mira no se que hacer mi wlan empieza 00:21:29... y este no aparece en ninguno de los wlandecrypter
por ciert y hablando de otra cosa quiero saber que es exactamente el codigo que voy a poner mas abajo lo encontre por ahi y quiero saber si funciona para algo productivo, mi intuicion me dice que muy probablemente tenga una buena funcion pero y si es asi como le hago para que esa cosa sirva. por cierto lo copie en un doc tipo txt o eso creo y le aparecio una curita encima eso que significa???
. y por si algo me confieso completamente ignorante de lo que signifique el codigo o scrip o lo que sea esa cosa
bueno este es el codigo del que les hablaba:
Index: /src/router/aircrack-ng/VERSION
===================================================================
--- /src/router/aircrack-ng/VERSION (revision 11606)
+++ /src/router/aircrack-ng/VERSION (revision 11928)
@@ -1,1 +1,1 @@
-1.0-rc2
+1.0-rc3
Index: /src/router/aircrack-ng/src/tkiptun-ng.c
===================================================================
--- /src/router/aircrack-ng/src/tkiptun-ng.c (revision 11606)
+++ /src/router/aircrack-ng/src/tkiptun-ng.c (revision 11928)
@@ -134,4 +134,6 @@
#define RATE_54M 54000000
+#define DEFAULT_MIC_FAILURE_INTERVAL 60
+
static uchar ZERO[32] =
"\x00\x00\x00\x00\x00\x00\x00\x00"
@@ -163,9 +165,10 @@
" -d dmac : MAC address, Destination\n"
" -s smac : MAC address, Source\n"
-" -m len : minimum packet length\n"
-" -n len : maximum packet length\n"
+" -m len : minimum packet length (default: 80) \n"
+" -n len : maximum packet length (default: 80)\n"
" -t tods : frame control, To DS bit\n"
" -f fromds : frame control, From DS bit\n"
" -D : disable AP detection\n"
+" -Z : select packets manually\n"
"\n"
" Replay options:\n"
@@ -175,6 +178,6 @@
" -c dmac : set Destination MAC address\n"
" -h smac : set Source MAC address\n"
-" -F : choose first matching packet\n"
" -e essid : set target AP SSID\n"
+" -M sec : MIC error timout in seconds [60]\n"
"\n"
" Debug options:\n"
@@ -213,4 +216,6 @@
int f_minlen;
int f_maxlen;
+ int f_minlen_set;
+ int f_maxlen_set;
int f_type;
int f_subtype;
@@ -2147,4 +2152,5 @@
int tries=0;
int keystream_len=0;
+ int settle=0;
unsigned char b1 = 0xAA;
@@ -2453,4 +2459,14 @@
/* wait for the next timer interrupt, or sleep */
+ if( (nb_pkt_sent > 0) && (nb_pkt_sent % 256 == 0) && settle == 0)
+ {
+ printf( "\rLooks like mic failure report was not detected."
+ "Waiting %i seconds before trying again to avoid "
+ "the AP shutting down.\n", opt.mic_failure_interval);
+ fflush( stdout );
+ settle = 1;
+ sleep(opt.mic_failure_interval);
+ }
+
if( dev.fd_rtc >= 0 )
{
@@ -2619,4 +2635,6 @@
else
tries++;
+
+ settle=0;
}
@@ -2697,19 +2715,19 @@
/* check if it's a WEP data packet */
- if( ( h80211[0] & 0x0C ) != 8 ) continue;
+ if( ( h80211[0] & 0x0C ) != 8 ) continue; //must be a data packet
if( ( h80211[0] & 0x70 ) != 0 ) continue;
// if( ( h80211[1] & 0x03 ) != 2 ) continue;
if( ( h80211[1] & 0x40 ) == 0 ) continue;
- /* check the extended IV (TKIP) flag */
-
+ /* get header length right */
z = ( ( h80211[1] & 3 ) != 3 ) ? 24 : 30;
if ( ( h80211[0] & 0x80 ) == 0x80 ) /* QoS */
z+=2;
+ /* check the extended IV (TKIP) flag */
if( ( h80211[z + 3] & 0x20 ) == 0 ) continue;
/* check length (153)!? */
- if( n != 153 ) continue;
+ if( z+127 != n ) continue; //(153[26+127] bytes for eapol mic failure in tkip qos frames from client to AP)
// printf("yeah!\n");
@@ -2761,4 +2779,5 @@
// guess = h80211[9];
tries = 0;
+ settle = 0;
guess = (guess - 1) % 256;
@@ -3697,5 +3716,7 @@
opt.f_type = -1; opt.f_subtype = -1;
- opt.f_minlen = 80; opt.f_maxlen = 96;
+ opt.f_minlen = 80; opt.f_maxlen = 80;
+ opt.f_minlen_set = 0;
+ opt.f_maxlen_set = 0;
opt.f_tods = -1; opt.f_fromds = -1;
opt.f_iswep = -1; opt.ringbuffer = 8;
@@ -3704,7 +3725,7 @@
opt.ghost = 0; opt.npackets = -1;
opt.delay = 15; opt.bittest = 0;
- opt.fast = 0; opt.r_smac_set = 0;
+ opt.fast = -1; opt.r_smac_set = 0;
opt.npackets = 1; opt.nodetect = 0;
- opt.mic_failure_interval = 60;
+ opt.mic_failure_interval = DEFAULT_MIC_FAILURE_INTERVAL;
/* XXX */
@@ -3737,5 +3758,5 @@
int option = getopt_long( argc, argv,
- "d:s:m:n:t:f:x:a:c:h:e:jy:i:r:HFDK:P:p:",
+ "d:s:m:n:t:f:x:a:c:h:e:jy:i:r:HZDK:P:p:M:",
long_options, &option_index );
@@ -3787,4 +3808,5 @@
return( 1 );
}
+ opt.f_minlen_set=1;
break;
@@ -3798,4 +3820,5 @@
return( 1 );
}
+ opt.f_maxlen_set=1;
break;
@@ -3929,7 +3952,7 @@
break;
- case 'F' :
-
- opt.fast = 1;
+ case 'Z' :
+
+ opt.fast = 0;
break;
@@ -3992,4 +4015,15 @@
strncpy( opt.psk, optarg, sizeof( opt.psk ) - 1 );
opt.got_psk = 1;
+ break;
+
+ case 'M' :
+
+ ret = sscanf( optarg, "%d", &opt.mic_failure_interval );
+ if( opt.mic_failure_interval < 0 )
+ {
+ printf( "Invalid MIC error timeout. [>=0]\n" );
+ printf("\"%s --help\" for help.\n", argv[0]);
+ return( 1 );
+ }
break;
@@ -4281,14 +4315,25 @@
PCT; printf("Waiting for an ARP packet coming from the Client...\n");
-/* opt.f_minlen = 80;
- opt.f_maxlen = 80;*/
opt.f_tods = 1;
opt.f_fromds = 0;
memcpy(opt.f_smac, opt.r_smac, 6);
-// memcpy(opt.f_dmac, opt.f_bssid, 6);
- opt.fast = 1;
-
- if( capture_ask_packet( &caplen, 0 ) != 0 )
- return( 1 );
+// memcpy(opt.f_dmac, opt.f_bssid, 6);
+ if(opt.fast == -1)
+ opt.fast = 1;
+
+ if(opt.f_minlen_set == 0) {
+ opt.f_minlen = 80;
+ }
+ if(opt.f_maxlen_set == 0) {
+ opt.f_maxlen = 80;
+ }
+
+ while(1)
+ {
+ if( capture_ask_packet( &caplen, 0 ) != 0 )
+ return( 1 );
+ if( is_qos_arp_tkip(h80211, caplen) == 1 )
+ break;
+ }
memcpy(packet2, h80211, caplen);
@@ -4299,14 +4344,23 @@
PCT; printf("Waiting for an ARP response packet coming from the AP...\n");
-/* opt.f_minlen = 80;
- opt.f_maxlen = 80;*/
opt.f_tods = 0;
opt.f_fromds = 1;
memcpy(opt.f_dmac, opt.r_smac, 6);
memcpy(opt.f_smac, NULL_MAC, 6);
- opt.fast = 1;
-
- if( capture_ask_packet( &caplen, 0 ) != 0 )
- return( 1 );
+
+ if(opt.f_minlen_set == 0) {
+ opt.f_minlen = 80;
+ }
+ if(opt.f_maxlen_set == 0) {
+ opt.f_maxlen = 98;
+ }
+
+ while(1)
+ {
+ if( capture_ask_packet( &caplen, 0 ) != 0 )
+ return( 1 );
+ if( is_qos_arp_tkip(h80211, caplen) == 1 )
+ break;
+ }
memcpy(packet1, h80211, caplen);
@@ -4316,6 +4370,6 @@
PCT; printf("Got the answer!\n");
- PCT; printf("Waiting 5 seconds to let encrypted EAPOL frames pass without interfering.\n");
- read_sleep(5*1000000);
+ PCT; printf("Waiting 10 seconds to let encrypted EAPOL frames pass without interfering.\n");
+ read_sleep(10*1000000);
memcpy(h80211, packet1, packet1_len);
Index: /src/router/aircrack-ng/src/wesside-ng.c
===================================================================
--- /src/router/aircrack-ng/src/wesside-ng.c (revision 11606)
+++ /src/router/aircrack-ng/src/wesside-ng.c (revision 11928)
@@ -425,6 +425,6 @@
exit(1);
}
- if (rc != len) {
- time_print("Error Wrote %d out of %d\n", rc, len);
+ if (rc != len && rc != len + 3 /* packet length increases by 9 on Radiotap interfaces - this is normal */) {
+ time_print("ERROR: Packet length changed while transmitting (%d instead of %d).\n", rc, len);
exit(1);
}
Index: /src/router/aircrack-ng/src/airbase-ng.c
===================================================================
--- /src/router/aircrack-ng/src/airbase-ng.c (revision 11606)
+++ /src/router/aircrack-ng/src/airbase-ng.c (revision 11928)
@@ -536,4 +536,5 @@
FILE *f;
char ofn[1024];
+ struct pcap_file_header pfh;
if ( prefix == NULL) {
@@ -571,6 +572,4 @@
/* create the output packet capture file */
-
- struct pcap_file_header pfh;
snprintf( ofn, sizeof( ofn ) - 1, "%s-%02d.cap",
@@ -2515,9 +2514,10 @@
int gotsource, gotbssid;
int remaining, bytes2use;
- int reasso=0, fixed=0;
+ int reasso, fixed, z;
struct ST_info *st_cur = NULL;
struct ST_info *st_prv = NULL;
+ reasso = 0; fixed = 0;
bzero(essid, 256);
@@ -2526,6 +2526,4 @@
capture_packet(packet, length);
pthread_mutex_unlock( &mx_cap );
-
- int z;
z = ( ( packet[1] & 3 ) != 3 ) ? 24 : 30;
Index: /src/router/aircrack-ng/src/aireplay-ng.c
===================================================================
--- /src/router/aircrack-ng/src/aireplay-ng.c (revision 11606)
+++ /src/router/aircrack-ng/src/aireplay-ng.c (revision 11928)
@@ -5656,5 +5656,5 @@
opt.a_mode = -1; opt.r_fctrl = -1;
- opt.ghost = 0; opt.npackets = -1;
+ opt.ghost = 0;
opt.delay = 15; opt.bittest = 0;
opt.fast = 0; opt.r_smac_set = 0;
Index: /src/router/aircrack-ng/src/airdecap-ng.c
===================================================================
--- /src/router/aircrack-ng/src/airdecap-ng.c (revision 11606)
+++ /src/router/aircrack-ng/src/airdecap-ng.c (revision 11928)
@@ -162,5 +162,5 @@
pkh->caplen -= 24 + qosh_offset + 6;
- memcpy( buffer + 12, h80211 + 30, pkh->caplen );
+ memcpy( buffer + 12, h80211 + qosh_offset + 30, pkh->caplen );
}
else
@@ -169,5 +169,5 @@
pkh->caplen -= 30 + qosh_offset + 6;
- memcpy( buffer + 12, h80211 + 36, pkh->caplen );
+ memcpy( buffer + 12, h80211 + qosh_offset + 36, pkh->caplen );
}
Index: /src/router/aircrack-ng/src/sha1-sse2.h
===================================================================
--- /src/router/aircrack-ng/src/sha1-sse2.h (revision 11606)
+++ /src/router/aircrack-ng/src/sha1-sse2.h (revision 11928)
@@ -52,5 +52,19 @@
char key4[128] __attribute__ ((aligned (16)));
uchar pmks[128*4] __attribute__ ((aligned (16)));
-
+
+ // All in double size
+ uchar k_ipad[256] __attribute__ ((aligned (16)));
+ uchar ctx_ipad[80] __attribute__ ((aligned (16)));
+ uchar k_opad[256] __attribute__ ((aligned (16)));
+ uchar ctx_opad[80] __attribute__ ((aligned (16)));
+ uchar buffer[256] __attribute__ ((aligned (16)));
+ uchar sha1_ctx[80] __attribute__ ((aligned (16)));
+ uchar wrkbuf[1280] __attribute__ ((aligned (16)));
+ uint i, *u, *v, *w, *u3, *v4;
+ uchar *pmk1, *pmk2, *pmk3, *pmk4;
+
+ pmk1=pmks; pmk2=pmks+128; pmk3=pmks+128*2; pmk4=pmks+128*3;
+
+
strncpy(essid, _essid, 35);
strncpy(key1, _key1, 127);
@@ -59,16 +73,4 @@
strncpy(key4, _key4, 127);
- // todos estos doble tamaño
- uchar k_ipad[256] __attribute__ ((aligned (16)));
- uchar ctx_ipad[80] __attribute__ ((aligned (16)));
- uchar k_opad[256] __attribute__ ((aligned (16)));
- uchar ctx_opad[80] __attribute__ ((aligned (16)));
- uchar buffer[256] __attribute__ ((aligned (16)));
- uchar sha1_ctx[80] __attribute__ ((aligned (16)));
- uchar wrkbuf[1280] __attribute__ ((aligned (16)));
- uint i, *u, *v, *w, *u3, *v4;
- uchar *pmk1=pmks, *pmk2=pmks+128, *pmk3=pmks+128*2, *pmk4=pmks+128*3;
-
-
slen = strlen( essid ) + 4;
@@ -112,7 +114,7 @@
u = (uint *) ( k_opad );
- v = (uint *) ( k_opad + 64 );
+ v = (uint *) ( k_opad + 64 );
u3 = (uint *) ( k_opad + 128 );
- v4 = (uint *) ( k_opad + 192 );
+ v4 = (uint *) ( k_opad + 192 );
w = (uint *) buffer;
@@ -134,9 +136,9 @@
buffer[242] = buffer[246] = buffer[250] = buffer[254] = 0x02;
buffer[243] = buffer[247] = buffer[251] = buffer[255] = 0xA0;
-
-
+
+
essid[slen - 1] = '\1';
-
+
HMAC(EVP_sha1(), (uchar *)key1, strlen(key1), (uchar*)essid, slen, pmk1, NULL);
HMAC(EVP_sha1(), (uchar *)key2, strlen(key2), (uchar*)essid, slen, pmk2, NULL);
Index: /src/router/aircrack-ng/src/airserv-ng.c
===================================================================
--- /src/router/aircrack-ng/src/airserv-ng.c (revision 11606)
+++ /src/router/aircrack-ng/src/airserv-ng.c (revision 11928)
@@ -38,4 +38,6 @@
#ifdef __MACH__
#include <libkern/OSByteOrder.h>
+#elif defined(__FreeBSD__)
+#include <machine/endian.h>
#else
#include <asm/byteorder.h>
@@ -448,4 +450,14 @@
ri->ri_rate = OSSwapHostToBigInt32(ri->ri_rate);
ri->ri_antenna = OSSwapHostToBigInt32(ri->ri_antenna);
+
+#elif defined(__FreeBSD__)
+#if BYTE_ORDER == BIG_ENDIAN
+# define __be32_to_cpu(x) (x)
+# define __be64_to_cpu(x) (x)
+#elif BYTE_ORDER == LITTLE_ENDIAN
+# define __be32_to_cpu(x) __bswap32(x)
+# define __be64_to_cpu(x) __bswap64(x)
+#endif
+
#else
ri->ri_mactime = __cpu_to_be64(ri->ri_mactime);
Index: /src/router/aircrack-ng/src/aircrack-ng.c
===================================================================
--- /src/router/aircrack-ng/src/aircrack-ng.c (revision 11606)
+++ /src/router/aircrack-ng/src/aircrack-ng.c (revision 11928)
@@ -134,4 +134,5 @@
#define K17_IV 0x00100000
+/*
typedef struct
{
@@ -139,4 +140,5 @@
}used_iv;
used_iv* all_ivs;
+*/
typedef struct
@@ -193,4 +195,5 @@
" -q : enable quiet mode (no status output)\n"
" -C <macs> : merge the given APs to a virtual one\n"
+" -l <file> : write key to file\n"
"\n"
" Static WEP cracking options:\n"
@@ -2845,6 +2848,7 @@
static void key_found(unsigned char *wepkey, int keylen, int B)
{
+ FILE * keyFile;
+ int i, n;
int nb_ascii = 0;
- int i, n;
for( i = 0; i < keylen; i++ )
@@ -2896,4 +2900,15 @@
printf( "\n\tDecrypted correctly: %d%%\n", opt.probability );
printf( "\n" );
+
+ // Write the key to a file
+ if (opt.logKeyToFile != NULL) {
+ keyFile = fopen(opt.logKeyToFile, "w");
+ if (keyFile != NULL)
+ {
+ for( i = 0; i < keylen; i++ )
+ fprintf(keyFile, "%02X", wepkey
);
+ fclose(keyFile);
+ }
+ }
}
@@ -3764,4 +3779,5 @@
int crack_wpa_thread( void *arg )
{
+ FILE * keyFile;
char essid[36];
char key[4][128];
@@ -3776,5 +3792,5 @@
int thread;
int ret=0;
- int i, j, len;
+ int i, j, len, slen;
int nparallel = 1;
@@ -3807,6 +3823,4 @@
}
- int slen;
-
/* receive the essid */
@@ -3906,4 +3920,14 @@
printf( "\33[32;22m" );
+ // Write the key to a file
+ if (opt.logKeyToFile != NULL) {
+ keyFile = fopen(opt.logKeyToFile, "w");
+ if (keyFile != NULL)
+ {
+ fprintf(keyFile, "%s", key[j]);
+ fclose(keyFile);
+ }
+ }
+
return SUCCESS;
}
@@ -3926,5 +3950,9 @@
}
-
+/**
+ * Open a specific dictionnary
+ * nb: index of the dictionnary
+ * return 0 on success and FAILURE if it failed
+ *nbsp; }
@@ -2697se(ke
