From c21e8b061c7a78f46b67eb29aa3d3fbf1eef0774 Mon Sep 17 00:00:00 2001 From: wiire-a Date: Sat, 18 Nov 2017 23:33:09 +0100 Subject: [PATCH] Fixed new PRNG false positive issue --- src/pixiewps.c | 2 +- src/random/glibc_random_lazy.c | 9 +++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/src/pixiewps.c b/src/pixiewps.c index 381bd14..800d89c 100644 --- a/src/pixiewps.c +++ b/src/pixiewps.c @@ -104,7 +104,7 @@ static void crack_thread_rtl(struct crack_job *j) { unsigned int i; glibc_lazyseed(&glibc_lazyprng, seed); if (glibc_rand1(&glibc_lazyprng) == job_control.randr_enonce[0]) { - if (!memcmp(glibc_randfill(&glibc_lazyprng, tmp), job_control.randr_enonce, 4)) { + if (!memcmp(glibc_randfill(&glibc_lazyprng, tmp), job_control.randr_enonce, WPS_NONCE_LEN)) { job_control.nonce_seed = seed; DEBUG_PRINT("Seed found %u", seed); } diff --git a/src/random/glibc_random_lazy.c b/src/random/glibc_random_lazy.c index 5f50a20..45e9150 100644 --- a/src/random/glibc_random_lazy.c +++ b/src/random/glibc_random_lazy.c @@ -26,10 +26,11 @@ static unsigned int glibc_rand1(struct glibc_lazyprng *prng) static int *glibc_randfill(struct glibc_lazyprng *prng, uint32_t *arr) { int *state = prng->state; - arr[0] = ((unsigned int)(state[344 - 31] + state[344 - 3])) >> 1; - arr[1] = ((unsigned int)(state[344 - 31 + 1] + state[344 - 3 + 1])) >> 1; - arr[2] = ((unsigned int)(state[344 - 31 + 2] + state[344 - 3 + 2])) >> 1; - arr[3] = ((unsigned int)(state[344 - 31 + 3] + arr[0])) >> 1; + int const first = state[344 - 31] + state[344 - 3]; + arr[0] = ((unsigned int)first) >> 1; + arr[1] = ((unsigned int)(state[344 - 31 + 1] + state[342 - 31] + state[342 - 3])) >> 1; + arr[2] = ((unsigned int)(state[344 - 31 + 2] + state[343 - 31] + state[343 - 3])) >> 1; + arr[3] = ((unsigned int)(state[344 - 31 + 3] + first)) >> 1; return arr; }