the previous -K option automatically used the PIN found by pixie,
and tried to use it to retrieve the WPA key from the router.
there was a specific flag -Z to be used together with -K to suppress
this behaviour.
since this feature is currently not implemented, we just alias -Z to
-K for the time being.
libwps/libwps.c: In function 'parse_wps_tag':
libwps/libwps.c:89:65: warning: iteration 16 invokes undefined behavior [-Waggressive-loop-optimizations]
el = get_wps_data_element(wps_ie_data, wps_data_len, elements[i], &el_len);
~~~~~~~~^~~
libwps/libwps.c:86:3: note: within this loop
the values for the attack are taken from where the original t6x
change had them, but everything else is heavily refactored and
should be easy to trace back and improve to use different means
of executing the attack (i.e. use the pixiewps code directly rather
than starting it as an external command).
the following changes were merged into one
- remove get_db_ssid()
this seems to be one of the 2 only functions left that actually use
the sqlite db. it was used as a convenience function to look up
the ssid from the database when it was not found in a beacon.
- remove "auto-detect settings" feature
the purpose of this feature was to save the settings used for
attacking a specific AP, but i suppose it was almost universally
unused in the past because
1) most APs lock you out for an eternity after 3 wrong tries
2) those that don't you'll probably crack anyway with your first run.
3) most ppl are used to a workflow that add all the required command
line arguments anyway
4) all automated tools add all the required command line arguments
anyway.
so this is basically an almost-always unused lazy-ass switch that's
unheard of in most other programs, and as the only remaining feature
depending on sqlite, requiring sqlite installed just for this feature
is a heavy price to pay.
- remove unused function update_history
there's no functionality anymore that uses sql, so we dont need to
update the db anymore either.
- remove unused function get() from sql.c
it's only used in session.c, so making it static allows the compiler to
inline it, or drop it entirely if it's unused.
while we're at it, simplify the code.
traditionally reaver saved session files (*.wpc) into a global directory
in /etc, which has disadvantages for some users (especially embedded ones).
for them it is better if reaver saves its files into the current directory.
we now make it possible for them to enable this behavior by specifying
--enable-savetocurrent when they build reaver.
this new flag is not enabled by default, so in a standard scenario reaver
will still use the old behavior.
while at it, we simplified the surrounding code a bit (merged duplicate code
into a single function, removed dynamic allocation and surrounding boilerplate).
This allows the user to always explicitely choose (by changing the
current directory before launching the program) where the session
files should go. Useful e.g. to avoid hogging the precious space on
embedded devices, just cd /tmp before starting the app.
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
we now default to ignoring FCS errors, so there's no need anymore toa
set it explicitly.
the rationale for defaulting to ignoring FCS is that this is required
for compatibilty with ralink USB chips as pointed out by @kcdtv.
the maintainers did not deem it necessary to keep it as a no-op flag
for backwards compatibility, so let's just remove it.
the standard unix terminal is 80 characters wide (for example when you
open a new xterm, it will be 80 chars).
wash was very wasteful in its usage and wrapped the output of the header around,
and all ESSIDs that were longer than about 10 chars would be displayed in the
next line. fix it by making the words in the header columns slimmer and
shrinking the whitespace between the columns.
when mac2str() was used with 0 as delim, the intended effect was to
use no delimiter at all, instead of (as i assumed) to literally write
a zero byte into the stream.
code was inefficient, ugly, and buggy (pointer to pointer where pointer is
required, warning was muted with a typecast).
TODO: fix all callers to provide an output buffer on the stack, so we can
avoid allocating heap mem.
the original code was horrible *and* wrong, so replace it with a
correct version (hint: if you need a typecast to mute warnings you're
probably having a bug there).
linking to libdl is only needed when you dlsym and dlopen tricks,
and reaver doesn't.
since FreeBSD doesn't have a libdl, this caused a compile error there.
linux headers tend to be very broken for usage in userspace,
especially when they're using linux/types.h.
clean up the mess by using stdint.h types.
this may be sufficient that the code can be compiled on *BSD.
the sqlite dependency was a thorn in my eye since the beginning,
since sqlite is in fact a quite bloated library[0] (despite its name).
especially wash depending on it IMO doesn't make sense at all; all
the information it needs to gather is much better kept in RAM temporarily
and abandoned after quitting.
also my computer's HDD LED used to blink like wild when doing a wash scan
since it wrote into the db for every freaking beacon on the wire.
checking out reaver's db with the sqlite3 command line utility revealed
that there is no info of any importance whatsoever stored in it, not even
WPS manufacturer information, PLUS it is highly unlikely that anyone will
ever look into that DB (except maybe the feds after confiscating your computer).
[0] https://devsonacid.wordpress.com/2013/09/25/sqlites-anal-gamation/
the essid is an ascii string so unsigned char doesnt make sense -
and it was only used in 2 places with an ugly typecast since the
input string was a char* anyway.
previously the objects in wps and libwps were built with an indepent
Makefile, so the top-level Makefile was unaware of any dependencies.
also the object files for wash and reaver were just passed as a glob directly
to the compiler invocation, circumventing the make dependency graph.
advantages of the new approach:
- wash and reaver can be build independently (for example `make wash`)
using only the object files that are actually used.
- objects of wps and libwps subdirs are now built with the same set of CFLAGS
etc than those in the TLD.
- dependencies are tracked in a fine-grained fashion, so if you change a .c
file and run make, that file will actually get recompiled.
previously you had to manually remove that C files' object file.
- eventually higher build speeds at parallel compilation levels (for example
make -j4) since make now has better knowledge about deps.
the author's intention was to overwrite the entire md5 context
for security purposes to avoid information leaks; however it overwrote
only the first sizeof(void*) chars.
fixes a warning by newer compilers.
this warning here
md5-internal.c:186:5: warning:
dereferencing type-punned pointer will break strict-aliasing rules
[-Wstrict-aliasing]
is serious UB and as such may lead to all kinds of evil compiler behaviour.
fix it by sacrificing a little bit of performance and disabling the
strict aliasing optimization.
the build system is completely bogus; all of the subdirs are
compiled with their own (or in this case, no) CFLAGS.
as a quick workaround add -Wall, so we can at least find obvious
errors.
This should fix access to the radiotap, 802.11, LLC/SNAP and WFA
headers' fields. Run-time tested on an ar71xx BE system.
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
This reverts commit a095561f66b72899e51199a01097999cafeac7c6.
This brings us back to vanilla reaver 1.4, but with t6x' work properly
documented in the commit history.
whitespace changes have been omitted. unfortunately, the entire source
code of reaver is completely inconsistent in its usage of whitespace.
some parts are indented with tabs, others with spaces.
t6x' first commit was similarly inconsistent, and it changed *a lot*
of whitespace. would i have imported the whitespace changes as well,
it would be very hard to see what has changed, without usage of tools.
as the patch is very intrusive and added a number of bugs (for example
breaks option -g as found here:
https://github.com/t6x/reaver-wps-fork-t6x/issues/50#issuecomment-273802361 )
we add this commit only for documentary purposes and will revert it in
the follow-up commit, with the intention to study the changes and
forward-port only the necessary changes to implement the pixiedust
attack, and leave the bugs behind.
the repo in this state is now 100% identical to reaver 1.4 tarball
http://reaver-wps.googlecode.com/files/reaver-1.4.tar.gz
with sha512sum 59f2d6f8aa6228988ce5d1c102d9a48b2a23e582ff3d9afe39d7c9717b7e4be059362fdd21a3e5f5d59948df1a7616acdaa6df20f139e9c5aa9bd673f764dfbc
