweakpass(FILE *fhout) { static size_t w; static unsigned int y; static char pskstring[PSKSTRING_LEN_MAX] = {}; static const char *weakword[] = { "00000000", "0000000000", "01234567", "0123456789", "0123456789012345", "022844444", "0987654321", "1029384756", "11111111", "1111111111", "111222333", "11223344", "1122334455", "11235813", "1123581321", "12121212", "123123123", "123321123", "12341234", "12344321", "1234512345", "123454321", "1234554321", "12345678", "123456789", "1234567890", "12345678910", "123456789a", "12345678a", "1234567a", "123456abc", "12345qwert", "1234abcd", "1234qwer", "123654789", "12369874", "123698745", "123789456", "123qweasd", "123qweasdzxc", "12qwaszx", "1357924680", "147258369", "147852369", "14789632", "147896325", "192837465", "1a2b3c4d", "1q2w3e4r", "1q2w3e4r", "1q2w3e4r5t", "1q2w3e4r5t6y", "1qaz2wsx", "1qazxsw2", "22222222", "321654987", "4815162342", "55555555", "741852963", "76543210", "77777777", "789456123", "87654321", "88888888", "963852741", "987654321", "9876543210", "999999999", "a1234567", "a123456789", "a1b2c3d4", "a1b2c3d4e5", "a1s2d3f4", "Aa123456", "aaaaaaaa", "aaaaaaaaaa", "abc12345", "abcd1234", "abcdefgh", "adgjmptw", "alexander", "Alexandra", "Amsterdam", "Anderson", "Angelina", "Apollo13", "asdasdasd", "asdf1234", "asdfasdf", "asdfghjk", "asdfghjkl", "Assassin", "Atlantis", "Australia", "azertyuiop", "Babygirl", "Barcelona", "Baseball", "Basketball", "Benjamin", "BigDaddy", "BlaBlaBla", "BlahBlah", "Blink182", "Blizzard", "Brooklyn", "Bullshit", "Butterfly", "California", "CallofDuty", "Carolina", "Caroline", "Carpediem", "Catherine", "Champion", "Changeme", "Charlie1", "Charlotte", "Cheyenne", "Chocolate", "Christian", "Christina", "Christine", "Christopher", "Cocacola", "Colorado", "Computer", "Corvette", "Courtney", "Creative", "Danielle", "Darkness", "December", "Dolphins", "DragonBall", "drowssap", "Einstein", "Elephant", "Elizabeth", "Evolution", "Facebook", "Fernando", "Fireball", "Firebird", "Football", "Football1", "free-tau", "Franklin", "FuckYou2", "Gangster", "Garfield", "Giovanni", "Godzilla", "Goldfish", "GoodLuck", "GreenDay", "Hallo123", "Hardcore", "Harrison", "HarryPotter", "Hello123", "HelloKitty", "helloworld123", "Hercules", "IceCream", "idontknow", "iloveyou", "Infinity", "Internet", "Inuyasha", "Isabella", "Isabelle", "JamesBond", "Jennifer", "Jonathan", "Jordan23", "justdoit", "Juventus", "Kamikaze", "Kawasaki", "Kimberly", "KingKong", "Kristina", "LasVegas", "Leonardo", "LinkinPark", "Liverpool", "Logitech", "Lollipop", "LoveLove", "Manchester", "Marlboro", "Marshall", "Maverick", "Mercedes", "Metallica", "Michael1", "Michelle", "Microsoft", "Midnight", "Mitchell", "MoonLight", "MotherFucker", "Motorola", "Napoleon", "NewCastle", "Nicholas", "Nightmare", "Nintendo", "November", "Pa55w0rd", "Pa55word", "Pakistan", "Panasonic", "Paradise", "Passport", "Passw0rd", "Password1", "Password123", "Passwort", "Patricia", "Pavilion", "PeterPan", "Pineapple", "Platinum", "Playstation", "PoohBear", "Portugal", "Precious", "Predator", "Princess", "P@ssw0rd", "q1w2e3r4", "q1w2e3r4t5", "qazwsx123", "qazwsxedc", "qweasdzxc", "qwer1234", "qwerasdf", "qwert123", "qwerty12", "qwerty123", "qwertyui", "qwertyuiop", "Rammstein", "RealMadrid", "Remember", "Rockstar", "Ronaldo7", "RunEscape", "Rush2112", "Samantha", "Savannah", "Scarface", "Scorpion", "Scotland", "Sebastian", "Security", "September", "Serenity", "Simpsons", "Skateboard", "Skittles", "Skywalker", "Slipknot", "smartbro", "Snickers", "Snowball", "Snowboard", "Something", "Southpark", "Spiderman", "Spitfire", "SpongeBob", "Starcraft", "Stargate", "StarTrek", "StarWars", "Steelers", "Stephanie", "Strawberry", "Sunflower", "Sunshine", "Superman", "Superstar", "Swordfish", "TaxiLinQ", "Terminator", "TestTest", "Tinkerbell", "TrustNo1", "Twilight", "Undertaker", "Valentina", "Valentine", "Veronica", "Victoria", "Warcraft", "Warhammer", "Welcome1", "Westside", "WhatEver", "Williams", "Wolverine", "Wordpass", "zaq12wsx", "zaq1xsw2" }; for(w = 0; w < (sizeof(weakword) /sizeof(weakword[0])); w++) writepsk(fhout, weakword[w]); for(y = 1900; y <= thisyear; y++) { snprintf(pskstring, PSKSTRING_LEN_MAX, "abcd%04d", y); writepsk(fhout, pskstring); } for(y = 0; y < 1000; y++) { snprintf(pskstring, PSKSTRING_LEN_MAX, "%03d%03d%03d", y, y, y); writepsk(fhout, pskstring); } return; } /*===========================================================================*/ static void keywriteeudate(FILE *fhout) { static unsigned int d, m, y; for(y = 1900; y <= thisyear; y++) { for(d = 1; d <= 28; d++) { for(m = 1; m <= 12; m++) { fprintf(fhout, "%02d%02d%04d\n", d, m, y); fprintf(fhout, "%02d.%02d.%04d\n", d, m, y); } } } for(y = 1900; y <= thisyear; y++) { for(d = 29; d <= 30; d++) { for(m = 1; m <= 12; m++) { fprintf(fhout, "%02d%02d%04d\n", d, m, y); fprintf(fhout, "%02d.%02d.%04d\n", d, m, y); } } } for(y = 1900; y <= thisyear; y++) { fprintf(fhout, "3101%04d\n", y); fprintf(fhout, "3103%04d\n", y); fprintf(fhout, "3105%04d\n", y); fprintf(fhout, "3107%04d\n", y); fprintf(fhout, "3108%04d\n", y); fprintf(fhout, "3110%04d\n", y); fprintf(fhout, "3112%04d\n", y); fprintf(fhout, "31.01.%04d\n", y); fprintf(fhout, "31.03.%04d\n", y); fprintf(fhout, "31.05.%04d\n", y); fprintf(fhout, "31.07.%04d\n", y); fprintf(fhout, "31.08.%04d\n", y); fprintf(fhout, "31.10.%04d\n", y); fprintf(fhout, "31.12.%04d\n", y); } for(y = 1900; y <= thisyear; y++) { if (((y %4 == 0) && (y %100 != 0)) || (y %400 == 0)) { fprintf(fhout, "2902%04d\n", y); fprintf(fhout, "29.02.%04d\n", y); } } return; } /*===========================================================================*/ static void keywriteusdate(FILE *fhout) { static unsigned int d, m, y; for(y = 1900; y <= thisyear; y++) { for(d = 1; d <= 28; d++) { for(m = 1; m <= 12; m++) { fprintf(fhout, "%02d%02d%04d\n", m, d, y); fprintf(fhout, "%02d.%02d.%04d\n", m, d, y); } } } for(y = 1900; y <= thisyear; y++) { for(d = 29; d <= 30; d++) { for(m = 1; m <= 12; m++) { fprintf(fhout, "%02d%02d%04d\n", m, d, y); fprintf(fhout, "%02d.%02d.%04d\n", m, d, y); } } } for(y = 1900; y <= thisyear; y++) { fprintf(fhout, "0131%04d\n", y); fprintf(fhout, "0331%04d\n", y); fprintf(fhout, "0531%04d\n", y); fprintf(fhout, "0731%04d\n", y); fprintf(fhout, "0831%04d\n", y); fprintf(fhout, "1031%04d\n", y); fprintf(fhout, "1231%04d\n", y); fprintf(fhout, "01.31.%04d\n", y); fprintf(fhout, "03.31.%04d\n", y); fprintf(fhout, "05.31.%04d\n", y); fprintf(fhout, "07.31.%04d\n", y); fprintf(fhout, "08.31.%04d\n", y); fprintf(fhout, "10.31.%04d\n", y); fprintf(fhout, "12.31.%04d\n", y); } for(y = 1900; y <= thisyear; y++) { if (((y %4 == 0) && (y %100 != 0)) || (y %400 == 0)) { fprintf(fhout, "0229%04d\n", y); fprintf(fhout, "02.29.%04d\n", y); } } return; } /*===========================================================================*/ static void keywriteyearyear(FILE *fhout) { static unsigned int y, y2, y3; static char pskstring[PSKSTRING_LEN_MAX] = {}; for(y = 1900; y <= thisyear; y++) { for(y2 = 1900; y2 <= thisyear; y2++) { snprintf(pskstring, PSKSTRING_LEN_MAX, "%04d%04d", y, y2); writepsk(fhout, pskstring); } } for(y = 1900; y <= thisyear; y++) { for(y2 = 1900; y2 <= thisyear; y2++) { for(y3 = 1900; y3 <= thisyear; y3++) { snprintf(pskstring, PSKSTRING_LEN_MAX, "%04d%04d%04d", y, y2, y3); writepsk(fhout, pskstring); } } } return; } /*===========================================================================*/ static void keywriteegn(FILE *fhout) { static unsigned int y, m, d, mc, i, j, c; static char pskstring[PSKSTRING_LEN_MAX] = {}; static unsigned int w[] = {2, 4, 8, 5, 10, 9, 7, 3, 6}; for(y = 1950; y <= thisyear; y++) { if (y < 2000) mc = 0; else mc = 40; for(m = 1; m <= 12; m++) { for(d = 1; d <= 31; d++) { if (m == 2) { if ((((y % 4 == 0) && (y % 100 != 0)) || (y % 400 == 0))) { if (d > 29) continue; } else { if (d > 28) continue; } } if ((m == 4 || m == 6 || m == 9 || m == 11) && d > 30) continue; for (i = 0; i < 1000; i++) { snprintf(pskstring, PSKSTRING_LEN_MAX, "%02d%02d%02d%03d", y % 100, m + mc, d, i); c = 0; for (j = 0; j < 9; j++) { c += (pskstring[j] - 48) * w[j]; } c %= 11; if (c == 10) c = 0; pskstring[9] = c + 48; pskstring[10] = 0; writepsk(fhout, pskstring); } } } } return; } /*===========================================================================*/ static void preparebssidessid(FILE *fhout, unsigned long long int macaddr, uint8_t essidlen, uint8_t *essid) { static int k2; static int ek; static char *ev; static unsigned int oui; static char essidtmp[PSKSTRING_LEN_MAX] = {}; if(essidlen >= 6) { if((isxdigit((unsigned char)essid[essidlen -6])) && (isxdigit((unsigned char)essid[essidlen -5])) && (isxdigit((unsigned char)essid[essidlen -4])) && (isxdigit((unsigned char)essid[essidlen -3])) && (isxdigit((unsigned char)essid[essidlen -2])) && (isxdigit((unsigned char)essid[essidlen -1]))) { ev = (char*)(essid +essidlen -6); ek = strtol(ev, NULL, 16); oui = (macaddr &0xffffff000000L) >> 24; snprintf(essidtmp, PSKSTRING_LEN_MAX, "%06x%06x", oui, ek); writepsk(fhout, essidtmp); } } return; if(essidlen >= 4) { if((isxdigit((unsigned char)essid[essidlen -4])) && (isxdigit((unsigned char)essid[essidlen -3])) && (isxdigit((unsigned char)essid[essidlen -2])) && (isxdigit((unsigned char)essid[essidlen -1]))) { ev = (char*)(essid +7); ek = strtol(ev, NULL, 16); for(k2 = ek -10; k2 < ek +10; k2++) { snprintf(essidtmp, PSKSTRING_LEN_MAX, "%08llx%04x", (macaddr >> 16), (k2 &0xffff)); writepsk(fhout, essidtmp); } } } return; } /*===========================================================================*/ static void processbssidsessids(FILE *fhout) { static int c; static apessidl_t *zeiger; static apessidl_t *zeiger1; qsort(apessidliste, apessidcount, APESSIDLIST_SIZE, sort_apessidlist_by_ap); zeiger = apessidliste; for(c = 0; c < apessidcount; c++) { if(c == 0) preparebssidessid(fhout, zeiger->macaddr, zeiger->essidlen, zeiger->essid); else { zeiger1 = zeiger -1; if((zeiger->macaddr != zeiger1->macaddr) || (zeiger->essidlen != zeiger1->essidlen) || (memcmp(zeiger->essid, zeiger1->essid, zeiger->essidlen) != 0)) { preparebssidessid(fhout, zeiger->macaddr, zeiger->essidlen, zeiger->essid); } } zeiger++; } return; } /*===========================================================================*/ static void writeessidadd(FILE *fhout, char *essid) { static unsigned int c, d; static char essidstring[PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX] = {}; for(c = 22222; c <= 99999; c += 11111) { snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s%d", essid, c); writepsk(fhout, essidstring); } if(essidglen <= 2) { for(c = thisyear +1; c < 1000000; c++) { snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s%d", essid, c); writepsk(fhout, essidstring); } } if(essidglen <= 3) { for(c = thisyear +1; c < 100000; c++) { snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s%d", essid, c); writepsk(fhout, essidstring); } } if(essidglen <= 12) { for(c = thisyear +1; c < 10000; c++) { snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s%d", essid, c); writepsk(fhout, essidstring); } } if(essidglen > 12) { for(c = 2222; c <= 9999; c += 1111) { snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s%d", essid, c); writepsk(fhout, essidstring); } } for(c = 0; c <= thisyear; c++) { snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s%04d", essid, c); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s%04d!", essid, c); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%04d%s", c, essid); writepsk(fhout, essidstring); } for(c = 100; c < 1000; c++) { snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s%05d", essid, c); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s%04d", essid, c); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s%d", essid, c); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s%d!", essid, c); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%d%s", c, essid); writepsk(fhout, essidstring); } for(c = 10; c < 100; c++) { snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s%04d", essid, c); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s%03d", essid, c); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s%d!", essid, c); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%d%s", c, essid); writepsk(fhout, essidstring); } for(c = 0; c < 10; c++) { snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s%04d", essid, c); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s%03d", essid, c); writepsk(fhout, essidstring); } for(c = 0; c <= 99; c++) { for(d = 0; d <= 99; d++) { snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%02d%s%02d", c, essid, d); writepsk(fhout, essidstring); } } for(c = 0x21; c < 0x7f; c++) { for(d = 0x21; d < 0x7f; d++) { snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%c%c%s%c%c", c, d, essid, d, c); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s%c%c", essid, c, d); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%c%c%s", c, d, essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%c%s%c", c, essid, d); writepsk(fhout, essidstring); } } for(c = 0x21; c < 0x7f; c++) { snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s%c", essid, c); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%c%s", c, essid); writepsk(fhout, essidstring); } snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s1234567890", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s123456789", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s12345678", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s1234567", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s123456", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s12345", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s9876543210", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s987654321", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s87654321", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s7654321", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s654321", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s54321", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s4711", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "1234567890%s", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "123456789%s", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "12345678%s", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "1234567%s", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "123456%s", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "12345%s", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "9876543210%s", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "987654321%s", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "87654321%s", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "7654321%s", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "654321%s", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "54321%s", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s@adsl", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s@Home", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s@WiFi", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s@1234", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%sWiFi", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s@dsl", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s@123", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX, "%s%s%s", essid, essid, essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s%s", essid, essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "Family%s", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "Familie%s", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "Familia%s", essid); writepsk(fhout, essidstring); return; } /*===========================================================================*/ static bool writeessidremoved(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int pi; static int po; static int essidlentmp; static bool removeflag; static char essidtmp[PSKSTRING_LEN_MAX] = {}; po = 0; removeflag = false; essidlentmp = essidlen; memset(&essidtmp, 0, PSKSTRING_LEN_MAX); for(pi = 0; pi < essidlen; pi++) { if(((essid[pi] >= 'A') && (essid[pi] <= 'Z')) || ((essid[pi] >= 'a') && (essid[pi] <= 'z'))) { essidtmp[po] = essid[pi]; po++; } else { essidlentmp--; removeflag = true; } } writeessidadd(fhout, (char*)essid); if(removeflag == true) writeessidadd(fhout, essidtmp); return removeflag; } /*===========================================================================*/ static void writeessidsweeped(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int l1, l2; static uint8_t sweepstring[PSKSTRING_LEN_MAX] = {}; for(l1 = 2; l1 <= essidlen; l1++) { for(l2 = 0; l2 <= essidlen -l1; l2++) { memset(&sweepstring, 0, PSKSTRING_LEN_MAX); memcpy(&sweepstring, &essid[l2], l1); writeessidremoved(fhout, l1, sweepstring); } } return; } /*===========================================================================*/ static void testairtel(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k; static char *air = "Airtel_"; if(airtelflag == true) return; if(essidlen < 7) return; if(memcmp(essid, air, 7) != 0) return; fprintf(fhout, "Airtel@123\n"); for(k = 0; k < 100000; k++) fprintf(fhout, "air%05d\n", k); airtelflag = true; return; } /*===========================================================================*/ static void testalcatellinkzone(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k1; static char *ali = "Alcatel LINKZONE "; static char essidtmp[PSKSTRING_LEN_MAX] = {}; if(essidlen != 21) return; if(memcmp(essid, ali, 17) != 0) return; if((!isdigit((unsigned char)essid[17])) || (!isdigit((unsigned char)essid[18])) || (!isdigit((unsigned char)essid[19])) || (!isdigit((unsigned char)essid[20]))) return; for(k1 = 0; k1 < 10000; k1++) { snprintf(essidtmp, PSKSTRING_LEN_MAX, "%04d%c%c%c%c", k1, essid[17], essid[18], essid[19], essid[20]); writepsk(fhout, essidtmp); } return; } /*===========================================================================*/ static void testarrisizzi(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int c; static uint32_t i; static char *izzi = "IZZI-"; static int fixseed2[] = { 0x001C15, 0x189C27, 0x3C0461, 0x509551, 0x704FB8, 0x8871B1, 0x8C61A3, 0x9CC8FC, 0xA811FC, 0xD4AB82, 0xF0AF85, 0xF82DC0, 0xF88B37, 0xF8F532, 0xFCAE34 }; #define FIXSEED2_SIZE sizeof(fixseed2) /sizeof(int) if(essidlen < 9) return; if(memcmp(essid, izzi, 5) != 0) return; if((!isxdigit((unsigned char)essid[5])) || (!isxdigit((unsigned char)essid[6])) || (!isxdigit((unsigned char)essid[7])) || (!isxdigit((unsigned char)essid[8]))) return; for(i = 0; i < FIXSEED2_SIZE; i++) { for(c = 0; c < 0x100; c++) fprintf(fhout, "%06X%02X%C%C%C%C\n", fixseed2[i], c, essid[5], essid[6], essid[7], essid[8]); } return; } /*===========================================================================*/ static void testarristg(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k1; static char *dg860A = "DG860A"; static char *tg852g = "TG852G"; static char *tg862g = "TG862G"; static char *dg1670A = "DG1670A"; static char *sbg6580 = "SBG6580"; static char *tg1672g = "TG1672G"; if(essidlen >= 8) { if((!isxdigit((unsigned char)essid[6])) || (!isxdigit((unsigned char)essid[7]))) return; if(memcmp(essid, dg860A, 6) == 0) { for(k1 = 0; k1 < 0x10000; k1++) fprintf(fhout, "DG860A%04X%c%c\n", k1, essid[6], essid[7]); return; } if(memcmp(essid, tg852g, 6) == 0) { for(k1 = 0; k1 < 0x10000; k1++) fprintf(fhout, "TG852G%04X%c%c\n", k1, essid[6], essid[7]); return; } if(memcmp(essid, tg862g, 6) == 0) { for(k1 = 0; k1 < 0x10000; k1++) fprintf(fhout, "TG862G%04X%c%c\n", k1, essid[6], essid[7]); return; } } if(essidlen >= 9) { if((!isxdigit((unsigned char)essid[7])) || (!isxdigit((unsigned char)essid[8]))) return; if(memcmp(essid, dg1670A, 7) == 0) { for(k1 = 0; k1 < 0x10000; k1++) fprintf(fhout, "DG1670A%04X%c%c\n", k1, essid[7], essid[8]); return; } if(memcmp(essid, sbg6580, 7) == 0) { for(k1 = 0; k1 < 0x10000; k1++) fprintf(fhout, "SBG6580%04X%c%c\n", k1, essid[7], essid[8]); return; } if(memcmp(essid, tg1672g, 7) == 0) { for(k1 = 0; k1 < 0x10000; k1++) fprintf(fhout, "TG1672G%04X%c%c\n", k1, essid[7], essid[8]); return; } } return; } /*===========================================================================*/ static void testaxtelxtremo(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k1; static char *axtelxtremo = "AXTEL XTREMO-"; static char essidtmp[PSKSTRING_LEN_MAX] = {}; if(essidlen != 17) return; if(memcmp(essid, axtelxtremo, 13) != 0) return; if((!isxdigit((unsigned char)essid[13])) || (!isxdigit((unsigned char)essid[14])) || (!isxdigit((unsigned char)essid[15])) || (!isxdigit((unsigned char)essid[16]))) return; for(k1 = 0; k1 < 10000; k1++) { snprintf(essidtmp, PSKSTRING_LEN_MAX, "%04d%c%c%c%c", k1, essid[13], essid[14], essid[15], essid[16]); writepsk(fhout, essidtmp); } return; } /*===========================================================================*/ static void testattwifi(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k1, k2, k3, k4; static char *attwifi = "ATT-WIFI-"; static char essidtmp[PSKSTRING_LEN_MAX] = {}; if(essidlen != 13) return; if(memcmp(essid, attwifi, 9) != 0) return; if((!isdigit((unsigned char)essid[9])) || (!isdigit((unsigned char)essid[10])) || (!isdigit((unsigned char)essid[11])) || (!isdigit((unsigned char)essid[12]))) return; for(k1 = 0; k1 < 10; k1++) for(k2 = 0; k2 < 10; k2++) for(k3 = 0; k3 < 10; k3++) for(k4 = 0; k4 < 10; k4++) { snprintf(essidtmp, PSKSTRING_LEN_MAX, "%d%c%d%c%d%c%d%c", k1, essid[9], k2, essid[10], k3, essid[12], k4, essid[11]); writepsk(fhout, essidtmp); } return; } /*===========================================================================*/ static void testcabovisao(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k1; static char *cabovisao = "Cabovisao-"; static char essidtmp[PSKSTRING_LEN_MAX] = {}; if(essidlen != 14) return; if(memcmp(essid, cabovisao, 10) != 0) return; if((!isxdigit((unsigned char)essid[10])) || (!isxdigit((unsigned char)essid[11])) || (!isxdigit((unsigned char)essid[12])) || (!isxdigit((unsigned char)essid[13]))) return; for(k1 = 0; k1 < 0x100; k1++) { snprintf(essidtmp, PSKSTRING_LEN_MAX, "2ce412%02x%c%c%c%c", k1, essid[10], essid[11], essid[12], essid[13]); writepsk(fhout, essidtmp); snprintf(essidtmp, PSKSTRING_LEN_MAX, "e0ca94%02x%c%c%c%c", k1, essid[10], essid[11], essid[12], essid[13]); writepsk(fhout, essidtmp); snprintf(essidtmp, PSKSTRING_LEN_MAX, "e0cec3%02x%c%c%c%c", k1, essid[10], essid[11], essid[12], essid[13]); writepsk(fhout, essidtmp); } return; } /*===========================================================================*/ static void testcg3000dv2(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k1; static char *cg3000dv2 = "CG3000DV2"; if(essidlen < 11) return; if(memcmp(essid, cg3000dv2, 9) != 0) return; if((!isxdigit((unsigned char)essid[9])) || (!isxdigit((unsigned char)essid[10]))) return; for(k1 = 0; k1 < 0x10000; k1++) fprintf(fhout, "CG3000DV2%04X%c%c\n", k1, essid[9], essid[10]); return; } /*===========================================================================*/ static void testcpsrf(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k1; static char *cpcrf1 = "CoolpadSurf_"; static char *cpcrf2 = "Coolpad Surf "; if(essidlen < 16) return; if(memcmp(essid, cpcrf1, 12) == 0) { if((!isdigit((unsigned char)essid[12])) || (!isdigit((unsigned char)essid[13])) || (!isdigit((unsigned char)essid[14])) || (!isdigit((unsigned char)essid[15]))) return; for(k1 = 0; k1 < 10000; k1++) fprintf(fhout, "%04d%.*s\n", k1, 4, &essid[12]); return; } if(essidlen < 17) return; if(memcmp(essid, cpcrf2, 13) == 0) { if((!isdigit((unsigned char)essid[13])) || (!isdigit((unsigned char)essid[14])) || (!isdigit((unsigned char)essid[15])) || (!isdigit((unsigned char)essid[16]))) return; for(k1 = 0; k1 < 10000; k1++) fprintf(fhout, "%04d%.*s\n", k1, 4, &essid[13]); return; } return; } /*===========================================================================*/ static void testeasybox(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int b; static int s10, s9, s8 , s7; static int m12, m11, m10 ,m9; static int f1, f2; static int k1, k2, k3, k4, k5, k6, k7, k8, k9; static const char *easybox = "EasyBox-"; if(easyboxflag == true) return; if(essidlen != 14) return; if(memcmp(essid, easybox, 8) != 0) return; if((!isxdigit((unsigned char)essid[8])) || (!isxdigit((unsigned char)essid[9])) || (!isxdigit((unsigned char)essid[10])) || (!isxdigit((unsigned char)essid[11])) || (!isdigit((unsigned char)essid[12])) || (!isdigit((unsigned char)essid[13]))) return; for (b = 0; b <= 0xffff; b++) { m12 = b &0x000f; m11 = (b &0x00f0) >> 4; m10 = (b &0x0f00) >> 8; m9 = (b &0xf000) >> 12; s10 = b %10; s9 = (b /10) %10; s8 = (b /100) %10; s7 = (b /1000) %10; f1 = (s7 +s8 +m11 +m12) & 0xf; f2 = (m9 +m10 +s9 +s10) & 0xf; k1 = f1 ^s10; k2 = f2 ^m10; k3 = m11 ^s10; k4 = f1 ^s9; k5 = f2 ^m11; k6 = m12 ^s9; k7 = f1 ^s8; k8 = f2 ^m12; k9 = f1 ^f2; fprintf (fhout, "%X%X%X%X%X%X%X%X%X\n", k1, k2, k3, k4, k5, k6, k7, k8, k9); } easyboxflag = true; return; } /*===========================================================================*/ static void testglocal(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k1, k2, k3, k4; static const char *glocalme = "GlocalMe_"; if(essidlen != 14) return; if(memcmp(essid, glocalme , 9) != 0) return; if((!isdigit((unsigned char)essid[9])) || (!isdigit((unsigned char)essid[10])) || (!isdigit((unsigned char)essid[11])) || (!isdigit((unsigned char)essid[12])) || (!isdigit((unsigned char)essid[13]))) return; k2 = essid[11]; k3 = essid[12]; for(k1 = 0; k1 < 100000; k1++) { for(k4 = 0; k4 < 10; k4++) fprintf(fhout, "%05d%c%c%d\n", k1, k2, k3, k4); } return; } /*===========================================================================*/ static void testhotbox(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k1, k2; static char *ev; static const char *hotbox = "HOTBOX"; static char essidtmp[PSKSTRING_LEN_MAX] = {}; if(essidlen < 7) return; if(memcmp(essid, hotbox , 6) != 0) return; if(hb5flag == false) { for(k1 = 500000000; k1 < 560000000; k1++) fprintf(fhout, "%010d\n", k1); for(k1 = 770000000; k1 < 780000000; k1++) fprintf(fhout, "%010d\n", k1); } hb5flag = true; if(essidlen != 11) return; if(essid[6] != '-') return; if((!isxdigit((unsigned char)essid[7])) || (!isxdigit((unsigned char)essid[8])) || (!isxdigit((unsigned char)essid[9])) || (!isxdigit((unsigned char)essid[10]))) return; ev = (char*)(essid +7); k2 = strtol(ev, NULL, 16); for(k1 = 0; k1 < 0x100; k1++) { snprintf(essidtmp, PSKSTRING_LEN_MAX, "2ce412%02x%04x", k1, k2); writepsk(fhout, essidtmp); snprintf(essidtmp, PSKSTRING_LEN_MAX, "4c17eb%02x%04x", k1, k2); writepsk(fhout, essidtmp); snprintf(essidtmp, PSKSTRING_LEN_MAX, "6c2e85%02x%04x", k1, k2); writepsk(fhout, essidtmp); snprintf(essidtmp, PSKSTRING_LEN_MAX, "7c034c%02x%04x", k1, k2); writepsk(fhout, essidtmp); snprintf(essidtmp, PSKSTRING_LEN_MAX, "7cb733%02x%04x", k1, k2); writepsk(fhout, essidtmp); snprintf(essidtmp, PSKSTRING_LEN_MAX, "a0648f%02x%04x", k1, k2); writepsk(fhout, essidtmp); snprintf(essidtmp, PSKSTRING_LEN_MAX, "b4eeb4%02x%04x", k1, k2); writepsk(fhout, essidtmp); snprintf(essidtmp, PSKSTRING_LEN_MAX, "c0ac54%02x%04x", k1, k2); writepsk(fhout, essidtmp); snprintf(essidtmp, PSKSTRING_LEN_MAX, "d86ce9%02x%04x", k1, k2); writepsk(fhout, essidtmp); snprintf(essidtmp, PSKSTRING_LEN_MAX, "d8fb5e%02x%04x", k1, k2); writepsk(fhout, essidtmp); snprintf(essidtmp, PSKSTRING_LEN_MAX, "e0cec3%02x%04x", k1, k2); writepsk(fhout, essidtmp); snprintf(essidtmp, PSKSTRING_LEN_MAX, "fcb4e6%02x%04x", k1, k2); writepsk(fhout, essidtmp); } for(k1 = 500000000; k1 < 560000000; k1++) fprintf(fhout, "%010d\n", k1); return; } /*===========================================================================*/ static void testmtel(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k1, k2; static const char *a1 = "A1_"; static const char *mtel = "M-Tel_"; static char essidtmp[PSKSTRING_LEN_MAX] = {}; if(essidlen == 7) { if(memcmp(essid, a1, 3) == 0) { if((isxdigit((unsigned char)essid[3])) && (isxdigit((unsigned char)essid[4])) && (isxdigit((unsigned char)essid[5])) && (isxdigit((unsigned char)essid[6]))) { for(k1 = 0; k1 < 0x100; k1++) for(k2 = 0; k2 < 0x100; k2++) { snprintf(essidtmp, PSKSTRING_LEN_MAX, "48575443%02X%c%c%c%c%02X", k1, essid[3], essid[4], essid[5], essid[6], k2); writepsk(fhout, essidtmp); } } } return; } if(essidlen == 10) { if(memcmp(essid, mtel, 6) == 0) { if((isxdigit((unsigned char)essid[6])) && (isxdigit((unsigned char)essid[7])) && (isxdigit((unsigned char)essid[8])) && (isxdigit((unsigned char)essid[9]))) { for(k1 = 0; k1 < 0x100; k1++) { for(k2 = 0; k2 < 0x100; k2++) { snprintf(essidtmp, PSKSTRING_LEN_MAX, "48575443%02X%c%c%c%c%02X", k1, essid[6], essid[7], essid[8], essid[9], k2); writepsk(fhout, essidtmp); } } } } return; } return; } /*===========================================================================*/ static void testmywifi(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k1; static const char *mywifi = "MY WIFI "; static char essidtmp[PSKSTRING_LEN_MAX] = {}; if(essidlen != 12) return; if(memcmp(essid, mywifi, 8) != 0) return; for(k1 = 0; k1 < 10000; k1++) { snprintf(essidtmp, PSKSTRING_LEN_MAX, "MYWIFI%04d", k1); writepsk(fhout, essidtmp); } return; } /*===========================================================================*/ static void testnet2g(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k; static const char *net2g = "NET_2G"; static char essidtmp[PSKSTRING_LEN_MAX] = {}; if(essidlen < 12) return; if(memcmp(essid, net2g, 6) != 0) return; if((isxdigit((unsigned char)essid[6])) && (isxdigit((unsigned char)essid[7])) && (isxdigit((unsigned char)essid[8])) && (isxdigit((unsigned char)essid[9])) && (isxdigit((unsigned char)essid[10])) && (isxdigit((unsigned char)essid[11]))) { for(k = 0; k < 0x100; k++) { snprintf(essidtmp, PSKSTRING_LEN_MAX, "%02X%C%C%C%C%C%C", k, essid[6], essid[7], essid[8], essid[9], essid[10], essid[11]); writepsk(fhout, essidtmp); } } return; } /*===========================================================================*/ static void testnetv(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k; static const char *net2g = "Net-Virtua"; if(essidlen < 15) return; if(memcmp(essid, net2g, 10) != 0) return; if((isdigit((unsigned char)essid[11])) && (isdigit((unsigned char)essid[12])) && (isdigit((unsigned char)essid[13])) && (isdigit((unsigned char)essid[14]))) { for(k = 0; k < 1000; k++) { fprintf(fhout, "%03d%C%C%C%C0\n", k, essid[11], essid[12], essid[13], essid[14]); fprintf(fhout, "15%03d%C%C%C%C0\n", k, essid[11], essid[12], essid[13], essid[14]); fprintf(fhout, "16%03d%C%C%C%C0\n", k, essid[11], essid[12], essid[13], essid[14]); fprintf(fhout, "24%03d%C%C%C%C0\n", k, essid[11], essid[12], essid[13], essid[14]); fprintf(fhout, "31%03d%C%C%C%C0\n", k, essid[11], essid[12], essid[13], essid[14]); fprintf(fhout, "33%03d%C%C%C%C0\n", k, essid[11], essid[12], essid[13], essid[14]); fprintf(fhout, "37%03d%C%C%C%C0\n", k, essid[11], essid[12], essid[13], essid[14]); fprintf(fhout, "38%03d%C%C%C%C0\n", k, essid[11], essid[12], essid[13], essid[14]); fprintf(fhout, "40%03d%C%C%C%C0\n", k, essid[11], essid[12], essid[13], essid[14]); fprintf(fhout, "61%03d%C%C%C%C0\n", k, essid[11], essid[12], essid[13], essid[14]); fprintf(fhout, "71%03d%C%C%C%C0\n", k, essid[11], essid[12], essid[13], essid[14]); } for(k = 0; k < 10000; k++) { fprintf(fhout, "%04d%C%C%C%C0\n", k, essid[11], essid[12], essid[13], essid[14]); } } return; } /*===========================================================================*/ static void testpoda(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k; static const char *poda = "PODA_"; if(podaflag == true) return; if(essidlen < 5) return; if(memcmp(essid, poda, 5) != 0) return; for(k = 0; k < 1000000; k++) fprintf(fhout, "%06d%06d\n", k, k); podaflag = true; return; } /*===========================================================================*/ static void testroamingman(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k1, k2, k3; static char *ev; static const char *roamingman = "Roamingman_"; if(essidlen != 16) return; if((!isdigit((unsigned char)essid[11])) || (!isdigit((unsigned char)essid[12])) || (!isdigit((unsigned char)essid[13])) || (!isdigit((unsigned char)essid[14])) || (!isdigit((unsigned char)essid[15]))) return; if(memcmp(essid, roamingman, 11) != 0) return; ev = (char*)(essid +11); k2 = strtol(ev, NULL, 10); for(k3 = k2 -10; k3 < k2 +10; k3++) { for(k1 = 0; k1 < 1000; k1++) { if(k3 < 0) fprintf(fhout, "%03d%05d\n", k1, k3 +100000); else if(k3 > 99999) fprintf(fhout, "%03d%05d\n", k1, k3 -100000); else fprintf(fhout, "%03d%05d\n", k1, k3); } } return; } /*===========================================================================*/ static void testrtk(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k1; static const char *rtk = "RTK-"; if(essidlen == 10) { if((isxdigit((unsigned char)essid[4])) && (isxdigit((unsigned char)essid[5])) && (isxdigit((unsigned char)essid[6])) && (isxdigit((unsigned char)essid[7])) && (isxdigit((unsigned char)essid[8])) && (isxdigit((unsigned char)essid[9]))) { if(memcmp(essid, rtk, 4) == 0) { for(k1 = 0; k1 < 0x100000; k1++) { fprintf(fhout, "454C54585C0%05X\n", k1); fprintf(fhout, "454C54585C1%05X\n", k1); fprintf(fhout, "53434F4D1A0%05X\n", k1); fprintf(fhout, "ELTX1A0%05X\n", k1); fprintf(fhout, "ELTX5C0%05X\n", k1); } } return; } } return; } /*===========================================================================*/ static void testtechnicolor(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k1; static const char *tc8715d = "TC8715D"; static const char *tc8717t = "TC8717T"; if(essidlen >= 9) { if((!isxdigit((unsigned char)essid[7])) || (!isxdigit((unsigned char)essid[8]))) return; if(memcmp(essid, tc8715d, 7) == 0) { for(k1 = 0; k1 < 0x10000; k1++) fprintf(fhout, "TC8715D%04X%c%c\n", k1, essid[7], essid[8]); } if(memcmp(essid, tc8717t, 7) == 0) { for(k1 = 0; k1 < 0x10000; k1++) fprintf(fhout, "TC8717T%04X%c%c\n", k1, essid[7], essid[8]); } return; } return; } /*===========================================================================*/ static void testtelered(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static uint32_t i; static int c; static const char *telered = "TeleRed-"; static uint32_t fix[] = { 0x324b, 0x96e6, 0x9c67, 0xa266, 0xcfe2 }; #define FIX_SIZE sizeof(fix) /sizeof(int) if(essidlen < 12) return; if(memcmp(essid, telered, 8) != 0) return; if((!isxdigit((unsigned char)essid[8])) || (!isxdigit((unsigned char)essid[9])) || (!isxdigit((unsigned char)essid[10])) || (!isxdigit((unsigned char)essid[11]))) return; for(i = 0; i < FIX_SIZE; i++) { for(c = 0; c < 0x100; c++) fprintf(fhout, "%04X%02X%C%C%C%C\n", fix[i], c, essid[8], essid[9], essid[10], essid[11]); } return; } /*===========================================================================*/ static void testukrtelecom(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k; static const char *ukrtelekom = "UKrtelecom"; static char essidtmp[PSKSTRING_LEN_MAX] = {}; if(ukrtelecomflag == true) return; if(essidlen < 10) return; if(memcmp(essid, ukrtelekom, 10) != 0) return; for(k = 0; k < 10000; k++) { snprintf(essidtmp, PSKSTRING_LEN_MAX, "UKR_%04d", k); writepsk(fhout, essidtmp); } ukrtelecomflag = true; return; } /*===========================================================================*/ static void testwifirsu(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k1; static const char *wifirsu = "WiFiRSU_"; static char essidtmp[PSKSTRING_LEN_MAX] = {}; if(essidlen < 10) return; if(memcmp(essid, wifirsu, 8) != 0) return; if(essidlen == 10) { if((!isxdigit((unsigned char)essid[8])) || (!isxdigit((unsigned char)essid[9]))) return; for(k1 = 0; k1 < 0x10000; k1++) { snprintf(essidtmp, PSKSTRING_LEN_MAX, "88%04x%c%c", k1, essid[8], essid[9]); writepsk(fhout, essidtmp); } return; } if(essidlen == 13) { if((!isxdigit((unsigned char)essid[8])) || (!isxdigit((unsigned char)essid[9])) || (!isxdigit((unsigned char)essid[10])) || (!isxdigit((unsigned char)essid[11])) || (!isxdigit((unsigned char)essid[12]))) return; for(k1 = 0; k1 < 0x10; k1++) { snprintf(essidtmp, PSKSTRING_LEN_MAX, "88%x%c%c%c%c%c", k1, essid[8], essid[9], essid[10], essid[11], essid[12]); writepsk(fhout, essidtmp); } return; } return; } /*===========================================================================*/ static void testwlan(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k1, k2, k3, k4, k5, k6 ,k7 ,k8, k9; static const char *wifirsu = "WLAN-"; static const char hextable[] = "0123456789ABCDEF"; if(essidlen != 11) return; if(memcmp(essid, wifirsu, 5) != 0) return; if((!isxdigit((unsigned char)essid[5])) || (!isxdigit((unsigned char)essid[6])) || (!isxdigit((unsigned char)essid[7])) || (!isxdigit((unsigned char)essid[8])) || (!isdigit((unsigned char)essid[9])) || (!isdigit((unsigned char)essid[10]))) return; k1 = essid[9]; k2 = 0; k3 = essid[10]; k4 = essid[8]; k5 = 0; k6 = 0; k7 = 0; k8 = essid[6]; k9 = essid[7]; for(k2 = 0; k2 < 10; k2++) { for(k5 = 0; k5 <= 0xffff; k5++) { fprintf(fhout, "SP-%c%d%c%c%04X%d\n", k1, k2, k3, k4, k5, k2); fprintf(fhout, "SP%c%d%c%c%04X%d\n", k1, k2, k3, k4, k5, k2); } } for(k2 = 0; k2 < 10; k2++) { for(k5 = 0; k5 <= 0x0f; k5++) { for(k6 = 0; k6 <= 0x0f; k6++) { for(k7 = 0; k7 < 100; k7++) fprintf(fhout, "%c%d%c%02d%02d%02d%02d%d%02d%02d\n", k1, k2, k3, k4, hextable[k5], hextable[k6], k7, k2, k8, k9); } } } return; } /*===========================================================================*/ static void testx2g(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k; static char *x2g = "_2G"; if(essidlen < 9) return; if(memcmp(&essid[essidlen -9], x2g, 2) != 0) return; if((!isdigit((unsigned char)essid[essidlen -1])) || (!isdigit((unsigned char)essid[essidlen -2])) || (!isdigit((unsigned char)essid[essidlen -3])) || (!isdigit((unsigned char)essid[essidlen -4])) || (!isdigit((unsigned char)essid[essidlen -5])) || (!isdigit((unsigned char)essid[essidlen -6]))) return; for(k = 0; k < 0x100; k++) fprintf(fhout, "%02X%s\n", k, &essid[essidlen -6]); return; } /*===========================================================================*/ static void testzhone(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k; static char *zhone = "Zhone_"; if(znidflag == true) return; if(essidlen < 6) return; if(memcmp(essid, zhone, 6) != 0) return; for(k = 0; k < 10000000; k++) fprintf(fhout, "znid30%07d\n", k); for(k = 0; k < 10000000; k++) fprintf(fhout, "znid31%07d\n", k); znidflag = true; return; } /*===========================================================================*/ static void prepareessid(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int pi, po; static char essidtmp[PSKSTRING_LEN_MAX] = {}; if((essidlen == 0) || (essidlen > 32)) return; testx2g(fhout, essidlen, essid); testairtel(fhout, essidlen, essid); testalcatellinkzone(fhout, essidlen, essid); testarrisizzi(fhout, essidlen, essid); testarristg(fhout, essidlen, essid); testattwifi(fhout, essidlen, essid); testaxtelxtremo(fhout, essidlen, essid); testcabovisao(fhout, essidlen, essid); testcg3000dv2(fhout, essidlen, essid); testcpsrf(fhout, essidlen, essid); testeasybox(fhout, essidlen, essid); testglocal(fhout, essidlen, essid); testhotbox(fhout, essidlen, essid); testmtel(fhout, essidlen, essid); testmywifi(fhout, essidlen, essid); testnet2g(fhout, essidlen, essid); testnetv(fhout, essidlen, essid); testpoda(fhout, essidlen, essid); testroamingman(fhout, essidlen, essid); testrtk(fhout, essidlen, essid); testtechnicolor(fhout, essidlen, essid); testtelered(fhout, essidlen, essid); testukrtelecom(fhout, essidlen, essid); testwifirsu(fhout, essidlen, essid); testwlan(fhout, essidlen, essid); testzhone(fhout, essidlen, essid); if(noessidcombinationflag == true) return; writeessidsweeped(fhout, essidlen, essid); po = 0; memset(&essidtmp, 0, PSKSTRING_LEN_MAX); for(pi = essidlen -1; pi >= 0; pi--) { essidtmp[po] = essid[pi]; po++; } writepsk(fhout, essidtmp); return; } /*===========================================================================*/ static void processessids(FILE *fhout) { static int c; static apessidl_t *zeiger; static apessidl_t *zeiger1; qsort(apessidliste, apessidcount, APESSIDLIST_SIZE, sort_apessidlist_by_essid); zeiger = apessidliste; for(c = 0; c < apessidcount; c++) { essidglen = zeiger->essidlen; if(c == 0) prepareessid(fhout, zeiger->essidlen, zeiger->essid); else { zeiger1 = zeiger -1; if(zeiger->essidlen != zeiger1->essidlen) { if(memcmp(zeiger->essid, zeiger1->essid, zeiger->essidlen) != 0) prepareessid(fhout, zeiger->essidlen, zeiger->essid); } } zeiger++; } return; } /*===========================================================================*/ /*===========================================================================*/ static void writebssidmd5(FILE *fhout, unsigned long long int macaddr) { static int k; static int p; static unsigned int digestmd5len; static EVP_MD_CTX* mdctx; static char message[PSKSTRING_LEN_MAX]; static uint8_t digestmd5[EVP_MAX_MD_SIZE]; static char keystring[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"; snprintf(message, 14, "%012llX", macaddr); digestmd5len = 16; mdctx = EVP_MD_CTX_create(); if(mdctx == NULL) return; if(EVP_DigestInit_ex(mdctx, EVP_md5(), NULL) == 0) { EVP_MD_CTX_free(mdctx); return; } if(EVP_DigestUpdate(mdctx, message, 12) == 0) { EVP_MD_CTX_free(mdctx); return; } if(EVP_DigestFinal_ex(mdctx, digestmd5, &digestmd5len) == 0) { EVP_MD_CTX_free(mdctx); return; } EVP_MD_CTX_free(mdctx); for (p = 0; p < 10; p++) fprintf(fhout, "%02x",digestmd5[p]); fprintf(fhout, "\n"); for (p = 0; p < 8; p++) { k = (digestmd5[p] %26); fprintf(fhout, "%c",keystring[k]); } fprintf(fhout, "\n"); for (p = 0; p < 10; p++) { k = (digestmd5[p] %26); fprintf(fhout, "%c",keystring[k]); } fprintf(fhout, "\n"); for (p = 0; p < 15 ; p +=2) { k = (digestmd5[p] %26); fprintf(fhout, "%c",keystring[k]); } fprintf(fhout, "\n"); for (p = 1; p < 16 ; p +=2) { k = (digestmd5[p] %26); fprintf(fhout, "%c",keystring[k]); } fprintf(fhout, "\n"); return; } /*===========================================================================*/ static unsigned int wpspinchecksum(unsigned int pin) { static int accum = 0; while (pin) { accum += 3 * (pin % 10); pin /= 10; accum += pin % 10; pin /= 10; } return (10 - accum % 10) % 10; } /*---------------------------------------------------------------------------*/ static void writebssidwps(FILE *fhout, unsigned long long int macaddr) { static int pin; pin = (macaddr & 0xffffff) % 10000000; pin = ((pin * 10) + wpspinchecksum(pin)); fprintf(fhout, "%08d\n", pin); pin = (((macaddr >> 24) &0xff) *256 *256) +(((macaddr >> 16) &0xff) *256) + ((macaddr >> 8) &0xff); pin = pin % 10000000; pin = ((pin * 10) + wpspinchecksum(pin)); fprintf(fhout, "%08d\n", pin); return; } /*===========================================================================*/ static void writewpsall(FILE *fhout) { static int c, cs; for(c = 0; c < 10000000; c++) { cs = wpspinchecksum(c); fprintf(fhout, "%07d%d\n", c, cs); } return; } /*===========================================================================*/ static void writebssid(FILE *fhout, unsigned long long int macaddr) { static char pskstring[PSKSTRING_LEN_MAX] = {}; snprintf(pskstring, PSKSTRING_LEN_MAX, "0%012llx", macaddr); writepsk(fhout, pskstring); snprintf(pskstring, PSKSTRING_LEN_MAX, "2%012llx", macaddr); writepsk(fhout, pskstring); snprintf(pskstring, PSKSTRING_LEN_MAX, "m%012llx", macaddr); writepsk(fhout, pskstring); snprintf(pskstring, PSKSTRING_LEN_MAX, "555A5053%08llX", macaddr &0xffffffff); writepsk(fhout, pskstring); snprintf(pskstring, PSKSTRING_LEN_MAX, "8747%06llx", macaddr &0xffffff); writepsk(fhout, pskstring); snprintf(pskstring, PSKSTRING_LEN_MAX, "%012llx", macaddr); writepsk(fhout, pskstring); snprintf(pskstring, PSKSTRING_LEN_MAX, "%011llx", macaddr &0xfffffffffff); writepsk(fhout, pskstring); snprintf(pskstring, PSKSTRING_LEN_MAX, "%010llx", macaddr &0xffffffffff); writepsk(fhout, pskstring); snprintf(pskstring, PSKSTRING_LEN_MAX, "%09llx", macaddr &0xfffffffff); writepsk(fhout, pskstring); snprintf(pskstring, PSKSTRING_LEN_MAX, "%08llx", macaddr &0xffffffff); writepsk(fhout, pskstring); snprintf(pskstring, PSKSTRING_LEN_MAX, "%011llx", (macaddr >> 4) &0xfffffffffff); writepsk(fhout, pskstring); snprintf(pskstring, PSKSTRING_LEN_MAX, "%010llx", (macaddr >> 8) &0xffffffffff); writepsk(fhout, pskstring); snprintf(pskstring, PSKSTRING_LEN_MAX, "%09llx",(macaddr >> 12) &0xfffffffff); writepsk(fhout, pskstring); snprintf(pskstring, PSKSTRING_LEN_MAX, "%08llx", (macaddr >> 16) &0xffffffff); writepsk(fhout, pskstring); snprintf(pskstring, PSKSTRING_LEN_MAX, "%010lld", (macaddr) &0xffffff); writepsk(fhout, pskstring); writebssidmd5(fhout, macaddr); writebssidwps(fhout, macaddr); return; } /*===========================================================================*/ static void test000559(FILE *fhout, unsigned long long int macaddr) { static int k1; static unsigned long long int oui; static char essidtmp[PSKSTRING_LEN_MAX] = {}; oui = macaddr &0xffffff000000L; oui = oui >> 24; if(oui == 0x000559) { for(k1 = 0; k1 < 10000; k1++) { snprintf(essidtmp, PSKSTRING_LEN_MAX, "%012llX-%04d", macaddr, k1); writepsk(fhout, essidtmp); } } return; } /*===========================================================================*/ static void preparebssid(FILE *fhout, unsigned long long int macaddr) { static int c; static unsigned long long int oui; static unsigned long long int nic; static unsigned int nici; static int swap; static int me; static char pskstring[PSKSTRING_LEN_MAX] = {}; fprintf(fhout, "%012llX\n", macaddr &0xffffffffff); nici = ~macaddr &0xffffff; fprintf(fhout, "wlan%06x\n", nici); nici = ~macaddr &0xffffffff; fprintf(fhout, "%08x\n", nici); nici = (~macaddr >> 8) &0xffffffff; fprintf(fhout, "%08x\n", nici); me = macaddr &0xffffff; fprintf(fhout, "05%6d\n", me); oui = macaddr &0xffffff000000L; nic = (macaddr -0x7f) &0xffffffL; for(c = 0; c <= 0xff; c++) writebssid(fhout, oui +((nic +c) &0xffffffL)); swap = (nic >> 8) & 0xffff; { swap = (swap & 0xf000) >> 12 | (swap & 0x0f00) >> 4 | (swap & 0x00f0) << 4 | (swap & 0x000f) << 12; snprintf(pskstring, PSKSTRING_LEN_MAX, "000000%04X", swap); fprintf(fhout, "%s\n", pskstring); } test000559(fhout, macaddr); return; } /*===========================================================================*/ static void processbssids(FILE *fhout) { static int c; static apessidl_t *zeiger; static apessidl_t *zeiger1; qsort(apessidliste, apessidcount, APESSIDLIST_SIZE, sort_apessidlist_by_ap); zeiger = apessidliste; for(c = 0; c < apessidcount; c++) { if(c == 0) preparebssid(fhout, zeiger->macaddr); else { zeiger1 = zeiger -1; if(zeiger->macaddr != zeiger1->macaddr) preparebssid(fhout, zeiger->macaddr); } zeiger++; } return; } /*===========================================================================*/ static void processadditionals(FILE *fhout) { if(netgearflag == true) keywritenetgear(fhout); if(spectrumflag == true) keywritespectrum(fhout); if(digit10flag == true) keywritedigit10(fhout); if(phomeflag == true) keywritephome(fhout); if(tendaflag == true) { keywritetenda1(fhout); keywritetenda2(fhout); } if(eeflag == true) keywriteee(fhout); if(alticeoptimumflag == true) keywritealticeoptimum(fhout); if(weakpassflag == true) keywriteweakpass(fhout); if(eudateflag == true) keywriteeudate(fhout); if(usdateflag == true) keywriteusdate(fhout); if((eudateflag == true) || (usdateflag == true)) keywriteyearyear(fhout); if(wpskeysflag == true) writewpsall(fhout); if(egnflag == true) keywriteegn(fhout); return; } /*===========================================================================*/ /*===========================================================================*/ static void addapessid(uint64_t macaddr, uint8_t essidlen, uint8_t *essid) { static apessidl_t *zeiger; if(essidlen > ESSID_LEN_MAX) return; if(apessidliste == NULL) { apessidliste = malloc(APESSIDLIST_SIZE); if(apessidliste == NULL) { fprintf(stderr, "failed to allocate memory\n"); exit(EXIT_FAILURE); } memset(apessidliste, 0, APESSIDLIST_SIZE); apessidliste->macaddr = macaddr; apessidliste->essidlen = essidlen; memcpy(apessidliste->essid, essid, essidlen); apessidcount++; return; } zeiger = apessidliste +apessidcount -1; if((zeiger->macaddr == macaddr) && (zeiger->essidlen == essidlen) && (memcmp(zeiger->essid, essid, essidlen) == 0)) return; zeiger = realloc(apessidliste, (apessidcount +1) *APESSIDLIST_SIZE); if(zeiger == NULL) { fprintf(stderr, "failed to allocate memory\n"); exit(EXIT_FAILURE); } apessidliste = zeiger; zeiger = apessidliste +apessidcount; memset(zeiger, 0, APESSIDLIST_SIZE); zeiger->macaddr = macaddr; zeiger->essidlen = essidlen; memcpy(zeiger->essid, essid, essidlen); apessidcount++; return; } /*===========================================================================*/ /*===========================================================================*/ static size_t chop(char *buffer, size_t len) { static char *ptr; ptr = buffer +len -1; while(len) { if (*ptr != '\n') break; *ptr-- = 0; len--; } while(len) { if (*ptr != '\r') break; *ptr-- = 0; len--; } return len; } /*---------------------------------------------------------------------------*/ static int fgetline(FILE *inputstream, size_t size, char *buffer) { static size_t len; static char *buffptr; if(feof(inputstream)) return -1; buffptr = fgets (buffer, size, inputstream); if(buffptr == NULL) return -1; len = strlen(buffptr); len = chop(buffptr, len); return len; } /*===========================================================================*/ static void readpmkidfile(char *pmkidname) { static int len; static int aktread = 1; static int essidlen; static char *macaddrstop = NULL; static unsigned long long int macaddr; static FILE *fh_file; static char linein[PMKID_LINE_LEN]; static uint8_t essid[ESSID_LEN_MAX]; if((fh_file = fopen(pmkidname, "r")) == NULL) { fprintf(stderr, "opening hash file failed %s\n", pmkidname); return; } while(1) { if((len = fgetline(fh_file, PMKID_LINE_LEN, linein)) == -1) break; if((len < 61) || ((len > 59 +(ESSID_LEN_MAX *2)))) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); aktread++; continue; } if(((linein[32] != ':') && (linein[45] != ':') && (linein[58] != ':')) && ((linein[32] != '*') && (linein[45] != '*') && (linein[58] != '*'))) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); aktread++; continue; } essidlen = len -59; if((essidlen %2) != 0) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); aktread++; continue; } macaddr = strtoull(linein +33, &macaddrstop, 16); if((macaddrstop -linein) != 45) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); aktread++; continue; } if(hex2bin(&linein[59], essid, essidlen/2) == true) addapessid(macaddr, essidlen/2, essid); aktread++; } fclose(fh_file); return; } /*===========================================================================*/ static void readpmkideapolfile(char *pmkideapolname) { static int len; static int aktread = 1; static int essidlen; static char *macaddrstop = NULL; static char *essidstop = NULL; static unsigned long long int macaddr; static FILE *fh_file; static const char hlid1[] = { "WPA*01*" }; static const char hlid2[] = { "WPA*02*" }; static char linein[PMKIDEAPOL_LINE_LEN]; static uint8_t essid[ESSID_LEN_MAX]; if((fh_file = fopen(pmkideapolname, "r")) == NULL) { fprintf(stderr, "opening hash file failed %s\n", pmkideapolname); return; } while(1) { if((len = fgetline(fh_file, PMKIDEAPOL_LINE_LEN, linein)) == -1) break; if(len < 68) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); aktread++; continue; } if((memcmp(&hlid1, linein, 7) != 0) && (memcmp(&hlid2, linein, 7) != 0)) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); aktread++; continue; } if((linein[3] != '*') && (linein[6] != '*') && (linein[39] != '*') && (linein[52] != '*') && (linein[65] != '*')) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); aktread++; continue; } essidstop = strchr(&linein[66], '*'); if(essidstop == NULL) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); aktread++; continue; } essidlen = essidstop -linein -66; if((essidlen %2) != 0) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); aktread++; continue; } macaddr = strtoull(linein +40, &macaddrstop, 16); if((macaddrstop -linein) != 52) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); aktread++; continue; } if(hex2bin(&linein[66], essid, essidlen/2) == true) addapessid(macaddr, essidlen/2, essid); aktread++; } fclose(fh_file); return; } /*===========================================================================*/ static int getwpapskfmt(int lenlinein, char *linein) { static int p; static const char *johnformat = "$WPAPSK$"; for(p = 0; p < lenlinein -8; p++) { if(memcmp(&linein[p], johnformat, 8) == 0) return p; } return 0; } /*===========================================================================*/ static void readjohnfile(char *johnname) { static int len; static int aktread = 1; static int essidlen; static int macp; static char *macaddrstop = NULL; static unsigned long long int macaddr; static FILE *fh_file; static char linein[JOHN_LINE_LEN]; if((fh_file = fopen(johnname, "r")) == NULL) { fprintf(stderr, "opening hash file failed %s\n", johnname); return; } while(1) { if((len = fgetline(fh_file, JOHN_LINE_LEN, linein)) == -1) break; if(len < 475) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); aktread++; continue; } essidlen = getwpapskfmt(len, linein); if(essidlen == 0) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); aktread++; continue; } if(essidlen < 2) { aktread++; continue; } essidlen--; if(memcmp(linein, &linein[essidlen +9], essidlen) != 0) { aktread++; continue; } macp = (essidlen *2) +10; while((macp < essidlen) || (linein[macp] != ':')) { macp++; } if((linein[macp +18] != ':') || (linein[macp +36] != ':') || (linein[macp +49] != ':')) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); aktread++; continue; } macaddr = strtoull(linein +macp +37, &macaddrstop, 16); if((macaddrstop -linein) != (macp +49)) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); aktread++; continue; } fprintf(stdout, "%llx %.*s\n", macaddr, essidlen, linein); addapessid(macaddr, essidlen, (uint8_t*)linein); aktread++; } fclose(fh_file); return; } /*===========================================================================*/ static void readhccapxfile(char *hccapxname) { static struct stat statinfo; static hccapx_t *hcxptr; static FILE *fhhcx; static unsigned long long int macaddr; static uint8_t hcxdata[HCCAPX_SIZE]; if(stat(hccapxname, &statinfo) != 0) { fprintf(stderr, "can't stat %s\n", hccapxname); return; } if((statinfo.st_size %HCCAPX_SIZE) != 0) { fprintf(stderr, "file corrupt\n"); return; } if((fhhcx = fopen(hccapxname, "r")) == NULL) { fprintf(stderr, "error opening file %s", hccapxname); return; } hcxptr = (hccapx_t*)hcxdata; while(fread(&hcxdata, HCCAPX_SIZE, 1, fhhcx) == 1) { if(hcxptr->signature != HCCAPX_SIGNATURE) continue; if((hcxptr->version != 3) && (hcxptr->version != 4)) continue; if(hcxptr->essid_len > ESSID_LEN_MAX) continue; macaddr = 0; macaddr = hcxptr->mac_ap[0]; macaddr = (macaddr << 8) + hcxptr->mac_ap[1]; macaddr = (macaddr << 8) + hcxptr->mac_ap[2]; macaddr = (macaddr << 8) + hcxptr->mac_ap[3]; macaddr = (macaddr << 8) + hcxptr->mac_ap[4]; macaddr = (macaddr << 8) + hcxptr->mac_ap[5]; addapessid(macaddr, hcxptr->essid_len, hcxptr->essid); } fclose(fhhcx); return; } /*===========================================================================*/ static void readcommandline(char *macapname, char *essidname) { static int essidlen = 0; static int essidlenuh = 0; static char *macaddrstop = NULL; static unsigned long long int macaddr = 0xffffffffffffL; static uint8_t essid[ESSID_LEN_MAX]; if(macapname != NULL) { macaddr = strtoull(macapname, &macaddrstop, 16); if((macaddrstop -macapname) != 12) fprintf(stderr, "invalid MAC specified\n"); } memset(&essid, 0, ESSID_LEN_MAX); essidlen = strlen(essidname); if(essidname != NULL) { essidlenuh = ishexify(essidname); if((essidlenuh > 0) && (essidlenuh <= ESSID_LEN_MAX)) { if(hex2bin(&essidname[5], essid, essidlenuh) == true) addapessid(macaddr, essidlenuh, essid); return; } memset(&essid, 0, ESSID_LEN_MAX); if(essidlen <= ESSID_LEN_MAX) memcpy(&essid, essidname, essidlen); } addapessid(macaddr, essidlen, essid); return; } /*===========================================================================*/ __attribute__ ((noreturn)) static void version(char *eigenname) { fprintf(stdout, "%s %s (C) %s ZeroBeat\n", eigenname, VERSION_TAG, VERSION_YEAR); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) static void usage(char *eigenname) { fprintf(stdout, "%s %s (C) %s ZeroBeat\n" "usage:\n" "%s \n" "\n" "options:\n" "-c : input PMKID/EAPOL hash file (hashcat -m 22000/22001)\n" "-i : input EAPOL hash file (hashcat -m 2500/2501)\n" "-j : input EAPOL hash file (john)\n" "-z : input PMKID hash file (hashcat -m 16800/16801 and john)\n" "-e : input ESSID\n" "-b : input MAC access point\n" " format: 112233445566\n" "-o : output PSK file\n" " default: stdout\n" " output list must be sorted unique!\n" "-h : show this help\n" "-v : show version\n" "\n" "--maconly : print only candidates based on ACCESS POINT MAC\n" "--noessidcombination: exclude ESSID combinations\n" "--netgear : include weak NETGEAR / ORBI / NTGR_VMB / ARLO_VMB candidates\n" "--spectrum : include weak MySpectrumWiFi / SpectrumSetup / MyCharterWiFi candidates\n" " list will be > 1.7GB\n" "--digit10 : include weak 10 digit candidates (INFINITUM, ALHN, INEA, VodafoneNet, VIVACOM)\n" " list will be > 1GB\n" "--phome : include weak PEGATRON HOME candidates\n" "--tenda : include weak TENDA candidates\n" "--ee : include weak EE BrightBox candidates\n" " list will be > 3GB\n" "--alticeoptimum : include weak Altice/Optimum candidates (MyAltice)\n" "--weakpass : include weak password candidates\n" "--eudate : include complete european dates\n" "--usdate : include complete american dates\n" "--wpskeys : include complete WPS keys\n" "--egn : include Bulgarian EGN\n" "--help : show this help\n" "--version : show version\n" "\n" "if hcxpsktool recovered your password, you should change it immediately!\n\n", eigenname, VERSION_TAG, VERSION_YEAR, eigenname); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) static void usageerror(char *eigenname) { fprintf(stdout, "%s %s (C) %s by ZeroBeat\n" "usage: %s -h for help\n", eigenname, VERSION_TAG, VERSION_YEAR, eigenname); exit(EXIT_FAILURE); } /*===========================================================================*/ int main(int argc, char *argv[]) { static int auswahl; static int index; static FILE *fhpsk; static char *pmkideapolname = NULL; static char *hccapxname = NULL; static char *johnname = NULL; static char *pmkidname = NULL; static char *essidname = NULL; static char *macapname = NULL; static char *pskname = NULL; airtelflag = false; alticeoptimumflag = false; spectrumflag = false; digit10flag = false; easyboxflag = false; eeflag = false; egnflag = false; eudateflag = false; hb5flag = false; maconlyflag = false; noessidcombinationflag = false; netgearflag = false; phomeflag = false; podaflag = false; tendaflag = false; ukrtelecomflag = false; usdateflag = false; weakpassflag = false; wpskeysflag = false; znidflag = false; static const char *short_options = "c:i:j:z:o:e:b:o:hv"; static const struct option long_options[] = { {"maconly", no_argument, NULL, HCXD_MACONLY}, {"noessidcombination", no_argument, NULL, HCXD_NOESSIDCOMBINATION}, {"netgear", no_argument, NULL, HCXD_NETGEAR}, {"spectrum", no_argument, NULL, HCXD_SPECTRUM}, {"digit10", no_argument, NULL, HCXD_DIGIT10}, {"phome", no_argument, NULL, HCXD_PHOME}, {"tenda", no_argument, NULL, HCXD_TENDA}, {"ee", no_argument, NULL, HCXD_EE}, {"alticeoptimum", no_argument, NULL, HCXD_ALTICEOPTIMUM}, {"weakpass", no_argument, NULL, HCXD_WEAKPASS}, {"eudate", no_argument, NULL, HCXD_EUDATE}, {"usdate", no_argument, NULL, HCXD_USDATE}, {"wpskeys", no_argument, NULL, HCXD_WPSKEYS}, {"egn", no_argument, NULL, HCXD_EGN}, {"version", no_argument, NULL, HCXD_VERSION}, {"help", no_argument, NULL, HCXD_HELP}, {NULL, 0, NULL, 0} }; auswahl = -1; index = 0; optind = 1; optopt = 0; while((auswahl = getopt_long (argc, argv, short_options, long_options, &index)) != -1) { switch (auswahl) { case HCXD_MACONLY: maconlyflag = true; break; case HCXD_NETGEAR: netgearflag = true; break; case HCXD_SPECTRUM: spectrumflag = true; break; case HCXD_NOESSIDCOMBINATION: noessidcombinationflag = true; break; case HCXD_DIGIT10: digit10flag = true; break; case HCXD_PHOME: phomeflag = true; break; case HCXD_TENDA: tendaflag = true; break; case HCXD_EE: eeflag = true; break; case HCXD_ALTICEOPTIMUM: alticeoptimumflag = true; break; case HCXD_WEAKPASS: weakpassflag = true; break; case HCXD_EUDATE: eudateflag = true; break; case HCXD_USDATE: usdateflag = true; break; case HCXD_WPSKEYS: wpskeysflag = true; break; case HCXD_EGN: egnflag = true; break; case HCXD_HELP: usage(basename(argv[0])); break; case HCXD_VERSION: version(basename(argv[0])); break; case 'c': pmkideapolname = optarg; break; case 'i': hccapxname = optarg; break; case 'j': johnname = optarg; break; case 'z': pmkidname = optarg; break; case 'e': essidname = optarg; break; case 'b': macapname = optarg; if(strlen(macapname) != 12) { fprintf(stderr, "invalid MAC specified\n"); exit(EXIT_FAILURE); } break; case 'o': pskname = optarg; break; case '?': usageerror(basename(argv[0])); break; } } if(argc < 2) { fprintf(stderr, "no option selected\n"); return EXIT_SUCCESS; } globalinit(); if((macapname != NULL) || (essidname != NULL)) { readcommandline(macapname, essidname); } if(pmkideapolname != NULL) { readpmkideapolfile(pmkideapolname); } if(pmkidname != NULL) { readpmkidfile(pmkidname); } if(hccapxname != NULL) { readhccapxfile(hccapxname); } if(johnname != NULL) { readjohnfile(johnname); } if(apessidliste == NULL) { fprintf(stderr, "no hashes loaded\n"); } if(pskname != NULL) { if((fhpsk = fopen(pskname, "w")) == NULL) { fprintf(stderr, "error opening psk file %s\n", pskname); exit(EXIT_FAILURE); } processbssids(fhpsk); if(maconlyflag == false) { processessids(fhpsk); processbssidsessids(fhpsk); processadditionals(fhpsk); } } else { processbssids(stdout); if(maconlyflag == false) { processessids(stdout); processbssidsessids(stdout); processadditionals(stdout); } } if(pskname != NULL) { fclose(fhpsk); } EVP_cleanup(); CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); return EXIT_SUCCESS; } /*===========================================================================*/ hcxtools-6.2.7/hcxwltool.c000066400000000000000000000352251423200176400155660ustar00rootroot00000000000000#define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include "include/hcxwltool.h" /*===========================================================================*/ /* global variable */ static bool wantstraight; static bool wantdigit; static bool wantxdigit; static bool wantlower; static bool wantupper; static bool wantcapital; static int sweeplen; /*===========================================================================*/ static void printstraightlower(FILE *fh_out, int len, char *linein) { static int p,px; static char lineout[LINEIN_MAX] = {}; px = 0; for(p = 0; p < len; p++) { if(isupper((unsigned char)linein[p])) { lineout[p] = tolower((unsigned char)linein[p]); } else { lineout[p] = linein[p]; } if(isxdigit((unsigned char)lineout[p])) { px++; } } lineout[p] = 0; if(p != px) { fprintf(fh_out, "%s\n", lineout); } return; } /*===========================================================================*/ static void printstraightupper(FILE *fh_out, int len, char *linein) { static int p, px; static char lineout[LINEIN_MAX] = {}; px = 0; for(p = 0; p < len; p++) { if(islower((unsigned char)linein[p])) { lineout[p] = toupper((unsigned char)linein[p]); } else { lineout[p] = linein[p]; } if(isxdigit((unsigned char)lineout[p])) { px++; } } lineout[p] = 0; if(p != px) { fprintf(fh_out, "%s\n", lineout); } return; } /*===========================================================================*/ static void printstraightcapital(FILE *fh_out, int len, char *linein) { static int p,px; static char lineout[LINEIN_MAX] = {}; px = 0; for(p = 0; p < len; p++) { if(isupper((unsigned char)linein[p])) { lineout[p] = tolower((unsigned char)linein[p]); } else { lineout[p] = linein[p]; } if(isxdigit((unsigned char)lineout[p])) { px++; } } lineout[p] = 0; if((p != px) && ((lineout[0] >= 'a') && (lineout[0] <= 'z'))) { lineout[0] = toupper((unsigned char)linein[0]); fprintf(fh_out, "%s\n", lineout); } return; } /*===========================================================================*/ static void printstraightstraight(FILE *fh_out, char *linein) { fprintf(fh_out, "%s\n", linein); return; } /*===========================================================================*/ static void printstraigthsweep(FILE *fh_out, int slen, int len, char *linein) { static int l; static char lineout[LINEIN_MAX] = {}; if(len >= slen) { for(l = 0; l <= len -slen; l++) { memcpy(&lineout, &linein[l], slen); lineout[slen] = 0; if(wantlower == true) { printstraightlower(fh_out, slen, lineout); } if(wantupper == true) { printstraightupper(fh_out, slen, lineout); } if(wantcapital == true) { printstraightcapital(fh_out, slen, lineout); } if((wantlower == false) && (wantupper == false) && (wantcapital == false)) { printstraightstraight(fh_out, lineout); } } } return; } /*===========================================================================*/ static void handlestraight(FILE *fh_out, int len, char *linein) { if(sweeplen == 0) { if(wantlower == true) { printstraightlower(fh_out, len, linein); } if(wantupper == true) { printstraightupper(fh_out, len, linein); } if(wantcapital == true) { printstraightcapital(fh_out, len, linein); } if((wantlower == false) && (wantupper == false) && (wantcapital == false)) { printstraightstraight(fh_out, linein); } } else { printstraigthsweep(fh_out, sweeplen, len,linein); } return; } /*===========================================================================*/ static void printxdigitlower(FILE *fh_out, int len, char *linein) { static int p, pd; static char lineout[LINEIN_MAX] = {}; pd = 0; for(p = 0; p < len; p++) { if(isupper((unsigned char)linein[p])) { lineout[p] = tolower((unsigned char)linein[p]); } else { lineout[p] = linein[p]; } if(isdigit((unsigned char)lineout[p])) { pd++; } } lineout[p] = 0; if(p != pd) { fprintf(fh_out, "%s\n", lineout); } return; } /*===========================================================================*/ static void printxdigitupper(FILE *fh_out, int len, char *linein) { static int p, pd; static char lineout[LINEIN_MAX] = {}; pd = 0; for(p = 0; p < len; p++) { if(islower((unsigned char)linein[p])) { lineout[p] = toupper((unsigned char)linein[p]); } else { lineout[p] = linein[p]; } if(isdigit((unsigned char)lineout[p])) { pd++; } } lineout[p] = 0; if(p != pd) { fprintf(fh_out, "%s\n", lineout); } return; } /*===========================================================================*/ static void printxdigitstraight(FILE *fh_out, int len, char *linein) { static int p, pd; pd = 0; for(p = 0; p < len; p++) { if(isdigit((unsigned char)linein[p])) { pd++; } } if(p != pd) { fprintf(fh_out, "%s\n", linein); } return; } /*===========================================================================*/ static void printxdigitsweep(FILE *fh_out, int slen, int len, char *linein) { static int l; static char lineout[LINEIN_MAX] = {}; if(len >= slen) { for(l = 0; l <= len -slen; l++) { memcpy(&lineout, &linein[l], slen); lineout[slen] = 0; if(wantlower == true) { printxdigitlower(fh_out, slen, lineout); } if(wantupper == true) { printxdigitupper(fh_out, slen, lineout); } if((wantlower == false) && (wantupper == false)) { printxdigitstraight(fh_out, slen, lineout); } } } return; } /*===========================================================================*/ static void handlexdigit(FILE *fh_out, int len, char *linein) { static int i, o; static char lineout[LINEIN_MAX] = {}; o = 0; for(i = 0; i < len; i++) { if(isxdigit((unsigned char)linein[i])) { lineout[o] = linein[i]; o++; } } lineout[o] = 0; if((o < 8) || (o > 63)) { return; } if(sweeplen == 0) { if(wantlower == true) { printxdigitlower(fh_out, o, lineout); } if(wantupper == true) { printxdigitupper(fh_out, o, lineout); } if((wantlower == false) && (wantupper == false)) { printxdigitstraight(fh_out, o, lineout); } } else { printxdigitsweep(fh_out, sweeplen, o,lineout); } return; } /*===========================================================================*/ static void printdigitsweep(FILE *fh_out, int slen, int len, char *linein) { static int l; static char lineout[LINEIN_MAX] = {}; if(len >= slen) { for(l = 0; l <= len -slen; l++) { memcpy(&lineout, &linein[l], slen); lineout[slen] = 0; fprintf(fh_out, "%s\n", lineout); } } return; } /*===========================================================================*/ static void handledigit(FILE *fh_out, int len, char *linein) { static int i, o; static char lineout[LINEIN_MAX] = {}; o = 0; for(i = 0; i < len; i++) { if(isdigit((unsigned char)linein[i])) { lineout[o] = linein[i]; o++; } } lineout[o] = 0; if((o < 8) || (o > 63)) { return; } if(sweeplen == 0) { fprintf(fh_out, "%s\n", lineout); } else { printdigitsweep(fh_out, sweeplen, o, lineout); } return; } /*===========================================================================*/ static int handleignore(int len, char *linein) { static char *wlan = "WLAN-"; static char *skyroam = "#Skyroam_"; static char *huitube3 = "3HuiTube_"; static char *pocket3 = "3Pocket_"; static char *mobilewifi3 = "3MobileWiFi-"; static char *tube3 = "3Tube_"; static char *web3 = "3Web"; static char *webcube = "WebCube"; static char *neo3 = "3neo_"; static char *wifi4g = "4G Wi-Fi 3Danmark-"; if(len == 11) { if(memcmp(wlan, linein, 5) == 0) { return 0; } if(memcmp(webcube, linein, 7) == 0) { return 0; } } if(len == 12) { if(memcmp(skyroam, linein, 9) == 0) { return 0; } if(memcmp(web3, linein, 4) == 0) { return 0; } if(memcmp(webcube, linein, 7) == 0) { return 0; } } if(len == 13) { if(memcmp(skyroam, linein, 9) == 0) { return 0; } if(memcmp(webcube, linein, 7) == 0) { return 0; } } if(len == 14) { if(memcmp(skyroam, linein, 9) == 0) { return 0; } if(memcmp(web3, linein, 4) == 0) { return 0; } if(memcmp(webcube, linein, 7) == 0) { return 0; } } if(len == 15) { if(memcmp(webcube, linein, 7) == 0) { return 0; } } if(len == 16) { if(memcmp(pocket3, linein, 8) == 0) { return 0; } if(memcmp(mobilewifi3, linein, 11) == 0) { return 0; } if(memcmp(neo3, linein, 5) == 0) { return 0; } } if(len == 17) { if(memcmp(tube3, linein, 6) == 0) { return 0; } } if(len == 18) { if(memcmp(huitube3, linein, 9) == 0) { return 0; } if(memcmp(wifi4g, linein, 18) == 0) { return 0; } } if(len == 20) { if(memcmp(huitube3, linein, 9) == 0) { return 0; } } if(len == 22) { if(memcmp(wifi4g, linein, 18) == 0) { return 0; } } return len; } /*===========================================================================*/ static int handlehex(int len, char *line) { static char *token = "$HEX["; if(len >= 6) { if((memcmp(line, token, 5) == 0) && (line[len -1] == ']')) { return 0; } } return len; } /*===========================================================================*/ static size_t chop(char *buffer, size_t len) { static char *ptr; ptr = buffer +len -1; while(len) { if (*ptr != '\n') break; *ptr-- = 0; len--; } while(len) { if (*ptr != '\r') break; *ptr-- = 0; len--; } return len; } /*---------------------------------------------------------------------------*/ static int fgetline(FILE *fh_in, size_t size, char *buffer) { static size_t len; static char *buffptr; if(feof(fh_in)) return -1; buffptr = fgets (buffer, size, fh_in); if(buffptr == NULL) return -1; len = strlen(buffptr); len = chop(buffptr, len); return len; } /*===========================================================================*/ static void processwordlist(char *wordlistinname, FILE *fh_out) { static int len; static FILE *fh_in; static char linein[LINEIN_MAX]; if((fh_in = fopen(wordlistinname, "r")) == NULL) { fprintf(stderr, "opening wordlist failed %s\n", wordlistinname); return; } while(1) { if((len = fgetline(fh_in, LINEIN_MAX, linein)) == -1) { break; } if((len < 8) || (len > 70)) { continue; } if(handlehex(len, linein) == 0) { continue; } if(wantstraight == true) { if(handleignore(len, linein) != 0) { handlestraight(fh_out, len, linein); } } if(wantdigit == true) { handledigit(fh_out, len, linein); } if(wantxdigit == true) { handlexdigit(fh_out, len, linein); } } fclose(fh_in); return; } /*===========================================================================*/ __attribute__ ((noreturn)) static void version(char *eigenname) { fprintf(stdout, "%s %s (C) %s ZeroBeat\n", eigenname, VERSION_TAG, VERSION_YEAR); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) static void usage(char *eigenname) { fprintf(stdout, "%s %s (C) %s ZeroBeat\n" "usage:\n" "%s \n" "\n" "options:\n" "-i : input wordlist\n" "-o : output wordlist to file\n" "-h : show this help\n" "-v : show version\n" "\n" "--straight : output format untouched\n" "--digit : output format only digits\n" "--xdigit : output format only xdigits\n" "--lower : output format only lower\n" "--upper : output format only upper\n" "--capital : output format only capital\n" "--length= : password length (8...32)\n" "--help : show this help\n" "--version : show version\n" "\n" "examples:\n" "hcxwltool -i wordlist --straight | sort | uniq | | sort | uniq | hashcat -m 22000 hashfile.hc22000\n" "hcxwltool -i wordlist --digit --length=10 | sort | uniq | | sort | uniq | hashcat -m 22000 hashfile.hc22000\n" "hcxwltool -i wordlist --digit | sort | uniq | hashcat -m 22000 hashfile.hc22000\n" "hcxwltool -i wordlist --xdigit | sort | uniq | john --stdin --format=wpapsk-opencl john.hashfile\n" "\n", eigenname, VERSION_TAG, VERSION_YEAR, eigenname); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) static void usageerror(char *eigenname) { fprintf(stdout, "%s %s (C) %s by ZeroBeat\n" "usage: %s -h for help\n", eigenname, VERSION_TAG, VERSION_YEAR, eigenname); exit(EXIT_FAILURE); } /*===========================================================================*/ int main(int argc, char *argv[]) { static int auswahl; static int index; static FILE *fh_out; static char *wordlistinname = NULL; static char *wordlistoutname = NULL; static const char *short_options = "i:o:hv"; static const struct option long_options[] = { {"straight", no_argument, NULL, HCX_STRAIGHT}, {"digit", no_argument, NULL, HCX_DIGIT}, {"xdigit", no_argument, NULL, HCX_XDIGIT}, {"lower", no_argument, NULL, HCX_LOWER}, {"upper", no_argument, NULL, HCX_UPPER}, {"capital", no_argument, NULL, HCX_CAPITAL}, {"length", required_argument, NULL, HCX_SWEEP_LEN}, {"version", no_argument, NULL, HCX_VERSION}, {"help", no_argument, NULL, HCX_HELP}, {NULL, 0, NULL, 0} }; wantstraight = false; wantdigit = false; wantxdigit = false; wantlower = false; wantupper = false; wantcapital = false; sweeplen = 0; auswahl = -1; index = 0; optind = 1; optopt = 0; while((auswahl = getopt_long (argc, argv, short_options, long_options, &index)) != -1) { switch (auswahl) { case HCX_INPUT_WORDLIST: wordlistinname = optarg; break; case HCX_OUTPUT_WORDLIST: wordlistoutname = optarg; break; case HCX_STRAIGHT: wantstraight = true; break; case HCX_DIGIT: wantdigit = true; break; case HCX_XDIGIT: wantxdigit = true; break; case HCX_LOWER: wantlower = true; break; case HCX_UPPER: wantupper = true; break; case HCX_CAPITAL: wantcapital = true; break; case HCX_SWEEP_LEN: sweeplen = strtol(optarg, NULL, 10); if((sweeplen < 8) || (sweeplen > 32)) { fprintf(stderr, "only 8...32 alowed\n"); exit(EXIT_FAILURE); } break; case HCX_HELP: usage(basename(argv[0])); break; case HCX_VERSION: version(basename(argv[0])); break; case '?': usageerror(basename(argv[0])); break; } } if(argc < 2) { fprintf(stderr, "no option selected\n"); return EXIT_SUCCESS; } if(wordlistoutname != 0) { if((fh_out = fopen(wordlistoutname, "w")) == NULL) { perror("failed to open output file"); exit(EXIT_FAILURE); } } else { fh_out = stdout; } if(wordlistinname != NULL) { processwordlist(wordlistinname, fh_out); } if(wordlistoutname != 0) { fclose(fh_out); } return EXIT_SUCCESS; } /*===========================================================================*/ hcxtools-6.2.7/include/000077500000000000000000000000001423200176400150135ustar00rootroot00000000000000hcxtools-6.2.7/include/byteops.c000066400000000000000000000041051423200176400166440ustar00rootroot00000000000000#define _GNU_SOURCE #include #include #include /*===========================================================================*/ uint32_t rotl32(uint32_t a, uint32_t n) { return((a << n) | (a >> (32 - n))); } /*===========================================================================*/ uint64_t rotl64(uint64_t a, uint64_t n) { return ((a << n) | (a >> (64 - n))); } /*===========================================================================*/ uint32_t rotr32(uint32_t a, uint32_t n) { return ((a >> n) | (a << (32 - n))); } /*===========================================================================*/ uint64_t rotr64(uint64_t a, uint64_t n) { return ((a >> n) | (a << (64 - n))); } /*===========================================================================*/ uint16_t byte_swap_8(uint8_t n) { return (n & 0xf0) >> 4 | (n & 0x0f) << 4; } /*===========================================================================*/ uint16_t byte_swap_16(uint16_t n) { return (n & 0xff00) >> 8 | (n & 0x00ff) << 8; } /*===========================================================================*/ uint32_t byte_swap_32(uint32_t n) { #if defined (__clang__) || (defined (__GNUC__) && \ (__GNUC__ > 4 || __GNUC__ == 4 && __GNUC_MINOR__ > 2)) return __builtin_bswap32 (n); #else return(n & 0xff000000) >> 24 | (n & 0x00ff0000) >> 8 | (n & 0x0000ff00) << 8 | (n & 0x000000ff) << 24; #endif } /*===========================================================================*/ uint64_t byte_swap_64(uint64_t n) { #if defined (__clang__) || (defined (__GNUC__) && \ (__GNUC__ > 4 || __GNUC__ == 4 && __GNUC_MINOR__ > 2)) return __builtin_bswap64 (n); #else return (n & 0xff00000000000000ULL) >> 56 | (n & 0x00ff000000000000ULL) >> 40 | (n & 0x0000ff0000000000ULL) >> 24 | (n & 0x000000ff00000000ULL) >> 8 | (n & 0x00000000ff000000ULL) << 8 | (n & 0x0000000000ff0000ULL) << 24 | (n & 0x000000000000ff00ULL) << 40 | (n & 0x00000000000000ffULL) << 56; #endif } /*===========================================================================*/ hcxtools-6.2.7/include/fileops.c000066400000000000000000000071421423200176400166240ustar00rootroot00000000000000#define _GNU_SOURCE #include #include #include #include #include #include #include #include "fileops.h" /*===========================================================================*/ int getmagicnumber(int fd) { int res; magicnr_t mnr; res = read(fd, &mnr, 4); if(res != 4) return 0; return mnr.magic_number; } /*===========================================================================*/ void fwritetimestamphigh(uint32_t tshigh, FILE *fhd) { time_t pkttime; struct tm *pkttm; char tmbuf[64]; if(tshigh != 0) { pkttime = tshigh; pkttm = localtime(&pkttime); strftime(tmbuf, sizeof tmbuf, "%d%m%Y", pkttm); fprintf(fhd, "%s:", tmbuf); } else fprintf(fhd, "00000000:"); return; } /*===========================================================================*/ void fwriteaddr1(uint8_t *macw, FILE *fhd) { int p; for(p = 0; p< 6; p++) fprintf(fhd, "%02x", macw[p]); fprintf(fhd, ":"); return; } /*===========================================================================*/ void fwriteaddr1addr2(uint8_t *mac1, uint8_t *mac2, FILE *fhd) { fwriteaddr1(mac1, fhd); fwriteaddr1(mac2, fhd); return; } /*===========================================================================*/ void fwriteessidstrnoret(uint8_t len, unsigned char *essidstr, FILE *fhd) { int p; if(isasciistring(len, essidstr) != false) fprintf(fhd, "%.*s\n", len, essidstr); else { fprintf(fhd, "$HEX["); for(p = 0; p < len; p++) fprintf(fhd, "%02x", essidstr[p]); fprintf(fhd, "]:"); } return; } /*===========================================================================*/ void fwriteessidstr(uint8_t len, unsigned char *essidstr, FILE *fhd) { int p; if((len == 0) || (len > ESSID_LEN_MAX)) return; if(essidstr[0] == 0) return; if(isasciistring(len, essidstr) != false) fprintf(fhd, "%.*s\n", len, essidstr); else { fprintf(fhd, "$HEX["); for(p = 0; p < len; p++) fprintf(fhd, "%02x", essidstr[p]); fprintf(fhd, "]\n"); } return; } /*===========================================================================*/ void fwritedeviceinfostr(uint8_t len, unsigned char *deviceinfostr, FILE *fhd) { int p; fprintf(fhd, "\t"); if(deviceinfostr[0] == 0) return; if(isasciistring2(len, deviceinfostr) != false) fprintf(fhd, "%.*s", len, deviceinfostr); else { fprintf(fhd, "$HEX["); for(p = 0; p < len; p++) fprintf(fhd, "%02x", deviceinfostr[p]); fprintf(fhd, "]"); } return; } /*===========================================================================*/ void fwritestring(uint8_t len, unsigned char *essidstr, FILE *fhd) { int p; if(isasciistring(len, essidstr) != false) fprintf(fhd, "%.*s\n", len, essidstr); else { fprintf(fhd, "$HEX["); for(p = 0; p < len; p++) fprintf(fhd, "%02x", essidstr[p]); fprintf(fhd, "]\n"); } return; } /*===========================================================================*/ void fwritehexbuffraw(uint8_t bufflen, uint8_t *buff, FILE *fhd) { int p; for(p = 0; p < bufflen; p++) fprintf(fhd, "%02x", buff[p]); return; } /*===========================================================================*/ void fwritehexbuff(uint8_t bufflen, uint8_t *buff, FILE *fhd) { int p; for(p = 0; p < bufflen; p++) fprintf(fhd, "%02x", buff[p]); fprintf(fhd, "\n"); return; } /*===========================================================================*/ void removeemptyfile(char *filenametoremove) { struct stat statinfo; if(filenametoremove == NULL) return; if(stat(filenametoremove, &statinfo) != 0) return; if(statinfo.st_size == 0) { remove(filenametoremove); return; } return; } /*===========================================================================*/ hcxtools-6.2.7/include/fileops.h000066400000000000000000000004571423200176400166330ustar00rootroot00000000000000/*===========================================================================*/ struct magicnr_s { uint32_t magic_number; /* magic number */ }; typedef struct magicnr_s magicnr_t; #define MAGICNR_SIZE (sizeof(magicnr_t)) /*===========================================================================*/ hcxtools-6.2.7/include/gzops.c000066400000000000000000000041641423200176400163260ustar00rootroot00000000000000#include #include "gzops.h" /*===========================================================================*/ bool testgzipfile(char *pcapinname) { int pcapr_fd; uint32_t magicnumber; pcapr_fd = open(pcapinname, O_RDONLY); if(pcapr_fd == -1) return false; magicnumber = getmagicnumber(pcapr_fd); close(pcapr_fd); #ifdef BIG_ENDIAN_HOST magicnumber = byte_swap_32(magicnumber); #endif if((magicnumber & 0xffff) != GZIPMAGICNUMBER) return false; if(((magicnumber >> 16) & 0xff) != DEFLATE) return false; return true; } /*===========================================================================*/ bool decompressgz(char *gzname, char *tmpoutname) { FILE *fhin = NULL; FILE *fhout = NULL; z_stream strm; unsigned char in[CHUNK]; unsigned char out[CHUNK]; memset(&strm, 0, sizeof (strm)); strm.zalloc = Z_NULL; strm.zfree = Z_NULL; strm.opaque = Z_NULL; strm.next_in = in; strm.avail_in = 0; inflateInit2(& strm, windowBits | ENABLE_ZLIB_GZIP); printf("decompressing %s to %s\n", basename(gzname), tmpoutname); fhin = fopen (gzname, "r"); if(fhin == NULL) { printf("failed to decompress%s\n", gzname); return false; } fhout = fopen (tmpoutname, "w"); if(fhin == NULL) { printf("failed to decompress%s\n", tmpoutname); return false; } while(1) { int bytes_read; int zlib_status; bytes_read = fread(in, sizeof(char), sizeof(in), fhin); if(ferror(fhin)) { inflateEnd(&strm); printf("failed to decompress %s\n", gzname); fclose(fhout); fclose(fhin); return false; } strm.avail_in = bytes_read; strm.next_in = in; do { unsigned have; strm.avail_out = CHUNK; strm.next_out = out; zlib_status = inflate(&strm, Z_NO_FLUSH); switch (zlib_status) { case Z_OK: case Z_STREAM_END: case Z_BUF_ERROR: break; default: inflateEnd (&strm); printf("failed to decompress %s\n", gzname); return false; } have = CHUNK -strm.avail_out; fwrite(out, sizeof (unsigned char), have, fhout); } while(strm.avail_out == 0); if(feof(fhin)) { inflateEnd(&strm); break; } } fclose(fhout); fclose(fhin); return true; } /*===========================================================================*/ hcxtools-6.2.7/include/gzops.h000066400000000000000000000002011423200176400163170ustar00rootroot00000000000000#define GZIPMAGICNUMBER 0x8b1f #define DEFLATE 0x08 #define CHUNK 0x4000 #define windowBits 15 #define ENABLE_ZLIB_GZIP 32 hcxtools-6.2.7/include/hashcatops.c000066400000000000000000000123761423200176400173250ustar00rootroot00000000000000#include #include #include "hashcatops.h" /*===========================================================================*/ void writehccapxrecord(hcxl_t *zeiger, FILE *fho) { hccapx_t hccapx; wpakey_t *wpak, *wpak2; memset (&hccapx, 0, sizeof(hccapx_t)); hccapx.signature = HCCAPX_SIGNATURE; hccapx.version = HCCAPX_VERSION; hccapx.message_pair = 0x80; if((zeiger->keyinfo_ap == 1) && (zeiger->keyinfo_sta == 4)) { hccapx.message_pair = MESSAGE_PAIR_M12E2; if(zeiger->replaycount_ap != zeiger->replaycount_sta) { hccapx.message_pair |= 0x80; } } else if((zeiger->keyinfo_ap == 2) && (zeiger->keyinfo_sta == 4)) { hccapx.message_pair = MESSAGE_PAIR_M32E2; if(zeiger->replaycount_ap -1 != zeiger->replaycount_sta) { hccapx.message_pair |= 0x80; } } else if((zeiger->keyinfo_ap == 16) && (zeiger->keyinfo_sta == 4)) { hccapx.message_pair = MESSAGE_PAIR_M32E3; if(zeiger->replaycount_ap -1 != zeiger->replaycount_sta) { hccapx.message_pair |= 0x80; } } else if((zeiger->keyinfo_ap == 1) && (zeiger->keyinfo_sta == 8)) { hccapx.message_pair = MESSAGE_PAIR_M14E4; if(zeiger->replaycount_ap +1 != zeiger->replaycount_sta) { hccapx.message_pair |= 0x80; } } else if((zeiger->keyinfo_ap == 2) && (zeiger->keyinfo_sta == 8)) { hccapx.message_pair = MESSAGE_PAIR_M34E4; if(zeiger->replaycount_ap != zeiger->replaycount_sta) { hccapx.message_pair |= 0x80; } } hccapx.message_pair |= zeiger->endianess; wpak = (wpakey_t*)(zeiger->eapol +EAPAUTH_SIZE); hccapx.essid_len = zeiger->essidlen; memcpy(&hccapx.essid, zeiger->essid, 32); memcpy(&hccapx.mac_ap, zeiger->mac_ap, 6); memcpy(&hccapx.mac_sta, zeiger->mac_sta, 6); if(zeiger->keyinfo_ap == 16) { memcpy(&hccapx.nonce_ap, wpak->nonce, 32); memcpy(&hccapx.nonce_sta, zeiger->nonce, 32); } else { memcpy(&hccapx.nonce_ap, zeiger->nonce, 32); memcpy(&hccapx.nonce_sta, wpak->nonce, 32); } hccapx.eapol_len = zeiger->authlen; memcpy(&hccapx.eapol, zeiger->eapol, zeiger->authlen); memcpy(&hccapx.keymic, wpak->keymic, 16); wpak2 = (wpakey_t*)(hccapx.eapol +EAPAUTH_SIZE); memset(wpak2->keymic, 0, 16); hccapx.keyver = ntohs(wpak->keyinfo) & WPA_KEY_INFO_TYPE_MASK; #ifdef BIG_ENDIAN_HOST hccapx.signature = byte_swap_32(hccapx.signature); hccapx.version = byte_swap_32(hccapx.version); hccapx.eapol_len = byte_swap_16(hccapx.eapol_len); #endif fwrite (&hccapx, sizeof(hccapx_t), 1, fho); return; } /*===========================================================================*/ void writehccaprecord(unsigned long long int noncefuzz, hcxl_t *zeiger, FILE *fho) { hccap_t hccap; wpakey_t *wpak, *wpak2; unsigned int n; unsigned int anonce; memset (&hccap, 0, sizeof(hccap_t)); wpak = (wpakey_t*)(zeiger->eapol +EAPAUTH_SIZE); memcpy(&hccap.essid, zeiger->essid, 32); memcpy(&hccap.mac1, zeiger->mac_ap, 6); memcpy(&hccap.mac2, zeiger->mac_sta, 6); if(zeiger->keyinfo_ap == 16) { memcpy(&hccap.nonce1, zeiger->nonce, 32); memcpy(&hccap.nonce2, wpak->nonce, 32); } else { memcpy(&hccap.nonce1, wpak->nonce, 32); memcpy(&hccap.nonce2, zeiger->nonce, 32); } hccap.eapol_size = zeiger->authlen; memcpy(&hccap.eapol, zeiger->eapol, zeiger->authlen); memcpy(&hccap.keymic, wpak->keymic, 16); wpak2 = (wpakey_t*)(hccap.eapol +EAPAUTH_SIZE); memset(wpak2->keymic, 0, 16); hccap.keyver = ntohs(wpak->keyinfo) & WPA_KEY_INFO_TYPE_MASK; if(hccap.keyver == 0) { hccap.keyver = 3; } #ifdef BIG_ENDIAN_HOST hccap.eapol_size = byte_swap_16(hccap.eapol_size); #endif if((zeiger->endianess & 0x10) == 0x10) { fwrite (&hccap, sizeof(hccap_t), 1, fho); } else if((zeiger->endianess & 0x20) == 0x20) { anonce = zeiger->nonce[31] | (zeiger->nonce[30] << 8) | (zeiger->nonce[29] << 16) | (zeiger->nonce[28] << 24); anonce -= noncefuzz/2; for (n = 0; n < noncefuzz; n++) { hccap.nonce2[28] = (anonce >> 24) & 0xff; hccap.nonce2[29] = (anonce >> 16) & 0xff; hccap.nonce2[30] = (anonce >> 8) & 0xff; hccap.nonce2[31] = anonce & 0xff; fwrite (&hccap, sizeof(hccap_t), 1, fho); anonce++; } } else if((zeiger->endianess & 0x40) == 0x40) { anonce = zeiger->nonce[28] | (zeiger->nonce[29] << 8) | (zeiger->nonce[30] << 16) | (zeiger->nonce[31] << 24); anonce -= noncefuzz/2; for (n = 0; n < noncefuzz; n++) { hccap.nonce2[31] = (anonce >> 24) & 0xff; hccap.nonce2[30] = (anonce >> 16) & 0xff; hccap.nonce2[29] = (anonce >> 8) & 0xff; hccap.nonce2[28] = anonce & 0xff; fwrite (&hccap, sizeof(hccap_t), 1, fho); anonce++; } } else { anonce = zeiger->nonce[31] | (zeiger->nonce[30] << 8) | (zeiger->nonce[29] << 16) | (zeiger->nonce[28] << 24); anonce -= noncefuzz/2; for (n = 0; n < noncefuzz; n++) { hccap.nonce2[28] = (anonce >> 24) & 0xff; hccap.nonce2[29] = (anonce >> 16) & 0xff; hccap.nonce2[30] = (anonce >> 8) & 0xff; hccap.nonce2[31] = anonce & 0xff; fwrite (&hccap, sizeof(hccap_t), 1, fho); anonce++; } anonce = zeiger->nonce[28] | (zeiger->nonce[29] << 8) | (zeiger->nonce[30] << 16) | (zeiger->nonce[31] << 24); anonce -= noncefuzz/2; for (n = 0; n < noncefuzz; n++) { hccap.nonce2[31] = (anonce >> 24) & 0xff; hccap.nonce2[30] = (anonce >> 16) & 0xff; hccap.nonce2[29] = (anonce >> 8) & 0xff; hccap.nonce2[28] = anonce & 0xff; fwrite (&hccap, sizeof(hccap_t), 1, fho); anonce++; } } return; } /*===========================================================================*/ hcxtools-6.2.7/include/hashcatops.h000066400000000000000000000030311423200176400173160ustar00rootroot00000000000000#define MESSAGE_PAIR_M12E2 0 #define MESSAGE_PAIR_M14E4 1 #define MESSAGE_PAIR_M32E2 2 #define MESSAGE_PAIR_M32E3 3 #define MESSAGE_PAIR_M34E3 4 #define MESSAGE_PAIR_M34E4 5 /*===========================================================================*/ struct hccapx_s { uint32_t signature; #define HCCAPX_SIGNATURE 0x58504348 uint32_t version; #define HCCAPX_VERSION 4 uint8_t message_pair; uint8_t essid_len; uint8_t essid[32]; uint8_t keyver; uint8_t keymic[16]; uint8_t mac_ap[6]; uint8_t nonce_ap[32]; uint8_t mac_sta[6]; uint8_t nonce_sta[32]; uint16_t eapol_len; uint8_t eapol[256]; } __attribute__((packed)); typedef struct hccapx_s hccapx_t; #define HCCAPX_SIZE (sizeof(hccapx_t)) /*===========================================================================*/ struct hccap_s { char essid[36]; unsigned char mac1[6]; /* bssid */ unsigned char mac2[6]; /* client */ unsigned char nonce1[32]; /* snonce client */ unsigned char nonce2[32]; /* anonce bssid */ unsigned char eapol[256]; int eapol_size; int keyver; unsigned char keymic[16]; }; typedef struct hccap_s hccap_t; #define HCCAP_SIZE (sizeof(hccap_t)) /*===========================================================================*/ struct pmklist_s { uint8_t pmk[32]; bool essidflag; uint8_t essidlen; uint8_t essid[32]; bool pskflag; uint8_t psklen; uint8_t psk[64]; } __attribute__((__packed__)); typedef struct pmklist_s pmklist_t; #define PMKLIST_SIZE (sizeof(pmklist_t)) /*===========================================================================*/ hcxtools-6.2.7/include/hashops.c000066400000000000000000000006161423200176400166270ustar00rootroot00000000000000#include "hashops.h" /*===========================================================================*/ uint32_t fcscrc32check(const uint8_t *buffer, uint32_t bufferlen) { uint32_t crc = 0xFFFFFFFF; uint32_t p; for(p = 0; p < bufferlen; ++p) { crc = crc32table[(crc ^buffer[p]) & 0xff] ^(crc >> 8); } return ~crc; } /*===========================================================================*/ hcxtools-6.2.7/include/hashops.h000066400000000000000000000063511423200176400166360ustar00rootroot00000000000000/*===========================================================================*/ /* CRC polynomial 0xedb88320 */ static const uint32_t crc32table[] = { 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f, 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988, 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9, 0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172, 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59, 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423, 0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924, 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106, 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433, 0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950, 0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65, 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0, 0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa, 0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f, 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a, 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, 0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb, 0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc, 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b, 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55, 0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236, 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe, 0xb2bd0b28, 0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d, 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242, 0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777, 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69, 0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2, 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc, 0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9, 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693, 0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94, 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d }; /*===========================================================================*/ hcxtools-6.2.7/include/hcxeiutool.h000066400000000000000000000005461423200176400173540ustar00rootroot00000000000000#define HCX_INPUT_WORDLIST 'i' #define HCX_OUTPUT_DIGITLIST 'd' #define HCX_OUTPUT_XDIGITLIST 'x' #define HCX_OUTPUT_CHARLIST 'c' #define HCX_OUTPUT_CSLIST 's' #define HCX_HELP 'h' #define HCX_VERSION 'v' #define LINEIN_MAX 256 #define LINE_MAX 68 #define WORD_MAX 64 #define DIGITWORD 0 #define XDIGITWORD 1 #define CHARWORD 2 #define CSWORD 3 hcxtools-6.2.7/include/hcxessidtool.h000066400000000000000000000057001423200176400176760ustar00rootroot00000000000000#define ESSID_LEN_MAX 32 #define PMKID_LINE_LEN 128 #define HCXD_PMKID1 1 #define HCXD_PMKID2 2 #define HCXD_WRITE_PMKID12 3 #define HCXD_WRITE_PMKID1 4 #define HCXD_WRITE_PMKID2 5 #define HCXD_WRITE_PMKID 6 #define HCXD_WRITE_PMKID_GROUP 7 #define HCXD_HCCAPX1 8 #define HCXD_HCCAPX2 9 #define HCXD_WRITE_HCCAPX12 10 #define HCXD_WRITE_HCCAPX1 11 #define HCXD_WRITE_HCCAPX2 12 #define HCXD_WRITE_HCCAPX 13 #define HCXD_WRITE_HCCAPX_GROUP 14 #define HCXD_WRITE_ESSIDLIST 15 #define HCXD_WRITE_ESSID_MACAP_LIST 16 #define HCXD_ESSID 'e' #define HCXD_ESSID_PART 'E' #define HCXD_ESSID_LEN 'l' #define HCXD_HELP 'h' #define HCXD_VERSION 'v' /*===========================================================================*/ struct intpmkid_s { uint8_t macap[6]; uint8_t macsta[6]; uint8_t pmkid[16]; uint8_t essidlen; uint8_t essid[ESSID_LEN_MAX]; } __attribute__((__packed__)); typedef struct intpmkid_s intpmkid_t; #define INTPMKID_SIZE (sizeof(intpmkid_t)) /*===========================================================================*/ static int sort_intpmkid_by_essid(const void *a, const void *b) { const intpmkid_t *ia = (const intpmkid_t *)a; const intpmkid_t *ib = (const intpmkid_t *)b; if(ia->essidlen > ib->essidlen) return 1; else if(ia->essidlen < ib->essidlen) return -1; if(memcmp(ia->essid, ib->essid, ESSID_LEN_MAX) > 0) return 1; else if(memcmp(ia->essid, ib->essid, ESSID_LEN_MAX) < 0) return -1; if(memcmp(ia->macap, ib->macap, 6) > 0) return 1; else if(memcmp(ia->macap, ib->macap, 6) < 0) return -1; if(memcmp(ia->macsta, ib->macsta, 6) > 0) return 1; else if(memcmp(ia->macsta, ib->macsta, 6) < 0) return -1; return 0; } /*===========================================================================*/ struct inthccapx_s { uint32_t signature; #define HCCAPX_SIGNATURE 0x58504348 uint32_t version; #define HCCAPX_VERSION 4 uint8_t message_pair; uint8_t essidlen; uint8_t essid[32]; uint8_t keyver; uint8_t keymic[16]; uint8_t macap[6]; uint8_t nonceap[32]; uint8_t macsta[6]; uint8_t noncesta[32]; uint16_t eapollen; uint8_t eapol[256]; } __attribute__((packed)); typedef struct inthccapx_s inthccapx_t; #define INTHCCAPX_SIZE (sizeof(inthccapx_t)) /*===========================================================================*/ static int sort_inthccapx_by_essid(const void *a, const void *b) { const inthccapx_t *ia = (const inthccapx_t *)a; const inthccapx_t *ib = (const inthccapx_t *)b; if(ia->essidlen > ib->essidlen) return 1; else if(ia->essidlen < ib->essidlen) return -1; if(memcmp(ia->essid, ib->essid, ESSID_LEN_MAX) > 0) return 1; else if(memcmp(ia->essid, ib->essid, ESSID_LEN_MAX) < 0) return -1; if(memcmp(ia->macap, ib->macap, 6) > 0) return 1; else if(memcmp(ia->macap, ib->macap, 6) < 0) return -1; if(memcmp(ia->macsta, ib->macsta, 6) > 0) return 1; else if(memcmp(ia->macsta, ib->macsta, 6) < 0) return -1; return 0; } /*===========================================================================*/ hcxtools-6.2.7/include/hcxhash2cap.h000066400000000000000000000011271423200176400173610ustar00rootroot00000000000000#define ESSID_LEN_MAX 32 #define PMKID_LINE_LEN 255 #define JOHN_LINE_LEN 1024 #define PMKIDEAPOL_LINE_LEN 1024 #define PMKIDEAPOL_BUFFER_LEN 1024 #define EAPOL_AUTHLEN_MAX 256 #define HCXP_CAP 'c' #define HCXP_PMKID_EAPOL '1' #define HCXP_PMKID '2' #define HCXP_HCCAPX '3' #define HCXP_HCCAP '4' #define HCXP_JOHN '5' #define HCXP_HELP 'h' #define HCXP_VERSION 'v' #ifdef __BYTE_ORDER__ #if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ #define BIG_ENDIAN_HOST #endif #else #ifdef __OpenBSD__ # include # if BYTE_ORDER == BIG_ENDIAN # define BIG_ENDIAN_HOST # endif #endif #endif hcxtools-6.2.7/include/hcxhashtool.h000066400000000000000000000132551423200176400175160ustar00rootroot00000000000000#define OUILIST_MAX 50000 #define OUI_LINE_LEN 50000 #define HCX_TYPE_PMKID 1 #define HCX_TYPE_EAPOL 2 #define ESSID_LEN_MIN 0 #define ESSID_LEN_MAX 32 #define EAPOL_AUTHLEN_MAX 256 #define PMKIDEAPOL_LINE_LEN 1024 #define PMKIDEAPOL_BUFFER_LEN 1024 #define HASHLIST_MAX 50000 #define PBKDF2_LINE_LEN 1024 #define PMK_LEN 32 #define PSK_LEN_MIN 8 #define PSK_LEN_MAX 63 #define HCX_HASH_TYPE 1 #define HCX_HASH_MIN 2 #define HCX_HASH_MAX 3 #define HCX_ESSID_GROUP 4 #define HCX_ESSID_LEN 5 #define HCX_ESSID_MIN 6 #define HCX_ESSID_MAX 7 #define HCX_FILTER_ESSID_LIST_IN 8 #define HCX_MAC_GROUP_AP 9 #define HCX_MAC_GROUP_CLIENT 10 #define HCX_OUI_GROUP 11 #define HCX_FILTER_OUI_AP 12 #define HCX_FILTER_OUI_CLIENT 13 #define HCX_FILTER_MAC_AP 14 #define HCX_FILTER_MAC_CLIENT 15 #define HCX_FILTER_MAC_LIST_IN 16 #define HCX_FILTER_MAC_LIST_SKIP 17 #define HCX_FILTER_VENDOR 18 #define HCX_FILTER_VENDOR_AP 19 #define HCX_FILTER_VENDOR_CLIENT 20 #define HCX_FILTER_ESSID 21 #define HCX_FILTER_ESSID_PART 22 #define HCX_FILTER_RC 23 #define HCX_FILTER_RC_NOT 24 #define HCX_FILTER_M12 25 #define HCX_FILTER_M1234 26 #define HCX_FILTER_M1M2ROGUE 27 #define HCX_PSK 28 #define HCX_PMK 29 #define HCX_VENDOR_OUT 30 #define HCX_INFO_OUT 31 #define HCX_INFO_VENDOR_OUT 32 #define HCX_INFO_VENDOR_AP_OUT 33 #define HCX_INFO_VENDOR_CLIENT_OUT 34 #define HCX_HCCAPX_OUT 35 #define HCX_HCCAP_OUT 36 #define HCX_HCCAP_SINGLE_OUT 37 #define HCX_JOHN_OUT 38 #define HCX_PMKIDEAPOL_IN 'i' #define HCX_PMKIDEAPOL_OUT 'o' #define HCX_ESSID_OUT 'E' #define HCX_DOWNLOAD_OUI 'd' #define HCX_PBKDF2_IN 'p' #define HCX_HELP 'h' #define HCX_VERSION 'v' /*===========================================================================*/ /*===========================================================================*/ struct hashlist_s { uint8_t type; #define HS_REMOVED 0xff; #define HS_PMKID 1; #define HS_EAPOL 2; uint8_t hash[16]; uint8_t ap[6]; uint8_t client[6]; uint8_t essidlen; uint8_t essid[ESSID_LEN_MAX]; uint8_t nonce[32]; uint16_t eapauthlen; uint8_t eapol[EAPOL_AUTHLEN_MAX]; uint8_t mp; }; typedef struct hashlist_s hashlist_t; #define HASHLIST_SIZE (sizeof(hashlist_t)) static int sort_hashlist_by_essid(const void *a, const void *b) { const hashlist_t *ia = (const hashlist_t *)a; const hashlist_t *ib = (const hashlist_t *)b; if(memcmp(ia->essid, ib->essid, ESSID_LEN_MAX) > 0) return 1; else if(memcmp(ia->essid, ib->essid, ESSID_LEN_MAX) < 0) return -1; return 0; } static int sort_hashlist_by_essidlen(const void *a, const void *b) { const hashlist_t *ia = (const hashlist_t *)a; const hashlist_t *ib = (const hashlist_t *)b; if(ia->essidlen > ib->essidlen) return 1; else if(ia->essidlen < ib->essidlen) return -1; if(memcmp(ia->essid, ib->essid, ia->essidlen) > 0) return 1; else if(memcmp(ia->essid, ib->essid, ia->essidlen) < 0) return -1; return 0; } static int sort_hashlist_by_macap(const void *a, const void *b) { const hashlist_t *ia = (const hashlist_t *)a; const hashlist_t *ib = (const hashlist_t *)b; if(memcmp(ia->ap, ib->ap, 6) > 0) return 1; else if(memcmp(ia->ap, ib->ap, 6) < 0) return -1; return 0; } static int sort_hashlist_by_macclient(const void *a, const void *b) { const hashlist_t *ia = (const hashlist_t *)a; const hashlist_t *ib = (const hashlist_t *)b; if(memcmp(ia->client, ib->client, 6) > 0) return 1; else if(memcmp(ia->client, ib->client, 6) < 0) return -1; return 0; } static int sort_hashlist_by_type(const void *a, const void *b) { const hashlist_t *ia = (const hashlist_t *)a; const hashlist_t *ib = (const hashlist_t *)b; if(ia->type > ib->type) return 1; else if(ia->type < ib->type) return -1; return 0; } /*===========================================================================*/ struct ouilist_s { uint8_t type; #define TYPE_AP 1 #define TYPE_CLIENT 2 uint8_t oui[3]; #define VENDOR_LEN_MAX 128 char vendor[VENDOR_LEN_MAX]; }; typedef struct ouilist_s ouilist_t; #define OUILIST_SIZE (sizeof(ouilist_t)) static int sort_ouilist_by_oui(const void *a, const void *b) { const ouilist_t *ia = (const ouilist_t *)a; const ouilist_t *ib = (const ouilist_t *)b; if(memcmp(ia->oui, ib->oui, 3) > 0) return 1; else if(memcmp(ia->oui, ib->oui, 3) < 0) return -1; return 0; } /*===========================================================================*/ struct essidlist_s { int essidlen; uint8_t essid[ESSID_LEN_MAX]; }; typedef struct essidlist_s essidlist_t; #define ESSIDLIST_SIZE (sizeof(essidlist_t)) static int sort_essidlistin(const void *a, const void *b) { const essidlist_t *ia = (const essidlist_t *)a; const essidlist_t *ib = (const essidlist_t *)b; if(ia->essidlen > ib->essidlen) return 1; else if(ia->essidlen < ib->essidlen) return -1; if(memcmp(ia->essid, ib->essid, ia->essidlen) > 0) return 1; else if(memcmp(ia->essid, ib->essid, ia->essidlen) < 0) return -1; return 0; } /*===========================================================================*/ struct maclist_s { uint8_t mac[6]; }; typedef struct maclist_s maclist_t; #define MACLIST_SIZE (sizeof(maclist_t)) static int sort_maclistin(const void *a, const void *b) { const maclist_t *ia = (const maclist_t *)a; const maclist_t *ib = (const maclist_t *)b; if(memcmp(ia->mac, ib->mac, 6) > 0) return 1; else if(memcmp(ia->mac, ib->mac, 6) < 0) return -1; return 0; } /*===========================================================================*/ struct pmklist_s { uint8_t status; uint8_t essidlen; uint8_t psklen; uint8_t pmk[PMK_LEN]; uint8_t essid[ESSID_LEN_MAX]; uint8_t psk[PSK_LEN_MAX]; }; typedef struct pmklist_s pmklist_t; #define PMKLIST_SIZE (sizeof(pmklist_t)) /*===========================================================================*/ hcxtools-6.2.7/include/hcxmactool.h000066400000000000000000000067511423200176400173360ustar00rootroot00000000000000#define HCX_TYPE_PMKID 1 #define HCX_TYPE_EAPOL 2 #define ESSID_LEN_MAX 32 #define PMKID_LINE_LEN 128 #define OUI_LINE_LEN 128 #define HCXD_PMKIDEAPOL_OUT 1 #define HCXD_PMKID_IN 2 #define HCXD_PMKID_OUT 3 #define HCXD_HCCAPX_IN 4 #define HCXD_HCCAPX_OUT 5 #define HCXD_FILTER_OUI_AP 'o' #define HCXD_FILTER_NIC_AP 'n' #define HCXD_FILTER_MAC_AP 'm' #define HCXD_FILTER_VENDOR_AP 'a' #define HCXD_FILTER_OUI_STA 'O' #define HCXD_FILTER_NIC_STA 'N' #define HCXD_FILTER_MAC_STA 'M' #define HCXD_FILTER_VENDOR_STA 'A' #define HCXD_HELP 'h' #define HCXD_VERSION 'v' /*===========================================================================*/ struct intoui_s { uint8_t oui[3]; char vendor[OUI_LINE_LEN]; } __attribute__((__packed__)); typedef struct intoui_s intoui_t; #define INTOUI_SIZE (sizeof(intoui_t)) static int sort_intoui_by_oui(const void *a, const void *b) { const intoui_t *ia = (const intoui_t *)a; const intoui_t *ib = (const intoui_t *)b; if(memcmp(ia->oui, ib->oui, 3) > 0) return 1; else if(memcmp(ia->oui, ib->oui, 6) < 0) return -1; if(memcmp(ia->vendor, ib->vendor, OUI_LINE_LEN) > 0) return 1; else if(memcmp(ia->vendor, ib->vendor, OUI_LINE_LEN) < 0) return -1; return 0; } /*===========================================================================*/ struct intpmkid_s { uint8_t macap[6]; uint8_t macsta[6]; uint8_t pmkid[16]; uint8_t essidlen; uint8_t essid[ESSID_LEN_MAX]; } __attribute__((__packed__)); typedef struct intpmkid_s intpmkid_t; #define INTPMKID_SIZE (sizeof(intpmkid_t)) /*===========================================================================*/ static int sort_intpmkid_by_macap(const void *a, const void *b) { const intpmkid_t *ia = (const intpmkid_t *)a; const intpmkid_t *ib = (const intpmkid_t *)b; if(memcmp(ia->macap, ib->macap, 6) > 0) return 1; else if(memcmp(ia->macap, ib->macap, 6) < 0) return -1; if(memcmp(ia->macsta, ib->macsta, 6) > 0) return 1; else if(memcmp(ia->macsta, ib->macsta, 6) < 0) return -1; if(ia->essidlen > ib->essidlen) return 1; else if(ia->essidlen < ib->essidlen) return -1; if(memcmp(ia->essid, ib->essid, ESSID_LEN_MAX) > 0) return 1; else if(memcmp(ia->essid, ib->essid, ESSID_LEN_MAX) < 0) return -1; return 0; } /*===========================================================================*/ struct inthccapx_s { uint32_t signature; #define HCCAPX_SIGNATURE 0x58504348 uint32_t version; #define HCCAPX_VERSION 4 uint8_t message_pair; uint8_t essidlen; uint8_t essid[32]; uint8_t keyver; uint8_t keymic[16]; uint8_t macap[6]; uint8_t nonceap[32]; uint8_t macsta[6]; uint8_t noncesta[32]; uint16_t eapollen; uint8_t eapol[256]; } __attribute__((packed)); typedef struct inthccapx_s inthccapx_t; #define INTHCCAPX_SIZE (sizeof(inthccapx_t)) /*===========================================================================*/ static int sort_inthccapx_by_macap(const void *a, const void *b) { const inthccapx_t *ia = (const inthccapx_t *)a; const inthccapx_t *ib = (const inthccapx_t *)b; if(memcmp(ia->macap, ib->macap, 6) > 0) return 1; else if(memcmp(ia->macap, ib->macap, 6) < 0) return -1; if(memcmp(ia->macsta, ib->macsta, 6) > 0) return 1; else if(memcmp(ia->macsta, ib->macsta, 6) < 0) return -1; if(ia->essidlen > ib->essidlen) return 1; else if(ia->essidlen < ib->essidlen) return -1; if(memcmp(ia->essid, ib->essid, ESSID_LEN_MAX) > 0) return 1; else if(memcmp(ia->essid, ib->essid, ESSID_LEN_MAX) < 0) return -1; return 0; } /*===========================================================================*/ hcxtools-6.2.7/include/hcxpcapngtool.h000066400000000000000000000407131423200176400200420ustar00rootroot00000000000000#define HCX_EAPOL_TIMEOUT 1 #define HCX_NC 2 #define HCX_IE 3 #define HCX_CONVERT_ALL 4 #define HCX_ESSIDS 5 #define HCX_EAPMD5_OUT 6 #define HCX_EAPLEAP_OUT 7 #define HCX_EAPMD5_JOHN_OUT 8 #define HCX_TACACSP_OUT 9 #define HCX_NMEA_OUT 10 #define HCX_CSV_OUT 11 #define HCX_RAW_OUT 12 #define HCX_RAW_IN 13 #define HCX_LOG_OUT 14 #define HCX_PMKID_OUT_DEPRECATED 15 #define HCX_HCCAPX_OUT_DEPRECATED 16 #define HCX_HCCAP_OUT_DEPRECATED 17 #define HCX_PMKIDEAPOLJTR_OUT_DEPRECATED 18 #define HCX_PREFIX_OUT 19 #define HCX_PMKIDEAPOL_OUT 'o' #define HCX_ESSID_OUT 'E' #define HCX_ESSIDPROBEREQUEST_OUT 'R' #define HCX_IDENTITY_OUT 'I' #define HCX_DEVICEINFO_OUT 'D' #define HCX_USERNAME_OUT 'U' #define HCX_HELP 'h' #define HCX_VERSION 'v' #define ERROR_WARNING_MAX_L1 10 #define ERROR_WARNING_MAX_L2 50 #define ERROR_WARNING_MAX_L3 100 #define PREFIX_BUFFER_MAX PATH_MAX -20 #define ESSID_LEN_MAX 32 #define OPTIONLEN_MAX 1024 #define NMEA_MAX 256 #define MAX_INTERFACE_ID 256 #define RAW_LEN_MAX 131072 #define MACLIST_MAX 100000 #define HANDSHAKELIST_MAX 100000 #define PMKIDLIST_MAX 100000 #define MESSAGELIST_MAX 64 #define EAPOL_AUTHLEN_MAX 256 #define EAPMD5HASHLIST_MAX 1000 #define EAPMD5MSGLIST_MAX 32 #define EAPMD5_LEN_MAX 16 #define EAPLEAPHASHLIST_MAX 1000 #define EAPLEAPMSGLIST_MAX 32 #define LEAPREQ_LEN_MAX 8 #define LEAPRESP_LEN_MAX 24 #define LEAPUSERNAME_LEN_MAX 120 #define EAPMSCHAPV2HASHLIST_MAX 1000 #define EAPMSCHAPV2MSGLIST_MAX 32 #define MSCHAPV2REQ_LEN_MAX 16 #define MSCHAPV2RESP_LEN_MAX 49 #define MSCHAPV2USERNAME_LEN_MAX 120 #define MSCHAPV2_CHALLENGE_AUTH_LEN_MAX 16 #define MSCHAPV2_CHALLENGE_PEER_LEN_MAX 16 #define MSCHAPV2_CHALLENGE_LEN_MAX 8 #define MSCHAPV2_RESERVED_LEN_MAX 8 #define MSCHAPV2_NTRESPONSE_LEN_MAX 24 #define TACACSPLIST_MAX 1000 #define ESSIDSMAX 1 #define EAPOLTIMEOUT 5000000 #define NONCEERRORCORRECTION 0 #define HCX_TYPE_PMKID 1 #define HCX_TYPE_EAPOL 2 #define MESSAGE_PAIR_M12E2 0 #define MESSAGE_PAIR_M14E4 1 #define MESSAGE_PAIR_M32E2 2 #define MESSAGE_PAIR_M32E3 3 #define MESSAGE_PAIR_M34E3 4 #define MESSAGE_PAIR_M34E4 5 #define CHANNEL_MAX 255 #define GHZ24 1 #define GHZ5 2 /*===========================================================================*/ /*===========================================================================*/ struct tags_s { uint8_t channel; uint8_t kdversion; #define KV_RSNIE 1 #define KV_WPAIE 2 uint8_t groupcipher; uint8_t cipher; #define TCS_WEP40 0b00000001 #define TCS_TKIP 0b00000010 #define TCS_WRAP 0b00000100 #define TCS_CCMP 0b00001000 #define TCS_GCMP 0b00010000 #define TCS_WEP104 0b00100000 #define TCS_BIP 0b01000000 #define TCS_NOT_ALLOWED 0b10000000 uint16_t akm; #define TAK_PMKSA 0b0000000000000001 #define TAK_PSK 0b0000000000000010 #define TAK_FT 0b0000000000000100 #define TAK_FT_PSK 0b0000000000001000 #define TAK_PMKSA256 0b0000000000010000 #define TAK_PSKSHA256 0b0000000000100000 #define TAK_TDLS 0b0000000001000000 #define TAK_SAE_SHA256 0b0000000010000000 #define TAK_FT_SAE 0b0000000100000000 #define TAK_AP_PKA 0b0000001000000000 #define TAK_SAE_SHA256B 0b0000010000000000 #define TAK_SAE_SHA384B 0b0000100000000000 #define TAK_OWE 0b0001000000000000 uint8_t pmkid[16]; uint8_t wpsinfo; char country[2]; uint8_t essidlen; uint8_t essid[ESSID_LEN_MAX]; #define DEVICE_INFO_MAX 64 uint8_t manufacturerlen; uint8_t manufacturer[DEVICE_INFO_MAX]; uint8_t modellen; uint8_t model[DEVICE_INFO_MAX]; uint8_t serialnumberlen; uint8_t serialnumber[DEVICE_INFO_MAX]; uint8_t devicenamelen; uint8_t devicename[DEVICE_INFO_MAX]; #define WPS_ENROLLEE_LEN 16 uint8_t enrolleelen; uint8_t enrollee[WPS_ENROLLEE_LEN]; }; typedef struct tags_s tags_t; #define TAGS_SIZE (sizeof(tags_t)) /*===========================================================================*/ struct maclist_s { uint64_t timestamp; int count; uint8_t type; #define REMOVED 0 #define CLIENT 1 #define AP 2 uint8_t status; #define ST_PROBE_REQ 1 #define ST_BEACON 2 #define ST_PROBE_RESP 4 #define ST_ASSOC_REQ 8 #define ST_REASSOC_REQ 16 #define ST_ACT_MR_REQ 32 uint8_t addr[6]; uint8_t kdversion; uint8_t groupcipher; uint8_t cipher; uint8_t akm; #define WPA1 1 #define WPA2 2 #define WPA2kv3 4 uint8_t algorithm; uint8_t essidlen; uint8_t essid[ESSID_LEN_MAX]; uint8_t manufacturerlen; uint8_t manufacturer[DEVICE_INFO_MAX]; uint8_t modellen; uint8_t model[DEVICE_INFO_MAX]; uint8_t serialnumberlen; uint8_t serialnumber[DEVICE_INFO_MAX]; uint8_t devicenamelen; uint8_t devicename[DEVICE_INFO_MAX]; uint8_t enrolleelen; uint8_t enrollee[WPS_ENROLLEE_LEN]; }; typedef struct maclist_s maclist_t; #define MACLIST_SIZE (sizeof(maclist_t)) static int sort_maclist_by_mac(const void *a, const void *b) { const maclist_t *ia = (const maclist_t *)a; const maclist_t *ib = (const maclist_t *)b; if(memcmp(ia->addr, ib->addr, 6) > 0) return 1; else if(memcmp(ia->addr, ib->addr, 6) < 0) return -1; if(ia->essidlen < ib->essidlen) return 1; else if(ia->essidlen > ib->essidlen) return -1; if(memcmp(ia->essid, ib->essid, ib->essidlen) < 0) return 1; else if(memcmp(ia->essid, ib->essid, ib->essidlen) > 0) return -1; return 0; } static int sort_maclist_by_mac_count(const void *a, const void *b) { const maclist_t *ia = (const maclist_t *)a; const maclist_t *ib = (const maclist_t *)b; if(memcmp(ia->addr, ib->addr, 6) > 0) return 1; else if(memcmp(ia->addr, ib->addr, 6) < 0) return -1; if(ia->count < ib->count) return 1; else if(ia->count > ib->count) return -1; if(ia->essidlen < ib->essidlen) return 1; else if(ia->essidlen > ib->essidlen) return -1; if(memcmp(ia->essid, ib->essid, ib->essidlen) < 0) return 1; else if(memcmp(ia->essid, ib->essid, ib->essidlen) > 0) return -1; return 0; } static int sort_maclist_by_essidlen(const void *a, const void *b) { const maclist_t *ia = (const maclist_t *)a; const maclist_t *ib = (const maclist_t *)b; if(memcmp(ia->essid, ib->essid, ib->essidlen) > 0) return 1; else if(memcmp(ia->essid, ib->essid, ib->essidlen) < 0) return -1; if(ia->essidlen > ib->essidlen) return 1; else if(ia->essidlen < ib->essidlen) return -1; return 0; } static int sort_maclist_by_manufacturer(const void *a, const void *b) { const maclist_t *ia = (const maclist_t *)a; const maclist_t *ib = (const maclist_t *)b; if(memcmp(ia->manufacturer, ib->manufacturer, ib->manufacturerlen) > 0) return 1; else if(memcmp(ia->manufacturer, ib->manufacturer, ib->manufacturerlen) < 0) return -1; if(ia->manufacturerlen > ib->manufacturerlen) return 1; else if(ia->manufacturerlen < ib->manufacturerlen) return -1; if(memcmp(ia->addr, ib->addr, 6) > 0) return 1; else if(memcmp(ia->addr, ib->addr, 6) < 0) return -1; return 0; } /*===========================================================================*/ struct messagelist_s { uint64_t timestamp; long int eapolmsgcount; uint8_t status; #define ST_M12E2 0 #define ST_M14E4 1 #define ST_M32E2 2 #define ST_M32E3 3 #define ST_M34E3 4 #define ST_M34E4 5 #define ST_APLESS 0b00010000 #define ST_LE 0b00100000 #define ST_BE 0b01000000 #define ST_NC 0b10000000 uint8_t ap[6]; uint8_t client[6]; uint8_t message; #define HS_M1 1 #define HS_M2 2 #define HS_M3 4 #define HS_M4 8 #define HS_PMKID 16 uint64_t rc; uint8_t nonce[32]; uint8_t pmkid[16]; uint16_t eapauthlen; uint8_t eapol[EAPOL_AUTHLEN_MAX]; }; typedef struct messagelist_s messagelist_t; #define MESSAGELIST_SIZE (sizeof(messagelist_t)) static int sort_messagelist_by_epcount(const void *a, const void *b) { const messagelist_t *ia = (const messagelist_t *)a; const messagelist_t *ib = (const messagelist_t *)b; if(ia->eapolmsgcount < ib->eapolmsgcount) return 1; else if(ia->eapolmsgcount > ib->eapolmsgcount) return -1; return 0; } /*===========================================================================*/ struct handshakelist_s { uint64_t timestampgap; uint8_t status; uint8_t messageap; uint8_t messageclient; uint64_t rcgap; uint8_t nc; uint8_t ap[6]; uint8_t client[6]; uint8_t anonce[32]; uint8_t pmkid[16]; uint16_t eapauthlen; uint8_t eapol[256]; }; typedef struct handshakelist_s handshakelist_t; #define HANDSHAKELIST_SIZE (sizeof(handshakelist_t)) static int sort_handshakelist_by_timegap(const void *a, const void *b) { const handshakelist_t *ia = (const handshakelist_t *)a; const handshakelist_t *ib = (const handshakelist_t *)b; if(memcmp(ia->ap, ib->ap, 6) > 0) return 1; else if(memcmp(ia->ap, ib->ap, 6) < 0) return -1; if(memcmp(ia->client, ib->client, 6) > 0) return 1; else if(memcmp(ia->client, ib->client, 6) < 0) return -1; if(ia->timestampgap > ib->timestampgap) return 1; else if(ia->timestampgap < ib->timestampgap) return -1; if(ia->rcgap > ib->rcgap) return 1; else if(ia->rcgap < ib->rcgap) return -1; if(ia->rcgap > ib->rcgap) return 1; else if(ia->rcgap < ib->rcgap) return -1; return 0; } static int sort_handshakelist_by_rcgap(const void *a, const void *b) { const handshakelist_t *ia = (const handshakelist_t *)a; const handshakelist_t *ib = (const handshakelist_t *)b; if(memcmp(ia->ap, ib->ap, 6) > 0) return 1; else if(memcmp(ia->ap, ib->ap, 6) < 0) return -1; if(memcmp(ia->client, ib->client, 6) > 0) return 1; else if(memcmp(ia->client, ib->client, 6) < 0) return -1; if(ia->rcgap > ib->rcgap) return 1; else if(ia->rcgap < ib->rcgap) return -1; if(ia->timestampgap > ib->timestampgap) return 1; else if(ia->timestampgap < ib->timestampgap) return -1; if(ia->rcgap > ib->rcgap) return 1; else if(ia->rcgap < ib->rcgap) return -1; return 0; } /*===========================================================================*/ struct pmkidlist_s { uint64_t timestamp; uint8_t ap[6]; uint8_t client[6]; uint8_t anonce[32]; uint8_t pmkid[16]; }; typedef struct pmkidlist_s pmkidlist_t; #define PMKIDLIST_SIZE (sizeof(pmkidlist_t)) static int sort_pmkidlist_by_mac(const void *a, const void *b) { const pmkidlist_t *ia = (const pmkidlist_t *)a; const pmkidlist_t *ib = (const pmkidlist_t *)b; if(memcmp(ia->ap, ib->ap, 6) > 0) return 1; else if(memcmp(ia->ap, ib->ap, 6) < 0) return -1; if(memcmp(ia->client, ib->client, 6) > 0) return 1; else if(memcmp(ia->client, ib->client, 6) < 0) return -1; if(memcmp(ia->pmkid, ib->pmkid, 6) < 0) return 1; else if(memcmp(ia->pmkid, ib->pmkid, 6) > 0) return -1; return 0; } /*===========================================================================*/ struct eapmd5msglist_s { uint64_t timestamp; uint8_t ap[6]; uint8_t client[6]; uint8_t type; uint8_t id; uint8_t md5[EAPMD5_LEN_MAX]; }; typedef struct eapmd5msglist_s eapmd5msglist_t; #define EAPMD5MSGLIST_SIZE (sizeof(eapmd5msglist_t)) static int sort_eapmd5msglist_by_timestamp(const void *a, const void *b) { const eapmd5msglist_t *ia = (const eapmd5msglist_t *)a; const eapmd5msglist_t *ib = (const eapmd5msglist_t *)b; if(ia->timestamp < ib->timestamp) return 1; else if(ia->timestamp > ib->timestamp) return -1; return 0; } /*===========================================================================*/ struct eapmd5hashlist_s { uint8_t id; uint8_t md5request[EAPMD5_LEN_MAX]; uint8_t md5response[EAPMD5_LEN_MAX]; }; typedef struct eapmd5hashlist_s eapmd5hashlist_t; #define EAPMD5HASHLIST_SIZE (sizeof(eapmd5hashlist_t)) static int sort_eapmd5hashlist_by_id(const void *a, const void *b) { const eapmd5hashlist_t *ia = (const eapmd5hashlist_t *)a; const eapmd5hashlist_t *ib = (const eapmd5hashlist_t *)b; if(ia->id < ib->id) return 1; else if(ia->id > ib->id) return -1; if(memcmp(ia->md5request, ib->md5request, EAPMD5_LEN_MAX) > 0) return 1; else if(memcmp(ia->md5request, ib->md5request, EAPMD5_LEN_MAX) < 0) return -1; if(memcmp(ia->md5response, ib->md5request, EAPMD5_LEN_MAX) > 0) return 1; else if(memcmp(ia->md5response, ib->md5response, EAPMD5_LEN_MAX) < 0) return -1; return 0; } /*===========================================================================*/ struct eapleapmsglist_s { uint64_t timestamp; uint8_t ap[6]; uint8_t client[6]; uint8_t type; uint8_t id; uint8_t leaprequest[LEAPREQ_LEN_MAX]; uint8_t leapresponse[LEAPRESP_LEN_MAX]; uint8_t leapusernamelen; uint8_t leapusername[LEAPUSERNAME_LEN_MAX]; }; typedef struct eapleapmsglist_s eapleapmsglist_t; #define EAPLEAPMSGLIST_SIZE (sizeof(eapleapmsglist_t)) static int sort_eapleapmsglist_by_timestamp(const void *a, const void *b) { const eapleapmsglist_t *ia = (const eapleapmsglist_t *)a; const eapleapmsglist_t *ib = (const eapleapmsglist_t *)b; if(ia->timestamp < ib->timestamp) return 1; else if(ia->timestamp > ib->timestamp) return -1; return 0; } /*===========================================================================*/ struct eapleaphashlist_s { uint8_t id; uint8_t leaprequest[LEAPREQ_LEN_MAX]; uint8_t leapresponse[LEAPRESP_LEN_MAX]; uint8_t leapusernamelen; uint8_t leapusername[LEAPUSERNAME_LEN_MAX]; }; typedef struct eapleaphashlist_s eapleaphashlist_t; #define EAPLEAPHASHLIST_SIZE (sizeof(eapleaphashlist_t)) static int sort_eapleaphashlist_by_id(const void *a, const void *b) { const eapleaphashlist_t *ia = (const eapleaphashlist_t *)a; const eapleaphashlist_t *ib = (const eapleaphashlist_t *)b; if(ia->id < ib->id) return 1; else if(ia->id > ib->id) return -1; if(ia->leapusernamelen > ib->leapusernamelen) return 1; if(ia->leapusernamelen < ib->leapusernamelen) return -1; if(memcmp(ia->leaprequest, ib->leaprequest, LEAPREQ_LEN_MAX) > 0) return 1; else if(memcmp(ia->leaprequest, ib->leaprequest, LEAPREQ_LEN_MAX) < 0) return -1; if(memcmp(ia->leapresponse, ib->leapresponse, LEAPRESP_LEN_MAX) > 0) return 1; else if(memcmp(ia->leapresponse, ib->leapresponse, LEAPRESP_LEN_MAX) < 0) return -1; else if(memcmp(ia->leapusername, ib->leapusername, ia->leapusernamelen) < 0) return -1; if(memcmp(ia->leapusername, ib->leapusername, ia->leapusernamelen) > 0) return 1; else if(memcmp(ia->leapusername, ib->leapusername, ia->leapusernamelen) < 0) return -1; return 0; } /*===========================================================================*/ struct eapmschapv2msglist_s { uint64_t timestamp; uint8_t ap[6]; uint8_t client[6]; uint8_t type; uint8_t id; uint8_t mschapv2request[MSCHAPV2REQ_LEN_MAX]; uint8_t mschapv2response[MSCHAPV2RESP_LEN_MAX]; uint8_t mschapv2usernamelen; uint8_t mschapv2username[MSCHAPV2USERNAME_LEN_MAX]; }; typedef struct eapmschapv2msglist_s eapmschapv2msglist_t; #define EAPMSCHAPV2MSGLIST_SIZE (sizeof(eapmschapv2msglist_t)) static int sort_eapmschapv2msglist_by_timestamp(const void *a, const void *b) { const eapmschapv2msglist_t *ia = (const eapmschapv2msglist_t *)a; const eapmschapv2msglist_t *ib = (const eapmschapv2msglist_t *)b; if(ia->timestamp < ib->timestamp) return 1; else if(ia->timestamp > ib->timestamp) return -1; return 0; } /*===========================================================================*/ struct eapmschapv2hashlist_s { uint8_t id; uint8_t mschapv2request[MSCHAPV2REQ_LEN_MAX]; uint8_t mschapv2response[MSCHAPV2RESP_LEN_MAX]; uint8_t mschapv2usernamelen; uint8_t mschapv2username[MSCHAPV2USERNAME_LEN_MAX]; }; typedef struct eapmschapv2hashlist_s eapmschapv2hashlist_t; #define EAPMSCHAPV2HASHLIST_SIZE (sizeof(eapmschapv2hashlist_t)) static int sort_eapmschapv2hashlist_by_id(const void *a, const void *b) { const eapmschapv2hashlist_t *ia = (const eapmschapv2hashlist_t *)a; const eapmschapv2hashlist_t *ib = (const eapmschapv2hashlist_t *)b; if(ia->id < ib->id) return 1; else if(ia->id > ib->id) return -1; if(ia->mschapv2usernamelen > ib->mschapv2usernamelen) return 1; if(ia->mschapv2usernamelen < ib->mschapv2usernamelen) return -1; if(memcmp(ia->mschapv2request, ib->mschapv2request, MSCHAPV2REQ_LEN_MAX) > 0) return 1; else if(memcmp(ia->mschapv2request, ib->mschapv2request, MSCHAPV2REQ_LEN_MAX) < 0) return -1; if(memcmp(ia->mschapv2response, ib->mschapv2response, MSCHAPV2RESP_LEN_MAX) > 0) return 1; else if(memcmp(ia->mschapv2response, ib->mschapv2response, MSCHAPV2RESP_LEN_MAX) < 0) return -1; else if(memcmp(ia->mschapv2username, ib->mschapv2username, ia->mschapv2usernamelen) < 0) return -1; if(memcmp(ia->mschapv2username, ib->mschapv2username, ia->mschapv2usernamelen) > 0) return 1; else if(memcmp(ia->mschapv2username, ib->mschapv2username, ia->mschapv2usernamelen) < 0) return -1; return 0; } /*===========================================================================*/ #define TACACSPMAX_LEN 0xff struct tacacsplist_s { uint8_t version; uint8_t sequencenr; uint32_t sessionid; uint32_t len; uint8_t data[TACACSPMAX_LEN]; } __attribute__((__packed__)); typedef struct tacacsplist_s tacacsplist_t; #define TACACSPLIST_SIZE (sizeof(tacacsplist_t)) /*===========================================================================*/ hcxtools-6.2.7/include/hcxpmkidtool.h000066400000000000000000000015111423200176400176670ustar00rootroot00000000000000#define HCXD_WORDLIST_IN 'w' #define HCXD_WORD_IN 'W' #define HCXD_PMK_IN 'K' #define HCXD_PMKID_IN 'p' #define HCXD_HELP 'h' #define HCXD_VERSION 'v' #define PSKCOUNT 10000 #define PSKLEN 64 #define ESSID_LEN_MAX 32 #define EXHAUSTED 1 #define ABORTED 2 /*===========================================================================*/ struct intpsk_s { int len; char psk[PSKLEN]; } __attribute__((__packed__)); typedef struct intpsk_s intpsk_t; #define INTPSK_SIZE (sizeof(intpsk_t)) /*===========================================================================*/ struct argument_s { intpsk_t *pos; int sc; bool found; uint8_t pmk[32]; int psklen; uint8_t psk[64]; } __attribute__((__packed__)); typedef struct argument_s argument_t; /*===========================================================================*/ hcxtools-6.2.7/include/hcxpmktool.h000066400000000000000000000013341423200176400173550ustar00rootroot00000000000000#define HCX_HASHLINE 'i' #define HCX_ESSID 'e' #define HCX_PSK 'p' #define HCX_PMK 'm' #define HCX_HELP 'h' #define HCX_VERSION 'v' #define ESSID_LEN_MAX 32 #define EAPOL_AUTHLEN_MAX 256 #define PMK_LEN 32 #define HASH_LEN 16 /*===========================================================================*/ typedef struct { uint8_t type; #define HS_PMKID 1 #define HS_EAPOL 2 uint8_t hash[HASH_LEN]; uint8_t ap[6]; uint8_t client[6]; uint8_t essidlen; uint8_t essid[ESSID_LEN_MAX]; uint8_t nonce[32]; uint16_t eapauthlen; uint8_t eapol[EAPOL_AUTHLEN_MAX]; uint8_t mp; } hashlist_t; #define HASHLIST_SIZE (sizeof(hashlist_t)) /*===========================================================================*/ hcxtools-6.2.7/include/hcxpsktool.h000066400000000000000000000040761423200176400173710ustar00rootroot00000000000000#define ESSID_LEN_MAX 32 #define PMKID_LINE_LEN 255 #define PMKIDEAPOL_LINE_LEN 1024 #define JOHN_LINE_LEN 1024 #define PSKSTRING_LEN_MAX 64 #define HCXD_MACONLY 1 #define HCXD_NOESSIDCOMBINATION 2 #define HCXD_NETGEAR 3 #define HCXD_SPECTRUM 4 #define HCXD_PHOME 5 #define HCXD_TENDA 6 #define HCXD_EE 7 #define HCXD_ALTICEOPTIMUM 8 #define HCXD_WEAKPASS 9 #define HCXD_EUDATE 10 #define HCXD_USDATE 11 #define HCXD_WPSKEYS 12 #define HCXD_DIGIT10 13 #define HCXD_EGN 14 #define HCXD_HELP 'h' #define HCXD_VERSION 'v' #ifdef __BYTE_ORDER__ #if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ #define BIG_ENDIAN_HOST #endif #else #ifdef __OpenBSD__ # include # if BYTE_ORDER == BIG_ENDIAN # define BIG_ENDIAN_HOST # endif #endif #endif /*===========================================================================*/ struct apessidlist_s { uint8_t status; unsigned long long int macaddr; uint8_t essidlen; uint8_t essid[ESSID_LEN_MAX]; } __attribute__((__packed__)); typedef struct apessidlist_s apessidl_t; #define APESSIDLIST_SIZE (sizeof(apessidl_t)) /*===========================================================================*/ static int sort_apessidlist_by_ap(const void *a, const void *b) { const apessidl_t *ia = (const apessidl_t *)a; const apessidl_t *ib = (const apessidl_t *)b; if(ia->macaddr > ib->macaddr) return 1; if(ia->macaddr < ib->macaddr) return -1; if(memcmp(ia->essid, ib->essid, ESSID_LEN_MAX) > 0) return 1; else if(memcmp(ia->essid, ib->essid, ESSID_LEN_MAX) < 0) return -1; return 0; } /*===========================================================================*/ static int sort_apessidlist_by_essid(const void *a, const void *b) { const apessidl_t *ia = (const apessidl_t *)a; const apessidl_t *ib = (const apessidl_t *)b; if(memcmp(ia->essid, ib->essid, ESSID_LEN_MAX) > 0) return 1; else if(memcmp(ia->essid, ib->essid, ESSID_LEN_MAX) < 0) return -1; if(ia->macaddr > ib->macaddr) return 1; if(ia->macaddr < ib->macaddr) return -1; return 0; } /*===========================================================================*/ hcxtools-6.2.7/include/hcxwltool.h000066400000000000000000000004741423200176400172140ustar00rootroot00000000000000#define HCX_INPUT_WORDLIST 'i' #define HCX_OUTPUT_WORDLIST 'o' #define HCX_SWEEP_LEN '1' #define HCX_DIGIT '2' #define HCX_XDIGIT '3' #define HCX_LOWER '4' #define HCX_UPPER '5' #define HCX_CAPITAL '6' #define HCX_STRAIGHT '7' #define HCX_HELP 'h' #define HCX_VERSION 'v' #define LINEIN_MAX 128 hcxtools-6.2.7/include/ieee80211.c000066400000000000000000000007661423200176400164730ustar00rootroot00000000000000#include "ieee80211.h" /*===========================================================================*/ int getkeyinfo(uint16_t ki) { if(ki & WPA_KEY_INFO_ACK) { if(ki & WPA_KEY_INFO_INSTALL) { /* handshake 3 */ return 3; } else { /* handshake 1 */ return 1; } } else { if(ki & WPA_KEY_INFO_SECURE) { /* handshake 4 */ return 4; } else { /* handshake 2 */ return 2; } } return 0; } /*===========================================================================*/ hcxtools-6.2.7/include/ieee80211.h000066400000000000000000000725141423200176400165000ustar00rootroot00000000000000#define MYREPLAYCOUNT 63232 #define MAC_SIZE_ACK (10) #define MAC_SIZE_RTS (16) #define MAC_SIZE_NORM (24) #define MAC_SIZE_QOS (26) #define MAC_SIZE_LONG (30) #define MAC_SIZE_QOS_LONG (32) #define FCS_LEN 4 /* types */ #define IEEE80211_FTYPE_MGMT 0x0 #define IEEE80211_FTYPE_CTL 0x1 #define IEEE80211_FTYPE_DATA 0x2 #define IEEE80211_FTYPE_RCVD 0x3 /* management */ #define IEEE80211_STYPE_ASSOC_REQ 0x0 #define IEEE80211_STYPE_ASSOC_RESP 0x1 #define IEEE80211_STYPE_REASSOC_REQ 0x2 #define IEEE80211_STYPE_REASSOC_RESP 0x3 #define IEEE80211_STYPE_PROBE_REQ 0x4 #define IEEE80211_STYPE_PROBE_RESP 0x5 #define IEEE80211_STYPE_BEACON 0x8 #define IEEE80211_STYPE_ATIM 0x9 #define IEEE80211_STYPE_DISASSOC 0xa #define IEEE80211_STYPE_AUTH 0xb #define IEEE80211_STYPE_DEAUTH 0xc #define IEEE80211_STYPE_ACTION 0xd #define IEEE80211_STYPE_NACK 0xe #define IEEE80211_STYPE_MGTRESERVED 0xf /* control */ #define IEEE80211_STYPE_CTL_EXT 0x6 #define IEEE80211_STYPE_BACK_REQ 0x8 #define IEEE80211_STYPE_BACK 0x9 #define IEEE80211_STYPE_PSPOLL 0xa #define IEEE80211_STYPE_RTS 0xb #define IEEE80211_STYPE_CTS 0xc #define IEEE80211_STYPE_ACK 0xd #define IEEE80211_STYPE_CFEND 0xe #define IEEE80211_STYPE_CFENDACK 0xf /* data */ #define IEEE80211_STYPE_DATA 0x0 #define IEEE80211_STYPE_DATA_CFACK 0x1 #define IEEE80211_STYPE_DATA_CFPOLL 0x2 #define IEEE80211_STYPE_DATA_CFACKPOLL 0x3 #define IEEE80211_STYPE_NULLFUNC 0x4 #define IEEE80211_STYPE_CFACK 0x5 #define IEEE80211_STYPE_CFPOLL 0x6 #define IEEE80211_STYPE_CFACKPOLL 0x7 #define IEEE80211_STYPE_QOS_DATA 0x8 #define IEEE80211_STYPE_QOS_DATA_CFACK 0x9 #define IEEE80211_STYPE_QOS_DATA_CFPOLL 0xa #define IEEE80211_STYPE_QOS_DATA_CFACKPOLL 0xb #define IEEE80211_STYPE_QOS_NULLFUNC 0xc #define IEEE80211_STYPE_QOS_CFACK 0xd #define IEEE80211_STYPE_QOS_CFPOLL 0xe #define IEEE80211_STYPE_QOS_CFACKPOLL 0xf /* Reason codes (IEEE 802.11-2007, 7.3.1.7, Table 7-22) */ #define WLAN_REASON_UNSPECIFIED 1 #define WLAN_REASON_PREV_AUTH_NOT_VALID 2 #define WLAN_REASON_DEAUTH_LEAVING 3 #define WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY 4 #define WLAN_REASON_DISASSOC_AP_BUSY 5 #define WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA 6 #define WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA 7 #define WLAN_REASON_DISASSOC_STA_HAS_LEFT 8 #define WLAN_REASON_STA_REQ_ASSOC_WITHOUT_AUTH 9 /* IEEE 802.11h */ #define WLAN_REASON_PWR_CAPABILITY_NOT_VALID 10 #define WLAN_REASON_SUPPORTED_CHANNEL_NOT_VALID 11 /* IEEE 802.11i */ #define WLAN_REASON_INVALID_IE 13 #define WLAN_REASON_MICHAEL_MIC_FAILURE 14 #define WLAN_REASON_4WAY_HANDSHAKE_TIMEOUT 15 #define WLAN_REASON_GROUP_KEY_UPDATE_TIMEOUT 16 #define WLAN_REASON_IE_IN_4WAY_DIFFERS 17 #define WLAN_REASON_GROUP_CIPHER_NOT_VALID 18 #define WLAN_REASON_PAIRWISE_CIPHER_NOT_VALID 19 #define WLAN_REASON_AKMP_NOT_VALID 20 #define WLAN_REASON_UNSUPPORTED_RSN_IE_VERSION 21 #define WLAN_REASON_INVALID_RSN_IE_CAPAB 22 #define WLAN_REASON_IEEE_802_1X_AUTH_FAILED 23 #define WLAN_REASON_CIPHER_SUITE_REJECTED 24 #define IEEE80211_SEQ_SEQ_MASK 0xfff0 #define IEEE80211_SEQ_SEQ_SHIFT 4 #define WBIT(n) (1 << (n)) #define WPA_KEY_INFO_TYPE_MASK (WBIT(0) | WBIT(1) | WBIT(2)) #define WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 WBIT(0) #define WPA_KEY_INFO_TYPE_HMAC_SHA1_AES WBIT(1) #define WPA_KEY_INFO_KEY_TYPE WBIT(3) /* 1 = Pairwise, 0 = Group key */ #define WPA_KEY_INFO_KEY_INDEX_MASK (WBIT(4) | WBIT(5)) #define WPA_KEY_INFO_KEY_INDEX_SHIFT 4 #define WPA_KEY_INFO_INSTALL WBIT(6) /* pairwise */ #define WPA_KEY_INFO_TXRX WBIT(6) /* group */ #define WPA_KEY_INFO_ACK WBIT(7) #define WPA_KEY_INFO_MIC WBIT(8) #define WPA_KEY_INFO_SECURE WBIT(9) #define WPA_KEY_INFO_ERROR WBIT(10) #define WPA_KEY_INFO_REQUEST WBIT(11) #define WPA_KEY_INFO_ENCR_KEY_DATA WBIT(12) /* IEEE 802.11i/RSN only */ /*===========================================================================*/ enum ieee80211_radiotap_presence { IEEE80211_RADIOTAP_TSFT = 0x00000001, IEEE80211_RADIOTAP_FLAGS = 0x00000002, IEEE80211_RADIOTAP_RATE = 0x00000004, IEEE80211_RADIOTAP_CHANNEL = 0x00000008, IEEE80211_RADIOTAP_FHSS = 0x00000010, IEEE80211_RADIOTAP_DBM_ANTSIGNAL = 0x00000020, IEEE80211_RADIOTAP_DBM_ANTNOISE = 0x00000040, IEEE80211_RADIOTAP_LOCK_QUALITY = 0x00000080, IEEE80211_RADIOTAP_TX_ATTENUATION = 0x00000100, IEEE80211_RADIOTAP_DB_TX_ATTENUATION = 0x00000200, IEEE80211_RADIOTAP_DBM_TX_POWER = 0x00000400, IEEE80211_RADIOTAP_ANTENNA = 0x00000800, IEEE80211_RADIOTAP_DB_ANTSIGNAL = 0x00001000, IEEE80211_RADIOTAP_DB_ANTNOISE = 0x00002000, IEEE80211_RADIOTAP_RX_FLAGS = 0x00004000, IEEE80211_RADIOTAP_TX_FLAGS = 0x00008000, IEEE80211_RADIOTAP_RTS_RETRIES = 0x00010000, IEEE80211_RADIOTAP_DATA_RETRIES = 0x00020000, /* 18 is XChannel, not defined */ IEEE80211_RADIOTAP_MCS = 0x00080000, IEEE80211_RADIOTAP_AMPDU_STATUS = 0x00100000, IEEE80211_RADIOTAP_VHT = 0x00200000, IEEE80211_RADIOTAP_TIMESTAMP = 0x00400000, /* valid in every it_present bitmap, even vendor namespaces */ IEEE80211_RADIOTAP_RADIOTAP_NAMESPACE = 0x20000000, IEEE80211_RADIOTAP_VENDOR_NAMESPACE = 0x40000000, IEEE80211_RADIOTAP_EXT = 0x80000000, }; enum ieee80211_radiotap_flags { IEEE80211_RADIOTAP_F_CFP = 0x01, IEEE80211_RADIOTAP_F_SHORTPRE = 0x02, IEEE80211_RADIOTAP_F_WEP = 0x04, IEEE80211_RADIOTAP_F_FRAG = 0x08, IEEE80211_RADIOTAP_F_FCS = 0x10, IEEE80211_RADIOTAP_F_DATAPAD = 0x20, IEEE80211_RADIOTAP_F_BADFCS = 0x40, }; struct radiotap_header { uint8_t it_version; uint8_t it_pad; uint16_t it_len; uint32_t it_present; } __attribute__((__packed__)); typedef struct radiotap_header rth_t; #define RTH_SIZE (sizeof(rth_t)) /*===========================================================================*/ struct ethernet2_header { uint8_t addr1[6]; uint8_t addr2[6]; uint16_t ether_type; } __attribute__((packed)); typedef struct ethernet2_header eth2_t; #define ETH2_SIZE (sizeof(eth2_t)) /*===========================================================================*/ struct loopback_header { #define LOBA_IPV4 2 #define LOBA_IPX 23 #define LOBA_IPV624 24 #define LOBA_IPV628 28 #define LOBA_IPV630 30 uint32_t family; } __attribute__((packed)); typedef struct loopback_header loba_t; #define LOBA_SIZE (sizeof(loba_t)) /*===========================================================================*/ #define WLAN_DEVNAMELEN_MAX 16 struct prism_item { uint32_t did; uint16_t status; uint16_t len; uint32_t data; } __attribute__((packed)); struct prism_header { uint32_t msgcode; uint32_t msglen; char devname[WLAN_DEVNAMELEN_MAX]; struct prism_item hosttime; struct prism_item mactime; struct prism_item channel; struct prism_item rssi; struct prism_item sq; struct prism_item signal; struct prism_item noise; struct prism_item rate; struct prism_item istx; struct prism_item frmlen; } __attribute__((packed)); typedef struct prism_item prism_item_t; typedef struct prism_header prism_t; #define PRISM_SIZE (sizeof(prism_t)) /*===========================================================================*/ struct avs_header { uint32_t version; uint32_t len; uint64_t mactime; uint64_t hosttime; uint32_t phytype; uint32_t channel; uint32_t datarate; uint32_t antenna; uint32_t priority; uint32_t ssi_type; int32_t ssi_signal; int32_t ssi_noise; uint32_t preamble; uint32_t encoding; } __attribute__((packed)); typedef struct avs_header avs_t; #define AVS_SIZE (sizeof(avs_t)) /*===========================================================================*/ struct ppi_header { uint8_t pph_version; uint8_t pph_flags; uint16_t pph_len; uint32_t pph_dlt; } __attribute__((packed)); typedef struct ppi_header ppi_t; #define PPI_SIZE (sizeof(ppi_t)) /*===========================================================================*/ struct msnetmon_header { uint8_t version_minor; uint8_t version_major; uint16_t network; uint16_t ts_year; uint16_t ts_month; uint16_t ts_weekday; uint16_t ts_day; uint16_t ts_hour; uint16_t ts_min; uint16_t ts_sec; uint16_t ts_msec; uint32_t frametableoffset; uint32_t frametablelength; uint32_t userdataoffset; uint32_t userdatalength; uint32_t commentdataoffset; uint32_t commentdatalength; uint32_t statisticsoffset; uint32_t statisticslength; uint32_t networkinfooffset; uint32_t networkinfolength; } __attribute__((packed)); typedef struct msnetmon_header msntm_t; #define MSNETMON_SIZE (sizeof(msntm_t)) /*===========================================================================*/ struct fcs_frame { uint32_t fcs; }; typedef struct fcs_frame fcs_t; #define FCS_SIZE (sizeof(fcs_t)) /*===========================================================================*/ struct qos_frame { uint8_t control; uint8_t flags; } __attribute__((__packed__)); typedef struct qos_frame qos_t; #define QOS_SIZE (sizeof(qos_t)) /*===========================================================================*/ /* * DS bit usage * * TA = transmitter address * RA = receiver address * DA = destination address * SA = source address * * ToDS FromDS A1(RA) A2(TA) A3 A4 Use * ----------------------------------------------------------------- * 0 0 DA SA BSSID - IBSS/DLS * 0 1 DA BSSID SA - AP -> STA * 1 0 BSSID SA DA - AP <- STA * 1 1 RA TA DA SA unspecified (WDS) */ struct mac_frame { #ifdef BIG_ENDIAN_HOST unsigned subtype : 4; unsigned type : 2; unsigned version : 2; unsigned ordered : 1; unsigned prot : 1; unsigned more_data : 1; unsigned power : 1; unsigned retry : 1; unsigned more_frag : 1; unsigned from_ds : 1; unsigned to_ds : 1; #else unsigned version : 2; unsigned type : 2; unsigned subtype : 4; unsigned to_ds : 1; unsigned from_ds : 1; unsigned more_frag : 1; unsigned retry : 1; unsigned power : 1; unsigned more_data : 1; unsigned prot : 1; unsigned ordered : 1; #endif uint16_t duration; uint8_t addr1[6]; uint8_t addr2[6]; uint8_t addr3[6]; uint16_t sequence; uint8_t addr4[6]; qos_t qos; } __attribute__((__packed__)); typedef struct mac_frame mac_t; /*===========================================================================*/ struct capabilities_ap_frame { uint64_t timestamp; uint16_t beaconintervall; uint16_t capabilities; } __attribute__((__packed__)); typedef struct capabilities_ap_frame capap_t; #define CAPABILITIESAP_SIZE sizeof(capap_t) /*===========================================================================*/ struct capabilities_sta_frame { uint16_t capabilities; uint16_t listeninterval; } __attribute__((__packed__)); typedef struct capabilities_sta_frame capsta_t; #define CAPABILITIESSTA_SIZE sizeof(capsta_t) /*===========================================================================*/ struct capabilitiesreq_sta_frame { uint16_t capabilities; uint16_t listeninterval; uint8_t addr[6]; } __attribute__((__packed__)); typedef struct capabilitiesreq_sta_frame capreqsta_t; #define CAPABILITIESREQSTA_SIZE sizeof(capreqsta_t) /*===========================================================================*/ struct ie_tag { uint8_t id; #define TAG_SSID 0x00 #define TAG_RATE 0x01 #define TAG_CHAN 0x03 #define TAG_COUNTRY 0x07 #define TAG_RSN 0x30 #define TAG_PAG 0xde #define TAG_VENDOR 0xdd #define TAG_EXT 0xff uint8_t len; uint8_t data[1]; } __attribute__((__packed__)); typedef struct ie_tag ietag_t; #define IETAG_SIZE offsetof(ietag_t, data) /*===========================================================================*/ struct vendorie_tag { uint8_t oui[3]; uint8_t ouitype; #define VT_WPA_IE 0x01 #define VT_RSN_IE 0x02 #define VT_WMM_IE 0x02 #define VT_WPS_IE 0x04 #define VT_AWDL_IE 0x08 #define VT_NAN_IE 0x13 uint8_t data[1]; } __attribute__ ((packed)); typedef struct vendorie_tag vendorie_t; #define VENDORIE_SIZE offsetof(vendorie_t, data) static const uint8_t ouimscorp[3] = { 0x00, 0x50, 0xf2 }; static const uint8_t ouiapple[3] = { 0x00, 0x17, 0xf2 }; static const uint8_t ouiwifialliance[3] = { 0x50, 0x6f, 0x9a }; /*===========================================================================*/ struct owe_tag { uint8_t number; uint16_t group; uint8_t data[1]; } __attribute__((__packed__)); typedef struct owe_tag owe_t; #define OWE_SIZE offsetof(owe_t, data) /*===========================================================================*/ struct rsnie_tag { uint16_t version; uint8_t data[1]; } __attribute__((__packed__)); typedef struct rsnie_tag rsnie_t; #define RSNIE_SIZE offsetof(rsnie_t, data) #define RSNIE_LEN_MIN 20 /*===========================================================================*/ struct wpaie_tag { uint8_t oui[3]; uint8_t ouitype; uint16_t type; uint8_t data[1]; } __attribute__ ((packed)); typedef struct wpaie_tag wpaie_t; #define WPAIE_SIZE offsetof(wpaie_t, data) #define WPAIE_LEN_MIN 22 #define OUI_SIZE 3 /*===========================================================================*/ struct wpsvendor_tag { uint8_t oui[3]; uint8_t type; } __attribute__ ((packed)); typedef struct wpsvendor_tag wpsvendor_t; #define WPSVENDOR_SIZE sizeof(wpsvendor_t) /*===========================================================================*/ struct wpsie_tag { uint16_t type; #define WPS_CONFIGMETHODS 0x1008 #define WPS_DEVICENAME 0x1011 #define WPS_MANUFACTURER 0x1021 #define WPS_MODELNAME 0x1023 #define WPS_SERIALNUMBER 0x1042 #define WPS_STATE 0x1044 #define WPS_UUIDE 0x1047 #define WPS_VERSION 0x104a uint16_t len; uint8_t data[1]; } __attribute__ ((packed)); typedef struct wpsie_tag wpsie_t; #define WPSIE_SIZE offsetof(wpsie_t, data) /*===========================================================================*/ struct suitecount_s { uint16_t count; uint8_t data[1]; } __attribute__ ((packed)); typedef struct suitecount_s suitecount_t; #define SUITECOUNT_SIZE offsetof(suitecount_t, data) /*===========================================================================*/ struct suite_s { uint8_t oui[3]; uint8_t type; #define CS_WEP40 1 #define CS_TKIP 2 #define CS_WRAP 3 #define CS_CCMP 4 #define CS_WEP104 5 #define CS_BIP 6 #define CS_NOT_ALLOWED 7 #define CS_GCMP 9 #define AK_PMKSA 1 #define AK_PSK 2 #define AK_FT 3 #define AK_FT_PSK 4 #define AK_PMKSA256 5 #define AK_PSKSHA256 6 #define AK_TDLS 7 #define AK_SAE_SHA256 8 #define AK_FT_SAE 9 #define AK_AP_PKA 10 #define AK_SAE_SHA256B 11 #define AK_SAE_SHA384B 12 #define AK_OWE 18 } __attribute__ ((packed)); typedef struct suite_s suite_t; #define SUITE_SIZE sizeof(suite_t) static const uint8_t suiteoui[3] = { 0x00, 0x0f, 0xac }; /*===========================================================================*/ struct rsncapabilites_s { uint16_t rsncapa; }; typedef struct rsncapabilites_s rsncapabilites_t; #define RSNCAPABILITIES_SIZE sizeof(rsncapabilites_t) /*===========================================================================*/ struct llc_frame { uint8_t dsap; uint8_t ssap; uint8_t control; uint8_t org[3]; uint16_t type; #define LLC_TYPE_AUTH 0x888e #define LLC_TYPE_IPV4 0x0800 #define LLC_TYPE_IPV6 0x86dd #define LLC_TYPE_PREAUT 0x88c7 #define LLC_TYPE_FRRR 0x890d }; typedef struct llc_frame llc_t; #define LLC_SIZE (sizeof(llc_t)) #define LLC_SNAP 0xaa /*===========================================================================*/ struct authentication_frame { uint16_t algorithm; #define OPEN_SYSTEM 0 #define SHARED_KEY 1 #define FBT 2 #define SAE 3 #define FILS 4 #define FILSPFS 5 #define FILSPK 6 #define NETWORKEAP 128 uint16_t sequence; uint16_t statuscode; #define AUTH_OK 0 #define AUTH_FAILURE 1 #define AUTH_UNSUPPORTED 10 #define AUTH_REASSOC_DENIED 11 #define AUTH_UNSECIFIED 12 } __attribute__((__packed__)); typedef struct authentication_frame authf_t; #define AUTHENTICATIONFRAME_SIZE (sizeof(authf_t)) /*===========================================================================*/ struct sae_commit_authentication_frame { uint16_t group_id; uint8_t scalar[32]; uint8_t commit_element_x[32]; uint8_t commit_element_y[32]; } __attribute__((__packed__)); typedef struct sae_commit_authentication_frame saecommitauthf_t; #define SAECOMMITAUTHENTICATIONFRAME_SIZE (sizeof(saecommitauthf_t)) /*===========================================================================*/ struct sae_confirm_authentication_frame { uint16_t send_confirm; uint8_t confirm[32]; } __attribute__((__packed__)); typedef struct sae_confirm_authentication_frame saeconfirmauthf_t; #define SAECONFIRMAUTHENTICATIONFRAME_SIZE (sizeof(saeconfirmauthf_t)) /*===========================================================================*/ struct association_resp_frame { uint16_t capabilities; uint16_t authentication_seq; uint16_t statuscode; uint16_t id; } __attribute__((__packed__)); typedef struct association_resp_frame assocrepf_t; #define ASSOCIATIONRESPFRAME_SIZE (sizeof(assocrepf_t)) /*===========================================================================*/ struct action_frame { uint8_t categoriecode; #define CAT_BLOCK_ACK 0x03 #define CAT_RADIO_MEASUREMENT 0x05 #define CAT_VENDOR 0x7f uint8_t actioncode; #define ACT_ADD_BLOCK_ACK_REQ 0x00 #define ACT_ADD_BLOCK_ACK_RESP 0x00 #define ACT_DELETE_BLOCK_REQ 0x02 #define ACT_RADIO_MEASUREMENT_REQ 0x00 }; typedef struct action_frame actf_t; #define ACTIONFRAME_SIZE (sizeof(actf_t)) /*===========================================================================*/ struct actionvendor_frame { uint8_t categoriecode; uint8_t vendor[3]; }; typedef struct actionvendor_frame actvf_t; #define ACTIONVENDORFRAME_SIZE (sizeof(actvf_t)) /*===========================================================================*/ struct actionmeasurement_frame { uint8_t categoriecode; uint8_t actioncode; #define ACT_MM_NRREQ 4 #define ACT_MM_NRRESP 5 uint8_t dialogtoken; }; typedef struct actionmeasurement_frame actmm_t; #define ACTIONMEASUREMENTFRAME_SIZE (sizeof(actmm_t)) /*===========================================================================*/ struct eapauthentication_s { uint8_t version; uint8_t type; #define EAP_PACKET 0 #define EAPOL_START 1 #define EAPOL_LOGOFF 2 #define EAPOL_KEY 3 #define EAPOL_ASF 4 #define EAPOL_MKA 5 uint16_t len; uint8_t data[1]; #define EAP_KDT_RC4 0x01 #define EAP_KDT_RSN 0x02 #define EAP_KDT_WPA 0xfe } __attribute__((__packed__)); typedef struct eapauthentication_s eapauth_t; #define EAPAUTH_SIZE offsetof(eapauth_t, data) /*===========================================================================*/ struct wpakey_s { uint8_t keydescriptor; uint16_t keyinfo; uint16_t keylen; uint64_t replaycount; uint8_t nonce[32]; uint8_t keyiv[16]; uint64_t keyrsc; uint8_t keyid[8]; uint8_t keymic[16]; uint16_t wpadatalen; uint8_t data[1]; } __attribute__((__packed__)); typedef struct wpakey_s wpakey_t; #define WPAKEY_SIZE offsetof(wpakey_t, data) /*===========================================================================*/ struct pmkid_s { uint8_t id; uint8_t len; uint8_t oui[3]; uint8_t type; uint8_t pmkid[16]; } __attribute__((__packed__)); typedef struct pmkid_s pmkid_t; #define PMKID_SIZE (sizeof(pmkid_t)) /*===========================================================================*/ struct rsnpmkidlist_s { uint16_t count; } __attribute__((__packed__)); typedef struct rsnpmkidlist_s rsnpmkidlist_t; #define RSNPMKIDLIST_SIZE (sizeof(rsnpmkidlist_t)) /*===========================================================================*/ struct exteap_frame { uint8_t code; #define EAP_CODE_REQ 1 #define EAP_CODE_RESP 2 #define EAP_CODE_SUCCESS 3 #define EAP_CODE_FAILURE 4 #define EAP_CODE_INITIATE 5 #define EAP_CODE_FINISH 6 uint8_t id; #define EAP_TYPE_ID 1 uint16_t len; uint8_t type; #define EAP_TYPE_EAP 0 #define EAP_TYPE_ID 1 #define EAP_TYPE_NOTIFY 2 #define EAP_TYPE_NAK 3 #define EAP_TYPE_MD5 4 #define EAP_TYPE_OTP 5 #define EAP_TYPE_GTC 6 #define EAP_TYPE_RSA 9 #define EAP_TYPE_DSS 10 #define EAP_TYPE_KEA 11 #define EAP_TYPE_KEA_VALIDATE 12 #define EAP_TYPE_TLS 13 #define EAP_TYPE_AXENT 14 #define EAP_TYPE_RSA_SSID 15 #define EAP_TYPE_RSA_ARCOT 16 #define EAP_TYPE_LEAP 17 #define EAP_TYPE_SIM 18 #define EAP_TYPE_SRP_SHA1 19 #define EAP_TYPE_TTLS 21 #define EAP_TYPE_RAS 22 #define EAP_TYPE_AKA 23 #define EAP_TYPE_3COMEAP 24 #define EAP_TYPE_PEAP 25 #define EAP_TYPE_MSEAP 26 #define EAP_TYPE_MAKE 27 #define EAP_TYPE_CRYPTOCARD 28 #define EAP_TYPE_MSCHAPV2 29 #define EAP_TYPE_DYNAMICID 30 #define EAP_TYPE_ROB 31 #define EAP_TYPE_POTP 32 #define EAP_TYPE_MSTLV 33 #define EAP_TYPE_SENTRI 34 #define EAP_TYPE_AW 35 #define EAP_TYPE_CSBA 36 #define EAP_TYPE_AIRFORT 37 #define EAP_TYPE_HTTPD 38 #define EAP_TYPE_SS 39 #define EAP_TYPE_DC 40 #define EAP_TYPE_SPEKE 41 #define EAP_TYPE_MOBAC 42 #define EAP_TYPE_FAST 43 #define EAP_TYPE_ZLXEAP 44 #define EAP_TYPE_LINK 45 #define EAP_TYPE_PAX 46 #define EAP_TYPE_PSK 47 #define EAP_TYPE_SAKE 48 #define EAP_TYPE_IKEV2 49 #define EAP_TYPE_AKA1 50 #define EAP_TYPE_GPSK 51 #define EAP_TYPE_PWD 52 #define EAP_TYPE_EKE1 53 #define EAP_TYPE_PTEAP 54 #define EAP_TYPE_TEAP 55 #define EAP_TYPE_EXPAND 254 #define EAP_TYPE_EXPERIMENTAL 255 uint8_t data[1]; } __attribute__((__packed__)); typedef struct exteap_frame exteap_t; #define EXTEAP_SIZE offsetof(exteap_t, data) /*===========================================================================*/ struct mpdu_frame { uint8_t pn[3]; uint8_t keyid; uint8_t exitiv[4]; }; typedef struct mpdu_frame mpdu_t; #define MPDU_SIZE (sizeof(mpdu_t)) /*===========================================================================*/ struct eapmd5_frame { uint8_t code; uint8_t id; uint16_t eapmd5len; uint8_t type; uint8_t md5len; uint8_t md5data[1]; } __attribute__((__packed__)); typedef struct eapmd5_frame eapmd5_t; #define EAPMD5_SIZE offsetof(eapmd5_t, md5data) /*===========================================================================*/ struct eapleap_frame { uint8_t code; uint8_t id; uint16_t eapleaplen; uint8_t type; uint8_t version; uint8_t reserved; uint8_t leaplen; uint8_t leapdata[1]; } __attribute__((__packed__)); typedef struct eapleap_frame eapleap_t; #define EAPLEAP_SIZE offsetof(eapleap_t, leapdata) /*===========================================================================*/ struct eapmschapv2_frame { uint8_t code; uint8_t id; uint16_t eaplen; uint8_t type; uint8_t opcode; #define EAP_MSCHAPV2_OPCODE_REQ 1 #define EAP_MSCHAPV2_OPCODE_RESP 2 uint8_t mschapv2id; uint16_t mschapv2len; uint8_t mschapv2valuesize; uint8_t mschapv2data[1]; } __attribute__((__packed__)); typedef struct eapmschapv2_frame eapmschapv2_t; #define EAPMSCHAPV2_SIZE offsetof(eapmschapv2_t, mschapv2data) /*===========================================================================*/ struct ipv4_frame { uint8_t ver_hlen; uint8_t tos; uint16_t len; uint16_t ipid; uint16_t flags_offset; uint8_t ttl; uint8_t nextprotocol; #define NEXTHDR_HOP 0 /* Hop-by-hop option header. */ #define NEXTHDR_ICMP4 1 /* ICMP4 header */ #define NEXTHDR_TCP 6 /* TCP segment. */ #define NEXTHDR_UDP 17 /* UDP message. */ #define NEXTHDR_IPV6 41 /* IPv6 in IPv6 */ #define NEXTHDR_ROUTING 43 /* Routing header. */ #define NEXTHDR_FRAGMENT 44 /* Fragmentation/reassembly header. */ #define NEXTHDR_GRE 47 /* GRE header. */ #define NEXTHDR_ESP 50 /* Encapsulating security payload. */ #define NEXTHDR_AUTH 51 /* Authentication header. */ #define NEXTHDR_ICMP6 58 /* ICMP6 for IPv6. */ #define NEXTHDR_NONE 59 /* No next header */ #define NEXTHDR_DEST 60 /* Destination options header. */ #define NEXTHDR_SCTP 132 /* SCTP message. */ #define NEXTHDR_MOBILITY 135 /* Mobility header. */ #define NEXTHDR_MAX 255 uint16_t checksum; uint8_t srcaddr[4]; uint8_t dstaddr[4]; } __attribute__ ((packed)); typedef struct ipv4_frame ipv4_t; #define IPV4_SIZE (sizeof(ipv4_t)) #define IPV4_SIZE_MIN 20 #define IPV4_SIZE_MAX 64 /*===========================================================================*/ struct ipv6_frame { uint32_t ver_class; uint16_t len; uint8_t nextprotocol; uint8_t hoplimint; uint8_t srcaddr[16]; uint8_t dstaddr[16]; } __attribute__ ((packed)); typedef struct ipv6_frame ipv6_t; #define IPV6_SIZE (sizeof(ipv6_t)) /*===========================================================================*/ struct tcp_frame { uint16_t sourceport; uint16_t destinationport; uint32_t sequencenumber; uint32_t acknumber; uint8_t len /* x 4 */; uint8_t flags; uint16_t window; uint16_t checksum; uint16_t urgent; uint8_t options[1]; } __attribute__ ((packed)); typedef struct tcp_frame tcp_t; #define TCP_SIZE_MIN offsetof(tcp_t, options) /*===========================================================================*/ struct udp_frame { uint16_t sourceport; uint16_t destinationport; #define UDP_DHCP_SERVERPORT 67 #define UDP_DHCP_CLIENTPORT 68 #define UDP_DHCP6_SERVERPORT 547 #define UDP_DHCP6_CLIENTPORT 546 #define UDP_RADIUS_DESTINATIONPORT 1812 #define UDP_TZSP_DESTINATIONPORT 37008 uint16_t len; uint16_t checksum; } __attribute__ ((packed)); typedef struct udp_frame udp_t; #define UDP_SIZE (sizeof(udp_t)) /*===========================================================================*/ struct tzsp_frame { uint8_t version; uint8_t type; uint16_t enc_protocol; #define TZSP_ENCAP_ETHERNET 1 #define TZSP_ENCAP_TOKEN_RING 2 #define TZSP_ENCAP_SLIP 3 #define TZSP_ENCAP_PPP 4 #define TZSP_ENCAP_FDDI 5 #define TZSP_ENCAP_RAW 7 #define TZSP_ENCAP_IEEE_802_11 18 #define TZSP_ENCAP_IEEE_802_11_PRISM 119 #define TZSP_ENCAP_IEEE_802_11_AVS 127 uint8_t data[1]; } __attribute__ ((packed)); typedef struct tzsp_frame tzsp_t; #define TZSP_SIZE offsetof(tzsp_t, data) /*===========================================================================*/ struct tzsp_tag { uint8_t tag; #define TZSP_TAG_END 1 #define TZSP_TAG_ORGLEN 41 uint8_t len; uint8_t data[1]; } __attribute__ ((packed)); typedef struct tzsp_tag tzsptag_t; #define TZSPTAG_SIZE offsetof(tzsptag_t, data) /*===========================================================================*/ struct gre_frame { uint16_t flags; uint16_t type; uint16_t len; uint16_t callid; } __attribute__ ((packed)); typedef struct gre_frame gre_t; #define GRE_SIZE (sizeof(gre_t)) #define GREPROTO_PPP 0x880b #define GRE_FLAG_SNSET 0x1000 #define GRE_FLAG_ACKSET 0x0080 #define GRE_MASK_VERSION 0x0003 /*===========================================================================*/ struct ptp_frame { uint16_t type; } __attribute__ ((packed)); typedef struct ptp_frame ptp_t; #define PTP_SIZE (sizeof(ptp_t)) #define PROTO_PAP 0xc023 #define PROTO_CHAP 0xc223 /*===========================================================================*/ struct chap_frame { uint8_t code; #define CHAP_CODE_REQ 1 #define CHAP_CODE_RESP 2 #define CHAP_CODE_SUCCESS 3 uint8_t id; uint16_t len; uint8_t data[1]; } __attribute__ ((packed)); typedef struct chap_frame chap_t; #define CHAP_SIZE (sizeof(chap_t)) /*===========================================================================*/ struct tacacsp_frame { uint8_t version; #define TACACSP_VERSION 0xc0 uint8_t type; #define TACACS_AUTHENTICATION 1 uint8_t sequencenr; uint8_t flags; uint32_t sessionid; uint32_t len; uint8_t data[1]; } __attribute__ ((packed)); typedef struct tacacsp_frame tacacsp_t; #define TACACSP_SIZE offsetof(tacacsp_t, data) /*===========================================================================*/ #define RADIUS_AUTHENTICATOR_LENGTH 16 #define RADIUS_PASSWORD_BLOCK_SIZE 16 #define RADIUS_HEADER_LENGTH 20 #define RADIUS_MAX_SIZE 1000 #define RADIUS_MAX_ATTRIBUTE_SIZE 253 struct radius_frame_t { uint8_t code; uint8_t id; uint16_t length; uint8_t authenticator[RADIUS_AUTHENTICATOR_LENGTH]; uint8_t attrs[RADIUS_MAX_SIZE -RADIUS_HEADER_LENGTH]; uint8_t data[1]; } __attribute__ ((packed)); typedef struct radius_frame_t radius_t; #define RADIUS_SIZE offsetof(radius_t, data) /*===========================================================================*/ /* global var */ static const uint8_t zeroed32[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; #define NULLNONCE_SIZE (sizeof(nullnonce)) static const uint8_t mynonce[] = { 0x68, 0x20, 0x09, 0xe2, 0x1f, 0x0e, 0xbc, 0xe5, 0x62, 0xb9, 0x06, 0x5b, 0x54, 0x89, 0x79, 0x09, 0x9a, 0x65, 0x52, 0x86, 0xc0, 0x77, 0xea, 0x28, 0x2f, 0x6a, 0xaf, 0x13, 0x8e, 0x50, 0xcd, 0xb9 }; #define ANONCE_SIZE sizeof(anonce) static const uint8_t mac_broadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; static const uint8_t mac_null[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; static const int myvendorap[] = { 0x00006c, 0x000101, 0x00054f, 0x000578, 0x000b18, 0x000bf4, 0x000c53, 0x000d58, 0x000da7, 0x000dc2, 0x000df2, 0x000e17, 0x000e22, 0x000e2a, 0x000eef, 0x000f09, 0x0016b4, 0x001761, 0x001825, 0x002067, 0x00221c, 0x0022f1, 0x00234a, 0x00238c, 0x0023f7, 0x002419, 0x0024fb, 0x00259d, 0x0025df, 0x00269f, 0x005047, 0x005079, 0x0050c7, 0x0084ed, 0x0086a0, 0x00a054, 0x00a085, 0x00bb3a, 0x00cb00, 0x0418b6, 0x0c8112, 0x100000, 0x10ae60, 0x10b713, 0x1100aa, 0x111111, 0x140708, 0x146e0a, 0x18421d, 0x1cf4ca, 0x205b2a, 0x20d160, 0x24336c, 0x24bf74, 0x28ef01, 0x3cb87a, 0x487604, 0x48f317, 0x50e14a, 0x544e45, 0x580943, 0x586ed6, 0x5c6b4f, 0x609620, 0x68e166, 0x706f81, 0x78f944, 0x7ce4aa, 0x8c8401, 0x8ce748, 0x906f18, 0x980ee4, 0x9c93e4, 0xa468bc }; #define MYVENDORAP_SIZE sizeof(myvendorap) static const int myvendorclient[] = { 0xa4a6a9, 0xacde48, 0xb025aa, 0xb0ece1, 0xb0febd, 0xb4e1eb, 0xc02250, 0xc8aacc, 0xd85dfb, 0xdc7014, 0xe00db9, 0xe0cb1d, 0xe80410, 0xf04f7c, 0xf0a225, 0xfcc233 }; #define MYVENDORCLIENT_SIZE sizeof(myvendorclient) /*===========================================================================*/ hcxtools-6.2.7/include/johnops.c000066400000000000000000000170171423200176400166450ustar00rootroot00000000000000/*===========================================================================*/ void hccap2base(FILE *fhjohn, unsigned char *in, unsigned char b) { const char itoa64[64] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; fprintf(fhjohn, "%c", (itoa64[in[0] >> 2])); fprintf(fhjohn, "%c", (itoa64[((in[0] & 0x03) << 4) | (in[1] >> 4)])); if (b) { fprintf(fhjohn, "%c", (itoa64[((in[1] & 0x0f) << 2) | (in[2] >> 6)])); fprintf(fhjohn, "%c", (itoa64[in[2] & 0x3f])); } else fprintf(fhjohn, "%c", (itoa64[((in[1] & 0x0f) << 2)])); return; } /*===========================================================================*/ void mac2asciilong(char ssid[18], unsigned char *p) { sprintf(ssid, "%02x-%02x-%02x-%02x-%02x-%02x",p[0],p[1],p[2],p[3],p[4],p[5]); return; } /*===========================================================================*/ void mac2ascii(char ssid[13], unsigned char *p) { sprintf(ssid, "%02x%02x%02x%02x%02x%02x",p[0],p[1],p[2],p[3],p[4],p[5]); return; } /*===========================================================================*/ void writejohnrecord(unsigned long long int noncefuzz, hcxl_t *zeiger, FILE *fhjohn, char *basename) { hccap_t hccap; wpakey_t *wpak, *wpak2; uint8_t message_pair; unsigned int i, n; unsigned int anonce; unsigned char *hcpos; char sta_mac[18]; char ap_mac[18]; char ap_mac_long[13]; message_pair = 0x80; if((zeiger->keyinfo_ap == 1) && (zeiger->keyinfo_sta == 4)) { message_pair = MESSAGE_PAIR_M12E2; if(zeiger->replaycount_ap != zeiger->replaycount_sta) { message_pair |= 0x80; } } else if((zeiger->keyinfo_ap == 2) && (zeiger->keyinfo_sta == 4)) { message_pair = MESSAGE_PAIR_M32E2; if(zeiger->replaycount_ap != zeiger->replaycount_sta +1) { message_pair |= 0x80; } } else if((zeiger->keyinfo_ap == 16) && (zeiger->keyinfo_sta == 2)) { message_pair = MESSAGE_PAIR_M32E3; if(zeiger->replaycount_ap -1 != zeiger->replaycount_sta) { message_pair |= 0x80; } } else if((zeiger->keyinfo_ap == 3) && (zeiger->keyinfo_sta == 4)) { message_pair = MESSAGE_PAIR_M32E2; if(zeiger->replaycount_ap != zeiger->replaycount_sta) { message_pair |= 0x80; } } else if((zeiger->keyinfo_ap == 1) && (zeiger->keyinfo_sta == 8)) { message_pair = MESSAGE_PAIR_M14E4; if(zeiger->replaycount_ap != zeiger->replaycount_sta +1) { message_pair |= 0x80; } } else if((zeiger->keyinfo_ap >= 1) && (zeiger->keyinfo_sta == 8)) { message_pair = MESSAGE_PAIR_M34E4; if(zeiger->replaycount_ap != zeiger->replaycount_sta) { message_pair |= 0x80; } } hcpos = (unsigned char*)&hccap; memset (&hccap, 0, sizeof(hccap_t)); wpak = (wpakey_t*)(zeiger->eapol +EAPAUTH_SIZE); memcpy(&hccap.essid, zeiger->essid, 32); memcpy(&hccap.mac1, zeiger->mac_ap, 6); memcpy(&hccap.mac2, zeiger->mac_sta, 6); if(zeiger->keyinfo_ap == 16) { memcpy(&hccap.nonce1, zeiger->nonce, 32); memcpy(&hccap.nonce2, wpak->nonce, 32); } else { memcpy(&hccap.nonce1, wpak->nonce, 32); memcpy(&hccap.nonce2, zeiger->nonce, 32); } hccap.eapol_size = zeiger->authlen; memcpy(&hccap.eapol, zeiger->eapol, zeiger->authlen); memcpy(&hccap.keymic, wpak->keymic, 16); wpak2 = (wpakey_t*)(hccap.eapol +EAPAUTH_SIZE); memset(wpak2->keymic, 0, 16); hccap.keyver = ntohs(wpak->keyinfo) & WPA_KEY_INFO_TYPE_MASK; if(hccap.keyver == 0) { hccap.keyver = 3; } #ifdef BIG_ENDIAN_HOST hccap.eapol_size = byte_swap_16(hccap.eapol_size); #endif mac2ascii(ap_mac_long, zeiger->mac_ap); mac2asciilong(ap_mac, zeiger->mac_ap); mac2asciilong(sta_mac, zeiger->mac_sta); if(((zeiger->endianess & 0x10) == 0x10) || ((message_pair &0x10) == 0x10) || ((message_pair &0x80) == 0x00)) { fprintf(fhjohn, "%s:$WPAPSK$%s#", hccap.essid, hccap.essid); for (i = 36; i + 3 < HCCAP_SIZE; i += 3) { hccap2base(fhjohn, &hcpos[i], 1); } hccap2base(fhjohn, &hcpos[i], 0); fprintf(fhjohn, ":%s:%s:%s::WPA", sta_mac, ap_mac, ap_mac_long); if (hccap.keyver > 1) { fprintf(fhjohn, "%d", hccap.keyver); } if((message_pair &0x07) > 1) { fprintf(fhjohn, ":verfified:%s\n", basename); } else { fprintf(fhjohn, ":not verfified:%s\n", basename); } } else if((zeiger->endianess & 0x20) == 0x20) { anonce = zeiger->nonce[31] | (zeiger->nonce[30] << 8) | (zeiger->nonce[29] << 16) | (zeiger->nonce[28] << 24); anonce -= noncefuzz/2; for (n = 0; n < noncefuzz; n++) { hccap.nonce2[28] = (anonce >> 24) & 0xff; hccap.nonce2[29] = (anonce >> 16) & 0xff; hccap.nonce2[30] = (anonce >> 8) & 0xff; hccap.nonce2[31] = anonce & 0xff; fprintf(fhjohn, "%s:$WPAPSK$%s#", hccap.essid, hccap.essid); for (i = 36; i + 3 < HCCAP_SIZE; i += 3) { hccap2base(fhjohn, &hcpos[i], 1); } hccap2base(fhjohn, &hcpos[i], 0); fprintf(fhjohn, ":%s:%s:%s::WPA", sta_mac, ap_mac, ap_mac_long); if(hccap.keyver > 1) { fprintf(fhjohn, "%d", hccap.keyver); } if((message_pair &0x07) > 1) { fprintf(fhjohn, ":verfified:%s\n", basename); } else { fprintf(fhjohn, ":not verfified:%s\n", basename); } anonce++; } } else if((zeiger->endianess & 0x40) == 0x40) { anonce = zeiger->nonce[28] | (zeiger->nonce[29] << 8) | (zeiger->nonce[30] << 16) | (zeiger->nonce[31] << 24); anonce -= noncefuzz/2; for (n = 0; n < noncefuzz; n++) { hccap.nonce2[31] = (anonce >> 24) & 0xff; hccap.nonce2[30] = (anonce >> 16) & 0xff; hccap.nonce2[29] = (anonce >> 8) & 0xff; hccap.nonce2[28] = anonce & 0xff; fprintf(fhjohn, "%s:$WPAPSK$%s#", hccap.essid, hccap.essid); for (i = 36; i + 3 < HCCAP_SIZE; i += 3) { hccap2base(fhjohn, &hcpos[i], 1); } hccap2base(fhjohn, &hcpos[i], 0); fprintf(fhjohn, ":%s:%s:%s::WPA", sta_mac, ap_mac, ap_mac_long); if(hccap.keyver > 1) { fprintf(fhjohn, "%d", hccap.keyver); } if((message_pair &0x07) > 1) { fprintf(fhjohn, ":verfified:%s\n", basename); } else { fprintf(fhjohn, ":not verfified:%s\n", basename); } anonce++; } } else { anonce = zeiger->nonce[31] | (zeiger->nonce[30] << 8) | (zeiger->nonce[29] << 16) | (zeiger->nonce[28] << 24); anonce -= noncefuzz/2; for (n = 0; n < noncefuzz; n++) { hccap.nonce2[28] = (anonce >> 24) & 0xff; hccap.nonce2[29] = (anonce >> 16) & 0xff; hccap.nonce2[30] = (anonce >> 8) & 0xff; hccap.nonce2[31] = anonce & 0xff; fprintf(fhjohn, "%s:$WPAPSK$%s#", hccap.essid, hccap.essid); for (i = 36; i + 3 < HCCAP_SIZE; i += 3) { hccap2base(fhjohn, &hcpos[i], 1); } hccap2base(fhjohn, &hcpos[i], 0); fprintf(fhjohn, ":%s:%s:%s::WPA", sta_mac, ap_mac, ap_mac_long); if(hccap.keyver > 1) { fprintf(fhjohn, "%d", hccap.keyver); } if((message_pair &0x07) > 1) { fprintf(fhjohn, ":verfified:%s\n", basename); } else { fprintf(fhjohn, ":not verfified:%s\n", basename); } anonce++; } anonce = zeiger->nonce[28] | (zeiger->nonce[29] << 8) | (zeiger->nonce[30] << 16) | (zeiger->nonce[31] << 24); anonce -= noncefuzz/2; for (n = 0; n < noncefuzz; n++) { hccap.nonce2[31] = (anonce >> 24) & 0xff; hccap.nonce2[30] = (anonce >> 16) & 0xff; hccap.nonce2[29] = (anonce >> 8) & 0xff; hccap.nonce2[28] = anonce & 0xff; fprintf(fhjohn, "%s:$WPAPSK$%s#", hccap.essid, hccap.essid); for (i = 36; i + 3 < HCCAP_SIZE; i += 3) { hccap2base(fhjohn, &hcpos[i], 1); } hccap2base(fhjohn, &hcpos[i], 0); fprintf(fhjohn, ":%s:%s:%s::WPA", sta_mac, ap_mac, ap_mac_long); if(hccap.keyver > 1) { fprintf(fhjohn, "%d", hccap.keyver); } if((message_pair &0x07) > 1) { fprintf(fhjohn, ":verfified:%s\n", basename); } else { fprintf(fhjohn, ":not verfified:%s\n", basename); } anonce++; } } return; } /*===========================================================================*/ hcxtools-6.2.7/include/pcap.c000066400000000000000000000024471423200176400161110ustar00rootroot00000000000000#define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include "pcap.h" /*===========================================================================*/ bool pcapwritehdr(int fd, int linklayer) { pcap_hdr_t pcap_hdr; int written; memset(&pcap_hdr, 0, PCAPHDR_SIZE); pcap_hdr.magic_number = PCAPMAGICNUMBER; pcap_hdr.version_major = PCAP_MAJOR_VER; pcap_hdr.version_minor = PCAP_MINOR_VER; pcap_hdr.snaplen = PCAP_SNAPLEN; pcap_hdr.network = linklayer; written = write(fd, &pcap_hdr, PCAPHDR_SIZE); if(written != PCAPHDR_SIZE) return false; return true; } /*===========================================================================*/ int hcxopencapdump(char *capdumpname) { int fd; int c; struct stat statinfo; char newcapdumpname[PATH_MAX +2]; c = 0; strcpy(newcapdumpname, capdumpname); while(stat(newcapdumpname, &statinfo) == 0) { snprintf(newcapdumpname, PATH_MAX, "%s_%d", capdumpname, c); c++; } umask(0); fd = open(newcapdumpname, O_WRONLY | O_CREAT, 0644); if(fd == -1) return -1; if(pcapwritehdr(fd, DLT_IEEE802_11) == false) { close(fd); return 0; } return fd; } /*===========================================================================*/ hcxtools-6.2.7/include/pcap.h000066400000000000000000000346741423200176400161250ustar00rootroot00000000000000#define MSNETMON1 0x53535452 #define MSNETMON2 0x55424d47 #define PCAPMAGICNUMBER 0xa1b2c3d4 #define PCAPMAGICNUMBERBE 0xd4c3b2a1 #define PCAP_MAJOR_VER 2 #define PCAP_MINOR_VER 4 #define PCAP_SNAPLEN 0xffff #define MAXPACPSNAPLEN 0x80000 #define PCAPNG_MAJOR_VER 1 #define PCAPNG_MINOR_VER 0 #define PCAPNG_SNAPLEN 0x80000 #define PCAPNGBLOCKTYPE 0x0a0d0d0a #define PCAPNGMAGICNUMBER 0x1a2b3c4d #define PCAPNGMAGICNUMBERBE 0x4d3c2b1a #ifndef LIBPCAPSUPPORT #define DLT_NULL 0 #define DLT_EN10MB 1 #define DLT_EN3MB 2 #define DLT_AX25 3 #define DLT_PRONET 4 #define DLT_CHAOS 5 #define DLT_IEEE802 6 #define DLT_ARCNET 7 #define DLT_SLIP 8 #define DLT_PPP 9 #define DLT_FDDI 10 #define DLT_ATM_RFC1483 11 #ifdef __OpenBSD__ #define DLT_RAW 14 #else #define DLT_RAW 12 #endif #if defined(__NetBSD__) || defined(__FreeBSD__) #ifndef DLT_SLIP_BSDOS #define DLT_SLIP_BSDOS 13 #define DLT_PPP_BSDOS 14 #endif #else #define DLT_SLIP_BSDOS 15 #define DLT_PPP_BSDOS 16 #endif #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__DragonFly__) || defined(__APPLE__) #define DLT_PFSYNC 18 #endif #define DLT_ATM_CLIP 19 #define DLT_REDBACK_SMARTEDGE 32 #define DLT_PPP_SERIAL 50 #define DLT_PPP_ETHER 51 #define DLT_SYMANTEC_FIREWALL 99 #define DLT_MATCHING_MIN 104 #define DLT_C_HDLC 104 #define DLT_CHDLC DLT_C_HDLC #define DLT_IEEE802_11 105 #define DLT_FRELAY 107 #ifdef __OpenBSD__ #define DLT_LOOP 12 #else #define DLT_LOOP 108 #endif #ifdef __OpenBSD__ #define DLT_ENC 13 #else #define DLT_ENC 109 #endif #define DLT_LINUX_SLL 113 #define DLT_LTALK 114 #define DLT_ECONET 115 #define DLT_IPFILTER 116 #define DLT_PFLOG 117 #define DLT_CISCO_IOS 118 #define DLT_PRISM_HEADER 119 #define DLT_AIRONET_HEADER 120 #ifdef __FreeBSD__ #define DLT_PFSYNC 121 #else #define DLT_HHDLC 121 #endif #define DLT_IP_OVER_FC 122 #define DLT_SUNATM 123 #define DLT_RIO 124 #define DLT_PCI_EXP 125 #define DLT_AURORA 126 #define DLT_IEEE802_11_RADIO 127 #define DLT_TZSP 128 #define DLT_ARCNET_LINUX 129 #define DLT_JUNIPER_MLPPP 130 #define DLT_JUNIPER_MLFR 131 #define DLT_JUNIPER_ES 132 #define DLT_JUNIPER_GGSN 133 #define DLT_JUNIPER_MFR 134 #define DLT_JUNIPER_ATM2 135 #define DLT_JUNIPER_SERVICES 136 #define DLT_JUNIPER_ATM1 137 #define DLT_APPLE_IP_OVER_IEEE1394 138 #define DLT_MTP2_WITH_PHDR 139 #define DLT_MTP2 140 #define DLT_MTP3 141 #define DLT_SCCP 142 #define DLT_DOCSIS 143 #define DLT_LINUX_IRDA 144 #define DLT_IBM_SP 145 #define DLT_IBM_SN 146 #define DLT_USER0 147 #define DLT_USER1 148 #define DLT_USER2 149 #define DLT_USER3 150 #define DLT_USER4 151 #define DLT_USER5 152 #define DLT_USER6 153 #define DLT_USER7 154 #define DLT_USER8 155 #define DLT_USER9 156 #define DLT_USER10 157 #define DLT_USER11 158 #define DLT_USER12 159 #define DLT_USER13 160 #define DLT_USER14 161 #define DLT_USER15 162 #define DLT_IEEE802_11_RADIO_AVS 163 #define DLT_JUNIPER_MONITOR 164 #define DLT_BACNET_MS_TP 165 #define DLT_PPP_PPPD 166 #define DLT_PPP_WITH_DIRECTION DLT_PPP_PPPD #define DLT_LINUX_PPP_WITHDIRECTION DLT_PPP_PPPD #define DLT_JUNIPER_PPPOE 167 #define DLT_JUNIPER_PPPOE_ATM 168 #define DLT_GPRS_LLC 169 #define DLT_GPF_T 170 #define DLT_GPF_F 171 #define DLT_GCOM_T1E1 172 #define DLT_GCOM_SERIAL 173 #define DLT_JUNIPER_PIC_PEER 174 #define DLT_ERF_ETH 175 #define DLT_ERF_POS 176 #define DLT_LINUX_LAPD 177 #define DLT_JUNIPER_ETHER 178 #define DLT_JUNIPER_PPP 179 #define DLT_JUNIPER_FRELAY 180 #define DLT_JUNIPER_CHDLC 181 #define DLT_MFR 182 #define DLT_JUNIPER_VP 183 #define DLT_A429 184 #define DLT_A653_ICM 185 #define DLT_USB_FREEBSD 186 #define DLT_USB 186 #define DLT_BLUETOOTH_HCI_H4 187 #define DLT_IEEE802_16_MAC_CPS 188 #define DLT_USB_LINUX 189 #define DLT_CAN20B 190 #define DLT_IEEE802_15_4_LINUX 191 #define DLT_PPI 192 #define DLT_IEEE802_16_MAC_CPS_RADIO 193 #define DLT_JUNIPER_ISM 194 #define DLT_IEEE802_15_4 195 #define DLT_SITA 196 #define DLT_ERF 197 #define DLT_RAIF1 198 #define DLT_IPMB 199 #define DLT_JUNIPER_ST 200 #define DLT_BLUETOOTH_HCI_H4_WITH_PHDR 201 #define DLT_AX25_KISS 202 #define DLT_LAPD 203 #define DLT_PPP_WITH_DIR 204 #define DLT_C_HDLC_WITH_DIR 205 #define DLT_FRELAY_WITH_DIR 206 #define DLT_LAPB_WITH_DIR 207 #define DLT_IPMB_LINUX 209 #define DLT_FLEXRAY 210 #define DLT_MOST 211 #define DLT_LIN 212 #define DLT_X2E_SERIAL 213 #define DLT_X2E_XORAYA 214 #define DLT_IEEE802_15_4_NONASK_PHY 215 #define DLT_LINUX_EVDEV 216 #define DLT_GSMTAP_UM 217 #define DLT_GSMTAP_ABIS 218 #define DLT_MPLS 219 #define DLT_USB_LINUX_MMAPPED 220 #define DLT_DECT 221 #define DLT_AOS 222 #define DLT_WIHART 223 #define DLT_FC_2 224 #define DLT_FC_2_WITH_FRAME_DELIMS 225 #define DLT_IPNET 226 #define DLT_CAN_SOCKETCAN 227 #define DLT_IPV4 228 #define DLT_IPV6 229 #define DLT_IEEE802_15_4_NOFCS 230 #define DLT_DBUS 231 #define DLT_JUNIPER_VS 232 #define DLT_JUNIPER_SRX_E2E 233 #define DLT_JUNIPER_FIBRECHANNEL 234 #define DLT_DVB_CI 235 #define DLT_MUX27010 236 #define DLT_STANAG_5066_D_PDU 237 #define DLT_JUNIPER_ATM_CEMIC 238 #define DLT_NFLOG 239 #define DLT_NETANALYZER 240 #define DLT_NETANALYZER_TRANSPARENT 241 #define DLT_IPOIB 242 #define DLT_MPEG_2_TS 243 #define DLT_NG40 244 #define DLT_NFC_LLCP 245 #if !defined(__FreeBSD__) && !defined(__OpenBSD__) && !defined(__NetBSD__) && !defined(__DragonFly__) && !defined(__APPLE__) #define DLT_PFSYNC 246 #endif #define DLT_INFINIBAND 247 #define DLT_SCTP 248 #define DLT_USBPCAP 249 #define DLT_RTAC_SERIAL 250 #define DLT_BLUETOOTH_LE_LL 251 #define DLT_WIRESHARK_UPPER_PDU 252 #define DLT_NETLINK 253 #define DLT_BLUETOOTH_LINUX_MONITOR 254 #define DLT_BLUETOOTH_BREDR_BB 255 #define DLT_BLUETOOTH_LE_LL_WITH_PHDR 256 #define DLT_PROFIBUS_DL 257 #ifdef __APPLE__ #define DLT_PKTAP DLT_USER2 #else #define DLT_PKTAP 258 #endif #define DLT_EPON 259 #define DLT_IPMI_HPM_2 260 #define DLT_ZWAVE_R1_R2 261 #define DLT_ZWAVE_R3 262 #define DLT_WATTSTOPPER_DLM 263 #define DLT_ISO_14443 264 #define DLT_RDS 265 #endif /*===========================================================================*/ struct pcap_hdr_s { uint32_t magic_number; /* magic number */ uint16_t version_major; /* major version number */ uint16_t version_minor; /* minor version number */ int32_t thiszone; /* GMT to local correction */ uint32_t sigfigs; /* accuracy of timestamps */ uint32_t snaplen; /* max length of captured packets, in octets */ uint32_t network; /* data link type */ } __attribute__((__packed__)); typedef struct pcap_hdr_s pcap_hdr_t; #define PCAPHDR_SIZE (sizeof(pcap_hdr_t)) /*===========================================================================*/ struct pcaprec_hdr_s { uint32_t ts_sec; /* timestamp seconds */ uint32_t ts_usec; /* timestamp microseconds */ uint32_t incl_len; /* number of octets of packet saved in file */ uint32_t orig_len; /* actual length of packet */ uint8_t data[1]; } __attribute__((__packed__)); typedef struct pcaprec_hdr_s pcaprec_hdr_t; #define PCAPREC_SIZE offsetof(pcaprec_hdr_t, data) /*===========================================================================*/ /* Header of all pcapng blocks */ struct block_header_s { uint32_t block_type; /* block type */ uint32_t total_length; /* block length */ uint32_t byte_order_magic; /* byte order magic - indicates swapped data */ } __attribute__((__packed__)); typedef struct block_header_s block_header_t; #define BH_SIZE (sizeof(block_header_t)) /*===========================================================================*/ /* Header of all pcapng options */ struct option_header_s { #define SHB_EOC 0 #define SHB_COMMENT 1 #define SHB_HARDWARE 2 #define SHB_OS 3 #define SHB_USER_APPL 4 #define SHB_CUSTOM_OPT 0x0bad #define TSRESOL_USEC 6 #define TSRESOL_NSEC 9 #define IF_NAME 2 #define IF_DESCRIPTION 3 #define IF_MACADDR 6 #define IF_TSRESOL 9 #define IF_TZONE 10 /* custom option code */ #define OPTIONCODE_MACORIG 0xf29a #define OPTIONCODE_MACAP 0xf29b #define OPTIONCODE_RC 0xf29c #define OPTIONCODE_ANONCE 0xf29d #define OPTIONCODE_MACCLIENT 0xf29e #define OPTIONCODE_SNONCE 0xf29f #define OPTIONCODE_WEAKCANDIDATE 0xf2a0 #define OPTIONCODE_NMEA 0xf2a1 uint16_t option_code; /* option code - depending of block (0 - end of opts, 1 - comment are in common) */ uint16_t option_length; /* option length - length of option in bytes (will be padded to 32bit) */ uint8_t data[1]; } __attribute__((__packed__)); typedef struct option_header_s option_header_t; #define OH_SIZE offsetof (option_header_t, data) /*===========================================================================*/ /* Section Header Block (SHB) - ID 0x0A0D0D0A */ struct section_header_block_s { uint32_t block_type; /* block type */ #define SHBID 0x0A0D0D0A uint32_t total_length; /* block length */ uint32_t byte_order_magic; /* byte order magic - indicates swapped data */ uint16_t major_version; /* major version of pcapng (1 atm) */ uint16_t minor_version; /* minor version of pcapng (0 atm) */ int64_t section_length; /* length of section - can be -1 (parsing necessary) */ uint8_t data[1]; } __attribute__((__packed__)); typedef struct section_header_block_s section_header_block_t; #define SHB_SIZE offsetof (section_header_block_t, data) /*===========================================================================*/ /* Interface Description Block (IDB) - ID 0x00000001 */ struct interface_description_block_s { uint32_t block_type; /* block type */ #define IDBID 0x00000001 uint32_t total_length; /* block length */ uint16_t linktype; /* the link layer type (was -network- in classic pcap global header) */ uint16_t reserved; /* 2 bytes of reserved data */ uint32_t snaplen; /* maximum number of bytes dumped from each packet (was -snaplen- in classic pcap global header */ uint8_t data[1]; } __attribute__((__packed__)); typedef struct interface_description_block_s interface_description_block_t; #define IDB_SIZE offsetof (interface_description_block_t, data) /*===========================================================================*/ /* Packet Block (PB) - ID 0x00000002 (OBSOLETE - EPB should be used instead) */ struct packet_block_s { uint32_t block_type; /* block type */ #define PBID 0x00000002 uint32_t total_length; /* block length */ uint16_t interface_id; /* the interface the packet was captured from - identified by interface description block in current section */ uint16_t drops_count; /* packet dropped by IF and OS since prior packet */ uint32_t timestamp_high; /* high bytes of timestamp */ uint32_t timestamp_low; /* low bytes of timestamp */ uint32_t caplen; /* length of packet in the capture file (was -incl_len- in classic pcap packet header) */ uint32_t len; /* length of packet when transmitted (was -orig_len- in classic pcap packet header) */ uint8_t data[1]; } __attribute__((__packed__)); typedef struct packet_block_s packet_block_t; #define PB_SIZE offsetof (packet_block_t, data) /*===========================================================================*/ /* Simple Packet Block (SPB) - ID 0x00000003 */ struct simple_packet_block_s { uint32_t block_type; /* block type */ #define SPBID 0x00000003 uint32_t total_length; /* block length */ uint32_t len; /* length of packet when transmitted (was -orig_len- in classic pcap packet header) */ uint8_t data[1]; } __attribute__((__packed__)); typedef struct simple_packet_block_s simple_packet_block_t; #define SPB_SIZE offsetof (simple_packet_block, data) /*===========================================================================*/ /* Name Resolution Block (NRB) - ID 0x00000004 */ struct name_resolution_block_s { uint32_t block_type; /* block type */ #define NRBID 0x00000004 uint32_t total_length; /* block length */ uint16_t record_type; /* type of record (ipv4 / ipv6) */ uint16_t record_length; /* length of record value */ uint8_t data[1]; } __attribute__((__packed__)); typedef struct name_resolution_block_s name_resolution_block_t; #define NRB_SIZE offsetof (name_resolution_block_t, data) /*===========================================================================*/ /* Interface Statistics Block - ID 0x00000005 */ struct interface_statistics_block_s { uint32_t block_type; /* block type */ #define ISBID 0x00000005 uint32_t total_length; /* block length */ uint32_t interface_id; /* the interface the stats refer to - identified by interface description block in current section */ uint32_t timestamp_high; /* high bytes of timestamp */ uint32_t timestamp_low; /* low bytes of timestamp */ uint8_t data[1]; } __attribute__((__packed__)); typedef struct interface_statistics_block_s interface_statistics_block_t; #define ISB_SIZE offsetof (interface_statistics_block_t, data) /*===========================================================================*/ /* Enhanced Packet Block (EPB) - ID 0x00000006 */ struct enhanced_packet_block_s { uint32_t block_type; /* block type */ #define EPBID 0x00000006 uint32_t total_length; /* block length */ uint32_t interface_id; /* the interface the packet was captured from - identified by interface description block in current section */ uint32_t timestamp_high; /* high bytes of timestamp */ uint32_t timestamp_low; /* low bytes of timestamp */ uint32_t caplen; /* length of packet in the capture file (was -incl_len- in classic pcap packet header) */ uint32_t len; /* length of packet when transmitted (was -orig_len- in classic pcap packet header) */ uint8_t data[1]; } __attribute__((__packed__)); typedef struct enhanced_packet_block_s enhanced_packet_block_t; #define EPB_SIZE offsetof (enhanced_packet_block_t, data) /*===========================================================================*/ /* Custom Block (CB) - ID 0x00000bad */ struct custom_block_s { uint32_t block_type; /* block type */ #define CBID 0x00000bad uint32_t total_length; /* block length */ uint8_t pen[4]; /* Private Enterprise Number */ uint8_t hcxm[32]; /* hcxdumptool magic number */ uint8_t data[1]; } __attribute__((__packed__)); typedef struct custom_block_s custom_block_t; #define CB_SIZE offsetof (custom_block_t, data) uint8_t hcxmagic[] = { 0x2a, 0xce, 0x46, 0xa1, 0x79, 0xa0, 0x72, 0x33, 0x83, 0x37, 0x27, 0xab, 0x59, 0x33, 0xb3, 0x62, 0x45, 0x37, 0x11, 0x47, 0xa7, 0xcf, 0x32, 0x7f, 0x8d, 0x69, 0x80, 0xc0, 0x89, 0x5e, 0x5e, 0x98 }; #define HCXMAGIC_SIZE (sizeof(hcxmagic)) /*===========================================================================*/ hcxtools-6.2.7/include/strings.c000066400000000000000000000067701423200176400166620ustar00rootroot00000000000000#define _GNU_SOURCE #include /*===========================================================================*/ bool ispotfilestring(int len, char *buffer) { uint8_t p; for(p = 0; p < len; p++) { if((buffer[p] < 0x20) || (buffer[p] > 0x7e) || (buffer[p] == ':')) return false; } return true; } /*===========================================================================*/ bool isasciistring(int len, uint8_t *buffer) { uint8_t p; for(p = 0; p < len; p++) { if(buffer[p] == 0) return true; if((buffer[p] < 0x20) || (buffer[p] > 0x7e) || (buffer[p] == ':')) return false; } return true; } /*===========================================================================*/ bool isasciistring2(int len, uint8_t *buffer) { uint8_t p; for(p = 0; p < len; p++) { if(buffer[p] == 0) return true; if((buffer[p] < 0x20) || (buffer[p] > 0x7e)) return false; } return true; } /*===========================================================================*/ bool ishexvalue(const char *str, size_t len) { size_t c; for(c = 0; c < len; c++) { if(str[c] < '0') return false; if(str[c] > 'f') return false; if((str[c] > '9') && (str[c] < 'A')) return false; if((str[c] > 'F') && (str[c] < 'a')) return false; } return true; } /*===========================================================================*/ bool hex2bin(const char *str, uint8_t *bytes, size_t blen) { uint8_t pos; uint8_t idx0; uint8_t idx1; uint8_t hashmap[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, // 01234567 0x08, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 89:;<=>? 0x00, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00, // @ABCDEFG 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // HIJKLMNO 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // PQRSTUVW 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // XYZ[\]^_ 0x00, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00, // `abcdefg 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // hijklmno }; if(ishexvalue(str, blen) == false) return false; memset(bytes, 0, blen); for (pos = 0; ((pos < (blen*2)) && (pos < strlen(str))); pos += 2) { idx0 = ((uint8_t)str[pos+0] & 0x1F) ^ 0x10; idx1 = ((uint8_t)str[pos+1] & 0x1F) ^ 0x10; bytes[pos/2] = (uint8_t)(hashmap[idx0] << 4) | hashmap[idx1]; }; return true; } /*===========================================================================*/ size_t ishexify(const char *string) { size_t len; len = strlen(string); if (len < 6) return 0; if ((len &1) == 1) return 0; if (string[0] != '$') return 0; if (string[1] != 'H') return 0; if (string[2] != 'E') return 0; if (string[3] != 'X') return 0; if (string[4] != '[') return 0; if (string[len -1] != ']') return 0; return (len -6)/2; } /*===========================================================================*/ char** create_upper_array(const char** from, size_t size) { size_t len; size_t i; uint8_t j; char** to; to = malloc(size * sizeof(char *)); if(to == NULL) { fprintf(stderr, "failed to allocate memory\n"); exit(EXIT_FAILURE); } for (i = 0; i < size; i++) { len = strlen(from[i]); to[i] = malloc(len * sizeof(char) + 1); if(to[i] == NULL) { fprintf(stderr, "failed to allocate memory\n"); exit(EXIT_FAILURE); } for (j = 0; j <= len; j++) to[i][j] = toupper((unsigned char)from[i][j]); } return to; } /*===========================================================================*/ void free_array(char** arr, size_t size) { size_t i; for (i = 0; i < size; i++) free(arr[i]); free(arr); return; } /*===========================================================================*/ hcxtools-6.2.7/license.txt000066400000000000000000000020711423200176400155530ustar00rootroot00000000000000The MIT License (MIT) Copyright (c) 2000-2022 ZeroBeat Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. hcxtools-6.2.7/man/000077500000000000000000000000001423200176400141435ustar00rootroot00000000000000hcxtools-6.2.7/man/hcxtools.1000066400000000000000000000031711423200176400160720ustar00rootroot00000000000000.\" Manpage for hcxtools. .\" Contact https://github.com/ZerBea to correct errors or typos. .TH man 1 "23 October 2021" "1.0" "hcxtools man page" .SH NAME hcxtools .SH DESCRIPTION Small set of tools convert packets from WiFi captures to detect weak points within own WiFi networks by analyzing the hashes. .SH TOOLS .nf | hcxpcapngtool | Provide new hashcat format 22000 | | hcxhashtool | Provide various filter operations on new PMKID/EAPOL hash line | | hcxpsktool | Calculates candidates for hashcat and john based on based on hcxpcapngtool output or commandline input | | hcxpmktool | Calculate and verify a PSK and/or a PMK | | hcxeiutool | Prepare -E -I -U output of hcxpcapngtool for use by hashcat + rule or JtR + rule | | hcxwltool | Calculates candidates for hashcat and john based on mixed wordlists | | hcxhash2cap | Converts hash file (PMKID&EAPOL, PMKID, EAPOL-hccapx, EAPOL-hccap, WPAPSK-john) to cap | | wlancap2wpasec | Upload multiple (gzip compressed) pcapng, pcap and cap files to https://wpa-sec.stanev.org | | whoismac | Show vendor information and/or download oui reference list | .SH OPTIONS help menu (-h or --help) of each tool will list all available options .SH RELATED TOOLS hcxdumptool, hcxpioff, wlangenpmk, wlangenpmkocl .SH BUGS no known bugs. .SH AUTHOR ZeroBeat (https://github.com/ZerBea) hcxtools-6.2.7/usefulscripts/000077500000000000000000000000001423200176400163035ustar00rootroot00000000000000hcxtools-6.2.7/usefulscripts/hcxgrep.py000077500000000000000000000115521423200176400203240ustar00rootroot00000000000000#!/usr/bin/env python3 ''' greps inside hccapx/pmkid structs by essid, mac_ap or mac_sta This software is Copyright (c) 2019-2022, Alex Stanev and it is hereby released to the general public under the following terms: Redistribution and use in source and binary forms, with or without modification, are permitted. ''' import argparse import os import sys import binascii import struct import re import sre_constants maketrans = bytearray.maketrans def parse_hccapx(hccapx): '''hccapx decompose https://hashcat.net/wiki/doku.php?id=hccapx struct hccapx { u32 signature; u32 version; u8 message_pair; u8 essid_len; u8 essid[32]; u8 keyver; u8 keymic[16]; u8 mac_ap[6]; u8 nonce_ap[32]; u8 mac_sta[6]; u8 nonce_sta[32]; u16 eapol_len; u8 eapol[256]; } __attribute__((packed)); ''' hccapx_fmt = '< 4x 4x x B 32s x 16x 6s 32x 6s 32x 2x 256x' try: (essid_len, essid, mac_ap, mac_sta) = struct.unpack(hccapx_fmt, hccapx) except struct.error: sys.stderr.write('Can\'t parse hcccapx struct!\n') sys.exit(1) # fixup if args.t == 'essid': return essid[:essid_len] if args.t == 'mac_ap': return binascii.hexlify(mac_ap).zfill(12) if args.t == 'mac_sta': return binascii.hexlify(mac_sta).zfill(12) return None def parse_pmkid(pmkid): '''pmkid decompose format: pmkid*mac_ap*mac_sta*essid ''' arr = pmkid.split(b'*', 4) if len(arr) == 4: try: if args.t == 'essid': return binascii.unhexlify(arr[3].strip()) if args.t == 'mac_ap': return arr[1] if args.t == 'mac_sta': return arr[2] except TypeError: sys.stderr.write('Can\'t decode: {}\n'.format(arr[3].strip().decode())) sys.exit(1) return None def parse_combined(hashline): '''m22000 hashline decompose format: SIGNATURE*TYPE*PMKID/MIC*MACAP*MACSTA*ESSID*ANONCE*EAPOL*MESSAGEPAIR ''' arr = hashline.split(b'*', 9) if len(arr) == 9: try: if args.t == 'essid': return binascii.unhexlify(arr[5].strip()) if args.t == 'mac_ap': return arr[3] if args.t == 'mac_sta': return arr[4] except TypeError: sys.stderr.write('Can\'t decode: {}\n'.format(arr[5].strip().decode())) sys.exit(1) return None if __name__ == "__main__": parser = argparse.ArgumentParser( description='Extract records from m22000 hashline/hccapx/pmkid file with regexp') parser.add_argument( '-f', '--file', type=argparse.FileType('r'), help='Obtain patterns from FILE, one per line.') parser.add_argument( 'PATTERNS', type=str, nargs='?', help='RegExp pattern') parser.add_argument( '-v', '--invert-match', dest='v', action='store_true', help='Invert the sense of matching, to select non-matching nets') parser.add_argument( '-t', '--type', dest='t', choices=['essid', 'mac_ap', 'mac_sta'], default='essid', help='Field to apply matching, default essid') parser.add_argument( 'infile', type=str, nargs='?', help='hccapx/pmkid file to process') try: args = parser.parse_args() except IOError as ex: parser.error(str(ex)) # shift parameters if args.file and args.PATTERNS: args.infile = args.PATTERNS args.PATTERNS = None # no patterns set if args.PATTERNS is None and args.file is None: parser.print_help(sys.stderr) sys.stderr.write('You must provide PATTERNS or -f FILE\n') sys.exit(1) # read patterns from file if args.PATTERNS is None: args.PATTERNS = '|'.join('(?:{0})'.format(x.strip()) for x in args.file) try: regexp = re.compile(args.PATTERNS) except sre_constants.error as ex: sys.stderr.write('Wrong regexp {0}: {1} \n'.format(args.PATTERNS, ex)) sys.exit(1) if args.infile is not None and os.path.isfile(args.infile): fd = open(args.infile, 'rb') else: fd = sys.stdin while True: buf = fd.read(4) if buf == b'WPA*': buf = buf + fd.readline() target = parse_combined(buf) elif buf == b'HCPX': buf = buf + fd.read(393 - 4) target = parse_hccapx(buf) else: buf = buf + fd.readline() target = parse_pmkid(buf) if not buf: break if target is None: sys.stderr.write('Unrecognized input format\n') sys.exit(1) res = regexp.search(str(target)) if (res is not None and not args.v) or (res is None and args.v): sys.stdout.buffer.write(buf) hcxtools-6.2.7/usefulscripts/pireadcard000077500000000000000000000010401423200176400203220ustar00rootroot00000000000000#!/bin/bash lsblk printf "\nchoose device: " read DEVICE if [ -f "rpiboot.tgz" ] then rm -f rpiboot.tgz fi if [ -f "rpiroot.tgz" ] then rm -f rpiroot.tgz fi echo "mount boot" if [ ! -d "boot" ] then mkdir boot fi sudo mount /dev/"$DEVICE"1 boot cd boot sudo tar -zcvf ../rpiboot.tgz . sync cd .. echo "mount root" if [ ! -d "root" ] then mkdir root fi sudo mount /dev/"$DEVICE"2 root cd root sudo tar --exclude=var/log --exclude=lost+found -zcvpf ../rpiroot.tgz . sync cd .. sudo umount boot sudo umount root rm -r boot rm -r root hcxtools-6.2.7/usefulscripts/piwritecard000077500000000000000000000011571423200176400205520ustar00rootroot00000000000000#!/bin/bash lsblk printf "\nchoose device: " read DEVICE printf "\033[0;31m o p n p 1 +256M t c n p 2 w \033[1;0m\n" sudo fdisk /dev/$DEVICE echo "build filesystem boot" sudo mkfs.fat -F32 /dev/"$DEVICE"1 echo "build filesystem root" sudo mkfs.ext4 /dev/"$DEVICE"2 echo "mount boot" if [ ! -d "boot" ] then mkdir boot fi sudo mount /dev/"$DEVICE"1 boot cd boot sudo tar -zxvf ../rpiboot.tgz sync cd .. echo "mount root" if [ ! -d "root" ] then mkdir root fi sudo mount /dev/"$DEVICE"2 root cd root sudo tar -zxvf ../rpiroot.tgz sync cd .. sudo umount boot sudo umount root rm -r boot rm -r root hcxtools-6.2.7/whoismac.c000066400000000000000000000344111423200176400153510ustar00rootroot00000000000000#define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "include/strings.c" #define LINEBUFFER 256 /*===========================================================================*/ static bool downloadoui(char *ouiname) { static CURLcode ret; static CURL *hnd; static FILE* fhoui; fprintf(stdout, "start downloading oui from http://standards-oui.ieee.org to: %s\n", ouiname); if((fhoui = fopen(ouiname, "w")) == NULL) { fprintf(stderr, "error creating file %s", ouiname); exit(EXIT_FAILURE); } hnd = curl_easy_init (); curl_easy_setopt(hnd, CURLOPT_URL, "http://standards-oui.ieee.org/oui/oui.txt"); curl_easy_setopt(hnd, CURLOPT_NOPROGRESS, 1L); curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 5L); curl_easy_setopt(hnd, CURLOPT_WRITEDATA, fhoui); curl_easy_setopt(hnd, CURLOPT_NOPROGRESS, 0L); ret = curl_easy_perform(hnd); curl_easy_cleanup(hnd); fclose(fhoui); if(ret != 0) { fprintf(stderr, "download not successful\n"); exit(EXIT_FAILURE); } fprintf(stdout, "download finished\n"); return true; } /*===========================================================================*/ static size_t chop(char *buffer, size_t len) { static char *ptr; ptr = buffer +len -1; while (len) { if (*ptr != '\n') break; *ptr-- = 0; len--; } while (len) { if (*ptr != '\r') break; *ptr-- = 0; len--; } return len; } /*---------------------------------------------------------------------------*/ static int fgetline(FILE *inputstream, size_t size, char *buffer) { if (feof(inputstream)) return -1; char *buffptr = fgets (buffer, size, inputstream); if (buffptr == NULL) return -1; size_t len = strlen(buffptr); len = chop(buffptr, len); return len; } /*===========================================================================*/ static void getessidinfo(char *essidname) { static int l, p; static uint8_t essidbuffer[66]; l = strlen(essidname); if((l < 2) || (l > 64)) { fprintf(stderr, "not a valid ESSID hex string\n"); return; } if((l %2) != 0) { fprintf(stderr, "not a valid hex string\n"); return; } for(p = 0; p < l; p++) { if(!isxdigit((unsigned char)essidname[p])) { fprintf(stderr, "not a valid hex string\n"); return; } } memset(&essidbuffer, 0, 66); if(hex2bin(essidname, essidbuffer, l /2) == false) { fprintf(stderr, "not a valid ESSID hex string\n"); return; } fprintf(stdout, "%s\n", essidbuffer); return; } /*===========================================================================*/ static void gethexessidinfo(char *hexessidname) { static int l, p; l = strlen(hexessidname); for(p = 0; p < l; p++) { fprintf(stdout, "%02x", hexessidname[p]); } fprintf(stdout, "\n"); return; } /*===========================================================================*/ static void get16800info(char *ouiname, char *hash16800line) { static int len; static int l, l1; static FILE* fhoui; static char *vendorptr; static char *essidptr; static char *passwdptr; static unsigned long long int macap; static unsigned long long int macsta; static unsigned long long int ouiap; static unsigned long long int ouista; static unsigned long long int vendoroui; static char linein[LINEBUFFER]; static uint8_t essidbuffer[66]; static char vendorapname[256]; static char vendorstaname[256]; sscanf(&hash16800line[33], "%12llx", &macap); ouiap = macap >> 24; sscanf(&hash16800line[46], "%12llx", &macsta); ouista = macsta >> 24; essidptr = hash16800line +59; l = strlen(essidptr); passwdptr = strrchr(essidptr, ':'); if(passwdptr != NULL) { l1 = strlen(passwdptr); if(l1 > 1) { l -= l1; } } if((l%2 != 0) || (l > 64)) { fprintf(stderr, "xxx wrong ESSID length %s\n", essidptr); return; } memset(&essidbuffer, 0, 66); if(hex2bin(essidptr, essidbuffer, l /2) == false) { fprintf(stderr, "wrong ESSID %s\n", essidptr); return; } if ((fhoui = fopen(ouiname, "r")) == NULL) { fprintf(stderr, "unable to open database %s\n", ouiname); exit (EXIT_FAILURE); } strncpy(vendorapname, "unknown", 8); strncpy(vendorstaname, "unknown", 8); while((len = fgetline(fhoui, LINEBUFFER, linein)) != -1) { if (len < 10) continue; if(strstr(linein, "(base 16)") != NULL) { sscanf(linein, "%06llx", &vendoroui); if(ouiap == vendoroui) { vendorptr = strrchr(linein, '\t'); if(vendorptr != NULL) { strncpy(vendorapname, vendorptr +1,255); } } if(ouista == vendoroui) { vendorptr = strrchr(linein, '\t'); if(vendorptr != NULL) { strncpy(vendorstaname, vendorptr +1,255); } } } } if(isasciistring(l /2, essidbuffer) == true) { fprintf(stdout, "\nESSID..: %s\n", essidbuffer); } else { fprintf(stdout, "\nESSID..: $HEX[%s]\n", essidbuffer); } fprintf(stdout, "MAC_AP.: %012llx\n" "VENDOR.: %s\n" "MAC_STA: %012llx\n" "VENDOR.: %s\n\n" , macap, vendorapname, macsta, vendorstaname); fclose(fhoui); return; } /*===========================================================================*/ static void get2500info(char *ouiname, char *hash2500line) { static int len; static int l, l1; static FILE* fhoui; static char *vendorptr; static char *essidptr; static char *passwdptr; static unsigned long long int macap; static unsigned long long int macsta; static unsigned long long int ouiap; static unsigned long long int ouista; static unsigned long long int vendoroui; static char linein[LINEBUFFER]; static uint8_t essidbuffer[72]; static char vendorapname[256]; static char vendorstaname[256]; sscanf(&hash2500line[33], "%12llx", &macap); ouiap = macap >> 24; sscanf(&hash2500line[46], "%12llx", &macsta); ouista = macsta >> 24; essidptr = hash2500line +59; l = strlen(essidptr); passwdptr = strrchr(hash2500line, ':'); if((passwdptr -hash2500line) > 59) { if(passwdptr != NULL) { l1 = strlen(passwdptr); if(l1 > 1) { l -= l1; } } } if(l > 70) { fprintf(stderr, "wrong ESSID length %s %d\n", essidptr, l); return; } memset(&essidbuffer, 0, 72); memcpy(&essidbuffer, essidptr, l); if ((fhoui = fopen(ouiname, "r")) == NULL) { fprintf(stderr, "unable to open database %s\n", ouiname); exit (EXIT_FAILURE); } strncpy(vendorapname, "unknown", 8); strncpy(vendorstaname, "unknown", 8); while((len = fgetline(fhoui, LINEBUFFER, linein)) != -1) { if (len < 10) continue; if(strstr(linein, "(base 16)") != NULL) { sscanf(linein, "%06llx", &vendoroui); if(ouiap == vendoroui) { vendorptr = strrchr(linein, '\t'); if(vendorptr != NULL) { strncpy(vendorapname, vendorptr +1,255); } } if(ouista == vendoroui) { vendorptr = strrchr(linein, '\t'); if(vendorptr != NULL) { strncpy(vendorstaname, vendorptr +1,255); } } } } fprintf(stdout, "\nESSID..: %s\n", essidbuffer); fprintf(stdout, "MAC_AP.: %012llx\n" "VENDOR.: %s\n" "MAC_STA: %012llx\n" "VENDOR.: %s\n\n" , macap, vendorapname, macsta, vendorstaname); fclose(fhoui); return; } /*===========================================================================*/ static void getoui(char *ouiname, unsigned long long int oui) { static int len; static FILE* fhoui; static char *vendorptr; static unsigned long long int vendoroui; static char linein[LINEBUFFER]; static char vendorapname[256]; #ifdef BIG_ENDIAN_HOST int lsb = oui & 0xf; #else int lsb = (oui >> 16) & 0xf; #endif if ((fhoui = fopen(ouiname, "r")) == NULL) { fprintf(stderr, "unable to open database %s\n", ouiname); exit (EXIT_FAILURE); } strncpy(vendorapname, "unknown", 8); while((len = fgetline(fhoui, LINEBUFFER, linein)) != -1) { if (len < 10) continue; if(strstr(linein, "(base 16)") != NULL) { sscanf(linein, "%06llx", &vendoroui); if(oui == vendoroui) { vendorptr = strrchr(linein, '\t'); if(vendorptr != NULL) { strncpy(vendorapname, vendorptr +1,255); break; } } } } fprintf(stdout, "\nVENDOR: %s (%s)%s\n\n", vendorapname, oui == 0xffffff ? "broadcast" : lsb & 2 ? "LAA - likely randomized!" : "UAA", oui == 0xffffff ? "" : lsb & 1 ? ", multicast" : ", unicast"); fclose(fhoui); return; } /*===========================================================================*/ static void getvendor(char *ouiname, char *vendorstring) { static int len; static FILE* fhoui; static char *vendorptr; static unsigned long long int vendoroui; char linein[LINEBUFFER]; if ((fhoui = fopen(ouiname, "r")) == NULL) { fprintf(stderr, "unable to open database %s\n", ouiname); exit (EXIT_FAILURE); } while((len = fgetline(fhoui, LINEBUFFER, linein)) != -1) { if (len < 10) continue; if(strstr(linein, "(base 16)") != NULL) { if(strstr(linein, vendorstring) != NULL) { sscanf(linein, "%06llx", &vendoroui); vendorptr = strrchr(linein, '\t'); fprintf(stdout, "%06llx%s\n", vendoroui, vendorptr); } } } fclose(fhoui); return; } /*===========================================================================*/ __attribute__ ((noreturn)) static void usage(char *eigenname) { fprintf(stdout, "%s %s (C) %s ZeroBeat\n" "usage: %s \n" "\n" "options:\n" "-d : download http://standards-oui.ieee.org/oui/oui.txt\n" " : and save to ~/.hcxtools/oui.txt\n" " : internet connection required\n" "-m : mac (six bytes of mac addr) or \n" " : oui (fist three bytes of mac addr)\n" "-p : input PMKID and/or EAPOL hashline (hashmode 22000 or 16800)\n" "-P : input EAPOL hashline from potfile (hashcat <= 5.1.0)\n" "-e : input ESSID\n" "-x : input ESSID in hex\n" "-e : input ESSID\n" "-v : vendor name\n" "-h : this help screen\n" "\n", eigenname, VERSION_TAG, VERSION_YEAR, eigenname); exit(EXIT_SUCCESS); } /*===========================================================================*/ int main(int argc, char *argv[]) { static int auswahl; static int mode = 0; static int ret; static int l; static int p1, p2; static unsigned long long int oui = 0; static char *hashlineend; static uid_t uid; static struct passwd *pwd; static struct stat statinfo; static char *vendorname = NULL; static char *hexessidname = NULL; static char *essidname = NULL; static char *hash16800line = NULL; static char *hash2500line = NULL; static char *ouiname = NULL; static char *confdirname = ".hcxtools"; static char *ouinameuser = ".hcxtools/oui.txt"; static char *ouinamesystemwide = "/usr/share/ieee-data/oui.txt"; static char pmkidtype[] = {"WPA*01*" }; static char eapoltype[] = {"WPA*02*" }; static char pmkidtypeend[] = {"***" }; while ((auswahl = getopt(argc, argv, "m:v:p:P:e:x:dh")) != -1) { switch (auswahl) { case 'd': mode = 'd'; break; case 'm': l= strlen(optarg); if((l > 17) || (l < 6)) { fprintf(stderr, "error wrong oui size %s (need eg. 11:22:33:44:55:aa or 112233)\n", optarg); exit(EXIT_FAILURE); } p2 = 0; for(p1 = 0; p1 < l; p1++) { if(isxdigit((unsigned char)optarg[p1])) { optarg[p2] = optarg[p1]; p2++; } } optarg[6] = 0; for(p1 = 0; p1 < 6; p1++) { if(!isxdigit((unsigned char)optarg[p1])) { fprintf(stderr, "error wrong oui %s (need eg. 11:22:33:44:55:aa or 112233)\n", optarg); exit(EXIT_FAILURE); } } oui = strtoull(optarg, NULL, 16); mode = 'm'; break; case 'p': hash16800line = optarg; l = strlen(hash16800line); if(l < 61) { fprintf(stderr, "error hashline too short %s\n", optarg); exit(EXIT_FAILURE); } if(memcmp(&pmkidtype, hash16800line, 7) == 0) { hash16800line += 7; l -=7; if(memcmp(&pmkidtypeend, &hash16800line[l -3], 3) == 0) hash16800line[l -3] = 0; } if(memcmp(&eapoltype, hash16800line, 7) == 0) { hash16800line += 7; hashlineend = strchr(&hash16800line[59], '*'); if(hashlineend != NULL) hashlineend[0] = 0; } if(((hash16800line[32] != ':') && (hash16800line[45] != ':') && (hash16800line[58] != ':')) && ((hash16800line[32] != '*') && (hash16800line[45] != '*') && (hash16800line[58] != '*'))) { fprintf(stderr, "error hashline wrong format %s\n", optarg); exit(EXIT_FAILURE); } mode = 'p'; break; case 'P': hash2500line = optarg; l = strlen(hash2500line); if(l < 61) { fprintf(stderr, "error hashline too short %s\n", optarg); exit(EXIT_FAILURE); } if((hash2500line[32] != ':') && (hash2500line[45] != ':') && (hash2500line[58] != ':')) { fprintf(stderr, "error hashline wrong format %s\n", optarg); exit(EXIT_FAILURE); } mode = 'P'; break; case 'v': vendorname = optarg; mode = 'v'; break; case 'e': hexessidname = optarg; mode = 'e'; break; case 'x': essidname = optarg; mode = 'x'; break; default: usage(basename(argv[0])); } } if(argc > 3) { fprintf(stderr, "only one argument allowed\n"); exit(EXIT_FAILURE); } uid = getuid(); pwd = getpwuid(uid); if(pwd == NULL) { fprintf(stderr, "failed to get home dir\n"); exit(EXIT_FAILURE); } ret = chdir(pwd->pw_dir); if(ret == -1) { fprintf(stderr, "failed to change dir\n"); } if(stat(confdirname, &statinfo) == -1) { if(mkdir(confdirname,0755) == -1) { fprintf(stderr, "failed to create conf dir\n"); exit(EXIT_FAILURE); } } if(mode == 'd') { downloadoui(ouinameuser); return EXIT_SUCCESS; } if(stat(ouinamesystemwide, &statinfo) == 0) { ouiname = ouinamesystemwide; } if(stat(ouinameuser, &statinfo) == 0) { ouiname = ouinameuser; } if(ouiname == NULL) { fprintf(stderr, "failed read oui.txt\n" "use download option -d to download it\n" "or download file http://standards-oui.ieee.org/oui/oui.txt\n" "and save it to ~/.hcxtools/oui.txt\n"); exit(EXIT_FAILURE); } if(stat(ouiname, &statinfo) < 0) { fprintf(stderr, "failed read oui.txt\n" "use download option -d to download it\n" "or download file http://standards-oui.ieee.org/oui/oui.txt\n" "and save it to ~/.hcxtools/oui.txt\n"); exit(EXIT_FAILURE); } if(mode == 'm') { getoui(ouiname, oui); } else if(mode == 'p') { get16800info(ouiname, hash16800line); } else if(mode == 'P') { get2500info(ouiname, hash2500line); } else if(mode == 'v') { getvendor(ouiname, vendorname); } else if(mode == 'e') { gethexessidinfo(hexessidname); } else if(mode == 'x') { getessidinfo(essidname); } else { usage(basename(argv[0])); return EXIT_FAILURE; } return EXIT_SUCCESS; } hcxtools-6.2.7/wlancap2wpasec.c000066400000000000000000000165101423200176400164510ustar00rootroot00000000000000#define _GNU_SOURCE #include #include #include #include #include #include #include #include #if defined (__APPLE__) || defined(__OpenBSD__) #include #else #include #endif #include /*===========================================================================*/ /* globale Konstante */ struct memory { char *response; size_t size; }; static long int uploadcountok; static long int uploadcountfailed; static const char *wpasecurl = "https://wpa-sec.stanev.org"; static bool removeflag = false; struct memory *curlmem; /*===========================================================================*/ static int testwpasec(long int timeout) { CURL *curl; CURLcode res = 0; fprintf(stdout, "connecting to %s\n", wpasecurl); curl_global_init(CURL_GLOBAL_ALL); curl = curl_easy_init(); if(curl) { curl_easy_setopt(curl, CURLOPT_URL, wpasecurl); curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, timeout); curl_easy_setopt(curl, CURLOPT_NOBODY, 1L); res = curl_easy_perform(curl); if(res != CURLE_OK) fprintf(stderr, "couldn't connect to %s: %s\n", wpasecurl, curl_easy_strerror(res)); curl_easy_cleanup(curl); } curl_global_cleanup(); return res; } /*===========================================================================*/ static size_t cb(void *data, size_t size, size_t nmemb, void *userp) { char *ptr; size_t realsize = size *nmemb; curlmem = (struct memory *)userp; ptr = realloc(curlmem->response, curlmem->size +realsize +1); if(ptr == NULL) return 0; curlmem->response = ptr; memcpy(&(curlmem->response[curlmem->size]), data, realsize); curlmem->size += realsize; curlmem->response[curlmem->size] = 0; return realsize; } /*===========================================================================*/ static bool sendcap2wpasec(char *sendcapname, long int timeout, char *keyheader, char *emailheader) { CURL *curl; CURLcode res; bool uploadflag = true; int ret; struct curl_httppost *formpost=NULL; struct curl_httppost *lastptr=NULL; struct curl_slist *headerlist=NULL; static const char buf[] = "Expect:"; struct memory chunk; fprintf(stdout, "uploading %s to %s\n", sendcapname, wpasecurl); memset(&chunk, 0, sizeof(chunk)); curl_global_init(CURL_GLOBAL_ALL); curl_formadd(&formpost, &lastptr, CURLFORM_COPYNAME, "file", CURLFORM_FILE, sendcapname, CURLFORM_END); if(emailheader != NULL) curl_formadd(&formpost, &lastptr, CURLFORM_COPYNAME, "email", CURLFORM_PTRCONTENTS, emailheader, CURLFORM_END); curl = curl_easy_init(); headerlist = curl_slist_append(headerlist, buf); if(curl) { curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 0L); curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, cb); curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)&chunk); curl_easy_setopt(curl, CURLOPT_URL, wpasecurl); curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, timeout); curl_easy_setopt(curl, CURLOPT_HTTPPOST, formpost); if(keyheader) curl_easy_setopt(curl, CURLOPT_COOKIE, keyheader); res = curl_easy_perform(curl); if(res == CURLE_OK) { fprintf(stdout, "upload done\n"); if(removeflag == true) { ret = remove(sendcapname); if(ret != 0) fprintf(stdout, "couldn't remove %s\n", sendcapname); } if(curlmem->response != NULL) { fprintf(stdout, "\n%s\n\n", curlmem->response); free(curlmem->response); } } else { fprintf(stderr, "\n\x1B[31mupload to %s failed: %s\x1B[0m\n\n", wpasecurl, curl_easy_strerror(res)); uploadflag = false; } curl_easy_cleanup(curl); curl_formfree(formpost); curl_slist_free_all(headerlist); } return uploadflag; } /*===========================================================================*/ __attribute__ ((noreturn)) void version(char *eigenname) { fprintf(stdout, "%s %s (C) %s ZeroBeat\n", eigenname, VERSION_TAG, VERSION_YEAR); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) static void usage(char *eigenname) { fprintf(stdout, "%s %s (C) %s ZeroBeat\n" "usage: %s [input.pcapng] [input.pcap] [input.cap] [input.pcapng.gz]...\n" " %s *.pcapng\n" " %s *.gz\n" " %s *.*\n" "\n" "options:\n" "-k : wpa-sec user key\n" "-u : set user defined URL\n" " default = %s\n" "-t : set connection timeout\n" " default = 30 seconds\n" "-e : set email address, if required\n" "-R : remove cap if upload was successful\n" "-h : this help\n" "-h : show version\n" "\n" "Do not merge different cap files to a single cap file.\n" "This will lead to unexpected behaviour on ESSID changes\n" "or different link layer types.\n" "To ‎remove unnecessary packets, run tshark:\n" "tshark -r input.cap -R \"(wlan.fc.type_subtype == 0x00 || wlan.fc.type_subtype == 0x02 || wlan.fc.type_subtype == 0x04 || wlan.fc.type_subtype == 0x05 || wlan.fc.type_subtype == 0x08 || eapol)\" -2 -F pcapng -w output.pcapng\n" "To reduce the size of the cap file, compress it with gzip:\n" "gzip capture.pcapng\n" "\n" "\n", eigenname, VERSION_TAG, VERSION_YEAR, eigenname, eigenname, eigenname, eigenname, wpasecurl); exit(EXIT_FAILURE); } /*===========================================================================*/ int main(int argc, char *argv[]) { struct stat statinfo; int auswahl; int index; char keyheader[4+32+1+2] = {0}; char *emailaddr = NULL; long int timeout = 30; uploadcountok = 0; uploadcountfailed = 0; setbuf(stdout, NULL); while ((auswahl = getopt(argc, argv, "k:u:t:e:Rhv")) != -1) { switch (auswahl) { case 'k': if((strlen(optarg) == 32) && (optarg[strspn(optarg, "0123456789abcdefABCDEF")] == 0)) { snprintf(keyheader, sizeof(keyheader), "key=%s", optarg); fprintf(stdout, "\x1B[32muser key set\x1B[0m\n"); } else { fprintf(stdout, "wrong user key value\n"); } break; case 'u': wpasecurl = optarg; break; case 't': timeout = strtol(optarg, NULL, 10); if(timeout < 1) { fprintf(stdout, "wrong connection timeout\nsetting connection timeout to 30 seconds\n"); timeout = 30; } break; case 'e': emailaddr = optarg; if(strlen(emailaddr) > 120) { fprintf(stderr, "email address is too long\n"); exit (EXIT_FAILURE); } break; case 'R': removeflag = true; break; case 'v': version(basename(argv[0])); break; default: usage(basename(argv[0])); } } if(testwpasec(timeout) != CURLE_OK) return EXIT_SUCCESS; for(index = optind; index < argc; index++) { if(stat(argv[index], &statinfo) == 0) { if(sendcap2wpasec(argv[index], timeout, keyheader, emailaddr) == false) { if(sendcap2wpasec(argv[index], 60, keyheader, emailaddr) == true) uploadcountok++; else uploadcountfailed++; } else uploadcountok++; } else fprintf(stdout, "file not found: %s\n", argv[index]); } if(uploadcountok == 1) fprintf(stdout, "\x1B[32m%ld cap uploaded to %s\x1B[0m\n", uploadcountok, wpasecurl); if(uploadcountok > 1) fprintf(stdout, "\x1B[32m%ld caps uploaded to %s\x1B[0m\n", uploadcountok, wpasecurl); if(uploadcountfailed == 1) fprintf(stdout, "\x1B[31m%ld cap failed to upload to %s\x1B[0m\n", uploadcountfailed, wpasecurl); if(uploadcountfailed > 1) fprintf(stdout, "\x1B[31m%ld caps failed to upload to %s\x1B[0m\n", uploadcountfailed, wpasecurl); return EXIT_SUCCESS; }