Commit 72c5249bd146b283d0a6faca077926720d6d787e - hcxtools

Update upstream source from tag 'upstream/6.2.7' Update to upstream version '6.2.7' with Debian dir cb37cacfb5d2cac6f95ebb6ba955997333d20ed7 Paulo Roberto Alves de Oliveira (aka kretcheu) 2 years ago

4 changed file(s) with 120 addition(s) and 120 deletion(s). Raw diff Collapse all Expand all

-1

Makefile less more

0	0	PRODUCTION := 1
1		PRODUCTION_VERSION := 6.2.6
	1	PRODUCTION_VERSION := 6.2.7
2	2	PRODUCTION_YEAR := 2022
3	3
4	4	ifeq ($(PRODUCTION),1)

-0

changelog less more

	0	26.04.2022
	1	==========
	2	hcxpsktool: fixed stdout bug
	3	release v6.2.7
	4
	5
0	6	22.04.2022
1	7	==========
2	8	release v6.2.6

+80

-80

hcxpcapngtool.c less more

46	46	/===========================================================================/
47	47	struct hccap_s
48	48	{
49		char essid[36];
50		unsigned char ap[6];
51		unsigned char client[6];
52		unsigned char snonce[32];
53		unsigned char anonce[32];
54		unsigned char eapol[256];
55		int eapol_size;
56		int keyver;
57		unsigned char keymic[16];
	49	char essid[36];
	50	unsigned char ap[6];
	51	unsigned char client[6];
	52	unsigned char snonce[32];
	53	unsigned char anonce[32];
	54	unsigned char eapol[256];
	55	int eapol_size;
	56	int keyver;
	57	unsigned char keymic[16];
58	58	};
59	59	typedef struct hccap_s hccap_t;
60	60	#define HCCAP_SIZE (sizeof(hccap_t))

356	356	{
357	357	static int p;
358	358
359		fprintf(stdout, "\nRAW: ");
	359	fprintf(stdout, "\nRAW: ");
360	360
361	361	for(p = 0; p < len; p++)
362	362	{

829	829	if(c == 0) fprintf(stdout, "not available due to missing radiotap header");
830	830	fprintf(stdout, "\n");
831	831
832		if((eapolwrittencount +eapolncwrittencount +eapolwrittenhcpxcountdeprecated +eapolncwrittenhcpxcountdeprecated +eapolwrittenhcpcountdeprecated
	832	if((eapolwrittencount +eapolncwrittencount +eapolwrittenhcpxcountdeprecated +eapolncwrittenhcpxcountdeprecated +eapolwrittenhcpcountdeprecated
833	833	+eapolwrittenjcountdeprecated +pmkidwrittenhcount +pmkidwrittenjcountdeprecated +pmkidwrittencountdeprecated
834	834	+eapmd5writtencount +eapmd5johnwrittencount +eapleapwrittencount +eapmschapv2writtencount +tacacspwrittencount) == 0)
835	835	{

871	871	"This could prevent to calculate a valid EAPOL MESSAGE PAIR\n"
872	872	"or to get a valid PMKID.\n");
873	873	}
874		if(ancientdumpfileformat == true)
	874	if(ancientdumpfileformat == true)
875	875	{
876	876	fprintf(stdout, "\nInformation: limited dump file format detected!\n"
877	877	"This file format is a very basic format to save captured network data.\n"

926	926	}
927	927	if(malformedcount > 5)
928	928	{
929		printf( "\nInformation: malformed packets detected!\n"
	929	printf( "\nInformation: malformed packets detected!\n"
930	930	"In monitor mode the adapter does not check to see if the cyclic redundancy check (CRC)\n"
931	931	"values are correct for packets captured. The device is able to detect the Physical Layer\n"
932	932	"Convergence Procedure (PLCP) preamble and is able to synchronize to it, but if there is\n"

986	986	wecl = strlen(pcapngweakcandidate);
987	987	if((wecl > 0) && (wecl < 64) && (strcmp(pcapngweakcandidate, "N/A") != 0))
988	988	{
989		if(fh_essid != NULL) fprintf(fh_essid, "%s\n", pcapngweakcandidate);
	989	if(fh_essid != NULL) fprintf(fh_essid, "%s\n", pcapngweakcandidate);
990	990	}
991	991	for(zeigermac = aplist; zeigermac < aplistptr; zeigermac++)
992	992	{

1226	1226	}
1227	1227	for(zeiger = tacacsplist +1; zeiger < tacacsplistptr; zeiger++)
1228	1228	{
1229		if((zeigerold->sessionid == zeiger->sessionid) && (zeigerold->sequencenr == zeiger->sequencenr) && (zeigerold->len == zeiger->len) && (memcmp(zeigerold->data, zeiger->data, zeiger->len) == 0)) continue;
	1229	if((zeigerold->sessionid == zeiger->sessionid) && (zeigerold->sequencenr == zeiger->sequencenr) && (zeigerold->len == zeiger->len) && (memcmp(zeigerold->data, zeiger->data, zeiger->len) == 0)) continue;
1230	1230	if(fh_tacacsp != NULL)
1231	1231	{
1232	1232	fprintf(fh_tacacsp, "$tacacs-plus$0$%08x$", zeiger->sessionid);

1243	1243	{
1244	1244	static uint32_t authlen;
1245	1245	static tacacsp_t *tacacsp;
1246		static tacacsplist_t *tacacsplistnew;
	1246	static tacacsplist_t *tacacsplistnew;
1247	1247
1248	1248	if(restlen < (uint32_t)TACACSP_SIZE) return;
1249	1249	tacacsp = (tacacsp_t*)tacacspptr;

1295	1295	/===========================================================================/
1296	1296	static void processptppacket(uint32_t restlen, uint8_t *ptpptr)
1297	1297	{
1298		static ptp_t *ptp;
	1298	static ptp_t *ptp;
1299	1299
1300	1300	if(restlen < (uint32_t)PTP_SIZE) return;
1301	1301	ptp = (ptp_t*)ptpptr;

1323	1323	static void processudppacket(uint64_t timestamp, uint32_t restlen, uint8_t *udpptr)
1324	1324	{
1325	1325	static udp_t *udp;
1326		static uint16_t udplen;
	1326	static uint16_t udplen;
1327	1327
1328	1328	if(restlen < UDP_SIZE) return;
1329	1329	udp = (udp_t*)udpptr;

1337	1337	/===========================================================================/
1338	1338	static void processtcppacket(uint64_t timestamp, uint32_t restlen, uint8_t *tcpptr)
1339	1339	{
1340		static uint32_t tcplen;
	1340	static uint32_t tcplen;
1341	1341	static tcp_t *tcp;
1342	1342	static tacacsp_t *tacacsp;
1343	1343

1488	1488	/===========================================================================/
1489	1489	static void addeapmschapv2hash(uint8_t id, uint8_t mschapv2usernamelen, uint8_t mschapv2username, uint8_t mschapv2request, uint8_t *mschapv2response)
1490	1490	{
1491		static eapmschapv2hashlist_t *eapmschapv2hashlistnew;
	1491	static eapmschapv2hashlist_t *eapmschapv2hashlistnew;
1492	1492
1493	1493	eapmschapv2hashcount++;
1494	1494	if(eapmschapv2hashlistptr >= eapmschapv2hashlist +eapmschapv2hashlistmax)

1582	1582	if(memcmp(zeiger->client, macfm, 6) != 0) continue;
1583	1583	zeiger->mschapv2usernamelen = mschapv2usernamelen;
1584	1584	memcpy(zeiger->mschapv2username, mschapv2usernameptr, mschapv2usernamelen);
1585		addeapmschapv2hash(eapmschapv2->id, zeiger->mschapv2usernamelen, zeiger->mschapv2username, zeiger->mschapv2request, eapmschapv2->mschapv2data);
	1585	addeapmschapv2hash(eapmschapv2->id, zeiger->mschapv2usernamelen, zeiger->mschapv2username, zeiger->mschapv2request, eapmschapv2->mschapv2data);
1586	1586	}
1587	1587	qsort(eapmschapv2msglist, EAPMSCHAPV2MSGLIST_MAX +1, EAPMSCHAPV2MSGLIST_SIZE, sort_eapmschapv2msglist_by_timestamp);
1588	1588	}

1627	1627	/===========================================================================/
1628	1628	static void addeapleaphash(uint8_t id, uint8_t leapusernamelen, uint8_t leapusername, uint8_t leaprequest, uint8_t *leapresponse)
1629	1629	{
1630		static eapleaphashlist_t *eapleaphashlistnew;
	1630	static eapleaphashlist_t *eapleaphashlistnew;
1631	1631
1632	1632	eapleaphashcount++;
1633	1633	if(eapleaphashlistptr >= eapleaphashlist +eapleaphashlistmax)

1672	1672	if(eapleap->leaplen != LEAPREQ_LEN_MAX) return;
1673	1673	if(eapleap->leaplen > eapleaplen -EAPLEAP_SIZE) return;
1674	1674	if(eapleap->leaplen == eapleaplen -EAPLEAP_SIZE) return;
1675		if(memcmp(&zeroed32, eapleap->leapdata, LEAPREQ_LEN_MAX) == 0) return;
	1675	if(memcmp(&zeroed32, eapleap->leapdata, LEAPREQ_LEN_MAX) == 0) return;
1676	1676	memset(zeiger, 0, EAPLEAPMSGLIST_SIZE);
1677	1677	zeiger->timestamp = eaptimestamp;
1678	1678	memcpy(zeiger->ap, macfm, 6);

1699	1699	zeiger = eapleapmsglist +EAPLEAPMSGLIST_MAX;
1700	1700	if(eapleap->leaplen != LEAPRESP_LEN_MAX) return;
1701	1701	if(eapleap->leaplen > eapleaplen -EAPLEAP_SIZE) return;
1702		if(memcmp(&zeroed32, eapleap->leapdata, LEAPRESP_LEN_MAX) == 0) return;
	1702	if(memcmp(&zeroed32, eapleap->leapdata, LEAPRESP_LEN_MAX) == 0) return;
1703	1703	memset(zeiger, 0, EAPLEAPMSGLIST_SIZE);
1704	1704	zeiger->timestamp = eaptimestamp;
1705	1705	memcpy(zeiger->ap, macto, 6);

1713	1713	if((zeiger->id) != eapleap->id) continue;
1714	1714	if(memcmp(zeiger->ap, macto, 6) != 0) continue;
1715	1715	if(memcmp(zeiger->client, macfm, 6) != 0) continue;
1716		addeapleaphash(eapleap->id, zeiger->leapusernamelen, zeiger->leapusername, zeiger->leaprequest, eapleap->leapdata);
	1716	addeapleaphash(eapleap->id, zeiger->leapusernamelen, zeiger->leapusername, zeiger->leaprequest, eapleap->leapdata);
1717	1717	}
1718	1718	qsort(eapleapmsglist, EAPLEAPMSGLIST_MAX +1, EAPLEAPMSGLIST_SIZE, sort_eapleapmsglist_by_timestamp);
1719	1719	}

1778	1778	/===========================================================================/
1779	1779	static void addeapmd5hash(uint8_t id, uint8_t challenge, uint8_t response)
1780	1780	{
1781		static eapmd5hashlist_t *eapmd5hashlistnew;
	1781	static eapmd5hashlist_t *eapmd5hashlistnew;
1782	1782
1783	1783	eapmd5hashcount++;
1784	1784	if(eapmd5hashlistptr >= eapmd5hashlist +eapmd5hashlistmax)

1812	1812	eapmd5len = ntohs(eapmd5->eapmd5len);
1813	1813	if(eapmd5len != restlen) return;
1814	1814	if(eapmd5->md5len != EAPMD5_LEN_MAX) return;
1815		if(memcmp(&zeroed32, eapmd5->md5data, EAPMD5_LEN_MAX) == 0) return;
	1815	if(memcmp(&zeroed32, eapmd5->md5data, EAPMD5_LEN_MAX) == 0) return;
1816	1816	if(eapcode == EAP_CODE_REQ)
1817	1817	{
1818	1818	zeiger = eapmd5msglist +EAPMD5MSGLIST_MAX;

1841	1841	if((zeiger->id) != eapmd5->id) continue;
1842	1842	if(memcmp(zeiger->ap, macto, 6) != 0) continue;
1843	1843	if(memcmp(zeiger->client, macfm, 6) != 0) continue;
1844		addeapmd5hash(eapmd5->id, zeiger->md5, eapmd5->md5data);
	1844	addeapmd5hash(eapmd5->id, zeiger->md5, eapmd5->md5data);
1845	1845	}
1846	1846	qsort(eapmd5msglist, EAPMD5MSGLIST_MAX +1, EAPMD5MSGLIST_SIZE, sort_eapmd5msglist_by_timestamp);
1847	1847	}

1885	1885	EVP_MD_CTX_free(mdctx);
1886	1886	return false;
1887	1887	}
1888		if(EVP_DigestSignInit(mdctx, NULL, EVP_sha1(), NULL, pkey) != 1)
	1888	if(EVP_DigestSignInit(mdctx, NULL, EVP_sha1(), NULL, pkey) != 1)
1889	1889	{
1890	1890	EVP_PKEY_free(pkey);
1891	1891	EVP_MD_CTX_free(mdctx);

2080	2080	EVP_MD_CTX_free(mdctx);
2081	2081	return false;
2082	2082	}
2083		if(EVP_DigestSignInit(mdctx, NULL, EVP_md5(), NULL, pkey) != 1)
	2083	if(EVP_DigestSignInit(mdctx, NULL, EVP_md5(), NULL, pkey) != 1)
2084	2084	{
2085	2085	EVP_PKEY_free(pkey);
2086	2086	EVP_MD_CTX_free(mdctx);

2294	2294	for(p = 0; p < zeigerhs->eapauthlen; p++) fprintf(fh_pmkideapol, "%02x", eapoltemp[p]);
2295	2295	fprintf(fh_pmkideapol, "*%02x\n", zeigerhs->status);
2296	2296	if(zeigerhs->rcgap == 0) eapolwrittencount++;
2297		else eapolncwrittencount++;
	2297	else eapolncwrittencount++;
2298	2298	}
2299	2299	if((fh_pmkideapoljtrdeprecated != 0) && (zeigerhs->rcgap == 0))
2300	2300	{

2467	2467	qsort(aplist, aplistptr -aplist, MACLIST_SIZE, sort_maclist_by_mac_count);
2468	2468	qsort(pmkidlist, pmkidlistptr -pmkidlist, PMKIDLIST_SIZE, sort_pmkidlist_by_mac);
2469	2469	if(ncvalue == 0) qsort(handshakelist, handshakelistptr -handshakelist, HANDSHAKELIST_SIZE, sort_handshakelist_by_timegap);
2470		else qsort(handshakelist, handshakelistptr -handshakelist, HANDSHAKELIST_SIZE, sort_handshakelist_by_rcgap);
	2470	else qsort(handshakelist, handshakelistptr -handshakelist, HANDSHAKELIST_SIZE, sort_handshakelist_by_rcgap);
2471	2471	zeigerhsakt = handshakelist;
2472	2472	zeigerpmkidakt = pmkidlist;
2473	2473	zeigermacold = aplist;

2570	2570	memcpy(zeigerold->devicename, zeiger->devicename, zeiger->devicenamelen);
2571	2571	zeigerold->devicenamelen = zeiger->devicenamelen;
2572	2572	}
2573		if(zeigerold->enrolleelen == 0)
	2573	if(zeigerold->enrolleelen == 0)
2574	2574	{
2575	2575	memcpy(zeigerold->enrollee, zeiger->enrollee, zeiger->enrolleelen);
2576	2576	zeigerold->enrolleelen = zeiger->enrolleelen;

2773	2773	static uint32_t idstrlen;
2774	2774
2775	2775	eapcount++;
2776		if(restlen < (int)EAPAUTH_SIZE) return;
	2776	if(restlen < (int)EAPAUTH_SIZE) return;
2777	2777	eapauth = (eapauth_t*)eapptr;
2778	2778	authlen = ntohs(eapauth->len);
2779	2779	if(authlen > restlen) return;

2907	2907	#endif
2908	2908	if(wpatype != VT_WPA_IE) return false;
2909	2909	zeiger->kdversion \|= KV_WPAIE;
2910		gsuiteptr = (suite_t*)ieptr;
	2910	gsuiteptr = (suite_t*)ieptr;
2911	2911	if(memcmp(gsuiteptr->oui, &ouimscorp, 3) == 0)
2912	2912	{
2913	2913	if(gsuiteptr->type == CS_WEP40) zeiger->groupcipher \|= TCS_WEP40;

2935	2935	}
2936	2936	for(c = 0; c < csuitecount; c++)
2937	2937	{
2938		csuiteptr = (suite_t*)ieptr;
	2938	csuiteptr = (suite_t*)ieptr;
2939	2939	if(memcmp(csuiteptr->oui, &ouimscorp, 3) == 0)
2940	2940	{
2941	2941	if(csuiteptr->type == CS_WEP40) zeiger->cipher \|= TCS_WEP40;

2966	2966	}
2967	2967	for(c = 0; c < asuitecount; c++)
2968	2968	{
2969		asuiteptr = (suite_t*)ieptr;
	2969	asuiteptr = (suite_t*)ieptr;
2970	2970	if(memcmp(asuiteptr->oui, &ouimscorp, 3) == 0)
2971	2971	{
2972	2972	if(asuiteptr->type == AK_PMKSA) zeiger->akm \|= TAK_PMKSA;

3033	3033	static suitecount_t *asuitecountptr;
3034	3034	static suite_t *asuiteptr;
3035	3035	static int asuitecount;
3036		static rsnpmkidlist_t *rsnpmkidlistptr;
	3036	static rsnpmkidlist_t *rsnpmkidlistptr;
3037	3037	static int rsnpmkidcount;
3038	3038
3039	3039	static const uint8_t foxtrott[4] = { 0xff, 0xff, 0xff, 0xff };

3048	3048	zeiger->kdversion \|= KV_RSNIE;
3049	3049	rsnlen -= RSNIE_SIZE;
3050	3050	ieptr += RSNIE_SIZE;
3051		gsuiteptr = (suite_t*)ieptr;
	3051	gsuiteptr = (suite_t*)ieptr;
3052	3052	if(memcmp(gsuiteptr->oui, &suiteoui, 3) == 0)
3053	3053	{
3054	3054	if(gsuiteptr->type == CS_WEP40) zeiger->groupcipher \|= TCS_WEP40;

3077	3077	}
3078	3078	for(c = 0; c < csuitecount; c++)
3079	3079	{
3080		csuiteptr = (suite_t*)ieptr;
	3080	csuiteptr = (suite_t*)ieptr;
3081	3081	if(memcmp(csuiteptr->oui, &suiteoui, 3) == 0)
3082	3082	{
3083	3083	if(csuiteptr->type == CS_WEP40) zeiger->cipher \|= TCS_WEP40;

3109	3109	}
3110	3110	for(c = 0; c < asuitecount; c++)
3111	3111	{
3112		asuiteptr = (suite_t*)ieptr;
	3112	asuiteptr = (suite_t*)ieptr;
3113	3113	if(memcmp(asuiteptr->oui, &suiteoui, 3) == 0)
3114	3114	{
3115	3115	if(asuiteptr->type == AK_PMKSA) zeiger->akm \|= TAK_PMKSA;

3132	3132	rsnlen -= RSNCAPABILITIES_SIZE;
3133	3133	ieptr += RSNCAPABILITIES_SIZE;
3134	3134	if(rsnlen <= 0) return true;
3135		rsnpmkidlistptr = (rsnpmkidlist_t*)ieptr;
	3135	rsnpmkidlistptr = (rsnpmkidlist_t*)ieptr;
3136	3136	#ifndef BIG_ENDIAN_HOST
3137	3137	rsnpmkidcount = rsnpmkidlistptr->count;
3138	3138	#else

3314	3314	return;
3315	3315	}
3316	3316	if(memcmp(&zeroed32, wpak->nonce, 32) == 0) return;
3317		if((memcmp(&fakenonce1, wpak->nonce, 32) == 0) && (rc == 17)) return;
3318		if((memcmp(&fakenonce2, wpak->nonce, 32) == 0) && (rc == 17)) return;
	3317	if((memcmp(&fakenonce1, wpak->nonce, 32) == 0) && (rc == 17)) return;
	3318	if((memcmp(&fakenonce2, wpak->nonce, 32) == 0) && (rc == 17)) return;
3319	3319	zeiger = messagelist +MESSAGELIST_MAX;
3320	3320	memset(zeiger, 0, MESSAGELIST_SIZE);
3321	3321	zeiger->timestamp = eaptimestamp;

3340	3340	if(eaptimestamp > zeiger->timestamp) eaptimegap = eaptimestamp -zeiger->timestamp;
3341	3341	else eaptimegap = zeiger->timestamp -eaptimestamp;
3342	3342	mpfield = ST_M34E4;
3343		if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap;
	3343	if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap;
3344	3344	if(eaptimegap <= eapoltimeoutvalue) addhandshake(eaptimegap, rcgap, messagelist +MESSAGELIST_MAX, zeiger, keyver, mpfield);
3345	3345	}
3346	3346	if((zeiger->message &HS_M1) != HS_M1) continue;

3360	3360	{
3361	3361	if(zeiger->rc == myaktreplaycount) continue;
3362	3362	}
3363		if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap;
	3363	if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap;
3364	3364	if(eaptimegap <= eapoltimeoutvalue) addhandshake(eaptimegap, rcgap, messagelist +MESSAGELIST_MAX, zeiger, keyver, mpfield);
3365	3365	}
3366	3366	qsort(messagelist, MESSAGELIST_MAX +1, MESSAGELIST_SIZE, sort_messagelist_by_epcount);

3475	3475	{
3476	3476	if(zeiger->rc == myaktreplaycount) continue;
3477	3477	}
3478		if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap;
	3478	if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap;
3479	3479	if(eaptimegap <= eapoltimeoutvalue) addhandshake(eaptimegap, rcgap, zeiger, messagelist +MESSAGELIST_MAX, keyver, mpfield);
3480	3480	}
3481	3481	if((zeiger->message &HS_M4) != HS_M4) continue;

3492	3492	{
3493	3493	if(zeiger->rc == myaktreplaycount) continue;
3494	3494	}
3495		if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap;
	3495	if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap;
3496	3496	if(eaptimegap <= eapoltimeoutvalue) addhandshake(eaptimegap, rcgap, zeiger, messagelist +MESSAGELIST_MAX, keyver, mpfield);
3497	3497	}
3498	3498	qsort(messagelist, MESSAGELIST_MAX +1, MESSAGELIST_SIZE, sort_messagelist_by_epcount);

3583	3583	eapolm2errorcount++;
3584	3584	return;
3585	3585	}
3586		if((memcmp(&fakenonce1, wpak->nonce, 32) == 0) && (rc == 17)) return;
3587		if((memcmp(&fakenonce2, wpak->nonce, 32) == 0) && (rc == 17)) return;
	3586	if((memcmp(&fakenonce1, wpak->nonce, 32) == 0) && (rc == 17)) return;
	3587	if((memcmp(&fakenonce2, wpak->nonce, 32) == 0) && (rc == 17)) return;
3588	3588	zeiger = messagelist +MESSAGELIST_MAX;
3589	3589	memset(zeiger, 0, MESSAGELIST_SIZE);
3590	3590	zeiger->timestamp = eaptimestamp;

3636	3636	}
3637	3637	if(rcgap != 0) continue;
3638	3638	}
3639		if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap;
	3639	if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap;
3640	3640	if(eaptimegap <= eapoltimeoutvalue) addhandshake(eaptimegap, rcgap, messagelist +MESSAGELIST_MAX, zeiger, keyver, mpfield);
3641	3641	}
3642	3642	if((zeiger->message &HS_M3) != HS_M3) continue;

3661	3661	}
3662	3662	if(rcgap != 0) continue;
3663	3663	}
3664		if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap;
	3664	if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap;
3665	3665	if(eaptimegap <= eapoltimeoutvalue) addhandshake(eaptimegap, rcgap, messagelist +MESSAGELIST_MAX, zeiger, keyver, mpfield);
3666	3666	}
3667	3667	qsort(messagelist, MESSAGELIST_MAX +1, MESSAGELIST_SIZE, sort_messagelist_by_epcount);

3718	3718	eapolm1errorcount++;
3719	3719	return;
3720	3720	}
3721		if((memcmp(&fakenonce1, wpak->nonce, 32) == 0) && (rc == 17)) return;
3722		if((memcmp(&fakenonce2, wpak->nonce, 32) == 0) && (rc == 17)) return;
	3721	if((memcmp(&fakenonce1, wpak->nonce, 32) == 0) && (rc == 17)) return;
	3722	if((memcmp(&fakenonce2, wpak->nonce, 32) == 0) && (rc == 17)) return;
3723	3723	zeiger = messagelist +MESSAGELIST_MAX;
3724	3724	memset(zeiger, 0, MESSAGELIST_SIZE);
3725	3725	zeiger->timestamp = eaptimestamp;

3730	3730	zeiger->rc = rc;
3731	3731	memcpy(zeiger->nonce, wpak->nonce, 32);
3732	3732
3733		if((zeiger->rc == myaktreplaycount) && (memcmp(&myaktanonce, zeiger->nonce, 32) == 0))
	3733	if((zeiger->rc == myaktreplaycount) && (memcmp(&myaktanonce, zeiger->nonce, 32) == 0))
3734	3734	{
3735	3735	zeiger->status \|= ST_APLESS;
3736	3736	eapolm1ancount++;

3848	3848	static eapauth_t *eapauth;
3849	3849
3850	3850	eapauth = (eapauth_t*)eapptr;
3851		if(restlen < (int)EAPAUTH_SIZE) return;
	3851	if(restlen < (int)EAPAUTH_SIZE) return;
3852	3852	if(eapauth->type == EAPOL_KEY)
3853	3853	{
3854	3854	process80211eapol(eaptimestamp, macto, macfm, macsrc, restlen, eapptr);

3910	3910	memcpy(zeiger->devicename, aplistptr->devicename, aplistptr->devicenamelen);
3911	3911	zeiger->devicenamelen = aplistptr->devicenamelen;
3912	3912	}
3913		if(zeiger->enrolleelen == 0)
	3913	if(zeiger->enrolleelen == 0)
3914	3914	{
3915	3915	memcpy(zeiger->enrollee, aplistptr->enrollee, aplistptr->enrolleelen);
3916	3916	zeiger->enrolleelen = aplistptr->enrolleelen;

3967	3967	}
3968	3968	else if((tags.akm &TAK_FT_PSK) == TAK_FT_PSK) reassociationrequestftpskcount++;
3969	3969
3970		if((tags.akm &TAK_PSK) == TAK_PSK) reassociationrequestpskcount++;
3971		else if((tags.akm &TAK_FT_PSK) == TAK_FT_PSK) reassociationrequestftpskcount++;
3972		else if((tags.akm &TAK_PSKSHA256) == TAK_PSKSHA256) reassociationrequestpsk256count++;
3973		else if((tags.akm &TAK_SAE_SHA256) == TAK_SAE_SHA256) reassociationrequestsae256count++;
3974		else if((tags.akm &TAK_SAE_SHA384B) == TAK_SAE_SHA384B) reassociationrequestsae384bcount++;
3975		else if((tags.akm &TAK_OWE) == TAK_OWE) reassociationrequestowecount++;
	3970	if((tags.akm &TAK_PSK) == TAK_PSK) reassociationrequestpskcount++;
	3971	else if((tags.akm &TAK_FT_PSK) == TAK_FT_PSK) reassociationrequestftpskcount++;
	3972	else if((tags.akm &TAK_PSKSHA256) == TAK_PSKSHA256) reassociationrequestpsk256count++;
	3973	else if((tags.akm &TAK_SAE_SHA256) == TAK_SAE_SHA256) reassociationrequestsae256count++;
	3974	else if((tags.akm &TAK_SAE_SHA384B) == TAK_SAE_SHA384B) reassociationrequestsae384bcount++;
	3975	else if((tags.akm &TAK_OWE) == TAK_OWE) reassociationrequestowecount++;
3976	3976	if(cleanbackmac() == false) aplistptr++;
3977	3977	if(aplistptr >= aplist +maclistmax)
3978	3978	{

4048	4048	if(memcmp(&zeroed32, tags.pmkid, 16) != 0) addpmkid(macclient, macap, tags.pmkid);
4049	4049	}
4050	4050	if((tags.akm &TAK_PSK) == TAK_PSK) associationrequestpskcount++;
4051		else if((tags.akm &TAK_FT_PSK) == TAK_FT_PSK) associationrequestftpskcount++;
4052		else if((tags.akm &TAK_PSKSHA256) == TAK_PSKSHA256) associationrequestpsk256count++;
4053		else if((tags.akm &TAK_SAE_SHA256) == TAK_SAE_SHA256) associationrequestsae256count++;
4054		else if((tags.akm &TAK_SAE_SHA384B) == TAK_SAE_SHA384B) associationrequestsae384bcount++;
4055		else if((tags.akm &TAK_OWE) == TAK_OWE) associationrequestowecount++;
	4051	else if((tags.akm &TAK_FT_PSK) == TAK_FT_PSK) associationrequestftpskcount++;
	4052	else if((tags.akm &TAK_PSKSHA256) == TAK_PSKSHA256) associationrequestpsk256count++;
	4053	else if((tags.akm &TAK_SAE_SHA256) == TAK_SAE_SHA256) associationrequestsae256count++;
	4054	else if((tags.akm &TAK_SAE_SHA384B) == TAK_SAE_SHA384B) associationrequestsae384bcount++;
	4055	else if((tags.akm &TAK_OWE) == TAK_OWE) associationrequestowecount++;
4056	4056	if(cleanbackmac() == false) aplistptr++;
4057	4057	if(aplistptr >= aplist +maclistmax)
4058	4058	{

4164	4164
4165	4165	proberequestcount++;
4166	4166	if(proberequestlen < (int)IETAG_SIZE) return;
4167		if(gettags(proberequestlen, proberequestptr, &tags) == false) return;
	4167	if(gettags(proberequestlen, proberequestptr, &tags) == false) return;
4168	4168	if(tags.essidlen == 0) return;
4169	4169	if(tags.essid[0] == 0) return;
4170	4170	if(aplistptr >= aplist +maclistmax)

4383	4383	packetlen -= (int)ACTIONMEASUREMENTFRAME_SIZE;
4384	4384	packetptr += (int)ACTIONMEASUREMENTFRAME_SIZE;
4385	4385	if(packetlen < (int)IETAG_SIZE) return;
4386		if(gettags(packetlen, packetptr, &tags) == false) return;
	4386	if(gettags(packetlen, packetptr, &tags) == false) return;
4387	4387	if(tags.essidlen == 0) return;
4388	4388	if(tags.essid[0] == 0) return;
4389	4389	if(aplistptr >= aplist +maclistmax)

4574	4574	if((rth->it_present & IEEE80211_RADIOTAP_CHANNEL) == IEEE80211_RADIOTAP_CHANNEL)
4575	4575	{
4576	4576	if(pf > caplen) return;
4577		if((pf %2) != 0) pf += 1;
	4577	if((pf %2) != 0) pf += 1;
4578	4578	frequency = (capptr[pf +1] << 8) + capptr[pf];
4579	4579	usedfrequency[frequency] += 1;
4580	4580	if((frequency >= 2407) && (frequency <= 2474))

4582	4582	interfacechannel = (frequency -2407)/5;
4583	4583	band24count++;
4584	4584	}
4585		else if((frequency >= 2481) && (frequency <= 2487))
	4585	else if((frequency >= 2481) && (frequency <= 2487))
4586	4586	{
4587	4587	interfacechannel = (frequency -2412)/5;
4588	4588	band24count++;

4599	4599	}
4600	4600	pf += 4;
4601	4601	}
4602		if((rth->it_present & IEEE80211_RADIOTAP_FHSS) == IEEE80211_RADIOTAP_FHSS)
4603		{
4604		if((pf %2) != 0) pf += 1;
	4602	if((rth->it_present & IEEE80211_RADIOTAP_FHSS) == IEEE80211_RADIOTAP_FHSS)
	4603	{
	4604	if((pf %2) != 0) pf += 1;
4605	4605	pf += 2;
4606	4606	}
4607	4607	if((rth->it_present & IEEE80211_RADIOTAP_DBM_ANTSIGNAL) == IEEE80211_RADIOTAP_DBM_ANTSIGNAL)

4893	4893	{
4894	4894	pcapreaderrors++;
4895	4895	fprintf(stdout, "detected oversized snaplen (%d)\n", pcapfhdr.snaplen);
4896		if(fh_log != NULL) fprintf(fh_log, "detected oversized snaplen (%d): %d\n", pcapfhdr.snaplen, pcapfhdr.version_minor);
	4896	if(fh_log != NULL) fprintf(fh_log, "detected oversized snaplen (%d): %d\n", pcapfhdr.snaplen, pcapfhdr.version_minor);
4897	4897	}
4898	4898
4899	4899	while(1)

4961	4961	fprintf(stdout, "\nsummary capture file\n"
4962	4962	"--------------------\n"
4963	4963	"file name................................: %s\n"
4964		"version (pcap/cap).......................: %d.%d (very basic format without any additional information)\n"
	4964	"version (pcap/cap).......................: %d.%d (very basic format without any additional information)\n"
4965	4965	, basename(pcaporgname), versionmajor, versionminor
4966	4966	);
4967	4967

4999	4999	if(option->option_code == SHB_EOC) return 0;
5000	5000	padding = 0;
5001	5001	if(option->option_length > OPTIONLEN_MAX) return option->option_length;
5002		if((option->option_length %4)) padding = 4 -(option->option_length %4);
	5002	if((option->option_length %4)) padding = 4 -(option->option_length %4);
5003	5003	if(option->option_code == SHB_HARDWARE)
5004	5004	{
5005	5005	if(option->option_length < OPTIONLEN_MAX)

5196	5196	}
5197	5197	pcapngbh = (block_header_t*)pcpngblock;
5198	5198	blocktype = pcapngbh->block_type;
5199		blocklen = pcapngbh->total_length;
	5199	blocklen = pcapngbh->total_length;
5200	5200	blockmagic = pcapngbh->byte_order_magic;
5201	5201	#ifdef BIG_ENDIAN_HOST
5202	5202	blocktype = byte_swap_32(blocktype);

5431	5431	"weak candidate...........................: %s\n"
5432	5432	"MAC ACCESS POINT.........................: %02x%02x%02x%02x%02x%02x (incremented on every new client)\n"
5433	5433	"MAC CLIENT...............................: %02x%02x%02x%02x%02x%02x\n"
5434		"REPLAYCOUNT..............................: %" PRIu64 "\n"
	5434	"REPLAYCOUNT..............................: %" PRIu64 "\n"
5435	5435	"ANONCE...................................: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n"
5436	5436	"SNONCE...................................: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n"
5437	5437	, basename(pcaporgname), versionmajor, versionminor,

+33

-39

hcxpsktool.c less more

751	751
752	752	static const char *word[] =
753	753	{
754		"amaranth", "amber", "amethyst", "apricot", "aqua", "aquamarine", "azure",
755		"baby", "beige", "brick", "black", "blue", "blush", "bronze", "brown",
756		"burgundy", "byzantium",
757		"carmine", "cerise", "cerulean", "champagne", "chartreuse", "chestnut", "chocolate", "cobalt",
758		"coffee", "copper", "cordovan", "coral", "crimson", "cyan",
759		"desert",
760		"electric", "emerald", "erin",
761		"garnet", "gold", "gray", "green",
762		"harlequin",
763		"indigo", "ivory",
764		"jade", "jungle",
765		"lavender", "lemon", "lilac", "lime",
766		"magenta", "maroon", "mauve",
767		"navy",
768		"ochre", "olive", "orange", "orchid",
769		"peach", "pear", "periwinkle", "persian", "pink", "plum", "prussian", "puce",
770		"purple",
771		"raspberry", "red", "rose", "ruby",
772		"sage", "salmon", "sangria", "sapphire", "scarlet", "sepia", "silver", "slate",
773		"spring",
774		"tan", "taupe", "teal", "turquoise",
775		"ultramarine",
776		"violet", "viridian",
777		"white",
778		"yellow"
	754	"amber", "aqua",
	755	"brick", "bronze", "burgundy",
	756	"chestnut", "cobalt", "copper", "coral", "cordovan", "crimson", "cyan",
	757	"emerald",
	758	"garnet", "gold", "green", "grey",
	759	"indigo",
	760	"lavender", "lemon",
	761	"magenta",
	762	"olive", "orchid",
	763	"peach", "periwinkle", "pewter", "plum", "purple",
	764	"rose",
	765	"sage", "sepia", "silver",
	766	"teal", "turquoise"
779	767	};
780	768
781	769	for (w = 0; w < (sizeof(word) / sizeof(char *)); w++ )

784	772	{
785	773	for (j = 0; j < 10000; j++)
786	774	{
787		// 2-2
	775	// 2-2 test
	776	/*
788	777	if (i < 100 && j < 100)
789	778	{
790	779	fprintf(fhout, "%s-%02d-%02d\n", word[w], i, j);
	780	fprintf(fhout, "%02d-%s-%02d\n", i, word[w], j);
	781	fprintf(fhout, "%02d-%02d-%s\n", i, j, word[w]);
791	782	}
792		// 2-3
	783	*/
	784	// 2-3 test
	785	/*
793	786	if (i < 100 && j < 1000)
794	787	{
795	788	fprintf(fhout, "%s-%02d-%03d\n", word[w], i, j);
796		/*
797		fprintf(fhout, "%02d-%s-%03d\n", i, word[w], j); // test
798		fprintf(fhout, "%02d-%03d-%s\n", i, j, word[w]); // test
799		*/
	789	fprintf(fhout, "%02d-%s-%03d\n", i, word[w], j);
	790	fprintf(fhout, "%02d-%03d-%s\n", i, j, word[w]);
800	791	}
	792	*/
801	793	// 2-4
802	794	if (i < 100 && j < 10000)
803	795	{
804		fprintf(fhout, "%s-%02d-%04d\n", word[w], i, j);
	796	//fprintf(fhout, "%s-%02d-%04d\n", word[w], i, j); // test
805	797	fprintf(fhout, "%02d-%s-%04d\n", i, word[w], j);
806		fprintf(fhout, "%02d-%04d-%s\n", i, j, word[w]);
	798	//fprintf(fhout, "%02d-%04d-%s\n", i, j, word[w]); // test
807	799	}
808	800	// 3-2 test
809	801	/*

826	818	{
827	819	fprintf(fhout, "%s-%04d-%02d\n", word[w], i, j);
828	820	fprintf(fhout, "%04d-%s-%02d\n", i, word[w], j);
829		fprintf(fhout, "%04d-%02d-%s\n", i, j, word[w]);
	821	//fprintf(fhout, "%04d-%02d-%s\n", i, j, word[w]); // test
830	822	}
831	823	}
832	824

2062	2054	{
2063	2055	for(k6 = 0; k6 <= 0x0f; k6++)
2064	2056	{
2065		for(k7 = 0; k7 < 100; k7++)
2066		{
2067		fprintf(fhout, "%c%d%c%02d%02d%02d%02d%d%02d%02d\n", k1, k2, k3, k4, hextable[k5], hextable[k6], k7, k2, k8, k9);
2068		}
	2057	for(k7 = 0; k7 < 100; k7++) fprintf(fhout, "%c%d%c%02d%02d%02d%02d%d%02d%02d\n", k1, k2, k3, k4, hextable[k5], hextable[k6], k7, k2, k8, k9);
2069	2058	}
2070	2059	}
2071	2060	}

2255	2244	pin = (macaddr & 0xffffff) % 10000000;
2256	2245	pin = ((pin * 10) + wpspinchecksum(pin));
2257	2246	fprintf(fhout, "%08d\n", pin);
	2247
	2248	pin = (((macaddr >> 24) &0xff) 256 256) +(((macaddr >> 16) &0xff) *256) + ((macaddr >> 8) &0xff);
	2249	pin = pin % 10000000;
	2250	pin = ((pin * 10) + wpspinchecksum(pin));
	2251	fprintf(fhout, "%08d\n", pin);
2258	2252	return;
2259	2253	}
2260	2254	/===========================================================================/

2343	2337	static int me;
2344	2338	static char pskstring[PSKSTRING_LEN_MAX] = {};
2345	2339
2346		fprintf(stdout, "%012llX\n", macaddr &0xffffffffff);
	2340	fprintf(fhout, "%012llX\n", macaddr &0xffffffffff);
2347	2341
2348	2342	nici = ~macaddr &0xffffff;
2349	2343	fprintf(fhout, "wlan%06x\n", nici);