From c3fc4a81a044462a357027bc333e7c916b61b382 Mon Sep 17 00:00:00 2001
From: rofl0r <retnyg@gmx.net>
Date: Wed, 29 Nov 2017 04:00:37 +0000
Subject: [PATCH] find_rtl_es(): remove duplicated code

the code was copy/pasted twice, with the only difference being the
direction of the iteration.
care has been taken not to change the existing logic, even though
it appears it could be simplified further in the added conditional
where i + 1 is added to es1 in one case, and es2 in the other.
---
 src/pixiewps.c | 84 ++++++++++++++++----------------------------------
 1 file changed, 26 insertions(+), 58 deletions(-)

diff --git a/src/pixiewps.c b/src/pixiewps.c
index ab81d8b..3c7d774 100644
--- a/src/pixiewps.c
+++ b/src/pixiewps.c
@@ -293,7 +293,7 @@ unsigned int hardware_concurrency()
 #endif
 }
 
-int find_rtl_es(struct global *wps, char* pin)
+static int find_rtl_es_dir(struct global *wps, char *pin, int dir)
 {
 	uint_fast8_t found_p_mode = NONE;
 	struct glibc_prng glibc_prng;
@@ -301,11 +301,15 @@ int find_rtl_es(struct global *wps, char* pin)
 	int32_t res;
 	int i = 0; /* Must hold MODE3_TRIES */
 	uint8_t tmp_s_nonce[16];
+	int break_cond = (MODE3_TRIES + 1) * dir;
 
-	DEBUG_PRINT("Trying forward in time");
+	if (dir == 1)
+		DEBUG_PRINT("Trying forward in time");
+	else
+		DEBUG_PRINT("Trying backwards in time");
 
 	do {
-		i++;
+		i += dir;
 		glibc_seed(&glibc_prng, wps->nonce_seed + i);
 		for (uint_fast8_t j = 0; j < 4; j++) {
 			uint32_t be = end_htobe32(glibc_rand(&glibc_prng));
@@ -326,7 +330,7 @@ int find_rtl_es(struct global *wps, char* pin)
 			DEBUG_PRINT("Pin found");
 		}
 		else if (r == PIN_ERROR) {
-			if (i == 1) {
+			if (i == 1 || i == -1) {
 				memcpy(wps->e_s1, wps->e_nonce, WPS_SECRET_NONCE_LEN); /* E-S1 = E-Nonce != E-S2 */
 				memcpy(tmp_s_nonce, wps->e_s2, WPS_SECRET_NONCE_LEN);  /* Chaching for next round, see below */
 			}
@@ -334,8 +338,14 @@ int find_rtl_es(struct global *wps, char* pin)
 				memcpy(wps->e_s1, tmp_s_nonce, WPS_SECRET_NONCE_LEN);
 				memcpy(tmp_s_nonce, wps->e_s2, WPS_SECRET_NONCE_LEN);  /* E-S1 = old E-S1, E-S2 = new E-S2 */
 			}
-			wps->s1_seed = wps->nonce_seed + i - 1;
-			wps->s2_seed = wps->nonce_seed + i;
+			if (dir == 1) {
+				wps->s1_seed = wps->nonce_seed + i - dir;
+				wps->s2_seed = wps->nonce_seed + i;
+			}
+			else {
+				wps->s1_seed = wps->nonce_seed + i;
+				wps->s2_seed = wps->nonce_seed + i - dir;
+			}
 
 			DEBUG_PRINT("Trying (%10u) with E-S1: ", wps->s1_seed);
 			DEBUG_PRINT_ARRAY(wps->e_s1, WPS_SECRET_NONCE_LEN);
@@ -354,63 +364,21 @@ int find_rtl_es(struct global *wps, char* pin)
 		else if (r == MEM_ERROR) {
 			return -MEM_ERROR;
 		}
-	} while (found_p_mode == NONE && i <= MODE3_TRIES);
+	} while (found_p_mode == NONE && i != break_cond);
 
-	if (found_p_mode == NONE) {
-		DEBUG_PRINT("Trying backwards in time");
-		i = 0;
-		do {
-			i++;
-			glibc_seed(&glibc_prng, wps->nonce_seed - i);
-			for (uint_fast8_t j = 0; j < 4; j++) {
-				uint32_t be = end_htobe32(glibc_rand(&glibc_prng));
-				memcpy(&(wps->e_s1[4 * j]), &be, sizeof(uint32_t));
-			}
-			memcpy(wps->e_s2, wps->e_s1, WPS_SECRET_NONCE_LEN); /* E-S1 = E-S2 != E-Nonce */
-			wps->s1_seed = wps->nonce_seed - i;
-			wps->s2_seed = wps->nonce_seed - i;
+	return found_p_mode;
+}
 
-			DEBUG_PRINT("Trying (%10u) with E-S1: ", wps->s1_seed);
-			DEBUG_PRINT_ARRAY(wps->e_s1, WPS_SECRET_NONCE_LEN);
-			DEBUG_PRINT("Trying (%10u) with E-S2: ", wps->s2_seed);
-			DEBUG_PRINT_ARRAY(wps->e_s2, WPS_SECRET_NONCE_LEN);
+static int find_rtl_es(struct global *wps, char *pin)
+{
 
-			uint_fast8_t r = crack(wps, pin);
-			if (r == PIN_FOUND) {
-				found_p_mode = RTL819x;
-				DEBUG_PRINT("Pin found");
-			}
-			else if (r == PIN_ERROR) {
-				if (i == 1) {
-					memcpy(wps->e_s2, wps->e_nonce, WPS_SECRET_NONCE_LEN); /* E-S1 = E-Nonce != E-S2 */
-					memcpy(tmp_s_nonce, wps->e_s1, WPS_SECRET_NONCE_LEN);  /* Chaching for next round, see below */
-				}
-				else {
-					memcpy(wps->e_s2, tmp_s_nonce, WPS_SECRET_NONCE_LEN);
-					memcpy(tmp_s_nonce, wps->e_s1, WPS_SECRET_NONCE_LEN);  /* E-S1 = old E-S1, E-S2 = new E-S2 */
-				}
-				wps->s1_seed = wps->nonce_seed - i;
-				wps->s2_seed = wps->nonce_seed - i + 1;
+	int found_p_mode = find_rtl_es_dir(wps, pin, 1);
 
-				DEBUG_PRINT("Trying (%10u) with E-S1: ", wps->s1_seed);
-				DEBUG_PRINT_ARRAY(wps->e_s1, WPS_SECRET_NONCE_LEN);
-				DEBUG_PRINT("Trying (%10u) with E-S2: ", wps->s2_seed);
-				DEBUG_PRINT_ARRAY(wps->e_s2, WPS_SECRET_NONCE_LEN);
+	if (found_p_mode != NONE)
+		return found_p_mode;
+
+	found_p_mode = find_rtl_es_dir(wps, pin, -1);
 
-				uint_fast8_t r2 = crack(wps, pin);
-				if (r2 == PIN_FOUND) {
-					found_p_mode = RTL819x;
-					DEBUG_PRINT("Pin found");
-				}
-				else if (r2 == MEM_ERROR) {
-					return -MEM_ERROR;
-				}
-			}
-			else if (r == MEM_ERROR) {
-				return -MEM_ERROR;
-			}
-		} while (found_p_mode == NONE && i <= MODE3_TRIES);
-	}
 	return found_p_mode;
 }