Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:mnhauke
cowpatty
cowpatty-github-0a27497.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File cowpatty-github-0a27497.patch of Package cowpatty
diff -ur a/AUTHORS c/AUTHORS --- a/AUTHORS 2018-07-03 21:49:02.000000000 +0200 +++ c/AUTHORS 2021-12-01 15:55:49.128555908 +0100 @@ -9,3 +9,6 @@ Mike Kershaw Michal Knobel Nathan Grennan +Mati Aharoni <muts@kali.org> +Samuel Henrique @samueloph +Raphaƫl Hertzog @rhertzog diff -ur a/cowpatty.c c/cowpatty.c --- a/cowpatty.c 2018-07-03 21:49:02.000000000 +0200 +++ c/cowpatty.c 2021-12-01 15:55:49.132556022 +0100 @@ -85,8 +85,7 @@ "\t-d \tHash file (genpmk)\n" "\t-r \tPacket capture file\n" "\t-s \tNetwork SSID (enclose in quotes if SSID includes spaces)\n" - "\t-2 \tUse frames 1 and 2 or 2 and 3 for key attack (nonstrict mode)\n" - "\t-c \tCheck for valid 4-way frames, does not crack\n" + "\t-c \tCheck for valid 4-way frames, does not crack\n" "\t-h \tPrint this help information and exit\n" "\t-v \tPrint verbose information (more -v for more verbosity)\n" "\t-V \tPrint program version and exit\n" "\n"); @@ -142,7 +141,7 @@ int c; - while ((c = getopt(argc, argv, "f:r:s:d:c2nhvV")) != EOF) { + while ((c = getopt(argc, argv, "f:r:s:d:cnhvV")) != EOF) { switch (c) { case 'f': strncpy(opt->dictfile, optarg, sizeof(opt->dictfile)); @@ -157,9 +156,6 @@ strncpy(opt->hashfile, optarg, sizeof(opt->hashfile)); break; case 'n': - case '2': - opt->nonstrict++; - break; case 'c': opt->checkonly++; break; @@ -262,6 +258,7 @@ case DLT_IEEE802_11: case DLT_PRISM_HEADER: case DLT_IEEE802_11_RADIO: + case DLT_PPI: break; default: /* Unknown/unsupported pcap type */ @@ -284,7 +281,9 @@ /* Assume it's a libpcap file for now */ int ret; struct ieee80211_radiotap_header *rtaphdr; + struct ieee80211_radiotap_header *ppihdr; int rtaphdrlen=0; + int ppihdrlen=0; struct dot11hdr *dot11 = NULL; /* Loop on pcap_next_ex until we get a packet we want, return from @@ -390,6 +389,37 @@ return(ret); break; + case DLT_PPI: + + ppihdr = (struct ieee80211_radiotap_header *)packet; + ppihdrlen = le16_to_cpu(ppihdr->it_len); + + if (ppihdrlen > (h->len - 10)) { + return -2; + } + + if (ppihdrlen == 24) + ppihdrlen = 32; + + capdata->dstmac_offset = 4 + ppihdrlen; + capdata->srcmac_offset = 10 + ppihdrlen; + + dot11 = ((struct dot11hdr *)(packet+ppihdrlen)); + /* differentiate QoS data and non-QoS data frames */ + if (dot11->u1.fc.subtype == DOT11_FC_SUBTYPE_QOSDATA) { + capdata->dot1x_offset = 34 + ppihdrlen; + capdata->l2type_offset = 32 + ppihdrlen; + } else if (dot11->u1.fc.subtype == + DOT11_FC_SUBTYPE_DATA) { + capdata->dot1x_offset = 32 + ppihdrlen; + capdata->l2type_offset = 30 + ppihdrlen; + } else { + /* Not a data frame we support */ + continue; + } + return(ret); + break; + default: /* Unknown/unsupported pcap type */ return (1); @@ -426,21 +456,11 @@ cdata->ver = key_info & WPA_KEY_INFO_TYPE_MASK; index = key_info & WPA_KEY_INFO_KEY_INDEX_MASK; - if (opt->nonstrict == 0) { - - /* Check for EAPOL version 1, type EAPOL-Key */ - if (dot1xhdr->version != 1 || dot1xhdr->type != 3) { - return; - } - - } else { - - /* Check for type EAPOL-Key */ - if (dot1xhdr->type != 3) { - return; - } - + /* Check for type EAPOL-Key */ + if (dot1xhdr->type != 3) { + return; } + if (cdata->ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && cdata->ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { return; @@ -448,12 +468,12 @@ if (cdata->ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) { /* Check for WPA key, and pairwise key type */ - if (eapolkeyhdr->type != 254 || + if ((eapolkeyhdr->type != 2 && eapolkeyhdr->type != 254) || (key_info & WPA_KEY_INFO_KEY_TYPE) == 0) { return; } } else if (cdata->ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { - if (eapolkeyhdr->type != 2 || + if ((eapolkeyhdr->type != 2 && eapolkeyhdr->type != 254) || (key_info & WPA_KEY_INFO_KEY_TYPE) == 0) { return; } @@ -463,19 +483,22 @@ /* Check for frame 2 of the 4-way handshake */ if ((key_info & WPA_KEY_INFO_MIC) - && (key_info & WPA_KEY_INFO_ACK) == 0 - && (key_info & WPA_KEY_INFO_INSTALL) == 0 - && eapolkeyhdr->key_data_length > 0) { + && (key_info & WPA_KEY_INFO_ACK) == 0 + && (key_info & WPA_KEY_INFO_INSTALL) == 0 + && eapolkeyhdr->key_data_length > 0) { /* All we need from this frame is the authenticator nonce */ memcpy(cdata->snonce, eapolkeyhdr->key_nonce, sizeof(cdata->snonce)); cdata->snonceset = 1; + memcpy(cdata->replay_counter1, + eapolkeyhdr->replay_counter, 8); + cdata->replay_counter1[7] = cdata->replay_counter1[7] + 1; /* Check for frame 3 of the 4-way handshake */ } else if ((key_info & WPA_KEY_INFO_MIC) - && (key_info & WPA_KEY_INFO_INSTALL) - && (key_info & WPA_KEY_INFO_ACK)) { + && (key_info & WPA_KEY_INFO_INSTALL) + && (key_info & WPA_KEY_INFO_ACK)) { memcpy(cdata->spa, &packet[capdata->dstmac_offset], sizeof(cdata->spa)); @@ -488,15 +511,17 @@ cdata->anonceset = 1; /* We save the replay counter value in the 3rd frame to match against the 4th frame of the four-way handshake */ - memcpy(cdata->replay_counter, + memcpy(cdata->replay_counter2, eapolkeyhdr->replay_counter, 8); /* Check for frame 4 of the four-way handshake */ } else if ((key_info & WPA_KEY_INFO_MIC) - && (key_info & WPA_KEY_INFO_ACK) == 0 - && (key_info & WPA_KEY_INFO_INSTALL) == 0 - && (memcmp (cdata->replay_counter, - eapolkeyhdr->replay_counter, 8) == 0)) { + && (key_info & WPA_KEY_INFO_ACK) == 0 + && (key_info & WPA_KEY_INFO_INSTALL) == 0 + && (memcmp (cdata->replay_counter1, + cdata->replay_counter2, 8) == 0) + && (memcmp (cdata->replay_counter2, + eapolkeyhdr->replay_counter, 8) == 0)) { memcpy(cdata->keymic, eapolkeyhdr->key_mic, sizeof(cdata->keymic)); @@ -504,57 +529,77 @@ sizeof(cdata->eapolframe)); cdata->keymicset = 1; cdata->eapolframeset = 1; - } - } else { - - /* Check for frame 1 of the 4-way handshake */ - if ((key_info & WPA_KEY_INFO_MIC) == 0 - && (key_info & WPA_KEY_INFO_ACK) - && (key_info & WPA_KEY_INFO_INSTALL) == 0 ) { - /* All we need from this frame is the authenticator nonce */ - memcpy(cdata->anonce, eapolkeyhdr->key_nonce, - sizeof(cdata->anonce)); - cdata->anonceset = 1; + cdata->counters = 1; - /* Check for frame 2 of the 4-way handshake */ - } else if ((key_info & WPA_KEY_INFO_MIC) - && (key_info & WPA_KEY_INFO_INSTALL) == 0 - && (key_info & WPA_KEY_INFO_ACK) == 0 - && eapolkeyhdr->key_data_length > 0) { - - cdata->eapolframe_size = ( packet[capdata->dot1x_offset + 2] << 8 ) - + packet[capdata->dot1x_offset + 3] + 4; - - memcpy(cdata->spa, &packet[capdata->dstmac_offset], - sizeof(cdata->spa)); - cdata->spaset = 1; - - memcpy(cdata->aa, &packet[capdata->srcmac_offset], - sizeof(cdata->aa)); - cdata->aaset = 1; + } - memcpy(cdata->snonce, eapolkeyhdr->key_nonce, - sizeof(cdata->snonce)); - cdata->snonceset = 1; + } else { - memcpy(cdata->keymic, eapolkeyhdr->key_mic, - sizeof(cdata->keymic)); - cdata->keymicset = 1; + /* Check for frame 1 of the 4-way handshake */ + if ((key_info & WPA_KEY_INFO_MIC) == 0 + && (key_info & WPA_KEY_INFO_ACK) + && (key_info & WPA_KEY_INFO_INSTALL) == 0 ) { + + /* All we need from this frame is the authenticator nonce */ + memcpy(cdata->anonce, eapolkeyhdr->key_nonce, + sizeof(cdata->anonce)); + cdata->anonceset = 1; + + memcpy(cdata->replay_counter1, + eapolkeyhdr->replay_counter, 8); + cdata->replay_counter1[7] = cdata->replay_counter1[7] + 1; + + /* Check for frame 2 or 4 of the 4-way handshake */ + } else if ((key_info & WPA_KEY_INFO_MIC) + && (key_info & WPA_KEY_INFO_INSTALL) == 0 + && (key_info & WPA_KEY_INFO_ACK) == 0) { + + cdata->eapolframe_size = ( packet[capdata->dot1x_offset + 2] << 8 ) + + packet[capdata->dot1x_offset + 3] + 4; + + memcpy(cdata->spa, &packet[capdata->dstmac_offset], + sizeof(cdata->spa)); + cdata->spaset = 1; + + memcpy(cdata->aa, &packet[capdata->srcmac_offset], + sizeof(cdata->aa)); + cdata->aaset = 1; + + memcpy(cdata->snonce, eapolkeyhdr->key_nonce, + sizeof(cdata->snonce)); + cdata->snonceset = 1; + + memcpy(cdata->keymic, eapolkeyhdr->key_mic, + sizeof(cdata->keymic)); + cdata->keymicset = 1; + + memcpy(cdata->eapolframe, &packet[capdata->dot1x_offset], + cdata->eapolframe_size); + cdata->eapolframeset = 1; - memcpy(cdata->eapolframe, &packet[capdata->dot1x_offset], - cdata->eapolframe_size); - cdata->eapolframeset = 1; + memcpy(cdata->replay_counter2, + eapolkeyhdr->replay_counter, 8); + cdata->replay_counter2[7] = cdata->replay_counter2[7] + 1; + memcpy(cdata->replay_counter3, + eapolkeyhdr->replay_counter, 8); + cdata->replay_counter3[7] = cdata->replay_counter3[7] + 2; + + /* Check for frame 3 of the 4-way handshake */ + } else if ((key_info & WPA_KEY_INFO_MIC) + && (key_info & WPA_KEY_INFO_ACK) + && (key_info & WPA_KEY_INFO_INSTALL)) { + + /* All we need from this frame is the authenticator nonce */ + memcpy(cdata->anonce, eapolkeyhdr->key_nonce, + sizeof(cdata->anonce)); + cdata->anonceset = 1; + + memcpy(cdata->replay_counter4, + eapolkeyhdr->replay_counter, 8); + cdata->replay_counter4[7] = cdata->replay_counter4[7] + 1; + } - /* Check for frame 3 of the 4-way handshake */ - } else if ((key_info & WPA_KEY_INFO_MIC) - && (key_info & WPA_KEY_INFO_ACK) - && (key_info & WPA_KEY_INFO_INSTALL)) { - /* All we need from this frame is the authenticator nonce */ - memcpy(cdata->anonce, eapolkeyhdr->key_nonce, - sizeof(cdata->anonce)); - cdata->anonceset = 1; - } } } @@ -973,10 +1018,82 @@ } } + if (!(cdata.aaset && cdata.spaset && cdata.snonceset && + cdata.anonceset && cdata.keymicset && cdata.eapolframeset)) { + + cdata.aaset = 0; + cdata.spaset = 0; + cdata.snonceset = 0; + cdata.anonceset = 0; + cdata.keymicset = 0; + cdata.eapolframeset = 0; + + opt.nonstrict = 1; + + memset(&capdata, 0, sizeof(struct capture_data)); + memset(&cdata, 0, sizeof(struct crack_data)); + memset(&eapolkey_nomic, 0, sizeof(eapolkey_nomic)); + + /* Populate capdata struct */ + strncpy(capdata.pcapfilename, opt.pcapfile, + sizeof(capdata.pcapfilename)); + if (openpcap(&capdata) != 0) { + printf("Unsupported or unrecognized pcap file.\n"); + exit(-1); + } + + /* populates global *packet */ + while (getpacket(&capdata) > 0) { + if (opt.verbose > 2) { + lamont_hdump(packet, h->len); + } + /* test packet for data that we are looking for */ + if (memcmp(&packet[capdata.l2type_offset], DOT1X_LLCTYPE, 2) == + 0 && (h->len >capdata.l2type_offset + sizeof(struct wpa_eapol_key))) { + /* It's a dot1x frame, process it */ + handle_dot1x(&cdata, &capdata, &opt); + + if (cdata.aaset && cdata.spaset && cdata.snonceset + && cdata.anonceset && cdata.keymicset + && cdata.eapolframeset) { + + if (cdata.replay_counter1 != 0 + && cdata.replay_counter2 != 0) { + + if (memcmp (cdata.replay_counter1, + cdata.replay_counter2, 8) == 0) { + + cdata.counters = 1; + /* We've collected everything we need. */ + break; + + } + + } + + if (cdata.replay_counter3 != 0 + && cdata.replay_counter4 != 0) { + + if (memcmp (cdata.replay_counter3, + cdata.replay_counter4, 8) == 0) { + + cdata.counters = 1; + /* We've collected everything we need. */ + break; + + } + + } + + } + } + } + } + closepcap(&capdata); if (!(cdata.aaset && cdata.spaset && cdata.snonceset && - cdata.anonceset && cdata.keymicset && cdata.eapolframeset)) { + cdata.anonceset && cdata.keymicset && cdata.eapolframeset && cdata.counters)) { printf("End of pcap capture file, incomplete four-way handshake " "exchange. Try using a\ndifferent capture.\n"); exit(-1); diff -ur a/cowpatty.h c/cowpatty.h --- a/cowpatty.h 2018-07-03 21:49:02.000000000 +0200 +++ c/cowpatty.h 2021-12-01 15:55:49.132556022 +0100 @@ -169,7 +169,11 @@ u8 anonceset; u8 keymicset; u8 eapolframeset; - u8 replay_counter[8]; + u8 replay_counter1[8]; + u8 replay_counter2[8]; + u8 replay_counter3[8]; + u8 replay_counter4[8]; + u8 counters; int ver; /* Hashing algo, MD5 or AES-CBC-MAC */ int eapolframe_size; Only in c: .git diff -ur a/Makefile c/Makefile --- a/Makefile 2018-07-03 21:49:02.000000000 +0200 +++ c/Makefile 2021-12-01 15:55:49.128555908 +0100 @@ -8,42 +8,51 @@ # <dragorn> make is a twisted beast ################################## LDLIBS = -lpcap -CFLAGS = -pipe -Wall -DOPENSSL +CFLAGS = -pipe -Wall -DOPENSSL CFLAGS += -O2 LDLIBS += -lcrypto CFLAGS += -g3 -ggdb #CFLAGS += -static -PROGOBJ = md5.o sha1.o utils.o cowpatty.o genpmk.o +PROGOBJ = md5.o sha1.o utils.o PROG = cowpatty genpmk +MANUALS = cowpatty.1 genpmk.1 BINDIR = /usr/local/bin +MANDIR = /usr/local/man/man1 CC = clang -all: $(PROGOBJ) $(PROG) +.PHONY: all clean strip install-man install-bin install -cowpatty: common.h md5.c md5.h sha1.h cowpatty.c cowpatty.h sha1.c \ - sha1.h utils.c utils.h - $(CC) $(CFLAGS) cowpatty.c -o cowpatty utils.o md5.o sha1.o $(LDLIBS) +all: $(PROG) -genpmk: genpmk.c cowpatty.h utils.h sha1.h common.h - $(CC) $(CFLAGS) genpmk.c -o genpmk utils.o sha1.o $(LDLIBS) +cowpatty: cowpatty.c cowpatty.h $(PROGOBJ) + $(CC) $(CFLAGS) $< -o $@ $(PROGOBJ) $(LDLIBS) -utils: utils.c utils.h - $(CC) $(CFLAGS) utils.c -c +genpmk: genpmk.c cowpatty.h utils.o sha1.o + $(CC) $(CFLAGS) $< -o $@ utils.o sha1.o $(LDLIBS) -md5: md5.c md5.h - $(CC) $(CFLAGS) md5.c -c +utils.o: utils.c utils.h radiotap.h + $(CC) $(CFLAGS) $< -c -sha1: sha1.c sha1.h - $(CC) $(CFLAGS) sha1.c -c +md5.o: md5.c md5.h common.h + $(CC) $(CFLAGS) $< -c + +sha1.o: sha1.c sha1.h common.h + $(CC) $(CFLAGS) $< -c clean: - @rm $(PROGOBJ) $(PROG) + $(RM) $(PROGOBJ) $(PROG) strip: @ls -l $(PROG) @strip $(PROG) @ls -l $(PROG) -install: all +install-man: $(MANUALS) + install -d $(DESTDIR)$(MANDIR) + install -m 644 $(MANUALS) $(DESTDIR)$(MANDIR) + +install-bin: $(PROG) install -d $(DESTDIR)$(BINDIR) install -m 755 $(PROG) $(DESTDIR)$(BINDIR) + +install: install-bin install-man
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor