it seems some badly written drivers require/expect to see some
TX capability flags in the radiotap header.
this was discovered by a study of aircrack-ng commit history
(which turned out to be very annoying because the current build
system maintainer @jbenden seems to love to move files from one
directory to the other, apply automatic code formatting programs
etc which limits usability of git log/git history very much ...)
the interesting commit in aircrack-ng is
commit 47743c161800721d9c09d3fe4ba7e457360f7fe5
Author: Gábor Stefanik <netrolller.3d@gmail.com>
Date: Mon Dec 15 16:22:19 2008 +0000
Set the proposed F_TX_NOACK and F_TX_NOSEQ flags in the TX radiotap header. (Kernel patch to handle these flags in mac
80211 coming soon.)
the code is prepared to additionally allow usage of a TX rate
field, which aircrack-ng uses as well and even sets it to
the rate of the current adapter. Hopefully this will turn
out to not be required.
unfortunately during reaver development it was decided to
use a struct radio_tap_header even for sending of packets,
rather than just using raw bytes which complicates any
changes to it.
there's also libwps/libwps.h which uses its own copy of the
struct, though fortunately only for the code inside libwps.c,
and only for reading purposes. therefore it was left untouched.
addressing #279
in file replay mode (-f), there is no scanned channel, therefore
APs might come out with channel 0 if they don't have a tagged IE
with the channel number. we now take it from radiotap header, if
existing. FIXME fixed.
when pcap-file output for interesting packets for reaver was added in
fd5dc9590a340ab8cd43e3f35763b73e7f53e969, only reaver itself properly init-
ialized the output fd to -1. wash however didn't initialize it, so it was still
0 from the memset of the globule struct, which caused packets with wrong FCS to
be dumped to stdin, where it eventually produced garbled output on the tty.
this fixes wash output with some broken mac drivers that only sporadically have
correct packets in monitor mode.
even though most drivers on linux properly work with rfmon turned on, a few
badly written ones create issues:
issue #202 : rfmon mode causes additional interfaces to appear
issue #265 : issues with RTL8812AU hackjob driver
argsparser.c: deleted 'set_key_status(KEY2_WIP)' for fix key status
because do_wps_exchange() will do it.
keys.c: 'get_k1_key_index()' and 'get_k2_key_index()' are for get
the index of k1[] and k2[] respectively.
pinc.c: lines deleted are for not create invalid format .wpc file.
pinc.c: news lines are for to generate .wpc file with the first half
and second half specified PIN in first position.
the packets we send have a minimalistic radiotap header without
additional flags set in presentflags. it was previously wrongly
assumed that lack of those flags would imply the FCS checksum has
to be appended at the end of the packet, but that is not the case.
when we get deauth, something went wrong, so at least inform the user.
we have not yet decided the best strategy to automatically recover, or
whether that is even desirable.
pcap under some circumstances (nl80211 driver and linked against
libnl) creates a new monitor interface on initialization, and puts
cleanup code into the atexit() queue.
since wash usually runs forever until interrupted with SIGINT, we
need to catch the signal so the atexit code can do its cleanup.
addressing #202
list_insert() is not only used as an insertion function, but also for
retrieving the index for a given bssid.
However, latter functionality is broken once wash has seen MAX_AP
networks.
The function then would always return -1.
Therefore the order of those lines were altered such, that the comparison
with all previously seen networks would still take place and eventually
return the index of seen_list[].
taken from PR #232.
Additionally fixes a warning about unused result.
pixie.c: In function 'pixie_attack':
pixie.c:29:3: warning: ignoring return value of 'system', declared with attribute warn_unused_result [-Wunused-result]
system(cmd);
^~~~~~~~~~~
