diff options
Diffstat (limited to 'net-wireless/cowpatty/files/cowpatty-4.3-fixup2.patch')
| -rw-r--r-- | net-wireless/cowpatty/files/cowpatty-4.3-fixup2.patch | 221 |
1 files changed, 221 insertions, 0 deletions
diff --git a/net-wireless/cowpatty/files/cowpatty-4.3-fixup2.patch b/net-wireless/cowpatty/files/cowpatty-4.3-fixup2.patch new file mode 100644 index 00000000..3ac75910 --- /dev/null +++ b/net-wireless/cowpatty/files/cowpatty-4.3-fixup2.patch @@ -0,0 +1,221 @@ +diff -uNr cowpatty-4.3/cowpatty.c cowpatty-4.3-fixup2/cowpatty.c +--- cowpatty-4.3/cowpatty.c 2008-03-20 09:49:38.000000000 -0700 ++++ cowpatty-4.3-fixup2/cowpatty.c 2009-05-21 23:38:17.970291072 -0700 +@@ -71,7 +71,7 @@ + void cleanup(); + void parseopts(struct user_opt *opt, int argc, char **argv); + void closepcap(struct capture_data *capdata); +-void handle_dot1x(struct crack_data *cdata, struct capture_data *capdata); ++void handle_dot1x(struct crack_data *cdata, struct capture_data *capdata, struct user_opt *opt); + void dump_all_fields(struct crack_data cdata); + void printstats(struct timeval start, struct timeval end, + unsigned long int wordcount); +@@ -389,7 +389,7 @@ + return (ret); + } + +-void handle_dot1x(struct crack_data *cdata, struct capture_data *capdata) ++void handle_dot1x(struct crack_data *cdata, struct capture_data *capdata, struct user_opt *opt) + { + struct ieee8021x *dot1xhdr; + struct wpa_eapol_key *eapolkeyhdr; +@@ -415,8 +415,8 @@ + cdata->ver = key_info & WPA_KEY_INFO_TYPE_MASK; + index = key_info & WPA_KEY_INFO_KEY_INDEX_MASK; + +- /* Check for EAPOL version 1, type EAPOL-Key */ +- if (dot1xhdr->version != 1 || dot1xhdr->type != 3) { ++ /* Check for type EAPOL-Key */ ++ if (dot1xhdr->type != 3) { + return; + } + +@@ -427,59 +427,78 @@ + + if (cdata->ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) { + /* Check for WPA key, and pairwise key type */ +- if (eapolkeyhdr->type != 254 || ++ if ((eapolkeyhdr->type != 2 && eapolkeyhdr->type != 254) || + (key_info & WPA_KEY_INFO_KEY_TYPE) == 0) { + return; + } + } else if (cdata->ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { +- if (eapolkeyhdr->type != 2 || ++ if ((eapolkeyhdr->type != 2 && eapolkeyhdr->type != 254) || + (key_info & WPA_KEY_INFO_KEY_TYPE) == 0) { + return; + } + } + ++ if (opt->verbose > 2) { ++ printf ("WPA_KEY_INFO_TYPE_HMAC_MD5_RC4: %d\n", WPA_KEY_INFO_TYPE_HMAC_MD5_RC4); ++ printf ("WPA_KEY_INFO_TYPE_HMAC_SHA1_AES: %d\n", WPA_KEY_INFO_TYPE_HMAC_SHA1_AES); ++ printf ("key version: %d\n", cdata->ver); ++ printf ("eapol key header type: %d\n", eapolkeyhdr->type); ++ } ++ ++ /* Check for frame 1 of the 4-way handshake */ ++ if ((key_info & WPA_KEY_INFO_MIC) == 0 ++ && (key_info & WPA_KEY_INFO_ACK) ++ && (key_info & WPA_KEY_INFO_INSTALL) == 0 ) { ++ /* All we need from this frame is the authenticator nonce */ ++ memcpy(cdata->anonce, eapolkeyhdr->key_nonce, ++ sizeof(cdata->anonce)); ++ cdata->anonceset = 1; ++ + /* Check for frame 2 of the 4-way handshake */ +- if ((key_info & WPA_KEY_INFO_MIC) && (key_info & WPA_KEY_INFO_ACK) == 0 +- && (key_info & WPA_KEY_INFO_INSTALL) == 0 +- && eapolkeyhdr->key_data_length > 0) { +- /* All we need from this frame is the authenticator nonce */ +- memcpy(cdata->snonce, eapolkeyhdr->key_nonce, +- sizeof(cdata->snonce)); +- cdata->snonceset = 1; ++ } else if ((key_info & WPA_KEY_INFO_MIC) ++ && (key_info & WPA_KEY_INFO_INSTALL) == 0 ++ && (key_info & WPA_KEY_INFO_ACK) == 0 ++ && eapolkeyhdr->key_data_length > 0) { + +- } else if ( /* Check for frame 3 of the 4-way handshake */ +- (key_info & WPA_KEY_INFO_MIC) +- && (key_info & WPA_KEY_INFO_INSTALL) +- && (key_info & WPA_KEY_INFO_ACK)) { ++ cdata->eapolframe_size = ( packet[capdata->dot1x_offset + 2] << 8 ) ++ + packet[capdata->dot1x_offset + 3] + 4; + + memcpy(cdata->spa, &packet[capdata->dstmac_offset], +- sizeof(cdata->spa)); +- memcpy(cdata->aa, &packet[capdata->srcmac_offset], +- sizeof(cdata->aa)); +- memcpy(cdata->anonce, eapolkeyhdr->key_nonce, +- sizeof(cdata->anonce)); +- cdata->aaset = 1; +- cdata->spaset = 1; +- cdata->anonceset = 1; +- /* We save the replay counter value in the 3rd frame to match +- against the 4th frame of the four-way handshake */ +- memcpy(cdata->replay_counter, eapolkeyhdr->replay_counter, 8); +- +- } else if ( /* Check for frame 4 of the four-way handshake */ +- (key_info & WPA_KEY_INFO_MIC) +- && (key_info & WPA_KEY_INFO_ACK) == 0 +- && (key_info & WPA_KEY_INFO_INSTALL) == 0 +- && +- (memcmp +- (cdata->replay_counter, eapolkeyhdr->replay_counter, +- 8) == 0)) { ++ sizeof(cdata->spa)); ++ memcpy(cdata->aa, &packet[capdata->srcmac_offset], ++ sizeof(cdata->aa)); ++ memcpy(cdata->snonce, eapolkeyhdr->key_nonce, ++ sizeof(cdata->snonce)); ++ cdata->aaset = 1; ++ cdata->spaset = 1; ++ cdata->snonceset = 1; + + memcpy(cdata->keymic, eapolkeyhdr->key_mic, +- sizeof(cdata->keymic)); ++ sizeof(cdata->keymic)); + memcpy(cdata->eapolframe, &packet[capdata->dot1x_offset], +- sizeof(cdata->eapolframe)); ++ cdata->eapolframe_size); ++ + cdata->keymicset = 1; + cdata->eapolframeset = 1; ++ ++ /* Check for frame 3 of the 4-way handshake */ ++ } else if ((key_info & WPA_KEY_INFO_MIC) ++ && (key_info & WPA_KEY_INFO_ACK) ++ && (key_info & WPA_KEY_INFO_INSTALL)) { ++ /* All we need from this frame is the authenticator nonce */ ++ memcpy(cdata->anonce, eapolkeyhdr->key_nonce, ++ sizeof(cdata->anonce)); ++ cdata->anonceset = 1; ++ ++ } ++ ++ if (opt->verbose > 2) { ++ printf("aaset: %d\n",cdata->aaset); ++ printf("spaset: %d\n",cdata->spaset); ++ printf("snonceset: %d\n",cdata->snonceset); ++ printf("keymicset: %d\n",cdata->keymicset); ++ printf("eapolframeset: %d\n",cdata->eapolframeset); ++ printf("anonceset: %d\n", cdata->anonceset); + } + } + +@@ -507,8 +526,7 @@ + printf("\n"); + + printf("eapolframe is:"); +- lamont_hdump(cdata.eapolframe, 99); /* Bug in lamont_hdump makes this look +- wrong, only shows 98 bytes */ ++ lamont_hdump(cdata.eapolframe, cdata.eapolframe_size); + printf("\n"); + + } +@@ -706,7 +724,7 @@ + } + + hmac_hash(cdata->ver, ptkset->mic_key, 16, cdata->eapolframe, +- sizeof(cdata->eapolframe), keymic); ++ cdata->eapolframe_size, keymic); + + if (opt->verbose > 2) { + printf("Calculated MIC with \"%s\" is", passphrase); +@@ -815,7 +833,7 @@ + } + + hmac_hash(cdata->ver, ptkset->mic_key, 16, cdata->eapolframe, +- sizeof(cdata->eapolframe), keymic); ++ cdata->eapolframe_size, keymic); + + if (opt->verbose > 2) { + printf("Calculated MIC with \"%s\" is", passphrase); +@@ -874,7 +892,7 @@ + 0 && (h->len > + capdata.l2type_offset + sizeof(struct wpa_eapol_key))) { + /* It's a dot1x frame, process it */ +- handle_dot1x(&cdata, &capdata); ++ handle_dot1x(&cdata, &capdata, &opt); + if (cdata.aaset && cdata.spaset && cdata.snonceset && + cdata.anonceset && cdata.keymicset + && cdata.eapolframeset) { +@@ -909,7 +927,6 @@ + eapkeypacket = + (struct wpa_eapol_key *)&cdata.eapolframe[EAPDOT1XOFFSET]; + memset(&eapkeypacket->key_mic, 0, sizeof(eapkeypacket->key_mic)); +- eapkeypacket->key_data_length = 0; + + printf("Starting dictionary attack. Please be patient.\n"); + fflush(stdout); +diff -uNr cowpatty-4.3/cowpatty.h cowpatty-4.3-fixup2/cowpatty.h +--- cowpatty-4.3/cowpatty.h 2008-03-20 09:49:38.000000000 -0700 ++++ cowpatty-4.3-fixup2/cowpatty.h 2009-05-21 23:37:52.533281370 -0700 +@@ -94,7 +94,7 @@ + u16 length; + } __attribute__ ((packed)); + +-#define MAXPASSLEN 63 ++#define MAXPASSLEN 64 + #define MEMORY_DICT 0 + #define STDIN_DICT 1 + #define EAPDOT1XOFFSET 4 +@@ -166,7 +166,8 @@ + u8 spa[6]; + u8 snonce[32]; + u8 anonce[32]; +- u8 eapolframe[99]; /* Length the same for all packets? */ ++ u8 eapolframe[99]; ++ u8 eapolframe2[125]; + u8 keymic[16]; + u8 aaset; + u8 spaset; +@@ -177,6 +178,7 @@ + u8 replay_counter[8]; + + int ver; /* Hashing algo, MD5 or AES-CBC-MAC */ ++ int eapolframe_size; + }; + + struct hashdb_head { |