diff options
Diffstat (limited to 'net-wireless/aircrack-ng')
12 files changed, 1613 insertions, 0 deletions
diff --git a/net-wireless/aircrack-ng/Manifest b/net-wireless/aircrack-ng/Manifest new file mode 100644 index 00000000..d5a9a8cb --- /dev/null +++ b/net-wireless/aircrack-ng/Manifest @@ -0,0 +1,12 @@ +AUX aircrack-ng-1.1-respect_LDFLAGS.patch 3144 SHA256 543d8efee610cd32874abb0ebc7371619526613ed04fa70db35d1caf473efff8 SHA512 faaaa5b1733ce78b4461b34d33be5cca671259ebfd69a9211ef3a4e4b97f3c062edd11f9556ef88faa245db87c6da59048efd593fbf4d31f48917df218bba272 WHIRLPOOL 7562c4fec3b3f5479186c0f4c16af0df97c7196f6d0072120ce460b5ca044244b26a49b7a47f07ebd01e022fd0acffb8493e46cd4c5f74e0b6adc2bd4b577a1c +AUX airdrop-ng-oui-path-fix.patch 742 SHA256 90b47ffd026369886ade93a2f51c2251cefcc0ea8610d559546d7b57b2ea94f2 SHA512 2d2591ebf554a74a4ab8c41f91986c1275b1e45688284880be1d8b172d2467db8fba45f1315db0607de4761dd515336c0ac8e8027e9060d926c39650825b9fb8 WHIRLPOOL 7f03c76edaefd15e5a815ff790b857173ff7fb4a35d77803c1feec69072b70c1e3483e41f2b23ce3c1b08b99d1a3c8cb0a0f8dab14084da6309e17612b24e38d +AUX airodump-ng-oui-update-path-fix.patch 572 SHA256 07cc244595a511d601e9bd6655a2939751ff1a16892529db5210bc4484af1cc9 SHA512 b18d570c0092e88d90439c09bedfa5d36f14ed5348085189d98d58cdee81c8c14582c448b36ed16537dae96073df7bee0340220877d07fd2df081eef0069b068 WHIRLPOOL 368e1cf8e115a452ce649b6c87c53afe9306b2de53c340916f3fba73f766cb469795e30bf1d2a1990893258cf99c9ea3bd682f8f4b1f7aa93065277ed1828805 +AUX airodump-ng.ignore-negative-one.v4.patch 5705 SHA256 d77f676f0ccd83e1e192f78473ff77ea55be6b3c652e14921938cc3a79ac6a10 SHA512 7dda1dd122c28e8c8666cac4529f3c46b34f9a4408dea3c7f1ea9397f282b0b41f3c7685335ffac1d551e02d06aa5d8adfcfe2dc722ac829547dc64a6871bf12 WHIRLPOOL fe5dfd5f8f004849f2c1f3a140cbbf8b17e9facadacee32883d29140a0da322b44ce4ade7b3d431698212904e934a48fcd76caee5ba3be72d9532c4ef70af7a1 +AUX changeset_r1921_backport.diff 1941 SHA256 a4655b208358b62a710f84206a69a5b0bb2091aeb47d73adbf0b7e8cd5a30c46 SHA512 dd3822bc8abc359b925657b32e69f7653e3a4ce780ce416386f2a2f6ae27de64730bfd9817c8cd1dc2941d0bf4a127d742fdf75a9113be7466276830bc618d66 WHIRLPOOL 25446d8808569dc5f90d7454d42af9b65cc71d44f3c77cd416c2b2cb36fc3f3cdddfe3c11ebb2279442e13c9d11fca0fc2697f281437d8f1e1860eb0115d7886 +AUX diff-wpa-migration-mode-aircrack-ng.diff 25165 SHA256 d36f2380d83fbfcbc48698cfd6d08de5a82a5a624a5d9f9cc3dbaaf7b7731fd8 SHA512 4018fde3f2873aefdd58516efdc77a5d177dc45574d8db23111b9935df19e746baf764e3cbe675f05b9316310d35b72c9d262d971748de36958e95ffdac63cbc WHIRLPOOL 15c3b1e6574becc0753a2bd402a6968afbe557df4c90d317495c162fbdd06bfd4324caf89d95f94ed18b1d5a62052dd8ec0feee29db3ce3eb6749f9ab9d7f2cc +AUX eapol_fix.patch 1014 SHA256 fcfaa1cfa75cbaac214ac3cb01b8401ff062f356acc75be39ea725fc42e10132 SHA512 53a2c66bc82c394647d00a0f179e1b78d25d249d4a196142b71fb3803533cf82b33c74a57bc219bf98eea64044129ab5d8adb9a883e0d4bfa74d0828a286413b WHIRLPOOL d0d349915331c84a78e896760c08f57b842e7e08c75e90736eb3aaae341217a1e0c8564230979a03c0abc9a1491aa1bd6451e2364dfe001047c5a735715aa0f4 +AUX ignore-channel-1-error.patch 2270 SHA256 aa2345b9ba7b59c79e54a5546f28398aaea4068c7030b520069e25f71cd029e4 SHA512 ab5f988316e9678b3040966f7041ae69a5afc2e41b762f76aa06fee8def0474703f5ebe006541f6066f896ea99ad8fe0b64063ad0a69012ed0d044e06b96473c WHIRLPOOL e6af56315b0fccdaadd0c74ff06a6446ace47950f6b2ce5862918b1dc48ba446935ca848bbc4a77fd31e148630033b22b0e16c14e6a176892d92c42a7451b9f2 +AUX pic-fix.patch 4838 SHA256 33d1693ec0cbea1933bdfcaa30a16bab2d566927a0c7eaf57cd7cb08886c4cba SHA512 54e068bbea0802196f2ca9e98ebe2aa85e28e359f9a1e6518e6869e95faa353404d28451caca3286ea4da48238e350c5a79b960c88b6c03fb32642e1ca5dfb21 WHIRLPOOL 1f3470a235a1014dd3bae14bed45baa06442fc45a343eb37f6b0cf19f14bfa64d053aceeac96797e8b280fca67710f2cfb19dc8ecbe219c6c412308b4bb099df +DIST aircrack-ng-1.1.tar.gz 1453272 SHA256 b136b549b7d2a2751c21793100075ea43b28de9af4c1969508bb95bcc92224ad SHA512 e2246c3e5bb61a7294b8483ba7865a7da78c35c0444ded51e61076b1b15a1329c757de2828b6a23ab399a77c1c51949cb6833cfa2823c1f8819c8c12f7799270 WHIRLPOOL 37592c80250cb92ab0a1cf25beffffd3449434721068d586731c2669b10bf0ab2461ede664614e0286581a5ccd8e8721181c367d9774700c1c72ca8c640d2530 +EBUILD aircrack-ng-1.1-r6.ebuild 2372 SHA256 6adf4d9e4386edbfb4f36f00f1f42a43f55c3710e9e1e7534a60586f3ce03b49 SHA512 92bca8e8039cbe507062102b740991289705200c4795314c13f9dbf28aeae0c22e99fcbbe467481de25e7f33ef606775dee03f3fdc4215e8410af3fcf20adef2 WHIRLPOOL e5b0a37cfe37cde94ba1249f70c698370afcb5636ca059e6313cdf3c5bb364d5d49dff5a0b1fcd3961c9f9fd0140e7fde3bb9b7a6282d39e3c4a1c4072e6d42f +EBUILD aircrack-ng-9999.ebuild 2443 SHA256 5e4f5a0613e9e0b4a670eacc39f7ac05cdb1d1206fec8d508f0d497fb698c988 SHA512 5a7a859e41f5468a137b9bf5d977e3ad1af30a6fe8704aec430ed2b39f4b8a45c8c932ef89fc290fd0d3f6a9f1b0cd21f22b336f4c9a7d0f02fb20e2f4499219 WHIRLPOOL dbb4262ca5e6b4e36395b50df04f872fa89544ee42c7d79f790568e32dd9db9103430211167ce0264a02bd037a83455ee50f78a36d5e7864834df94dc57025f5 diff --git a/net-wireless/aircrack-ng/aircrack-ng-1.1-r6.ebuild b/net-wireless/aircrack-ng/aircrack-ng-1.1-r6.ebuild new file mode 100644 index 00000000..850618a7 --- /dev/null +++ b/net-wireless/aircrack-ng/aircrack-ng-1.1-r6.ebuild @@ -0,0 +1,82 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: $ + +EAPI="4" + +inherit versionator + +MY_PV=$(replace_version_separator 2 '-') + +DESCRIPTION="WLAN tools for breaking 802.11 WEP/WPA keys" +HOMEPAGE="http://www.aircrack-ng.org" +SRC_URI="http://download.aircrack-ng.org/${PN}-${MY_PV}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="x86 amd64 arm" + +IUSE="kernel_linux kernel_FreeBSD +sqlite +unstable" + +DEPEND="dev-libs/openssl + sqlite? ( >=dev-db/sqlite-3.4 )" +RDEPEND="${DEPEND} + kernel_linux? ( net-wireless/iw net-wireless/wireless-tools )" + +S="${WORKDIR}/${PN}-${MY_PV}" + +have_sqlite() { + use sqlite && echo "true" || echo "false" +} + +have_unstable() { + use unstable && echo "true" || echo "false" +} + +src_prepare() { + #backports + epatch "${FILESDIR}/${P}-respect_LDFLAGS.patch" + epatch "${FILESDIR}"/diff-wpa-migration-mode-aircrack-ng.diff + epatch "${FILESDIR}"/ignore-channel-1-error.patch + epatch "${FILESDIR}"/airodump-ng.ignore-negative-one.v4.patch + epatch "${FILESDIR}"/pic-fix.patch + epatch "${FILESDIR}"/changeset_r1921_backport.diff + epatch "${FILESDIR}"/eapol_fix.patch + + #likely to stay after version bump + epatch "${FILESDIR}"/airodump-ng-oui-update-path-fix.patch +} + +src_compile() { + emake -j1 CC="$(tc-getCC)" LD="$(tc-getLD)" sqlite=$(have_sqlite) unstable=$(have_unstable) || die "emake failed" +} + +src_install() { + emake \ + prefix="${EPREFIX}/usr" \ + mandir="${EPREFIX}/usr/share/man/man1" \ + DESTDIR="${ED}" \ + sqlite=$(have_sqlite) \ + unstable=$(have_unstable) \ + install \ + || die "emake install failed" + + dodoc AUTHORS ChangeLog INSTALLING README + dodir /etc/aircrack-ng/ + wget http://standards.ieee.org/regauth/oui/oui.txt -O "${ED}"/etc/aircrack-ng/airodump-ng-oui.txt +} + +pkg_postinst() { + # Message is (c) FreeBSD + # http://www.freebsd.org/cgi/cvsweb.cgi/ports/net-mgmt/aircrack-ng/files/pkg-message.in?rev=1.5 + if use kernel_FreeBSD ; then + einfo "Contrary to Linux, it is not necessary to use airmon-ng to enable the monitor" + einfo "mode of your wireless card. So do not care about what the manpages say about" + einfo "airmon-ng, airodump-ng sets monitor mode automatically." + echo + einfo "To return from monitor mode, issue the following command:" + einfo " ifconfig \${INTERFACE} -mediaopt monitor" + einfo + einfo "For aireplay-ng you need FreeBSD >= 7.0." + fi +} diff --git a/net-wireless/aircrack-ng/aircrack-ng-9999.ebuild b/net-wireless/aircrack-ng/aircrack-ng-9999.ebuild new file mode 100644 index 00000000..609975e0 --- /dev/null +++ b/net-wireless/aircrack-ng/aircrack-ng-9999.ebuild @@ -0,0 +1,90 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: $ + +EAPI="4" + +inherit versionator subversion + +DESCRIPTION="WLAN tools for breaking 802.11 WEP/WPA keys" +HOMEPAGE="http://www.aircrack-ng.org" +ESVN_REPO_URI="http://trac.aircrack-ng.org/svn/trunk/" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="" + +IUSE="+airdrop-ng +airgraph-ng kernel_linux kernel_FreeBSD netlink +sqlite +unstable" + +DEPEND="dev-libs/openssl + netlink? ( dev-libs/libnl:3 ) + sqlite? ( >=dev-db/sqlite-3.4 )" +RDEPEND="${DEPEND} + kernel_linux? ( + net-wireless/iw + net-wireless/wireless-tools + sys-apps/ethtool + sys-apps/usbutils + sys-apps/pciutils ) + airdrop-ng? ( net-wireless/lorcon[python] )" + +S="${WORKDIR}/${PN}" + +subversion_src_prepare() { + subversion_bootstrap || die "${ESVN}: unknown problem occurred in subversion_bootstrap." +} + +src_unpack() { + subversion_src_unpack + dodir /usr/share/${PN} + wget http://standards.ieee.org/regauth/oui/oui.txt -O "${ED}"/usr/share/${PN}/airodump-ng-oui.txt +} + +src_compile() { + emake \ + CC="$(tc-getCC)" \ + AR="$(tc-getAR)" \ + LD="$(tc-getLD)" \ + RANLIB="$(tc-getRANLIB)" \ + libnl=$(usex netlink true false) \ + sqlite=$(usex sqlite true false) \ + unstable=$(usex unstable true false) \ + REVFLAGS=-D_REVISION="${ESVN_WC_REVISION}" +} + +src_install() { + emake \ + prefix="${ED}/usr" \ + libnl=$(usex netlink true false) \ + sqlite=$(usex sqlite true false) \ + unstable=$(usex unstable true false) \ + REVFLAGS=-D_REVISION="${ESVN_WC_REVISION}" \ + install + + dodoc AUTHORS ChangeLog INSTALLING README + + if use airgraph-ng; then + cd "${S}/scripts/airgraph-ng" + emake prefix="${ED}/usr" install + fi + if use airdrop-ng; then + cd "${S}/scripts/airdrop-ng" + emake prefix="${ED}/usr" install + fi +} + +pkg_postinst() { + # Message is (c) FreeBSD + # http://www.freebsd.org/cgi/cvsweb.cgi/ports/net-mgmt/aircrack-ng/files/pkg-message.in?rev=1.5 + if use kernel_FreeBSD ; then + einfo "Contrary to Linux, it is not necessary to use airmon-ng to enable the monitor" + einfo "mode of your wireless card. So do not care about what the manpages say about" + einfo "airmon-ng, airodump-ng sets monitor mode automatically." + echo + einfo "To return from monitor mode, issue the following command:" + einfo " ifconfig \${INTERFACE} -mediaopt monitor" + einfo + einfo "For aireplay-ng you need FreeBSD >= 7.0." + fi + einfo "Run 'airodump-ng-oui-update' as root to install or update OUI file" +} diff --git a/net-wireless/aircrack-ng/files/aircrack-ng-1.1-respect_LDFLAGS.patch b/net-wireless/aircrack-ng/files/aircrack-ng-1.1-respect_LDFLAGS.patch new file mode 100644 index 00000000..b7358b3c --- /dev/null +++ b/net-wireless/aircrack-ng/files/aircrack-ng-1.1-respect_LDFLAGS.patch @@ -0,0 +1,91 @@ +--- src/Makefile ++++ src/Makefile +@@ -90,13 +90,13 @@ + + + OSD = osdep +-LIBS = -L$(OSD) -l$(OSD) $(LIBPCAP) $(LDFLAGS) ++LIBS = -L$(OSD) -l$(OSD) $(LIBPCAP) + ifeq ($(OSNAME), cygwin) + LIBS += -liphlpapi -lsetupapi -luuid + endif + LIBOSD = $(OSD)/lib$(OSD).a + +-LIBSSL = -lssl -lcrypto $(LDFLAGS) ++LIBSSL = -lssl -lcrypto + LIBSQL = + ifeq ($(SQLITE), true) + LIBSQL = -L/usr/local/lib -lsqlite3 +@@ -140,55 +140,55 @@ + aircrack-ng-opt-prof -lpthread $(LIBSQL) + + aircrack-ng$(EXE): $(OBJS_AC) +- $(CC) $(CFLAGS) $(OBJS_AC) $(ASM_AC) -o $(@) -lpthread $(LIBSSL) $(LIBSQL) ++ $(CC) $(CFLAGS) $(LDFLAGS) $(OBJS_AC) $(ASM_AC) -o $(@) -lpthread $(LIBSSL) $(LIBSQL) + + airdecap-ng$(EXE): $(OBJS_AD) +- $(CC) $(CFLAGS) $(OBJS_AD) -o $(@) $(LIBSSL) ++ $(CC) $(CFLAGS) $(LDFLAGS) $(OBJS_AD) -o $(@) $(LIBSSL) + + packetforge-ng$(EXE): $(OBJS_PF) +- $(CC) $(CFLAGS) $(OBJS_PF) -o $(@) $(LIBSSL) ++ $(CC) $(CFLAGS) $(LDFLAGS) $(OBJS_PF) -o $(@) $(LIBSSL) + + aireplay-ng$(EXE): $(OBJS_AR) $(LIBOSD) +- $(CC) $(CFLAGS) $(OBJS_AR) -o $(@) $(LIBS) $(LIBSSL) ++ $(CC) $(CFLAGS) $(LDFLAGS) $(OBJS_AR) -o $(@) $(LIBS) $(LIBSSL) + + airodump-ng$(EXE): $(OBJS_ADU) $(LIBOSD) +- $(CC) $(CFLAGS) $(OBJS_ADU) -o $(@) $(LIBS) $(LIBSSL) -lpthread ++ $(CC) $(CFLAGS) $(LDFLAGS) $(OBJS_ADU) -o $(@) $(LIBS) $(LIBSSL) -lpthread + + airserv-ng$(EXE): $(OBJS_AS) $(LIBOSD) +- $(CC) $(CFLAGS) $(OBJS_AS) -o $(@) $(LIBS) $(LIBPCAP) ++ $(CC) $(CFLAGS) $(LDFLAGS) $(OBJS_AS) -o $(@) $(LIBS) $(LIBPCAP) + + airtun-ng$(EXE): $(OBJS_AT) $(LIBOSD) +- $(CC) $(CFLAGS) $(OBJS_AT) -o $(@) $(LIBS) $(LIBSSL) ++ $(CC) $(CFLAGS) $(LDFLAGS) $(OBJS_AT) -o $(@) $(LIBS) $(LIBSSL) + + ivstools$(EXE): $(OBJS_IV) +- $(CC) $(CFLAGS) $(OBJS_IV) -o $(@) $(LIBSSL) ++ $(CC) $(CFLAGS) $(LDFLAGS) $(OBJS_IV) -o $(@) $(LIBSSL) + + kstats$(EXE): kstats.o +- $(CC) $(CFLAGS) kstats.o -o $(@) ++ $(CC) $(CFLAGS) $(LDFLAGS) kstats.o -o $(@) + + wesside-ng$(EXE): $(OBJS_WS) $(LIBOSD) +- $(CC) $(CFLAGS) $(OBJS_WS) -o $(@) $(LIBS) $(LIBSSL) -lz ++ $(CC) $(CFLAGS) $(LDFLAGS) $(OBJS_WS) -o $(@) $(LIBS) $(LIBSSL) -lz + + easside-ng$(EXE): $(OBJS_ES) $(LIBOSD) +- $(CC) $(CFLAGS) $(OBJS_ES) -o $(@) $(LIBS) -lz ++ $(CC) $(CFLAGS) $(LDFLAGS) $(OBJS_ES) -o $(@) $(LIBS) -lz + + buddy-ng$(EXE): $(OBJS_BUDDY) +- $(CC) $(CFLAGS) $(OBJS_BUDDY) -o $(@) ++ $(CC) $(CFLAGS) $(LDFLAGS) $(OBJS_BUDDY) -o $(@) + + makeivs-ng$(EXE): $(OBJS_MI) +- $(CC) $(CFLAGS) $(OBJS_MI) -o $(@) ++ $(CC) $(CFLAGS) $(LDFLAGS) $(OBJS_MI) -o $(@) + + airolib-ng$(EXE): $(OBJS_AL) +- $(CC) $(CFLAGS) $(OBJS_AL) -o $(@) $(LIBSSL) -DHAVE_REGEXP $(LIBSQL) ++ $(CC) $(CFLAGS) $(LDFLAGS) $(OBJS_AL) -o $(@) $(LIBSSL) -DHAVE_REGEXP $(LIBSQL) + + airbase-ng$(EXE): $(OBJS_AB) $(LIBOSD) +- $(CC) $(CFLAGS) $(OBJS_AB) -o $(@) $(LIBS) $(LIBSSL) -lpthread ++ $(CC) $(CFLAGS) $(LDFLAGS) $(OBJS_AB) -o $(@) $(LIBS) $(LIBSSL) -lpthread + + airdecloak-ng$(EXE): $(OBJS_AU) +- $(CC) $(CFLAGS) $(OBJS_AU) -o $(@) ++ $(CC) $(CFLAGS) $(LDFLAGS) $(OBJS_AU) -o $(@) + + tkiptun-ng$(EXE): $(OBJS_TT) $(LIBOSD) +- $(CC) $(CFLAGS) $(OBJS_TT) -o $(@) $(LIBS) $(LIBSSL) ++ $(CC) $(CFLAGS) $(LDFLAGS) $(OBJS_TT) -o $(@) $(LIBS) $(LIBSSL) + + strip: $(BINFILES) $(SBINFILES) + strip $(BINFILES) $(SBINFILES) diff --git a/net-wireless/aircrack-ng/files/airdrop-ng-oui-path-fix.patch b/net-wireless/aircrack-ng/files/airdrop-ng-oui-path-fix.patch new file mode 100644 index 00000000..8b32a7f3 --- /dev/null +++ b/net-wireless/aircrack-ng/files/airdrop-ng-oui-path-fix.patch @@ -0,0 +1,13 @@ +Index: scripts/airdrop-ng/airdrop/libOuiParse.py +=================================================================== +--- scripts/airdrop-ng/airdrop/libOuiParse.py (revision 2109) ++++ scripts/airdrop-ng/airdrop/libOuiParse.py (working copy) +@@ -34,7 +34,7 @@ + generate the two dictionaries and return them + """ + #a poor fix where if we have no file it trys to download it +- aircrackOUI = '/usr/local/etc/aircrack-ng/airodump-ng-oui.txt' ++ aircrackOUI = '/etc/aircrack-ng/airodump-ng-oui.txt' + self.ouiTxtUrl = "http://standards.ieee.org/regauth/oui/oui.txt" + self.ouiUnPath = install_dir#path to oui.txt if module is installed + self.ouiInPath = install_dir + '/support/' #path to oui.txt if module is not installed diff --git a/net-wireless/aircrack-ng/files/airodump-ng-oui-update-path-fix.patch b/net-wireless/aircrack-ng/files/airodump-ng-oui-update-path-fix.patch new file mode 100644 index 00000000..846f03da --- /dev/null +++ b/net-wireless/aircrack-ng/files/airodump-ng-oui-update-path-fix.patch @@ -0,0 +1,12 @@ +diff -Naur aircrack-ng-1.1/scripts/airodump-ng-oui-update aircrack-ng-1.1-patched/scripts/airodump-ng-oui-update +--- aircrack-ng-1.1/scripts/airodump-ng-oui-update 2009-08-07 16:53:15.000000000 -0400 ++++ aircrack-ng-1.1-patched/scripts/airodump-ng-oui-update 2011-07-06 10:35:18.000000000 -0400 +@@ -4,7 +4,7 @@ + WGET=`which wget 2>/dev/null` + OUI_DOWNLOAD_URL="http://standards.ieee.org/regauth/oui/oui.txt" + +-OUI_PATH="/usr/local/etc/aircrack-ng" ++OUI_PATH="/etc/aircrack-ng" + AIRODUMP_NG_OUI="${OUI_PATH}/airodump-ng-oui.txt" + OUI_IEEE="${OUI_PATH}/oui.txt" + USERID="" diff --git a/net-wireless/aircrack-ng/files/airodump-ng.ignore-negative-one.v4.patch b/net-wireless/aircrack-ng/files/airodump-ng.ignore-negative-one.v4.patch new file mode 100644 index 00000000..fd1df041 --- /dev/null +++ b/net-wireless/aircrack-ng/files/airodump-ng.ignore-negative-one.v4.patch @@ -0,0 +1,121 @@ +Index: src/airodump-ng.c +=================================================================== +--- src/airodump-ng.c (revision 1916) ++++ src/airodump-ng.c (working copy) +@@ -589,42 +589,44 @@ + " usage: airodump-ng <options> <interface>[,<interface>,...]\n" + "\n" + " Options:\n" +-" --ivs : Save only captured IVs\n" +-" --gpsd : Use GPSd\n" +-" --write <prefix> : Dump file prefix\n" +-" -w : same as --write \n" +-" --beacons : Record all beacons in dump file\n" +-" --update <secs> : Display update delay in seconds\n" +-" --showack : Prints ack/cts/rts statistics\n" +-" -h : Hides known stations for --showack\n" +-" -f <msecs> : Time in ms between hopping channels\n" +-" --berlin <secs> : Time before removing the AP/client\n" +-" from the screen when no more packets\n" +-" are received (Default: 120 seconds)\n" +-" -r <file> : Read packets from that file\n" +-" -x <msecs> : Active Scanning Simulation\n" ++" --ivs : Save only captured IVs\n" ++" --gpsd : Use GPSd\n" ++" --write <prefix> : Dump file prefix\n" ++" -w : same as --write \n" ++" --beacons : Record all beacons in dump file\n" ++" --update <secs> : Display update delay in seconds\n" ++" --showack : Prints ack/cts/rts statistics\n" ++" -h : Hides known stations for --showack\n" ++" -f <msecs> : Time in ms between hopping channels\n" ++" --berlin <secs> : Time before removing the AP/client\n" ++" from the screen when no more packets\n" ++" are received (Default: 120 seconds)\n" ++" -r <file> : Read packets from that file\n" ++" -x <msecs> : Active Scanning Simulation\n" + " --output-format\n" +-" <formats> : Output format. Possible values:\n" +-" pcap, ivs, csv, gps, kismet, netxml\n" ++" <formats> : Output format. Possible values:\n" ++" pcap, ivs, csv, gps, kismet, netxml\n" ++" --ignore-negative-one : Removes the message that says\n" ++" fixed channel <interface>: -1\n" + "\n" + " Filter options:\n" +-" --encrypt <suite> : Filter APs by cipher suite\n" +-" --netmask <netmask> : Filter APs by mask\n" +-" --bssid <bssid> : Filter APs by BSSID\n" +-" -a : Filter unassociated clients\n" ++" --encrypt <suite> : Filter APs by cipher suite\n" ++" --netmask <netmask> : Filter APs by mask\n" ++" --bssid <bssid> : Filter APs by BSSID\n" ++" -a : Filter unassociated clients\n" + "\n" + " By default, airodump-ng hop on 2.4GHz channels.\n" + " You can make it capture on other/specific channel(s) by using:\n" +-" --channel <channels>: Capture on specific channels\n" +-" --band <abg> : Band on which airodump-ng should hop\n" +-" -C <frequencies> : Uses these frequencies in MHz to hop\n" +-" --cswitch <method> : Set channel switching method\n" +-" 0 : FIFO (default)\n" +-" 1 : Round Robin\n" +-" 2 : Hop on last\n" +-" -s : same as --cswitch\n" ++" --channel <channels> : Capture on specific channels\n" ++" --band <abg> : Band on which airodump-ng should hop\n" ++" -C <frequencies> : Uses these frequencies in MHz to hop\n" ++" --cswitch <method> : Set channel switching method\n" ++" 0 : FIFO (default)\n" ++" 1 : Round Robin\n" ++" 2 : Hop on last\n" ++" -s : same as --cswitch\n" + "\n" +-" --help : Displays this usage screen\n" ++" --help : Displays this usage screen\n" + "\n"; + + int is_filtered_netmask(uchar *bssid) +@@ -5037,6 +5039,7 @@ + for(i=0; i<cards; i++) + { + chan = wi_get_channel(wi[i]); ++ if(G.ignore_negative_one == 1 && chan==-1) return 0; + if(G.channel[i] != chan) + { + memset(G.message, '\x00', sizeof(G.message)); +@@ -5237,6 +5240,7 @@ + {"showack", 0, 0, 'A'}, + {"detect-anomaly", 0, 0, 'E'}, + {"output-format", 1, 0, 'o'}, ++ {"ignore-negative-one", 0, &G.ignore_negative_one, 1}, + {0, 0, 0, 0 } + }; + +Index: src/airodump-ng.h +=================================================================== +--- src/airodump-ng.h (revision 1916) ++++ src/airodump-ng.h (working copy) +@@ -418,6 +418,8 @@ + pthread_mutex_t mx_sort; /* lock write access to ap LL */ + + uchar selected_bssid[6]; /* bssid that is selected */ ++ ++ int ignore_negative_one; + } + G; + +Index: manpages/airodump-ng.1 +=================================================================== +--- manpages/airodump-ng.1 (revision 1916) ++++ manpages/airodump-ng.1 (working copy) +@@ -58,6 +58,9 @@ + 'pcap' is for recording a capture in pcap format, 'ivs' is for ivs format (it is a shortcut for --ivs). 'csv' will create an airodump-ng CSV file, 'kismet' will create a kismet csv file and 'kismet-newcore' will create the kismet netxml file. 'gps' is a shortcut for --gps. + .br + Theses values can be combined with the exception of ivs and pcap. ++.TP ++.I --ignore-negative-one ++Removes the message that says 'fixed channel <interface>: -1'. + .PP + .B Filter options: + .TP diff --git a/net-wireless/aircrack-ng/files/changeset_r1921_backport.diff b/net-wireless/aircrack-ng/files/changeset_r1921_backport.diff new file mode 100644 index 00000000..e9a4a801 --- /dev/null +++ b/net-wireless/aircrack-ng/files/changeset_r1921_backport.diff @@ -0,0 +1,60 @@ +diff -Naur aircrack-ng-1.1/src/airodump-ng.c aircrack-ng-1.1-patched/src/airodump-ng.c +--- aircrack-ng-1.1/src/airodump-ng.c 2011-07-06 10:28:54.000000000 -0400 ++++ aircrack-ng-1.1-patched/src/airodump-ng.c 2011-07-06 10:24:40.000000000 -0400 +@@ -383,8 +383,11 @@ + unsigned char c[2]; + struct oui *oui_ptr = NULL, *oui_head = NULL; + +- if (!(fp = fopen(OUI_PATH, "r"))) +- return NULL; ++ if (!(fp = fopen(OUI_PATH0, "r"))) { ++ if (!(fp = fopen(OUI_PATH1, "r"))) { ++ return NULL; ++ } ++ } + + memset(buffer, 0x00, sizeof(buffer)); + while (fgets(buffer, sizeof(buffer), fp) != NULL) { +@@ -3592,6 +3595,7 @@ + #define OUI_STR_SIZE 8 + #define MANUF_SIZE 128 + char *get_manufacturer(unsigned char mac0, unsigned char mac1, unsigned char mac2) { ++ static char * oui_location = NULL; + char oui[OUI_STR_SIZE + 1]; + char *manuf; + //char *buffer_manuf; +@@ -3625,7 +3629,20 @@ + } + } else { + // If the file exist, then query it each time we need to get a manufacturer. +- fp = fopen(OUI_PATH, "r"); ++ if (oui_location == NULL) { ++ fp = fopen(OUI_PATH0, "r"); ++ if (fp == NULL) { ++ fp = fopen(OUI_PATH1, "r"); ++ if (fp != NULL) { ++ oui_location = OUI_PATH1; ++ } ++ } else { ++ oui_location = OUI_PATH0; ++ } ++ } else { ++ fp = fopen(oui_location, "r"); ++ } ++ + if (fp != NULL) { + + memset(buffer, 0x00, sizeof(buffer)); +diff -Naur aircrack-ng-1.1/src/airodump-ng.h aircrack-ng-1.1-patched/src/airodump-ng.h +--- aircrack-ng-1.1/src/airodump-ng.h 2011-07-06 10:28:54.000000000 -0400 ++++ aircrack-ng-1.1-patched/src/airodump-ng.h 2011-07-06 10:39:27.000000000 -0400 +@@ -111,7 +111,8 @@ + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00"; + +-#define OUI_PATH "/usr/local/etc/aircrack-ng/airodump-ng-oui.txt" ++#define OUI_PATH0 "/etc/aircrack-ng/airodump-ng-oui.txt" ++#define OUI_PATH1 "/usr/local/etc/aircrack-ng/airodump-ng-oui.txt" + #define MIN_RAM_SIZE_LOAD_OUI_RAM 32768 + + int read_pkts=0; diff --git a/net-wireless/aircrack-ng/files/diff-wpa-migration-mode-aircrack-ng.diff b/net-wireless/aircrack-ng/files/diff-wpa-migration-mode-aircrack-ng.diff new file mode 100644 index 00000000..5a8fd15a --- /dev/null +++ b/net-wireless/aircrack-ng/files/diff-wpa-migration-mode-aircrack-ng.diff @@ -0,0 +1,872 @@ +diff -ru /tmp/aircrack-ng-1.1/src/aircrack-ng.c ./aircrack-ng.c +--- /tmp/aircrack-ng-1.1/src/aircrack-ng.c 2010-04-09 11:50:14.000000000 -0300 ++++ ./aircrack-ng.c 2010-07-12 13:13:42.000000000 -0300 +@@ -1065,6 +1065,9 @@ + + ap_cur->crypt = -1; + ++ if (opt.forced_amode) ++ ap_cur->crypt = opt.amode + 1; ++ + if (opt.do_ptw == 1) + { + ap_cur->ptw_clean = PTW_newattackstate(); +@@ -1388,13 +1391,18 @@ + + if( h80211[z] != h80211[z + 1] || h80211[z + 2] != 0x03 ) + { +- ap_cur->crypt = 2; /* encryption = WEP */ ++ if( !opt.forced_amode ) ++ ap_cur->crypt = 2; /* encryption = WEP */ + + /* check the extended IV flag */ + +- if( ( h80211[z + 3] & 0x20 ) != 0 ) +- /* encryption = WPA */ ++ if( ( h80211[z + 3] & 0x20 ) != 0 ) ++ { ++ /* encryption = WPA */ ++ if( !opt.forced_amode ) + ap_cur->crypt = 3; ++ goto unlock_mx_apl; ++ } + + /* check the WEP key index */ + +@@ -1490,7 +1498,8 @@ + goto unlock_mx_apl; + + ap_cur->eapol = 0; +- ap_cur->crypt = 3; /* set WPA */ ++ if( !opt.forced_amode ) ++ ap_cur->crypt = 3; /* set WPA */ + + if( st_cur == NULL ) + { +@@ -1976,6 +1985,9 @@ + memcpy( ap_cur->bssid, bssid, 6 ); + + ap_cur->crypt = -1; ++ ++ if (opt.forced_amode) ++ ap_cur->crypt = opt.amode + 1; + } + + if( fmt == FORMAT_IVS ) +@@ -2202,13 +2214,18 @@ + + if( h80211[z] != h80211[z + 1] || h80211[z + 2] != 0x03 ) + { +- ap_cur->crypt = 2; /* encryption = WEP */ ++ if( !opt.forced_amode ) ++ ap_cur->crypt = 2; /* encryption = WEP */ + + /* check the extended IV flag */ + +- if( ( h80211[z + 3] & 0x20 ) != 0 ) +- /* encryption = WPA */ ++ if( ( h80211[z + 3] & 0x20 ) != 0 ) ++ { ++ /* encryption = WPA */ ++ if( !opt.forced_amode ) + ap_cur->crypt = 3; ++ goto unlock_mx_apl; ++ } + + /* check the WEP key index */ + +@@ -3213,7 +3230,10 @@ + + pthread_mutex_unlock( &mx_ivb ); + +- return( RESTART ); ++ if (wep.nb_ivs > 0) ++ return( RESTART ); ++ else ++ return( SUCCESS ); + } + + return( SUCCESS ); +@@ -4580,6 +4600,7 @@ + opt.bssidmerge = NULL; + opt.oneshot = 0; + opt.logKeyToFile = NULL; ++ opt.forced_amode = 0; + + /* + all_ivs = malloc( (256*256*256) * sizeof(used_iv)); +@@ -4668,6 +4689,8 @@ + return( FAILURE ); + } + ++ opt.forced_amode = 1; ++ + break; + + case 'e' : +@@ -5362,7 +5385,7 @@ + printf("Starting PTW attack with %ld ivs.\n", ap_cur->nb_ivs_vague); + ret = crack_wep_ptw(ap_cur); + +- if( opt.oneshot == 1 && ret == FAILURE ) ++ if( (opt.oneshot == 1 || wep.nb_ivs == 0) && ret == FAILURE ) + { + printf( " Attack failed. Possible reasons:\n\n" + " * Out of luck: you must capture more IVs. Usually, 104-bit WEP\n" +diff -ru /tmp/aircrack-ng-1.1/src/aircrack-ng.h ./aircrack-ng.h +--- /tmp/aircrack-ng-1.1/src/aircrack-ng.h 2009-06-13 19:49:09.000000000 -0300 ++++ ./aircrack-ng.h 2010-07-12 12:25:06.000000000 -0300 +@@ -148,6 +148,8 @@ + + char * logKeyToFile; + ++ int forced_amode; /* signals disregarding automatic detection of encryption type */ ++ + } + + opt; +diff -ru /tmp/aircrack-ng-1.1/src/aireplay-ng.c ./aireplay-ng.c +--- /tmp/aircrack-ng-1.1/src/aireplay-ng.c 2010-04-02 01:33:28.000000000 -0300 ++++ ./aireplay-ng.c 2010-07-08 19:56:40.000000000 -0300 +@@ -93,6 +93,10 @@ + "\x00\x00\x3A\x01\xBB\xBB\xBB\xBB\xBB\xBB\xCC\xCC\xCC\xCC\xCC\xCC" \ + "\xBB\xBB\xBB\xBB\xBB\xBB\xC0\x00\x31\x04\x64\x00" + ++#define REASSOC_REQ \ ++ "\x20\x00\x3A\x01\xBB\xBB\xBB\xBB\xBB\xBB\xCC\xCC\xCC\xCC\xCC\xCC" \ ++ "\xBB\xBB\xBB\xBB\xBB\xBB\xC0\x00\x31\x04\x64\x00\x00\x00\x00\x00\x00\x00" ++ + #define NULL_DATA \ + "\x48\x01\x3A\x01\xBB\xBB\xBB\xBB\xBB\xBB\xCC\xCC\xCC\xCC\xCC\xCC" \ + "\xBB\xBB\xBB\xBB\xBB\xBB\xE0\x1B" +@@ -171,6 +175,7 @@ + " -e essid : set target AP SSID\n" + " -o npckts : number of packets per burst (0=auto, default: 1)\n" + " -q sec : seconds between keep-alives\n" ++" -Q : send reassociation requests\n" + " -y prga : keystream for shared key auth\n" + " -T n : exit after retry fake auth request n time\n" + "\n" +@@ -213,6 +218,7 @@ + " --caffe-latte : query a client for new IVs (-6)\n" + " --cfrag : fragments against a client (-7)\n" + " --test : tests injection and quality (-9)\n" ++" --migmode : attacks WPA migration mode (-W)\n" + "\n" + " --help : Displays this usage screen\n" + "\n"; +@@ -269,6 +275,8 @@ + + int nodetect; + int rtc; ++ ++ int reassoc; + } + opt; + +@@ -1760,16 +1768,25 @@ + + case 6: + +- if( opt.a_delay == 0 ) ++ if( opt.a_delay == 0 && opt.reassoc == 0 ) + { + printf("\n"); + return( 0 ); + } + ++ if( opt.a_delay == 0 && opt.reassoc == 1 ) ++ { ++ if(opt.npackets == -1) x_send = 4; ++ state = 7; ++ challengelen = 0; ++ break; ++ } ++ + if( time( NULL ) - tt >= opt.a_delay ) + { + if(opt.npackets == -1) x_send = 4; +- state = 0; ++ if( opt.reassoc == 1 ) state = 7; ++ else state = 0; + challengelen = 0; + break; + } +@@ -1797,6 +1814,69 @@ + + break; + ++ case 7: ++ ++ /* sending reassociation request */ ++ ++ tries = 0; ++ state = 8; ++ if(opt.npackets == -1) x_send *= 2; ++ tt = time( NULL ); ++ ++ /* attempt to reassociate */ ++ ++ memcpy( h80211, REASSOC_REQ, 34 ); ++ memcpy( h80211 + 4, opt.r_bssid, 6 ); ++ memcpy( h80211 + 10, opt.r_smac , 6 ); ++ memcpy( h80211 + 16, opt.r_bssid, 6 ); ++ ++ n = strlen( opt.r_essid ); ++ if( n > 32 ) n = 32; ++ ++ h80211[34] = 0x00; ++ h80211[35] = n; ++ ++ memcpy( h80211 + 36, opt.r_essid, n ); ++ memcpy( h80211 + 36 + n, RATES, 16 ); ++ memcpy( h80211 + 30, capa, 2); ++ ++ PCT; printf( "Sending Reassociation Request" ); ++ fflush( stdout ); ++ gotack=0; ++ ++ for( i = 0; i < x_send; i++ ) ++ { ++ if( send_packet( h80211, 52 + n ) < 0 ) ++ return( 1 ); ++ ++ usleep(10); ++ ++ if( send_packet( ackbuf, 14 ) < 0 ) ++ return( 1 ); ++ usleep(10); ++ ++ if( send_packet( ackbuf, 14 ) < 0 ) ++ return( 1 ); ++ } ++ ++ break; ++ ++ case 8: ++ ++ /* waiting for a reassociation response */ ++ ++ if( time( NULL ) - tt >= 5 ) ++ { ++ if( x_send < 256 && (opt.npackets == -1) ) ++ x_send *= 4; ++ ++ state = 7; ++ challengelen = 0; ++ printf("\n"); ++ } ++ ++ break; ++ + default: break; + } + +@@ -2042,6 +2122,60 @@ + + state = 6; /* assoc. done */ + } ++ ++ /* check if we got an reassociation response */ ++ ++ if( h80211[0] == 0x30 && state == 8 ) ++ { ++ printf("\n"); ++ state = 7; PCT; ++ ++ if( caplen < 30 ) ++ { ++ printf( "Error: packet length < 30 bytes\n" ); ++ sleep( 3 ); ++ challengelen = 0; ++ continue; ++ } ++ ++ n = h80211[26] + ( h80211[27] << 8 ); ++ ++ if( n != 0 ) ++ { ++ switch( n ) ++ { ++ case 1: ++ printf( "Denied (code 1), is WPA in use ?\n" ); ++ break; ++ ++ case 10: ++ printf( "Denied (code 10), open (no WEP) ?\n" ); ++ break; ++ ++ case 12: ++ printf( "Denied (code 12), wrong ESSID or WPA ?\n" ); ++ break; ++ ++ default: ++ printf( "Reassociation denied (code %d)\n", n ); ++ break; ++ } ++ ++ sleep( 3 ); ++ challengelen = 0; ++ continue; ++ } ++ ++ aid=( ( (h80211[29] << 8) || (h80211[28]) ) & 0x3FFF); ++ printf( "Reassociation successful :-) (AID: %d)\n", aid ); ++ deauth_wait = 3; ++ fflush( stdout ); ++ ++ tt = time( NULL ); ++ tr = time( NULL ); ++ ++ state = 6; /* reassoc. done */ ++ } + } + } + +@@ -3024,6 +3158,423 @@ + return( 0 ); + } + ++int do_attack_migmode( void ) ++{ ++ int nb_bad_pkt; ++ int arp_off1, arp_off2; ++ int i, n, caplen, nb_arp, z; ++ long nb_pkt_read, nb_arp_tot, nb_ack_pkt; ++ uchar flip[4096]; ++ uchar senderMAC[6]; ++ ++ time_t tc; ++ float f, ticks[3]; ++ struct timeval tv; ++ struct timeval tv2; ++ struct tm *lt; ++ ++ FILE *f_cap_out; ++ struct pcap_file_header pfh_out; ++ struct pcap_pkthdr pkh; ++ struct ARP_req * arp; ++ ++ if ( opt.ringbuffer ) ++ arp = (struct ARP_req*) malloc( opt.ringbuffer * sizeof( struct ARP_req ) ); ++ else ++ arp = (struct ARP_req*) malloc( sizeof( struct ARP_req ) ); ++ ++ /* capture only WEP data to broadcast address */ ++ ++ opt.f_type = 2; ++ opt.f_subtype = 0; ++ opt.f_iswep = 1; ++ opt.f_fromds = 1; ++ ++ if(getnet(NULL, 1, 1) != 0) ++ return 1; ++ ++ if( memcmp( opt.f_bssid, NULL_MAC, 6 ) == 0 ) ++ { ++ printf( "Please specify a BSSID (-b).\n" ); ++ return( 1 ); ++ } ++ /* create and write the output pcap header */ ++ ++ gettimeofday( &tv, NULL ); ++ ++ pfh_out.magic = TCPDUMP_MAGIC; ++ pfh_out.version_major = PCAP_VERSION_MAJOR; ++ pfh_out.version_minor = PCAP_VERSION_MINOR; ++ pfh_out.thiszone = 0; ++ pfh_out.sigfigs = 0; ++ pfh_out.snaplen = 65535; ++ pfh_out.linktype = LINKTYPE_IEEE802_11; ++ ++ lt = localtime( (const time_t *) &tv.tv_sec ); ++ ++ memset( strbuf, 0, sizeof( strbuf ) ); ++ snprintf( strbuf, sizeof( strbuf ) - 1, ++ "replay_arp-%02d%02d-%02d%02d%02d.cap", ++ lt->tm_mon + 1, lt->tm_mday, ++ lt->tm_hour, lt->tm_min, lt->tm_sec ); ++ ++ printf( "Saving ARP requests in %s\n", strbuf ); ++ ++ if( ( f_cap_out = fopen( strbuf, "wb+" ) ) == NULL ) ++ { ++ perror( "fopen failed" ); ++ return( 1 ); ++ } ++ ++ n = sizeof( struct pcap_file_header ); ++ ++ if( fwrite( &pfh_out, n, 1, f_cap_out ) != 1 ) ++ { ++ perror( "fwrite failed\n" ); ++ return( 1 ); ++ } ++ ++ fflush( f_cap_out ); ++ ++ printf( "You should also start airodump-ng to capture replies.\n" ); ++ printf( "Remember to filter the capture to only keep WEP frames: "); ++ printf( " \"tshark -R 'wlan.wep.iv' -r capture.cap -w outcapture.cap\"\n"); ++ //printf( "Remember to filter the capture to keep only broadcast From-DS frames.\n"); ++ ++ if(opt.port_in <= 0) ++ { ++ /* avoid blocking on reading the socket */ ++ if( fcntl( dev.fd_in, F_SETFL, O_NONBLOCK ) < 0 ) ++ { ++ perror( "fcntl(O_NONBLOCK) failed" ); ++ return( 1 ); ++ } ++ } ++ ++ memset( ticks, 0, sizeof( ticks ) ); ++ ++ tc = time( NULL ) - 11; ++ ++ nb_pkt_read = 0; ++ nb_bad_pkt = 0; ++ nb_ack_pkt = 0; ++ nb_arp = 0; ++ nb_arp_tot = 0; ++ arp_off1 = 0; ++ arp_off2 = 0; ++ ++ while( 1 ) ++ { ++ /* sleep until the next clock tick */ ++ ++ if( dev.fd_rtc >= 0 ) ++ { ++ if( read( dev.fd_rtc, &n, sizeof( n ) ) < 0 ) ++ { ++ perror( "read(/dev/rtc) failed" ); ++ return( 1 ); ++ } ++ ++ ticks[0]++; ++ ticks[1]++; ++ ticks[2]++; ++ } ++ else ++ { ++ gettimeofday( &tv, NULL ); ++ usleep( 1000000/RTC_RESOLUTION ); ++ gettimeofday( &tv2, NULL ); ++ ++ f = 1000000 * (float) ( tv2.tv_sec - tv.tv_sec ) ++ + (float) ( tv2.tv_usec - tv.tv_usec ); ++ ++ ticks[0] += f / ( 1000000/RTC_RESOLUTION ); ++ ticks[1] += f / ( 1000000/RTC_RESOLUTION ); ++ ticks[2] += f / ( 1000000/RTC_RESOLUTION ); ++ } ++ ++ if( ticks[1] > (RTC_RESOLUTION/10) ) ++ { ++ ticks[1] = 0; ++ printf( "\rRead %ld packets (%ld ARPs, %ld ACKs), " ++ "sent %ld packets...(%d pps)\r", ++ nb_pkt_read, nb_arp_tot, nb_ack_pkt, nb_pkt_sent, (int)((double)nb_pkt_sent/((double)ticks[0]/(double)RTC_RESOLUTION)) ); ++ fflush( stdout ); ++ } ++ ++ if( ( ticks[2] * opt.r_nbpps ) / RTC_RESOLUTION >= 1 ) ++ { ++ /* threshold reach, send one frame */ ++ ++ ticks[2] = 0; ++ ++ if( nb_arp > 0 ) ++ { ++ if( nb_pkt_sent == 0 ) ++ ticks[0] = 0; ++ ++ if( send_packet( arp[arp_off1].buf, ++ arp[arp_off1].len ) < 0 ) ++ return( 1 ); ++ ++ if( ((double)ticks[0]/(double)RTC_RESOLUTION)*(double)opt.r_nbpps > (double)nb_pkt_sent ) ++ { ++ if( send_packet( arp[arp_off1].buf, ++ arp[arp_off1].len ) < 0 ) ++ return( 1 ); ++ } ++ ++ if( ++arp_off1 >= nb_arp ) ++ arp_off1 = 0; ++ } ++ } ++ ++ /* read a frame, and check if it's an ARP request */ ++ ++ if( opt.s_file == NULL ) ++ { ++ gettimeofday( &tv, NULL ); ++ ++ caplen = read_packet( h80211, sizeof( h80211 ), NULL ); ++ ++ if( caplen < 0 ) return( 1 ); ++ if( caplen == 0 ) continue; ++ } ++ else ++ { ++ n = sizeof( pkh ); ++ ++ if( fread( &pkh, n, 1, dev.f_cap_in ) != 1 ) ++ { ++ opt.s_file = NULL; ++ continue; ++ } ++ ++ if( dev.pfh_in.magic == TCPDUMP_CIGAM ) ++ SWAP32( pkh.caplen ); ++ ++ tv.tv_sec = pkh.tv_sec; ++ tv.tv_usec = pkh.tv_usec; ++ ++ n = caplen = pkh.caplen; ++ ++ if( n <= 0 || n > (int) sizeof( h80211 ) || n > (int) sizeof( tmpbuf ) ) ++ { ++ printf( "\r\33[KInvalid packet length %d.\n", n ); ++ opt.s_file = NULL; ++ continue; ++ } ++ ++ if( fread( h80211, n, 1, dev.f_cap_in ) != 1 ) ++ { ++ opt.s_file = NULL; ++ continue; ++ } ++ ++ if( dev.pfh_in.linktype == LINKTYPE_PRISM_HEADER ) ++ { ++ /* remove the prism header */ ++ ++ if( h80211[7] == 0x40 ) ++ n = 64; ++ else ++ n = *(int *)( h80211 + 4 ); ++ ++ if( n < 8 || n >= (int) caplen ) ++ continue; ++ ++ memcpy( tmpbuf, h80211, caplen ); ++ caplen -= n; ++ memcpy( h80211, tmpbuf + n, caplen ); ++ } ++ ++ if( dev.pfh_in.linktype == LINKTYPE_RADIOTAP_HDR ) ++ { ++ /* remove the radiotap header */ ++ ++ n = *(unsigned short *)( h80211 + 2 ); ++ ++ if( n <= 0 || n >= (int) caplen ) ++ continue; ++ ++ memcpy( tmpbuf, h80211, caplen ); ++ caplen -= n; ++ memcpy( h80211, tmpbuf + n, caplen ); ++ } ++ ++ if( dev.pfh_in.linktype == LINKTYPE_PPI_HDR ) ++ { ++ /* remove the PPI header */ ++ ++ n = le16_to_cpu(*(unsigned short *)( h80211 + 2)); ++ ++ if( n <= 0 || n>= (int) caplen ) ++ continue; ++ ++ /* for a while Kismet logged broken PPI headers */ ++ if ( n == 24 && le16_to_cpu(*(unsigned short *)(h80211 + 8)) == 2 ) ++ n = 32; ++ ++ if( n <= 0 || n>= (int) caplen ) ++ continue; ++ ++ memcpy( tmpbuf, h80211, caplen ); ++ caplen -= n; ++ memcpy( h80211, tmpbuf + n, caplen ); ++ } ++ } ++ ++ nb_pkt_read++; ++ ++ /* check if it's a disas. or deauth packet */ ++ ++ if( ( h80211[0] == 0xC0 || h80211[0] == 0xA0 ) && ++ ! memcmp( h80211 + 4, opt.r_smac, 6 ) ) ++ { ++ nb_bad_pkt++; ++ ++ if( nb_bad_pkt > 64 && time( NULL ) - tc >= 10 ) ++ { ++ printf( "\33[KNotice: got a deauth/disassoc packet. Is the " ++ "source MAC associated ?\n" ); ++ ++ tc = time( NULL ); ++ nb_bad_pkt = 0; ++ } ++ } ++ ++ if( h80211[0] == 0xD4 && ++ ! memcmp( h80211 + 4, opt.f_bssid, 6 ) ) ++ { ++ nb_ack_pkt++; ++ } ++ ++ /* check if it's a potential ARP request */ ++ ++ opt.f_minlen = opt.f_maxlen = 68; ++ ++ if( filter_packet( h80211, caplen ) == 0 ) ++ goto add_arp; ++ ++ opt.f_minlen = opt.f_maxlen = 86; ++ ++ if( filter_packet( h80211, caplen ) == 0 ) ++ { ++add_arp: ++ z = ( ( h80211[1] & 3 ) != 3 ) ? 24 : 30; ++ if ( ( h80211[0] & 0x80 ) == 0x80 ) /* QoS */ ++ z+=2; ++ ++ switch( h80211[1] & 3 ) ++ { ++ case 2: /* FromDS */ ++ { ++ if(memcmp(h80211 + 4, BROADCAST, 6) == 0) ++ { ++ /* backup sender MAC */ ++ ++ memset( senderMAC, 0, 6 ); ++ memcpy( senderMAC, h80211 + 16, 6 ); ++ ++ /* rewrite to a ToDS packet */ ++ ++ memcpy( h80211 + 4, opt.f_bssid, 6 ); ++ memcpy( h80211 + 10, opt.r_smac, 6 ); ++ memcpy( h80211 + 16, BROADCAST, 6 ); ++ ++ h80211[1] = 0x41; /* ToDS & WEP */ ++ } ++ else ++ { ++ nb_arp_tot++; ++ continue; ++ } ++ ++ break; ++ } ++ default: ++ continue; ++ } ++ ++// h80211[0] = 0x08; /* normal data */ ++ ++ /* if same IV, perhaps our own packet, skip it */ ++ ++ for( i = 0; i < nb_arp; i++ ) ++ { ++ if( memcmp( h80211 + z, arp[i].buf + arp[i].hdrlen, 4 ) == 0 ) ++ break; ++ } ++ ++ if( i < nb_arp ) ++ continue; ++ ++ if( caplen > 128) ++ continue; ++ /* add the ARP request in the ring buffer */ ++ ++ nb_arp_tot++; ++ ++ /* Ring buffer size: by default: 8 ) */ ++ ++ if( nb_arp >= opt.ringbuffer && opt.ringbuffer > 0) ++ continue; ++ else { ++ ++ if( ( arp[nb_arp].buf = malloc( 128 ) ) == NULL ) { ++ perror( "malloc failed" ); ++ return( 1 ); ++ } ++ ++ memset(flip, 0, 4096); ++ ++ /* flip the sender MAC to convert it into the source MAC */ ++ flip[16] ^= (opt.r_smac[0] ^ senderMAC[0]); ++ flip[17] ^= (opt.r_smac[1] ^ senderMAC[1]); ++ flip[18] ^= (opt.r_smac[2] ^ senderMAC[2]); ++ flip[19] ^= (opt.r_smac[3] ^ senderMAC[3]); ++ flip[20] ^= (opt.r_smac[4] ^ senderMAC[4]); ++ flip[21] ^= (opt.r_smac[5] ^ senderMAC[5]); ++ flip[25] ^= ((rand() % 255)+1); //flip random bits in last byte of sender IP ++ ++ add_crc32_plain(flip, caplen-z-4-4); ++ for(i=0; i<caplen-z-4; i++) ++ { ++ (h80211+z+4)[i] ^= flip[i]; ++ } ++ ++ memcpy( arp[nb_arp].buf, h80211, caplen ); ++ arp[nb_arp].len = caplen; ++ arp[nb_arp].hdrlen = z; ++ nb_arp++; ++ ++ pkh.tv_sec = tv.tv_sec; ++ pkh.tv_usec = tv.tv_usec; ++ pkh.caplen = caplen; ++ pkh.len = caplen; ++ ++ n = sizeof( pkh ); ++ ++ if( fwrite( &pkh, n, 1, f_cap_out ) != 1 ) { ++ perror( "fwrite failed" ); ++ return( 1 ); ++ } ++ ++ n = pkh.caplen; ++ ++ if( fwrite( h80211, n, 1, f_cap_out ) != 1 ) { ++ perror( "fwrite failed" ); ++ return( 1 ); ++ } ++ ++ fflush( f_cap_out ); ++ } ++ } ++ } ++ ++ return( 0 ); ++} ++ + int set_clear_arp(uchar *buf, uchar *smac, uchar *dmac) //set first 22 bytes + { + if(buf == NULL) +@@ -5731,6 +6282,7 @@ + opt.fast = 0; opt.r_smac_set = 0; + opt.npackets = 1; opt.nodetect = 0; + opt.rtc = 1; opt.f_retry = 0; ++ opt.reassoc = 0; + + /* XXX */ + #if 0 +@@ -5765,11 +6317,12 @@ + {"help", 0, 0, 'H'}, + {"fast", 0, 0, 'F'}, + {"bittest", 0, 0, 'B'}, ++ {"migmode", 0, 0, 'W'}, + {0, 0, 0, 0 } + }; + + int option = getopt_long( argc, argv, +- "b:d:s:m:n:u:v:t:T:f:g:w:x:p:a:c:h:e:ji:r:k:l:y:o:q:0:1:2345679HFBDR", ++ "b:d:s:m:n:u:v:t:T:f:g:w:x:p:a:c:h:e:ji:r:k:l:y:o:q:Q0:1:2345679HFBDRW", + long_options, &option_index ); + + if( option < 0 ) break; +@@ -5939,6 +6492,11 @@ + } + break; + ++ case 'Q' : ++ ++ opt.reassoc = 1; ++ break; ++ + case 'p' : + + ret = sscanf( optarg, "%x", &opt.r_fctrl ); +@@ -6188,6 +6746,17 @@ + opt.a_mode = 9; + break; + ++ case 'W' : ++ ++ if( opt.a_mode != -1 ) ++ { ++ printf( "Attack mode already specified.\n" ); ++ printf("\"%s --help\" for help.\n", argv[0]); ++ return( 1 ); ++ } ++ opt.a_mode = 10; ++ break; ++ + case 'F' : + + opt.fast = 1; +@@ -6426,6 +6995,7 @@ + case 6 : return( do_attack_caffe_latte() ); + case 7 : return( do_attack_cfrag() ); + case 9 : return( do_attack_test() ); ++ case 10: return( do_attack_migmode() ); + default: break; + } + +diff -ru /tmp/aircrack-ng-1.1/src/crypto.c ./crypto.c +--- /tmp/aircrack-ng-1.1/src/crypto.c 2009-05-02 20:43:51.000000000 -0300 ++++ ./crypto.c 2010-07-07 17:07:51.000000000 -0300 +@@ -438,6 +438,18 @@ + return 0; + } + ++int is_wlccp(void *wh, int len) ++{ ++ int wlccpsize = 58; ++ ++ if(wh) {} ++ ++ if (len == wlccpsize) ++ return 1; ++ ++ return 0; ++} ++ + int is_qos_arp_tkip(void *wh, int len) + { + unsigned char *packet = (unsigned char*) wh; +@@ -515,6 +527,29 @@ + return 1; + + } ++ else if(is_wlccp(wh, len)) /*wlccp*/ ++ { ++ len = sizeof(S_LLC_SNAP_WLCCP) - 1; ++ memcpy(ptr, S_LLC_SNAP_WLCCP, len); ++ ptr += len; ++ ++ /* wlccp hdr */ ++ len = 4; ++ memcpy(ptr, "\x00\x32\x40\x01", len); ++ ptr += len; ++ ++ /* dst mac */ ++ len = 6; ++ memcpy(ptr, get_da(wh), len); ++ ptr += len; ++ ++ len = ptr - ((unsigned char*)clear); ++ *clen = len; ++ if (weight) ++ weight[0] = 256; ++ return 1; ++ ++ } + else if(is_spantree(wh)) /*spantree*/ + { + len = sizeof(S_LLC_SNAP_SPANTREE) - 1; +diff -ru /tmp/aircrack-ng-1.1/src/crypto.h ./crypto.h +--- /tmp/aircrack-ng-1.1/src/crypto.h 2009-03-02 10:11:46.000000000 -0200 ++++ ./crypto.h 2010-07-07 16:55:30.000000000 -0300 +@@ -17,6 +17,7 @@ + + #define S_LLC_SNAP "\xAA\xAA\x03\x00\x00\x00" + #define S_LLC_SNAP_ARP (S_LLC_SNAP "\x08\x06") ++#define S_LLC_SNAP_WLCCP "\xAA\xAA\x03\x00\x40\x96\x00\x00" + #define S_LLC_SNAP_IP (S_LLC_SNAP "\x08\x00") + #define S_LLC_SNAP_SPANTREE "\x42\x42\x03\x00\x00\x00\x00\x00" + #define S_LLC_SNAP_CDP "\xAA\xAA\x03\x00\x00\x0C\x20" diff --git a/net-wireless/aircrack-ng/files/eapol_fix.patch b/net-wireless/aircrack-ng/files/eapol_fix.patch new file mode 100644 index 00000000..38490b82 --- /dev/null +++ b/net-wireless/aircrack-ng/files/eapol_fix.patch @@ -0,0 +1,20 @@ +--- src/airodump-ng.c ++++ src/airodump-ng.c +@@ -2126,7 +2126,7 @@ + st_cur->wpa.eapol_size = ( h80211[z + 2] << 8 ) + + h80211[z + 3] + 4; + +- if ((int)pkh.len - z < st_cur->wpa.eapol_size || st_cur->wpa.eapol_size == 0) ++ if (caplen - z < st_cur->wpa.eapol_size || st_cur->wpa.eapol_size == 0 || caplen - z < 81 + 16 || st_cur->wpa.eapol_size > 256) + { + // Ignore the packet trying to crash us. + goto write_packet; +@@ -2158,7 +2158,7 @@ + st_cur->wpa.eapol_size = ( h80211[z + 2] << 8 ) + + h80211[z + 3] + 4; + +- if ((int)pkh.len - z < st_cur->wpa.eapol_size || st_cur->wpa.eapol_size == 0) ++ if (caplen - z < st_cur->wpa.eapol_size || st_cur->wpa.eapol_size == 0 || caplen - z < 81 + 16 || st_cur->wpa.eapol_size > 256) + { + // Ignore the packet trying to crash us. + goto write_packet; diff --git a/net-wireless/aircrack-ng/files/ignore-channel-1-error.patch b/net-wireless/aircrack-ng/files/ignore-channel-1-error.patch new file mode 100644 index 00000000..6189af13 --- /dev/null +++ b/net-wireless/aircrack-ng/files/ignore-channel-1-error.patch @@ -0,0 +1,65 @@ +Adapted for version 1.1 by Zero_Chaos based on original + +From: Paul Fertser <fercerpav@gmail.com> +Date: Wed, 12 Jan 2011 00:27:07 +0300 +Subject: [PATCH] aireplay-ng: add an option to ignore channel -1 error + +Allow the user to ignore the channel match check when the host kernel is +not providing channel for the used interface. Required with unpatched +cfg80211 kernels. + +Signed-off-by: Paul Fertser <fercerpav@gmail.com> + +diff -Naur aircrack-ng-1.1-orig/src/aireplay-ng.c aircrack-ng-1.1/src/aireplay-ng.c +--- aircrack-ng-1.1-orig/src/aireplay-ng.c 2011-01-11 19:45:09.000000000 -0500 ++++ aircrack-ng-1.1/src/aireplay-ng.c 2011-01-11 19:44:34.000000000 -0500 +@@ -205,7 +205,9 @@ + "\n" + " Miscellaneous options:\n" + "\n" +-" -R : disable /dev/rtc usage\n" ++" -R : disable /dev/rtc usage\n" ++" --ignore-negative-one : if the interface's channel can't be determined,\n" ++" ignore the mismatch, needed for unpatched cfg80211\n" + "\n" + " Attack modes (numbers can still be used):\n" + "\n" +@@ -274,6 +276,7 @@ + int bittest; + + int nodetect; ++ int ignore_negative_one; + int rtc; + + int reassoc; +@@ -723,6 +726,13 @@ + + iface_chan = wi_get_channel(wi); + ++ if(iface_chan == -1 && !opt.ignore_negative_one) ++ { ++ PCT; printf("Couldn't determine current channel for %s, you should either force the operation with --ignore-negative-one or apply a kernel patch\n", ++ wi_get_ifname(wi)); ++ return -1; ++ } ++ + if(bssid != NULL) + { + ap_chan = wait_for_beacon(bssid, capa, essid); +@@ -731,7 +741,7 @@ + PCT; printf("No such BSSID available.\n"); + return -1; + } +- if(ap_chan != iface_chan) ++ if((ap_chan != iface_chan) && (iface_chan != -1 || !opt.ignore_negative_one)) + { + PCT; printf("%s is on channel %d, but the AP uses channel %d\n", wi_get_ifname(wi), iface_chan, ap_chan); + return -1; +@@ -6318,6 +6328,7 @@ + {"fast", 0, 0, 'F'}, + {"bittest", 0, 0, 'B'}, + {"migmode", 0, 0, 'W'}, ++ {"ignore-negative-one", 0, &opt.ignore_negative_one, 1}, + {0, 0, 0, 0 } + }; + diff --git a/net-wireless/aircrack-ng/files/pic-fix.patch b/net-wireless/aircrack-ng/files/pic-fix.patch new file mode 100644 index 00000000..20c1c900 --- /dev/null +++ b/net-wireless/aircrack-ng/files/pic-fix.patch @@ -0,0 +1,175 @@ +2010-11-10 Francisco Blas Izquierdo Riera <klondike@xiscosoft.es> + + #285703 + * src/sha1-sse2.S: Add support for x86 and AMD64 +This patch is licensed uder the same LICENSE as aircrack-ng + +diff -ru aircrack-ng-1.1.old/src/sha1-sse2.S aircrack-ng-1.1/src/sha1-sse2.S +--- aircrack-ng-1.1.old/src/sha1-sse2.S 2010-01-22 02:01:28.000000000 +0100 ++++ aircrack-ng-1.1/src/sha1-sse2.S 2011-02-26 06:22:37.061208191 +0100 +@@ -8,9 +8,36 @@ + // input blocks must be (four bytes) interleaved. + + #if defined(__x86_64__) && defined(__APPLE__) ++#define PRELOAD(x) + #define MANGLE(x) x(%rip) ++#define INIT_PIC() ++#define END_PIC() + #else ++#ifdef __PIC__ ++ ++#ifdef __x86_64__ ++#define PRELOAD(x) movq x@GOTPCREL(%rip), %rbx; ++#define MANGLE(x) (%rbx) ++#define INIT_PIC() pushq %rbx ++#define END_PIC() popq %rbx ++#else ++#undef __i686 /* gcc builtin define gets in our way */ ++#define PRELOAD(x) ++#define MANGLE(x) x ## @GOTOFF(%ebx) ++#define INIT_PIC() \ ++ call __i686.get_pc_thunk.bx ; \ ++ addl $_GLOBAL_OFFSET_TABLE_, %ebx ++#define END_PIC() ++#endif ++ ++#else ++ ++#define PRELOAD(x) + #define MANGLE(x) x ++#define INIT_PIC() ++#define END_PIC() ++ ++#endif + #endif + + #if defined(__i386__) || defined(__x86_64__) +@@ -142,12 +169,15 @@ + paddd tmp2, e; \ + movdqa b, tmp2; \ + pslld $30, b; \ ++ PRELOAD(k) \ + paddd MANGLE(k), e; \ + psrld $2, tmp2; \ + por tmp2, b; \ + movdqa (data*16)(edx_rsi), tmp1; \ + movdqa tmp1, tmp2; \ ++ PRELOAD(const_ff00) \ + pand MANGLE(const_ff00), tmp1; \ ++ PRELOAD(const_00ff) \ + pand MANGLE(const_00ff), tmp2; \ + psrld $8, tmp1; \ + pslld $8, tmp2; \ +@@ -181,6 +211,7 @@ + paddd tmp2, e; \ + movdqa b, tmp2; \ + pslld $30, b; \ ++ PRELOAD(k) \ + paddd MANGLE(k), e; \ + psrld $2, tmp2; \ + por tmp2, b; +@@ -192,10 +223,16 @@ + shasse2_init: + _shasse2_init: + ++ INIT_PIC() ++ PRELOAD(const_init_a) + movdqa MANGLE(const_init_a), ctxa ++ PRELOAD(const_init_b) + movdqa MANGLE(const_init_b), ctxb ++ PRELOAD(const_init_c) + movdqa MANGLE(const_init_c), ctxc ++ PRELOAD(const_init_d) + movdqa MANGLE(const_init_d), ctxd ++ PRELOAD(const_init_e) + movdqa MANGLE(const_init_e), ctxe + + movdqa ctxa, 0(eax_rdi) +@@ -203,6 +240,7 @@ + movdqa ctxc, 32(eax_rdi) + movdqa ctxd, 48(eax_rdi) + movdqa ctxe, 64(eax_rdi) ++ END_PIC() + + ret + +@@ -212,17 +250,20 @@ + shasse2_ends: + _shasse2_ends: + +- movdqa 0(eax_rdi), ctxa ++ INIT_PIC() ++ movdqa 0(eax_rdi), ctxa + movdqa 16(eax_rdi), ctxb + movdqa 32(eax_rdi), ctxc + movdqa 48(eax_rdi), ctxd + movdqa 64(eax_rdi), ctxe + ++ PRELOAD(const_ff00) + movdqa MANGLE(const_ff00), tmp3 + movdqa ctxa, tmp1 + movdqa ctxb, tmp2 + pand tmp3, ctxa + pand tmp3, ctxb ++ PRELOAD(const_00ff) + movdqa MANGLE(const_00ff), tmp3 + pand tmp3, tmp1 + pand tmp3, tmp2 +@@ -243,6 +284,7 @@ + movdqa ctxa, 0(edx_rsi) + movdqa ctxb, 16(edx_rsi) + ++ PRELOAD(const_ff00) + movdqa MANGLE(const_ff00), tmp5 + movdqa ctxc, tmp1 + movdqa ctxd, tmp2 +@@ -250,6 +292,7 @@ + pand tmp5, ctxc + pand tmp5, ctxd + pand tmp5, ctxe ++ PRELOAD(const_00ff) + movdqa MANGLE(const_00ff), tmp5 + pand tmp5, tmp1 + pand tmp5, tmp2 +@@ -279,6 +322,7 @@ + movdqa ctxc, 32(edx_rsi) + movdqa ctxd, 48(edx_rsi) + movdqa ctxe, 64(edx_rsi) ++ END_PIC() + + ret + +@@ -289,6 +333,7 @@ + shasse2_data: + _shasse2_data: + ++ INIT_PIC() + movdqa 0(eax_rdi), ctxa + movdqa 16(eax_rdi), ctxb + movdqa 32(eax_rdi), ctxc +@@ -400,6 +445,7 @@ + movdqa ctxc, 32(eax_rdi) + movdqa ctxd, 48(eax_rdi) + movdqa ctxe, 64(eax_rdi) ++ END_PIC() + + ret + +@@ -462,6 +508,17 @@ + pop %ebx + #endif + ret ++#ifdef __i386__ ++#ifdef __PIC__ ++ .section .gnu.linkonce.t.__i686.get_pc_thunk.bx,"ax",@progbits ++.globl __i686.get_pc_thunk.bx ++ .hidden __i686.get_pc_thunk.bx ++ .type __i686.get_pc_thunk.bx,@function ++__i686.get_pc_thunk.bx: ++ movl (%esp), %ebx ++ ret ++#endif ++#endif + #endif + + |