46 | 46 |
/*===========================================================================*/
|
47 | 47 |
struct hccap_s
|
48 | 48 |
{
|
49 | |
char essid[36];
|
50 | |
unsigned char ap[6];
|
51 | |
unsigned char client[6];
|
52 | |
unsigned char snonce[32];
|
53 | |
unsigned char anonce[32];
|
54 | |
unsigned char eapol[256];
|
55 | |
int eapol_size;
|
56 | |
int keyver;
|
57 | |
unsigned char keymic[16];
|
|
49 |
char essid[36];
|
|
50 |
unsigned char ap[6];
|
|
51 |
unsigned char client[6];
|
|
52 |
unsigned char snonce[32];
|
|
53 |
unsigned char anonce[32];
|
|
54 |
unsigned char eapol[256];
|
|
55 |
int eapol_size;
|
|
56 |
int keyver;
|
|
57 |
unsigned char keymic[16];
|
58 | 58 |
};
|
59 | 59 |
typedef struct hccap_s hccap_t;
|
60 | 60 |
#define HCCAP_SIZE (sizeof(hccap_t))
|
|
356 | 356 |
{
|
357 | 357 |
static int p;
|
358 | 358 |
|
359 | |
fprintf(stdout, "\nRAW: ");
|
|
359 |
fprintf(stdout, "\nRAW: ");
|
360 | 360 |
|
361 | 361 |
for(p = 0; p < len; p++)
|
362 | 362 |
{
|
|
829 | 829 |
if(c == 0) fprintf(stdout, "not available due to missing radiotap header");
|
830 | 830 |
fprintf(stdout, "\n");
|
831 | 831 |
|
832 | |
if((eapolwrittencount +eapolncwrittencount +eapolwrittenhcpxcountdeprecated +eapolncwrittenhcpxcountdeprecated +eapolwrittenhcpcountdeprecated
|
|
832 |
if((eapolwrittencount +eapolncwrittencount +eapolwrittenhcpxcountdeprecated +eapolncwrittenhcpxcountdeprecated +eapolwrittenhcpcountdeprecated
|
833 | 833 |
+eapolwrittenjcountdeprecated +pmkidwrittenhcount +pmkidwrittenjcountdeprecated +pmkidwrittencountdeprecated
|
834 | 834 |
+eapmd5writtencount +eapmd5johnwrittencount +eapleapwrittencount +eapmschapv2writtencount +tacacspwrittencount) == 0)
|
835 | 835 |
{
|
|
871 | 871 |
"This could prevent to calculate a valid EAPOL MESSAGE PAIR\n"
|
872 | 872 |
"or to get a valid PMKID.\n");
|
873 | 873 |
}
|
874 | |
if(ancientdumpfileformat == true)
|
|
874 |
if(ancientdumpfileformat == true)
|
875 | 875 |
{
|
876 | 876 |
fprintf(stdout, "\nInformation: limited dump file format detected!\n"
|
877 | 877 |
"This file format is a very basic format to save captured network data.\n"
|
|
926 | 926 |
}
|
927 | 927 |
if(malformedcount > 5)
|
928 | 928 |
{
|
929 | |
printf( "\nInformation: malformed packets detected!\n"
|
|
929 |
printf( "\nInformation: malformed packets detected!\n"
|
930 | 930 |
"In monitor mode the adapter does not check to see if the cyclic redundancy check (CRC)\n"
|
931 | 931 |
"values are correct for packets captured. The device is able to detect the Physical Layer\n"
|
932 | 932 |
"Convergence Procedure (PLCP) preamble and is able to synchronize to it, but if there is\n"
|
|
986 | 986 |
wecl = strlen(pcapngweakcandidate);
|
987 | 987 |
if((wecl > 0) && (wecl < 64) && (strcmp(pcapngweakcandidate, "N/A") != 0))
|
988 | 988 |
{
|
989 | |
if(fh_essid != NULL) fprintf(fh_essid, "%s\n", pcapngweakcandidate);
|
|
989 |
if(fh_essid != NULL) fprintf(fh_essid, "%s\n", pcapngweakcandidate);
|
990 | 990 |
}
|
991 | 991 |
for(zeigermac = aplist; zeigermac < aplistptr; zeigermac++)
|
992 | 992 |
{
|
|
1226 | 1226 |
}
|
1227 | 1227 |
for(zeiger = tacacsplist +1; zeiger < tacacsplistptr; zeiger++)
|
1228 | 1228 |
{
|
1229 | |
if((zeigerold->sessionid == zeiger->sessionid) && (zeigerold->sequencenr == zeiger->sequencenr) && (zeigerold->len == zeiger->len) && (memcmp(zeigerold->data, zeiger->data, zeiger->len) == 0)) continue;
|
|
1229 |
if((zeigerold->sessionid == zeiger->sessionid) && (zeigerold->sequencenr == zeiger->sequencenr) && (zeigerold->len == zeiger->len) && (memcmp(zeigerold->data, zeiger->data, zeiger->len) == 0)) continue;
|
1230 | 1230 |
if(fh_tacacsp != NULL)
|
1231 | 1231 |
{
|
1232 | 1232 |
fprintf(fh_tacacsp, "$tacacs-plus$0$%08x$", zeiger->sessionid);
|
|
1243 | 1243 |
{
|
1244 | 1244 |
static uint32_t authlen;
|
1245 | 1245 |
static tacacsp_t *tacacsp;
|
1246 | |
static tacacsplist_t *tacacsplistnew;
|
|
1246 |
static tacacsplist_t *tacacsplistnew;
|
1247 | 1247 |
|
1248 | 1248 |
if(restlen < (uint32_t)TACACSP_SIZE) return;
|
1249 | 1249 |
tacacsp = (tacacsp_t*)tacacspptr;
|
|
1295 | 1295 |
/*===========================================================================*/
|
1296 | 1296 |
static void processptppacket(uint32_t restlen, uint8_t *ptpptr)
|
1297 | 1297 |
{
|
1298 | |
static ptp_t *ptp;
|
|
1298 |
static ptp_t *ptp;
|
1299 | 1299 |
|
1300 | 1300 |
if(restlen < (uint32_t)PTP_SIZE) return;
|
1301 | 1301 |
ptp = (ptp_t*)ptpptr;
|
|
1323 | 1323 |
static void processudppacket(uint64_t timestamp, uint32_t restlen, uint8_t *udpptr)
|
1324 | 1324 |
{
|
1325 | 1325 |
static udp_t *udp;
|
1326 | |
static uint16_t udplen;
|
|
1326 |
static uint16_t udplen;
|
1327 | 1327 |
|
1328 | 1328 |
if(restlen < UDP_SIZE) return;
|
1329 | 1329 |
udp = (udp_t*)udpptr;
|
|
1337 | 1337 |
/*===========================================================================*/
|
1338 | 1338 |
static void processtcppacket(uint64_t timestamp, uint32_t restlen, uint8_t *tcpptr)
|
1339 | 1339 |
{
|
1340 | |
static uint32_t tcplen;
|
|
1340 |
static uint32_t tcplen;
|
1341 | 1341 |
static tcp_t *tcp;
|
1342 | 1342 |
static tacacsp_t *tacacsp;
|
1343 | 1343 |
|
|
1488 | 1488 |
/*===========================================================================*/
|
1489 | 1489 |
static void addeapmschapv2hash(uint8_t id, uint8_t mschapv2usernamelen, uint8_t *mschapv2username, uint8_t *mschapv2request, uint8_t *mschapv2response)
|
1490 | 1490 |
{
|
1491 | |
static eapmschapv2hashlist_t *eapmschapv2hashlistnew;
|
|
1491 |
static eapmschapv2hashlist_t *eapmschapv2hashlistnew;
|
1492 | 1492 |
|
1493 | 1493 |
eapmschapv2hashcount++;
|
1494 | 1494 |
if(eapmschapv2hashlistptr >= eapmschapv2hashlist +eapmschapv2hashlistmax)
|
|
1582 | 1582 |
if(memcmp(zeiger->client, macfm, 6) != 0) continue;
|
1583 | 1583 |
zeiger->mschapv2usernamelen = mschapv2usernamelen;
|
1584 | 1584 |
memcpy(zeiger->mschapv2username, mschapv2usernameptr, mschapv2usernamelen);
|
1585 | |
addeapmschapv2hash(eapmschapv2->id, zeiger->mschapv2usernamelen, zeiger->mschapv2username, zeiger->mschapv2request, eapmschapv2->mschapv2data);
|
|
1585 |
addeapmschapv2hash(eapmschapv2->id, zeiger->mschapv2usernamelen, zeiger->mschapv2username, zeiger->mschapv2request, eapmschapv2->mschapv2data);
|
1586 | 1586 |
}
|
1587 | 1587 |
qsort(eapmschapv2msglist, EAPMSCHAPV2MSGLIST_MAX +1, EAPMSCHAPV2MSGLIST_SIZE, sort_eapmschapv2msglist_by_timestamp);
|
1588 | 1588 |
}
|
|
1627 | 1627 |
/*===========================================================================*/
|
1628 | 1628 |
static void addeapleaphash(uint8_t id, uint8_t leapusernamelen, uint8_t *leapusername, uint8_t *leaprequest, uint8_t *leapresponse)
|
1629 | 1629 |
{
|
1630 | |
static eapleaphashlist_t *eapleaphashlistnew;
|
|
1630 |
static eapleaphashlist_t *eapleaphashlistnew;
|
1631 | 1631 |
|
1632 | 1632 |
eapleaphashcount++;
|
1633 | 1633 |
if(eapleaphashlistptr >= eapleaphashlist +eapleaphashlistmax)
|
|
1672 | 1672 |
if(eapleap->leaplen != LEAPREQ_LEN_MAX) return;
|
1673 | 1673 |
if(eapleap->leaplen > eapleaplen -EAPLEAP_SIZE) return;
|
1674 | 1674 |
if(eapleap->leaplen == eapleaplen -EAPLEAP_SIZE) return;
|
1675 | |
if(memcmp(&zeroed32, eapleap->leapdata, LEAPREQ_LEN_MAX) == 0) return;
|
|
1675 |
if(memcmp(&zeroed32, eapleap->leapdata, LEAPREQ_LEN_MAX) == 0) return;
|
1676 | 1676 |
memset(zeiger, 0, EAPLEAPMSGLIST_SIZE);
|
1677 | 1677 |
zeiger->timestamp = eaptimestamp;
|
1678 | 1678 |
memcpy(zeiger->ap, macfm, 6);
|
|
1699 | 1699 |
zeiger = eapleapmsglist +EAPLEAPMSGLIST_MAX;
|
1700 | 1700 |
if(eapleap->leaplen != LEAPRESP_LEN_MAX) return;
|
1701 | 1701 |
if(eapleap->leaplen > eapleaplen -EAPLEAP_SIZE) return;
|
1702 | |
if(memcmp(&zeroed32, eapleap->leapdata, LEAPRESP_LEN_MAX) == 0) return;
|
|
1702 |
if(memcmp(&zeroed32, eapleap->leapdata, LEAPRESP_LEN_MAX) == 0) return;
|
1703 | 1703 |
memset(zeiger, 0, EAPLEAPMSGLIST_SIZE);
|
1704 | 1704 |
zeiger->timestamp = eaptimestamp;
|
1705 | 1705 |
memcpy(zeiger->ap, macto, 6);
|
|
1713 | 1713 |
if((zeiger->id) != eapleap->id) continue;
|
1714 | 1714 |
if(memcmp(zeiger->ap, macto, 6) != 0) continue;
|
1715 | 1715 |
if(memcmp(zeiger->client, macfm, 6) != 0) continue;
|
1716 | |
addeapleaphash(eapleap->id, zeiger->leapusernamelen, zeiger->leapusername, zeiger->leaprequest, eapleap->leapdata);
|
|
1716 |
addeapleaphash(eapleap->id, zeiger->leapusernamelen, zeiger->leapusername, zeiger->leaprequest, eapleap->leapdata);
|
1717 | 1717 |
}
|
1718 | 1718 |
qsort(eapleapmsglist, EAPLEAPMSGLIST_MAX +1, EAPLEAPMSGLIST_SIZE, sort_eapleapmsglist_by_timestamp);
|
1719 | 1719 |
}
|
|
1778 | 1778 |
/*===========================================================================*/
|
1779 | 1779 |
static void addeapmd5hash(uint8_t id, uint8_t *challenge, uint8_t *response)
|
1780 | 1780 |
{
|
1781 | |
static eapmd5hashlist_t *eapmd5hashlistnew;
|
|
1781 |
static eapmd5hashlist_t *eapmd5hashlistnew;
|
1782 | 1782 |
|
1783 | 1783 |
eapmd5hashcount++;
|
1784 | 1784 |
if(eapmd5hashlistptr >= eapmd5hashlist +eapmd5hashlistmax)
|
|
1812 | 1812 |
eapmd5len = ntohs(eapmd5->eapmd5len);
|
1813 | 1813 |
if(eapmd5len != restlen) return;
|
1814 | 1814 |
if(eapmd5->md5len != EAPMD5_LEN_MAX) return;
|
1815 | |
if(memcmp(&zeroed32, eapmd5->md5data, EAPMD5_LEN_MAX) == 0) return;
|
|
1815 |
if(memcmp(&zeroed32, eapmd5->md5data, EAPMD5_LEN_MAX) == 0) return;
|
1816 | 1816 |
if(eapcode == EAP_CODE_REQ)
|
1817 | 1817 |
{
|
1818 | 1818 |
zeiger = eapmd5msglist +EAPMD5MSGLIST_MAX;
|
|
1841 | 1841 |
if((zeiger->id) != eapmd5->id) continue;
|
1842 | 1842 |
if(memcmp(zeiger->ap, macto, 6) != 0) continue;
|
1843 | 1843 |
if(memcmp(zeiger->client, macfm, 6) != 0) continue;
|
1844 | |
addeapmd5hash(eapmd5->id, zeiger->md5, eapmd5->md5data);
|
|
1844 |
addeapmd5hash(eapmd5->id, zeiger->md5, eapmd5->md5data);
|
1845 | 1845 |
}
|
1846 | 1846 |
qsort(eapmd5msglist, EAPMD5MSGLIST_MAX +1, EAPMD5MSGLIST_SIZE, sort_eapmd5msglist_by_timestamp);
|
1847 | 1847 |
}
|
|
1885 | 1885 |
EVP_MD_CTX_free(mdctx);
|
1886 | 1886 |
return false;
|
1887 | 1887 |
}
|
1888 | |
if(EVP_DigestSignInit(mdctx, NULL, EVP_sha1(), NULL, pkey) != 1)
|
|
1888 |
if(EVP_DigestSignInit(mdctx, NULL, EVP_sha1(), NULL, pkey) != 1)
|
1889 | 1889 |
{
|
1890 | 1890 |
EVP_PKEY_free(pkey);
|
1891 | 1891 |
EVP_MD_CTX_free(mdctx);
|
|
2080 | 2080 |
EVP_MD_CTX_free(mdctx);
|
2081 | 2081 |
return false;
|
2082 | 2082 |
}
|
2083 | |
if(EVP_DigestSignInit(mdctx, NULL, EVP_md5(), NULL, pkey) != 1)
|
|
2083 |
if(EVP_DigestSignInit(mdctx, NULL, EVP_md5(), NULL, pkey) != 1)
|
2084 | 2084 |
{
|
2085 | 2085 |
EVP_PKEY_free(pkey);
|
2086 | 2086 |
EVP_MD_CTX_free(mdctx);
|
|
2294 | 2294 |
for(p = 0; p < zeigerhs->eapauthlen; p++) fprintf(fh_pmkideapol, "%02x", eapoltemp[p]);
|
2295 | 2295 |
fprintf(fh_pmkideapol, "*%02x\n", zeigerhs->status);
|
2296 | 2296 |
if(zeigerhs->rcgap == 0) eapolwrittencount++;
|
2297 | |
else eapolncwrittencount++;
|
|
2297 |
else eapolncwrittencount++;
|
2298 | 2298 |
}
|
2299 | 2299 |
if((fh_pmkideapoljtrdeprecated != 0) && (zeigerhs->rcgap == 0))
|
2300 | 2300 |
{
|
|
2467 | 2467 |
qsort(aplist, aplistptr -aplist, MACLIST_SIZE, sort_maclist_by_mac_count);
|
2468 | 2468 |
qsort(pmkidlist, pmkidlistptr -pmkidlist, PMKIDLIST_SIZE, sort_pmkidlist_by_mac);
|
2469 | 2469 |
if(ncvalue == 0) qsort(handshakelist, handshakelistptr -handshakelist, HANDSHAKELIST_SIZE, sort_handshakelist_by_timegap);
|
2470 | |
else qsort(handshakelist, handshakelistptr -handshakelist, HANDSHAKELIST_SIZE, sort_handshakelist_by_rcgap);
|
|
2470 |
else qsort(handshakelist, handshakelistptr -handshakelist, HANDSHAKELIST_SIZE, sort_handshakelist_by_rcgap);
|
2471 | 2471 |
zeigerhsakt = handshakelist;
|
2472 | 2472 |
zeigerpmkidakt = pmkidlist;
|
2473 | 2473 |
zeigermacold = aplist;
|
|
2570 | 2570 |
memcpy(zeigerold->devicename, zeiger->devicename, zeiger->devicenamelen);
|
2571 | 2571 |
zeigerold->devicenamelen = zeiger->devicenamelen;
|
2572 | 2572 |
}
|
2573 | |
if(zeigerold->enrolleelen == 0)
|
|
2573 |
if(zeigerold->enrolleelen == 0)
|
2574 | 2574 |
{
|
2575 | 2575 |
memcpy(zeigerold->enrollee, zeiger->enrollee, zeiger->enrolleelen);
|
2576 | 2576 |
zeigerold->enrolleelen = zeiger->enrolleelen;
|
|
2773 | 2773 |
static uint32_t idstrlen;
|
2774 | 2774 |
|
2775 | 2775 |
eapcount++;
|
2776 | |
if(restlen < (int)EAPAUTH_SIZE) return;
|
|
2776 |
if(restlen < (int)EAPAUTH_SIZE) return;
|
2777 | 2777 |
eapauth = (eapauth_t*)eapptr;
|
2778 | 2778 |
authlen = ntohs(eapauth->len);
|
2779 | 2779 |
if(authlen > restlen) return;
|
|
2907 | 2907 |
#endif
|
2908 | 2908 |
if(wpatype != VT_WPA_IE) return false;
|
2909 | 2909 |
zeiger->kdversion |= KV_WPAIE;
|
2910 | |
gsuiteptr = (suite_t*)ieptr;
|
|
2910 |
gsuiteptr = (suite_t*)ieptr;
|
2911 | 2911 |
if(memcmp(gsuiteptr->oui, &ouimscorp, 3) == 0)
|
2912 | 2912 |
{
|
2913 | 2913 |
if(gsuiteptr->type == CS_WEP40) zeiger->groupcipher |= TCS_WEP40;
|
|
2935 | 2935 |
}
|
2936 | 2936 |
for(c = 0; c < csuitecount; c++)
|
2937 | 2937 |
{
|
2938 | |
csuiteptr = (suite_t*)ieptr;
|
|
2938 |
csuiteptr = (suite_t*)ieptr;
|
2939 | 2939 |
if(memcmp(csuiteptr->oui, &ouimscorp, 3) == 0)
|
2940 | 2940 |
{
|
2941 | 2941 |
if(csuiteptr->type == CS_WEP40) zeiger->cipher |= TCS_WEP40;
|
|
2966 | 2966 |
}
|
2967 | 2967 |
for(c = 0; c < asuitecount; c++)
|
2968 | 2968 |
{
|
2969 | |
asuiteptr = (suite_t*)ieptr;
|
|
2969 |
asuiteptr = (suite_t*)ieptr;
|
2970 | 2970 |
if(memcmp(asuiteptr->oui, &ouimscorp, 3) == 0)
|
2971 | 2971 |
{
|
2972 | 2972 |
if(asuiteptr->type == AK_PMKSA) zeiger->akm |= TAK_PMKSA;
|
|
3033 | 3033 |
static suitecount_t *asuitecountptr;
|
3034 | 3034 |
static suite_t *asuiteptr;
|
3035 | 3035 |
static int asuitecount;
|
3036 | |
static rsnpmkidlist_t *rsnpmkidlistptr;
|
|
3036 |
static rsnpmkidlist_t *rsnpmkidlistptr;
|
3037 | 3037 |
static int rsnpmkidcount;
|
3038 | 3038 |
|
3039 | 3039 |
static const uint8_t foxtrott[4] = { 0xff, 0xff, 0xff, 0xff };
|
|
3048 | 3048 |
zeiger->kdversion |= KV_RSNIE;
|
3049 | 3049 |
rsnlen -= RSNIE_SIZE;
|
3050 | 3050 |
ieptr += RSNIE_SIZE;
|
3051 | |
gsuiteptr = (suite_t*)ieptr;
|
|
3051 |
gsuiteptr = (suite_t*)ieptr;
|
3052 | 3052 |
if(memcmp(gsuiteptr->oui, &suiteoui, 3) == 0)
|
3053 | 3053 |
{
|
3054 | 3054 |
if(gsuiteptr->type == CS_WEP40) zeiger->groupcipher |= TCS_WEP40;
|
|
3077 | 3077 |
}
|
3078 | 3078 |
for(c = 0; c < csuitecount; c++)
|
3079 | 3079 |
{
|
3080 | |
csuiteptr = (suite_t*)ieptr;
|
|
3080 |
csuiteptr = (suite_t*)ieptr;
|
3081 | 3081 |
if(memcmp(csuiteptr->oui, &suiteoui, 3) == 0)
|
3082 | 3082 |
{
|
3083 | 3083 |
if(csuiteptr->type == CS_WEP40) zeiger->cipher |= TCS_WEP40;
|
|
3109 | 3109 |
}
|
3110 | 3110 |
for(c = 0; c < asuitecount; c++)
|
3111 | 3111 |
{
|
3112 | |
asuiteptr = (suite_t*)ieptr;
|
|
3112 |
asuiteptr = (suite_t*)ieptr;
|
3113 | 3113 |
if(memcmp(asuiteptr->oui, &suiteoui, 3) == 0)
|
3114 | 3114 |
{
|
3115 | 3115 |
if(asuiteptr->type == AK_PMKSA) zeiger->akm |= TAK_PMKSA;
|
|
3132 | 3132 |
rsnlen -= RSNCAPABILITIES_SIZE;
|
3133 | 3133 |
ieptr += RSNCAPABILITIES_SIZE;
|
3134 | 3134 |
if(rsnlen <= 0) return true;
|
3135 | |
rsnpmkidlistptr = (rsnpmkidlist_t*)ieptr;
|
|
3135 |
rsnpmkidlistptr = (rsnpmkidlist_t*)ieptr;
|
3136 | 3136 |
#ifndef BIG_ENDIAN_HOST
|
3137 | 3137 |
rsnpmkidcount = rsnpmkidlistptr->count;
|
3138 | 3138 |
#else
|
|
3314 | 3314 |
return;
|
3315 | 3315 |
}
|
3316 | 3316 |
if(memcmp(&zeroed32, wpak->nonce, 32) == 0) return;
|
3317 | |
if((memcmp(&fakenonce1, wpak->nonce, 32) == 0) && (rc == 17)) return;
|
3318 | |
if((memcmp(&fakenonce2, wpak->nonce, 32) == 0) && (rc == 17)) return;
|
|
3317 |
if((memcmp(&fakenonce1, wpak->nonce, 32) == 0) && (rc == 17)) return;
|
|
3318 |
if((memcmp(&fakenonce2, wpak->nonce, 32) == 0) && (rc == 17)) return;
|
3319 | 3319 |
zeiger = messagelist +MESSAGELIST_MAX;
|
3320 | 3320 |
memset(zeiger, 0, MESSAGELIST_SIZE);
|
3321 | 3321 |
zeiger->timestamp = eaptimestamp;
|
|
3340 | 3340 |
if(eaptimestamp > zeiger->timestamp) eaptimegap = eaptimestamp -zeiger->timestamp;
|
3341 | 3341 |
else eaptimegap = zeiger->timestamp -eaptimestamp;
|
3342 | 3342 |
mpfield = ST_M34E4;
|
3343 | |
if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap;
|
|
3343 |
if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap;
|
3344 | 3344 |
if(eaptimegap <= eapoltimeoutvalue) addhandshake(eaptimegap, rcgap, messagelist +MESSAGELIST_MAX, zeiger, keyver, mpfield);
|
3345 | 3345 |
}
|
3346 | 3346 |
if((zeiger->message &HS_M1) != HS_M1) continue;
|
|
3360 | 3360 |
{
|
3361 | 3361 |
if(zeiger->rc == myaktreplaycount) continue;
|
3362 | 3362 |
}
|
3363 | |
if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap;
|
|
3363 |
if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap;
|
3364 | 3364 |
if(eaptimegap <= eapoltimeoutvalue) addhandshake(eaptimegap, rcgap, messagelist +MESSAGELIST_MAX, zeiger, keyver, mpfield);
|
3365 | 3365 |
}
|
3366 | 3366 |
qsort(messagelist, MESSAGELIST_MAX +1, MESSAGELIST_SIZE, sort_messagelist_by_epcount);
|
|
3475 | 3475 |
{
|
3476 | 3476 |
if(zeiger->rc == myaktreplaycount) continue;
|
3477 | 3477 |
}
|
3478 | |
if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap;
|
|
3478 |
if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap;
|
3479 | 3479 |
if(eaptimegap <= eapoltimeoutvalue) addhandshake(eaptimegap, rcgap, zeiger, messagelist +MESSAGELIST_MAX, keyver, mpfield);
|
3480 | 3480 |
}
|
3481 | 3481 |
if((zeiger->message &HS_M4) != HS_M4) continue;
|
|
3492 | 3492 |
{
|
3493 | 3493 |
if(zeiger->rc == myaktreplaycount) continue;
|
3494 | 3494 |
}
|
3495 | |
if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap;
|
|
3495 |
if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap;
|
3496 | 3496 |
if(eaptimegap <= eapoltimeoutvalue) addhandshake(eaptimegap, rcgap, zeiger, messagelist +MESSAGELIST_MAX, keyver, mpfield);
|
3497 | 3497 |
}
|
3498 | 3498 |
qsort(messagelist, MESSAGELIST_MAX +1, MESSAGELIST_SIZE, sort_messagelist_by_epcount);
|
|
3583 | 3583 |
eapolm2errorcount++;
|
3584 | 3584 |
return;
|
3585 | 3585 |
}
|
3586 | |
if((memcmp(&fakenonce1, wpak->nonce, 32) == 0) && (rc == 17)) return;
|
3587 | |
if((memcmp(&fakenonce2, wpak->nonce, 32) == 0) && (rc == 17)) return;
|
|
3586 |
if((memcmp(&fakenonce1, wpak->nonce, 32) == 0) && (rc == 17)) return;
|
|
3587 |
if((memcmp(&fakenonce2, wpak->nonce, 32) == 0) && (rc == 17)) return;
|
3588 | 3588 |
zeiger = messagelist +MESSAGELIST_MAX;
|
3589 | 3589 |
memset(zeiger, 0, MESSAGELIST_SIZE);
|
3590 | 3590 |
zeiger->timestamp = eaptimestamp;
|
|
3636 | 3636 |
}
|
3637 | 3637 |
if(rcgap != 0) continue;
|
3638 | 3638 |
}
|
3639 | |
if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap;
|
|
3639 |
if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap;
|
3640 | 3640 |
if(eaptimegap <= eapoltimeoutvalue) addhandshake(eaptimegap, rcgap, messagelist +MESSAGELIST_MAX, zeiger, keyver, mpfield);
|
3641 | 3641 |
}
|
3642 | 3642 |
if((zeiger->message &HS_M3) != HS_M3) continue;
|
|
3661 | 3661 |
}
|
3662 | 3662 |
if(rcgap != 0) continue;
|
3663 | 3663 |
}
|
3664 | |
if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap;
|
|
3664 |
if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap;
|
3665 | 3665 |
if(eaptimegap <= eapoltimeoutvalue) addhandshake(eaptimegap, rcgap, messagelist +MESSAGELIST_MAX, zeiger, keyver, mpfield);
|
3666 | 3666 |
}
|
3667 | 3667 |
qsort(messagelist, MESSAGELIST_MAX +1, MESSAGELIST_SIZE, sort_messagelist_by_epcount);
|
|
3718 | 3718 |
eapolm1errorcount++;
|
3719 | 3719 |
return;
|
3720 | 3720 |
}
|
3721 | |
if((memcmp(&fakenonce1, wpak->nonce, 32) == 0) && (rc == 17)) return;
|
3722 | |
if((memcmp(&fakenonce2, wpak->nonce, 32) == 0) && (rc == 17)) return;
|
|
3721 |
if((memcmp(&fakenonce1, wpak->nonce, 32) == 0) && (rc == 17)) return;
|
|
3722 |
if((memcmp(&fakenonce2, wpak->nonce, 32) == 0) && (rc == 17)) return;
|
3723 | 3723 |
zeiger = messagelist +MESSAGELIST_MAX;
|
3724 | 3724 |
memset(zeiger, 0, MESSAGELIST_SIZE);
|
3725 | 3725 |
zeiger->timestamp = eaptimestamp;
|
|
3730 | 3730 |
zeiger->rc = rc;
|
3731 | 3731 |
memcpy(zeiger->nonce, wpak->nonce, 32);
|
3732 | 3732 |
|
3733 | |
if((zeiger->rc == myaktreplaycount) && (memcmp(&myaktanonce, zeiger->nonce, 32) == 0))
|
|
3733 |
if((zeiger->rc == myaktreplaycount) && (memcmp(&myaktanonce, zeiger->nonce, 32) == 0))
|
3734 | 3734 |
{
|
3735 | 3735 |
zeiger->status |= ST_APLESS;
|
3736 | 3736 |
eapolm1ancount++;
|
|
3848 | 3848 |
static eapauth_t *eapauth;
|
3849 | 3849 |
|
3850 | 3850 |
eapauth = (eapauth_t*)eapptr;
|
3851 | |
if(restlen < (int)EAPAUTH_SIZE) return;
|
|
3851 |
if(restlen < (int)EAPAUTH_SIZE) return;
|
3852 | 3852 |
if(eapauth->type == EAPOL_KEY)
|
3853 | 3853 |
{
|
3854 | 3854 |
process80211eapol(eaptimestamp, macto, macfm, macsrc, restlen, eapptr);
|
|
3910 | 3910 |
memcpy(zeiger->devicename, aplistptr->devicename, aplistptr->devicenamelen);
|
3911 | 3911 |
zeiger->devicenamelen = aplistptr->devicenamelen;
|
3912 | 3912 |
}
|
3913 | |
if(zeiger->enrolleelen == 0)
|
|
3913 |
if(zeiger->enrolleelen == 0)
|
3914 | 3914 |
{
|
3915 | 3915 |
memcpy(zeiger->enrollee, aplistptr->enrollee, aplistptr->enrolleelen);
|
3916 | 3916 |
zeiger->enrolleelen = aplistptr->enrolleelen;
|
|
3967 | 3967 |
}
|
3968 | 3968 |
else if((tags.akm &TAK_FT_PSK) == TAK_FT_PSK) reassociationrequestftpskcount++;
|
3969 | 3969 |
|
3970 | |
if((tags.akm &TAK_PSK) == TAK_PSK) reassociationrequestpskcount++;
|
3971 | |
else if((tags.akm &TAK_FT_PSK) == TAK_FT_PSK) reassociationrequestftpskcount++;
|
3972 | |
else if((tags.akm &TAK_PSKSHA256) == TAK_PSKSHA256) reassociationrequestpsk256count++;
|
3973 | |
else if((tags.akm &TAK_SAE_SHA256) == TAK_SAE_SHA256) reassociationrequestsae256count++;
|
3974 | |
else if((tags.akm &TAK_SAE_SHA384B) == TAK_SAE_SHA384B) reassociationrequestsae384bcount++;
|
3975 | |
else if((tags.akm &TAK_OWE) == TAK_OWE) reassociationrequestowecount++;
|
|
3970 |
if((tags.akm &TAK_PSK) == TAK_PSK) reassociationrequestpskcount++;
|
|
3971 |
else if((tags.akm &TAK_FT_PSK) == TAK_FT_PSK) reassociationrequestftpskcount++;
|
|
3972 |
else if((tags.akm &TAK_PSKSHA256) == TAK_PSKSHA256) reassociationrequestpsk256count++;
|
|
3973 |
else if((tags.akm &TAK_SAE_SHA256) == TAK_SAE_SHA256) reassociationrequestsae256count++;
|
|
3974 |
else if((tags.akm &TAK_SAE_SHA384B) == TAK_SAE_SHA384B) reassociationrequestsae384bcount++;
|
|
3975 |
else if((tags.akm &TAK_OWE) == TAK_OWE) reassociationrequestowecount++;
|
3976 | 3976 |
if(cleanbackmac() == false) aplistptr++;
|
3977 | 3977 |
if(aplistptr >= aplist +maclistmax)
|
3978 | 3978 |
{
|
|
4048 | 4048 |
if(memcmp(&zeroed32, tags.pmkid, 16) != 0) addpmkid(macclient, macap, tags.pmkid);
|
4049 | 4049 |
}
|
4050 | 4050 |
if((tags.akm &TAK_PSK) == TAK_PSK) associationrequestpskcount++;
|
4051 | |
else if((tags.akm &TAK_FT_PSK) == TAK_FT_PSK) associationrequestftpskcount++;
|
4052 | |
else if((tags.akm &TAK_PSKSHA256) == TAK_PSKSHA256) associationrequestpsk256count++;
|
4053 | |
else if((tags.akm &TAK_SAE_SHA256) == TAK_SAE_SHA256) associationrequestsae256count++;
|
4054 | |
else if((tags.akm &TAK_SAE_SHA384B) == TAK_SAE_SHA384B) associationrequestsae384bcount++;
|
4055 | |
else if((tags.akm &TAK_OWE) == TAK_OWE) associationrequestowecount++;
|
|
4051 |
else if((tags.akm &TAK_FT_PSK) == TAK_FT_PSK) associationrequestftpskcount++;
|
|
4052 |
else if((tags.akm &TAK_PSKSHA256) == TAK_PSKSHA256) associationrequestpsk256count++;
|
|
4053 |
else if((tags.akm &TAK_SAE_SHA256) == TAK_SAE_SHA256) associationrequestsae256count++;
|
|
4054 |
else if((tags.akm &TAK_SAE_SHA384B) == TAK_SAE_SHA384B) associationrequestsae384bcount++;
|
|
4055 |
else if((tags.akm &TAK_OWE) == TAK_OWE) associationrequestowecount++;
|
4056 | 4056 |
if(cleanbackmac() == false) aplistptr++;
|
4057 | 4057 |
if(aplistptr >= aplist +maclistmax)
|
4058 | 4058 |
{
|
|
4164 | 4164 |
|
4165 | 4165 |
proberequestcount++;
|
4166 | 4166 |
if(proberequestlen < (int)IETAG_SIZE) return;
|
4167 | |
if(gettags(proberequestlen, proberequestptr, &tags) == false) return;
|
|
4167 |
if(gettags(proberequestlen, proberequestptr, &tags) == false) return;
|
4168 | 4168 |
if(tags.essidlen == 0) return;
|
4169 | 4169 |
if(tags.essid[0] == 0) return;
|
4170 | 4170 |
if(aplistptr >= aplist +maclistmax)
|
|
4383 | 4383 |
packetlen -= (int)ACTIONMEASUREMENTFRAME_SIZE;
|
4384 | 4384 |
packetptr += (int)ACTIONMEASUREMENTFRAME_SIZE;
|
4385 | 4385 |
if(packetlen < (int)IETAG_SIZE) return;
|
4386 | |
if(gettags(packetlen, packetptr, &tags) == false) return;
|
|
4386 |
if(gettags(packetlen, packetptr, &tags) == false) return;
|
4387 | 4387 |
if(tags.essidlen == 0) return;
|
4388 | 4388 |
if(tags.essid[0] == 0) return;
|
4389 | 4389 |
if(aplistptr >= aplist +maclistmax)
|
|
4574 | 4574 |
if((rth->it_present & IEEE80211_RADIOTAP_CHANNEL) == IEEE80211_RADIOTAP_CHANNEL)
|
4575 | 4575 |
{
|
4576 | 4576 |
if(pf > caplen) return;
|
4577 | |
if((pf %2) != 0) pf += 1;
|
|
4577 |
if((pf %2) != 0) pf += 1;
|
4578 | 4578 |
frequency = (capptr[pf +1] << 8) + capptr[pf];
|
4579 | 4579 |
usedfrequency[frequency] += 1;
|
4580 | 4580 |
if((frequency >= 2407) && (frequency <= 2474))
|
|
4582 | 4582 |
interfacechannel = (frequency -2407)/5;
|
4583 | 4583 |
band24count++;
|
4584 | 4584 |
}
|
4585 | |
else if((frequency >= 2481) && (frequency <= 2487))
|
|
4585 |
else if((frequency >= 2481) && (frequency <= 2487))
|
4586 | 4586 |
{
|
4587 | 4587 |
interfacechannel = (frequency -2412)/5;
|
4588 | 4588 |
band24count++;
|
|
4599 | 4599 |
}
|
4600 | 4600 |
pf += 4;
|
4601 | 4601 |
}
|
4602 | |
if((rth->it_present & IEEE80211_RADIOTAP_FHSS) == IEEE80211_RADIOTAP_FHSS)
|
4603 | |
{
|
4604 | |
if((pf %2) != 0) pf += 1;
|
|
4602 |
if((rth->it_present & IEEE80211_RADIOTAP_FHSS) == IEEE80211_RADIOTAP_FHSS)
|
|
4603 |
{
|
|
4604 |
if((pf %2) != 0) pf += 1;
|
4605 | 4605 |
pf += 2;
|
4606 | 4606 |
}
|
4607 | 4607 |
if((rth->it_present & IEEE80211_RADIOTAP_DBM_ANTSIGNAL) == IEEE80211_RADIOTAP_DBM_ANTSIGNAL)
|
|
4893 | 4893 |
{
|
4894 | 4894 |
pcapreaderrors++;
|
4895 | 4895 |
fprintf(stdout, "detected oversized snaplen (%d)\n", pcapfhdr.snaplen);
|
4896 | |
if(fh_log != NULL) fprintf(fh_log, "detected oversized snaplen (%d): %d\n", pcapfhdr.snaplen, pcapfhdr.version_minor);
|
|
4896 |
if(fh_log != NULL) fprintf(fh_log, "detected oversized snaplen (%d): %d\n", pcapfhdr.snaplen, pcapfhdr.version_minor);
|
4897 | 4897 |
}
|
4898 | 4898 |
|
4899 | 4899 |
while(1)
|
|
4961 | 4961 |
fprintf(stdout, "\nsummary capture file\n"
|
4962 | 4962 |
"--------------------\n"
|
4963 | 4963 |
"file name................................: %s\n"
|
4964 | |
"version (pcap/cap).......................: %d.%d (very basic format without any additional information)\n"
|
|
4964 |
"version (pcap/cap).......................: %d.%d (very basic format without any additional information)\n"
|
4965 | 4965 |
, basename(pcaporgname), versionmajor, versionminor
|
4966 | 4966 |
);
|
4967 | 4967 |
|
|
4999 | 4999 |
if(option->option_code == SHB_EOC) return 0;
|
5000 | 5000 |
padding = 0;
|
5001 | 5001 |
if(option->option_length > OPTIONLEN_MAX) return option->option_length;
|
5002 | |
if((option->option_length %4)) padding = 4 -(option->option_length %4);
|
|
5002 |
if((option->option_length %4)) padding = 4 -(option->option_length %4);
|
5003 | 5003 |
if(option->option_code == SHB_HARDWARE)
|
5004 | 5004 |
{
|
5005 | 5005 |
if(option->option_length < OPTIONLEN_MAX)
|
|
5196 | 5196 |
}
|
5197 | 5197 |
pcapngbh = (block_header_t*)pcpngblock;
|
5198 | 5198 |
blocktype = pcapngbh->block_type;
|
5199 | |
blocklen = pcapngbh->total_length;
|
|
5199 |
blocklen = pcapngbh->total_length;
|
5200 | 5200 |
blockmagic = pcapngbh->byte_order_magic;
|
5201 | 5201 |
#ifdef BIG_ENDIAN_HOST
|
5202 | 5202 |
blocktype = byte_swap_32(blocktype);
|
|
5431 | 5431 |
"weak candidate...........................: %s\n"
|
5432 | 5432 |
"MAC ACCESS POINT.........................: %02x%02x%02x%02x%02x%02x (incremented on every new client)\n"
|
5433 | 5433 |
"MAC CLIENT...............................: %02x%02x%02x%02x%02x%02x\n"
|
5434 | |
"REPLAYCOUNT..............................: %" PRIu64 "\n"
|
|
5434 |
"REPLAYCOUNT..............................: %" PRIu64 "\n"
|
5435 | 5435 |
"ANONCE...................................: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n"
|
5436 | 5436 |
"SNONCE...................................: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n"
|
5437 | 5437 |
, basename(pcaporgname), versionmajor, versionminor,
|