pax_global_header00006660000000000000000000000064147143621070014517gustar00rootroot0000000000000052 comment=90994c15f5b9b217b4d37288ef798c5bc46fc81e hcxtools-6.3.5/000077500000000000000000000000001471436210700133755ustar00rootroot00000000000000hcxtools-6.3.5/.github/000077500000000000000000000000001471436210700147355ustar00rootroot00000000000000hcxtools-6.3.5/.github/ISSUE_TEMPLATE/000077500000000000000000000000001471436210700171205ustar00rootroot00000000000000hcxtools-6.3.5/.github/ISSUE_TEMPLATE/bug_report.md000066400000000000000000000015031471436210700216110ustar00rootroot00000000000000--- name: Bug report about: Please report bugs here title: '' labels: '' assignees: '' --- **GitHub is for bugs and features - not for support** Questions must be posted in the discussion board https://github.com/ZerBea/hcxdumptool/discussions **Check the FAQ** Please review the discussions **Comment output of the tool, e.g.** 1. $ sudo hcxpcapngtool -v Bug reports will only be accepted against the current tip of the master git branch. Anything else will be rejected. **Describe the bug** A clear and concise description of what the bug is. **To Reproduce** Comment the entire command line **Expected behavior** A clear and concise description of what you expected to happen. **Screenshots** If applicable, add screenshots to help explain your problem. **Additional context** Add any other context about the problem here. hcxtools-6.3.5/.github/ISSUE_TEMPLATE/feature_request.md000066400000000000000000000013571471436210700226530ustar00rootroot00000000000000--- name: Feature request about: Suggest an idea for this project title: '' labels: '' assignees: '' --- **GitHub is for bugs and features - not for support** Questions must be posted in the discussion board https://github.com/ZerBea/hcxdumptool/discussions **Check the FAQ** Some items that might appear to be issues are not issues. Please review the discussions. **Describe the feature** A clear and concise description of what the feature is. **Current behavior** Please give a reproducible example of the current behavior, if possible. **Expected behavior** A clear and concise description of what you expected to happen, ideally with mock output. **Additional context** Add any other context or screenshots about the feature request here. hcxtools-6.3.5/.github/workflows/000077500000000000000000000000001471436210700167725ustar00rootroot00000000000000hcxtools-6.3.5/.github/workflows/cpush.yml000066400000000000000000000007731471436210700206460ustar00rootroot00000000000000name: C CI on: push: branches: [ "master" ] pull_request: branches: [ "master" ] jobs: build: runs-on: ubuntu-latest strategy: matrix: os-version: [ ubuntu-latest ] compiler: [ gcc-latest ] deps: ['enabled'] platform: ['x64', 'x86'] steps: - uses: actions/checkout@v3 with: fetch-depth: 0 - name: Install packages run: | sudo apt install -y libcurl4-gnutls-dev - name: Make run: make hcxtools-6.3.5/.gitignore000066400000000000000000000001511471436210700153620ustar00rootroot00000000000000hcxeiutool hcxhash2cap hcxhashtool hcxpcapngtool hcxpmktool hcxpsktool hcxwltool whoismac wlancap2wpasec hcxtools-6.3.5/.travis.yml000066400000000000000000000006601471436210700155100ustar00rootroot00000000000000dist: trusty sudo: false cache: ccache: true language: none matrix: include: - os: linux addons: apt: sources: - ubuntu-toolchain-r-test packages: - gcc-12 - ccache - make - libcurl4-gnutls-dev env: - MATRIX_EVAL="CC=gcc-12 DO_INSTALL=1" before_install: - eval "${MATRIX_EVAL}" - export "CC=ccache $CC" script: - "make" hcxtools-6.3.5/Makefile000066400000000000000000000046111471436210700150370ustar00rootroot00000000000000PRODUCTION := 1 PRODUCTION_VERSION := 6.3.5 PRODUCTION_YEAR := 2024 ifeq ($(PRODUCTION),1) VERSION_TAG := $(PRODUCTION_VERSION) else VERSION_TAG := $(shell git describe --tags || echo $(PRODUCTION_VERSION)) endif VERSION_YEAR := $(shell echo $(PRODUCTION_YEAR)) PREFIX ?= /usr BINDIR = $(DESTDIR)$(PREFIX)/bin HOSTOS := $(shell uname -s) CC ?= gcc CFLAGS ?= -O3 -Wall -Wextra -Wpedantic CFLAGS += -std=gnu99 DEFS = -DVERSION_TAG=\"$(VERSION_TAG)\" -DVERSION_YEAR=\"$(VERSION_YEAR)\" DEFS += -DWANTZLIB INSTALL ?= install INSTFLAGS = PKG_CONFIG ?= pkg-config ifeq ($(HOSTOS), Linux) INSTFLAGS += -D endif OPENSSL_LIBS=$(shell $(PKG_CONFIG) --libs openssl) OPENSSL_CFLAGS=$(shell $(PKG_CONFIG) --cflags openssl) CURL_LIBS=$(shell $(PKG_CONFIG) --libs libcurl) CURL_CFLAGS=$(shell $(PKG_CONFIG) --cflags libcurl) Z_LIBS=$(shell $(PKG_CONFIG) --libs zlib) Z_CFLAGS=$(shell $(PKG_CONFIG) --cflags zlib) TOOLS= TOOLS+=hcxpcapngtool hcxpcapngtool_libs=$(OPENSSL_LIBS) $(Z_LIBS) hcxpcapngtool_cflags=$(OPENSSL_CFLAGS) $(Z_CFLAGS) TOOLS+=hcxhashtool hcxhashtool_libs=$(OPENSSL_LIBS) $(CURL_LIBS) hcxhashtool_cflags=$(OPENSSL_CFLAGS) $(CURL_CFLAGS) TOOLS+=hcxpsktool hcxpsktool_libs=$(OPENSSL_LIBS) hcxpsktool_cflags=$(OPENSSL_CFLAGS) TOOLS+=hcxpmktool hcxpmktool_libs=$(OPENSSL_LIBS) hcxpmktool_cflags=$(OPENSSL_CFLAGS) TOOLS+=hcxeiutool TOOLS+=hcxwltool TOOLS+=hcxhash2cap TOOLS+=wlancap2wpasec wlancap2wpasec_libs=$(OPENSSL_LIBS) $(CURL_LIBS) wlancap2wpasec_cflags=$(OPENSSL_CFLAGS) $(CURL_CFLAGS) TOOLS+=whoismac whoismac_libs=$(OPENSSL_LIBS) $(CURL_LIBS) whoismac_cflags=$(OPENSSL_CFLAGS) $(CURL_CFLAGS) .PHONY: all build install clean uninstall all: build build: $(TOOLS) .deps: mkdir -p .deps # $1: tool name define tool-build $(1)_src ?= $(1).c $(1)_libs ?= $(1)_cflags ?= $(1): $$($(1)_src) | .deps $$(CC) $$(CFLAGS) $$($(1)_cflags) $$(CPPFLAGS) -MMD -MF .deps/$$@.d -o $$@ $$($(1)_src) $$($(1)_libs) $$(LDFLAGS) $$(DEFS) .deps/$(1).d: $(1) .PHONY: $(1).install $(1).install: $(1) $$(INSTALL) $$(INSTFLAGS) -m 0755 $(1) $$(BINDIR)/$(1) .PHONY: $(1).clean $(1).clean: rm -f .deps/$(1).d rm -f $(1) .PHONY: $(1).uninstall $(1).uninstall: rm -rf $$(BINDIR)/$(1) endef $(foreach tool,$(TOOLS),$(eval $(call tool-build,$(tool)))) install: $(patsubst %,%.install,$(TOOLS)) clean: $(patsubst %,%.clean,$(TOOLS)) rm -rf .deps rm -f *.o *~ uninstall: $(patsubst %,%.uninstall,$(TOOLS)) -include .deps/*.d hcxtools-6.3.5/README.md000066400000000000000000000173461471436210700146670ustar00rootroot00000000000000hcxtools ========= A small set of tools to convert packets from capture files to hash files for use with Hashcat or John the Ripper. These tools are 100% compatible with Hashcat and John the Ripper and are endorsed by Hashcat. Brief Description ------------------ The main purpose of hcxtools is to detect weak points within one's own WiFi network by analyzing the hashes. Therefore, the conversion of the dump file to WPA-PBKDF2-PMKID+EAPOL hash file allows the user to check if the WLAN-KEY or PMK was transmitted unencrypted. Or upload the "uncleaned" dump file (pcapng, pcap, cap) [here](https://wpa-sec.stanev.org/?submit) to find out if your AP or the CLIENT is vulnerable by using common wordlists or a weak password generation algorithm. * Support for Hashcat hash-modes: 4800, 5500, 2200x, 16100, 250x (deprecated), and 1680x (deprecated). * Support for John the Ripper hash-modes: WPAPSK-PMK, PBKDF2-HMAC-SHA1, chap, netntlm, and tacacs-plus. * Support for gzip (.gz) single file compression. An overview of Hashcat mode 22000. - (https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2) Old but still applicable write-up by **atom** of the Hashcat forums covering a new attack on WPA/WPA2 using PMKID. - (https://hashcat.net/forum/thread-7717.html) Hashcat mode 22000 write-up by **atom** of the Hashcat forums. - (https://hashcat.net/forum/thread-10253.html) **Unsupported:** Windows OS, macOS, Android, emulators or wrappers! What Don't hcxtools Do? ------------------------ * They do not crack WPA PSK related hashes. (Use Hashcat or JtR to recover the PSK.) * They do not crack WEP. (Use the aircrack-ng suite instead.) * They do not crack WPS. (Use Reaver or Bully instead.) * They do not decrypt encrypted traffic. (Use tshark or Wireshark to do so.) Detailed Description --------------------- | Tool | Description | | -------------- | ---------------------------------------------------------------------------------------------------------------------- | | hcxpcapngtool | Tool to convert raw capture files to Hashcat and JtR readable formats. | | hcxhashtool | Tool to filter hashes from HC22000 files based on user input. | | hcxpsktool | Tool to get weak PSK candidates from hash files or user input. | | hcxpmktool | Tool to calculate and verify a PSK and/or a PMK. | | hcxeiutool | Tool to prepare -E -I -U output of hcxpcapngtool for use by Hashcat + rule or JtR + rule. | | hcxwltool | Tool to calculate candidates for Hashcat and JtR based on mixed wordlists. | | hcxhash2cap | Tool to convert hash files (PMKID&EAPOL, PMKID, EAPOL-hccapx, EAPOL-hccap, WPAPSK-john) to cap. | | wlancap2wpasec | Tool to upload multiple (gzip compressed) pcapng, pcap and cap files to https://wpa-sec.stanev.org | | whoismac | Tool to show vendor information and/or download oui reference list. | Workflow --------- hcxdumptool -> hcxpcapngtool -> hcxhashtool (additional hcxpsktool/hcxeiutool) -> hashcat or JtR Install Guide -------------- On most distributions hcxtools are available through the package manager. If you decide to compile latest git head, make sure that your distribution is updated to it's latest version and make sure that all header files and dependencies have been installed! ### Clone Repository --------------------- ``` git clone https://github.com/ZerBea/hcxtools.git cd hcxtools ``` ### Compile & Install ---------------------- ``` make -j $(nproc) ``` Install to `/usr/bin`: ``` make install (as super user) ``` Or install to `/usr/local/bin`: ``` make install PREFIX=/usr/local (as super user) ``` Requirements -------------- * Knowledge of radio technology. * Knowledge of electromagnetic-wave engineering. * Detailed knowledge of 802.11 protocol. * Detailed knowledge of key derivation functions. * Detailed knowledge of Linux * Operating system: Linux (recommended: kernel >= 6.4, mandatory: kernel >= 5.10) * Recommendation: Arch Linux (notebooks and desktop systems), OpenWRT (small systems like Raspberry Pi, WiFi router) * gcc >= 13 recommended (deprecated versions are not supported: https://gcc.gnu.org/) * libopenssl (>= 3.0) and openssl-dev installed * librt and librt-dev installed. (Should be installed by default.) * zlib and zlib-dev installed. (For gzip compressed cap/pcap/pcapng files.) * libcurl (>= 7.56) and curl-dev installed. (Used by whoismac and wlancap2wpasec.) * pkg-config installed. * Make sure that the version of hcxpcapngtool always fits to the version of hcxdumptool **If you decide to compile latest git head, make sure that your distribution is updated to it's latest version!** Useful Scripts --------------- | Script | Description | | ------------ | -------------------------------------------------------- | | piwritecard | Example script to restore SD-Card | | piwreadcard | Example script to backup SD-Card | | hcxgrep.py | Extract records from m22000 hashline/hccapx/pmkid file based on regexp | Notice ------- * Most output files will be appended to existing files (with the exception of pcapng, pcap, cap files). * It is recommended to use hash mode 22000 (22001) instead of deprecated hash modes 2500 (2501) and 16800 (16801). * hcxtools are designed to be analysis tools. This means that everything is converted by default and unwanted information must be filtered out! **Warning:** Do not merge dump files! This WILL destroy hash values assigned by custom blocks! * Tools do not perform NONCE ERROR CORRECTIONS! In case of a packet loss, you'll get a wrong PTK. * This branch is pretty closely synced to the Hashcat and John the Ripper repositories. Bitmask Message Pair Field (hcxpcapngtool) ------------------------------------------- bit 0-2 000 = M1+M2, EAPOL from M2 (challenge) 001 = M1+M4, EAPOL from M4 if not zeroed (authorized) 010 = M2+M3, EAPOL from M2 (authorized) 011 = M2+M3, EAPOL from M3 (authorized) - unused 100 = M3+M4, EAPOL from M3 (authorized) - unused 101 = M3+M4, EAPOL from M4 if not zeroed (authorized) 3: reserved 4: ap-less attack (set to 1) - no nonce-error-corrections necessary 5: LE router detected (set to 1) - nonce-error-corrections only for LE necessary 6: BE router detected (set to 1) - nonce-error-corrections only for BE necessary 7: not replaycount checked (set to 1) - replaycount not checked, nonce-error-corrections definitely necessary Warning -------- You might expect me to recommend that everyone should be using hcxdumptool/hcxtools. But the fact of the matter is, hcxdumptool/hcxtools is NOT recommended to be used by inexperienced users or newbies. If you are not familiar with Linux in general or you do not have at least a basic level of knowledge as mentioned in section "Requirements", hcxdumptool/hcxtools is probably not what you are looking for. However, if you have that knowledge hcxdumptool/hcxtools can do magic for you. The entire toolkit (hcxdumptool and hcxtools) is designed to be an analysis toolkit. Useful Links -------------- https://pcapng.com/ https://www.kernel.org/doc/html/latest/ https://www.kernel.org/doc/html/latest/bpf/index.html https://www.freecodecamp.org/news/the-linux-commands-handbook/ https://en.wikipedia.org/wiki/Wpa2 https://en.wikipedia.org/wiki/802.11_Frame_Types https://en.wikipedia.org/wiki/IEEE_802.11i-2004 hcxtools-6.3.5/changelog000066400000000000000000002054001471436210700152500ustar00rootroot0000000000000011.11.2024 ========== release v6.3.5 hcxhashtool: added new option to filter ESSID --essid-regex= : filter ESSID by regular expression several fixes and improvements 04.03.2024 ========== README.md: removed entire instructions how to compile hcxtools on different distributions check the distribution's page how to update the ditribution, how to install missing dependencies and missing header files 25.02.2024 ========== release v6.3.4 26.01.2024 ========== hcxpcapngtool: added option to store a BSSID file to syn with external GPS data --lts= : output BSSID list to sync with external GPS data format: LINUX timestamp MAC_AP ESSID 14.12.2023 ========== hcxhashtool: added new option to import ancient hccap file --hccap-in= : inputput ancient hccap file 13.12.2023 ========== hcxhashtool: changed options hccapx and hccap --hccapx-out= : output to deprecated hccapx file --hccap-out= : output to ancient hccap file hcxhashtool: added new option to import deprecated hccapx file --hccapx-in= : inputput deprecated hccapx file 01.11.2023 ========== release v6.3.2 26.09.2023 ========== hcxpsktool: added simple pattern generator based on analysis of wpa-sec --simple : include simple pattern 04.07.2023 ========== added -Wpedantic to compiler flags and fixed all warnings 30.06.2023 ========== release v6.3.1 13.05.2023 ========== hcxhashtool: allow to print ESSID list to stdout -E : output ESSID list (autohex enabled) -E stdout : output ESSID list to stdout (autohex enabled) 10.05.2023 ========== hcxpcapngtool: added new option store PMKIDs coming from a CLIENT to a separate hash file. --pmkid-client= : output WPA-(MESH/REPEATER)-PMKID hash file (hashcat -m 22000) to sucessfully recover the PSK from this PMKIDs, it is mandatory to store all PMKIDs coming from a CLIENT to this file added information about source to the end of WPA*01 hash line: PMKID from ACCESS POINT: WPA*01*PMKID*MAC_AP*MAC_CLIENT*ESSID***01 PMKID from CLIENT : WPA*01*PMKID*MAC_AP*MAC_CLIENT*ESSID***10 05.05.2023 ========== release v6.3.0 hcxhashtool/whoismac: do not overwrite oui.txt in case of download ERROR 10.03.2023 ========== release v6.2.9 hcxpcapngtool moved default timestamp from usec to nsec (timeval to timespec) 10.03.2023 ========== release v6.2.8 moved to EVP API 3.0 (from now on OpenSSL >= 3.0 is mandatory) hcxpcapngtool: handle nsec timestamps 24.12.2022 ========== hcxpcapngtool: added detection of entire RADIUS detection RADIUS AUTHENTICATION (REQUEST)..........: 2 RADIUS AUTHENTICATION (CHALLENGE)........: 1 RADIUS AUTHENTICATION (ACCEPT)...........: 1 23.12.2022 ========== wlancap2wpasec: moved to curl_mime_xxx from now on curl >= 7.56 is mandatory 14.12.2022 ========== hcxhashtool: added new option -L to write unfiltered and unsorted ESSID list (usefull for hashcat -a9 option) 25.11.2022 ========== hcxhashtool: added new option --essid-partx to filter case insensitive more information here: https://hashcat.net/forum/thread-6661-post-56782.html#pid56782 17.11.2022 ========== hcxpcapngtool: added detection of TACAS plus v2 and v3 13.11.2022 ========== removed deprecated tools: | deprecated | obsolete and - no longer under maintenance - will be removed, when OpenSSL switching to version 3.0.0 | | -------------- | ---------------------------------------------------------------------------------------------------------------------- | | hcxmactool | Various MAC based filter operations on HCCAPX and PMKID files - convert hccapx and/or PMKID to new hashline format | | hcxpmkidtool | CPU based tools to verify a PMKID | | hcxessidtool | Various ESSID based filter operations on HCCAPX and PMKID files | | hcxhashcattool | Convert old hashcat (<= 5.1.0) separate potfile (2500 and/or 16800) to new potfile format | improved hcxpmktool (tool to verify a single hc22000 hash): $ hcxpmktool --help hcxpmktool 6.2.7-51-g60b1801 (C) 2022 ZeroBeat usage : hcxpmktool short options: -l : input hashcat hash line (-m 22000) -e : input Network Name (ESSID) -p : input Pre Shared Key (PSK) or Plain Master Key (PMK) -p - : read Pre Shared Key (PSK) from stdin : small lists only long options: --help : show this help --version : show version exit codes: 0 = PSK/PMK confirmed 1 = ERROR occurred 2 = PSK/PMK unconfirmed examples: get 22000 hashes from here: https://hashcat.net/wiki/doku.php?id=example_hashes verify PMKID hash (WPA*01) by PSK $ hcxpmktool -l WPA*01*4d4fe7aac3a2cecab195321ceb99a7d0*fc690c158264*f4747f87f9f4*686173686361742d6573736964*** -p hashcat! HASH FORMAT.: PMKID (WPA*01) ESSID.......: hashcat-essid MAC_AP......: fc690c158264 MAC_CLIENT..: f4747f87f9f4 PSK.........: hashcat! PMK.........: 88f43854ae7b1624fc2ab7724859e795130f4843c7535729e819cf92f39535dc (calculated) PMKID.......: 4d4fe7aac3a2cecab195321ceb99a7d0 (confirmed) verify PMKID hash (WPA*01) by PMK $ hcxpmktool -l WPA*01*4d4fe7aac3a2cecab195321ceb99a7d0*fc690c158264*f4747f87f9f4*686173686361742d6573736964*** -p 88f43854ae7b1624fc2ab7724859e795130f4843c7535729e819cf92f39535dc HASH FORMAT.: PMKID (WPA*01) ESSID.......: hashcat-essid MAC_AP......: fc690c158264 MAC_CLIENT..: f4747f87f9f4 PMK.........: 88f43854ae7b1624fc2ab7724859e795130f4843c7535729e819cf92f39535dc PMKID.......: 4d4fe7aac3a2cecab195321ceb99a7d0 (confirmed) verify EAPOL hash (WPA*02) by PSK $ hcxpmktool -l WPA*02*024022795224bffca545276c3762686f*6466b38ec3fc*225edc49b7aa*54502d4c494e4b5f484153484341545f54455354*10e3be3b005a629e89de088d6a2fdc489db83ad4764f2d186b9cde15446e972e*0103007502010a0000000000000000000148ce2ccba9c1fda130ff2fbbfb4fd3b063d1a93920b0f7df54a5cbf787b16171000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac028000*a2 -p hashcat! HASH FORMAT.: EAPOL (WPA*02) ESSID.......: TP-LINK_HASHCAT_TEST MAC_AP......: 6466b38ec3fc MAC_CLIENT..: 225edc49b7aa PSK.........: hashcat! PMK.........: 0857172bd4d3ebb34cf00f3619726008d27558926d963a547332fab033023b82 (calculated) KEY VERSION.: WPA2 NONCE AP....: 10e3be3b005a629e89de088d6a2fdc489db83ad4764f2d186b9cde15446e972e NONCE CLIENT: 48ce2ccba9c1fda130ff2fbbfb4fd3b063d1a93920b0f7df54a5cbf787b16171 KCK.........: 57d0f2ff5faef56f9b94390aebf4474d (calculated) KEK.........: 9913af266f6e00225edc49b7aa6466b3 (calculated) TK..........: 8ec3fc10e3be3b005a629e89de088d6a (calculated) TKIP TX MIC.: 2fdc489db83ad476 (calculated) TKIP RX MIC.: 4f2d186b9cde1544 (calculated) MIC.........: 024022795224bffca545276c3762686f (confirmed) verify EAPOL hash (WPA*02) by PMK $ hcxpmktool -l WPA*02*024022795224bffca545276c3762686f*6466b38ec3fc*225edc49b7aa*54502d4c494e4b5f484153484341545f54455354*10e3be3b005a629e89de088d6a2fdc489db83ad4764f2d186b9cde15446e972e*0103007502010a0000000000000000000148ce2ccba9c1fda130ff2fbbfb4fd3b063d1a93920b0f7df54a5cbf787b16171000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac028000*a2 -p 0857172bd4d3ebb34cf00f3619726008d27558926d963a547332fab033023b82 HASH FORMAT.: EAPOL (WPA*02) ESSID.......: TP-LINK_HASHCAT_TEST MAC_AP......: 6466b38ec3fc MAC_CLIENT..: 225edc49b7aa PMK.........: 0857172bd4d3ebb34cf00f3619726008d27558926d963a547332fab033023b82 KEY VERSION.: WPA2 NONCE AP....: 10e3be3b005a629e89de088d6a2fdc489db83ad4764f2d186b9cde15446e972e NONCE CLIENT: 48ce2ccba9c1fda130ff2fbbfb4fd3b063d1a93920b0f7df54a5cbf787b16171 KCK.........: 57d0f2ff5faef56f9b94390aebf4474d (calculated) KEK.........: 9913af266f6e00225edc49b7aa6466b3 (calculated) TK..........: 8ec3fc10e3be3b005a629e89de088d6a (calculated) TKIP TX MIC.: 2fdc489db83ad476 (calculated) TKIP RX MIC.: 4f2d186b9cde1544 (calculated) MIC.........: 024022795224bffca545276c3762686f (confirmed) if either PMKID or MIC is confirmed, exit code is 2 $ echo $? 2 12.11.2022 ========== start moving to OpenSSL 3.0 EVP API this is a huge step forward an will break backward compatibility https://wiki.openssl.org/index.php/OpenSSL_3.0 10.07.2022 ========== hcxpcapngtool: added option to add a timestamp to the converted 22000 hash line --add-timestamp : add date/time to hash line this must be filtered out before feeding hashcat with the hash, e.g. by awk: cat hash.hc22000 | awk '{print $1}' > hashremovedtimestamp.hc22000 Warning: hashcat doesn't accept this hash line - the time stamp must be removed before running hashcat on it 01.06.2022 ========== hcxpsktool: added new option --asus : include weak ASUS RT-AC58U candidates (ASUS_XX) 26.04.2022 ========== hcxpsktool: fixed stdout bug release v6.2.7 22.04.2022 ========== release v6.2.6 still supporting OpenSSL 1.1 09.04.2022 ========== hcxpsktool: added new option --alticeoptimum : include weak Altice/Optimum candidates (MyAltice) 01.12.2021 ========== release v6.2.5 still supporting OpenSSL 1.1 23.10.2021 ========== added generic hcxtools.1 man page 22.10.2021 ========== removed manpages, because they are only a duplicate of the help menu moved installation path from /usr/local/bin to /usr/bin 14.10.2021 ========== hcxpsktool: renamed option --askeyarris to --spectrum 25.09.2021 ========== hcxhashtool: added new option to filter by replay count not checked (nonce-error-corrections mandatory) --rc-not : filter EAPOL pairs by replaycount status not checked 17.09.2021 ========== hcxhashtool: renamed option --notauthorized to --challenge added additional information about filtered MESSAGE PAIRS for this options 14.09.2021 ========== release v6.2.4 This is the last version, supporting OpenSSL 1.1 Next version 6.3.0 will need OpenSSL 3.0.0 01.09.2021 ========== hcxpcapngtool: added new option to retrieve information about the ACCESS POINT As initial start, if transmitted, MAC_AP, MANUFACTURER, MODELNAME, SERIALNUMBER and DEVICENAME are stored (delimited by tab). -D : output device information list format MAC MANUFACTURER MODELNAME SERIALNUMBER DEVICENAME UUID E 28.08.2021 ========== wlancap2wpasec: added upload progress information whoismac: added download progress information hcxhashtool: added download progress information hcxhashtool: added more info options (https://github.com/ZerBea/hcxtools/issues/195) --info= : output detailed information about content of hash file not in combination with --vendor, --vendor-ap or --vendor-client --info=stdout : stdout output detailed information about content of hash file not in combination with --vendor, --vendor-ap or --vendor-client --info-vendor= : output detailed information about ACCESS POINT and CLIENT VENDORs not in combination with --vendor, --vendor-ap or --vendor-client --info-vendor-ap= : output detailed information about ACCESS POINT VENDORs not in combination with --vendor, --vendor-ap or --vendor-client --info-vendor-client= : output detailed information about ACCESS POINT VENDORs not in combination with --vendor, --vendor-ap or --vendor-client --info-vendor=stdout : stdout output detailed information about ACCESS POINT and CLIENT VENDORs not in combination with --vendor, --vendor-ap or --vendor-client --info-vendor-ap=stdout : stdout output detailed information about ACCESS POINT VENDORs not in combination with --vendor, --vendor-ap or --vendor-client --info-vendor-client=stdout : stdout output detailed information about ACCESS POINT VENDORs not in combination with --vendor, --vendor-ap or --vendor-client 27.08.2021 ========== hcxhashtool: VENDOR search is not longer case sensitive (https://github.com/ZerBea/hcxtools/issues/195) hcxhashtool: improved filtering by VENDOR --vendor= : filter AP or CLIENT by (part of) VENDOR name --vendor-ap= : filter AP by (part of) VENDOR name --vendor-client= : filter CLIENT by (part of) VENDOR name 25.08.2021 ========== hcxpcapngtool: advanced handling of BEACON and PROBERESPOSNE frames distinguish between SSID set, SSID unset and SSID zeroed 20.06.2021 ========== Makefile: added compiler flag to disable zlib support 04.06.2021 ========== hcxpcapngtool: improved CSV output: --csv= : output ACCESS POINT information in CSV format delimiter: tabulator (0x08) columns: YYYY-MM-DD HH:MM:SS MAC_AP ESSID ENC_TYPE CIPHER AKM COUNTRY_INFO CHANNEL RSSI GPS(DM.m) GPS(D.d) GPSFIX to convert it to other formats, use bash tools or scripting languages GPS FIX: 0 = fix not available or invalid 1 = fix valid (GPS SPS mode) 2 = fix valid (differential GPS SPS Mode) 3 = not supported 4 = not supported 5 = not supported 6 = fix valid (Dead Reckoning Mode) 28.05.2021 ========== hcxpsktool: added new option to use an exclude ESSID combinations --noessidcombination: exclude ESSID combinations 17.05.2021 ========== release v 6.2.0 get ready for gcc 11.1.0 fixed CVE-2021-32286 12.05.2021 ========== hcxpsktool: added new option to print only candidates based on ACCESS POINT MAC --maconly : print only candidates based on ACCESS POINT MAC 17.03.2021 ========== hcxhashtool: added new option to use an exclude MAC filter list --mac-skiplist= : exclude MAC from file format: 001122334455, 00:11:22:33:44:55, 00-11-22-33-44-55 (hex) 09.03.2021 ========== release v 6.1.5 get ready for OpenSSL 3.0 28.02.2021 ========== added new tool to calculate a PMK and verify a 22000 hashline hcxpmktool 6.1.5-72-g585fe37 (C) 2021 ZeroBeat usage : hcxpmktool short options: -i : input hashcat hash line (-m 22000) -e : input ESSID default: use ESSID from hash line -p : input Pre Shared Key -m : input Plain Master KEY long options: --help : show this help --version : show version 09.02.2021 ========== started to prepare to use openssl 3.0 Many structures have been made opaque in OpenSSL 3.0 since OpenSSL 1.0.2 https://wiki.openssl.org/index.php/OpenSSL_3.0 it is recommended to upgrade to at least OpenSSL 1.1 04.02.2021 ========== hcxpcapngtool: fixed handling of BE pcapng files on BE systems 14.01.2021 ========== release v 6.1.5 02.01.2021 ========== hcxhashtool: added new option --mac-list --mac-list= : filter by MAC file : format: 001122334455, 00:11:22:33:44:55, 00-11-22-33-44-55 (hex) 31.12.2020 ========== hcxpcapngtool: added new option --csv --csv= : output ACCESS POINT information in CSV format delimiter: tabulator (0x08) columns: YYYY-MM-DD HH:MM:SS MAC_AP ESSID ENC_TYPE CIPHER AKM COUNTRY_INFO CHANNEL RSSI LATITUDE QUADRANT LONGITUDE QUADRANT 10.12.2020 ========== Makefile: make use of pkg-config 02.12.2020 ========== release v 6.1.4 21.11.2020 ========== hcxhashtool: added new option to filter by ESSID list --essid-list= : filter by ESSID file hcxpcapngtool: show openSSL version in status 27.10.2020 ========== hcxeiutool: new tool to prepare -E -I -U output of hcxpcapngtool for use by hashcat + rule $ hcxeiutool -h hcxeiutool 6.1.3-37-gbdc5a67 (C) 2020 ZeroBeat usage: hcxeiutool options: -i : input wordlist -d : output digit wordlist -x : output xdigit wordlist -c : output character wordlist (A-Za-z - other characters removed) -s : output character wordlist (A-Za-z - other characters replaced by 0x0d) -h : show this help -v : show version --help : show this help --version : show version example: $ hcxdumptool -i -o dump.pcapng --enable_status=31 $ hcxpcapngtool -o test.22000 -E elist dump.pcapng $ hcxeiutool -i elist -d digitlist -x xdigitlist -c charlist -s sclist $ cat elist digitlist xdigitlist charlist sclist > wordlisttmp $ hashcat --stdout -r charlist >> wordlisttmp $ hashcat --stdout -r sclist >> wordlisttmp $ cat wordlisttmp | sort | uniq > wordlist $ hashcat -m 22000 dump.pcapng wordlist 15.10.2020 ========== hcxpcapngtool: added handling of BSD loopback header (DLT_NULL) 13.10.2020 ========== hcxpcapngtool: added new option --tacacs-plus --tacacs-plus= : output TACACS+ (hashcat -m 16100, john tacacs-plus) hcxpcapngtool: merged options --eapleap and --eapmschapv2 to --eapleap due to same hash format --eapleap= : output EAP LEAP and MSCHAPV2 CHALLENGE (hashcat -m 5500, john netntlm) --prefix= : convert everything to lists using this prefix (overrides single options): -o : output PMKID/EAPOL hash file -E : output wordlist (autohex enabled on non ASCII characters) to use as input wordlist for cracker -I : output unsorted identity list to use as input wordlist for cracker -U : output unsorted username list to use as input wordlist for cracker --eapmd5= : output EAP MD5 CHALLENGE (hashcat -m 4800) --eapleap= : output EAP LEAP and MSCHAPV2 CHALLENGE (hashcat -m 5500, john netntlm) --nmea= : output GPS data in NMEA format 12.10.2020 ========== hcxpcapngtool: added new option --eapmschapv2 --eapmschapv2= : output EAP MSCHAPV2 CHALLENGE (hashcat -m 5500, john netntlm) 11.10.2020 ========== hcxpsktool: added new option --ee --ee : include weak EE BrightBox candidates 09.10.2020 ========== release v 6.1.3 05.10.2020 ========== refactored weak candidate list based on wpa-sec analysis 28.09.2020 ========== removed deprecated wlanpmk2hcx 18.09.2020 ========== hcxpcapngtool: added new option -R -R : output wordlist (autohex enabled on non ASCII characters) to use as input wordlist for cracker retrieved from PROBEREQUEST frames only 17.09.2020 ========== release v 6.1.2 10.09.2020 ========== removed deprecated wlanhcx2ssid, wlanhcxinfo aand wlanhcxcat 07.09.2020 ========== removed deprecated wlanhcx2john, wlanjohn2hcx and wlanwkp2hcx 04.09.2020 ========== removed deprecated hcxpcaptool - use hcxpcapngtool instead 19.08.2020 ========== hcxpsktool: added new option: --egn : include Bulgarian EGN 06.08.2020 ========== release v 6.1.1 improved warnings fixed handling of short options added several new weak candidates 29.06.2020 ========== release v 6.1.0 27.07.2020 ========== hcxhashtool: added new options to get full benefit aof reuse of PBKDF2 --hcx-min= : disregard hashes with occurrence lower than hcx-min/ESSID --hcx-max= : disregard hashes with occurrence higher than hcx-min/ESSID 19.06.2020 ========== hcxpsktool: splitted NETGEAR and ASKEY/ARRIS weak candidate list --netgear : include weak NETGEAR / ORBI candidates --askeyarris : include weak MySpectrumWiFI / SpectrumSetup / MyCharterWiFI candidates 15.06.2020 ========== release v 6.0.3 27.05.2020 ========== hcxpcapngtool: added counter for AKM defined EAPOL messages ASSOCIATIONREQUEST (SAE SHA256)..........: 1 ... EAPOL M1 messages........................: 44361 EAPOL M1 messages (AKM defined)..........: 2 EAPOL M2 messages........................: 1631 EAPOL M2 messages (AKM defined)..........: 3 20.05.2020 ========== hcxpcapngtool: print warning if out of sequence time stamps detected hcxdumptool < 6.0.5 was affected, too and hcxpcapngtool will show you this warning hcxdumptool 6.0.6 is fixed improved conversion speed 18.05.2020 ========== hcxpcapngtool: handle wrong time stamps in pwnagotchi cap files on --nonce-error-corrections > 0 In that case we can't rely on EAPOL TIME OUT 01.05.2020 ========== hcxpcapngtool: handle vendor defined action frames (eg: AWDL) 06.04.2020 ========== release v 6.0.2 hcxpcapngtool: improved NC speed and more bug fixes 03.04.2020 ========== release v 6.0.1 hcxpcapngtool: improved NC speed and some bug fixes removed deprecated wlanhc2hcx removed deprecated wlancow2hcxpmk 02.04.2020 ========== release v 6.0.0 30.03.2020 ========== hcxhash2cap: added new option to convert PMKID&EAPOL (hashcat -m 22000) to cap file --pmkid-eapol= : input PMKID EAPOL combi hash file 14.03.2020 ========== moved to v 6.0.0 complete rewrite from scratch full support of new hashline PMKID+EAPOL (hashcat -m 22000 and JtR) https://github.com/hashcat/hashcat/issues/1816 https://github.com/magnumripper/JohnTheRipper/issues/4183 support EAP-LEAP support EAP-MD5 several bug fixes improved summary improved detection of cipher and AKM suites improved detection of malformed frames (caused by device, driver or monitor mode) read more about monitor mode caused bit errors here: http://www.ict-optimix.eu/images/a/ad/WiFiBitError.pdf In monitor mode the adapter does not check to see if the cyclic redundancy check (CRC) values are correct for packets captured, so some captured packets may be corrupted. hcxpsktool: added new weak candidates hcxpcapngtool: new tool $ hcxpcapngtool -h hcxpcapngtool 6.0.0 (C) 2020 ZeroBeat usage: hcxpcapngtool hcxpcapngtool input.pcapng hcxpcapngtool *.pcapng hcxpcapngtool *.pcap hcxpcapngtool *.cap hcxpcapngtool *.* short options: -o : output PMKID/EAPOL hash file hashcat -m 22000/22001 and JtR wpapsk-opencl/wpapsk-pmk-opencl -E : output wordlist (autohex enabled on non ASCII characters) to use as input wordlist for cracker -I : output unsorted identity list to use as input wordlist for cracker -U : output unsorted username list to use as input wordlist for cracker -h : show this help -v : show version long options: --all : convert all possible hashes instead of only the best one that can lead to much overhead hashes use hcxhashtool to filter hashes need hashcat --nonce-error-corrections >= 8 --eapoltimeout= : set EAPOL TIMEOUT (milliseconds) : default: 5000 ms --nonce-error-corrections= : set nonce error correction warning: values > 0 can lead to uncrackable handshakes : default: 0 --ignore-ie : do not use CIPHER and AKM information this will convert all frames regadless of CIPHER and/OR AKM information, and can lead to uncrackable hashes --max-essids= : maximum allowed ESSIDs default: 1 ESSID disregard ESSID changes and take ESSID with highest ranking --eapmd5= : output EAP MD5 CHALLENGE (hashcat -m 4800) --eapmd5-john= : output EAP MD5 CHALLENGE (john chap) --eapleap= : output EAP LEAP CHALLENGE (hashcat -m 5500, john netntlm) --nmea= : output GPS data in NMEA format format: NMEA 0183 $GPGGA, $GPRMC, $GPWPL to convert it to gpx, use GPSBabel: gpsbabel -i nmea -f hcxdumptool.nmea -o gpx -F file.gpx to display the track, open file.gpx with viking --log= : output logfile --raw-out= : output frames in HEX ASCII : format: TIMESTAMP*LINKTYPE*FRAME*CHECKSUM --raw-in= : input frames in HEX ASCII : format: TIMESTAMP*LINKTYPE*FRAME*CHECKSUM --pmkid= : output deprecated PMKID file (delimter *) --hccapx= : output deprecated hccapx v4 file --hccap= : output deprecated hccap file --john= : output deprecated PMKID/EAPOL (JtR wpapsk-opencl/wpapsk-pmk-opencl) --prefix= : convert everything to lists using this prefix (overrides single options): -o : output PMKID/EAPOL hash file -E : output wordlist (autohex enabled on non ASCII characters) to use as input wordlist for cracker -I : output unsorted identity list to use as input wordlist for cracker -U : output unsorted username list to use as input wordlist for cracker --eapmd5= : output EAP MD5 CHALLENGE (hashcat -m 4800) --eapleap= : output EAP LEAP CHALLENGE (hashcat -m 5500, john netntlm) --nmea= : output GPS data in NMEA format --help : show this help --version : show version bitmask for message pair field: 0: MP info (https://hashcat.net/wiki/doku.php?id=hccapx) 1: MP info (https://hashcat.net/wiki/doku.php?id=hccapx) 2: MP info (https://hashcat.net/wiki/doku.php?id=hccapx) 3: x (unused) 4: ap-less attack (set to 1) - no nonce-error-corrections necessary 5: LE router detected (set to 1) - nonce-error-corrections only for LE necessary 6: BE router detected (set to 1) - nonce-error-corrections only for BE necessary 7: not replaycount checked (set to 1) - replaycount not checked, nonce-error-corrections definitely necessary Do not edit, merge or convert pcapng files! This will remove optional comment fields! Detection of bit errors does not work on cleaned dump files! Do not use hcxpcapngtool in combination with third party cap/pcap/pcapng cleaning tools (except: tshark and/or Wireshark)! It is much better to run gzip to compress the files. Wireshark, tshark and hcxpcapngtool will understand this. hcxhashtool: new tool $ hcxhashtool -h hcxhashtool 6.0.0 (C) 2020 ZeroBeat usage: hcxhashtool options: -i : input PMKID/EAPOL hash file -o : output PMKID/EAPOL hash file -E : output ESSID list (autohex enabled) -d : download http://standards-oui.ieee.org/oui.txt : and save to ~/.hcxtools/oui.txt : internet connection required -h : show this help -v : show version --essid-group : convert to ESSID groups in working directory full advantage of reuse of PBKDF2 not on old hash formats --oui-group : convert to OUI groups in working directory not on old hash formats --mac-group-ap : convert APs to MAC groups in working directory not on old hash formats --mac-group-client : convert CLIENTs to MAC groups in working directory not on old hash formats --type : filter by hash type : default PMKID (1) and EAPOL (2) --essid-len : filter by ESSID length : default ESSID length: 0...32 --essid-min : filter by ESSID minimum length : default ESSID minimum length: 0 --essid-max : filter by ESSID maximum length : default ESSID maximum length: 32 --essid= : filter by ESSID --essid-part= : filter by part of ESSID --mac-ap= : filter AP by MAC : format: 001122334455, 00:11:22:33:44:55, 00-11-22-33-44-55 (hex) --mac-client= : filter CLIENT by MAC : format: 001122334455, 00:11:22:33:44:55, 00-11-22-33-44-55 (hex) --oui-ap= : filter AP by OUI : format: 001122, 00:11:22, 00-11-22 (hex) --oui-client= : filter CLIENT by OUI : format: 001122, 00:11:22, 00-11-22 (hex) --vendor= : filter by (part of) VENDOR name --authorized : filter EAPOL pairs by status authorized --notauthorized : filter EAPOL pairs by status not authorized --rc : filter EAPOL pairs by replaycount status checked --apless : filter EAPOL pairs by status M2 requested from client --info= : output detailed information about content of hash file --info=stdout : stdout output detailed information about content of hash file --vendorlist : stdout output VENDOR list sorted by OUI --psk= : pre-shared key to test : due to PBKDF2 calculation this is a very slow process : no nonce error corrections --pmk= : plain master key to test : no nonce error corrections --hccapx= : output to deprecated hccapx file --hccap= : output to ancient hccap file --hccap-single : output to ancient hccap single files (MAC + count) --john= : output to deprecated john file --help : show this help --version : show version | deprecated | obsolete when hashcat and JtR moved to new PMKID/EAPOL hash line - no longer under maintenance | | -------------- | -------------------------------------------------------------------------------------------------------------------- | | whoismac | Show vendor information and/or download oui reference list | | hcxmactool | Various MAC based filter operations on HCCAPX and PMKID files - convert hccapx and/or PMKID to new hashline format | | hcxpcaptool | Shows info of pcap/pcapng file and convert it to other hashformats accepted by hashcat and John the Ripper | | hcxpmkidtool | CPU based tools to verfiy a PMKID | | hcxessidtool | Various ESSID based filter operations on HCCAPX and PMKID files | | hcxhashcattool | Convert old hashcat (<= 5.1.0) separate potfile (2500 and/or 16800) to new potfile format | | wlanhc2hcx | Converts hccap to hccapx | | wlanwkp2hcx | Converts wpk (ELMCOMSOFT EWSA projectfile) to hccapx | | wlanhcx2ssid | Strips BSSID, ESSID, OUI | | wlanhcxinfo | Shows detailed info from contents of hccapxfile | | wlanhcxcat | Simple password recovery tool for WPA/WPA2/WPA2 SHA256 AES-128-CMAC (hash-modes 2500, 2501) | | wlanpmk2hcx | Converts plainmasterkey and ESSID for use with hashcat hash-mode 12000 or john PBKDF2-HMAC-SHA1 | | wlanjohn2hcx | Converts john wpapsk hashfiles for use with hashcat hash-modes 2500, 2501 | | wlancow2hcxpmk | Converts pre-computed cowpatty hashfiles for use with hashcat hash-mode 2501 | | wlanhcx2john | Converts hccapx to format expected by John the Ripper | 05.01.2020 ========== hcxhashtool: added new options -d : download http://standards-oui.ieee.org/oui.txt : and save to ~/.hcxtools/oui.txt : internet connection required --info= : output detailed information about content of hash file --info=stdout : stdout output detailed information about content of hash file 03.01.2020 ========== started to remove deprecated tools wlanhcxmnc: removed 19.12.2019 ========== hacxhashtool: added new tool initial this tool will work on new PMKID EAPOL hash line and replace all older hcxtools when all functions implemented. 19.12.2019 ========== hcxpcapngtool: move -j to --john because format is deprecated and JtR will move to new format, too https://github.com/hashcat/hashcat/issues/1816#issuecomment-567423392 17.12.2019 ========== hcxpsktool: added support for hashcat 22000 (crossover PMKID - EAPOL hashline) -c : input PMKID/EAPOL hash file (hashcat -m 22000) 16.12.2019 ========== prepare new tool hcxpcapngtool for hashcat hashmode 22000 (crossover PMKID - EAPOL hashline) highly experemental not all features build in format of hashmode 22000 may change on hashcat and hcxpcapngtool until final release hcxpcaptool will replaced by hcxpcapngtool if everything is working like expected only testing purpose to verify hashcat's new hash mode 22000 09.12.2019 ========== hcxpsktool : added new weak candidates --phome : include PEGATRON HOME candidates 08.12.2019 ========== move to v5.3.0 29.09.2019 ========== hcxpmkidtool: added new tool to verify a PMKID (CPU based) options: -p : input PMKID PMKID:MAC_AP:MAC_STA:ESSID(XDIGIT) PMKID*MAC_AP*MAC_STA*ESSID(XDIGIT) -w : input wordlist (8...63 characters) output: PMK:ESSID (XDIGIT):password -W : input single word (8...63 characters) output: PMK:ESSID (XDIGIT):password -K : input single PMK output: PMK:ESSID (XDIGIT) format: -h : show this help -v : show version --help : show this help --version : show version hcxpmkidtool is designed to verify an existing PSK or and existing PMK. It is not designed to run big wordlists! 25.09.2019 ========== wlanhashhcx: removed hcxmactool: added new tool (MAC based counterpart to ESSID based hcxessidtool) options: -o : filter access point by OUI -n : filter access point by NIC -m : filter access point by MAC -a : filter access point by VENDOR name -O : filter client by OUI -N : filter client point by NIC -M : filter client point by MAC -A : filter client by VENDOR name -h : show this help -v : show version --pmkidin= : input PMKID file 1 --pmkidout= : output PMKID file 1 --hccapxin= : input HCCAPX file --hccapxout= : output HCCAPX file --help : show this help --version : show version 24.09.2019 ========== hcxessidtool: added new options and improved help --pmkidgroupout= : output ESSID groups from ESSIDs present in PMKID1 --hccapxgroupout=: output ESSID groups from ESSIDs present in HCCAPX1 15.09.2019 ========== hcxpcaptool: added new option and improved help --ignore-mac : do not check MAC addresses this will allow to use ESSIDs from frames with damaged broadcast MAC address 14.09.2019 ========== hcxpcaptool : improved detection of damaged ESSIDs 13.09.2019 ========== hcxessidtool: added new options --essidout= : output ESSID list --essidmacapout= : output MAC_AP:ESSID list 12.09.2019 ========== removed : wlanhcx2essid (deprecated) added : hcxessidtool options: -e : filter by ESSID -E : filter by part of ESSID -l : filter by ESSID length -h : show this help -v : show version --pmkid1= : input PMKID file 1 --pmkid2= : input PMKID file 2 --pmkidout12= : output only lines present in both PMKID file 1 and PMKID file 2 --pmkidout1= : output only lines present in PMKID file 1 --pmkidout2= : output only lines present in PMKID file 2 --pmkidout= : output only ESSID filtered lines present in PMKID file 1 --hccapx1= : input HCCAPX file 1 --hccapx2= : input HCCAPX file 2 --hccapxout12= : output only lines present in both HCCAPX file 1 and HCCAPX file 2 --hccapxout1= : output only lines present in HCCAPX file1 --hccapxout2= : output only lines present in HCCAPX file 2 --hccapxout= : output only ESSID filtered lines present in HCCAPX file 1 --help : show this help --version : show version Main purpose is to get full adcantage or reuse of PBKDF2 while merging (only) the same ESSIDs from different hash files examples: hcxessidtool --pmkid1=file1.16800 --pmkid2=file2.16800 --pmkidout12=joint.16800 hcxessidtool --pmkid1=file1.16800 -l 10 --pmkidout=filtered.16800 03.09.2019 ========== move to v5.2.2 fixed bug in damaged ESSID handling 01.09.2019 ========== hcxpcaptool: show capture device vendor 28.08.2019 ========== moved to v5.2.1 hcxpsktool : added new weak candidates hcxdumptool: added additional warnings about handling of pcapng files ( im imrpoved status out: count zeroed PMKIDs 19.08.2019 ========== move to v5.2.0 11.08.2019 ========== hcxpcaptool: print time of first packet and time of last packet this will not work on cap files with zeroed time stamps 10.08.2019 ========== hcxpcaptool: removed option --replaycountcheck added option --ignore-replaycount to allow conversion of not replaycount checked handshakes if we have no replaycount matching handshake - in that case nc must be used! Remarks: total best handshakes and total best PMKIDs can be different to realy written ones: best handshakes (total)..........: 190 (ap-less: 122) best PMKIDs (total)..............: 30 summary output file(s): ----------------------- 175 handshake(s) written to /tmp/test.hccapx message pair M12E2...............: 157 message pair M32E2...............: 16 message pair M34E4...............: 2 29 PMKID(s) written to /tmp/test.16800 That depend on this additional options and the quality of the cap file: --ignore-fake-frames : do not convert fake frames --ignore-zeroed-pmks : do not convert frames which use a zeroed plainmasterkey (PMK) --ignore-replaycount : allow not replaycount checked best handshakes --time-error-corrections= : maximum time gap between EAPOL frames - EAPOL TIMEOUT (default: 600s) --nonce-error-corrections= : maximum replycount/nonce gap to be converted (default: 8) example: --nonce-error-corrections=60 convert handshakes up to a possible packetloss of 59 packets hashcat nonce-error-corrections should be twice as much as hcxpcaptool value --max-essid-changes= : allow maximum ESSID changes (default: 1 - no ESSID change is allowed) 09.08.2019 ========== hcxpcaptool: added summary (replaycount check) and print warning if result is not replaycount checked (in this case nc is necessary) added warning if an ESSID change is detected. this can be handled by increase the value of option --max-essid-changes added new option --replaycountcheck --replaycountcheck : convert only replaycount checked frames 26.06.2019 ========== hcxpcaptool: added new option --max-essid-changes --max-essid-changes= : allow maximum ESSID changes (default: 8) useful on merged cap files with many ESSID changes for a single mac_ap or on damaged ESSIDs 23.06.2019 ========== hcxpcaptool: fixed several big endian issues show information about handshakes and PMKIDs calculated by a zeroed PMK added new options --ignore-zeroed-pmks and --prefix-out= --ignore-zeroed-pmks : do not convert frames which use a zeroed plainmasterkey (PMK) This option is useful to reduce the commandline length if all lists are requested: --prefix-out= : convert everything to lists using this prefix (overrides single options): hccapx (-o) file.hccapx PMKID (-k) file.16800 netntlm (--netntlm-out) file.5500 md5 (--md5-out) file.4800 tacacsplus (--tacacsplus) file.16100 wordlist (-E) file.essidlist identitylist (-I) file.identitylist usernamelist (-U) file.userlist imsilist (-M) file.imsilist networklist (-network-out) file.networklist trafficlist (-T) file.networklist clientlist (-X) file.clientlist deviceinfolist (-D) file.deviceinfolist 20.06.2019 ========== hcxpcaptool: complete refactoring of pcapng engine 19.06.2019 ========== hcxpcaptool: added new option -D -D : output unsorted device information list format = MAC:DEVICEINFO string 16.06.2019 ========== hcxpcaptool: refactored complete tag walk engine due to several stack smashing issues (fsanitize=address) added new option to detect known fake frames --ignore-fake-frames : do not convert fake frames 14.06.2019 ========== hcxpcaptool: complete rewrite of RSN-IE PMKID detection within association frames and reassociation frames 07.06.2019 ========== hcxpcaptool: added new option to filter output by a single MAC address all packets which doesn't contain this MAC in address 1, address 2 or address 3 are ignored. --filtermac= : filter output by MAC address format: 112233445566 07.06.2019 ========== hcxpcaptool: detect and convert PMKIDs from clients read more here: https://hashcat.net/forum/thread-6661-post-44869.html#pid44869 30.05.2019 ========== hcxtools moved to v5.1.6 due to a bug in v5.1.5 hcxpcaptool: added 2 new options to convert raw PMKIDs -K : output raw PMKID file (hashcat hashmode -m 16801 new format) -Z : output raw PMKID file (hashcat hashmode -m 16801 old format and john) use this options if you would like to verify a PMKID and yo don't have an ESSID read more here: https://github.com/ZerBea/hcxtools/issues/92#issuecomment-497128717 19.05.2019 ========== added new useful script: hcxgrep.py Works like grep, but for hccapx/pmkid hashfiles - those are detected automagically. It also can read from stdin and writes on stdout. It tries to be as close to grep commandline options, this is -h: usage: hcxgrep.py [-h] [-f FILE] [-v] [-t {essid,mac_ap,mac_sta}] [PATTERNS] [infile] Extract records from hccapx/pmkid file based on regexp positional arguments: PATTERNS RegExp pattern infile hccapx/pmkid file to process optional arguments: -h, --help show this help message and exit -f FILE, --file FILE Obtain patterns from FILE, one per line. -v, --invert-match Invert the sense of matching, to select non-matching nets -t {essid,mac_ap,mac_sta}, --type {essid,mac_ap,mac_sta} Field to apply matching, default essid By default it greps by essid, but you can choose with -t also to grep over mac_ap or mac_sta, passed as lowercase hex strings. It also can read multiple patterns from external file, like those attached. It's composed from routerkeygen and matches essids with _ or - in them. Of course this have many false positives and the default PSK can be changed, but one can easy get those nets he needs to try custom wordlists or etc. 16.04.2019 ========== finally removed wlanhcx2psk in favor of hcxpsktool 08.04.2019 ========== hcxpcaptool: from now on only PBKDF2 based hashes (EAPOL and PMKID) are converted running options -k -z and -o raw option -O will convert all EAPOL handshakes. 02.04.2019 ========== Due to hashcat changes: "WPA/WPA2 cracking: In the potfile, replace password with PMK in order to detect already cracked networks across all WPA modes" https://github.com/hashcat/hashcat/commit/b8d609ba1604f4fed62198ae5000e205dcc87f70 hcxpcaptool: added new option -k to convert dumpfile to new hashcat PMKID format -k : output PMKID file (hashcat hashmode -m 16800 new format) -z : output PMKID file (hashcat hashmode -m 16800 old format and john) use hcxhashcattool to convert old 2500 and old 16800 potfile to new hashcat potfile Format: -p : input old hashcat potfile accepted potfiles: 2500 or 16800 -P : output new potfile file (PMK:ESSID:PSK) hcxhashcattool -p oldhashcat.2500.pot -P newhashcat.potfile hcxhashcattool -p oldhashcat.16800.pot -P newhashcat.potfile 30.03.2019 ========== hcxpcaptool: retrieve IMSI from UMTS Authentication and Key Agreement (EAP-AKA) and EAP-SIM (GSM Subscriber Modules) Authentication 19.03.2019 ========== wlanhcx2ssid: use systemwide oui.txt (/usr/share/ieee-data/oui.txt), if exist whoismac: use systemwide oui.txt (/usr/share/ieee-data/oui.txt), if exist 18.03.2019 ========== wlancap2wpasec: added man 1 page hcxpcaptool: added new option -M to collect IMSI numbers -M : output unsorted IMSI number list 17.03.2019 ========== hcxpcaptool: added man 1 page hcxpsktool: added man 1 page hcxhash2cap: added man 1 page 09.03.2019 ========== hcxtools moved to version 5.1.3 due to change of pcapng comment field 07.03.2019 ========== hcxpcaptool added GPX comment field for GPS time from GPS device test3.gpx dntest.pcapng 129.500000 1af87c9124a3 GPS-TIME:2019-03-06T22:28:00Z 26.02.2019 ========== hcxtools moved to version 5.1.3 due to several bug fixes 18.02.2019 ========== hcxtools moved to version 5.1.2 due to implementation of serveral new options 14.02.2019 ========== wlancap2wpasec: added new option -e -e : set email address, if requiered 13.02.2019 ========== hcxpsktool added full support (option -j) for john -i : input EAPOL hash file (hashcat) -j : input EAPOL hash file (john) -z : input PMKID hash file (hashcat and john) 12.02.2019 ========== hcxpcaptool: added new option -X -X : output client probelist : format: mac_sta:probed ESSID (autohex enabled) added new tool: hcxwltool while hcxpsktool is designed to run on hcxpcaptool -o and -z output, hcxwltool is designed to run on hcapcaptool -E, -I and -U output $ hcxwltool -h hcxwltool 5.1.1 (C) 2019 ZeroBeat usage: hcxwltool options: -i : input worlist -o : output wordlist to file -h : show this help -v : show version --straight : output format untouched --digit : output format only digits --xdigit : output format only xdigits --lower : output format only lower --upper : output format only upper --capital : output format only capital --length= : password lenght (8...32) --help : show this help --version : show version examples: hcxwltool -i wordlist --straight | sort | uniq | | sort | uniq | hashcat -m 2500 hashfile.hccapx hcxwltool -i wordlist --gigit --length=10 | sort | uniq | | sort | uniq | hashcat -m 2500 hashfile.hccapx hcxwltool -i wordlist --digit | sort | uniq | hashcat -m 16800 hashfile.16800 hcxwltool -i wordlist --xdigit | sort | uniq | john --stdin --format=wpapsk-opencl hashfile.16800 11.02.2019 ========== whoismac: added two new options to convert ESSID HEX to ASCII or ESSID ASCII to HEX -e : input ESSID -x : input ESSID in hex example: $ whoismac -e default 64656661756c74 now search for this essid, running simple bash commands: cat hashfile.16800 | grep 64656661756c74 02.02.2019 ========== release hcxtools v 5.1.1 removed....: wlanhcx2psk replaced by: hcxpsktool removed....: wlanhcx2cap replaced by: hcxhash2cap no more libcap dependency! 01.02.2019 ========== hcxhash2cap: added new option to canvert john WPAPSK has file to cap hcxhash2cap will replace wlanhcx2cap, soon $ hcxhash2cap -h hcxhash2cap 5.1.0 (C) 2019 ZeroBeat usage: hcxhash2cap options: -c : output cap file if no cap file is selected, output will be written to single cap files format: mac_sta.cap (mac_sta.cap_x) --pmkid= : input PMKID hash file --hccapx= : input hashcat hccapx file --hccap= : input hashcat hccap file --john= : input John the Ripper WPAPSK hash file --help : show this help --version : show version 31.01.2019 ========== hcxhash2cap: added new options to convert hccapx to cap and hccap to cap 29.01.2019 ========== aded new tool: hcxhash2cap 22.01.2019 ========== hcxpcaptool: in preparation of hccapx successor, hcxpcaptool now count oversized (>0xff) EAPOLframes EAPOL packets (oversized)....: xx read more here: https://github.com/hashcat/hashcat/issues/1816 13.12.2018 ========== hcxpcaptool: removed options -x and -X (old hccap format) hcxpcaptool: added options --hccap-out and --hccap-raw-out (old hccap format) --hccap-out= : output old hccap file (hashcat -m 2500) --hccap-raw-out= : output raw old hccap file (hashcat -m 2500) 09.12.2018 ========== hcxpcaptool: detect EAPOL GROUP KEYs hcxpcaptool: move option -H to --hexdump-out hcxpcaptool: added new options (--eapol-out, --network-out) --eapol-out= : output EAPOL packets in hex format = mac_ap:mac_sta:eapol --network-out= : output network information format = mac_ap:ESSID --hexdump-out= : output dump raw packets in hex 05.12.2018 ========== moved to v 5.1.0 (according to hashcat) hcxpcaptool: detect EAPOL RC4 KEYs 04.12.2018 ========== hcxpcaptool: fixed bug in FCS on BE systems hcxpcaptool: detect MESH-IDs 26.11.2018 ========== several big endian fixes switched to version 5.0.1 19.11.2018 ========== hcxpcaptool: improved detection of ESSID changes in merged capfiles 30.10.2018 ========== hcxtools moved to version 5.0.0 hcxpsktool: added NETGEARxx list --netgear : include NETGEAR candidates 03.10.2018 ========== hcxpcaptool: use GMT time 30.09.2018 ========== hcxhashcattool: accept 16800 potfiles 29.09.2018 ========== hcxpcaptool: removed option -Z Allow hashfile for -m 16800 to be used with -m 16801 https://github.com/hashcat/hashcat/commit/1b980cf01000c81dfd0ca085593f8c1d66d43188 added new option -g -g : output GPS file\n" format = GPX (accepted for example by Viking and GPSBabel)\n" 24.09.2018 ========== whoismac new option to get VENDOR information from a hashcat 2500 potfile line -P : input EAPOL hashline from potfile 20.09.2018 ========== prepare new tool (experimental): hcxpsktool (supports hccapx and 16800 hashfile) hcxpsktool will replace wlanhcx2psk, when all wlanhcx2psk functions are added 15.09.2018 ========== hcxpcaptool: added detection of Cisco Systems, Inc VENDOR information in authentication 06.09.2018 ========== hcxpcaptool: added detection of Netgear VENDOR information in authentication 04.09.2018 ========== hcxpcaptool: try to detect and remove damaged ESSIDs 26.08.2018 ========== whoismac added new option -p to get information about VENDOR and print ESSID in ASCII "-p : input PMKID hashline\n" 17.08.2018 ========== hcxpcaptool skip unknown option (thanks to magnumripper) hcxpcaptool detect Wilibox Delibrant Group LLC authentication hcxpcaptool detect NETWORK EAP authentication system 07.08.2018 ========== added communication between hcxdumtool and hcxpcaptool via pcapng option fields: 62108 for REPLAYCOUNT uint64_t 62109 for ANONCE uint8_t[32] 03.08.2018 ========== hcxtools release 4.2.0 Todo: hcxdumptool 4.2.0 will randomize ap-less attacks. hcxpcaptool will convert this handshakes correctly, but will not detect them as ap-less attack This feature will be added in hcxtools 4.2.1 01.08.2018 ========== moved raspberry pi stuff and dumper stuff to hcxdumptool repository from now on hcxtools only includes conversion tools 25.07.2018 ========== hcxtools moved to 4.2.0 rc1 hcxpcaptool: added hashmodes -m 16800 and -m 16801 and new options: -z : output PMKID file (hashcat hashmode -m 16800 - WPA*-PMKID-PBKDF2) -Z : output PMKID file (hashcat hashmode -m 16801 - WPA*-PMKID-PMK) use hcxpcaptool as dumper/attacker, convert with hcxpcaptool, retrieve PSK using hashcat removed wlandump-ng (old scool, deprecated) removed wlancap2hcx (old scool, deprecated) 17.07.2018 ========== hcxpcaptool: show detailed file stats on pcapng files - go in sync with (upcomming) hcxdumptool 4.2.0 17.07.2018 ========== hcxpcaptool: added detection of all EAP types: EAP_PACKET EAPOL_START EAPOL_LOGOFF EAPOL_KEY EAPOL_ASF EAPOL_MKA 15.07.2018 ========== wlanhcx2psk: added more weak candidates based on OSINT from wpa-sec 07.07.2018 ========== hcxpcaptool: added detection of BROADCOM specific authentication 01.07.2018 ========== hcxpcaptool: added detection of FILS authentication algorithm 27.06.2018 ========== hcxpcaptool: added detection of authentication algorithms 23.06.2018 ========== hcxpcaptool: added full support for AVS header (DLT_IEEE802_11_RADIO_AVS) 22.06.2018 ========== hcxpcaptool: added full support for TaZmen Sniffer Protocol (TZSP) 21.06.2018 ========== hcxpcaptool: added detection of TaZmen Sniffer Protocol (TZSP) 20.06.2018 ========== hcxpcaptool: added conversion of WDS packets 19.06.2018 ========== hcxpcaptool: added detection of RADIUS authentication with Ethernet II header 05.05.2018 ========== hcxpcaptool: improved detection of broken ESSIDs improved detection of broken EAPOL frames wlanhcx2ssid (option -F): improved detection of broken ESSIDs omproved detection of broken EAPOL frames 12.03.2018 ========== moved to v 4.1.5 added new options wlancap2wpasec $ wlancap2wpasec -h wlancap2wpasec 4.1.5 (C) 2018 ZeroBeat usage: wlancap2wpasec [input.cap] [input.cap] ... wlancap2wpasec *.cap wlancap2wpasec *.* options: -k : wpa-sec user key -u : set user defined URL default = https://wpa-sec.stanev.org -t : set connection timeout default = 30 seconds -R : remove cap if upload was successful -h : this help 25.02.2018 ========== split repository! moved hcxdumptool to https://github.com/ZerBea/hcxdumptool move pioff to https://github.com/ZerBea/hcxdumptool/hcxpioff from now on, hcxtools will be the mostly "portable part" 17.02.2018 ========== hcxpcaptool added nonce fuzzing logic for john and old hashcat (hccap) according to bitmask: 0: MP info 1: MP info 2: MP inf 3: x (unused) 4: ap-less attack (set to 1) - no nonce-error-corrections neccessary 5: LE router detected (set to 1) - nonce-error-corrections only for LE neccessary 6: BE router detected (set to 1) - nonce-error-corrections only for BE neccessary 7: not replaycount checked (set to 1) - replaycount not checked, nonce-error-corrections definitely neccessary 15.02.2018 ========== hcxpcaptool added detection of router endianess and ap-less attacks: bitmask for message_pair file: 0: MP info 1: MP info 2: MP inf 3: x (unused) 4: ap-less attack (set to 1) - no nonce-error-corrections neccessary 5: LE router detected (set to 1) - nonce-error-corrections only for LE neccessary 6: BE router detected (set to 1) - nonce-error-corrections only for BE neccessary 7: not replaycount checked (set to 1) - replaycount not checked, nonce-error-corrections definitely neccessary using bit 4 to 7, hcxtools are able to interact with hascat - that will increase speed for hashcat. 09.02.2018 ========== hcxpcaptool added full implementation of PPP-CHAP authentication added detection of RADIUS (UDP destination 1812) new dependency: libopenssl 07.02.2018 ========== hcxpcaptool added full implementation of TACACS+ --tacacsplus-out= : output TACACS+ authentication file (hashcat -m 16100, john tacacs-plus) 05.02.2018 ========== hcxpcaptool improved help menu ignore empty usernames added new option --md5-john-out= : output MD5 challenge file (john chap) 04.02.2018 ========== hcxpcaptool continued implementation of EAP (RADIUS): netNTLMv1, MD5 challenge added new options -U : output username list (unsorted) --netntlm-out= : output netNTLMv1 file (hashcat -m 5500, john netntlm) --md5-out= : output MD5 challenge file (hashcat -m 4800, john chap) 03.02.2018 ========== added hcxphashcattool (calculate PMKs from hashcat -m 2500 potfile) $ hcxhashcattool -h hcxhashcattool 4.1.0 (C) 2018 ZeroBeat usage: hcxhashcattool options: -p : input hashcat -m 2500 potfile -P : output PMK file (PMK:ESSID:PSK) -h : show this help -v : show version 01.02.2018 ========== hcxpcaptool added detection of TCP and UDP network protocol neccessary for IP based authentications 31.01.2018 ========== hcxtools moved to v 4.1.0 and starts into the 3. generation with - hcxdumptool (will replace wlandump-ng) and - hcxpcaptool (will replace wlancap2hcx) 29.01.2018 ========== hcxpcaptool improved detection of handshakes removed options -A -S ( will improve them and add them later again) 17.01.2018 ========== hcxpcaptool added new options -O : output raw hccapx file -x : output hccap file -X : output raw hccap file -j : output john WPAPSK-PMK file -J : output raw john WPAPSK-PMK file --time-error-corrections : maximum allowed time gap (default: 10000ms) --nonce-error-corrections : maximum allowed nonce gap (default: 8) : should be the same value as in hashcat option -O is designed for third party tools which like to strip handshakes by themselves options -x and -X are designed for use on older systems and old hashcat version 16.01.2018 ========== hcxpcaptool added new option -o -o : output hccapx file convert cap/pcap/pcapng to hccapx 15.01.2018 ========== hcxpcaptool added new option -V -V : verbose (but slow) status output Running hcxpcaptool without options on cap/pcap/pcapng files shows only limited stauts output If you need detailed informations, use -V 14.01.2018 ========== hcxpcaptool added suport for gzip compressed cap/pcap/pcapng files new dependency: zlib 14.01.2018 ========== hcxpcaptool added new options -P -I -I : output identities list -P : output possible WPA/WPA2 plainmasterkey list 13.01.2018 ========== hcxpcaptool added new option -S : output station EAPOL information list date::timestamp:mac_sta:mac_ap:epol_len:eapol moved internal to tv_usec timestamp 12.01.2018 ========== hcxdumptool added new option -C : comma separated scanlist (1,3,5,7...) support for scanlist hcxpcaptool added new option -A : output access point anonce information list (forensics purpose) date:mac_sta:mac_ap:keyver(1=M1, 2=M3, 3=M1+M3):replaycount(in hex):anonce 11.01.2018 ========== hcxpcaptool added new options -E : output wordlist (autohex enabled) to use as wordlist -T : output traffic information list 10.01.2018 ========== hcxpcaptool added option -H -H : dump raw packets in hex 09.01.2018 ========== - move hcxtools to v 4.0.2 - renamed wlandump-rs to hcxdumptool - removed wlancapinfo -> replaced by hcxpcaptool +get rid of libpcap dependency) +added full pcapng support $ hcxpcaptool -h hcxpcaptool 4.0.2 (C) 2017 ZeroBeat usage: hcxpcaptool hcxpcaptool [input.pcap] [input.pcap] ... hcxpcaptool *.cap hcxpcaptool *.* options: -h : show this help -v : show version 07.01.2018 ========== wlandump-rs added option -l -l : enable capture of IPv4/IPv6 packets 06.01.2018 ========== wlandump-ng added option -l -l : enable capture of IPv4/IPv6 packets 21.12.2017 ========== wlancap2hcx removed option -x now wlancap2hcx looks first for association/re-associationrequests or for directed proberequests or for proberesponseses and at last (if no other frames found in the cap) for a beacon 21.12.2017 ========== wlancap2hcx added new option to remove handshakes that that belong to the same authentication sequence -D : remove handshakes that belong to the same authentication sequence : you must use nonce-error-corrections on that file! wlanhcx2ssid added new option to remove handshakes that that belong to the same authentication sequence -D : remove handshakes that belong to the same authentication sequence : you must use nonce-error-corrections on that file! 17.12.2017 ========== moved to version 4.0.1 added wlandump-rs - use raw sockets instead of libpcap - faster and more aggressive than wlandump-ng - able to capture more handchakes than wlandump-ng - automatic use channel 14 and 5GHz channels if driver supports this - improvements on scan engine - improvements on authentication engine - use ap blacklist instead of BPF $ wlandump-rs -h wlandump-rs 4.0.1 (C) 2017 ZeroBeat usage: wlandump-rs options: -i : interface -o : output file in pcapformat including radiotap header (LINKTYPE_IEEE802_11_RADIOTAP) -c : set channel (default = channel 1) -t : stay time on channel before hopping to the next channel : default = 5 seconds -B : blacklist (do not deauthenticate clients from this hosts - format: xxxxxxxxxxxx) -I : show suitable wlan interfaces and quit -T : terminate after maximal errors : default: 1000000 -D : enable to transmit deauthentication- and disassociation-frames -P : enable poweroff -s : enable status messages -h : show this help -v : show version 16.12.2017 ========== wlancap2wpasec ----------- added option to remove cap file if upload was successful -R : remove cap if upload was successful 05.12.2017 ========== wlanhcx2ssid ----------- added option to strip damaged records from hccapx file -F : strip bad records and write only flawless records to hccapx file Detected errors (more follows later): - bad keytype in EAPOL frame 21.11.2017 ========== wlancap2hcx ----------- added detection and conversation of TACACS+ Authentication -t : output TACACS+ file (hashcat -m 16100, john tacacs-plus) 21.11.2017 ========== wlandump-ng ----------- added new option -P for use with hard coded GPIO switch -P : terminate program and poweroff raspberry pi by GPIO switch : default: terminate program and do not power off 20.11.2017 ========== wlandump-ng ----------- do not terminate wlandum-ng if channel set failed instead reset channel back to 1 31.10.2017 ========== wlandump-ng ----------- improved status: added beacons, proberequests, proberesponses, associationrequests and reassociationrequests warning in help mennu that driver must support 5GHz 29.10.2017 ========== wlanrcascan ----------- added option -l (loopcount) wlandump-ng ----------- added detection of fast BSS transition (fast roaming) wlancap2hcx ----------- added detection of fast BSS transition (fast roaming) 28.10.2017 ========== - added changelog - merged wlanresponse and wlandump-ng bash_profile ------------ adapted to new wlandump-ng wlanresponse ------------ - removed wlandump-ng ----------- - waterfall status - improved deauthentication stop when retrieved one complete handshake (M1-M4) from ap <-> client - improved disassociation stop when retrieved one complete handshake (M1-M4) from ap <-> client - send one undirected proberequest to broadcast after channel change - improved expanded EAPOL handling - improved authentication - improved beaconing on proberequests - now wlandump-ng is passive by default (only receive) - transmit must be enabled - changed / new options: -R : enable to respond to all requests -D : enable deauthentications -d : enable disassociations -E : stop deauthentications and disassociations if xx complete handshakes received : default = 1 complete handshake (M1-M4) -U : send one undirected proberequest to broadcast after channel change -B : enable beaconing on last proberequest "-s : enable status messages\n" localtime, channel, mac_ap, mac_sta, information 11:02:52 11 xxxxxxxxxxxx <-> xxxxxxxxxxxx M1M2 handshake (forced) 11:01:45 11 xxxxxxxxxxxx <-> xxxxxxxxxxxx M1M2 handshake (forced-retransmission) 11:03:57 11 xxxxxxxxxxxx <-> xxxxxxxxxxxx M1M2 handshake (not verified) 11:03:57 11 xxxxxxxxxxxx <-> xxxxxxxxxxxx M2M3 handshake (verified) 11:03:57 11 xxxxxxxxxxxx <-> xxxxxxxxxxxx M3M4 handshake (established) 16:36:13 1 xxxxxxxxxxxx --> xxxxxxxxxxxx identity request: hello 16:36:13 1 xxxxxxxxxxxx <-- xxxxxxxxxxxx identity response: WFA-SimpleConfig-Registrar-1-0 16:36:14 1 xxxxxxxxxxxx --> xxxxxxxxxxxx WPS-M1 message 16:36:14 1 xxxxxxxxxxxx <-- xxxxxxxxxxxx WPS-M2 message 16:36:16 1 xxxxxxxxxxxx --> xxxxxxxxxxxx WPS-M3 message 16:36:16 1 xxxxxxxxxxxx <-- xxxxxxxxxxxx WPS-M4 message 16:36:16 1 xxxxxxxxxxxx --> xxxxxxxxxxxx WPS-M5 message 16:36:16 1 xxxxxxxxxxxx <-- xxxxxxxxxxxx WPS-M6 message 16:36:16 1 xxxxxxxxxxxx --> xxxxxxxxxxxx WPS-M7 message 16:36:16 1 xxxxxxxxxxxx <-- xxxxxxxxxxxx WPS-M8 message hcxtools-6.3.5/hcxeiutool.c000066400000000000000000000153121471436210700157260ustar00rootroot00000000000000#define _GNU_SOURCE #include #include #include #include #include #include #include #include #include "include/hcxeiutool.h" #include "include/strings.c" #include "include/fileops.c" /*===========================================================================*/ /* global variable */ static FILE *fh_digitlist; static FILE *fh_xdigitlist; static FILE *fh_charlist; static FILE *fh_cslist; /*===========================================================================*/ static void separatewords(int len, char *line) { static int c, cl, cs, cw, cd, cx; static char word[LINE_MAX][WORD_MAX]; cs = 0; cw = 0; cd = 0; cx = 0; cl = CSWORD; memset(word, 0, sizeof(word)); for(c = 0; c < len; c++) { if((line[c] >= '0') && (line[c] <= '9')) { word[DIGITWORD][cd] = line[c]; cd++; } if(isxdigit((unsigned char)line[c])) { word[XDIGITWORD][cx] = line[c]; cx++; } if(((line[c] >= 'A') && (line[c] <= 'Z')) || ((line[c] >= 'a') && (line[c] <= 'z'))) { word[CHARWORD][cw] = line[c]; word[cl][cs] = line[c]; cw++; cs++; } else { cl++; cs = 0; } } if(memcmp(word[DIGITWORD], word[XDIGITWORD], WORD_MAX) == 0) word[XDIGITWORD][0] = 0; if(memcmp(word[CSWORD], word[XDIGITWORD], WORD_MAX) == 0) word[XDIGITWORD][0] = 0; if(memcmp(word[CSWORD], word[CHARWORD], WORD_MAX) == 0) word[CHARWORD][0] = 0; if(fh_digitlist != NULL) { if(strnlen(word[DIGITWORD], WORD_MAX) > 3) fprintf(fh_digitlist, "%s\n", word[DIGITWORD]); } if(fh_xdigitlist != NULL) { if(strnlen(word[XDIGITWORD], WORD_MAX) > 3) fprintf(fh_xdigitlist, "%s\n", word[XDIGITWORD]); } if(fh_charlist != NULL) { if(strnlen(word[CHARWORD], WORD_MAX) > 3) fprintf(fh_charlist, "%s\n", word[CHARWORD]); } if(fh_cslist != NULL) { for(c = CSWORD; c < LINE_MAX; c++) { if(strnlen(word[c], WORD_MAX) > 3) fprintf(fh_cslist, "%s\n", word[c]); } } return; } /*===========================================================================*/ static void processwordlist(FILE *fh_in) { static int len; static char hexid[] = "$HEX["; static char linein[LINEIN_MAX]; while((len = fgetline(fh_in, LINEIN_MAX, linein)) != -1) { if(memcmp(&linein, &hexid, 5) == 0) continue; if(len < 64) separatewords(len, linein); } return; } /*===========================================================================*/ __attribute__ ((noreturn)) static void version(char *eigenname) { fprintf(stdout, "%s %s (C) %s ZeroBeat\n", eigenname, VERSION_TAG, VERSION_YEAR); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) static void usage(char *eigenname) { fprintf(stdout, "%s %s (C) %s ZeroBeat\n" "usage:\n" "%s \n" "\n" "options:\n" "-i : input wordlist\n" "-d : output digit wordlist\n" "-x : output xdigit wordlist\n" "-c : output character wordlist (A-Za-z - other characters removed)\n" "-s : output character wordlist (A-Za-z - other characters replaced by 0x0a)\n" " recommended option for processing with rules\n" "-h : show this help\n" "-v : show version\n" "\n" "--help : show this help\n" "--version : show version\n" "\n" "example:\n" "$ hcxdumptool -i -w dump.pcapng\n" "$ hcxpcapngtool -o hash.22000 -E elist dump.pcapng\n" "$ hcxeiutool -i elist -d digitlist -x xdigitlist -c charlist -s sclist\n" "$ cat elist digitlist xdigitlist charlist sclist > wordlisttmp\n" "$ hashcat --stdout -r charlist >> wordlisttmp\n" "$ hashcat --stdout -r sclist >> wordlisttmp\n" "$ cat wordlisttmp | sort | uniq > wordlist\n" "$ hashcat -m 22000 hash.22000 wordlist\n" "\n", eigenname, VERSION_TAG, VERSION_YEAR, eigenname); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) static void usageerror(char *eigenname) { fprintf(stdout, "%s %s (C) %s by ZeroBeat\n" "usage: %s -h for help\n", eigenname, VERSION_TAG, VERSION_YEAR, eigenname); exit(EXIT_FAILURE); } /*===========================================================================*/ int main(int argc, char *argv[]) { static int auswahl; static int index; static FILE *fh_wordlistin = NULL; static char *wordlistinname = NULL; static char *digitname = NULL; static char *xdigitname = NULL; static char *charname = NULL; static char *csname = NULL; static const char *short_options = "i:d:x:c:s:hv"; static const struct option long_options[] = { {"version", no_argument, NULL, HCX_VERSION}, {"help", no_argument, NULL, HCX_HELP}, {NULL, 0, NULL, 0} }; auswahl = -1; index = 0; optind = 1; optopt = 0; fh_digitlist = NULL; fh_xdigitlist = NULL; fh_charlist = NULL; fh_cslist = NULL; while((auswahl = getopt_long (argc, argv, short_options, long_options, &index)) != -1) { switch (auswahl) { case HCX_INPUT_WORDLIST: wordlistinname = optarg; break; case HCX_OUTPUT_DIGITLIST: digitname = optarg; break; case HCX_OUTPUT_XDIGITLIST: xdigitname = optarg; break; case HCX_OUTPUT_CHARLIST: charname = optarg; break; case HCX_OUTPUT_CSLIST: csname = optarg; break; case HCX_HELP: usage(basename(argv[0])); break; case HCX_VERSION: version(basename(argv[0])); break; case '?': usageerror(basename(argv[0])); break; } } if(argc < 2) { fprintf(stderr, "no option selected\n"); return EXIT_SUCCESS; } if(wordlistinname == NULL) { fprintf(stderr, "no input wordlist selected\n"); return EXIT_SUCCESS; } if((fh_wordlistin = fopen(wordlistinname, "r")) == NULL) { fprintf(stderr, "error opening file %s: %s\n", wordlistinname, strerror(errno)); exit(EXIT_FAILURE); } if(digitname != NULL) { if((fh_digitlist = fopen(digitname, "a+")) == NULL) { fprintf(stderr, "error opening file %s: %s\n", digitname, strerror(errno)); exit(EXIT_FAILURE); } } if(xdigitname != NULL) { if((fh_xdigitlist = fopen(xdigitname, "a+")) == NULL) { fprintf(stderr, "error opening file %s: %s\n", xdigitname, strerror(errno)); exit(EXIT_FAILURE); } } if(charname != NULL) { if((fh_charlist = fopen(charname, "a+")) == NULL) { fprintf(stderr, "error opening file %s: %s\n", charname, strerror(errno)); exit(EXIT_FAILURE); } } if(csname != NULL) { if((fh_cslist = fopen(csname, "a+")) == NULL) { fprintf(stderr, "error opening file %s: %s\n", csname, strerror(errno)); exit(EXIT_FAILURE); } } processwordlist(fh_wordlistin); if(fh_cslist != NULL) fclose(fh_cslist); if(fh_charlist != NULL) fclose(fh_charlist); if(fh_xdigitlist != NULL) fclose(fh_xdigitlist); if(fh_digitlist != NULL) fclose(fh_digitlist); fclose(fh_wordlistin); return EXIT_SUCCESS; } /*===========================================================================*/ hcxtools-6.3.5/hcxhash2cap.c000066400000000000000000001407561471436210700157520ustar00rootroot00000000000000#define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #ifdef _WIN32 #include #else #include #endif #include "include/hcxhash2cap.h" #include "include/hashcatops.h" #include "include/pcap.c" #include "include/ieee80211.c" #include "include/strings.c" #include "include/byteops.c" #include "include/fileops.c" #define ARCH_INDEX(x) ((unsigned int)(unsigned char)(x)) /*===========================================================================*/ /* global var */ static struct timeval tv; static uint64_t timestamp; static int mybeaconsequence; static int myaponlinetime; static uint8_t myapchannel; static unsigned long long int pmkideapolcapwritten; static unsigned long long int pmkideapolcapskipped; static unsigned long long int pmkcapwritten; static unsigned long long int pmkcapskipped; static unsigned long long int hccapxcapwritten; static unsigned long long int hccapxcapskipped; static unsigned long long int hccapcapwritten; static unsigned long long int hccapcapskipped; static unsigned long long int johnwritten; static unsigned long long int johnskipped; /*===========================================================================*/ static void globalinit(void) { srand(time(NULL)); gettimeofday(&tv, NULL); timestamp = ((uint64_t)tv.tv_sec * 1000000) + tv.tv_usec; mybeaconsequence = rand() %4096; myaponlinetime = rand(); myapchannel = (rand() %12) +1; pmkcapwritten = 0; pmkcapskipped = 0; hccapxcapwritten = 0; hccapxcapskipped = 0; hccapcapwritten = 0; hccapcapskipped = 0; johnwritten = 0; johnskipped = 0; } /*===========================================================================*/ static void writecapm1wpa1(int fd_cap, uint8_t *macsta, uint8_t *macap, uint8_t *anonce, uint8_t keyversion, uint16_t keylen, uint64_t rc) { static int c; static pcaprec_hdr_t *pcaph; static mac_t *mach; static wpakey_t *wpak; static const uint8_t m1wpa1data[] = { 0x88, 0x02, 0x3a, 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x00, 0x00, 0x06, 0x00, 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00, 0x88, 0x8e, 0x01, 0x03, 0x00, 0x5f, 0xfe, 0x00, 0x89, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xed, 0x57, 0x5c, 0x4b, 0xca, 0xa7, 0x7a, 0xf1, 0x9e, 0x32, 0x94, 0x32, 0x63, 0x91, 0xad, 0x7d, 0x9c, 0xbc, 0x6a, 0xb4, 0xad, 0x04, 0xf1, 0x23, 0x80, 0xb4, 0x44, 0xbe, 0xb5, 0x8d, 0x2a, 0xdd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, }; #define M1WPA1DATA_SIZE sizeof(m1wpa1data) static uint8_t packetout[0xff]; memset(&packetout, 0, 0xff); pcaph = (pcaprec_hdr_t*)packetout; pcaph->ts_sec = timestamp /1000000; pcaph->ts_usec = timestamp %1000000; pcaph->incl_len = M1WPA1DATA_SIZE; pcaph->orig_len = pcaph->incl_len; timestamp++; memcpy(&packetout[PCAPREC_SIZE], &m1wpa1data, M1WPA1DATA_SIZE); mach = (mac_t*)(packetout +PCAPREC_SIZE); memcpy(mach->addr1, macsta, 6); memcpy(mach->addr2, macap, 6); memcpy(mach->addr3, macap, 6); packetout[PCAPREC_SIZE +0x22] = keyversion; wpak = (wpakey_t*)(packetout +PCAPREC_SIZE +0x26); #ifdef BIG_ENDIAN_HOST rc = byte_swap_64(rc); #endif wpak->keylen = keylen; wpak->replaycount = rc; for(c = 0; c < 32; c++) { packetout[PCAPREC_SIZE +0x33 +c] = anonce[c]; } if(write(fd_cap, packetout, PCAPREC_SIZE +M1WPA1DATA_SIZE) < 0) { perror("\nfailed to write EAPOL packet"); } return; } /*===========================================================================*/ static void writecapm1wpa2(int fd_cap, uint8_t *macsta, uint8_t *macap, uint8_t *anonce, uint8_t keyversion, uint16_t keylen, uint64_t rc) { static int c; static pcaprec_hdr_t *pcaph; static mac_t *mach; static wpakey_t *wpak; static const uint8_t m1wpa2data[] = { 0x88, 0x02, 0x3a, 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x00, 0x00, 0x06, 0x00, 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00, 0x88, 0x8e, 0x02, 0x03, 0x00, 0x5f, 0x02, 0x00, 0x8a, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xed, 0x57, 0x5c, 0x4b, 0xca, 0xa7, 0x7a, 0xf1, 0x9e, 0x32, 0x94, 0x32, 0x63, 0x91, 0xad, 0x7d, 0x9c, 0xbc, 0x6a, 0xb4, 0xad, 0x04, 0xf1, 0x23, 0x80, 0xb4, 0x44, 0xbe, 0xb5, 0x8d, 0x2a, 0xdd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, }; #define M1WPA2DATA_SIZE sizeof(m1wpa2data) static uint8_t packetout[0xff]; memset(&packetout, 0, 0xff); pcaph = (pcaprec_hdr_t*)packetout; pcaph->ts_sec = timestamp /1000000; pcaph->ts_usec = timestamp %1000000; pcaph->incl_len = M1WPA2DATA_SIZE; pcaph->orig_len = pcaph->incl_len; timestamp++; memcpy(&packetout[PCAPREC_SIZE], &m1wpa2data, M1WPA2DATA_SIZE); mach = (mac_t*)(packetout +PCAPREC_SIZE); memcpy(mach->addr1, macsta, 6); memcpy(mach->addr2, macap, 6); memcpy(mach->addr3, macap, 6); packetout[PCAPREC_SIZE +0x22] = keyversion; wpak = (wpakey_t*)(packetout +PCAPREC_SIZE +0x26); #ifdef BIG_ENDIAN_HOST rc = byte_swap_64(rc); #endif wpak->keylen = keylen; wpak->replaycount = rc; for(c = 0; c < 32; c++) { packetout[PCAPREC_SIZE +0x33 +c] = anonce[c]; } if(write(fd_cap, packetout, PCAPREC_SIZE +M1WPA2DATA_SIZE) < 0) { perror("\nfailed to write EAPOL packet"); } return; } /*===========================================================================*/ static void writecapm1wpa2keyver3(int fd_cap, uint8_t *macsta, uint8_t *macap, uint8_t *anonce, uint8_t keyversion, uint16_t keylen, uint64_t rc) { static int c; static pcaprec_hdr_t *pcaph; static mac_t *mach; static wpakey_t *wpak; static const uint8_t m1wpa2keyver3data[] = { 0x88, 0x02, 0x3a, 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x00, 0x00, 0x06, 0x00, 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00, 0x88, 0x8e, 0x02, 0x03, 0x00, 0x5f, 0x02, 0x00, 0x8b, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xed, 0x57, 0x5c, 0x4b, 0xca, 0xa7, 0x7a, 0xf1, 0x9e, 0x32, 0x94, 0x32, 0x63, 0x91, 0xad, 0x7d, 0x9c, 0xbc, 0x6a, 0xb4, 0xad, 0x04, 0xf1, 0x23, 0x80, 0xb4, 0x44, 0xbe, 0xb5, 0x8d, 0x2a, 0xdd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, }; #define M1WPA2KEYVER3DATA_SIZE sizeof(m1wpa2keyver3data) static uint8_t packetout[0xff]; memset(&packetout, 0, 0xff); pcaph = (pcaprec_hdr_t*)packetout; pcaph->ts_sec = timestamp /1000000; pcaph->ts_usec = timestamp %1000000; pcaph->incl_len = M1WPA2KEYVER3DATA_SIZE; pcaph->orig_len = pcaph->incl_len; timestamp++; memcpy(&packetout[PCAPREC_SIZE], &m1wpa2keyver3data, M1WPA2KEYVER3DATA_SIZE); mach = (mac_t*)(packetout +PCAPREC_SIZE); memcpy(mach->addr1, macsta, 6); memcpy(mach->addr2, macap, 6); memcpy(mach->addr3, macap, 6); packetout[PCAPREC_SIZE +0x22] = keyversion; wpak = (wpakey_t*)(packetout +PCAPREC_SIZE +0x26); #ifdef BIG_ENDIAN_HOST rc = byte_swap_64(rc); #endif wpak->keylen = keylen; wpak->replaycount = rc; for(c = 0; c < 32; c++) { packetout[PCAPREC_SIZE +0x33 +c] = anonce[c]; } if(write(fd_cap, packetout, PCAPREC_SIZE +M1WPA2KEYVER3DATA_SIZE) < 0) { perror("\nfailed to write EAPOL packet"); } return; } /*===========================================================================*/ static void writecappmkidwpa2(int fd_cap, uint8_t *macsta, uint8_t *macap, uint8_t *pmkid) { static pcaprec_hdr_t *pcaph; static mac_t *mach; static const uint8_t pmkiddata[] = { 0x88, 0x02, 0x3a, 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x00, 0x00, 0x06, 0x00, 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00, 0x88, 0x8e, 0x02, 0x03, 0x00, 0x75, 0x02, 0x00, 0x8a, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x91, 0x1b, 0xd9, 0xcb, 0x88, 0x9a, 0xcf, 0x5b, 0x0f, 0x62, 0xbf, 0x0d, 0x87, 0x6c, 0x33, 0x30, 0x8a, 0xbf, 0x58, 0x8b, 0xc3, 0x80, 0x4c, 0x15, 0xc0, 0x42, 0x3c, 0xf2, 0x4c, 0x07, 0xa7, 0x25, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16, 0xdd, 0x14, 0x00, 0x0f, 0xac, 0x04, 0x7e, 0xf1, 0x33, 0x3c, 0xb6, 0xf9, 0x03, 0x73, 0xfc, 0x2a, 0xc7, 0x59, 0x37, 0xfd, 0x24, 0x3a }; #define PMKIDDATA_SIZE sizeof(pmkiddata) static uint8_t packetout[0xff]; memset(&packetout, 0, 0xff); pcaph = (pcaprec_hdr_t*)packetout; pcaph->ts_sec = timestamp /1000000; pcaph->ts_usec = timestamp %1000000; pcaph->incl_len = PMKIDDATA_SIZE; pcaph->orig_len = pcaph->incl_len; timestamp++; memcpy(&packetout[PCAPREC_SIZE], &pmkiddata, PMKIDDATA_SIZE); mach = (mac_t*)(packetout +PCAPREC_SIZE); memcpy(mach->addr1, macsta, 6); memcpy(mach->addr2, macap, 6); memcpy(mach->addr3, macap, 6); memcpy(&packetout[PCAPREC_SIZE +0x8b], pmkid, 16); if(write(fd_cap, packetout, PCAPREC_SIZE +PMKIDDATA_SIZE) < 0) { perror("\nfailed to write EAPOL packet"); } return; } /*===========================================================================*/ static void writecapm2(int fd_cap, uint8_t *macsta, uint8_t *macap, uint8_t eapollen, uint8_t *eapol, uint8_t *mic) { static pcaprec_hdr_t *pcaph; static mac_t *mach; static const uint8_t m2data[] = { 0x88, 0x01, 0x3a, 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x00, 0x00, 0x06, 0x00, 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00, 0x88, 0x8e, }; #define M2DATA_SIZE sizeof(m2data) static uint8_t packetout[0xff]; memset(&packetout, 0, 0xff); pcaph = (pcaprec_hdr_t*)packetout; pcaph->ts_sec = timestamp /1000000; pcaph->ts_usec = timestamp %1000000; pcaph->incl_len = M2DATA_SIZE +eapollen; pcaph->orig_len = pcaph->incl_len; timestamp++; memcpy(&packetout[PCAPREC_SIZE], &m2data, M2DATA_SIZE); mach = (mac_t*)(packetout +PCAPREC_SIZE); memcpy(mach->addr1, macap, 6); memcpy(mach->addr2, macsta, 6); memcpy(mach->addr3, macap, 6); memcpy(&packetout[PCAPREC_SIZE +M2DATA_SIZE], eapol, eapollen); memcpy(&packetout[PCAPREC_SIZE +M2DATA_SIZE +0x51], mic, 16); if(write(fd_cap, packetout, PCAPREC_SIZE +M2DATA_SIZE +eapollen) < 0) { perror("\nfailed to write EAPOL packet"); } return; } /*===========================================================================*/ static void writecapbeaconwpa1(int fd_cap, uint8_t *macap, uint8_t essidlen, uint8_t *essid) { static pcaprec_hdr_t *pcaph; static mac_t *mach; static capap_t *capap; static const uint8_t beacondata[] = { 0x01, 0x08, 0x82, 0x84, 0x8b, 0x96, 0x8c, 0x12, 0x98, 0x24, 0x03, 0x01, 0x06, 0xdd, 0x16, 0x00, 0x50, 0xf2, 0x01, 0x01, 0x00, 0x00, 0x50, 0xf2, 0x04, 0x01, 0x00, 0x00, 0x50, 0xf2, 0x04, 0x01, 0x00, 0x00, 0x50, 0xf2, 0x02, 0xdd, 0x17, 0xff, 0xff, 0xff, 0x00, 0xd9, 0x20, 0x21, 0x9b, 0x9b, 0x6a, 0xc9, 0x59, 0x49, 0x42, 0xe6, 0x55, 0x6a, 0x06, 0xa3, 0x23, 0x94, 0x2d, 0x94 }; #define BEACONDATA_SIZE sizeof(beacondata) static uint8_t packetout[0xff]; memset(&packetout, 0, 0xff); pcaph = (pcaprec_hdr_t*)packetout; pcaph->ts_sec = timestamp /1000000; pcaph->ts_usec = timestamp %1000000; pcaph->incl_len = MAC_SIZE_NORM +CAPABILITIESAP_SIZE +2 +essidlen +BEACONDATA_SIZE; pcaph->orig_len = pcaph->incl_len; timestamp++; mach = (mac_t*)(packetout +PCAPREC_SIZE); mach->type = IEEE80211_FTYPE_MGMT; mach->subtype = IEEE80211_STYPE_BEACON; memcpy(mach->addr1, &mac_broadcast, 6); memcpy(mach->addr2, macap, 6); memcpy(mach->addr3, macap, 6); mach->sequence = mybeaconsequence++ << 4; if(mybeaconsequence >= 4096) { mybeaconsequence = 0; } capap = (capap_t*)(packetout +PCAPREC_SIZE +MAC_SIZE_NORM); capap->timestamp = myaponlinetime++; capap->beaconintervall = 0x64; capap->capabilities = 0x431; packetout[PCAPREC_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE +1] = essidlen; memcpy(&packetout[PCAPREC_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE +2], essid, essidlen); memcpy(&packetout[PCAPREC_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE +2 +essidlen], &beacondata, BEACONDATA_SIZE); packetout[PCAPREC_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE +2 +essidlen +0x0c] = myapchannel; if(write(fd_cap, packetout, PCAPREC_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE +2 +essidlen +BEACONDATA_SIZE) < 0) { perror("\nfailed to write beacon packet"); } return; } /*===========================================================================*/ static void writecapbeaconwpa2(int fd_cap, uint8_t *macap, uint8_t essidlen, uint8_t *essid) { static pcaprec_hdr_t *pcaph; static mac_t *mach; static capap_t *capap; static const uint8_t beacondata[] = { 0x01, 0x08, 0x82, 0x84, 0x8b, 0x96, 0x8c, 0x12, 0x98, 0x24, 0x03, 0x01, 0x06, 0x30, 0x14, 0x01, 0x00, 0x00, 0x0f, 0xac, 0x04, 0x01, 0x00, 0x00, 0x0f, 0xac, 0x04, 0x01, 0x00, 0x00, 0x0f, 0xac, 0x02, 0x0c, 0x00, 0xdd, 0x17, 0xff, 0xff, 0xff, 0x00, 0xd9, 0x20, 0x21, 0x9b, 0x9b, 0x6a, 0xc9, 0x59, 0x49, 0x42, 0xe6, 0x55, 0x6a, 0x06, 0xa3, 0x23, 0x94, 0x2d, 0x94 }; #define BEACONDATA_SIZE sizeof(beacondata) static uint8_t packetout[0xff]; memset(&packetout, 0, 0xff); pcaph = (pcaprec_hdr_t*)packetout; pcaph->ts_sec = timestamp /1000000; pcaph->ts_usec = timestamp %1000000; pcaph->incl_len = MAC_SIZE_NORM +CAPABILITIESAP_SIZE +2 +essidlen +BEACONDATA_SIZE; pcaph->orig_len = pcaph->incl_len; timestamp++; mach = (mac_t*)(packetout +PCAPREC_SIZE); mach->type = IEEE80211_FTYPE_MGMT; mach->subtype = IEEE80211_STYPE_BEACON; memcpy(mach->addr1, &mac_broadcast, 6); memcpy(mach->addr2, macap, 6); memcpy(mach->addr3, macap, 6); mach->sequence = mybeaconsequence++ << 4; if(mybeaconsequence >= 4096) { mybeaconsequence = 0; } capap = (capap_t*)(packetout +PCAPREC_SIZE +MAC_SIZE_NORM); capap->timestamp = myaponlinetime++; capap->beaconintervall = 0x64; capap->capabilities = 0x431; packetout[PCAPREC_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE +1] = essidlen; memcpy(&packetout[PCAPREC_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE +2], essid, essidlen); memcpy(&packetout[PCAPREC_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE +2 +essidlen], &beacondata, BEACONDATA_SIZE); packetout[PCAPREC_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE +2 +essidlen +0x0c] = myapchannel; if(write(fd_cap, packetout, PCAPREC_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE +2 +essidlen +BEACONDATA_SIZE) < 0) { perror("\nfailed to write beacon packet"); } return; } /*===========================================================================*/ static void writecapbeaconwpa2keyver3(int fd_cap, uint8_t *macap, uint8_t essidlen, uint8_t *essid) { static pcaprec_hdr_t *pcaph; static mac_t *mach; static capap_t *capap; static const uint8_t beacondata[] = { 0x01, 0x08, 0x82, 0x84, 0x8b, 0x96, 0x8c, 0x12, 0x98, 0x24, 0x03, 0x01, 0x06, 0x30, 0x14, 0x01, 0x00, 0x00, 0x0f, 0xac, 0x04, 0x01, 0x00, 0x00, 0x0f, 0xac, 0x04, 0x01, 0x00, 0x00, 0x0f, 0xac, 0x06, 0xcc, 0x00, 0xdd, 0x17, 0xff, 0xff, 0xff, 0x00, 0xd9, 0x20, 0x21, 0x9b, 0x9b, 0x6a, 0xc9, 0x59, 0x49, 0x42, 0xe6, 0x55, 0x6a, 0x06, 0xa3, 0x23, 0x94, 0x2d, 0x94 }; #define BEACONDATA_SIZE sizeof(beacondata) static uint8_t packetout[0xff]; memset(&packetout, 0, 0xff); pcaph = (pcaprec_hdr_t*)packetout; pcaph->ts_sec = timestamp /1000000; pcaph->ts_usec = timestamp %1000000; pcaph->incl_len = MAC_SIZE_NORM +CAPABILITIESAP_SIZE +2 +essidlen +BEACONDATA_SIZE; pcaph->orig_len = pcaph->incl_len; timestamp++; mach = (mac_t*)(packetout +PCAPREC_SIZE); mach->type = IEEE80211_FTYPE_MGMT; mach->subtype = IEEE80211_STYPE_BEACON; memcpy(mach->addr1, &mac_broadcast, 6); memcpy(mach->addr2, macap, 6); memcpy(mach->addr3, macap, 6); mach->sequence = mybeaconsequence++ << 4; if(mybeaconsequence >= 4096) { mybeaconsequence = 0; } capap = (capap_t*)(packetout +PCAPREC_SIZE +MAC_SIZE_NORM); capap->timestamp = myaponlinetime++; capap->beaconintervall = 0x64; capap->capabilities = 0x431; packetout[PCAPREC_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE +1] = essidlen; memcpy(&packetout[PCAPREC_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE +2], essid, essidlen); memcpy(&packetout[PCAPREC_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE +2 +essidlen], &beacondata, BEACONDATA_SIZE); packetout[PCAPREC_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE +2 +essidlen +0x0c] = myapchannel; if(write(fd_cap, packetout, PCAPREC_SIZE +MAC_SIZE_NORM +CAPABILITIESAP_SIZE +2 +essidlen +BEACONDATA_SIZE) < 0) { perror("\nfailed to write beacon packet"); } return; } /*===========================================================================*/ static uint16_t getfield(char *lineptr, size_t bufflen, uint8_t *buff) { static size_t p; static uint8_t idx0; static uint8_t idx1; static const uint8_t hashmap[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, // 01234567 0x08, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 89:;<=>? 0x00, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00, // @ABCDEFG 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // HIJKLMNO 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // PQRSTUVW 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // XYZ[\]^_ 0x00, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00, // `abcdefg 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // hijklmno }; memset(buff, 0, bufflen); p = 0; while((lineptr[p] != '*') && (lineptr[p] != 0) && (p /2 <= bufflen)) { if(! isxdigit((unsigned char)lineptr[p +0])) return 0; if(! isxdigit((unsigned char)lineptr[p +1])) return 0; if((lineptr[p +1] == '*') || (lineptr[p +1] == 0)) return 0; idx0 = ((uint8_t)lineptr[p +0] &0x1F) ^0x10; idx1 = ((uint8_t)lineptr[p +1] &0x1F) ^0x10; buff[p /2] = (uint8_t)(hashmap[idx0] <<4) | hashmap[idx1]; p += 2; if((p /2) > PMKIDEAPOL_BUFFER_LEN) return 0; } return p /2; } /*===========================================================================*/ static void processpmkideapolfile(char *pmkideapolname, int fd_cap) { static int len; static int oflen; static int aktread = 1; static FILE *fhpmkideapol; static uint16_t essidlen; static uint16_t noncelen; static uint16_t eapauthlen; static uint16_t mplen; static int fd_singlecap; static eapauth_t *eapa; static wpakey_t *wpak; static uint16_t keyinfo; static uint8_t keyver; static uint64_t rc; static const char wpa01[] = { "WPA*01*" }; static const char wpa02[] = { "WPA*02*" }; static char linein[PMKIDEAPOL_LINE_LEN +1]; static uint8_t buffer[PMKIDEAPOL_LINE_LEN +1]; static uint8_t macap[6]; static uint8_t macsta[6]; static uint8_t hash[16]; static uint8_t anonce[32]; static uint8_t eapol[EAPOL_AUTHLEN_MAX]; static uint8_t essid[ESSID_LEN_MAX]; static char singlecapname[PATH_MAX +2]; if((fhpmkideapol = fopen(pmkideapolname, "r")) == NULL) { fprintf(stderr, "opening hash file failed %s\n", pmkideapolname); return; } while(1) { if((len = fgetline(fhpmkideapol, PMKIDEAPOL_LINE_LEN, linein)) == -1) break; aktread++; if(len < 68) { pmkideapolcapskipped++; continue; } if((memcmp(&linein, &wpa01, 7) != 0) && (memcmp(&linein, &wpa02, 7) != 0)) { pmkideapolcapskipped++; continue; } if((linein[39] != '*') && (linein[52] != '*') && (linein[65] != '*')) { pmkideapolcapskipped++; continue; } if(getfield(&linein[7], PMKIDEAPOL_LINE_LEN, buffer) != 16) { pmkideapolcapskipped++; continue; } memcpy(&hash, &buffer, 16); if(getfield(&linein[40], PMKIDEAPOL_LINE_LEN, buffer) != 6) { pmkideapolcapskipped++; continue; } memcpy(&macap, &buffer, 6); if(getfield(&linein[53], PMKIDEAPOL_LINE_LEN, buffer) != 6) { pmkideapolcapskipped++; continue; } memcpy(&macsta, &buffer, 6); essidlen = getfield(&linein[66], PMKIDEAPOL_LINE_LEN, buffer); if(essidlen > 32) { pmkideapolcapskipped++; continue; } memcpy(&essid, &buffer, essidlen); if(memcmp(&linein, &wpa01, 7) == 0) { if(fd_cap == 0) { snprintf(singlecapname, 18, "%02x%02x%02x%02x%02x%02x.cap", macsta[0], macsta[1], macsta[2], macsta[3], macsta[4], macsta[5]); fd_singlecap = hcxopencapdump(singlecapname); if(fd_singlecap == -1) { fprintf(stderr, "could not create cap file\n"); exit(EXIT_FAILURE); } writecapbeaconwpa2(fd_singlecap, macap, essidlen, essid); writecappmkidwpa2(fd_singlecap, macsta, macap, hash); pmkideapolcapwritten++; close(fd_singlecap); } else { writecapbeaconwpa2(fd_cap, macap, essidlen, essid); writecappmkidwpa2(fd_cap, macsta, macap, hash); pmkideapolcapwritten++; } } else if(memcmp(&linein, &wpa02, 7) == 0) { oflen = 66 +essidlen *2 +1; noncelen = getfield(&linein[oflen], PMKIDEAPOL_LINE_LEN, buffer); if(noncelen > 32) { pmkideapolcapskipped++; continue; } memcpy(&anonce, &buffer, 32); oflen += 65; eapauthlen = getfield(&linein[oflen], PMKIDEAPOL_LINE_LEN, buffer); if(eapauthlen > EAPOL_AUTHLEN_MAX) { pmkideapolcapskipped++; continue; } memcpy(&eapol, &buffer, eapauthlen); oflen += eapauthlen *2 +1; mplen = getfield(&linein[oflen], PMKIDEAPOL_LINE_LEN, buffer); if(mplen > 1) { pmkideapolcapskipped++; continue; } eapa = (eapauth_t*)eapol; if(eapa->type != EAPOL_KEY) { pmkideapolcapskipped++; continue; } if(eapauthlen != ntohs(eapa->len) +4) { pmkideapolcapskipped++; continue; } wpak = (wpakey_t*)(eapol +EAPAUTH_SIZE); keyver = ntohs(wpak->keyinfo) & WPA_KEY_INFO_TYPE_MASK; if((keyver == 0) || (keyver > 3)) { pmkideapolcapskipped++; continue; } keyinfo = (getkeyinfo(ntohs(wpak->keyinfo))); if(keyinfo == 3) { pmkideapolcapskipped++; continue; } rc = wpak->replaycount; #ifdef BIG_ENDIAN_HOST rc = byte_swap_64(rc); #endif if(keyinfo == 4) { rc--; } if(fd_cap == 0) { snprintf(singlecapname, 18, "%02x%02x%02x%02x%02x%02x.cap", macsta[0], macsta[1], macsta[2], macsta[3], macsta[4], macsta[5]); fd_singlecap = hcxopencapdump(singlecapname); if(fd_singlecap == -1) { fprintf(stderr, "could not create cap file\n"); exit(EXIT_FAILURE); } if(keyver == 1) { writecapbeaconwpa1(fd_singlecap, macap, essidlen, essid); writecapm1wpa1(fd_singlecap, macsta, macap, anonce, eapa->version, wpak->keylen, rc); writecapm2(fd_singlecap, macsta, macap, eapauthlen, eapol, hash); pmkideapolcapwritten++; } else if(keyver == 2) { writecapbeaconwpa2(fd_singlecap, macap, essidlen, essid); writecapm1wpa2(fd_singlecap, macsta, macap, anonce, eapa->version, wpak->keylen, rc); writecapm2(fd_singlecap, macsta, macap, eapauthlen, eapol, hash); pmkideapolcapwritten++; } else if(keyver == 3) { writecapbeaconwpa2keyver3(fd_singlecap, macap, essidlen, essid); writecapm1wpa2keyver3(fd_singlecap, macsta, macap, anonce, eapa->version, wpak->keylen, rc); writecapm2(fd_singlecap, macsta, macap, eapauthlen, eapol, hash); pmkideapolcapwritten++; } close(fd_singlecap); } else { if(keyver == 1) { writecapbeaconwpa1(fd_cap, macap, essidlen, essid); writecapm1wpa1(fd_cap, macsta, macap, anonce, eapa->version, wpak->keylen, rc); writecapm2(fd_cap, macsta, macap, eapauthlen, eapol, hash); pmkideapolcapwritten++; } else if(keyver == 2) { writecapbeaconwpa2(fd_cap, macap, essidlen, essid); writecapm1wpa2(fd_cap, macsta, macap, anonce, eapa->version, wpak->keylen, rc); writecapm2(fd_cap, macsta, macap, eapauthlen, eapol, hash); pmkideapolcapwritten++; } else if(keyver == 3) { writecapbeaconwpa2keyver3(fd_cap, macap, essidlen, essid); writecapm1wpa2keyver3(fd_cap, macsta, macap, anonce, eapa->version, wpak->keylen, rc); writecapm2(fd_cap, macsta, macap, eapauthlen, eapol, hash); pmkideapolcapwritten++; } } } else { pmkideapolcapskipped++; continue; } } return; } /*===========================================================================*/ static void processpmkidfile(char *pmkidname, int fd_cap) { static int len; static int aktread = 1; static int essidlen; static int fd_singlecap; static FILE *fhpmkid; static char linein[PMKID_LINE_LEN]; static uint8_t macap[6]; static uint8_t macsta[6]; static uint8_t pmkid[16]; static uint8_t essid[ESSID_LEN_MAX]; static char singlecapname[PATH_MAX +2]; if((fhpmkid = fopen(pmkidname, "r")) == NULL) { fprintf(stderr, "opening hash file failed %s\n", pmkidname); return; } while(1) { if((len = fgetline(fhpmkid, PMKID_LINE_LEN, linein)) == -1) { break; } if((len < 61) || ((len > 59 +(ESSID_LEN_MAX *2)))) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); aktread++; pmkcapskipped++; continue; } if(((linein[32] != '*') && (linein[45] != '*') && (linein[58] != '*')) && ((linein[32] != ':') && (linein[45] != ':') && (linein[58] != ':'))) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); aktread++; pmkcapskipped++; continue; } essidlen = len -59; if((essidlen %2) != 0) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); aktread++; pmkcapskipped++; continue; } if((essidlen < 2) || (essidlen > 64)) { fprintf(stderr, "reading ESSID %d failed: %s\n", aktread, linein); aktread++; pmkcapskipped++; continue; } if(hex2bin(&linein[0], pmkid, 16) == -1) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); pmkcapskipped++; continue; } if(hex2bin(&linein[33], macap, 6) == -1) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); pmkcapskipped++; continue; } if(hex2bin(&linein[46], macsta, 6) == -1) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); pmkcapskipped++; continue; } if(hex2bin(&linein[59], essid, essidlen/2) == -1) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); pmkcapskipped++; continue; } if(fd_cap == 0) { snprintf(singlecapname, 18, "%02x%02x%02x%02x%02x%02x.cap", macsta[0], macsta[1], macsta[2], macsta[3], macsta[4], macsta[5]); fd_singlecap = hcxopencapdump(singlecapname); if(fd_singlecap == -1) { fprintf(stderr, "could not create cap file\n"); exit(EXIT_FAILURE); } writecapbeaconwpa2(fd_singlecap, macap, essidlen /2, essid); writecappmkidwpa2(fd_singlecap, macsta, macap, pmkid); pmkcapwritten++; close(fd_singlecap); } else { writecapbeaconwpa2(fd_cap, macap, essidlen /2, essid); writecappmkidwpa2(fd_cap, macsta, macap, pmkid); pmkcapwritten++; } aktread++; } fclose(fhpmkid); return; } /*===========================================================================*/ static void processhccapxfile(char *hccapxname, int fd_cap) { static struct stat statinfo; static hccapx_t *hcxptr; static int fd_singlecap; static FILE *fhhcx; static eapauth_t *eapa; static wpakey_t *wpak; static uint16_t keyinfo; static uint8_t keyver; static uint64_t rc; static uint8_t hcxdata[HCCAPX_SIZE]; static char singlecapname[PATH_MAX +2]; if(stat(hccapxname, &statinfo) != 0) { fprintf(stderr, "can't stat %s\n", hccapxname); return; } if((statinfo.st_size %HCCAPX_SIZE) != 0) { fprintf(stderr, "file corrupt\n"); return; } if((fhhcx = fopen(hccapxname, "r")) == NULL) { fprintf(stderr, "error opening file %s", hccapxname); return; } hcxptr = (hccapx_t*)hcxdata; while(fread(&hcxdata, HCCAPX_SIZE, 1, fhhcx) == 1) { if(hcxptr->signature != HCCAPX_SIGNATURE) { hccapxcapskipped++; continue; } if((hcxptr->version != 3) && (hcxptr->version != 4)) { hccapxcapskipped++; continue; } if((hcxptr->essid_len == 0) || (hcxptr->essid_len > ESSID_LEN_MAX)) { hccapxcapskipped++; continue; } eapa = (eapauth_t*)hcxptr->eapol; if(eapa->type != EAPOL_KEY) { hccapxcapskipped++; continue; } if(hcxptr->eapol_len != ntohs(eapa->len) +4) { hccapxcapskipped++; continue; } wpak = (wpakey_t*)(hcxptr->eapol +EAPAUTH_SIZE); keyver = ntohs(wpak->keyinfo) & WPA_KEY_INFO_TYPE_MASK; if(keyver != hcxptr->keyver) { hccapxcapskipped++; continue; } if(keyver > 3) { hccapxcapskipped++; continue; } keyinfo = (getkeyinfo(ntohs(wpak->keyinfo))); if(keyinfo == 3) { hccapxcapskipped++; continue; } rc = wpak->replaycount; #ifdef BIG_ENDIAN_HOST rc = byte_swap_64(rc); #endif if(keyinfo == 4) { rc--; } if(fd_cap == 0) { snprintf(singlecapname, 18, "%02x%02x%02x%02x%02x%02x.cap", hcxptr->mac_sta[0], hcxptr->mac_sta[1], hcxptr->mac_sta[2], hcxptr->mac_sta[3], hcxptr->mac_sta[4], hcxptr->mac_sta[5]); fd_singlecap = hcxopencapdump(singlecapname); if(fd_singlecap == -1) { fprintf(stderr, "could not create cap file\n"); exit(EXIT_FAILURE); } if(keyver == 1) { writecapbeaconwpa1(fd_singlecap, hcxptr->mac_ap, hcxptr->essid_len, hcxptr->essid); if(memcmp(wpak->nonce, hcxptr->nonce_ap, 32) != 0) { writecapm1wpa1(fd_singlecap, hcxptr->mac_sta, hcxptr->mac_ap, hcxptr->nonce_ap, eapa->version, wpak->keylen, rc); } else { writecapm1wpa1(fd_singlecap, hcxptr->mac_sta, hcxptr->mac_ap, hcxptr->nonce_sta, eapa->version, wpak->keylen, rc); } writecapm2(fd_singlecap, hcxptr->mac_sta, hcxptr->mac_ap, hcxptr->eapol_len, hcxptr->eapol, hcxptr->keymic); hccapxcapwritten++; } else if(keyver == 2) { writecapbeaconwpa2(fd_singlecap, hcxptr->mac_ap, hcxptr->essid_len, hcxptr->essid); if(memcmp(wpak->nonce, hcxptr->nonce_ap, 32) != 0) { writecapm1wpa2(fd_singlecap, hcxptr->mac_sta, hcxptr->mac_ap, hcxptr->nonce_ap, eapa->version, wpak->keylen, rc); } else { writecapm1wpa2(fd_singlecap, hcxptr->mac_sta, hcxptr->mac_ap, hcxptr->nonce_sta, eapa->version, wpak->keylen, rc); } writecapm2(fd_singlecap, hcxptr->mac_sta, hcxptr->mac_ap, hcxptr->eapol_len, hcxptr->eapol, hcxptr->keymic); hccapxcapwritten++; } else if(keyver == 3) { writecapbeaconwpa2keyver3(fd_singlecap, hcxptr->mac_ap, hcxptr->essid_len, hcxptr->essid); if(memcmp(wpak->nonce, hcxptr->nonce_ap, 32) != 0) { writecapm1wpa2keyver3(fd_singlecap, hcxptr->mac_sta, hcxptr->mac_ap, hcxptr->nonce_ap, eapa->version, wpak->keylen, rc); } else { writecapm1wpa2keyver3(fd_singlecap, hcxptr->mac_sta, hcxptr->mac_ap, hcxptr->nonce_sta, eapa->version, wpak->keylen, rc); } writecapm2(fd_singlecap, hcxptr->mac_sta, hcxptr->mac_ap, hcxptr->eapol_len, hcxptr->eapol, hcxptr->keymic); hccapxcapwritten++; } close(fd_singlecap); } else { if(keyver == 1) { writecapbeaconwpa1(fd_cap, hcxptr->mac_ap, hcxptr->essid_len, hcxptr->essid); if(memcmp(wpak->nonce, hcxptr->nonce_ap, 32) != 0) { writecapm1wpa1(fd_cap, hcxptr->mac_sta, hcxptr->mac_ap, hcxptr->nonce_ap, eapa->version, wpak->keylen, rc); } else { writecapm1wpa1(fd_cap, hcxptr->mac_sta, hcxptr->mac_ap, hcxptr->nonce_sta, eapa->version, wpak->keylen, rc); } writecapm2(fd_cap, hcxptr->mac_sta, hcxptr->mac_ap, hcxptr->eapol_len, hcxptr->eapol, hcxptr->keymic); hccapxcapwritten++; } else if(keyver == 2) { writecapbeaconwpa2(fd_cap, hcxptr->mac_ap, hcxptr->essid_len, hcxptr->essid); if(memcmp(wpak->nonce, hcxptr->nonce_ap, 32) != 0) { writecapm1wpa2(fd_cap, hcxptr->mac_sta, hcxptr->mac_ap, hcxptr->nonce_ap, eapa->version, wpak->keylen, rc); } else { writecapm1wpa2(fd_cap, hcxptr->mac_sta, hcxptr->mac_ap, hcxptr->nonce_sta, eapa->version, wpak->keylen, rc); } writecapm2(fd_cap, hcxptr->mac_sta, hcxptr->mac_ap, hcxptr->eapol_len, hcxptr->eapol, hcxptr->keymic); hccapxcapwritten++; } else if(keyver == 3) { writecapbeaconwpa2keyver3(fd_cap, hcxptr->mac_ap, hcxptr->essid_len, hcxptr->essid); if(memcmp(wpak->nonce, hcxptr->nonce_ap, 32) != 0) { writecapm1wpa2keyver3(fd_cap, hcxptr->mac_sta, hcxptr->mac_ap, hcxptr->nonce_ap, eapa->version, wpak->keylen, rc); } else { writecapm1wpa2keyver3(fd_cap, hcxptr->mac_sta, hcxptr->mac_ap, hcxptr->nonce_sta, eapa->version, wpak->keylen, rc); } writecapm2(fd_cap, hcxptr->mac_sta, hcxptr->mac_ap, hcxptr->eapol_len, hcxptr->eapol, hcxptr->keymic); hccapxcapwritten++; } } } fclose(fhhcx); return; } /*===========================================================================*/ static void processhccapfile(char *hccapname, int fd_cap) { static struct stat statinfo; static hccap_t *hcptr; static int fd_singlecap; static FILE *fhhc; static uint8_t essidlen; static int c; static eapauth_t *eapa; static wpakey_t *wpak; static uint16_t keyinfo; static uint8_t keyver; static uint64_t rc; static uint8_t hcdata[HCCAP_SIZE]; static char singlecapname[PATH_MAX +2]; if(stat(hccapname, &statinfo) != 0) { fprintf(stderr, "can't stat %s\n", hccapname); return; } if((statinfo.st_size %HCCAP_SIZE) != 0) { fprintf(stderr, "file corrupt\n"); return; } if((fhhc = fopen(hccapname, "r")) == NULL) { fprintf(stderr, "error opening file %s", hccapname); return; } hcptr = (hccap_t*)hcdata; while(fread(&hcdata, HCCAP_SIZE, 1, fhhc) == 1) { essidlen = 0; for(c = 0; c < ESSID_LEN_MAX; c++) { if(hcptr->essid[c] == 0) { break; } essidlen++; } if((essidlen == 0) || (essidlen > ESSID_LEN_MAX)) { hccapcapskipped++; continue; } eapa = (eapauth_t*)hcptr->eapol; if(eapa->type != EAPOL_KEY) { hccapcapskipped++; continue; } if(hcptr->eapol_size != ntohs(eapa->len) +4) { hccapcapskipped++; continue; } wpak = (wpakey_t*)(hcptr->eapol +EAPAUTH_SIZE); keyver = ntohs(wpak->keyinfo) & WPA_KEY_INFO_TYPE_MASK; if(keyver != hcptr->keyver) { hccapcapskipped++; continue; } if(keyver > 3) { hccapcapskipped++; continue; } keyinfo = (getkeyinfo(ntohs(wpak->keyinfo))); if(keyinfo == 3) { hccapcapskipped++; continue; } rc = wpak->replaycount; #ifdef BIG_ENDIAN_HOST rc = byte_swap_64(rc); #endif if(keyinfo == 4) { rc--; } if(fd_cap == 0) { snprintf(singlecapname, 18, "%02x%02x%02x%02x%02x%02x.cap", hcptr->mac2[0], hcptr->mac2[1], hcptr->mac2[2], hcptr->mac2[3], hcptr->mac2[4], hcptr->mac2[5]); fd_singlecap = hcxopencapdump(singlecapname); if(fd_singlecap == -1) { fprintf(stderr, "could not create cap file\n"); exit(EXIT_FAILURE); } if(keyver == 1) { writecapbeaconwpa1(fd_singlecap, hcptr->mac1, essidlen, (uint8_t*)hcptr->essid); if(memcmp(wpak->nonce, hcptr->nonce1, 32) != 0) { writecapm1wpa1(fd_singlecap, hcptr->mac2, hcptr->mac1, hcptr->nonce1, eapa->version, wpak->keylen, rc); } else { writecapm1wpa1(fd_singlecap, hcptr->mac2, hcptr->mac1, hcptr->nonce2, eapa->version, wpak->keylen, rc); } writecapm2(fd_singlecap, hcptr->mac2, hcptr->mac1, hcptr->eapol_size, hcptr->eapol, hcptr->keymic); hccapcapwritten++; } else if(keyver == 2) { writecapbeaconwpa2(fd_singlecap, hcptr->mac1, essidlen, (uint8_t*)hcptr->essid); if(memcmp(wpak->nonce, hcptr->nonce1, 32) != 0) { writecapm1wpa2(fd_singlecap, hcptr->mac2, hcptr->mac1, hcptr->nonce1, eapa->version, wpak->keylen, rc); } else { writecapm1wpa2(fd_singlecap, hcptr->mac2, hcptr->mac1, hcptr->nonce2, eapa->version, wpak->keylen, rc); } writecapm2(fd_singlecap, hcptr->mac2, hcptr->mac1, hcptr->eapol_size, hcptr->eapol, hcptr->keymic); hccapcapwritten++; } else if(keyver == 3) { writecapbeaconwpa2keyver3(fd_singlecap, hcptr->mac1, essidlen, (uint8_t*)hcptr->essid); if(memcmp(wpak->nonce, hcptr->nonce1, 32) != 0) { writecapm1wpa2keyver3(fd_singlecap, hcptr->mac2, hcptr->mac1, hcptr->nonce1, eapa->version, wpak->keylen, rc); } else { writecapm1wpa2keyver3(fd_singlecap, hcptr->mac2, hcptr->mac1, hcptr->nonce2, eapa->version, wpak->keylen, rc); } writecapm2(fd_singlecap, hcptr->mac2, hcptr->mac1, hcptr->eapol_size, hcptr->eapol, hcptr->keymic); hccapcapwritten++; } close(fd_singlecap); } else { if(keyver == 1) { writecapbeaconwpa1(fd_cap, hcptr->mac1, essidlen, (uint8_t*)hcptr->essid); if(memcmp(wpak->nonce, hcptr->nonce1, 32) != 0) { writecapm1wpa1(fd_cap, hcptr->mac2, hcptr->mac1, hcptr->nonce1, eapa->version, wpak->keylen, rc); } else { writecapm1wpa1(fd_cap, hcptr->mac2, hcptr->mac1, hcptr->nonce2, eapa->version, wpak->keylen, rc); } writecapm2(fd_cap, hcptr->mac2, hcptr->mac1, hcptr->eapol_size, hcptr->eapol, hcptr->keymic); hccapcapwritten++; } else if(keyver == 2) { writecapbeaconwpa2(fd_cap, hcptr->mac1, essidlen, (uint8_t*)hcptr->essid); if(memcmp(wpak->nonce, hcptr->nonce1, 32) != 0) { writecapm1wpa2(fd_cap, hcptr->mac2, hcptr->mac1, hcptr->nonce1, eapa->version, wpak->keylen, rc); } else { writecapm1wpa2(fd_cap, hcptr->mac2, hcptr->mac1, hcptr->nonce2, eapa->version, wpak->keylen, rc); } writecapm2(fd_cap, hcptr->mac2, hcptr->mac1, hcptr->eapol_size, hcptr->eapol, hcptr->keymic); hccapcapwritten++; } else if(keyver == 3) { writecapbeaconwpa2keyver3(fd_cap, hcptr->mac1, essidlen, (uint8_t*)hcptr->essid); if(memcmp(wpak->nonce, hcptr->nonce1, 32) != 0) { writecapm1wpa2keyver3(fd_cap, hcptr->mac2, hcptr->mac1, hcptr->nonce1, eapa->version, wpak->keylen, rc); } else { writecapm1wpa2keyver3(fd_cap, hcptr->mac2, hcptr->mac1, hcptr->nonce2, eapa->version, wpak->keylen, rc); } writecapm2(fd_cap, hcptr->mac2, hcptr->mac1, hcptr->eapol_size, hcptr->eapol, hcptr->keymic); hccapcapwritten++; } } } fclose(fhhc); return; } /*===========================================================================*/ static void processjohnfile(char *johnname, int fd_cap) { static int len; static int i; static FILE *fhjohn; static int essidlen; static int hashlen; static char *ptressid; static char *ptreapol; static char *ptreapol2; static uint8_t *johnptr; static const char *pos; static hccap_t *hcptr; static int fd_singlecap; static eapauth_t *eapa; static wpakey_t *wpak; static uint16_t keyinfo; static uint8_t keyver; static uint64_t rc; static const char itoa64[65] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; static char singlecapname[PATH_MAX +2]; static char linein[JOHN_LINE_LEN]; static uint8_t hcdata[HCCAP_SIZE]; static unsigned char atoi64[0x100]; if((fhjohn = fopen(johnname, "r")) == NULL) { fprintf(stderr, "opening hash file failed %s\n", johnname); return; } memset(atoi64, 0x7F, sizeof(atoi64)); for(pos = itoa64; pos <= &itoa64[63]; pos++) { atoi64[ARCH_INDEX(*pos)] = pos - itoa64; } hcptr = (hccap_t*)hcdata; while(1) { if((len = fgetline(fhjohn, JOHN_LINE_LEN, linein)) == -1) { break; } if(len < 534) { johnskipped++; continue; } ptressid =strstr(linein, ":$WPAPSK$"); if(ptressid == NULL) { johnskipped++; continue; } ptressid += 9; ptreapol =strrchr(linein, '#'); if(ptreapol == NULL) { johnskipped++; continue; } ptreapol++; essidlen = ptreapol -ptressid -1; if((essidlen == 0) || (essidlen > ESSID_LEN_MAX)) { johnskipped++; continue; } ptreapol2 = strchr(ptreapol, ':'); if(ptreapol2 == NULL) { johnskipped++; continue; } hashlen = ptreapol2 - ptreapol; if(hashlen != 475) { johnskipped++; continue; } memset(&hcdata, 0, HCCAP_SIZE); memcpy(&hcdata, ptressid, essidlen); johnptr = hcdata +36; for (i = 0; i < 118; i++) { johnptr[0] = (atoi64[ARCH_INDEX(ptreapol[0])] << 2) | (atoi64[ARCH_INDEX(ptreapol[1])] >> 4); johnptr[1] = (atoi64[ARCH_INDEX(ptreapol[1])] << 4) | (atoi64[ARCH_INDEX(ptreapol[2])] >> 2); johnptr[2] = (atoi64[ARCH_INDEX(ptreapol[2])] << 6) | (atoi64[ARCH_INDEX(ptreapol[3])]); johnptr += 3; ptreapol += 4; } johnptr[0] = (atoi64[ARCH_INDEX(ptreapol[0])] << 2) | (atoi64[ARCH_INDEX(ptreapol[1])] >> 4); johnptr[1] = (atoi64[ARCH_INDEX(ptreapol[1])] << 4) | (atoi64[ARCH_INDEX(ptreapol[2])] >> 2); eapa = (eapauth_t*)hcptr->eapol; if(eapa->type != EAPOL_KEY) { johnskipped++; continue; } if(hcptr->eapol_size != ntohs(eapa->len) +4) { johnskipped++; continue; } wpak = (wpakey_t*)(hcptr->eapol +EAPAUTH_SIZE); keyver = ntohs(wpak->keyinfo) & WPA_KEY_INFO_TYPE_MASK; if(keyver != hcptr->keyver) { johnskipped++; continue; } if(keyver > 3) { johnskipped++; continue; } keyinfo = (getkeyinfo(ntohs(wpak->keyinfo))); if(keyinfo == 3) { johnskipped++; continue; } rc = wpak->replaycount; #ifdef BIG_ENDIAN_HOST rc = byte_swap_64(rc); #endif if(keyinfo == 4) { rc--; } if(fd_cap == 0) { snprintf(singlecapname, 18, "%02x%02x%02x%02x%02x%02x.cap", hcptr->mac2[0], hcptr->mac2[1], hcptr->mac2[2], hcptr->mac2[3], hcptr->mac2[4], hcptr->mac2[5]); fd_singlecap = hcxopencapdump(singlecapname); if(fd_singlecap == -1) { fprintf(stderr, "could not create cap file\n"); exit(EXIT_FAILURE); } if(keyver == 1) { writecapbeaconwpa1(fd_singlecap, hcptr->mac1, essidlen, (uint8_t*)hcptr->essid); if(memcmp(wpak->nonce, hcptr->nonce1, 32) != 0) { writecapm1wpa1(fd_singlecap, hcptr->mac2, hcptr->mac1, hcptr->nonce1, eapa->version, wpak->keylen, rc); } else { writecapm1wpa1(fd_singlecap, hcptr->mac2, hcptr->mac1, hcptr->nonce2, eapa->version, wpak->keylen, rc); } writecapm2(fd_singlecap, hcptr->mac2, hcptr->mac1, hcptr->eapol_size, hcptr->eapol, hcptr->keymic); hccapcapwritten++; } else if(keyver == 2) { writecapbeaconwpa2(fd_singlecap, hcptr->mac1, essidlen, (uint8_t*)hcptr->essid); if(memcmp(wpak->nonce, hcptr->nonce1, 32) != 0) { writecapm1wpa2(fd_singlecap, hcptr->mac2, hcptr->mac1, hcptr->nonce1, eapa->version, wpak->keylen, rc); } else { writecapm1wpa2(fd_singlecap, hcptr->mac2, hcptr->mac1, hcptr->nonce2, eapa->version, wpak->keylen, rc); } writecapm2(fd_singlecap, hcptr->mac2, hcptr->mac1, hcptr->eapol_size, hcptr->eapol, hcptr->keymic); hccapcapwritten++; } else if(keyver == 3) { writecapbeaconwpa2keyver3(fd_singlecap, hcptr->mac1, essidlen, (uint8_t*)hcptr->essid); if(memcmp(wpak->nonce, hcptr->nonce1, 32) != 0) { writecapm1wpa2keyver3(fd_singlecap, hcptr->mac2, hcptr->mac1, hcptr->nonce1, eapa->version, wpak->keylen, rc); } else { writecapm1wpa2keyver3(fd_singlecap, hcptr->mac2, hcptr->mac1, hcptr->nonce2, eapa->version, wpak->keylen, rc); } writecapm2(fd_singlecap, hcptr->mac2, hcptr->mac1, hcptr->eapol_size, hcptr->eapol, hcptr->keymic); hccapcapwritten++; } close(fd_singlecap); } else { if(keyver == 1) { writecapbeaconwpa1(fd_cap, hcptr->mac1, essidlen, (uint8_t*)hcptr->essid); if(memcmp(wpak->nonce, hcptr->nonce1, 32) != 0) { writecapm1wpa1(fd_cap, hcptr->mac2, hcptr->mac1, hcptr->nonce1, eapa->version, wpak->keylen, rc); } else { writecapm1wpa1(fd_cap, hcptr->mac2, hcptr->mac1, hcptr->nonce2, eapa->version, wpak->keylen, rc); } writecapm2(fd_cap, hcptr->mac2, hcptr->mac1, hcptr->eapol_size, hcptr->eapol, hcptr->keymic); hccapcapwritten++; } else if(keyver == 2) { writecapbeaconwpa2(fd_cap, hcptr->mac1, essidlen, (uint8_t*)hcptr->essid); if(memcmp(wpak->nonce, hcptr->nonce1, 32) != 0) { writecapm1wpa2(fd_cap, hcptr->mac2, hcptr->mac1, hcptr->nonce1, eapa->version, wpak->keylen, rc); } else { writecapm1wpa2(fd_cap, hcptr->mac2, hcptr->mac1, hcptr->nonce2, eapa->version, wpak->keylen, rc); } writecapm2(fd_cap, hcptr->mac2, hcptr->mac1, hcptr->eapol_size, hcptr->eapol, hcptr->keymic); hccapcapwritten++; } else if(keyver == 3) { writecapbeaconwpa2keyver3(fd_cap, hcptr->mac1, essidlen, (uint8_t*)hcptr->essid); if(memcmp(wpak->nonce, hcptr->nonce1, 32) != 0) { writecapm1wpa2keyver3(fd_cap, hcptr->mac2, hcptr->mac1, hcptr->nonce1, eapa->version, wpak->keylen, rc); } else { writecapm1wpa2keyver3(fd_cap, hcptr->mac2, hcptr->mac1, hcptr->nonce2, eapa->version, wpak->keylen, rc); } writecapm2(fd_cap, hcptr->mac2, hcptr->mac1, hcptr->eapol_size, hcptr->eapol, hcptr->keymic); hccapcapwritten++; } } } fclose(fhjohn); return; } /*===========================================================================*/ static void removeemptycap(char *filenametoremove) { struct stat statinfo; if(filenametoremove == NULL) { return; } if(stat(filenametoremove, &statinfo) != 0) { return; } if(statinfo.st_size == 24) { remove(filenametoremove); return; } return; } /*===========================================================================*/ __attribute__ ((noreturn)) static void version(char *eigenname) { fprintf(stdout, "%s %s (C) %s ZeroBeat\n", eigenname, VERSION_TAG, VERSION_YEAR); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) static void usage(char *eigenname) { fprintf(stdout, "%s %s (C) %s ZeroBeat\n" "usage:\n" "%s \n" "\n" "options:\n" "-c : output cap file\n" " if no cap file is selected, output will be written to single cap files\n" " format: mac_sta.cap (mac_sta.cap_x)\n" "-h : show this help\n" "-v : show version\n" "\n" "--pmkid-eapol= : input PMKID EAPOL (22000) combi hash file\n" "--pmkid= : input deprecated PMKID (16800) hash file\n" "--hccapx= : input deprecated hccapx (2500) hash file\n" "--hccap= : input ancient hccap (2500) file\n" "--john= : input John the Ripper WPAPSK hash file\n" "--help : show this help\n" "--version : show version\n" "\n" "Important notice:\n" "Conversion from a dump file to a hash file is not loss less.\n" "Hash files that contain EAPOL M3 MESSAGEs can't be converted back to a cap file.\n" "\n", eigenname, VERSION_TAG, VERSION_YEAR, eigenname); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) static void usageerror(char *eigenname) { fprintf(stdout, "%s %s (C) %s by ZeroBeat\n" "usage: %s -h for help\n", eigenname, VERSION_TAG, VERSION_YEAR, eigenname); exit(EXIT_FAILURE); } /*===========================================================================*/ int main(int argc, char *argv[]) { static int auswahl; static int index; static int fd_cap = 0; static char *pmkideapolname = NULL; static char *pmkidname = NULL; static char *hccapxname = NULL; static char *hccapname = NULL; static char *johnname = NULL; static char *capname = NULL; static const char *short_options = "c:hv"; static const struct option long_options[] = { {"pmkid-eapol", required_argument, NULL, HCXP_PMKID_EAPOL}, {"pmkid", required_argument, NULL, HCXP_PMKID}, {"hccapx", required_argument, NULL, HCXP_HCCAPX}, {"hccap", required_argument, NULL, HCXP_HCCAP}, {"john", required_argument, NULL, HCXP_JOHN}, {"version", no_argument, NULL, HCXP_VERSION}, {"help", no_argument, NULL, HCXP_HELP}, {NULL, 0, NULL, 0} }; auswahl = -1; index = 0; optind = 1; optopt = 0; while((auswahl = getopt_long (argc, argv, short_options, long_options, &index)) != -1) { switch (auswahl) { case HCXP_PMKID_EAPOL: pmkideapolname = optarg; break; case HCXP_PMKID: pmkidname = optarg; break; case HCXP_HCCAPX: hccapxname = optarg; break; case HCXP_HCCAP: hccapname = optarg; break; case HCXP_JOHN: johnname = optarg; break; case HCXP_CAP: capname = optarg; break; case HCXP_HELP: usage(basename(argv[0])); break; case HCXP_VERSION: version(basename(argv[0])); break; case '?': usageerror(basename(argv[0])); break; } } if(argc < 2) { fprintf(stderr, "no option selected\n"); return EXIT_SUCCESS; } globalinit(); if(capname != NULL) { fd_cap = hcxopencapdump(capname); if(fd_cap == -1) { fprintf(stderr, "could not create cap file\n"); exit(EXIT_FAILURE); } } if(pmkideapolname != NULL) { processpmkideapolfile(pmkideapolname, fd_cap); } if(pmkidname != NULL) { processpmkidfile(pmkidname, fd_cap); } if(hccapxname != NULL) { processhccapxfile(hccapxname, fd_cap); } if(hccapname != NULL) { processhccapfile(hccapname, fd_cap); } if(johnname != NULL) { processjohnfile(johnname, fd_cap); } if(fd_cap != 0) { close(fd_cap); removeemptycap(capname); } if(pmkideapolcapwritten > 0) { fprintf(stdout, "PMKIDs/EAPOL messages written to capfile(s): %llu (%llu skipped)\n", pmkideapolcapwritten, pmkideapolcapskipped); } if(pmkcapwritten > 0) { fprintf(stdout, "PMKIDs written to capfile(s): %llu (%llu skipped)\n", pmkcapwritten, pmkcapskipped); } if(hccapxcapwritten > 0) { fprintf(stdout, "EAPOLs written to capfile(s): %llu (%llu skipped)\n", hccapxcapwritten, hccapxcapskipped); } if(hccapcapwritten > 0) { fprintf(stdout, "EAPOLs written to capfile(s): %llu (%llu skipped)\n", hccapcapwritten, hccapcapskipped); } if(johnwritten > 0) { fprintf(stdout, "EAPOLs written to capfile(s): %llu (%llu skipped)\n", johnwritten, johnskipped); } return EXIT_SUCCESS; } /*===========================================================================*/ hcxtools-6.3.5/hcxhashtool.c000066400000000000000000003076351471436210700161030ustar00rootroot00000000000000#define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #if defined (__APPLE__) || defined(__OpenBSD__) #include #endif #ifdef _WIN32 #include #else #include #endif #include #include #include #include #include #include #include #include "include/hcxhashtool.h" #include "include/strings.c" #include "include/fileops.c" #include "include/ieee80211.c" #include "include/byteops.c" /*===========================================================================*/ struct hccapx_s { uint32_t signature; #define HCCAPX_SIGNATURE 0x58504348 uint32_t version; #define HCCAPX_VERSION 4 uint8_t message_pair; uint8_t essid_len; uint8_t essid[32]; uint8_t keyver; uint8_t keymic[16]; uint8_t ap[6]; uint8_t anonce[32]; uint8_t client[6]; uint8_t snonce[32]; uint16_t eapol_len; uint8_t eapol[256]; } __attribute__((packed)); typedef struct hccapx_s hccapx_t; #define HCCAPX_SIZE (sizeof(hccapx_t)) /*---------------------------------------------------------------------------*/ struct hccap_s { char essid[36]; unsigned char ap[6]; unsigned char client[6]; unsigned char snonce[32]; unsigned char anonce[32]; unsigned char eapol[256]; int eapol_size; int keyver; unsigned char keymic[16]; }; typedef struct hccap_s hccap_t; #define HCCAP_SIZE (sizeof(hccap_t)) /*===========================================================================*/ /* global var */ static const char *usedoui; static int ouicount; static int ouilistcount; static ouilist_t *ouilist; static hashlist_t *hashlist; static long int pbkdf2count; static long int pbkdf2readerrorcount; static long int hashlistcount; static long int readcount; static long int readerrorcount; static long int correctedcount; static long int pmkideapolcount; static long int pmkidcount; static long int eapolcount; static long int pmkidwrittencount; static long int eapolwrittencount; static long int essidwrittencount; static long int essidrawwrittencount; static long int hccapxwrittencount; static long int hccapwrittencount; static long int johnpmkidwrittencount; static long int johneapolwrittencount; static EVP_MAC *hmac; static EVP_MAC *cmac; static EVP_MAC_CTX *ctxhmac; static EVP_MAC_CTX *ctxcmac; static OSSL_PARAM paramsmd5[3]; static OSSL_PARAM paramssha1[3]; static OSSL_PARAM paramssha256[3]; static OSSL_PARAM paramsaes128[3]; static int hashtype; static int essidlen; static int essidlenmin; static int essidlenmax; static int filteressidlen; static char *filteressidptr; static regex_t essidregex; static int filteressidpartlen; static char *filteressidpartptr; static char *filteressidregexptr; static char *filtervendorptr; static char *filtervendorapptr; static char *filtervendorclientptr; static bool flagpsk; static bool flagpmk; static bool flagessidgroup; static bool flagmacapgroup; static bool flagmacclientgroup; static bool flagouigroup; static bool flagvendorout; static bool flaghccapsingleout; static bool caseflag; static bool statusflag; static bool flagfiltermacap; static uint8_t filtermacap[6]; static bool flagfiltermacclient; static uint8_t filtermacclient[6]; static bool flagfilterouiap; static uint8_t filterouiap[3]; static bool flagfilterouiclient; static uint8_t filterouiclient[3]; static bool flagfilterauthorized; static bool flagfilterchallenge; static bool flagfilterrcchecked; static bool flagfilterrcnotchecked; static bool flagfilterapless; static int pskptrlen; static char *pskptr; static uint8_t pmk[32]; /*===========================================================================*/ static void closelists(void) { if(hashlist != NULL) free(hashlist); if(ouilist != NULL) free(ouilist); if(filteressidregexptr != NULL) regfree(&essidregex); if(ctxhmac != NULL) { EVP_MAC_CTX_free(ctxhmac); EVP_MAC_free(hmac); } if(ctxcmac != NULL) { EVP_MAC_CTX_free(ctxcmac); EVP_MAC_free(cmac); } EVP_cleanup(); CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); return; } /*===========================================================================*/ static bool initlists(void) { ouicount = 0; ouilistcount = OUILIST_MAX; hashlistcount = HASHLIST_MAX; readcount = 0; correctedcount = 0; readerrorcount = 0; pmkideapolcount = 0; readerrorcount = 0; pmkidcount = 0; eapolcount = 0; pmkidwrittencount = 0; eapolwrittencount = 0; essidwrittencount = 0; essidrawwrittencount = 0; johnpmkidwrittencount = 0; johneapolwrittencount = 0; hccapxwrittencount = 0; hccapwrittencount = 0; if((hashlist = (hashlist_t*)calloc(hashlistcount, HASHLIST_SIZE)) == NULL) return false; if((ouilist = (ouilist_t*)calloc(ouilistcount, OUILIST_SIZE)) == NULL) return false; ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); hmac = NULL; ctxhmac = NULL; cmac = NULL; ctxcmac = NULL; hmac = EVP_MAC_fetch(NULL, "hmac", NULL); if(hmac == NULL) return false; cmac = EVP_MAC_fetch(NULL, "cmac", NULL); if(cmac == NULL) return false; char md5[] = "md5"; paramsmd5[0] = OSSL_PARAM_construct_utf8_string("digest", md5, 0); paramsmd5[1] = OSSL_PARAM_construct_end(); char sha1[] = "sha1"; paramssha1[0] = OSSL_PARAM_construct_utf8_string("digest", sha1, 0); paramssha1[1] = OSSL_PARAM_construct_end(); char sha256[] = "sha256"; paramssha256[0] = OSSL_PARAM_construct_utf8_string("digest", sha256, 0); paramssha256[1] = OSSL_PARAM_construct_end(); char aes[] = "aes-1280-cbc"; paramsaes128[0] = OSSL_PARAM_construct_utf8_string("cipher", aes, 0); paramsaes128[1] = OSSL_PARAM_construct_end(); ctxhmac = EVP_MAC_CTX_new(hmac); if(ctxhmac == NULL) return false; ctxcmac = EVP_MAC_CTX_new(cmac); if(ctxcmac == NULL) return false; return true; } /*===========================================================================*/ static char *getvendor(uint8_t *mac) { static ouilist_t * zeiger; static char unknown[] = "Unknown"; for(zeiger = ouilist; zeiger < ouilist +ouicount; zeiger++) { if(memcmp(zeiger->oui, mac, 3) == 0) return zeiger->vendor; if(memcmp(zeiger->oui, mac, 3) > 0) return unknown; } return unknown; } /*===========================================================================*/ static void printstatus(void) { static char *vendor; fprintf(stdout, "\nOUI information file..........: %s\n", usedoui); if(ouicount > 0) fprintf(stdout, "OUI entries...................: %d\n", ouicount); if(readcount > 0) fprintf(stdout, "total lines read..............: %ld\n", readcount); if(flagvendorout == true) { fprintf(stdout, "\n"); return; } if(pbkdf2count > 0) fprintf(stdout, "PBKDF2 lines..................: %ld\n", pbkdf2count); if(pbkdf2readerrorcount > 0) fprintf(stdout, "PBKDF2 errors.................: %ld\n", pbkdf2readerrorcount); if(readerrorcount > 0) fprintf(stdout, "read/format errors......... .: %ld\n", readerrorcount); if(correctedcount > 0) fprintf(stdout, "corrected read/format errors : %ld\n", correctedcount); if(pmkideapolcount > 0) fprintf(stdout, "valid hash lines..............: %ld\n", pmkideapolcount); if(pmkidcount > 0) fprintf(stdout, "PMKID hash lines..............: %ld\n", pmkidcount); if(eapolcount > 0) fprintf(stdout, "EAPOL hash lines..............: %ld\n", eapolcount); if(essidlenmin != 0) fprintf(stdout, "filter by ESSID len min.......: %d\n", essidlenmin); if(essidlenmax != 32) fprintf(stdout, "filter by ESSID len max.......: %d\n", essidlenmax); if(filteressidptr != NULL) fprintf(stdout, "filter by ESSID...............: %s\n", filteressidptr); if(filteressidpartptr != NULL) fprintf(stdout, "filter by part of ESSID.......: %s\n", filteressidpartptr); if(filteressidregexptr != NULL) fprintf(stdout, "filter by ESSID RegEx.........: %s\n", filteressidregexptr); if(flagfiltermacap == true) { vendor = getvendor(filtermacap); fprintf(stdout, "filter by MAC.................: %02x%02x%02x%02x%02x%02x (%s)\n", filtermacap[0], filtermacap[1], filtermacap[2], filtermacap[3], filtermacap[4], filtermacap[5], vendor); } if(flagfiltermacclient == true) { vendor = getvendor(filtermacclient); fprintf(stdout, "filter by MAC.................: %02x%02x%02x%02x%02x%02x (%s)\n", filtermacclient[0], filtermacclient[1], filtermacclient[2], filtermacclient[3], filtermacclient[4], filtermacclient[5], vendor); } if(flagfilterouiap == true) { vendor = getvendor(filterouiap); fprintf(stdout, "filter AP by OUI..............: %02x%02x%02x (%s)\n", filterouiap[0], filterouiap[1], filterouiap[2], vendor); } if(filtervendorptr != NULL) fprintf(stdout, "filter AP and CLIENT by VENDOR: %s\n", filtervendorptr); if(filtervendorapptr != NULL) fprintf(stdout, "filter AP by VENDOR...........: %s\n", filtervendorapptr); if(filtervendorclientptr != NULL) fprintf(stdout, "filter CLIENT by VENDOR.......: %s\n", filtervendorclientptr); if(flagfilterouiclient == true) { vendor = getvendor(filterouiclient); fprintf(stdout, "filter CLIENT by OUI..........: %02x%02x%02x (%s)\n", filterouiclient[0], filterouiclient[1], filterouiclient[2], vendor); } if(flagfilterapless == true) fprintf(stdout, "filter by M2..................: requested from client (AP-LESS)\n"); if(flagfilterrcchecked == true) fprintf(stdout, "filter by NC..................: nonce-error-corrections not necessary\n"); if(flagfilterrcnotchecked == true) fprintf(stdout, "filter by NC..................: nonce-error-corrections necessary\n"); if(flagfilterauthorized == true) fprintf(stdout, "filter by status..............: authorized (M1M4, M2M3 or M3M4)\n"); if(flagfilterchallenge == true) fprintf(stdout, "filter by status..............: challenge (M1M2)\n"); if(pmkidwrittencount > 0) fprintf(stdout, "PMKID written.................: %ld\n", pmkidwrittencount); if(eapolwrittencount > 0) fprintf(stdout, "EAPOL written.................: %ld\n", eapolwrittencount); if(johnpmkidwrittencount > 0) fprintf(stdout, "PMKID written to john.........: %ld\n", johnpmkidwrittencount); if(johneapolwrittencount > 0) fprintf(stdout, "EAPOL written to john.........: %ld\n", johneapolwrittencount); if(hccapxwrittencount > 0) fprintf(stdout, "EAPOL written to hccapx.......: %ld\n", hccapxwrittencount); if(hccapwrittencount > 0) fprintf(stdout, "EAPOL written to hccap........: %ld\n", hccapwrittencount); if(essidwrittencount > 0) fprintf(stdout, "ESSID (unique) written........: %ld\n", essidwrittencount); if(essidrawwrittencount > 0) fprintf(stdout, "ESSID written.................: %ld\n", essidrawwrittencount); fprintf(stdout, "\n"); return; } /*===========================================================================*/ static void testeapolpmk(hashlist_t *zeiger) { static int keyver; static int p; static wpakey_t *wpak; static uint8_t *pkeptr; static uint8_t eapoltmp[1024]; static uint8_t pkedata[102]; wpak = (wpakey_t*)&zeiger->eapol[EAPAUTH_SIZE]; keyver = ntohs(wpak->keyinfo) & WPA_KEY_INFO_TYPE_MASK; if((keyver == 1) || (keyver == 2)) { memset(&pkedata, 0, sizeof(pkedata)); pkeptr = pkedata; memcpy(pkeptr, "Pairwise key expansion", 23); if(memcmp(zeiger->ap, zeiger->client, 6) < 0) { memcpy(pkeptr +23, zeiger->ap, 6); memcpy(pkeptr +29, zeiger->client, 6); } else { memcpy(pkeptr +23, zeiger->client, 6); memcpy(pkeptr +29, zeiger->ap, 6); } if(memcmp(zeiger->nonce, wpak->nonce, 32) < 0) { memcpy (pkeptr +35, zeiger->nonce, 32); memcpy (pkeptr +67, wpak->nonce, 32); } else { memcpy (pkeptr +35, wpak->nonce, 32); memcpy (pkeptr +67, zeiger->nonce, 32); } if(!EVP_MAC_init(ctxhmac, pmk, 32, paramssha1)) return; if(!EVP_MAC_update(ctxhmac, pkedata, 100)) return; if(!EVP_MAC_final(ctxhmac, pkedata, NULL, 100)) return; fprintf(stdout, "\n"); if(keyver == 2) { memset(eapoltmp, 0, 1024); memcpy(eapoltmp, zeiger->eapol, zeiger->eapauthlen); if(!EVP_MAC_init(ctxhmac, pkedata, 16, paramssha1)) return; if(!EVP_MAC_update(ctxhmac, eapoltmp, zeiger->eapauthlen)) return; if(!EVP_MAC_final(ctxhmac, eapoltmp, NULL, zeiger->eapauthlen)) return; } if(keyver == 1) { memset(eapoltmp, 0, 1024); memcpy(eapoltmp, zeiger->eapol, zeiger->eapauthlen); if(!EVP_MAC_init(ctxhmac, pkedata, 16, paramsmd5)) return; if(!EVP_MAC_update(ctxhmac, eapoltmp, zeiger->eapauthlen)) return; if(!EVP_MAC_final(ctxhmac, eapoltmp, NULL, zeiger->eapauthlen)) return; } } else if(keyver == 3) { memset(&pkedata, 0, sizeof(pkedata)); pkedata[0] = 1; pkedata[1] = 0; pkeptr = pkedata +2; memcpy(pkeptr, "Pairwise key expansion", 22); if(memcmp(zeiger->ap, zeiger->client, 6) < 0) { memcpy(pkeptr +22, zeiger->ap, 6); memcpy(pkeptr +28, zeiger->client, 6); } else { memcpy(pkeptr +22, zeiger->client, 6); memcpy(pkeptr +28, zeiger->ap, 6); } if(memcmp(zeiger->nonce, wpak->nonce, 32) < 0) { memcpy (pkeptr +34, zeiger->nonce, 32); memcpy (pkeptr +66, wpak->nonce, 32); } else { memcpy (pkeptr +34, wpak->nonce, 32); memcpy (pkeptr +66, zeiger->nonce, 32); } pkedata[100] = 0x80; pkedata[101] = 1; if(!EVP_MAC_init(ctxhmac, pmk, 32, paramssha256)) return; if(!EVP_MAC_update(ctxhmac, pkedata, 102)) return; if(!EVP_MAC_final(ctxhmac, pkedata, NULL, 102)) return; memset(eapoltmp, 0, 1024); memcpy(eapoltmp, zeiger->eapol, zeiger->eapauthlen); if(!EVP_MAC_init(ctxcmac, pkedata, 16, paramsaes128)) return; if(!EVP_MAC_update(ctxcmac, eapoltmp, zeiger->eapauthlen)) return; if(!EVP_MAC_final(ctxcmac, eapoltmp, NULL, zeiger->eapauthlen)) return; } else return; if(memcmp(eapoltmp, zeiger->hash, 16) == 0) { for(p = 0; p < 6; p++) fprintf(stdout, "%02x", zeiger->client[p]); fprintf(stdout, ":"); for(p = 0; p < 6; p++) fprintf(stdout, "%02x", zeiger->ap[p]); if(zeiger->essidlen != 0) { if(ispotfilestring(zeiger->essidlen, (char*)zeiger->essid) == true) fprintf(stdout, ":%.*s", zeiger->essidlen, zeiger->essid); else { fprintf(stdout, ":$HEX["); for(p = 0; p < zeiger->essidlen; p++) fprintf(stdout, "%02x", zeiger->essid[p]); fprintf(stdout, "]"); } } else fprintf(stdout, ":"); fprintf(stdout, ":%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", pmk[0], pmk[1], pmk[2], pmk[3], pmk[4], pmk[5], pmk[6], pmk[7], pmk[8], pmk[9], pmk[10], pmk[11], pmk[12], pmk[13], pmk[14], pmk[15], pmk[16], pmk[17], pmk[18], pmk[19], pmk[20], pmk[21], pmk[22], pmk[23], pmk[24], pmk[25], pmk[26], pmk[27], pmk[28], pmk[29], pmk[30], pmk[31]); if(pskptr != NULL) { if(ispotfilestring(pskptrlen, pskptr) == true) fprintf(stdout, ":%s", pskptr); else { fprintf(stdout, ":$HEX["); for(p = 0; p < pskptrlen; p++) fprintf(stdout, "%02x", pskptr[p]); fprintf(stdout, "]"); } } fprintf(stdout, "\n"); } return; } /*===========================================================================*/ static void testpmkidpmk(hashlist_t *zeiger) { static int p; static const char *pmkname = "PMK Name"; static uint8_t message[20]; memcpy(message, pmkname, 8); memcpy(&message[8], zeiger->ap, 6); memcpy(&message[14], zeiger->client, 6); if(!EVP_MAC_init(ctxhmac, pmk, 32, paramssha1)) return; if(!EVP_MAC_update(ctxhmac, message, 20)) return; if(!EVP_MAC_final(ctxhmac, message, NULL, 20)) return; if(memcmp(message, zeiger->hash, 16) == 0) { for(p = 0; p < 6; p++) fprintf(stdout, "%02x", zeiger->client[p]); fprintf(stdout, ":"); for(p = 0; p < 6; p++) fprintf(stdout, "%02x", zeiger->ap[p]); if(zeiger->essidlen != 0) { if(ispotfilestring(zeiger->essidlen, (char*)zeiger->essid) == true) fprintf(stdout, ":%.*s", zeiger->essidlen, zeiger->essid); else { fprintf(stdout, ":$HEX["); for(p = 0; p < zeiger->essidlen; p++) fprintf(stdout, "%02x", zeiger->essid[p]); fprintf(stdout, "]"); } } else fprintf(stdout, ":"); fprintf(stdout, ":%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", pmk[0], pmk[1], pmk[2], pmk[3], pmk[4], pmk[5], pmk[6], pmk[7], pmk[8], pmk[9], pmk[10], pmk[11], pmk[12], pmk[13], pmk[14], pmk[15], pmk[16], pmk[17], pmk[18], pmk[19], pmk[20], pmk[21], pmk[22], pmk[23], pmk[24], pmk[25], pmk[26], pmk[27], pmk[28], pmk[29], pmk[30], pmk[31]); if(pskptr != NULL) { if(ispotfilestring(pskptrlen, pskptr) == true) fprintf(stdout, ":%s", pskptr); else { fprintf(stdout, ":$HEX["); for(p = 0; p < pskptrlen; p++) fprintf(stdout, "%02x", pskptr[p]); fprintf(stdout, "]"); } } fprintf(stdout, "\n"); } return; } /*===========================================================================*/ static void testhashfilepmk(void) { static hashlist_t *zeiger; for(zeiger = hashlist; zeiger < hashlist +pmkideapolcount; zeiger++) { if(zeiger->type == HCX_TYPE_PMKID) testpmkidpmk(zeiger); else if (zeiger->type == HCX_TYPE_EAPOL) testeapolpmk(zeiger); } return; } /*===========================================================================*/ static bool dopbkdf2(int psklen, char *psk, int essidlen, uint8_t *essid) { if(PKCS5_PBKDF2_HMAC_SHA1(psk, psklen, essid, essidlen, 4096, 32, pmk) == 0) return false; return true; } /*===========================================================================*/ static void testhashfilepsk(void) { static hashlist_t *zeiger, *zeigerold; zeigerold = hashlist; if(dopbkdf2(pskptrlen, pskptr, zeigerold->essidlen, zeigerold->essid) == true) { if(zeigerold->type == HCX_TYPE_PMKID) testpmkidpmk(zeigerold); if(zeigerold->type == HCX_TYPE_EAPOL) testeapolpmk(zeigerold); } for(zeiger = hashlist +1; zeiger < hashlist +pmkideapolcount; zeiger++) { if((zeigerold->essidlen == zeiger->essidlen) && (memcmp(zeigerold->essid, zeiger->essid, zeigerold->essidlen) == 0)) { if(zeiger->type == HCX_TYPE_PMKID) testpmkidpmk(zeiger); if(zeiger->type == HCX_TYPE_EAPOL) testeapolpmk(zeiger); } else { if(dopbkdf2(pskptrlen, pskptr, zeiger->essidlen, zeiger->essid) == true) { if(zeiger->type == HCX_TYPE_PMKID) testpmkidpmk(zeiger); if(zeiger->type == HCX_TYPE_EAPOL) testeapolpmk(zeiger); } } zeigerold = zeiger; } return; } /*===========================================================================*/ static bool isoui(uint8_t *macap, uint8_t *macclient) { static ouilist_t *zeiger; for(zeiger = ouilist; zeiger < ouilist +ouicount; zeiger++) { if(((zeiger->type &TYPE_AP) == TYPE_AP) && (memcmp(macap, zeiger->oui, 3) == 0)) return true; if(((zeiger->type &TYPE_CLIENT) == TYPE_CLIENT) && (memcmp(macclient, zeiger->oui, 3) == 0)) return true; } return false; } /*===========================================================================*/ static bool ispartof(int plen, uint8_t *pbuff, int slen, uint8_t *sbuff) { static int p; static uint8_t buffers[32]; static uint8_t bufferp[32]; if(plen > slen) return false; if(caseflag == false) { for(p = 0; p <= slen -plen; p++) { if(memcmp(&sbuff[p], pbuff, plen) == 0) return true; } return false; } else { memset(buffers, 0, 32); for(p = 0; p < slen; p++) { if(isupper(sbuff[p])) buffers[p] = tolower(sbuff[p]); else buffers[p] = sbuff[p]; } memset(bufferp, 0, 32); for(p = 0; p < plen; p++) { if(isupper(pbuff[p])) bufferp[p] = tolower(pbuff[p]); else bufferp[p] = pbuff[p]; } for(p = 0; p <= slen -plen; p++) { if(memcmp(&buffers[p], bufferp, plen) == 0) return true; } return false; } return false; } /*===========================================================================*/ static void hccap2base(unsigned char *in, unsigned char b, FILE *fh_john) { static const char itoa64[65] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; fprintf(fh_john, "%c", (itoa64[in[0] >> 2])); fprintf(fh_john, "%c", (itoa64[((in[0] & 0x03) << 4) | (in[1] >> 4)])); if(b) { fprintf(fh_john, "%c", (itoa64[((in[1] & 0x0f) << 2) | (in[2] >> 6)])); fprintf(fh_john, "%c", (itoa64[in[2] & 0x3f])); } else fprintf(fh_john, "%c", (itoa64[((in[1] & 0x0f) << 2)])); return; } /*===========================================================================*/ static void writejohnrecord(FILE *fh_john, hashlist_t *zeiger) { static wpakey_t *wpak; static int i; static char essid[ESSID_LEN_MAX+1]; static unsigned char *hcpos; static hccap_t hccap; if((zeiger->essidlen < essidlenmin) || (zeiger->essidlen > essidlenmax)) return; if(((zeiger->type &hashtype) != HCX_TYPE_PMKID) && ((zeiger->type &hashtype) != HCX_TYPE_EAPOL)) return; if(flagfiltermacap == true) if(memcmp(&filtermacap, zeiger->ap, 6) != 0) return; if(flagfiltermacclient == true) if(memcmp(&filtermacclient, zeiger->client, 6) != 0) return; if(flagfilterouiap == true) if(memcmp(&filterouiap, zeiger->ap, 3) != 0) return; if(flagfilterouiclient == true) if(memcmp(&filterouiclient, zeiger->client, 3) != 0) return; if(filteressidptr != NULL) { if(zeiger->essidlen != filteressidlen) return; if(memcmp(zeiger->essid, filteressidptr, zeiger->essidlen) != 0) return; } if(filteressidpartptr != NULL) { if(ispartof(filteressidpartlen, (uint8_t*)filteressidpartptr, zeiger->essidlen, zeiger->essid) == false) return; } if(filteressidregexptr != NULL) { strncpy(essid, (char*)zeiger->essid, zeiger->essidlen); essid[zeiger->essidlen] = '\0'; if(regexec(&essidregex, essid, 0, NULL, 0) == REG_NOMATCH) return; } if((filtervendorptr != NULL) || (filtervendorapptr != NULL) || (filtervendorclientptr != NULL)) { if(isoui(zeiger->ap, zeiger->client) == false) return; } if((flagfilterapless == true) && ((zeiger->mp &0x10) != 0x10)) return; if((flagfilterrcchecked == true) && ((zeiger->mp &0x80) == 0x80)) return; if((flagfilterrcnotchecked == true) && ((zeiger->mp &0x80) != 0x80)) return; if((flagfilterauthorized == true) && ((zeiger->mp &0x07) == 0x00)) return; if((flagfilterchallenge == true) && ((zeiger->mp &0x07) != 0x01)) return; if(zeiger->type == HCX_TYPE_PMKID) { fprintf(fh_john, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x*", zeiger->hash[0], zeiger->hash[1], zeiger->hash[2], zeiger->hash[3], zeiger->hash[4], zeiger->hash[5], zeiger->hash[6], zeiger->hash[7], zeiger->hash[8], zeiger->hash[9], zeiger->hash[10], zeiger->hash[11], zeiger->hash[12], zeiger->hash[13], zeiger->hash[14], zeiger->hash[15], zeiger->ap[0], zeiger->ap[1], zeiger->ap[2], zeiger->ap[3], zeiger->ap[4], zeiger->ap[5], zeiger->client[0], zeiger->client[1], zeiger->client[2], zeiger->client[3], zeiger->client[4], zeiger->client[5]); for(i = 0; i < zeiger->essidlen; i++) fprintf(fh_john, "%02x", zeiger->essid[i]); fprintf(fh_john, "\n"); johnpmkidwrittencount++; return; } wpak = (wpakey_t*)(zeiger->eapol +EAPAUTH_SIZE); memset(&hccap, 0, sizeof(hccap_t)); memcpy(&hccap.essid, zeiger->essid, zeiger->essidlen); memcpy(&hccap.ap, zeiger->ap, 6); memcpy(&hccap.client, zeiger->client, 6); memcpy(&hccap.anonce, zeiger->nonce, 32); memcpy(&hccap.snonce, wpak->nonce, 32); memcpy(&hccap.keymic, zeiger->hash, 16); hccap.keyver = ntohs(wpak->keyinfo) & WPA_KEY_INFO_TYPE_MASK; hccap.eapol_size = zeiger->eapauthlen; memcpy(&hccap.eapol, zeiger->eapol, zeiger->eapauthlen); #ifdef BIG_ENDIAN_HOST hccap.eapol_size = byte_swap_16(hccap.eapol_size); #endif fprintf(fh_john, "%.*s:$WPAPSK$%.*s#", zeiger->essidlen, zeiger->essid, zeiger->essidlen, zeiger->essid); hcpos = (unsigned char*)&hccap; for (i = 36; i + 3 < (int)HCCAP_SIZE; i += 3) hccap2base(&hcpos[i], 1, fh_john); hccap2base(&hcpos[i], 0, fh_john); fprintf(fh_john, ":%02x-%02x-%02x-%02x-%02x-%02x:%02x-%02x-%02x-%02x-%02x-%02x:%02x%02x%02x%02x%02x%02x", zeiger->client[0], zeiger->client[1], zeiger->client[2], zeiger->client[3], zeiger->client[4], zeiger->client[5], zeiger->ap[0], zeiger->ap[1], zeiger->ap[2], zeiger->ap[3], zeiger->ap[4], zeiger->ap[5], zeiger->ap[0], zeiger->ap[1], zeiger->ap[2], zeiger->ap[3], zeiger->ap[4], zeiger->ap[5]); if(hccap.keyver == 1) fprintf(fh_john, "::WPA"); else fprintf(fh_john, "::WPA2"); if((zeiger->mp &0x7) == 0) fprintf(fh_john, ":not verified"); else fprintf(fh_john, ":verified"); fprintf(fh_john, ":converted by hcxhashtool\n"); johneapolwrittencount++; return; } /*===========================================================================*/ static void writejohnfile(char *johnoutname) { static FILE *fh_john; static hashlist_t *zeiger; static struct stat statinfo; if(johnoutname != NULL) { if((fh_john = fopen(johnoutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", johnoutname, strerror(errno)); return; } } for(zeiger = hashlist; zeiger < hashlist +pmkideapolcount; zeiger++) writejohnrecord(fh_john, zeiger); if(fh_john != NULL) fclose(fh_john); if(johnoutname != NULL) { if(stat(johnoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(johnoutname); } } return; } /*===========================================================================*/ static void writehccaprecord(FILE *fh_hccap, hashlist_t *zeiger) { struct hccap_s { char essid[36]; unsigned char ap[6]; unsigned char client[6]; unsigned char snonce[32]; unsigned char anonce[32]; unsigned char eapol[256]; int eapol_size; int keyver; unsigned char keymic[16]; }; typedef struct hccap_s hccap_t; #define HCCAP_SIZE (sizeof(hccap_t)) static wpakey_t *wpak; static hccap_t hccap; static char essid[ESSID_LEN_MAX+1]; if(zeiger->type == HCX_TYPE_PMKID) return; if((zeiger->essidlen < essidlenmin) || (zeiger->essidlen > essidlenmax)) return; if(((zeiger->type &hashtype) != HCX_TYPE_PMKID) && ((zeiger->type &hashtype) != HCX_TYPE_EAPOL)) return; if(flagfiltermacap == true) if(memcmp(&filtermacap, zeiger->ap, 6) != 0) return; if(flagfiltermacclient == true) if(memcmp(&filtermacclient, zeiger->client, 6) != 0) return; if(flagfilterouiap == true) if(memcmp(&filterouiap, zeiger->ap, 3) != 0) return; if(flagfilterouiclient == true) if(memcmp(&filterouiclient, zeiger->client, 3) != 0) return; if(filteressidptr != NULL) { if(zeiger->essidlen != filteressidlen) return; if(memcmp(zeiger->essid, filteressidptr, zeiger->essidlen) != 0) return; } if(filteressidpartptr != NULL) { if(ispartof(filteressidpartlen, (uint8_t*)filteressidpartptr, zeiger->essidlen, zeiger->essid) == false) return; } if(filteressidregexptr != NULL) { strncpy(essid, (char *) zeiger->essid, zeiger->essidlen); essid[zeiger->essidlen] = '\0'; if(regexec(&essidregex, essid, 0, NULL, 0) == REG_NOMATCH) return; } if((filtervendorptr != NULL) || (filtervendorapptr != NULL) || (filtervendorclientptr != NULL)) { if(isoui(zeiger->ap, zeiger->client) == false) return; } if((flagfilterapless == true) && ((zeiger->mp &0x10) != 0x10)) return; if((flagfilterrcchecked == true) && ((zeiger->mp &0x80) == 0x80)) return; if((flagfilterrcnotchecked == true) && ((zeiger->mp &0x80) != 0x80)) return; if((flagfilterauthorized == true) && ((zeiger->mp &0x07) == 0x00)) return; if((flagfilterchallenge == true) && ((zeiger->mp &0x07) != 0x01)) return; wpak = (wpakey_t*)(zeiger->eapol +EAPAUTH_SIZE); memset(&hccap, 0, sizeof(hccap_t)); memcpy(&hccap.essid, zeiger->essid, zeiger->essidlen); memcpy(&hccap.ap, zeiger->ap, 6); memcpy(&hccap.client, zeiger->client, 6); memcpy(&hccap.anonce, zeiger->nonce, 32); memcpy(&hccap.snonce, wpak->nonce, 32); memcpy(&hccap.keymic, zeiger->hash, 16); hccap.keyver = ntohs(wpak->keyinfo) & WPA_KEY_INFO_TYPE_MASK; hccap.eapol_size = zeiger->eapauthlen; memcpy(&hccap.eapol, zeiger->eapol, zeiger->eapauthlen); #ifdef BIG_ENDIAN_HOST hccap.eapol_size = byte_swap_16(hccap.eapol_size); #endif fwrite(&hccap, HCCAP_SIZE, 1, fh_hccap); hccapwrittencount++; return; } /*===========================================================================*/ static void writehccapsinglefile(void) { static int c; static FILE *fh_hccap; static hashlist_t *zeiger; static struct stat statinfo; static char groupoutname[PATH_MAX]; for(zeiger = hashlist; zeiger < hashlist +pmkideapolcount; zeiger++) { c = 0; do { snprintf(groupoutname, PATH_MAX -1, "%02x%02x%02x%02x%02x%02x-%04d.hccap", zeiger->ap[0], zeiger->ap[1], zeiger->ap[2], zeiger->ap[3], zeiger->ap[4], zeiger->ap[5], c); c++; } while (stat(groupoutname, &statinfo) == 0); if((fh_hccap = fopen(groupoutname, "a")) == NULL) continue; writehccaprecord(fh_hccap, zeiger); if(fh_hccap != NULL) fclose(fh_hccap); if(stat(groupoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(groupoutname); } } return; } /*===========================================================================*/ static void writehccapfile(char *hccapoutname) { static FILE *fh_hccap; static hashlist_t *zeiger; static struct stat statinfo; if(hccapoutname != NULL) { if((fh_hccap = fopen(hccapoutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", hccapoutname, strerror(errno)); return; } } for(zeiger = hashlist; zeiger < hashlist +pmkideapolcount; zeiger++) writehccaprecord(fh_hccap, zeiger); if(fh_hccap != NULL) fclose(fh_hccap); if(hccapoutname != NULL) { if(stat(hccapoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(hccapoutname); } } return; } /*===========================================================================*/ static void writehccapxrecord(FILE *fh_hccapx, hashlist_t *zeiger) { static wpakey_t *wpak; static hccapx_t hccapx; static char essid[ESSID_LEN_MAX+1]; if(zeiger->type == HCX_TYPE_PMKID) return; if((zeiger->essidlen < essidlenmin) || (zeiger->essidlen > essidlenmax)) return; if(((zeiger->type &hashtype) != HCX_TYPE_PMKID) && ((zeiger->type &hashtype) != HCX_TYPE_EAPOL)) return; if(flagfiltermacap == true) if(memcmp(&filtermacap, zeiger->ap, 6) != 0) return; if(flagfiltermacclient == true) if(memcmp(&filtermacclient, zeiger->client, 6) != 0) return; if(flagfilterouiap == true) if(memcmp(&filterouiap, zeiger->ap, 3) != 0) return; if(flagfilterouiclient == true) if(memcmp(&filterouiclient, zeiger->client, 3) != 0) return; if(filteressidptr != NULL) { if(zeiger->essidlen != filteressidlen) return; if(memcmp(zeiger->essid, filteressidptr, zeiger->essidlen) != 0) return; } if(filteressidpartptr != NULL) { if(ispartof(filteressidpartlen, (uint8_t*)filteressidpartptr, zeiger->essidlen, zeiger->essid) == false) return; } if(filteressidregexptr != NULL) { strncpy(essid, (char *) zeiger->essid, zeiger->essidlen); essid[zeiger->essidlen] = '\0'; if(regexec(&essidregex, essid, 0, NULL, 0) == REG_NOMATCH) return; } if((filtervendorptr != NULL) || (filtervendorapptr != NULL) || (filtervendorclientptr != NULL)) { if(isoui(zeiger->ap, zeiger->client) == false) return; } if((flagfilterapless == true) && ((zeiger->mp &0x10) != 0x10)) return; if((flagfilterrcchecked == true) && ((zeiger->mp &0x80) == 0x80)) return; if((flagfilterrcnotchecked == true) && ((zeiger->mp &0x80) != 0x80)) return; if((flagfilterauthorized == true) && ((zeiger->mp &0x07) == 0x00)) return; if((flagfilterchallenge == true) && ((zeiger->mp &0x07) != 0x01)) return; wpak = (wpakey_t*)(zeiger->eapol +EAPAUTH_SIZE); memset (&hccapx, 0, sizeof(hccapx_t)); hccapx.signature = HCCAPX_SIGNATURE; hccapx.version = HCCAPX_VERSION; hccapx.message_pair = zeiger->mp; hccapx.essid_len = zeiger->essidlen; memcpy(&hccapx.essid, zeiger->essid, zeiger->essidlen); memcpy(&hccapx.ap, zeiger->ap, 6); memcpy(&hccapx.client, zeiger->client, 6); memcpy(&hccapx.anonce, zeiger->nonce, 32); memcpy(&hccapx.snonce, wpak->nonce, 32); hccapx.eapol_len = zeiger->eapauthlen; memcpy(&hccapx.eapol, zeiger->eapol, zeiger->eapauthlen); hccapx.keyver = ntohs(wpak->keyinfo) & WPA_KEY_INFO_TYPE_MASK; memcpy(&hccapx.keymic, zeiger->hash, 16); #ifdef BIG_ENDIAN_HOST hccapx.signature = byte_swap_32(hccapx.signature); hccapx.version = byte_swap_32(hccapx.version); hccapx.eapol_len = byte_swap_16(hccapx.eapol_len); #endif fwrite (&hccapx, sizeof(hccapx_t), 1, fh_hccapx); hccapxwrittencount++; return; } /*===========================================================================*/ static void writehccapxfile(char *hccapxoutname) { static FILE *fh_hccapx; static hashlist_t *zeiger; static struct stat statinfo; if(hccapxoutname != NULL) { if((fh_hccapx = fopen(hccapxoutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", hccapxoutname, strerror(errno)); return; } } for(zeiger = hashlist; zeiger < hashlist +pmkideapolcount; zeiger++) writehccapxrecord(fh_hccapx, zeiger); if(fh_hccapx != NULL) fclose(fh_hccapx); if(hccapxoutname != NULL) { if(stat(hccapxoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(hccapxoutname); } } return; } /*===========================================================================*/ static void processessidraw(char *essidrawoutname) { static long int pc; static hashlist_t *zeiger; static FILE *fh_essid; static struct stat statinfo; if((fh_essid = fopen(essidrawoutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", essidrawoutname, strerror(errno)); return; } for(pc = 0; pc < pmkideapolcount; pc++) { zeiger = hashlist +pc; fwriteessidstr(zeiger->essidlen, zeiger->essid, fh_essid); essidrawwrittencount++; } fclose(fh_essid); if(stat(essidrawoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(essidrawoutname); } return; } /*===========================================================================*/ static void processessid(char *essidoutname) { static long int pc; static hashlist_t *zeiger, *zeigerold; static FILE *fh_essid; static struct stat statinfo; if(strcmp(essidoutname, "stdout") != 0) { if((fh_essid = fopen(essidoutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", essidoutname, strerror(errno)); return; } zeigerold = NULL; qsort(hashlist, pmkideapolcount, HASHLIST_SIZE, sort_hashlist_by_essid); for(pc = 0; pc < pmkideapolcount; pc++) { zeiger = hashlist +pc; if(zeigerold != NULL) { if(memcmp(zeiger->essid, zeigerold->essid, ESSID_LEN_MAX) == 0) continue; } fwriteessidstr(zeiger->essidlen, zeiger->essid, fh_essid); essidwrittencount++; zeigerold = zeiger; } fclose(fh_essid); if(stat(essidoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(essidoutname); } } else { statusflag = false; zeigerold = NULL; qsort(hashlist, pmkideapolcount, HASHLIST_SIZE, sort_hashlist_by_essid); for(pc = 0; pc < pmkideapolcount; pc++) { zeiger = hashlist +pc; if(zeigerold != NULL) { if(memcmp(zeiger->essid, zeigerold->essid, ESSID_LEN_MAX) == 0) continue; } fwriteessidstr(zeiger->essidlen, zeiger->essid, stdout); essidwrittencount++; zeigerold = zeiger; } } return; } /*===========================================================================*/ static void writepmkideapolhashline(FILE *fh_pmkideapol, hashlist_t *zeiger) { static int p; static char essid[ESSID_LEN_MAX+1]; if((zeiger->essidlen < essidlenmin) || (zeiger->essidlen > essidlenmax)) return; if(((zeiger->type &hashtype) != HCX_TYPE_PMKID) && ((zeiger->type &hashtype) != HCX_TYPE_EAPOL)) return; if(flagfiltermacap == true) if(memcmp(&filtermacap, zeiger->ap, 6) != 0) return; if(flagfiltermacclient == true) if(memcmp(&filtermacclient, zeiger->client, 6) != 0) return; if(flagfilterouiap == true) if(memcmp(&filterouiap, zeiger->ap, 3) != 0) return; if(flagfilterouiclient == true) if(memcmp(&filterouiclient, zeiger->client, 3) != 0) return; if(filteressidptr != NULL) { if(zeiger->essidlen != filteressidlen) return; if(memcmp(zeiger->essid, filteressidptr, zeiger->essidlen) != 0) return; } if(filteressidpartptr != NULL) { if(ispartof(filteressidpartlen, (uint8_t*)filteressidpartptr, zeiger->essidlen, zeiger->essid) == false) return; } if(filteressidregexptr != NULL) { strncpy(essid, (char *) zeiger->essid, zeiger->essidlen); essid[zeiger->essidlen] = '\0'; //p = regexec(&essidregex, essid, 0, NULL, 0); //printf("%d\n", p); if(regexec(&essidregex, essid, 0, NULL, 0) == REG_NOMATCH) return; } if((filtervendorptr != NULL) || (filtervendorapptr != NULL) || (filtervendorclientptr != NULL)) { if(isoui(zeiger->ap, zeiger->client) == false) return; } if((flagfilterapless == true) && ((zeiger->mp &0x10) != 0x10)) return; if((flagfilterrcchecked == true) && ((zeiger->mp &0x80) == 0x80)) return; if((flagfilterrcnotchecked == true) && ((zeiger->mp &0x80) != 0x80)) return; if((flagfilterauthorized == true) && ((zeiger->mp &0x07) == 0x00)) return; if((flagfilterchallenge == true) && ((zeiger->mp &0x07) != 0x01)) return; if(zeiger->type == HCX_TYPE_PMKID) { fprintf(fh_pmkideapol, "WPA*%02d*%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x*", zeiger->type, zeiger->hash[0], zeiger->hash[1], zeiger->hash[2], zeiger->hash[3], zeiger->hash[4], zeiger->hash[5], zeiger->hash[6], zeiger->hash[7], zeiger->hash[8], zeiger->hash[9], zeiger->hash[10], zeiger->hash[11], zeiger->hash[12], zeiger->hash[13], zeiger->hash[14], zeiger->hash[15], zeiger->ap[0], zeiger->ap[1], zeiger->ap[2], zeiger->ap[3], zeiger->ap[4], zeiger->ap[5], zeiger->client[0], zeiger->client[1], zeiger->client[2], zeiger->client[3], zeiger->client[4], zeiger->client[5]); for(p = 0; p < zeiger->essidlen; p++) fprintf(fh_pmkideapol, "%02x", zeiger->essid[p]); fprintf(fh_pmkideapol, "***\n"); pmkidwrittencount++; return; } if(zeiger->type == HCX_TYPE_EAPOL) { fprintf(fh_pmkideapol, "WPA*%02d*%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x*", zeiger->type, zeiger->hash[0], zeiger->hash[1], zeiger->hash[2], zeiger->hash[3], zeiger->hash[4], zeiger->hash[5], zeiger->hash[6], zeiger->hash[7], zeiger->hash[8], zeiger->hash[9], zeiger->hash[10], zeiger->hash[11], zeiger->hash[12], zeiger->hash[13], zeiger->hash[14], zeiger->hash[15], zeiger->ap[0], zeiger->ap[1], zeiger->ap[2], zeiger->ap[3], zeiger->ap[4], zeiger->ap[5], zeiger->client[0], zeiger->client[1], zeiger->client[2], zeiger->client[3], zeiger->client[4], zeiger->client[5]); for(p = 0; p < zeiger->essidlen; p++) fprintf(fh_pmkideapol, "%02x", zeiger->essid[p]); fprintf(fh_pmkideapol, "*"); fprintf(fh_pmkideapol, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x*", zeiger->nonce[0], zeiger->nonce[1], zeiger->nonce[2], zeiger->nonce[3], zeiger->nonce[4], zeiger->nonce[5], zeiger->nonce[6], zeiger->nonce[7], zeiger->nonce[8], zeiger->nonce[9], zeiger->nonce[10], zeiger->nonce[11], zeiger->nonce[12], zeiger->nonce[13], zeiger->nonce[14], zeiger->nonce[15], zeiger->nonce[16], zeiger->nonce[17], zeiger->nonce[18], zeiger->nonce[19], zeiger->nonce[20], zeiger->nonce[21], zeiger->nonce[22], zeiger->nonce[23], zeiger->nonce[24], zeiger->nonce[25], zeiger->nonce[26], zeiger->nonce[27], zeiger->nonce[28], zeiger->nonce[29], zeiger->nonce[30], zeiger->nonce[31]); for(p = 0; p < zeiger->eapauthlen; p++) fprintf(fh_pmkideapol, "%02x", zeiger->eapol[p]); fprintf(fh_pmkideapol, "*%02x\n", zeiger->mp); eapolwrittencount++; } return; } /*===========================================================================*/ static void writeeapolpmkidessidgroups(void) { static int cei; static int ceo; static hashlist_t *zeiger; static FILE *fh_pmkideapol; static struct stat statinfo; static const char digit[16] = {'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'}; static char groupoutname[PATH_MAX]; qsort(hashlist, pmkideapolcount, HASHLIST_SIZE, sort_hashlist_by_essid); for(zeiger = hashlist; zeiger < hashlist +pmkideapolcount; zeiger++) { groupoutname[0] = 0; if((zeiger->essidlen < essidlenmin) || (zeiger->essidlen > essidlenmax)) continue; if(((zeiger->type &hashtype) != HCX_TYPE_PMKID) && ((zeiger->type &hashtype) != HCX_TYPE_EAPOL)) continue; ceo = 0; for (cei = 0; cei < zeiger->essidlen; cei++) { groupoutname[ceo] = digit[(zeiger->essid[cei] & 0xff) >> 4]; ceo++; groupoutname[ceo] = digit[zeiger->essid[cei] & 0x0f]; ceo++; } groupoutname[ceo] = 0; strcat(&groupoutname[ceo], ".22000"); if((fh_pmkideapol = fopen(groupoutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", groupoutname, strerror(errno)); return; } writepmkideapolhashline(fh_pmkideapol, zeiger); if(fh_pmkideapol != NULL) fclose(fh_pmkideapol); if(groupoutname[0] != 0) { if(stat(groupoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(groupoutname); } } } return; } /*===========================================================================*/ static void writeeapolpmkidouigroups(void) { static hashlist_t *zeiger; static FILE *fh_pmkideapol; static struct stat statinfo; static char groupoutname[PATH_MAX]; qsort(hashlist, pmkideapolcount, HASHLIST_SIZE, sort_hashlist_by_essid); for(zeiger = hashlist; zeiger < hashlist +pmkideapolcount; zeiger++) { snprintf(groupoutname, PATH_MAX -1, "%02x%02x%02x.22000", zeiger->ap[0], zeiger->ap[1], zeiger->ap[2]); if((fh_pmkideapol = fopen(groupoutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", groupoutname, strerror(errno)); return; } writepmkideapolhashline(fh_pmkideapol, zeiger); if(fh_pmkideapol != NULL) fclose(fh_pmkideapol); if(groupoutname[0] != 0) { if(stat(groupoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(groupoutname); } } } return; } /*===========================================================================*/ static void writeeapolpmkidmacapgroups(void) { static hashlist_t *zeiger; static FILE *fh_pmkideapol; static struct stat statinfo; static char groupoutname[PATH_MAX]; qsort(hashlist, pmkideapolcount, HASHLIST_SIZE, sort_hashlist_by_essid); for(zeiger = hashlist; zeiger < hashlist +pmkideapolcount; zeiger++) { snprintf(groupoutname, PATH_MAX -1, "%02x%02x%02x%02x%02x%02x.22000", zeiger->ap[0], zeiger->ap[1], zeiger->ap[2], zeiger->ap[3], zeiger->ap[4], zeiger->ap[5]); if((fh_pmkideapol = fopen(groupoutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", groupoutname, strerror(errno)); return; } writepmkideapolhashline(fh_pmkideapol, zeiger); if(fh_pmkideapol != NULL) fclose(fh_pmkideapol); if(groupoutname[0] != 0) { if(stat(groupoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(groupoutname); } } } return; } /*===========================================================================*/ static void writeeapolpmkidmacclientgroups(void) { static hashlist_t *zeiger; static FILE *fh_pmkideapol; static struct stat statinfo; static char groupoutname[PATH_MAX]; qsort(hashlist, pmkideapolcount, HASHLIST_SIZE, sort_hashlist_by_essid); for(zeiger = hashlist; zeiger < hashlist +pmkideapolcount; zeiger++) { snprintf(groupoutname, PATH_MAX -1, "%02x%02x%02x%02x%02x%02x.22000", zeiger->client[0], zeiger->client[1], zeiger->client[2], zeiger->client[3], zeiger->client[4], zeiger->client[5]); if((fh_pmkideapol = fopen(groupoutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", groupoutname, strerror(errno)); return; } writepmkideapolhashline(fh_pmkideapol, zeiger); if(fh_pmkideapol != NULL) fclose(fh_pmkideapol); if(groupoutname[0] != 0) { if(stat(groupoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(groupoutname); } } } return; } /*===========================================================================*/ static void writelceapolpmkidfile(char *pmkideapoloutname, long int lcmin, long int lcmax) { static long int lc; static FILE *fh_pmkideapol; static hashlist_t *zeiger; static hashlist_t *zeiger2; static hashlist_t *zeigerbegin; static hashlist_t *zeigerend; static struct stat statinfo; if(lcmax == 0) lcmax = pmkideapolcount; if(lcmin > lcmax) return; if(pmkideapoloutname != NULL) { if((fh_pmkideapol = fopen(pmkideapoloutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", pmkideapoloutname, strerror(errno)); return; } } qsort(hashlist, pmkideapolcount, HASHLIST_SIZE, sort_hashlist_by_essid); zeigerbegin = hashlist; lc = 0; for(zeiger = hashlist +1; zeiger < hashlist +pmkideapolcount; zeiger++) { if(memcmp(zeigerbegin->essid, zeiger->essid, ESSID_LEN_MAX) == 0) { zeigerend = zeiger; lc++; } else { if(((zeigerend -zeigerbegin) >= lcmin) && ((zeigerend -zeigerbegin) <= lcmax)) { for(zeiger2 = zeigerbegin; zeiger2 <= zeigerend; zeiger2++) writepmkideapolhashline(fh_pmkideapol, zeiger2); } lc = 0; zeigerbegin = zeiger; } } if(fh_pmkideapol != NULL) fclose(fh_pmkideapol); if(pmkideapoloutname != NULL) { if(stat(pmkideapoloutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(pmkideapoloutname); } } return; } /*===========================================================================*/ static void writeeapolpmkidfile(char *pmkideapoloutname) { static FILE *fh_pmkideapol; static hashlist_t *zeiger; static struct stat statinfo; if(pmkideapoloutname != NULL) { if((fh_pmkideapol = fopen(pmkideapoloutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", pmkideapoloutname, strerror(errno)); return; } } for(zeiger = hashlist; zeiger < hashlist +pmkideapolcount; zeiger++) writepmkideapolhashline(fh_pmkideapol, zeiger); if(fh_pmkideapol != NULL) fclose(fh_pmkideapol); if(pmkideapoloutname != NULL) { if(stat(pmkideapoloutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(pmkideapoloutname); } } return; } /*===========================================================================*/ static void writepmkideapolhashlineinfo(FILE *fh_pmkideapol, hashlist_t *zeiger) { static eapauth_t *eapa; static wpakey_t *wpak; static uint8_t keyver; static uint8_t keyinfo; static uint64_t rc; static char *vendor; static char essid[ESSID_LEN_MAX+1]; if((zeiger->essidlen < essidlenmin) || (zeiger->essidlen > essidlenmax)) return; if(((zeiger->type &hashtype) != HCX_TYPE_PMKID) && ((zeiger->type &hashtype) != HCX_TYPE_EAPOL)) return; if(flagfiltermacap == true) if(memcmp(&filtermacap, zeiger->ap, 6) != 0) return; if(flagfiltermacclient == true) if(memcmp(&filtermacclient, zeiger->client, 6) != 0) return; if(flagfilterouiap == true) if(memcmp(&filterouiap, zeiger->ap, 3) != 0) return; if(flagfilterouiclient == true) if(memcmp(&filterouiclient, zeiger->client, 3) != 0) return; if(filteressidptr != NULL) { if(zeiger->essidlen != filteressidlen) return; if(memcmp(zeiger->essid, filteressidptr, zeiger->essidlen) != 0) return; } if(filteressidpartptr != NULL) { if(ispartof(filteressidpartlen, (uint8_t*)filteressidpartptr, zeiger->essidlen, zeiger->essid) == false) return; } if(filteressidregexptr != NULL) { strncpy(essid, (char *) zeiger->essid, zeiger->essidlen); essid[zeiger->essidlen] = '\0'; if(regexec(&essidregex, essid, 0, NULL, 0) == REG_NOMATCH) return; } if((filtervendorptr != NULL) || (filtervendorapptr != NULL) || (filtervendorclientptr != NULL)) { if(isoui(zeiger->ap, zeiger->client) == false) return; } if((flagfilterapless == true) && ((zeiger->mp &0x10) != 0x10)) return; if((flagfilterrcchecked == true) && ((zeiger->mp &0x80) == 0x80)) return; if((flagfilterrcnotchecked == true) && ((zeiger->mp &0x80) != 0x80)) return; if((flagfilterauthorized == true) && ((zeiger->mp &0x07) == 0x00)) return; if((flagfilterchallenge == true) && ((zeiger->mp &0x07) != 0x01)) return; fprintf(fh_pmkideapol, "SSID.......: %.*s\n", zeiger->essidlen, zeiger->essid); vendor = getvendor(zeiger->ap); fprintf(fh_pmkideapol, "MAC_AP.....: %02x%02x%02x%02x%02x%02x (%s)\n", zeiger->ap[0], zeiger->ap[1], zeiger->ap[2], zeiger->ap[3], zeiger->ap[4], zeiger->ap[5], vendor); vendor = getvendor(zeiger->client); fprintf(fh_pmkideapol, "MAC_CLIENT.: %02x%02x%02x%02x%02x%02x (%s)\n", zeiger->client[0], zeiger->client[1], zeiger->client[2], zeiger->client[3], zeiger->client[4], zeiger->client[5], vendor); if(zeiger->type == HCX_TYPE_PMKID) { fprintf(fh_pmkideapol, "PMKID......: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n", zeiger->hash[0], zeiger->hash[1], zeiger->hash[2], zeiger->hash[3], zeiger->hash[4], zeiger->hash[5], zeiger->hash[6], zeiger->hash[7], zeiger->hash[8], zeiger->hash[9], zeiger->hash[10], zeiger->hash[11], zeiger->hash[12], zeiger->hash[13], zeiger->hash[14], zeiger->hash[15]); } if(zeiger->type == HCX_TYPE_EAPOL) { eapa = (eapauth_t*)zeiger->eapol; wpak = (wpakey_t*)&zeiger->eapol[EAPAUTH_SIZE]; if(eapa->version == 1) fprintf(fh_pmkideapol, "VERSION....: 802.1X-2001 (1)\n"); if(eapa->version == 2) fprintf(fh_pmkideapol, "VERSION....: 802.1X-2004 (2)\n"); keyver = ntohs(wpak->keyinfo) & WPA_KEY_INFO_TYPE_MASK; if(keyver == 1) fprintf(fh_pmkideapol, "KEY VERSION: WPA1\n"); if(keyver == 2) fprintf(fh_pmkideapol, "KEY VERSION: WPA2\n"); if(keyver == 3) fprintf(fh_pmkideapol, "KEY VERSION: WPA2 key version 3\n"); #ifndef BIG_ENDIAN_HOST rc = byte_swap_64(wpak->replaycount); #else rc = wpak->replaycount; #endif fprintf(fh_pmkideapol, "REPLAYCOUNT: %" PRIu64 "\n", rc); if((zeiger->mp & 0x20) == 0x20) fprintf(fh_pmkideapol, "ROUTER TYPE: little endian (LE)\n"); else if((zeiger->mp & 0x40) == 0x40) fprintf(fh_pmkideapol, "ROUTER TYPE: big endian (BE)\n"); if((zeiger->mp & 0xf0) == 0x10) fprintf(fh_pmkideapol, "NC INFO....: NC deactivated\n"); else if((zeiger->mp & 0x80) == 0x80) fprintf(fh_pmkideapol, "NC INFO....: hashcat default NC activated\n"); else fprintf(fh_pmkideapol, "NC INFO....: NC not detected\n"); keyinfo = (getkeyinfo(ntohs(wpak->keyinfo))); fprintf(fh_pmkideapol, "EAPOL MSG..: %d\n", keyinfo); if((zeiger->mp & 0x07) == 0x00) fprintf(fh_pmkideapol, "MP M1M2 E2.: challenge\n"); if((zeiger->mp & 0x07) == 0x01) fprintf(fh_pmkideapol, "MP M1M4 E4.: authorized\n"); if((zeiger->mp & 0x07) == 0x02) fprintf(fh_pmkideapol, "MP M2M3 E2.: authorized\n"); if((zeiger->mp & 0x07) == 0x03) fprintf(fh_pmkideapol, "MP M2M3 E3.: authorized\n"); if((zeiger->mp & 0x07) == 0x04) fprintf(fh_pmkideapol, "MP M3M4 E3.: authorized\n"); if((zeiger->mp & 0x07) == 0x05) fprintf(fh_pmkideapol, "MP M3M4 E4.: authorized\n"); fprintf(fh_pmkideapol, "MIC........: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n", zeiger->hash[0], zeiger->hash[1], zeiger->hash[2], zeiger->hash[3], zeiger->hash[4], zeiger->hash[5], zeiger->hash[6], zeiger->hash[7], zeiger->hash[8], zeiger->hash[9], zeiger->hash[10], zeiger->hash[11], zeiger->hash[12], zeiger->hash[13], zeiger->hash[14], zeiger->hash[15]); } fprintf(fh_pmkideapol, "HASHLINE...: "); writepmkideapolhashline(fh_pmkideapol, zeiger); fprintf(fh_pmkideapol, "\n"); return; } /*===========================================================================*/ static void writevendorapinfofile(char *vendorinfooutname) { static char *vendor; static hashlist_t *zeiger; static FILE *fh_info; qsort(hashlist, pmkideapolcount, HASHLIST_SIZE, sort_hashlist_by_macap); if(strcmp(vendorinfooutname, "stdout") != 0) { if((fh_info = fopen(vendorinfooutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", vendorinfooutname, strerror(errno)); return; } vendor = getvendor(hashlist->ap); fprintf(fh_info, "%02x%02x%02x\t%s\t[ACCESS POINT]\n", hashlist->ap[0], hashlist->ap[1], hashlist->ap[2], vendor); for(zeiger = hashlist +1; zeiger < hashlist +pmkideapolcount; zeiger++) { if(memcmp((zeiger -1)->ap, zeiger->ap, 3) != 0) { vendor = getvendor(zeiger->ap); fprintf(fh_info, "%02x%02x%02x\t%s\t[ACCESS POINT]\n", zeiger->ap[0], zeiger->ap[1], zeiger->ap[2], vendor); } } fclose(fh_info); } else { vendor = getvendor(hashlist->ap); fprintf(stdout, "%02x%02x%02x\t%s\t[ACCESS POINT]\n", hashlist->ap[0], hashlist->ap[1], hashlist->ap[2], vendor); for(zeiger = hashlist +1; zeiger < hashlist +pmkideapolcount; zeiger++) { if(memcmp((zeiger -1)->ap, zeiger->ap, 3) != 0) { vendor = getvendor(zeiger->ap); fprintf(stdout, "%02x%02x%02x\t%s\t[ACCESS POINT]\n", zeiger->ap[0], zeiger->ap[1], zeiger->ap[2], vendor); } } } return; } /*===========================================================================*/ static void writevendorclientinfofile(char *vendorinfooutname) { static char *vendor; static hashlist_t *zeiger; static FILE *fh_info; qsort(hashlist, pmkideapolcount, HASHLIST_SIZE, sort_hashlist_by_macclient); if(strcmp(vendorinfooutname, "stdout") != 0) { if((fh_info = fopen(vendorinfooutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", vendorinfooutname, strerror(errno)); return; } vendor = getvendor(hashlist->client); fprintf(fh_info, "%02x%02x%02x\t%s\t[CLIENT]\n", hashlist->client[0], hashlist->client[1], hashlist->client[2], vendor); for(zeiger = hashlist +1; zeiger < hashlist +pmkideapolcount; zeiger++) { if(memcmp((zeiger -1)->client, zeiger->client, 3) != 0) { vendor = getvendor(zeiger->client); fprintf(fh_info, "%02x%02x%02x\t%s\t[CLIENT]\n", zeiger->client[0], zeiger->client[1], zeiger->client[2], vendor); } } fclose(fh_info); } else { vendor = getvendor(hashlist->ap); fprintf(stdout, "%02x%02x%02x\t%s\t[CLIENT]\n", hashlist->ap[0], hashlist->ap[1], hashlist->ap[2], vendor); for(zeiger = hashlist +1; zeiger < hashlist +pmkideapolcount; zeiger++) { if(memcmp((zeiger -1)->ap, zeiger->ap, 3) != 0) { vendor = getvendor(zeiger->ap); fprintf(stdout, "%02x%02x%02x\t%s\t[CLIENT]\n", zeiger->ap[0], zeiger->ap[1], zeiger->ap[2], vendor); } } } return; } /*===========================================================================*/ static void writeinfofile(char *infooutname) { static hashlist_t *zeiger; static FILE *fh_info; if(strcmp(infooutname, "stdout") != 0) { if((fh_info = fopen(infooutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", infooutname, strerror(errno)); return; } for(zeiger = hashlist; zeiger < hashlist +pmkideapolcount; zeiger++) writepmkideapolhashlineinfo(fh_info, zeiger); fclose(fh_info); } else { for(zeiger = hashlist; zeiger < hashlist +pmkideapolcount; zeiger++) writepmkideapolhashlineinfo(stdout, zeiger); } return; } /*===========================================================================*/ static uint16_t getfield(char *lineptr, size_t bufflen, uint8_t *buff) { static size_t p; static uint8_t idx0; static uint8_t idx1; static const uint8_t hashmap[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, // 01234567 0x08, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 89:;<=>? 0x00, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00, // @ABCDEFG 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // HIJKLMNO 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // PQRSTUVW 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // XYZ[\]^_ 0x00, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00, // `abcdefg 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // hijklmno }; memset(buff, 0, bufflen); p = 0; while((lineptr[p] != '*') && (lineptr[p] != 0) && (p /2 <= bufflen)) { if(!isxdigit((unsigned char)lineptr[p +0])) return 0; if(!isxdigit((unsigned char)lineptr[p +1])) return 0; if((lineptr[p +1] == '*') || (lineptr[p +1] == 0)) return 0; idx0 = ((uint8_t)lineptr[p +0] &0x1F) ^0x10; idx1 = ((uint8_t)lineptr[p +1] &0x1F) ^0x10; buff[p /2] = (uint8_t)(hashmap[idx0] <<4) | hashmap[idx1]; p += 2; } return p /2; } /*===========================================================================*/ static void removepmkideapol(char *macskipname) { static int len; static int p1, p2; static FILE *fh_maclistin; static long int i, f, r; static int maclistskipcount, maclistskipmax; static maclist_t *maclistskip, *zeiger, *maclistskipnew; static hashlist_t *zeigerhash; static char linein[PMKIDEAPOL_BUFFER_LEN]; maclistskipmax = 1000; if((maclistskip = (maclist_t*)calloc(maclistskipmax, MACLIST_SIZE)) == NULL) return; if((fh_maclistin = fopen(macskipname, "r")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", macskipname, strerror(errno)); return; } zeiger = maclistskip; maclistskipcount = 0; while(1) { if((len = fgetline(fh_maclistin, PMKIDEAPOL_BUFFER_LEN, linein)) == -1) break; if(len < 12) continue; if(len > 17) { p2 = 0; for(p1 = 0; p1 < 17; p1++) { if(isxdigit((unsigned char)linein[p1])) { linein[p2] = linein[p1]; p2++; } } linein[p2] = 0; len = p2; } linein[12] = 0; if(getfield(linein, 6, zeiger->mac) != 6) continue; maclistskipcount++; if(maclistskipcount >= maclistskipmax) { maclistskipmax += 1000; maclistskipnew = (maclist_t*)realloc(maclistskip, maclistskipmax *MACLIST_SIZE); if(maclistskipnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } maclistskip = maclistskipnew; } zeiger = maclistskip +maclistskipcount; } if(fh_maclistin != NULL) fclose(fh_maclistin); qsort(maclistskip, maclistskipcount, MACLIST_SIZE, sort_maclistin); qsort(hashlist, pmkideapolcount, HASHLIST_SIZE, sort_hashlist_by_macap); zeigerhash = hashlist; zeiger = maclistskip; f = 0; r = 0; for(i = 0; i < pmkideapolcount; i++) { f = 0; while(f < maclistskipcount) { if(memcmp((zeigerhash +i)->ap, (zeiger +f)->mac, 6) == 0) { (zeigerhash +i)->type = HS_REMOVED; r++; } if(memcmp((zeiger +f)->mac, (zeigerhash +i)->ap, 6) >= 0) break; f++; } } qsort(hashlist, pmkideapolcount, HASHLIST_SIZE, sort_hashlist_by_type); pmkidcount -= r; qsort(hashlist, pmkideapolcount, HASHLIST_SIZE, sort_hashlist_by_macclient); zeigerhash = hashlist; zeiger = maclistskip; f = 0; r = 0; for(i = 0; i < pmkideapolcount; i++) { if(memcmp((zeigerhash +i)->client, (zeiger +f)->mac, 6) > 0) while(f < maclistskipcount) { if(memcmp((zeiger +f)->mac, (zeigerhash +i)->client, 6) >= 0) break; f++; } if(memcmp((zeigerhash +i)->client, (zeiger +f)->mac, 6) == 0) { (zeigerhash +i)->type = HS_REMOVED; r++; } } qsort(hashlist, pmkideapolcount, HASHLIST_SIZE, sort_hashlist_by_type); pmkidcount -= r; if(maclistskip != NULL) free(maclistskip); return; } /*===========================================================================*/ static void processmacfile(char *maclistinname, char *pmkideapoloutname) { static int len; static int p1, p2; static FILE *fh_maclistin; static FILE *fh_pmkideapol; static struct stat statinfo; static int maclistincount, maclistinmax; static maclist_t *maclistin, *zeiger, *maclistinnew; static hashlist_t *zeigerhash; static int i, o; static char linein[PMKIDEAPOL_BUFFER_LEN]; maclistinmax = 1000; if((maclistin = (maclist_t*)calloc(maclistinmax, MACLIST_SIZE)) == NULL) return; if((fh_maclistin = fopen(maclistinname, "r")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", maclistinname, strerror(errno)); return; } zeiger = maclistin; maclistincount = 0; while(1) { if((len = fgetline(fh_maclistin, PMKIDEAPOL_BUFFER_LEN, linein)) == -1) break; if(len == 17) { p2 = 0; for(p1 = 0; p1 < 17; p1++) { if(isxdigit((unsigned char)linein[p1])) { linein[p2] = linein[p1]; p2++; } } linein[p2] = 0; len = p2; } if(len != 12) continue; if(getfield(linein, 6, zeiger->mac) != 6) continue; maclistincount++; if(maclistincount >= maclistinmax) { maclistinmax += 1000; maclistinnew = (maclist_t*)realloc(maclistin, maclistinmax *MACLIST_SIZE); if(maclistinnew == NULL) { fprintf(stdout, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } maclistin = maclistinnew; } zeiger = maclistin +maclistincount; } if(fh_maclistin != NULL) fclose(fh_maclistin); qsort(maclistin, maclistincount, MACLIST_SIZE, sort_maclistin); if(pmkideapoloutname != NULL) { if((fh_pmkideapol = fopen(pmkideapoloutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", pmkideapoloutname, strerror(errno)); free(maclistin); return; } } qsort(hashlist, pmkideapolcount, HASHLIST_SIZE, sort_hashlist_by_macap); zeiger = maclistin; zeigerhash = hashlist; o = 0; for(i = 0; i < maclistincount; i++) { while(o < pmkideapolcount) { if(memcmp((zeigerhash +o)->ap, (zeiger +i)->mac, 6) > 0) break; if(memcmp((zeigerhash +o)->ap, (zeiger +i)->mac, 6) == 0) writepmkideapolhashline(fh_pmkideapol, zeigerhash +o); o++; } } qsort(hashlist, pmkideapolcount, HASHLIST_SIZE, sort_hashlist_by_macclient); zeiger = maclistin; zeigerhash = hashlist; o = 0; for(i = 0; i < maclistincount; i++) { while(o < pmkideapolcount) { if(memcmp((zeigerhash +o)->client, (zeiger +i)->mac, 6) > 0) break; if(memcmp((zeigerhash +o)->client, (zeiger +i)->mac, 6) == 0) writepmkideapolhashline(fh_pmkideapol, zeigerhash +o); o++; } } if(fh_pmkideapol != NULL) fclose(fh_pmkideapol); if(pmkideapoloutname != NULL) { if(stat(pmkideapoloutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(pmkideapoloutname); } } if(maclistin != NULL) free(maclistin); return; } /*===========================================================================*/ static void processessidfile(char *essidlistinname, char *pmkideapoloutname) { static int len; static int i, o; static FILE *fh_essidlistin; static FILE *fh_pmkideapol; static struct stat statinfo; static int essidlistincount, essidlistinmax; static essidlist_t *essidlistin, *zeiger, *essidlistinnew; static hashlist_t *zeigerhash; static char hexpfx[] = { "$HEX[" }; static char linein[PMKIDEAPOL_BUFFER_LEN]; essidlistinmax = 1000; if((essidlistin = (essidlist_t*)calloc(essidlistinmax, ESSIDLIST_SIZE)) == NULL) return; if((fh_essidlistin = fopen(essidlistinname, "r")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", essidlistinname, strerror(errno)); return; } zeiger = essidlistin; essidlistincount = 0; while(1) { if((len = fgetline(fh_essidlistin, PMKIDEAPOL_BUFFER_LEN, linein)) == -1) break; if((len < 1) || (len > 70)) continue; memset(zeiger->essid, 0, 33); if((len >= 8) && ((len %2) == 0) && (linein[len -1] == ']') && (memcmp(linein, hexpfx, 5) == 0)) { linein[len -1] = 0; zeiger->essidlen = getfield(&linein[5], 32, zeiger->essid); } else if(len <= 32) { zeiger->essidlen = len; memcpy(zeiger->essid, linein, len); } else continue; essidlistincount++; if(essidlistincount >= essidlistinmax) { essidlistinmax += 1000; essidlistinnew = (essidlist_t*)realloc(essidlistin, essidlistinmax *ESSIDLIST_SIZE); if(essidlistinnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } essidlistin = essidlistinnew; } zeiger = essidlistin +essidlistincount; } if(fh_essidlistin != NULL) fclose(fh_essidlistin); qsort(essidlistin, essidlistincount, ESSIDLIST_SIZE, sort_essidlistin); qsort(hashlist, pmkideapolcount, HASHLIST_SIZE, sort_hashlist_by_essidlen); if(pmkideapoloutname == NULL) { if(essidlistin != NULL) free(essidlistin); return; } if((fh_pmkideapol = fopen(pmkideapoloutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", pmkideapoloutname, strerror(errno)); free(essidlistin); return; } zeiger = essidlistin; zeigerhash = hashlist; o = 0; for(i = 0; i < essidlistincount; i++) { while(o < pmkideapolcount) { if((zeigerhash +o)->essidlen < (zeiger +i)->essidlen) { o++; continue; } if((zeigerhash +o)->essidlen > (zeiger +i)->essidlen) break; if((memcmp((zeigerhash +o)->essid, (zeiger +i)->essid, (zeigerhash +o)->essidlen)) > 0) break; if((memcmp((zeigerhash +o)->essid, (zeiger +i)->essid, (zeigerhash +o)->essidlen)) == 0) writepmkideapolhashline(fh_pmkideapol, zeigerhash +o); o++; } } if(fh_pmkideapol != NULL) fclose(fh_pmkideapol); if(pmkideapoloutname != NULL) { if(stat(pmkideapoloutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(pmkideapoloutname); } } if(essidlistin != NULL) free(essidlistin); return; } /*===========================================================================*/ static void readpmkideapolfile(FILE *fh_pmkideapol) { static int len; static int oflen; static uint16_t essidlen; static uint16_t noncelen; static uint16_t eapauthlen; static uint16_t mplen; static hashlist_t *zeiger, *hashlistnew; static const char wpa01[] = { "WPA*01*" }; static const char wpa02[] = { "WPA*02*" }; static char linein[PMKIDEAPOL_LINE_LEN +1]; static uint8_t buffer[PMKIDEAPOL_LINE_LEN +1]; zeiger = hashlist; while(1) { if((len = fgetline(fh_pmkideapol, PMKIDEAPOL_LINE_LEN, linein)) == -1) break; readcount++; if(len < 68) { readerrorcount++; continue; } if((memcmp(&linein, &wpa01, 7) != 0) && (memcmp(&linein, &wpa02, 7) != 0)) { readerrorcount++; continue; } if((linein[39] != '*') && (linein[52] != '*') && (linein[65] != '*')) { readerrorcount++; continue; } if(getfield(&linein[7], PMKIDEAPOL_LINE_LEN, buffer) != 16) { readerrorcount++; continue; } memcpy(zeiger->hash, &buffer, 16); if(getfield(&linein[40], PMKIDEAPOL_LINE_LEN, buffer) != 6) { readerrorcount++; continue; } memcpy(zeiger->ap, &buffer, 6); if(getfield(&linein[53], PMKIDEAPOL_LINE_LEN, buffer) != 6) { readerrorcount++; continue; } memcpy(zeiger->client, &buffer, 6); essidlen = getfield(&linein[66], PMKIDEAPOL_LINE_LEN, buffer); if(essidlen > 32) { readerrorcount++; continue; } memcpy(zeiger->essid, &buffer, essidlen); zeiger->essidlen = essidlen; if(memcmp(&linein, &wpa01, 7) == 0) { zeiger->type = HS_PMKID; pmkidcount++; } else if(memcmp(&linein, &wpa02, 7) == 0) { oflen = 66 +essidlen *2 +1; noncelen = getfield(&linein[oflen], PMKIDEAPOL_LINE_LEN, buffer); if(noncelen > 32) { readerrorcount++; continue; } memcpy(zeiger->nonce, &buffer, 32); oflen += 65; eapauthlen = getfield(&linein[oflen], PMKIDEAPOL_LINE_LEN, buffer); if(eapauthlen > EAPOL_AUTHLEN_MAX +4) { readerrorcount++; continue; } memcpy(zeiger->eapol, &buffer, eapauthlen); zeiger->eapauthlen = eapauthlen; oflen += eapauthlen *2 +1; mplen = getfield(&linein[oflen], PMKIDEAPOL_LINE_LEN, buffer); if(mplen > 1) { readerrorcount++; continue; } zeiger->mp = buffer[0]; zeiger->type = HS_EAPOL; eapolcount++; } else { readerrorcount++; continue; } pmkideapolcount = pmkidcount +eapolcount; if(pmkideapolcount >= hashlistcount) { hashlistcount += HASHLIST_MAX; hashlistnew = (hashlist_t*)realloc(hashlist, hashlistcount *HASHLIST_SIZE); if(hashlistnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } hashlist = hashlistnew; } zeiger = hashlist +pmkideapolcount; } return; } /*===========================================================================*/ static int get_keyinfo(uint16_t kyif) { if(kyif & WPA_KEY_INFO_ACK) { if(kyif & WPA_KEY_INFO_INSTALL) return 3; /* handshake 3 */ else return 1; /* handshake 1 */ } else { if(kyif & WPA_KEY_INFO_SECURE) return 4; /* handshake 4 */ else return 2; /* handshake 2 */ } return 0; } /*===========================================================================*/ static void readhccapxfile(int fd_hccapxin, long int hccapxrecords) { static long int c; static hccapx_t *hccapxptr; static eapauth_t *eapa; static wpakey_t *wpak; static uint8_t keyver; static uint16_t keylen; static hashlist_t *zeiger, *hashlistnew; static uint8_t hccapxblock[HCCAPX_SIZE]; hccapxptr = (hccapx_t*)hccapxblock; zeiger = hashlist; for(c = 0; c < hccapxrecords; c++) { readcount++; if(read(fd_hccapxin, hccapxblock, HCCAPX_SIZE) != HCCAPX_SIZE) { readerrorcount++; continue; } if(hccapxptr->signature != HCCAPX_SIGNATURE) { readerrorcount++; continue; } if((hccapxptr->version != 3) && (hccapxptr->version != 4)) { readerrorcount++; continue; } if((hccapxptr->essid_len == 0) || (hccapxptr->essid_len > ESSID_LEN_MAX)) { readerrorcount++; continue; } wpak = (wpakey_t*)&hccapxptr->eapol[EAPAUTH_SIZE]; if((keyver = ntohs(wpak->keyinfo) & WPA_KEY_INFO_TYPE_MASK) == 0) { readerrorcount++; continue; } if(keyver != hccapxptr->keyver) { readerrorcount++; if(keyver > 3) continue; if(keyver == 0) continue; correctedcount++; } eapa = (eapauth_t*)hccapxptr->eapol; keylen = ntohs(eapa->len) +EAPAUTH_SIZE; if(keylen != hccapxptr->eapol_len) { readerrorcount++; if(keylen > 255) continue; correctedcount++; } memcpy(zeiger->ap, hccapxptr->ap, 6); memcpy(zeiger->client, hccapxptr->client, 6); memcpy(zeiger->essid, hccapxptr->essid, hccapxptr->essid_len); zeiger->essidlen = hccapxptr->essid_len; memcpy(zeiger->hash, hccapxptr->keymic, 16); zeiger->eapauthlen = keylen; memcpy(zeiger->eapol, hccapxptr->eapol, hccapxptr->eapol_len); if(memcmp(hccapxptr->anonce, wpak->nonce, 32) != 0) memcpy(zeiger->nonce, hccapxptr->anonce, 32); else if(memcmp(hccapxptr->snonce, wpak->nonce, 32) != 0) memcpy(zeiger->nonce, hccapxptr->snonce, 32); else { readerrorcount++; continue; } zeiger->type = HS_EAPOL; zeiger->mp = hccapxptr->message_pair; eapolcount++; pmkideapolcount = pmkidcount +eapolcount; if(pmkideapolcount >= hashlistcount) { hashlistcount += HASHLIST_MAX; hashlistnew = (hashlist_t*)realloc(hashlist, hashlistcount *HASHLIST_SIZE); if(hashlistnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } hashlist = hashlistnew; } zeiger = hashlist +pmkideapolcount; } return; } /*===========================================================================*/ static void readhccapfile(int fd_hccapin, long int hccaprecords) { static long int c; uint8_t el; static hccap_t *hccapptr; static eapauth_t *eapa; static wpakey_t *wpak; static uint8_t keyver; static uint16_t keylen; static uint16_t keyinfo = 0; static hashlist_t *zeiger, *hashlistnew; static uint8_t hccapblock[HCCAP_SIZE]; hccapptr = (hccap_t*)hccapblock; zeiger = hashlist; for(c = 0; c < hccaprecords; c++) { readcount++; if(read(fd_hccapin, hccapblock, HCCAP_SIZE) != HCCAP_SIZE) { readerrorcount++; continue; } wpak = (wpakey_t*)&hccapptr->eapol[EAPAUTH_SIZE]; if((keyver = ntohs(wpak->keyinfo) & WPA_KEY_INFO_TYPE_MASK) == 0) { readerrorcount++; continue; } if(keyver != hccapptr->keyver) { readerrorcount++; if(keyver > 3) continue; if(keyver == 0) continue; correctedcount++; } eapa = (eapauth_t*)hccapptr->eapol; keylen = ntohs(eapa->len) +EAPAUTH_SIZE; if(keylen != hccapptr->eapol_size) { readerrorcount++; if(keylen > 255) continue; correctedcount++; continue; } memcpy(zeiger->ap, hccapptr->ap, 6); memcpy(zeiger->client, hccapptr->client, 6); el = 0; while(el < ESSID_LEN_MAX) { if(hccapptr->essid[el] == 0) break; el++; } memcpy(zeiger->essid, hccapptr->essid, el); zeiger->essidlen = el; memcpy(zeiger->hash, hccapptr->keymic, 16); zeiger->eapauthlen = keylen; memcpy(zeiger->eapol, hccapptr->eapol, hccapptr->eapol_size); if(memcmp(hccapptr->anonce, wpak->nonce, 32) != 0) memcpy(zeiger->nonce, hccapptr->anonce, 32); else if(memcmp(hccapptr->snonce, wpak->nonce, 32) != 0) memcpy(zeiger->nonce, hccapptr->snonce, 32); else { readerrorcount++; continue; } zeiger->type = HS_EAPOL; keyinfo = (get_keyinfo(ntohs(wpak->keyinfo))); if(keyinfo == 2) zeiger->mp = 0x80; else if(keyinfo == 4) zeiger->mp = 0x81; else if(keyinfo == 3) zeiger->mp = 0x03; else { readerrorcount++; continue; } eapolcount++; pmkideapolcount = pmkidcount +eapolcount; if(pmkideapolcount >= hashlistcount) { hashlistcount += HASHLIST_MAX; hashlistnew = (hashlist_t*)realloc(hashlist, hashlistcount *HASHLIST_SIZE); if(hashlistnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } hashlist = hashlistnew; } zeiger = hashlist +pmkideapolcount; } return; } /*===========================================================================*/ static bool readbpkdf2file(char *pkdf2inname) { static int len; static char *pskpos; static FILE *fh_pbkdf2; static char linein[PBKDF2_LINE_LEN +1]; if((fh_pbkdf2 = fopen(pkdf2inname, "r")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", pkdf2inname, strerror(errno)); return false; } pbkdf2count = 0; pbkdf2readerrorcount = 0; while(1) { if((len = fgetline(fh_pbkdf2, PBKDF2_LINE_LEN, linein)) == -1) break; if(len < 76) { pbkdf2readerrorcount++; continue; } if(linein[64] != '*') { pbkdf2readerrorcount++; continue; } pskpos = strchr(&linein[65], ':'); if(pskpos == NULL) { pbkdf2readerrorcount++; continue; } pskpos[0] = 0; fprintf(stdout, "%s %s\n", &linein[65], pskpos +1); pbkdf2count++; } fclose(fh_pbkdf2); return true; } /*===========================================================================*/ static void showvendorlist(void) { static ouilist_t *zeiger; fprintf(stdout, "\n"); for(zeiger = ouilist; zeiger < ouilist +ouicount; zeiger++) fprintf(stdout, "%02x%02x%02x %s\n", zeiger->oui[0], zeiger->oui[1], zeiger->oui[2], zeiger->vendor); return; } /*===========================================================================*/ static int isvendor(int len, char *linein) { static int c; static int ret; for(c = 7; c < len; c++) { if(islower((unsigned char)linein[c])) linein[c] = toupper((unsigned char)linein[c]); } ret = 0; if(filtervendorptr != NULL) { if(strstr(&linein[7], filtervendorptr) != NULL) ret |= TYPE_AP + TYPE_CLIENT; } if(filtervendorapptr != NULL) { if(strstr(&linein[7], filtervendorapptr) != NULL) ret |= TYPE_AP; } if(filtervendorclientptr != NULL) { if(strstr(&linein[7], filtervendorclientptr) != NULL) ret |= TYPE_CLIENT; } return ret; } /*===========================================================================*/ static void readoui(void) { static int len; static uid_t uid; static struct passwd *pwd; static struct stat statinfo; static ouilist_t *zeiger, *ouilistnew; static FILE *fh_oui; static char *vendorptr; static const char *ouinameuser = "/.hcxtools/oui.txt"; static const char *ouinamesystemwide = "/usr/share/ieee-data/oui.txt"; static const char *ouina = "N/A"; static char ouinameuserpath[PATH_MAX +1]; static char linein[OUI_LINE_LEN +1]; usedoui = ouina; uid = getuid(); pwd = getpwuid(uid); if(pwd == NULL) return; strncpy(ouinameuserpath, pwd->pw_dir, PATH_MAX -1); strncat(ouinameuserpath, ouinameuser, PATH_MAX -1); if(stat(ouinameuserpath, &statinfo) == 0) usedoui = ouinameuserpath; else if(stat(ouinameuser, &statinfo) == 0) usedoui = ouinamesystemwide; else return; if((fh_oui = fopen(usedoui, "r")) == NULL) return; zeiger = ouilist; while(1) { if((len = fgetline(fh_oui, OUI_LINE_LEN, linein)) == -1) break; if(len < 20) continue; linein[6] = 0; if(getfield(linein, OUI_LINE_LEN, zeiger->oui) != 3) continue; if(strstr(&linein[7], "(base 16)") == NULL) continue; zeiger->type = 0; if((filtervendorptr != NULL) || (filtervendorapptr != NULL) || (filtervendorclientptr != NULL)) { zeiger->type = isvendor(len, linein); if(zeiger->type == 0) continue; } vendorptr = strrchr(&linein[7], '\t'); if(vendorptr == NULL) continue; if(vendorptr++ == 0) continue; strncpy(zeiger->vendor, vendorptr, VENDOR_LEN_MAX -1); ouicount++; if(ouicount >= ouilistcount) { ouilistcount += OUILIST_MAX; ouilistnew = (ouilist_t*)realloc(ouilist, ouilistcount *OUILIST_SIZE); if(ouilistnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } ouilist = ouilistnew; } zeiger = ouilist +ouicount; } fclose(fh_oui); qsort(ouilist, ouicount, OUILIST_SIZE, sort_ouilist_by_oui); return; } /*===========================================================================*/ static void downloadoui(void) { static uid_t uid; static size_t bread; static struct passwd *pwd; static CURLcode ret; static CURL *hnd; static FILE *fhoui; static FILE *fhouitmp; static struct stat statinfo; static const char *ouipath = "/.hcxtools"; static const char *ouiname = "/oui.txt"; static char ouinameuserpath[PATH_MAX]; static char ouibuff[OUIBUFFER_MAX]; uid = getuid(); pwd = getpwuid(uid); if(pwd == NULL) return; strncpy(ouinameuserpath, pwd->pw_dir, PATH_MAX -1); strncat(ouinameuserpath, ouipath, PATH_MAX -1); if(stat(ouinameuserpath, &statinfo) == -1) { if(mkdir(ouinameuserpath, 0755) == -1) { fprintf(stderr, "failed to create conf dir\n"); return; } } strncat(ouinameuserpath, ouiname, PATH_MAX -1); fprintf(stdout, "start downloading oui from https://standards-oui.ieee.org to: %s\n", ouinameuserpath); if((fhouitmp = tmpfile()) == NULL) { fprintf(stderr, "\nfailed to create temporary download file\n"); return; } hnd = curl_easy_init (); curl_easy_setopt(hnd, CURLOPT_URL, "https://standards-oui.ieee.org/oui/oui.txt"); curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 5L); curl_easy_setopt(hnd, CURLOPT_WRITEDATA, fhouitmp) ; curl_easy_setopt(hnd, CURLOPT_NOPROGRESS, 0L); ret = curl_easy_perform(hnd); curl_easy_cleanup(hnd); if(ret != 0) { fprintf(stderr, "\ndownload not successful\n"); return; } rewind(fhouitmp); if((fhoui = fopen(ouinameuserpath, "w")) == NULL) { fprintf(stderr, "\nfailed to create %s\n", ouiname); return; } while (!feof(fhouitmp)) { bread = fread(ouibuff, 1, sizeof(ouibuff), fhouitmp); if(bread > 0) fwrite(ouibuff, 1, bread, fhoui); } fclose(fhoui); fprintf(stdout, "\ndownload finished\n"); return; } /*===========================================================================*/ __attribute__ ((noreturn)) static void version(char *eigenname) { fprintf(stdout, "%s %s (C) %s ZeroBeat\n", eigenname, VERSION_TAG, VERSION_YEAR); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) static void usage(char *eigenname) { fprintf(stdout, "%s %s (C) %s ZeroBeat\n" "usage:\n" "%s \n" "\n" "options:\n" "-i : input PMKID/EAPOL hash file\n" "-o : output PMKID/EAPOL hash file\n" "-E : output ESSID list (autohex enabled)\n" "-E stdout : output ESSID list to stdout (autohex enabled)\n" "-L : output ESSID list (unfiltered and unsorted)\n" " useful in combination with hashcat -a9 option\n" "-d : download https://standards-oui.ieee.org/oui.txt\n" " and save to ~/.hcxtools/oui.txt\n" " internet connection required\n" // "-p : input PBKDF2 file (hashcat potfile 22000 format)\n" "-h : show this help\n" "-v : show version\n" "\n" "--essid-group : convert to ESSID groups in working directory\n" " full advantage of reuse of PBKDF2\n" " not on old hash formats\n" "--oui-group : convert to OUI groups in working directory\n" " not on old hash formats\n" "--mac-group-ap : convert APs to MAC groups in working directory\n" " not on old hash formats\n" "--mac-group-client : convert CLIENTs to MAC groups in working directory\n" " not on old hash formats\n" "--type= : filter by hash type\n" " bitmask:\n" " 1 = PMKID\n" " 2 = EAPOL\n" " default PMKID and EAPOL (1+2=3)\n" "--hcx-min= : disregard hashes with occurrence lower than hcx-min/ESSID\n" "--hcx-max= : disregard hashes with occurrence higher than hcx-max/ESSID\n" "--essid-len : filter by ESSID length\n" " default ESSID length: %d...%d\n" "--essid-min : filter by ESSID minimum length\n" " default ESSID minimum length: %d\n" "--essid-max : filter by ESSID maximum length\n" " default ESSID maximum length: %d\n" "--essid= : filter by ESSID\n" "--essid-part= : filter by part of ESSID (case sensitive)\n" "--essid-partx=: filter by part of ESSID (case insensitive)\n" " locale and wide characters are ignored\n" "--essid-list= : filter by ESSID file\n" "--essid-regex= : filter ESSID by regular expression\n" "--mac-ap= : filter AP by MAC\n" " format: 001122334455, 00:11:22:33:44:55, 00-11-22-33-44-55 (hex)\n" "--mac-client= : filter CLIENT by MAC\n" " format: 001122334455, 00:11:22:33:44:55, 00-11-22-33-44-55 (hex)\n" "--mac-list= : filter by MAC file\n" " format: 001122334455, 00:11:22:33:44:55, 00-11-22-33-44-55 (hex)\n" "--mac-skiplist= : exclude MAC from file\n" " format: 001122334455, 00:11:22:33:44:55, 00-11-22-33-44-55 (hex)\n" "--oui-ap= : filter AP by OUI\n" " format: 001122, 00:11:22, 00-11-22 (hex)\n" "--oui-client= : filter CLIENT by OUI\n" " format: 001122, 00:11:22, 00-11-22 (hex)\n" "--vendor= : filter AP or CLIENT by (part of) VENDOR name\n" "--vendor-ap= : filter AP by (part of) VENDOR name\n" "--vendor-client= : filter CLIENT by (part of) VENDOR name\n", eigenname, VERSION_TAG, VERSION_YEAR, eigenname, ESSID_LEN_MIN, ESSID_LEN_MAX, ESSID_LEN_MIN, ESSID_LEN_MAX); fprintf(stdout, "--authorized : filter EAPOL pairs by status authorized (M2M3, M3M4, M1M4)\n" "--challenge : filter EAPOL pairs by status CHALLENGE (M1M2, M1M2ROGUE)\n" "--rc : filter EAPOL pairs by replaycount status checked\n" "--rc-not : filter EAPOL pairs by replaycount status not checked\n" "--apless : filter EAPOL pairs by status M1M2ROGUE (M2 requested from CLIENT)\n" "--info= : output detailed information about content of hash file\n" " no filter options available\n" "--info=stdout : stdout output detailed information about content of hash file\n" " no filter options available\n" "--info-vendor= : output detailed information about ACCESS POINT and CLIENT VENDORs\n" " no filter options available\n" "--info-vendor-ap= : output detailed information about ACCESS POINT VENDORs\n" " no filter options available\n" "--info-vendor-client= : output detailed information about CLIENT VENDORs\n" " no filter options available\n" "--info-vendor=stdout : stdout output detailed information about ACCESS POINT and CLIENT VENDORs\n" " no filter options available\n" "--info-vendor-ap=stdout : stdout output detailed information about ACCESS POINT VENDORs\n" " no filter options available\n" "--info-vendor-client=stdout : stdout output detailed information about CLIENT VENDORs\n" " no filter options available\n" "--psk= : pre-shared key to test\n" " due to PBKDF2 calculation this is a very slow process\n" " no nonce error corrections\n" "--pmk= : plain master key to test\n" " no nonce error corrections\n" "--hccapx-in= : input deprecated hccapx file\n" " MESSSAGEPAIR is taken from the hccapx source\n" "--hccapx-out= : output to deprecated hccapx file\n" "--hccap-in= : input ancient hccap file\n" "--hccap-out= : output to ancient hccap file\n" " MESSSAGEPAIR is calculated from the EAPOL MESSAGE\n" " due to missing information, the worst case value is calculated\n" "--hccap-single : output to ancient hccap single files (MAC + count)\n" "--john= : output to deprecated john file\n" "--vendorlist : stdout output complete OUI list sorted by OUI\n" "--help : show this help\n" "--version : show version\n" "\n" "Important notice:\n" "%s does not do NONCE ERROR CORRECTIONS\n" "in case of a packet loss, you get a wrong PTK\n", eigenname); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) static void usageerror(char *eigenname) { fprintf(stdout, "%s %s (C) %s by ZeroBeat\n" "usage: %s -h for help\n", eigenname, VERSION_TAG, VERSION_YEAR, eigenname); exit(EXIT_FAILURE); } /*===========================================================================*/ int main(int argc, char *argv[]) { static int auswahl; static int index; static int l; static int lcmin; static int lcmax; static int p1, p2; static int hashtypein; static int essidlenin; static FILE *fh_pmkideapol; static int fd_hccapxin; static int fd_hccapin; static char *pbkdf2inname; static char *pmkideapolinname; static char *pmkideapoloutname; static char *essidoutname; static char *essidrawoutname; static char *essidinname; static char *macinname; static char *macskipname; static char *hccapxinname; static char *hccapxoutname; static char *hccapinname; static char *hccapoutname; static char *johnoutname; static char *infooutname; static char *infovendoroutname; static char *infovendorapoutname; static char *infovendorclientoutname; static char *ouiinstring; static char *macinstring; static char *pmkinstring; static struct stat statinfo; static const char *short_options = "i:o:E:L:dp:hv"; static const struct option long_options[] = { {"type", required_argument, NULL, HCX_HASH_TYPE}, {"hcx-min", required_argument, NULL, HCX_HASH_MIN}, {"hcx-max", required_argument, NULL, HCX_HASH_MAX}, {"essid-min", required_argument, NULL, HCX_ESSID_MIN}, {"essid-group", no_argument, NULL, HCX_ESSID_GROUP}, {"essid-len", required_argument, NULL, HCX_ESSID_LEN}, {"essid-min", required_argument, NULL, HCX_ESSID_MIN}, {"essid-max", required_argument, NULL, HCX_ESSID_MAX}, {"essid", required_argument, NULL, HCX_FILTER_ESSID}, {"essid-part", required_argument, NULL, HCX_FILTER_ESSID_PART}, {"essid-partx", required_argument, NULL, HCX_FILTER_ESSID_PARTX}, {"essid-list", required_argument, NULL, HCX_FILTER_ESSID_LIST_IN}, {"essid-regex", required_argument, NULL, HCX_FILTER_ESSID_REGEX}, {"mac-ap", required_argument, NULL, HCX_FILTER_MAC_AP}, {"mac-client", required_argument, NULL, HCX_FILTER_MAC_CLIENT}, {"mac-list", required_argument, NULL, HCX_FILTER_MAC_LIST_IN}, {"mac-skiplist", required_argument, NULL, HCX_FILTER_MAC_LIST_SKIP}, {"mac-group-ap", no_argument, NULL, HCX_MAC_GROUP_AP}, {"mac-group-client", no_argument, NULL, HCX_MAC_GROUP_CLIENT}, {"oui-group", no_argument, NULL, HCX_OUI_GROUP}, {"oui-ap", required_argument, NULL, HCX_FILTER_OUI_AP}, {"oui-client", required_argument, NULL, HCX_FILTER_OUI_CLIENT}, {"vendor", required_argument, NULL, HCX_FILTER_VENDOR}, {"vendor-ap", required_argument, NULL, HCX_FILTER_VENDOR_AP}, {"vendor-client", required_argument, NULL, HCX_FILTER_VENDOR_CLIENT}, {"rc", no_argument, NULL, HCX_FILTER_RC}, {"rc-not", no_argument, NULL, HCX_FILTER_RC_NOT}, {"authorized", no_argument, NULL, HCX_FILTER_M12}, {"challenge", no_argument, NULL, HCX_FILTER_M1234}, {"apless", no_argument, NULL, HCX_FILTER_M1M2ROGUE}, {"psk", required_argument, NULL, HCX_PSK}, {"pmk", required_argument, NULL, HCX_PMK}, {"info", required_argument, NULL, HCX_INFO_OUT}, {"info-vendor", required_argument, NULL, HCX_INFO_VENDOR_OUT}, {"info-vendor-ap", required_argument, NULL, HCX_INFO_VENDOR_AP_OUT}, {"info-vendor-client", required_argument, NULL, HCX_INFO_VENDOR_CLIENT_OUT}, {"hccapx-in", required_argument, NULL, HCX_HCCAPX_IN}, {"hccapx-out", required_argument, NULL, HCX_HCCAPX_OUT}, {"hccap-in", required_argument, NULL, HCX_HCCAP_IN}, {"hccap-out", required_argument, NULL, HCX_HCCAP_OUT}, {"hccap-single", no_argument, NULL, HCX_HCCAP_SINGLE_OUT}, {"john", required_argument, NULL, HCX_JOHN_OUT}, {"vendorlist", no_argument, NULL, HCX_VENDOR_OUT}, {"version", no_argument, NULL, HCX_VERSION}, {"help", no_argument, NULL, HCX_HELP}, {NULL, 0, NULL, 0} }; auswahl = -1; index = 0; optind = 1; optopt = 0; pbkdf2inname = NULL; fh_pmkideapol = NULL; pmkideapolinname = NULL; pmkideapoloutname = NULL; essidoutname = NULL; essidrawoutname = NULL; essidinname = NULL; macinname = NULL; macskipname = NULL; infooutname = NULL; infovendoroutname = NULL; infovendorapoutname = NULL; infovendorclientoutname = NULL; hccapxinname = NULL; hccapxoutname = NULL; hccapinname = NULL; hccapoutname = NULL; johnoutname = NULL; ouiinstring = NULL; macinstring = NULL; pmkinstring = NULL; filteressidptr = NULL; filteressidpartptr = NULL; filteressidregexptr = NULL; filtervendorptr = NULL; filtervendorapptr = NULL; filtervendorclientptr = NULL; fd_hccapxin = 0; fd_hccapin = 0; flagfiltermacap = false; flagfiltermacclient = false; flagfilterouiap = false; flagfilterouiclient = false; flagfilterauthorized = false; flagfilterchallenge = false; flagfilterrcchecked = false; flagfilterrcnotchecked = false; flagfilterapless = false; flagpsk = false; flagpmk = false; flagessidgroup = false; flagmacapgroup = false; flagmacclientgroup = false; flagouigroup = false; flagvendorout = false; flaghccapsingleout = false; caseflag = false; hashtypein = 0; hashtype = HCX_TYPE_PMKID | HCX_TYPE_EAPOL; essidlenin = ESSID_LEN_MAX; essidlen = ESSID_LEN_MAX; essidlenmin = ESSID_LEN_MIN; essidlenmax = ESSID_LEN_MAX; lcmin = 0; lcmax = 0; statusflag = true; while((auswahl = getopt_long (argc, argv, short_options, long_options, &index)) != -1) { switch (auswahl) { case HCX_PMKIDEAPOL_IN: if((hccapxinname != NULL) || (hccapinname != NULL)) { fprintf(stderr, "only one input hash format is allowed\n"); exit(EXIT_FAILURE); } pmkideapolinname = optarg; break; case HCX_PMKIDEAPOL_OUT: pmkideapoloutname = optarg; break; case HCX_ESSID_OUT: essidoutname = optarg; break; case HCX_ESSID_RAW_OUT: essidrawoutname = optarg; break; case HCX_VENDOR_OUT: flagvendorout = true; break; case HCX_INFO_OUT: infooutname = optarg; break; case HCX_INFO_VENDOR_OUT: infovendoroutname = optarg; break; case HCX_INFO_VENDOR_AP_OUT: infovendorapoutname = optarg; break; case HCX_INFO_VENDOR_CLIENT_OUT: infovendorclientoutname = optarg; break; case HCX_ESSID_GROUP: flagessidgroup = true; break; case HCX_HASH_TYPE: hashtypein |= strtol(optarg, NULL, 10); if((hashtypein < HCX_TYPE_PMKID) || (hashtypein > (HCX_TYPE_PMKID + HCX_TYPE_EAPOL))) { fprintf(stderr, "only hash types 1 and 2 allowed (values 1, 2 or 3)\n"); exit(EXIT_FAILURE); } break; case HCX_ESSID_LEN: essidlenin = strtol(optarg, NULL, 10); if((essidlenin < 0) || (essidlenin > ESSID_LEN_MAX)) { fprintf(stderr, "only values 0...32 allowed\n"); exit(EXIT_FAILURE); } essidlenmin = essidlenin; essidlenmax = essidlenin; break; case HCX_ESSID_MIN: essidlenin = strtol(optarg, NULL, 10); if((essidlenin < 0) || (essidlenin > ESSID_LEN_MAX)) { fprintf(stderr, "only values 0...32 allowed\n"); exit(EXIT_FAILURE); } essidlenmin = essidlenin; break; case HCX_ESSID_MAX: essidlenin = strtol(optarg, NULL, 10); if((essidlenin < 0) || (essidlenin > ESSID_LEN_MAX)) { fprintf(stderr, "only values 0...32 allowed\n"); exit(EXIT_FAILURE); } essidlenmax = essidlenin; break; case HCX_FILTER_ESSID: filteressidptr = optarg; filteressidlen = strlen(filteressidptr); if((filteressidlen < 1) || (filteressidlen > ESSID_LEN_MAX)) { fprintf(stderr, "only values 0...32 allowed\n"); exit(EXIT_FAILURE); } break; case HCX_FILTER_ESSID_PART: filteressidpartptr = optarg; filteressidpartlen = strlen(filteressidpartptr); if((filteressidpartlen < 1) || (filteressidpartlen > ESSID_LEN_MAX)) { fprintf(stderr, "only values 0...32 allowed\n"); exit(EXIT_FAILURE); } caseflag = false; break; case HCX_FILTER_ESSID_PARTX: filteressidpartptr = optarg; filteressidpartlen = strlen(filteressidpartptr); if((filteressidpartlen < 1) || (filteressidpartlen > ESSID_LEN_MAX)) { fprintf(stderr, "only values 0...32 allowed\n"); exit(EXIT_FAILURE); } caseflag = true; break; case HCX_FILTER_ESSID_LIST_IN: essidinname = optarg; break; case HCX_FILTER_ESSID_REGEX: filteressidregexptr = optarg; p1 = regcomp(&essidregex, filteressidregexptr, REG_EXTENDED); if(p1) { fprintf(stderr, "Could not compile regex\n"); exit(EXIT_FAILURE); } break; case HCX_HASH_MIN: lcmin = strtol(optarg, NULL, 10); break; case HCX_HASH_MAX: lcmax = strtol(optarg, NULL, 10); break; case HCX_MAC_GROUP_AP: flagmacapgroup = true; break; case HCX_MAC_GROUP_CLIENT: flagmacclientgroup = true; break; case HCX_OUI_GROUP: flagouigroup = true; break; case HCX_FILTER_OUI_AP: l= strlen(optarg); p2 = 0; for(p1 = 0; p1 < l; p1++) { if(isxdigit((unsigned char)optarg[p1])) { optarg[p2] = optarg[p1]; p2++; } } optarg[6] = 0; ouiinstring = optarg; if(getfield(ouiinstring, 3, filterouiap) != 3) { fprintf(stderr, "wrong OUI format\n"); exit(EXIT_FAILURE); } flagfilterouiap = true; break; case HCX_FILTER_MAC_AP: l= strlen(optarg); p2 = 0; for(p1 = 0; p1 < l; p1++) { if(isxdigit((unsigned char)optarg[p1])) { optarg[p2] = optarg[p1]; p2++; } } optarg[12] = 0; macinstring = optarg; if(getfield(macinstring, 6, filtermacap) != 6) { fprintf(stderr, "wrong MAC format $\n"); exit(EXIT_FAILURE); } flagfiltermacap = true; break; case HCX_FILTER_MAC_CLIENT: l= strlen(optarg); p2 = 0; for(p1 = 0; p1 < l; p1++) { if(isxdigit((unsigned char)optarg[p1])) { optarg[p2] = optarg[p1]; p2++; } } optarg[12] = 0; macinstring = optarg; if(getfield(macinstring, 6, filtermacclient) != 6) { fprintf(stderr, "wrong MAC format\n"); exit(EXIT_FAILURE); } flagfiltermacclient = true; break; case HCX_FILTER_MAC_LIST_IN: macinname = optarg; break; case HCX_FILTER_MAC_LIST_SKIP: macskipname = optarg; break; case HCX_FILTER_OUI_CLIENT: l= strlen(optarg); p2 = 0; for(p1 = 0; p1 < l; p1++) { if(isxdigit((unsigned char)optarg[p1])) { optarg[p2] = optarg[p1]; p2++; } } optarg[6] = 0; ouiinstring = optarg; if(getfield(ouiinstring, 3, filterouiclient) != 3) { fprintf(stderr, "wrong OUI format\n"); exit(EXIT_FAILURE); } flagfilterouiclient = true; break; case HCX_FILTER_VENDOR: filtervendorptr = optarg; l = strlen(filtervendorptr); if(l < 3) { fprintf(stderr, "at least three characters of the VENDOR name are mandatory\n"); exit(EXIT_FAILURE); } for(p1 = 0; p1 < l; p1++) { if(islower((unsigned char)filtervendorptr[p1])) filtervendorptr[p1] = toupper((unsigned char)filtervendorptr[p1]); } break; case HCX_FILTER_VENDOR_AP: filtervendorapptr = optarg; l = strlen(filtervendorapptr); if(l < 3) { fprintf(stderr, "at least three characters of the VENDOR name are mandatory\n"); exit(EXIT_FAILURE); } for(p1 = 0; p1 < l; p1++) { if(islower((unsigned char)filtervendorapptr[p1])) filtervendorapptr[p1] = toupper((unsigned char)filtervendorapptr[p1]); } break; case HCX_FILTER_VENDOR_CLIENT: filtervendorclientptr = optarg; l = strlen(filtervendorclientptr); if(l < 3) { fprintf(stderr, "at least three characters of the VENDOR name are mandatory\n"); exit(EXIT_FAILURE); } for(p1 = 0; p1 < l; p1++) { if(islower((unsigned char)filtervendorclientptr[p1])) filtervendorclientptr[p1] = toupper((unsigned char)filtervendorclientptr[p1]); } break; case HCX_FILTER_RC: flagfilterrcchecked = true; break; case HCX_FILTER_RC_NOT: flagfilterrcnotchecked = true; break; case HCX_FILTER_M12: flagfilterauthorized = true; break; case HCX_FILTER_M1234: flagfilterchallenge = true; break; case HCX_FILTER_M1M2ROGUE: flagfilterapless = true; break; case HCX_PSK: pskptr = optarg; pskptrlen = strlen(pskptr); if((pskptrlen < 0) || (pskptrlen > 63)) { fprintf(stderr, "only 0...63 characters allowed\n"); exit(EXIT_FAILURE); } flagpsk = true; break; case HCX_PMK: pmkinstring = optarg; if(getfield(pmkinstring, 32, pmk) != 32) { fprintf(stderr, "wrong PMK length\n"); exit(EXIT_FAILURE); } flagpmk = true; break; case HCX_DOWNLOAD_OUI: downloadoui(); break; case HCX_PBKDF2_IN: // pbkdf2inname = optarg; break; case HCX_HCCAPX_IN: if((pmkideapolinname != NULL) || (hccapinname != NULL)) { fprintf(stderr, "only one input hash format is allowed\n"); exit(EXIT_FAILURE); } hccapxinname = optarg; break; case HCX_HCCAP_IN: if((pmkideapolinname != NULL) || (hccapxinname != NULL)) { fprintf(stderr, "only one input hash format is allowed\n"); exit(EXIT_FAILURE); } hccapinname = optarg; break; case HCX_HCCAPX_OUT: hccapxoutname = optarg; break; case HCX_HCCAP_OUT: hccapoutname = optarg; break; case HCX_HCCAP_SINGLE_OUT: flaghccapsingleout = true; break; case HCX_JOHN_OUT: johnoutname = optarg; break; case HCX_HELP: usage(basename(argv[0])); break; case HCX_VERSION: version(basename(argv[0])); break; case '?': usageerror(basename(argv[0])); break; } } if(essidlenmin > essidlenmax) { fprintf(stderr, "minimum ESSID length is > maximum ESSID length\n"); exit(EXIT_FAILURE); } if(argc < 2) { fprintf(stderr, "no option selected\n"); return EXIT_SUCCESS; } if(initlists() == false) exit(EXIT_FAILURE); if(pbkdf2inname != NULL) readbpkdf2file(pbkdf2inname); if((infooutname != NULL) || (infovendoroutname != NULL) || (infovendorapoutname != NULL) || (infovendorclientoutname != NULL)) { filtervendorptr = NULL; filtervendorapptr = NULL; filtervendorclientptr = NULL; } readoui(); if((ouicount > 0) && (flagvendorout == true)) { showvendorlist(); printstatus(); closelists(); return EXIT_SUCCESS; } if(pmkideapolinname != NULL) { if((fh_pmkideapol = fopen(pmkideapolinname, "r")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", pmkideapolinname, strerror(errno)); closelists(); exit(EXIT_FAILURE); } readpmkideapolfile(fh_pmkideapol); } if(hccapxinname != NULL) { if(stat(hccapxinname, &statinfo) != 0) { fprintf(stderr, "can't stat %s\n", hccapxinname); closelists(); exit(EXIT_FAILURE); } if((statinfo.st_size %HCCAPX_SIZE) != 0) { fprintf(stderr, "file is corrupt\n"); closelists(); exit(EXIT_FAILURE); } if((fd_hccapxin = open(hccapxinname, O_RDONLY)) == -1) { fprintf(stdout, "error opening file %s: %s\n", hccapxinname, strerror(errno)); closelists(); exit(EXIT_FAILURE); } readhccapxfile(fd_hccapxin, statinfo.st_size / HCCAPX_SIZE); } if(hccapinname != NULL) { if(stat(hccapinname, &statinfo) != 0) { fprintf(stderr, "can't stat %s\n", hccapinname); closelists(); exit(EXIT_FAILURE); } if((statinfo.st_size %HCCAP_SIZE) != 0) { fprintf(stderr, "file is corrupt\n"); closelists(); exit(EXIT_FAILURE); } if((fd_hccapin = open(hccapinname, O_RDONLY)) == -1) { fprintf(stdout, "error opening file %s: %s\n", hccapinname, strerror(errno)); closelists(); exit(EXIT_FAILURE); } readhccapfile(fd_hccapin, statinfo.st_size / HCCAP_SIZE); } if(pmkideapolcount == 0) { fprintf(stdout, "no hashes loaded\n"); if(fh_pmkideapol != NULL) fclose(fh_pmkideapol); closelists(); return EXIT_SUCCESS; } if(essidrawoutname != 0) processessidraw(essidrawoutname); if(infooutname != NULL) { writeinfofile(infooutname); if(fh_pmkideapol != NULL) fclose(fh_pmkideapol); closelists(); return EXIT_SUCCESS; } if(infovendoroutname != NULL) { writevendorapinfofile(infovendoroutname); writevendorclientinfofile(infovendoroutname); if(fh_pmkideapol != NULL) fclose(fh_pmkideapol); closelists(); return EXIT_SUCCESS; } else if(infovendorapoutname != NULL) { writevendorapinfofile(infovendorapoutname); if(fh_pmkideapol != NULL) fclose(fh_pmkideapol); closelists(); return EXIT_SUCCESS; } else if(infovendorclientoutname != NULL) { writevendorclientinfofile(infovendorclientoutname); if(fh_pmkideapol != NULL) fclose(fh_pmkideapol); closelists(); return EXIT_SUCCESS; } if(macskipname != NULL) removepmkideapol(macskipname); if(hashtypein > 0) hashtype = hashtypein; if(essidoutname != NULL) processessid(essidoutname); if((pmkideapoloutname != NULL) && (essidinname == NULL)) { if((lcmin == 0) && (lcmax == 0)) writeeapolpmkidfile(pmkideapoloutname); else writelceapolpmkidfile(pmkideapoloutname, lcmin, lcmax); } if(flagessidgroup == true) writeeapolpmkidessidgroups(); if(flagmacapgroup == true) writeeapolpmkidmacapgroups(); if(flagmacclientgroup == true) writeeapolpmkidmacclientgroups(); if(flagouigroup == true) writeeapolpmkidouigroups(); if(flagpsk == true) testhashfilepsk(); if(flagpmk == true) testhashfilepmk(); if(hccapxoutname != NULL) writehccapxfile(hccapxoutname); if(hccapoutname != NULL) writehccapfile(hccapoutname); if(flaghccapsingleout == true) writehccapsinglefile(); if(johnoutname != NULL) writejohnfile(johnoutname); if((pmkideapoloutname != NULL) && (essidinname != NULL)) processessidfile(essidinname, pmkideapoloutname); if(macinname != NULL) processmacfile(macinname, pmkideapoloutname); if(statusflag == true) printstatus(); if(fh_pmkideapol != NULL) fclose(fh_pmkideapol); if(fd_hccapxin != 0) close(fd_hccapxin); closelists(); return EXIT_SUCCESS; } /*===========================================================================*/ hcxtools-6.3.5/hcxpcapngtool.c000066400000000000000000007657341471436210700164400ustar00rootroot00000000000000#define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #if defined (__APPLE__) || defined(__OpenBSD__) #include #endif #ifdef _WIN32 #include #else #include #endif #include #include #include #include #include #include #if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ #define BIG_ENDIAN_HOST #endif #include "include/hcxpcapngtool.h" #include "include/ieee80211.c" #include "include/strings.c" #include "include/byteops.c" #include "include/fileops.c" #include "include/hashops.c" #include "include/pcap.c" #ifdef WANTZLIB #include "include/gzops.c" #endif /*===========================================================================*/ struct hccap_s { char essid[36]; unsigned char ap[6]; unsigned char client[6]; unsigned char snonce[32]; unsigned char anonce[32]; unsigned char eapol[256]; int eapol_size; int keyver; unsigned char keymic[16]; }; typedef struct hccap_s hccap_t; #define HCCAP_SIZE (sizeof(hccap_t)) /*===========================================================================*/ struct hccapx_s { uint32_t signature; #define HCCAPX_SIGNATURE 0x58504348 uint32_t version; #define HCCAPX_VERSION 4 uint8_t message_pair; uint8_t essid_len; uint8_t essid[32]; uint8_t keyver; uint8_t keymic[16]; uint8_t ap[6]; uint8_t anonce[32]; uint8_t client[6]; uint8_t snonce[32]; uint16_t eapol_len; uint8_t eapol[256]; } __attribute__((packed)); typedef struct hccapx_s hccapx_t; #define HCCAPX_SIZE (sizeof(hccapx_t)) /*===========================================================================*/ /*===========================================================================*/ /* global var */ static EVP_MAC *hmac; static EVP_MAC *cmac; static EVP_MAC_CTX *ctxhmac; static EVP_MAC_CTX *ctxcmac; static OSSL_PARAM paramsmd5[3]; static OSSL_PARAM paramssha1[3]; static OSSL_PARAM paramssha256[3]; static OSSL_PARAM paramsaes128[3]; static size_t magicblockcount; static maclist_t *aplist, *aplistptr; static messagelist_t *messagelist; static handshakelist_t *handshakelist, *handshakelistptr; static pmkidlist_t *pmkidlist, *pmkidlistptr; static eapmd5msglist_t *eapmd5msglist; static eapmd5hashlist_t *eapmd5hashlist, *eapmd5hashlistptr; static eapleaphashlist_t *eapleaphashlist, *eapleaphashlistptr; static eapleapmsglist_t *eapleapmsglist; static eapmschapv2hashlist_t *eapmschapv2hashlist, *eapmschapv2hashlistptr; static eapmschapv2msglist_t *eapmschapv2msglist; static tacacsplist_t *tacacsplist, *tacacsplistptr; static char *jtrbasenamedeprecated; static FILE *fh_pmkideapol; static FILE *fh_pmkideapolclient; static FILE *fh_eapmd5; static FILE *fh_eapmd5john; static FILE *fh_eapleap; static FILE *fh_tacacsp; static FILE *fh_essid; static FILE *fh_essidproberequest; static FILE *fh_deviceinfo; static FILE *fh_identity; static FILE *fh_username; static FILE *fh_nmea; static FILE *fh_csv; static FILE *fh_raw_out; static FILE *fh_lts; static FILE *fh_log; static FILE *fh_pmkideapoljtrdeprecated; static FILE *fh_pmkiddeprecated; static FILE *fh_hccapxdeprecated; static FILE *fh_hccapdeprecated; static int maclistmax; static int handshakelistmax; static int pmkidlistmax; static int eapmd5hashlistmax; static int eapleaphashlistmax; static int eapmschapv2hashlistmax; static int tacacsplistmax; static int fd_pcap; static int gzipstat; static int pcapngstat; static int capstat; static int endianness; static uint16_t versionmajor; static uint16_t versionminor; static int opensslversionmajor; static int opensslversionminor; static uint32_t iface; static uint32_t dltlinktype[MAX_INTERFACE_ID +1]; static uint32_t timeresolval[MAX_INTERFACE_ID +1]; static long int radiotaperrorcount; static long int nmeacount; static long int nmeaerrorcount; static long int rawpacketcount; static long int pcapreaderrors; static long int skippedpacketcount; static long int zeroedtimestampcount; static long int fcsframecount; static long int fcsgoodframecount; static long int fcsbadframecount; static long int band24count; static long int band5count; static long int band6count; static long int wdscount; static long int actioncount; static long int actionessidcount; static long int awdlcount; static long int beaconcount; static long int beaconssidunsetcount; static long int beaconssidzeroedcount; static long int beaconssidoversizedcount; static long int beaconhcxcount; static long int beaconerrorcount; static long int broadcastmacerrorcount; static long int pagcount; static long int proberesponsecount; static long int proberesponsessidunsetcount; static long int proberesponsessidzeroedcount; static long int proberequestundirectedcount; static long int proberequestdirectedcount; static long int mgtreservedcount; static long int deauthenticationcount; static long int disassociationcount; static long int authenticationcount; static long int authopensystemcount; static long int authseacount; static long int authsharedkeycount; static long int authfbtcount; static long int authfilscount; static long int authfilspfs; static long int authfilspkcount; static long int authnetworkeapcount; static long int authunknowncount; static long int associationrequestcount; static long int associationrequestpskcount; static long int associationrequestftpskcount; static long int associationrequestpsk256count; static long int associationrequestsae256count; static long int associationrequestsae384bcount; static long int associationrequestowecount; static long int reassociationrequestcount; static long int reassociationrequestpskcount; static long int reassociationrequestftpskcount; static long int reassociationrequestpsk256count; static long int reassociationrequestsae256count; static long int reassociationrequestsae384bcount; static long int reassociationrequestowecount; static long int ipv4count; static long int icmp4count; static long int ipv6count; static long int icmp6count; static long int tcpcount; static long int udpcount; static long int grecount; static long int protochapcount; static long int protochapreqcount; static long int protochaprespcount; static long int protochapsuccesscount; static long int protopapcount; static long int tacacspcount; static long int tacacsp2count; static long int tacacsp3count; static long int tacacspwrittencount; static long int wepenccount; static long int wpaenccount; static long int eapcount; static long int eapsimcount; static long int eapakacount; static long int eappeapcount; static long int eapmd5count; static long int eapmd5hashcount; static long int eapleapcount; static long int eapleaphashcount; static long int eapmschapv2count; static long int eapmschapv2hashcount; static long int eaptlscount; static long int eapexpandedcount; static long int eapidcount; static long int eapcodereqcount; static long int eapcoderespcount; static long int radiusrequestcount; static long int radiuschallengecount; static long int radiusacceptcount; static long int radiusrejectcount; static long int zeroedpmkidpskcount; static long int zeroedpmkidpmkcount; static long int zeroedeapolpskcount; static long int zeroedeapolpmkcount; static long int pmkidcount; static long int pmkidbestcount; static long int pmkidroguecount; static long int pmkiduselesscount; static long int pmkidfaultycount; static long int pmkidakmcount; static long int pmkidwrittenhcount; static long int pmkidclientwrittenhcount; static long int pmkidwrittenjcountdeprecated; static long int pmkidwrittencountdeprecated; static long int eapolrc4count; static long int eapolrsncount; static long int eapolwpacount; static long int eapolmsgcount; static long int eapolrelayedcount; static long int eapolnccount; static long int eapolmsgerrorcount; static long int eapolmsgtimestamperrorcount; static long int eapolmpcount; static long int eapolmpbestcount; static long int eapolm1count; static long int eapolm1kdv0count; static long int eapolm1ancount; static long int eapolm1errorcount; static long int eapolm2count; static long int eapolm2oversizedcount; static long int eapolm2kdv0count; static long int eapolm2ftpskcount; static long int eapolm2errorcount; static long int eapolm3count; static long int eapolm3oversizedcount; static long int eapolm3kdv0count; static long int eapolm3errorcount; static long int eapolm4count; static long int eapolm4oversizedcount; static long int eapolm4zeroedcount; static long int eapolm4kdv0count; static long int eapolm4errorcount; static long int eapolwrittencount; static long int eapolncwrittencount; static long int eapolaplesscount; static long int eapolwrittenjcountdeprecated; static long int eapolwrittenhcpxcountdeprecated; static long int eapolncwrittenhcpxcountdeprecated; static long int eapolwrittenhcpcountdeprecated; static long int eapolm12e2count; static long int eapolm14e4count; static long int eapolm32e2count; static long int eapolm32e3count; static long int eapolm34e3count; static long int eapolm34e4count; static long int eapmd5writtencount; static long int eapmd5johnwrittencount; static long int eapleapwrittencount; static long int eapmschapv2writtencount; static long int identitycount; static long int usernamecount; static uint64_t rcgapmax; static long int taglenerrorcount; static long int essidcount; static long int essiderrorcount; static long int deviceinfocount; static long int sequenceerrorcount; static long int essiddupemax; static long int malformedcount; static uint64_t timestampstart; static uint64_t timestampmin; static uint64_t timestampmax; static uint64_t timestampdiff; static uint64_t eaptimegapmax; static uint64_t captimestampold; static uint64_t eapoltimeoutvalue; static uint64_t ncvalue; static int essidsvalue; static uint16_t frequency; static int nmealen; static bool addtimestampflag; static bool ignoreieflag; static bool donotcleanflag; static bool ancientdumpfileformat; static bool radiotappresent; static bool ieee80211flag; static const uint8_t fakenonce1[] = { 0x07, 0xbc, 0x92, 0xea, 0x2f, 0x5a, 0x1e, 0xe2, 0x54, 0xf6, 0xb1, 0xb7, 0xe0, 0xaa, 0xd3, 0x53, 0xf4, 0x5b, 0x0a, 0xac, 0xf9, 0xc9, 0x90, 0x2f, 0x90, 0xd8, 0x78, 0x80, 0xb7, 0x03, 0x0a, 0x20 }; static const uint8_t fakenonce2[] = { 0x95, 0x30, 0xd1, 0xc7, 0xc3, 0x55, 0xb9, 0xab, 0xe6, 0x83, 0xd6, 0xf3, 0x7e, 0xcb, 0x78, 0x02, 0x75, 0x1f, 0x53, 0xcc, 0xb5, 0x81, 0xd1, 0x52, 0x3b, 0xb4, 0xba, 0xad, 0x23, 0xab, 0x01, 0x07 }; static char rssi; static int interfacechannel; static uint8_t myaktap[6]; static uint8_t myaktclient[6]; static uint8_t myaktanonce[32]; static uint8_t myaktsnonce[32]; static uint64_t myaktreplaycount; static char pcapnghwinfo[OPTIONLEN_MAX]; static char pcapngosinfo[OPTIONLEN_MAX]; static char pcapngapplinfo[OPTIONLEN_MAX]; static char pcapngoptioninfo[OPTIONLEN_MAX]; static char pcapngweakcandidate[OPTIONLEN_MAX]; static uint8_t pcapngdeviceinfo[6]; static uint8_t pcapngtimeresolution; static char nmeasentence[OPTIONLEN_MAX]; static char gpwplold[OPTIONLEN_MAX]; static char zeroedpsk[8]; static uint8_t zeroedpmk[32]; static uint8_t calculatedpmk[32]; static uint16_t usedfrequency[0xffff]; static uint8_t beaconchannel[CHANNEL_MAX]; /*===========================================================================*/ /* static inline void debugprint(int len, uint8_t *ptr) { static int p; fprintf(stdout, "\nRAW: "); for(p = 0; p < len; p++) { fprintf(stdout, "%02x", ptr[p]); } fprintf(stdout, "\n"); return; } */ /*===========================================================================*/ static void closelists(void) { if(aplist != NULL) free(aplist); if(messagelist != NULL) free(messagelist); if(handshakelist != NULL) free(handshakelist); if(pmkidlist != NULL) free(pmkidlist); if(eapmd5msglist != NULL) free(eapmd5msglist); if(eapmd5hashlist != NULL) free(eapmd5hashlist); if(eapleapmsglist != NULL) free(eapleapmsglist); if(eapleaphashlist != NULL) free(eapleaphashlist); if(eapmschapv2msglist != NULL) free(eapmschapv2msglist); if(eapmschapv2hashlist != NULL) free(eapmschapv2hashlist); if(tacacsplist != NULL) free(tacacsplist); return; } /*===========================================================================*/ static bool initlists(void) { static const char nastring[] = { "N/A" }; maclistmax = MACLIST_MAX; if((aplist = (maclist_t*)calloc((maclistmax +1), MACLIST_SIZE)) == NULL) return false; aplistptr = aplist; if((messagelist = (messagelist_t*)calloc((MESSAGELIST_MAX +1), MESSAGELIST_SIZE)) == NULL) return false; handshakelistmax = HANDSHAKELIST_MAX; if((handshakelist = (handshakelist_t*)calloc((handshakelistmax +1), HANDSHAKELIST_SIZE)) == NULL) return false; handshakelistptr = handshakelist; pmkidlistmax = PMKIDLIST_MAX; if((pmkidlist = (pmkidlist_t*)calloc((pmkidlistmax +1),PMKIDLIST_SIZE)) == NULL) return false; pmkidlistptr = pmkidlist; if((eapmd5msglist = (eapmd5msglist_t*)calloc((EAPMD5MSGLIST_MAX +1), EAPMD5MSGLIST_SIZE)) == NULL) return false; eapmd5hashlistmax = EAPMD5HASHLIST_MAX; if((eapmd5hashlist = (eapmd5hashlist_t*)calloc((eapmd5hashlistmax +1), EAPMD5HASHLIST_SIZE)) == NULL) return false; eapmd5hashlistptr = eapmd5hashlist; if((eapleapmsglist = (eapleapmsglist_t*)calloc((EAPLEAPMSGLIST_MAX +1), EAPLEAPMSGLIST_SIZE)) == NULL) return false; eapleaphashlistmax = EAPLEAPHASHLIST_MAX; if((eapleaphashlist = (eapleaphashlist_t*)calloc((eapleaphashlistmax +1), EAPLEAPHASHLIST_SIZE)) == NULL) return false; eapleaphashlistptr = eapleaphashlist; if((eapmschapv2msglist = (eapmschapv2msglist_t*)calloc((EAPMSCHAPV2MSGLIST_MAX +1), EAPMSCHAPV2MSGLIST_SIZE)) == NULL) return false; eapmschapv2hashlistmax = EAPMSCHAPV2HASHLIST_MAX; if((eapmschapv2hashlist = (eapmschapv2hashlist_t*)calloc((eapmschapv2hashlistmax +1), EAPMSCHAPV2HASHLIST_SIZE)) == NULL) return false; eapmschapv2hashlistptr = eapmschapv2hashlist; tacacsplistmax = TACACSPLIST_MAX; if((tacacsplist = (tacacsplist_t*)calloc((TACACSPLIST_MAX +1), TACACSPLIST_SIZE)) == NULL) return false; tacacsplistptr = tacacsplist; memset(&pcapnghwinfo, 0, OPTIONLEN_MAX); memset(&pcapngosinfo, 0, OPTIONLEN_MAX); memset(&pcapngapplinfo, 0, OPTIONLEN_MAX); memset(&pcapngoptioninfo, 0, OPTIONLEN_MAX); memset(&pcapngweakcandidate, 0 ,OPTIONLEN_MAX); memset(&pcapngdeviceinfo, 0 ,6); pcapngtimeresolution = TSRESOL_USEC; memset(&myaktap, 0 ,6); memset(&myaktclient, 0 ,6); memset(&nmeasentence, 0, OPTIONLEN_MAX); memset(&gpwplold, 0, OPTIONLEN_MAX); memcpy(&pcapnghwinfo, nastring, 3); memcpy(&pcapngosinfo, nastring, 3); memcpy(&pcapngapplinfo, nastring, 3); memcpy(&pcapngoptioninfo, nastring, 3); memcpy(&pcapngweakcandidate, nastring, 3); ieee80211flag = false; radiotaperrorcount = 0; nmeacount = 0; nmeaerrorcount = 0; endianness = 0; rawpacketcount = 0; pcapreaderrors = 0; skippedpacketcount = 0; zeroedtimestampcount = 0; fcsframecount = 0; fcsgoodframecount = 0; fcsbadframecount = 0; band24count = 0; band5count = 0; band6count = 0; wdscount = 0; actioncount = 0; actionessidcount = 0; awdlcount = 0; beaconcount = 0; beaconssidunsetcount = 0; beaconssidzeroedcount = 0; beaconssidoversizedcount = 0; beaconhcxcount = 0; beaconerrorcount = 0; broadcastmacerrorcount = 0; pagcount = 0; proberesponsecount = 0; proberesponsessidunsetcount = 0; proberesponsessidzeroedcount = 0; proberequestundirectedcount = 0; proberequestdirectedcount = 0; mgtreservedcount = 0; deauthenticationcount = 0; disassociationcount = 0; authenticationcount = 0; authopensystemcount = 0; authseacount = 0; authsharedkeycount = 0; authfbtcount = 0; authfilscount = 0; authfilspfs = 0; authfilspkcount = 0; authnetworkeapcount = 0; authunknowncount = 0; associationrequestcount = 0; associationrequestpskcount = 0; associationrequestftpskcount = 0; associationrequestpsk256count = 0; associationrequestsae256count = 0; associationrequestsae384bcount = 0; associationrequestowecount = 0; reassociationrequestcount = 0; reassociationrequestpskcount = 0; reassociationrequestpsk256count = 0; reassociationrequestsae256count = 0; reassociationrequestsae384bcount = 0; reassociationrequestowecount = 0; ipv4count = 0; icmp4count = 0; ipv6count = 0; icmp6count = 0; tcpcount = 0; udpcount = 0; grecount = 0; protochapcount = 0; protochapreqcount = 0; protochaprespcount = 0; protochapsuccesscount = 0; protopapcount = 0; tacacspcount = 0; tacacsp2count = 0; tacacsp3count = 0; tacacspwrittencount = 0; wepenccount = 0; wpaenccount = 0; eapcount = 0; eapsimcount = 0; eapakacount = 0; eappeapcount = 0; eapmd5count = 0; eapmd5hashcount = 0; eapleapcount = 0; eapleaphashcount = 0; eapmschapv2count = 0; eapmschapv2hashcount = 0; eaptlscount = 0; eapexpandedcount = 0; eapidcount = 0; eapcodereqcount = 0; eapcoderespcount = 0; radiusrequestcount = 0; radiuschallengecount = 0; radiusacceptcount = 0; radiusrejectcount = 0; zeroedpmkidpskcount = 0; zeroedpmkidpmkcount = 0; zeroedeapolpskcount = 0; zeroedeapolpmkcount = 0; pmkidcount = 0; pmkidbestcount = 0; pmkidroguecount = 0; pmkiduselesscount = 0; pmkidfaultycount = 0; pmkidakmcount = 0; pmkidwrittenhcount = 0; pmkidclientwrittenhcount = 0; eapolwrittenjcountdeprecated = 0; pmkidwrittenjcountdeprecated = 0; pmkidwrittencountdeprecated = 0; eapolrc4count = 0; eapolrsncount = 0; eapolwpacount = 0; eapolmsgcount = 0; eapolrelayedcount = 0; eapolnccount = 0; eapolmsgerrorcount = 0; eapolmsgtimestamperrorcount = 0; eapolmpbestcount = 0; eapolmpcount = 0; eapolm1count = 0; eapolm1kdv0count = 0; eapolm1ancount = 0; eapolm1errorcount = 0; eapolm2count = 0; eapolm2oversizedcount = 0; eapolm2kdv0count = 0; eapolm2ftpskcount = 0; eapolm2errorcount = 0; eapolm3count = 0; eapolm3oversizedcount = 0; eapolm3kdv0count = 0; eapolm3errorcount = 0; eapolm4count = 0; eapolm4oversizedcount = 0; eapolm4zeroedcount = 0; eapolm4kdv0count = 0; eapolm4errorcount = 0; eapolwrittencount = 0; eapolncwrittencount = 0; eapolaplesscount = 0; eapolwrittenjcountdeprecated = 0; eapolwrittenhcpxcountdeprecated = 0; eapolwrittenhcpcountdeprecated = 0; eapolm12e2count = 0; eapolm14e4count = 0; eapolm32e2count = 0; eapolm32e3count = 0; eapolm34e3count = 0; eapolm34e4count = 0; eapmd5writtencount = 0; eapmd5johnwrittencount = 0; eapleapwrittencount = 0; eapmschapv2writtencount = 0; identitycount = 0; usernamecount = 0; taglenerrorcount = 0; essidcount = 0; essiderrorcount = 0; deviceinfocount = 0; sequenceerrorcount = 0; essiddupemax = 0; rcgapmax = 0; eaptimegapmax = 0; malformedcount = 0; timestampmin = 0; timestampmax = 0; timestampdiff = 0; timestampstart = 0; captimestampold = 0; memset(&zeroedpsk, 0, 8); memset(&zeroedpmk, 0, 32); memset(&beaconchannel, 0, sizeof(beaconchannel)); memset(&usedfrequency, 0, sizeof(usedfrequency)); return true; } /*===========================================================================*/ static void printcontentinfo(void) { static int c; static uint8_t i; static uint16_t p; if(nmeacount > 0) fprintf(stdout, "NMEA PROTOCOL............................: %ld\n", nmeacount); if(nmeaerrorcount > 0) fprintf(stdout, "NMEA PROTOCOL checksum errors............: %ld\n", nmeaerrorcount); if(endianness == 0) fprintf(stdout, "endianness (capture system)..............: little endian\n"); else fprintf(stdout, "endianness (capture system)..............: big endian\n"); if(rawpacketcount > 0) fprintf(stdout, "packets inside...........................: %ld\n", rawpacketcount); if(skippedpacketcount > 0) fprintf(stdout, "skipped packets..........................: %ld\n", skippedpacketcount); if(fcsframecount > 0) fprintf(stdout, "frames with FCS (radiotap)...............: %ld\n", fcsframecount); if(fcsgoodframecount > 0) fprintf(stdout, "frames with correct FCS (crc)............: %ld\n", fcsgoodframecount); if(fcsbadframecount > 0) fprintf(stdout, "frames with bad FCS (radiotap)...........: %ld\n", fcsbadframecount); if(band24count > 0) fprintf(stdout, "packets received on 2.4 GHz..............: %ld\n", band24count); if(band5count > 0) fprintf(stdout, "packets received on 5 GHz................: %ld\n", band5count); if(band6count > 0) fprintf(stdout, "packets received on 6 GHz................: %ld\n", band6count); if(wdscount > 0) fprintf(stdout, "WIRELESS DISTRIBUTION SYSTEM.............: %ld\n", wdscount); if(deviceinfocount > 0) fprintf(stdout, "frames containing device information.....: %ld\n", deviceinfocount); if(essidcount > 0) fprintf(stdout, "ESSID (total unique).....................: %ld\n", essidcount); if(essiddupemax > 0) { if((essidsvalue > 1) || (donotcleanflag == true)) fprintf(stdout, "ESSID changes (detected maximum).........: %ld\n", essiddupemax); else fprintf(stdout, "ESSID changes (detected maximum).........: %ld (information: option --max-essids=%ld and --all recommended)\n", essiddupemax, essiddupemax +1); } if(beaconcount > 0) { fprintf(stdout, "BEACON (total)...........................: %ld\n", beaconcount); if((beaconchannel[0] &GHZ24) == GHZ24) { fprintf(stdout, "BEACON on 2.4 GHz channel (from IE_TAG)..: "); for(i = 1; i <= 14; i++) { if(beaconchannel[i] != 0) fprintf(stdout, "%d ", i); } fprintf(stdout, "\n"); } if((beaconchannel[0] &GHZ5) == GHZ5) { fprintf(stdout, "BEACON on 5/6 GHz channel (from IE_TAG)..: "); for(i = 15; i < CHANNEL_MAX; i++) { if(beaconchannel[i] != 0) fprintf(stdout, "%d ", i); } fprintf(stdout, "\n"); } } if(beaconssidunsetcount > 0) fprintf(stdout, "BEACON (SSID wildcard/unset).............: %ld\n", beaconssidunsetcount); if(beaconssidzeroedcount > 0) fprintf(stdout, "BEACON (SSID zeroed).....................: %ld\n", beaconssidzeroedcount); if(beaconssidoversizedcount > 0) fprintf(stdout, "BEACON (oversized SSID length)...........: %ld\n", beaconssidoversizedcount); if(pagcount > 0) fprintf(stdout, "BEACON (pwnagotchi)......................: %ld\n", pagcount); if(beaconhcxcount > 0) fprintf(stdout, "BEACON (hcxhash2cap).....................: %ld\n", beaconhcxcount); if(actioncount > 0) fprintf(stdout, "ACTION (total)...........................: %ld\n", actioncount); if(actionessidcount > 0) fprintf(stdout, "ACTION (containing ESSID)................: %ld\n", actionessidcount); if(awdlcount > 0) fprintf(stdout, "AWDL (Apple Wireless Direct Link)........: %ld\n", awdlcount); if(proberequestundirectedcount > 0) fprintf(stdout, "PROBEREQUEST (undirected)................: %ld\n", proberequestundirectedcount); if(proberequestdirectedcount > 0) fprintf(stdout, "PROBEREQUEST (directed)..................: %ld\n", proberequestdirectedcount); if(proberesponsecount > 0) fprintf(stdout, "PROBERESPONSE (total)....................: %ld\n", proberesponsecount); if(proberesponsessidunsetcount > 0) fprintf(stdout, "PROBERESPONSE (SSID unset)...............: %ld\n", proberesponsessidunsetcount); if(proberesponsessidzeroedcount > 0) fprintf(stdout, "PROBERESPONSE (SSID zeroed)..............: %ld\n", proberesponsessidzeroedcount); if(deauthenticationcount > 0) fprintf(stdout, "DEAUTHENTICATION (total).................: %ld\n", deauthenticationcount); if(disassociationcount > 0) fprintf(stdout, "DISASSOCIATION (total)...................: %ld\n", disassociationcount); if(authenticationcount > 0) fprintf(stdout, "AUTHENTICATION (total)...................: %ld\n", authenticationcount); if(authopensystemcount > 0) fprintf(stdout, "AUTHENTICATION (OPEN SYSTEM).............: %ld\n", authopensystemcount); if(authseacount > 0) fprintf(stdout, "AUTHENTICATION (SAE).....................: %ld\n", authseacount); if(authsharedkeycount > 0) fprintf(stdout, "AUTHENTICATION (SHARED KEY)..............: %ld\n", authsharedkeycount); if(authfbtcount > 0) fprintf(stdout, "AUTHENTICATION (FBT).....................: %ld\n", authfbtcount); if(authfilscount > 0) fprintf(stdout, "AUTHENTICATION (FILS)....................: %ld\n", authfilscount); if(authfilspfs > 0) fprintf(stdout, "AUTHENTICATION (FILS PFS)................: %ld\n", authfilspfs); if(authfilspkcount > 0) fprintf(stdout, "AUTHENTICATION (FILS PK..................: %ld\n", authfilspkcount); if(authnetworkeapcount > 0) fprintf(stdout, "AUTHENTICATION (NETWORK EAP).............: %ld\n", authnetworkeapcount); if(authunknowncount > 0) fprintf(stdout, "AUTHENTICATION (unknown).................: %ld\n", authunknowncount); if(associationrequestcount > 0) fprintf(stdout, "ASSOCIATIONREQUEST (total)...............: %ld\n", associationrequestcount); if(associationrequestpskcount > 0) fprintf(stdout, "ASSOCIATIONREQUEST (PSK).................: %ld\n", associationrequestpskcount); if(associationrequestftpskcount > 0) fprintf(stdout, "ASSOCIATIONREQUEST (FT using PSK)........: %ld\n", associationrequestftpskcount); if(associationrequestpsk256count > 0) fprintf(stdout, "ASSOCIATIONREQUEST (PSK SHA256)..........: %ld\n", associationrequestpsk256count); if(associationrequestsae256count > 0) fprintf(stdout, "ASSOCIATIONREQUEST (SAE SHA256)..........: %ld\n", associationrequestsae256count); if(associationrequestsae384bcount > 0) fprintf(stdout, "ASSOCIATIONREQUEST (SAE SHA384 SUITE B)..: %ld\n", associationrequestsae384bcount); if(associationrequestowecount > 0) fprintf(stdout, "ASSOCIATIONREQUEST (OWE).................: %ld\n", associationrequestowecount); if(reassociationrequestcount > 0) fprintf(stdout, "REASSOCIATIONREQUEST (total).............: %ld\n", reassociationrequestcount); if(reassociationrequestpskcount > 0) fprintf(stdout, "REASSOCIATIONREQUEST (PSK)...............: %ld\n", reassociationrequestpskcount); if(reassociationrequestftpskcount > 0) fprintf(stdout, "REASSOCIATIONREQUEST (FT using PSK)......: %ld\n", reassociationrequestftpskcount); if(reassociationrequestpsk256count > 0) fprintf(stdout, "REASSOCIATIONREQUEST (PSK SHA256)........: %ld\n", reassociationrequestpsk256count); if(reassociationrequestsae256count > 0) fprintf(stdout, "REASSOCIATIONREQUEST (SAE SHA256)........: %ld\n", reassociationrequestsae256count); if(reassociationrequestsae384bcount > 0)fprintf(stdout, "REASSOCIATIONREQUEST (SAE SHA384 SUITE B): %ld\n", reassociationrequestsae384bcount); if(reassociationrequestowecount > 0) fprintf(stdout, "REASSOCIATIONREQUEST (OWE)...............: %ld\n", reassociationrequestowecount); if(mgtreservedcount > 0) fprintf(stdout, "RESERVED MANAGEMENT frame................: %ld\n", mgtreservedcount); if(wpaenccount > 0) fprintf(stdout, "WPA encrypted............................: %ld\n", wpaenccount); if(wepenccount > 0) fprintf(stdout, "WEP encrypted............................: %ld\n", wepenccount); if(ipv4count > 0) fprintf(stdout, "IPv4 (total).............................: %ld\n", ipv4count); if(icmp4count > 0) fprintf(stdout, "ICMPv4...................................: %ld\n", icmp4count); if(ipv6count > 0) fprintf(stdout, "IPv6 (total).............................: %ld\n", ipv6count); if(icmp6count > 0) fprintf(stdout, "ICMPv6...................................: %ld\n", icmp6count); if(tcpcount > 0) fprintf(stdout, "TCP (total)..............................: %ld\n", tcpcount); if(udpcount > 0) fprintf(stdout, "UDP (total)..............................: %ld\n", udpcount); if(grecount > 0) fprintf(stdout, "GRE (total)..............................: %ld\n", grecount); if(protochapcount > 0) fprintf(stdout, "PPP-CHAP (total).........................: %ld\n", protochapcount); if(protochapreqcount > 0) fprintf(stdout, "PPP-CHAP request.........................: %ld\n", protochapreqcount); if(protochaprespcount > 0) fprintf(stdout, "PPP-CHAP response........................: %ld\n", protochaprespcount); if(protochapsuccesscount > 0) fprintf(stdout, "PPP-CHAP success.........................: %ld\n", protochapsuccesscount); if(protopapcount > 0) fprintf(stdout, "PPP-PAP..................................: %ld\n", protopapcount); if(tacacspcount > 0) fprintf(stdout, "TACACS+ v1...............................: %ld\n", tacacspcount); if(tacacsp2count > 0) fprintf(stdout, "TACACS+ v2...............................: %ld (unsupported)\n", tacacsp2count); if(tacacsp3count > 0) fprintf(stdout, "TACACS+ v3...............................: %ld (unsupported)\n", tacacsp3count); if(tacacspwrittencount > 0) fprintf(stdout, "TACACS+ written..........................: %ld\n", tacacspwrittencount); if(identitycount > 0) fprintf(stdout, "IDENTITIES...............................: %ld\n", identitycount); if(usernamecount > 0) fprintf(stdout, "USERNAMES................................: %ld\n", usernamecount); if(radiusrequestcount > 0) fprintf(stdout, "RADIUS AUTHENTICATION (REQUEST)..........: %ld\n", radiusrequestcount); if(radiuschallengecount > 0) fprintf(stdout, "RADIUS AUTHENTICATION (CHALLENGE)........: %ld\n", radiuschallengecount); if(radiusacceptcount > 0) fprintf(stdout, "RADIUS AUTHENTICATION (ACCEPT)...........: %ld\n", radiusacceptcount); if(radiusrejectcount > 0) fprintf(stdout, "RADIUS AUTHENTICATION (REJECT)...........: %ld\n", radiusrejectcount); if(eapcount > 0) fprintf(stdout, "EAP (total)..............................: %ld\n", eapcount); if(eapexpandedcount > 0) fprintf(stdout, "EAP-EXPANDED.............................: %ld\n", eapexpandedcount); if(eapcodereqcount > 0) fprintf(stdout, "EAP CODE request.........................: %ld\n", eapcodereqcount); if(eapcoderespcount > 0) fprintf(stdout, "EAP CODE response........................: %ld\n", eapcoderespcount); if(eapidcount > 0) fprintf(stdout, "EAP ID...................................: %ld\n", eapidcount); if(eapsimcount > 0) fprintf(stdout, "EAP-SIM..................................: %ld\n", eapsimcount); if(eapakacount > 0) fprintf(stdout, "EAP-AKA..................................: %ld\n", eapakacount); if(eappeapcount > 0) fprintf(stdout, "EAP-PEAP.................................: %ld\n", eappeapcount); if(eapmd5count > 0) fprintf(stdout, "EAP-MD5 messages.........................: %ld\n", eapmd5count); if(eapmd5hashcount > 0) fprintf(stdout, "EAP-MD5 pairs............................: %ld\n", eapmd5hashcount); if(eapmd5writtencount > 0) fprintf(stdout, "EAP-MD5 pairs written....................: %ld\n", eapmd5writtencount); if(eapmd5johnwrittencount > 0) fprintf(stdout, "EAP-MD5 pairs written to JtR.............: %ld\n", eapmd5johnwrittencount); if(eapleapcount > 0) fprintf(stdout, "EAP-LEAP messages........................: %ld\n", eapleapcount); if(eapleapwrittencount > 0) fprintf(stdout, "EAP-LEAP pairs written...................: %ld\n", eapleapwrittencount); if(eapmschapv2count > 0) fprintf(stdout, "EAP-MSCHAPV2 messages....................: %ld\n", eapmschapv2count); if(eapmschapv2writtencount > 0) fprintf(stdout, "EAP-MSCHAPV2 pairs written...............: %ld\n", eapmschapv2writtencount); if(eaptlscount > 0) fprintf(stdout, "EAP-TLS messages.........................: %ld\n", eaptlscount); if(eapolmsgcount > 0) fprintf(stdout, "EAPOL messages (total)...................: %ld\n", eapolmsgcount); if(eapolrelayedcount > 0) fprintf(stdout, "EAPOL messages relayed (ignored).........: %ld\n", eapolrelayedcount); if(eapolrc4count > 0) fprintf(stdout, "EAPOL RC4 messages.......................: %ld\n", eapolrc4count); if(eapolrsncount > 0) fprintf(stdout, "EAPOL RSN messages.......................: %ld\n", eapolrsncount); if(eapolwpacount > 0) fprintf(stdout, "EAPOL WPA messages.......................: %ld\n", eapolwpacount); if(eaptimegapmax > 0) fprintf(stdout, "EAPOLTIME gap (measured maximum msec)....: %" PRIu64 "\n", eaptimegapmax / 1000000); if(rcgapmax > 1024) rcgapmax = 1024; if((eapolnccount > 0) && (eapolmpcount > 0)) { printf ("EAPOL ANONCE error corrections (NC)......: working\n"); if(rcgapmax > 0) fprintf(stdout, "REPLAYCOUNT gap (suggested NC)...........: %" PRIu64 "\n", (rcgapmax *2 +1)); if(rcgapmax == 0) fprintf(stdout, "REPLAYCOUNT gap (recommended NC).........: 8\n"); } if(eapolnccount == 0) { fprintf(stdout, "EAPOL ANONCE error corrections (NC)......: not detected\n"); if(rcgapmax > 0) fprintf(stdout, "REPLAYCOUNT gap (measured maximum).......: %" PRIu64 "\n", rcgapmax); } if(eapolm1count > 0) fprintf(stdout, "EAPOL M1 messages (total)................: %ld\n", eapolm1count); if(eapolm1kdv0count > 0) fprintf(stdout, "EAPOL M1 messages (KDV:0 AKM defined)....: %ld (PMK not recoverable)\n", eapolm1kdv0count); if(eapolm2count > 0) fprintf(stdout, "EAPOL M2 messages (total)................: %ld\n", eapolm2count); if(eapolm2oversizedcount > 0) fprintf(stdout, "EAPOL M2 messages (oversized)............: %ld\n", eapolm2oversizedcount); if(eapolm2kdv0count > 0) fprintf(stdout, "EAPOL M2 messages (KDV:0 AKM defined)....: %ld (PMK not recoverable)\n", eapolm2kdv0count); if(eapolm2ftpskcount > 0) fprintf(stdout, "EAPOL M2 messages (FT using PSK).........: %ld (PMK not recoverable)\n", eapolm2ftpskcount); if(eapolm3count > 0) fprintf(stdout, "EAPOL M3 messages (total)................: %ld\n", eapolm3count); if(eapolm3oversizedcount > 0) fprintf(stdout, "EAPOL M3 messages (oversized)............: %ld\n", eapolm3oversizedcount); if(eapolm3kdv0count > 0) fprintf(stdout, "EAPOL M3 messages (KDV:0 AKM defined)....: %ld (PMK not recoverable)\n", eapolm3kdv0count); if(eapolm4count > 0) fprintf(stdout, "EAPOL M4 messages (total)................: %ld\n", eapolm4count); if(eapolm4oversizedcount > 0) fprintf(stdout, "EAPOL M4 messages (oversized)............: %ld\n", eapolm4oversizedcount); if(eapolm4zeroedcount > 0) fprintf(stdout, "EAPOL M4 messages (zeroed NONCE).........: %ld\n", eapolm4zeroedcount); if(eapolm4kdv0count > 0) fprintf(stdout, "EAPOL M4 messages (KDV:0 AKM defined)....: %ld (PMK not recoverable)\n", eapolm4kdv0count); if(eapolmpcount > 0) fprintf(stdout, "EAPOL pairs (total)......................: %ld\n", eapolmpcount); if(zeroedeapolpskcount > 0) fprintf(stdout, "EAPOL (from zeroed PSK)..................: %ld (not converted by default options - use --all)\n", zeroedeapolpskcount); if(zeroedeapolpmkcount > 0) fprintf(stdout, "EAPOL (from zeroed PMK)..................: %ld (not converted by default options - use --all)\n", zeroedeapolpmkcount); if(donotcleanflag == false) { if(eapolmpbestcount > 0) fprintf(stdout, "EAPOL pairs (best).......................: %ld\n", eapolmpbestcount); } else { if(eapolmpbestcount > 0) fprintf(stdout, "EAPOL pairs (useful).....................: %ld\n", eapolmpbestcount); } if(eapolaplesscount > 0) fprintf(stdout, "EAPOL ROGUE pairs........................: %ld\n", eapolaplesscount); if(eapolwrittencount > 0) fprintf(stdout, "EAPOL pairs written to 22000 hash file...: %ld (RC checked)\n", eapolwrittencount); if(eapolncwrittencount > 0) fprintf(stdout, "EAPOL pairs written to 22000 hash file...: %ld (RC not checked)\n", eapolncwrittencount); if(eapolwrittenhcpxcountdeprecated > 0) fprintf(stdout, "EAPOL pairs written to old format hccapx.: %ld (RC checked)\n", eapolwrittenhcpxcountdeprecated); if(eapolncwrittenhcpxcountdeprecated > 0) fprintf(stdout, "EAPOL pairs written to old format hccapx.: %ld (RC not checked)\n", eapolncwrittenhcpxcountdeprecated); if(eapolwrittenhcpcountdeprecated > 0) fprintf(stdout, "EAPOL pairs written to old format hccap..: %ld (RC checked)\n", eapolwrittenhcpcountdeprecated); if(eapolwrittenjcountdeprecated > 0) fprintf(stdout, "EAPOL pairs written to old format JtR....: %ld (RC checked)\n", eapolwrittenjcountdeprecated); if(eapolm12e2count > 0) fprintf(stdout, "EAPOL M12E2 (challenge)..................: %ld\n", eapolm12e2count); if(eapolm14e4count > 0) fprintf(stdout, "EAPOL M14E4 (authorized).................: %ld\n", eapolm14e4count); if(eapolm32e2count > 0) fprintf(stdout, "EAPOL M32E2 (authorized).................: %ld\n", eapolm32e2count); if(eapolm32e3count > 0) fprintf(stdout, "EAPOL M32E3 (authorized).................: %ld\n", eapolm32e3count); if(eapolm34e3count > 0) fprintf(stdout, "EAPOL M34E3 (authorized).................: %ld\n", eapolm34e3count); if(eapolm34e4count > 0) fprintf(stdout, "EAPOL M34E4 (authorized).................: %ld\n", eapolm34e4count); if(pmkiduselesscount > 0) fprintf(stdout, "RSN PMKID (useless)......................: %ld\n", pmkiduselesscount); if(pmkidfaultycount > 0) fprintf(stdout, "RSN PMKID (faulty).......................: %ld\n", pmkidfaultycount); if(pmkidcount > 0) fprintf(stdout, "RSN PMKID (total)........................: %ld\n", pmkidcount); if(zeroedpmkidpskcount > 0) fprintf(stdout, "RSN PMKID (from zeroed PSK)..............: %ld (not converted by default options - use --all)\n", zeroedpmkidpskcount); if(zeroedpmkidpmkcount > 0) fprintf(stdout, "RSN PMKID (from zeroed PMK)..............: %ld (not converted by default options - use --all)\n", zeroedpmkidpmkcount); if(donotcleanflag == false) { if(pmkidbestcount > 0) fprintf(stdout, "RSN PMKID (best).........................: %ld\n", pmkidbestcount); } else { if(pmkidbestcount > 0) fprintf(stdout, "RSN PMKID (useful).......................: %ld\n", pmkidbestcount); } if(pmkidroguecount > 0) fprintf(stdout, "RSN PMKID ROGUE..........................: %ld\n", pmkidroguecount); if(pmkidakmcount > 0) fprintf(stdout, "RSN PMKID (KDV:0 AKM defined)............: %ld (PMK not recoverable)\n", pmkidakmcount); if(pmkidwrittenhcount > 0) fprintf(stdout, "RSN PMKID written to 22000 hash file.....: %ld\n", pmkidwrittenhcount); if(pmkidclientwrittenhcount > 0) fprintf(stdout, "RSN PMKID written to 22000 hash file.....: %ld (possible MESH/REPEATER PMKIDs)\n", pmkidclientwrittenhcount); if(pmkidwrittenjcountdeprecated > 0) fprintf(stdout, "RSN PMKID written to old format JtR......: %ld\n", pmkidwrittenjcountdeprecated); if(pmkidwrittencountdeprecated > 0) fprintf(stdout, "RSN PMKID written to old format (1680x)..: %ld\n", pmkidwrittencountdeprecated); if(pcapreaderrors > 0) fprintf(stdout, "packet read error........................: %ld\n", pcapreaderrors); if(radiotaperrorcount > 0) fprintf(stdout, "packet with damaged radiotap header......: %ld\n", radiotaperrorcount); if(zeroedtimestampcount > 0) fprintf(stdout, "packets with zeroed timestamps...........: %ld\n", zeroedtimestampcount); if(eapolmsgtimestamperrorcount > 0) fprintf(stdout, "EAPOL frames with wrong timestamp........: %ld\n", eapolmsgtimestamperrorcount); malformedcount = beaconerrorcount +broadcastmacerrorcount +taglenerrorcount +essiderrorcount +eapolmsgerrorcount; if(malformedcount > 0) fprintf(stdout, "malformed packets (total)................: %ld\n", malformedcount); beaconerrorcount += broadcastmacerrorcount; if(beaconerrorcount > 0) fprintf(stdout, "BEACON error (total malformed packets)...: %ld\n", beaconerrorcount); if(broadcastmacerrorcount > 0) fprintf(stdout, "BROADCAST MAC error (malformed packets)..: %ld\n", broadcastmacerrorcount); if(taglenerrorcount > 0) fprintf(stdout, "IE TAG length error (malformed packets)..: %ld\n", taglenerrorcount); if(essiderrorcount > 0) fprintf(stdout, "ESSID error (malformed packets)..........: %ld\n", essiderrorcount); eapolmsgerrorcount = eapolmsgerrorcount +eapolm1errorcount +eapolm2errorcount +eapolm3errorcount +eapolm4errorcount; if(eapolmsgerrorcount > 0) fprintf(stdout, "EAPOL messages (malformed packets).......: %ld\n", eapolmsgerrorcount); if(radiotappresent == true) { c = 0; fprintf(stdout, "\nfrequency statistics from radiotap header (frequency: received packets)\n" "-----------------------------------------------------------------------\n"); for(p = 2412; p <= 7115; p ++) { if(usedfrequency[p] != 0) { fprintf(stdout, "% 5d: %d\t", p, usedfrequency[p]); c++; if((c %4) == 0) fprintf(stdout, "\n"); } } fprintf(stdout, "\n"); } if(zeroedtimestampcount > 0) { fprintf(stdout, "\nWarning: missing timestamps!\n" "This dump file contains frames with zeroed timestamps.\n" "It prevent calculation of EAPOL TIMEOUT values.\n" "That is a bug of the capturing/cleaning tool.\n"); } if(eapolmsgtimestamperrorcount > 0) { fprintf(stdout, "\nWarning: wrong timestamps!\n" "This dump file contains frames with wrong timestamps.\n" "It prevent calculation of EAPOL TIMEOUT values.\n" "That is a bug of the capturing/cleaning tool.\n"); } if(sequenceerrorcount > 0) { fprintf(stdout, "\nWarning: out of sequence timestamps!\n" "This dump file contains frames with out of sequence timestamps.\n" "That is a bug of the capturing/cleaning tool.\n"); } if(ancientdumpfileformat == true) { fprintf(stdout, "\nInformation: limited dump file format detected!\n" "This file format is a very basic format to save captured network data.\n" "It is recommended to use PCAP Next Generation dump file format (or pcapng for short) instead. " "The PCAP Next Generation dump file format is an attempt to overcome the limitations " "of the currently widely used (but very limited) libpcap (cap, pcap) format.\n" "https://www.wireshark.org/docs/wsug_html_chunked/AppFiles.html#ChAppFilesCaptureFilesSection\n" "https://github.com/pcapng/pcapng\n"); } if(ieee80211flag == false) { fprintf(stdout, "\n"); return; } if(radiotappresent == false) { fprintf(stdout, "\nInformation: radiotap header is missing!\n" "Radiotap is a de facto standard for 802.11 frame injection and " "reception. The radiotap header format is a mechanism to supply " "additional information about frames, from the driver to userspace applications.\n" "https://www.radiotap.org/\n"); } if(magicblockcount > 1) { fprintf(stdout, "\nWarning: this dump file contains more than one custom block!\n" "This always happens if dump files are merged!\n" "Do not merge dump files, because this destroys assigned hash values!\n"); } if(((deauthenticationcount +disassociationcount) >= 100) && ((deauthenticationcount +disassociationcount) <= 10000)) { fprintf(stdout, "\nWarning: too many deauthentication/disassociation frames detected!\n" "That can cause that an ACCESS POINT change channel, reset EAPOL TIMER, " "renew ANONCE and set PMKID to zero. " "This could prevent to calculate a valid EAPOL MESSAGE PAIR, to get a valid PMKID " "or to decrypt the traffic.\n"); } if((deauthenticationcount +disassociationcount) > 10000) { fprintf(stdout, "\nWarning: excessive number of deauthentication/disassociation frames detected!\n" "That can cause that an ACCESS POINT change channel, reset EAPOL TIMER, " "renew ANONCE and set PMKID to zero. " "This could prevent to calculate a valid EAPOL MESSAGE PAIR, to get a valid PMKID " "or to decrypt the traffic.\n"); } if(((beaconcount + proberesponsecount) == 0) && ((associationrequestcount + reassociationrequestcount) == 0)) { fprintf(stdout, "\nInformation: missing frames!\n" "This dump file does not contain BEACON or PROBERESPONSE frames.\n" "This frames contain the ESSID which is mandatory to calculate a PMK.\n" "It always happens if the capture file was cleaned or " "it could happen if filter options are used during capturing. " "That makes it impossible to recover the PSK.\n"); } if(proberequestundirectedcount == 0) { fprintf(stdout, "\nInformation: missing frames!\n" "This dump file does not contain undirected proberequest frames.\n" "An undirected proberequest may contain information about the PSK. " "It always happens if the capture file was cleaned or " "it could happen if filter options are used during capturing.\n" "That makes it hard to recover the PSK.\n"); } if((authenticationcount +associationrequestcount +reassociationrequestcount) == 0) { fprintf(stdout, "\nInformation: missing frames!\n" "This dump file does not contain important frames like authentication, association or reassociation.\n" "It always happens if the capture file was cleaned or " "it could happen if filter options are used during capturing. " "That makes it hard to recover the PSK.\n"); if(timestampdiff < 60000000000) fprintf(stdout, "Duration of the dump tool was a way too short to capture enough additional information.\n"); } if(eapolm1ancount <= 1) { fprintf(stdout, "\nInformation: missing frames!\n" "This dump file does not contain enough EAPOL M1 frames.\n" "It always happens if the capture file was cleaned or " "it could happen if filter options are used during capturing.\n" "That makes it impossible to calculate nonce-error-correction values.\n" "https://hashcat.net/forum/thread-6361.html\n"); if(timestampdiff < 60000000000) fprintf(stdout, "Duration of the dump tool was a way too short to capture enough additional information.\n"); } if((eapolm1count + eapolm2count + eapolm4count > 0) && (eapolm3count == 0)) { fprintf(stdout, "\nInformation: missing EAPOL M3 frames!\n" "This dump file does not contain EAPOL M3 frames (possible packet loss).\n" "It strongly recommended to recapture the traffic or " "to use --all option to convert all possible EAPOL MESSAGE PAIRs.\n"); } if(malformedcount > 5) { fprintf(stdout, "\nInformation: malformed packets detected!\n" "In monitor mode the adapter does not check to see if the cyclic redundancy check (CRC) " "values are correct for packets captured. The device is able to detect the Physical Layer " "Convergence Procedure (PLCP) preamble and is able to synchronize to it, but if there is " "a bit error in the payload it can lead to unexpected results.\n" "Please analyze the dump file with tshark or Wireshark or make a better capture!\n"); } if((eapolwrittencount +eapolncwrittencount +eapolwrittenhcpxcountdeprecated +eapolncwrittenhcpxcountdeprecated +eapolwrittenhcpcountdeprecated +eapolwrittenjcountdeprecated +pmkidwrittenhcount +pmkidwrittenjcountdeprecated +pmkidwrittencountdeprecated +eapmd5writtencount +eapmd5johnwrittencount +eapleapwrittencount +eapmschapv2writtencount +tacacspwrittencount) == 0) { fprintf(stdout, "\nInformation: no hashes written to hash files\n"); } fprintf(stdout, "\n"); return; } /*===========================================================================*/ static void printlinklayerinfo(void) { static uint32_t c; static time_t tvmin; static time_t tvmax; static char timestringmin[32]; static char timestringmax[32]; radiotappresent = false; tvmin = timestampmin /1000000000; strftime(timestringmin, 32, "%d.%m.%Y %H:%M:%S", gmtime(&tvmin)); tvmax = timestampmax /1000000000; timestampdiff = timestampmax - timestampmin; strftime(timestringmax, 32, "%d.%m.%Y %H:%M:%S", gmtime(&tvmax)); fprintf(stdout, "timestamp minimum (timestamp)............: %s (%ld)\n", timestringmin, tvmin); fprintf(stdout, "timestamp maximum (timestamp)............: %s (%ld)\n", timestringmax, tvmax); if(timestampdiff > 0) { if(timestampdiff > 60000000000) fprintf(stdout, "duration of the dump tool (minutes)......: %" PRIu64 "\n", timestampdiff / 60000000000); else fprintf(stdout, "duration of the dump tool (seconds)......: %" PRIu64 "\n", timestampdiff / 1000000000); } fprintf(stdout, "used capture interfaces..................: %d\n", iface); for(c = 0; c < iface; c++) { if(c > 0) { if(dltlinktype[c] == dltlinktype[c -1]) continue; } if(dltlinktype[c] == DLT_IEEE802_11_RADIO) { fprintf(stdout, "link layer header type...................: DLT_IEEE802_11_RADIO (%d)\n", dltlinktype[c]); radiotappresent = true; } else if(dltlinktype[c] == DLT_IEEE802_11) fprintf(stdout, "link layer header type...................: DLT_IEEE802_11 (%d) very basic format without any additional information about the quality\n", dltlinktype[c]); else if(dltlinktype[c] == DLT_PPI) fprintf(stdout, "link layer header type...................: DLT_PPI (%d)\n", dltlinktype[c]); else if(dltlinktype[c] == DLT_PRISM_HEADER) fprintf(stdout, "link layer header type...................: DLT_PRISM_HEADER (%d)\n", dltlinktype[c]); else if(dltlinktype[c] == DLT_IEEE802_11_RADIO_AVS) fprintf(stdout, "link layer header type...................: DLT_IEEE802_11_RADIO_AVS (%d)\n", dltlinktype[c]); else if(dltlinktype[c] == DLT_EN10MB) fprintf(stdout, "link layer header type...................: DLT_EN10MB (%d)\n", dltlinktype[c]); else if(dltlinktype[c] == DLT_NULL) fprintf(stdout, "link layer header type...................: DLT_NULL (BSD LO) (%d)\n", dltlinktype[c]); } return; } /*===========================================================================*/ static void outputwordlists(void) { static int wecl; static maclist_t *zeigermac, *zeigermacold; zeigermacold = NULL; qsort(aplist, aplistptr -aplist, MACLIST_SIZE, sort_maclist_by_essidlen); wecl = strlen(pcapngweakcandidate); if((wecl > 0) && (wecl < 64) && (strcmp(pcapngweakcandidate, "N/A") != 0)) { if(fh_essid != NULL) fprintf(fh_essid, "%s\n", pcapngweakcandidate); } for(zeigermac = aplist; zeigermac < aplistptr; zeigermac++) { if((zeigermacold != NULL) && (zeigermac->essidlen == zeigermacold->essidlen)) { if(memcmp(zeigermac->essid, zeigermacold->essid, zeigermac->essidlen) == 0) continue; } if(fh_essid != NULL) fwriteessidstr(zeigermac->essidlen, zeigermac->essid, fh_essid); if((fh_essidproberequest != NULL) && (zeigermac->status == ST_PROBE_REQ)) fwriteessidstr(zeigermac->essidlen, zeigermac->essid, fh_essidproberequest); if((fh_essidproberequest != NULL) && (zeigermac->status == ST_ACT_MR_REQ)) fwriteessidstr(zeigermac->essidlen, zeigermac->essid, fh_essidproberequest); essidcount++; zeigermacold = zeigermac; } return; } /*===========================================================================*/ static void outputdeviceinfolist(void) { static int p; static maclist_t *zeigermac; if(fh_deviceinfo == NULL) return; qsort(aplist, aplistptr -aplist, MACLIST_SIZE, sort_maclist_by_manufacturer); for(zeigermac = aplist; zeigermac < aplistptr; zeigermac++) { if((zeigermac->manufacturerlen == 0) && (zeigermac->modellen == 0) && (zeigermac->serialnumberlen == 0) && (zeigermac->devicenamelen == 0) && (zeigermac->enrolleelen == 0)) continue; if((zeigermac->manufacturer[0] == 0) && (zeigermac->model[0] == 0) && (zeigermac->serialnumber[0] == 0) && (zeigermac->devicename[0] == 0)) continue; for(p = 0; p < 6; p++) fprintf(fh_deviceinfo, "%02x", zeigermac->addr[p]); fwritedeviceinfostr(zeigermac->manufacturerlen, zeigermac->manufacturer, fh_deviceinfo); fwritedeviceinfostr(zeigermac->modellen, zeigermac->model, fh_deviceinfo); fwritedeviceinfostr(zeigermac->serialnumberlen, zeigermac->serialnumber, fh_deviceinfo); fwritedeviceinfostr(zeigermac->devicenamelen, zeigermac->devicename, fh_deviceinfo); if(zeigermac->enrolleelen != 0) { fprintf(fh_deviceinfo, "\t"); for(p = 0; p < zeigermac->enrolleelen; p++) fprintf(fh_deviceinfo, "%02x", zeigermac->enrollee[p]); } fwritedeviceinfostr(zeigermac->essidlen, zeigermac->essid, fh_deviceinfo); fprintf(fh_deviceinfo, "\n"); deviceinfocount++; } return; } /*===========================================================================*/ static void writecsv(uint64_t timestamp, uint8_t *mac, tags_t *tags) { static int c; static int p; static time_t tvo; static float latitude; static char ew; static float longitude; static float latm, lonm; static int fix; static int satcount; static float hdop; static float altitude; static char altunit; static char ns; static const char gpgga[] = "$GPGGA"; static const char gprmc[] = "$GPRMC"; static char timestring[24]; if(tags->essidlen == 0) return; if(tags->essid[0] == 0) return; tvo = timestamp /1000000000; strftime(timestring, 24, "%Y-%m-%d\t%H:%M:%S", gmtime(&tvo)); if((tags->essidlen != 0) && (tags->essid[0] != 0)) fprintf(fh_csv, "%s\t%02x:%02x:%02x:%02x:%02x:%02x\t%.*s\t", timestring, mac[0], mac[1], mac[2], mac[3], mac[4], mac[5], tags->essidlen, tags->essid); else fprintf(fh_csv, "%s\t%02x:%02x:%02x:%02x:%02x:%02x\t\t", timestring, mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]); if(tags->kdversion == 0) fprintf(fh_csv, "OPEN"); if((tags->kdversion & KV_WPAIE) == KV_WPAIE) fprintf(fh_csv, "[WPA1]"); if((tags->kdversion & KV_RSNIE) == KV_RSNIE) fprintf(fh_csv, "[WPA2]"); fprintf(fh_csv, "\t"); if((tags->cipher & TCS_TKIP) == TCS_TKIP) fprintf(fh_csv, "[TKIP]"); if((tags->cipher & TCS_CCMP) == TCS_CCMP) fprintf(fh_csv, "[CCMP]"); if((tags->cipher & TCS_WEP40) == TCS_WEP40) fprintf(fh_csv, "[WEP40]"); if((tags->cipher & TCS_WEP104) == TCS_WEP104) fprintf(fh_csv, "[WEP104]"); if((tags->cipher & TCS_WRAP) == TCS_WRAP) fprintf(fh_csv, "[WRAP]"); if((tags->cipher & TCS_BIP) == TCS_BIP) fprintf(fh_csv, "[BIP]"); if((tags->cipher & TCS_NOT_ALLOWED) == TCS_NOT_ALLOWED) fprintf(fh_csv, "[NOT_ALLOWED]"); fprintf(fh_csv, "\t"); if((tags->akm & TAK_PSK) == TAK_PSK) fprintf(fh_csv, "[PSK]"); if((tags->akm & TAK_PSKSHA256) == TAK_PSKSHA256) fprintf(fh_csv, "[PSK_SHA256]"); if((tags->akm & TAK_PMKSA) == TAK_PMKSA) fprintf(fh_csv, "[PMKSA]"); if((tags->akm & TAK_PMKSA256) == TAK_PMKSA256) fprintf(fh_csv, "[PMKSA_SHA256]"); if((tags->akm & TAK_FT) == TAK_FT) fprintf(fh_csv, "[FT]"); if((tags->akm & TAK_FT_PSK) == TAK_FT_PSK) fprintf(fh_csv, "[FT_PSK]"); if((tags->akm & TAK_FT_SAE) == TAK_FT_SAE) fprintf(fh_csv, "[FT_SAE]"); if((tags->akm & TAK_TDLS) == TAK_TDLS) fprintf(fh_csv, "[TDLS]"); if((tags->akm & TAK_SAE_SHA256) == TAK_SAE_SHA256) fprintf(fh_csv, "[SAE_SHA256]"); if((tags->akm & TAK_SAE_SHA256B) == TAK_SAE_SHA256B) fprintf(fh_csv, "[SAE_SHA256B]"); if((tags->akm & TAK_SAE_SHA384B) == TAK_SAE_SHA384B) fprintf(fh_csv, "[SAE_SHA384B]"); if((tags->akm & TAK_AP_PKA) == TAK_AP_PKA) fprintf(fh_csv, "[AP_PKA]"); if((tags->akm & TAK_OWE) == TAK_OWE) fprintf(fh_csv, "[OWE]"); fprintf(fh_csv, "\t"); if((tags->country[0] >= 'A') && (tags->country[0] <= 'Z') && (tags->country[1] >= 'A') && (tags->country[1] <= 'Z')) fprintf(fh_csv,"%c%c\t", tags->country[0], tags->country[1]); else fprintf(fh_csv,"00\t"); if(tags->channel != 0) fprintf(fh_csv,"%d\t", tags->channel); else fprintf(fh_csv,"%d\t", interfacechannel); fprintf(fh_csv, "%d\t", rssi); p = 7; c = 0; latitude = 0; longitude = 0; ew = 'E'; ns = 'S'; latm = 0; lonm = 0; fix = 0; satcount = 0; hdop = 0; altitude = 0; altunit = 'M'; if(nmealen < 48) { fprintf(fh_csv, "%f\t%c\t%f\t%c\t%f\t%f\t%d\t%d\t%f\t%f\t%c\n", latitude, ew, longitude, ns, latm, lonm, fix, satcount, hdop, altitude, altunit); return; } if(memcmp(&gpgga, nmeasentence, 6) == 0) { while((nmeasentence[p] != 0) && (c < 1)) { if(nmeasentence[p] == ',') c++; p++; } sscanf(&nmeasentence[p],"%f,%c,%f,%c,%d,%d,%f,%f,%c", &latitude, &ew, &longitude, &ns, &fix, &satcount, &hdop, &altitude, &altunit); if(latitude != 0) latm = ((int)latitude) /100 + (((int)latitude) %100 +latitude -(int)latitude)/60; if(longitude != 0) lonm = ((int)longitude) /100 + (((int)longitude) %100 +longitude -(int)longitude)/60; if(ew == 'W') latm =-latm; if(ns == 'S') lonm =-lonm; fprintf(fh_csv, "%f\t%c\t%f\t%c\t%f\t%f\t%d\t%d\t%f\t%f\t%c\n", latitude, ew, longitude, ns, latm, lonm, fix, satcount, hdop, altitude, altunit); return; } if(memcmp(&gprmc, nmeasentence, 6) == 0) { while((nmeasentence[p] != 0) && (c < 2)) { if(nmeasentence[p] == ',') c++; p++; } sscanf(&nmeasentence[p],"%f,%c,%f,%c", &latitude, &ew, &longitude, &ns); if(latitude != 0) latm = ((int)latitude) /100 + (((int)latitude) %100 +latitude -(int)latitude)/60; if(longitude != 0) lonm = ((int)longitude) /100 + (((int)longitude) %100 +longitude -(int)longitude)/60; if(ew == 'W') latm =-latm; if(ns == 'S') lonm =-lonm; fprintf(fh_csv, "%f\t%c\t%f\t%c\t%f\t%f\t%d\t%d\t%f\t%f\t%c\n", latitude, ew, longitude, ns, latm, lonm, fix, satcount, hdop, altitude, altunit); return; } return; } /*===========================================================================*/ static void writegpwpl(uint8_t *mac) { static int c; static int cs; static int cc, ca, ce; static int gpwpllen; static char *gpwplptr; static const char gpgga[] = "$GPGGA"; static const char gprmc[] = "$GPRMC"; static char gpwpl[NMEA_MAX]; if(nmealen < 48) return; gpwpl[0] = 0; c = 0; cc = 0; ca = 0; ce = 0; if(memcmp(&gprmc, nmeasentence, 6) == 0) { while(nmeasentence[c] != 0) { if(nmeasentence[c] == ',') { cc++; if(cc == 3) ca = c +1; if(cc == 7) { ce = c; break; } } c++; } if(ce > ca) snprintf(gpwpl, NMEA_MAX-1, "$GPWPL,%.*s,%02x%02x%02x%02x%02x%02x*", ce-ca, &nmeasentence[ca], mac[0] , mac[1], mac[2], mac[3], mac[4], mac[5]); } else if(memcmp(&gpgga, nmeasentence, 6) == 0) { while(nmeasentence[c] != 0) { if(nmeasentence[c] == ',') { cc++; if(cc == 2) ca = c +1; if(cc == 6) { ce = c; break; } } c++; } if(ce > ca) snprintf(gpwpl, NMEA_MAX-1, "$GPWPL,%.*s,%02x%02x%02x%02x%02x%02x*", ce-ca, &nmeasentence[ca], mac[0] , mac[1], mac[2], mac[3], mac[4], mac[5]); } else return; if(gpwpl[0] == 0) return; gpwplptr = gpwpl+1; c = 0; cs = 0; while(gpwplptr[c] != '*') { cs ^= gpwplptr[c]; gpwplptr++; } snprintf(gpwplptr +1, NMEA_MAX -44, "%02x", cs); gpwpllen = strlen(gpwpl); if(memcmp(&gpwplold, &gpwpl, gpwpllen) != 0) fprintf(fh_nmea, "%s\n", gpwpl); memcpy(&gpwplold, &gpwpl, gpwpllen); return; } /*===========================================================================*/ static void outputtacacsplist(void) { static uint32_t c; static tacacsplist_t *zeiger, *zeigerold; if(tacacsplist == tacacsplistptr) return; zeiger = tacacsplist; zeigerold = tacacsplist; if(fh_tacacsp != NULL) { fprintf(fh_tacacsp, "$tacacs-plus$0$%08x$", zeiger->sessionid); for(c = 0; c < zeiger->len; c++) fprintf(fh_tacacsp, "%02x", zeiger->data[c]); fprintf(fh_tacacsp, "$%02x%02x\n", zeiger->version, zeiger->sequencenr); tacacspwrittencount++; } for(zeiger = tacacsplist +1; zeiger < tacacsplistptr; zeiger++) { if((zeigerold->sessionid == zeiger->sessionid) && (zeigerold->sequencenr == zeiger->sequencenr) && (zeigerold->len == zeiger->len) && (memcmp(zeigerold->data, zeiger->data, zeiger->len) == 0)) continue; if(fh_tacacsp != NULL) { fprintf(fh_tacacsp, "$tacacs-plus$0$%08x$", zeiger->sessionid); for(c = 0; c < zeiger->len; c++) fprintf(fh_tacacsp, "%02x", zeiger->data[c]); fprintf(fh_tacacsp, "$%02x%02x\n", zeiger->version, zeiger->sequencenr); tacacspwrittencount++; } zeigerold = zeiger; } return; } /*===========================================================================*/ static void processtacacsppacket(uint32_t restlen, uint8_t *tacacspptr) { static uint32_t authlen; static tacacsp_t *tacacsp; static tacacsplist_t *tacacsplistnew; if(restlen < (uint32_t)TACACSP_SIZE) return; tacacsp = (tacacsp_t*)tacacspptr; if(tacacsp->type == TACACS2_AUTHENTICATION) { tacacsp2count++; return; } if(tacacsp->type == TACACS3_AUTHENTICATION) { tacacsp3count++; return; } if(tacacsp->type != TACACS_AUTHENTICATION) return; authlen = ntohl(tacacsp->len); if((authlen > restlen -TACACSP_SIZE) || (authlen > TACACSPMAX_LEN)) return; if(tacacsplistptr >= tacacsplist +tacacsplistmax) { tacacsplistnew = (tacacsplist_t*)realloc(tacacsplist, (tacacsplistmax +TACACSPLIST_MAX) *TACACSPLIST_SIZE); if(tacacsplistnew == NULL) { printf("failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } tacacsplist = tacacsplistnew; tacacsplistptr = tacacsplistnew +tacacsplistmax; tacacsplistmax += TACACSPLIST_MAX; } memset(tacacsplistptr, 0, TACACSPLIST_SIZE); tacacsplistptr->version = tacacsp->version; tacacsplistptr->sequencenr = tacacsp->sequencenr; tacacsplistptr->sessionid = ntohl(tacacsp->sessionid); tacacsplistptr->len = authlen; memcpy(tacacsplistptr->data, tacacsp->data, authlen); tacacsplistptr++; tacacspcount++; return; } /*===========================================================================*/ static void processprotochappacket(uint32_t restlen, uint8_t *chapptr) { static chap_t *chap; if(restlen < (uint32_t)CHAP_SIZE) return; chap = (chap_t*)chapptr; if(chap->code == CHAP_CODE_REQ) protochapreqcount++; else if(chap->code == CHAP_CODE_RESP) protochaprespcount++; else if(chap->code == CHAP_CODE_SUCCESS) protochapsuccesscount++; protochapcount++; return; } /*===========================================================================*/ static void processprotopapppacket(void) { protopapcount++; return; } /*===========================================================================*/ static void processptppacket(uint32_t restlen, uint8_t *ptpptr) { static ptp_t *ptp; if(restlen < (uint32_t)PTP_SIZE) return; ptp = (ptp_t*)ptpptr; if(ntohs(ptp->type) == PROTO_CHAP) processprotochappacket(restlen -PTP_SIZE, ptpptr +PTP_SIZE); else if(ntohs(ptp->type) == PROTO_PAP) processprotopapppacket(); return; } /*===========================================================================*/ static void processgrepacket(uint32_t restlen, uint8_t *greptr) { static gre_t *gre; static uint32_t ofco; if(restlen < (uint32_t)GRE_SIZE) return; gre = (gre_t*)greptr; if((ntohs(gre->flags) & GRE_MASK_VERSION) != 0x1) return; /* only GRE v1 supported */ ofco = 0; if((ntohs(gre->flags) & GRE_FLAG_SNSET) == GRE_FLAG_SNSET) ofco += 4; if((ntohs(gre->flags) & GRE_FLAG_ACKSET) == GRE_FLAG_ACKSET) ofco +=4; if(ntohs(gre->type) == GREPROTO_PPP) processptppacket(restlen -GRE_SIZE -ofco, greptr +GRE_SIZE +ofco); grecount++; return; } /*===========================================================================*/ static void processradiuspacket(uint64_t timestamp, uint32_t restlen, uint8_t *radiusptr) { static radius_t *radius; static uint16_t radiuslen; if(restlen < RADIUS_MIN_SIZE) return; radius = (radius_t*)radiusptr; radiuslen = ntohs(radius->len); if(restlen != radiuslen) return; if(radius->code ==RADIUS_ACCESS_REQUEST) radiusrequestcount++; else if(radius->code == RADIUS_ACCESS_ACCEPT) radiusacceptcount++; else if(radius->code == RADIUS_ACCESS_REJECT) radiusrejectcount++; else if(radius->code == RADIUS_ACCESS_CHALLENGE) radiuschallengecount++; timestamp = timestamp; return; } /*===========================================================================*/ static void processudppacket(uint64_t timestamp, uint32_t restlen, uint8_t *udpptr) { static udp_t *udp; static uint16_t udplen; static uint16_t udpsourceport; static uint16_t udpdestinationport; if(restlen < UDP_SIZE) return; udp = (udp_t*)udpptr; udplen = ntohs(udp->len); if(restlen < udplen) return; udpcount++; udpsourceport = ntohs(udp->sourceport); udpdestinationport = ntohs(udp->destinationport); if((udpsourceport == UDP_RADIUS_PORT) || (udpdestinationport == UDP_RADIUS_PORT)) processradiuspacket(timestamp, restlen -UDP_SIZE, udpptr +UDP_SIZE); return; } /*===========================================================================*/ static void processtcppacket(uint64_t timestamp, uint32_t restlen, uint8_t *tcpptr) { static uint32_t tcplen; static tcp_t *tcp; static tacacsp_t *tacacsp; if(restlen < TCP_SIZE_MIN) return; tcp = (tcp_t*)tcpptr; tcplen = byte_swap_8(tcp->len) *4; if(restlen < tcplen) return; if(restlen >= (uint32_t)TCP_SIZE_MIN +(uint32_t)TACACSP_SIZE) { tacacsp = (tacacsp_t*)(tcpptr +tcplen); if(tacacsp->version == TACACSP_VERSION) processtacacsppacket(restlen -tcplen, tcpptr +tcplen); } tcpcount++; //dummy code to satisfy gcc untill full code is implemented timestamp = timestamp; return; } /*===========================================================================*/ static void processicmp4(void) { icmp4count++; return; } /*===========================================================================*/ static void processipv4(uint64_t timestamp, uint32_t restlen, uint8_t *ipv4ptr) { static ipv4_t *ipv4; static uint32_t ipv4len; if(restlen < IPV4_SIZE_MIN) return; ipv4 = (ipv4_t*)ipv4ptr; if((ipv4->ver_hlen & 0xf0) != 0x40) return; ipv4len = (ipv4->ver_hlen & 0x0f) *4; if(restlen < ipv4len) return; if(ipv4->nextprotocol == NEXTHDR_TCP) processtcppacket(timestamp, ntohs(ipv4->len) -ipv4len, ipv4ptr +ipv4len); else if(ipv4->nextprotocol == NEXTHDR_UDP) processudppacket(timestamp, ntohs(ipv4->len) -ipv4len, ipv4ptr +ipv4len); else if(ipv4->nextprotocol == NEXTHDR_ICMP4) processicmp4(); else if(ipv4->nextprotocol == NEXTHDR_GRE) processgrepacket(ntohs(ipv4->len) -ipv4len, ipv4ptr +ipv4len); ipv4count++; return; } /*===========================================================================*/ static void processicmp6(void) { icmp6count++; return; } /*===========================================================================*/ static void processipv6(uint64_t timestamp, uint16_t restlen, uint8_t *ipv6ptr) { static ipv6_t *ipv6; if(restlen < IPV6_SIZE) return; ipv6 = (ipv6_t*)ipv6ptr; if((ntohl(ipv6->ver_class) & 0xf0000000) != 0x60000000) return; if(restlen < ntohs(ipv6->len)) return; if(ipv6->nextprotocol == NEXTHDR_TCP) processtcppacket(timestamp, restlen, ipv6ptr +IPV6_SIZE); else if(ipv6->nextprotocol == NEXTHDR_UDP) processudppacket(timestamp, restlen, ipv6ptr +IPV6_SIZE); else if(ipv6->nextprotocol == NEXTHDR_ICMP6) processicmp6(); else if(ipv6->nextprotocol == NEXTHDR_GRE) processgrepacket(restlen, ipv6ptr +IPV6_SIZE); ipv6count++; return; } /*===========================================================================*/ static inline bool mschapv2_challenge_hash(uint8_t *peer_challenge, uint8_t *auth_challenge, uint8_t *username, size_t usernamelen, uint8_t *challenge) { static unsigned int shalen; static EVP_MD_CTX* mdctx; static uint8_t shahash[EVP_MAX_MD_SIZE]; shalen = 40; mdctx = EVP_MD_CTX_create(); if(mdctx == NULL) return false; if(EVP_DigestInit_ex(mdctx, EVP_sha1(), NULL) == 0) { EVP_MD_CTX_free(mdctx); return false; } shalen = MSCHAPV2_CHALLENGE_LEN_MAX; if(EVP_DigestUpdate(mdctx, peer_challenge, MSCHAPV2_CHALLENGE_PEER_LEN_MAX) == 0) { EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestUpdate(mdctx, auth_challenge, MSCHAPV2_CHALLENGE_PEER_LEN_MAX) == 0) { EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestUpdate(mdctx, username, usernamelen) == 0) { EVP_MD_CTX_free(mdctx); return false; } if(EVP_DigestFinal_ex(mdctx, shahash, &shalen) == 0) { EVP_MD_CTX_free(mdctx); return false; } EVP_MD_CTX_free(mdctx); memcpy(challenge, shahash, MSCHAPV2_CHALLENGE_LEN_MAX); return true; } /*===========================================================================*/ static inline size_t mschapv2_username_clean(uint8_t *username, size_t usernamelen, uint8_t *usernameclean) { static char *ptr; ptr = (char*)memchr(username, '\\', usernamelen); if(ptr == NULL) { memcpy(usernameclean, username, usernamelen); return usernamelen; } memcpy(usernameclean, ptr +1, username +usernamelen -(uint8_t*)ptr -1); return (username +usernamelen -(uint8_t*)ptr -1); } /*===========================================================================*/ static void outputeapmschapv2hashlist(void) { static eapmschapv2hashlist_t *zeiger, *zeigerold; static uint8_t challenge[MSCHAPV2_CHALLENGE_LEN_MAX]; static uint8_t usernameclean[MSCHAPV2USERNAME_LEN_MAX]; static size_t usernamecleanlen; zeiger = eapmschapv2hashlist; zeigerold = NULL; qsort(eapmschapv2hashlist, eapmschapv2hashlistptr -eapmschapv2hashlist, EAPMSCHAPV2HASHLIST_SIZE, sort_eapmschapv2hashlist_by_id); for(zeiger = eapmschapv2hashlist; zeiger < eapmschapv2hashlistptr; zeiger++) { if((zeigerold != NULL) && (zeigerold->id == zeiger->id) && (zeigerold->mschapv2usernamelen == zeiger->mschapv2usernamelen) && (memcmp(zeigerold->mschapv2username, zeiger->mschapv2username, zeiger->mschapv2usernamelen) == 0) && (memcmp(zeigerold->mschapv2request, zeiger->mschapv2request, MSCHAPV2REQ_LEN_MAX) == 0) && (memcmp(zeigerold->mschapv2response, zeiger->mschapv2response, MSCHAPV2RESP_LEN_MAX) == 0)) continue; if(fh_eapleap != NULL) { usernamecleanlen = mschapv2_username_clean(zeiger->mschapv2username, zeiger->mschapv2usernamelen, usernameclean); if(mschapv2_challenge_hash(zeiger->mschapv2response, zeiger->mschapv2request, usernameclean, usernamecleanlen, challenge) == false) continue; fprintf(fh_eapleap, "%.*s::::%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x%02x%02x\n", (int)zeiger->mschapv2usernamelen, zeiger->mschapv2username, zeiger->mschapv2response[24], zeiger->mschapv2response[25], zeiger->mschapv2response[26], zeiger->mschapv2response[27], zeiger->mschapv2response[28], zeiger->mschapv2response[29], zeiger->mschapv2response[30], zeiger->mschapv2response[31], zeiger->mschapv2response[32], zeiger->mschapv2response[33], zeiger->mschapv2response[34], zeiger->mschapv2response[35], zeiger->mschapv2response[36], zeiger->mschapv2response[37], zeiger->mschapv2response[38], zeiger->mschapv2response[39], zeiger->mschapv2response[40], zeiger->mschapv2response[41], zeiger->mschapv2response[42], zeiger->mschapv2response[43], zeiger->mschapv2response[44], zeiger->mschapv2response[45], zeiger->mschapv2response[46], zeiger->mschapv2response[47], challenge[0], challenge[1], challenge[2], challenge[3], challenge[4], challenge[5], challenge[6], challenge[7]); eapmschapv2writtencount++; } zeigerold = zeiger; } return; } /*===========================================================================*/ static void addeapmschapv2hash(uint8_t id, uint8_t mschapv2usernamelen, uint8_t *mschapv2username, uint8_t *mschapv2request, uint8_t *mschapv2response) { static eapmschapv2hashlist_t *eapmschapv2hashlistnew; eapmschapv2hashcount++; if(eapmschapv2hashlistptr >= eapmschapv2hashlist +eapmschapv2hashlistmax) { eapmschapv2hashlistnew = (eapmschapv2hashlist_t*)realloc(eapmschapv2hashlist, (eapmschapv2hashlistmax +EAPMSCHAPV2HASHLIST_MAX) *EAPMSCHAPV2HASHLIST_SIZE); if(eapmschapv2hashlistnew == NULL) { printf("failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } eapmschapv2hashlist = eapmschapv2hashlistnew; eapmschapv2hashlistptr = eapmschapv2hashlistnew +eapmschapv2hashlistmax; eapmschapv2hashlistmax += EAPMSCHAPV2HASHLIST_MAX; } memset(eapmschapv2hashlistptr, 0, EAPMSCHAPV2HASHLIST_SIZE); eapmschapv2hashlistptr->id = id; memcpy(eapmschapv2hashlistptr->mschapv2request, mschapv2request, MSCHAPV2REQ_LEN_MAX); memcpy(eapmschapv2hashlistptr->mschapv2response, mschapv2response, MSCHAPV2RESP_LEN_MAX); eapmschapv2hashlistptr->mschapv2usernamelen = mschapv2usernamelen; memcpy(eapmschapv2hashlistptr->mschapv2username, mschapv2username, mschapv2usernamelen); eapmschapv2hashlistptr++; return; } /*===========================================================================*/ static void processexteapmschapv2(uint64_t eaptimestamp, uint8_t *macto, uint8_t *macfm, uint8_t eapcode, uint32_t restlen, uint8_t *eapmschapv2ptr) { static eapmschapv2_t *eapmschapv2; static uint16_t eaplen; static uint16_t mschapv2len; static eapmschapv2msglist_t *zeiger; static uint32_t mschapv2usernamelen; static uint8_t *mschapv2usernameptr; eapmschapv2count++; eapmschapv2 = (eapmschapv2_t*)eapmschapv2ptr; eaplen = ntohs(eapmschapv2->eaplen); mschapv2len = ntohs(eapmschapv2->mschapv2len); if(eaplen > restlen) return; if((eapcode == EAP_CODE_REQ) && (eapmschapv2->opcode == EAP_MSCHAPV2_OPCODE_REQ)) { zeiger = eapmschapv2msglist +EAPMSCHAPV2MSGLIST_MAX; if(eapmschapv2->mschapv2valuesize != MSCHAPV2REQ_LEN_MAX) return; memset(zeiger, 0, EAPMSCHAPV2MSGLIST_SIZE); zeiger->timestamp = eaptimestamp; memcpy(zeiger->ap, macfm, 6); memcpy(zeiger->client, macto, 6); zeiger->type = EAP_CODE_REQ; zeiger->id = eapmschapv2->id; memcpy(zeiger->mschapv2request, eapmschapv2->mschapv2data, eapmschapv2->mschapv2valuesize); mschapv2usernamelen = eaplen -EAPMSCHAPV2_SIZE -eapmschapv2->mschapv2valuesize; if(mschapv2usernamelen > MSCHAPV2USERNAME_LEN_MAX) return; if(EAPMSCHAPV2_SIZE +MSCHAPV2REQ_LEN_MAX +mschapv2usernamelen > restlen) return; mschapv2usernameptr = eapmschapv2ptr +EAPMSCHAPV2_SIZE +eapmschapv2->mschapv2valuesize; if((fh_identity != 0) && (mschapv2usernamelen > 0)) { fwritestring(mschapv2usernamelen, mschapv2usernameptr, fh_identity); identitycount++; } qsort(eapmschapv2msglist, EAPMSCHAPV2MSGLIST_MAX +1, EAPMSCHAPV2MSGLIST_SIZE, sort_eapmschapv2msglist_by_timestamp); } else if((eapcode == EAP_CODE_RESP) && (eapmschapv2->opcode == EAP_MSCHAPV2_OPCODE_RESP)) { zeiger = eapmschapv2msglist +EAPMSCHAPV2MSGLIST_MAX; if(mschapv2len != eaplen -EXTEAP_SIZE) return; if(memcmp(&zeroed32, eapmschapv2->mschapv2data +MSCHAPV2_CHALLENGE_PEER_LEN_MAX +MSCHAPV2_RESERVED_LEN_MAX, MSCHAPV2_NTRESPONSE_LEN_MAX) == 0) return; if(eapmschapv2->mschapv2valuesize != MSCHAPV2RESP_LEN_MAX) return; memset(zeiger, 0, EAPMSCHAPV2MSGLIST_SIZE); zeiger->timestamp = eaptimestamp; memcpy(zeiger->ap, macto, 6); memcpy(zeiger->client, macfm, 6); zeiger->type = EAP_CODE_RESP; zeiger->id = eapmschapv2->id; memcpy(zeiger->mschapv2response, eapmschapv2->mschapv2data, eapmschapv2->mschapv2valuesize); mschapv2usernamelen = restlen -EAPMSCHAPV2_SIZE -eapmschapv2->mschapv2valuesize; if(mschapv2usernamelen == 0) return; if(mschapv2usernamelen > MSCHAPV2USERNAME_LEN_MAX) return; if(EAPMSCHAPV2_SIZE +MSCHAPV2REQ_LEN_MAX +mschapv2usernamelen > restlen) return; mschapv2usernameptr = eapmschapv2ptr +EAPMSCHAPV2_SIZE +eapmschapv2->mschapv2valuesize; zeiger->mschapv2usernamelen = mschapv2usernamelen; memcpy(zeiger->mschapv2username, mschapv2usernameptr, mschapv2usernamelen); if(fh_username != 0) { fwritestring(mschapv2usernamelen, mschapv2usernameptr, fh_username); usernamecount++; } for(zeiger = eapmschapv2msglist; zeiger < eapmschapv2msglist +EAPMSCHAPV2MSGLIST_MAX; zeiger++) { if((zeiger->type) != EAP_CODE_REQ) continue; if((zeiger->id) != eapmschapv2->id) continue; if(memcmp(zeiger->ap, macto, 6) != 0) continue; if(memcmp(zeiger->client, macfm, 6) != 0) continue; zeiger->mschapv2usernamelen = mschapv2usernamelen; memcpy(zeiger->mschapv2username, mschapv2usernameptr, mschapv2usernamelen); addeapmschapv2hash(eapmschapv2->id, zeiger->mschapv2usernamelen, zeiger->mschapv2username, zeiger->mschapv2request, eapmschapv2->mschapv2data); } qsort(eapmschapv2msglist, EAPMSCHAPV2MSGLIST_MAX +1, EAPMSCHAPV2MSGLIST_SIZE, sort_eapmschapv2msglist_by_timestamp); } return; } /*===========================================================================*/ static void outputeapleaphashlist(void) { static eapleaphashlist_t *zeiger, *zeigerold; zeiger = eapleaphashlist; zeigerold = eapleaphashlist; if(memcmp(&zeroed32, zeiger->leaprequest, LEAPREQ_LEN_MAX) == 0) return; qsort(eapleaphashlist, eapleaphashlistptr -eapleaphashlist, EAPLEAPHASHLIST_SIZE, sort_eapleaphashlist_by_id); if(fh_eapleap != NULL) { fprintf(fh_eapleap, "%.*s::::%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x%02x%02x\n", zeiger->leapusernamelen, zeiger->leapusername, zeiger->leapresponse[0], zeiger->leapresponse[1], zeiger->leapresponse[2], zeiger->leapresponse[3], zeiger->leapresponse[4], zeiger->leapresponse[5], zeiger->leapresponse[6], zeiger->leapresponse[7], zeiger->leapresponse[8], zeiger->leapresponse[9], zeiger->leapresponse[10], zeiger->leapresponse[11], zeiger->leapresponse[12], zeiger->leapresponse[13], zeiger->leapresponse[14], zeiger->leapresponse[15], zeiger->leapresponse[16], zeiger->leapresponse[17], zeiger->leapresponse[18], zeiger->leapresponse[19], zeiger->leapresponse[20], zeiger->leapresponse[21], zeiger->leapresponse[22], zeiger->leapresponse[23], zeiger->leaprequest[0], zeiger->leaprequest[1], zeiger->leaprequest[2], zeiger->leaprequest[3], zeiger->leaprequest[4], zeiger->leaprequest[5], zeiger->leaprequest[6], zeiger->leaprequest[7]); eapleapwrittencount++; } for(zeiger = eapleaphashlist +1; zeiger < eapleaphashlistptr; zeiger++) { if((zeigerold->id == zeiger->id) && (zeigerold->leapusernamelen == zeiger->leapusernamelen) && (memcmp(zeigerold->leapusername, zeiger->leapusername, zeiger->leapusernamelen) == 0) && (memcmp(zeigerold->leaprequest, zeiger->leaprequest, LEAPREQ_LEN_MAX) == 0) && (memcmp(zeigerold->leapresponse, zeiger->leapresponse, LEAPRESP_LEN_MAX) == 0)) continue; if(fh_eapleap != NULL) { fprintf(fh_eapleap, "%.*s::::%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x%02x%02x\n", zeiger->leapusernamelen, zeiger->leapusername, zeiger->leapresponse[0], zeiger->leapresponse[1], zeiger->leapresponse[2], zeiger->leapresponse[3], zeiger->leapresponse[4], zeiger->leapresponse[5], zeiger->leapresponse[6], zeiger->leapresponse[7], zeiger->leapresponse[8], zeiger->leapresponse[9], zeiger->leapresponse[10], zeiger->leapresponse[11], zeiger->leapresponse[12], zeiger->leapresponse[13], zeiger->leapresponse[14], zeiger->leapresponse[15], zeiger->leapresponse[16], zeiger->leapresponse[17], zeiger->leapresponse[18], zeiger->leapresponse[19], zeiger->leapresponse[20], zeiger->leapresponse[21], zeiger->leapresponse[22], zeiger->leapresponse[23], zeiger->leaprequest[0], zeiger->leaprequest[1], zeiger->leaprequest[2], zeiger->leaprequest[3], zeiger->leaprequest[4], zeiger->leaprequest[5], zeiger->leaprequest[6], zeiger->leaprequest[7]); eapleapwrittencount++; } zeigerold = zeiger; } return; } /*===========================================================================*/ static void addeapleaphash(uint8_t id, uint8_t leapusernamelen, uint8_t *leapusername, uint8_t *leaprequest, uint8_t *leapresponse) { static eapleaphashlist_t *eapleaphashlistnew; eapleaphashcount++; if(eapleaphashlistptr >= eapleaphashlist +eapleaphashlistmax) { eapleaphashlistnew = (eapleaphashlist_t*)realloc(eapleaphashlist, (eapleaphashlistmax +EAPLEAPHASHLIST_MAX) *EAPLEAPHASHLIST_SIZE); if(eapleaphashlistnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } eapleaphashlist = eapleaphashlistnew; eapleaphashlistptr = eapleaphashlistnew +eapleaphashlistmax; eapleaphashlistmax += EAPLEAPHASHLIST_MAX; } memset(eapleaphashlistptr, 0, EAPLEAPHASHLIST_SIZE); eapleaphashlistptr->id = id; memcpy(eapleaphashlistptr->leaprequest, leaprequest, LEAPREQ_LEN_MAX); memcpy(eapleaphashlistptr->leapresponse, leapresponse, LEAPRESP_LEN_MAX); eapleaphashlistptr->leapusernamelen = leapusernamelen; memcpy(eapleaphashlistptr->leapusername, leapusername, leapusernamelen); eapleaphashlistptr++; return; } /*===========================================================================*/ static void processexteapleap(uint64_t eaptimestamp, uint8_t *macto, uint8_t *macfm, uint8_t eapcode, uint32_t restlen, uint8_t *eapleapptr) { static eapleap_t *eapleap; static uint32_t eapleaplen; static eapleapmsglist_t *zeiger; static uint32_t leapusernamelen; static uint8_t *leapusernameptr; eapleapcount++; eapleap = (eapleap_t*)eapleapptr; eapleaplen = ntohs(eapleap->eapleaplen); if(eapleaplen > restlen) return; if(eapleap->version != 1) return; if(eapleap->reserved != 0) return; if(eapcode == EAP_CODE_REQ) { zeiger = eapleapmsglist +EAPLEAPMSGLIST_MAX; if(eapleap->leaplen != LEAPREQ_LEN_MAX) return; if(eapleap->leaplen > eapleaplen -EAPLEAP_SIZE) return; if(eapleap->leaplen == eapleaplen -EAPLEAP_SIZE) return; if(memcmp(&zeroed32, eapleap->leapdata, LEAPREQ_LEN_MAX) == 0) return; memset(zeiger, 0, EAPLEAPMSGLIST_SIZE); zeiger->timestamp = eaptimestamp; memcpy(zeiger->ap, macfm, 6); memcpy(zeiger->client, macto, 6); zeiger->type = EAP_CODE_REQ; zeiger->id = eapleap->id; memcpy(zeiger->leaprequest, eapleap->leapdata, LEAPREQ_LEN_MAX); leapusernamelen = eapleaplen -EAPLEAP_SIZE -LEAPREQ_LEN_MAX; if(leapusernamelen == 0) return; if(leapusernamelen > LEAPUSERNAME_LEN_MAX) return; if(EAPLEAP_SIZE +LEAPREQ_LEN_MAX +leapusernamelen > restlen) return; leapusernameptr = eapleapptr +EAPLEAP_SIZE +LEAPREQ_LEN_MAX; zeiger->leapusernamelen = leapusernamelen; memcpy(zeiger->leapusername, leapusernameptr, leapusernamelen); if(fh_username != 0) { fwritestring(leapusernamelen, leapusernameptr, fh_username); usernamecount++; } qsort(eapleapmsglist, EAPLEAPMSGLIST_MAX +1, EAPLEAPMSGLIST_SIZE, sort_eapleapmsglist_by_timestamp); } else if(eapcode == EAP_CODE_RESP) { zeiger = eapleapmsglist +EAPLEAPMSGLIST_MAX; if(eapleap->leaplen != LEAPRESP_LEN_MAX) return; if(eapleap->leaplen > eapleaplen -EAPLEAP_SIZE) return; if(memcmp(&zeroed32, eapleap->leapdata, LEAPRESP_LEN_MAX) == 0) return; memset(zeiger, 0, EAPLEAPMSGLIST_SIZE); zeiger->timestamp = eaptimestamp; memcpy(zeiger->ap, macto, 6); memcpy(zeiger->client, macfm, 6); zeiger->type = EAP_CODE_RESP; zeiger->id = eapleap->id; memcpy(zeiger->leapresponse, eapleap->leapdata, LEAPRESP_LEN_MAX); for(zeiger = eapleapmsglist; zeiger < eapleapmsglist +EAPLEAPMSGLIST_MAX; zeiger++) { if((zeiger->type) != EAP_CODE_REQ) continue; if((zeiger->id) != eapleap->id) continue; if(memcmp(zeiger->ap, macto, 6) != 0) continue; if(memcmp(zeiger->client, macfm, 6) != 0) continue; addeapleaphash(eapleap->id, zeiger->leapusernamelen, zeiger->leapusername, zeiger->leaprequest, eapleap->leapdata); } qsort(eapleapmsglist, EAPLEAPMSGLIST_MAX +1, EAPLEAPMSGLIST_SIZE, sort_eapleapmsglist_by_timestamp); } return; } /*===========================================================================*/ static void outputeapmd5hashlist(void) { static eapmd5hashlist_t *zeiger, *zeigerold; zeiger = eapmd5hashlist; zeigerold = eapmd5hashlist; if(memcmp(&zeroed32, zeiger->md5request, EAPMD5_LEN_MAX) == 0) return; qsort(eapmd5hashlist, eapmd5hashlistptr -eapmd5hashlist, EAPMD5HASHLIST_SIZE, sort_eapmd5hashlist_by_id); if(fh_eapmd5 != 0) { fprintf(fh_eapmd5, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x:%02x\n", zeiger->md5response[0], zeiger->md5response[1], zeiger->md5response[2], zeiger->md5response[3], zeiger->md5response[4], zeiger->md5response[5], zeiger->md5response[6], zeiger->md5response[7], zeiger->md5response[8], zeiger->md5response[9], zeiger->md5response[10], zeiger->md5response[11], zeiger->md5response[12], zeiger->md5response[13], zeiger->md5response[14], zeiger->md5response[15], zeiger->md5request[0], zeiger->md5request[1], zeiger->md5request[2], zeiger->md5request[3], zeiger->md5request[4], zeiger->md5request[5], zeiger->md5request[6], zeiger->md5request[7], zeiger->md5request[8], zeiger->md5request[9], zeiger->md5request[10], zeiger->md5request[11], zeiger->md5request[12], zeiger->md5request[13], zeiger->md5request[14], zeiger->md5request[15], zeiger->id); eapmd5writtencount++; } if(fh_eapmd5john != 0) { fprintf(fh_eapmd5john, "$chap$%x*%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n", zeiger->id, zeiger->md5request[0], zeiger->md5request[1], zeiger->md5request[2], zeiger->md5request[3], zeiger->md5request[4], zeiger->md5request[5], zeiger->md5request[6], zeiger->md5request[7], zeiger->md5request[8], zeiger->md5request[9], zeiger->md5request[10], zeiger->md5request[11], zeiger->md5request[12], zeiger->md5request[13], zeiger->md5request[14], zeiger->md5request[15], zeiger->md5response[0], zeiger->md5response[1], zeiger->md5response[2], zeiger->md5response[3], zeiger->md5response[4], zeiger->md5response[5], zeiger->md5response[6], zeiger->md5response[7], zeiger->md5response[8], zeiger->md5response[9], zeiger->md5response[10], zeiger->md5response[11], zeiger->md5response[12], zeiger->md5response[13], zeiger->md5response[14], zeiger->md5response[15]); eapmd5johnwrittencount++; } for(zeiger = eapmd5hashlist +1; zeiger < eapmd5hashlistptr; zeiger++) { if((zeigerold->id == zeiger->id) && (memcmp(zeigerold->md5request, zeiger->md5request, EAPMD5_LEN_MAX) == 0) && (memcmp(zeigerold->md5response, zeiger->md5response, EAPMD5_LEN_MAX) == 0)) continue; if(fh_eapmd5 != 0) { fprintf(fh_eapmd5, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x:%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x:%02x\n", zeiger->md5response[0], zeiger->md5response[1], zeiger->md5response[2], zeiger->md5response[3], zeiger->md5response[4], zeiger->md5response[5], zeiger->md5response[6], zeiger->md5response[7], zeiger->md5response[8], zeiger->md5response[9], zeiger->md5response[10], zeiger->md5response[11], zeiger->md5response[12], zeiger->md5response[13], zeiger->md5response[14], zeiger->md5response[15], zeiger->md5request[0], zeiger->md5request[1], zeiger->md5request[2], zeiger->md5request[3], zeiger->md5request[4], zeiger->md5request[5], zeiger->md5request[6], zeiger->md5request[7], zeiger->md5request[8], zeiger->md5request[9], zeiger->md5request[10], zeiger->md5request[11], zeiger->md5request[12], zeiger->md5request[13], zeiger->md5request[14], zeiger->md5request[15], zeiger->id); eapmd5writtencount++; } if(fh_eapmd5john != 0) { fprintf(fh_eapmd5john, "$chap$%x*%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n", zeiger->id, zeiger->md5request[0], zeiger->md5request[1], zeiger->md5request[2], zeiger->md5request[3], zeiger->md5request[4], zeiger->md5request[5], zeiger->md5request[6], zeiger->md5request[7], zeiger->md5request[8], zeiger->md5request[9], zeiger->md5request[10], zeiger->md5request[11], zeiger->md5request[12], zeiger->md5request[13], zeiger->md5request[14], zeiger->md5request[15], zeiger->md5response[0], zeiger->md5response[1], zeiger->md5response[2], zeiger->md5response[3], zeiger->md5response[4], zeiger->md5response[5], zeiger->md5response[6], zeiger->md5response[7], zeiger->md5response[8], zeiger->md5response[9], zeiger->md5response[10], zeiger->md5response[11], zeiger->md5response[12], zeiger->md5response[13], zeiger->md5response[14], zeiger->md5response[15]); eapmd5johnwrittencount++; } zeigerold = zeiger; } return; } /*===========================================================================*/ static void addeapmd5hash(uint8_t id, uint8_t *challenge, uint8_t *response) { static eapmd5hashlist_t *eapmd5hashlistnew; eapmd5hashcount++; if(eapmd5hashlistptr >= eapmd5hashlist +eapmd5hashlistmax) { eapmd5hashlistnew = (eapmd5hashlist_t*)realloc(eapmd5hashlist, (eapmd5hashlistmax +EAPMD5HASHLIST_MAX) *EAPMD5HASHLIST_SIZE); if(eapmd5hashlistnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } eapmd5hashlist = eapmd5hashlistnew; eapmd5hashlistptr = eapmd5hashlistnew +eapmd5hashlistmax; eapmd5hashlistmax += EAPMD5HASHLIST_MAX; } memset(eapmd5hashlistptr, 0, EAPMD5HASHLIST_SIZE); eapmd5hashlistptr->id = id; memcpy(eapmd5hashlistptr->md5request, challenge, EAPMD5_LEN_MAX); memcpy(eapmd5hashlistptr->md5response, response, EAPMD5_LEN_MAX); eapmd5hashlistptr++; return; } /*===========================================================================*/ static void processexteapmd5(uint64_t eaptimestamp, uint8_t *macto, uint8_t *macfm, uint8_t eapcode, uint32_t restlen, uint8_t *eapmd5ptr) { static eapmd5_t *eapmd5; static uint32_t eapmd5len; static eapmd5msglist_t *zeiger; eapmd5count++; eapmd5 = (eapmd5_t*)eapmd5ptr; eapmd5len = ntohs(eapmd5->eapmd5len); if(eapmd5len != restlen) return; if(eapmd5->md5len != EAPMD5_LEN_MAX) return; if(memcmp(&zeroed32, eapmd5->md5data, EAPMD5_LEN_MAX) == 0) return; if(eapcode == EAP_CODE_REQ) { zeiger = eapmd5msglist +EAPMD5MSGLIST_MAX; memset(zeiger, 0, EAPMD5MSGLIST_SIZE ); zeiger->timestamp = eaptimestamp; memcpy(zeiger->ap, macfm, 6); memcpy(zeiger->client, macto, 6); zeiger->type = EAP_CODE_REQ; zeiger->id = eapmd5->id; memcpy(zeiger->md5, eapmd5->md5data, EAPMD5_LEN_MAX); qsort(eapmd5msglist, EAPMD5MSGLIST_MAX +1, EAPMD5MSGLIST_SIZE, sort_eapmd5msglist_by_timestamp); } else if(eapcode == EAP_CODE_RESP) { zeiger = eapmd5msglist +EAPMD5MSGLIST_MAX; memset(zeiger, 0, EAPMD5MSGLIST_SIZE ); zeiger->timestamp = eaptimestamp; memcpy(zeiger->ap, macto, 6); memcpy(zeiger->client, macfm, 6); zeiger->type = EAP_CODE_RESP; zeiger->id = eapmd5->id; memcpy(zeiger->md5, eapmd5->md5data, EAPMD5_LEN_MAX); for(zeiger = eapmd5msglist; zeiger < eapmd5msglist +EAPMD5MSGLIST_MAX; zeiger++) { if((zeiger->type) != EAP_CODE_REQ) continue; if((zeiger->id) != eapmd5->id) continue; if(memcmp(zeiger->ap, macto, 6) != 0) continue; if(memcmp(zeiger->client, macfm, 6) != 0) continue; addeapmd5hash(eapmd5->id, zeiger->md5, eapmd5->md5data); } qsort(eapmd5msglist, EAPMD5MSGLIST_MAX +1, EAPMD5MSGLIST_SIZE, sort_eapmd5msglist_by_timestamp); } return; } /*===========================================================================*/ static void hccap2base(unsigned char *in, unsigned char b) { static const char itoa64[65] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; fprintf(fh_pmkideapoljtrdeprecated, "%c", (itoa64[in[0] >> 2])); fprintf(fh_pmkideapoljtrdeprecated, "%c", (itoa64[((in[0] & 0x03) << 4) | (in[1] >> 4)])); if(b) { fprintf(fh_pmkideapoljtrdeprecated, "%c", (itoa64[((in[1] & 0x0f) << 2) | (in[2] >> 6)])); fprintf(fh_pmkideapoljtrdeprecated, "%c", (itoa64[in[2] & 0x3f])); } else fprintf(fh_pmkideapoljtrdeprecated, "%c", (itoa64[((in[1] & 0x0f) << 2)])); return; } /*===========================================================================*/ static bool testfaultypmkid(uint8_t *faultypmkid) { static const uint8_t faultypmkid1[4] = { 0x00, 0x00, 0x6e, 0x00 }; if(memcmp(&faultypmkid1, faultypmkid, 4) == 0) { pmkidfaultycount++; return true; } return false; } /*===========================================================================*/ static bool testpmkid(uint8_t *testpmk, uint8_t *macsta, uint8_t *macap, uint8_t *pmkid) { static const char *pmkname = "PMK Name"; static uint8_t pmkidcalc[64]; memcpy(pmkidcalc, pmkname, 8); memcpy(&pmkidcalc[8], macap, 6); memcpy(&pmkidcalc[14], macsta, 6); if(!EVP_MAC_init(ctxhmac, testpmk, 32, paramssha1)) return false; if(!EVP_MAC_update(ctxhmac, pmkidcalc, 20)) return false; if(!EVP_MAC_final(ctxhmac, pmkidcalc, NULL, 20)) return false; if(memcmp(pmkid, pmkidcalc, 16) != 0) return false; return true; } /*===========================================================================*/ static bool testeapolpmk(uint8_t *testpmk, uint8_t keyver, uint8_t *macsta, uint8_t *macap, uint8_t *nonceap, uint8_t eapollen, uint8_t *eapolmessage) { static uint8_t *pkeptr; static wpakey_t *wpakzero, *wpak; static uint8_t pkedata[102]; static uint8_t eapoltmp[1024]; memset(eapoltmp, 0, sizeof(eapoltmp)); memcpy(eapoltmp, eapolmessage, eapollen); wpakzero = (wpakey_t*)(eapoltmp +EAPAUTH_SIZE); wpak = (wpakey_t*)(eapolmessage +EAPAUTH_SIZE); memset(wpakzero->keymic, 0, 16); if((keyver == 1) || (keyver == 2)) { memset(&pkedata, 0, sizeof(pkedata)); pkeptr = pkedata; memcpy(pkeptr, "Pairwise key expansion", 23); if(memcmp(macap, macsta, 6) < 0) { memcpy(pkeptr +23, macap, 6); memcpy(pkeptr +29, macsta, 6); } else { memcpy(pkeptr +23, macsta, 6); memcpy(pkeptr +29, macap, 6); } if(memcmp(nonceap, wpak->nonce, 32) < 0) { memcpy (pkeptr +35, nonceap, 32); memcpy (pkeptr +67, wpak->nonce, 32); } else { memcpy (pkeptr +35, wpak->nonce, 32); memcpy (pkeptr +67, nonceap, 32); } if(!EVP_MAC_init(ctxhmac, testpmk, 32, paramssha1)) return false; if(!EVP_MAC_update(ctxhmac, pkedata, 100)) return false; if(!EVP_MAC_final(ctxhmac, pkedata, NULL, 100)) return false; if(keyver == 2) { if(!EVP_MAC_init(ctxhmac, pkedata, 16, paramssha1)) return false; if(!EVP_MAC_update(ctxhmac, eapoltmp, eapollen)) return false; if(!EVP_MAC_final(ctxhmac, eapoltmp, NULL, eapollen)) return false; } if(keyver == 1) { if(!EVP_MAC_init(ctxhmac, pkedata, 16, paramsmd5)) return false; if(!EVP_MAC_update(ctxhmac, eapoltmp, eapollen)) return false; if(!EVP_MAC_final(ctxhmac, eapoltmp, NULL, eapollen)) return false; } } else if(keyver == 3) { memset(&pkedata, 0, sizeof(pkedata)); pkedata[0] = 1; pkedata[1] = 0; pkeptr = pkedata +2; memcpy(pkeptr, "Pairwise key expansion", 22); if(memcmp(macap, macsta, 6) < 0) { memcpy(pkeptr +22, macap, 6); memcpy(pkeptr +28, macsta, 6); } else { memcpy(pkeptr +22, macsta, 6); memcpy(pkeptr +28, macap, 6); } if(memcmp(nonceap, wpak->nonce, 32) < 0) { memcpy (pkeptr +34, nonceap, 32); memcpy (pkeptr +66, wpak->nonce, 32); } else { memcpy (pkeptr +34, wpak->nonce, 32); memcpy (pkeptr +66, nonceap, 32); } pkedata[100] = 0x80; pkedata[101] = 1; if(!EVP_MAC_init(ctxhmac, testpmk, 32, paramssha256)) return false; if(!EVP_MAC_update(ctxhmac, pkedata, 102)) return false; if(!EVP_MAC_final(ctxhmac, pkedata, NULL, 102)) return false; if(!EVP_MAC_init(ctxcmac, pkedata, 16, paramsaes128)) return false; if(!EVP_MAC_update(ctxcmac, eapoltmp, eapollen)) return false; if(!EVP_MAC_final(ctxcmac, eapoltmp, NULL, eapollen)) return false; } if(memcmp(wpak->keymic, eapoltmp, 16) == 0) return true; return false; } /*===========================================================================*/ static bool testzeroedpsk(uint8_t essidlen, uint8_t *essid) { if(PKCS5_PBKDF2_HMAC_SHA1(zeroedpsk, 8, essid, essidlen, 4096, 32, calculatedpmk) == 0) return false; return true; } /*===========================================================================*/ /* static void getnc(handshakelist_t *zeigerhsakt) { static handshakelist_t *zeigerhs, *zeigerhsold; zeigerhsold = zeigerhsakt; for(zeigerhs = zeigerhsakt; zeigerhs < handshakelistptr; zeigerhs++) { if(memcmp(zeigerhs->ap, zeigerhsold->ap, 6) != 0) return; { zeigerhsakt->status |= zeigerhs->status &0xe0; zeigerhsold->status |= zeigerhs->status &0xe0; } zeigerhsold = zeigerhs; } return; } */ /*===========================================================================*/ static handshakelist_t *gethandshake(maclist_t *zeigermac, handshakelist_t *zeigerhsakt) { static int p; static handshakelist_t *zeigerhs, *zeigerhsold; static wpakey_t *wpak, *wpaktemp; static int i; static unsigned char *hcpos; static uint8_t keyvertemp; static uint8_t eapoltemp[EAPOL_AUTHLEN_MAX]; static hccapx_t hccapx; static hccap_t hccap; static time_t tvhs; static char timestringhs[32]; zeigerhsold = NULL; for(zeigerhs = zeigerhsakt; zeigerhs < handshakelistptr; zeigerhs++) { tvhs = zeigerhs->timestamp /1000000000; strftime(timestringhs, 32, "%d.%m.%Y %H:%M:%S", localtime(&tvhs)); if(donotcleanflag == false) { if(memcmp(&mac_broadcast, zeigerhs->client, 6) == 0) continue; if(memcmp(&mac_broadcast, zeigerhs->ap, 6) == 0) continue; if(zeigerhsold != NULL) { if((memcmp(zeigerhs->ap, zeigerhsold->ap, 6) == 0) && (memcmp(zeigerhs->client, zeigerhsold->client, 6) == 0)) continue; } } if(memcmp(zeigermac->addr, zeigerhs->ap, 6) == 0) { eapolmpbestcount++; if((zeigerhs->status &ST_APLESS) == ST_APLESS) eapolaplesscount++; if((zeigerhs->status &7) == ST_M12E2) eapolm12e2count++; if((zeigerhs->status &7) == ST_M14E4) eapolm14e4count++; if((zeigerhs->status &7) == ST_M32E2) eapolm32e2count++; if((zeigerhs->status &7) == ST_M32E3) { zeigerhs->status = (zeigerhs->status & 0x07) + 0x10; eapolm32e3count++; } if((zeigerhs->status &7) == ST_M34E3) { zeigerhs->status = (zeigerhs->status & 0x07) + 0x10; eapolm34e3count++; } if((zeigerhs->status &7) == ST_M34E4) eapolm34e4count++; if((zeigerhs->status & ST_ENDIANESS) != 0) { zeigerhs->status |= 0x80; // zeigerhs->status &= ~(1 << 7); } if((ncvalue > 0) && ((zeigerhs->status & 0x10) == 0)) zeigerhs->status |= 0x80; wpak = (wpakey_t*)(zeigerhs->eapol +EAPAUTH_SIZE); keyvertemp = ntohs(wpak->keyinfo) & WPA_KEY_INFO_TYPE_MASK; memcpy(&eapoltemp, zeigerhs->eapol, zeigerhs->eapauthlen); wpaktemp = (wpakey_t*)(eapoltemp +EAPAUTH_SIZE); memset(wpaktemp->keymic, 0, 16); if(donotcleanflag == false) { if(testzeroedpsk(zeigermac->essidlen, zeigermac->essid) == true) { if(testeapolpmk(calculatedpmk, keyvertemp, zeigerhs->client, zeigerhs->ap, zeigerhs->anonce, zeigerhs->eapauthlen, zeigerhs->eapol) == true) { zeroedeapolpskcount++; eapolmpbestcount--; continue; } } } if(fh_pmkideapol != 0) { //WPA*TYPE*PMKID-ODER-MIC*MACAP*MACSTA*ESSID_HEX*ANONCE*EAPOL*MP fprintf(fh_pmkideapol, "WPA*%02d*%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x*", HCX_TYPE_EAPOL, wpak->keymic[0], wpak->keymic[1], wpak->keymic[2], wpak->keymic[3], wpak->keymic[4], wpak->keymic[5], wpak->keymic[6], wpak->keymic[7], wpak->keymic[8], wpak->keymic[9], wpak->keymic[10], wpak->keymic[11], wpak->keymic[12], wpak->keymic[13], wpak->keymic[14], wpak->keymic[15], zeigerhs->ap[0], zeigerhs->ap[1], zeigerhs->ap[2], zeigerhs->ap[3], zeigerhs->ap[4], zeigerhs->ap[5], zeigerhs->client[0], zeigerhs->client[1], zeigerhs->client[2], zeigerhs->client[3], zeigerhs->client[4], zeigerhs->client[5]); for(p = 0; p < zeigermac->essidlen; p++) fprintf(fh_pmkideapol, "%02x", zeigermac->essid[p]); fprintf(fh_pmkideapol, "*"); fprintf(fh_pmkideapol, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x*", zeigerhs->anonce[0], zeigerhs->anonce[1], zeigerhs->anonce[2], zeigerhs->anonce[3], zeigerhs->anonce[4], zeigerhs->anonce[5], zeigerhs->anonce[6], zeigerhs->anonce[7], zeigerhs->anonce[8], zeigerhs->anonce[9], zeigerhs->anonce[10], zeigerhs->anonce[11], zeigerhs->anonce[12], zeigerhs->anonce[13], zeigerhs->anonce[14], zeigerhs->anonce[15], zeigerhs->anonce[16], zeigerhs->anonce[17], zeigerhs->anonce[18], zeigerhs->anonce[19], zeigerhs->anonce[20], zeigerhs->anonce[21], zeigerhs->anonce[22], zeigerhs->anonce[23], zeigerhs->anonce[24], zeigerhs->anonce[25], zeigerhs->anonce[26], zeigerhs->anonce[27], zeigerhs->anonce[28], zeigerhs->anonce[29], zeigerhs->anonce[30], zeigerhs->anonce[31]); for(p = 0; p < zeigerhs->eapauthlen; p++) fprintf(fh_pmkideapol, "%02x", eapoltemp[p]); if(addtimestampflag == false) fprintf(fh_pmkideapol, "*%02x\n", zeigerhs->status); else fprintf(fh_pmkideapol, "*%02x\t%s\t%" PRIu64 "\n", zeigerhs->status, timestringhs, zeigerhs->timestampgap); if(zeigerhs->rcgap == 0) eapolwrittencount++; else eapolncwrittencount++; } if((fh_pmkideapoljtrdeprecated != 0) && (zeigerhs->rcgap == 0)) { memset (&hccap, 0, sizeof(hccap_t)); memcpy(&hccap.ap, zeigerhs->ap, 6); memcpy(&hccap.client, zeigerhs->client, 6); memcpy(&hccap.anonce, zeigerhs->anonce, 32); memcpy(&hccap.snonce, wpak->nonce, 32); memcpy(&hccap.keymic, &wpak->keymic, 16); hccap.keyver = keyvertemp; hccap.eapol_size = zeigerhs->eapauthlen; memcpy(&hccap.eapol, &eapoltemp, zeigerhs->eapauthlen); #ifdef BIG_ENDIAN_HOST hccap.eapol_size = byte_swap_16(hccap.eapol_size); #endif fprintf(fh_pmkideapoljtrdeprecated, "%.*s:$WPAPSK$%.*s#", zeigermac->essidlen, zeigermac->essid, zeigermac->essidlen, zeigermac->essid); hcpos = (unsigned char*)&hccap; for (i = 36; i + 3 < (int)HCCAP_SIZE; i += 3) hccap2base(&hcpos[i], 1); hccap2base(&hcpos[i], 0); fprintf(fh_pmkideapoljtrdeprecated, ":%02x-%02x-%02x-%02x-%02x-%02x:%02x-%02x-%02x-%02x-%02x-%02x:%02x%02x%02x%02x%02x%02x", zeigerhs->client[0], zeigerhs->client[1], zeigerhs->client[2], zeigerhs->client[3], zeigerhs->client[4], zeigerhs->client[5], zeigerhs->ap[0], zeigerhs->ap[1], zeigerhs->ap[2], zeigerhs->ap[3], zeigerhs->ap[4], zeigerhs->ap[5], zeigerhs->ap[0], zeigerhs->ap[1], zeigerhs->ap[2], zeigerhs->ap[3], zeigerhs->ap[4], zeigerhs->ap[5]); if(keyvertemp == 1) fprintf(fh_pmkideapoljtrdeprecated, "::WPA"); else fprintf(fh_pmkideapoljtrdeprecated, "::WPA2"); if((zeigerhs->status &0x7) == 0) fprintf(fh_pmkideapoljtrdeprecated, ":not verified"); else fprintf(fh_pmkideapoljtrdeprecated, ":verified"); fprintf(fh_pmkideapoljtrdeprecated, ":%s\n", basename(jtrbasenamedeprecated)); eapolwrittenjcountdeprecated++; } if(fh_hccapxdeprecated != 0) { memset (&hccapx, 0, sizeof(hccapx_t)); hccapx.signature = HCCAPX_SIGNATURE; hccapx.version = HCCAPX_VERSION; hccapx.message_pair = zeigerhs->status; hccapx.essid_len = zeigermac->essidlen; memcpy(&hccapx.essid, zeigermac->essid, zeigermac->essidlen); memcpy(&hccapx.ap, zeigerhs->ap, 6); memcpy(&hccapx.client, zeigerhs->client, 6); memcpy(&hccapx.anonce, zeigerhs->anonce, 32); memcpy(&hccapx.snonce, wpak->nonce, 32); hccapx.eapol_len = zeigerhs->eapauthlen; memcpy(&hccapx.eapol, &eapoltemp, zeigerhs->eapauthlen); hccapx.keyver = keyvertemp; memcpy(&hccapx.keymic, wpak->keymic, 16); #ifdef BIG_ENDIAN_HOST hccapx.signature = byte_swap_32(hccapx.signature); hccapx.version = byte_swap_32(hccapx.version); hccapx.eapol_len = byte_swap_16(hccapx.eapol_len); #endif fwrite (&hccapx, sizeof(hccapx_t), 1, fh_hccapxdeprecated); if(zeigerhs->rcgap == 0) eapolwrittenhcpxcountdeprecated++; else eapolncwrittenhcpxcountdeprecated++; } if((fh_hccapdeprecated != 0) && (zeigerhs->rcgap == 0)) { memset(&hccap, 0, sizeof(hccap_t)); memcpy(&hccap.essid, zeigermac->essid, zeigermac->essidlen); memcpy(&hccap.ap, zeigerhs->ap, 6); memcpy(&hccap.client, zeigerhs->client, 6); memcpy(&hccap.anonce, zeigerhs->anonce, 32); memcpy(&hccap.snonce, wpak->nonce, 32); memcpy(&hccap.keymic, wpak->keymic, 16); hccap.keyver = keyvertemp; hccap.eapol_size = zeigerhs->eapauthlen; memcpy(&hccap.eapol, &eapoltemp, zeigerhs->eapauthlen); #ifdef BIG_ENDIAN_HOST hccap.eapol_size = byte_swap_16(hccap.eapol_size); #endif fwrite(&hccap, HCCAP_SIZE, 1, fh_hccapdeprecated); eapolwrittenhcpcountdeprecated++; } } if(memcmp(zeigerhs->ap, zeigermac->addr, 6) > 0) { zeigerhsakt = zeigerhs; return zeigerhsakt; } zeigerhsold = zeigerhs; } return zeigerhsakt; } /*===========================================================================*/ static pmkidlist_t *getpmkid(maclist_t *zeigermac, pmkidlist_t *zeigerpmkidakt) { static int p; static pmkidlist_t *zeigerpmkid, *zeigerpmkidold; static time_t tvhs; static char timestringhs[32]; zeigerpmkidold = NULL; for(zeigerpmkid = zeigerpmkidakt; zeigerpmkid < pmkidlistptr; zeigerpmkid++) { tvhs = zeigerpmkid->timestamp /1000000000; strftime(timestringhs, 32, "%d.%m.%Y %H:%M:%S", localtime(&tvhs)); if(((zeigerpmkid->status &PMKID_APPSK256) == PMKID_APPSK256) && ((zeigermac->akm &TAK_PSKSHA256) != TAK_PSKSHA256)) { if(ignoreieflag == false) continue; } if(donotcleanflag == false) { if(memcmp(&mac_broadcast, zeigerpmkid->client, 6) == 0) continue; if(memcmp(&mac_broadcast, zeigerpmkid->ap, 6) == 0) continue; if(zeigerpmkidold != NULL) { if((memcmp(zeigerpmkid->ap, zeigerpmkidold->ap, 6) == 0) && (memcmp(zeigerpmkid->client, zeigerpmkidold->client, 6) == 0)) continue; } } if(memcmp(zeigermac->addr, zeigerpmkid->ap, 6) == 0) { if(donotcleanflag == false) { if(testzeroedpsk(zeigermac->essidlen, zeigermac->essid) == true) { if(testpmkid(calculatedpmk, zeigerpmkid->client, zeigerpmkid->ap, zeigerpmkid->pmkid) == true) { zeroedpmkidpskcount++; continue; } } } if(memcmp(&myaktclient, zeigerpmkid->client, 6) == 0) pmkidroguecount++; pmkidbestcount++; if(fh_pmkideapol != 0) { //WPA*TYPE*PMKID-ODER-MIC*MACAP*MACSTA*ESSID_HEX*ANONCE*EAPOL*MP fprintf(fh_pmkideapol, "WPA*%02d*%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x*", HCX_TYPE_PMKID, zeigerpmkid->pmkid[0], zeigerpmkid->pmkid[1], zeigerpmkid->pmkid[2], zeigerpmkid->pmkid[3], zeigerpmkid->pmkid[4], zeigerpmkid->pmkid[5], zeigerpmkid->pmkid[6], zeigerpmkid->pmkid[7], zeigerpmkid->pmkid[8], zeigerpmkid->pmkid[9], zeigerpmkid->pmkid[10], zeigerpmkid->pmkid[11], zeigerpmkid->pmkid[12], zeigerpmkid->pmkid[13], zeigerpmkid->pmkid[14], zeigerpmkid->pmkid[15], zeigerpmkid->ap[0], zeigerpmkid->ap[1], zeigerpmkid->ap[2], zeigerpmkid->ap[3], zeigerpmkid->ap[4], zeigerpmkid->ap[5], zeigerpmkid->client[0], zeigerpmkid->client[1], zeigerpmkid->client[2], zeigerpmkid->client[3], zeigerpmkid->client[4], zeigerpmkid->client[5]); for(p = 0; p < zeigermac->essidlen; p++) fprintf(fh_pmkideapol, "%02x", zeigermac->essid[p]); if(addtimestampflag == false) fprintf(fh_pmkideapol, "***%02x\n", zeigerpmkid->status); else fprintf(fh_pmkideapol, "***%02x\t%s\n", zeigerpmkid->status, timestringhs); pmkidwrittenhcount++; } if((fh_pmkideapolclient != 0) && ((zeigerpmkid->status & PMKID_CLIENT) == PMKID_CLIENT)) { //WPA*TYPE*PMKID-ODER-MIC*MACAP*MACSTA*ESSID_HEX*ANONCE*EAPOL*MP fprintf(fh_pmkideapolclient, "WPA*%02d*%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x*", HCX_TYPE_PMKID, zeigerpmkid->pmkid[0], zeigerpmkid->pmkid[1], zeigerpmkid->pmkid[2], zeigerpmkid->pmkid[3], zeigerpmkid->pmkid[4], zeigerpmkid->pmkid[5], zeigerpmkid->pmkid[6], zeigerpmkid->pmkid[7], zeigerpmkid->pmkid[8], zeigerpmkid->pmkid[9], zeigerpmkid->pmkid[10], zeigerpmkid->pmkid[11], zeigerpmkid->pmkid[12], zeigerpmkid->pmkid[13], zeigerpmkid->pmkid[14], zeigerpmkid->pmkid[15], zeigerpmkid->ap[0], zeigerpmkid->ap[1], zeigerpmkid->ap[2], zeigerpmkid->ap[3], zeigerpmkid->ap[4], zeigerpmkid->ap[5], zeigerpmkid->client[0], zeigerpmkid->client[1], zeigerpmkid->client[2], zeigerpmkid->client[3], zeigerpmkid->client[4], zeigerpmkid->client[5]); for(p = 0; p < zeigermac->essidlen; p++) fprintf(fh_pmkideapolclient, "%02x", zeigermac->essid[p]); if(addtimestampflag == false) fprintf(fh_pmkideapolclient, "***%02x\n", zeigerpmkid->status & PMKID_CLIENT); else fprintf(fh_pmkideapolclient, "***%02x\t%s\n", zeigerpmkid->status, timestringhs); pmkidclientwrittenhcount++; } if(fh_pmkideapoljtrdeprecated != 0) { fprintf(fh_pmkideapoljtrdeprecated, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x*", zeigerpmkid->pmkid[0], zeigerpmkid->pmkid[1], zeigerpmkid->pmkid[2], zeigerpmkid->pmkid[3], zeigerpmkid->pmkid[4], zeigerpmkid->pmkid[5], zeigerpmkid->pmkid[6], zeigerpmkid->pmkid[7], zeigerpmkid->pmkid[8], zeigerpmkid->pmkid[9], zeigerpmkid->pmkid[10], zeigerpmkid->pmkid[11], zeigerpmkid->pmkid[12], zeigerpmkid->pmkid[13], zeigerpmkid->pmkid[14], zeigerpmkid->pmkid[15], zeigerpmkid->ap[0], zeigerpmkid->ap[1], zeigerpmkid->ap[2], zeigerpmkid->ap[3], zeigerpmkid->ap[4], zeigerpmkid->ap[5], zeigerpmkid->client[0], zeigerpmkid->client[1], zeigerpmkid->client[2], zeigerpmkid->client[3], zeigerpmkid->client[4], zeigerpmkid->client[5]); for(p = 0; p < zeigermac->essidlen; p++) fprintf(fh_pmkideapoljtrdeprecated, "%02x", zeigermac->essid[p]); fprintf(fh_pmkideapoljtrdeprecated, "\n"); pmkidwrittenjcountdeprecated++; } if(fh_pmkiddeprecated != 0) { fprintf(fh_pmkiddeprecated, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x*%02x%02x%02x%02x%02x%02x*", zeigerpmkid->pmkid[0], zeigerpmkid->pmkid[1], zeigerpmkid->pmkid[2], zeigerpmkid->pmkid[3], zeigerpmkid->pmkid[4], zeigerpmkid->pmkid[5], zeigerpmkid->pmkid[6], zeigerpmkid->pmkid[7], zeigerpmkid->pmkid[8], zeigerpmkid->pmkid[9], zeigerpmkid->pmkid[10], zeigerpmkid->pmkid[11], zeigerpmkid->pmkid[12], zeigerpmkid->pmkid[13], zeigerpmkid->pmkid[14], zeigerpmkid->pmkid[15], zeigerpmkid->ap[0], zeigerpmkid->ap[1], zeigerpmkid->ap[2], zeigerpmkid->ap[3], zeigerpmkid->ap[4], zeigerpmkid->ap[5], zeigerpmkid->client[0], zeigerpmkid->client[1], zeigerpmkid->client[2], zeigerpmkid->client[3], zeigerpmkid->client[4], zeigerpmkid->client[5]); for(p = 0; p < zeigermac->essidlen; p++) fprintf(fh_pmkiddeprecated, "%02x", zeigermac->essid[p]); fprintf(fh_pmkiddeprecated, "\n"); pmkidwrittencountdeprecated++; } } if(memcmp(zeigerpmkid->ap, zeigermac->addr, 6) > 0) { zeigerpmkidakt = zeigerpmkid; return zeigerpmkidakt; } zeigerpmkidold = zeigerpmkid; } return zeigerpmkidakt; } /*===========================================================================*/ static void outputwpalists(void) { static maclist_t *zeigermac, *zeigermacold; static handshakelist_t *zeigerhsakt; static pmkidlist_t *zeigerpmkidakt; static int essiddupecount; qsort(aplist, aplistptr -aplist, MACLIST_SIZE, sort_maclist_by_mac_count); qsort(pmkidlist, pmkidlistptr -pmkidlist, PMKIDLIST_SIZE, sort_pmkidlist_by_mac); if(ncvalue == 0) qsort(handshakelist, handshakelistptr -handshakelist, HANDSHAKELIST_SIZE, sort_handshakelist_by_timegap); else qsort(handshakelist, handshakelistptr -handshakelist, HANDSHAKELIST_SIZE, sort_handshakelist_by_rcgap); zeigerhsakt = handshakelist; zeigerpmkidakt = pmkidlist; zeigermacold = aplist; if((zeigermacold->type & AP) == AP) { if(zeigermacold->essidlen != 0) { if(ignoreieflag == true) { zeigerpmkidakt = getpmkid(zeigermacold, zeigerpmkidakt); zeigerhsakt = gethandshake(zeigermacold, zeigerhsakt); } else { if(((zeigermacold->akm &TAK_PSK) == TAK_PSK) || ((zeigermacold->akm &TAK_PSKSHA256) == TAK_PSKSHA256)) { zeigerpmkidakt = getpmkid(zeigermacold, zeigerpmkidakt); zeigerhsakt = gethandshake(zeigermacold, zeigerhsakt); } } } } essiddupecount = 0; for(zeigermac = aplist +1; zeigermac < aplistptr; zeigermac++) { if(zeigermac->essidlen == 0) continue; if((zeigermac->type & AP) != AP) { essiddupecount = 0; continue; } if((zeigermacold->type & AP) == AP) { if(memcmp(zeigermacold->addr, zeigermac->addr, 6) == 0) { essiddupecount++; if(essiddupecount >= essiddupemax) essiddupemax = essiddupecount; if(essiddupecount >= essidsvalue) continue; } else essiddupecount = 0; } if(ignoreieflag == true) { zeigerpmkidakt = getpmkid(zeigermac, zeigerpmkidakt); zeigerhsakt = gethandshake(zeigermac, zeigerhsakt); } else { if(((zeigermac->akm &TAK_PSK) == TAK_PSK) || ((zeigermac->akm &TAK_PSKSHA256) == TAK_PSKSHA256)) { zeigerpmkidakt = getpmkid(zeigermac, zeigerpmkidakt); zeigerhsakt = gethandshake(zeigermac, zeigerhsakt); } } zeigermacold = zeigermac; } return; } /*===========================================================================*/ static void cleanupmac(void) { static maclist_t *zeiger; static maclist_t *zeigerold; if(aplistptr == aplist) return; qsort(aplist, aplistptr -aplist, MACLIST_SIZE, sort_maclist_by_mac); zeigerold = aplist; for(zeiger = aplist +1; zeiger < aplistptr; zeiger++) { if(memcmp(zeigerold->addr, zeiger->addr, 6) == 0) { if(zeigerold->essidlen == zeiger->essidlen) { if(memcmp(zeigerold->essid, zeiger->essid, zeigerold->essidlen) == 0) { zeigerold->timestamp = zeiger->timestamp; zeigerold->type |= zeiger->type; zeigerold->status |= zeiger->status; zeigerold->count += 1; zeigerold->groupcipher |= zeiger->groupcipher; zeigerold->cipher |= zeiger->cipher; zeigerold->akm |= zeiger->akm; if(zeigerold->manufacturerlen == 0) { memcpy(zeigerold->manufacturer, zeiger->manufacturer, zeiger->manufacturerlen); zeigerold->manufacturerlen = zeiger->manufacturerlen; } if(zeigerold->modellen == 0) { memcpy(zeigerold->model, zeiger->model, zeiger->modellen); zeigerold->modellen = zeiger->modellen; } if(zeigerold->serialnumberlen == 0) { memcpy(zeigerold->serialnumber, zeiger->serialnumber, zeiger->serialnumberlen); zeigerold->serialnumberlen = zeiger->serialnumberlen; } if(zeigerold->devicenamelen == 0) { memcpy(zeigerold->devicename, zeiger->devicename, zeiger->devicenamelen); zeigerold->devicenamelen = zeiger->devicenamelen; } if(zeigerold->enrolleelen == 0) { memcpy(zeigerold->enrollee, zeiger->enrollee, zeiger->enrolleelen); zeigerold->enrolleelen = zeiger->enrolleelen; } zeiger->type = REMOVED; continue; } } } zeigerold = zeiger; } return; } /*===========================================================================*/ static bool cleanbackhandshake(void) { static int c; static handshakelist_t *zeiger; return false; if(donotcleanflag == true) return false; for(c = 0; c < 20; c ++) { zeiger--; if(zeiger < handshakelist) return false; if(memcmp(zeiger->ap, handshakelistptr->ap, 6) != 0) continue; if(memcmp(zeiger->client, handshakelistptr->client, 6) != 0) continue; if(memcmp(zeiger->anonce, handshakelistptr->anonce, 32) != 0) continue; if(zeiger->eapauthlen != handshakelistptr->eapauthlen) continue; if(memcmp(zeiger->eapol, handshakelistptr->eapol, handshakelistptr->eapauthlen) != 0) continue; if(zeiger->timestampgap > handshakelistptr->timestampgap) zeiger->timestampgap = handshakelistptr->timestampgap; if(zeiger->rcgap > handshakelistptr->rcgap) zeiger->rcgap = (zeiger->rcgap &0xe0) | handshakelistptr->rcgap; if(zeiger->status < handshakelistptr->status) zeiger->status = handshakelistptr->status; zeiger->messageap |= handshakelistptr->messageap; zeiger->messageclient |= handshakelistptr->messageclient; zeiger->timestamp |= handshakelistptr->timestamp; return true; } return false; } /*===========================================================================*/ static void addhandshake(uint64_t eaptimegap, uint64_t rcgap, messagelist_t *msgclient, messagelist_t *msgap, uint8_t keyver, uint8_t mpfield) { static handshakelist_t *handshakelistnew; static messagelist_t *zeiger; eapolmpcount++; if((mpfield &ST_APLESS) != ST_APLESS) { for(zeiger = messagelist; zeiger < messagelist +MESSAGELIST_MAX; zeiger++) { if((zeiger->status &ST_APLESS) != ST_APLESS) { if(memcmp(msgap->ap, zeiger->ap, 6) == 0) mpfield |= zeiger->status & 0xe0; } } } if(msgap->timestamp == msgclient->timestamp) eapolmsgtimestamperrorcount++; if(testeapolpmk(zeroedpmk, keyver, msgclient->client, msgap->ap, msgap->nonce, msgclient->eapauthlen, msgclient->eapol) == false) { if(handshakelistptr >= handshakelist +handshakelistmax) { handshakelistnew = (handshakelist_t*)realloc(handshakelist, (handshakelistmax +HANDSHAKELIST_MAX) *HANDSHAKELIST_SIZE); if(handshakelistnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } handshakelist = handshakelistnew; handshakelistptr = handshakelistnew +handshakelistmax; handshakelistmax += HANDSHAKELIST_MAX; } memset(handshakelistptr, 0, HANDSHAKELIST_SIZE); handshakelistptr->timestampgap = eaptimegap; handshakelistptr->status = mpfield; handshakelistptr->rcgap = rcgap; if(handshakelistptr->rcgap > 0) { if((handshakelistptr->status & ST_ENDIANESS) == 0) handshakelistptr->status |= ST_NC; } handshakelistptr->messageap = msgap->message; handshakelistptr->messageclient = msgclient->message; memcpy(handshakelistptr->ap, msgap->ap, 6); memcpy(handshakelistptr->client, msgclient->client, 6); memcpy(handshakelistptr->pmkid, msgap->pmkid, 32); if((msgap->eapauthlen != 0) && (((mpfield &ST_M32E3) == ST_M32E3) || ((mpfield &ST_M34E3) == ST_M34E3))) { memcpy(handshakelistptr->anonce, msgclient->nonce, 32); handshakelistptr->eapauthlen = msgap->eapauthlen; memcpy(handshakelistptr->eapol, msgap->eapol, msgap->eapauthlen); } else { memcpy(handshakelistptr->anonce, msgap->nonce, 32); handshakelistptr->eapauthlen = msgclient->eapauthlen; memcpy(handshakelistptr->eapol, msgclient->eapol, msgclient->eapauthlen); } handshakelistptr->timestamp = msgclient->timestamp; if(cleanbackhandshake() == false) handshakelistptr++; } else { zeroedeapolpmkcount++; if(donotcleanflag == true) { if(handshakelistptr >= handshakelist +handshakelistmax) { handshakelistnew = (handshakelist_t*)realloc(handshakelist, (handshakelistmax +HANDSHAKELIST_MAX) *HANDSHAKELIST_SIZE); if(handshakelistnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } handshakelist = handshakelistnew; handshakelistptr = handshakelistnew +handshakelistmax; handshakelistmax += HANDSHAKELIST_MAX; } memset(handshakelistptr, 0, HANDSHAKELIST_SIZE); handshakelistptr->timestampgap = eaptimegap; handshakelistptr->status = mpfield; handshakelistptr->rcgap = rcgap; if(handshakelistptr->rcgap > 0) { if((handshakelistptr->status & ST_ENDIANESS) == 0) handshakelistptr->status |= ST_NC; } handshakelistptr->messageap = msgap->message; handshakelistptr->messageclient = msgclient->message; memcpy(handshakelistptr->ap, msgap->ap, 6); memcpy(handshakelistptr->client, msgclient->client, 6); memcpy(handshakelistptr->anonce, msgap->nonce, 32); memcpy(handshakelistptr->pmkid, msgap->pmkid, 32); if(mpfield != ST_M32E3) { memcpy(handshakelistptr->anonce, msgap->nonce, 32); handshakelistptr->eapauthlen = msgclient->eapauthlen; memcpy(handshakelistptr->eapol, msgclient->eapol, msgclient->eapauthlen); } else if(msgap->eapauthlen != 0) { memcpy(handshakelistptr->anonce, msgclient->nonce, 32); handshakelistptr->eapauthlen = msgap->eapauthlen; memcpy(handshakelistptr->eapol, msgap->eapol, msgap->eapauthlen); } handshakelistptr->timestamp = msgclient->timestamp; if(cleanbackhandshake() == false) handshakelistptr++; } } return; } /*===========================================================================*/ static bool cleanbackpmkid(void) { static int c; static pmkidlist_t *zeiger; if(donotcleanflag == true) return false; zeiger = pmkidlistptr; for(c = 0; c < 20; c ++) { zeiger--; if(zeiger < pmkidlist) return false; if(memcmp(zeiger->ap, pmkidlistptr->ap, 6) != 0) continue; if(memcmp(zeiger->client, pmkidlistptr->client, 6) != 0) continue; if(memcmp(zeiger->pmkid, pmkidlistptr->pmkid, 16) != 0) continue; zeiger->status |= pmkidlistptr->status; return true; } return false; } /*===========================================================================*/ static void addpmkid(uint64_t timestamp, uint8_t *macclient, uint8_t *macap, uint8_t *pmkid, uint8_t pmkidstatus) { static pmkidlist_t *pmkidlistnew; pmkidcount++; if((pmkidstatus & PMKID_CLIENT) == PMKID_CLIENT) { if(testfaultypmkid(pmkid) == true) return; } if(testpmkid(zeroedpmk, macclient, macap, pmkid) == false) { if(pmkidlistptr >= pmkidlist +pmkidlistmax) { pmkidlistnew = (pmkidlist_t*)realloc(pmkidlist, (pmkidlistmax +PMKIDLIST_MAX) *PMKIDLIST_SIZE); if(pmkidlistnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } pmkidlist = pmkidlistnew; pmkidlistptr = pmkidlistnew +pmkidlistmax; pmkidlistmax += PMKIDLIST_MAX; } memset(pmkidlistptr, 0, PMKIDLIST_SIZE); memcpy(pmkidlistptr->ap, macap, 6); memcpy(pmkidlistptr->client, macclient, 6); memcpy(pmkidlistptr->pmkid, pmkid, 16); pmkidlistptr->timestamp = timestamp; pmkidlistptr->status |= pmkidstatus; if(cleanbackpmkid() == false) pmkidlistptr++; } else { zeroedpmkidpmkcount++; if(donotcleanflag == true) { if(pmkidlistptr >= pmkidlist +pmkidlistmax) { pmkidlistnew = (pmkidlist_t*)realloc(pmkidlist, (pmkidlistmax +PMKIDLIST_MAX) *PMKIDLIST_SIZE); if(pmkidlistnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } pmkidlist = pmkidlistnew; pmkidlistptr = pmkidlistnew +maclistmax; pmkidlistmax += PMKIDLIST_MAX; } memset(pmkidlistptr, 0, PMKIDLIST_SIZE); memcpy(pmkidlistptr->ap, macap, 6); memcpy(pmkidlistptr->client, macclient, 6); memcpy(pmkidlistptr->pmkid, pmkid, 16); pmkidlistptr->status |= pmkidstatus; if(cleanbackpmkid() == false) pmkidlistptr++; } } return; } /*===========================================================================*/ static void process80211exteap(uint64_t eaptimestamp, uint8_t *macto, uint8_t *macfm, uint32_t restlen, uint8_t *eapptr) { static eapauth_t *eapauth; static uint32_t authlen; static exteap_t *exteap; static uint32_t exteaplen; static uint32_t idstrlen; eapcount++; if(restlen < (int)EAPAUTH_SIZE) return; eapauth = (eapauth_t*)eapptr; authlen = ntohs(eapauth->len); if(authlen > restlen) return; exteap = (exteap_t*)(eapptr +EAPAUTH_SIZE); exteaplen = ntohs(exteap->len); if(exteaplen > authlen) return; idstrlen = exteaplen -EXTEAP_SIZE; if(exteap->type == EAP_TYPE_SIM) eapsimcount++; else if(exteap->type == EAP_TYPE_AKA) eapakacount++; else if(exteap->type == EAP_TYPE_PEAP) eappeapcount++; else if(exteap->type == EAP_TYPE_TLS) eaptlscount++; else if(exteap->type == EAP_TYPE_EXPAND) eapexpandedcount++; else if(exteap->type == EAP_TYPE_MD5) processexteapmd5(eaptimestamp, macto, macfm, exteap->code, exteaplen, eapptr +EAPAUTH_SIZE); else if(exteap->type == EAP_TYPE_LEAP) processexteapleap(eaptimestamp, macto, macfm, exteap->code, exteaplen, eapptr +EAPAUTH_SIZE); else if(exteap->type == EAP_TYPE_MSEAP) processexteapmschapv2(eaptimestamp, macto, macfm, exteap->code, exteaplen, eapptr +EAPAUTH_SIZE); if(exteap->code == EAP_CODE_REQ) { eapcodereqcount++; if(exteap->type == EAP_TYPE_ID) { if(idstrlen > 1) { if(eapptr[EAPAUTH_SIZE +EXTEAP_SIZE] != 0) { identitycount++; if(fh_identity != NULL) fwritestring(idstrlen, &eapptr[EAPAUTH_SIZE +EXTEAP_SIZE], fh_identity); } else if(eapptr[EAPAUTH_SIZE +EXTEAP_SIZE +1] != 0) { identitycount++; if(fh_identity != NULL) fwritestring(idstrlen -1, &eapptr[EAPAUTH_SIZE +EXTEAP_SIZE +1], fh_identity); } } eapidcount++; } } else if(exteap->code == EAP_CODE_RESP) { eapcoderespcount++; if(exteap->type == EAP_TYPE_ID) { if(idstrlen > 1) { if(eapptr[EAPAUTH_SIZE +EXTEAP_SIZE] != 0) { identitycount++; if(fh_identity != NULL) fwritestring(idstrlen, &eapptr[EAPAUTH_SIZE +EXTEAP_SIZE], fh_identity); } else if(eapptr[EAPAUTH_SIZE +EXTEAP_SIZE +1] != 0) { identitycount++; if(fh_identity != NULL) fwritestring(idstrlen -1, &eapptr[EAPAUTH_SIZE +EXTEAP_SIZE +1], fh_identity); } } eapidcount++; } } return; } /*===========================================================================*/ static bool gettagwps(int wpslen, uint8_t *tagptr, tags_t *zeiger) { static wpsie_t *wpsptr; wpslen -= WPSVENDOR_SIZE; tagptr += WPSVENDOR_SIZE; if(wpslen < (int)WPSIE_SIZE) return true; zeiger->wpsinfo = 1; wpsptr = (wpsie_t*)tagptr; if(ntohs(wpsptr->type) != WPS_VERSION) return true; if(ntohs(wpsptr->len) != 1) return true; if(wpsptr->data[0] != 0x10) return true; tagptr += ntohs(wpsptr->len) +WPSIE_SIZE; wpslen -= ntohs(wpsptr->len) +WPSIE_SIZE; while(0 < wpslen) { wpsptr = (wpsie_t*)tagptr; if((ntohs(wpsptr->type) == WPS_MANUFACTURER) && (ntohs(wpsptr->len) > 0) && (ntohs(wpsptr->len) < DEVICE_INFO_MAX)) { zeiger->manufacturerlen = ntohs(wpsptr->len); memcpy(zeiger->manufacturer, wpsptr->data, zeiger->manufacturerlen); } else if((ntohs(wpsptr->type) == WPS_MODELNAME) && (ntohs(wpsptr->len) > 0) && (ntohs(wpsptr->len) < DEVICE_INFO_MAX)) { zeiger->modellen = ntohs(wpsptr->len); memcpy(zeiger->model, wpsptr->data, zeiger->modellen); } else if((ntohs(wpsptr->type) == WPS_SERIALNUMBER) && (ntohs(wpsptr->len) > 0) && (ntohs(wpsptr->len) < DEVICE_INFO_MAX)) { zeiger->serialnumberlen = ntohs(wpsptr->len); memcpy(zeiger->serialnumber, wpsptr->data, zeiger->serialnumberlen); } else if((ntohs(wpsptr->type) == WPS_DEVICENAME) && (ntohs(wpsptr->len) > 0) && (ntohs(wpsptr->len) < DEVICE_INFO_MAX)) { zeiger->devicenamelen = ntohs(wpsptr->len); memcpy(zeiger->devicename, wpsptr->data, zeiger->devicenamelen); } else if((ntohs(wpsptr->type) == WPS_UUIDE) && (ntohs(wpsptr->len) == WPS_ENROLLEE_LEN)) { zeiger->enrolleelen = ntohs(wpsptr->len); memcpy(zeiger->enrollee, wpsptr->data, zeiger->enrolleelen); } tagptr += ntohs(wpsptr->len) +WPSIE_SIZE; wpslen -= ntohs(wpsptr->len) +WPSIE_SIZE; } if(wpslen != 0) return false; return true; } /*===========================================================================*/ static bool gettagwpa(int wpalen, uint8_t *ieptr, tags_t *zeiger) { static int c; static wpaie_t *wpaptr; static int wpatype; static suite_t *gsuiteptr; static suitecount_t *csuitecountptr; static suite_t *csuiteptr; static int csuitecount; static suitecount_t *asuitecountptr; static suite_t *asuiteptr; static int asuitecount; wpaptr = (wpaie_t*)ieptr; wpalen -= WPAIE_SIZE; ieptr += WPAIE_SIZE; #ifndef BIG_ENDIAN_HOST wpatype = wpaptr->type; #else wpatype = byte_swap_16(wpaptr->type); #endif if(wpatype != VT_WPA_IE) return false; zeiger->kdversion |= KV_WPAIE; gsuiteptr = (suite_t*)ieptr; if(memcmp(gsuiteptr->oui, &ouimscorp, 3) == 0) { if(gsuiteptr->type == CS_WEP40) zeiger->groupcipher |= TCS_WEP40; if(gsuiteptr->type == CS_TKIP) zeiger->groupcipher |= TCS_TKIP; if(gsuiteptr->type == CS_WRAP) zeiger->groupcipher |= TCS_WRAP; if(gsuiteptr->type == CS_CCMP) zeiger->groupcipher |= TCS_CCMP; if(gsuiteptr->type == CS_WEP104) zeiger->groupcipher |= TCS_WEP104; if(gsuiteptr->type == CS_BIP) zeiger->groupcipher |= TCS_BIP; if(gsuiteptr->type == CS_NOT_ALLOWED) zeiger->groupcipher = TCS_NOT_ALLOWED; } wpalen -= SUITE_SIZE; ieptr += SUITE_SIZE; csuitecountptr = (suitecount_t*)ieptr; wpalen -= SUITECOUNT_SIZE; ieptr += SUITECOUNT_SIZE; #ifndef BIG_ENDIAN_HOST csuitecount = csuitecountptr->count; #else csuitecount = byte_swap_16(csuitecountptr->count); #endif if(csuitecount *4 > wpalen) { taglenerrorcount++; return false; } for(c = 0; c < csuitecount; c++) { csuiteptr = (suite_t*)ieptr; if(memcmp(csuiteptr->oui, &ouimscorp, 3) == 0) { if(csuiteptr->type == CS_WEP40) zeiger->cipher |= TCS_WEP40; if(csuiteptr->type == CS_TKIP) zeiger->cipher |= TCS_TKIP; if(csuiteptr->type == CS_WRAP) zeiger->cipher |= TCS_WRAP; if(csuiteptr->type == CS_CCMP) zeiger->cipher |= TCS_CCMP; if(csuiteptr->type == CS_WEP104) zeiger->cipher |= TCS_WEP104; if(csuiteptr->type == CS_BIP) zeiger->cipher |= TCS_BIP; if(csuiteptr->type == CS_NOT_ALLOWED) zeiger->cipher |= TCS_NOT_ALLOWED; } wpalen -= SUITE_SIZE; ieptr += SUITE_SIZE; if(wpalen == 0) return true; if(wpalen < 0) return false; } asuitecountptr = (suitecount_t*)ieptr; wpalen -= SUITECOUNT_SIZE; ieptr += SUITECOUNT_SIZE; #ifndef BIG_ENDIAN_HOST asuitecount = asuitecountptr->count; #else asuitecount = byte_swap_16(asuitecountptr->count); #endif if(asuitecount *4 > wpalen) { taglenerrorcount++; return false; } for(c = 0; c < asuitecount; c++) { asuiteptr = (suite_t*)ieptr; if(memcmp(asuiteptr->oui, &ouimscorp, 3) == 0) { if(asuiteptr->type == AK_PMKSA) zeiger->akm |= TAK_PMKSA; if(asuiteptr->type == AK_PSK) zeiger->akm |= TAK_PSK; if(asuiteptr->type == AK_FT) zeiger->akm |= TAK_FT; if(asuiteptr->type == AK_FT_PSK) zeiger->akm |= TAK_FT_PSK; if(asuiteptr->type == AK_PMKSA256) zeiger->akm |= TAK_PMKSA256; if(asuiteptr->type == AK_PSKSHA256) zeiger->akm |= TAK_PSKSHA256; if(asuiteptr->type == AK_TDLS) zeiger->akm |= TAK_TDLS; if(asuiteptr->type == AK_SAE_SHA256) zeiger->akm |= TAK_SAE_SHA256; if(asuiteptr->type == AK_FT_SAE) zeiger->akm |= TAK_FT_SAE; if(asuiteptr->type == AK_SAE_SHA384B) zeiger->akm |= TAK_SAE_SHA384B; if(asuiteptr->type == AK_OWE) zeiger->akm |= TAK_OWE; } wpalen -= SUITE_SIZE; ieptr += SUITE_SIZE; if(wpalen == 0) return true; if(wpalen < 0) return false; } return true; } /*===========================================================================*/ static bool gettagvendor(int vendorlen, uint8_t *ieptr, tags_t *zeiger) { static wpaie_t *wpaptr; static const uint8_t hcxoui[] = { 0xff, 0xff, 0xff, 0x00, 0xd9, 0x20, 0x21, 0x9b, 0x9b, 0x6a, 0xc9, 0x59, 0x49, 0x42, 0xe6, 0x55, 0x6a, 0x06, 0xa3, 0x23, 0x94, 0x2d, 0x94 }; wpaptr = (wpaie_t*)ieptr; if(memcmp(wpaptr->oui, &ouimscorp, 3) == 0) { if((wpaptr->ouitype == VT_WPA_IE) && (vendorlen >= WPAIE_LEN_MIN)) { if(gettagwpa(vendorlen, ieptr, zeiger) == false) return false; return true; } if((wpaptr->ouitype == VT_WPS_IE) && (vendorlen >= (int)WPSIE_SIZE)) { if(gettagwps(vendorlen, ieptr, zeiger) == false) return false; return true; } return true; } if(vendorlen == 0x17) { if(memcmp(&hcxoui, ieptr, 0x17) == 0) beaconhcxcount++; } return true; } /*===========================================================================*/ static bool gettagrsn(int rsnlen, uint8_t *ieptr, tags_t *zeiger) { static int c; static rsnie_t *rsnptr; static int rsnver; static suite_t *gsuiteptr; static suitecount_t *csuitecountptr; static suite_t *csuiteptr; static int csuitecount; static suitecount_t *asuitecountptr; static suite_t *asuiteptr; static int asuitecount; static rsnpmkidlist_t *rsnpmkidlistptr; static int rsnpmkidcount; static const uint8_t foxtrott[4] = { 0xff, 0xff, 0xff, 0xff }; rsnptr = (rsnie_t*)ieptr; #ifndef BIG_ENDIAN_HOST rsnver = rsnptr->version; #else rsnver = byte_swap_16(rsnptr->version); #endif if(rsnver != 1) return true; zeiger->kdversion |= KV_RSNIE; rsnlen -= RSNIE_SIZE; ieptr += RSNIE_SIZE; gsuiteptr = (suite_t*)ieptr; if(memcmp(gsuiteptr->oui, &suiteoui, 3) == 0) { if(gsuiteptr->type == CS_WEP40) zeiger->groupcipher |= TCS_WEP40; if(gsuiteptr->type == CS_TKIP) zeiger->groupcipher |= TCS_TKIP; if(gsuiteptr->type == CS_WRAP) zeiger->groupcipher |= TCS_WRAP; if(gsuiteptr->type == CS_CCMP) zeiger->groupcipher |= TCS_CCMP; if(gsuiteptr->type == CS_GCMP) zeiger->groupcipher |= TCS_GCMP; if(gsuiteptr->type == CS_WEP104) zeiger->groupcipher |= TCS_WEP104; if(gsuiteptr->type == CS_BIP) zeiger->groupcipher |= TCS_BIP; if(gsuiteptr->type == CS_NOT_ALLOWED) zeiger->groupcipher |= TCS_NOT_ALLOWED; } rsnlen -= SUITE_SIZE; ieptr += SUITE_SIZE; csuitecountptr = (suitecount_t*)ieptr; rsnlen -= SUITECOUNT_SIZE; ieptr += SUITECOUNT_SIZE; #ifndef BIG_ENDIAN_HOST csuitecount = csuitecountptr->count; #else csuitecount = byte_swap_16(csuitecountptr->count); #endif if(csuitecount *4 > rsnlen) { taglenerrorcount++; return false; } for(c = 0; c < csuitecount; c++) { csuiteptr = (suite_t*)ieptr; if(memcmp(csuiteptr->oui, &suiteoui, 3) == 0) { if(csuiteptr->type == CS_WEP40) zeiger->cipher |= TCS_WEP40; if(csuiteptr->type == CS_TKIP) zeiger->cipher |= TCS_TKIP; if(csuiteptr->type == CS_WRAP) zeiger->cipher |= TCS_WRAP; if(csuiteptr->type == CS_CCMP) zeiger->cipher |= TCS_CCMP; if(csuiteptr->type == CS_GCMP) zeiger->cipher |= TCS_GCMP; if(csuiteptr->type == CS_WEP104) zeiger->cipher |= TCS_WEP104; if(csuiteptr->type == CS_BIP) zeiger->cipher |= TCS_BIP; if(csuiteptr->type == CS_NOT_ALLOWED) zeiger->cipher |= TCS_NOT_ALLOWED; } rsnlen -= SUITE_SIZE; ieptr += SUITE_SIZE; if(rsnlen < 0) return false; if(rsnlen == 0) return true; } asuitecountptr = (suitecount_t*)ieptr; rsnlen -= SUITECOUNT_SIZE; ieptr += SUITECOUNT_SIZE; #ifndef BIG_ENDIAN_HOST asuitecount = asuitecountptr->count; #else asuitecount = byte_swap_16(asuitecountptr->count); #endif if(asuitecount *4 > rsnlen) { taglenerrorcount++; return false; } for(c = 0; c < asuitecount; c++) { asuiteptr = (suite_t*)ieptr; if(memcmp(asuiteptr->oui, &suiteoui, 3) == 0) { if(asuiteptr->type == AK_PMKSA) zeiger->akm |= TAK_PMKSA; if(asuiteptr->type == AK_PSK) zeiger->akm |= TAK_PSK; if(asuiteptr->type == AK_FT) zeiger->akm |= TAK_FT; if(asuiteptr->type == AK_FT_PSK) zeiger->akm |= TAK_FT_PSK; if(asuiteptr->type == AK_PMKSA256) zeiger->akm |= TAK_PMKSA256; if(asuiteptr->type == AK_PSKSHA256) zeiger->akm |= TAK_PSKSHA256; if(asuiteptr->type == AK_TDLS) zeiger->akm |= TAK_TDLS; if(asuiteptr->type == AK_SAE_SHA256) zeiger->akm |= TAK_SAE_SHA256; if(asuiteptr->type == AK_FT_SAE) zeiger->akm |= TAK_FT_SAE; if(asuiteptr->type == AK_SAE_SHA384B) zeiger->akm |= TAK_SAE_SHA384B; if(asuiteptr->type == AK_OWE) zeiger->akm |= TAK_OWE; } rsnlen -= SUITE_SIZE; ieptr += SUITE_SIZE; if(rsnlen < 0) return false; if(rsnlen == 0) return true; } rsnlen -= RSNCAPABILITIES_SIZE; ieptr += RSNCAPABILITIES_SIZE; if(rsnlen <= 0) return true; rsnpmkidlistptr = (rsnpmkidlist_t*)ieptr; #ifndef BIG_ENDIAN_HOST rsnpmkidcount = rsnpmkidlistptr->count; #else rsnpmkidcount = byte_swap_16(rsnpmkidlistptr->count); #endif if(rsnpmkidcount == 0) return true; rsnlen -= RSNPMKIDLIST_SIZE; ieptr += RSNPMKIDLIST_SIZE; if(rsnlen < 16) return true; if(((zeiger->akm &TAK_PSK) == TAK_PSK) || ((zeiger->akm &TAK_PSKSHA256) == TAK_PSKSHA256)) { if(memcmp(&zeroed32, ieptr, 16) == 0) return true; for(c = 0; c < 12; c++) { if(memcmp(&zeroed32, &ieptr[c], 4) == 0) return false; if(memcmp(&foxtrott, &ieptr[c], 4) == 0) return false; } memcpy(zeiger->pmkid, ieptr, 16); } return true; } /*===========================================================================*/ static bool isessidvalid(int essidlen, uint8_t *essid) { static int c; static const uint8_t foxtrott[4] = { 0xff, 0xff, 0xff, 0xff }; if(essidlen > ESSID_LEN_MAX) return false; if(essidlen == 0) return true; if(memcmp(&zeroed32, essid, essidlen) == 0) return true; if(essid[essidlen -1] == 0) { essiderrorcount++; return false; } for(c = 0; c< essidlen -4; c++) { if(memcmp(&zeroed32, &essid[c], 4) == 0) { essiderrorcount++; return false; } if(memcmp(&foxtrott, &essid[c], 4) == 0) { essiderrorcount++; return false; } } return true; } /*===========================================================================*/ static bool gettags(int infolen, uint8_t *infoptr, tags_t *zeiger) { static ietag_t *tagptr; static uint8_t tagok; static bool ef; memset(zeiger, 0, TAGS_SIZE); ef = false; tagok = 0; while(0 < infolen) { if(infolen == 4) return true; tagptr = (ietag_t*)infoptr; if(tagptr->len == 0) { infoptr += tagptr->len +IETAG_SIZE; infolen -= tagptr->len +IETAG_SIZE; continue; } if(tagptr->len > infolen) { taglenerrorcount++; return false; } if(tagptr->id == TAG_SSID) { if((tagok & TAG_SSID_OK) == 0) { if(tagptr->len > ESSID_LEN_MAX) { taglenerrorcount++; return false; } if(isessidvalid(tagptr->len, &tagptr->data[0]) == false) return false; { ef = true; memcpy(zeiger->essid, &tagptr->data[0], tagptr->len); zeiger->essidlen = tagptr->len; } tagok |= TAG_SSID_OK; } } else if(tagptr->id == TAG_CHAN) { if((tagok & TAG_CHAN_OK) == 0) { if(tagptr->len == 1) { zeiger->channel = tagptr->data[0]; tagok |= TAG_CHAN_OK; } } } else if(tagptr->id == TAG_COUNTRY) { if(tagptr->len > 2) { if((tagok & TAG_COUNTRY_OK) == 0) { zeiger->country[0] = tagptr->data[0]; zeiger->country[1] = tagptr->data[1]; tagok |= TAG_COUNTRY_OK; } } } else if(tagptr->id == TAG_RSN) { if(tagptr->len >= RSNIE_LEN_MIN) { if(gettagrsn(tagptr->len, tagptr->data, zeiger) == false) { taglenerrorcount++; return false; } } } else if(tagptr->id == TAG_VENDOR) { if(tagptr->len >= VENDORIE_SIZE) { if(gettagvendor(tagptr->len, tagptr->data, zeiger) == false) { taglenerrorcount++; return false; } } } infoptr += tagptr->len +IETAG_SIZE; infolen -= tagptr->len +IETAG_SIZE; } if((infolen != 0) && (infolen != 4) && (ef == false)) { taglenerrorcount++; return false; } return true; } /*===========================================================================*/ static void process80211eapol_m4(uint64_t eaptimestamp, uint8_t *macap, uint8_t *macclient, uint8_t *macsrc, uint32_t restlen, uint8_t *eapauthptr) { static int c; static messagelist_t *zeiger; static uint8_t *wpakptr; static wpakey_t *wpak; static eapauth_t *eapauth; static uint16_t authlen; static uint64_t eaptimegap; static uint8_t keyver; static uint64_t rc; static uint64_t rcgap; static uint8_t mpfield; static const uint8_t foxtrott[4] = { 0xff, 0xff, 0xff, 0xff }; eapolm4count++; eapolmsgcount++; if(memcmp(macap, macsrc, 6) != 0) { eapolrelayedcount++; return; } eapauth = (eapauth_t*)eapauthptr; authlen = ntohs(eapauth->len); if(authlen == 0) return; if(authlen +EAPAUTH_SIZE > restlen) return; if((authlen +EAPAUTH_SIZE) > EAPOL_AUTHLEN_MAX) { eapolm4oversizedcount++; return; } wpakptr = eapauthptr +EAPAUTH_SIZE; wpak = (wpakey_t*)wpakptr; keyver = ntohs(wpak->keyinfo) & WPA_KEY_INFO_TYPE_MASK; if((keyver == 0) || (keyver > 3)) { eapolm4kdv0count++; return; } if(ntohs(wpak->wpadatalen) > (restlen -EAPAUTH_SIZE -WPAKEY_SIZE)) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M4 wpa data len > eap authentication len: %ld\n", rawpacketcount); eapolm4errorcount++; return; } #ifndef BIG_ENDIAN_HOST rc = byte_swap_64(wpak->replaycount); #else rc = wpak->replaycount; #endif if(memcmp(&zeroed32, wpak->keymic, 16) == 0) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M4 key mic zeroed: %ld\n", rawpacketcount); eapolm4errorcount++; return; } for(c = 0; c < 12; c++) { if(memcmp(&zeroed32, &wpak->keymic[c], 4) == 0) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M4 key mic possible plcp bit error: %ld\n", rawpacketcount); eapolm4errorcount++; return; } if(memcmp(&foxtrott, &wpak->keymic[c], 4) == 0) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M4 key mic possible plcp bit error: %ld\n", rawpacketcount); eapolm4errorcount++; return; } } if(memcmp(&zeroed32, wpak->keyid, 8) != 0) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M4 key id != 0: %ld\n", rawpacketcount); eapolm4errorcount++; return; } if(memcmp(&zeroed32, wpak->nonce, 32) == 0) { eapolm4zeroedcount++; return; } if((memcmp(&fakenonce1, wpak->nonce, 32) == 0) && (rc == 17)) return; if((memcmp(&fakenonce2, wpak->nonce, 32) == 0) && (rc == 17)) return; zeiger = messagelist +MESSAGELIST_MAX; memset(zeiger, 0, MESSAGELIST_SIZE); zeiger->timestamp = eaptimestamp; zeiger->eapolmsgcount = eapolmsgcount; memcpy(zeiger->client, macclient, 6); memcpy(zeiger->ap, macap, 6); zeiger->message = HS_M4; zeiger->rc = rc; memcpy(zeiger->nonce, wpak->nonce, 32); if((authlen +EAPAUTH_SIZE) <= EAPOL_AUTHLEN_MAX) { zeiger->eapauthlen = authlen +EAPAUTH_SIZE; memcpy(zeiger->eapol, eapauthptr, zeiger->eapauthlen); } mpfield = 0; for(zeiger = messagelist; zeiger < messagelist +MESSAGELIST_MAX; zeiger++) { if(zeiger->timestamp == 0) break; if((zeiger->message &HS_M3) == HS_M3) { if(memcmp(zeiger->client, macclient, 6) != 0) continue; if(memcmp(zeiger->ap, macap, 6) != 0) continue; if(zeiger->rc >= rc) rcgap = zeiger->rc -rc; else rcgap = rc -zeiger->rc; if(rcgap > rcgapmax) rcgapmax = rcgap; if(rcgap > ncvalue) continue; if(eaptimestamp > zeiger->timestamp) eaptimegap = eaptimestamp -zeiger->timestamp; else eaptimegap = zeiger->timestamp -eaptimestamp; if((authlen +EAPAUTH_SIZE) <= EAPOL_AUTHLEN_MAX) { mpfield = ST_M34E4; if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap; if(eaptimegap <= eapoltimeoutvalue) addhandshake(eaptimegap, rcgap, messagelist +MESSAGELIST_MAX, zeiger, keyver, mpfield); if(donotcleanflag == true) { mpfield = ST_M34E3; if(eaptimegap <= eapoltimeoutvalue) addhandshake(eaptimegap, rcgap, messagelist +MESSAGELIST_MAX, zeiger, keyver, mpfield); } } } if((zeiger->message &HS_M1) != HS_M1) continue; if(memcmp(zeiger->client, macclient, 6) != 0) continue; if(memcmp(zeiger->ap, macap, 6) != 0) continue; if(zeiger->rc >= rc -1) rcgap = zeiger->rc -rc +1; else rcgap = rc +1 -zeiger->rc; if(zeiger->rc != myaktreplaycount) { if(rcgap > rcgapmax) rcgapmax = rcgap; } if(rcgap > ncvalue) continue; if(eaptimestamp > zeiger->timestamp) eaptimegap = eaptimestamp -zeiger->timestamp; else eaptimegap = zeiger->timestamp -eaptimestamp; if((authlen +EAPAUTH_SIZE) <= EAPOL_AUTHLEN_MAX) { mpfield = ST_M14E4; if(myaktreplaycount > 0) { if(zeiger->rc == myaktreplaycount) continue; } if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap; if(eaptimegap <= eapoltimeoutvalue) addhandshake(eaptimegap, rcgap, messagelist +MESSAGELIST_MAX, zeiger, keyver, mpfield); } } qsort(messagelist, MESSAGELIST_MAX +1, MESSAGELIST_SIZE, sort_messagelist_by_timestamp); return; } /*===========================================================================*/ static void process80211eapol_m3(uint64_t eaptimestamp, uint8_t *macclient, uint8_t *macap, uint8_t *macsrc, uint32_t restlen, uint8_t *eapauthptr) { static int c; static messagelist_t *zeiger; static messagelist_t *zeigerakt; static uint8_t *wpakptr; static wpakey_t *wpak; static eapauth_t *eapauth; static uint16_t authlen; static uint64_t eaptimegap; static uint8_t keyver; static uint64_t rc; static uint64_t rcgap; static uint8_t mpfield; static const uint8_t foxtrott[4] = { 0xff, 0xff, 0xff, 0xff }; eapolm3count++; eapolmsgcount++; if(memcmp(macap, macsrc, 6) != 0) { eapolrelayedcount++; return; } zeigerakt = messagelist +MESSAGELIST_MAX; eapauth = (eapauth_t*)eapauthptr; authlen = ntohs(eapauth->len); if(authlen == 0) return; if(authlen > restlen) return; if((authlen +EAPAUTH_SIZE) > EAPOL_AUTHLEN_MAX) { eapolm3oversizedcount++; return; } wpakptr = eapauthptr +EAPAUTH_SIZE; wpak = (wpakey_t*)wpakptr; keyver = ntohs(wpak->keyinfo) & WPA_KEY_INFO_TYPE_MASK; if((keyver == 0) || (keyver > 3)) { eapolm3kdv0count++; return; } if(ntohs(wpak->wpadatalen) > (restlen -EAPAUTH_SIZE -WPAKEY_SIZE)) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M3 wpa data len > eap authentication len: %ld\n", rawpacketcount); eapolm3errorcount++; return; } #ifndef BIG_ENDIAN_HOST rc = byte_swap_64(wpak->replaycount); #else rc = wpak->replaycount; #endif if(memcmp(&zeroed32, wpak->keymic, 16) == 0) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M3 key mic zeroed: %ld\n", rawpacketcount); eapolm3errorcount++; return; } for(c = 0; c < 12; c++) { if(memcmp(&zeroed32, &wpak->keymic[c], 4) == 0) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M3 key mic possible plcp bit error: %ld\n", rawpacketcount); eapolm3errorcount++; return; } if(memcmp(&foxtrott, &wpak->keymic[c], 4) == 0) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M3 key mic possible plcp bit error: %ld\n", rawpacketcount); eapolm3errorcount++; return; } } if(memcmp(&zeroed32, wpak->keyid, 8) != 0) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M3 key id != 0: %ld\n", rawpacketcount); eapolm3errorcount++; return; } memset(zeigerakt, 0, MESSAGELIST_SIZE); zeigerakt->timestamp = eaptimestamp; zeigerakt->eapolmsgcount = eapolmsgcount; memcpy(zeigerakt->client, macclient, 6); memcpy(zeigerakt->ap, macap, 6); zeigerakt->message = HS_M3; zeigerakt->rc = rc; memcpy(zeigerakt->nonce, wpak->nonce, 32); if((authlen +EAPAUTH_SIZE) <= EAPOL_AUTHLEN_MAX) { zeigerakt->eapauthlen = authlen +EAPAUTH_SIZE; memcpy(zeigerakt->eapol, eapauthptr, zeigerakt->eapauthlen); } for(zeiger = messagelist; zeiger < messagelist +MESSAGELIST_MAX; zeiger++) { if(zeiger->timestamp == 0) break; if(((zeiger->message &HS_M1) == HS_M1) || ((zeiger->message &HS_M3) == HS_M3)) { if(memcmp(zeiger->ap, macap, 6) != 0) continue; if(memcmp(zeiger->client, macclient, 6) != 0) continue; if((memcmp(zeiger->nonce, wpak->nonce, 28) == 0) && (memcmp(&zeiger->nonce[28], &wpak->nonce[28], 4) != 0)) { eapolnccount++; if(memcmp(&zeiger->nonce[30], &wpak->nonce[30], 2) != 0) { zeiger->status = ST_LE +ST_NC; (messagelist +MESSAGELIST_MAX)->status = ST_LE +ST_NC; } else if(memcmp(&zeiger->nonce[28], &wpak->nonce[28], 2) != 0) { zeiger->status = ST_BE +ST_NC; (messagelist +MESSAGELIST_MAX)->status = ST_BE +ST_NC; } } } } mpfield = 0; for(zeiger = messagelist; zeiger < messagelist +MESSAGELIST_MAX; zeiger++) { if(zeiger->timestamp == 0) break; if((zeiger->message &HS_M2) == HS_M2) { if(memcmp(zeiger->ap, macap, 6) != 0) continue; if(memcmp(zeiger->client, macclient, 6) != 0) continue; if(zeiger->rc >= rc -1) rcgap = zeiger->rc -rc +1; else rcgap = rc +1 -zeiger->rc; if(zeiger->rc != myaktreplaycount) { if(rcgap > rcgapmax) rcgapmax = rcgap; } if(rcgap > ncvalue) continue; if(eaptimestamp > zeiger->timestamp) eaptimegap = eaptimestamp -zeiger->timestamp; else eaptimegap = zeiger->timestamp -eaptimestamp; if((authlen +EAPAUTH_SIZE) <= EAPOL_AUTHLEN_MAX) { mpfield = ST_M32E2; if(myaktreplaycount > 0) { if(zeiger->rc == myaktreplaycount) continue; } if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap; if(eaptimegap <= eapoltimeoutvalue) addhandshake(eaptimegap, rcgap, zeiger, messagelist +MESSAGELIST_MAX, keyver, mpfield); if(donotcleanflag == true) { mpfield = ST_M32E3; if(myaktreplaycount > 0) { if(zeiger->rc == myaktreplaycount) continue; } if(eaptimegap <= eapoltimeoutvalue) addhandshake(eaptimegap, rcgap, zeiger, messagelist +MESSAGELIST_MAX, keyver, mpfield); } } } if((zeiger->message &HS_M4) != HS_M4) continue; if(memcmp(zeiger->ap, macap, 6) != 0) continue; if(memcmp(zeiger->client, macclient, 6) != 0) continue; if(zeiger->rc >= rc) rcgap = zeiger->rc -rc; else rcgap = rc -zeiger->rc; if(rcgap > rcgapmax) rcgapmax = rcgap; if(rcgap > ncvalue) continue; if(eaptimestamp > zeiger->timestamp) eaptimegap = eaptimestamp -zeiger->timestamp; else eaptimegap = zeiger->timestamp -eaptimestamp; if((authlen +EAPAUTH_SIZE) <= EAPOL_AUTHLEN_MAX) { mpfield = ST_M34E4; if(myaktreplaycount > 0) { if(zeiger->rc == myaktreplaycount) continue; } if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap; if(eaptimegap <= eapoltimeoutvalue) addhandshake(eaptimegap, rcgap, zeiger, messagelist +MESSAGELIST_MAX, keyver, mpfield); if(donotcleanflag == true) { mpfield = ST_M34E3; if(myaktreplaycount > 0) { if(zeiger->rc == myaktreplaycount) continue; } if(eaptimegap <= eapoltimeoutvalue) addhandshake(eaptimegap, rcgap, zeiger, messagelist +MESSAGELIST_MAX, keyver, mpfield); } } } qsort(messagelist, MESSAGELIST_MAX +1, MESSAGELIST_SIZE, sort_messagelist_by_timestamp); return; } /*===========================================================================*/ static void process80211eapol_m2(uint64_t eaptimestamp, uint8_t *macap, uint8_t *macclient, uint8_t *macsrc, uint32_t restlen, uint8_t *eapauthptr) { static int c; static messagelist_t *zeiger; static uint8_t *wpakptr; static wpakey_t *wpak; static eapauth_t *eapauth; static uint16_t authlen; static uint64_t eaptimegap; static uint8_t keyver; static uint64_t rc; static uint64_t rcgap; static uint8_t mpfield; static uint16_t wpainfolen; static tags_t tags; static const uint8_t foxtrott[4] = { 0xff, 0xff, 0xff, 0xff }; eapolm2count++; eapolmsgcount++; if(memcmp(macap, macsrc, 6) != 0) { eapolrelayedcount++; return; } eapauth = (eapauth_t*)eapauthptr; authlen = ntohs(eapauth->len); if(authlen == 0) return; if(authlen +EAPAUTH_SIZE > restlen) return; if((authlen +EAPAUTH_SIZE) > EAPOL_AUTHLEN_MAX) { eapolm2oversizedcount++; return; } wpakptr = eapauthptr +EAPAUTH_SIZE; wpak = (wpakey_t*)wpakptr; keyver = ntohs(wpak->keyinfo) & WPA_KEY_INFO_TYPE_MASK; if((keyver == 0) || (keyver > 3)) { eapolm2kdv0count++; return; } wpainfolen = ntohs(wpak->wpadatalen); if(wpainfolen > (restlen -EAPAUTH_SIZE -WPAKEY_SIZE)) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M2 wpa data len > eap authentication len: %ld\n", rawpacketcount); eapolm2errorcount++; return; } #ifndef BIG_ENDIAN_HOST rc = byte_swap_64(wpak->replaycount); #else rc = wpak->replaycount; #endif if(memcmp(&zeroed32, wpak->nonce, 32) == 0) return; if(memcmp(&zeroed32, wpak->keymic, 16) == 0) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M2 key mic zeroed: %ld\n", rawpacketcount); eapolm2errorcount++; return; } for(c = 0; c < 12; c++) { if(memcmp(&zeroed32, &wpak->keymic[c], 4) == 0) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M2 key mic possible plcp bit error: %ld\n", rawpacketcount); eapolm2errorcount++; return; } if(memcmp(&foxtrott, &wpak->keymic[c], 4) == 0) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M2 key mic possible plcp bit error: %ld\n", rawpacketcount); eapolm2errorcount++; return; } } if(memcmp(&zeroed32, wpak->keyiv, 16) != 0) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M2 key iv != 0: %ld\n", rawpacketcount); eapolm2errorcount++; return; } if(wpak->keyrsc != 0) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M2 key rsc != 0: %ld\n", rawpacketcount); eapolm2errorcount++; return; } if(memcmp(&zeroed32, wpak->keyid, 8) != 0) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M2 key id != 0: %ld\n", rawpacketcount); eapolm2errorcount++; return; } if((memcmp(&fakenonce1, wpak->nonce, 32) == 0) && (rc == 17)) return; if((memcmp(&fakenonce2, wpak->nonce, 32) == 0) && (rc == 17)) return; zeiger = messagelist +MESSAGELIST_MAX; memset(zeiger, 0, MESSAGELIST_SIZE); zeiger->timestamp = eaptimestamp; zeiger->eapolmsgcount = eapolmsgcount; memcpy(zeiger->client, macclient, 6); memcpy(zeiger->ap, macap, 6); zeiger->message = HS_M2; zeiger->rc = rc; memcpy(zeiger->nonce, wpak->nonce, 32); if((authlen +EAPAUTH_SIZE) <= EAPOL_AUTHLEN_MAX) { zeiger->eapauthlen = authlen +EAPAUTH_SIZE; memcpy(zeiger->eapol, eapauthptr, zeiger->eapauthlen); } if(wpainfolen >= RSNIE_LEN_MIN) { if(gettags(wpainfolen, wpakptr +WPAKEY_SIZE, &tags) == false) return; if((tags.akm &TAK_FT_PSK) == TAK_FT_PSK) eapolm2ftpskcount++; if(((tags.akm &TAK_PSK) != TAK_PSK) && ((tags.akm &TAK_PSKSHA256) != TAK_PSKSHA256)) { if(ignoreieflag == false) return; } if(memcmp(&zeroed32, tags.pmkid, 16) != 0) { zeiger->message |= HS_PMKID; memcpy(zeiger->pmkid, tags.pmkid, 16); addpmkid(eaptimestamp, macclient, macap, tags.pmkid, PMKID_CLIENT); } } mpfield = 0; for(zeiger = messagelist; zeiger < messagelist +MESSAGELIST_MAX; zeiger++) { if(zeiger->timestamp == 0) break; if((zeiger->message &HS_M1) == HS_M1) { if(memcmp(zeiger->client, macclient, 6) != 0) continue; if(memcmp(zeiger->ap, macap, 6) != 0) continue; if(zeiger->rc >= rc) rcgap = zeiger->rc -rc; else rcgap = rc -zeiger->rc; if((rc != myaktreplaycount) && (zeiger->rc != myaktreplaycount)) { if(rcgap > rcgapmax) rcgapmax = rcgap; } if(rcgap > ncvalue) continue; if(eaptimestamp > zeiger->timestamp) eaptimegap = eaptimestamp -zeiger->timestamp; else eaptimegap = zeiger->timestamp -eaptimestamp; if((authlen +EAPAUTH_SIZE) <= EAPOL_AUTHLEN_MAX) { mpfield = ST_M12E2; if(myaktreplaycount > 0) { if((rc == myaktreplaycount) && (memcmp(&myaktanonce, zeiger->nonce, 32) == 0)) { eaptimegap = 0; mpfield |= ST_APLESS; } if(rcgap != 0) continue; } if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap; if(eaptimegap <= eapoltimeoutvalue) addhandshake(eaptimegap, rcgap, messagelist +MESSAGELIST_MAX, zeiger, keyver, mpfield); } } if((zeiger->message &HS_M3) != HS_M3) continue; if(memcmp(zeiger->client, macclient, 6) != 0) continue; if(memcmp(zeiger->ap, macap, 6) != 0) continue; if(zeiger->rc >= rc +1) rcgap = zeiger->rc -rc -1; else rcgap = rc +1 -zeiger->rc; if(rc != myaktreplaycount) { if(rcgap > rcgapmax) rcgapmax = rcgap; } if(rcgap > ncvalue) continue; if(eaptimestamp > zeiger->timestamp) eaptimegap = eaptimestamp -zeiger->timestamp; else eaptimegap = zeiger->timestamp -eaptimestamp; if((authlen +EAPAUTH_SIZE) <= EAPOL_AUTHLEN_MAX) { mpfield = ST_M32E2; if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap; if(eaptimegap <= eapoltimeoutvalue) addhandshake(eaptimegap, rcgap, messagelist +MESSAGELIST_MAX, zeiger, keyver, mpfield); if(donotcleanflag == true) { mpfield = ST_M32E3; if(eaptimegap <= eapoltimeoutvalue) addhandshake(eaptimegap, rcgap, messagelist +MESSAGELIST_MAX, zeiger, keyver, mpfield); } } } qsort(messagelist, MESSAGELIST_MAX +1, MESSAGELIST_SIZE, sort_messagelist_by_timestamp); return; } /*===========================================================================*/ static void process80211eapol_m1(uint64_t eaptimestamp, uint8_t *macclient, uint8_t *macap, uint8_t *macsrc, uint32_t restlen, uint8_t *eapauthptr) { static int c; static messagelist_t *zeiger; static uint8_t *wpakptr; static wpakey_t *wpak; static eapauth_t *eapauth; static uint16_t authlen; static pmkid_t *pmkid; static uint8_t keyver; static uint64_t rc; static const uint8_t foxtrott[4] = { 0xff, 0xff, 0xff, 0xff }; eapolm1count++; eapolmsgcount++; if(memcmp(macap, macsrc, 6) != 0) { eapolrelayedcount++; return; } eapauth = (eapauth_t*)eapauthptr; authlen = ntohs(eapauth->len); if(authlen > restlen) { eapolm1errorcount++; return; } wpakptr = eapauthptr +EAPAUTH_SIZE; wpak = (wpakey_t*)wpakptr; keyver = ntohs(wpak->keyinfo) & WPA_KEY_INFO_TYPE_MASK; if((keyver == 0) || (keyver > 3)) { eapolm1kdv0count++; if(authlen >= (int)(WPAKEY_SIZE +PMKID_SIZE)) { pmkid = (pmkid_t*)(wpakptr +WPAKEY_SIZE); if(pmkid->id != TAG_VENDOR) return; if((pmkid->len == 0x14) && (pmkid->type == 0x04)) { if(memcmp(&zeroed32, pmkid->pmkid, 16) == 0) { pmkiduselesscount++; } else { pmkidakmcount++; pmkidcount++; } } } return; } if(ntohs(wpak->wpadatalen) > (restlen -EAPAUTH_SIZE -WPAKEY_SIZE)) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M1 wpa data len > eap authentication len: %ld\n", rawpacketcount); eapolm1errorcount++; return; } #ifndef BIG_ENDIAN_HOST rc = byte_swap_64(wpak->replaycount); #else rc = wpak->replaycount; #endif if(wpak->keyrsc != 0) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M1 key rc != 0: %ld\n", rawpacketcount); eapolm1errorcount++; return; } if(memcmp(&zeroed32, wpak->keyid, 8) != 0) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M1 key id != 0: %ld\n", rawpacketcount); eapolm1errorcount++; return; } if((memcmp(&fakenonce1, wpak->nonce, 32) == 0) && (rc == 17)) return; if((memcmp(&fakenonce2, wpak->nonce, 32) == 0) && (rc == 17)) return; zeiger = messagelist +MESSAGELIST_MAX; memset(zeiger, 0, MESSAGELIST_SIZE); zeiger->timestamp = eaptimestamp; zeiger->eapolmsgcount = eapolmsgcount; memcpy(zeiger->client, macclient, 6); memcpy(zeiger->ap, macap, 6); zeiger->message = HS_M1; zeiger->status = ST_NC; zeiger->rc = rc; memcpy(zeiger->nonce, wpak->nonce, 32); if((zeiger->rc == myaktreplaycount) && (memcmp(&myaktanonce, zeiger->nonce, 32) == 0)) { zeiger->status = ST_APLESS; eapolm1ancount++; qsort(messagelist, MESSAGELIST_MAX +1, MESSAGELIST_SIZE, sort_messagelist_by_timestamp); return; } if(authlen >= (int)(WPAKEY_SIZE +PMKID_SIZE)) { pmkid = (pmkid_t*)(wpakptr +WPAKEY_SIZE); if(pmkid->id != TAG_VENDOR) return; if((pmkid->len == 0x14) && (pmkid->type == 0x04)) { zeiger->message |= HS_PMKID; if(memcmp(&zeroed32, pmkid->pmkid, 16) == 0) { pmkiduselesscount++; } else { for(c = 0; c < 12; c++) { if(memcmp(&zeroed32, &pmkid->pmkid[c], 4) == 0) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M1 possible plcp bit error: %ld\n", rawpacketcount); eapolm1errorcount++; return; } if(memcmp(&foxtrott, &pmkid->pmkid[c], 4) == 0) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M1 possible plcp bit error: %ld\n", rawpacketcount); eapolm1errorcount++; return; } } memcpy(zeiger->pmkid, pmkid->pmkid, 16); if(keyver != 3) addpmkid(eaptimestamp, macclient, macsrc, pmkid->pmkid, PMKID_AP); else addpmkid(eaptimestamp, macclient, macsrc, pmkid->pmkid, PMKID_AP | PMKID_APPSK256); } } else pmkiduselesscount++; } for(zeiger = messagelist; zeiger < messagelist +MESSAGELIST_MAX +1; zeiger++) { if(zeiger->timestamp == 0) break; if(((zeiger->message &HS_M1) != HS_M1) && ((zeiger->message &HS_M3) != HS_M3)) continue; if(memcmp(zeiger->ap, macap, 6) != 0) continue; if(memcmp(zeiger->client, macclient, 6) != 0) continue; eapolm1ancount++; if((memcmp(zeiger->nonce, wpak->nonce, 28) == 0) && (memcmp(&zeiger->nonce[28], &wpak->nonce[28], 4) != 0)) { eapolnccount++; if(memcmp(&zeiger->nonce[30], &wpak->nonce[30], 2) != 0) { zeiger->status = ST_LE +ST_NC; (messagelist +MESSAGELIST_MAX)->status = ST_LE +ST_NC; } else if(memcmp(&zeiger->nonce[28], &wpak->nonce[28], 2) != 0) { zeiger->status = ST_BE +ST_NC; (messagelist +MESSAGELIST_MAX)->status = ST_BE +ST_NC; } } } qsort(messagelist, MESSAGELIST_MAX +1, MESSAGELIST_SIZE, sort_messagelist_by_timestamp); return; } /*===========================================================================*/ static void process80211rc4key(void) { eapolrc4count++; return; } /*===========================================================================*/ static void process80211eapol(uint64_t eaptimestamp, uint8_t *macto, uint8_t *macfm, uint8_t *macsrc, uint32_t eapauthlen, uint8_t *eapauthptr) { static eapauth_t *eapauth; static uint32_t authlen; static uint8_t *wpakptr; static wpakey_t *wpak; static uint16_t keyinfo; static uint16_t keylen; eapauth = (eapauth_t*)eapauthptr; authlen = ntohs(eapauth->len); if(authlen > eapauthlen) { eapolmsgerrorcount++; return; } wpakptr = eapauthptr +EAPAUTH_SIZE; wpak = (wpakey_t*)wpakptr; keyinfo = (getkeyinfo(ntohs(wpak->keyinfo))); if(wpak->keydescriptor == EAP_KDT_RC4) { process80211rc4key(); return; } else if(wpak->keydescriptor == EAP_KDT_WPA) eapolwpacount++; else if(wpak->keydescriptor == EAP_KDT_RSN) eapolrsncount++; else return; if(authlen < WPAKEY_SIZE) { eapolmsgerrorcount++; return; } keylen = ntohs(wpak->keylen); if((keylen != 0) && (keylen != 16) && (keylen != 32)) { eapolmsgerrorcount++; return; } if(keyinfo == 1) process80211eapol_m1(eaptimestamp, macto, macfm, macsrc, eapauthlen, eapauthptr); else if(keyinfo == 2) { if(authlen != 0x5f) process80211eapol_m2(eaptimestamp, macto, macfm, macsrc, eapauthlen, eapauthptr); else process80211eapol_m4(eaptimestamp, macto, macfm, macsrc, eapauthlen, eapauthptr); } else if(keyinfo == 3) process80211eapol_m3(eaptimestamp, macto, macfm, macsrc, eapauthlen, eapauthptr); else if(keyinfo == 4) process80211eapol_m4(eaptimestamp, macto, macfm, macsrc, eapauthlen, eapauthptr); return; } /*===========================================================================*/ static void process80211eap(uint64_t eaptimestamp, uint8_t *macto, uint8_t *macfm, uint8_t *macsrc, uint32_t restlen, uint8_t *eapptr) { static eapauth_t *eapauth; eapauth = (eapauth_t*)eapptr; if(restlen < (int)EAPAUTH_SIZE) return; if(eapauth->type == EAPOL_KEY) { process80211eapol(eaptimestamp, macto, macfm, macsrc, restlen, eapptr); } else if(eapauth->type == EAP_PACKET) process80211exteap(eaptimestamp, macto, macfm, restlen, eapptr); //else if(eapauth->type == EAPOL_ASF) process80211exteap_asf(); //else if(eapauth->type == EAPOL_MKA) process80211exteap_mka(); else if(eapauth->type == EAPOL_START) { } else if(eapauth->type == EAPOL_START) { } else if(eapauth->type == EAPOL_LOGOFF) { } if(fh_nmea != NULL) writegpwpl(macfm); return; } /*===========================================================================*/ static bool cleanbackmac(void) { static int c; static maclist_t *zeiger; zeiger = aplistptr; for(c = 0; c < 20; c ++) { zeiger--; if(zeiger < aplist) return false; if(zeiger->type != aplistptr->type) continue; if(zeiger->essidlen != aplistptr->essidlen) continue; if(memcmp(zeiger->addr, aplistptr->addr, 6) != 0) continue; if(memcmp(zeiger->essid, aplistptr->essid, aplistptr->essidlen) != 0) continue; zeiger->timestamp = aplistptr->timestamp; zeiger->count += 1; zeiger->status |= aplistptr->status; zeiger->type |= aplistptr->type; zeiger->groupcipher |= aplistptr->groupcipher; zeiger->cipher |= aplistptr->cipher; zeiger->akm |= aplistptr->akm; if(zeiger->manufacturerlen == 0) { memcpy(zeiger->manufacturer, aplistptr->manufacturer, aplistptr->manufacturerlen); zeiger->manufacturerlen = aplistptr->manufacturerlen; } if(zeiger->modellen == 0) { memcpy(zeiger->model, aplistptr->model, aplistptr->modellen); zeiger->modellen = aplistptr->modellen; } if(zeiger->serialnumberlen == 0) { memcpy(zeiger->serialnumber, aplistptr->serialnumber, aplistptr->serialnumberlen); zeiger->serialnumberlen = aplistptr->serialnumberlen; } if(zeiger->devicenamelen == 0) { memcpy(zeiger->devicename, aplistptr->devicename, aplistptr->devicenamelen); zeiger->devicenamelen = aplistptr->devicenamelen; } if(zeiger->enrolleelen == 0) { memcpy(zeiger->enrollee, aplistptr->enrollee, aplistptr->enrolleelen); zeiger->enrolleelen = aplistptr->enrolleelen; } return true; } return false; } /*===========================================================================*/ static void process80211reassociation_req(uint64_t reassociationrequesttimestamp, uint8_t *macclient, uint8_t *macap, uint32_t reassociationrequestlen, uint8_t *reassociationrequestptr) { static int clientinfolen; static uint8_t *clientinfoptr; static maclist_t *aplistnew; static tags_t tags; reassociationrequestcount++; clientinfoptr = reassociationrequestptr +CAPABILITIESREQSTA_SIZE; clientinfolen = reassociationrequestlen -CAPABILITIESREQSTA_SIZE; if(clientinfolen < (int)IETAG_SIZE) return; if(gettags(clientinfolen, clientinfoptr, &tags) == false) return; if(tags.essidlen == 0) return; if(tags.essid[0] == 0) return; if(aplistptr >= aplist +maclistmax) { aplistnew = (maclist_t*)realloc(aplist, (maclistmax +MACLIST_MAX) *MACLIST_SIZE); if(aplistnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } aplist = aplistnew; aplistptr = aplistnew +maclistmax; maclistmax += MACLIST_MAX; } if(fh_nmea != NULL) writegpwpl(macclient); memset(aplistptr, 0, MACLIST_SIZE); aplistptr->timestamp = reassociationrequesttimestamp; aplistptr->count = 1; aplistptr->type = AP; memcpy(aplistptr->addr, macap, 6); aplistptr->essidlen = tags.essidlen; memcpy(aplistptr->essid, tags.essid, tags.essidlen); aplistptr->groupcipher = tags.groupcipher; aplistptr->cipher = tags.cipher; aplistptr->akm = tags.akm; if(ignoreieflag == true) { if(memcmp(&zeroed32, tags.pmkid, 16) != 0) addpmkid(reassociationrequesttimestamp, macclient, macap, tags.pmkid, PMKID_CLIENT); } else if(((tags.akm &TAK_PSK) == TAK_PSK) || ((tags.akm &TAK_PSKSHA256) == TAK_PSKSHA256)) { if(memcmp(&zeroed32, tags.pmkid, 16) != 0) addpmkid(reassociationrequesttimestamp, macclient, macap, tags.pmkid, PMKID_CLIENT); } else if((tags.akm &TAK_FT_PSK) == TAK_FT_PSK) reassociationrequestftpskcount++; if((tags.akm &TAK_PSK) == TAK_PSK) reassociationrequestpskcount++; else if((tags.akm &TAK_FT_PSK) == TAK_FT_PSK) reassociationrequestftpskcount++; else if((tags.akm &TAK_PSKSHA256) == TAK_PSKSHA256) reassociationrequestpsk256count++; else if((tags.akm &TAK_SAE_SHA256) == TAK_SAE_SHA256) reassociationrequestsae256count++; else if((tags.akm &TAK_SAE_SHA384B) == TAK_SAE_SHA384B) reassociationrequestsae384bcount++; else if((tags.akm &TAK_OWE) == TAK_OWE) reassociationrequestowecount++; if(cleanbackmac() == false) aplistptr++; if(aplistptr >= aplist +maclistmax) { aplistnew = (maclist_t*)realloc(aplist, (maclistmax +MACLIST_MAX) *MACLIST_SIZE); if(aplistnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } aplist = aplistnew; aplistptr = aplistnew +maclistmax; maclistmax += MACLIST_MAX; } memset(aplistptr, 0, MACLIST_SIZE); aplistptr->timestamp = reassociationrequesttimestamp; aplistptr->count = 1; aplistptr->status = ST_REASSOC_REQ; aplistptr->type = CLIENT; memcpy(aplistptr->addr, macclient, 6); aplistptr->essidlen = tags.essidlen; memcpy(aplistptr->essid, tags.essid, tags.essidlen); aplistptr->groupcipher = tags.groupcipher; aplistptr->cipher = tags.cipher; aplistptr->akm = tags.akm; if(cleanbackmac() == false) aplistptr++; if(fh_nmea != NULL) writegpwpl(macclient); return; } /*===========================================================================*/ static void process80211association_req(uint64_t associationrequesttimestamp, uint8_t *macclient, uint8_t *macap, uint32_t associationrequestlen, uint8_t *associationrequestptr) { static int clientinfolen; static uint8_t *clientinfoptr; static maclist_t *aplistnew; static tags_t tags; associationrequestcount++; clientinfoptr = associationrequestptr +CAPABILITIESSTA_SIZE; clientinfolen = associationrequestlen -CAPABILITIESSTA_SIZE; if(clientinfolen < (int)IETAG_SIZE) return; if(gettags(clientinfolen, clientinfoptr, &tags) == false) return; if(tags.essidlen == 0) return; if(tags.essid[0] == 0) return; if(aplistptr >= aplist +maclistmax) { aplistnew = (maclist_t*)realloc(aplist, (maclistmax +MACLIST_MAX) *MACLIST_SIZE); if(aplistnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } aplist = aplistnew; aplistptr = aplistnew +maclistmax; maclistmax += MACLIST_MAX; } memset(aplistptr, 0, MACLIST_SIZE); aplistptr->timestamp = associationrequesttimestamp; aplistptr->count = 1; aplistptr->status = ST_ASSOC_REQ; aplistptr->type = AP; memcpy(aplistptr->addr, macap, 6); aplistptr->essidlen = tags.essidlen; memcpy(aplistptr->essid, tags.essid, tags.essidlen); aplistptr->groupcipher = tags.groupcipher; aplistptr->cipher = tags.cipher; aplistptr->akm = tags.akm; if(ignoreieflag == true) { if(memcmp(&zeroed32, tags.pmkid, 16) != 0) addpmkid(associationrequesttimestamp, macclient, macap, tags.pmkid, PMKID_CLIENT); } else if(((tags.akm &TAK_PSK) == TAK_PSK) || ((tags.akm &TAK_PSKSHA256) == TAK_PSKSHA256)) { if(memcmp(&zeroed32, tags.pmkid, 16) != 0) addpmkid(associationrequesttimestamp, macclient, macap, tags.pmkid, PMKID_CLIENT); } if((tags.akm &TAK_PSK) == TAK_PSK) associationrequestpskcount++; else if((tags.akm &TAK_FT_PSK) == TAK_FT_PSK) associationrequestftpskcount++; else if((tags.akm &TAK_PSKSHA256) == TAK_PSKSHA256) associationrequestpsk256count++; else if((tags.akm &TAK_SAE_SHA256) == TAK_SAE_SHA256) associationrequestsae256count++; else if((tags.akm &TAK_SAE_SHA384B) == TAK_SAE_SHA384B) associationrequestsae384bcount++; else if((tags.akm &TAK_OWE) == TAK_OWE) associationrequestowecount++; if(cleanbackmac() == false) aplistptr++; if(aplistptr >= aplist +maclistmax) { aplistnew = (maclist_t*)realloc(aplist, (maclistmax +MACLIST_MAX) *MACLIST_SIZE); if(aplistnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } aplist = aplistnew; aplistptr = aplistnew +maclistmax; maclistmax += MACLIST_MAX; } memset(aplistptr, 0, MACLIST_SIZE); aplistptr->timestamp = associationrequesttimestamp; aplistptr->count = 1; aplistptr->status = ST_ASSOC_REQ; aplistptr->type = CLIENT; memcpy(aplistptr->addr, macclient, 6); aplistptr->essidlen = tags.essidlen; memcpy(aplistptr->essid, tags.essid, tags.essidlen); aplistptr->groupcipher = tags.groupcipher; aplistptr->cipher = tags.cipher; aplistptr->akm = tags.akm; if(cleanbackmac() == false) aplistptr++; if(fh_nmea != NULL) writegpwpl(macclient); return; } /*===========================================================================*/ static inline void process80211authentication(uint8_t *macfm, uint32_t authenticationlen, uint8_t *authenticationptr) { static authf_t *auth; authenticationcount++; auth = (authf_t*)authenticationptr; if(authenticationlen < (int)AUTHENTICATIONFRAME_SIZE) return; if(auth->algorithm == OPEN_SYSTEM) authopensystemcount++; else if(auth->algorithm == SAE) authseacount++; else if(auth->algorithm == SHARED_KEY) authsharedkeycount++; else if(auth->algorithm == FBT) authfbtcount++; else if(auth->algorithm == FILS) authfilscount++; else if(auth->algorithm == FILSPFS) authfilspfs++; else if(auth->algorithm == FILSPK) authfilspkcount++; else if(auth->algorithm == NETWORKEAP) authnetworkeapcount++; else authunknowncount++; if(fh_nmea != NULL) writegpwpl(macfm); return; } /*===========================================================================*/ static void process80211probe_req_direct(uint64_t proberequesttimestamp, uint8_t *macclient, uint8_t *macap, uint32_t proberequestlen, uint8_t *proberequestptr) { static maclist_t *aplistnew; static tags_t tags; proberequestdirectedcount++; if(proberequestlen < (int)IETAG_SIZE) return; if(gettags(proberequestlen, proberequestptr, &tags) == false) return; if(tags.essidlen == 0) return; if(tags.essid[0] == 0) return; if(aplistptr >= aplist +maclistmax) { aplistnew = (maclist_t*)realloc(aplist, (maclistmax +MACLIST_MAX) *MACLIST_SIZE); if(aplistnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } aplist = aplistnew; aplistptr = aplistnew +maclistmax; maclistmax += MACLIST_MAX; } memset(aplistptr, 0, MACLIST_SIZE); aplistptr->timestamp = proberequesttimestamp; aplistptr->count = 1; aplistptr->status = ST_PROBE_REQ; aplistptr->type = AP; memcpy(aplistptr->addr, macap, 6); aplistptr->essidlen = tags.essidlen; memcpy(aplistptr->essid, tags.essid, tags.essidlen); if(cleanbackmac() == false) aplistptr++; if(aplistptr >= aplist +maclistmax) { aplistnew = (maclist_t*)realloc(aplist, (maclistmax +MACLIST_MAX) *MACLIST_SIZE); if(aplistnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } aplist = aplistnew; aplistptr = aplistnew +maclistmax; maclistmax += MACLIST_MAX; } memset(aplistptr, 0, MACLIST_SIZE); aplistptr->timestamp = proberequesttimestamp; aplistptr->count = 1; aplistptr->status = ST_PROBE_REQ; aplistptr->type = CLIENT; memcpy(aplistptr->addr, macclient, 6); aplistptr->essidlen = tags.essidlen; memcpy(aplistptr->essid, tags.essid, tags.essidlen); if(cleanbackmac() == false) aplistptr++; return; } /*===========================================================================*/ static void process80211probe_req(uint64_t proberequesttimestamp, uint8_t *macclient, uint32_t proberequestlen, uint8_t *proberequestptr) { static maclist_t *aplistnew; static tags_t tags; proberequestundirectedcount++; if(proberequestlen < (int)IETAG_SIZE) return; if(gettags(proberequestlen, proberequestptr, &tags) == false) return; if(tags.essidlen == 0) return; if(tags.essid[0] == 0) return; if(aplistptr >= aplist +maclistmax) { aplistnew = (maclist_t*)realloc(aplist, (maclistmax +MACLIST_MAX) *MACLIST_SIZE); if(aplistnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } aplist = aplistnew; aplistptr = aplistnew +maclistmax; maclistmax += MACLIST_MAX; } memset(aplistptr, 0, MACLIST_SIZE); aplistptr->timestamp = proberequesttimestamp; aplistptr->count = 1; aplistptr->status = ST_PROBE_REQ; aplistptr->type = CLIENT; memcpy(aplistptr->addr, macclient, 6); aplistptr->essidlen = tags.essidlen; memcpy(aplistptr->essid, tags.essid, tags.essidlen); if(cleanbackmac() == false) aplistptr++; return; } /*===========================================================================*/ static void process80211probe_resp(uint64_t proberesponsetimestamp, uint8_t *macap, uint32_t proberesponselen, uint8_t *proberesponseptr) { static size_t i; static int apinfolen; static maclist_t *aplistnew; static uint8_t *apinfoptr; static time_t tvproberesponse; static tags_t tags; static bool naf; proberesponsecount++; apinfoptr = proberesponseptr +CAPABILITIESAP_SIZE; apinfolen = proberesponselen -CAPABILITIESAP_SIZE; if(proberesponselen < (int)IETAG_SIZE) return; if(gettags(apinfolen, apinfoptr, &tags) == false) return; if(tags.essidlen == 0) { proberesponsessidunsetcount++; return; } if(tags.essidlen > 32) { beaconssidoversizedcount++; return; } if(memcmp(&tags.essid, &zeroed32, tags.essidlen) == 0) { proberesponsessidzeroedcount++; return; } if(tags.essid[0] == 0) return; if(fh_lts != NULL) { if(tags.essidlen > 0) { naf = false; for(i = 0; i < tags.essidlen; i++) { if(tags.essid[i] < 0x20) { naf = true; break; } } if(naf == false) { tvproberesponse = proberesponsetimestamp /1000000000; fprintf(fh_lts, "%ld\t%d\t%02x%02x%02x%02x%02x%02x\t%.*s\n", tvproberesponse, rssi, macap[0], macap[1], macap[2], macap[3], macap[4], macap[5], tags.essidlen, tags.essid); } } } if(aplistptr >= aplist +maclistmax) { aplistnew = (maclist_t*)realloc(aplist, (maclistmax +MACLIST_MAX) *MACLIST_SIZE); if(aplistnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } aplist = aplistnew; aplistptr = aplistnew +maclistmax; maclistmax += MACLIST_MAX; } memset(aplistptr, 0, MACLIST_SIZE); aplistptr->timestamp = proberesponsetimestamp; aplistptr->count = 1; aplistptr->status = ST_PROBE_RESP; aplistptr->type = AP; memcpy(aplistptr->addr, macap, 6); aplistptr->essidlen = tags.essidlen; memcpy(aplistptr->essid, tags.essid, tags.essidlen); aplistptr->groupcipher = tags.groupcipher; aplistptr->cipher = tags.cipher; aplistptr->akm = tags.akm; aplistptr->manufacturerlen = tags.manufacturerlen; memcpy(aplistptr->manufacturer, tags.manufacturer, tags.manufacturerlen); aplistptr->modellen = tags.modellen; memcpy(aplistptr->model, tags.model, tags.modellen); aplistptr->serialnumberlen = tags.serialnumberlen; memcpy(aplistptr->serialnumber, tags.serialnumber, tags.serialnumberlen); aplistptr->devicenamelen = tags.devicenamelen; memcpy(aplistptr->devicename, tags.devicename, tags.devicenamelen); aplistptr->enrolleelen = tags.enrolleelen; memcpy(aplistptr->enrollee, tags.enrollee, tags.enrolleelen); if(fh_csv != NULL) writecsv(proberesponsetimestamp, macap, &tags); if(cleanbackmac() == false) aplistptr++; if(fh_nmea != NULL) writegpwpl(macap); return; } /*===========================================================================*/ static inline bool processpag(uint8_t *macap, int vendorlen, uint8_t *ieptr) { static int c, p; static const uint8_t mac_pwag[6] = { 0xde, 0xad, 0xbe, 0xef, 0xde, 0xad }; if(ieptr[1] != 0xff) return false; if(vendorlen <= 0x78) return false; if(memcmp(&mac_pwag, macap, 6) != 0) return false; for(p = 2; p < vendorlen -75 ; p++) { if(memcmp(&ieptr[p], "identity", 8) == 0) { for(c = 0; c < 64; c++) { if(!isxdigit((unsigned char)ieptr[p +11 +c])) return false; } pagcount++; return true; } } return false; } /*===========================================================================*/ static void process80211beacon(uint64_t beacontimestamp, uint8_t *macbc, uint8_t *macap, uint32_t beaconlen, uint8_t *beaconptr) { static size_t i; static int apinfolen; static uint8_t *apinfoptr; static time_t tvbeacon; static maclist_t *aplistnew; static tags_t tags; static bool naf; beaconcount++; if(memcmp(&mac_broadcast, macbc, 6) != 0) { broadcastmacerrorcount++; return; } apinfoptr = beaconptr +CAPABILITIESAP_SIZE; apinfolen = beaconlen -CAPABILITIESAP_SIZE; if(apinfoptr[0] == TAG_PAG) { if(processpag(macap, apinfolen, apinfoptr) == true) return; } if(beaconlen < (int)IETAG_SIZE) { beaconerrorcount++; return; } if(gettags(apinfolen, apinfoptr, &tags) == false) { beaconerrorcount++; if(tags.essidlen > 32) beaconssidoversizedcount++; return; } if(tags.essidlen == 0) { beaconssidunsetcount++; return; } if(memcmp(&tags.essid, &zeroed32, tags.essidlen) == 0) { beaconssidzeroedcount++; return; } if(fh_lts != NULL) { if((tags.essidlen > 0) && (tags.essidlen <= 32) && (tags.essid[0] != 0)) { naf = false; for(i = 0; i < tags.essidlen; i++) { if(tags.essid[i] < 0x20) { naf = true; break; } } if(naf == false) { tvbeacon = beacontimestamp /1000000000; fprintf(fh_lts, "%ld\t%d\t%02x%02x%02x%02x%02x%02x\t%.*s\n", tvbeacon, rssi, macap[0], macap[1], macap[2], macap[3], macap[4], macap[5], tags.essidlen, tags.essid); } } } if((tags.channel > 0) && (tags.channel <= 14)) { beaconchannel[0] |= GHZ24; beaconchannel[tags.channel]++; } if((tags.channel > 14) && (tags.channel < CHANNEL_MAX)) { beaconchannel[0] |= GHZ5; beaconchannel[tags.channel]++; } if(tags.essid[0] == 0) return; if(aplistptr >= aplist +maclistmax) { aplistnew = (maclist_t*)realloc(aplist, (maclistmax +MACLIST_MAX) *MACLIST_SIZE); if(aplistnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } aplist = aplistnew; aplistptr = aplistnew +maclistmax; maclistmax += MACLIST_MAX; } memset(aplistptr, 0, MACLIST_SIZE); aplistptr->timestamp = beacontimestamp; aplistptr->count = 1; aplistptr->status = ST_BEACON; aplistptr->type = AP; memcpy(aplistptr->addr, macap, 6); aplistptr->essidlen = tags.essidlen; memcpy(aplistptr->essid, tags.essid, tags.essidlen); aplistptr->groupcipher = tags.groupcipher; aplistptr->cipher = tags.cipher; aplistptr->akm = tags.akm; aplistptr->manufacturerlen = tags.manufacturerlen; memcpy(aplistptr->manufacturer, tags.manufacturer, tags.manufacturerlen); aplistptr->modellen = tags.modellen; memcpy(aplistptr->model, tags.model, tags.modellen); aplistptr->serialnumberlen = tags.serialnumberlen; memcpy(aplistptr->serialnumber, tags.serialnumber, tags.serialnumberlen); aplistptr->devicenamelen = tags.devicenamelen; memcpy(aplistptr->devicename, tags.devicename, tags.devicenamelen); aplistptr->enrolleelen = tags.enrolleelen; memcpy(aplistptr->enrollee, tags.enrollee, tags.enrolleelen); if(fh_csv != NULL) writecsv(beacontimestamp, macap, &tags); if(cleanbackmac() == false) aplistptr++; if(fh_nmea != NULL) writegpwpl(macap); return; } /*===========================================================================*/ static void process80211actionmeasurement(uint64_t actiontimestamp, uint8_t *macclient, uint32_t packetlen, uint8_t *packetptr) { static maclist_t *aplistnew; static tags_t tags; static actmm_t *actmm; if(packetlen < ACTIONMEASUREMENTFRAME_SIZE) return; actmm = (actmm_t*)packetptr; if(actmm->actioncode != ACT_MM_NRREQ) return; packetlen -= (int)ACTIONMEASUREMENTFRAME_SIZE; packetptr += (int)ACTIONMEASUREMENTFRAME_SIZE; if(packetlen < (int)IETAG_SIZE) return; if(gettags(packetlen, packetptr, &tags) == false) return; if(tags.essidlen == 0) return; if(tags.essid[0] == 0) return; if(aplistptr >= aplist +maclistmax) { aplistnew = (maclist_t*)realloc(aplist, (maclistmax +MACLIST_MAX) *MACLIST_SIZE); if(aplistnew == NULL) { fprintf(stderr, "failed to allocate memory for internal list\n"); exit(EXIT_FAILURE); } aplist = aplistnew; aplistptr = aplistnew +maclistmax; maclistmax += MACLIST_MAX; } memset(aplistptr, 0, MACLIST_SIZE); aplistptr->timestamp = actiontimestamp; aplistptr->count = 1; aplistptr->status = ST_ACT_MR_REQ; aplistptr->type = CLIENT; memcpy(aplistptr->addr, macclient, 6); aplistptr->essidlen = tags.essidlen; memcpy(aplistptr->essid, tags.essid, tags.essidlen); if(cleanbackmac() == false) aplistptr++; actionessidcount++; return; } /*===========================================================================*/ static void process80211actionvendor(uint32_t packetlen, uint8_t *packetptr) { static actvf_t *actvf; if(packetlen < ACTIONVENDORFRAME_SIZE) return; actvf = (actvf_t*)packetptr; if(memcmp(actvf->vendor, &ouiapple, 3) == 0) awdlcount++; return; } /*===========================================================================*/ static void process80211action(uint64_t actiontimestamp, uint8_t *macclient, uint32_t packetlen, uint8_t *packetptr) { static actf_t *actf; if(packetlen < ACTIONFRAME_SIZE) return; actf = (actf_t*)packetptr; actioncount++; if(actf->categoriecode == CAT_VENDOR) process80211actionvendor(packetlen, packetptr); else if(actf->categoriecode == CAT_RADIO_MEASUREMENT) process80211actionmeasurement(actiontimestamp, macclient, packetlen, packetptr); return; } /*===========================================================================*/ static void process80211packet(uint64_t packetimestamp, uint32_t packetlen, uint8_t *packetptr) { static mac_t *macfrx; static uint32_t payloadlen; static uint8_t *payloadptr; static uint8_t *llcptr; static llc_t *llc; static uint8_t *mpduptr; static mpdu_t *mpdu; ieee80211flag = true; if(packetlen < (int)MAC_SIZE_NORM) return; macfrx = (mac_t*)packetptr; if((macfrx->from_ds == 1) && (macfrx->to_ds == 1)) { payloadptr = packetptr +MAC_SIZE_LONG; payloadlen = packetlen -MAC_SIZE_LONG; wdscount++; } else { payloadptr = packetptr +MAC_SIZE_NORM; payloadlen = packetlen -MAC_SIZE_NORM; } if(macfrx->type == IEEE80211_FTYPE_MGMT) { if(macfrx->subtype == IEEE80211_STYPE_BEACON) process80211beacon(packetimestamp, macfrx->addr1, macfrx->addr2, payloadlen, payloadptr); else if(macfrx->subtype == IEEE80211_STYPE_PROBE_RESP) process80211probe_resp(packetimestamp, macfrx->addr2, payloadlen, payloadptr); else if(macfrx->subtype == IEEE80211_STYPE_AUTH) process80211authentication(macfrx->addr2, payloadlen, payloadptr); else if(macfrx->subtype == IEEE80211_STYPE_ASSOC_REQ) process80211association_req(packetimestamp, macfrx->addr2, macfrx->addr1, payloadlen, payloadptr); else if(macfrx->subtype == IEEE80211_STYPE_REASSOC_REQ) process80211reassociation_req(packetimestamp, macfrx->addr2, macfrx->addr1, payloadlen, payloadptr); else if(macfrx->subtype == IEEE80211_STYPE_PROBE_REQ) { if(memcmp(&mac_broadcast, macfrx->addr1, 6) == 0) process80211probe_req(packetimestamp, macfrx->addr2, payloadlen, payloadptr); else process80211probe_req_direct(packetimestamp, macfrx->addr2, macfrx->addr1, payloadlen, payloadptr); } else if(macfrx->subtype == IEEE80211_STYPE_ACTION) process80211action(packetimestamp, macfrx->addr2, payloadlen, payloadptr); else if(macfrx->subtype == IEEE80211_STYPE_DEAUTH) { if(macfrx->retry == 0) deauthenticationcount++; } else if(macfrx->subtype == IEEE80211_STYPE_DISASSOC) { if(macfrx->retry == 0) disassociationcount++; } else if(macfrx->subtype == IEEE80211_STYPE_MGTRESERVED) mgtreservedcount++; } else if(macfrx->type == IEEE80211_FTYPE_DATA) { if((macfrx->subtype &IEEE80211_STYPE_QOS_DATA) == IEEE80211_STYPE_QOS_DATA) { payloadptr += QOS_SIZE; payloadlen -= QOS_SIZE; } if(payloadlen < (int)LLC_SIZE) return; llcptr = payloadptr; llc = (llc_t*)llcptr; if(((ntohs(llc->type)) == LLC_TYPE_AUTH) && (llc->dsap == LLC_SNAP) && (llc->ssap == LLC_SNAP)) { process80211eap(packetimestamp, macfrx->addr1, macfrx->addr2, macfrx->addr3, payloadlen -LLC_SIZE, payloadptr +LLC_SIZE); } else if(((ntohs(llc->type)) == LLC_TYPE_IPV4) && (llc->dsap == LLC_SNAP) && (llc->ssap == LLC_SNAP)) { processipv4(packetimestamp, payloadlen -LLC_SIZE, payloadptr +LLC_SIZE); } else if(((ntohs(llc->type)) == LLC_TYPE_IPV6) && (llc->dsap == LLC_SNAP) && (llc->ssap == LLC_SNAP)) { processipv6(packetimestamp, payloadlen -LLC_SIZE, payloadptr +LLC_SIZE); } else if(macfrx->prot ==1) { mpduptr = payloadptr; mpdu = (mpdu_t*)mpduptr; if(((mpdu->keyid >> 5) &1) == 1) wpaenccount++; else if(((mpdu->keyid >> 5) &1) == 0) wepenccount++; } } return; } /*===========================================================================*/ static void processethernetpacket(uint64_t timestamp, uint32_t caplen, uint8_t *packetptr) { static eth2_t *eth2; if(caplen < LLC_SIZE) return; eth2 = (eth2_t*)packetptr; if(ntohs(eth2->ether_type) == LLC_TYPE_IPV4) { processipv4(timestamp, caplen -ETH2_SIZE, packetptr +ETH2_SIZE); } else if(ntohs(eth2->ether_type) == LLC_TYPE_IPV6) { processipv6(timestamp, caplen -ETH2_SIZE, packetptr +ETH2_SIZE); } /* if(ntohs(eth2->ether_type) == LLC_TYPE_AUTH) { process80211networkauthentication(tv_sec, tv_usec, caplen, eth2->addr1, eth2->addr2, packet_ptr); } */ return; } /*===========================================================================*/ static void processlobapacket(uint64_t timestamp, uint32_t caplen, uint8_t *packetptr) { static loba_t *loba; if(caplen < LOBA_SIZE) return; loba = (loba_t*)packetptr; #ifdef BIG_ENDIAN_HOST loba->family = byte_swap_32(loba->family); #endif if(loba->family == LOBA_IPV4) processipv4(timestamp, caplen -LOBA_SIZE, packetptr +LOBA_SIZE); else if(loba->family == LOBA_IPV624) processipv6(timestamp, caplen -LOBA_SIZE, packetptr +LOBA_SIZE); else if(loba->family == LOBA_IPV628) processipv6(timestamp, caplen -LOBA_SIZE, packetptr +LOBA_SIZE); else if(loba->family == LOBA_IPV630) processipv6(timestamp, caplen -LOBA_SIZE, packetptr +LOBA_SIZE); return; } /*===========================================================================*/ static bool getradiotapfield(uint16_t rthlen, uint8_t *capptr) { static int i; static uint16_t pf; static rth_t *rth; static uint32_t *pp; frequency = 0; rth = (rth_t*)capptr; pf = RTH_SIZE; if((rth->it_present & IEEE80211_RADIOTAP_EXT) == IEEE80211_RADIOTAP_EXT) { pp = (uint32_t*)capptr; for(i = 2; i < rthlen /4; i++) { #ifdef BIG_ENDIAN_HOST pp[i] = byte_swap_32(pp[i]); #endif pf += 4; if((pp[i] & IEEE80211_RADIOTAP_EXT) != IEEE80211_RADIOTAP_EXT) break; } } if((rth->it_present & IEEE80211_RADIOTAP_TSFT) == IEEE80211_RADIOTAP_TSFT) { if(pf > rthlen) return false; if((pf %8) != 0) pf += 4; pf += 8; } if((rth->it_present & IEEE80211_RADIOTAP_FLAGS) == IEEE80211_RADIOTAP_FLAGS) { if(pf > rthlen) return false; if((capptr[pf] & 0x50) == 0x50) { fcsbadframecount++; if(donotcleanflag == false) return false; } else if((capptr[pf] & 0x50) == 0x10) { fcsframecount++; } pf += 1; } if((rth->it_present & IEEE80211_RADIOTAP_RATE) == IEEE80211_RADIOTAP_RATE) pf += 1; if((rth->it_present & IEEE80211_RADIOTAP_CHANNEL) == IEEE80211_RADIOTAP_CHANNEL) { if(pf > rthlen) return false; if((pf %2) != 0) pf += 1; frequency = (capptr[pf +1] << 8) + capptr[pf]; usedfrequency[frequency] += 1; if(frequency == 2484) { interfacechannel = 14; band24count++; } else if(frequency < 2484) { interfacechannel = (frequency -2407)/5; band24count++; } else if(frequency >= 4910 && frequency <= 4980) { interfacechannel = (frequency - 4000)/5; band5count++; } else if(frequency < 5925) { interfacechannel = (frequency -5000)/5; band5count++; } else if(frequency == 5935) { interfacechannel = 2; band6count++; } else if((frequency >= 5955) && (frequency <= 7115)) { interfacechannel = (frequency -5950)/5; band6count++; } pf += 4; } if((rth->it_present & IEEE80211_RADIOTAP_FHSS) == IEEE80211_RADIOTAP_FHSS) { if((pf %2) != 0) pf += 1; pf += 2; } if((rth->it_present & IEEE80211_RADIOTAP_DBM_ANTSIGNAL) == IEEE80211_RADIOTAP_DBM_ANTSIGNAL) { if(pf > rthlen) { if(donotcleanflag == false) return false; return true; } rssi = capptr[pf]; } return true; } /*===========================================================================*/ static void processlinktype(uint64_t captimestamp, uint32_t linktype, uint32_t caplen, uint8_t *capptr) { static uint8_t cs; static uint32_t p; static rth_t *rth; static uint32_t packetlen; static uint8_t *packetptr; static ppi_t *ppi; static prism_t *prism; static avs_t *avs; static fcs_t *fcs; static uint32_t crc; rssi = 0; interfacechannel = 0; if(fh_raw_out != NULL) { cs = captimestamp &0xff; cs ^= (captimestamp >> 8) &0xff; cs ^= (captimestamp >> 16) &0xff; cs ^= (captimestamp >> 24) &0xff; cs ^= (captimestamp >> 32) &0xff; cs ^= (captimestamp >> 40) &0xff; cs ^= (captimestamp >> 48) &0xff; cs ^= (captimestamp >> 56) &0xff; cs ^= linktype &0xff; cs ^= (linktype >> 8) &0xff; cs ^= (linktype >> 16) &0xff; cs ^= (linktype >> 24) &0xff; #ifndef BIG_ENDIAN_HOST fprintf(fh_raw_out, "%016" PRIx64 "*%08x*", captimestamp, linktype); #else fprintf(fh_raw_out, "%016" PRIx64 "*%08x*", byte_swap_64(captimestamp), byte_swap_32(linktype)); #endif for(p = 0; p < caplen; p++) { fprintf(fh_raw_out, "%02x", capptr[p]); cs ^= capptr[p]; } fprintf(fh_raw_out, "*%02x\n", cs); } if(captimestamp < captimestampold) sequenceerrorcount++; captimestampold = captimestamp; if(timestampmin == 0) timestampmin = captimestamp; if(timestampmin > captimestamp) timestampmin = captimestamp; if(timestampmax < captimestamp) timestampmax = captimestamp; if(captimestamp == 0) { captimestamp = timestampstart; timestampstart += (eapoltimeoutvalue -2); zeroedtimestampcount++; } if(linktype == DLT_IEEE802_11_RADIO) { if(caplen < RTH_SIZE) { pcapreaderrors++; radiotaperrorcount++; if(fh_log != NULL) fprintf(fh_log, "failed to read radiotap header: %ld\n", rawpacketcount); return; } rth = (rth_t*)capptr; #ifdef BIG_ENDIAN_HOST rth->it_len = byte_swap_16(rth->it_len); rth->it_present = byte_swap_32(rth->it_present); #endif if(rth->it_len >= caplen) { pcapreaderrors++; radiotaperrorcount++; if(fh_log != NULL) fprintf(fh_log, "failed to read radiotap header: %ld\n", rawpacketcount); return; } if(rth->it_version != 0) { pcapreaderrors++; radiotaperrorcount++; if(fh_log != NULL) fprintf(fh_log, "unsupported radiotap header version: %ld\n", rawpacketcount); return; } if(getradiotapfield(rth->it_len, capptr) == false) { pcapreaderrors++; radiotaperrorcount++; return; } packetlen = caplen -rth->it_len; packetptr = capptr +rth->it_len; } else if(linktype == DLT_IEEE802_11) { packetptr = capptr; packetlen = caplen; } else if(linktype == DLT_PPI) { if(caplen < PPI_SIZE) { pcapreaderrors++; fprintf(stdout, "failed to read ppi header\n"); if(fh_log != NULL) fprintf(fh_log, "failed to read ppi header: %ld\n", rawpacketcount); return; } ppi = (ppi_t*)capptr; #ifdef BIG_ENDIAN_HOST ppi->pph_len = byte_swap_16(ppi->pph_len); #endif if(ppi->pph_len > caplen) { pcapreaderrors++; fprintf(stdout, "failed to read ppi header\n"); if(fh_log != NULL) fprintf(fh_log, "failed to read ppi header: %ld\n", rawpacketcount); return; } packetlen = caplen -ppi->pph_len; packetptr = capptr +ppi->pph_len; } else if(linktype == DLT_PRISM_HEADER) { if(caplen < PRISM_SIZE) { pcapreaderrors++; fprintf(stdout, "failed to read prism header\n"); if(fh_log != NULL) fprintf(fh_log, "failed to read prism header: %ld\n", rawpacketcount); return; } prism = (prism_t*)capptr; #ifdef BIG_ENDIAN_HOST prism->msgcode = byte_swap_32(prism->msgcode); prism->msglen = byte_swap_32(prism->msglen); prism->frmlen.data = byte_swap_32(prism->frmlen.data); #endif if(prism->msglen > caplen) { if(prism->frmlen.data > caplen) { pcapreaderrors++; fprintf(stdout, "failed to read prism header\n"); if(fh_log != NULL) fprintf(fh_log, "failed to read prism header: %ld\n", rawpacketcount); return; } prism->msglen = caplen -prism->frmlen.data; } packetlen = caplen -prism->msglen; packetptr = capptr +prism->msglen; } else if(linktype == DLT_IEEE802_11_RADIO_AVS) { if(caplen < AVS_SIZE) { pcapreaderrors++; fprintf(stdout, "failed to read avs header\n"); if(fh_log != NULL) fprintf(fh_log, "failed to read avs header: %ld\n", rawpacketcount); return; } avs = (avs_t*)capptr; #ifdef BIG_ENDIAN_HOST avs->len = byte_swap_32(avs->len); #endif if(avs->len > caplen) { pcapreaderrors++; fprintf(stdout, "failed to read avs header\n"); if(fh_log != NULL) fprintf(fh_log, "failed to read avs header: %ld\n", rawpacketcount); return; } packetlen = caplen -avs->len; packetptr = capptr +avs->len; } else if(linktype == DLT_EN10MB) { if(caplen < ETH2_SIZE) { pcapreaderrors++; fprintf(stdout, "failed to read ethernet header\n"); if(fh_log != NULL) fprintf(fh_log, "failed to read ethernet header: %ld\n", rawpacketcount); return; } processethernetpacket(captimestamp, caplen, capptr); return; } else if(linktype == DLT_NULL) { if(caplen < LOBA_SIZE) { pcapreaderrors++; fprintf(stdout, "failed to read loopback header\n"); if(fh_log != NULL) fprintf(fh_log, "failed to read loopback header: %ld\n", rawpacketcount); return; } processlobapacket(captimestamp, caplen, capptr); return; } else { fprintf(stdout, "unsupported network type %d\n", linktype); if(fh_log != NULL) fprintf(fh_log, "unsupported network type %d: %ld\n", linktype, rawpacketcount); return; } if(packetlen < 4) { pcapreaderrors++; fprintf(stdout, "failed to read packet\n"); if(fh_log != NULL) fprintf(fh_log, "failed to read packet (len < 4): %ld\n", rawpacketcount); return; } fcs = (fcs_t*)(packetptr +packetlen -4); crc = fcscrc32check(packetptr, packetlen -4); #ifdef BIG_ENDIAN_HOST crc = byte_swap_32(crc); #endif if(crc == fcs->fcs) { fcsgoodframecount++; packetlen -= 4; } process80211packet(captimestamp, packetlen, packetptr); return; } /*===========================================================================*/ void processcap(int fd, char *eigenname, char *pcaporgname, char *pcapinname) { static unsigned int res; static off_t resseek; static pcap_hdr_t pcapfhdr; static pcaprec_hdr_t pcaprhdr; static uint64_t timestampcap; static uint8_t packet[MAXPACPSNAPLEN]; ancientdumpfileformat = true; magicblockcount = 0; fprintf(stdout, "%s %s reading from %s...\n", basename(eigenname), VERSION_TAG, basename(pcapinname)); iface = 1; res = read(fd, &pcapfhdr, PCAPHDR_SIZE); if(res != PCAPHDR_SIZE) { pcapreaderrors++; fprintf(stdout, "failed to read pcap header\n"); if(fh_log != NULL) fprintf(fh_log, "failed to read pcap header: %s\n", basename(pcapinname)); return; } #ifdef BIG_ENDIAN_HOST pcapfhdr.magic_number = byte_swap_32(pcapfhdr.magic_number); pcapfhdr.version_major = byte_swap_16(pcapfhdr.version_major); pcapfhdr.version_minor = byte_swap_16(pcapfhdr.version_minor); pcapfhdr.thiszone = byte_swap_32(pcapfhdr.thiszone); pcapfhdr.sigfigs = byte_swap_32(pcapfhdr.sigfigs); pcapfhdr.snaplen = byte_swap_32(pcapfhdr.snaplen); pcapfhdr.network = byte_swap_32(pcapfhdr.network); #endif if(pcapfhdr.magic_number == PCAPMAGICNUMBERBE) { pcapfhdr.magic_number = byte_swap_32(pcapfhdr.magic_number); pcapfhdr.version_major = byte_swap_16(pcapfhdr.version_major); pcapfhdr.version_minor = byte_swap_16(pcapfhdr.version_minor); pcapfhdr.thiszone = byte_swap_32(pcapfhdr.thiszone); pcapfhdr.sigfigs = byte_swap_32(pcapfhdr.sigfigs); pcapfhdr.snaplen = byte_swap_32(pcapfhdr.snaplen); pcapfhdr.network = byte_swap_32(pcapfhdr.network); endianness = 1; } versionmajor = pcapfhdr.version_major; versionminor = pcapfhdr.version_minor; dltlinktype[0] = pcapfhdr.network; if(pcapfhdr.version_major != PCAP_MAJOR_VER) { pcapreaderrors++; fprintf(stdout, "unsupported major pcap version\n"); if(fh_log != NULL) fprintf(fh_log, "unsupported major pcap version: %d\n", pcapfhdr.version_major); return; } if(pcapfhdr.version_minor != PCAP_MINOR_VER) { pcapreaderrors++; fprintf(stdout, "unsupported minor pcap version\n"); if(fh_log != NULL) fprintf(fh_log, "unsupported minor pcap version: %d\n", pcapfhdr.version_minor); return; } if(pcapfhdr.snaplen > MAXPACPSNAPLEN) { pcapreaderrors++; fprintf(stdout, "detected oversized snaplen (%d)\n", pcapfhdr.snaplen); if(fh_log != NULL) fprintf(fh_log, "detected oversized snaplen (%d): %d\n", pcapfhdr.snaplen, pcapfhdr.version_minor); } while(1) { res = read(fd, &pcaprhdr, PCAPREC_SIZE); if(res == 0) break; if(res != PCAPREC_SIZE) { pcapreaderrors++; fprintf(stdout, "failed to read pcap packet header for packet %ld\n", rawpacketcount); if(fh_log != NULL) fprintf(fh_log, "failed to read pcap packet header: %ld\n", rawpacketcount); break; } #ifdef BIG_ENDIAN_HOST pcaprhdr.ts_sec = byte_swap_32(pcaprhdr.ts_sec); pcaprhdr.ts_usec = byte_swap_32(pcaprhdr.ts_usec); pcaprhdr.incl_len = byte_swap_32(pcaprhdr.incl_len); pcaprhdr.orig_len = byte_swap_32(pcaprhdr.orig_len); #endif if(endianness == 1) { pcaprhdr.ts_sec = byte_swap_32(pcaprhdr.ts_sec); pcaprhdr.ts_usec = byte_swap_32(pcaprhdr.ts_usec); pcaprhdr.incl_len = byte_swap_32(pcaprhdr.incl_len); pcaprhdr.orig_len = byte_swap_32(pcaprhdr.orig_len); } if(pcaprhdr.incl_len > pcapfhdr.snaplen) { pcapreaderrors++; if(fh_log != NULL) fprintf(fh_log, "inclusive length > snaplen: %ld\n", rawpacketcount); } if(pcaprhdr.incl_len < MAXPACPSNAPLEN) { rawpacketcount++; res = read(fd, &packet, pcaprhdr.incl_len); if(res != pcaprhdr.incl_len) { pcapreaderrors++; fprintf(stdout, "failed to read packet %ld\n", rawpacketcount); if(fh_log != NULL) fprintf(fh_log, "packet error: %ld\n", rawpacketcount); break; } } else { skippedpacketcount++; resseek = lseek(fd, pcaprhdr.incl_len, SEEK_CUR); if(resseek < 0) { pcapreaderrors++; fprintf(stdout, "failed to set file pointer\n"); if(fh_log != NULL) fprintf(fh_log, "failed to set file pointer: %s\n", basename(pcapinname)); break; } continue; } if(pcaprhdr.incl_len > 0) { timestampcap = ((uint64_t)pcaprhdr.ts_sec *1000000) + pcaprhdr.ts_usec; timestampcap *= 1000; processlinktype(timestampcap, pcapfhdr.network, pcaprhdr.incl_len, packet); } } fprintf(stdout, "\nsummary capture file\n" "--------------------\n" "file name................................: %s\n" "version (pcap/cap).......................: %d.%d (very basic format without any additional information)\n" , basename(pcaporgname), versionmajor, versionminor ); printlinklayerinfo(); cleanupmac(); outputdeviceinfolist(); outputwpalists(); outputeapmd5hashlist(); outputeapleaphashlist(); outputeapmschapv2hashlist(); outputtacacsplist(); outputwordlists(); printcontentinfo(); return; } /*===========================================================================*/ static int pcapngoptionwalk(uint32_t blocktype, uint8_t *optr, int restlen) { static int csn, csc, pn; static int padding; static option_header_t *option; while(0 < restlen) { option = (option_header_t*)optr; #ifdef BIG_ENDIAN_HOST option->option_code = byte_swap_16(option->option_code); option->option_length = byte_swap_16(option->option_length); #endif if(endianness == 1) { option->option_code = byte_swap_16(option->option_code); option->option_length = byte_swap_16(option->option_length); } if(option->option_code == SHB_EOC) return 0; padding = 0; if(option->option_length > OPTIONLEN_MAX) return option->option_length; if((option->option_length %4)) padding = 4 -(option->option_length %4); if(option->option_code == SHB_HARDWARE) { if(option->option_length < OPTIONLEN_MAX) { memset(&pcapnghwinfo, 0, OPTIONLEN_MAX); memcpy(&pcapnghwinfo, option->data, option->option_length); } } else if(option->option_code == SHB_OS) { if(option->option_length < OPTIONLEN_MAX) { memset(&pcapngosinfo, 0, OPTIONLEN_MAX); memcpy(&pcapngosinfo, option->data, option->option_length); } } else if(option->option_code == SHB_USER_APPL) { if(option->option_length < OPTIONLEN_MAX) { memset(&pcapngapplinfo, 0, OPTIONLEN_MAX); memcpy(&pcapngapplinfo, option->data, option->option_length); } } else if(option->option_code == IF_MACADDR) { if(option->option_length == 6) { memset(&pcapngdeviceinfo, 0, 6); memcpy(&pcapngdeviceinfo, option->data, 6); } } else if(option->option_code == IF_TSRESOL) { if(option->option_length == 1) pcapngtimeresolution = option->data[0]; } else if(option->option_code == SHB_CUSTOM_OPT) { if(option->option_length > 40) { if((memcmp(&option->data[0], &hcxmagic, 4) == 0) && (memcmp(&option->data[4], &hcxmagic, 32) == 0)) restlen = pcapngoptionwalk(blocktype, optr +OH_SIZE +36, option->option_length -36); else if((memcmp(&option->data[1], &hcxmagic, 4) == 0) && (memcmp(&option->data[5], &hcxmagic, 32) == 0)) restlen = pcapngoptionwalk(blocktype, optr +OH_SIZE +1 +36, option->option_length -36); } } else if(option->option_code == OPTIONCODE_MACORIG) { if(option->option_length == 6) { memset(&pcapngdeviceinfo, 0, 6); memcpy(&pcapngdeviceinfo, option->data, 6); } } else if(option->option_code == OPTIONCODE_MACAP) { if(option->option_length == 6) memcpy(&myaktap, &option->data, 6); } else if(option->option_code == OPTIONCODE_RC) { if(option->option_length == 8) { myaktreplaycount = option->data[0x07] & 0xff; myaktreplaycount = (myaktreplaycount << 8) + (option->data[0x06] & 0xff); myaktreplaycount = (myaktreplaycount << 8) + (option->data[0x05] & 0xff); myaktreplaycount = (myaktreplaycount << 8) + (option->data[0x04] & 0xff); myaktreplaycount = (myaktreplaycount << 8) + (option->data[0x03] & 0xff); myaktreplaycount = (myaktreplaycount << 8) + (option->data[0x02] & 0xff); myaktreplaycount = (myaktreplaycount << 8) + (option->data[0x01] & 0xff); myaktreplaycount = (myaktreplaycount << 8) + (option->data[0x00] & 0xff); if(endianness == 1) myaktreplaycount = byte_swap_64(myaktreplaycount); } } else if(option->option_code == OPTIONCODE_ANONCE) { if(option->option_length == 32) memcpy(&myaktanonce, &option->data, 32); } else if(option->option_code == OPTIONCODE_MACCLIENT) { if(option->option_length == 6) memcpy(&myaktclient, &option->data, 6); } else if(option->option_code == OPTIONCODE_SNONCE) { if(option->option_length == 32) memcpy(&myaktsnonce, &option->data, 32); } else if(option->option_code == OPTIONCODE_WEAKCANDIDATE) { if(option->option_length < 64) memcpy(&pcapngweakcandidate, &option->data, option->option_length); } else if(option->option_code == OPTIONCODE_NMEA) { memset(&nmeasentence, 0, OPTIONLEN_MAX); if(option->option_length >= 48) { nmealen = option->option_length; memcpy(&nmeasentence, &option->data, option->option_length); csc = 0; csn = 0; pn = 1; while((nmeasentence[pn] != 0) && (nmeasentence[pn] != '*')) { csn ^= nmeasentence[pn]; pn++; } if(nmeasentence[pn] == '*') { csc = strtol(&nmeasentence[option->option_length -2], NULL, 16); if(csn == csc) { if(fh_nmea!= NULL) fprintf(fh_nmea, "%s\n", nmeasentence); nmeacount++; } else { nmealen = 0; nmeaerrorcount++; } } } } optr += option->option_length +padding +OH_SIZE; restlen -= option->option_length +padding +OH_SIZE; } return 0; } /*===========================================================================*/ void processpcapng(int fd, char *eigenname, char *pcaporgname, char *pcapinname) { static unsigned int res; static off_t fdsize; static off_t aktseek; static off_t resseek; static uint32_t snaplen; static uint32_t blocktype; static uint32_t blocklen; static uint32_t blockmagic; static uint64_t timestamppcapng; static int padding; static block_header_t *pcapngbh; static section_header_block_t *pcapngshb; static interface_description_block_t *pcapngidb; static packet_block_t *pcapngpb; static enhanced_packet_block_t *pcapngepb; static custom_block_t *pcapngcb; static int interfaceid[MAX_INTERFACE_ID]; static uint8_t pcpngblock[2 *MAXPACPSNAPLEN]; static uint8_t packet[MAXPACPSNAPLEN]; magicblockcount = 0; ancientdumpfileformat = false; fprintf(stdout, "%s %s reading from %s...\n", basename(eigenname), VERSION_TAG, basename(pcapinname)); iface = 0; nmealen = 0; memset(&interfaceid, 0, sizeof(int) *MAX_INTERFACE_ID); fdsize = lseek(fd, 0, SEEK_END); if(fdsize < 0) { pcapreaderrors++; fprintf(stdout, "failed to get file size\n"); if(fh_log != NULL) fprintf(fh_log, "failed to get file size: %s\n", basename(pcapinname)); return; } aktseek = lseek(fd, 0L, SEEK_SET); if(aktseek < 0) { pcapreaderrors++; fprintf(stdout, "failed to set file pointer\n"); if(fh_log != NULL) fprintf(fh_log, "failed to set file pointer: %s\n", basename(pcapinname)); return; } snaplen = 0; memset(&packet, 0, MAXPACPSNAPLEN); while(1) { aktseek = lseek(fd, 0, SEEK_CUR); if(aktseek < 0) { pcapreaderrors++; fprintf(stdout, "failed to set file pointer\n"); if(fh_log != NULL) fprintf(fh_log, "failed to set file pointer: %s\n", basename(pcapinname)); break; } res = read(fd, &pcpngblock, BH_SIZE); if(res == 0) { break; } if(res != BH_SIZE) { pcapreaderrors++; fprintf(stdout, "failed to read block header\n"); if(fh_log != NULL) fprintf(fh_log, "failed to read block header: %s\n", basename(pcapinname)); break; } pcapngbh = (block_header_t*)pcpngblock; blocktype = pcapngbh->block_type; blocklen = pcapngbh->total_length; blockmagic = pcapngbh->byte_order_magic; #ifdef BIG_ENDIAN_HOST blocktype = byte_swap_32(blocktype); blocklen = byte_swap_32(blocklen); blockmagic = byte_swap_32(blockmagic); #endif if(blocktype == PCAPNGBLOCKTYPE) { if(blockmagic == PCAPNGMAGICNUMBERBE) endianness = 1; } if(endianness == 1) { blocktype = byte_swap_32(blocktype); blocklen = byte_swap_32(blocklen); } if((blocklen > (2 *MAXPACPSNAPLEN)) || ((blocklen %4) != 0)) { pcapreaderrors++; fprintf(stdout, "failed to read pcapng block header\n"); if(fh_log != NULL) fprintf(fh_log, "failed to read pcapng block header: %ld\n", rawpacketcount); break; } resseek = lseek(fd, aktseek, SEEK_SET); if(resseek < 0) { pcapreaderrors++; fprintf(stdout, "failed to set file pointer\n"); if(fh_log != NULL) fprintf(fh_log, "failed to set file pointer: %s\n", basename(pcapinname)); break; } res = read(fd, &pcpngblock, blocklen); if((res < BH_SIZE) || (res != blocklen)) { pcapreaderrors++; fprintf(stdout, "failed to read pcapng block header\n"); if(fh_log != NULL) fprintf(fh_log, "failed to read pcapng block header: %ld\n", rawpacketcount); break; } if(memcmp(&pcpngblock[4], &pcpngblock[ blocklen -4], 4) != 0) { pcapreaderrors++; fprintf(stdout, "failed to read pcapng block header \n"); if(fh_log != NULL) fprintf(fh_log, "failed to read pcapng block header: %ld\n", rawpacketcount); break; } if(blocktype == PCAPNGBLOCKTYPE) { pcapngshb = (section_header_block_t*)pcpngblock; #ifdef BIG_ENDIAN_HOST pcapngshb->major_version = byte_swap_16(pcapngshb->major_version); pcapngshb->minor_version = byte_swap_16(pcapngshb->minor_version); pcapngshb->section_length = byte_swap_64(pcapngshb->section_length); #endif if(endianness == 1) { pcapngshb->major_version = byte_swap_16(pcapngshb->major_version); pcapngshb->minor_version = byte_swap_16(pcapngshb->minor_version); pcapngshb->section_length = byte_swap_64(pcapngshb->section_length); } versionmajor = pcapngshb->major_version; versionminor = pcapngshb->minor_version; if(pcapngshb->major_version != PCAPNG_MAJOR_VER) { pcapreaderrors++; fprintf(stdout, "unsupported major pcapng version\n"); if(fh_log != NULL) fprintf(fh_log, "unsupported major pcapng version: %d\n", pcapngshb->major_version); break; } if(pcapngshb->minor_version != PCAPNG_MINOR_VER) { pcapreaderrors++; fprintf(stdout, "unsupported minor pcapng version\n"); if(fh_log != NULL) fprintf(fh_log, "unsupported minor pcapng version: %d\n", pcapngshb->minor_version); break; } if(pcapngoptionwalk(blocktype, pcapngshb->data, blocklen -SHB_SIZE) != 0) pcapreaderrors++; } else if(blocktype == IDBID) { pcapngidb = (interface_description_block_t*)pcpngblock; #ifdef BIG_ENDIAN_HOST pcapngidb->linktype = byte_swap_16(pcapngidb->linktype); pcapngidb->snaplen = byte_swap_32(pcapngidb->snaplen); #endif if(endianness == 1) { pcapngidb->linktype = byte_swap_16(pcapngidb->linktype); pcapngidb->snaplen = byte_swap_32(pcapngidb->snaplen); } snaplen = pcapngidb->snaplen; if(pcapngoptionwalk(blocktype, pcapngidb->data, blocklen -IDB_SIZE) != 0) pcapreaderrors++; if(snaplen > MAXPACPSNAPLEN) { pcapreaderrors++; fprintf(stdout, "detected oversized snaplen (%d)\n", snaplen); if(fh_log != NULL) fprintf(fh_log, "detected oversized snaplen: %ld\n", rawpacketcount); } if(iface >= MAX_INTERFACE_ID) { pcapreaderrors++; fprintf(stdout, "maximum of supported interfaces reached: %d\n", iface); if(fh_log != NULL) fprintf(fh_log, "maximum of supported interfaces reached: %d\n", iface); continue; } dltlinktype[iface] = pcapngidb->linktype; timeresolval[iface] = pcapngtimeresolution; iface++; } else if(blocktype == PBID) { pcapngpb = (packet_block_t*)pcpngblock; #ifdef BIG_ENDIAN_HOST pcapngpb->caplen = byte_swap_32(pcapngpb->caplen); #endif if(endianness == 1) pcapngpb->caplen = byte_swap_32(pcapngpb->caplen); timestamppcapng = 0; if(pcapngpb->caplen > MAXPACPSNAPLEN) { pcapreaderrors++; fprintf(stdout, "caplen > MAXSNAPLEN (%d > %d)\n", pcapngpb->caplen, MAXPACPSNAPLEN); if(fh_log != NULL) fprintf(fh_log, "caplen > MAXSNAPLEN: %ld\n", rawpacketcount); continue; } if(pcapngpb->caplen > blocklen) { pcapreaderrors++; fprintf(stdout, "caplen > blocklen (%d > %d)\n", pcapngpb->caplen, blocklen); if(fh_log != NULL) fprintf(fh_log, "caplen > blocklen: %ld\n", rawpacketcount); continue; } rawpacketcount++; processlinktype(timestamppcapng, dltlinktype[0], pcapngpb->caplen, pcapngpb->data); } else if(blocktype == SPBID) continue; else if(blocktype == NRBID) continue; else if(blocktype == ISBID) continue; else if(blocktype == EPBID) { pcapngepb = (enhanced_packet_block_t*)pcpngblock; #ifdef BIG_ENDIAN_HOST pcapngepb->interface_id = byte_swap_32(pcapngepb->interface_id); pcapngepb->timestamp_high = byte_swap_32(pcapngepb->timestamp_high); pcapngepb->timestamp_low = byte_swap_32(pcapngepb->timestamp_low); pcapngepb->caplen = byte_swap_32(pcapngepb->caplen); pcapngepb->len = byte_swap_32(pcapngepb->len); #endif if(endianness == 1) { pcapngepb->interface_id = byte_swap_32(pcapngepb->interface_id); pcapngepb->timestamp_high = byte_swap_32(pcapngepb->timestamp_high); pcapngepb->timestamp_low = byte_swap_32(pcapngepb->timestamp_low); pcapngepb->caplen = byte_swap_32(pcapngepb->caplen); pcapngepb->len = byte_swap_32(pcapngepb->len); } if(pcapngepb->interface_id >= iface) { pcapreaderrors++; fprintf(stdout, "maximum of supported interfaces reached: %d\n", iface); if(fh_log != NULL) fprintf(stdout, "maximum of supported interfaces reached: %d\n", iface); continue; } timestamppcapng = pcapngepb->timestamp_high; timestamppcapng = (timestamppcapng << 32) +pcapngepb->timestamp_low; if(timeresolval[pcapngepb->interface_id] == TSRESOL_USEC) { timestamppcapng = pcapngepb->timestamp_high; timestamppcapng = (timestamppcapng << 32) +pcapngepb->timestamp_low; timestamppcapng *= 1000; } if(pcapngepb->caplen != pcapngepb->len) { pcapreaderrors++; fprintf(stdout, "caplen != len (%d != %d)\n", pcapngepb->caplen, pcapngepb->len); if(fh_log != NULL) fprintf(fh_log, "caplen != len: %ld\n", rawpacketcount); continue; } if(pcapngepb->caplen > MAXPACPSNAPLEN) { pcapreaderrors++; fprintf(stdout, "caplen > MAXSNAPLEN (%d > %d)\n", pcapngepb->caplen, MAXPACPSNAPLEN); if(fh_log != NULL) fprintf(fh_log, "caplen > MAXSNAPLEN: %ld\n", rawpacketcount); continue; } if(pcapngepb->caplen > blocklen) { pcapreaderrors++; fprintf(stdout, "caplen > blocklen (%d > %d)\n", pcapngepb->caplen, blocklen); if(fh_log != NULL) fprintf(fh_log, "caplen > blocklen: %ld\n", rawpacketcount); continue; } rawpacketcount++; processlinktype(timestamppcapng, dltlinktype[pcapngepb->interface_id], pcapngepb->caplen, pcapngepb->data); padding = 0; if((pcapngepb->caplen %4) != 0) padding = 4 -(pcapngepb->caplen %4); if(pcapngoptionwalk(blocktype, pcapngepb->data +pcapngepb->caplen +padding, blocklen -EPB_SIZE -pcapngepb->caplen -padding) != 0) pcapreaderrors++; } else if(blocktype == CBID) { pcapngcb = (custom_block_t*)pcpngblock; if(blocklen < CB_SIZE) { skippedpacketcount++; continue; } if(memcmp(pcapngcb->pen, &hcxmagic, 4) != 0) { skippedpacketcount++; continue; } if(memcmp(pcapngcb->hcxm, &hcxmagic, 32) != 0) { skippedpacketcount++; continue; } magicblockcount++; if(pcapngoptionwalk(blocktype, pcapngcb->data, blocklen -CB_SIZE) != 0) pcapreaderrors++; } else { skippedpacketcount++; } } fprintf(stdout, "\nsummary capture file\n" "--------------------\n" "file name................................: %s\n" "version (pcapng).........................: %d.%d\n" "operating system.........................: %s\n" "application..............................: %s\n" "interface name...........................: %s\n" "interface vendor.........................: %02x%02x%02x\n" "openSSL version..........................: %d.%d\n" "weak candidate...........................: %s\n" "MAC ACCESS POINT.........................: %02x%02x%02x%02x%02x%02x (incremented on every new client)\n" "MAC CLIENT...............................: %02x%02x%02x%02x%02x%02x\n" "REPLAYCOUNT..............................: %" PRIu64 "\n" "ANONCE...................................: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n" "SNONCE...................................: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n" , basename(pcaporgname), versionmajor, versionminor, pcapngosinfo, pcapngapplinfo, pcapnghwinfo, pcapngdeviceinfo[0], pcapngdeviceinfo[1], pcapngdeviceinfo[2], opensslversionmajor, opensslversionminor, pcapngweakcandidate, myaktap[0], myaktap[1], myaktap[2], myaktap[3], myaktap[4], myaktap[5], myaktclient[0], myaktclient[1], myaktclient[2], myaktclient[3], myaktclient[4], myaktclient[5], myaktreplaycount, myaktanonce[0], myaktanonce[1], myaktanonce[2], myaktanonce[3], myaktanonce[4], myaktanonce[5], myaktanonce[6], myaktanonce[7], myaktanonce[8], myaktanonce[9], myaktanonce[10], myaktanonce[11], myaktanonce[12], myaktanonce[13], myaktanonce[14], myaktanonce[15], myaktanonce[16], myaktanonce[17], myaktanonce[18], myaktanonce[19], myaktanonce[20], myaktanonce[21], myaktanonce[22], myaktanonce[23], myaktanonce[24], myaktanonce[25], myaktanonce[26], myaktanonce[27], myaktanonce[28], myaktanonce[29], myaktanonce[30], myaktanonce[31], myaktsnonce[0], myaktsnonce[1], myaktsnonce[2], myaktsnonce[3], myaktsnonce[4], myaktsnonce[5], myaktsnonce[6], myaktsnonce[7], myaktsnonce[8], myaktsnonce[9], myaktsnonce[10], myaktsnonce[11], myaktsnonce[12], myaktsnonce[13], myaktsnonce[14], myaktsnonce[15], myaktsnonce[16], myaktsnonce[17], myaktsnonce[18], myaktsnonce[19], myaktsnonce[20], myaktsnonce[21], myaktsnonce[22], myaktsnonce[23], myaktsnonce[24], myaktsnonce[25], myaktsnonce[26], myaktsnonce[27], myaktsnonce[28], myaktsnonce[29], myaktsnonce[30], myaktsnonce[31] ); printlinklayerinfo(); cleanupmac(); outputdeviceinfolist(); outputwpalists(); outputwordlists(); outputeapmd5hashlist(); outputeapleaphashlist(); outputeapmschapv2hashlist(); outputtacacsplist(); printcontentinfo(); return; } /*===========================================================================*/ static bool processtrackfile(char *trackinname) { static FILE *fh_trackin; if((fh_trackin = fopen(trackinname, "r")) == NULL) { } fclose(fh_trackin); return true; } /*===========================================================================*/ static bool processcapfile(char *eigenname, char *pcapinname) { static int resseek; static uint32_t magicnumber; static char *pcapnameptr; #ifdef WANTZLIB static char *pcaptempnameptr; static char tmpoutname[PATH_MAX +1]; #endif #ifdef WANTZLIB pcaptempnameptr = NULL; #endif pcapnameptr = pcapinname; #ifdef WANTZLIB ancientdumpfileformat = false; radiotappresent = false; if(testgzipfile(pcapinname) == true) { memset(&tmpoutname, 0, PATH_MAX); snprintf(tmpoutname, PATH_MAX, "/tmp/%s.tmp", basename(pcapinname)); if(decompressgz(pcapinname, tmpoutname) == false) return false; gzipstat++; pcaptempnameptr = tmpoutname; pcapnameptr = tmpoutname; } #endif jtrbasenamedeprecated = pcapinname; fd_pcap = open(pcapnameptr, O_RDONLY); if(fd_pcap == -1) { perror("failed to open file"); return false; } magicnumber = getmagicnumber(fd_pcap); resseek = lseek(fd_pcap, 0L, SEEK_SET); if(resseek < 0) { pcapreaderrors++; fprintf(stdout, "failed to set file pointer\n"); if(fh_log != NULL) fprintf(fh_log, "failed to set file pointer: %s\n", pcapinname); return false; } if(magicnumber == PCAPNGBLOCKTYPE) { if(initlists() == true) { processpcapng(fd_pcap, eigenname, pcapinname, pcapnameptr); pcapngstat++; close(fd_pcap); closelists(); } } else if((magicnumber == PCAPMAGICNUMBER) || (magicnumber == PCAPMAGICNUMBERBE)) { if(magicnumber == PCAPMAGICNUMBERBE) endianness = 1; if(initlists() == true) { processcap(fd_pcap, eigenname, pcapinname, pcapnameptr); capstat++; close(fd_pcap); closelists(); } } else { fprintf(stdout, "unsupported dump file format: %s\n", pcapinname); return false; } #ifdef WANTZLIB if(pcaptempnameptr != NULL) remove(pcaptempnameptr); #endif return true; } /*===========================================================================*/ static bool processrawfile(char *rawinname) { static int len; static int pos; static long int linecount; static FILE *fh_raw_in; static uint64_t timestampraw; static uint16_t linktyperaw; static uint8_t cs, ct; static uint32_t caplenraw; uint8_t idx0; uint8_t idx1; static char *csptr; static char *stopptr = NULL; static uint8_t hashmap[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, // 01234567 0x08, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 89:;<=>? 0x00, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00, // @ABCDEFG 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // HIJKLMNO 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // PQRSTUVW 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // XYZ[\]^_ 0x00, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00, // `abcdefg 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // hijklmno }; static char linein[RAW_LEN_MAX]; static uint8_t packet[MAXPACPSNAPLEN]; if(initlists() == false) return false; if((fh_raw_in = fopen(rawinname, "r")) == NULL) { fprintf(stderr, "failed to open raw file %s\n", rawinname); return false; } linecount = 0; while(1) { if((len = fgetline(fh_raw_in, RAW_LEN_MAX, linein)) == -1) break; linecount++; if(len < 30) continue; if((linein[16] != '*') && (linein[25] != '*')) { fprintf(stdout, "delimiter error line: %ld\n", linecount); if(fh_log != NULL) fprintf(fh_log, "delimiter error line: %ld\n", linecount); pcapreaderrors++; continue; } csptr = strchr(linein +26, '*'); if(csptr == NULL) { fprintf(stdout, "delimiter error line: %ld\n", linecount); if(fh_log != NULL) fprintf(fh_log, "delimiter error line: %ld\n", linecount); pcapreaderrors++; continue; } if(((csptr -linein) %2) != 0) { fprintf(stdout, "delimiter error line: %ld\n", linecount); if(fh_log != NULL) fprintf(fh_log, "delimiter error line: %ld\n", linecount); pcapreaderrors++; continue; } if((len -(csptr -linein)) < 3) { fprintf(stdout, "delimiter error line: %ld\n", linecount); if(fh_log != NULL) fprintf(fh_log, "delimiter error line: %ld\n", linecount); pcapreaderrors++; continue; } timestampraw = strtoull(linein, &stopptr, 16); if((stopptr == NULL) || ((stopptr -linein) != 16)) { fprintf(stdout, "timestamp error line: %ld\n", linecount); if(fh_log != NULL) fprintf(fh_log, "timestamp error line: %ld\n", linecount); pcapreaderrors++; continue; } #ifdef BIG_ENDIAN_HOST timestampraw = byte_swap_64(timestampraw); #endif linktyperaw = strtoul(&linein[17], &stopptr, 16); if((stopptr == NULL) || ((stopptr -linein) != 25)) { fprintf(stdout, "linktype error line: %ld\n", linecount); if(fh_log != NULL) fprintf(fh_log, "linktype error line: %ld\n", linecount); pcapreaderrors++; continue; } #ifdef BIG_ENDIAN_HOST linktyperaw = byte_swap_16(linktyperaw); #endif cs = timestampraw &0xff; cs ^= (timestampraw >> 8) &0xff; cs ^= (timestampraw >> 16) &0xff; cs ^= (timestampraw >> 24) &0xff; cs ^= (timestampraw >> 32) &0xff; cs ^= (timestampraw >> 40) &0xff; cs ^= (timestampraw >> 48) &0xff; cs ^= (timestampraw >> 56) &0xff; cs ^= linktyperaw &0xff; cs ^= (linktyperaw >> 8) &0xff; cs ^= (linktyperaw >> 16) &0xff; cs ^= (linktyperaw >> 24) &0xff; caplenraw = 0; for (pos = 0; ((pos < MAXPACPSNAPLEN) && (pos < RAW_LEN_MAX)); pos += 2) { if(linein[26 +pos] == 0) { fprintf(stdout, "frame error line: %ld\n", linecount); if(fh_log != NULL) fprintf(fh_log, "frame error line: %ld\n", linecount); pcapreaderrors++; continue; } if(linein[26 +pos] == '*') break; idx0 = ((uint8_t)linein[26 +pos +0] & 0x1F) ^ 0x10; idx1 = ((uint8_t)linein[26 +pos +1] & 0x1F) ^ 0x10; packet[pos/2] = (uint8_t)(hashmap[idx0] << 4) | hashmap[idx1]; cs ^= packet[pos/2]; caplenraw++; }; if((len -pos -26) < 3) { fprintf(stdout, "line length error: %ld\n", linecount); if(fh_log != NULL) fprintf(fh_log, "line length error: %ld\n", linecount); pcapreaderrors++; continue; } ct = strtoul(&linein[26 +pos +1], &stopptr, 16); if((stopptr == NULL) || ((stopptr -linein) != len)) { fprintf(stdout, "line length error: %ld\n", linecount); if(fh_log != NULL) fprintf(fh_log, "line length error: %ld\n", linecount); pcapreaderrors++; continue; } if(ct != cs) { fprintf(stdout, "checksum error: %ld\n", linecount); if(fh_log != NULL) fprintf(fh_log, "checksum error: %ld\n", linecount); pcapreaderrors++; continue; } processlinktype(timestampraw, linktyperaw, caplenraw, packet); rawpacketcount++; } fprintf(stdout, "\nsummary raw file\n" "----------------\n" "file name................................: %s\n" "lines read...............................: %ld\n" , basename(rawinname),linecount); printlinklayerinfo(); cleanupmac(); outputdeviceinfolist(); outputwpalists(); outputwordlists(); outputeapmd5hashlist(); outputeapleaphashlist(); outputeapmschapv2hashlist(); printcontentinfo(); fclose(fh_raw_in); return true ; } /*===========================================================================*/ static bool testfilename(char *filename1, char *filename2) { if(filename1 == NULL) return false; if(filename2 == NULL) return false; if(strcmp(filename1, filename2) != 0) return false; fprintf(stdout, "same file names for different file types is not allowed: %s - %s\n", filename1, filename2); return true; } /*===========================================================================*/ static bool evpdeinitwpa(void) { if(ctxhmac != NULL) { EVP_MAC_CTX_free(ctxhmac); EVP_MAC_free(hmac); } if(ctxcmac != NULL) { EVP_MAC_CTX_free(ctxcmac); EVP_MAC_free(cmac); } EVP_cleanup(); CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); return true; } /*===========================================================================*/ static bool evpinitwpa(void) { static unsigned long opensslversion; ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); opensslversion = OpenSSL_version_num(); opensslversionmajor = (opensslversion & 0x10000000L) >> 28; opensslversionminor = (opensslversion & 0x01100000L) >> 20; hmac = NULL; ctxhmac = NULL; cmac = NULL; ctxcmac = NULL; hmac = EVP_MAC_fetch(NULL, "hmac", NULL); if(hmac == NULL) return false; cmac = EVP_MAC_fetch(NULL, "cmac", NULL); if(cmac == NULL) return false; char md5[] = "md5"; paramsmd5[0] = OSSL_PARAM_construct_utf8_string("digest", md5, 0); paramsmd5[1] = OSSL_PARAM_construct_end(); char sha1[] = "sha1"; paramssha1[0] = OSSL_PARAM_construct_utf8_string("digest", sha1, 0); paramssha1[1] = OSSL_PARAM_construct_end(); char sha256[] = "sha256"; paramssha256[0] = OSSL_PARAM_construct_utf8_string("digest", sha256, 0); paramssha256[1] = OSSL_PARAM_construct_end(); char aes[] = "aes-1280-cbc"; paramsaes128[0] = OSSL_PARAM_construct_utf8_string("cipher", aes, 0); paramsaes128[1] = OSSL_PARAM_construct_end(); ctxhmac = EVP_MAC_CTX_new(hmac); if(ctxhmac == NULL) return false; ctxcmac = EVP_MAC_CTX_new(cmac); if(ctxcmac == NULL) return false; return true; } /*===========================================================================*/ __attribute__ ((noreturn)) void version(char *eigenname) { fprintf(stdout, "%s %s (C) %s ZeroBeat\n", eigenname, VERSION_TAG, VERSION_YEAR); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) void usage(char *eigenname) { fprintf(stdout, "%s %s (C) %s ZeroBeat\n" "convert pcapng, pcap and cap files to hash formats that hashcat and JtR use\n" "usage:\n" "%s \n" "%s input.pcapng\n" "%s *.pcapng\n" "%s *.pcap\n" "%s *.cap\n" "%s *.*\n" "\n" "short options:\n" "-o : output WPA-PBKDF2-PMKID+EAPOL hash file (hashcat -m 22000)\n" " get full advantage of reuse of PBKDF2 on PMKID and EAPOL\n" "-E : output wordlist (autohex enabled on non ASCII characters) to use as input wordlist for cracker\n" " retrieved from every frame that contain an ESSID\n" "-R : output wordlist (autohex enabled on non ASCII characters) to use as input wordlist for cracker\n" " retrieved from PROBEREQUEST frames only\n" "-I : output unsorted identity list to use as input wordlist for cracker\n" "-U : output unsorted username list to use as input wordlist for cracker\n" "-D : output device information list\n" " format MAC MANUFACTURER MODELNAME SERIALNUMBER DEVICENAME UUID ESSID\n" "-h : show this help\n" "-v : show version\n" "\n" "long options:\n" "--all : convert all possible hashes instead of only the best one\n" " that can lead to much overhead hashes\n" " use hcxhashtool to filter hashes\n" " need hashcat --nonce-error-corrections >= 8\n" "--eapoltimeout= : set EAPOL TIMEOUT (milliseconds)\n" " : default: %llu ms\n" "--nonce-error-corrections= : set nonce error correction\n" " warning: values > 0 can lead to uncrackable handshakes\n" " : default: %d\n" "--ignore-ie : do not use CIPHER and AKM information\n" " this will convert all frames regadless of\n" " CIPHER and/OR AKM information,\n" " and can lead to uncrackable hashes\n" "--max-essids= : maximum allowed ESSIDs\n" " default: %d ESSID\n" " disregard ESSID changes and take ESSID with highest ranking\n" "--eapmd5= : output EAP MD5 CHALLENGE (hashcat -m 4800)\n" "--eapmd5-john= : output EAP MD5 CHALLENGE (john chap)\n" "--eapleap= : output EAP LEAP and MSCHAPV2 CHALLENGE (hashcat -m 5500, john netntlm)\n" "--tacacs-plus= : output TACACS PLUS v1 (hashcat -m 16100, john tacacs-plus)\n" // "--track= : input TRACK file (No,Latitude,Longitude,Altitude,Date,Time)\n" // " gpsbabel -t -i GPS_IN_FORMAT -f GPS_IN_FILE -o unicsv -F TRACK_FILE\n" // " gpsbabel -t -i GPS_IN_FORMAT -f GPS_IN_FILE -x track,move=TIME_ADJUST_TO_SYSTEM_CLOCKTIME -o unicsv -F TRACK_FILE\n" "--nmea= : output GPS data in NMEA 0183 format\n" " format: NMEA 0183 $GPGGA, $GPRMC, $GPWPL\n" " to convert it to gpx, use GPSBabel:\n" " gpsbabel -i nmea -f hcxdumptool.nmea -o gpx,gpxver=1.1 -F hcxdumptool.gpx\n" " to display the track, open file.gpx with viking\n" "--csv= : output ACCESS POINT information in CSV format\n" " delimiter: tabulator (0x08)\n" " columns:\n" " YYYY-MM-DD HH:MM:SS MAC_AP ESSID ENC_TYPE CIPHER AKM COUNTRY_INFO CHANNEL RSSI GPS(DM.m) GPS(D.d) GPSFIX SATCOUNT HDOP ALTITUDE UNIT\n" " GPS FIX:\n" " 0 = fix not available or invalid\n" " 1 = fix valid (GPS SPS mode)\n" " 2 = fix valid (differential GPS SPS Mode)\n" " 3 = not supported\n" " 4 = not supported\n" " 5 = not supported\n" " 6 = fix valid (Dead Reckoning Mode)\n" " to convert it to other formats, use bash tools or scripting languages\n" "\n", eigenname, VERSION_TAG, VERSION_YEAR, eigenname, eigenname, eigenname, eigenname, eigenname, eigenname, EAPOLTIMEOUT / 1000000, NONCEERRORCORRECTION, ESSIDSMAX); fprintf(stdout, "--log= : output logfile\n" "--raw-out= : output frames in HEX ASCII\n" " : format: TIMESTAMP*LINKTYPE*FRAME*CHECKSUM\n" "--raw-in= : input frames in HEX ASCII\n" " : format: TIMESTAMP*LINKTYPE*FRAME*CHECKSUM\n" "--lts= : output BSSID list to sync with external GPS data\n" " format: LINUX timestamp RSSI MAC_AP ESSID\n" "--pmkid-client= : output WPA-(MESH/REPEATER)-PMKID hash file (hashcat -m 22000)\n" "--pmkid= : output deprecated PMKID file (delimiter *)\n" "--hccapx= : output deprecated hccapx v4 file\n" "--hccap= : output deprecated hccap file\n" "--john= : output deprecated PMKID/EAPOL (JtR wpapsk-opencl/wpapsk-pmk-opencl)\n"); fprintf(stdout, "--prefix= : convert everything to lists using this prefix (overrides single options):\n" " -o : output PMKID/EAPOL hash file\n" " -E : output wordlist (autohex enabled on non ASCII characters) to use as input wordlist for cracker\n" " -I : output unsorted identity list to use as input wordlist for cracker\n" " -U : output unsorted username list to use as input wordlist for cracker\n" " --eapmd5= : output EAP MD5 CHALLENGE (hashcat -m 4800)\n" " --eapleap= : output EAP LEAP and MSCHAPV2 CHALLENGE (hashcat -m 5500, john netntlm)\n" " --tacacs-plus= : output TACACS+ (hashcat -m 16100, john tacacs-plus)\n" " --nmea= : output GPS data in NMEA 0183 format\n" "--add-timestamp : add date/time and EAPOL TIME gap (time between two EAPOL MESSAGEs in nsec) to hash line\n" " this must be filtered out before feeding hashcat with the hash, e.g. by awk:\n" " cat hash.hc22000 | awk '{print $1}' > hashremovedtimestamp.hc22000\n" "--help : show this help\n" "--version : show version\n" "bitmask of PMKID hash line (WPA*01) message pair field:\n" "0: reserved\n" "1: PMKID taken from AP\n" "2: PMKID taken from AP possible PSKSHA256 FT using PSK\n" "3: reserved\n" "4: PMKID taken from CLIENT (wlan.da: possible MESH or REPEATER)\n" "5: reserved\n" "6: reserved\n" "7: reserved\n" "\n" "bitmask of EAPOL hash line (WPA*02) message pair field:\n" "2,1,0:\n" " 000 = M1+M2, EAPOL from M2 (challenge)\n" " 001 = M1+M4, EAPOL from M4 (authorized) - usable if NONCE_CLIENT is not zeroed \n" " 010 = M2+M3, EAPOL from M2 (authorized)\n" " 011 = M2+M3, EAPOL from M3 (authorized) - usable by option --all\n" " 100 = M3+M4, EAPOL from M3 (authorized) - usable by option --all\n" " 101 = M3+M4, EAPOL from M4 (authorized) - usable if NONCE_CLIENT is not zeroed\n" "3: reserved\n" "4: NC (set to 1) - nonce-error-corrections deactivated on M1M2ROGUE, M2M3E3 and M3M4E3\n" "5: LE router detected (set to 1) - nonce-error-corrections required only on LE\n" "6: BE router detected (set to 1) - nonce-error-corrections required only on BE\n" "7: NC (set to 1) - nonce-error-corrections activated\n" "\n" "Do not edit, merge or convert pcapng files! This will remove optional comment fields!\n" "Detection of bit errors does not work on cleaned dump files!\n" "Do not use %s in combination with third party cap/pcap/pcapng cleaning tools (except: tshark and/or Wireshark)!\n" "It is much better to run gzip to compress the files. Wireshark, tshark and hcxpcapngtool will understand this.\n" "Output is appended to existing files.\n" "Recommended tools to show additional 802.11 fields or to decrypt WiFi traffic: Wireshark and/or tshark\n" "Recommended tool to filter converted hash by several options: hcxhashtool\n" "Recommended tool to get default or standard PSKs: hcxpsktool\n" "Recommended tool to calculate wordlists based on ESSID: hcxeiutool\n" "Recommended tools to retrieve PSK from hash: hashcat, JtR\n", eigenname); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) void usageerror(char *eigenname) { fprintf(stdout, "%s %s (C) %s by ZeroBeat\n" "usage: %s -h for help\n", eigenname, VERSION_TAG, VERSION_YEAR, eigenname); exit(EXIT_FAILURE); } /*===========================================================================*/ int main(int argc, char *argv[]) { static int auswahl; static int index; static int exitcode; static char *pmkideapoloutname; static char *pmkidclientoutname; static char *eapmd5outname; static char *eapmd5johnoutname; static char *eapleapoutname; static char *tacacspoutname; static char *essidoutname; static char *essidproberequestoutname; static char *deviceinfooutname; static char *identityoutname; static char *usernameoutname; static char *trackinname; static char *nmeaoutname; static char *csvoutname; static char *logoutname; static char *rawoutname; static char *ltsoutname; static char *rawinname; static char *pmkideapoljtroutnamedeprecated; static char *pmkidoutnamedeprecated; static char *hccapxoutnamedeprecated; static char *hccapoutnamedeprecated; static const char *prefixoutname; static const char *pmkideapolsuffix = ".22000"; static const char *eapmd5suffix = ".4800"; static const char *eapleapsuffix = ".5500"; static const char *tacacspsuffix = ".16100"; static const char *essidsuffix = ".essid"; static const char *essidproberequestsuffix = ".essidproberequest"; static const char *identitysuffix = ".identity"; static const char *usernamesuffix = ".username"; static const char *nmeasuffix = ".nmea"; static const char *csvsuffix = ".csv"; static const char *deviceinfosuffix = ".deviceinfo"; static char pmkideapolprefix[PATH_MAX]; static char eapmd5prefix[PATH_MAX]; static char eapleapprefix[PATH_MAX]; static char tacacspprefix[PATH_MAX]; static char essidprefix[PATH_MAX]; static char essidproberequestprefix[PATH_MAX]; static char identityprefix[PATH_MAX]; static char usernameprefix[PATH_MAX]; static char nmeaprefix[PATH_MAX]; static char csvprefix[PATH_MAX]; static char deviceinfoprefix[PATH_MAX]; struct timeval tv; static struct stat statinfo; static const char *short_options = "o:E:R:I:U:D:hv"; static const struct option long_options[] = { {"all", no_argument, NULL, HCX_CONVERT_ALL}, {"eapoltimeout", required_argument, NULL, HCX_EAPOL_TIMEOUT}, {"nonce-error-corrections", required_argument, NULL, HCX_NC}, {"ignore-ie", no_argument, NULL, HCX_IE}, {"max-essids", required_argument, NULL, HCX_ESSIDS}, {"track-in", required_argument, NULL, HCX_TRACK_IN}, {"nmea", required_argument, NULL, HCX_NMEA_OUT}, {"csv", required_argument, NULL, HCX_CSV_OUT}, {"raw-out", required_argument, NULL, HCX_RAW_OUT}, {"raw-in", required_argument, NULL, HCX_RAW_IN}, {"lts", required_argument, NULL, HCX_LTS}, {"log", required_argument, NULL, HCX_LOG_OUT}, {"pmkid-client", required_argument, NULL, HCX_PMKID_CLIENT_OUT}, {"pmkid", required_argument, NULL, HCX_PMKID_OUT_DEPRECATED}, {"eapmd5", required_argument, NULL, HCX_EAPMD5_OUT}, {"eapmd5-john", required_argument, NULL, HCX_EAPMD5_JOHN_OUT}, {"eapleap", required_argument, NULL, HCX_EAPLEAP_OUT}, {"tacacs-plus", required_argument, NULL, HCX_TACACSP_OUT}, {"hccapx", required_argument, NULL, HCX_HCCAPX_OUT_DEPRECATED}, {"hccap", required_argument, NULL, HCX_HCCAP_OUT_DEPRECATED}, {"john", required_argument, NULL, HCX_PMKIDEAPOLJTR_OUT_DEPRECATED}, {"prefix", required_argument, NULL, HCX_PREFIX_OUT}, {"add-timestamp", no_argument, NULL, HCX_ADD_TIMESTAMP}, {"version", no_argument, NULL, HCX_VERSION}, {"help", no_argument, NULL, HCX_HELP}, {NULL, 0, NULL, 0} }; auswahl = -1; index = 0; optind = 1; optopt = 0; exitcode = EXIT_SUCCESS; addtimestampflag = false; ignoreieflag = false; donotcleanflag = false; eapoltimeoutvalue = EAPOLTIMEOUT; ncvalue = NONCEERRORCORRECTION; essidsvalue = ESSIDSMAX; pmkideapoloutname = NULL; eapmd5outname = NULL; eapmd5johnoutname = NULL; eapleapoutname = NULL; tacacspoutname = NULL; essidoutname = NULL; essidproberequestoutname = NULL; identityoutname = NULL; usernameoutname = NULL; deviceinfooutname = NULL; trackinname = NULL; nmeaoutname = NULL; csvoutname = NULL; logoutname = NULL; rawoutname = NULL; ltsoutname = NULL; rawinname = NULL; prefixoutname = NULL; pmkideapoljtroutnamedeprecated = NULL; pmkidoutnamedeprecated = NULL; hccapxoutnamedeprecated = NULL; hccapoutnamedeprecated = NULL; fh_pmkideapol = NULL; fh_pmkideapolclient = NULL; fh_eapmd5 = NULL; fh_eapmd5john = NULL; fh_eapleap = NULL; fh_tacacsp = NULL; fh_essid = NULL; fh_essidproberequest = NULL; fh_deviceinfo= NULL; fh_identity = NULL; fh_username = NULL; fh_nmea = NULL; fh_csv = NULL; fh_log = NULL; fh_raw_out = NULL; fh_lts = NULL; fh_pmkideapoljtrdeprecated = NULL; fh_pmkiddeprecated = NULL; fh_hccapxdeprecated = NULL; fh_hccapdeprecated = NULL; gzipstat = 0; capstat = 0; pcapngstat = 0; while((auswahl = getopt_long (argc, argv, short_options, long_options, &index)) != -1) { switch (auswahl) { case HCX_EAPOL_TIMEOUT: eapoltimeoutvalue = strtoull(optarg, NULL, 10); if(eapoltimeoutvalue <= 0) { fprintf(stderr, "EAPOL TIMEOUT must be > 0\n"); exit(EXIT_FAILURE); } eapoltimeoutvalue *= 1000000; break; case HCX_NC: ncvalue = strtol(optarg, NULL, 10); break; case HCX_IE: ignoreieflag = true; break; case HCX_CONVERT_ALL: donotcleanflag = true; break; case HCX_ESSIDS: essidsvalue = strtol(optarg, NULL, 10); break; case HCX_PMKIDEAPOL_OUT: pmkideapoloutname = optarg; break; case HCX_PMKID_CLIENT_OUT: pmkidclientoutname = optarg; break; case HCX_EAPMD5_OUT: eapmd5outname = optarg; break; case HCX_EAPMD5_JOHN_OUT: eapmd5johnoutname = optarg; break; case HCX_EAPLEAP_OUT: eapleapoutname = optarg; break; case HCX_TACACSP_OUT: tacacspoutname = optarg; break; case HCX_ESSID_OUT: essidoutname = optarg; break; case HCX_LTS: ltsoutname = optarg; break; case HCX_ESSIDPROBEREQUEST_OUT: essidproberequestoutname = optarg; break; case HCX_IDENTITY_OUT: identityoutname = optarg; break; case HCX_USERNAME_OUT: usernameoutname = optarg; break; case HCX_DEVICEINFO_OUT: deviceinfooutname = optarg; break; case HCX_TRACK_IN: trackinname = optarg; break; case HCX_NMEA_OUT: nmeaoutname = optarg; break; case HCX_CSV_OUT: csvoutname = optarg; break; case HCX_RAW_OUT: rawoutname = optarg; break; case HCX_RAW_IN: rawinname = optarg; break; case HCX_LOG_OUT: logoutname = optarg; break; case HCX_ADD_TIMESTAMP: addtimestampflag = true; break; case HCX_PMKIDEAPOLJTR_OUT_DEPRECATED: pmkideapoljtroutnamedeprecated = optarg; break; case HCX_PMKID_OUT_DEPRECATED: pmkidoutnamedeprecated = optarg; break; case HCX_HCCAPX_OUT_DEPRECATED: hccapxoutnamedeprecated = optarg; break; case HCX_HCCAP_OUT_DEPRECATED: hccapoutnamedeprecated = optarg; break; case HCX_HELP: usage(basename(argv[0])); break; case HCX_PREFIX_OUT: prefixoutname = optarg; if(strlen(prefixoutname) > PREFIX_BUFFER_MAX) { fprintf(stderr, "prefix must be < %d\n", PATH_MAX -12); exit(EXIT_FAILURE); } break; case HCX_VERSION: version(basename(argv[0])); break; case '?': usageerror(basename(argv[0])); break; } } gettimeofday(&tv, NULL); timestampstart = ((uint64_t)tv.tv_sec *1000000) + tv.tv_usec; if(argc < 2) { fprintf(stderr, "no option selected\nrun %s --help to get more information\n", (basename(argv[0]))); exit(EXIT_FAILURE); } if((optind == argc) && (rawinname == NULL)) { fprintf(stdout, "no input file(s) selected\n"); exit(EXIT_FAILURE); } if(evpinitwpa() == false) exit(EXIT_FAILURE); if(testfilename(pmkideapoloutname, essidoutname) == true) exit(EXIT_FAILURE); if(testfilename(pmkideapoloutname, essidproberequestoutname) == true) exit(EXIT_FAILURE); if(testfilename(pmkideapoloutname, identityoutname) == true) exit(EXIT_FAILURE); if(testfilename(pmkideapoloutname, usernameoutname) == true) exit(EXIT_FAILURE); if(testfilename(pmkideapoloutname, deviceinfooutname) == true) exit(EXIT_FAILURE); if(testfilename(pmkideapoloutname, eapmd5outname) == true) exit(EXIT_FAILURE); if(testfilename(pmkideapoloutname, eapmd5johnoutname) == true) exit(EXIT_FAILURE); if(testfilename(pmkideapoloutname, eapleapoutname) == true) exit(EXIT_FAILURE); if(testfilename(pmkideapoloutname, tacacspoutname) == true) exit(EXIT_FAILURE); if(testfilename(pmkideapoloutname, nmeaoutname) == true) exit(EXIT_FAILURE); if(testfilename(pmkideapoloutname, csvoutname) == true) exit(EXIT_FAILURE); if(testfilename(pmkideapoloutname, rawoutname) == true) exit(EXIT_FAILURE); if(testfilename(pmkideapoloutname, logoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapmd5outname, essidoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapmd5outname, essidproberequestoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapmd5outname, identityoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapmd5outname, usernameoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapmd5outname, deviceinfooutname) == true) exit(EXIT_FAILURE); if(testfilename(eapmd5outname, eapmd5johnoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapmd5outname, eapleapoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapmd5outname, tacacspoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapmd5outname, nmeaoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapmd5outname, csvoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapmd5outname, rawoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapmd5outname, logoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapleapoutname, essidoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapleapoutname, essidproberequestoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapleapoutname, identityoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapleapoutname, usernameoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapleapoutname, deviceinfooutname) == true) exit(EXIT_FAILURE); if(testfilename(eapleapoutname, eapmd5johnoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapleapoutname, tacacspoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapleapoutname, nmeaoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapleapoutname, csvoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapleapoutname, rawoutname) == true) exit(EXIT_FAILURE); if(testfilename(eapleapoutname, logoutname) == true) exit(EXIT_FAILURE); if(testfilename(tacacspoutname, essidoutname) == true) exit(EXIT_FAILURE); if(testfilename(tacacspoutname, essidproberequestoutname) == true) exit(EXIT_FAILURE); if(testfilename(tacacspoutname, identityoutname) == true) exit(EXIT_FAILURE); if(testfilename(tacacspoutname, usernameoutname) == true) exit(EXIT_FAILURE); if(testfilename(tacacspoutname, deviceinfooutname) == true) exit(EXIT_FAILURE); if(testfilename(tacacspoutname, eapmd5johnoutname) == true) exit(EXIT_FAILURE); if(testfilename(tacacspoutname, nmeaoutname) == true) exit(EXIT_FAILURE); if(testfilename(tacacspoutname, csvoutname) == true) exit(EXIT_FAILURE); if(testfilename(tacacspoutname, rawoutname) == true) exit(EXIT_FAILURE); if(testfilename(tacacspoutname, logoutname) == true) exit(EXIT_FAILURE); if(testfilename(nmeaoutname, essidoutname) == true) exit(EXIT_FAILURE); if(testfilename(nmeaoutname, essidproberequestoutname) == true) exit(EXIT_FAILURE); if(testfilename(nmeaoutname, identityoutname) == true) exit(EXIT_FAILURE); if(testfilename(nmeaoutname, usernameoutname) == true) exit(EXIT_FAILURE); if(testfilename(nmeaoutname, deviceinfooutname) == true) exit(EXIT_FAILURE); if(testfilename(nmeaoutname, eapmd5johnoutname) == true) exit(EXIT_FAILURE); if(testfilename(nmeaoutname, rawoutname) == true) exit(EXIT_FAILURE); if(testfilename(nmeaoutname, logoutname) == true) exit(EXIT_FAILURE); if(testfilename(rawoutname, essidoutname) == true) exit(EXIT_FAILURE); if(testfilename(rawoutname, essidproberequestoutname) == true) exit(EXIT_FAILURE); if(testfilename(rawoutname, identityoutname) == true) exit(EXIT_FAILURE); if(testfilename(rawoutname, usernameoutname) == true) exit(EXIT_FAILURE); if(testfilename(rawoutname, deviceinfooutname) == true) exit(EXIT_FAILURE); if(testfilename(rawoutname, eapmd5johnoutname) == true) exit(EXIT_FAILURE); if(testfilename(rawoutname, logoutname) == true) exit(EXIT_FAILURE); if(testfilename(logoutname, essidoutname) == true) exit(EXIT_FAILURE); if(testfilename(logoutname, essidproberequestoutname) == true) exit(EXIT_FAILURE); if(testfilename(logoutname, identityoutname) == true) exit(EXIT_FAILURE); if(testfilename(logoutname, usernameoutname) == true) exit(EXIT_FAILURE); if(testfilename(logoutname, deviceinfooutname) == true) exit(EXIT_FAILURE); if(testfilename(logoutname, eapmd5johnoutname) == true) exit(EXIT_FAILURE); if(prefixoutname != NULL) { strncpy(pmkideapolprefix, prefixoutname, PREFIX_BUFFER_MAX); strncat(pmkideapolprefix, pmkideapolsuffix, PREFIX_BUFFER_MAX); pmkideapoloutname = pmkideapolprefix; strncpy(essidprefix, prefixoutname, PREFIX_BUFFER_MAX); strncat(essidprefix, essidsuffix, PREFIX_BUFFER_MAX); essidoutname = essidprefix; strncpy(essidproberequestprefix, prefixoutname, PREFIX_BUFFER_MAX); strncat(essidproberequestprefix, essidproberequestsuffix, PREFIX_BUFFER_MAX); essidproberequestoutname = essidprefix; strncpy(identityprefix, prefixoutname, PREFIX_BUFFER_MAX); strncat(identityprefix, identitysuffix, PREFIX_BUFFER_MAX); identityoutname = identityprefix; strncpy(usernameprefix, prefixoutname, PREFIX_BUFFER_MAX); strncat(usernameprefix, usernamesuffix, PREFIX_BUFFER_MAX); usernameoutname = usernameprefix; strncpy(deviceinfoprefix, prefixoutname, PREFIX_BUFFER_MAX); strncat(deviceinfoprefix, deviceinfosuffix, PREFIX_BUFFER_MAX); deviceinfooutname = deviceinfoprefix; strncpy(eapmd5prefix, prefixoutname, PREFIX_BUFFER_MAX); strncat(eapmd5prefix, eapmd5suffix, PREFIX_BUFFER_MAX); eapmd5outname = eapmd5prefix; strncpy(eapleapprefix, prefixoutname, PREFIX_BUFFER_MAX); strncat(eapleapprefix, eapleapsuffix, PREFIX_BUFFER_MAX); eapleapoutname = eapleapprefix; strncpy(tacacspprefix, prefixoutname, PREFIX_BUFFER_MAX); strncat(tacacspprefix, tacacspsuffix, PREFIX_BUFFER_MAX); tacacspoutname = tacacspprefix; strncpy(nmeaprefix, prefixoutname, PREFIX_BUFFER_MAX); strncat(nmeaprefix, nmeasuffix, PREFIX_BUFFER_MAX); nmeaoutname = nmeaprefix; strncpy(csvprefix, prefixoutname, PREFIX_BUFFER_MAX); strncat(csvprefix, csvsuffix, PREFIX_BUFFER_MAX); csvoutname = csvprefix; } if((pmkideapoloutname != NULL) && (nmeaoutname != NULL)) { if(strcmp(pmkideapoloutname, nmeaoutname) == 0) { fprintf(stdout, "same file names for different file types not allowed: %s - %s\n", pmkideapoloutname, usernameoutname); exit(EXIT_FAILURE); } } if(pmkideapoloutname != NULL) { if((fh_pmkideapol = fopen(pmkideapoloutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", pmkideapoloutname, strerror(errno)); exit(EXIT_FAILURE); } } if(eapmd5outname != NULL) { if((fh_eapmd5 = fopen(eapmd5outname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", eapmd5outname, strerror(errno)); exit(EXIT_FAILURE); } } if(eapmd5johnoutname != NULL) { if((fh_eapmd5john = fopen(eapmd5johnoutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", eapmd5johnoutname, strerror(errno)); exit(EXIT_FAILURE); } } if(eapleapoutname != NULL) { if((fh_eapleap = fopen(eapleapoutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", eapleapoutname, strerror(errno)); exit(EXIT_FAILURE); } } if(tacacspoutname != NULL) { if((fh_tacacsp = fopen(tacacspoutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", tacacspoutname, strerror(errno)); exit(EXIT_FAILURE); } } if(essidoutname != NULL) { if((fh_essid = fopen(essidoutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", essidoutname, strerror(errno)); exit(EXIT_FAILURE); } } if(ltsoutname != NULL) { if((fh_lts = fopen(ltsoutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", ltsoutname, strerror(errno)); exit(EXIT_FAILURE); } } if(essidproberequestoutname != NULL) { if((fh_essidproberequest = fopen(essidproberequestoutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", essidproberequestoutname, strerror(errno)); exit(EXIT_FAILURE); } } if(identityoutname != NULL) { if((fh_identity = fopen(identityoutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", identityoutname, strerror(errno)); exit(EXIT_FAILURE); } } if(usernameoutname != NULL) { if((fh_username = fopen(usernameoutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", usernameoutname, strerror(errno)); exit(EXIT_FAILURE); } } if(deviceinfooutname != NULL) { if((fh_deviceinfo = fopen(deviceinfooutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", deviceinfooutname, strerror(errno)); exit(EXIT_FAILURE); } } if(nmeaoutname != NULL) { if((fh_nmea = fopen(nmeaoutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", nmeaoutname, strerror(errno)); exit(EXIT_FAILURE); } } if(csvoutname != NULL) { if((fh_csv = fopen(csvoutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", csvoutname, strerror(errno)); exit(EXIT_FAILURE); } } if(rawoutname != NULL) { if((fh_raw_out = fopen(rawoutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n",rawoutname, strerror(errno)); exit(EXIT_FAILURE); } } if(logoutname != NULL) { if((fh_log = fopen(logoutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n",logoutname, strerror(errno)); exit(EXIT_FAILURE); } } if(pmkidclientoutname != NULL) { if((fh_pmkideapolclient = fopen(pmkidclientoutname, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", pmkidclientoutname, strerror(errno)); exit(EXIT_FAILURE); } } if(pmkideapoljtroutnamedeprecated != NULL) { if((fh_pmkideapoljtrdeprecated = fopen(pmkideapoljtroutnamedeprecated, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", pmkideapoljtroutnamedeprecated, strerror(errno)); exit(EXIT_FAILURE); } } if(pmkidoutnamedeprecated != NULL) { if((fh_pmkiddeprecated = fopen(pmkidoutnamedeprecated, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", pmkidoutnamedeprecated, strerror(errno)); exit(EXIT_FAILURE); } } if(hccapxoutnamedeprecated != NULL) { if((fh_hccapxdeprecated = fopen(hccapxoutnamedeprecated, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", hccapxoutnamedeprecated, strerror(errno)); exit(EXIT_FAILURE); } } if(hccapoutnamedeprecated != NULL) { if((fh_hccapdeprecated = fopen(hccapoutnamedeprecated, "a")) == NULL) { fprintf(stdout, "error opening file %s: %s\n", hccapoutnamedeprecated, strerror(errno)); exit(EXIT_FAILURE); } } if(trackinname != NULL) { if(processtrackfile(trackinname) == false) exitcode = EXIT_FAILURE; } for(index = optind; index < argc; index++) { if(processcapfile(argv[0], argv[index]) == false) exitcode = EXIT_FAILURE; } if(rawinname != NULL) processrawfile(rawinname); if(fh_pmkideapol != NULL) fclose(fh_pmkideapol); if(fh_pmkideapolclient != NULL) fclose(fh_pmkideapolclient); if(fh_eapmd5 != NULL) fclose(fh_eapmd5); if(fh_eapmd5john != NULL) fclose(fh_eapmd5john); if(fh_eapleap != NULL) fclose(fh_eapleap); if(fh_tacacsp != NULL) fclose(fh_tacacsp); if(fh_essid != NULL) fclose(fh_essid); if(fh_essidproberequest != NULL) fclose(fh_essidproberequest); if(fh_identity != NULL) fclose(fh_identity); if(fh_username != NULL) fclose(fh_username); if(fh_deviceinfo != NULL) fclose(fh_deviceinfo); if(fh_nmea != NULL) fclose(fh_nmea); if(fh_csv != NULL) fclose(fh_csv); if(fh_raw_out != NULL) fclose(fh_raw_out); if(fh_lts != NULL) fclose(fh_lts); if(fh_log != NULL) fclose(fh_log); if(fh_pmkideapoljtrdeprecated != NULL) fclose(fh_pmkideapoljtrdeprecated); if(fh_pmkiddeprecated != NULL) fclose(fh_pmkiddeprecated); if(fh_hccapxdeprecated != NULL) fclose(fh_hccapxdeprecated); if(fh_hccapdeprecated != NULL) fclose(fh_hccapdeprecated); if(pmkideapoloutname != NULL) { if(stat(pmkideapoloutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(pmkideapoloutname); } } if(pmkidclientoutname != NULL) { if(stat(pmkidclientoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(pmkidclientoutname); } } if(eapmd5outname != NULL) { if(stat(eapmd5outname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(eapmd5outname); } } if(eapmd5johnoutname != NULL) { if(stat(eapmd5johnoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(eapmd5johnoutname); } } if(eapleapoutname != NULL) { if(stat(eapleapoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(eapleapoutname); } } if(tacacspoutname != NULL) { if(stat(tacacspoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(tacacspoutname); } } if(essidoutname != NULL) { if(stat(essidoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(essidoutname); } } if(essidproberequestoutname != NULL) { if(stat(essidproberequestoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(essidproberequestoutname); } } if(identityoutname != NULL) { if(stat(identityoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(identityoutname); } } if(usernameoutname != NULL) { if(stat(usernameoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(usernameoutname); } } if(deviceinfooutname != NULL) { if(stat(deviceinfooutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(deviceinfooutname); } } if(nmeaoutname != NULL) { if(stat(nmeaoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(nmeaoutname); } } if(csvoutname != NULL) { if(stat(csvoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(csvoutname); } } if(rawoutname != NULL) { if(stat(rawoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(rawoutname); } } if(logoutname != NULL) { if(stat(logoutname, &statinfo) == 0) { if(statinfo.st_size == 0) remove(logoutname); } } if(pmkideapoljtroutnamedeprecated != NULL) { if(stat(pmkideapoljtroutnamedeprecated, &statinfo) == 0) { if(statinfo.st_size == 0) remove(pmkideapoljtroutnamedeprecated); } } if(pmkidoutnamedeprecated != NULL) { if(stat(pmkidoutnamedeprecated, &statinfo) == 0) { if(statinfo.st_size == 0) remove(pmkidoutnamedeprecated); } } if(hccapxoutnamedeprecated != NULL) { if(stat(hccapxoutnamedeprecated, &statinfo) == 0) { if(statinfo.st_size == 0) remove(hccapxoutnamedeprecated); } } if(hccapoutnamedeprecated != NULL) { if(stat(hccapoutnamedeprecated, &statinfo) == 0) { if(statinfo.st_size == 0) remove(hccapoutnamedeprecated); } } if((gzipstat == 0) && (pcapngstat == 0) && (capstat == 0)) return exitcode; fprintf(stdout, "\nsession summary\n---------------\n"); if(gzipstat > 0) fprintf(stdout, "gzip compressed dump files............: %d\n", gzipstat); if(pcapngstat > 0) fprintf(stdout, "processed pcapng files................: %d\n", pcapngstat); if(capstat > 0) fprintf(stdout, "processed cap files...................: %d\n", capstat); fprintf(stdout, "\n"); if(evpdeinitwpa() == false) exit(EXIT_FAILURE); return exitcode; } /*===========================================================================*/ hcxtools-6.3.5/hcxpmktool.c000066400000000000000000000600031471436210700157300ustar00rootroot00000000000000#define _GNU_SOURCE #include #include #include #include #include #include #include #include #ifdef _WIN32 #include #else #include #endif #include #include #include #include #include #include #include "include/hcxpmktool.h" #include "include/ieee80211.h" #include "include/strings.c" #include "include/fileops.c" /*===========================================================================*/ /* global variable */ static uint16_t status; static int exitcode; static EVP_MAC *hmac; static EVP_MAC *cmac; static EVP_MAC_CTX *ctxhmac; static EVP_MAC_CTX *ctxcmac; static OSSL_PARAM paramsmd5[3]; static OSSL_PARAM paramssha1[3]; static OSSL_PARAM paramssha256[3]; static OSSL_PARAM paramsaes128[3]; static uint8_t pmkcalculated[128]; static uint8_t pmkidcalculated[128]; static uint8_t ptkcalculated[256]; static uint8_t miccalculated[128]; static int psklen; static char *pskstring; static ssize_t essidlen; static uint8_t essid[34]; static uint8_t macap[8]; static uint8_t macclient[8]; static uint8_t pmkid[18]; static uint8_t mic[18]; static uint8_t anonce[34]; static size_t eapollen; static uint8_t eapol[1024]; static eapauth_t *eapptr; static size_t eapauthlen; static wpakey_t *wpak; static int keyversion; /*===========================================================================*/ static void showresult(void) { fprintf(stdout, "\n"); if((status & HAS_PMKID_LINE) == HAS_PMKID_LINE) { fprintf(stdout, "HASH FORMAT.: PMKID (WPA*01)\n"); } if((status & HAS_EAPOL_LINE) == HAS_EAPOL_LINE) { fprintf(stdout, "HASH FORMAT.: EAPOL (WPA*02)\n"); } if((status & HAS_ESSID) == HAS_ESSID) { fprintf(stdout, "ESSID.......: %s\n", essid); } if((status & HAS_MACAP) == HAS_MACAP) { fprintf(stdout, "MAC_AP......: %02x%02x%02x%02x%02x%02x\n", macap[0], macap[1], macap[2], macap[3], macap[4], macap[5]); } if((status & HAS_MACCLIENT) == HAS_MACCLIENT) { fprintf(stdout, "MAC_CLIENT..: %02x%02x%02x%02x%02x%02x\n", macclient[0], macclient[1], macclient[2], macclient[3], macclient[4], macclient[5]); } if((status & HAS_PSK) == HAS_PSK) { fprintf(stdout, "PSK.........: %s\n", pskstring); } if((status & HAS_PMK_CALC) == HAS_PMK_CALC) { fprintf(stdout, "PMK.........: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x (calculated)\n", pmkcalculated[0], pmkcalculated[1], pmkcalculated[2], pmkcalculated[3], pmkcalculated[4], pmkcalculated[5], pmkcalculated[6], pmkcalculated[7], pmkcalculated[8], pmkcalculated[9], pmkcalculated[10], pmkcalculated[11], pmkcalculated[12], pmkcalculated[13], pmkcalculated[14], pmkcalculated[15], pmkcalculated[16], pmkcalculated[17], pmkcalculated[18], pmkcalculated[19], pmkcalculated[20], pmkcalculated[21], pmkcalculated[22], pmkcalculated[23], pmkcalculated[24], pmkcalculated[25], pmkcalculated[26], pmkcalculated[27], pmkcalculated[28], pmkcalculated[29], pmkcalculated[30], pmkcalculated[31]); } if((status & HAS_PMK) == HAS_PMK) { fprintf(stdout, "PMK.........: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n", pmkcalculated[0], pmkcalculated[1], pmkcalculated[2], pmkcalculated[3], pmkcalculated[4], pmkcalculated[5], pmkcalculated[6], pmkcalculated[7], pmkcalculated[8], pmkcalculated[9], pmkcalculated[10], pmkcalculated[11], pmkcalculated[12], pmkcalculated[13], pmkcalculated[14], pmkcalculated[15], pmkcalculated[16], pmkcalculated[17], pmkcalculated[18], pmkcalculated[19], pmkcalculated[20], pmkcalculated[21], pmkcalculated[22], pmkcalculated[23], pmkcalculated[24], pmkcalculated[25], pmkcalculated[26], pmkcalculated[27], pmkcalculated[28], pmkcalculated[29], pmkcalculated[30], pmkcalculated[31]); } if((status & HAS_PMKID) == HAS_PMKID) { fprintf(stdout, "PMKID.......: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", pmkid[0], pmkid[1], pmkid[2], pmkid[3], pmkid[4], pmkid[5], pmkid[6], pmkid[7], pmkid[8], pmkid[9], pmkid[10], pmkid[11], pmkid[12], pmkid[13], pmkid[14], pmkid[15]); if(((status & HAS_PMKID_CALC) == HAS_PMKID_CALC) || ((status & HAS_PMK) == HAS_PMK)) { if(memcmp(pmkid, pmkidcalculated, 16) == 0) { exitcode = EXIT_SUCCESS_CONFIRMED; fprintf(stdout, " (confirmed)\n"); } else fprintf(stdout, " (not confirmed)\n"); } else fprintf(stdout, " (not confirmed)\n"); } if((status & HAS_MIC) == HAS_MIC) { if(keyversion == 2) fprintf(stdout, "KEY VERSION.: WPA2\n"); else if(keyversion == 1) fprintf(stdout, "KEY VERSION.: WPA1\n"); else if(keyversion == 3) fprintf(stdout, "KEY VERSION.: WPA2 KEY VERSION 3\n"); fprintf(stdout, "NONCE 1.....: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n", anonce[0], anonce[1], anonce[2], anonce[3], anonce[4], anonce[5], anonce[6], anonce[7], anonce[8], anonce[9], anonce[10], anonce[11], anonce[12], anonce[13], anonce[14], anonce[15], anonce[16], anonce[17], anonce[18], anonce[19], anonce[20], anonce[21], anonce[22], anonce[23], anonce[24], anonce[25], anonce[26], anonce[27], anonce[28], anonce[29], anonce[30], anonce[31]); fprintf(stdout, "NONCE 2.....: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n", wpak->nonce[0], wpak->nonce[1], wpak->nonce[2], wpak->nonce[3], wpak->nonce[4], wpak->nonce[5], wpak->nonce[6], wpak->nonce[7], wpak->nonce[8], wpak->nonce[9], wpak->nonce[10], wpak->nonce[11], wpak->nonce[12], wpak->nonce[13], wpak->nonce[14], wpak->nonce[15], wpak->nonce[16], wpak->nonce[17], wpak->nonce[18], wpak->nonce[19], wpak->nonce[20], wpak->nonce[21], wpak->nonce[22], wpak->nonce[23], wpak->nonce[24], wpak->nonce[25], wpak->nonce[26], wpak->nonce[27], wpak->nonce[28], wpak->nonce[29], wpak->nonce[30], wpak->nonce[31]); if((status & HAS_PTK_CALC) == HAS_PTK_CALC) { fprintf(stdout, "PTK.........: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x (calculated)\n", ptkcalculated[0], ptkcalculated[1], ptkcalculated[2], ptkcalculated[3], ptkcalculated[4], ptkcalculated[5], ptkcalculated[6], ptkcalculated[7], ptkcalculated[8], ptkcalculated[9], ptkcalculated[10], ptkcalculated[11], ptkcalculated[12], ptkcalculated[13], ptkcalculated[14], ptkcalculated[15], ptkcalculated[16], ptkcalculated[17], ptkcalculated[18], ptkcalculated[19], ptkcalculated[20], ptkcalculated[21], ptkcalculated[22], ptkcalculated[23], ptkcalculated[24], ptkcalculated[25], ptkcalculated[26], ptkcalculated[27], ptkcalculated[28], ptkcalculated[29], ptkcalculated[30], ptkcalculated[31]); fprintf(stdout, "KCK.........: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x (calculated)\n", ptkcalculated[0], ptkcalculated[1], ptkcalculated[2], ptkcalculated[3], ptkcalculated[4], ptkcalculated[5], ptkcalculated[6], ptkcalculated[7], ptkcalculated[8], ptkcalculated[9], ptkcalculated[10], ptkcalculated[11], ptkcalculated[12], ptkcalculated[13], ptkcalculated[14], ptkcalculated[15]); fprintf(stdout, "KEK.........: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x (calculated)\n", ptkcalculated[16], ptkcalculated[17], ptkcalculated[18], ptkcalculated[19], ptkcalculated[20], ptkcalculated[21], ptkcalculated[22], ptkcalculated[23], ptkcalculated[24], ptkcalculated[25], ptkcalculated[26], ptkcalculated[27], ptkcalculated[28], ptkcalculated[29], ptkcalculated[30], ptkcalculated[31]); } fprintf(stdout, "MIC.........: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", mic[0], mic[1], mic[2], mic[3], mic[4], mic[5], mic[6], mic[7], mic[8], mic[9], mic[10], mic[11], mic[12], mic[13], mic[14], mic[15]); if(memcmp(mic, miccalculated, 16) == 0) { fprintf(stdout, " (confirmed)\n"); if(status & HAS_PMKID_CALC) { fprintf(stdout, "PMKID.......: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x (calculated)\n", pmkidcalculated[0], pmkidcalculated[1], pmkidcalculated[2], pmkidcalculated[3], pmkidcalculated[4], pmkidcalculated[5], pmkidcalculated[6], pmkidcalculated[7], pmkidcalculated[8], pmkidcalculated[9], pmkidcalculated[10], pmkidcalculated[11], pmkidcalculated[12], pmkidcalculated[13], pmkidcalculated[14], pmkidcalculated[15]); } exitcode = EXIT_SUCCESS_CONFIRMED; } else fprintf(stdout, " (not confirmed)\n"); } fprintf(stdout, "\n"); return; } /*===========================================================================*/ static bool genmicwpa2kv3(void) { static uint8_t eapoltmp[1024]; memset(eapoltmp, 0, 1024); memcpy(eapoltmp, eapol, eapollen); if(!EVP_MAC_init(ctxcmac, ptkcalculated, 16, paramsaes128)) return false; if(!EVP_MAC_update(ctxcmac, eapoltmp, eapollen)) return false; if(!EVP_MAC_final(ctxcmac, eapoltmp, NULL, eapollen)) return false; memcpy(miccalculated, eapoltmp, 16); return true; } /*===========================================================================*/ static bool genmicwpa1(void) { static uint8_t eapoltmp[1024]; memset(eapoltmp, 0, 1024); memcpy(eapoltmp, eapol, eapollen); if(!EVP_MAC_init(ctxhmac, ptkcalculated, 16, paramsmd5)) return false; if(!EVP_MAC_update(ctxhmac, eapoltmp, eapollen)) return false; if(!EVP_MAC_final(ctxhmac, eapoltmp, NULL, eapollen)) return false; memcpy(miccalculated, eapoltmp, 16); return true; } /*===========================================================================*/ static bool genmicwpa2(void) { static uint8_t eapoltmp[1024]; memset(eapoltmp, 0, 1024); memcpy(eapoltmp, eapol, eapollen); if(!EVP_MAC_init(ctxhmac, ptkcalculated, 16, paramssha1)) return false; if(!EVP_MAC_update(ctxhmac, eapoltmp, eapollen)) return false; if(!EVP_MAC_final(ctxhmac, eapoltmp, NULL, eapollen)) return false; memcpy(miccalculated, eapoltmp, 16); return true; } /*===========================================================================*/ static bool genptkwpa2kv3(void) { static uint8_t *pkeptr; memset(&ptkcalculated, 0, 128); pkeptr = ptkcalculated; pkeptr[0] = 1; pkeptr[1] = 0; pkeptr += 2; memcpy(pkeptr, "Pairwise key expansion", 22); if(memcmp(macap, macclient, 6) < 0) { memcpy(pkeptr +22, macap, 6); memcpy(pkeptr +28, macclient, 6); } else { memcpy(pkeptr +22, macclient, 6); memcpy(pkeptr +28, macap, 6); } if(memcmp(anonce, wpak->nonce, 32) < 0) { memcpy (pkeptr +34, anonce, 32); memcpy (pkeptr +66, wpak->nonce, 32); } else { memcpy (pkeptr +34, wpak->nonce, 32); memcpy (pkeptr +66, anonce, 32); } ptkcalculated[100] = 0x80; ptkcalculated[101] = 1; if(!EVP_MAC_init(ctxhmac, pmkcalculated, 32, paramssha256)) return false; if(!EVP_MAC_update(ctxhmac, ptkcalculated, 102)) return false; if(!EVP_MAC_final(ctxhmac, ptkcalculated, NULL, 128)) return false; return true; } /*===========================================================================*/ static bool genptkwpa12(void) { static uint8_t *pkeptr; pkeptr = ptkcalculated; memcpy(pkeptr, "Pairwise key expansion", 23); if(memcmp(macap, macclient, 6) < 0) { memcpy(pkeptr +23, macap, 6); memcpy(pkeptr +29, macclient, 6); } else { memcpy(pkeptr +23, macclient, 6); memcpy(pkeptr +29, macap, 6); } if(memcmp(anonce, wpak->nonce, 32) < 0) { memcpy (pkeptr +35, anonce, 32); memcpy (pkeptr +67, wpak->nonce, 32); } else { memcpy (pkeptr +35, wpak->nonce, 32); memcpy (pkeptr +67, anonce, 32); } if(!EVP_MAC_init(ctxhmac, pmkcalculated, 32, paramssha1)) return false; if(!EVP_MAC_update(ctxhmac, ptkcalculated, 100)) return false; if(!EVP_MAC_final(ctxhmac, ptkcalculated, NULL, 128)) return false; return true; } /*===========================================================================*/ static bool genpmkid(void) { static const char *pmkname = "PMK Name"; memcpy(pmkidcalculated, pmkname, 8); memcpy(pmkidcalculated +8, macap, 6); memcpy(pmkidcalculated +14, macclient, 6); if(!EVP_MAC_init(ctxhmac, pmkcalculated, 32, paramssha1)) return false; if(!EVP_MAC_update(ctxhmac, pmkidcalculated, 20)) return false; if(!EVP_MAC_final(ctxhmac, pmkidcalculated, NULL, 20)) return false; status |= HAS_PMKID_CALC; return true; } /*===========================================================================*/ static bool genpmk(char *psk) { memset(pmkcalculated, 0, 32); if(PKCS5_PBKDF2_HMAC_SHA1(psk, psklen, essid, essidlen, 4096, 32, pmkcalculated) == 0) return false; status |= HAS_PMK_CALC; return true; } /*===========================================================================*/ static bool parsehashlinestring(char *hashlinestring) { static size_t hlen; static size_t plen; static ssize_t flen; static const char *wpa1 = "WPA*01*"; static const char *wpa2 = "WPA*02*"; hlen = strlen(hashlinestring); if(hlen < 71) return false; plen = 7; if(memcmp(wpa1, hashlinestring, 7) == 0) { flen = hex2bin(&hashlinestring[plen], pmkid, 16); if(flen != 16) return false; plen += flen *2; if(hashlinestring[plen++] != '*') return false; flen = hex2bin(&hashlinestring[plen], macap, 6); if(flen != 6) return false; plen += flen *2; if(hashlinestring[plen++] != '*') return false; flen = hex2bin(&hashlinestring[plen], macclient, 6); if(flen != 6) return false; plen += flen *2; if(hashlinestring[plen++] != '*') return false; essidlen = hex2bin(&hashlinestring[plen], essid, 34); if((essidlen <= 0) || (essidlen > 32)) return false; plen += essidlen *2; if(hashlinestring[plen++] != '*') return false; status |= HAS_PMKID_LINE; status |= HAS_PMKID; status |= HAS_ESSID; status |= HAS_MACAP; status |= HAS_MACCLIENT; return true; } if(memcmp(wpa2, hashlinestring, 7) == 0) { flen = hex2bin(&hashlinestring[plen], mic, 16); if(flen != 16) return false; plen += flen *2; if(hashlinestring[plen++] != '*') return false; flen = hex2bin(&hashlinestring[plen], macap, 6); if(flen != 6) return false; plen += flen *2; if(hashlinestring[plen++] != '*') return false; flen = hex2bin(&hashlinestring[plen], macclient, 6); if(flen != 6) return false; plen += flen *2; if(hashlinestring[plen++] != '*') return false; flen = getfieldlen(&hashlinestring[plen], 34); if((flen %2) != 0) return false; flen /= 2; if((flen <= 0) || (flen > 32)) return false; essidlen = hex2bin(&hashlinestring[plen], essid, flen); if((essidlen <= 0) || (essidlen > 32)) return false; plen += essidlen *2; if(hashlinestring[plen++] != '*') return false; flen = hex2bin(&hashlinestring[plen], anonce, 32); if(flen == -1) return false; plen += flen *2; if(hashlinestring[plen++] != '*') return false; flen = getfieldlen(&hashlinestring[plen], 1024); if((flen %2) != 0) return false; flen /= 2; if((flen <= 0) || (flen > 1024)) return false; eapollen = hex2bin(&hashlinestring[plen], eapol, flen); eapptr = (eapauth_t*)eapol; eapauthlen = ntohs(eapptr->len); if(eapollen < eapauthlen +4) return false; plen += eapollen *2; if(hashlinestring[plen++] != '*') return false; wpak = (wpakey_t*)(eapol +EAPAUTH_SIZE); keyversion = ntohs(wpak->keyinfo) & WPA_KEY_INFO_TYPE_MASK; status |= HAS_EAPOL_LINE; status |= HAS_MIC; status |= HAS_ESSID; status |= HAS_MACAP; status |= HAS_MACCLIENT; return true; } return false; } /*===========================================================================*/ static bool evpdeinitwpa(void) { if(ctxhmac != NULL) { EVP_MAC_CTX_free(ctxhmac); EVP_MAC_free(hmac); } if(ctxcmac != NULL) { EVP_MAC_CTX_free(ctxcmac); EVP_MAC_free(cmac); } EVP_cleanup(); CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); return true; } /*===========================================================================*/ static bool evpinitwpa(void) { ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); hmac = NULL; ctxhmac = NULL; cmac = NULL; ctxcmac = NULL; hmac = EVP_MAC_fetch(NULL, "hmac", NULL); if(hmac == NULL) return false; cmac = EVP_MAC_fetch(NULL, "cmac", NULL); if(cmac == NULL) return false; char md5[] = "md5"; paramsmd5[0] = OSSL_PARAM_construct_utf8_string("digest", md5, 0); paramsmd5[1] = OSSL_PARAM_construct_end(); char sha1[] = "sha1"; paramssha1[0] = OSSL_PARAM_construct_utf8_string("digest", sha1, 0); paramssha1[1] = OSSL_PARAM_construct_end(); char sha256[] = "sha256"; paramssha256[0] = OSSL_PARAM_construct_utf8_string("digest", sha256, 0); paramssha256[1] = OSSL_PARAM_construct_end(); char aes[] = "aes-128-cbc"; paramsaes128[0] = OSSL_PARAM_construct_utf8_string("cipher", aes, 0); paramsaes128[1] = OSSL_PARAM_construct_end(); ctxhmac = EVP_MAC_CTX_new(hmac); if(ctxhmac == NULL) return false; ctxcmac = EVP_MAC_CTX_new(cmac); if(ctxcmac == NULL) return false; return true; } /*===========================================================================*/ __attribute__ ((noreturn)) static inline void version(char *eigenname) { fprintf(stdout, "%s %s (C) %s ZeroBeat\n", eigenname, VERSION_TAG, VERSION_YEAR); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) static inline void usage(char *eigenname) { fprintf(stdout, "%s %s (C) %s ZeroBeat\n" "usage : %s \n" "\n" "short options:\n" "-l : input hashcat hash line (-m 22000)\n" "-e : input Network Name (ESSID)\n" "-p : input Pre Shared Key (PSK) or Plain Master Key (PMK)\n" "-p - : read Pre Shared Key (PSK) from stdin\n" " : small lists only\n" "\n" "long options:\n" "--help : show this help\n" "--version : show version\n\n" "exit codes:\n" "0 = PSK/PMK confirmed\n" "1 = ERROR occurred\n" "2 = PSK/PMK unconfirmed\n" "\n" "Important notice:\n" "%s does not do NONCE ERROR CORRECTIONS\n" "in case of a packet loss, you get a wrong PTK\n" "\n", eigenname, VERSION_TAG, VERSION_YEAR, eigenname, eigenname); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) static inline void usageerror(char *eigenname) { fprintf(stdout, "%s %s (C) %s by ZeroBeat\n" "usage: %s -h for help\n", eigenname, VERSION_TAG, VERSION_YEAR, eigenname); exit(EXIT_FAILURE); } /*===========================================================================*/ int main(int argc, char *argv[]) { static int auswahl; static int index; static char *hashlinestring; static char pskbuffer[128]; static const char *short_options = "l:e:p:m:a:c:hv"; static const struct option long_options[] = { {"version", no_argument, NULL, HCX_VERSION}, {"help", no_argument, NULL, HCX_HELP}, {NULL, 0, NULL, 0} }; auswahl = -1; index = 0; optind = 1; optopt = 0; exitcode = EXIT_SUCCESS_UNCONFIRMED; status = 0; essidlen = 0; hashlinestring = NULL; pskstring = NULL; while((auswahl = getopt_long(argc, argv, short_options, long_options, &index)) != -1) { switch (auswahl) { case HCX_HASHLINE: hashlinestring = optarg; break; case HCX_PSK: pskstring = optarg; break; case HCX_HELP: usage(basename(argv[0])); break; case HCX_VERSION: version(basename(argv[0])); break; case '?': usageerror(basename(argv[0])); break; } } if(argc < 2) { fprintf(stderr, "no option selected\nrun %s --help to get more information\n", (basename(argv[0]))); exit(EXIT_FAILURE); } if(evpinitwpa() == false) { fprintf(stderr, "\nEVP API error\n"); return EXIT_FAILURE; } if(hashlinestring != NULL) { if(parsehashlinestring(hashlinestring) == false) { fprintf(stdout, "hash line error\n"); return EXIT_FAILURE; } } if(pskstring != NULL) { psklen = strlen(pskstring); if((psklen >= 8) &&(psklen < 63)) { status |= HAS_PSK; if((status & HAS_ESSID) == HAS_ESSID) { if(genpmk(pskstring) == false) { fprintf(stderr, "\nPMK error\n"); return EXIT_FAILURE; } } } else if(psklen == 64) { if(hex2bin(pskstring, pmkcalculated, 32) != 32) { fprintf(stderr, "\nPMK error\n"); return EXIT_FAILURE; } status |= HAS_PMK; } else if(strncmp(pskstring, "-", 1) == 0) { if((status & HAS_ESSID) == HAS_ESSID) { if((status & HAS_PMKID) == HAS_PMKID) { while(1) { if((psklen = fgetline(stdin, 128, pskbuffer)) == -1) break; if((psklen < 8) || (psklen > 63)) continue; { if(genpmk(pskbuffer) == false) { fprintf(stderr, "\nPMK error\n"); exit(EXIT_FAILURE); } if(genpmkid() == false) { fprintf(stderr, "\nPMK error\n"); exit(EXIT_FAILURE); } if(memcmp(pmkid, pmkidcalculated, 16) == 0) { pskstring = pskbuffer; status |= HAS_PSK; showresult(); exit(EXIT_SUCCESS_CONFIRMED); } } } if(evpdeinitwpa() == false) { fprintf(stdout, "EVP API error\n"); exit(EXIT_FAILURE); } exit(EXIT_SUCCESS); } if((status & HAS_MIC) == HAS_MIC) { if(keyversion == 2) { while(1) { if((psklen = fgetline(stdin, 128, pskbuffer)) == -1) break; if((psklen < 8) || (psklen > 63)) continue; if(genpmk(pskbuffer) == false) exit(EXIT_FAILURE); if(genptkwpa12() == false) exit(EXIT_FAILURE); if(genmicwpa2() == false) exit(EXIT_FAILURE); if(memcmp(mic, miccalculated, 16) == 0) { if(genpmkid() == false) exit(EXIT_FAILURE); pskstring = pskbuffer; status |= HAS_PSK; status |= HAS_PTK_CALC; status |= HAS_PMKID_CALC; showresult(); exit(EXIT_SUCCESS_CONFIRMED); } } if(evpdeinitwpa() == false) exit(EXIT_FAILURE); exit(EXIT_SUCCESS); } if(keyversion == 1) { while(1) { if((psklen = fgetline(stdin, 128, pskbuffer)) == -1) break; if((psklen < 8) || (psklen > 63)) continue; if(genpmk(pskbuffer) == false) exit(EXIT_FAILURE); if(genptkwpa12() == false) exit(EXIT_FAILURE); if(genmicwpa1() == false) exit(EXIT_FAILURE); if(memcmp(mic, miccalculated, 16) == 0) { if(genpmkid() == false) exit(EXIT_FAILURE); pskstring = pskbuffer; status |= HAS_PSK; status |= HAS_PTK_CALC; status |= HAS_PMKID_CALC; showresult(); exit(EXIT_SUCCESS_CONFIRMED); } } if(evpdeinitwpa() == false) exit(EXIT_FAILURE); exit(EXIT_SUCCESS); } if(keyversion == 3) { while(1) { if((psklen = fgetline(stdin, 128, pskbuffer)) == -1) break; if((psklen < 8) || (psklen > 63)) continue; if(genpmk(pskbuffer) == false) exit(EXIT_FAILURE); if(genptkwpa2kv3() == false) exit(EXIT_FAILURE); if(genmicwpa2kv3() == false) exit(EXIT_FAILURE); if(memcmp(mic, miccalculated, 16) == 0) { if(genpmkid() == false) exit(EXIT_FAILURE); pskstring = pskbuffer; status |= HAS_PSK; status |= HAS_PTK_CALC; status |= HAS_PMKID_CALC; showresult(); exit(EXIT_SUCCESS_CONFIRMED); } } if(evpdeinitwpa() == false) exit(EXIT_FAILURE); exit(EXIT_SUCCESS); } if(evpdeinitwpa() == false) exit(EXIT_FAILURE); exit(EXIT_SUCCESS); } } } } if((((status & HAS_PMK_CALC) == HAS_PMK_CALC) || ((status & HAS_PMK) == HAS_PMK)) && ((status & HAS_PMKID) == HAS_PMKID)) { if(genpmkid() == false) { fprintf(stderr, "\nPMKID error\n"); return EXIT_FAILURE; } } if((status & HAS_EAPOL_LINE) == HAS_EAPOL_LINE) { if((keyversion == 0) || (keyversion > 3)) { fprintf(stderr, "\nkey version error\n"); return EXIT_FAILURE; } if(((status & HAS_PMK_CALC) == HAS_PMK_CALC) || ((status & HAS_PMK) == HAS_PMK)) { if(keyversion < 3) { if(genptkwpa12() == false) return false; if(keyversion == 2) { if(genmicwpa2() == false) return false; if(genpmkid() == false) return false; status |= HAS_PTK_CALC; status |= HAS_PMKID_CALC; } if(keyversion == 1) { if(genmicwpa1() == false) return false; if(genpmkid() == false) return false; status |= HAS_PTK_CALC; status |= HAS_PMKID_CALC; } } else { if(genptkwpa2kv3() == false) return false; if(genmicwpa2kv3() == false) return false; if(genpmkid() == false) return false; status |= HAS_PTK_CALC; status |= HAS_PMKID_CALC; } } } showresult(); if(evpdeinitwpa() == false) { fprintf(stdout, "EVP API error\n"); exit(EXIT_FAILURE); } exit(exitcode); } /*===========================================================================*/ hcxtools-6.3.5/hcxpsktool.c000066400000000000000000003243151471436210700157470ustar00rootroot00000000000000#define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "include/hcxpsktool.h" #include "include/hashcatops.h" #include "include/strings.c" #include "include/fileops.c" /*===========================================================================*/ /* global var */ static apessidl_t *apessidliste; static int apessidcount; static unsigned int thisyear; static bool airtelflag; static bool alticeoptimumflag; static bool asusflag; static bool digit10flag; static bool easyboxflag; static bool eeflag; static bool eeupperflag; static bool egnflag; static bool eudateflag; static bool hb5flag; static bool maconlyflag; static bool netgearflag; static bool noessidcombinationflag; static bool phomeflag; static bool podaflag; static bool simpleflag; static bool spectrumflag; static bool tendaflag; static bool ukrtelecomflag; static bool usdateflag; static bool weakpassflag; static bool wpskeysflag; static bool znidflag; static uint8_t essidglen; /*===========================================================================*/ static void globalinit(void) { static time_t t; static struct tm *tm; apessidliste = NULL; apessidcount = 0; essidglen = 32; t = time(NULL); tm = localtime(&t); thisyear = tm->tm_year +1900; ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); return; } /*===========================================================================*/ /*===========================================================================*/ static void writepsk(FILE *fhout, const char *pskstring) { static bool lflag = false; static bool uflag = false; static int p, l; static char lowerpskstring[PSKSTRING_LEN_MAX] = { 0 }; static char upperpskstring[PSKSTRING_LEN_MAX] = { 0 }; l = strlen(pskstring); if((l < 8) || (l > PSKSTRING_LEN_MAX)) return; fprintf(fhout,"%s\n", pskstring); for(p = 0; p < l; p++) { if(islower((unsigned char)pskstring[p])) { upperpskstring[p] = toupper((unsigned char)pskstring[p]); uflag = true; } else upperpskstring[p] = pskstring[p]; if(isupper((unsigned char)pskstring[p])) { lowerpskstring[p] = tolower((unsigned char)pskstring[p]); lflag = true; } else lowerpskstring[p] = pskstring[p]; } upperpskstring[p] = 0; lowerpskstring[p] = 0; if(uflag == true) fprintf(fhout,"%s\n", upperpskstring); if(lflag == true) fprintf(fhout,"%s\n", lowerpskstring); if((lowerpskstring[0] >= 'a') && (lowerpskstring[0] <= 'z')) { lowerpskstring[0] = toupper((unsigned char)lowerpskstring[0]); fprintf(fhout,"%s\n", lowerpskstring); } return; } /*===========================================================================*/ static void keywritedigit10(FILE *fhout) { static int i; static uint16_t f1, f2; static unsigned long long int ec, el, eu; static unsigned int digestmd5len; static EVP_MD_CTX* mdctx; static uint32_t fixseed1[] = { 0xb100, 0xb300, 0xf200, 0xf800, 0xf900, 0xfa00 }; #define FIXSEED1_SIZE sizeof(fixseed1) /sizeof(uint32_t) static char message[PSKSTRING_LEN_MAX]; static uint8_t digestmd5[EVP_MAX_MD_SIZE]; for(f1 = 0; f1 < FIXSEED1_SIZE; f1++) { for(f2 = 0; f2 <=0xff; f2++) { for(ec = 0; ec <= 0xffff; ec++) { snprintf(message, PSKSTRING_LEN_MAX, "D0542D-01%010lld", ec | (fixseed1[f1] +f2) << 16); digestmd5len = 16; mdctx = EVP_MD_CTX_create(); if(mdctx == NULL) continue; if(EVP_DigestInit_ex(mdctx, EVP_md5(), NULL) == 0) { EVP_MD_CTX_free(mdctx); continue; } if(EVP_DigestUpdate(mdctx, message, 19) == 0) { EVP_MD_CTX_free(mdctx); continue; } if(EVP_DigestFinal_ex(mdctx, digestmd5, &digestmd5len) == 0) { EVP_MD_CTX_free(mdctx); continue; } EVP_MD_CTX_free(mdctx); } el = 0; eu = 0; for(i = 0; i < 8; i++) { eu = (el >> 0x18 | ((eu << 8) &0xffffffff)) &0xffffffff; el = (((el << 8) &0xffffffff) | digestmd5[i + 8]) &0xffffffff; } fprintf(fhout, "%010lld\n", ((eu << 32) +el) %0x2540be400); } } return; } /*===========================================================================*/ static void keywritenetgear(FILE *fhout) { static size_t ca, cs; static int cn; static char pskstring[PSKSTRING_LEN_MAX] = { 0 }; static const char *firstword[] = { "absurd", "ancient", "aquatic", "basic", "big", "black", "blue", "bold", "brave", "breezy", "bright", "brown", "calm", "cheerful", "chilly", "chummy", "classy", "clever", "cloudy", "cool", "crispy", "curly", "daily", "deep", "delightful", "dizzy", "dynamic", "eagle", "elated", "elegant", "epic", "excited", "exotic", "extra", "famous", "fancy", "fearless", "festive", "fluffy", "four", "free", "fresh", "friendly", "funny", "fuzzy", "gentle", "gifted", "gigantic", "graceful", "grand", "great", "green", "happy", "heavy", "helpful", "hot", "hungry", "husky", "icy", "imaginary", "jagged", "jolly", "joyous", "juicy", "kind", "large", "light", "little", "lively", "long", "loud", "lucky", "lunar", "magical", "manic", "melodic", "mighty", "misty", "modern", "narrow", "new", "nifty", "noisy", "odd", "orange", "pastel", "perfect", "phobic", "pink", "plain", "polite", "precious", "purple", "quaint", "quick", "quiet", "rapid", "red", "rocky", "round", "royal", "ruby", "rustic", "savage", "shiny", "simple", "silent", "silky", "silly", "slow", "small", "smiley", "smiling", "smooth", "strong", "sunny", "sweet", "tablet", "thirsty", "thoughtful", "tiny", "ultra", "uneven", "unusual", "vanilla", "vast", "watery", "white", "wide", "windy", "witty", "wonderful", "yellow", "young", "zany" }; static const char *secondword[] = { "airplane", "apple", "balloon", "banana", "bangle", "bay", "berry", "bike", "bird", "boat", "bolt", "boot", "box", "brain", "bread", "breeze", "bug", "butter", "canary", "canoe", "car", "carrot", "cartoon", "cat", "cello", "chair", "cheese", "coconut", "cold", "comet", "cream", "curtain", "daisy", "deer", "diamond", "dog", "domain", "earth", "ecasa", "elephant", "field", "finch", "fire", "fish", "flamingo", "flower", "flute", "gate", "gadfly", "giant", "goat", "grasshopper", "hat", "hill", "hippo", "house", "ink", "iris", "jade", "jet", "jetcar", "jungle", "kangaroo", "kayak", "lake", "lemon", "lightning", "link", "lion", "lotus", "mango", "mesa", "mint", "mobile", "moon", "mountain", "nest", "net", "oboe", "ocean", "octopus", "onion", "orchestra", "owl", "panda", "phoenix", "piano", "pineapple", "planet", "plum", "police", "pond", "poodle", "potato", "prairie", "quail", "rabbit", "raccoon", "raven", "rise", "river", "road", "rosebud", "sea", "sheep", "ship", "shoe", "shrub", "skates", "sky", "snail", "shoe", "socks", "sparrow", "spider", "squash", "squirrel", "star", "stone", "street", "sun", "table", "tail", "teapot", "time", "tomato", "trail", "train", "tree", "truck", "trumpet", "tuba", "tulip", "turkey", "umbrella", "unicorn", "unit", "valley", "vase", "vinyl", "violet", "violin", "water", "way", "wind", "window", "wombat", "zoo" }; for(ca = 0; ca < (sizeof(firstword) / sizeof(char *)); ca++) { for(cs = 0; cs < (sizeof(secondword) / sizeof(char *)); cs++) { if(strcmp(firstword[ca], secondword[cs]) == 0) continue; for (cn = 0; cn < 1000; cn++) { snprintf(pskstring, PSKSTRING_LEN_MAX, "%s%s%03d", firstword[ca], secondword[cs], cn); fprintf(fhout,"%s\n", pskstring); } } } for(ca = 0; ca < (sizeof(firstword) / sizeof(char *)); ca++) { for(cs = 0; cs < (sizeof(secondword) / sizeof(char *)); cs++) { if(strcmp(firstword[ca], secondword[cs]) == 0) continue; for (cn = 0; cn < 100; cn++) { snprintf(pskstring, PSKSTRING_LEN_MAX, "%s%s%02d", firstword[ca], secondword[cs], cn); fprintf(fhout,"%s\n", pskstring); } } } for(ca = 0; ca < (sizeof(firstword) / sizeof(char *)); ca++) { for(cs = 0; cs < (sizeof(secondword) / sizeof(char *)); cs++) { if(strcmp(firstword[ca], secondword[cs]) == 0) continue; for (cn = 0; cn < 10; cn++) { snprintf(pskstring, PSKSTRING_LEN_MAX, "%s%s%d", firstword[ca], secondword[cs], cn); fprintf(fhout,"%s\n", pskstring); } } } for(ca = 0; ca < (sizeof(firstword) / sizeof(char *)); ca++) { for(cs = 0; cs < (sizeof(secondword) / sizeof(char *)); cs++) { if(strcmp(firstword[ca], secondword[cs]) == 0) continue; snprintf(pskstring, PSKSTRING_LEN_MAX, "%s%s", firstword[ca], secondword[cs]); fprintf(fhout,"%s\n", pskstring); } } return; } /*===========================================================================*/ static void keywritespectrum(FILE *fhout) { static size_t ca, cs; static int cn; static char pskstring[PSKSTRING_LEN_MAX] = { 0 }; static const char *firstword[] = { "absurd", "acre", "active", "actual", "adorable", "agency", "agent", "ago", "album", "alive", "all", "alter", "anchor", "ancient", "angry", "apart", "aquatic", "author", "aware", "away", "bakery", "barrel", "basic", "basket", "bench", "better", "black", "blue", "bold", "born", "botany", "brave", "breezy", "brew", "bridge", "brief", "bright", "broad", "brown", "busy", "calm", "camera", "chance", "check", "cheerful", "chilly", "choice", "chorus", "chummy", "classy", "clean", "clerk", "clever", "close", "cloudy", "clumsy", "coffee", "cold", "common", "content", "cool", "cosmic", "crispy", "curly", "daily", "damp", "dear", "decent", "deep", "degree", "desert", "dig", "direct", "dizzy", "dnamic", "domain", "double", "due", "dusty", "duty", "dynamic", "each", "eager", "eagle", "east", "easy", "eggplant", "either", "elated", "elegant", "empty", "energy", "engine", "enough", "entire", "epic", "epicn", "errand", "even", "evenp", "every", "exact", "excited", "exotic", "expert", "extra", "fair", "famous", "fancy", "farmer", "fast", "fearless", "festive", "few", "finish", "first", "fit", "fluent", "fluffy", "formal", "former", "free", "freep", "fresh", "friend", "friendly", "front", "frosty", "full", "funny", "furry", "future", "fuzzy", "gallon", "genius", "gentle", "giddy", "gifted", "glad", "global", "gold", "good", "goofy", "grain", "grand", "grateful", "great", "green", "grumpy", "guitar", "happy", "harbor", "hearty", "heavy", "height", "helpful", "high", "hockey", "home", "honest", "honor", "hot", "hotel", "hour", "hungry", "husky", "icy", "idea", "ideal", "imaginary", "immune", "input", "internal", "invent", "islan", "island", "jacket", "jagged", "jazz", "jeans", "jewel", "jolly", "joyous", "judge", "juicy", "just", "kettle", "key", "kind", "king", "kite", "knight", "known", "ladder", "ladderspace", "large", "last", "latter", "lazy", "leader", "least", "left", "legal", "less", "light", "like", "little", "lively", "living", "long", "lost", "lotus", "loud", "love", "loyal", "lucky", "magical", "major", "manic", "many", "marble", "market", "master", "medium", "mellow", "melodic", "middle", "mighty", "minute", "mirror", "misty", "mobile", "modern", "month", "most", "much", "museum", "narrow", "nature", "nearby", "neat", "nest", "new", "newj", "next", "nice", "nifty", "night", "nine", "noble", "noisy", "normal", "north", "novel", "oasis", "object", "ocean", "odd", "olive", "one", "only", "open", "orange", "other", "outlet", "oxygen", "palm", "palmw", "parade", "party", "past", "pastel", "patron", "perfect", "phobic", "phone", "pink", "plain", "plane", "pledge", "plenty", "plus", "pocket", "polite", "pony", "pool", "praise", "precious", "prior", "prize", "proof", "proper", "prose", "proud", "purple", "quaint", "quick", "quiet", "quote", "rain", "rainy", "rapid", "rare", "ready", "real", "reason", "recent", "red", "remedy", "remote", "review", "reward", "rich", "rocket", "rocky", "root", "rough", "round", "royal", "runner", "rusti", "rustic", "safe", "safety", "salt", "salute", "scary", "scout", "select", "senior", "shadow", "shelf", "shiny", "short", "silent", "silky", "silly", "silver", "simple", "sleepy", "slight", "slow", "small", "smart", "smiley", "smiling", "smooth", "soccer", "solid", "some", "south", "space", "spare", "square", "stable", "statue", "stealth", "still", "stock", "street", "strict", "strong", "studio", "such", "sudden", "summit", "sunny", "super", "sure", "sweet", "swift", "tablet", "tall", "teal", "terrific", "that", "theory", "thick", "think", "thirsty", "this", "tight", "timber", "tiny", "top", "total", "tough", "town", "train", "turtle", "uneven", "union", "unique", "unite", "unusual", "upset", "urban", "useful", "usual", "valley", "vanilla", "vast", "verse", "violet", "violin", "voyage", "wagon", "walnut", "warm", "watch", "watery", "weekly", "west", "whale", "what", "wide", "wild", "windy", "wine", "winter", "wise", "witty", "wonderful", "wooden", "worth", "writer", "yacht", "yard", "year", "yellow", "young", "youngs", "zany", "zeal", "zebra", "zone" }; static const char *secondword[] = { "", "acre", "actor", "ad", "advice", "affect", "agency", "air", "airplane", "album", "anchor", "apple", "area", "art", "aspect", "ature", "author", "ave", "bakery", "ball", "balloon", "banana", "barrel", "basis", "basket", "beach", "bead", "bear", "beer", "bench", "berry", "bike", "bird", "board", "boat", "bolt", "bonus", "book", "boot", "botany", "box", "brain", "bread", "breeze", "bridge", "bubble", "bug", "bunny", "bus", "butter", "butterfly", "cafe", "camera", "canoe", "car", "card", "carrot", "cartoon", "cat", "cello", "chair", "check", "cheek", "cheese", "chill", "chorus", "city", "clerk", "client", "clock", "coat", "coconut", "coffee", "comet", "cookie", "cosmic", "country", "county", "course", "cow", "cream", "crown", "currency", "curtain", "daisy", "data", "day", "dealer", "deeper", "deer", "degree", "desert", "desk", "diamond", "dinner", "dirt", "disk", "dog", "doll", "domain", "drama", "drawer", "dremedy", "driver", "duty", "eagle", "ear", "earth", "editor", "effort", "energy", "engine", "epic", "errand", "error", "est", "estate", "event", "extent", "fact", "famous", "farmer", "field", "fig", "film", "finch", "finish", "fire", "fish", "flo", "flower", "fluent", "flute", "form", "formal", "fox", "friend", "gadfly", "gallon", "garden", "gate", "gene", "genius", "giant", "girl", "global", "goal", "grain", "green", "guest", "guide", "guitar", "guppy", "hair", "hall", "hand", "harbor", "hat", "height", "hill", "hippo", "hockey", "home", "hone", "honor", "horse", "hotel", "house", "idea", "idol", "immune", "income", "ink", "input", "invent", "iris", "island", "jacket", "jade", "jazz", "jeans", "jet", "jewel", "judge", "jungle", "kayak", "kettle", "key", "king", "kite", "knight", "ladder", "lake", "law", "lawn", "leader", "lemon", "length", "life", "light", "lion", "list", "lotus", "loyal", "major", "mall", "mango", "map", "marble", "market", "math", "meal", "media", "memory", "menu", "mesa", "method", "mint", "mirror", "mobile", "moment", "month", "moon", "movie", "mud", "museum", "music", "nail", "nation", "nature", "nest", "news", "night", "noble", "north", "number", "oasis", "object", "oboe", "ocean", "octopus", "office", "onion", "orange", "outlet", "owl", "own", "owner", "oxygen", "palm", "panda", "pant", "paper", "parade", "park", "parm", "patron", "peach", "pear", "pencil", "people", "phoenix", "phone", "piano", "pizza", "place", "planet", "player", "pledge", "plum", "pocket", "poem", "poet", "poetry", "policy", "pond", "poodle", "potato", "prairie", "praise", "prose", "puppy", "quail", "quaint", "quick", "quote", "rabbit", "raccoon", "radio", "raft", "rain", "rairie", "ratio", "raven", "reason", "region", "remedy", "review", "reward", "river", "road", "robin", "rock", "rocket", "role", "rose", "rosebud", "runner", "safety", "salad", "salute", "sample", "scout", "sea", "sector", "seed", "series", "shark", "sheep", "shelf", "ship", "shoe", "shrub", "side", "singer", "skates", "sky", "sled", "snail", "snake", "snall", "soccer", "socks", "sofa", "soks", "song", "soup", "space", "spark", "sparrow", "speech", "spider", "spoon", "squash", "squirrel", "squirrelp", "stable", "star", "state", "statue", "steak", "storm", "story", "stove", "straw", "street", "studio", "study", "summit", "sun", "table", "tablet", "tea", "teapot", "teapoty", "teen", "tennis", "tent", "thanks", "theory", "tiger", "timber", "time", "tomato", "tooth", "topic", "town", "trail", "train", "tree", "truck", "trumpet", "truth", "tuba", "tulip", "turkey", "turtle", "two", "type", "ungle", "unicorn", "union", "unit", "unite", "urban", "useful", "valley", "value", "vase", "verse", "video", "violet", "violin", "volume", "voyage", "wagon", "walnut", "watch", "wate", "water", "way", "wealth", "week", "west", "whale", "while", "wind", "window", "windy", "winner", "wolf", "work", "world", "writer", "yacht", "yard", "year", "youth", "zeal", "zebra", "zone", "zoo" }; for(ca = 0; ca < (sizeof(firstword) / sizeof(char *)); ca++) { for(cs = 0; cs < (sizeof(secondword) / sizeof(char *)); cs++) { if(strcmp(firstword[ca], secondword[cs]) == 0) continue; for (cn = 0; cn < 1000; cn++) { snprintf(pskstring, PSKSTRING_LEN_MAX, "%s%s%03d", firstword[ca], secondword[cs], cn); fprintf(fhout,"%s\n", pskstring); } } } for(ca = 0; ca < (sizeof(firstword) / sizeof(char *)); ca++) { for(cs = 0; cs < (sizeof(secondword) / sizeof(char *)); cs++) { if(strcmp(firstword[ca], secondword[cs]) == 0) continue; for (cn = 0; cn < 100; cn++) { snprintf(pskstring, PSKSTRING_LEN_MAX, "%s%s%02d", firstword[ca], secondword[cs], cn); fprintf(fhout,"%s\n", pskstring); } } } for(ca = 0; ca < (sizeof(firstword) / sizeof(char *)); ca++) { for(cs = 0; cs < (sizeof(secondword) / sizeof(char *)); cs++) { if(strcmp(firstword[ca], secondword[cs]) == 0) continue; for (cn = 0; cn < 10; cn++) { snprintf(pskstring, PSKSTRING_LEN_MAX, "%s%s%d", firstword[ca], secondword[cs], cn); fprintf(fhout,"%s\n", pskstring); } } } for(ca = 0; ca < (sizeof(firstword) / sizeof(char *)); ca++) { for(cs = 0; cs < (sizeof(secondword) / sizeof(char *)); cs++) { if(strcmp(firstword[ca], secondword[cs]) == 0) continue; snprintf(pskstring, PSKSTRING_LEN_MAX, "%s%s", firstword[ca], secondword[cs]); fprintf(fhout,"%s\n", pskstring); } } return; } /*===========================================================================*/ static void keywritephome(FILE *fhout) { static size_t ca, cs; static int cn; static char pskstring[PSKSTRING_LEN_MAX] = { 0 }; static const char *five[] = { "about", "again", "agree", "ahead", "aisle", "alert", "alley", "allow", "amaze", "angle", "apple", "apron", "arrow", "attic", "award", "bacon", "badge", "bagel", "baked", "basic", "beard", "begin", "being", "below", "berry", "bison", "block", "bloom", "board", "boast", "bonus", "booth", "bored", "brace", "bread", "brick", "bring", "brush", "brook", "build", "built", "cabin", "cause", "chair", "camel", "canal", "chair", "charm", "chart", "charm", "chase", "check", "cheer", "chime", "chord", "chore", "chose", "chunk", "cough", "class", "clear", "coast", "cocoa", "cough", "cover", "count", "court", "creak", "cream", "creek", "crumb", "curve", "daily", "dairy", "daisy", "dance", "delay", "diner", "dodge", "dough", "dozed", "drain", "dried", "drink", "eager", "eagle", "earth", "eight", "elbow", "elect", "empty", "enter", "entry", "equal", "event", "exact", "fancy", "favor", "feast", "fence", "fever", "field", "fifty" }; static const char *six[] = { "across", "action", "advice", "almost", "always", "amount", "anchor", "animal", "answer", "anyone", "anyway", "appear", "arctic", "around", "arrive", "artist", "autumn", "awhile", "baking", "banana", "basket", "become", "beside", "better", "borrow", "bottle", "breezy", "bridge", "bright", "bucket", "buckle", "button", "cactus", "called", "career", "carpet", "camera", "candid", "canvas", "canyon", "castle", "cattle", "caught", "celery", "cellar", "center", "chance", "change", "charge", "cheery", "chores", "chosen", "circle", "cities", "clever", "collar", "column", "comedy", "common", "copied", "corral", "county", "course", "create", "crumbs", "crunch", "degree", "depend", "design", "detail", "diesel", "dimmed", "dinner", "direct", "easier", "effect", "eighty", "eleven", "energy", "engine", "entire", "escape", "factor", "famous", "fasten", "faucet", "filter", "finish", "flight", "flower", "folded", "follow", "forest", "garden", "gather", "guitar", "happen", "harbor", "hardly", "health" }; for(ca = 0; ca < (sizeof(five) / sizeof(char *)); ca++) { for(cs = 0; cs < (sizeof(six) / sizeof(char *)); cs++) { for (cn = 0; cn < 10000; cn++) { snprintf(pskstring, PSKSTRING_LEN_MAX, "%s%04d%s", five[ca], cn, six[cs]); fprintf(fhout,"%s\n", pskstring); snprintf(pskstring, PSKSTRING_LEN_MAX, "%s%04d%s", six[cs], cn, five[ca]); fprintf(fhout,"%s\n", pskstring); } } } return; } /*===========================================================================*/ static void keywritetenda(FILE *fhout) { static size_t ca, cs; static int cn; static char pskstring[PSKSTRING_LEN_MAX] = { 0 }; static const char *word[] = { "able", "about", "above", "actor", "after", "again", "alone", "also", "apple", "baby", "back", "bath", "bean", "best", "bike", "bird", "blue", "body", "book", "cafe", "cake", "calm", "card", "carry", "cash", "chair", "child", "cold", "come", "cool", "cute", "daily", "dance", "dark", "dash", "dear", "desk", "done", "door", "down", "duck", "duty", "each", "early", "earth", "east", "easy", "edit", "envy", "even", "every", "exist", "exit", "face", "fact", "fall", "fast", "feed", "feel", "fill", "fish", "five", "four", "game", "ghost", "girl", "giude", "give", "good", "green", "group", "guest", "hair", "hand", "happy", "hard", "have", "haven", "head", "high", "hike", "horse", "house", "into", "jade", "jazz", "jean", "jeep", "join", "joke", "juice", "july", "june", "keep", "kind", "lable", "labor", "lack", "lake", "land", "light", "like", "live", "lock", "loop", "lose", "mail", "main", "major", "make", "math", "meet", "milk", "moon", "more", "most", "mouth", "much", "name", "near", "need", "nine", "none", "north", "nose", "note", "occur", "ocean", "once", "open", "over", "pace", "pain", "park", "part", "pass", "past", "path", "photo", "piece", "pink", "queen", "quest", "quick", "quit", "quite", "rainy", "reach", "read", "rice", "ride", "road", "room", "rope", "rose", "rule", "rush", "safe", "said", "sale", "salt", "same", "sick", "soul", "soup", "south", "sunny", "table", "take", "tale", "talk", "tall", "team", "tell", "test", "think", "ture", "under", "unit", "upper", "walk", "waste", "water", "weak", "week", "west", "what", "where", "wind", "word" }; for(ca = 0; ca < (sizeof(word) / sizeof(char *)); ca++) { for(cs = 0; cs < (sizeof(word) / sizeof(char *)); cs++) { if (ca == cs) continue; for (cn = 0; cn < 1000; cn++) { snprintf(pskstring, PSKSTRING_LEN_MAX, "%s%s%03d", word[ca], word[cs], cn); fprintf(fhout,"%s\n", pskstring); } } for (cn = 0; cn < 10000; cn++) { snprintf(pskstring, PSKSTRING_LEN_MAX, "%s%04d", word[ca], cn); fprintf(fhout,"%s\n", pskstring); } } return; } /*===========================================================================*/ static void keywriteee(FILE *fhout, bool upper) { static size_t w3, w4, w5; static char pskstring[16] = { 0 }; const char *pskmask = "%s-%s-%s\n"; char** uword3 = NULL; char** uword4 = NULL; char** uword5 = NULL; static const char *word3[] = { "abs", "ace", "act", "add", "ado", "age", "ago", "aid", "ail", "aim", "all", "amp", "any", "ape", "apt", "art", "ask", "bad", "bay", "bee", "beg", "bet", "bid", "big", "bow", "box", "bud", "bug", "bun", "bus", "buy", "cad", "cam", "can", "cob", "cog", "cop", "cud", "cup", "cut", "dam", "did", "die", "dig", "dim", "dip", "dog", "dry", "dub", "due", "dug", "ear", "ego", "elk", "end", "era", "eye", "fab", "fan", "far", "fat", "fax", "fee", "few", "fin", "fit", "fix", "fly", "fog", "fox", "fry", "gap", "gel", "gem", "get", "god", "hem", "hid", "hip", "hit", "hop", "hot", "how", "hub", "ice", "icy", "ink", "inn", "jar", "jet", "job", "jog", "jot", "key", "lag", "lap", "law", "lay", "led", "leg", "let", "lid", "lie", "lip", "lit", "lob", "lop", "lot", "low", "mad", "map", "max", "mid", "mix", "mob", "mop", "mow", "mud", "mug", "nag", "nap", "net", "new", "nod", "nor", "not", "now", "oar", "oat", "odd", "off", "oil", "old", "one", "opt", "our", "out", "owe", "own", "pad", "pal", "pay", "pea", "peg", "pen", "per", "pet", "pie", "pin", "ply", "pop", "pro", "pub", "put", "ran", "rat", "raw", "red", "rid", "rig", "rob", "rot", "rug", "run", "sad", "sea", "set", "sew", "shy", "sim", "sin", "sip", "sir", "sit", "six", "sow", "soy", "spy", "tad", "tag", "tap", "tax", "ten", "tic", "tip", "ton", "top", "tow", "toy", "try", "two", "use", "van", "vex", "vow", "wet", "win", "won" }; static const char *word4[] = { "able", "acre", "aqua", "arch", "area", "bait", "bake", "bald", "ball", "bark", "base", "bath", "bats", "bead", "beat", "bell", "best", "boat", "boil", "bold", "bore", "both", "busy", "calm", "camp", "cape", "card", "case", "cash", "cent", "chef", "city", "clad", "clay", "club", "clue", "coat", "cook", "cool", "cope", "copy", "cute", "dame", "damp", "dare", "dash", "date", "days", "deaf", "deal", "desk", "dial", "dish", "dive", "door", "duty", "dove", "down", "draw", "drop", "each", "east", "edge", "edit", "epic", "even", "ever", "exit", "face", "fair", "fake", "fast", "fall", "fame", "fast", "fine", "firm", "flag", "flee", "foam", "fold", "foot", "four", "full", "fund", "fuse", "gaps", "gate", "gave", "gear", "gift", "glad", "gown", "gray", "half", "hang", "hard", "hats", "head", "heat", "hide", "high", "hill", "hint", "hire", "hold", "hook", "huge", "hurt", "hymn", "idea", "iron", "jets", "joke", "judo", "keen", "kiss", "lace", "lack", "land", "late", "lawn", "lazy", "less", "link", "live", "loaf", "loan", "logo", "look", "lord", "loss", "loud", "melt", "menu", "mere", "mill", "mine", "mint", "mist", "mode", "moon", "most", "move", "much", "name", "neat", "need", "nest", "noon", "nude", "oars", "oust", "pace", "pads", "page", "paid", "pain", "pale", "pane", "park", "pars", "part", "pass", "past", "pear", "pegs", "pens", "pier", "pine", "pins", "pint", "pity", "plan", "poem", "poet", "pond", "pool", "poor", "post", "pure", "rack", "rare", "real", "rest", "rich", "riot", "ripe", "road", "roam", "room", "root", "rude", "rule", "safe", "sail", "sale", "same", "sand", "save", "scan", "seal", "seat", "seem", "send", "sent", "shin", "shop", "shut", "sick", "side", "sift", "sign", "silk", "sing", "skip", "slim", "slip", "slum", "soap", "soil", "sold", "solo", "sore", "sour", "spit", "step", "stew", "sure", "tall", "teak", "team", "tear", "tent", "then", "tide", "time", "tone", "tour", "town", "trim", "trod", "true", "tube", "tune", "turn", "used", "vain", "vast", "vend", "vote", "wait", "walk", "want", "ward", "warn", "wave", "west", "wild", "wind", "wing", "wire", "wise", "worm", "zone" }; static const char *word5[] = { "aback", "acres", "adapt", "agent", "agony", "ahead", "alarm", "alert", "align", "alien", "allot", "amble", "angle", "ankle", "arena", "armed", "arrow", "audio", "award", "beams", "bland", "blank", "bleak", "bless", "boast", "boost", "bored", "bread", "bring", "broke", "buyer", "cable", "cakes", "canoe", "cards", "cargo", "cause", "chair", "cheap", "chips", "choke", "climb", "clove", "coact", "coins", "comic", "cough", "count", "cover", "crane", "crash", "crude", "cruel", "cubic", "curry", "dairy", "delay", "dance", "dense", "desks", "diner", "dines", "dozen", "draft", "dream", "drink", "drown", "drunk", "dusts", "dusty", "early", "eight", "elder", "enter", "equal", "equip", "erode", "evens", "event", "exact", "exams", "excel", "extra", "fancy", "fares", "fence", "fibre", "fifty", "filed", "files", "final", "first", "floor", "flour", "flute", "focus", "foggy", "front", "fruit", "genie", "giant", "glare", "glaze", "gleam", "glory", "glows", "grave", "great", "grids", "group", "grove", "guess", "guest", "harps", "hawks", "heavy", "house", "humor", "ideal", "index", "infer", "inked", "ivory", "judge", "knock", "laces", "large", "lawny", "learn", "light", "lilac", "linen", "lofts", "loose", "lucky", "lunar", "lyric", "madam", "magic", "major", "malts", "manor", "maple", "march", "marry", "merit", "moist", "molar", "motto", "mourn", "mouse", "muddy", "nacho", "novel", "nurse", "odeon", "offer", "optic", "pages", "panda", "pants", "pause", "peace", "pedal", "pesto", "piano", "piece", "piety", "pings", "pious", "pivot", "place", "plant", "plate", "pound", "prime", "prize", "probe", "prose", "proud", "prune", "puppy", "pylon", "quiet", "rally", "refer", "remit", "renew", "repel", "reset", "roach", "rocky", "roofs", "rooks", "rough", "royal", "rusty", "salad", "scarf", "scoop", "scoot", "scope", "score", "scorn", "shaft", "share", "sharp", "sheds", "shine", "share", "shiny", "shirt", "shore", "shrub", "silly", "sixty", "skate", "socks", "sound", "spade", "spare", "spend", "spent", "squad", "stack", "stand", "stare", "stars", "start", "stats", "steam", "stick", "stoop", "storm", "story", "sunny", "sweat", "swept", "swift", "swing", "sword", "tally", "talon", "tempt", "tench", "tents", "these", "thick", "thief", "those", "tidal", "tiger", "title", "today", "track", "train", "tread", "trend", "trick", "trust", "tuned", "twigs", "twist", "unbid", "unbox", "uncap", "upend", "upper", "upset", "valid", "vends", "verge", "verse", "vines", "visit", "weary", "wheat", "wheel", "whole", "worth", "wound", "wrist", "yeast", "zooms" }; if (upper) { uword3 = create_upper_array(word3, sizeof(word3) / sizeof(char *)); uword4 = create_upper_array(word4, sizeof(word4) / sizeof(char *)); uword5 = create_upper_array(word5, sizeof(word5) / sizeof(char *)); } for(w3 = 0; w3 < (sizeof(word3) / sizeof(char *)); w3++) { for(w4 = 0; w4 < (sizeof(word4) / sizeof(char *)); w4++) { for(w5 = 0; w5 < (sizeof(word5) / sizeof(char *)); w5++) { if (upper) { snprintf(pskstring, 16, pskmask, uword3[w3], word4[w4], word5[w5]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, word3[w3], uword4[w4], word5[w5]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, word3[w3], word4[w4], uword5[w5]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, uword3[w3], word5[w5], word4[w4]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, word3[w3], uword5[w5], word4[w4]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, word3[w3], word5[w5], uword4[w4]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, uword4[w4], word3[w3], word5[w5]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, word4[w4], uword3[w3], word5[w5]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, word4[w4], word3[w3], uword5[w5]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, uword4[w4], word5[w5], word3[w3]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, word4[w4], uword5[w5], word3[w3]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, word4[w4], word5[w5], uword3[w3]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, uword5[w5], word3[w3], word4[w4]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, word5[w5], uword3[w3], word4[w4]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, word5[w5], word3[w3], uword4[w4]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, uword5[w5], word4[w4], word3[w3]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, word5[w5], uword4[w4], word3[w3]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, word5[w5], word4[w4], uword3[w3]); fputs(pskstring, fhout); } else { snprintf(pskstring, 16, pskmask, word3[w3], word4[w4], word5[w5]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, word3[w3], word5[w5], word4[w4]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, word4[w4], word3[w3], word5[w5]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, word4[w4], word5[w5], word3[w3]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, word5[w5], word3[w3], word4[w4]); fputs(pskstring, fhout); snprintf(pskstring, 16, pskmask, word5[w5], word4[w4], word3[w3]); fputs(pskstring, fhout); } } } } if (upper) { free_array(uword3, sizeof(word3) / sizeof(char *)); free_array(uword4, sizeof(word4) / sizeof(char *)); free_array(uword5, sizeof(word5) / sizeof(char *)); } return; } /*===========================================================================*/ /* source: soxrok2212, https://github.com/soxrok2212/PSKracker/tree/master/dicts/altice-optimum */ static void keywritealticeoptimum(FILE *fhout) { static unsigned int w, i; char si[7] = {0}; static const char *word[] = { "amber", "aqua", "auburn", "beige", "blue", "brick", "bronze", "burgundy", "chestnut", "cobalt", "copper", "coral", "cordovan", "crimson", "cyan", "emerald", "garnet", "gold", "granite", "green", "grey", "indigo", "jade", "lavender", "lemon", "lime", "linen", "magenta", "maroon", "mauve", "navy", "olive", "orange", "orchid", "peach", "periwinkle", "pewter", "pink", "plum", "purple", "rose", "sage", "sepia", "sienna", "silver", "slate", "taupe", "teal", "turquoise" }; for (i = 0; i < 1000000; i++) { sprintf(si, "%06d", i); for (w = 0; w < (sizeof(word) / sizeof(char *)); w++ ) { // 2-4 //fprintf(fhout, "%s-%.2s-%.4s\n", word[w], si, si+2); fprintf(fhout, "%.2s-%s-%.4s\n", si, word[w], si+2); fprintf(fhout, "%.2s-%.4s-%s\n", si, si+2, word[w]); // 3-3 fprintf(fhout, "%s-%.3s-%.3s\n", word[w], si, si+3); fprintf(fhout, "%.3s-%s-%.3s\n", si, word[w], si+3); fprintf(fhout, "%.3s-%.3s-%s\n", si, si+3, word[w]); // 4-2 fprintf(fhout, "%s-%.4s-%.2s\n", word[w], si, si+4); fprintf(fhout, "%.4s-%s-%.2s\n", si, word[w], si+4); //fprintf(fhout, "%.4s-%.2s-%s\n", si, si+4, word[w]); } } return; } /*===========================================================================*/ static void keywriteasus(FILE *fhout) { static unsigned int w, i; static const char *word[] = { "account", "actor", "alpha", "amazing", "answer", "anyway", "athlete", "autumn", "avenue", "bakery", "balcony", "banking", "battery", "bedroom", "bicycle", "birthday", "browser", "calendar", "camping", "category", "center", "charming", "cinema", "cocoa", "coffee", "cupid", "december", "delivery", "delta", "dollar", "donkey", "drama", "dream", "economy", "enjoy", "eternity", "everyday", "examiner", "export", "extra", "eyebrow", "february", "feeling", "flower", "fortune", "founder", "four", "gasoline", "giant", "glory", "golden", "grape", "guide", "haircut", "handsome", "harmony", "hawk", "header", "hiking", "hometown", "honor", "hundred", "hunter", "jaguar", "jazz", "jogging", "july", "june", "jumper", "junior", "justdoit", "keeper", "keyboard", "kingdom", "kiss", "kitchen", "knife", "knuckle", "leopard", "letter", "lighting", "literacy", "lucky", "lunar", "majesty", "mankind", "mars", "memory", "mercy", "momentum", "morning", "museum", "network", "next", "night", "noodle", "notebook", "nurse", "painter", "pajamas", "panda", "parttime", "passion", "popcorn", "puma", "puppet", "pyramid", "random", "ranking", "reading", "relax", "remark", "revenue", "ribbon", "salon", "saturday", "science", "sexy", "soccer", "sour", "spider", "star", "sugar", "sunday" }; for (w = 0; w < (sizeof(word) / sizeof(char *)); w++ ) { for (i = 0; i < 10000; i++) { fprintf(fhout, "%s_%04d\n", word[w], i); } } return; } /*===========================================================================*/ static void keywriteweakpass(FILE *fhout) { static size_t w; static unsigned int y; static char pskstring[PSKSTRING_LEN_MAX] = { 0 }; static const char *weakword[] = { "00000000", "0000000000", "01234567", "0123456789", "0123456789012345", "022844444", "0987654321", "1029384756", "11111111", "1111111111", "111222333", "11223344", "1122334455", "11235813", "1123581321", "12121212", "123123123", "123321123", "12341234", "12344321", "1234512345", "123454321", "1234554321", "12345678", "123456789", "1234567890", "12345678910", "123456789a", "12345678a", "1234567a", "123456abc", "12345qwert", "1234abcd", "1234qwer", "123654789", "12369874", "123698745", "123789456", "123qweasd", "123qweasdzxc", "12qwaszx", "1357924680", "147258369", "147852369", "14789632", "147896325", "192837465", "1a2b3c4d", "1q2w3e4r", "1q2w3e4r", "1q2w3e4r5t", "1q2w3e4r5t6y", "1qaz2wsx", "1qazxsw2", "22222222", "321654987", "4815162342", "55555555", "741852963", "76543210", "77777777", "789456123", "87654321", "88888888", "963852741", "987654321", "9876543210", "999999999", "a1234567", "a123456789", "a1b2c3d4", "a1b2c3d4e5", "a1s2d3f4", "Aa123456", "aaaaaaaa", "aaaaaaaaaa", "abc12345", "abcd1234", "abcdefgh", "adgjmptw", "alexander", "Alexandra", "Amsterdam", "Anderson", "Angelina", "Apollo13", "asdasdasd", "asdf1234", "asdfasdf", "asdfghjk", "asdfghjkl", "Assassin", "Atlantis", "Australia", "azertyuiop", "Babygirl", "Barcelona", "Baseball", "Basketball", "Benjamin", "BigDaddy", "BlaBlaBla", "BlahBlah", "Blink182", "Blizzard", "Brooklyn", "Bullshit", "Butterfly", "California", "CallofDuty", "Carolina", "Caroline", "Carpediem", "Catherine", "Champion", "Changeme", "Charlie1", "Charlotte", "Cheyenne", "Chocolate", "Christian", "Christina", "Christine", "Christopher", "Cocacola", "Colorado", "Computer", "Corvette", "Courtney", "Creative", "Danielle", "Darkness", "December", "Dolphins", "DragonBall", "drowssap", "Einstein", "Elephant", "Elizabeth", "Evolution", "Facebook", "Fernando", "Fireball", "Firebird", "Football", "Football1", "free-tau", "Franklin", "FuckYou2", "Gangster", "Garfield", "Giovanni", "Godzilla", "Goldfish", "GoodLuck", "GreenDay", "Hallo123", "Hardcore", "Harrison", "HarryPotter", "Hello123", "HelloKitty", "helloworld123", "Hercules", "IceCream", "idontknow", "iloveyou", "Infinity", "Internet", "Inuyasha", "Isabella", "Isabelle", "JamesBond", "Jennifer", "Jonathan", "Jordan23", "justdoit", "Juventus", "Kamikaze", "Kawasaki", "Kimberly", "KingKong", "Kristina", "LasVegas", "Leonardo", "LinkinPark", "Liverpool", "Logitech", "Lollipop", "LoveLove", "Manchester", "Marlboro", "Marshall", "Maverick", "Mercedes", "Metallica", "Michael1", "Michelle", "Microsoft", "Midnight", "Mitchell", "MoonLight", "MotherFucker", "Motorola", "Napoleon", "NewCastle", "Nicholas", "Nightmare", "Nintendo", "November", "Pa55w0rd", "Pa55word", "Pakistan", "Panasonic", "Paradise", "Passport", "Passw0rd", "Password1", "Password123", "Passwort", "Patricia", "Pavilion", "PeterPan", "Pineapple", "Platinum", "Playstation", "PoohBear", "Portugal", "Precious", "Predator", "Princess", "P@ssw0rd", "q1w2e3r4", "q1w2e3r4t5", "qazwsx123", "qazwsxedc", "qweasdzxc", "qwer1234", "qwerasdf", "qwert123", "qwerty12", "qwerty123", "qwertyui", "qwertyuiop", "Rammstein", "RealMadrid", "Remember", "Rockstar", "Ronaldo7", "RunEscape", "Rush2112", "Samantha", "Savannah", "Scarface", "Scorpion", "Scotland", "Sebastian", "Security", "September", "Serenity", "Simpsons", "Skateboard", "Skittles", "Skywalker", "Slipknot", "smartbro", "Snickers", "Snowball", "Snowboard", "Something", "Southpark", "Spiderman", "Spitfire", "SpongeBob", "Starcraft", "Stargate", "StarTrek", "StarWars", "Steelers", "Stephanie", "Strawberry", "Sunflower", "Sunshine", "Superman", "Superstar", "Swordfish", "TaxiLinQ", "Terminator", "TestTest", "Tinkerbell", "TrustNo1", "Twilight", "Undertaker", "Valentina", "Valentine", "Veronica", "Victoria", "Warcraft", "Warhammer", "Welcome1", "Westside", "WhatEver", "Williams", "Wolverine", "Wordpass", "zaq12wsx", "zaq1xsw2" }; for(w = 0; w < (sizeof(weakword) /sizeof(weakword[0])); w++) writepsk(fhout, weakword[w]); for(y = 1900; y <= thisyear; y++) { snprintf(pskstring, PSKSTRING_LEN_MAX, "abcd%04d", y); writepsk(fhout, pskstring); } for(y = 0; y < 1000; y++) { snprintf(pskstring, PSKSTRING_LEN_MAX, "%03d%03d%03d", y, y, y); writepsk(fhout, pskstring); } return; } /*===========================================================================*/ static void keywritesimple(FILE *fhout) { static int a,b,c; for(a =0x20; a < 0x7f; a++) for(b = 0x20; b < 0x7f; b++) { fprintf(fhout, "12341234%c%c\n", a, b); fprintf(fhout, "%c%c12341234\n", a, b); fprintf(fhout, "1234512345%c%c\n", a, b); fprintf(fhout, "%c%c1234512345\n", a, b); fprintf(fhout, "%c%c%c%c%c%c%c%c\n", a, a, b, b, a, a, b, b); fprintf(fhout, "%c%c%c%c%c%c%c%c%c%c\n", a, a, b, b, a, a, b, b, a, a); fprintf(fhout, "%c%c%c%c%c%c%c%c%c%c%c%c\n", a, a, b, b, a, a, b, b, a, a, b, b); fprintf(fhout, "%c%c%c%c%c%c%c%c\n", a, b, a, b, a, b, a, b); fprintf(fhout, "%c%c%c%c%c%c%c%c%c\n", a, b, a, b, a, b, a, b, a); fprintf(fhout, "%c%c%c%c%c%c%c%c%c%c\n", a, b, a, b, a, b, a, b, a, b); fprintf(fhout, "%c%c%c%c%c%c%c%c%c%c%c\n", a, b, a, b, a, b, a, b, a, b, a); fprintf(fhout, "%c%c%c%c%c%c%c%c%c%c%c%c\n", a, b, a, b, a, b, a, b, a, b, a, b); fprintf(fhout, "%c%c%c%c%c%c%c%c\n", a, b, b, b, b, b, b, b); fprintf(fhout, "%c%c%c%c%c%c%c%c%c\n", a, b, b, b, b, b, b, b, b); fprintf(fhout, "%c%c%c%c%c%c%c%c%c%c\n", a, b, b, b, b, b, b, b, b, b); fprintf(fhout, "%c%c%c%c%c%c%c%c%c%c%c\n", a, b, b, b, b, b, b, b, b, b, b); fprintf(fhout, "%c%c%c%c%c%c%c%c%c%c%c%c\n", a, b, b, b, b, b, b, b, b, b, b, b); fprintf(fhout, "%c%c%c%c%c%c%c%c\n", b, b, b, b, b, b, b, a); fprintf(fhout, "%c%c%c%c%c%c%c%c%c\n", b, b, b, b, b, b, b, b, a); fprintf(fhout, "%c%c%c%c%c%c%c%c%c%c\n", b, b, b, b, b, b, b, b, b, a); fprintf(fhout, "%c%c%c%c%c%c%c%c%c%c%c\n", b, b, b, b, b, b, b, b, b, b, a); fprintf(fhout, "%c%c%c%c%c%c%c%c%c%c%c%c\n", b, b, b, b, b, b, b, b, b, b, b, a); } for(a =0x20; a < 0x7f; a++) for(b =0x20; b < 0x7f; b++) for(c =0x20; c < 0x7f; c++) { fprintf(fhout, "%c%c%c%c%c%c%c%c%c\n", a, b, c, a, b, c, a, b, c); fprintf(fhout, "%c%c%c%c%c%c%c%c%c\n", a, a, a, b, b, b, c, c, c); fprintf(fhout, "%c%c%c%c%c%c%c%c\n", a, c, c, c, c, c, c, b); fprintf(fhout, "%c%c%c%c%c%c%c%c%c\n", a, c, c, c, c, c, c, c, b); fprintf(fhout, "%c%c%c%c%c%c%c%c%c%c\n", a, c, c, c, c, c, c, c, c, b); fprintf(fhout, "%c%c%c%c%c%c%c%c\n", a, b, c, c, c, c, c, c); fprintf(fhout, "%c%c%c%c%c%c%c%c%c\n", a, b, c, c, c, c, c, c, c); fprintf(fhout, "%c%c%c%c%c%c%c%c%c%c\n", a, b, c, c, c, c, c, c, c, c); fprintf(fhout, "%c%c%c%c%c%c%c%c\n", c, c, c, c, c, c, a, b); fprintf(fhout, "%c%c%c%c%c%c%c%c%c\n", c, c, c, c, c, c, c, a, b); fprintf(fhout, "%c%c%c%c%c%c%c%c%c%c\n", c, c, c, c, c, c, c, c, a, b); fprintf(fhout, "%c%c%c%c%c%c%c%c%c%c\n", a, b, b, b, b, c, c, c, c, a); } return; } /*===========================================================================*/ static void keywriteeudate(FILE *fhout) { static unsigned int d, m, y; for(y = 1900; y <= thisyear; y++) { for(d = 1; d <= 28; d++) { for(m = 1; m <= 12; m++) { fprintf(fhout, "%02d%02d%04d\n", d, m, y); fprintf(fhout, "%02d.%02d.%04d\n", d, m, y); } } } for(y = 1900; y <= thisyear; y++) { for(d = 29; d <= 30; d++) { for(m = 1; m <= 12; m++) { fprintf(fhout, "%02d%02d%04d\n", d, m, y); fprintf(fhout, "%02d.%02d.%04d\n", d, m, y); } } } for(y = 1900; y <= thisyear; y++) { fprintf(fhout, "3101%04d\n", y); fprintf(fhout, "3103%04d\n", y); fprintf(fhout, "3105%04d\n", y); fprintf(fhout, "3107%04d\n", y); fprintf(fhout, "3108%04d\n", y); fprintf(fhout, "3110%04d\n", y); fprintf(fhout, "3112%04d\n", y); fprintf(fhout, "31.01.%04d\n", y); fprintf(fhout, "31.03.%04d\n", y); fprintf(fhout, "31.05.%04d\n", y); fprintf(fhout, "31.07.%04d\n", y); fprintf(fhout, "31.08.%04d\n", y); fprintf(fhout, "31.10.%04d\n", y); fprintf(fhout, "31.12.%04d\n", y); } for(y = 1900; y <= thisyear; y++) { if (((y %4 == 0) && (y %100 != 0)) || (y %400 == 0)) { fprintf(fhout, "2902%04d\n", y); fprintf(fhout, "29.02.%04d\n", y); } } return; } /*===========================================================================*/ static void keywriteusdate(FILE *fhout) { static unsigned int d, m, y; for(y = 1900; y <= thisyear; y++) { for(d = 1; d <= 28; d++) { for(m = 1; m <= 12; m++) { fprintf(fhout, "%02d%02d%04d\n", m, d, y); fprintf(fhout, "%02d.%02d.%04d\n", m, d, y); } } } for(y = 1900; y <= thisyear; y++) { for(d = 29; d <= 30; d++) { for(m = 1; m <= 12; m++) { fprintf(fhout, "%02d%02d%04d\n", m, d, y); fprintf(fhout, "%02d.%02d.%04d\n", m, d, y); } } } for(y = 1900; y <= thisyear; y++) { fprintf(fhout, "0131%04d\n", y); fprintf(fhout, "0331%04d\n", y); fprintf(fhout, "0531%04d\n", y); fprintf(fhout, "0731%04d\n", y); fprintf(fhout, "0831%04d\n", y); fprintf(fhout, "1031%04d\n", y); fprintf(fhout, "1231%04d\n", y); fprintf(fhout, "01.31.%04d\n", y); fprintf(fhout, "03.31.%04d\n", y); fprintf(fhout, "05.31.%04d\n", y); fprintf(fhout, "07.31.%04d\n", y); fprintf(fhout, "08.31.%04d\n", y); fprintf(fhout, "10.31.%04d\n", y); fprintf(fhout, "12.31.%04d\n", y); } for(y = 1900; y <= thisyear; y++) { if (((y %4 == 0) && (y %100 != 0)) || (y %400 == 0)) { fprintf(fhout, "0229%04d\n", y); fprintf(fhout, "02.29.%04d\n", y); } } return; } /*===========================================================================*/ static void keywriteyearyear(FILE *fhout) { static unsigned int y, y2, y3; static char pskstring[PSKSTRING_LEN_MAX] = { 0 }; for(y = 1900; y <= thisyear; y++) { for(y2 = 1900; y2 <= thisyear; y2++) { snprintf(pskstring, PSKSTRING_LEN_MAX, "%04d%04d", y, y2); writepsk(fhout, pskstring); } } for(y = 1900; y <= thisyear; y++) { for(y2 = 1900; y2 <= thisyear; y2++) { for(y3 = 1900; y3 <= thisyear; y3++) { snprintf(pskstring, PSKSTRING_LEN_MAX, "%04d%04d%04d", y, y2, y3); writepsk(fhout, pskstring); } } } return; } /*===========================================================================*/ static void keywriteegn(FILE *fhout) { static unsigned int y, m, d, mc, i, j, c; static char pskstring[PSKSTRING_LEN_MAX] = { 0 }; static unsigned int w[] = {2, 4, 8, 5, 10, 9, 7, 3, 6}; for(y = 1950; y <= thisyear; y++) { if (y < 2000) mc = 0; else mc = 40; for(m = 1; m <= 12; m++) { for(d = 1; d <= 31; d++) { if (m == 2) { if ((((y % 4 == 0) && (y % 100 != 0)) || (y % 400 == 0))) { if (d > 29) continue; } else { if (d > 28) continue; } } if ((m == 4 || m == 6 || m == 9 || m == 11) && d > 30) continue; for (i = 0; i < 1000; i++) { snprintf(pskstring, PSKSTRING_LEN_MAX, "%02d%02d%02d%03d", y % 100, m + mc, d, i); c = 0; for (j = 0; j < 9; j++) { c += (pskstring[j] - 48) * w[j]; } c %= 11; if (c == 10) c = 0; pskstring[9] = c + 48; pskstring[10] = 0; writepsk(fhout, pskstring); } } } } return; } /*===========================================================================*/ static void preparebssidessid(FILE *fhout, unsigned long long int macaddr, uint8_t essidlen, uint8_t *essid) { static int k2; static int ek; static char *ev; static unsigned int oui; static char essidtmp[PSKSTRING_LEN_MAX] = { 0 }; if(essidlen >= 6) { if((isxdigit((unsigned char)essid[essidlen -6])) && (isxdigit((unsigned char)essid[essidlen -5])) && (isxdigit((unsigned char)essid[essidlen -4])) && (isxdigit((unsigned char)essid[essidlen -3])) && (isxdigit((unsigned char)essid[essidlen -2])) && (isxdigit((unsigned char)essid[essidlen -1]))) { ev = (char*)(essid +essidlen -6); ek = strtol(ev, NULL, 16); oui = (macaddr &0xffffff000000L) >> 24; snprintf(essidtmp, PSKSTRING_LEN_MAX, "%06x%06x", oui, ek); writepsk(fhout, essidtmp); } } return; if(essidlen >= 4) { if((isxdigit((unsigned char)essid[essidlen -4])) && (isxdigit((unsigned char)essid[essidlen -3])) && (isxdigit((unsigned char)essid[essidlen -2])) && (isxdigit((unsigned char)essid[essidlen -1]))) { ev = (char*)(essid +7); ek = strtol(ev, NULL, 16); for(k2 = ek -10; k2 < ek +10; k2++) { snprintf(essidtmp, PSKSTRING_LEN_MAX, "%08llx%04x", (macaddr >> 16), (k2 &0xffff)); writepsk(fhout, essidtmp); } } } return; } /*===========================================================================*/ static void processbssidsessids(FILE *fhout) { static int c; static apessidl_t *zeiger; static apessidl_t *zeiger1; qsort(apessidliste, apessidcount, APESSIDLIST_SIZE, sort_apessidlist_by_ap); zeiger = apessidliste; for(c = 0; c < apessidcount; c++) { if(c == 0) preparebssidessid(fhout, zeiger->macaddr, zeiger->essidlen, zeiger->essid); else { zeiger1 = zeiger -1; if((zeiger->macaddr != zeiger1->macaddr) || (zeiger->essidlen != zeiger1->essidlen) || (memcmp(zeiger->essid, zeiger1->essid, zeiger->essidlen) != 0)) { preparebssidessid(fhout, zeiger->macaddr, zeiger->essidlen, zeiger->essid); } } zeiger++; } return; } /*===========================================================================*/ static void writeessidadd(FILE *fhout, char *essid) { static unsigned int c, d; static char essidstring[PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX] = { 0 }; for(c = 22222; c <= 99999; c += 11111) { snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s%d", essid, c); writepsk(fhout, essidstring); } if(essidglen <= 2) { for(c = thisyear +1; c < 1000000; c++) { snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s%d", essid, c); writepsk(fhout, essidstring); } } if(essidglen <= 3) { for(c = thisyear +1; c < 100000; c++) { snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s%d", essid, c); writepsk(fhout, essidstring); } } if(essidglen <= 12) { for(c = thisyear +1; c < 10000; c++) { snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s%d", essid, c); writepsk(fhout, essidstring); } } if(essidglen > 12) { for(c = 2222; c <= 9999; c += 1111) { snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s%d", essid, c); writepsk(fhout, essidstring); } } for(c = 0; c <= thisyear; c++) { snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s%04d", essid, c); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s%04d!", essid, c); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%04d%s", c, essid); writepsk(fhout, essidstring); } for(c = 100; c < 1000; c++) { snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s%05d", essid, c); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s%04d", essid, c); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s%d", essid, c); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s%d!", essid, c); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%d%s", c, essid); writepsk(fhout, essidstring); } for(c = 10; c < 100; c++) { snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s%04d", essid, c); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s%03d", essid, c); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s%d!", essid, c); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%d%s", c, essid); writepsk(fhout, essidstring); } for(c = 0; c < 10; c++) { snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s%04d", essid, c); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s%03d", essid, c); writepsk(fhout, essidstring); } for(c = 0; c <= 99; c++) { for(d = 0; d <= 99; d++) { snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%02d%s%02d", c, essid, d); writepsk(fhout, essidstring); } } for(c = 0x21; c < 0x7f; c++) { for(d = 0x21; d < 0x7f; d++) { snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%c%c%s%c%c", c, d, essid, d, c); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s%c%c", essid, c, d); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%c%c%s", c, d, essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%c%s%c", c, essid, d); writepsk(fhout, essidstring); } } for(c = 0x21; c < 0x7f; c++) { snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s%c", essid, c); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%c%s", c, essid); writepsk(fhout, essidstring); } snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s1234567890", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s123456789", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s12345678", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s1234567", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s123456", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s12345", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s9876543210", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s987654321", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s87654321", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s7654321", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s654321", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s54321", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s4711", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "1234567890%s", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "123456789%s", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "12345678%s", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "1234567%s", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "123456%s", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "12345%s", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "9876543210%s", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "987654321%s", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "87654321%s", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "7654321%s", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "654321%s", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "54321%s", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s@adsl", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s@Home", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s@WiFi", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s@1234", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%sWiFi", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s@dsl", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s@123", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX, "%s%s%s", essid, essid, essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s%s", essid, essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "%s", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "Family%s", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "Familie%s", essid); writepsk(fhout, essidstring); snprintf(essidstring, PSKSTRING_LEN_MAX +PSKSTRING_LEN_MAX , "Familia%s", essid); writepsk(fhout, essidstring); return; } /*===========================================================================*/ static bool writeessidremoved(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int pi; static int po; static int essidlentmp; static bool removeflag; static char essidtmp[PSKSTRING_LEN_MAX] = { 0 }; po = 0; removeflag = false; essidlentmp = essidlen; memset(&essidtmp, 0, PSKSTRING_LEN_MAX); for(pi = 0; pi < essidlen; pi++) { if(((essid[pi] >= 'A') && (essid[pi] <= 'Z')) || ((essid[pi] >= 'a') && (essid[pi] <= 'z'))) { essidtmp[po] = essid[pi]; po++; } else { essidlentmp--; removeflag = true; } } writeessidadd(fhout, (char*)essid); if(removeflag == true) writeessidadd(fhout, essidtmp); return removeflag; } /*===========================================================================*/ static void writeessidsweeped(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int l1, l2; static uint8_t sweepstring[PSKSTRING_LEN_MAX] = { 0 }; for(l1 = 2; l1 <= essidlen; l1++) { for(l2 = 0; l2 <= essidlen -l1; l2++) { memset(&sweepstring, 0, PSKSTRING_LEN_MAX); memcpy(&sweepstring, &essid[l2], l1); writeessidremoved(fhout, l1, sweepstring); } } return; } /*===========================================================================*/ static void testairtel(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k; static const char *air = "Airtel_"; if(airtelflag == true) return; if(essidlen < 7) return; if(memcmp(essid, air, 7) != 0) return; fprintf(fhout, "Airtel@123\n"); for(k = 0; k < 100000; k++) fprintf(fhout, "air%05d\n", k); airtelflag = true; return; } /*===========================================================================*/ static void testalcatellinkzone(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k1; static const char *ali = "Alcatel LINKZONE "; static char essidtmp[PSKSTRING_LEN_MAX] = { 0 }; if(essidlen != 21) return; if(memcmp(essid, ali, 17) != 0) return; if((!isdigit((unsigned char)essid[17])) || (!isdigit((unsigned char)essid[18])) || (!isdigit((unsigned char)essid[19])) || (!isdigit((unsigned char)essid[20]))) return; for(k1 = 0; k1 < 10000; k1++) { snprintf(essidtmp, PSKSTRING_LEN_MAX, "%04d%c%c%c%c", k1, essid[17], essid[18], essid[19], essid[20]); writepsk(fhout, essidtmp); } return; } /*===========================================================================*/ static void testarrisizzi(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int c; static uint32_t i; static const char *izzi = "IZZI-"; static int fixseed2[] = { 0x001C15, 0x189C27, 0x3C0461, 0x509551, 0x704FB8, 0x8871B1, 0x8C61A3, 0x9CC8FC, 0xA811FC, 0xD4AB82, 0xF0AF85, 0xF82DC0, 0xF88B37, 0xF8F532, 0xFCAE34 }; #define FIXSEED2_SIZE sizeof(fixseed2) /sizeof(int) if(essidlen < 9) return; if(memcmp(essid, izzi, 5) != 0) return; if((!isxdigit((unsigned char)essid[5])) || (!isxdigit((unsigned char)essid[6])) || (!isxdigit((unsigned char)essid[7])) || (!isxdigit((unsigned char)essid[8]))) return; for(i = 0; i < FIXSEED2_SIZE; i++) { for(c = 0; c < 0x100; c++) fprintf(fhout, "%06X%02X%lc%lc%lc%lc\n", fixseed2[i], c, essid[5], essid[6], essid[7], essid[8]); } return; } /*===========================================================================*/ static void testarristg(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k1; static const char *dg860A = "DG860A"; static const char *tg852g = "TG852G"; static const char *tg862g = "TG862G"; static const char *dg1670A = "DG1670A"; static const char *sbg6580 = "SBG6580"; static const char *tg1672g = "TG1672G"; if(essidlen >= 8) { if((!isxdigit((unsigned char)essid[6])) || (!isxdigit((unsigned char)essid[7]))) return; if(memcmp(essid, dg860A, 6) == 0) { for(k1 = 0; k1 < 0x10000; k1++) fprintf(fhout, "DG860A%04X%c%c\n", k1, essid[6], essid[7]); return; } if(memcmp(essid, tg852g, 6) == 0) { for(k1 = 0; k1 < 0x10000; k1++) fprintf(fhout, "TG852G%04X%c%c\n", k1, essid[6], essid[7]); return; } if(memcmp(essid, tg862g, 6) == 0) { for(k1 = 0; k1 < 0x10000; k1++) fprintf(fhout, "TG862G%04X%c%c\n", k1, essid[6], essid[7]); return; } } if(essidlen >= 9) { if((!isxdigit((unsigned char)essid[7])) || (!isxdigit((unsigned char)essid[8]))) return; if(memcmp(essid, dg1670A, 7) == 0) { for(k1 = 0; k1 < 0x10000; k1++) fprintf(fhout, "DG1670A%04X%c%c\n", k1, essid[7], essid[8]); return; } if(memcmp(essid, sbg6580, 7) == 0) { for(k1 = 0; k1 < 0x10000; k1++) fprintf(fhout, "SBG6580%04X%c%c\n", k1, essid[7], essid[8]); return; } if(memcmp(essid, tg1672g, 7) == 0) { for(k1 = 0; k1 < 0x10000; k1++) fprintf(fhout, "TG1672G%04X%c%c\n", k1, essid[7], essid[8]); return; } } return; } /*===========================================================================*/ static void testaxtelxtremo(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k1; static const char *axtelxtremo = "AXTEL XTREMO-"; static char essidtmp[PSKSTRING_LEN_MAX] = { 0 }; if(essidlen != 17) return; if(memcmp(essid, axtelxtremo, 13) != 0) return; if((!isxdigit((unsigned char)essid[13])) || (!isxdigit((unsigned char)essid[14])) || (!isxdigit((unsigned char)essid[15])) || (!isxdigit((unsigned char)essid[16]))) return; for(k1 = 0; k1 < 10000; k1++) { snprintf(essidtmp, PSKSTRING_LEN_MAX, "%04d%c%c%c%c", k1, essid[13], essid[14], essid[15], essid[16]); writepsk(fhout, essidtmp); } return; } /*===========================================================================*/ static void testattwifi(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k1, k2, k3, k4; static const char *attwifi = "ATT-WIFI-"; static char essidtmp[PSKSTRING_LEN_MAX] = { 0 }; if(essidlen != 13) return; if(memcmp(essid, attwifi, 9) != 0) return; if((!isdigit((unsigned char)essid[9])) || (!isdigit((unsigned char)essid[10])) || (!isdigit((unsigned char)essid[11])) || (!isdigit((unsigned char)essid[12]))) return; for(k1 = 0; k1 < 10; k1++) for(k2 = 0; k2 < 10; k2++) for(k3 = 0; k3 < 10; k3++) for(k4 = 0; k4 < 10; k4++) { snprintf(essidtmp, PSKSTRING_LEN_MAX, "%d%c%d%c%d%c%d%c", k1, essid[9], k2, essid[10], k3, essid[12], k4, essid[11]); writepsk(fhout, essidtmp); } return; } /*===========================================================================*/ static void testcabovisao(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k1; static const char *cabovisao = "Cabovisao-"; static char essidtmp[PSKSTRING_LEN_MAX] = { 0 }; if(essidlen != 14) return; if(memcmp(essid, cabovisao, 10) != 0) return; if((!isxdigit((unsigned char)essid[10])) || (!isxdigit((unsigned char)essid[11])) || (!isxdigit((unsigned char)essid[12])) || (!isxdigit((unsigned char)essid[13]))) return; for(k1 = 0; k1 < 0x100; k1++) { snprintf(essidtmp, PSKSTRING_LEN_MAX, "2ce412%02x%c%c%c%c", k1, essid[10], essid[11], essid[12], essid[13]); writepsk(fhout, essidtmp); snprintf(essidtmp, PSKSTRING_LEN_MAX, "e0ca94%02x%c%c%c%c", k1, essid[10], essid[11], essid[12], essid[13]); writepsk(fhout, essidtmp); snprintf(essidtmp, PSKSTRING_LEN_MAX, "e0cec3%02x%c%c%c%c", k1, essid[10], essid[11], essid[12], essid[13]); writepsk(fhout, essidtmp); } return; } /*===========================================================================*/ static void testcg3000dv2(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k1; static const char *cg3000dv2 = "CG3000DV2"; if(essidlen < 11) return; if(memcmp(essid, cg3000dv2, 9) != 0) return; if((!isxdigit((unsigned char)essid[9])) || (!isxdigit((unsigned char)essid[10]))) return; for(k1 = 0; k1 < 0x10000; k1++) fprintf(fhout, "CG3000DV2%04X%c%c\n", k1, essid[9], essid[10]); return; } /*===========================================================================*/ static void testcpsrf(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k1; static const char *cpcrf1 = "CoolpadSurf_"; static const char *cpcrf2 = "Coolpad Surf "; if(essidlen < 16) return; if(memcmp(essid, cpcrf1, 12) == 0) { if((!isdigit((unsigned char)essid[12])) || (!isdigit((unsigned char)essid[13])) || (!isdigit((unsigned char)essid[14])) || (!isdigit((unsigned char)essid[15]))) return; for(k1 = 0; k1 < 10000; k1++) fprintf(fhout, "%04d%.*s\n", k1, 4, &essid[12]); return; } if(essidlen < 17) return; if(memcmp(essid, cpcrf2, 13) == 0) { if((!isdigit((unsigned char)essid[13])) || (!isdigit((unsigned char)essid[14])) || (!isdigit((unsigned char)essid[15])) || (!isdigit((unsigned char)essid[16]))) return; for(k1 = 0; k1 < 10000; k1++) fprintf(fhout, "%04d%.*s\n", k1, 4, &essid[13]); return; } return; } /*===========================================================================*/ static void testeasybox(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int b; static int s10, s9, s8 , s7; static int m12, m11, m10 ,m9; static int f1, f2; static int k1, k2, k3, k4, k5, k6, k7, k8, k9; static const char *easybox = "EasyBox-"; if(easyboxflag == true) return; if(essidlen != 14) return; if(memcmp(essid, easybox, 8) != 0) return; if((!isxdigit((unsigned char)essid[8])) || (!isxdigit((unsigned char)essid[9])) || (!isxdigit((unsigned char)essid[10])) || (!isxdigit((unsigned char)essid[11])) || (!isdigit((unsigned char)essid[12])) || (!isdigit((unsigned char)essid[13]))) return; for (b = 0; b <= 0xffff; b++) { m12 = b &0x000f; m11 = (b &0x00f0) >> 4; m10 = (b &0x0f00) >> 8; m9 = (b &0xf000) >> 12; s10 = b %10; s9 = (b /10) %10; s8 = (b /100) %10; s7 = (b /1000) %10; f1 = (s7 +s8 +m11 +m12) & 0xf; f2 = (m9 +m10 +s9 +s10) & 0xf; k1 = f1 ^s10; k2 = f2 ^m10; k3 = m11 ^s10; k4 = f1 ^s9; k5 = f2 ^m11; k6 = m12 ^s9; k7 = f1 ^s8; k8 = f2 ^m12; k9 = f1 ^f2; fprintf (fhout, "%X%X%X%X%X%X%X%X%X\n", k1, k2, k3, k4, k5, k6, k7, k8, k9); } easyboxflag = true; return; } /*===========================================================================*/ static void testglocal(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k1, k2, k3, k4; static const char *glocalme = "GlocalMe_"; if(essidlen != 14) return; if(memcmp(essid, glocalme , 9) != 0) return; if((!isdigit((unsigned char)essid[9])) || (!isdigit((unsigned char)essid[10])) || (!isdigit((unsigned char)essid[11])) || (!isdigit((unsigned char)essid[12])) || (!isdigit((unsigned char)essid[13]))) return; k2 = essid[11]; k3 = essid[12]; for(k1 = 0; k1 < 100000; k1++) { for(k4 = 0; k4 < 10; k4++) fprintf(fhout, "%05d%c%c%d\n", k1, k2, k3, k4); } return; } /*===========================================================================*/ static void testhotbox(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k1, k2; static char *ev; static const char *hotbox = "HOTBOX"; static char essidtmp[PSKSTRING_LEN_MAX] = { 0 }; if(essidlen < 7) return; if(memcmp(essid, hotbox , 6) != 0) return; if(hb5flag == false) { for(k1 = 500000000; k1 < 560000000; k1++) fprintf(fhout, "%010d\n", k1); for(k1 = 770000000; k1 < 780000000; k1++) fprintf(fhout, "%010d\n", k1); } hb5flag = true; if(essidlen != 11) return; if(essid[6] != '-') return; if((!isxdigit((unsigned char)essid[7])) || (!isxdigit((unsigned char)essid[8])) || (!isxdigit((unsigned char)essid[9])) || (!isxdigit((unsigned char)essid[10]))) return; ev = (char*)(essid +7); k2 = strtol(ev, NULL, 16); for(k1 = 0; k1 < 0x100; k1++) { snprintf(essidtmp, PSKSTRING_LEN_MAX, "086a0a%02x%04x", k1, k2); writepsk(fhout, essidtmp); snprintf(essidtmp, PSKSTRING_LEN_MAX, "2ce412%02x%04x", k1, k2); writepsk(fhout, essidtmp); snprintf(essidtmp, PSKSTRING_LEN_MAX, "4c17eb%02x%04x", k1, k2); writepsk(fhout, essidtmp); snprintf(essidtmp, PSKSTRING_LEN_MAX, "6c2e85%02x%04x", k1, k2); writepsk(fhout, essidtmp); snprintf(essidtmp, PSKSTRING_LEN_MAX, "700b01%02x%04x", k1, k2); writepsk(fhout, essidtmp); snprintf(essidtmp, PSKSTRING_LEN_MAX, "7c034c%02x%04x", k1, k2); writepsk(fhout, essidtmp); snprintf(essidtmp, PSKSTRING_LEN_MAX, "7cb733%02x%04x", k1, k2); writepsk(fhout, essidtmp); snprintf(essidtmp, PSKSTRING_LEN_MAX, "a0648f%02x%04x", k1, k2); writepsk(fhout, essidtmp); snprintf(essidtmp, PSKSTRING_LEN_MAX, "b4eeb4%02x%04x", k1, k2); writepsk(fhout, essidtmp); snprintf(essidtmp, PSKSTRING_LEN_MAX, "c0ac54%02x%04x", k1, k2); writepsk(fhout, essidtmp); snprintf(essidtmp, PSKSTRING_LEN_MAX, "d86ce9%02x%04x", k1, k2); writepsk(fhout, essidtmp); snprintf(essidtmp, PSKSTRING_LEN_MAX, "d8fb5e%02x%04x", k1, k2); writepsk(fhout, essidtmp); snprintf(essidtmp, PSKSTRING_LEN_MAX, "e0cec3%02x%04x", k1, k2); writepsk(fhout, essidtmp); snprintf(essidtmp, PSKSTRING_LEN_MAX, "e8d11b%02x%04x", k1, k2); writepsk(fhout, essidtmp); snprintf(essidtmp, PSKSTRING_LEN_MAX, "fcb4e6%02x%04x", k1, k2); writepsk(fhout, essidtmp); } for(k1 = 500000000; k1 < 560000000; k1++) fprintf(fhout, "%010d\n", k1); return; } /*===========================================================================*/ static void testmtel(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k1, k2; static const char *a1 = "A1_"; static const char *mtel = "M-Tel_"; static char essidtmp[PSKSTRING_LEN_MAX] = { 0 }; if(essidlen == 7) { if(memcmp(essid, a1, 3) == 0) { if((isxdigit((unsigned char)essid[3])) && (isxdigit((unsigned char)essid[4])) && (isxdigit((unsigned char)essid[5])) && (isxdigit((unsigned char)essid[6]))) { for(k1 = 0; k1 < 0x100; k1++) for(k2 = 0; k2 < 0x100; k2++) { snprintf(essidtmp, PSKSTRING_LEN_MAX, "48575443%02X%c%c%c%c%02X", k1, essid[3], essid[4], essid[5], essid[6], k2); writepsk(fhout, essidtmp); snprintf(essidtmp, PSKSTRING_LEN_MAX, "48575443%02X%02X%c%c%c%c", k1, k2, essid[3], essid[4], essid[5], essid[6]); writepsk(fhout, essidtmp); } } } return; } if(essidlen == 10) { if(memcmp(essid, mtel, 6) == 0) { if((isxdigit((unsigned char)essid[6])) && (isxdigit((unsigned char)essid[7])) && (isxdigit((unsigned char)essid[8])) && (isxdigit((unsigned char)essid[9]))) { for(k1 = 0; k1 < 0x100; k1++) { for(k2 = 0; k2 < 0x100; k2++) { snprintf(essidtmp, PSKSTRING_LEN_MAX, "48575443%02X%c%c%c%c%02X", k1, essid[6], essid[7], essid[8], essid[9], k2); writepsk(fhout, essidtmp); } } } } return; } return; } /*===========================================================================*/ static void testmywifi(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k1; static const char *mywifi = "MY WIFI "; static char essidtmp[PSKSTRING_LEN_MAX] = { 0 }; if(essidlen != 12) return; if(memcmp(essid, mywifi, 8) != 0) return; for(k1 = 0; k1 < 10000; k1++) { snprintf(essidtmp, PSKSTRING_LEN_MAX, "MYWIFI%04d", k1); writepsk(fhout, essidtmp); } return; } /*===========================================================================*/ static void testnet2g(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k; static const char *net2g = "NET_2G"; static char essidtmp[PSKSTRING_LEN_MAX] = { 0 }; if(essidlen < 12) return; if(memcmp(essid, net2g, 6) != 0) return; if((isxdigit((unsigned char)essid[6])) && (isxdigit((unsigned char)essid[7])) && (isxdigit((unsigned char)essid[8])) && (isxdigit((unsigned char)essid[9])) && (isxdigit((unsigned char)essid[10])) && (isxdigit((unsigned char)essid[11]))) { for(k = 0; k < 0x100; k++) { snprintf(essidtmp, PSKSTRING_LEN_MAX, "%02X%lc%lc%lc%lc%lc%lc", k, essid[6], essid[7], essid[8], essid[9], essid[10], essid[11]); writepsk(fhout, essidtmp); } } return; } /*===========================================================================*/ static void testnetv(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k; static const char *net2g = "Net-Virtua"; if(essidlen < 15) return; if(memcmp(essid, net2g, 10) != 0) return; if((isdigit((unsigned char)essid[11])) && (isdigit((unsigned char)essid[12])) && (isdigit((unsigned char)essid[13])) && (isdigit((unsigned char)essid[14]))) { for(k = 0; k < 1000; k++) { fprintf(fhout, "%03d%lc%lc%lc%lc0\n", k, essid[11], essid[12], essid[13], essid[14]); fprintf(fhout, "15%03d%lc%lc%lc%lc0\n", k, essid[11], essid[12], essid[13], essid[14]); fprintf(fhout, "16%03d%lc%lc%lc%lc0\n", k, essid[11], essid[12], essid[13], essid[14]); fprintf(fhout, "24%03d%lc%lc%lc%lc0\n", k, essid[11], essid[12], essid[13], essid[14]); fprintf(fhout, "31%03d%lc%lc%lc%lc0\n", k, essid[11], essid[12], essid[13], essid[14]); fprintf(fhout, "33%03d%lc%lc%lc%lc0\n", k, essid[11], essid[12], essid[13], essid[14]); fprintf(fhout, "37%03d%lc%lc%lc%lc0\n", k, essid[11], essid[12], essid[13], essid[14]); fprintf(fhout, "38%03d%lc%lc%lc%lc0\n", k, essid[11], essid[12], essid[13], essid[14]); fprintf(fhout, "40%03d%lc%lc%lc%lc0\n", k, essid[11], essid[12], essid[13], essid[14]); fprintf(fhout, "61%03d%lc%lc%lc%lc0\n", k, essid[11], essid[12], essid[13], essid[14]); fprintf(fhout, "71%03d%lc%lc%lc%lc0\n", k, essid[11], essid[12], essid[13], essid[14]); } for(k = 0; k < 10000; k++) { fprintf(fhout, "%04d%lc%lc%lc%lc0\n", k, essid[11], essid[12], essid[13], essid[14]); } } return; } /*===========================================================================*/ static void testpoda(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k; static const char *poda = "PODA_"; if(podaflag == true) return; if(essidlen < 5) return; if(memcmp(essid, poda, 5) != 0) return; for(k = 0; k < 1000000; k++) fprintf(fhout, "%06d%06d\n", k, k); podaflag = true; return; } /*===========================================================================*/ static void testroamingman(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k1, k2, k3; static char *ev; static const char *roamingman = "Roamingman_"; if(essidlen != 16) return; if((!isdigit((unsigned char)essid[11])) || (!isdigit((unsigned char)essid[12])) || (!isdigit((unsigned char)essid[13])) || (!isdigit((unsigned char)essid[14])) || (!isdigit((unsigned char)essid[15]))) return; if(memcmp(essid, roamingman, 11) != 0) return; ev = (char*)(essid +11); k2 = strtol(ev, NULL, 10); for(k3 = k2 -10; k3 < k2 +10; k3++) { for(k1 = 0; k1 < 1000; k1++) { if(k3 < 0) fprintf(fhout, "%03d%05d\n", k1, k3 +100000); else if(k3 > 99999) fprintf(fhout, "%03d%05d\n", k1, k3 -100000); else fprintf(fhout, "%03d%05d\n", k1, k3); } } return; } /*===========================================================================*/ static void testrtk(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k1; static const char *rtk = "RTK-"; if(essidlen == 10) { if((isxdigit((unsigned char)essid[4])) && (isxdigit((unsigned char)essid[5])) && (isxdigit((unsigned char)essid[6])) && (isxdigit((unsigned char)essid[7])) && (isxdigit((unsigned char)essid[8])) && (isxdigit((unsigned char)essid[9]))) { if(memcmp(essid, rtk, 4) == 0) { for(k1 = 0; k1 < 0x100000; k1++) { fprintf(fhout, "454C54585C0%05X\n", k1); fprintf(fhout, "454C54585C1%05X\n", k1); fprintf(fhout, "53434F4D1A0%05X\n", k1); fprintf(fhout, "ELTX1A0%05X\n", k1); fprintf(fhout, "ELTX5C0%05X\n", k1); } } return; } } return; } /*===========================================================================*/ static void testtechnicolor(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k1; static const char *tc8715d = "TC8715D"; static const char *tc8717t = "TC8717T"; if(essidlen >= 9) { if((!isxdigit((unsigned char)essid[7])) || (!isxdigit((unsigned char)essid[8]))) return; if(memcmp(essid, tc8715d, 7) == 0) { for(k1 = 0; k1 < 0x10000; k1++) fprintf(fhout, "TC8715D%04X%c%c\n", k1, essid[7], essid[8]); } if(memcmp(essid, tc8717t, 7) == 0) { for(k1 = 0; k1 < 0x10000; k1++) fprintf(fhout, "TC8717T%04X%c%c\n", k1, essid[7], essid[8]); } return; } return; } /*===========================================================================*/ static void testtelered(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static uint32_t i; static int c; static const char *telered = "TeleRed-"; static uint32_t fix[] = { 0x324b, 0x96e6, 0x9c67, 0xa266, 0xcfe2 }; #define FIX_SIZE sizeof(fix) /sizeof(int) if(essidlen < 12) return; if(memcmp(essid, telered, 8) != 0) return; if((!isxdigit((unsigned char)essid[8])) || (!isxdigit((unsigned char)essid[9])) || (!isxdigit((unsigned char)essid[10])) || (!isxdigit((unsigned char)essid[11]))) return; for(i = 0; i < FIX_SIZE; i++) { for(c = 0; c < 0x100; c++) fprintf(fhout, "%04X%02X%lc%lc%lc%lc\n", fix[i], c, essid[8], essid[9], essid[10], essid[11]); } return; } /*===========================================================================*/ static void testukrtelecom(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k; static const char *ukrtelekom = "UKrtelecom"; static char essidtmp[PSKSTRING_LEN_MAX] = { 0 }; if(ukrtelecomflag == true) return; if(essidlen < 10) return; if(memcmp(essid, ukrtelekom, 10) != 0) return; for(k = 0; k < 10000; k++) { snprintf(essidtmp, PSKSTRING_LEN_MAX, "UKR_%04d", k); writepsk(fhout, essidtmp); } ukrtelecomflag = true; return; } /*===========================================================================*/ static void testwe(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k1; if(essidlen != 8) return; if(essid[0] != 'W') return; if(essid[1] != 'E') return; if(!isxdigit((unsigned char)essid[6])) return; if(!isxdigit((unsigned char)essid[7])) return; for(k1 = 0; k1 < 0x100000; k1++) fprintf(fhout, "%c%c0%05x\n", tolower(essid[6]), tolower(essid[7]), k1); return; } /*===========================================================================*/ static void testwifirsu(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k1; static const char *wifirsu = "WiFiRSU_"; static char essidtmp[PSKSTRING_LEN_MAX] = { 0 }; if(essidlen < 10) return; if(memcmp(essid, wifirsu, 8) != 0) return; if(essidlen == 10) { if((!isxdigit((unsigned char)essid[8])) || (!isxdigit((unsigned char)essid[9]))) return; for(k1 = 0; k1 < 0x10000; k1++) { snprintf(essidtmp, PSKSTRING_LEN_MAX, "88%04x%c%c", k1, essid[8], essid[9]); writepsk(fhout, essidtmp); } return; } if(essidlen == 13) { if((!isxdigit((unsigned char)essid[8])) || (!isxdigit((unsigned char)essid[9])) || (!isxdigit((unsigned char)essid[10])) || (!isxdigit((unsigned char)essid[11])) || (!isxdigit((unsigned char)essid[12]))) return; for(k1 = 0; k1 < 0x10; k1++) { snprintf(essidtmp, PSKSTRING_LEN_MAX, "88%x%c%c%c%c%c", k1, essid[8], essid[9], essid[10], essid[11], essid[12]); writepsk(fhout, essidtmp); } return; } return; } /*===========================================================================*/ static void testwlan(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k1, k2, k3, k4, k5, k6 ,k7 ,k8, k9; static const char *wifirsu = "WLAN-"; static const char hextable[] = "0123456789ABCDEF"; if(essidlen != 11) return; if(memcmp(essid, wifirsu, 5) != 0) return; if((!isxdigit((unsigned char)essid[5])) || (!isxdigit((unsigned char)essid[6])) || (!isxdigit((unsigned char)essid[7])) || (!isxdigit((unsigned char)essid[8])) || (!isdigit((unsigned char)essid[9])) || (!isdigit((unsigned char)essid[10]))) return; k1 = essid[9]; k2 = 0; k3 = essid[10]; k4 = essid[8]; k5 = 0; k6 = 0; k7 = 0; k8 = essid[6]; k9 = essid[7]; for(k2 = 0; k2 < 10; k2++) { for(k5 = 0; k5 <= 0xffff; k5++) { fprintf(fhout, "SP-%c%d%c%c%04X%d\n", k1, k2, k3, k4, k5, k2); fprintf(fhout, "SP%c%d%c%c%04X%d\n", k1, k2, k3, k4, k5, k2); } } for(k2 = 0; k2 < 10; k2++) { for(k5 = 0; k5 <= 0x0f; k5++) { for(k6 = 0; k6 <= 0x0f; k6++) { for(k7 = 0; k7 < 100; k7++) fprintf(fhout, "%c%d%c%02d%02d%02d%02d%d%02d%02d\n", k1, k2, k3, k4, hextable[k5], hextable[k6], k7, k2, k8, k9); } } } return; } /*===========================================================================*/ static void testx2g(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k; static const char *x2g = "_2G"; if(essidlen < 9) return; if(memcmp(&essid[essidlen -9], x2g, 2) != 0) return; if((!isdigit((unsigned char)essid[essidlen -1])) || (!isdigit((unsigned char)essid[essidlen -2])) || (!isdigit((unsigned char)essid[essidlen -3])) || (!isdigit((unsigned char)essid[essidlen -4])) || (!isdigit((unsigned char)essid[essidlen -5])) || (!isdigit((unsigned char)essid[essidlen -6]))) return; for(k = 0; k < 0x100; k++) fprintf(fhout, "%02X%s\n", k, &essid[essidlen -6]); return; } /*===========================================================================*/ static void testzhone(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int k; static const char *zhone = "Zhone_"; if(znidflag == true) return; if(essidlen < 6) return; if(memcmp(essid, zhone, 6) != 0) return; for(k = 0; k < 10000000; k++) fprintf(fhout, "znid30%07d\n", k); for(k = 0; k < 10000000; k++) fprintf(fhout, "znid31%07d\n", k); znidflag = true; return; } /*===========================================================================*/ static void prepareessid(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int pi, po; static char essidtmp[PSKSTRING_LEN_MAX] = { 0 }; if((essidlen == 0) || (essidlen > 32)) return; testairtel(fhout, essidlen, essid); testalcatellinkzone(fhout, essidlen, essid); testarrisizzi(fhout, essidlen, essid); testarristg(fhout, essidlen, essid); testattwifi(fhout, essidlen, essid); testaxtelxtremo(fhout, essidlen, essid); testcabovisao(fhout, essidlen, essid); testcg3000dv2(fhout, essidlen, essid); testcpsrf(fhout, essidlen, essid); testeasybox(fhout, essidlen, essid); testglocal(fhout, essidlen, essid); testhotbox(fhout, essidlen, essid); testmtel(fhout, essidlen, essid); testmywifi(fhout, essidlen, essid); testnet2g(fhout, essidlen, essid); testnetv(fhout, essidlen, essid); testpoda(fhout, essidlen, essid); testroamingman(fhout, essidlen, essid); testrtk(fhout, essidlen, essid); testtechnicolor(fhout, essidlen, essid); testtelered(fhout, essidlen, essid); testukrtelecom(fhout, essidlen, essid); testwe(fhout, essidlen, essid); testwifirsu(fhout, essidlen, essid); testwlan(fhout, essidlen, essid); testx2g(fhout, essidlen, essid); testzhone(fhout, essidlen, essid); if(noessidcombinationflag == true) return; writeessidsweeped(fhout, essidlen, essid); po = 0; memset(&essidtmp, 0, PSKSTRING_LEN_MAX); for(pi = essidlen -1; pi >= 0; pi--) { essidtmp[po] = essid[pi]; po++; } writepsk(fhout, essidtmp); return; } /*===========================================================================*/ static void processessids(FILE *fhout) { static int c; static apessidl_t *zeiger; qsort(apessidliste, apessidcount, APESSIDLIST_SIZE, sort_apessidlist_by_essid); zeiger = apessidliste; if( apessidcount == 0) return; essidglen = zeiger->essidlen; prepareessid(fhout, zeiger->essidlen, zeiger->essid); for(c = 1; c < apessidcount; c++) { if(zeiger->essidlen != (zeiger -1)->essidlen) { essidglen = zeiger->essidlen; prepareessid(fhout, zeiger->essidlen, zeiger->essid); } else if(memcmp(zeiger->essid, (zeiger -1)->essid, zeiger->essidlen) != 0) { essidglen = zeiger->essidlen; prepareessid(fhout, zeiger->essidlen, zeiger->essid); } zeiger++; } return; } /*===========================================================================*/ /*===========================================================================*/ static void writebssidmd5(FILE *fhout, unsigned long long int macaddr) { static int k; static int p; static unsigned int digestmd5len; static EVP_MD_CTX* mdctx; static char message[PSKSTRING_LEN_MAX]; static uint8_t digestmd5[EVP_MAX_MD_SIZE]; static char keystring[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"; snprintf(message, 14, "%012llX", macaddr); digestmd5len = 16; mdctx = EVP_MD_CTX_create(); if(mdctx == NULL) return; if(EVP_DigestInit_ex(mdctx, EVP_md5(), NULL) == 0) { EVP_MD_CTX_free(mdctx); return; } if(EVP_DigestUpdate(mdctx, message, 12) == 0) { EVP_MD_CTX_free(mdctx); return; } if(EVP_DigestFinal_ex(mdctx, digestmd5, &digestmd5len) == 0) { EVP_MD_CTX_free(mdctx); return; } EVP_MD_CTX_free(mdctx); for (p = 0; p < 10; p++) fprintf(fhout, "%02x",digestmd5[p]); fprintf(fhout, "\n"); for (p = 0; p < 8; p++) { k = (digestmd5[p] %26); fprintf(fhout, "%c",keystring[k]); } fprintf(fhout, "\n"); for (p = 0; p < 10; p++) { k = (digestmd5[p] %26); fprintf(fhout, "%c",keystring[k]); } fprintf(fhout, "\n"); for (p = 0; p < 15 ; p +=2) { k = (digestmd5[p] %26); fprintf(fhout, "%c",keystring[k]); } fprintf(fhout, "\n"); for (p = 1; p < 16 ; p +=2) { k = (digestmd5[p] %26); fprintf(fhout, "%c",keystring[k]); } fprintf(fhout, "\n"); return; } /*===========================================================================*/ static unsigned int wpspinchecksum(unsigned int pin) { static int accum = 0; while (pin) { accum += 3 * (pin % 10); pin /= 10; accum += pin % 10; pin /= 10; } return (10 - accum % 10) % 10; } /*---------------------------------------------------------------------------*/ static void writebssidwps(FILE *fhout, unsigned long long int macaddr) { static int pin; pin = (macaddr & 0xffffff) % 10000000; pin = ((pin * 10) + wpspinchecksum(pin)); fprintf(fhout, "%08d\n", pin); pin = (((macaddr >> 24) &0xff) *256 *256) +(((macaddr >> 16) &0xff) *256) + ((macaddr >> 8) &0xff); pin = pin % 10000000; pin = ((pin * 10) + wpspinchecksum(pin)); fprintf(fhout, "%08d\n", pin); return; } /*===========================================================================*/ static void writewpsall(FILE *fhout) { static int c, cs; for(c = 0; c < 10000000; c++) { cs = wpspinchecksum(c); fprintf(fhout, "%07d%d\n", c, cs); } return; } /*===========================================================================*/ static void writebssid(FILE *fhout, unsigned long long int macaddr) { static char pskstring[PSKSTRING_LEN_MAX] = { 0 }; snprintf(pskstring, PSKSTRING_LEN_MAX, "0%012llx", macaddr); writepsk(fhout, pskstring); snprintf(pskstring, PSKSTRING_LEN_MAX, "2%012llx", macaddr); writepsk(fhout, pskstring); snprintf(pskstring, PSKSTRING_LEN_MAX, "m%012llx", macaddr); writepsk(fhout, pskstring); snprintf(pskstring, PSKSTRING_LEN_MAX, "555A5053%08llX", macaddr &0xffffffff); writepsk(fhout, pskstring); snprintf(pskstring, PSKSTRING_LEN_MAX, "8747%06llx", macaddr &0xffffff); writepsk(fhout, pskstring); snprintf(pskstring, PSKSTRING_LEN_MAX, "%012llx", macaddr); writepsk(fhout, pskstring); snprintf(pskstring, PSKSTRING_LEN_MAX, "%011llx", macaddr &0xfffffffffff); writepsk(fhout, pskstring); snprintf(pskstring, PSKSTRING_LEN_MAX, "%010llx", macaddr &0xffffffffff); writepsk(fhout, pskstring); snprintf(pskstring, PSKSTRING_LEN_MAX, "%09llx", macaddr &0xfffffffff); writepsk(fhout, pskstring); snprintf(pskstring, PSKSTRING_LEN_MAX, "%08llx", macaddr &0xffffffff); writepsk(fhout, pskstring); snprintf(pskstring, PSKSTRING_LEN_MAX, "%011llx", (macaddr >> 4) &0xfffffffffff); writepsk(fhout, pskstring); snprintf(pskstring, PSKSTRING_LEN_MAX, "%010llx", (macaddr >> 8) &0xffffffffff); writepsk(fhout, pskstring); snprintf(pskstring, PSKSTRING_LEN_MAX, "%09llx",(macaddr >> 12) &0xfffffffff); writepsk(fhout, pskstring); snprintf(pskstring, PSKSTRING_LEN_MAX, "%08llx", (macaddr >> 16) &0xffffffff); writepsk(fhout, pskstring); snprintf(pskstring, PSKSTRING_LEN_MAX, "%010lld", (macaddr) &0xffffff); writepsk(fhout, pskstring); writebssidmd5(fhout, macaddr); writebssidwps(fhout, macaddr); return; } /*===========================================================================*/ static void test000559(FILE *fhout, unsigned long long int macaddr) { static int k1; static unsigned long long int oui; static char essidtmp[PSKSTRING_LEN_MAX] = { 0 }; oui = macaddr &0xffffff000000L; oui = oui >> 24; if(oui == 0x000559) { for(k1 = 0; k1 < 10000; k1++) { snprintf(essidtmp, PSKSTRING_LEN_MAX, "%012llX-%04d", macaddr, k1); writepsk(fhout, essidtmp); } } return; } /*===========================================================================*/ static void preparebssid(FILE *fhout, unsigned long long int macaddr) { static int c; static unsigned long long int oui; static unsigned long long int nic; static unsigned int nici; static int swap; static int me; static char pskstring[PSKSTRING_LEN_MAX] = { 0 }; fprintf(fhout, "%012llX\n", macaddr &0xffffffffff); nici = macaddr &0xffffff; fprintf(fhout, "SPN3983%06X\n", nici); nici = ~macaddr &0xffffff; fprintf(fhout, "wlan%06x\n", nici); nici = ~macaddr &0xffffffff; fprintf(fhout, "%08x\n", nici); nici = (~macaddr >> 8) &0xffffffff; fprintf(fhout, "%08x\n", nici); for (c = 0x01; c < 0x10; c ++) { nici = ~(macaddr -c) &0xffffff; fprintf(fhout, "wlan%06x\n", nici); nici = ~(macaddr -c) &0xffffffff; fprintf(fhout, "%08x\n", nici); nici = ((~macaddr -c) >> 8) &0xffffffff; fprintf(fhout, "%08x\n", nici); } me = macaddr &0xffffff; fprintf(fhout, "05%6d\n", me); oui = macaddr &0xffffff000000L; nic = (macaddr -0x7f) &0xffffffL; for(c = 0; c <= 0xff; c++) writebssid(fhout, oui +((nic +c) &0xffffffL)); if(oui == 0xccb171000000L) { for(c = 0; c <= 0xff; c++) fprintf(fhout, "CCB071%06llX\n", ((nic +c) &0xffffffL)); } swap = (nic >> 8) & 0xffff; { swap = (swap & 0xf000) >> 12 | (swap & 0x0f00) >> 4 | (swap & 0x00f0) << 4 | (swap & 0x000f) << 12; snprintf(pskstring, PSKSTRING_LEN_MAX, "000000%04X", swap); fprintf(fhout, "%s\n", pskstring); } test000559(fhout, macaddr); return; } /*===========================================================================*/ static void processbssids(FILE *fhout) { static int c; static apessidl_t *zeiger; static apessidl_t *zeiger1; qsort(apessidliste, apessidcount, APESSIDLIST_SIZE, sort_apessidlist_by_ap); zeiger = apessidliste; for(c = 0; c < apessidcount; c++) { if(c == 0) preparebssid(fhout, zeiger->macaddr); else { zeiger1 = zeiger -1; if(zeiger->macaddr != zeiger1->macaddr) preparebssid(fhout, zeiger->macaddr); } zeiger++; } return; } /*===========================================================================*/ static void processadditionals(FILE *fhout) { if((eudateflag == true) || (usdateflag == true)) keywriteyearyear(fhout); if(alticeoptimumflag == true) keywritealticeoptimum(fhout); if(asusflag == true) keywriteasus(fhout); if(digit10flag == true) keywritedigit10(fhout); if(eeflag == true) keywriteee(fhout, false); if(eeupperflag == true) keywriteee(fhout, true); if(egnflag == true) keywriteegn(fhout); if(eudateflag == true) keywriteeudate(fhout); if(netgearflag == true) keywritenetgear(fhout); if(phomeflag == true) keywritephome(fhout); if(simpleflag == true) keywritesimple(fhout); if(spectrumflag == true) keywritespectrum(fhout); if(tendaflag == true) keywritetenda(fhout); if(usdateflag == true) keywriteusdate(fhout); if(weakpassflag == true) keywriteweakpass(fhout); if(wpskeysflag == true) writewpsall(fhout); return; } /*===========================================================================*/ /*===========================================================================*/ static void addapessid(uint64_t macaddr, uint8_t essidlen, uint8_t *essid) { static apessidl_t *zeiger; if(essidlen > ESSID_LEN_MAX) return; if(apessidliste == NULL) { apessidliste = (apessidl_t*)malloc(APESSIDLIST_SIZE); if(apessidliste == NULL) { fprintf(stderr, "failed to allocate memory\n"); exit(EXIT_FAILURE); } memset(apessidliste, 0, APESSIDLIST_SIZE); apessidliste->macaddr = macaddr; apessidliste->essidlen = essidlen; memcpy(apessidliste->essid, essid, essidlen); apessidcount++; return; } zeiger = apessidliste +apessidcount -1; if((zeiger->macaddr == macaddr) && (zeiger->essidlen == essidlen) && (memcmp(zeiger->essid, essid, essidlen) == 0)) return; zeiger = (apessidl_t*)realloc(apessidliste, (apessidcount +1) *APESSIDLIST_SIZE); if(zeiger == NULL) { fprintf(stderr, "failed to allocate memory\n"); exit(EXIT_FAILURE); } apessidliste = zeiger; zeiger = apessidliste +apessidcount; memset(zeiger, 0, APESSIDLIST_SIZE); zeiger->macaddr = macaddr; zeiger->essidlen = essidlen; memcpy(zeiger->essid, essid, essidlen); apessidcount++; return; } /*===========================================================================*/ static void readpmkidfile(char *pmkidname) { static int len; static int aktread = 1; static ssize_t essidlen; static char *macaddrstop = NULL; static unsigned long long int macaddr; static FILE *fh_file; static char linein[PMKID_LINE_LEN]; static uint8_t essid[ESSID_LEN_MAX]; if((fh_file = fopen(pmkidname, "r")) == NULL) { fprintf(stderr, "opening hash file failed %s\n", pmkidname); return; } while(1) { if((len = fgetline(fh_file, PMKID_LINE_LEN, linein)) == -1) break; if((len < 61) || ((len > 59 +(ESSID_LEN_MAX *2)))) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); aktread++; continue; } if(((linein[32] != ':') && (linein[45] != ':') && (linein[58] != ':')) && ((linein[32] != '*') && (linein[45] != '*') && (linein[58] != '*'))) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); aktread++; continue; } essidlen = len -59; if((essidlen %2) != 0) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); aktread++; continue; } macaddr = strtoull(linein +33, &macaddrstop, 16); if((macaddrstop -linein) != 45) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); aktread++; continue; } if(hex2bin(&linein[59], essid, essidlen/2) != -1) addapessid(macaddr, essidlen/2, essid); aktread++; } fclose(fh_file); return; } /*===========================================================================*/ static void readpmkideapolfile(char *pmkideapolname) { static int len; static int aktread = 1; static ssize_t essidlen; static char *macaddrstop = NULL; static char *essidstop = NULL; static unsigned long long int macaddr; static FILE *fh_file; static const char hlid1[] = { "WPA*01*" }; static const char hlid2[] = { "WPA*02*" }; static char linein[PMKIDEAPOL_LINE_LEN]; static uint8_t essid[ESSID_LEN_MAX]; if((fh_file = fopen(pmkideapolname, "r")) == NULL) { fprintf(stderr, "opening hash file failed %s\n", pmkideapolname); return; } while(1) { if((len = fgetline(fh_file, PMKIDEAPOL_LINE_LEN, linein)) == -1) break; if(len < 68) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); aktread++; continue; } if((memcmp(&hlid1, linein, 7) != 0) && (memcmp(&hlid2, linein, 7) != 0)) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); aktread++; continue; } if((linein[3] != '*') && (linein[6] != '*') && (linein[39] != '*') && (linein[52] != '*') && (linein[65] != '*')) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); aktread++; continue; } essidstop = strchr(&linein[66], '*'); if(essidstop == NULL) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); aktread++; continue; } essidlen = essidstop -linein -66; if((essidlen %2) != 0) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); aktread++; continue; } macaddr = strtoull(linein +40, &macaddrstop, 16); if((macaddrstop -linein) != 52) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); aktread++; continue; } if(hex2bin(&linein[66], essid, essidlen/2) != -1) addapessid(macaddr, essidlen/2, essid); aktread++; } fclose(fh_file); return; } /*===========================================================================*/ static int getwpapskfmt(int lenlinein, char *linein) { static int p; static const char *johnformat = "$WPAPSK$"; for(p = 0; p < lenlinein -8; p++) { if(memcmp(&linein[p], johnformat, 8) == 0) return p; } return 0; } /*===========================================================================*/ static void readjohnfile(char *johnname) { static int len; static int aktread = 1; static int essidlen; static int macp; static char *macaddrstop = NULL; static unsigned long long int macaddr; static FILE *fh_file; static char linein[JOHN_LINE_LEN]; if((fh_file = fopen(johnname, "r")) == NULL) { fprintf(stderr, "opening hash file failed %s\n", johnname); return; } while(1) { if((len = fgetline(fh_file, JOHN_LINE_LEN, linein)) == -1) break; if(len < 475) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); aktread++; continue; } essidlen = getwpapskfmt(len, linein); if(essidlen == 0) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); aktread++; continue; } if(essidlen < 2) { aktread++; continue; } essidlen--; if(memcmp(linein, &linein[essidlen +9], essidlen) != 0) { aktread++; continue; } macp = (essidlen *2) +10; while((macp < essidlen) || (linein[macp] != ':')) { macp++; } if((linein[macp +18] != ':') || (linein[macp +36] != ':') || (linein[macp +49] != ':')) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); aktread++; continue; } macaddr = strtoull(linein +macp +37, &macaddrstop, 16); if((macaddrstop -linein) != (macp +49)) { fprintf(stderr, "reading hash line %d failed: %s\n", aktread, linein); aktread++; continue; } fprintf(stdout, "%llx %.*s\n", macaddr, essidlen, linein); addapessid(macaddr, essidlen, (uint8_t*)linein); aktread++; } fclose(fh_file); return; } /*===========================================================================*/ static void readhccapxfile(char *hccapxname) { static struct stat statinfo; static hccapx_t *hcxptr; static FILE *fhhcx; static unsigned long long int macaddr; static uint8_t hcxdata[HCCAPX_SIZE]; if(stat(hccapxname, &statinfo) != 0) { fprintf(stderr, "can't stat %s\n", hccapxname); return; } if((statinfo.st_size %HCCAPX_SIZE) != 0) { fprintf(stderr, "file corrupt\n"); return; } if((fhhcx = fopen(hccapxname, "r")) == NULL) { fprintf(stderr, "error opening file %s", hccapxname); return; } hcxptr = (hccapx_t*)hcxdata; while(fread(&hcxdata, HCCAPX_SIZE, 1, fhhcx) == 1) { if(hcxptr->signature != HCCAPX_SIGNATURE) continue; if((hcxptr->version != 3) && (hcxptr->version != 4)) continue; if(hcxptr->essid_len > ESSID_LEN_MAX) continue; macaddr = 0; macaddr = hcxptr->mac_ap[0]; macaddr = (macaddr << 8) + hcxptr->mac_ap[1]; macaddr = (macaddr << 8) + hcxptr->mac_ap[2]; macaddr = (macaddr << 8) + hcxptr->mac_ap[3]; macaddr = (macaddr << 8) + hcxptr->mac_ap[4]; macaddr = (macaddr << 8) + hcxptr->mac_ap[5]; addapessid(macaddr, hcxptr->essid_len, hcxptr->essid); } fclose(fhhcx); return; } /*===========================================================================*/ static void readcommandline(char *macapname, char *essidname) { static int essidlen = 0; static ssize_t essidlenuh = 0; static char *macaddrstop = NULL; static unsigned long long int macaddr = 0xffffffffffffL; static uint8_t essid[ESSID_LEN_MAX]; if(macapname != NULL) { macaddr = strtoull(macapname, &macaddrstop, 16); if((macaddrstop -macapname) != 12) fprintf(stderr, "invalid MAC specified\n"); } memset(&essid, 0, ESSID_LEN_MAX); if(essidname != NULL) { essidlen = strlen(essidname); essidlenuh = ishexify(essidname); if((essidlenuh > 0) && (essidlenuh <= ESSID_LEN_MAX)) { if(hex2bin(&essidname[5], essid, essidlenuh) != -1) addapessid(macaddr, essidlenuh, essid); return; } memset(&essid, 0, ESSID_LEN_MAX); if(essidlen <= ESSID_LEN_MAX) memcpy(&essid, essidname, essidlen); } addapessid(macaddr, essidlen, essid); return; } /*===========================================================================*/ __attribute__ ((noreturn)) static void version(char *eigenname) { fprintf(stdout, "%s %s (C) %s ZeroBeat\n", eigenname, VERSION_TAG, VERSION_YEAR); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) static void usage(char *eigenname) { fprintf(stdout, "%s %s (C) %s ZeroBeat\n" "usage:\n" "%s \n" "\n" "options:\n" "-c : input PMKID/EAPOL hash file (hashcat -m 22000/22001)\n" "-i : input EAPOL hash file (hashcat -m 2500/2501)\n" "-j : input EAPOL hash file (john)\n" "-z : input PMKID hash file (hashcat -m 16800/16801 and john)\n" "-e : input ESSID\n" "-b : input MAC access point\n" " format: 112233445566\n" "-o : output PSK file\n" " default: stdout\n" " output list must be sorted unique!\n" "-h : show this help\n" "-v : show version\n" "\n" "--maconly : print only candidates based on ACCESS POINT MAC\n" "--noessidcombination: exclude ESSID combinations\n" "--netgear : include weak NETGEAR / ORBI / NTGR_VMB / ARLO_VMB / FoxtelHub candidates\n" "--spectrum : include weak MySpectrumWiFi / SpectrumSetup / MyCharterWiFi candidates\n" " list will be > 2.2GB\n" "--digit10 : include weak 10 digit candidates (INFINITUM, ALHN, INEA, VodafoneNet, VIVACOM)\n" " list will be > 1GB\n" "--phome : include weak PEGATRON / Vantiva candidates (CBCI, HOME, [SP/XF]SETUP)\n" " list will be > 2.9GB\n" "--tenda : include weak Tenda / NOVA / NOVE / BrosTrend candidates\n" "--ee : include weak 5GHz-EE / BrightBox / EE / EE-BrightBox candidates\n" " list will be > 1.3GB\n" "--eeupper : include weak EE-Hub candidates\n" " list will be > 3.8GB\n" "--alticeoptimum : include weak Altice/Optimum candidates (MyAltice, MyOptimum)\n" " list will be > 4.6GB\n" "--asus : include weak ASUS RT-AC candidates (ASUS_XX, RT-AC)\n" "--weakpass : include weak password candidates\n" "--eudate : include complete european dates\n" "--usdate : include complete american dates\n" "--wpskeys : include complete WPS keys\n" "--egn : include Bulgarian EGN\n" "--simple : include simple pattern\n" "--help : show this help\n" "--version : show version\n" "\n" "if hcxpsktool recovered your password, you should change it immediately!\n\n", eigenname, VERSION_TAG, VERSION_YEAR, eigenname); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) static void usageerror(char *eigenname) { fprintf(stdout, "%s %s (C) %s by ZeroBeat\n" "usage: %s -h for help\n", eigenname, VERSION_TAG, VERSION_YEAR, eigenname); exit(EXIT_FAILURE); } /*===========================================================================*/ int main(int argc, char *argv[]) { static int auswahl; static int index; static FILE *fhpsk; static char *pmkideapolname = NULL; static char *hccapxname = NULL; static char *johnname = NULL; static char *pmkidname = NULL; static char *essidname = NULL; static char *macapname = NULL; static char *pskname = NULL; airtelflag = false; alticeoptimumflag = false; asusflag = false; digit10flag = false; easyboxflag = false; eeflag = false; egnflag = false; eudateflag = false; hb5flag = false; maconlyflag = false; netgearflag = false; noessidcombinationflag = false; phomeflag = false; podaflag = false; simpleflag = false; spectrumflag = false; tendaflag = false; ukrtelecomflag = false; usdateflag = false; weakpassflag = false; wpskeysflag = false; znidflag = false; static const char *short_options = "c:i:j:z:o:e:b:o:hv"; static const struct option long_options[] = { {"alticeoptimum", no_argument, NULL, HCXD_ALTICEOPTIMUM}, {"asus", no_argument, NULL, HCXD_ASUS}, {"digit10", no_argument, NULL, HCXD_DIGIT10}, {"ee", no_argument, NULL, HCXD_EE}, {"eeupper", no_argument, NULL, HCXD_EEUPPER}, {"egn", no_argument, NULL, HCXD_EGN}, {"eudate", no_argument, NULL, HCXD_EUDATE}, {"maconly", no_argument, NULL, HCXD_MACONLY}, {"netgear", no_argument, NULL, HCXD_NETGEAR}, {"noessidcombination", no_argument, NULL, HCXD_NOESSIDCOMBINATION}, {"phome", no_argument, NULL, HCXD_PHOME}, {"simple", no_argument, NULL, HCXD_SIMPLE}, {"spectrum", no_argument, NULL, HCXD_SPECTRUM}, {"tenda", no_argument, NULL, HCXD_TENDA}, {"usdate", no_argument, NULL, HCXD_USDATE}, {"weakpass", no_argument, NULL, HCXD_WEAKPASS}, {"wpskeys", no_argument, NULL, HCXD_WPSKEYS}, {"version", no_argument, NULL, HCXD_VERSION}, {"help", no_argument, NULL, HCXD_HELP}, {NULL, 0, NULL, 0} }; auswahl = -1; index = 0; optind = 1; optopt = 0; while((auswahl = getopt_long (argc, argv, short_options, long_options, &index)) != -1) { switch (auswahl) { case HCXD_MACONLY: maconlyflag = true; break; case HCXD_NETGEAR: netgearflag = true; break; case HCXD_SPECTRUM: spectrumflag = true; break; case HCXD_NOESSIDCOMBINATION: noessidcombinationflag = true; break; case HCXD_DIGIT10: digit10flag = true; break; case HCXD_PHOME: phomeflag = true; break; case HCXD_TENDA: tendaflag = true; break; case HCXD_EE: eeflag = true; break; case HCXD_EEUPPER: eeupperflag = true; break; case HCXD_ALTICEOPTIMUM: alticeoptimumflag = true; break; case HCXD_ASUS: asusflag = true; break; case HCXD_WEAKPASS: weakpassflag = true; break; case HCXD_EUDATE: eudateflag = true; break; case HCXD_USDATE: usdateflag = true; break; case HCXD_WPSKEYS: wpskeysflag = true; break; case HCXD_EGN: egnflag = true; break; case HCXD_SIMPLE: simpleflag = true; break; case HCXD_HELP: usage(basename(argv[0])); break; case HCXD_VERSION: version(basename(argv[0])); break; case 'c': pmkideapolname = optarg; break; case 'i': hccapxname = optarg; break; case 'j': johnname = optarg; break; case 'z': pmkidname = optarg; break; case 'e': essidname = optarg; break; case 'b': macapname = optarg; if(strlen(macapname) != 12) { fprintf(stderr, "invalid MAC specified\n"); exit(EXIT_FAILURE); } break; case 'o': pskname = optarg; break; case '?': usageerror(basename(argv[0])); break; } } if(argc < 2) { fprintf(stderr, "no option selected\n"); return EXIT_SUCCESS; } globalinit(); if((macapname != NULL) || (essidname != NULL)) { readcommandline(macapname, essidname); } if(pmkideapolname != NULL) { readpmkideapolfile(pmkideapolname); } if(pmkidname != NULL) { readpmkidfile(pmkidname); } if(hccapxname != NULL) { readhccapxfile(hccapxname); } if(johnname != NULL) { readjohnfile(johnname); } if(apessidliste == NULL) { fprintf(stderr, "no hashes loaded\n"); } if(pskname != NULL) { if((fhpsk = fopen(pskname, "w")) == NULL) { fprintf(stderr, "error opening psk file %s\n", pskname); exit(EXIT_FAILURE); } processbssids(fhpsk); if(maconlyflag == false) { processessids(fhpsk); processbssidsessids(fhpsk); processadditionals(fhpsk); } } else { processbssids(stdout); if(maconlyflag == false) { processessids(stdout); processbssidsessids(stdout); processadditionals(stdout); } } if(pskname != NULL) { fclose(fhpsk); } EVP_cleanup(); CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); return EXIT_SUCCESS; } /*===========================================================================*/ hcxtools-6.3.5/hcxwltool.c000066400000000000000000000341171471436210700155720ustar00rootroot00000000000000#define _GNU_SOURCE #include #include #include #include #include #include #include #include #include "include/hcxwltool.h" #include "include/strings.c" #include "include/fileops.c" /*===========================================================================*/ /* global variable */ static bool wantstraight; static bool wantdigit; static bool wantxdigit; static bool wantlower; static bool wantupper; static bool wantcapital; static int sweeplen; /*===========================================================================*/ static void printstraightlower(FILE *fh_out, int len, char *linein) { static int p,px; static char lineout[LINEIN_MAX] = { 0 }; px = 0; for(p = 0; p < len; p++) { if(isupper((unsigned char)linein[p])) { lineout[p] = tolower((unsigned char)linein[p]); } else { lineout[p] = linein[p]; } if(isxdigit((unsigned char)lineout[p])) { px++; } } lineout[p] = 0; if(p != px) { fprintf(fh_out, "%s\n", lineout); } return; } /*===========================================================================*/ static void printstraightupper(FILE *fh_out, int len, char *linein) { static int p, px; static char lineout[LINEIN_MAX] = { 0 }; px = 0; for(p = 0; p < len; p++) { if(islower((unsigned char)linein[p])) { lineout[p] = toupper((unsigned char)linein[p]); } else { lineout[p] = linein[p]; } if(isxdigit((unsigned char)lineout[p])) { px++; } } lineout[p] = 0; if(p != px) { fprintf(fh_out, "%s\n", lineout); } return; } /*===========================================================================*/ static void printstraightcapital(FILE *fh_out, int len, char *linein) { static int p,px; static char lineout[LINEIN_MAX] = { 0 }; px = 0; for(p = 0; p < len; p++) { if(isupper((unsigned char)linein[p])) { lineout[p] = tolower((unsigned char)linein[p]); } else { lineout[p] = linein[p]; } if(isxdigit((unsigned char)lineout[p])) { px++; } } lineout[p] = 0; if((p != px) && ((lineout[0] >= 'a') && (lineout[0] <= 'z'))) { lineout[0] = toupper((unsigned char)linein[0]); fprintf(fh_out, "%s\n", lineout); } return; } /*===========================================================================*/ static void printstraightstraight(FILE *fh_out, char *linein) { fprintf(fh_out, "%s\n", linein); return; } /*===========================================================================*/ static void printstraigthsweep(FILE *fh_out, int slen, int len, char *linein) { static int l; static char lineout[LINEIN_MAX] = { 0 }; if(len >= slen) { for(l = 0; l <= len -slen; l++) { memcpy(&lineout, &linein[l], slen); lineout[slen] = 0; if(wantlower == true) { printstraightlower(fh_out, slen, lineout); } if(wantupper == true) { printstraightupper(fh_out, slen, lineout); } if(wantcapital == true) { printstraightcapital(fh_out, slen, lineout); } if((wantlower == false) && (wantupper == false) && (wantcapital == false)) { printstraightstraight(fh_out, lineout); } } } return; } /*===========================================================================*/ static void handlestraight(FILE *fh_out, int len, char *linein) { if(sweeplen == 0) { if(wantlower == true) { printstraightlower(fh_out, len, linein); } if(wantupper == true) { printstraightupper(fh_out, len, linein); } if(wantcapital == true) { printstraightcapital(fh_out, len, linein); } if((wantlower == false) && (wantupper == false) && (wantcapital == false)) { printstraightstraight(fh_out, linein); } } else { printstraigthsweep(fh_out, sweeplen, len,linein); } return; } /*===========================================================================*/ static void printxdigitlower(FILE *fh_out, int len, char *linein) { static int p, pd; static char lineout[LINEIN_MAX] = { 0 }; pd = 0; for(p = 0; p < len; p++) { if(isupper((unsigned char)linein[p])) { lineout[p] = tolower((unsigned char)linein[p]); } else { lineout[p] = linein[p]; } if(isdigit((unsigned char)lineout[p])) { pd++; } } lineout[p] = 0; if(p != pd) { fprintf(fh_out, "%s\n", lineout); } return; } /*===========================================================================*/ static void printxdigitupper(FILE *fh_out, int len, char *linein) { static int p, pd; static char lineout[LINEIN_MAX] = { 0 }; pd = 0; for(p = 0; p < len; p++) { if(islower((unsigned char)linein[p])) { lineout[p] = toupper((unsigned char)linein[p]); } else { lineout[p] = linein[p]; } if(isdigit((unsigned char)lineout[p])) { pd++; } } lineout[p] = 0; if(p != pd) { fprintf(fh_out, "%s\n", lineout); } return; } /*===========================================================================*/ static void printxdigitstraight(FILE *fh_out, int len, char *linein) { static int p, pd; pd = 0; for(p = 0; p < len; p++) { if(isdigit((unsigned char)linein[p])) { pd++; } } if(p != pd) { fprintf(fh_out, "%s\n", linein); } return; } /*===========================================================================*/ static void printxdigitsweep(FILE *fh_out, int slen, int len, char *linein) { static int l; static char lineout[LINEIN_MAX] = { 0 }; if(len >= slen) { for(l = 0; l <= len -slen; l++) { memcpy(&lineout, &linein[l], slen); lineout[slen] = 0; if(wantlower == true) { printxdigitlower(fh_out, slen, lineout); } if(wantupper == true) { printxdigitupper(fh_out, slen, lineout); } if((wantlower == false) && (wantupper == false)) { printxdigitstraight(fh_out, slen, lineout); } } } return; } /*===========================================================================*/ static void handlexdigit(FILE *fh_out, int len, char *linein) { static int i, o; static char lineout[LINEIN_MAX] = { 0 }; o = 0; for(i = 0; i < len; i++) { if(isxdigit((unsigned char)linein[i])) { lineout[o] = linein[i]; o++; } } lineout[o] = 0; if((o < 8) || (o > 63)) { return; } if(sweeplen == 0) { if(wantlower == true) { printxdigitlower(fh_out, o, lineout); } if(wantupper == true) { printxdigitupper(fh_out, o, lineout); } if((wantlower == false) && (wantupper == false)) { printxdigitstraight(fh_out, o, lineout); } } else { printxdigitsweep(fh_out, sweeplen, o,lineout); } return; } /*===========================================================================*/ static void printdigitsweep(FILE *fh_out, int slen, int len, char *linein) { static int l; static char lineout[LINEIN_MAX] = { 0 }; if(len >= slen) { for(l = 0; l <= len -slen; l++) { memcpy(&lineout, &linein[l], slen); lineout[slen] = 0; fprintf(fh_out, "%s\n", lineout); } } return; } /*===========================================================================*/ static void handledigit(FILE *fh_out, int len, char *linein) { static int i, o; static char lineout[LINEIN_MAX] = { 0 }; o = 0; for(i = 0; i < len; i++) { if(isdigit((unsigned char)linein[i])) { lineout[o] = linein[i]; o++; } } lineout[o] = 0; if((o < 8) || (o > 63)) { return; } if(sweeplen == 0) { fprintf(fh_out, "%s\n", lineout); } else { printdigitsweep(fh_out, sweeplen, o, lineout); } return; } /*===========================================================================*/ static int handleignore(int len, char *linein) { static const char *wlan = "WLAN-"; static const char *skyroam = "#Skyroam_"; static const char *huitube3 = "3HuiTube_"; static const char *pocket3 = "3Pocket_"; static const char *mobilewifi3 = "3MobileWiFi-"; static const char *tube3 = "3Tube_"; static const char *web3 = "3Web"; static const char *webcube = "WebCube"; static const char *neo3 = "3neo_"; static const char *wifi4g = "4G Wi-Fi 3Danmark-"; if(len == 11) { if(memcmp(wlan, linein, 5) == 0) { return 0; } if(memcmp(webcube, linein, 7) == 0) { return 0; } } if(len == 12) { if(memcmp(skyroam, linein, 9) == 0) { return 0; } if(memcmp(web3, linein, 4) == 0) { return 0; } if(memcmp(webcube, linein, 7) == 0) { return 0; } } if(len == 13) { if(memcmp(skyroam, linein, 9) == 0) { return 0; } if(memcmp(webcube, linein, 7) == 0) { return 0; } } if(len == 14) { if(memcmp(skyroam, linein, 9) == 0) { return 0; } if(memcmp(web3, linein, 4) == 0) { return 0; } if(memcmp(webcube, linein, 7) == 0) { return 0; } } if(len == 15) { if(memcmp(webcube, linein, 7) == 0) { return 0; } } if(len == 16) { if(memcmp(pocket3, linein, 8) == 0) { return 0; } if(memcmp(mobilewifi3, linein, 11) == 0) { return 0; } if(memcmp(neo3, linein, 5) == 0) { return 0; } } if(len == 17) { if(memcmp(tube3, linein, 6) == 0) { return 0; } } if(len == 18) { if(memcmp(huitube3, linein, 9) == 0) { return 0; } if(memcmp(wifi4g, linein, 18) == 0) { return 0; } } if(len == 20) { if(memcmp(huitube3, linein, 9) == 0) { return 0; } } if(len == 22) { if(memcmp(wifi4g, linein, 18) == 0) { return 0; } } return len; } /*===========================================================================*/ static int handlehex(int len, char *line) { static const char *token = "$HEX["; if(len >= 6) { if((memcmp(line, token, 5) == 0) && (line[len -1] == ']')) { return 0; } } return len; } /*===========================================================================*/ static void processwordlist(char *wordlistinname, FILE *fh_out) { static int len; static FILE *fh_in; static char linein[LINEIN_MAX]; if((fh_in = fopen(wordlistinname, "r")) == NULL) { fprintf(stderr, "opening wordlist failed %s\n", wordlistinname); return; } while(1) { if((len = fgetline(fh_in, LINEIN_MAX, linein)) == -1) { break; } if((len < 8) || (len > 70)) { continue; } if(handlehex(len, linein) == 0) { continue; } if(wantstraight == true) { if(handleignore(len, linein) != 0) { handlestraight(fh_out, len, linein); } } if(wantdigit == true) { handledigit(fh_out, len, linein); } if(wantxdigit == true) { handlexdigit(fh_out, len, linein); } } fclose(fh_in); return; } /*===========================================================================*/ __attribute__ ((noreturn)) static void version(char *eigenname) { fprintf(stdout, "%s %s (C) %s ZeroBeat\n", eigenname, VERSION_TAG, VERSION_YEAR); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) static void usage(char *eigenname) { fprintf(stdout, "%s %s (C) %s ZeroBeat\n" "usage:\n" "%s \n" "\n" "options:\n" "-i : input wordlist\n" "-o : output wordlist to file\n" "-h : show this help\n" "-v : show version\n" "\n" "--straight : output format untouched\n" "--digit : output format only digits\n" "--xdigit : output format only xdigits\n" "--lower : output format only lower\n" "--upper : output format only upper\n" "--capital : output format only capital\n" "--length= : password length (8...32)\n" "--help : show this help\n" "--version : show version\n" "\n" "examples:\n" "hcxwltool -i wordlist --straight | sort | uniq | hashcat -m 22000 hashfile.hc22000\n" "hcxwltool -i wordlist --digit --length=10 | sort | uniq | hashcat -m 22000 hashfile.hc22000\n" "hcxwltool -i wordlist --digit | sort | uniq | hashcat -m 22000 hashfile.hc22000\n" "hcxwltool -i wordlist --xdigit | sort | uniq | john --stdin --format=wpapsk-opencl john.hashfile\n" "\n", eigenname, VERSION_TAG, VERSION_YEAR, eigenname); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) static void usageerror(char *eigenname) { fprintf(stdout, "%s %s (C) %s by ZeroBeat\n" "usage: %s -h for help\n", eigenname, VERSION_TAG, VERSION_YEAR, eigenname); exit(EXIT_FAILURE); } /*===========================================================================*/ int main(int argc, char *argv[]) { static int auswahl; static int index; static FILE *fh_out; static char *wordlistinname = NULL; static char *wordlistoutname = NULL; static const char *short_options = "i:o:hv"; static const struct option long_options[] = { {"straight", no_argument, NULL, HCX_STRAIGHT}, {"digit", no_argument, NULL, HCX_DIGIT}, {"xdigit", no_argument, NULL, HCX_XDIGIT}, {"lower", no_argument, NULL, HCX_LOWER}, {"upper", no_argument, NULL, HCX_UPPER}, {"capital", no_argument, NULL, HCX_CAPITAL}, {"length", required_argument, NULL, HCX_SWEEP_LEN}, {"version", no_argument, NULL, HCX_VERSION}, {"help", no_argument, NULL, HCX_HELP}, {NULL, 0, NULL, 0} }; wantstraight = false; wantdigit = false; wantxdigit = false; wantlower = false; wantupper = false; wantcapital = false; sweeplen = 0; auswahl = -1; index = 0; optind = 1; optopt = 0; while((auswahl = getopt_long (argc, argv, short_options, long_options, &index)) != -1) { switch (auswahl) { case HCX_INPUT_WORDLIST: wordlistinname = optarg; break; case HCX_OUTPUT_WORDLIST: wordlistoutname = optarg; break; case HCX_STRAIGHT: wantstraight = true; break; case HCX_DIGIT: wantdigit = true; break; case HCX_XDIGIT: wantxdigit = true; break; case HCX_LOWER: wantlower = true; break; case HCX_UPPER: wantupper = true; break; case HCX_CAPITAL: wantcapital = true; break; case HCX_SWEEP_LEN: sweeplen = strtol(optarg, NULL, 10); if((sweeplen < 8) || (sweeplen > 32)) { fprintf(stderr, "only 8...32 allowed\n"); exit(EXIT_FAILURE); } break; case HCX_HELP: usage(basename(argv[0])); break; case HCX_VERSION: version(basename(argv[0])); break; case '?': usageerror(basename(argv[0])); break; } } if(argc < 2) { fprintf(stderr, "no option selected\n"); return EXIT_SUCCESS; } if(wordlistoutname != 0) { if((fh_out = fopen(wordlistoutname, "w")) == NULL) { perror("failed to open output file"); exit(EXIT_FAILURE); } } else { fh_out = stdout; } if(wordlistinname != NULL) { processwordlist(wordlistinname, fh_out); } if(wordlistoutname != 0) { fclose(fh_out); } return EXIT_SUCCESS; } /*===========================================================================*/ hcxtools-6.3.5/include/000077500000000000000000000000001471436210700150205ustar00rootroot00000000000000hcxtools-6.3.5/include/byteops.c000066400000000000000000000041051471436210700166510ustar00rootroot00000000000000#define _GNU_SOURCE #include #include #include /*===========================================================================*/ uint32_t rotl32(uint32_t a, uint32_t n) { return((a << n) | (a >> (32 - n))); } /*===========================================================================*/ uint64_t rotl64(uint64_t a, uint64_t n) { return ((a << n) | (a >> (64 - n))); } /*===========================================================================*/ uint32_t rotr32(uint32_t a, uint32_t n) { return ((a >> n) | (a << (32 - n))); } /*===========================================================================*/ uint64_t rotr64(uint64_t a, uint64_t n) { return ((a >> n) | (a << (64 - n))); } /*===========================================================================*/ uint16_t byte_swap_8(uint8_t n) { return (n & 0xf0) >> 4 | (n & 0x0f) << 4; } /*===========================================================================*/ uint16_t byte_swap_16(uint16_t n) { return (n & 0xff00) >> 8 | (n & 0x00ff) << 8; } /*===========================================================================*/ uint32_t byte_swap_32(uint32_t n) { #if defined (__clang__) || (defined (__GNUC__) && \ (__GNUC__ > 4 || __GNUC__ == 4 && __GNUC_MINOR__ > 2)) return __builtin_bswap32 (n); #else return(n & 0xff000000) >> 24 | (n & 0x00ff0000) >> 8 | (n & 0x0000ff00) << 8 | (n & 0x000000ff) << 24; #endif } /*===========================================================================*/ uint64_t byte_swap_64(uint64_t n) { #if defined (__clang__) || (defined (__GNUC__) && \ (__GNUC__ > 4 || __GNUC__ == 4 && __GNUC_MINOR__ > 2)) return __builtin_bswap64 (n); #else return (n & 0xff00000000000000ULL) >> 56 | (n & 0x00ff000000000000ULL) >> 40 | (n & 0x0000ff0000000000ULL) >> 24 | (n & 0x000000ff00000000ULL) >> 8 | (n & 0x00000000ff000000ULL) << 8 | (n & 0x0000000000ff0000ULL) << 24 | (n & 0x000000000000ff00ULL) << 40 | (n & 0x00000000000000ffULL) << 56; #endif } /*===========================================================================*/ hcxtools-6.3.5/include/fileops.c000066400000000000000000000104571471436210700166340ustar00rootroot00000000000000#define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include "fileops.h" /*===========================================================================*/ int getmagicnumber(int fd) { int res; magicnr_t mnr; res = read(fd, &mnr, 4); if(res != 4) return 0; return mnr.magic_number; } /*===========================================================================*/ void fwritetimestamphigh(uint32_t tshigh, FILE *fhd) { time_t pkttime; struct tm *pkttm; char tmbuf[64]; if(tshigh != 0) { pkttime = tshigh; pkttm = localtime(&pkttime); strftime(tmbuf, sizeof tmbuf, "%d%m%Y", pkttm); fprintf(fhd, "%s:", tmbuf); } else fprintf(fhd, "00000000:"); return; } /*===========================================================================*/ void fwriteaddr1(uint8_t *macw, FILE *fhd) { int p; for(p = 0; p< 6; p++) fprintf(fhd, "%02x", macw[p]); fprintf(fhd, ":"); return; } /*===========================================================================*/ void fwriteaddr1addr2(uint8_t *mac1, uint8_t *mac2, FILE *fhd) { fwriteaddr1(mac1, fhd); fwriteaddr1(mac2, fhd); return; } /*===========================================================================*/ void fwriteessidstrnoret(uint8_t len, unsigned char *essidstr, FILE *fhd) { int p; if(isasciistring(len, essidstr) != false) fprintf(fhd, "%.*s\n", len, essidstr); else { fprintf(fhd, "$HEX["); for(p = 0; p < len; p++) fprintf(fhd, "%02x", essidstr[p]); fprintf(fhd, "]:"); } return; } /*===========================================================================*/ void fwriteessidstr(uint8_t len, unsigned char *essidstr, FILE *fhd) { int p; if((len == 0) || (len > ESSID_LEN_MAX)) return; if(essidstr[0] == 0) return; if(isasciistring(len, essidstr) != false) fprintf(fhd, "%.*s\n", len, essidstr); else { fprintf(fhd, "$HEX["); for(p = 0; p < len; p++) fprintf(fhd, "%02x", essidstr[p]); fprintf(fhd, "]\n"); } return; } /*===========================================================================*/ void fwritedeviceinfostr(uint8_t len, unsigned char *deviceinfostr, FILE *fhd) { int p; fprintf(fhd, "\t"); if(deviceinfostr[0] == 0) return; if(isasciistring(len, deviceinfostr) != false) fprintf(fhd, "%.*s", len, deviceinfostr); else { fprintf(fhd, "$HEX["); for(p = 0; p < len; p++) fprintf(fhd, "%02x", deviceinfostr[p]); fprintf(fhd, "]"); } return; } /*===========================================================================*/ void fwritestring(uint8_t len, unsigned char *essidstr, FILE *fhd) { int p; if(isasciistring(len, essidstr) != false) fprintf(fhd, "%.*s\n", len, essidstr); else { fprintf(fhd, "$HEX["); for(p = 0; p < len; p++) fprintf(fhd, "%02x", essidstr[p]); fprintf(fhd, "]\n"); } return; } /*===========================================================================*/ void fwritehexbuffraw(uint8_t bufflen, uint8_t *buff, FILE *fhd) { int p; for(p = 0; p < bufflen; p++) fprintf(fhd, "%02x", buff[p]); return; } /*===========================================================================*/ void fwritehexbuff(uint8_t bufflen, uint8_t *buff, FILE *fhd) { int p; for(p = 0; p < bufflen; p++) fprintf(fhd, "%02x", buff[p]); fprintf(fhd, "\n"); return; } /*===========================================================================*/ void removeemptyfile(char *filenametoremove) { struct stat statinfo; if(filenametoremove == NULL) return; if(stat(filenametoremove, &statinfo) != 0) return; if(statinfo.st_size == 0) { remove(filenametoremove); return; } return; } /*===========================================================================*/ static size_t chop(char *buffer, size_t len) { static char *ptr; ptr = buffer +len -1; while (len) { if (*ptr != '\n') break; *ptr-- = 0; len--; } while (len) { if (*ptr != '\r') break; *ptr-- = 0; len--; } return len; } /*---------------------------------------------------------------------------*/ static inline int fgetline(FILE *inputstream, size_t size, char *buffer) { static size_t len; static char *buffptr; if(feof(inputstream)) return -1; buffptr = fgets (buffer, size, inputstream); if(buffptr == NULL) return -1; len = strlen(buffptr); len = chop(buffptr, len); return len; } /*===========================================================================*/ hcxtools-6.3.5/include/fileops.h000066400000000000000000000005111471436210700166270ustar00rootroot00000000000000#define ESSID_LEN_MAX 32 /*===========================================================================*/ struct magicnr_s { uint32_t magic_number; /* magic number */ }; typedef struct magicnr_s magicnr_t; #define MAGICNR_SIZE (sizeof(magicnr_t)) /*===========================================================================*/ hcxtools-6.3.5/include/gzops.c000066400000000000000000000041651471436210700163340ustar00rootroot00000000000000#include #include "gzops.h" /*===========================================================================*/ bool testgzipfile(char *pcapinname) { int pcapr_fd; uint32_t magicnumber; pcapr_fd = open(pcapinname, O_RDONLY); if(pcapr_fd == -1) return false; magicnumber = getmagicnumber(pcapr_fd); close(pcapr_fd); #ifdef BIG_ENDIAN_HOST magicnumber = byte_swap_32(magicnumber); #endif if((magicnumber & 0xffff) != GZIPMAGICNUMBER) return false; if(((magicnumber >> 16) & 0xff) != DEFLATE) return false; return true; } /*===========================================================================*/ bool decompressgz(char *gzname, char *tmpoutname) { FILE *fhin = NULL; FILE *fhout = NULL; z_stream strm; unsigned char in[CHUNK]; unsigned char out[CHUNK]; memset(&strm, 0, sizeof (strm)); strm.zalloc = Z_NULL; strm.zfree = Z_NULL; strm.opaque = Z_NULL; strm.next_in = in; strm.avail_in = 0; inflateInit2(& strm, windowBits | ENABLE_ZLIB_GZIP); printf("decompressing %s to %s\n", basename(gzname), tmpoutname); fhin = fopen (gzname, "r"); if(fhin == NULL) { printf("failed to decompress%s\n", gzname); return false; } fhout = fopen (tmpoutname, "w"); if(fhin == NULL) { printf("failed to decompress%s\n", tmpoutname); return false; } while(1) { int bytes_read; int zlib_status; bytes_read = fread(in, sizeof(char), sizeof(in), fhin); if(ferror(fhin)) { inflateEnd(&strm); printf("failed to decompress %s\n", gzname); fclose(fhout); fclose(fhin); return false; } strm.avail_in = bytes_read; strm.next_in = in; do { unsigned have; strm.avail_out = CHUNK; strm.next_out = out; zlib_status = inflate(&strm, Z_NO_FLUSH); switch (zlib_status) { case Z_OK: case Z_STREAM_END: case Z_BUF_ERROR: break; default: inflateEnd (&strm); printf("failed to decompress %s\n", gzname); return false; } have = CHUNK -strm.avail_out; fwrite(out, sizeof (unsigned char), have, fhout); } while(strm.avail_out == 0); if(feof(fhin)) { inflateEnd(&strm); break; } } fclose(fhout); fclose(fhin); return true; } /*===========================================================================*/ hcxtools-6.3.5/include/gzops.h000066400000000000000000000002011471436210700163240ustar00rootroot00000000000000#define GZIPMAGICNUMBER 0x8b1f #define DEFLATE 0x08 #define CHUNK 0x4000 #define windowBits 15 #define ENABLE_ZLIB_GZIP 32 hcxtools-6.3.5/include/hashcatops.c000066400000000000000000000123761471436210700173320ustar00rootroot00000000000000#include #include #include "hashcatops.h" /*===========================================================================*/ void writehccapxrecord(hcxl_t *zeiger, FILE *fho) { hccapx_t hccapx; wpakey_t *wpak, *wpak2; memset (&hccapx, 0, sizeof(hccapx_t)); hccapx.signature = HCCAPX_SIGNATURE; hccapx.version = HCCAPX_VERSION; hccapx.message_pair = 0x80; if((zeiger->keyinfo_ap == 1) && (zeiger->keyinfo_sta == 4)) { hccapx.message_pair = MESSAGE_PAIR_M12E2; if(zeiger->replaycount_ap != zeiger->replaycount_sta) { hccapx.message_pair |= 0x80; } } else if((zeiger->keyinfo_ap == 2) && (zeiger->keyinfo_sta == 4)) { hccapx.message_pair = MESSAGE_PAIR_M32E2; if(zeiger->replaycount_ap -1 != zeiger->replaycount_sta) { hccapx.message_pair |= 0x80; } } else if((zeiger->keyinfo_ap == 16) && (zeiger->keyinfo_sta == 4)) { hccapx.message_pair = MESSAGE_PAIR_M32E3; if(zeiger->replaycount_ap -1 != zeiger->replaycount_sta) { hccapx.message_pair |= 0x80; } } else if((zeiger->keyinfo_ap == 1) && (zeiger->keyinfo_sta == 8)) { hccapx.message_pair = MESSAGE_PAIR_M14E4; if(zeiger->replaycount_ap +1 != zeiger->replaycount_sta) { hccapx.message_pair |= 0x80; } } else if((zeiger->keyinfo_ap == 2) && (zeiger->keyinfo_sta == 8)) { hccapx.message_pair = MESSAGE_PAIR_M34E4; if(zeiger->replaycount_ap != zeiger->replaycount_sta) { hccapx.message_pair |= 0x80; } } hccapx.message_pair |= zeiger->endianess; wpak = (wpakey_t*)(zeiger->eapol +EAPAUTH_SIZE); hccapx.essid_len = zeiger->essidlen; memcpy(&hccapx.essid, zeiger->essid, 32); memcpy(&hccapx.mac_ap, zeiger->mac_ap, 6); memcpy(&hccapx.mac_sta, zeiger->mac_sta, 6); if(zeiger->keyinfo_ap == 16) { memcpy(&hccapx.nonce_ap, wpak->nonce, 32); memcpy(&hccapx.nonce_sta, zeiger->nonce, 32); } else { memcpy(&hccapx.nonce_ap, zeiger->nonce, 32); memcpy(&hccapx.nonce_sta, wpak->nonce, 32); } hccapx.eapol_len = zeiger->authlen; memcpy(&hccapx.eapol, zeiger->eapol, zeiger->authlen); memcpy(&hccapx.keymic, wpak->keymic, 16); wpak2 = (wpakey_t*)(hccapx.eapol +EAPAUTH_SIZE); memset(wpak2->keymic, 0, 16); hccapx.keyver = ntohs(wpak->keyinfo) & WPA_KEY_INFO_TYPE_MASK; #ifdef BIG_ENDIAN_HOST hccapx.signature = byte_swap_32(hccapx.signature); hccapx.version = byte_swap_32(hccapx.version); hccapx.eapol_len = byte_swap_16(hccapx.eapol_len); #endif fwrite (&hccapx, sizeof(hccapx_t), 1, fho); return; } /*===========================================================================*/ void writehccaprecord(unsigned long long int noncefuzz, hcxl_t *zeiger, FILE *fho) { hccap_t hccap; wpakey_t *wpak, *wpak2; unsigned int n; unsigned int anonce; memset (&hccap, 0, sizeof(hccap_t)); wpak = (wpakey_t*)(zeiger->eapol +EAPAUTH_SIZE); memcpy(&hccap.essid, zeiger->essid, 32); memcpy(&hccap.mac1, zeiger->mac_ap, 6); memcpy(&hccap.mac2, zeiger->mac_sta, 6); if(zeiger->keyinfo_ap == 16) { memcpy(&hccap.nonce1, zeiger->nonce, 32); memcpy(&hccap.nonce2, wpak->nonce, 32); } else { memcpy(&hccap.nonce1, wpak->nonce, 32); memcpy(&hccap.nonce2, zeiger->nonce, 32); } hccap.eapol_size = zeiger->authlen; memcpy(&hccap.eapol, zeiger->eapol, zeiger->authlen); memcpy(&hccap.keymic, wpak->keymic, 16); wpak2 = (wpakey_t*)(hccap.eapol +EAPAUTH_SIZE); memset(wpak2->keymic, 0, 16); hccap.keyver = ntohs(wpak->keyinfo) & WPA_KEY_INFO_TYPE_MASK; if(hccap.keyver == 0) { hccap.keyver = 3; } #ifdef BIG_ENDIAN_HOST hccap.eapol_size = byte_swap_16(hccap.eapol_size); #endif if((zeiger->endianess & 0x10) == 0x10) { fwrite (&hccap, sizeof(hccap_t), 1, fho); } else if((zeiger->endianess & 0x20) == 0x20) { anonce = zeiger->nonce[31] | (zeiger->nonce[30] << 8) | (zeiger->nonce[29] << 16) | (zeiger->nonce[28] << 24); anonce -= noncefuzz/2; for (n = 0; n < noncefuzz; n++) { hccap.nonce2[28] = (anonce >> 24) & 0xff; hccap.nonce2[29] = (anonce >> 16) & 0xff; hccap.nonce2[30] = (anonce >> 8) & 0xff; hccap.nonce2[31] = anonce & 0xff; fwrite (&hccap, sizeof(hccap_t), 1, fho); anonce++; } } else if((zeiger->endianess & 0x40) == 0x40) { anonce = zeiger->nonce[28] | (zeiger->nonce[29] << 8) | (zeiger->nonce[30] << 16) | (zeiger->nonce[31] << 24); anonce -= noncefuzz/2; for (n = 0; n < noncefuzz; n++) { hccap.nonce2[31] = (anonce >> 24) & 0xff; hccap.nonce2[30] = (anonce >> 16) & 0xff; hccap.nonce2[29] = (anonce >> 8) & 0xff; hccap.nonce2[28] = anonce & 0xff; fwrite (&hccap, sizeof(hccap_t), 1, fho); anonce++; } } else { anonce = zeiger->nonce[31] | (zeiger->nonce[30] << 8) | (zeiger->nonce[29] << 16) | (zeiger->nonce[28] << 24); anonce -= noncefuzz/2; for (n = 0; n < noncefuzz; n++) { hccap.nonce2[28] = (anonce >> 24) & 0xff; hccap.nonce2[29] = (anonce >> 16) & 0xff; hccap.nonce2[30] = (anonce >> 8) & 0xff; hccap.nonce2[31] = anonce & 0xff; fwrite (&hccap, sizeof(hccap_t), 1, fho); anonce++; } anonce = zeiger->nonce[28] | (zeiger->nonce[29] << 8) | (zeiger->nonce[30] << 16) | (zeiger->nonce[31] << 24); anonce -= noncefuzz/2; for (n = 0; n < noncefuzz; n++) { hccap.nonce2[31] = (anonce >> 24) & 0xff; hccap.nonce2[30] = (anonce >> 16) & 0xff; hccap.nonce2[29] = (anonce >> 8) & 0xff; hccap.nonce2[28] = anonce & 0xff; fwrite (&hccap, sizeof(hccap_t), 1, fho); anonce++; } } return; } /*===========================================================================*/ hcxtools-6.3.5/include/hashcatops.h000066400000000000000000000030311471436210700173230ustar00rootroot00000000000000#define MESSAGE_PAIR_M12E2 0 #define MESSAGE_PAIR_M14E4 1 #define MESSAGE_PAIR_M32E2 2 #define MESSAGE_PAIR_M32E3 3 #define MESSAGE_PAIR_M34E3 4 #define MESSAGE_PAIR_M34E4 5 /*===========================================================================*/ struct hccapx_s { uint32_t signature; #define HCCAPX_SIGNATURE 0x58504348 uint32_t version; #define HCCAPX_VERSION 4 uint8_t message_pair; uint8_t essid_len; uint8_t essid[32]; uint8_t keyver; uint8_t keymic[16]; uint8_t mac_ap[6]; uint8_t nonce_ap[32]; uint8_t mac_sta[6]; uint8_t nonce_sta[32]; uint16_t eapol_len; uint8_t eapol[256]; } __attribute__((packed)); typedef struct hccapx_s hccapx_t; #define HCCAPX_SIZE (sizeof(hccapx_t)) /*===========================================================================*/ struct hccap_s { char essid[36]; unsigned char mac1[6]; /* bssid */ unsigned char mac2[6]; /* client */ unsigned char nonce1[32]; /* snonce client */ unsigned char nonce2[32]; /* anonce bssid */ unsigned char eapol[256]; int eapol_size; int keyver; unsigned char keymic[16]; }; typedef struct hccap_s hccap_t; #define HCCAP_SIZE (sizeof(hccap_t)) /*===========================================================================*/ struct pmklist_s { uint8_t pmk[32]; bool essidflag; uint8_t essidlen; uint8_t essid[32]; bool pskflag; uint8_t psklen; uint8_t psk[64]; } __attribute__((__packed__)); typedef struct pmklist_s pmklist_t; #define PMKLIST_SIZE (sizeof(pmklist_t)) /*===========================================================================*/ hcxtools-6.3.5/include/hashops.c000066400000000000000000000006161471436210700166340ustar00rootroot00000000000000#include "hashops.h" /*===========================================================================*/ uint32_t fcscrc32check(const uint8_t *buffer, uint32_t bufferlen) { uint32_t crc = 0xFFFFFFFF; uint32_t p; for(p = 0; p < bufferlen; ++p) { crc = crc32table[(crc ^buffer[p]) & 0xff] ^(crc >> 8); } return ~crc; } /*===========================================================================*/ hcxtools-6.3.5/include/hashops.h000066400000000000000000000063511471436210700166430ustar00rootroot00000000000000/*===========================================================================*/ /* CRC polynomial 0xedb88320 */ static const uint32_t crc32table[] = { 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f, 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988, 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9, 0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172, 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59, 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423, 0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924, 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106, 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433, 0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950, 0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65, 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0, 0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa, 0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f, 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a, 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, 0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb, 0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc, 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b, 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55, 0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236, 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe, 0xb2bd0b28, 0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d, 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242, 0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777, 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69, 0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2, 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc, 0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9, 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693, 0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94, 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d }; /*===========================================================================*/ hcxtools-6.3.5/include/hcxeiutool.h000066400000000000000000000006001471436210700173500ustar00rootroot00000000000000#define ESSID_LEN_MAX 32 #define HCX_INPUT_WORDLIST 'i' #define HCX_OUTPUT_DIGITLIST 'd' #define HCX_OUTPUT_XDIGITLIST 'x' #define HCX_OUTPUT_CHARLIST 'c' #define HCX_OUTPUT_CSLIST 's' #define HCX_HELP 'h' #define HCX_VERSION 'v' #define LINEIN_MAX 256 #define LINE_MAX 68 #define WORD_MAX 64 #define DIGITWORD 0 #define XDIGITWORD 1 #define CHARWORD 2 #define CSWORD 3 hcxtools-6.3.5/include/hcxhash2cap.h000066400000000000000000000011271471436210700173660ustar00rootroot00000000000000#define ESSID_LEN_MAX 32 #define PMKID_LINE_LEN 255 #define JOHN_LINE_LEN 1024 #define PMKIDEAPOL_LINE_LEN 1024 #define PMKIDEAPOL_BUFFER_LEN 1024 #define EAPOL_AUTHLEN_MAX 256 #define HCXP_CAP 'c' #define HCXP_PMKID_EAPOL '1' #define HCXP_PMKID '2' #define HCXP_HCCAPX '3' #define HCXP_HCCAP '4' #define HCXP_JOHN '5' #define HCXP_HELP 'h' #define HCXP_VERSION 'v' #ifdef __BYTE_ORDER__ #if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ #define BIG_ENDIAN_HOST #endif #else #ifdef __OpenBSD__ # include # if BYTE_ORDER == BIG_ENDIAN # define BIG_ENDIAN_HOST # endif #endif #endif hcxtools-6.3.5/include/hcxhashtool.h000066400000000000000000000134251471436210700175220ustar00rootroot00000000000000#define OUILIST_MAX 50000 #define OUI_LINE_LEN 50000 #define OUIBUFFER_MAX 8192 #define HCX_TYPE_PMKID 1 #define HCX_TYPE_EAPOL 2 #define ESSID_LEN_MIN 0 #define ESSID_LEN_MAX 32 #define EAPOL_AUTHLEN_MAX 251 #define PMKIDEAPOL_LINE_LEN 1024 #define PMKIDEAPOL_BUFFER_LEN 1024 #define HASHLIST_MAX 50000 #define PBKDF2_LINE_LEN 1024 #define PMK_LEN 32 #define PSK_LEN_MIN 8 #define PSK_LEN_MAX 63 #define HCX_HASH_TYPE 1 #define HCX_HASH_MIN 2 #define HCX_HASH_MAX 3 #define HCX_ESSID_GROUP 4 #define HCX_ESSID_LEN 5 #define HCX_ESSID_MIN 6 #define HCX_ESSID_MAX 7 #define HCX_FILTER_ESSID_LIST_IN 8 #define HCX_MAC_GROUP_AP 9 #define HCX_MAC_GROUP_CLIENT 10 #define HCX_OUI_GROUP 11 #define HCX_FILTER_OUI_AP 12 #define HCX_FILTER_OUI_CLIENT 13 #define HCX_FILTER_MAC_AP 14 #define HCX_FILTER_MAC_CLIENT 15 #define HCX_FILTER_MAC_LIST_IN 16 #define HCX_FILTER_MAC_LIST_SKIP 17 #define HCX_FILTER_VENDOR 18 #define HCX_FILTER_VENDOR_AP 19 #define HCX_FILTER_VENDOR_CLIENT 20 #define HCX_FILTER_ESSID 21 #define HCX_FILTER_ESSID_PART 22 #define HCX_FILTER_ESSID_PARTX 23 #define HCX_FILTER_ESSID_REGEX 24 #define HCX_FILTER_RC 25 #define HCX_FILTER_RC_NOT 26 #define HCX_FILTER_M12 27 #define HCX_FILTER_M1234 28 #define HCX_FILTER_M1M2ROGUE 29 #define HCX_PSK 30 #define HCX_PMK 31 #define HCX_VENDOR_OUT 32 #define HCX_INFO_OUT 33 #define HCX_INFO_VENDOR_OUT 34 #define HCX_INFO_VENDOR_AP_OUT 35 #define HCX_INFO_VENDOR_CLIENT_OUT 36 #define HCX_HCCAPX_IN 37 #define HCX_HCCAPX_OUT 38 #define HCX_HCCAP_IN 39 #define HCX_HCCAP_OUT 40 #define HCX_HCCAP_SINGLE_OUT 41 #define HCX_JOHN_OUT 42 #define HCX_PMKIDEAPOL_IN 'i' #define HCX_PMKIDEAPOL_OUT 'o' #define HCX_ESSID_OUT 'E' #define HCX_ESSID_RAW_OUT 'L' #define HCX_DOWNLOAD_OUI 'd' #define HCX_PBKDF2_IN 'p' #define HCX_HELP 'h' #define HCX_VERSION 'v' /*===========================================================================*/ /*===========================================================================*/ struct hashlist_s { uint8_t type; #define HS_REMOVED 0xff; #define HS_PMKID 1; #define HS_EAPOL 2; uint8_t hash[16]; uint8_t ap[6]; uint8_t client[6]; uint8_t essidlen; uint8_t essid[ESSID_LEN_MAX]; uint8_t nonce[32]; uint16_t eapauthlen; uint8_t eapol[EAPOL_AUTHLEN_MAX]; uint8_t mp; }; typedef struct hashlist_s hashlist_t; #define HASHLIST_SIZE (sizeof(hashlist_t)) static int sort_hashlist_by_essid(const void *a, const void *b) { const hashlist_t *ia = (const hashlist_t *)a; const hashlist_t *ib = (const hashlist_t *)b; int cmp; cmp = memcmp(ia->essid, ib->essid, ESSID_LEN_MAX); if(cmp > 0) return 1; else if(cmp < 0) return -1; return 0; } static int sort_hashlist_by_essidlen(const void *a, const void *b) { const hashlist_t *ia = (const hashlist_t *)a; const hashlist_t *ib = (const hashlist_t *)b; int cmp; if(ia->essidlen > ib->essidlen) return 1; else if(ia->essidlen < ib->essidlen) return -1; cmp = memcmp(ia->essid, ib->essid, ia->essidlen); if(cmp > 0) return 1; else if(cmp < 0) return -1; return 0; } static int sort_hashlist_by_macap(const void *a, const void *b) { const hashlist_t *ia = (const hashlist_t *)a; const hashlist_t *ib = (const hashlist_t *)b; int cmp; cmp = memcmp(ia->ap, ib->ap, 6); if(cmp > 0) return 1; else if(cmp < 0) return -1; return 0; } static int sort_hashlist_by_macclient(const void *a, const void *b) { const hashlist_t *ia = (const hashlist_t *)a; const hashlist_t *ib = (const hashlist_t *)b; int cmp; cmp = memcmp(ia->client, ib->client, 6); if(cmp > 0) return 1; else if(cmp < 0) return -1; return 0; } static int sort_hashlist_by_type(const void *a, const void *b) { const hashlist_t *ia = (const hashlist_t *)a; const hashlist_t *ib = (const hashlist_t *)b; if(ia->type > ib->type) return 1; else if(ia->type < ib->type) return -1; return 0; } /*===========================================================================*/ struct ouilist_s { uint8_t type; #define TYPE_AP 1 #define TYPE_CLIENT 2 uint8_t oui[3]; #define VENDOR_LEN_MAX 128 char vendor[VENDOR_LEN_MAX]; }; typedef struct ouilist_s ouilist_t; #define OUILIST_SIZE (sizeof(ouilist_t)) static int sort_ouilist_by_oui(const void *a, const void *b) { const ouilist_t *ia = (const ouilist_t *)a; const ouilist_t *ib = (const ouilist_t *)b; int cmp; cmp = memcmp(ia->oui, ib->oui, 3); if(cmp > 0) return 1; else if(cmp < 0) return -1; return 0; } /*===========================================================================*/ struct essidlist_s { int essidlen; uint8_t essid[ESSID_LEN_MAX]; }; typedef struct essidlist_s essidlist_t; #define ESSIDLIST_SIZE (sizeof(essidlist_t)) static int sort_essidlistin(const void *a, const void *b) { const essidlist_t *ia = (const essidlist_t *)a; const essidlist_t *ib = (const essidlist_t *)b; int cmp; if(ia->essidlen > ib->essidlen) return 1; else if(ia->essidlen < ib->essidlen) return -1; cmp = memcmp(ia->essid, ib->essid, ia->essidlen); if(cmp > 0) return 1; else if(cmp < 0) return -1; return 0; } /*===========================================================================*/ struct maclist_s { uint8_t mac[6]; }; typedef struct maclist_s maclist_t; #define MACLIST_SIZE (sizeof(maclist_t)) static int sort_maclistin(const void *a, const void *b) { const maclist_t *ia = (const maclist_t *)a; const maclist_t *ib = (const maclist_t *)b; int cmp; cmp = memcmp(ia->mac, ib->mac, 6); if(cmp > 0) return 1; else if(cmp < 0) return -1; return 0; } /*===========================================================================*/ struct pmklist_s { uint8_t status; uint8_t essidlen; uint8_t psklen; uint8_t pmk[PMK_LEN]; uint8_t essid[ESSID_LEN_MAX]; uint8_t psk[PSK_LEN_MAX]; }; typedef struct pmklist_s pmklist_t; #define PMKLIST_SIZE (sizeof(pmklist_t)) /*===========================================================================*/ hcxtools-6.3.5/include/hcxpcapngtool.h000066400000000000000000000375601471436210700200550ustar00rootroot00000000000000#define HCX_EAPOL_TIMEOUT 1 #define HCX_NC 2 #define HCX_IE 3 #define HCX_CONVERT_ALL 4 #define HCX_ESSIDS 5 #define HCX_EAPMD5_OUT 6 #define HCX_EAPLEAP_OUT 7 #define HCX_EAPMD5_JOHN_OUT 8 #define HCX_TACACSP_OUT 9 #define HCX_NMEA_OUT 10 #define HCX_CSV_OUT 11 #define HCX_RAW_OUT 12 #define HCX_RAW_IN 13 #define HCX_LTS 14 #define HCX_LOG_OUT 15 #define HCX_PMKID_CLIENT_OUT 16 #define HCX_PMKID_OUT_DEPRECATED 17 #define HCX_HCCAPX_OUT_DEPRECATED 18 #define HCX_HCCAP_OUT_DEPRECATED 19 #define HCX_PMKIDEAPOLJTR_OUT_DEPRECATED 20 #define HCX_PREFIX_OUT 21 #define HCX_ADD_TIMESTAMP 22 #define HCX_TRACK_IN 23 #define HCX_PMKIDEAPOL_OUT 'o' #define HCX_ESSID_OUT 'E' #define HCX_ESSIDPROBEREQUEST_OUT 'R' #define HCX_IDENTITY_OUT 'I' #define HCX_DEVICEINFO_OUT 'D' #define HCX_USERNAME_OUT 'U' #define HCX_HELP 'h' #define HCX_VERSION 'v' #define ERROR_WARNING_MAX_L1 10 #define ERROR_WARNING_MAX_L2 50 #define ERROR_WARNING_MAX_L3 100 #define PREFIX_BUFFER_MAX PATH_MAX -20 #define ESSID_LEN_MAX 32 #define OPTIONLEN_MAX 1024 #define GPX_MAX 256 #define NMEA_MAX 256 #define MAX_INTERFACE_ID 255 #define RAW_LEN_MAX 131072 #define MACLIST_MAX 100000 #define HANDSHAKELIST_MAX 100000 #define PMKIDLIST_MAX 100000 #define MESSAGELIST_MAX 64 #define EAPOL_AUTHLEN_MAX 251 #define EAPMD5HASHLIST_MAX 1000 #define EAPMD5MSGLIST_MAX 32 #define EAPMD5_LEN_MAX 16 #define EAPLEAPHASHLIST_MAX 1000 #define EAPLEAPMSGLIST_MAX 32 #define LEAPREQ_LEN_MAX 8 #define LEAPRESP_LEN_MAX 24 #define LEAPUSERNAME_LEN_MAX 120 #define EAPMSCHAPV2HASHLIST_MAX 1000 #define EAPMSCHAPV2MSGLIST_MAX 32 #define MSCHAPV2REQ_LEN_MAX 16 #define MSCHAPV2RESP_LEN_MAX 49 #define MSCHAPV2USERNAME_LEN_MAX 120 #define MSCHAPV2_CHALLENGE_AUTH_LEN_MAX 16 #define MSCHAPV2_CHALLENGE_PEER_LEN_MAX 16 #define MSCHAPV2_CHALLENGE_LEN_MAX 8 #define MSCHAPV2_RESERVED_LEN_MAX 8 #define MSCHAPV2_NTRESPONSE_LEN_MAX 24 #define TACACSPLIST_MAX 1000 #define ESSIDSMAX 1 #define EAPOLTIMEOUT 5000000000ULL #define NONCEERRORCORRECTION 0 #define HCX_TYPE_PMKID 1 #define HCX_TYPE_EAPOL 2 #define MESSAGE_PAIR_M12E2 0 #define MESSAGE_PAIR_M14E4 1 #define MESSAGE_PAIR_M32E2 2 #define MESSAGE_PAIR_M32E3 3 #define MESSAGE_PAIR_M34E3 4 #define MESSAGE_PAIR_M34E4 5 #define CHANNEL_MAX 255 #define GHZ24 1 #define GHZ5 2 /*===========================================================================*/ /*===========================================================================*/ struct tags_s { uint8_t channel; uint8_t kdversion; #define KV_RSNIE 1 #define KV_WPAIE 2 uint8_t groupcipher; uint8_t cipher; #define TCS_WEP40 0x01 #define TCS_TKIP 0x02 #define TCS_WRAP 0x04 #define TCS_CCMP 0x08 #define TCS_GCMP 0x10 #define TCS_WEP104 0x20 #define TCS_BIP 0x40 #define TCS_NOT_ALLOWED 0x80 uint16_t akm; #define TAK_PMKSA 0x0001 #define TAK_PSK 0x0002 #define TAK_FT 0x0004 #define TAK_FT_PSK 0x0008 #define TAK_PMKSA256 0x0010 #define TAK_PSKSHA256 0x0020 #define TAK_TDLS 0x0040 #define TAK_SAE_SHA256 0x0080 #define TAK_FT_SAE 0x0100 #define TAK_AP_PKA 0x0200 #define TAK_SAE_SHA256B 0x0400 #define TAK_SAE_SHA384B 0x0800 #define TAK_OWE 0x1000 uint16_t mdid; uint8_t r0khidlen; uint8_t r0khid[48]; uint8_t r1khidlen; uint8_t r1khid[48]; uint8_t pmkid[16]; uint8_t wpsinfo; char country[2]; uint8_t essidlen; uint8_t essid[ESSID_LEN_MAX]; #define DEVICE_INFO_MAX 64 uint8_t manufacturerlen; uint8_t manufacturer[DEVICE_INFO_MAX]; uint8_t modellen; uint8_t model[DEVICE_INFO_MAX]; uint8_t serialnumberlen; uint8_t serialnumber[DEVICE_INFO_MAX]; uint8_t devicenamelen; uint8_t devicename[DEVICE_INFO_MAX]; #define WPS_ENROLLEE_LEN 16 uint8_t enrolleelen; uint8_t enrollee[WPS_ENROLLEE_LEN]; }; typedef struct tags_s tags_t; #define TAGS_SIZE (sizeof(tags_t)) /*===========================================================================*/ struct maclist_s { uint64_t timestamp; int count; uint8_t type; #define REMOVED 0 #define CLIENT 0x01 #define AP 0x02 uint8_t status; #define ST_PROBE_REQ 1 #define ST_BEACON 2 #define ST_PROBE_RESP 4 #define ST_ASSOC_REQ 8 #define ST_REASSOC_REQ 16 #define ST_ACT_MR_REQ 32 uint8_t addr[6]; uint8_t kdversion; uint8_t groupcipher; uint8_t cipher; uint8_t akm; #define WPA1 1 #define WPA2 2 #define WPA2kv3 4 uint8_t algorithm; uint8_t essidlen; uint8_t essid[ESSID_LEN_MAX]; uint8_t manufacturerlen; uint8_t manufacturer[DEVICE_INFO_MAX]; uint8_t modellen; uint8_t model[DEVICE_INFO_MAX]; uint8_t serialnumberlen; uint8_t serialnumber[DEVICE_INFO_MAX]; uint8_t devicenamelen; uint8_t devicename[DEVICE_INFO_MAX]; uint8_t enrolleelen; uint8_t enrollee[WPS_ENROLLEE_LEN]; }; typedef struct maclist_s maclist_t; #define MACLIST_SIZE (sizeof(maclist_t)) static int sort_maclist_by_mac(const void *a, const void *b) { const maclist_t *ia = (const maclist_t *)a; const maclist_t *ib = (const maclist_t *)b; int cmp; cmp = memcmp(ia->addr, ib->addr, 6); if(cmp > 0) return 1; else if(cmp < 0) return -1; if(ia->essidlen < ib->essidlen) return 1; else if(ia->essidlen > ib->essidlen) return -1; cmp = memcmp(ia->essid, ib->essid, ib->essidlen); if(cmp < 0) return 1; else if(cmp > 0) return -1; return 0; } static int sort_maclist_by_mac_count(const void *a, const void *b) { const maclist_t *ia = (const maclist_t *)a; const maclist_t *ib = (const maclist_t *)b; int cmp; cmp = memcmp(ia->addr, ib->addr, 6); if(cmp > 0) return 1; else if(cmp < 0) return -1; if(ia->count < ib->count) return 1; else if(ia->count > ib->count) return -1; if(ia->essidlen < ib->essidlen) return 1; else if(ia->essidlen > ib->essidlen) return -1; cmp = memcmp(ia->essid, ib->essid, ib->essidlen); if(cmp < 0) return 1; else if(cmp > 0) return -1; return 0; } static int sort_maclist_by_essidlen(const void *a, const void *b) { const maclist_t *ia = (const maclist_t *)a; const maclist_t *ib = (const maclist_t *)b; int cmp; cmp = memcmp(ia->essid, ib->essid, ib->essidlen); if(cmp > 0) return 1; else if(cmp < 0) return -1; if(ia->essidlen > ib->essidlen) return 1; else if(ia->essidlen < ib->essidlen) return -1; return 0; } static int sort_maclist_by_manufacturer(const void *a, const void *b) { const maclist_t *ia = (const maclist_t *)a; const maclist_t *ib = (const maclist_t *)b; int cmp; cmp = memcmp(ia->manufacturer, ib->manufacturer, ib->manufacturerlen); if(cmp > 0) return 1; else if(cmp < 0) return -1; if(ia->manufacturerlen > ib->manufacturerlen) return 1; else if(ia->manufacturerlen < ib->manufacturerlen) return -1; cmp = memcmp(ia->addr, ib->addr, 6); if(cmp > 0) return 1; else if(cmp < 0) return -1; return 0; } /*===========================================================================*/ struct messagelist_s { uint64_t timestamp; long int eapolmsgcount; uint8_t status; #define ST_M12E2 0x00 #define ST_M14E4 0x01 #define ST_M32E2 0x02 #define ST_M32E3 0x03 #define ST_M34E3 0x04 #define ST_M34E4 0x05 #define ST_APLESS 0x10 #define ST_LE 0x20 #define ST_BE 0x40 #define ST_ENDIANESS 0x60 #define ST_NC 0x80 uint8_t ap[6]; uint8_t client[6]; uint8_t message; #define HS_M1 1 #define HS_M2 2 #define HS_M3 4 #define HS_M4 8 #define HS_PMKID 16 uint64_t rc; uint8_t nonce[32]; uint8_t pmkid[16]; uint16_t eapauthlen; uint8_t eapol[EAPOL_AUTHLEN_MAX]; }; typedef struct messagelist_s messagelist_t; #define MESSAGELIST_SIZE (sizeof(messagelist_t)) static int sort_messagelist_by_timestamp(const void *a, const void *b) { const messagelist_t *ia = (const messagelist_t *)a; const messagelist_t *ib = (const messagelist_t *)b; if(ia->timestamp < ib->timestamp) return 1; else if(ia->timestamp > ib->timestamp) return -1; return 0; } /*===========================================================================*/ struct handshakelist_s { uint64_t timestampgap; uint64_t timestamp; uint8_t status; uint8_t messageap; uint8_t messageclient; uint64_t rcgap; uint8_t nc; uint8_t ap[6]; uint8_t client[6]; uint8_t anonce[32]; uint8_t pmkid[16]; uint16_t eapauthlen; uint8_t eapol[256]; }; typedef struct handshakelist_s handshakelist_t; #define HANDSHAKELIST_SIZE (sizeof(handshakelist_t)) static int sort_handshakelist_by_timegap(const void *a, const void *b) { const handshakelist_t *ia = (const handshakelist_t *)a; const handshakelist_t *ib = (const handshakelist_t *)b; int cmp; cmp = memcmp(ia->ap, ib->ap, 6); if(cmp > 0) return 1; else if(cmp < 0) return -1; cmp = memcmp(ia->client, ib->client, 6); if(cmp > 0) return 1; else if(cmp < 0) return -1; if(ia->timestampgap > ib->timestampgap) return 1; else if(ia->timestampgap < ib->timestampgap) return -1; if(ia->rcgap > ib->rcgap) return 1; else if(ia->rcgap < ib->rcgap) return -1; if(ia->rcgap > ib->rcgap) return 1; else if(ia->rcgap < ib->rcgap) return -1; return 0; } static int sort_handshakelist_by_rcgap(const void *a, const void *b) { const handshakelist_t *ia = (const handshakelist_t *)a; const handshakelist_t *ib = (const handshakelist_t *)b; int cmp; cmp = memcmp(ia->ap, ib->ap, 6); if(cmp > 0) return 1; else if(cmp < 0) return -1; cmp = memcmp(ia->client, ib->client, 6); if(cmp > 0) return 1; else if(cmp < 0) return -1; if(ia->rcgap > ib->rcgap) return 1; else if(ia->rcgap < ib->rcgap) return -1; if(ia->timestampgap > ib->timestampgap) return 1; else if(ia->timestampgap < ib->timestampgap) return -1; if(ia->rcgap > ib->rcgap) return 1; else if(ia->rcgap < ib->rcgap) return -1; return 0; } /*===========================================================================*/ struct pmkidlist_s { uint64_t timestamp; uint8_t status; #define PMKID_AP 0x01 #define PMKID_APPSK256 0x02 #define PMKID_CLIENT 0x10 uint8_t ap[6]; uint8_t client[6]; uint8_t anonce[32]; uint8_t pmkid[16]; }; typedef struct pmkidlist_s pmkidlist_t; #define PMKIDLIST_SIZE (sizeof(pmkidlist_t)) static int sort_pmkidlist_by_mac(const void *a, const void *b) { const pmkidlist_t *ia = (const pmkidlist_t *)a; const pmkidlist_t *ib = (const pmkidlist_t *)b; int cmp; cmp = memcmp(ia->ap, ib->ap, 6); if(cmp > 0) return 1; else if(cmp < 0) return -1; cmp = memcmp(ia->client, ib->client, 6); if(cmp > 0) return 1; else if(cmp < 0) return -1; cmp = memcmp(ia->pmkid, ib->pmkid, 6); if(cmp < 0) return 1; else if(cmp > 0) return -1; return 0; } /*===========================================================================*/ struct eapmd5msglist_s { uint64_t timestamp; uint8_t ap[6]; uint8_t client[6]; uint8_t type; uint8_t id; uint8_t md5[EAPMD5_LEN_MAX]; }; typedef struct eapmd5msglist_s eapmd5msglist_t; #define EAPMD5MSGLIST_SIZE (sizeof(eapmd5msglist_t)) static int sort_eapmd5msglist_by_timestamp(const void *a, const void *b) { const eapmd5msglist_t *ia = (const eapmd5msglist_t *)a; const eapmd5msglist_t *ib = (const eapmd5msglist_t *)b; if(ia->timestamp < ib->timestamp) return 1; else if(ia->timestamp > ib->timestamp) return -1; return 0; } /*===========================================================================*/ struct eapmd5hashlist_s { uint8_t id; uint8_t md5request[EAPMD5_LEN_MAX]; uint8_t md5response[EAPMD5_LEN_MAX]; }; typedef struct eapmd5hashlist_s eapmd5hashlist_t; #define EAPMD5HASHLIST_SIZE (sizeof(eapmd5hashlist_t)) static int sort_eapmd5hashlist_by_id(const void *a, const void *b) { const eapmd5hashlist_t *ia = (const eapmd5hashlist_t *)a; const eapmd5hashlist_t *ib = (const eapmd5hashlist_t *)b; int cmp; if(ia->id < ib->id) return 1; else if(ia->id > ib->id) return -1; cmp = memcmp(ia->md5request, ib->md5request, EAPMD5_LEN_MAX); if(cmp > 0) return 1; else if(cmp < 0) return -1; cmp = memcmp(ia->md5response, ib->md5response, EAPMD5_LEN_MAX); if(cmp > 0) return 1; else if(cmp < 0) return -1; return 0; } /*===========================================================================*/ struct eapleapmsglist_s { uint64_t timestamp; uint8_t ap[6]; uint8_t client[6]; uint8_t type; uint8_t id; uint8_t leaprequest[LEAPREQ_LEN_MAX]; uint8_t leapresponse[LEAPRESP_LEN_MAX]; uint8_t leapusernamelen; uint8_t leapusername[LEAPUSERNAME_LEN_MAX]; }; typedef struct eapleapmsglist_s eapleapmsglist_t; #define EAPLEAPMSGLIST_SIZE (sizeof(eapleapmsglist_t)) static int sort_eapleapmsglist_by_timestamp(const void *a, const void *b) { const eapleapmsglist_t *ia = (const eapleapmsglist_t *)a; const eapleapmsglist_t *ib = (const eapleapmsglist_t *)b; if(ia->timestamp < ib->timestamp) return 1; else if(ia->timestamp > ib->timestamp) return -1; return 0; } /*===========================================================================*/ struct eapleaphashlist_s { uint8_t id; uint8_t leaprequest[LEAPREQ_LEN_MAX]; uint8_t leapresponse[LEAPRESP_LEN_MAX]; uint8_t leapusernamelen; uint8_t leapusername[LEAPUSERNAME_LEN_MAX]; }; typedef struct eapleaphashlist_s eapleaphashlist_t; #define EAPLEAPHASHLIST_SIZE (sizeof(eapleaphashlist_t)) static int sort_eapleaphashlist_by_id(const void *a, const void *b) { const eapleaphashlist_t *ia = (const eapleaphashlist_t *)a; const eapleaphashlist_t *ib = (const eapleaphashlist_t *)b; int cmp; if(ia->id < ib->id) return 1; else if(ia->id > ib->id) return -1; if(ia->leapusernamelen > ib->leapusernamelen) return 1; if(ia->leapusernamelen < ib->leapusernamelen) return -1; cmp = memcmp(ia->leaprequest, ib->leaprequest, LEAPREQ_LEN_MAX); if(cmp > 0) return 1; else if(cmp < 0) return -1; cmp = memcmp(ia->leapresponse, ib->leapresponse, LEAPRESP_LEN_MAX); if(cmp > 0) return 1; else if(cmp < 0) return -1; cmp = memcmp(ia->leapusername, ib->leapusername, ia->leapusernamelen); if(cmp > 0) return 1; else if(cmp < 0) return -1; return 0; } /*===========================================================================*/ struct eapmschapv2msglist_s { uint64_t timestamp; uint8_t ap[6]; uint8_t client[6]; uint8_t type; uint8_t id; uint8_t mschapv2request[MSCHAPV2REQ_LEN_MAX]; uint8_t mschapv2response[MSCHAPV2RESP_LEN_MAX]; uint8_t mschapv2usernamelen; uint8_t mschapv2username[MSCHAPV2USERNAME_LEN_MAX]; }; typedef struct eapmschapv2msglist_s eapmschapv2msglist_t; #define EAPMSCHAPV2MSGLIST_SIZE (sizeof(eapmschapv2msglist_t)) static int sort_eapmschapv2msglist_by_timestamp(const void *a, const void *b) { const eapmschapv2msglist_t *ia = (const eapmschapv2msglist_t *)a; const eapmschapv2msglist_t *ib = (const eapmschapv2msglist_t *)b; if(ia->timestamp < ib->timestamp) return 1; else if(ia->timestamp > ib->timestamp) return -1; return 0; } /*===========================================================================*/ struct eapmschapv2hashlist_s { uint8_t id; uint8_t mschapv2request[MSCHAPV2REQ_LEN_MAX]; uint8_t mschapv2response[MSCHAPV2RESP_LEN_MAX]; uint8_t mschapv2usernamelen; uint8_t mschapv2username[MSCHAPV2USERNAME_LEN_MAX]; }; typedef struct eapmschapv2hashlist_s eapmschapv2hashlist_t; #define EAPMSCHAPV2HASHLIST_SIZE (sizeof(eapmschapv2hashlist_t)) static int sort_eapmschapv2hashlist_by_id(const void *a, const void *b) { const eapmschapv2hashlist_t *ia = (const eapmschapv2hashlist_t *)a; const eapmschapv2hashlist_t *ib = (const eapmschapv2hashlist_t *)b; int cmp; if(ia->id < ib->id) return 1; else if(ia->id > ib->id) return -1; if(ia->mschapv2usernamelen > ib->mschapv2usernamelen) return 1; if(ia->mschapv2usernamelen < ib->mschapv2usernamelen) return -1; cmp = memcmp(ia->mschapv2request, ib->mschapv2request, MSCHAPV2REQ_LEN_MAX); if(cmp > 0) return 1; else if(cmp < 0) return -1; cmp = memcmp(ia->mschapv2response, ib->mschapv2response, MSCHAPV2RESP_LEN_MAX); if(cmp > 0) return 1; else if(cmp < 0) return -1; cmp = memcmp(ia->mschapv2username, ib->mschapv2username, ia->mschapv2usernamelen); if(cmp > 0) return 1; else if(cmp < 0) return -1; return 0; } /*===========================================================================*/ #define TACACSPMAX_LEN 0xff struct tacacsplist_s { uint8_t version; uint8_t sequencenr; uint32_t sessionid; uint32_t len; uint8_t data[TACACSPMAX_LEN]; } __attribute__((__packed__)); typedef struct tacacsplist_s tacacsplist_t; #define TACACSPLIST_SIZE (sizeof(tacacsplist_t)) /*===========================================================================*/ hcxtools-6.3.5/include/hcxpmktool.h000066400000000000000000000011601471436210700173570ustar00rootroot00000000000000#define HCX_HASHLINE 'l' #define HCX_PSK 'p' #define HCX_HELP 'h' #define HCX_VERSION 'v' #define HAS_PMKID_LINE 0x0001 #define HAS_EAPOL_LINE 0x0002 #define HAS_ESSID 0x0004 #define HAS_MACAP 0x0008 #define HAS_MACCLIENT 0x0010 #define HAS_PSK 0x0020 #define HAS_PMK 0x0040 #define HAS_PMK_CALC 0x0080 #define HAS_PMKID 0x0100 #define HAS_PMKID_CALC 0x0200 #define HAS_MIC 0x0400 #define HAS_MIC_CALC 0x0800 #define HAS_PTK_CALC 0x1000 #define EAPOL_AUTHLEN_MAX 256 #define EXIT_SUCCESS_CONFIRMED 0 #define EXIT_SUCCESS_UNCONFIRMED 2 /*===========================================================================*/ hcxtools-6.3.5/include/hcxpsktool.h000066400000000000000000000041411471436210700173670ustar00rootroot00000000000000#define ESSID_LEN_MAX 32 #define PMKID_LINE_LEN 255 #define PMKIDEAPOL_LINE_LEN 1024 #define JOHN_LINE_LEN 1024 #define PSKSTRING_LEN_MAX 64 #define HCXD_ALTICEOPTIMUM 1 #define HCXD_ASUS 2 #define HCXD_DIGIT10 3 #define HCXD_EE 4 #define HCXD_EEUPPER 5 #define HCXD_EGN 6 #define HCXD_EUDATE 7 #define HCXD_MACONLY 8 #define HCXD_NETGEAR 9 #define HCXD_NOESSIDCOMBINATION 10 #define HCXD_PHOME 11 #define HCXD_SIMPLE 12 #define HCXD_SPECTRUM 13 #define HCXD_TENDA 14 #define HCXD_USDATE 15 #define HCXD_WEAKPASS 16 #define HCXD_WPSKEYS 17 #define HCXD_HELP 'h' #define HCXD_VERSION 'v' #ifdef __BYTE_ORDER__ #if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ #define BIG_ENDIAN_HOST #endif #else #ifdef __OpenBSD__ # include # if BYTE_ORDER == BIG_ENDIAN # define BIG_ENDIAN_HOST # endif #endif #endif /*===========================================================================*/ struct apessidlist_s { uint8_t status; unsigned long long int macaddr; uint8_t essidlen; uint8_t essid[ESSID_LEN_MAX]; } __attribute__((__packed__)); typedef struct apessidlist_s apessidl_t; #define APESSIDLIST_SIZE (sizeof(apessidl_t)) /*===========================================================================*/ static int sort_apessidlist_by_ap(const void *a, const void *b) { const apessidl_t *ia = (const apessidl_t *)a; const apessidl_t *ib = (const apessidl_t *)b; int cmp; if(ia->macaddr > ib->macaddr) return 1; if(ia->macaddr < ib->macaddr) return -1; cmp = memcmp(ia->essid, ib->essid, ESSID_LEN_MAX); if(cmp > 0) return 1; else if(cmp < 0) return -1; return 0; } /*===========================================================================*/ static int sort_apessidlist_by_essid(const void *a, const void *b) { const apessidl_t *ia = (const apessidl_t *)a; const apessidl_t *ib = (const apessidl_t *)b; int cmp; cmp = memcmp(ia->essid, ib->essid, ESSID_LEN_MAX); if(cmp > 0) return 1; else if(cmp < 0) return -1; if(ia->macaddr > ib->macaddr) return 1; if(ia->macaddr < ib->macaddr) return -1; return 0; } /*===========================================================================*/ hcxtools-6.3.5/include/hcxwltool.h000066400000000000000000000004741471436210700172210ustar00rootroot00000000000000#define HCX_INPUT_WORDLIST 'i' #define HCX_OUTPUT_WORDLIST 'o' #define HCX_SWEEP_LEN '1' #define HCX_DIGIT '2' #define HCX_XDIGIT '3' #define HCX_LOWER '4' #define HCX_UPPER '5' #define HCX_CAPITAL '6' #define HCX_STRAIGHT '7' #define HCX_HELP 'h' #define HCX_VERSION 'v' #define LINEIN_MAX 128 hcxtools-6.3.5/include/ieee80211.c000066400000000000000000000007661471436210700165000ustar00rootroot00000000000000#include "ieee80211.h" /*===========================================================================*/ int getkeyinfo(uint16_t ki) { if(ki & WPA_KEY_INFO_ACK) { if(ki & WPA_KEY_INFO_INSTALL) { /* handshake 3 */ return 3; } else { /* handshake 1 */ return 1; } } else { if(ki & WPA_KEY_INFO_SECURE) { /* handshake 4 */ return 4; } else { /* handshake 2 */ return 2; } } return 0; } /*===========================================================================*/ hcxtools-6.3.5/include/ieee80211.h000066400000000000000000000734331471436210700165060ustar00rootroot00000000000000#define MYREPLAYCOUNT 63232 #define MAC_SIZE_ACK (10) #define MAC_SIZE_RTS (16) #define MAC_SIZE_NORM (24) #define MAC_SIZE_QOS (26) #define MAC_SIZE_LONG (30) #define MAC_SIZE_QOS_LONG (32) #define FCS_LEN 4 /* types */ #define IEEE80211_FTYPE_MGMT 0x0 #define IEEE80211_FTYPE_CTL 0x1 #define IEEE80211_FTYPE_DATA 0x2 #define IEEE80211_FTYPE_RCVD 0x3 /* management */ #define IEEE80211_STYPE_ASSOC_REQ 0x0 #define IEEE80211_STYPE_ASSOC_RESP 0x1 #define IEEE80211_STYPE_REASSOC_REQ 0x2 #define IEEE80211_STYPE_REASSOC_RESP 0x3 #define IEEE80211_STYPE_PROBE_REQ 0x4 #define IEEE80211_STYPE_PROBE_RESP 0x5 #define IEEE80211_STYPE_BEACON 0x8 #define IEEE80211_STYPE_ATIM 0x9 #define IEEE80211_STYPE_DISASSOC 0xa #define IEEE80211_STYPE_AUTH 0xb #define IEEE80211_STYPE_DEAUTH 0xc #define IEEE80211_STYPE_ACTION 0xd #define IEEE80211_STYPE_NO_ACTION 0xe #define IEEE80211_STYPE_MGTRESERVED 0xf /* control */ #define IEEE80211_STYPE_CTL_EXT 0x6 #define IEEE80211_STYPE_BACK_REQ 0x8 #define IEEE80211_STYPE_BACK 0x9 #define IEEE80211_STYPE_PSPOLL 0xa #define IEEE80211_STYPE_RTS 0xb #define IEEE80211_STYPE_CTS 0xc #define IEEE80211_STYPE_ACK 0xd #define IEEE80211_STYPE_CFEND 0xe #define IEEE80211_STYPE_CFENDACK 0xf /* data */ #define IEEE80211_STYPE_DATA 0x0 #define IEEE80211_STYPE_DATA_CFACK 0x1 #define IEEE80211_STYPE_DATA_CFPOLL 0x2 #define IEEE80211_STYPE_DATA_CFACKPOLL 0x3 #define IEEE80211_STYPE_NULLFUNC 0x4 #define IEEE80211_STYPE_CFACK 0x5 #define IEEE80211_STYPE_CFPOLL 0x6 #define IEEE80211_STYPE_CFACKPOLL 0x7 #define IEEE80211_STYPE_QOS_DATA 0x8 #define IEEE80211_STYPE_QOS_DATA_CFACK 0x9 #define IEEE80211_STYPE_QOS_DATA_CFPOLL 0xa #define IEEE80211_STYPE_QOS_DATA_CFACKPOLL 0xb #define IEEE80211_STYPE_QOS_NULLFUNC 0xc #define IEEE80211_STYPE_QOS_CFACK 0xd #define IEEE80211_STYPE_QOS_CFPOLL 0xe #define IEEE80211_STYPE_QOS_CFACKPOLL 0xf /* Reason codes (IEEE 802.11-2007, 7.3.1.7, Table 7-22) */ #define WLAN_REASON_UNSPECIFIED 1 #define WLAN_REASON_PREV_AUTH_NOT_VALID 2 #define WLAN_REASON_DEAUTH_LEAVING 3 #define WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY 4 #define WLAN_REASON_DISASSOC_AP_BUSY 5 #define WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA 6 #define WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA 7 #define WLAN_REASON_DISASSOC_STA_HAS_LEFT 8 #define WLAN_REASON_STA_REQ_ASSOC_WITHOUT_AUTH 9 /* IEEE 802.11h */ #define WLAN_REASON_PWR_CAPABILITY_NOT_VALID 10 #define WLAN_REASON_SUPPORTED_CHANNEL_NOT_VALID 11 /* IEEE 802.11i */ #define WLAN_REASON_INVALID_IE 13 #define WLAN_REASON_MICHAEL_MIC_FAILURE 14 #define WLAN_REASON_4WAY_HANDSHAKE_TIMEOUT 15 #define WLAN_REASON_GROUP_KEY_UPDATE_TIMEOUT 16 #define WLAN_REASON_IE_IN_4WAY_DIFFERS 17 #define WLAN_REASON_GROUP_CIPHER_NOT_VALID 18 #define WLAN_REASON_PAIRWISE_CIPHER_NOT_VALID 19 #define WLAN_REASON_AKMP_NOT_VALID 20 #define WLAN_REASON_UNSUPPORTED_RSN_IE_VERSION 21 #define WLAN_REASON_INVALID_RSN_IE_CAPAB 22 #define WLAN_REASON_IEEE_802_1X_AUTH_FAILED 23 #define WLAN_REASON_CIPHER_SUITE_REJECTED 24 #define IEEE80211_SEQ_SEQ_MASK 0xfff0 #define IEEE80211_SEQ_SEQ_SHIFT 4 #define WBIT(n) (1 << (n)) #define WPA_KEY_INFO_TYPE_MASK (WBIT(0) | WBIT(1) | WBIT(2)) #define WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 WBIT(0) #define WPA_KEY_INFO_TYPE_HMAC_SHA1_AES WBIT(1) #define WPA_KEY_INFO_KEY_TYPE WBIT(3) /* 1 = Pairwise, 0 = Group key */ #define WPA_KEY_INFO_KEY_INDEX_MASK (WBIT(4) | WBIT(5)) #define WPA_KEY_INFO_KEY_INDEX_SHIFT 4 #define WPA_KEY_INFO_INSTALL WBIT(6) /* pairwise */ #define WPA_KEY_INFO_TXRX WBIT(6) /* group */ #define WPA_KEY_INFO_ACK WBIT(7) #define WPA_KEY_INFO_MIC WBIT(8) #define WPA_KEY_INFO_SECURE WBIT(9) #define WPA_KEY_INFO_ERROR WBIT(10) #define WPA_KEY_INFO_REQUEST WBIT(11) #define WPA_KEY_INFO_ENCR_KEY_DATA WBIT(12) /* IEEE 802.11i/RSN only */ /*===========================================================================*/ #define IEEE80211_RADIOTAP_TSFT 0x00000001 #define IEEE80211_RADIOTAP_FLAGS 0x00000002 #define IEEE80211_RADIOTAP_RATE 0x00000004 #define IEEE80211_RADIOTAP_CHANNEL 0x00000008 #define IEEE80211_RADIOTAP_FHSS 0x00000010 #define IEEE80211_RADIOTAP_DBM_ANTSIGNAL 0x00000020 #define IEEE80211_RADIOTAP_DBM_ANTNOISE 0x00000040 #define IEEE80211_RADIOTAP_LOCK_QUALITY 0x00000080 #define IEEE80211_RADIOTAP_TX_ATTENUATION 0x00000100 #define IEEE80211_RADIOTAP_DB_TX_ATTENUATION 0x00000200 #define IEEE80211_RADIOTAP_DBM_TX_POWER 0x00000400 #define IEEE80211_RADIOTAP_ANTENNA 0x00000800 #define IEEE80211_RADIOTAP_DB_ANTSIGNAL 0x00001000 #define IEEE80211_RADIOTAP_DB_ANTNOISE 0x00002000 #define IEEE80211_RADIOTAP_RX_FLAGS 0x00004000 #define IEEE80211_RADIOTAP_TX_FLAGS 0x00008000 #define IEEE80211_RADIOTAP_RTS_RETRIES 0x00010000 #define IEEE80211_RADIOTAP_DATA_RETRIES 0x00020000 /* 18 is XChannel, not defined */ #define IEEE80211_RADIOTAP_MCS 0x00080000 #define IEEE80211_RADIOTAP_AMPDU_STATUS 0x00100000 #define IEEE80211_RADIOTAP_VHT 0x00200000 #define IEEE80211_RADIOTAP_TIMESTAMP 0x00400000 /* valid in every it_present bitmap, even vendor namespaces */ #define IEEE80211_RADIOTAP_RADIOTAP_NAMESPACE 0x20000000 #define IEEE80211_RADIOTAP_VENDOR_NAMESPACE 0x40000000 #define IEEE80211_RADIOTAP_EXT 0x80000000 #define IEEE80211_RADIOTAP_F_CFP 0x00000001 #define IEEE80211_RADIOTAP_F_SHORTPRE 0x00000002 #define IEEE80211_RADIOTAP_F_WEP 0x00000004 #define IEEE80211_RADIOTAP_F_FRAG 0x00000008 #define IEEE80211_RADIOTAP_F_FCS 0x00000010 #define IEEE80211_RADIOTAP_F_DATAPAD 0x00000020 #define IEEE80211_RADIOTAP_F_BADFCS 0x00000040 struct radiotap_header { uint8_t it_version; uint8_t it_pad; uint16_t it_len; uint32_t it_present; } __attribute__((__packed__)); typedef struct radiotap_header rth_t; #define RTH_SIZE (sizeof(rth_t)) /*===========================================================================*/ struct ethernet2_header { uint8_t addr1[6]; uint8_t addr2[6]; uint16_t ether_type; } __attribute__((packed)); typedef struct ethernet2_header eth2_t; #define ETH2_SIZE (sizeof(eth2_t)) /*===========================================================================*/ struct loopback_header { #define LOBA_IPV4 2 #define LOBA_IPX 23 #define LOBA_IPV624 24 #define LOBA_IPV628 28 #define LOBA_IPV630 30 uint32_t family; } __attribute__((packed)); typedef struct loopback_header loba_t; #define LOBA_SIZE (sizeof(loba_t)) /*===========================================================================*/ #define WLAN_DEVNAMELEN_MAX 16 struct prism_item { uint32_t did; uint16_t status; uint16_t len; uint32_t data; } __attribute__((packed)); struct prism_header { uint32_t msgcode; uint32_t msglen; char devname[WLAN_DEVNAMELEN_MAX]; struct prism_item hosttime; struct prism_item mactime; struct prism_item channel; struct prism_item rssi; struct prism_item sq; struct prism_item signal; struct prism_item noise; struct prism_item rate; struct prism_item istx; struct prism_item frmlen; } __attribute__((packed)); typedef struct prism_item prism_item_t; typedef struct prism_header prism_t; #define PRISM_SIZE (sizeof(prism_t)) /*===========================================================================*/ struct avs_header { uint32_t version; uint32_t len; uint64_t mactime; uint64_t hosttime; uint32_t phytype; uint32_t channel; uint32_t datarate; uint32_t antenna; uint32_t priority; uint32_t ssi_type; int32_t ssi_signal; int32_t ssi_noise; uint32_t preamble; uint32_t encoding; } __attribute__((packed)); typedef struct avs_header avs_t; #define AVS_SIZE (sizeof(avs_t)) /*===========================================================================*/ struct ppi_header { uint8_t pph_version; uint8_t pph_flags; uint16_t pph_len; uint32_t pph_dlt; } __attribute__((packed)); typedef struct ppi_header ppi_t; #define PPI_SIZE (sizeof(ppi_t)) /*===========================================================================*/ struct msnetmon_header { uint8_t version_minor; uint8_t version_major; uint16_t network; uint16_t ts_year; uint16_t ts_month; uint16_t ts_weekday; uint16_t ts_day; uint16_t ts_hour; uint16_t ts_min; uint16_t ts_sec; uint16_t ts_msec; uint32_t frametableoffset; uint32_t frametablelength; uint32_t userdataoffset; uint32_t userdatalength; uint32_t commentdataoffset; uint32_t commentdatalength; uint32_t statisticsoffset; uint32_t statisticslength; uint32_t networkinfooffset; uint32_t networkinfolength; } __attribute__((packed)); typedef struct msnetmon_header msntm_t; #define MSNETMON_SIZE (sizeof(msntm_t)) /*===========================================================================*/ struct fcs_frame { uint32_t fcs; }; typedef struct fcs_frame fcs_t; #define FCS_SIZE (sizeof(fcs_t)) /*===========================================================================*/ struct qos_frame { uint8_t control; uint8_t flags; } __attribute__((__packed__)); typedef struct qos_frame qos_t; #define QOS_SIZE (sizeof(qos_t)) /*===========================================================================*/ /* * DS bit usage * * TA = transmitter address * RA = receiver address * DA = destination address * SA = source address * * ToDS FromDS A1(RA) A2(TA) A3 A4 Use * ----------------------------------------------------------------- * 0 0 DA SA BSSID - IBSS/DLS * 0 1 DA BSSID SA - AP -> STA * 1 0 BSSID SA DA - AP <- STA * 1 1 RA TA DA SA unspecified (WDS) */ struct mac_frame { #if __BYTE_ORDER == __LITTLE_ENDIAN unsigned version : 2; unsigned type : 2; unsigned subtype : 4; unsigned to_ds : 1; unsigned from_ds : 1; unsigned more_frag : 1; unsigned retry : 1; unsigned power : 1; unsigned more_data : 1; unsigned prot : 1; unsigned ordered : 1; #elif __BYTE_ORDER == __BIG_ENDIAN unsigned subtype : 4; unsigned type : 2; unsigned version : 2; unsigned ordered : 1; unsigned prot : 1; unsigned more_data : 1; unsigned power : 1; unsigned retry : 1; unsigned more_frag : 1; unsigned from_ds : 1; unsigned to_ds : 1; #endif uint16_t duration; uint8_t addr1[6]; uint8_t addr2[6]; uint8_t addr3[6]; uint16_t sequence; uint8_t addr4[6]; qos_t qos; } __attribute__((__packed__)); typedef struct mac_frame mac_t; /*===========================================================================*/ struct capabilities_ap_frame { uint64_t timestamp; uint16_t beaconintervall; uint16_t capabilities; } __attribute__((__packed__)); typedef struct capabilities_ap_frame capap_t; #define CAPABILITIESAP_SIZE sizeof(capap_t) /*===========================================================================*/ struct capabilities_sta_frame { uint16_t capabilities; uint16_t listeninterval; } __attribute__((__packed__)); typedef struct capabilities_sta_frame capsta_t; #define CAPABILITIESSTA_SIZE sizeof(capsta_t) /*===========================================================================*/ struct capabilitiesreq_sta_frame { uint16_t capabilities; uint16_t listeninterval; uint8_t addr[6]; } __attribute__((__packed__)); typedef struct capabilitiesreq_sta_frame capreqsta_t; #define CAPABILITIESREQSTA_SIZE sizeof(capreqsta_t) /*===========================================================================*/ struct ie_tag { uint8_t id; #define TAG_SSID 0x00 #define TAG_RATE 0x01 #define TAG_CHAN 0x03 #define TAG_COUNTRY 0x07 #define TAG_RSN 0x30 #define TAG_MD 0x36 #define TAG_FBSST 0x37 #define TAG_PAG 0xde #define TAG_VENDOR 0xdd #define TAG_EXT 0xff #define TAG_SSID_OK 0x01 #define TAG_CHAN_OK 0x02 #define TAG_COUNTRY_OK 0x04 uint8_t len; uint8_t data[1]; } __attribute__((__packed__)); typedef struct ie_tag ietag_t; #define IETAG_SIZE offsetof(ietag_t, data) /*===========================================================================*/ struct vendorie_tag { uint8_t oui[3]; uint8_t ouitype; #define VT_WPA_IE 0x01 #define VT_RSN_IE 0x02 #define VT_WMM_IE 0x02 #define VT_WPS_IE 0x04 #define VT_AWDL_IE 0x08 #define VT_NAN_IE 0x13 uint8_t data[1]; } __attribute__ ((packed)); typedef struct vendorie_tag vendorie_t; #define VENDORIE_SIZE offsetof(vendorie_t, data) static const uint8_t ouimscorp[3] = { 0x00, 0x50, 0xf2 }; static const uint8_t ouiapple[3] = { 0x00, 0x17, 0xf2 }; static const uint8_t ouiwifialliance[3] = { 0x50, 0x6f, 0x9a }; /*===========================================================================*/ struct owe_tag { uint8_t number; uint16_t group; uint8_t data[1]; } __attribute__((__packed__)); typedef struct owe_tag owe_t; #define OWE_SIZE offsetof(owe_t, data) /*===========================================================================*/ struct rsnie_tag { uint16_t version; uint8_t data[1]; } __attribute__((__packed__)); typedef struct rsnie_tag rsnie_t; #define RSNIE_SIZE offsetof(rsnie_t, data) #define RSNIE_LEN_MIN 18 /*===========================================================================*/ struct wpaie_tag { uint8_t oui[3]; uint8_t ouitype; uint16_t type; uint8_t data[1]; } __attribute__ ((packed)); typedef struct wpaie_tag wpaie_t; #define WPAIE_SIZE offsetof(wpaie_t, data) #define WPAIE_LEN_MIN 22 #define OUI_SIZE 3 /*===========================================================================*/ struct wpsvendor_tag { uint8_t oui[3]; uint8_t type; } __attribute__ ((packed)); typedef struct wpsvendor_tag wpsvendor_t; #define WPSVENDOR_SIZE sizeof(wpsvendor_t) /*===========================================================================*/ struct wpsie_tag { uint16_t type; #define WPS_CONFIGMETHODS 0x1008 #define WPS_DEVICENAME 0x1011 #define WPS_MANUFACTURER 0x1021 #define WPS_MODELNAME 0x1023 #define WPS_SERIALNUMBER 0x1042 #define WPS_STATE 0x1044 #define WPS_UUIDE 0x1047 #define WPS_VERSION 0x104a uint16_t len; uint8_t data[1]; } __attribute__ ((packed)); typedef struct wpsie_tag wpsie_t; #define WPSIE_SIZE offsetof(wpsie_t, data) /*===========================================================================*/ struct suitecount_s { uint16_t count; uint8_t data[1]; } __attribute__ ((packed)); typedef struct suitecount_s suitecount_t; #define SUITECOUNT_SIZE offsetof(suitecount_t, data) /*===========================================================================*/ struct suite_s { uint8_t oui[3]; uint8_t type; #define CS_WEP40 1 #define CS_TKIP 2 #define CS_WRAP 3 #define CS_CCMP 4 #define CS_WEP104 5 #define CS_BIP 6 #define CS_NOT_ALLOWED 7 #define CS_GCMP 9 #define AK_PMKSA 1 #define AK_PSK 2 #define AK_FT 3 #define AK_FT_PSK 4 #define AK_PMKSA256 5 #define AK_PSKSHA256 6 #define AK_TDLS 7 #define AK_SAE_SHA256 8 #define AK_FT_SAE 9 #define AK_AP_PKA 10 #define AK_SAE_SHA256B 11 #define AK_SAE_SHA384B 12 #define AK_OWE 18 } __attribute__ ((packed)); typedef struct suite_s suite_t; #define SUITE_SIZE sizeof(suite_t) static const uint8_t suiteoui[3] = { 0x00, 0x0f, 0xac }; /*===========================================================================*/ struct rsncapabilites_s { uint16_t rsncapa; }; typedef struct rsncapabilites_s rsncapabilites_t; #define RSNCAPABILITIES_SIZE sizeof(rsncapabilites_t) /*===========================================================================*/ struct llc_frame { uint8_t dsap; uint8_t ssap; uint8_t control; uint8_t org[3]; uint16_t type; #define LLC_TYPE_AUTH 0x888e #define LLC_TYPE_IPV4 0x0800 #define LLC_TYPE_IPV6 0x86dd #define LLC_TYPE_PREAUT 0x88c7 #define LLC_TYPE_FRRR 0x890d }; typedef struct llc_frame llc_t; #define LLC_SIZE (sizeof(llc_t)) #define LLC_SNAP 0xaa /*===========================================================================*/ struct authentication_frame { uint16_t algorithm; #define OPEN_SYSTEM 0 #define SHARED_KEY 1 #define FBT 2 #define SAE 3 #define FILS 4 #define FILSPFS 5 #define FILSPK 6 #define NETWORKEAP 128 uint16_t sequence; uint16_t statuscode; #define AUTH_OK 0 #define AUTH_FAILURE 1 #define AUTH_UNSUPPORTED 10 #define AUTH_REASSOC_DENIED 11 #define AUTH_UNSECIFIED 12 } __attribute__((__packed__)); typedef struct authentication_frame authf_t; #define AUTHENTICATIONFRAME_SIZE (sizeof(authf_t)) /*===========================================================================*/ struct sae_commit_authentication_frame { uint16_t group_id; uint8_t scalar[32]; uint8_t commit_element_x[32]; uint8_t commit_element_y[32]; } __attribute__((__packed__)); typedef struct sae_commit_authentication_frame saecommitauthf_t; #define SAECOMMITAUTHENTICATIONFRAME_SIZE (sizeof(saecommitauthf_t)) /*===========================================================================*/ struct sae_confirm_authentication_frame { uint16_t send_confirm; uint8_t confirm[32]; } __attribute__((__packed__)); typedef struct sae_confirm_authentication_frame saeconfirmauthf_t; #define SAECONFIRMAUTHENTICATIONFRAME_SIZE (sizeof(saeconfirmauthf_t)) /*===========================================================================*/ struct association_resp_frame { uint16_t capabilities; uint16_t authentication_seq; uint16_t statuscode; uint16_t id; } __attribute__((__packed__)); typedef struct association_resp_frame assocrepf_t; #define ASSOCIATIONRESPFRAME_SIZE (sizeof(assocrepf_t)) /*===========================================================================*/ struct action_frame { uint8_t categoriecode; #define CAT_BLOCK_ACK 0x03 #define CAT_RADIO_MEASUREMENT 0x05 #define CAT_VENDOR 0x7f uint8_t actioncode; #define ACT_ADD_BLOCK_ACK_REQ 0x00 #define ACT_ADD_BLOCK_ACK_RESP 0x00 #define ACT_DELETE_BLOCK_REQ 0x02 #define ACT_RADIO_MEASUREMENT_REQ 0x00 }; typedef struct action_frame actf_t; #define ACTIONFRAME_SIZE (sizeof(actf_t)) /*===========================================================================*/ struct actionvendor_frame { uint8_t categoriecode; uint8_t vendor[3]; }; typedef struct actionvendor_frame actvf_t; #define ACTIONVENDORFRAME_SIZE (sizeof(actvf_t)) /*===========================================================================*/ struct actionmeasurement_frame { uint8_t categoriecode; uint8_t actioncode; #define ACT_MM_NRREQ 4 #define ACT_MM_NRRESP 5 uint8_t dialogtoken; }; typedef struct actionmeasurement_frame actmm_t; #define ACTIONMEASUREMENTFRAME_SIZE (sizeof(actmm_t)) /*===========================================================================*/ struct eapauthentication_s { uint8_t version; uint8_t type; #define EAP_PACKET 0 #define EAPOL_START 1 #define EAPOL_LOGOFF 2 #define EAPOL_KEY 3 #define EAPOL_ASF 4 #define EAPOL_MKA 5 uint16_t len; uint8_t data[1]; #define EAP_KDT_RC4 0x01 #define EAP_KDT_RSN 0x02 #define EAP_KDT_WPA 0xfe } __attribute__((__packed__)); typedef struct eapauthentication_s eapauth_t; #define EAPAUTH_SIZE offsetof(eapauth_t, data) /*===========================================================================*/ struct wpakey_s { uint8_t keydescriptor; uint16_t keyinfo; uint16_t keylen; uint64_t replaycount; uint8_t nonce[32]; uint8_t keyiv[16]; uint64_t keyrsc; uint8_t keyid[8]; uint8_t keymic[16]; uint16_t wpadatalen; uint8_t data[1]; } __attribute__((__packed__)); typedef struct wpakey_s wpakey_t; #define WPAKEY_SIZE offsetof(wpakey_t, data) /*===========================================================================*/ struct pmkid_s { uint8_t id; uint8_t len; uint8_t oui[3]; uint8_t type; uint8_t pmkid[16]; } __attribute__((__packed__)); typedef struct pmkid_s pmkid_t; #define PMKID_SIZE (sizeof(pmkid_t)) /*===========================================================================*/ struct rsnpmkidlist_s { uint16_t count; } __attribute__((__packed__)); typedef struct rsnpmkidlist_s rsnpmkidlist_t; #define RSNPMKIDLIST_SIZE (sizeof(rsnpmkidlist_t)) /*===========================================================================*/ struct exteap_frame { uint8_t code; #define EAP_CODE_REQ 1 #define EAP_CODE_RESP 2 #define EAP_CODE_SUCCESS 3 #define EAP_CODE_FAILURE 4 #define EAP_CODE_INITIATE 5 #define EAP_CODE_FINISH 6 uint8_t id; #define EAP_TYPE_ID 1 uint16_t len; uint8_t type; #define EAP_TYPE_EAP 0 #define EAP_TYPE_ID 1 #define EAP_TYPE_NOTIFY 2 #define EAP_TYPE_NAK 3 #define EAP_TYPE_MD5 4 #define EAP_TYPE_OTP 5 #define EAP_TYPE_GTC 6 #define EAP_TYPE_RSA 9 #define EAP_TYPE_DSS 10 #define EAP_TYPE_KEA 11 #define EAP_TYPE_KEA_VALIDATE 12 #define EAP_TYPE_TLS 13 #define EAP_TYPE_AXENT 14 #define EAP_TYPE_RSA_SSID 15 #define EAP_TYPE_RSA_ARCOT 16 #define EAP_TYPE_LEAP 17 #define EAP_TYPE_SIM 18 #define EAP_TYPE_SRP_SHA1 19 #define EAP_TYPE_TTLS 21 #define EAP_TYPE_RAS 22 #define EAP_TYPE_AKA 23 #define EAP_TYPE_3COMEAP 24 #define EAP_TYPE_PEAP 25 #define EAP_TYPE_MSEAP 26 #define EAP_TYPE_MAKE 27 #define EAP_TYPE_CRYPTOCARD 28 #define EAP_TYPE_MSCHAPV2 29 #define EAP_TYPE_DYNAMICID 30 #define EAP_TYPE_ROB 31 #define EAP_TYPE_POTP 32 #define EAP_TYPE_MSTLV 33 #define EAP_TYPE_SENTRI 34 #define EAP_TYPE_AW 35 #define EAP_TYPE_CSBA 36 #define EAP_TYPE_AIRFORT 37 #define EAP_TYPE_HTTPD 38 #define EAP_TYPE_SS 39 #define EAP_TYPE_DC 40 #define EAP_TYPE_SPEKE 41 #define EAP_TYPE_MOBAC 42 #define EAP_TYPE_FAST 43 #define EAP_TYPE_ZLXEAP 44 #define EAP_TYPE_LINK 45 #define EAP_TYPE_PAX 46 #define EAP_TYPE_PSK 47 #define EAP_TYPE_SAKE 48 #define EAP_TYPE_IKEV2 49 #define EAP_TYPE_AKA1 50 #define EAP_TYPE_GPSK 51 #define EAP_TYPE_PWD 52 #define EAP_TYPE_EKE1 53 #define EAP_TYPE_PTEAP 54 #define EAP_TYPE_TEAP 55 #define EAP_TYPE_EXPAND 254 #define EAP_TYPE_EXPERIMENTAL 255 uint8_t data[1]; } __attribute__((__packed__)); typedef struct exteap_frame exteap_t; #define EXTEAP_SIZE offsetof(exteap_t, data) /*===========================================================================*/ struct mpdu_frame { uint8_t pn[3]; uint8_t keyid; uint8_t exitiv[4]; }; typedef struct mpdu_frame mpdu_t; #define MPDU_SIZE (sizeof(mpdu_t)) /*===========================================================================*/ struct eapmd5_frame { uint8_t code; uint8_t id; uint16_t eapmd5len; uint8_t type; uint8_t md5len; uint8_t md5data[1]; } __attribute__((__packed__)); typedef struct eapmd5_frame eapmd5_t; #define EAPMD5_SIZE offsetof(eapmd5_t, md5data) /*===========================================================================*/ struct eapleap_frame { uint8_t code; uint8_t id; uint16_t eapleaplen; uint8_t type; uint8_t version; uint8_t reserved; uint8_t leaplen; uint8_t leapdata[1]; } __attribute__((__packed__)); typedef struct eapleap_frame eapleap_t; #define EAPLEAP_SIZE offsetof(eapleap_t, leapdata) /*===========================================================================*/ struct eapmschapv2_frame { uint8_t code; uint8_t id; uint16_t eaplen; uint8_t type; uint8_t opcode; #define EAP_MSCHAPV2_OPCODE_REQ 1 #define EAP_MSCHAPV2_OPCODE_RESP 2 uint8_t mschapv2id; uint16_t mschapv2len; uint8_t mschapv2valuesize; uint8_t mschapv2data[1]; } __attribute__((__packed__)); typedef struct eapmschapv2_frame eapmschapv2_t; #define EAPMSCHAPV2_SIZE offsetof(eapmschapv2_t, mschapv2data) /*===========================================================================*/ struct ipv4_frame { uint8_t ver_hlen; uint8_t tos; uint16_t len; uint16_t ipid; uint16_t flags_offset; uint8_t ttl; uint8_t nextprotocol; #define NEXTHDR_HOP 0 /* Hop-by-hop option header. */ #define NEXTHDR_ICMP4 1 /* ICMP4 header */ #define NEXTHDR_TCP 6 /* TCP segment. */ #define NEXTHDR_UDP 17 /* UDP message. */ #define NEXTHDR_IPV6 41 /* IPv6 in IPv6 */ #define NEXTHDR_ROUTING 43 /* Routing header. */ #define NEXTHDR_FRAGMENT 44 /* Fragmentation/reassembly header. */ #define NEXTHDR_GRE 47 /* GRE header. */ #define NEXTHDR_ESP 50 /* Encapsulating security payload. */ #define NEXTHDR_AUTH 51 /* Authentication header. */ #define NEXTHDR_ICMP6 58 /* ICMP6 for IPv6. */ #define NEXTHDR_NONE 59 /* No next header */ #define NEXTHDR_DEST 60 /* Destination options header. */ #define NEXTHDR_SCTP 132 /* SCTP message. */ #define NEXTHDR_MOBILITY 135 /* Mobility header. */ #define NEXTHDR_MAX 255 uint16_t checksum; uint8_t srcaddr[4]; uint8_t dstaddr[4]; } __attribute__ ((packed)); typedef struct ipv4_frame ipv4_t; #define IPV4_SIZE (sizeof(ipv4_t)) #define IPV4_SIZE_MIN 20 #define IPV4_SIZE_MAX 64 /*===========================================================================*/ struct ipv6_frame { uint32_t ver_class; uint16_t len; uint8_t nextprotocol; uint8_t hoplimint; uint8_t srcaddr[16]; uint8_t dstaddr[16]; } __attribute__ ((packed)); typedef struct ipv6_frame ipv6_t; #define IPV6_SIZE (sizeof(ipv6_t)) /*===========================================================================*/ struct tcp_frame { uint16_t sourceport; uint16_t destinationport; uint32_t sequencenumber; uint32_t acknumber; uint8_t len /* x 4 */; uint8_t flags; uint16_t window; uint16_t checksum; uint16_t urgent; uint8_t options[1]; } __attribute__ ((packed)); typedef struct tcp_frame tcp_t; #define TCP_SIZE_MIN offsetof(tcp_t, options) /*===========================================================================*/ struct udp_frame { uint16_t sourceport; uint16_t destinationport; #define UDP_DHCP_SERVERPORT 67 #define UDP_DHCP_CLIENTPORT 68 #define UDP_DHCP6_SERVERPORT 547 #define UDP_DHCP6_CLIENTPORT 546 #define UDP_RADIUS_PORT 1812 #define UDP_TZSP_DESTINATIONPORT 37008 uint16_t len; uint16_t checksum; } __attribute__ ((packed)); typedef struct udp_frame udp_t; #define UDP_SIZE (sizeof(udp_t)) /*===========================================================================*/ struct tzsp_frame { uint8_t version; uint8_t type; uint16_t enc_protocol; #define TZSP_ENCAP_ETHERNET 1 #define TZSP_ENCAP_TOKEN_RING 2 #define TZSP_ENCAP_SLIP 3 #define TZSP_ENCAP_PPP 4 #define TZSP_ENCAP_FDDI 5 #define TZSP_ENCAP_RAW 7 #define TZSP_ENCAP_IEEE_802_11 18 #define TZSP_ENCAP_IEEE_802_11_PRISM 119 #define TZSP_ENCAP_IEEE_802_11_AVS 127 uint8_t data[1]; } __attribute__ ((packed)); typedef struct tzsp_frame tzsp_t; #define TZSP_SIZE offsetof(tzsp_t, data) /*===========================================================================*/ struct tzsp_tag { uint8_t tag; #define TZSP_TAG_END 1 #define TZSP_TAG_ORGLEN 41 uint8_t len; uint8_t data[1]; } __attribute__ ((packed)); typedef struct tzsp_tag tzsptag_t; #define TZSPTAG_SIZE offsetof(tzsptag_t, data) /*===========================================================================*/ struct gre_frame { uint16_t flags; uint16_t type; uint16_t len; uint16_t callid; } __attribute__ ((packed)); typedef struct gre_frame gre_t; #define GRE_SIZE (sizeof(gre_t)) #define GREPROTO_PPP 0x880b #define GRE_FLAG_SNSET 0x1000 #define GRE_FLAG_ACKSET 0x0080 #define GRE_MASK_VERSION 0x0003 /*===========================================================================*/ struct ptp_frame { uint16_t type; } __attribute__ ((packed)); typedef struct ptp_frame ptp_t; #define PTP_SIZE (sizeof(ptp_t)) #define PROTO_PAP 0xc023 #define PROTO_CHAP 0xc223 /*===========================================================================*/ struct chap_frame { uint8_t code; #define CHAP_CODE_REQ 1 #define CHAP_CODE_RESP 2 #define CHAP_CODE_SUCCESS 3 uint8_t id; uint16_t len; uint8_t data[1]; } __attribute__ ((packed)); typedef struct chap_frame chap_t; #define CHAP_SIZE (sizeof(chap_t)) /*===========================================================================*/ struct tacacsp_frame { uint8_t version; #define TACACSP_VERSION 0xc0 uint8_t type; #define TACACS_AUTHENTICATION 1 #define TACACS2_AUTHENTICATION 2 #define TACACS3_AUTHENTICATION 3 uint8_t sequencenr; uint8_t flags; uint32_t sessionid; uint32_t len; uint8_t data[1]; } __attribute__ ((packed)); typedef struct tacacsp_frame tacacsp_t; #define TACACSP_SIZE offsetof(tacacsp_t, data) /*===========================================================================*/ #define RADIUS_AUTHENTICATOR_LENGTH 16 #define RADIUS_PASSWORD_BLOCK_SIZE 16 #define RADIUS_HEADER_LENGTH 20 #define RADIUS_MAX_SIZE 1000 #define RADIUS_MAX_ATTRIBUTE_SIZE 253 #define RADIUS_ACCESS_REQUEST 1 #define RADIUS_ACCESS_ACCEPT 2 #define RADIUS_ACCESS_REJECT 3 #define RADIUS_ACCESS_CHALLENGE 11 struct radius_frame_t { uint8_t code; uint8_t id; uint16_t len; uint8_t authenticator[RADIUS_AUTHENTICATOR_LENGTH]; uint8_t attrs[RADIUS_MAX_SIZE -RADIUS_HEADER_LENGTH]; uint8_t data[1]; } __attribute__ ((packed)); typedef struct radius_frame_t radius_t; #define RADIUS_MIN_SIZE 4 #define RADIUS_SIZE offsetof(radius_t, data) /*===========================================================================*/ /* global var */ static const uint8_t zeroed32[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; #define NULLNONCE_SIZE (sizeof(nullnonce)) static const uint8_t mynonce[] = { 0x68, 0x20, 0x09, 0xe2, 0x1f, 0x0e, 0xbc, 0xe5, 0x62, 0xb9, 0x06, 0x5b, 0x54, 0x89, 0x79, 0x09, 0x9a, 0x65, 0x52, 0x86, 0xc0, 0x77, 0xea, 0x28, 0x2f, 0x6a, 0xaf, 0x13, 0x8e, 0x50, 0xcd, 0xb9 }; #define ANONCE_SIZE sizeof(anonce) static const uint8_t mac_broadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; static const uint8_t mac_null[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; static const int myvendorap[] = { 0x00006c, 0x000101, 0x00054f, 0x000578, 0x000b18, 0x000bf4, 0x000c53, 0x000d58, 0x000da7, 0x000dc2, 0x000df2, 0x000e17, 0x000e22, 0x000e2a, 0x000eef, 0x000f09, 0x0016b4, 0x001761, 0x001825, 0x002067, 0x00221c, 0x0022f1, 0x00234a, 0x00238c, 0x0023f7, 0x002419, 0x0024fb, 0x00259d, 0x0025df, 0x00269f, 0x005047, 0x005079, 0x0050c7, 0x0084ed, 0x0086a0, 0x00a054, 0x00a085, 0x00bb3a, 0x00cb00, 0x0418b6, 0x0c8112, 0x100000, 0x10ae60, 0x10b713, 0x1100aa, 0x111111, 0x140708, 0x146e0a, 0x18421d, 0x1cf4ca, 0x205b2a, 0x20d160, 0x24336c, 0x24bf74, 0x28ef01, 0x3cb87a, 0x487604, 0x48f317, 0x50e14a, 0x544e45, 0x580943, 0x586ed6, 0x5c6b4f, 0x609620, 0x68e166, 0x706f81, 0x78f944, 0x7ce4aa, 0x8c8401, 0x8ce748, 0x906f18, 0x980ee4, 0x9c93e4, 0xa468bc }; #define MYVENDORAP_SIZE sizeof(myvendorap) static const int myvendorclient[] = { 0xa4a6a9, 0xacde48, 0xb025aa, 0xb0ece1, 0xb0febd, 0xb4e1eb, 0xc02250, 0xc8aacc, 0xd85dfb, 0xdc7014, 0xe00db9, 0xe0cb1d, 0xe80410, 0xf04f7c, 0xf0a225, 0xfcc233 }; #define MYVENDORCLIENT_SIZE sizeof(myvendorclient) /*===========================================================================*/ hcxtools-6.3.5/include/johnops.c000066400000000000000000000170051471436210700166470ustar00rootroot00000000000000/*===========================================================================*/ void hccap2base(FILE *fhjohn, unsigned char *in, unsigned char b) { const char itoa64[64] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; fprintf(fhjohn, "%c", (itoa64[in[0] >> 2])); fprintf(fhjohn, "%c", (itoa64[((in[0] & 0x03) << 4) | (in[1] >> 4)])); if (b) { fprintf(fhjohn, "%c", (itoa64[((in[1] & 0x0f) << 2) | (in[2] >> 6)])); fprintf(fhjohn, "%c", (itoa64[in[2] & 0x3f])); } else fprintf(fhjohn, "%c", (itoa64[((in[1] & 0x0f) << 2)])); return; } /*===========================================================================*/ void mac2asciilong(char ssid[18], unsigned char *p) { sprintf(ssid, "%02x-%02x-%02x-%02x-%02x-%02x",p[0],p[1],p[2],p[3],p[4],p[5]); return; } /*===========================================================================*/ void mac2ascii(char ssid[13], unsigned char *p) { sprintf(ssid, "%02x%02x%02x%02x%02x%02x",p[0],p[1],p[2],p[3],p[4],p[5]); return; } /*===========================================================================*/ void writejohnrecord(unsigned long long int noncefuzz, hcxl_t *zeiger, FILE *fhjohn, char *basename) { hccap_t hccap; wpakey_t *wpak, *wpak2; uint8_t message_pair; unsigned int i, n; unsigned int anonce; unsigned char *hcpos; char sta_mac[18]; char ap_mac[18]; char ap_mac_long[13]; message_pair = 0x80; if((zeiger->keyinfo_ap == 1) && (zeiger->keyinfo_sta == 4)) { message_pair = MESSAGE_PAIR_M12E2; if(zeiger->replaycount_ap != zeiger->replaycount_sta) { message_pair |= 0x80; } } else if((zeiger->keyinfo_ap == 2) && (zeiger->keyinfo_sta == 4)) { message_pair = MESSAGE_PAIR_M32E2; if(zeiger->replaycount_ap != zeiger->replaycount_sta +1) { message_pair |= 0x80; } } else if((zeiger->keyinfo_ap == 16) && (zeiger->keyinfo_sta == 2)) { message_pair = MESSAGE_PAIR_M32E3; if(zeiger->replaycount_ap -1 != zeiger->replaycount_sta) { message_pair |= 0x80; } } else if((zeiger->keyinfo_ap == 3) && (zeiger->keyinfo_sta == 4)) { message_pair = MESSAGE_PAIR_M32E2; if(zeiger->replaycount_ap != zeiger->replaycount_sta) { message_pair |= 0x80; } } else if((zeiger->keyinfo_ap == 1) && (zeiger->keyinfo_sta == 8)) { message_pair = MESSAGE_PAIR_M14E4; if(zeiger->replaycount_ap != zeiger->replaycount_sta +1) { message_pair |= 0x80; } } else if((zeiger->keyinfo_ap >= 1) && (zeiger->keyinfo_sta == 8)) { message_pair = MESSAGE_PAIR_M34E4; if(zeiger->replaycount_ap != zeiger->replaycount_sta) { message_pair |= 0x80; } } hcpos = (unsigned char*)&hccap; memset (&hccap, 0, sizeof(hccap_t)); wpak = (wpakey_t*)(zeiger->eapol +EAPAUTH_SIZE); memcpy(&hccap.essid, zeiger->essid, 32); memcpy(&hccap.mac1, zeiger->mac_ap, 6); memcpy(&hccap.mac2, zeiger->mac_sta, 6); if(zeiger->keyinfo_ap == 16) { memcpy(&hccap.nonce1, zeiger->nonce, 32); memcpy(&hccap.nonce2, wpak->nonce, 32); } else { memcpy(&hccap.nonce1, wpak->nonce, 32); memcpy(&hccap.nonce2, zeiger->nonce, 32); } hccap.eapol_size = zeiger->authlen; memcpy(&hccap.eapol, zeiger->eapol, zeiger->authlen); memcpy(&hccap.keymic, wpak->keymic, 16); wpak2 = (wpakey_t*)(hccap.eapol +EAPAUTH_SIZE); memset(wpak2->keymic, 0, 16); hccap.keyver = ntohs(wpak->keyinfo) & WPA_KEY_INFO_TYPE_MASK; if(hccap.keyver == 0) { hccap.keyver = 3; } #ifdef BIG_ENDIAN_HOST hccap.eapol_size = byte_swap_16(hccap.eapol_size); #endif mac2ascii(ap_mac_long, zeiger->mac_ap); mac2asciilong(ap_mac, zeiger->mac_ap); mac2asciilong(sta_mac, zeiger->mac_sta); if(((zeiger->endianess & 0x10) == 0x10) || ((message_pair &0x10) == 0x10) || ((message_pair &0x80) == 0x00)) { fprintf(fhjohn, "%s:$WPAPSK$%s#", hccap.essid, hccap.essid); for (i = 36; i + 3 < HCCAP_SIZE; i += 3) { hccap2base(fhjohn, &hcpos[i], 1); } hccap2base(fhjohn, &hcpos[i], 0); fprintf(fhjohn, ":%s:%s:%s::WPA", sta_mac, ap_mac, ap_mac_long); if (hccap.keyver > 1) { fprintf(fhjohn, "%d", hccap.keyver); } if((message_pair &0x07) > 1) { fprintf(fhjohn, ":verified:%s\n", basename); } else { fprintf(fhjohn, ":not verified:%s\n", basename); } } else if((zeiger->endianess & 0x20) == 0x20) { anonce = zeiger->nonce[31] | (zeiger->nonce[30] << 8) | (zeiger->nonce[29] << 16) | (zeiger->nonce[28] << 24); anonce -= noncefuzz/2; for (n = 0; n < noncefuzz; n++) { hccap.nonce2[28] = (anonce >> 24) & 0xff; hccap.nonce2[29] = (anonce >> 16) & 0xff; hccap.nonce2[30] = (anonce >> 8) & 0xff; hccap.nonce2[31] = anonce & 0xff; fprintf(fhjohn, "%s:$WPAPSK$%s#", hccap.essid, hccap.essid); for (i = 36; i + 3 < HCCAP_SIZE; i += 3) { hccap2base(fhjohn, &hcpos[i], 1); } hccap2base(fhjohn, &hcpos[i], 0); fprintf(fhjohn, ":%s:%s:%s::WPA", sta_mac, ap_mac, ap_mac_long); if(hccap.keyver > 1) { fprintf(fhjohn, "%d", hccap.keyver); } if((message_pair &0x07) > 1) { fprintf(fhjohn, ":verified:%s\n", basename); } else { fprintf(fhjohn, ":not verified:%s\n", basename); } anonce++; } } else if((zeiger->endianess & 0x40) == 0x40) { anonce = zeiger->nonce[28] | (zeiger->nonce[29] << 8) | (zeiger->nonce[30] << 16) | (zeiger->nonce[31] << 24); anonce -= noncefuzz/2; for (n = 0; n < noncefuzz; n++) { hccap.nonce2[31] = (anonce >> 24) & 0xff; hccap.nonce2[30] = (anonce >> 16) & 0xff; hccap.nonce2[29] = (anonce >> 8) & 0xff; hccap.nonce2[28] = anonce & 0xff; fprintf(fhjohn, "%s:$WPAPSK$%s#", hccap.essid, hccap.essid); for (i = 36; i + 3 < HCCAP_SIZE; i += 3) { hccap2base(fhjohn, &hcpos[i], 1); } hccap2base(fhjohn, &hcpos[i], 0); fprintf(fhjohn, ":%s:%s:%s::WPA", sta_mac, ap_mac, ap_mac_long); if(hccap.keyver > 1) { fprintf(fhjohn, "%d", hccap.keyver); } if((message_pair &0x07) > 1) { fprintf(fhjohn, ":verified:%s\n", basename); } else { fprintf(fhjohn, ":not verified:%s\n", basename); } anonce++; } } else { anonce = zeiger->nonce[31] | (zeiger->nonce[30] << 8) | (zeiger->nonce[29] << 16) | (zeiger->nonce[28] << 24); anonce -= noncefuzz/2; for (n = 0; n < noncefuzz; n++) { hccap.nonce2[28] = (anonce >> 24) & 0xff; hccap.nonce2[29] = (anonce >> 16) & 0xff; hccap.nonce2[30] = (anonce >> 8) & 0xff; hccap.nonce2[31] = anonce & 0xff; fprintf(fhjohn, "%s:$WPAPSK$%s#", hccap.essid, hccap.essid); for (i = 36; i + 3 < HCCAP_SIZE; i += 3) { hccap2base(fhjohn, &hcpos[i], 1); } hccap2base(fhjohn, &hcpos[i], 0); fprintf(fhjohn, ":%s:%s:%s::WPA", sta_mac, ap_mac, ap_mac_long); if(hccap.keyver > 1) { fprintf(fhjohn, "%d", hccap.keyver); } if((message_pair &0x07) > 1) { fprintf(fhjohn, ":verified:%s\n", basename); } else { fprintf(fhjohn, ":not verified:%s\n", basename); } anonce++; } anonce = zeiger->nonce[28] | (zeiger->nonce[29] << 8) | (zeiger->nonce[30] << 16) | (zeiger->nonce[31] << 24); anonce -= noncefuzz/2; for (n = 0; n < noncefuzz; n++) { hccap.nonce2[31] = (anonce >> 24) & 0xff; hccap.nonce2[30] = (anonce >> 16) & 0xff; hccap.nonce2[29] = (anonce >> 8) & 0xff; hccap.nonce2[28] = anonce & 0xff; fprintf(fhjohn, "%s:$WPAPSK$%s#", hccap.essid, hccap.essid); for (i = 36; i + 3 < HCCAP_SIZE; i += 3) { hccap2base(fhjohn, &hcpos[i], 1); } hccap2base(fhjohn, &hcpos[i], 0); fprintf(fhjohn, ":%s:%s:%s::WPA", sta_mac, ap_mac, ap_mac_long); if(hccap.keyver > 1) { fprintf(fhjohn, "%d", hccap.keyver); } if((message_pair &0x07) > 1) { fprintf(fhjohn, ":verified:%s\n", basename); } else { fprintf(fhjohn, ":not verified:%s\n", basename); } anonce++; } } return; } /*===========================================================================*/ hcxtools-6.3.5/include/pcap.c000066400000000000000000000024221471436210700161070ustar00rootroot00000000000000#define _GNU_SOURCE #include #include #include #include #include #include #include #include #include "pcap.h" /*===========================================================================*/ bool pcapwritehdr(int fd, int linklayer) { pcap_hdr_t pcap_hdr; int written; memset(&pcap_hdr, 0, PCAPHDR_SIZE); pcap_hdr.magic_number = PCAPMAGICNUMBER; pcap_hdr.version_major = PCAP_MAJOR_VER; pcap_hdr.version_minor = PCAP_MINOR_VER; pcap_hdr.snaplen = PCAP_SNAPLEN; pcap_hdr.network = linklayer; written = write(fd, &pcap_hdr, PCAPHDR_SIZE); if(written != PCAPHDR_SIZE) return false; return true; } /*===========================================================================*/ int hcxopencapdump(char *capdumpname) { int fd; int c; struct stat statinfo; char newcapdumpname[PATH_MAX +2]; c = 0; strcpy(newcapdumpname, capdumpname); while(stat(newcapdumpname, &statinfo) == 0) { snprintf(newcapdumpname, PATH_MAX, "%s_%d", capdumpname, c); c++; } umask(0); fd = open(newcapdumpname, O_WRONLY | O_CREAT, 0644); if(fd == -1) return -1; if(pcapwritehdr(fd, DLT_IEEE802_11) == false) { close(fd); return 0; } return fd; } /*===========================================================================*/ hcxtools-6.3.5/include/pcap.h000066400000000000000000000346741471436210700161320ustar00rootroot00000000000000#define MSNETMON1 0x53535452 #define MSNETMON2 0x55424d47 #define PCAPMAGICNUMBER 0xa1b2c3d4 #define PCAPMAGICNUMBERBE 0xd4c3b2a1 #define PCAP_MAJOR_VER 2 #define PCAP_MINOR_VER 4 #define PCAP_SNAPLEN 0xffff #define MAXPACPSNAPLEN 0x80000 #define PCAPNG_MAJOR_VER 1 #define PCAPNG_MINOR_VER 0 #define PCAPNG_SNAPLEN 0x80000 #define PCAPNGBLOCKTYPE 0x0a0d0d0a #define PCAPNGMAGICNUMBER 0x1a2b3c4d #define PCAPNGMAGICNUMBERBE 0x4d3c2b1a #ifndef LIBPCAPSUPPORT #define DLT_NULL 0 #define DLT_EN10MB 1 #define DLT_EN3MB 2 #define DLT_AX25 3 #define DLT_PRONET 4 #define DLT_CHAOS 5 #define DLT_IEEE802 6 #define DLT_ARCNET 7 #define DLT_SLIP 8 #define DLT_PPP 9 #define DLT_FDDI 10 #define DLT_ATM_RFC1483 11 #ifdef __OpenBSD__ #define DLT_RAW 14 #else #define DLT_RAW 12 #endif #if defined(__NetBSD__) || defined(__FreeBSD__) #ifndef DLT_SLIP_BSDOS #define DLT_SLIP_BSDOS 13 #define DLT_PPP_BSDOS 14 #endif #else #define DLT_SLIP_BSDOS 15 #define DLT_PPP_BSDOS 16 #endif #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__DragonFly__) || defined(__APPLE__) #define DLT_PFSYNC 18 #endif #define DLT_ATM_CLIP 19 #define DLT_REDBACK_SMARTEDGE 32 #define DLT_PPP_SERIAL 50 #define DLT_PPP_ETHER 51 #define DLT_SYMANTEC_FIREWALL 99 #define DLT_MATCHING_MIN 104 #define DLT_C_HDLC 104 #define DLT_CHDLC DLT_C_HDLC #define DLT_IEEE802_11 105 #define DLT_FRELAY 107 #ifdef __OpenBSD__ #define DLT_LOOP 12 #else #define DLT_LOOP 108 #endif #ifdef __OpenBSD__ #define DLT_ENC 13 #else #define DLT_ENC 109 #endif #define DLT_LINUX_SLL 113 #define DLT_LTALK 114 #define DLT_ECONET 115 #define DLT_IPFILTER 116 #define DLT_PFLOG 117 #define DLT_CISCO_IOS 118 #define DLT_PRISM_HEADER 119 #define DLT_AIRONET_HEADER 120 #ifdef __FreeBSD__ #define DLT_PFSYNC 121 #else #define DLT_HHDLC 121 #endif #define DLT_IP_OVER_FC 122 #define DLT_SUNATM 123 #define DLT_RIO 124 #define DLT_PCI_EXP 125 #define DLT_AURORA 126 #define DLT_IEEE802_11_RADIO 127 #define DLT_TZSP 128 #define DLT_ARCNET_LINUX 129 #define DLT_JUNIPER_MLPPP 130 #define DLT_JUNIPER_MLFR 131 #define DLT_JUNIPER_ES 132 #define DLT_JUNIPER_GGSN 133 #define DLT_JUNIPER_MFR 134 #define DLT_JUNIPER_ATM2 135 #define DLT_JUNIPER_SERVICES 136 #define DLT_JUNIPER_ATM1 137 #define DLT_APPLE_IP_OVER_IEEE1394 138 #define DLT_MTP2_WITH_PHDR 139 #define DLT_MTP2 140 #define DLT_MTP3 141 #define DLT_SCCP 142 #define DLT_DOCSIS 143 #define DLT_LINUX_IRDA 144 #define DLT_IBM_SP 145 #define DLT_IBM_SN 146 #define DLT_USER0 147 #define DLT_USER1 148 #define DLT_USER2 149 #define DLT_USER3 150 #define DLT_USER4 151 #define DLT_USER5 152 #define DLT_USER6 153 #define DLT_USER7 154 #define DLT_USER8 155 #define DLT_USER9 156 #define DLT_USER10 157 #define DLT_USER11 158 #define DLT_USER12 159 #define DLT_USER13 160 #define DLT_USER14 161 #define DLT_USER15 162 #define DLT_IEEE802_11_RADIO_AVS 163 #define DLT_JUNIPER_MONITOR 164 #define DLT_BACNET_MS_TP 165 #define DLT_PPP_PPPD 166 #define DLT_PPP_WITH_DIRECTION DLT_PPP_PPPD #define DLT_LINUX_PPP_WITHDIRECTION DLT_PPP_PPPD #define DLT_JUNIPER_PPPOE 167 #define DLT_JUNIPER_PPPOE_ATM 168 #define DLT_GPRS_LLC 169 #define DLT_GPF_T 170 #define DLT_GPF_F 171 #define DLT_GCOM_T1E1 172 #define DLT_GCOM_SERIAL 173 #define DLT_JUNIPER_PIC_PEER 174 #define DLT_ERF_ETH 175 #define DLT_ERF_POS 176 #define DLT_LINUX_LAPD 177 #define DLT_JUNIPER_ETHER 178 #define DLT_JUNIPER_PPP 179 #define DLT_JUNIPER_FRELAY 180 #define DLT_JUNIPER_CHDLC 181 #define DLT_MFR 182 #define DLT_JUNIPER_VP 183 #define DLT_A429 184 #define DLT_A653_ICM 185 #define DLT_USB_FREEBSD 186 #define DLT_USB 186 #define DLT_BLUETOOTH_HCI_H4 187 #define DLT_IEEE802_16_MAC_CPS 188 #define DLT_USB_LINUX 189 #define DLT_CAN20B 190 #define DLT_IEEE802_15_4_LINUX 191 #define DLT_PPI 192 #define DLT_IEEE802_16_MAC_CPS_RADIO 193 #define DLT_JUNIPER_ISM 194 #define DLT_IEEE802_15_4 195 #define DLT_SITA 196 #define DLT_ERF 197 #define DLT_RAIF1 198 #define DLT_IPMB 199 #define DLT_JUNIPER_ST 200 #define DLT_BLUETOOTH_HCI_H4_WITH_PHDR 201 #define DLT_AX25_KISS 202 #define DLT_LAPD 203 #define DLT_PPP_WITH_DIR 204 #define DLT_C_HDLC_WITH_DIR 205 #define DLT_FRELAY_WITH_DIR 206 #define DLT_LAPB_WITH_DIR 207 #define DLT_IPMB_LINUX 209 #define DLT_FLEXRAY 210 #define DLT_MOST 211 #define DLT_LIN 212 #define DLT_X2E_SERIAL 213 #define DLT_X2E_XORAYA 214 #define DLT_IEEE802_15_4_NONASK_PHY 215 #define DLT_LINUX_EVDEV 216 #define DLT_GSMTAP_UM 217 #define DLT_GSMTAP_ABIS 218 #define DLT_MPLS 219 #define DLT_USB_LINUX_MMAPPED 220 #define DLT_DECT 221 #define DLT_AOS 222 #define DLT_WIHART 223 #define DLT_FC_2 224 #define DLT_FC_2_WITH_FRAME_DELIMS 225 #define DLT_IPNET 226 #define DLT_CAN_SOCKETCAN 227 #define DLT_IPV4 228 #define DLT_IPV6 229 #define DLT_IEEE802_15_4_NOFCS 230 #define DLT_DBUS 231 #define DLT_JUNIPER_VS 232 #define DLT_JUNIPER_SRX_E2E 233 #define DLT_JUNIPER_FIBRECHANNEL 234 #define DLT_DVB_CI 235 #define DLT_MUX27010 236 #define DLT_STANAG_5066_D_PDU 237 #define DLT_JUNIPER_ATM_CEMIC 238 #define DLT_NFLOG 239 #define DLT_NETANALYZER 240 #define DLT_NETANALYZER_TRANSPARENT 241 #define DLT_IPOIB 242 #define DLT_MPEG_2_TS 243 #define DLT_NG40 244 #define DLT_NFC_LLCP 245 #if !defined(__FreeBSD__) && !defined(__OpenBSD__) && !defined(__NetBSD__) && !defined(__DragonFly__) && !defined(__APPLE__) #define DLT_PFSYNC 246 #endif #define DLT_INFINIBAND 247 #define DLT_SCTP 248 #define DLT_USBPCAP 249 #define DLT_RTAC_SERIAL 250 #define DLT_BLUETOOTH_LE_LL 251 #define DLT_WIRESHARK_UPPER_PDU 252 #define DLT_NETLINK 253 #define DLT_BLUETOOTH_LINUX_MONITOR 254 #define DLT_BLUETOOTH_BREDR_BB 255 #define DLT_BLUETOOTH_LE_LL_WITH_PHDR 256 #define DLT_PROFIBUS_DL 257 #ifdef __APPLE__ #define DLT_PKTAP DLT_USER2 #else #define DLT_PKTAP 258 #endif #define DLT_EPON 259 #define DLT_IPMI_HPM_2 260 #define DLT_ZWAVE_R1_R2 261 #define DLT_ZWAVE_R3 262 #define DLT_WATTSTOPPER_DLM 263 #define DLT_ISO_14443 264 #define DLT_RDS 265 #endif /*===========================================================================*/ struct pcap_hdr_s { uint32_t magic_number; /* magic number */ uint16_t version_major; /* major version number */ uint16_t version_minor; /* minor version number */ int32_t thiszone; /* GMT to local correction */ uint32_t sigfigs; /* accuracy of timestamps */ uint32_t snaplen; /* max length of captured packets, in octets */ uint32_t network; /* data link type */ } __attribute__((__packed__)); typedef struct pcap_hdr_s pcap_hdr_t; #define PCAPHDR_SIZE (sizeof(pcap_hdr_t)) /*===========================================================================*/ struct pcaprec_hdr_s { uint32_t ts_sec; /* timestamp seconds */ uint32_t ts_usec; /* timestamp microseconds */ uint32_t incl_len; /* number of octets of packet saved in file */ uint32_t orig_len; /* actual length of packet */ uint8_t data[1]; } __attribute__((__packed__)); typedef struct pcaprec_hdr_s pcaprec_hdr_t; #define PCAPREC_SIZE offsetof(pcaprec_hdr_t, data) /*===========================================================================*/ /* Header of all pcapng blocks */ struct block_header_s { uint32_t block_type; /* block type */ uint32_t total_length; /* block length */ uint32_t byte_order_magic; /* byte order magic - indicates swapped data */ } __attribute__((__packed__)); typedef struct block_header_s block_header_t; #define BH_SIZE (sizeof(block_header_t)) /*===========================================================================*/ /* Header of all pcapng options */ struct option_header_s { #define SHB_EOC 0 #define SHB_COMMENT 1 #define SHB_HARDWARE 2 #define SHB_OS 3 #define SHB_USER_APPL 4 #define SHB_CUSTOM_OPT 0x0bad #define TSRESOL_USEC 6 #define TSRESOL_NSEC 9 #define IF_NAME 2 #define IF_DESCRIPTION 3 #define IF_MACADDR 6 #define IF_TSRESOL 9 #define IF_TZONE 10 /* custom option code */ #define OPTIONCODE_MACORIG 0xf29a #define OPTIONCODE_MACAP 0xf29b #define OPTIONCODE_RC 0xf29c #define OPTIONCODE_ANONCE 0xf29d #define OPTIONCODE_MACCLIENT 0xf29e #define OPTIONCODE_SNONCE 0xf29f #define OPTIONCODE_WEAKCANDIDATE 0xf2a0 #define OPTIONCODE_NMEA 0xf2a1 uint16_t option_code; /* option code - depending of block (0 - end of opts, 1 - comment are in common) */ uint16_t option_length; /* option length - length of option in bytes (will be padded to 32bit) */ uint8_t data[1]; } __attribute__((__packed__)); typedef struct option_header_s option_header_t; #define OH_SIZE offsetof (option_header_t, data) /*===========================================================================*/ /* Section Header Block (SHB) - ID 0x0A0D0D0A */ struct section_header_block_s { uint32_t block_type; /* block type */ #define SHBID 0x0A0D0D0A uint32_t total_length; /* block length */ uint32_t byte_order_magic; /* byte order magic - indicates swapped data */ uint16_t major_version; /* major version of pcapng (1 atm) */ uint16_t minor_version; /* minor version of pcapng (0 atm) */ int64_t section_length; /* length of section - can be -1 (parsing necessary) */ uint8_t data[1]; } __attribute__((__packed__)); typedef struct section_header_block_s section_header_block_t; #define SHB_SIZE offsetof (section_header_block_t, data) /*===========================================================================*/ /* Interface Description Block (IDB) - ID 0x00000001 */ struct interface_description_block_s { uint32_t block_type; /* block type */ #define IDBID 0x00000001 uint32_t total_length; /* block length */ uint16_t linktype; /* the link layer type (was -network- in classic pcap global header) */ uint16_t reserved; /* 2 bytes of reserved data */ uint32_t snaplen; /* maximum number of bytes dumped from each packet (was -snaplen- in classic pcap global header */ uint8_t data[1]; } __attribute__((__packed__)); typedef struct interface_description_block_s interface_description_block_t; #define IDB_SIZE offsetof (interface_description_block_t, data) /*===========================================================================*/ /* Packet Block (PB) - ID 0x00000002 (OBSOLETE - EPB should be used instead) */ struct packet_block_s { uint32_t block_type; /* block type */ #define PBID 0x00000002 uint32_t total_length; /* block length */ uint16_t interface_id; /* the interface the packet was captured from - identified by interface description block in current section */ uint16_t drops_count; /* packet dropped by IF and OS since prior packet */ uint32_t timestamp_high; /* high bytes of timestamp */ uint32_t timestamp_low; /* low bytes of timestamp */ uint32_t caplen; /* length of packet in the capture file (was -incl_len- in classic pcap packet header) */ uint32_t len; /* length of packet when transmitted (was -orig_len- in classic pcap packet header) */ uint8_t data[1]; } __attribute__((__packed__)); typedef struct packet_block_s packet_block_t; #define PB_SIZE offsetof (packet_block_t, data) /*===========================================================================*/ /* Simple Packet Block (SPB) - ID 0x00000003 */ struct simple_packet_block_s { uint32_t block_type; /* block type */ #define SPBID 0x00000003 uint32_t total_length; /* block length */ uint32_t len; /* length of packet when transmitted (was -orig_len- in classic pcap packet header) */ uint8_t data[1]; } __attribute__((__packed__)); typedef struct simple_packet_block_s simple_packet_block_t; #define SPB_SIZE offsetof (simple_packet_block, data) /*===========================================================================*/ /* Name Resolution Block (NRB) - ID 0x00000004 */ struct name_resolution_block_s { uint32_t block_type; /* block type */ #define NRBID 0x00000004 uint32_t total_length; /* block length */ uint16_t record_type; /* type of record (ipv4 / ipv6) */ uint16_t record_length; /* length of record value */ uint8_t data[1]; } __attribute__((__packed__)); typedef struct name_resolution_block_s name_resolution_block_t; #define NRB_SIZE offsetof (name_resolution_block_t, data) /*===========================================================================*/ /* Interface Statistics Block - ID 0x00000005 */ struct interface_statistics_block_s { uint32_t block_type; /* block type */ #define ISBID 0x00000005 uint32_t total_length; /* block length */ uint32_t interface_id; /* the interface the stats refer to - identified by interface description block in current section */ uint32_t timestamp_high; /* high bytes of timestamp */ uint32_t timestamp_low; /* low bytes of timestamp */ uint8_t data[1]; } __attribute__((__packed__)); typedef struct interface_statistics_block_s interface_statistics_block_t; #define ISB_SIZE offsetof (interface_statistics_block_t, data) /*===========================================================================*/ /* Enhanced Packet Block (EPB) - ID 0x00000006 */ struct enhanced_packet_block_s { uint32_t block_type; /* block type */ #define EPBID 0x00000006 uint32_t total_length; /* block length */ uint32_t interface_id; /* the interface the packet was captured from - identified by interface description block in current section */ uint32_t timestamp_high; /* high bytes of timestamp */ uint32_t timestamp_low; /* low bytes of timestamp */ uint32_t caplen; /* length of packet in the capture file (was -incl_len- in classic pcap packet header) */ uint32_t len; /* length of packet when transmitted (was -orig_len- in classic pcap packet header) */ uint8_t data[1]; } __attribute__((__packed__)); typedef struct enhanced_packet_block_s enhanced_packet_block_t; #define EPB_SIZE offsetof (enhanced_packet_block_t, data) /*===========================================================================*/ /* Custom Block (CB) - ID 0x00000bad */ struct custom_block_s { uint32_t block_type; /* block type */ #define CBID 0x00000bad uint32_t total_length; /* block length */ uint8_t pen[4]; /* Private Enterprise Number */ uint8_t hcxm[32]; /* hcxdumptool magic number */ uint8_t data[1]; } __attribute__((__packed__)); typedef struct custom_block_s custom_block_t; #define CB_SIZE offsetof (custom_block_t, data) uint8_t hcxmagic[] = { 0x2a, 0xce, 0x46, 0xa1, 0x79, 0xa0, 0x72, 0x33, 0x83, 0x37, 0x27, 0xab, 0x59, 0x33, 0xb3, 0x62, 0x45, 0x37, 0x11, 0x47, 0xa7, 0xcf, 0x32, 0x7f, 0x8d, 0x69, 0x80, 0xc0, 0x89, 0x5e, 0x5e, 0x98 }; #define HCXMAGIC_SIZE (sizeof(hcxmagic)) /*===========================================================================*/ hcxtools-6.3.5/include/strings.c000066400000000000000000000063531471436210700166640ustar00rootroot00000000000000#define _GNU_SOURCE #include #include #include /*===========================================================================*/ bool ispotfilestring(size_t len, char *buffer) { size_t i; for(i = 0; i < len; i++) { if((buffer[i] < 0x20) || (buffer[i] > 0x7e) || (buffer[i] == ':')) return false; } return true; } /*===========================================================================*/ bool isasciistring(size_t len, uint8_t *buffer) { size_t i; for(i = 0; i < len; i++) { if(buffer[i] == 0) return true; if((buffer[i] < 0x20) || (buffer[i] == 0x7f)) return false; } return true; } /*===========================================================================*/ size_t getfieldlen(const char *str, size_t len) { size_t i; for(i = 0; i < len; i++) { if(str[i] == '*') return i; } return -1; } /*===========================================================================*/ bool ishexvalue(const char *str, size_t len) { size_t i; for(i = 0; i < len; i++) { if(!isxdigit((unsigned char)str[i])) return false; } return true; } /*===========================================================================*/ ssize_t hex2bin(const char *str, uint8_t *bytes, size_t blen) { uint8_t pos; uint8_t idx0; uint8_t idx1; const uint8_t hashmap[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, // 01234567 0x08, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 89:;<=>? 0x00, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00, // @ABCDEFG 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // HIJKLMNO 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // PQRSTUVW 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // XYZ[\]^_ 0x00, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00, // `abcdefg 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // hijklmno }; if(ishexvalue(str, blen) == false) return -1; memset(bytes, 0, blen); for (pos = 0; ((pos < (blen*2)) && (pos < strlen(str))); pos += 2) { idx0 = ((uint8_t)str[pos+0] & 0x1F) ^ 0x10; idx1 = ((uint8_t)str[pos+1] & 0x1F) ^ 0x10; bytes[pos/2] = (uint8_t)(hashmap[idx0] << 4) | hashmap[idx1]; }; return pos/2; } /*===========================================================================*/ ssize_t ishexify(const char *string) { size_t len; len = strlen(string); if (len < 6) return -1; if (strncmp("$HEX[", string, 5)) return -1; if (string[len -1] != ']') return -1; if ((len &1) == 1) return -1; return (len -6)/2; } /*===========================================================================*/ char** create_upper_array(const char** from, size_t size) { size_t len; size_t i; uint8_t j; char** to; to = (char**)malloc(size * sizeof(char *)); if(to == NULL) { fprintf(stderr, "failed to allocate memory\n"); exit(EXIT_FAILURE); } for (i = 0; i < size; i++) { len = strlen(from[i]); to[i] = (char*)malloc(len * sizeof(char) + 1); if(to[i] == NULL) { fprintf(stderr, "failed to allocate memory\n"); exit(EXIT_FAILURE); } for (j = 0; j <= len; j++) to[i][j] = toupper((unsigned char)from[i][j]); } return to; } /*===========================================================================*/ void free_array(char** arr, size_t size) { size_t i; for (i = 0; i < size; i++) free(arr[i]); free(arr); return; } /*===========================================================================*/ hcxtools-6.3.5/license.txt000066400000000000000000000020711471436210700155600ustar00rootroot00000000000000The MIT License (MIT) Copyright (c) 2000-2024 ZeroBeat Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. hcxtools-6.3.5/man/000077500000000000000000000000001471436210700141505ustar00rootroot00000000000000hcxtools-6.3.5/man/hcxtools.1000066400000000000000000000031571471436210700161030ustar00rootroot00000000000000.\" Manpage for hcxtools. .\" Contact https://github.com/ZerBea to correct errors or typos. .TH man 1 "23 October 2021" "1.0" "hcxtools man page" .SH NAME hcxtools .SH DESCRIPTION Small set of tools convert packets from WiFi captures to detect weak points within own WiFi networks by analyzing the hashes. .SH TOOLS .nf | hcxpcapngtool | Provide new hashcat format 22000 | | hcxhashtool | Provide various filter operations on new PMKID/EAPOL hash line | | hcxpsktool | Calculates candidates for hashcat and john based on based on hcxpcapngtool output or commandline input | | hcxpmktool | Calculate and verify a PSK and/or a PMK | | hcxeiutool | Prepare -E -I -U output of hcxpcapngtool for use by hashcat + rule or JtR + rule | | hcxwltool | Calculates candidates for hashcat and john based on mixed wordlists | | hcxhash2cap | Converts hash file (PMKID&EAPOL, PMKID, EAPOL-hccapx, EAPOL-hccap, WPAPSK-john) to cap | | wlancap2wpasec | Upload multiple (gzip compressed) pcapng, pcap and cap files to https://wpa-sec.stanev.org | | whoismac | Show vendor information and/or download oui reference list | .SH OPTIONS help menu (-h or --help) of each tool will list all available options .SH RELATED TOOLS hcxdumptool, wlangenpmk, wlangenpmkocl .SH BUGS no known bugs. .SH AUTHOR ZeroBeat (https://github.com/ZerBea) hcxtools-6.3.5/meson.build000066400000000000000000000027371471436210700155500ustar00rootroot00000000000000project( 'hcxtools', 'c', version: '6.3.2', default_options: ['warning_level=3'], ) vyear = 2024 if true vtag = meson.project_version() else gcmd = run_command('git describe --tags') if gcmd.returncode() == 0 vtag = gcmd.stdout() else vtag = meson.project_version() endif endif add_project_arguments('-DVERSION_TAG="@0@"'.format(vtag), language: 'c') add_project_arguments('-DVERSION_YEAR="@0@"'.format(vyear), language: 'c') cc = meson.get_compiler('c') curl_dep = dependency('libcurl', required: get_option('curl')) openssl_dep = dependency('openssl', required: get_option('openssl')) winsock_dep = cc.find_library('ws2_32', required: host_machine.system() == 'windows') zlib_dep = dependency('zlib', required: get_option('zlib')) if zlib_dep.found() add_project_arguments('-DWANTZLIB', language: 'c') endif tools = { 'hcxeiutool': [], 'hcxwltool': [], 'hcxhash2cap': winsock_dep, } if curl_dep.found() tools += {'wlancap2wpasec': curl_dep} if host_machine.system() != 'windows' tools += {'whoismac': curl_dep} endif endif if openssl_dep.found() tools += { 'hcxpcapngtool': [openssl_dep, winsock_dep, zlib_dep], 'hcxpsktool': openssl_dep, 'hcxpmktool': [openssl_dep, winsock_dep], } if host_machine.system() != 'windows' and curl_dep.found() tools += {'hcxhashtool': [curl_dep, openssl_dep]} endif endif foreach t, d : tools executable( t, '@0@.c'.format(t), dependencies: d, install: true, ) endforeach hcxtools-6.3.5/meson_options.txt000066400000000000000000000004111471436210700170260ustar00rootroot00000000000000option('curl', type: 'feature', description: 'Build tools relying on libcurl', ) option('openssl', type: 'feature', description: 'Build tools relying on OpenSSL', ) option('zlib', type: 'feature', description: 'Build with zlib support for hcxpcapngtool', ) hcxtools-6.3.5/usefulscripts/000077500000000000000000000000001471436210700163105ustar00rootroot00000000000000hcxtools-6.3.5/usefulscripts/bulk_convert_hccapx2pcap.sh000066400000000000000000000014621471436210700236200ustar00rootroot00000000000000#!/bin/bash # Useful for transient from m16800 to m22000 # Verify that argument 1 and 2 are passed if [ $# -lt 2 ]; then echo "Error: Please provide two arguments: source folder with hccapx files and destination folder for pcap files." exit 1 fi # Verify that argument 1 and 2 are existing folders if [ ! -d "$1" ]; then echo "Error: $1 is not an existing folder." exit 1 fi if [ ! -d "$2" ]; then echo "Error: $2 is not an existing folder." exit 1 fi # Verify that the second folder is writable if [ ! -w "$2" ]; then echo "Error: $2 is not writable." exit 1 fi # Iterate over the files with extension .hccapx in folder 1 for file in `ls "$1"/*.hccapx`;do echo "Processing file: $file" new_filename="$(basename "$file" .hccapx).cap" hcxhash2cap --hccapx="$file" -c "$2/$new_filename" done hcxtools-6.3.5/usefulscripts/hcxgrep.py000077500000000000000000000115341471436210700203310ustar00rootroot00000000000000#!/usr/bin/env python3 ''' greps inside hccapx/pmkid structs by essid, mac_ap or mac_sta This software is Copyright (c) 2019-2023, Alex Stanev and it is hereby released to the general public under the following terms: Redistribution and use in source and binary forms, with or without modification, are permitted. ''' import argparse import os import sys import binascii import struct import re maketrans = bytearray.maketrans def parse_hccapx(hccapx): '''hccapx decompose https://hashcat.net/wiki/doku.php?id=hccapx struct hccapx { u32 signature; u32 version; u8 message_pair; u8 essid_len; u8 essid[32]; u8 keyver; u8 keymic[16]; u8 mac_ap[6]; u8 nonce_ap[32]; u8 mac_sta[6]; u8 nonce_sta[32]; u16 eapol_len; u8 eapol[256]; } __attribute__((packed)); ''' hccapx_fmt = '< 4x 4x x B 32s x 16x 6s 32x 6s 32x 2x 256x' try: (essid_len, essid, mac_ap, mac_sta) = struct.unpack(hccapx_fmt, hccapx) except struct.error: sys.stderr.write('Can\'t parse hcccapx struct!\n') sys.exit(1) # fixup if args.t == 'essid': return essid[:essid_len] if args.t == 'mac_ap': return binascii.hexlify(mac_ap).zfill(12) if args.t == 'mac_sta': return binascii.hexlify(mac_sta).zfill(12) return None def parse_pmkid(pmkid): '''pmkid decompose format: pmkid*mac_ap*mac_sta*essid ''' arr = pmkid.split(b'*', 4) if len(arr) == 4: try: if args.t == 'essid': return binascii.unhexlify(arr[3].strip()) if args.t == 'mac_ap': return arr[1] if args.t == 'mac_sta': return arr[2] except TypeError: sys.stderr.write('Can\'t decode: {}\n'.format(arr[3].strip().decode())) sys.exit(1) return None def parse_combined(hashline): '''m22000 hashline decompose format: SIGNATURE*TYPE*PMKID/MIC*MACAP*MACSTA*ESSID*ANONCE*EAPOL*MESSAGEPAIR ''' arr = hashline.split(b'*', 9) if len(arr) == 9: try: if args.t == 'essid': return binascii.unhexlify(arr[5].strip()) if args.t == 'mac_ap': return arr[3] if args.t == 'mac_sta': return arr[4] except TypeError: sys.stderr.write('Can\'t decode: {}\n'.format(arr[5].strip().decode())) sys.exit(1) return None if __name__ == "__main__": parser = argparse.ArgumentParser( description='Extract records from m22000 hashline/hccapx/pmkid file with regexp') parser.add_argument( '-f', '--file', type=argparse.FileType('r'), help='Obtain patterns from FILE, one per line.') parser.add_argument( 'PATTERNS', type=str, nargs='?', help='RegExp pattern') parser.add_argument( '-v', '--invert-match', dest='v', action='store_true', help='Invert the sense of matching, to select non-matching nets') parser.add_argument( '-t', '--type', dest='t', choices=['essid', 'mac_ap', 'mac_sta'], default='essid', help='Field to apply matching, default essid') parser.add_argument( 'infile', type=str, nargs='?', help='hccapx/pmkid file to process') try: args = parser.parse_args() except IOError as ex: parser.error(str(ex)) # shift parameters if args.file and args.PATTERNS: args.infile = args.PATTERNS args.PATTERNS = None # no patterns set if args.PATTERNS is None and args.file is None: parser.print_help(sys.stderr) sys.stderr.write('You must provide PATTERNS or -f FILE\n') sys.exit(1) # read patterns from file if args.PATTERNS is None: args.PATTERNS = '|'.join('(?:{0})'.format(x.strip()) for x in args.file) try: regexp = re.compile(bytes(args.PATTERNS, 'utf-8')) except re.error as ex: sys.stderr.write('Wrong regexp {0}: {1} \n'.format(args.PATTERNS, ex)) sys.exit(1) if args.infile is not None and os.path.isfile(args.infile): fd = open(args.infile, 'rb') else: fd = sys.stdin.buffer while True: buf = fd.read(4) if buf == b'WPA*': buf = buf + fd.readline() target = parse_combined(buf) elif buf == b'HCPX': buf = buf + fd.read(393 - 4) target = parse_hccapx(buf) else: buf = buf + fd.readline() target = parse_pmkid(buf) if not buf: break if target is None: sys.stderr.write('Unrecognized input format\n') sys.exit(1) res = regexp.search(target) if (res is not None and not args.v) or (res is None and args.v): sys.stdout.buffer.write(buf) hcxtools-6.3.5/usefulscripts/pireadcard000077500000000000000000000010401471436210700203270ustar00rootroot00000000000000#!/bin/bash lsblk printf "\nchoose device: " read DEVICE if [ -f "rpiboot.tgz" ] then rm -f rpiboot.tgz fi if [ -f "rpiroot.tgz" ] then rm -f rpiroot.tgz fi echo "mount boot" if [ ! -d "boot" ] then mkdir boot fi sudo mount /dev/"$DEVICE"1 boot cd boot sudo tar -zcvf ../rpiboot.tgz . sync cd .. echo "mount root" if [ ! -d "root" ] then mkdir root fi sudo mount /dev/"$DEVICE"2 root cd root sudo tar --exclude=var/log --exclude=lost+found -zcvpf ../rpiroot.tgz . sync cd .. sudo umount boot sudo umount root rm -r boot rm -r root hcxtools-6.3.5/usefulscripts/piwritecard000077500000000000000000000011571471436210700205570ustar00rootroot00000000000000#!/bin/bash lsblk printf "\nchoose device: " read DEVICE printf "\033[0;31m o p n p 1 +256M t c n p 2 w \033[1;0m\n" sudo fdisk /dev/$DEVICE echo "build filesystem boot" sudo mkfs.fat -F32 /dev/"$DEVICE"1 echo "build filesystem root" sudo mkfs.ext4 /dev/"$DEVICE"2 echo "mount boot" if [ ! -d "boot" ] then mkdir boot fi sudo mount /dev/"$DEVICE"1 boot cd boot sudo tar -zxvf ../rpiboot.tgz sync cd .. echo "mount root" if [ ! -d "root" ] then mkdir root fi sudo mount /dev/"$DEVICE"2 root cd root sudo tar -zxvf ../rpiroot.tgz sync cd .. sudo umount boot sudo umount root rm -r boot rm -r root hcxtools-6.3.5/whoismac.c000066400000000000000000000335561471436210700153670ustar00rootroot00000000000000#define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include "include/strings.c" #include "include/fileops.c" #define LINEBUFFER_MAX 256 #define OUIBUFFER_MAX 8192 static const char *ouiurl = "https://standards-oui.ieee.org/oui/oui.txt"; /*===========================================================================*/ static bool downloadoui(char *ouiname) { static size_t bread; static CURLcode ret; static CURL *hnd; static FILE *fhoui; static FILE *fhouitmp; static char ouibuff[OUIBUFFER_MAX]; fprintf(stdout, "start downloading oui from https://standards-oui.ieee.org to: %s\n", ouiname); if((fhouitmp = tmpfile()) == NULL) { fprintf(stderr, "failed to create temporary download file\n"); return false; } hnd = curl_easy_init (); curl_easy_setopt(hnd, CURLOPT_URL, ouiurl); curl_easy_setopt(hnd, CURLOPT_NOPROGRESS, 1L); curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 5L); curl_easy_setopt(hnd, CURLOPT_WRITEDATA, fhouitmp); curl_easy_setopt(hnd, CURLOPT_NOPROGRESS, 0L); ret = curl_easy_perform(hnd); curl_easy_cleanup(hnd); if(ret != 0) { fprintf(stderr, "\ndownload not successful\n"); exit(EXIT_FAILURE); } rewind(fhouitmp); if((fhoui = fopen(ouiname, "w")) == NULL) { fprintf(stderr, "\nerror creating file %s\n", ouiname); exit(EXIT_FAILURE); } while (!feof(fhouitmp)) { bread = fread(ouibuff, 1, sizeof(ouibuff), fhouitmp); if(bread > 0) fwrite(ouibuff, 1, bread, fhoui); } fclose(fhoui); fprintf(stdout, "\ndownload finished\n"); return true; } /*===========================================================================*/ static void getessidinfo(char *essidname) { static int l, p; static uint8_t essidbuffer[66]; l = strlen(essidname); if((l < 2) || (l > 64)) { fprintf(stderr, "not a valid ESSID hex string\n"); return; } if((l %2) != 0) { fprintf(stderr, "not a valid hex string\n"); return; } for(p = 0; p < l; p++) { if(!isxdigit((unsigned char)essidname[p])) { fprintf(stderr, "not a valid hex string\n"); return; } } memset(&essidbuffer, 0, 66); if(hex2bin(essidname, essidbuffer, l /2) == -1) { fprintf(stderr, "not a valid ESSID hex string\n"); return; } fprintf(stdout, "%s\n", essidbuffer); return; } /*===========================================================================*/ static void gethexessidinfo(char *hexessidname) { static int l, p; l = strlen(hexessidname); for(p = 0; p < l; p++) { fprintf(stdout, "%02x", hexessidname[p]); } fprintf(stdout, "\n"); return; } /*===========================================================================*/ static void get16800info(char *ouiname, char *hash16800line) { static int len; static int l, l1; static FILE* fhoui; static char *vendorptr; static char *essidptr; static char *passwdptr; static unsigned long long int macap; static unsigned long long int macsta; static unsigned long long int ouiap; static unsigned long long int ouista; static unsigned long long int vendoroui; static char linein[LINEBUFFER_MAX]; static uint8_t essidbuffer[66]; static char vendorapname[256]; static char vendorstaname[256]; sscanf(&hash16800line[33], "%12llx", &macap); ouiap = macap >> 24; sscanf(&hash16800line[46], "%12llx", &macsta); ouista = macsta >> 24; essidptr = hash16800line +59; l = strlen(essidptr); passwdptr = strrchr(essidptr, ':'); if(passwdptr != NULL) { l1 = strlen(passwdptr); if(l1 > 1) { l -= l1; } } if((l%2 != 0) || (l > 64)) { fprintf(stderr, "xxx wrong ESSID length %s\n", essidptr); return; } memset(&essidbuffer, 0, 66); if(hex2bin(essidptr, essidbuffer, l /2) == -1) { fprintf(stderr, "wrong ESSID %s\n", essidptr); return; } if ((fhoui = fopen(ouiname, "r")) == NULL) { fprintf(stderr, "unable to open database %s\n", ouiname); exit (EXIT_FAILURE); } strncpy(vendorapname, "unknown", 8); strncpy(vendorstaname, "unknown", 8); while((len = fgetline(fhoui, LINEBUFFER_MAX, linein)) != -1) { if (len < 10) continue; if(strstr(linein, "(base 16)") != NULL) { sscanf(linein, "%06llx", &vendoroui); if(ouiap == vendoroui) { vendorptr = strrchr(linein, '\t'); if(vendorptr != NULL) { strncpy(vendorapname, vendorptr +1,255); } } if(ouista == vendoroui) { vendorptr = strrchr(linein, '\t'); if(vendorptr != NULL) { strncpy(vendorstaname, vendorptr +1,255); } } } } if(isasciistring(l /2, essidbuffer) == true) { fprintf(stdout, "\nESSID..: %s\n", essidbuffer); } else { fprintf(stdout, "\nESSID..: $HEX[%s]\n", essidbuffer); } fprintf(stdout, "MAC_AP.: %012llx\n" "VENDOR.: %s\n" "MAC_STA: %012llx\n" "VENDOR.: %s\n\n" , macap, vendorapname, macsta, vendorstaname); fclose(fhoui); return; } /*===========================================================================*/ static void get2500info(char *ouiname, char *hash2500line) { static int len; static int l, l1; static FILE* fhoui; static char *vendorptr; static char *essidptr; static char *passwdptr; static unsigned long long int macap; static unsigned long long int macsta; static unsigned long long int ouiap; static unsigned long long int ouista; static unsigned long long int vendoroui; static char linein[LINEBUFFER_MAX]; static uint8_t essidbuffer[72]; static char vendorapname[256]; static char vendorstaname[256]; sscanf(&hash2500line[33], "%12llx", &macap); ouiap = macap >> 24; sscanf(&hash2500line[46], "%12llx", &macsta); ouista = macsta >> 24; essidptr = hash2500line +59; l = strlen(essidptr); passwdptr = strrchr(hash2500line, ':'); if((passwdptr -hash2500line) > 59) { if(passwdptr != NULL) { l1 = strlen(passwdptr); if(l1 > 1) { l -= l1; } } } if(l > 70) { fprintf(stderr, "wrong ESSID length %s %d\n", essidptr, l); return; } memset(&essidbuffer, 0, 72); memcpy(&essidbuffer, essidptr, l); if ((fhoui = fopen(ouiname, "r")) == NULL) { fprintf(stderr, "unable to open database %s\n", ouiname); exit (EXIT_FAILURE); } strncpy(vendorapname, "unknown", 8); strncpy(vendorstaname, "unknown", 8); while((len = fgetline(fhoui, LINEBUFFER_MAX, linein)) != -1) { if (len < 10) continue; if(strstr(linein, "(base 16)") != NULL) { sscanf(linein, "%06llx", &vendoroui); if(ouiap == vendoroui) { vendorptr = strrchr(linein, '\t'); if(vendorptr != NULL) { strncpy(vendorapname, vendorptr +1,255); } } if(ouista == vendoroui) { vendorptr = strrchr(linein, '\t'); if(vendorptr != NULL) { strncpy(vendorstaname, vendorptr +1,255); } } } } fprintf(stdout, "\nESSID..: %s\n", essidbuffer); fprintf(stdout, "MAC_AP.: %012llx\n" "VENDOR.: %s\n" "MAC_STA: %012llx\n" "VENDOR.: %s\n\n" , macap, vendorapname, macsta, vendorstaname); fclose(fhoui); return; } /*===========================================================================*/ static void getoui(char *ouiname, unsigned long long int oui) { static int len; static FILE* fhoui; static char *vendorptr; static unsigned long long int vendoroui; static char linein[LINEBUFFER_MAX]; static char vendorapname[256]; #ifdef BIG_ENDIAN_HOST int lsb = oui & 0xf; #else int lsb = (oui >> 16) & 0xf; #endif if ((fhoui = fopen(ouiname, "r")) == NULL) { fprintf(stderr, "unable to open database %s\n", ouiname); exit (EXIT_FAILURE); } strncpy(vendorapname, "unknown", 8); while((len = fgetline(fhoui, LINEBUFFER_MAX, linein)) != -1) { if (len < 10) continue; if(strstr(linein, "(base 16)") != NULL) { sscanf(linein, "%06llx", &vendoroui); if(oui == vendoroui) { vendorptr = strrchr(linein, '\t'); if(vendorptr != NULL) { strncpy(vendorapname, vendorptr +1,255); break; } } } } fprintf(stdout, "\nVENDOR: %s (%s)%s\n\n", vendorapname, oui == 0xffffff ? "broadcast" : lsb & 2 ? "LAA - likely randomized!" : "UAA", oui == 0xffffff ? "" : lsb & 1 ? ", multicast" : ", unicast"); fclose(fhoui); return; } /*===========================================================================*/ static void getvendor(char *ouiname, char *vendorstring) { static int len; static FILE* fhoui; static char *vendorptr; static unsigned long long int vendoroui; char linein[LINEBUFFER_MAX]; if ((fhoui = fopen(ouiname, "r")) == NULL) { fprintf(stderr, "unable to open database %s\n", ouiname); exit (EXIT_FAILURE); } while((len = fgetline(fhoui, LINEBUFFER_MAX, linein)) != -1) { if (len < 10) continue; if(strstr(linein, "(base 16)") != NULL) { if(strstr(linein, vendorstring) != NULL) { sscanf(linein, "%06llx", &vendoroui); vendorptr = strrchr(linein, '\t'); fprintf(stdout, "%06llx%s\n", vendoroui, vendorptr); } } } fclose(fhoui); return; } /*===========================================================================*/ __attribute__ ((noreturn)) static void usage(char *eigenname) { fprintf(stdout, "%s %s (C) %s ZeroBeat\n" "usage: %s \n" "\n" "options:\n" "-d : download %s\n" " : and save to ~/.hcxtools/oui.txt\n" " : internet connection required\n" "-m : mac (six bytes of mac addr) or \n" " : oui (fist three bytes of mac addr)\n" "-p : input PMKID and/or EAPOL hashline (hashmode 22000 or 16800)\n" "-P : input EAPOL hashline from potfile (hashcat <= 5.1.0)\n" "-e : input ESSID\n" "-x : input ESSID in hex\n" "-v : vendor name\n" "-h : this help screen\n" "\n", eigenname, VERSION_TAG, VERSION_YEAR, eigenname, ouiurl); exit(EXIT_SUCCESS); } /*===========================================================================*/ int main(int argc, char *argv[]) { static int auswahl; static int mode = 0; static int ret; static int l; static int p1, p2; static unsigned long long int oui = 0; static char *hashlineend; static uid_t uid; static struct passwd *pwd; static struct stat statinfo; static char *vendorname = NULL; static char *hexessidname = NULL; static char *essidname = NULL; static char *hash16800line = NULL; static char *hash2500line = NULL; static char *ouiname = NULL; static char confdirname[] = ".hcxtools"; static char ouinameuser[] = ".hcxtools/oui.txt"; static char ouinamesystemwide[] = "/usr/share/ieee-data/oui.txt"; static char pmkidtype[] = {"WPA*01*" }; static char eapoltype[] = {"WPA*02*" }; static char pmkidtypeend[] = {"***" }; while ((auswahl = getopt(argc, argv, "m:v:p:P:e:x:dh")) != -1) { switch (auswahl) { case 'd': mode = 'd'; break; case 'm': l= strlen(optarg); if((l > 17) || (l < 6)) { fprintf(stderr, "error wrong oui size %s (need eg. 11:22:33:44:55:aa or 112233)\n", optarg); exit(EXIT_FAILURE); } p2 = 0; for(p1 = 0; p1 < l; p1++) { if(isxdigit((unsigned char)optarg[p1])) { optarg[p2] = optarg[p1]; p2++; } } optarg[6] = 0; for(p1 = 0; p1 < 6; p1++) { if(!isxdigit((unsigned char)optarg[p1])) { fprintf(stderr, "error wrong oui %s (need eg. 11:22:33:44:55:aa or 112233)\n", optarg); exit(EXIT_FAILURE); } } oui = strtoull(optarg, NULL, 16); mode = 'm'; break; case 'p': hash16800line = optarg; l = strlen(hash16800line); if(l < 61) { fprintf(stderr, "error hashline too short %s\n", optarg); exit(EXIT_FAILURE); } if(memcmp(&pmkidtype, hash16800line, 7) == 0) { hash16800line += 7; l -=7; if(memcmp(&pmkidtypeend, &hash16800line[l -3], 3) == 0) hash16800line[l -3] = 0; } if(memcmp(&eapoltype, hash16800line, 7) == 0) { hash16800line += 7; hashlineend = strchr(&hash16800line[59], '*'); if(hashlineend != NULL) hashlineend[0] = 0; } if(((hash16800line[32] != ':') && (hash16800line[45] != ':') && (hash16800line[58] != ':')) && ((hash16800line[32] != '*') && (hash16800line[45] != '*') && (hash16800line[58] != '*'))) { fprintf(stderr, "error hashline wrong format %s\n", optarg); exit(EXIT_FAILURE); } mode = 'p'; break; case 'P': hash2500line = optarg; l = strlen(hash2500line); if(l < 61) { fprintf(stderr, "error hashline too short %s\n", optarg); exit(EXIT_FAILURE); } if((hash2500line[32] != ':') && (hash2500line[45] != ':') && (hash2500line[58] != ':')) { fprintf(stderr, "error hashline wrong format %s\n", optarg); exit(EXIT_FAILURE); } mode = 'P'; break; case 'v': vendorname = optarg; mode = 'v'; break; case 'e': hexessidname = optarg; mode = 'e'; break; case 'x': essidname = optarg; mode = 'x'; break; default: usage(basename(argv[0])); } } if(argc > 3) { fprintf(stderr, "only one argument allowed\n"); exit(EXIT_FAILURE); } uid = getuid(); pwd = getpwuid(uid); if(pwd == NULL) { fprintf(stderr, "failed to get home dir\n"); exit(EXIT_FAILURE); } ret = chdir(pwd->pw_dir); if(ret == -1) { fprintf(stderr, "failed to change dir\n"); } if(stat(confdirname, &statinfo) == -1) { if(mkdir(confdirname,0755) == -1) { fprintf(stderr, "failed to create conf dir\n"); exit(EXIT_FAILURE); } } if(mode == 'd') { downloadoui(ouinameuser); return EXIT_SUCCESS; } if(stat(ouinamesystemwide, &statinfo) == 0) { ouiname = ouinamesystemwide; } if(stat(ouinameuser, &statinfo) == 0) { ouiname = ouinameuser; } if(ouiname == NULL) { fprintf(stderr, "failed read oui.txt\n" "use download option -d to download it\n" "or download file %s\n" "and save it to ~/.hcxtools/oui.txt\n", ouiurl); exit(EXIT_FAILURE); } if(stat(ouiname, &statinfo) < 0) { fprintf(stderr, "failed read oui.txt\n" "use download option -d to download it\n" "or download file %s\n" "and save it to ~/.hcxtools/oui.txt\n", ouiurl); exit(EXIT_FAILURE); } if(mode == 'm') { getoui(ouiname, oui); } else if(mode == 'p') { get16800info(ouiname, hash16800line); } else if(mode == 'P') { get2500info(ouiname, hash2500line); } else if(mode == 'v') { getvendor(ouiname, vendorname); } else if(mode == 'e') { gethexessidinfo(hexessidname); } else if(mode == 'x') { getessidinfo(essidname); } else { usage(basename(argv[0])); return EXIT_FAILURE; } return EXIT_SUCCESS; } hcxtools-6.3.5/wlancap2wpasec.c000066400000000000000000000164421471436210700164620ustar00rootroot00000000000000#define _GNU_SOURCE #include #include #include #include #include #include #include #include /*===========================================================================*/ /* globale Konstante */ struct memory { char *response; size_t size; }; static long int uploadcountok; static long int uploadcountfailed; static const char *wpasecurl = "https://wpa-sec.stanev.org"; static bool removeflag = false; static struct memory *curlmem; /*===========================================================================*/ static int testwpasec(long int timeout) { CURL *curl; CURLcode res = CURLE_OK; fprintf(stdout, "connecting to %s\n", wpasecurl); curl_global_init(CURL_GLOBAL_ALL); curl = curl_easy_init(); if(curl) { curl_easy_setopt(curl, CURLOPT_URL, wpasecurl); curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, timeout); curl_easy_setopt(curl, CURLOPT_NOBODY, 1L); res = curl_easy_perform(curl); if(res != CURLE_OK) fprintf(stderr, "couldn't connect to %s: %s\n", wpasecurl, curl_easy_strerror(res)); curl_easy_cleanup(curl); } curl_global_cleanup(); return res; } /*===========================================================================*/ static size_t cb(void *data, size_t size, size_t nmemb, void *userp) { char *ptr; size_t realsize = size *nmemb; curlmem = (struct memory*)userp; ptr = (char*)realloc(curlmem->response, curlmem->size +realsize +1); if(ptr == NULL) return 0; curlmem->response = ptr; memcpy(&(curlmem->response[curlmem->size]), data, realsize); curlmem->size += realsize; curlmem->response[curlmem->size] = 0; return realsize; } /*===========================================================================*/ static bool sendcap2wpasec(char *sendcapname, long int timeout, char *keyheader, char *emailheader) { CURL *curl; CURLcode res; curl_mime *mime; curl_mimepart *part; bool uploadflag = true; int ret; struct curl_slist *headerlist=NULL; static const char buf[] = "Expect:"; struct memory chunk; fprintf(stdout, "uploading %s to %s\n", sendcapname, wpasecurl); memset(&chunk, 0, sizeof(chunk)); curl_global_init(CURL_GLOBAL_ALL); curl = curl_easy_init(); mime = curl_mime_init(curl); part = curl_mime_addpart(mime); curl_mime_filedata(part, sendcapname); curl_mime_type(part, "file"); curl_mime_name(part, "file"); if(emailheader != NULL) { curl_mime_data(part, emailheader, CURL_ZERO_TERMINATED); curl_mime_name(part, "email"); } headerlist = curl_slist_append(headerlist, buf); if(curl) { curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 0L); curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, cb); curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)&chunk); curl_easy_setopt(curl, CURLOPT_URL, wpasecurl); curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, timeout); curl_easy_setopt(curl, CURLOPT_MIMEPOST, mime); if(keyheader) curl_easy_setopt(curl, CURLOPT_COOKIE, keyheader); res = curl_easy_perform(curl); if(res == CURLE_OK) { if(curlmem->response != NULL) { fprintf(stdout, "\n%s\n\n", curlmem->response); if(removeflag == true) { ret = remove(sendcapname); if(ret != 0) fprintf(stdout, "couldn't remove %s\n", sendcapname); } free(curlmem->response); } else { fprintf(stdout, "upload not confirmed by server\n"); uploadflag = false; } } else { fprintf(stderr, "\n\x1B[31mupload to %s failed: %s\x1B[0m\n\n", wpasecurl, curl_easy_strerror(res)); uploadflag = false; } curl_easy_cleanup(curl); curl_mime_free(mime); curl_slist_free_all(headerlist); } return uploadflag; } /*===========================================================================*/ __attribute__ ((noreturn)) void version(char *eigenname) { fprintf(stdout, "%s %s (C) %s ZeroBeat\n", eigenname, VERSION_TAG, VERSION_YEAR); exit(EXIT_SUCCESS); } /*---------------------------------------------------------------------------*/ __attribute__ ((noreturn)) static void usage(char *eigenname) { fprintf(stdout, "%s %s (C) %s ZeroBeat\n" "usage: %s [input.pcapng] [input.pcap] [input.cap] [input.pcapng.gz]...\n" " %s *.pcapng\n" " %s *.gz\n" " %s *.*\n" "\n" "options:\n" "-k : wpa-sec user key\n" "-u : set user defined URL\n" " default = %s\n" "-t : set connection timeout\n" " default = 30 seconds\n" "-e : set email address, if required\n" "-R : remove cap if upload was successful\n" "-h : this help\n" "-h : show version\n" "\n" "Do not merge different cap files to a single cap file.\n" "This will lead to unexpected behaviour on ESSID changes\n" "or different link layer types.\n" "To ‎remove unnecessary packets, run tshark:\n" "tshark -r input.cap -R \"(wlan.fc.type_subtype == 0x00 || wlan.fc.type_subtype == 0x02 || wlan.fc.type_subtype == 0x04 || wlan.fc.type_subtype == 0x05 || wlan.fc.type_subtype == 0x08 || eapol)\" -2 -F pcapng -w output.pcapng\n" "To reduce the size of the cap file, compress it with gzip:\n" "gzip capture.pcapng\n" "\n" "\n", eigenname, VERSION_TAG, VERSION_YEAR, eigenname, eigenname, eigenname, eigenname, wpasecurl); exit(EXIT_FAILURE); } /*===========================================================================*/ int main(int argc, char *argv[]) { struct stat statinfo; int auswahl; int index; char keyheader[4+32+1+2] = {0}; char *emailaddr = NULL; long int timeout = 30; uploadcountok = 0; uploadcountfailed = 0; setbuf(stdout, NULL); while ((auswahl = getopt(argc, argv, "k:u:t:e:Rhv")) != -1) { switch (auswahl) { case 'k': if((strlen(optarg) == 32) && (optarg[strspn(optarg, "0123456789abcdefABCDEF")] == 0)) { snprintf(keyheader, sizeof(keyheader), "key=%s", optarg); fprintf(stdout, "\x1B[32muser key set\x1B[0m\n"); } else { fprintf(stdout, "wrong user key value\n"); } break; case 'u': wpasecurl = optarg; break; case 't': timeout = strtol(optarg, NULL, 10); if(timeout < 1) { fprintf(stdout, "wrong connection timeout\nsetting connection timeout to 30 seconds\n"); timeout = 30; } break; case 'e': emailaddr = optarg; if(strlen(emailaddr) > 120) { fprintf(stderr, "email address is too long\n"); exit (EXIT_FAILURE); } break; case 'R': removeflag = true; break; case 'v': version(basename(argv[0])); break; default: usage(basename(argv[0])); } } if(testwpasec(timeout) != CURLE_OK) return EXIT_SUCCESS; for(index = optind; index < argc; index++) { if(stat(argv[index], &statinfo) == 0) { if(sendcap2wpasec(argv[index], timeout, keyheader, emailaddr) == false) { if(sendcap2wpasec(argv[index], 60, keyheader, emailaddr) == true) uploadcountok++; else uploadcountfailed++; } else uploadcountok++; } else fprintf(stdout, "file not found: %s\n", argv[index]); } if(uploadcountok == 1) fprintf(stdout, "\x1B[32m%ld cap uploaded to %s\x1B[0m\n", uploadcountok, wpasecurl); if(uploadcountok > 1) fprintf(stdout, "\x1B[32m%ld caps uploaded to %s\x1B[0m\n", uploadcountok, wpasecurl); if(uploadcountfailed == 1) fprintf(stdout, "\x1B[31m%ld cap failed to upload to %s\x1B[0m\n", uploadcountfailed, wpasecurl); if(uploadcountfailed > 1) fprintf(stdout, "\x1B[31m%ld caps failed to upload to %s\x1B[0m\n", uploadcountfailed, wpasecurl); return EXIT_SUCCESS; }