diff -Nru hcxtools-6.2.5/changelog hcxtools-6.2.7/changelog --- hcxtools-6.2.5/changelog 2021-12-01 14:17:49.000000000 +0000 +++ hcxtools-6.2.7/changelog 2022-04-26 14:38:44.000000000 +0000 @@ -1,3 +1,21 @@ +26.04.2022 +========== +hcxpsktool: fixed stdout bug +release v6.2.7 + + +22.04.2022 +========== +release v6.2.6 +still supporting OpenSSL 1.1 + + +09.04.2022 +========== +hcxpsktool: added new option +--alticeoptimum : include weak Altice/Optimum candidates (MyAltice) + + 01.12.2021 ========== release v6.2.5 diff -Nru hcxtools-6.2.5/debian/changelog hcxtools-6.2.7/debian/changelog --- hcxtools-6.2.5/debian/changelog 2021-12-27 21:06:28.000000000 +0000 +++ hcxtools-6.2.7/debian/changelog 2022-04-30 15:49:00.000000000 +0000 @@ -1,3 +1,17 @@ +hcxtools (6.2.7-1) unstable; urgency=medium + + * New upstream version 6.2.7 + + -- Paulo Roberto Alves de Oliveira (aka kretcheu) Sat, 30 Apr 2022 12:49:00 -0300 + +hcxtools (6.2.6-1) unstable; urgency=medium + + * New upstream version 6.2.6. + * d/copyright: Update copyright years. + * d/patches/01-fix-spell-errors.patch: Refresh patch. + + -- Paulo Roberto Alves de Oliveira (aka kretcheu) Sun, 24 Apr 2022 09:25:00 -0300 + hcxtools (6.2.5-2) unstable; urgency=medium * d/rules: Fix to solve FTBFS in Kfreebsd. diff -Nru hcxtools-6.2.5/debian/copyright hcxtools-6.2.7/debian/copyright --- hcxtools-6.2.5/debian/copyright 2021-10-17 04:06:31.000000000 +0000 +++ hcxtools-6.2.7/debian/copyright 2022-04-24 12:45:54.000000000 +0000 @@ -3,7 +3,7 @@ Source: https://github.com/ZerBea/hcxtools/releases Files: * -Copyright: 2017-2019, ZeroBeat +Copyright: 2017-2022 ZeroBeat License: MIT Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the @@ -25,8 +25,8 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Files: debian/* -Copyright: 2018-2021, Ulises Vitulli - 2021 Paulo Roberto Alves de Oliveira (aka kretcheu) +Copyright: 2018-2021 Ulises Vitulli + 2021-2022 Paulo Roberto Alves de Oliveira (aka kretcheu) License: GPL-3.0+ This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff -Nru hcxtools-6.2.5/debian/patches/01-fix-spell-errors.patch hcxtools-6.2.7/debian/patches/01-fix-spell-errors.patch --- hcxtools-6.2.5/debian/patches/01-fix-spell-errors.patch 2021-12-26 22:52:34.000000000 +0000 +++ hcxtools-6.2.7/debian/patches/01-fix-spell-errors.patch 2022-04-24 12:32:38.000000000 +0000 @@ -5,8 +5,8 @@ =================================================================== --- hcxtools.orig/hcxpcapngtool.c +++ hcxtools/hcxpcapngtool.c -@@ -606,8 +606,8 @@ static void printcontentinfo() - static uint8_t i; +@@ -622,8 +622,8 @@ static uint16_t p; + if(nmeacount > 0) fprintf(stdout, "NMEA sentence............................: %ld\n", nmeacount); if(nmeaerrorcount > 0) fprintf(stdout, "NMEA sentence checksum errors............: %ld\n", nmeaerrorcount); -if(endianess == 0) fprintf(stdout, "endianess (capture system)...............: little endian\n"); @@ -20,7 +20,7 @@ =================================================================== --- hcxtools.orig/hcxpsktool.c +++ hcxtools/hcxpsktool.c -@@ -533,7 +533,7 @@ static char pskstring[PSKSTRING_LEN_MAX] +@@ -538,7 +538,7 @@ static char pskstring[PSKSTRING_LEN_MAX] static const char *word1[] = { "apple", "east", "give", diff -Nru hcxtools-6.2.5/hcxhash2cap.c hcxtools-6.2.7/hcxhash2cap.c --- hcxtools-6.2.5/hcxhash2cap.c 2021-12-01 14:17:49.000000000 +0000 +++ hcxtools-6.2.7/hcxhash2cap.c 2022-04-26 14:38:44.000000000 +0000 @@ -1555,10 +1555,10 @@ "-h : show this help\n" "-v : show version\n" "\n" - "--pmkid-eapol= : input PMKID EAPOL combi hash file\n" - "--pmkid= : input PMKID hash file\n" - "--hccapx= : input hashcat hccapx file\n" - "--hccap= : input hashcat hccap file\n" + "--pmkid-eapol= : input PMKID EAPOL (22000) combi hash file\n" + "--pmkid= : input deprecated PMKID (16800) hash file\n" + "--hccapx= : input deprecated hccapx (2500) hash file\n" + "--hccap= : input ancient hccap (2500) file\n" "--john= : input John the Ripper WPAPSK hash file\n" "--help : show this help\n" "--version : show version\n" diff -Nru hcxtools-6.2.5/hcxpcapngtool.c hcxtools-6.2.7/hcxpcapngtool.c --- hcxtools-6.2.5/hcxpcapngtool.c 2021-12-01 14:17:49.000000000 +0000 +++ hcxtools-6.2.7/hcxpcapngtool.c 2022-04-26 14:38:44.000000000 +0000 @@ -47,15 +47,15 @@ /*===========================================================================*/ struct hccap_s { - char essid[36]; - unsigned char ap[6]; - unsigned char client[6]; - unsigned char snonce[32]; - unsigned char anonce[32]; - unsigned char eapol[256]; - int eapol_size; - int keyver; - unsigned char keymic[16]; + char essid[36]; + unsigned char ap[6]; + unsigned char client[6]; + unsigned char snonce[32]; + unsigned char anonce[32]; + unsigned char eapol[256]; + int eapol_size; + int keyver; + unsigned char keymic[16]; }; typedef struct hccap_s hccap_t; #define HCCAP_SIZE (sizeof(hccap_t)) @@ -186,12 +186,14 @@ static long int authunknowncount; static long int associationrequestcount; static long int associationrequestpskcount; +static long int associationrequestftpskcount; static long int associationrequestpsk256count; static long int associationrequestsae256count; static long int associationrequestsae384bcount; static long int associationrequestowecount; static long int reassociationrequestcount; static long int reassociationrequestpskcount; +static long int reassociationrequestftpskcount; static long int reassociationrequestpsk256count; static long int reassociationrequestsae256count; static long int reassociationrequestsae384bcount; @@ -254,6 +256,7 @@ static long int eapolm1errorcount; static long int eapolm2count; static long int eapolm2kdv0count; +static long int eapolm2ftpskcount; static long int eapolm2errorcount; static long int eapolm3count; static long int eapolm3kdv0count; @@ -302,10 +305,14 @@ static uint64_t ncvalue; static int essidsvalue; +static uint16_t frequency; + static int nmealen; static bool ignoreieflag; static bool donotcleanflag; +static bool ancientdumpfileformat; +static bool radiotappresent; static const uint8_t fakenonce1[] = { @@ -341,6 +348,8 @@ static uint8_t zeroedpmk[32]; static uint8_t calculatedpmk[32]; +static uint16_t usedfrequency[0xffff]; + static uint8_t beaconchannel[CHANNEL_MAX]; /*===========================================================================*/ /* @@ -348,7 +357,7 @@ { static int p; -fprintf(stdout, "\nRAW: "); +fprintf(stdout, "\nRAW: "); for(p = 0; p < len; p++) { @@ -488,6 +497,7 @@ authunknowncount = 0; associationrequestcount = 0; associationrequestpskcount = 0; +associationrequestftpskcount = 0; associationrequestpsk256count = 0; associationrequestsae256count = 0; associationrequestsae384bcount = 0; @@ -556,6 +566,7 @@ eapolm1errorcount = 0; eapolm2count = 0; eapolm2kdv0count = 0; +eapolm2ftpskcount = 0; eapolm2errorcount = 0; eapolm3count = 0; eapolm3kdv0count = 0; @@ -598,12 +609,17 @@ memset(&zeroedpsk, 0, 8); memset(&zeroedpmk, 0, 32); memset(&beaconchannel, 0, sizeof(beaconchannel)); + +memset(&usedfrequency, 0, sizeof(usedfrequency)); return true; } /*===========================================================================*/ static void printcontentinfo() { +static int c; static uint8_t i; +static uint16_t p; + if(nmeacount > 0) fprintf(stdout, "NMEA sentence............................: %ld\n", nmeacount); if(nmeaerrorcount > 0) fprintf(stdout, "NMEA sentence checksum errors............: %ld\n", nmeaerrorcount); if(endianess == 0) fprintf(stdout, "endianess (capture system)...............: little endian\n"); @@ -627,8 +643,7 @@ fprintf(stdout, "BEACON (total)...........................: %ld\n", beaconcount); if((beaconchannel[0] &GHZ24) == GHZ24) { - fprintf(stdout, "BEACON (detected on 2.4 GHz channel).....: "); - + fprintf(stdout, "BEACON on 2.4 GHz channel (from IE_TAG)..: "); for(i = 1; i <= 14; i++) { if(beaconchannel[i] != 0) fprintf(stdout, "%d ", i); @@ -637,7 +652,7 @@ } if((beaconchannel[0] &GHZ5) == GHZ5) { - fprintf(stdout, "BEACON (detected on 5/6 GHz channel).....: "); + fprintf(stdout, "BEACON on 5/6 GHz channel (from IE-TAG)..: "); for(i = 15; i < CHANNEL_MAX; i++) { if(beaconchannel[i] != 0) fprintf(stdout, "%d ", i); @@ -645,7 +660,7 @@ fprintf(stdout, "\n"); } } -if(beaconssidunsetcount > 0) fprintf(stdout, "BEACON (SSID unset)......................: %ld\n", beaconssidunsetcount); +if(beaconssidunsetcount > 0) fprintf(stdout, "BEACON (SSID wildcard/unset).............: %ld\n", beaconssidunsetcount); if(beaconssidzeroedcount > 0) fprintf(stdout, "BEACON (SSID zeroed).....................: %ld\n", beaconssidzeroedcount); if(beaconssidoversizedcount > 0) fprintf(stdout, "BEACON (oversized SSID length)...........: %ld\n", beaconssidoversizedcount); if(pagcount > 0) fprintf(stdout, "BEACON (pwnagotchi)......................: %ld\n", pagcount); @@ -672,12 +687,14 @@ if(authunknowncount > 0) fprintf(stdout, "AUTHENTICATION (unknown).................: %ld\n", authunknowncount); if(associationrequestcount > 0) fprintf(stdout, "ASSOCIATIONREQUEST (total)...............: %ld\n", associationrequestcount); if(associationrequestpskcount > 0) fprintf(stdout, "ASSOCIATIONREQUEST (PSK).................: %ld\n", associationrequestpskcount); +if(associationrequestftpskcount > 0) fprintf(stdout, "ASSOCIATIONREQUEST (FT using PSK)........: %ld\n", associationrequestftpskcount); if(associationrequestpsk256count > 0) fprintf(stdout, "ASSOCIATIONREQUEST (PSK SHA256)..........: %ld\n", associationrequestpsk256count); if(associationrequestsae256count > 0) fprintf(stdout, "ASSOCIATIONREQUEST (SAE SHA256)..........: %ld\n", associationrequestsae256count); if(associationrequestsae384bcount > 0) fprintf(stdout, "ASSOCIATIONREQUEST (SAE SHA384 SUITE B)..: %ld\n", associationrequestsae384bcount); if(associationrequestowecount > 0) fprintf(stdout, "ASSOCIATIONREQUEST (OWE).................: %ld\n", associationrequestowecount); if(reassociationrequestcount > 0) fprintf(stdout, "REASSOCIATIONREQUEST (total).............: %ld\n", reassociationrequestcount); if(reassociationrequestpskcount > 0) fprintf(stdout, "REASSOCIATIONREQUEST (PSK)...............: %ld\n", reassociationrequestpskcount); +if(reassociationrequestftpskcount > 0) fprintf(stdout, "REASSOCIATIONREQUEST (FT using PSK)......: %ld\n", reassociationrequestftpskcount); if(reassociationrequestpsk256count > 0) fprintf(stdout, "REASSOCIATIONREQUEST (PSK SHA256)........: %ld\n", reassociationrequestpsk256count); if(reassociationrequestsae256count > 0) fprintf(stdout, "REASSOCIATIONREQUEST (SAE SHA256)........: %ld\n", reassociationrequestsae256count); if(reassociationrequestsae384bcount > 0)fprintf(stdout, "REASSOCIATIONREQUEST (SAE SHA384 SUITE B): %ld\n", reassociationrequestsae384bcount); @@ -738,6 +755,7 @@ if(eapolm1kdv0count > 0) fprintf(stdout, "EAPOL M1 messages (KDV:0 AKM defined)....: %ld\n", eapolm1kdv0count); if(eapolm2count > 0) fprintf(stdout, "EAPOL M2 messages (total)................: %ld\n", eapolm2count); if(eapolm2kdv0count > 0) fprintf(stdout, "EAPOL M2 messages (KDV:0 AKM defined)....: %ld\n", eapolm2kdv0count); +if(eapolm2ftpskcount > 0) fprintf(stdout, "EAPOL M2 messages (FT using PSK).........: %ld\n", eapolm2ftpskcount); if(eapolm3count > 0) fprintf(stdout, "EAPOL M3 messages (total)................: %ld\n", eapolm3count); if(eapolm3kdv0count > 0) fprintf(stdout, "EAPOL M3 messages (KDV:0 AKM defined)....: %ld\n", eapolm3kdv0count); if(eapolm4count > 0) fprintf(stdout, "EAPOL M4 messages (total)................: %ld\n", eapolm4count); @@ -745,10 +763,18 @@ if(eapolmpcount > 0) fprintf(stdout, "EAPOL pairs (total)......................: %ld\n", eapolmpcount); if(zeroedeapolpskcount > 0) fprintf(stdout, "EAPOL (from zeroed PSK)..................: %ld\n", zeroedeapolpskcount); if(zeroedeapolpmkcount > 0) fprintf(stdout, "EAPOL (from zeroed PMK)..................: %ld\n", zeroedeapolpmkcount); -if(eapolmpbestcount > 0) fprintf(stdout, "EAPOL pairs (best).......................: %ld\n", eapolmpbestcount); + +if(donotcleanflag == false) + { + if(eapolmpbestcount > 0) fprintf(stdout, "EAPOL pairs (best).......................: %ld\n", eapolmpbestcount); + } +else + { + if(eapolmpbestcount > 0) fprintf(stdout, "EAPOL pairs (useful).....................: %ld\n", eapolmpbestcount); + } if(eapolaplesscount > 0) fprintf(stdout, "EAPOL ROGUE pairs........................: %ld\n", eapolaplesscount); -if(eapolwrittencount > 0) fprintf(stdout, "EAPOL pairs written to combi hash file...: %ld (RC checked)\n", eapolwrittencount); -if(eapolncwrittencount > 0) fprintf(stdout, "EAPOL pairs written to combi hash file...: %ld (RC not checked)\n", eapolncwrittencount); +if(eapolwrittencount > 0) fprintf(stdout, "EAPOL pairs written to 22000 hash file...: %ld (RC checked)\n", eapolwrittencount); +if(eapolncwrittencount > 0) fprintf(stdout, "EAPOL pairs written to 22000 hash file...: %ld (RC not checked)\n", eapolncwrittencount); if(eapolwrittenhcpxcountdeprecated > 0) fprintf(stdout, "EAPOL pairs written to old format hccapx.: %ld (RC checked)\n", eapolwrittenhcpxcountdeprecated); if(eapolncwrittenhcpxcountdeprecated > 0) fprintf(stdout, "EAPOL pairs written to old format hccapx.: %ld (RC not checked)\n", eapolncwrittenhcpxcountdeprecated); if(eapolwrittenhcpcountdeprecated > 0) fprintf(stdout, "EAPOL pairs written to old format hccap..: %ld (RC checked)\n", eapolwrittenhcpcountdeprecated); @@ -763,9 +789,16 @@ if(pmkidcount > 0) fprintf(stdout, "PMKID (total)............................: %ld\n", pmkidcount); if(zeroedpmkidpskcount > 0) fprintf(stdout, "PMKID (from zeroed PSK)..................: %ld\n", zeroedpmkidpskcount); if(zeroedpmkidpmkcount > 0) fprintf(stdout, "PMKID (from zeroed PMK)..................: %ld\n", zeroedpmkidpmkcount); -if(pmkidbestcount > 0) fprintf(stdout, "PMKID (best).............................: %ld\n", pmkidbestcount); +if(donotcleanflag == false) + { + if(pmkidbestcount > 0) fprintf(stdout, "PMKID (best).............................: %ld\n", pmkidbestcount); + } +else + { + if(pmkidbestcount > 0) fprintf(stdout, "PMKID (useful)...........................: %ld\n", pmkidbestcount); + } if(pmkidroguecount > 0) fprintf(stdout, "PMKID ROGUE..............................: %ld\n", pmkidroguecount); -if(pmkidwrittenhcount > 0) fprintf(stdout, "PMKID written to combi hash file.........: %ld\n", pmkidwrittenhcount); +if(pmkidwrittenhcount > 0) fprintf(stdout, "PMKID written to 22000 hash file.........: %ld\n", pmkidwrittenhcount); if(pmkidwrittenjcountdeprecated > 0) fprintf(stdout, "PMKID written to old format JtR..........: %ld\n", pmkidwrittenjcountdeprecated); if(pmkidwrittencountdeprecated > 0) fprintf(stdout, "PMKID written to old format (1680x)......: %ld\n", pmkidwrittencountdeprecated); if(pcapreaderrors > 0) fprintf(stdout, "packet read error........................: %ld\n", pcapreaderrors); @@ -782,7 +815,22 @@ eapolmsgerrorcount = eapolmsgerrorcount +eapolm1errorcount +eapolm2errorcount +eapolm3errorcount +eapolm4errorcount; if(eapolmsgerrorcount > 0) fprintf(stdout, "EAPOL messages (malformed packets).......: %ld\n", eapolmsgerrorcount); -if((eapolwrittencount +eapolncwrittencount +eapolwrittenhcpxcountdeprecated +eapolncwrittenhcpxcountdeprecated +eapolwrittenhcpcountdeprecated +c = 0; +fprintf(stdout, "\nfrequency statistics from radiotap header (frequency: received packets)\n" + "-----------------------------------------------------------------------\n"); +for(p = 2400; p < 7000; p ++) + { + if(usedfrequency[p] != 0) + { + fprintf(stdout, "% 5d: %d\t", p, usedfrequency[p]); + c++; + if((c %4) == 0) fprintf(stdout, "\n"); + } + } +if(c == 0) fprintf(stdout, "not available due to missing radiotap header"); +fprintf(stdout, "\n"); + +if((eapolwrittencount +eapolncwrittencount +eapolwrittenhcpxcountdeprecated +eapolncwrittenhcpxcountdeprecated +eapolwrittenhcpcountdeprecated +eapolwrittenjcountdeprecated +pmkidwrittenhcount +pmkidwrittenjcountdeprecated +pmkidwrittencountdeprecated +eapmd5writtencount +eapmd5johnwrittencount +eapleapwrittencount +eapmschapv2writtencount +tacacspwrittencount) == 0) { @@ -824,10 +872,36 @@ "This could prevent to calculate a valid EAPOL MESSAGE PAIR\n" "or to get a valid PMKID.\n"); } - +if(ancientdumpfileformat == true) + { + fprintf(stdout, "\nInformation: limited dump file format detected!\n" + "This file format is a very basic format to save captured network data.\n" + "It is recommended to use PCAP Next Generation dump file format (or pcapng for short) instead.\n" + "The PCAP Next Generation dump file format is an attempt to overcome the limitations\n" + "of the currently widely used (but limited) libpcap (cap, pcap) format.\n" + "https://www.wireshark.org/docs/wsug_html_chunked/AppFiles.html#ChAppFilesCaptureFilesSection\n" + "https://github.com/pcapng/pcapng\n"); + } +if(radiotappresent == false) + { + fprintf(stdout, "\nInformation: radiotap header is missing!\n" + "Radiotap is a de facto standard for 802.11 frame injection and reception.\n" + "The radiotap header format is a mechanism to supply additional information about frames,\n" + "from the driver to userspace applications.\n" + "https://www.radiotap.org/\n"); + } +if(((beaconcount + proberesponsecount) == 0) && ((associationrequestcount + reassociationrequestcount) == 0)) + { + fprintf(stdout, "\nInformation: missing frames!\n" + "This dump file does not contain BEACON or PROBERESPONSE frames.\n" + "This frames contain the ESSID which is mandatory to calculate a PMK.\n" + "It always happens if the capture file was cleaned or\n" + "it could happen if filter options are used during capturing.\n" + "That makes it impossible to recover the PSK.\n"); + } if(proberequestcount == 0) { - fprintf(stdout, "\nWarning: missing frames!\n" + fprintf(stdout, "\nInformation: missing frames!\n" "This dump file does not contain undirected proberequest frames.\n" "An undirected proberequest may contain information about the PSK.\n" "It always happens if the capture file was cleaned or\n" @@ -836,7 +910,7 @@ } if((authenticationcount +associationrequestcount +reassociationrequestcount) == 0) { - fprintf(stdout, "\nWarning: missing frames!\n" + fprintf(stdout, "\nInformation: missing frames!\n" "This dump file does not contain important frames like\n" "authentication, association or reassociation.\n" "It always happens if the capture file was cleaned or\n" @@ -845,7 +919,7 @@ } if(eapolm1ancount <= 1) { - fprintf(stdout, "\nWarning: missing frames!\n" + fprintf(stdout, "\nInformation: missing frames!\n" "This dump file does not contain enough EAPOL M1 frames.\n" "It always happens if the capture file was cleaned or\n" "it could happen if filter options are used during capturing.\n" @@ -853,7 +927,7 @@ } if(malformedcount > 5) { - printf( "\nWarning: malformed packets detected!\n" + printf( "\nInformation: malformed packets detected!\n" "In monitor mode the adapter does not check to see if the cyclic redundancy check (CRC)\n" "values are correct for packets captured. The device is able to detect the Physical Layer\n" "Convergence Procedure (PLCP) preamble and is able to synchronize to it, but if there is\n" @@ -872,6 +946,7 @@ static char timestringmin[32]; static char timestringmax[32]; +radiotappresent = false; tvmin.tv_sec = timestampmin /1000000; tvmin.tv_usec = timestampmin %1000000; strftime(timestringmin, 32, "%d.%m.%Y %H:%M:%S", localtime(&tvmin.tv_sec)); @@ -887,13 +962,17 @@ { if(dltlinktype[c] == dltlinktype[c -1]) continue; } - if(dltlinktype[c] == DLT_IEEE802_11_RADIO) fprintf(stdout, "link layer header type...................: DLT_IEEE802_11_RADIO (%d)\n", dltlinktype[c]); - if(dltlinktype[c] == DLT_IEEE802_11) fprintf(stdout, "link layer header type...................: DLT_IEEE802_11 (%d) very basic format without any additional information about the quality\n", dltlinktype[c]); - if(dltlinktype[c] == DLT_PPI) fprintf(stdout, "link layer header type...................: DLT_PPI (%d)\n", dltlinktype[c]); - if(dltlinktype[c] == DLT_PRISM_HEADER) fprintf(stdout, "link layer header type...................: DLT_PRISM_HEADER (%d)\n", dltlinktype[c]); - if(dltlinktype[c] == DLT_IEEE802_11_RADIO_AVS) fprintf(stdout, "link layer header type...................: DLT_IEEE802_11_RADIO_AVS (%d)\n", dltlinktype[c]); - if(dltlinktype[c] == DLT_EN10MB) fprintf(stdout, "link layer header type...................: DLT_EN10MB (%d)\n", dltlinktype[c]); - if(dltlinktype[c] == DLT_NULL) fprintf(stdout, "link layer header type...................: DLT_NULL (BSD LO) (%d)\n", dltlinktype[c]); + if(dltlinktype[c] == DLT_IEEE802_11_RADIO) + { + fprintf(stdout, "link layer header type...................: DLT_IEEE802_11_RADIO (%d)\n", dltlinktype[c]); + radiotappresent = true; + } + else if(dltlinktype[c] == DLT_IEEE802_11) fprintf(stdout, "link layer header type...................: DLT_IEEE802_11 (%d) very basic format without any additional information about the quality\n", dltlinktype[c]); + else if(dltlinktype[c] == DLT_PPI) fprintf(stdout, "link layer header type...................: DLT_PPI (%d)\n", dltlinktype[c]); + else if(dltlinktype[c] == DLT_PRISM_HEADER) fprintf(stdout, "link layer header type...................: DLT_PRISM_HEADER (%d)\n", dltlinktype[c]); + else if(dltlinktype[c] == DLT_IEEE802_11_RADIO_AVS) fprintf(stdout, "link layer header type...................: DLT_IEEE802_11_RADIO_AVS (%d)\n", dltlinktype[c]); + else if(dltlinktype[c] == DLT_EN10MB) fprintf(stdout, "link layer header type...................: DLT_EN10MB (%d)\n", dltlinktype[c]); + else if(dltlinktype[c] == DLT_NULL) fprintf(stdout, "link layer header type...................: DLT_NULL (BSD LO) (%d)\n", dltlinktype[c]); } return; } @@ -908,7 +987,7 @@ wecl = strlen(pcapngweakcandidate); if((wecl > 0) && (wecl < 64) && (strcmp(pcapngweakcandidate, "N/A") != 0)) { - if(fh_essid != NULL) fprintf(fh_essid, "%s\n", pcapngweakcandidate); + if(fh_essid != NULL) fprintf(fh_essid, "%s\n", pcapngweakcandidate); } for(zeigermac = aplist; zeigermac < aplistptr; zeigermac++) { @@ -1148,7 +1227,7 @@ } for(zeiger = tacacsplist +1; zeiger < tacacsplistptr; zeiger++) { - if((zeigerold->sessionid == zeiger->sessionid) && (zeigerold->sequencenr == zeiger->sequencenr) && (zeigerold->len == zeiger->len) && (memcmp(zeigerold->data, zeiger->data, zeiger->len) == 0)) continue; + if((zeigerold->sessionid == zeiger->sessionid) && (zeigerold->sequencenr == zeiger->sequencenr) && (zeigerold->len == zeiger->len) && (memcmp(zeigerold->data, zeiger->data, zeiger->len) == 0)) continue; if(fh_tacacsp != NULL) { fprintf(fh_tacacsp, "$tacacs-plus$0$%08x$", zeiger->sessionid); @@ -1165,7 +1244,7 @@ { static uint32_t authlen; static tacacsp_t *tacacsp; -static tacacsplist_t *tacacsplistnew; +static tacacsplist_t *tacacsplistnew; if(restlen < (uint32_t)TACACSP_SIZE) return; tacacsp = (tacacsp_t*)tacacspptr; @@ -1217,7 +1296,7 @@ /*===========================================================================*/ static void processptppacket(uint32_t restlen, uint8_t *ptpptr) { -static ptp_t *ptp; +static ptp_t *ptp; if(restlen < (uint32_t)PTP_SIZE) return; ptp = (ptp_t*)ptpptr; @@ -1245,7 +1324,7 @@ static void processudppacket(uint64_t timestamp, uint32_t restlen, uint8_t *udpptr) { static udp_t *udp; -static uint16_t udplen; +static uint16_t udplen; if(restlen < UDP_SIZE) return; udp = (udp_t*)udpptr; @@ -1259,7 +1338,7 @@ /*===========================================================================*/ static void processtcppacket(uint64_t timestamp, uint32_t restlen, uint8_t *tcpptr) { -static uint32_t tcplen; +static uint32_t tcplen; static tcp_t *tcp; static tacacsp_t *tacacsp; @@ -1410,7 +1489,7 @@ /*===========================================================================*/ static void addeapmschapv2hash(uint8_t id, uint8_t mschapv2usernamelen, uint8_t *mschapv2username, uint8_t *mschapv2request, uint8_t *mschapv2response) { -static eapmschapv2hashlist_t *eapmschapv2hashlistnew; +static eapmschapv2hashlist_t *eapmschapv2hashlistnew; eapmschapv2hashcount++; if(eapmschapv2hashlistptr >= eapmschapv2hashlist +eapmschapv2hashlistmax) @@ -1504,7 +1583,7 @@ if(memcmp(zeiger->client, macfm, 6) != 0) continue; zeiger->mschapv2usernamelen = mschapv2usernamelen; memcpy(zeiger->mschapv2username, mschapv2usernameptr, mschapv2usernamelen); - addeapmschapv2hash(eapmschapv2->id, zeiger->mschapv2usernamelen, zeiger->mschapv2username, zeiger->mschapv2request, eapmschapv2->mschapv2data); + addeapmschapv2hash(eapmschapv2->id, zeiger->mschapv2usernamelen, zeiger->mschapv2username, zeiger->mschapv2request, eapmschapv2->mschapv2data); } qsort(eapmschapv2msglist, EAPMSCHAPV2MSGLIST_MAX +1, EAPMSCHAPV2MSGLIST_SIZE, sort_eapmschapv2msglist_by_timestamp); } @@ -1549,7 +1628,7 @@ /*===========================================================================*/ static void addeapleaphash(uint8_t id, uint8_t leapusernamelen, uint8_t *leapusername, uint8_t *leaprequest, uint8_t *leapresponse) { -static eapleaphashlist_t *eapleaphashlistnew; +static eapleaphashlist_t *eapleaphashlistnew; eapleaphashcount++; if(eapleaphashlistptr >= eapleaphashlist +eapleaphashlistmax) @@ -1594,7 +1673,7 @@ if(eapleap->leaplen != LEAPREQ_LEN_MAX) return; if(eapleap->leaplen > eapleaplen -EAPLEAP_SIZE) return; if(eapleap->leaplen == eapleaplen -EAPLEAP_SIZE) return; - if(memcmp(&zeroed32, eapleap->leapdata, LEAPREQ_LEN_MAX) == 0) return; + if(memcmp(&zeroed32, eapleap->leapdata, LEAPREQ_LEN_MAX) == 0) return; memset(zeiger, 0, EAPLEAPMSGLIST_SIZE); zeiger->timestamp = eaptimestamp; memcpy(zeiger->ap, macfm, 6); @@ -1621,7 +1700,7 @@ zeiger = eapleapmsglist +EAPLEAPMSGLIST_MAX; if(eapleap->leaplen != LEAPRESP_LEN_MAX) return; if(eapleap->leaplen > eapleaplen -EAPLEAP_SIZE) return; - if(memcmp(&zeroed32, eapleap->leapdata, LEAPRESP_LEN_MAX) == 0) return; + if(memcmp(&zeroed32, eapleap->leapdata, LEAPRESP_LEN_MAX) == 0) return; memset(zeiger, 0, EAPLEAPMSGLIST_SIZE); zeiger->timestamp = eaptimestamp; memcpy(zeiger->ap, macto, 6); @@ -1635,7 +1714,7 @@ if((zeiger->id) != eapleap->id) continue; if(memcmp(zeiger->ap, macto, 6) != 0) continue; if(memcmp(zeiger->client, macfm, 6) != 0) continue; - addeapleaphash(eapleap->id, zeiger->leapusernamelen, zeiger->leapusername, zeiger->leaprequest, eapleap->leapdata); + addeapleaphash(eapleap->id, zeiger->leapusernamelen, zeiger->leapusername, zeiger->leaprequest, eapleap->leapdata); } qsort(eapleapmsglist, EAPLEAPMSGLIST_MAX +1, EAPLEAPMSGLIST_SIZE, sort_eapleapmsglist_by_timestamp); } @@ -1700,7 +1779,7 @@ /*===========================================================================*/ static void addeapmd5hash(uint8_t id, uint8_t *challenge, uint8_t *response) { -static eapmd5hashlist_t *eapmd5hashlistnew; +static eapmd5hashlist_t *eapmd5hashlistnew; eapmd5hashcount++; if(eapmd5hashlistptr >= eapmd5hashlist +eapmd5hashlistmax) @@ -1734,7 +1813,7 @@ eapmd5len = ntohs(eapmd5->eapmd5len); if(eapmd5len != restlen) return; if(eapmd5->md5len != EAPMD5_LEN_MAX) return; -if(memcmp(&zeroed32, eapmd5->md5data, EAPMD5_LEN_MAX) == 0) return; +if(memcmp(&zeroed32, eapmd5->md5data, EAPMD5_LEN_MAX) == 0) return; if(eapcode == EAP_CODE_REQ) { zeiger = eapmd5msglist +EAPMD5MSGLIST_MAX; @@ -1763,7 +1842,7 @@ if((zeiger->id) != eapmd5->id) continue; if(memcmp(zeiger->ap, macto, 6) != 0) continue; if(memcmp(zeiger->client, macfm, 6) != 0) continue; - addeapmd5hash(eapmd5->id, zeiger->md5, eapmd5->md5data); + addeapmd5hash(eapmd5->id, zeiger->md5, eapmd5->md5data); } qsort(eapmd5msglist, EAPMD5MSGLIST_MAX +1, EAPMD5MSGLIST_SIZE, sort_eapmd5msglist_by_timestamp); } @@ -1807,7 +1886,7 @@ EVP_MD_CTX_free(mdctx); return false; } -if(EVP_DigestSignInit(mdctx, NULL, EVP_sha1(), NULL, pkey) != 1) +if(EVP_DigestSignInit(mdctx, NULL, EVP_sha1(), NULL, pkey) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); @@ -2002,7 +2081,7 @@ EVP_MD_CTX_free(mdctx); return false; } - if(EVP_DigestSignInit(mdctx, NULL, EVP_md5(), NULL, pkey) != 1) + if(EVP_DigestSignInit(mdctx, NULL, EVP_md5(), NULL, pkey) != 1) { EVP_PKEY_free(pkey); EVP_MD_CTX_free(mdctx); @@ -2216,7 +2295,7 @@ for(p = 0; p < zeigerhs->eapauthlen; p++) fprintf(fh_pmkideapol, "%02x", eapoltemp[p]); fprintf(fh_pmkideapol, "*%02x\n", zeigerhs->status); if(zeigerhs->rcgap == 0) eapolwrittencount++; - else eapolncwrittencount++; + else eapolncwrittencount++; } if((fh_pmkideapoljtrdeprecated != 0) && (zeigerhs->rcgap == 0)) { @@ -2389,7 +2468,7 @@ qsort(aplist, aplistptr -aplist, MACLIST_SIZE, sort_maclist_by_mac_count); qsort(pmkidlist, pmkidlistptr -pmkidlist, PMKIDLIST_SIZE, sort_pmkidlist_by_mac); if(ncvalue == 0) qsort(handshakelist, handshakelistptr -handshakelist, HANDSHAKELIST_SIZE, sort_handshakelist_by_timegap); -else qsort(handshakelist, handshakelistptr -handshakelist, HANDSHAKELIST_SIZE, sort_handshakelist_by_rcgap); +else qsort(handshakelist, handshakelistptr -handshakelist, HANDSHAKELIST_SIZE, sort_handshakelist_by_rcgap); zeigerhsakt = handshakelist; zeigerpmkidakt = pmkidlist; zeigermacold = aplist; @@ -2492,7 +2571,7 @@ memcpy(zeigerold->devicename, zeiger->devicename, zeiger->devicenamelen); zeigerold->devicenamelen = zeiger->devicenamelen; } - if(zeigerold->enrolleelen == 0) + if(zeigerold->enrolleelen == 0) { memcpy(zeigerold->enrollee, zeiger->enrollee, zeiger->enrolleelen); zeigerold->enrolleelen = zeiger->enrolleelen; @@ -2695,7 +2774,7 @@ static uint32_t idstrlen; eapcount++; -if(restlen < (int)EAPAUTH_SIZE) return; +if(restlen < (int)EAPAUTH_SIZE) return; eapauth = (eapauth_t*)eapptr; authlen = ntohs(eapauth->len); if(authlen > restlen) return; @@ -2829,7 +2908,7 @@ #endif if(wpatype != VT_WPA_IE) return false; zeiger->kdversion |= KV_WPAIE; -gsuiteptr = (suite_t*)ieptr; +gsuiteptr = (suite_t*)ieptr; if(memcmp(gsuiteptr->oui, &ouimscorp, 3) == 0) { if(gsuiteptr->type == CS_WEP40) zeiger->groupcipher |= TCS_WEP40; @@ -2857,7 +2936,7 @@ } for(c = 0; c < csuitecount; c++) { - csuiteptr = (suite_t*)ieptr; + csuiteptr = (suite_t*)ieptr; if(memcmp(csuiteptr->oui, &ouimscorp, 3) == 0) { if(csuiteptr->type == CS_WEP40) zeiger->cipher |= TCS_WEP40; @@ -2888,7 +2967,7 @@ } for(c = 0; c < asuitecount; c++) { - asuiteptr = (suite_t*)ieptr; + asuiteptr = (suite_t*)ieptr; if(memcmp(asuiteptr->oui, &ouimscorp, 3) == 0) { if(asuiteptr->type == AK_PMKSA) zeiger->akm |= TAK_PMKSA; @@ -2955,7 +3034,7 @@ static suitecount_t *asuitecountptr; static suite_t *asuiteptr; static int asuitecount; -static rsnpmkidlist_t *rsnpmkidlistptr; +static rsnpmkidlist_t *rsnpmkidlistptr; static int rsnpmkidcount; static const uint8_t foxtrott[4] = { 0xff, 0xff, 0xff, 0xff }; @@ -2970,13 +3049,14 @@ zeiger->kdversion |= KV_RSNIE; rsnlen -= RSNIE_SIZE; ieptr += RSNIE_SIZE; -gsuiteptr = (suite_t*)ieptr; +gsuiteptr = (suite_t*)ieptr; if(memcmp(gsuiteptr->oui, &suiteoui, 3) == 0) { if(gsuiteptr->type == CS_WEP40) zeiger->groupcipher |= TCS_WEP40; if(gsuiteptr->type == CS_TKIP) zeiger->groupcipher |= TCS_TKIP; if(gsuiteptr->type == CS_WRAP) zeiger->groupcipher |= TCS_WRAP; if(gsuiteptr->type == CS_CCMP) zeiger->groupcipher |= TCS_CCMP; + if(gsuiteptr->type == CS_GCMP) zeiger->groupcipher |= TCS_GCMP; if(gsuiteptr->type == CS_WEP104) zeiger->groupcipher |= TCS_WEP104; if(gsuiteptr->type == CS_BIP) zeiger->groupcipher |= TCS_BIP; if(gsuiteptr->type == CS_NOT_ALLOWED) zeiger->groupcipher |= TCS_NOT_ALLOWED; @@ -2998,13 +3078,14 @@ } for(c = 0; c < csuitecount; c++) { - csuiteptr = (suite_t*)ieptr; + csuiteptr = (suite_t*)ieptr; if(memcmp(csuiteptr->oui, &suiteoui, 3) == 0) { if(csuiteptr->type == CS_WEP40) zeiger->cipher |= TCS_WEP40; if(csuiteptr->type == CS_TKIP) zeiger->cipher |= TCS_TKIP; if(csuiteptr->type == CS_WRAP) zeiger->cipher |= TCS_WRAP; if(csuiteptr->type == CS_CCMP) zeiger->cipher |= TCS_CCMP; + if(csuiteptr->type == CS_GCMP) zeiger->cipher |= TCS_GCMP; if(csuiteptr->type == CS_WEP104) zeiger->cipher |= TCS_WEP104; if(csuiteptr->type == CS_BIP) zeiger->cipher |= TCS_BIP; if(csuiteptr->type == CS_NOT_ALLOWED) zeiger->cipher |= TCS_NOT_ALLOWED; @@ -3029,7 +3110,7 @@ } for(c = 0; c < asuitecount; c++) { - asuiteptr = (suite_t*)ieptr; + asuiteptr = (suite_t*)ieptr; if(memcmp(asuiteptr->oui, &suiteoui, 3) == 0) { if(asuiteptr->type == AK_PMKSA) zeiger->akm |= TAK_PMKSA; @@ -3052,7 +3133,7 @@ rsnlen -= RSNCAPABILITIES_SIZE; ieptr += RSNCAPABILITIES_SIZE; if(rsnlen <= 0) return true; -rsnpmkidlistptr = (rsnpmkidlist_t*)ieptr; +rsnpmkidlistptr = (rsnpmkidlist_t*)ieptr; #ifndef BIG_ENDIAN_HOST rsnpmkidcount = rsnpmkidlistptr->count; #else @@ -3234,8 +3315,8 @@ return; } if(memcmp(&zeroed32, wpak->nonce, 32) == 0) return; -if((memcmp(&fakenonce1, wpak->nonce, 32) == 0) && (rc == 17)) return; -if((memcmp(&fakenonce2, wpak->nonce, 32) == 0) && (rc == 17)) return; +if((memcmp(&fakenonce1, wpak->nonce, 32) == 0) && (rc == 17)) return; +if((memcmp(&fakenonce2, wpak->nonce, 32) == 0) && (rc == 17)) return; zeiger = messagelist +MESSAGELIST_MAX; memset(zeiger, 0, MESSAGELIST_SIZE); zeiger->timestamp = eaptimestamp; @@ -3260,7 +3341,7 @@ if(eaptimestamp > zeiger->timestamp) eaptimegap = eaptimestamp -zeiger->timestamp; else eaptimegap = zeiger->timestamp -eaptimestamp; mpfield = ST_M34E4; - if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap; + if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap; if(eaptimegap <= eapoltimeoutvalue) addhandshake(eaptimegap, rcgap, messagelist +MESSAGELIST_MAX, zeiger, keyver, mpfield); } if((zeiger->message &HS_M1) != HS_M1) continue; @@ -3280,7 +3361,7 @@ { if(zeiger->rc == myaktreplaycount) continue; } - if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap; + if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap; if(eaptimegap <= eapoltimeoutvalue) addhandshake(eaptimegap, rcgap, messagelist +MESSAGELIST_MAX, zeiger, keyver, mpfield); } qsort(messagelist, MESSAGELIST_MAX +1, MESSAGELIST_SIZE, sort_messagelist_by_epcount); @@ -3395,7 +3476,7 @@ { if(zeiger->rc == myaktreplaycount) continue; } - if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap; + if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap; if(eaptimegap <= eapoltimeoutvalue) addhandshake(eaptimegap, rcgap, zeiger, messagelist +MESSAGELIST_MAX, keyver, mpfield); } if((zeiger->message &HS_M4) != HS_M4) continue; @@ -3412,7 +3493,7 @@ { if(zeiger->rc == myaktreplaycount) continue; } - if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap; + if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap; if(eaptimegap <= eapoltimeoutvalue) addhandshake(eaptimegap, rcgap, zeiger, messagelist +MESSAGELIST_MAX, keyver, mpfield); } qsort(messagelist, MESSAGELIST_MAX +1, MESSAGELIST_SIZE, sort_messagelist_by_epcount); @@ -3432,7 +3513,7 @@ static uint64_t rc; static uint64_t rcgap; static uint8_t mpfield; -static int infolen; +static uint16_t wpainfolen; static tags_t tags; static const uint8_t foxtrott[4] = { 0xff, 0xff, 0xff, 0xff }; @@ -3451,7 +3532,8 @@ eapolm2kdv0count++; return; } -if(ntohs(wpak->wpadatalen) > (restlen -EAPAUTH_SIZE -WPAKEY_SIZE)) +wpainfolen = ntohs(wpak->wpadatalen); +if(wpainfolen > (restlen -EAPAUTH_SIZE -WPAKEY_SIZE)) { if(fh_log != NULL) fprintf(fh_log, "EAPOL M2 wpa data len > eap authentication len: %ld\n", rawpacketcount); eapolm2errorcount++; @@ -3502,8 +3584,8 @@ eapolm2errorcount++; return; } -if((memcmp(&fakenonce1, wpak->nonce, 32) == 0) && (rc == 17)) return; -if((memcmp(&fakenonce2, wpak->nonce, 32) == 0) && (rc == 17)) return; +if((memcmp(&fakenonce1, wpak->nonce, 32) == 0) && (rc == 17)) return; +if((memcmp(&fakenonce2, wpak->nonce, 32) == 0) && (rc == 17)) return; zeiger = messagelist +MESSAGELIST_MAX; memset(zeiger, 0, MESSAGELIST_SIZE); zeiger->timestamp = eaptimestamp; @@ -3515,10 +3597,10 @@ memcpy(zeiger->nonce, wpak->nonce, 32); zeiger->eapauthlen = authlen +EAPAUTH_SIZE; memcpy(zeiger->eapol, eapauthptr, zeiger->eapauthlen); -infolen = ntohs(wpak->wpadatalen); -if(infolen >= RSNIE_LEN_MIN) +if(wpainfolen >= RSNIE_LEN_MIN) { - if(gettags(infolen, wpakptr +WPAKEY_SIZE, &tags) == false) return; + if(gettags(wpainfolen, wpakptr +WPAKEY_SIZE, &tags) == false) return; + if((tags.akm &TAK_FT_PSK) == TAK_FT_PSK) eapolm2ftpskcount++; if(((tags.akm &TAK_PSK) != TAK_PSK) && ((tags.akm &TAK_PSKSHA256) != TAK_PSKSHA256)) { if(ignoreieflag == false) return; @@ -3555,7 +3637,7 @@ } if(rcgap != 0) continue; } - if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap; + if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap; if(eaptimegap <= eapoltimeoutvalue) addhandshake(eaptimegap, rcgap, messagelist +MESSAGELIST_MAX, zeiger, keyver, mpfield); } if((zeiger->message &HS_M3) != HS_M3) continue; @@ -3580,7 +3662,7 @@ } if(rcgap != 0) continue; } - if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap; + if(eaptimegap > eaptimegapmax) eaptimegapmax = eaptimegap; if(eaptimegap <= eapoltimeoutvalue) addhandshake(eaptimegap, rcgap, messagelist +MESSAGELIST_MAX, zeiger, keyver, mpfield); } qsort(messagelist, MESSAGELIST_MAX +1, MESSAGELIST_SIZE, sort_messagelist_by_epcount); @@ -3637,8 +3719,8 @@ eapolm1errorcount++; return; } -if((memcmp(&fakenonce1, wpak->nonce, 32) == 0) && (rc == 17)) return; -if((memcmp(&fakenonce2, wpak->nonce, 32) == 0) && (rc == 17)) return; +if((memcmp(&fakenonce1, wpak->nonce, 32) == 0) && (rc == 17)) return; +if((memcmp(&fakenonce2, wpak->nonce, 32) == 0) && (rc == 17)) return; zeiger = messagelist +MESSAGELIST_MAX; memset(zeiger, 0, MESSAGELIST_SIZE); zeiger->timestamp = eaptimestamp; @@ -3649,7 +3731,7 @@ zeiger->rc = rc; memcpy(zeiger->nonce, wpak->nonce, 32); -if((zeiger->rc == myaktreplaycount) && (memcmp(&myaktanonce, zeiger->nonce, 32) == 0)) +if((zeiger->rc == myaktreplaycount) && (memcmp(&myaktanonce, zeiger->nonce, 32) == 0)) { zeiger->status |= ST_APLESS; eapolm1ancount++; @@ -3767,7 +3849,7 @@ static eapauth_t *eapauth; eapauth = (eapauth_t*)eapptr; -if(restlen < (int)EAPAUTH_SIZE) return; +if(restlen < (int)EAPAUTH_SIZE) return; if(eapauth->type == EAPOL_KEY) { process80211eapol(eaptimestamp, macto, macfm, macsrc, restlen, eapptr); @@ -3829,7 +3911,7 @@ memcpy(zeiger->devicename, aplistptr->devicename, aplistptr->devicenamelen); zeiger->devicenamelen = aplistptr->devicenamelen; } - if(zeiger->enrolleelen == 0) + if(zeiger->enrolleelen == 0) { memcpy(zeiger->enrollee, aplistptr->enrollee, aplistptr->enrolleelen); zeiger->enrolleelen = aplistptr->enrolleelen; @@ -3884,11 +3966,14 @@ { if(memcmp(&zeroed32, tags.pmkid, 16) != 0) addpmkid(macclient, macap, tags.pmkid); } -if((tags.akm &TAK_PSK) == TAK_PSK) reassociationrequestpskcount++; -else if((tags.akm &TAK_PSKSHA256) == TAK_PSKSHA256) reassociationrequestpsk256count++; -else if((tags.akm &TAK_SAE_SHA256) == TAK_SAE_SHA256) reassociationrequestsae256count++; -else if((tags.akm &TAK_SAE_SHA384B) == TAK_SAE_SHA384B) reassociationrequestsae384bcount++; -else if((tags.akm &TAK_OWE) == TAK_OWE) reassociationrequestowecount++; +else if((tags.akm &TAK_FT_PSK) == TAK_FT_PSK) reassociationrequestftpskcount++; + +if((tags.akm &TAK_PSK) == TAK_PSK) reassociationrequestpskcount++; +else if((tags.akm &TAK_FT_PSK) == TAK_FT_PSK) reassociationrequestftpskcount++; +else if((tags.akm &TAK_PSKSHA256) == TAK_PSKSHA256) reassociationrequestpsk256count++; +else if((tags.akm &TAK_SAE_SHA256) == TAK_SAE_SHA256) reassociationrequestsae256count++; +else if((tags.akm &TAK_SAE_SHA384B) == TAK_SAE_SHA384B) reassociationrequestsae384bcount++; +else if((tags.akm &TAK_OWE) == TAK_OWE) reassociationrequestowecount++; if(cleanbackmac() == false) aplistptr++; if(aplistptr >= aplist +maclistmax) { @@ -3963,11 +4048,12 @@ { if(memcmp(&zeroed32, tags.pmkid, 16) != 0) addpmkid(macclient, macap, tags.pmkid); } -if((tags.akm &TAK_PSK) == TAK_PSK) associationrequestpskcount++; -else if((tags.akm &TAK_PSKSHA256) == TAK_PSKSHA256) associationrequestpsk256count++; -else if((tags.akm &TAK_SAE_SHA256) == TAK_SAE_SHA256) associationrequestsae256count++; -else if((tags.akm &TAK_SAE_SHA384B) == TAK_SAE_SHA384B) associationrequestsae384bcount++; -else if((tags.akm &TAK_OWE) == TAK_OWE) associationrequestowecount++; +if((tags.akm &TAK_PSK) == TAK_PSK) associationrequestpskcount++; +else if((tags.akm &TAK_FT_PSK) == TAK_FT_PSK) associationrequestftpskcount++; +else if((tags.akm &TAK_PSKSHA256) == TAK_PSKSHA256) associationrequestpsk256count++; +else if((tags.akm &TAK_SAE_SHA256) == TAK_SAE_SHA256) associationrequestsae256count++; +else if((tags.akm &TAK_SAE_SHA384B) == TAK_SAE_SHA384B) associationrequestsae384bcount++; +else if((tags.akm &TAK_OWE) == TAK_OWE) associationrequestowecount++; if(cleanbackmac() == false) aplistptr++; if(aplistptr >= aplist +maclistmax) { @@ -4079,7 +4165,7 @@ proberequestcount++; if(proberequestlen < (int)IETAG_SIZE) return; -if(gettags(proberequestlen, proberequestptr, &tags) == false) return; +if(gettags(proberequestlen, proberequestptr, &tags) == false) return; if(tags.essidlen == 0) return; if(tags.essid[0] == 0) return; if(aplistptr >= aplist +maclistmax) @@ -4298,7 +4384,7 @@ packetlen -= (int)ACTIONMEASUREMENTFRAME_SIZE; packetptr += (int)ACTIONMEASUREMENTFRAME_SIZE; if(packetlen < (int)IETAG_SIZE) return; -if(gettags(packetlen, packetptr, &tags) == false) return; +if(gettags(packetlen, packetptr, &tags) == false) return; if(tags.essidlen == 0) return; if(tags.essid[0] == 0) return; if(aplistptr >= aplist +maclistmax) @@ -4466,8 +4552,8 @@ static uint16_t pf; static rth_t *rth; static uint32_t *pp; -static uint16_t frequency; +frequency = 0; rth = (rth_t*)capptr; pf = RTH_SIZE; if((rth->it_present & IEEE80211_RADIOTAP_DBM_ANTSIGNAL) != IEEE80211_RADIOTAP_DBM_ANTSIGNAL) return; @@ -4489,14 +4575,15 @@ if((rth->it_present & IEEE80211_RADIOTAP_CHANNEL) == IEEE80211_RADIOTAP_CHANNEL) { if(pf > caplen) return; - if((pf %2) != 0) pf += 1; + if((pf %2) != 0) pf += 1; frequency = (capptr[pf +1] << 8) + capptr[pf]; + usedfrequency[frequency] += 1; if((frequency >= 2407) && (frequency <= 2474)) { interfacechannel = (frequency -2407)/5; band24count++; } - else if((frequency >= 2481) && (frequency <= 2487)) + else if((frequency >= 2481) && (frequency <= 2487)) { interfacechannel = (frequency -2412)/5; band24count++; @@ -4513,9 +4600,9 @@ } pf += 4; } -if((rth->it_present & IEEE80211_RADIOTAP_FHSS) == IEEE80211_RADIOTAP_FHSS) +if((rth->it_present & IEEE80211_RADIOTAP_FHSS) == IEEE80211_RADIOTAP_FHSS) { - if((pf %2) != 0) pf += 1; + if((pf %2) != 0) pf += 1; pf += 2; } if((rth->it_present & IEEE80211_RADIOTAP_DBM_ANTSIGNAL) == IEEE80211_RADIOTAP_DBM_ANTSIGNAL) @@ -4751,6 +4838,7 @@ static uint64_t timestampcap; static uint8_t packet[MAXPACPSNAPLEN]; +ancientdumpfileformat = true; fprintf(stdout, "%s %s reading from %s...\n", basename(eigenname), VERSION_TAG, basename(pcapinname)); iface = 1; res = read(fd, &pcapfhdr, PCAPHDR_SIZE); @@ -4806,7 +4894,7 @@ { pcapreaderrors++; fprintf(stdout, "detected oversized snaplen (%d)\n", pcapfhdr.snaplen); - if(fh_log != NULL) fprintf(fh_log, "detected oversized snaplen (%d): %d\n", pcapfhdr.snaplen, pcapfhdr.version_minor); + if(fh_log != NULL) fprintf(fh_log, "detected oversized snaplen (%d): %d\n", pcapfhdr.snaplen, pcapfhdr.version_minor); } while(1) @@ -4874,7 +4962,7 @@ fprintf(stdout, "\nsummary capture file\n" "--------------------\n" "file name................................: %s\n" - "version (pcap/cap).......................: %d.%d (very basic format without any additional information)\n" + "version (pcap/cap).......................: %d.%d (very basic format without any additional information)\n" , basename(pcaporgname), versionmajor, versionminor ); @@ -4912,7 +5000,7 @@ if(option->option_code == SHB_EOC) return 0; padding = 0; if(option->option_length > OPTIONLEN_MAX) return option->option_length; - if((option->option_length %4)) padding = 4 -(option->option_length %4); + if((option->option_length %4)) padding = 4 -(option->option_length %4); if(option->option_code == SHB_HARDWARE) { if(option->option_length < OPTIONLEN_MAX) @@ -5060,6 +5148,7 @@ static uint8_t pcpngblock[2 *MAXPACPSNAPLEN]; static uint8_t packet[MAXPACPSNAPLEN]; +ancientdumpfileformat = false; fprintf(stdout, "%s %s reading from %s...\n", basename(eigenname), VERSION_TAG, basename(pcapinname)); iface = 0; nmealen = 0; @@ -5108,7 +5197,7 @@ } pcapngbh = (block_header_t*)pcpngblock; blocktype = pcapngbh->block_type; - blocklen = pcapngbh->total_length; + blocklen = pcapngbh->total_length; blockmagic = pcapngbh->byte_order_magic; #ifdef BIG_ENDIAN_HOST blocktype = byte_swap_32(blocktype); @@ -5343,7 +5432,7 @@ "weak candidate...........................: %s\n" "MAC ACCESS POINT.........................: %02x%02x%02x%02x%02x%02x (incremented on every new client)\n" "MAC CLIENT...............................: %02x%02x%02x%02x%02x%02x\n" - "REPLAYCOUNT..............................: %" PRIu64 "\n" + "REPLAYCOUNT..............................: %" PRIu64 "\n" "ANONCE...................................: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n" "SNONCE...................................: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n" , basename(pcaporgname), versionmajor, versionminor, @@ -5391,6 +5480,8 @@ #endif pcapnameptr = pcapinname; #ifdef WANTZLIB +ancientdumpfileformat = false; +radiotappresent = false; if(testgzipfile(pcapinname) == true) { memset(&tmpoutname, 0, PATH_MAX); diff -Nru hcxtools-6.2.5/hcxpsktool.c hcxtools-6.2.7/hcxpsktool.c --- hcxtools-6.2.5/hcxpsktool.c 2021-12-01 14:17:49.000000000 +0000 +++ hcxtools-6.2.7/hcxpsktool.c 2022-04-26 14:38:44.000000000 +0000 @@ -32,6 +32,7 @@ static unsigned int thisyear; static bool airtelflag; +static bool alticeoptimumflag; static bool spectrumflag; static bool digit10flag; static bool easyboxflag; @@ -39,8 +40,8 @@ static bool egnflag; static bool eudateflag; static bool hb5flag; -static bool netgearflag; static bool maconlyflag; +static bool netgearflag; static bool noessidcombinationflag; static bool phomeflag; static bool podaflag; @@ -49,6 +50,7 @@ static bool usdateflag; static bool weakpassflag; static bool wpskeysflag; +static bool znidflag; uint8_t essidglen; /*===========================================================================*/ @@ -185,7 +187,7 @@ "icy", "imaginary", "jagged", "jolly", "joyous", "kind", -"large", "little", "lively", "lucky", +"large", "little", "lively", "lucky", "lunar", "magical", "manic", "melodic", "mighty", "misty", "modern", "narrow", "new", "nifty", "noisy", "odd", "orange", @@ -207,8 +209,8 @@ "airplane", "apple", "balloon", "banana", "bay", "berry", "bird", "boat", "bolt", "box", "brain", "breeze", "bug", "butter", -"canoe", "car", "carrot", "cartoon", "cello", "chair", "cheese", "coconut", -"comet", "cream", "curtain", +"canary", "canoe", "car", "carrot", "cartoon", "cello", "chair", "cheese", +"coconut", "comet", "cream", "curtain", "daisy", "diamond", "domain", "earth", "ecasa", "elephant", "finch", "fire", "fish", "flamingo", "flower", "flute", @@ -304,7 +306,7 @@ "direct", "dizzy", "domain", "due", "dusty", "duty", "dynamic", "each", "eager", "eagle", "easy", "elated", "elegant", "empty", "energy", "engine", "entire", "epic", "errand", "even", "exact", "excited", "exotic", "fair", -"famous", "fancy", "farmer", "fast", "fearless", "festive", "Festive", "finish", +"famous", "fancy", "farmer", "fast", "fearless", "festive", "few", "finish", "first", "fit", "fluent", "fluffy", "formal", "free", "fresh", "friend", "front", "funny", "furry", "future", "fuzzy", "gallon", "genius", "gentle", "giddy", "gifted", "global", "gold", "goofy", "grain", "grand", "great", @@ -317,72 +319,75 @@ "long", "lost", "lotus", "loud", "loyal", "lucky", "magical", "major", "manic", "many", "marble", "market", "master", "mellow", "melodic", "middle", "mighty", "minute", "mirror", "misty", "mobile", "modern", "month", "much", -"museum", "narrow", "nature", "nearby", "neat", "nest", "new", "nice", -"nifty", "nine", "noble", "noisy", "normal", "north", "oasis", "object", -"ocean", "odd", "olive", "open", "orange", "oxygen", "palm", "parade", -"past", "pastel", "patron", "perfect", "phobic", "phone", "pink", "plain", -"plane", "pledge", "pocket", "polite", "praise", "precious", "prior", "prize", -"proper", "prose", "proud", "purple", "quaint", "quick", "quiet", "quote", -"rain", "rainy", "rapid", "rare", "ready", "reason", "red", "remedy", -"review", "reward", "rich", "rocket", "rocky", "round", "royal", "runner", -"rustic", "safety", "salt", "salute", "scary", "scout", "select", "shelf", -"shiny", "short", "silent", "silky", "silly", "silver", "sleepy", "slow", -"small", "smart", "smiley", "smiling", "smooth", "soccer", "some", "space", -"spare", "square", "stable", "statue", "stealth", "stock", "street", "strict", -"strong", "studio", "such", "sudden", "summit", "sunny", "super", "sweet", -"swift", "tablet", "tall", "teal", "terrific", "theory", "thick", "thirsty", -"this", "tight", "timber", "tiny", "town", "turtle", "uneven", "union", -"unique", "unite", "unusual", "upset", "urban", "useful", "usual", "valley", -"vanilla", "vast", "verse", "violet", "violin", "voyage", "wagon", "walnut", -"warm", "watch", "watery", "weekly", "west", "wide", "windy", "wine", -"witty", "wonderful", "wooden", "writer", "yacht", "yard", "year", "yellow", -"young", "zany", "zeal", "zebra", "zone" +"museum", "narrow", "nature", "nearby", "neat", "nest", "new", "nifty", +"nine", "noble", "noisy", "normal", "north", "oasis", "object", "ocean", +"odd", "olive", "open", "orange", "oxygen", "palm", "parade", "past", +"pastel", "patron", "perfect", "phobic", "phone", "pink", "plain", "plane", +"pledge", "pocket", "polite", "praise", "precious", "prior", "prize", "proper", +"prose", "proud", "purple", "quaint", "quick", "quiet", "quote", "rain", +"rainy", "rapid", "rare", "ready", "reason", "red", "remedy", "review", +"reward", "rich", "rocket", "rocky", "round", "royal", "runner", "rustic", +"safety", "salt", "salute", "scary", "scout", "select", "shelf", "shiny", +"short", "silent", "silky", "silly", "silver", "sleepy", "slow", "small", +"smart", "smiley", "smiling", "smooth", "soccer", "some", "space", "spare", +"square", "stable", "statue", "stealth", "stock", "street", "strict", "strong", +"studio", "such", "sudden", "summit", "sunny", "super", "sweet", "swift", +"tablet", "tall", "teal", "terrific", "theory", "thick", "thirsty", "this", +"tight", "timber", "tiny", "town", "turtle", "uneven", "union", "unique", +"unite", "unusual", "upset", "urban", "useful", "usual", "valley", "vanilla", +"vast", "verse", "violet", "violin", "voyage", "wagon", "walnut", "warm", +"watch", "watery", "weekly", "west", "wide", "windy", "wine", "witty", +"wonderful", "wooden", "writer", "yacht", "yard", "year", "yellow", "young", +"zany", "zeal", "zebra", "zone" }; static const char *secondword[] = { -"acre", "actor", "ad", "advice", "agency", "airplane", "album", "anchor", -"apple", "area", "author", "ave", "bakery", "ball", "balloon", "banana", -"barrel", "basket", "beach", "bear", "bench", "berry", "bike", "bird", -"board", "boat", "bolt", "book", "boot", "botany", "box", "brain", -"bread", "breeze", "bridge", "bubble", "bug", "bunny", "bus", "butter", -"camera", "canoe", "car", "carrot", "cartoon", "cello", "chair", "check", -"cheek", "cheese", "chorus", "city", "clerk", "clock", "coat", "coconut", -"coffee", "comet", "cosmic", "country", "cow", "cream", "crown", "curtain", -"daisy", "data", "dealer", "deer", "degree", "desert", "desk", "diamond", -"dinner", "dirt", "dog", "doll", "domain", "duty", "eagle", "earth", -"effort", "energy", "engine", "epic", "errand", "error", "estate", "famous", -"farmer", "field", "finch", "finish", "fire", "fish", "flower", "fluent", -"flute", "formal", "fox", "friend", "gadfly", "gallon", "garden", "gate", -"genius", "giant", "global", "grain", "guitar", "guppy", "hair", "hall", -"hand", "harbor", "hat", "height", "hill", "hippo", "hockey", "home", -"honor", "horse", "hotel", "house", "idea", "immune", "ink", "input", -"invent", "iris", "island", "jacket", "jade", "jazz", "jeans", "jet", -"jewel", "judge", "jungle", "kayak", "kettle", "key", "kite", "knight", -"ladder", "lake", "law", "lawn", "leader", "lemon", "light", "lion", -"lotus", "loyal", "major", "mango", "marble", "market", "menu", "mesa", -"method", "mint", "mirror", "mobile", "month", "moon", "mud", "museum", -"nature", "nest", "noble", "north", "oasis", "object", "oboe", "ocean", -"octopus", "onion", "orange", "outlet", "owl", "owner", "oxygen", "palm", -"panda", "pant", "paper", "parade", "park", "patron", "peach", "pear", -"pencil", "people", "phoenix", "phone", "piano", "pizza", "place", "planet", -"pledge", "plum", "pocket", "poem", "poet", "poetry", "pond", "poodle", -"potato", "prairie", "praise", "prose", "puppy", "quail", "quaint", "quick", -"quote", "rabbit", "raccoon", "raft", "rain", "raven", "reason", "remedy", -"review", "reward", "river", "road", "robin", "rock", "rocket", "role", -"rose", "rosebud", "runner", "safety", "salute", "scout", "sea", "seed", -"series", "shark", "sheep", "shelf", "ship", "shoe", "shrub", "skates", -"sky", "sled", "snail", "snake", "soccer", "socks", "sofa", "space", -"spark", "sparrow", "spider", "spoon", "squash", "squirrel", "stable", "star", -"state", "statue", "storm", "stove", "straw", "street", "studio", "study", -"summit", "sun", "table", "tablet", "tea", "teapot", "teen", "tent", -"theory", "tiger", "timber", "tomato", "tooth", "topic", "town", "trail", -"train", "tree", "truck", "trumpet", "truth", "tuba", "tulip", "turkey", -"turtle", "two", "unicorn", "union", "unit", "unite", "urban", "useful", -"valley", "vase", "verse", "violet", "violin", "volume", "voyage", "wagon", -"walnut", "watch", "wate", "water", "wealth", "week", "west", "whale", -"wind", "window", "windy", "wolf", "world", "writer", "yacht", "yard", -"year", "zeal", "zebra", "zone", "zoo" +"acre", "actor", "ad", "advice", "agency", "air", "airplane", "album", +"anchor", "apple", "area", "aspect", "author", "ave", "bakery", "ball", +"balloon", "banana", "barrel", "basket", "beach", "bead", "bear", "bench", +"berry", "bike", "bird", "board", "boat", "bolt", "bonus", "book", +"boot", "botany", "box", "brain", "bread", "breeze", "bridge", "bubble", +"bug", "bunny", "bus", "butter", "camera", "canoe", "car", "carrot", +"cartoon", "cello", "chair", "check", "cheek", "cheese", "chorus", "city", +"clerk", "clock", "coat", "coconut", "coffee", "comet", "cookie", "cosmic", +"country", "county", "cow", "cream", "crown", "curtain", "daisy", "data", +"dealer", "deer", "degree", "desert", "desk", "diamond", "dinner", "dirt", +"dog", "doll", "domain", "drama", "duty", "eagle", "ear", "earth", +"editor", "effort", "energy", "engine", "epic", "errand", "error", "estate", +"extent", "famous", "farmer", "field", "finch", "finish", "fire", "fish", +"flower", "fluent", "flute", "form", "formal", "fox", "friend", "gadfly", +"gallon", "garden", "gate", "genius", "giant", "global", "grain", "guitar", +"guppy", "hair", "hall", "hand", "harbor", "hat", "height", "hill", +"hippo", "hockey", "home", "honor", "horse", "hotel", "house", "idea", +"idol", "immune", "income", "ink", "input", "invent", "iris", "island", +"jacket", "jade", "jazz", "jeans", "jet", "jewel", "judge", "jungle", +"kayak", "kettle", "key", "kite", "knight", "ladder", "lake", "law", +"lawn", "leader", "lemon", "length", "light", "lion", "lotus", "loyal", +"major", "mango", "marble", "market", "math", "menu", "mesa", "method", +"mint", "mirror", "mobile", "month", "moon", "mud", "museum", "music", +"nation", "nature", "nest", "noble", "north", "oasis", "object", "oboe", +"ocean", "octopus", "onion", "orange", "outlet", "owl", "owner", "oxygen", +"palm", "panda", "pant", "paper", "parade", "park", "patron", "peach", +"pear", "pencil", "people", "phoenix", "phone", "piano", "pizza", "place", +"planet", "player", "pledge", "plum", "pocket", "poem", "poet", "poetry", +"pond", "poodle", "potato", "prairie", "praise", "prose", "puppy", "quail", +"quaint", "quick", "quote", "rabbit", "raccoon", "raft", "rain", "raven", +"reason", "remedy", "review", "reward", "river", "road", "robin", "rock", +"rocket", "role", "rose", "rosebud", "runner", "safety", "salute", "scout", +"sea", "seed", "series", "shark", "sheep", "shelf", "ship", "shoe", +"shrub", "singer", "skates", "sky", "sled", "snail", "snake", "soccer", +"socks", "sofa", "space", "spark", "sparrow", "spider", "spoon", "squash", +"squirrel", "stable", "star", "state", "statue", "storm", "stove", "straw", +"street", "studio", "study", "summit", "sun", "table", "tablet", "tea", +"teapot", "teen", "tent", "theory", "tiger", "timber", "tomato", "tooth", +"topic", "town", "trail", "train", "tree", "truck", "trumpet", "truth", +"tuba", "tulip", "turkey", "turtle", "two", "unicorn", "union", "unit", +"unite", "urban", "useful", "valley", "value", "vase", "verse", "video", +"violet", "violin", "volume", "voyage", "wagon", "walnut", "watch", "water", +"wealth", "week", "west", "whale", "wind", "window", "windy", "wolf", +"world", "writer", "yacht", "yard", "year", "youth", "zeal", "zebra", +"zone", "zoo" }; for(ca = 0; ca < (sizeof(firstword) / sizeof(char *)); ca++) @@ -740,6 +745,122 @@ return; } /*===========================================================================*/ +/* source: soxrok2212, https://github.com/soxrok2212/PSKracker/tree/master/dicts/altice-optimum */ +static void keywritealticeoptimum(FILE *fhout) +{ +static unsigned int w, i, j; // w1 + +static const char *word[] = +{ +"amber", "aqua", +"brick", "bronze", "burgundy", +"chestnut", "cobalt", "copper", "coral", "cordovan", "crimson", "cyan", +"emerald", +"garnet", "gold", "green", "grey", +"indigo", +"lavender", "lemon", +"magenta", +"olive", "orchid", +"peach", "periwinkle", "pewter", "plum", "purple", +"rose", +"sage", "sepia", "silver", +"teal", "turquoise" +}; + +for (w = 0; w < (sizeof(word) / sizeof(char *)); w++ ) + { + for (i = 0; i < 10000; i++) + { + for (j = 0; j < 10000; j++) + { + // 2-2 test + /* + if (i < 100 && j < 100) + { + fprintf(fhout, "%s-%02d-%02d\n", word[w], i, j); + fprintf(fhout, "%02d-%s-%02d\n", i, word[w], j); + fprintf(fhout, "%02d-%02d-%s\n", i, j, word[w]); + } + */ + // 2-3 test + /* + if (i < 100 && j < 1000) + { + fprintf(fhout, "%s-%02d-%03d\n", word[w], i, j); + fprintf(fhout, "%02d-%s-%03d\n", i, word[w], j); + fprintf(fhout, "%02d-%03d-%s\n", i, j, word[w]); + } + */ + // 2-4 + if (i < 100 && j < 10000) + { + //fprintf(fhout, "%s-%02d-%04d\n", word[w], i, j); // test + fprintf(fhout, "%02d-%s-%04d\n", i, word[w], j); + //fprintf(fhout, "%02d-%04d-%s\n", i, j, word[w]); // test + } + // 3-2 test + /* + if (i < 1000 && j < 100) + { + fprintf(fhout, "%s-%03d-%02d\n", word[w], i, j); + fprintf(fhout, "%03d-%s-%02d\n", i, word[w], j); + fprintf(fhout, "%03d-%02d-%s\n", i, j, word[w]); + } + */ + // 3-3 + if (i < 1000 && j < 1000) + { + fprintf(fhout, "%s-%03d-%03d\n", word[w], i, j); + fprintf(fhout, "%03d-%s-%03d\n", i, word[w], j); + fprintf(fhout, "%03d-%03d-%s\n", i, j, word[w]); + } + // 4-2 + if (i < 10000 && j < 100) + { + fprintf(fhout, "%s-%04d-%02d\n", word[w], i, j); + fprintf(fhout, "%04d-%s-%02d\n", i, word[w], j); + //fprintf(fhout, "%04d-%02d-%s\n", i, j, word[w]); // test + } + } + + // test two words + /* + for (w1 = 0; w1 < (sizeof(word) / sizeof(char *)); w1++ ) + { + //if (w == w1) continue; + + if (i < 10) + { + fprintf(fhout, "%s-%01d-%s\n", word[w], i, word[w1]); + fprintf(fhout, "%01d-%s-%s\n", i, word[w], word[w1]); + fprintf(fhout, "%s-%s-%01d\n", word[w], word[w1], i); + } + if (i < 100) + { + fprintf(fhout, "%s-%02d-%s\n", word[w], i, word[w1]); + fprintf(fhout, "%02d-%s-%s\n", i, word[w], word[w1]); + fprintf(fhout, "%s-%s-%02d\n", word[w], word[w1], i); + } + if (i < 1000) + { + fprintf(fhout, "%s-%03d-%s\n", word[w], i, word[w1]); + fprintf(fhout, "%03d-%s-%s\n", i, word[w], word[w1]); + fprintf(fhout, "%s-%s-%03d\n", word[w], word[w1], i); + } + if (i < 10000) + { + fprintf(fhout, "%s-%04d-%s\n", word[w], i, word[w1]); + fprintf(fhout, "%04d-%s-%s\n", i, word[w], word[w1]); + fprintf(fhout, "%s-%s-%04d\n", word[w], word[w1], i); + } + } + */ + } + } + +return; +} +/*===========================================================================*/ static void keywriteweakpass(FILE *fhout) { static size_t w; @@ -1010,9 +1131,22 @@ static int k2; static int ek; static char *ev; +static unsigned int oui; static char essidtmp[PSKSTRING_LEN_MAX] = {}; +if(essidlen >= 6) + { + if((isxdigit((unsigned char)essid[essidlen -6])) && (isxdigit((unsigned char)essid[essidlen -5])) && (isxdigit((unsigned char)essid[essidlen -4])) && (isxdigit((unsigned char)essid[essidlen -3])) && (isxdigit((unsigned char)essid[essidlen -2])) && (isxdigit((unsigned char)essid[essidlen -1]))) + { + ev = (char*)(essid +essidlen -6); + ek = strtol(ev, NULL, 16); + oui = (macaddr &0xffffff000000L) >> 24; + snprintf(essidtmp, PSKSTRING_LEN_MAX, "%06x%06x", oui, ek); + writepsk(fhout, essidtmp); + } + } +return; if(essidlen >= 4) { if((isxdigit((unsigned char)essid[essidlen -4])) && (isxdigit((unsigned char)essid[essidlen -3])) && (isxdigit((unsigned char)essid[essidlen -2])) && (isxdigit((unsigned char)essid[essidlen -1]))) @@ -1921,10 +2055,7 @@ { for(k6 = 0; k6 <= 0x0f; k6++) { - for(k7 = 0; k7 < 100; k7++) - { - fprintf(fhout, "%c%d%c%02d%02d%02d%02d%d%02d%02d\n", k1, k2, k3, k4, hextable[k5], hextable[k6], k7, k2, k8, k9); - } + for(k7 = 0; k7 < 100; k7++) fprintf(fhout, "%c%d%c%02d%02d%02d%02d%d%02d%02d\n", k1, k2, k3, k4, hextable[k5], hextable[k6], k7, k2, k8, k9); } } } @@ -1943,6 +2074,20 @@ return; } /*===========================================================================*/ +static void testzhone(FILE *fhout, uint8_t essidlen, uint8_t *essid) +{ +static int k; +static char *zhone = "Zhone_"; + +if(znidflag == true) return; +if(essidlen < 6) return; +if(memcmp(essid, zhone, 6) != 0) return; +for(k = 0; k < 10000000; k++) fprintf(fhout, "znid30%07d\n", k); +for(k = 0; k < 10000000; k++) fprintf(fhout, "znid31%07d\n", k); +znidflag = true; +return; +} +/*===========================================================================*/ static void prepareessid(FILE *fhout, uint8_t essidlen, uint8_t *essid) { static int pi, po; @@ -1974,6 +2119,7 @@ testukrtelecom(fhout, essidlen, essid); testwifirsu(fhout, essidlen, essid); testwlan(fhout, essidlen, essid); +testzhone(fhout, essidlen, essid); if(noessidcombinationflag == true) return; writeessidsweeped(fhout, essidlen, essid); @@ -2099,6 +2245,11 @@ pin = (macaddr & 0xffffff) % 10000000; pin = ((pin * 10) + wpspinchecksum(pin)); fprintf(fhout, "%08d\n", pin); + +pin = (((macaddr >> 24) &0xff) *256 *256) +(((macaddr >> 16) &0xff) *256) + ((macaddr >> 8) &0xff); +pin = pin % 10000000; +pin = ((pin * 10) + wpspinchecksum(pin)); +fprintf(fhout, "%08d\n", pin); return; } /*===========================================================================*/ @@ -2187,6 +2338,8 @@ static int me; static char pskstring[PSKSTRING_LEN_MAX] = {}; +fprintf(fhout, "%012llX\n", macaddr &0xffffffffff); + nici = ~macaddr &0xffffff; fprintf(fhout, "wlan%06x\n", nici); nici = ~macaddr &0xffffffff; @@ -2197,8 +2350,8 @@ me = macaddr &0xffffff; fprintf(fhout, "05%6d\n", me); oui = macaddr &0xffffff000000L; -nic = (macaddr -0x20) &0xffffffL; -for(c = 0; c <= 0x20; c++) writebssid(fhout, oui +((nic +c) &0xffffffL)); +nic = (macaddr -0x7f) &0xffffffL; +for(c = 0; c <= 0xff; c++) writebssid(fhout, oui +((nic +c) &0xffffffL)); swap = (nic >> 8) & 0xffff; { swap = (swap & 0xf000) >> 12 | (swap & 0x0f00) >> 4 | (swap & 0x00f0) << 4 | (swap & 0x000f) << 12; @@ -2242,6 +2395,7 @@ keywritetenda2(fhout); } if(eeflag == true) keywriteee(fhout); +if(alticeoptimumflag == true) keywritealticeoptimum(fhout); if(weakpassflag == true) keywriteweakpass(fhout); if(eudateflag == true) keywriteeudate(fhout); if(usdateflag == true) keywriteusdate(fhout); @@ -2621,10 +2775,10 @@ "%s \n" "\n" "options:\n" - "-c : input PMKID/EAPOL hash file (hashcat -m 22000)\n" - "-i : input EAPOL hash file (hashcat)\n" + "-c : input PMKID/EAPOL hash file (hashcat -m 22000/22001)\n" + "-i : input EAPOL hash file (hashcat -m 2500/2501)\n" "-j : input EAPOL hash file (john)\n" - "-z : input PMKID hash file (hashcat and john)\n" + "-z : input PMKID hash file (hashcat -m 16800/16801 and john)\n" "-e : input ESSID\n" "-b : input MAC access point\n" " format: 112233445566\n" @@ -2645,6 +2799,7 @@ "--tenda : include weak TENDA candidates\n" "--ee : include weak EE BrightBox candidates\n" " list will be > 3GB\n" + "--alticeoptimum : include weak Altice/Optimum candidates (MyAltice)\n" "--weakpass : include weak password candidates\n" "--eudate : include complete european dates\n" "--usdate : include complete american dates\n" @@ -2681,6 +2836,7 @@ static char *pskname = NULL; airtelflag = false; +alticeoptimumflag = false; spectrumflag = false; digit10flag = false; easyboxflag = false; @@ -2698,6 +2854,7 @@ usdateflag = false; weakpassflag = false; wpskeysflag = false; +znidflag = false; static const char *short_options = "c:i:j:z:o:e:b:o:hv"; static const struct option long_options[] = @@ -2710,6 +2867,7 @@ {"phome", no_argument, NULL, HCXD_PHOME}, {"tenda", no_argument, NULL, HCXD_TENDA}, {"ee", no_argument, NULL, HCXD_EE}, + {"alticeoptimum", no_argument, NULL, HCXD_ALTICEOPTIMUM}, {"weakpass", no_argument, NULL, HCXD_WEAKPASS}, {"eudate", no_argument, NULL, HCXD_EUDATE}, {"usdate", no_argument, NULL, HCXD_USDATE}, @@ -2760,6 +2918,10 @@ eeflag = true; break; + case HCXD_ALTICEOPTIMUM: + alticeoptimumflag = true; + break; + case HCXD_WEAKPASS: weakpassflag = true; break; diff -Nru hcxtools-6.2.5/include/hcxpcapngtool.h hcxtools-6.2.7/include/hcxpcapngtool.h --- hcxtools-6.2.5/include/hcxpcapngtool.h 2021-12-01 14:17:49.000000000 +0000 +++ hcxtools-6.2.7/include/hcxpcapngtool.h 2022-04-26 14:38:44.000000000 +0000 @@ -99,9 +99,10 @@ #define TCS_TKIP 0b00000010 #define TCS_WRAP 0b00000100 #define TCS_CCMP 0b00001000 -#define TCS_WEP104 0b00010000 -#define TCS_BIP 0b00100000 -#define TCS_NOT_ALLOWED 0b01000000 +#define TCS_GCMP 0b00010000 +#define TCS_WEP104 0b00100000 +#define TCS_BIP 0b01000000 +#define TCS_NOT_ALLOWED 0b10000000 uint16_t akm; #define TAK_PMKSA 0b0000000000000001 #define TAK_PSK 0b0000000000000010 diff -Nru hcxtools-6.2.5/include/hcxpsktool.h hcxtools-6.2.7/include/hcxpsktool.h --- hcxtools-6.2.5/include/hcxpsktool.h 2021-12-01 14:17:49.000000000 +0000 +++ hcxtools-6.2.7/include/hcxpsktool.h 2022-04-26 14:38:44.000000000 +0000 @@ -11,12 +11,13 @@ #define HCXD_PHOME 5 #define HCXD_TENDA 6 #define HCXD_EE 7 -#define HCXD_WEAKPASS 8 -#define HCXD_EUDATE 9 -#define HCXD_USDATE 10 -#define HCXD_WPSKEYS 11 -#define HCXD_DIGIT10 12 -#define HCXD_EGN 13 +#define HCXD_ALTICEOPTIMUM 8 +#define HCXD_WEAKPASS 9 +#define HCXD_EUDATE 10 +#define HCXD_USDATE 11 +#define HCXD_WPSKEYS 12 +#define HCXD_DIGIT10 13 +#define HCXD_EGN 14 #define HCXD_HELP 'h' #define HCXD_VERSION 'v' diff -Nru hcxtools-6.2.5/include/ieee80211.h hcxtools-6.2.7/include/ieee80211.h --- hcxtools-6.2.5/include/ieee80211.h 2021-12-01 14:17:49.000000000 +0000 +++ hcxtools-6.2.7/include/ieee80211.h 2022-04-26 14:38:44.000000000 +0000 @@ -479,6 +479,7 @@ #define CS_WEP104 5 #define CS_BIP 6 #define CS_NOT_ALLOWED 7 +#define CS_GCMP 9 #define AK_PMKSA 1 #define AK_PSK 2 #define AK_FT 3 diff -Nru hcxtools-6.2.5/license.txt hcxtools-6.2.7/license.txt --- hcxtools-6.2.5/license.txt 2021-12-01 14:17:49.000000000 +0000 +++ hcxtools-6.2.7/license.txt 2022-04-26 14:38:44.000000000 +0000 @@ -1,6 +1,6 @@ The MIT License (MIT) -Copyright (c) 2000-2021 ZeroBeat +Copyright (c) 2000-2022 ZeroBeat Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff -Nru hcxtools-6.2.5/Makefile hcxtools-6.2.7/Makefile --- hcxtools-6.2.5/Makefile 2021-12-01 14:17:49.000000000 +0000 +++ hcxtools-6.2.7/Makefile 2022-04-26 14:38:44.000000000 +0000 @@ -1,6 +1,6 @@ PRODUCTION := 1 -PRODUCTION_VERSION := 6.2.5 -PRODUCTION_YEAR := 2021 +PRODUCTION_VERSION := 6.2.7 +PRODUCTION_YEAR := 2022 ifeq ($(PRODUCTION),1) VERSION_TAG := $(PRODUCTION_VERSION) diff -Nru hcxtools-6.2.5/README.md hcxtools-6.2.7/README.md --- hcxtools-6.2.5/README.md 2021-12-01 14:17:49.000000000 +0000 +++ hcxtools-6.2.7/README.md 2022-04-26 14:38:44.000000000 +0000 @@ -63,7 +63,7 @@ | hcxhashcattool | Convert old hashcat (<= 5.1.0) separate potfile (2500 and/or 16800) to new potfile format | -Work flow +Workflow -------------- hcxdumptool -> hcxpcapngtool -> hcxhashtool (additional hcxpsktool/hcxeiutool) -> hashcat or JtR @@ -106,13 +106,15 @@ [Arch Linux ARM ](https://archlinuxarm.org/) `pacman -S hcxtools` -### Black Arch +### BlackArch [Black Arch](https://blackarch.org/) is an Arch Linux-based penetration testing distribution for penetration testers and security researchers `pacman -S hcxtools` ### Kali Linux `apt install hcxtools` +### OpenWRT +`opkg install hcxtools` ### macOS [Homebrew](https://brew.sh/) is 3-rd party package manager for macOS @@ -123,39 +125,23 @@ -------------- * knowledge of radio technology - * knowledge of electromagnetic-wave engineering - * detailed knowledge of 802.11 protocol - * detailed knowledge of key derivation functions - * detailed knowledge of Linux - * Linux (recommended Arch Linux, but other distros should work, too (no support for other distributions). - * gcc >= 11 recommended (deprecated versions are not supported: https://gcc.gnu.org/) - * libopenssl and openssl-dev installed - * librt and librt-dev installed (should be installed by default) - * zlib and zlib-dev installed (for gzip compressed cap/pcap/pcapng files) - * libcurl and curl-dev installed (used by whoismac and wlancap2wpasec) - * libpthread and pthread-dev installed (used by hcxhashcattool) - * pkg-config installed To install requirements on Kali use the following 'apt-get install pkg-config libcurl4-openssl-dev libssl-dev zlib1g-dev' If you decide to compile latest git head, make sure that your distribution is updated on latest version. - - - - Useful scripts -------------- @@ -163,7 +149,7 @@ | ------------ | -------------------------------------------------------- | | piwritecard | Example script to restore SD-Card | | piwreadcard | Example script to backup SD-Card | -| hcxgrep.py | Extract records from hccapx/pmkid file based on regexp | +| hcxgrep.py | Extract records from m22000 hashline/hccapx/pmkid file based on regexp | Notice @@ -187,11 +173,11 @@ 010 = M2+M3, EAPOL from M2 (authorized) -011 = M2+M3, EAPOL from M3 (authorized) - unused" +011 = M2+M3, EAPOL from M3 (authorized) - unused -100 = M3+M4, EAPOL from M3 (authorized) - unused" +100 = M3+M4, EAPOL from M3 (authorized) - unused -101 = M3+M4, EAPOL from M4 if not zeroed (authorized)" +101 = M3+M4, EAPOL from M4 if not zeroed (authorized) 3: reserved diff -Nru hcxtools-6.2.5/usefulscripts/hcxgrep.py hcxtools-6.2.7/usefulscripts/hcxgrep.py --- hcxtools-6.2.5/usefulscripts/hcxgrep.py 2021-12-01 14:17:49.000000000 +0000 +++ hcxtools-6.2.7/usefulscripts/hcxgrep.py 2022-04-26 14:38:44.000000000 +0000 @@ -1,15 +1,14 @@ -#!/usr/bin/env python2 +#!/usr/bin/env python3 ''' greps inside hccapx/pmkid structs by essid, mac_ap or mac_sta -This software is Copyright (c) 2019-2020, Alex Stanev and it is -hereby released to the general public under the following terms: +This software is Copyright (c) 2019-2022, Alex Stanev +and it is hereby released to the general public under the following terms: Redistribution and use in source and binary forms, with or without modification, are permitted. ''' -from __future__ import print_function import argparse import os import sys @@ -18,10 +17,8 @@ import re import sre_constants -try: - from string import maketrans -except ImportError: - maketrans = bytearray.maketrans # pylint: disable=no-member +maketrans = bytearray.maketrans + def parse_hccapx(hccapx): '''hccapx decompose @@ -46,28 +43,25 @@ } __attribute__((packed)); ''' - hccapx_fmt = '< 4x 4x B B 32s B 16s 6s 32s 6s 32s H 256s' + hccapx_fmt = '< 4x 4x x B 32s x 16x 6s 32x 6s 32x 2x 256x' try: - (message_pair, - essid_len, essid, - keyver, keymic, - mac_ap, nonce_ap, mac_sta, nonce_sta, - eapol_len, eapol) = struct.unpack(hccapx_fmt, hccapx) - except struct.error as ex: - sys.stderr.write(str(ex + '\n')) - exit(1) + (essid_len, essid, + mac_ap, mac_sta) = struct.unpack(hccapx_fmt, hccapx) + except struct.error: + sys.stderr.write('Can\'t parse hcccapx struct!\n') + sys.exit(1) # fixup - res = '' if args.t == 'essid': - res = essid[:essid_len] - elif args.t == 'mac_ap': - res = binascii.hexlify(mac_ap).zfill(12) - elif args.t == 'mac_sta': - res = binascii.hexlify(mac_sta).zfill(12) + return essid[:essid_len] + if args.t == 'mac_ap': + return binascii.hexlify(mac_ap).zfill(12) + if args.t == 'mac_sta': + return binascii.hexlify(mac_sta).zfill(12) + + return None - return res def parse_pmkid(pmkid): '''pmkid decompose @@ -77,20 +71,20 @@ ''' arr = pmkid.split(b'*', 4) - res = '' if len(arr) == 4: try: if args.t == 'essid': - res = binascii.unhexlify(arr[3].strip()) - elif args.t == 'mac_ap': - res = arr[1] - elif args.t == 'mac_sta': - res = arr[2] - except TypeError as ex: - sys.stderr.write(str(ex + '\n')) - exit(1) + return binascii.unhexlify(arr[3].strip()) + if args.t == 'mac_ap': + return arr[1] + if args.t == 'mac_sta': + return arr[2] + except TypeError: + sys.stderr.write('Can\'t decode: {}\n'.format(arr[3].strip().decode())) + sys.exit(1) + + return None - return res def parse_combined(hashline): '''m22000 hashline decompose @@ -100,25 +94,23 @@ ''' arr = hashline.split(b'*', 9) - res = '' if len(arr) == 9: try: if args.t == 'essid': - res = binascii.unhexlify(arr[5].strip()) - elif args.t == 'mac_ap': - res = arr[3] - elif args.t == 'mac_sta': - res = arr[4] - except TypeError as ex: - sys.stderr.write(str(ex + '\n')) - exit(1) + return binascii.unhexlify(arr[5].strip()) + if args.t == 'mac_ap': + return arr[3] + if args.t == 'mac_sta': + return arr[4] + except TypeError: + sys.stderr.write('Can\'t decode: {}\n'.format(arr[5].strip().decode())) + sys.exit(1) - return res + return None if __name__ == "__main__": parser = argparse.ArgumentParser( - description='Extract records from wpa combined hashline/hccapx/pmkid file based on regexp') - #group = parser.add_mutually_exclusive_group(required=True) + description='Extract records from m22000 hashline/hccapx/pmkid file with regexp') parser.add_argument( '-f', '--file', type=argparse.FileType('r'), help='Obtain patterns from FILE, one per line.') @@ -130,7 +122,8 @@ '-v', '--invert-match', dest='v', action='store_true', help='Invert the sense of matching, to select non-matching nets') parser.add_argument( - '-t', '--type', dest='t', choices=['essid','mac_ap','mac_sta'], default='essid', + '-t', '--type', dest='t', + choices=['essid', 'mac_ap', 'mac_sta'], default='essid', help='Field to apply matching, default essid') parser.add_argument( 'infile', type=str, nargs='?', @@ -141,11 +134,6 @@ except IOError as ex: parser.error(str(ex)) - # workaround encoding issues with python2 - if sys.version_info[0] == 2: - reload(sys) # pylint: disable=undefined-variable - sys.setdefaultencoding('utf-8') # pylint: disable=no-member - # shift parameters if args.file and args.PATTERNS: args.infile = args.PATTERNS @@ -155,7 +143,7 @@ if args.PATTERNS is None and args.file is None: parser.print_help(sys.stderr) sys.stderr.write('You must provide PATTERNS or -f FILE\n') - exit(1) + sys.exit(1) # read patterns from file if args.PATTERNS is None: @@ -163,42 +151,34 @@ try: regexp = re.compile(args.PATTERNS) - except sre_constants.error as e: - sys.stderr.write('Wrong regexp {0}: {1} \n'.format(args.PATTERNS, e)) - exit(1) + except sre_constants.error as ex: + sys.stderr.write('Wrong regexp {0}: {1} \n'.format(args.PATTERNS, ex)) + sys.exit(1) if args.infile is not None and os.path.isfile(args.infile): fd = open(args.infile, 'rb') else: fd = sys.stdin - - structformat = '' + while True: buf = fd.read(4) - if buf == 'WPA*': + if buf == b'WPA*': buf = buf + fd.readline() - structformat = 'combined' - elif buf == 'HCPX': + target = parse_combined(buf) + elif buf == b'HCPX': buf = buf + fd.read(393 - 4) - structformat = 'hccapx' + target = parse_hccapx(buf) else: buf = buf + fd.readline() - structformat = 'pmkid' + target = parse_pmkid(buf) if not buf: break - if structformat == 'combined': - target = parse_combined(buf) - elif structformat == 'hccapx': - target = parse_hccapx(buf) - elif structformat == 'pmkid': - target = parse_pmkid(buf) - else: + if target is None: sys.stderr.write('Unrecognized input format\n') - exit(1) + sys.exit(1) res = regexp.search(str(target)) if (res is not None and not args.v) or (res is None and args.v): - sys.stdout.write(buf) - + sys.stdout.buffer.write(buf) diff -Nru hcxtools-6.2.5/usefulscripts/piwritecard hcxtools-6.2.7/usefulscripts/piwritecard --- hcxtools-6.2.5/usefulscripts/piwritecard 2021-12-01 14:17:49.000000000 +0000 +++ hcxtools-6.2.7/usefulscripts/piwritecard 2022-04-26 14:38:44.000000000 +0000 @@ -4,7 +4,7 @@ printf "\nchoose device: " read DEVICE -printf "\033[0;31m o p n p 1 +100M t c n p 2 w \033[1;0m\n" +printf "\033[0;31m o p n p 1 +256M t c n p 2 w \033[1;0m\n" sudo fdisk /dev/$DEVICE echo "build filesystem boot"