diff options
Diffstat (limited to 'net-wireless/cowpatty')
-rw-r--r-- | net-wireless/cowpatty/Manifest | 7 | ||||
-rw-r--r-- | net-wireless/cowpatty/cowpatty-4.3-r2.ebuild | 28 | ||||
-rw-r--r-- | net-wireless/cowpatty/cowpatty-4.6-r4.ebuild | 28 | ||||
-rw-r--r-- | net-wireless/cowpatty/files/cowpatty-4.3-fixup2.patch | 221 | ||||
-rw-r--r-- | net-wireless/cowpatty/files/cowpatty-4.3-hashfix.patch | 12 | ||||
-rw-r--r-- | net-wireless/cowpatty/files/cowpatty-4.6-fixup14.patch | 346 |
6 files changed, 642 insertions, 0 deletions
diff --git a/net-wireless/cowpatty/Manifest b/net-wireless/cowpatty/Manifest new file mode 100644 index 00000000..d7e9de0a --- /dev/null +++ b/net-wireless/cowpatty/Manifest @@ -0,0 +1,7 @@ +AUX cowpatty-4.3-fixup2.patch 7550 RMD160 7b8bbb2266b69cf12290ac825f06efaf59b7c39c SHA1 0a42824828f3a91bb8a072b7210d9015205c096a SHA256 a5f1ea5429afd3a6cfc3509fdc564490f85f006258d11c5dc8b515d9490524e2 +AUX cowpatty-4.3-hashfix.patch 518 RMD160 7056eb376306bd086e7af8ca63f60799e5630cbf SHA1 10ee4c3796664c3f0a421e5f4901086d5985fd27 SHA256 a32d8dc367d858dda7bf557a9c01a5b9509aad04f4d0491100a1e42fdf749c72 +AUX cowpatty-4.6-fixup14.patch 12727 RMD160 fb2c3d60b5f07a9be4a25d7380ee1f33fc95a082 SHA1 635c09a981f30c9604f56497e71a451f00cc37f8 SHA256 49671af83ba4f6551e5b6e96e8036b0fba8929eda5917856c96643a1062a3db4 +DIST cowpatty-4.3.tgz 103720 RMD160 3eff935f1532f84c60bfd576801be4d6911964d1 SHA1 8b7cb2015d0534031827f2f06135bf5cf5929d35 SHA256 b82154c9183fed3c26226c124f5e50ef38adaaafc84c5a13d9256b1ebd489bca +DIST cowpatty-4.6.tgz 104979 RMD160 643e9e675ec06f606c99729289692654ddcbe3b4 SHA1 2dc09d725e4131a68a33c8717d3a7317e5616df2 SHA256 cd3fc113e5052d3ee08ab71aa87edf772d044f760670c73fde5d5581d7803bc2 +EBUILD cowpatty-4.3-r2.ebuild 719 RMD160 7e905574beb66550f4d28e686e36cbed6d59927f SHA1 58524b3354f7a85684c27a9161bcadcfe13fc673 SHA256 816e5ed329658a9ff09d142a70015e879537022aef63ad4e1eb2b0d1d18227ff +EBUILD cowpatty-4.6-r4.ebuild 670 RMD160 873dfed750509f50a4d7777cea257d72c078550e SHA1 61a4620a6f8568beaab0ea66cde4828de258533a SHA256 b9cf08fa1d839e9ba25e8ea65d20e208122b5ea7b397d3a2f323b48f23c4ccf0 diff --git a/net-wireless/cowpatty/cowpatty-4.3-r2.ebuild b/net-wireless/cowpatty/cowpatty-4.3-r2.ebuild new file mode 100644 index 00000000..c60c8302 --- /dev/null +++ b/net-wireless/cowpatty/cowpatty-4.3-r2.ebuild @@ -0,0 +1,28 @@ +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: $ + +inherit eutils + +DESCRIPTION="WLAN tools for bruteforcing 802.11 WPA/WPA2 keys" +HOMEPAGE="http://www.willhackforsushi.com/Cowpatty.html" +SRC_URI="http://www.willhackforsushi.com/code/${PN}/${PV}/${P}.tgz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 x86" +IUSE="" +DEPEND="dev-libs/openssl + net-libs/libpcap" +RDEPEND="${DEPEND}" + +src_compile() { + epatch "${FILESDIR}"/cowpatty-4.3-fixup2.patch + epatch "${FILESDIR}"/cowpatty-4.3-hashfix.patch + emake -j1 || die "emake failed" +} + +src_install() { + dobin cowpatty genpmk || die "dobin failed" + dodoc AUTHORS CHANGELOG FAQ INSTALL README TODO dict *.dump +} diff --git a/net-wireless/cowpatty/cowpatty-4.6-r4.ebuild b/net-wireless/cowpatty/cowpatty-4.6-r4.ebuild new file mode 100644 index 00000000..7beab82e --- /dev/null +++ b/net-wireless/cowpatty/cowpatty-4.6-r4.ebuild @@ -0,0 +1,28 @@ +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: $ + +inherit eutils + +DESCRIPTION="WLAN tools for bruteforcing 802.11 WPA/WPA2 keys" +HOMEPAGE="http://www.willhackforsushi.com/?page_id=50" +SRC_URI="http://www.willhackforsushi.com/code/${PN}/${PV}/${P}.tgz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 x86" +IUSE="" + +DEPEND="dev-libs/openssl + net-libs/libpcap" +RDEPEND="${DEPEND}" + +src_compile() { + epatch "${FILESDIR}"/cowpatty-4.6-fixup14.patch + emake -j1 || die "emake failed" +} + +src_install() { + dobin cowpatty genpmk || die "dobin failed" + dodoc AUTHORS CHANGELOG FAQ INSTALL README TODO dict *.dump +} diff --git a/net-wireless/cowpatty/files/cowpatty-4.3-fixup2.patch b/net-wireless/cowpatty/files/cowpatty-4.3-fixup2.patch new file mode 100644 index 00000000..3ac75910 --- /dev/null +++ b/net-wireless/cowpatty/files/cowpatty-4.3-fixup2.patch @@ -0,0 +1,221 @@ +diff -uNr cowpatty-4.3/cowpatty.c cowpatty-4.3-fixup2/cowpatty.c +--- cowpatty-4.3/cowpatty.c 2008-03-20 09:49:38.000000000 -0700 ++++ cowpatty-4.3-fixup2/cowpatty.c 2009-05-21 23:38:17.970291072 -0700 +@@ -71,7 +71,7 @@ + void cleanup(); + void parseopts(struct user_opt *opt, int argc, char **argv); + void closepcap(struct capture_data *capdata); +-void handle_dot1x(struct crack_data *cdata, struct capture_data *capdata); ++void handle_dot1x(struct crack_data *cdata, struct capture_data *capdata, struct user_opt *opt); + void dump_all_fields(struct crack_data cdata); + void printstats(struct timeval start, struct timeval end, + unsigned long int wordcount); +@@ -389,7 +389,7 @@ + return (ret); + } + +-void handle_dot1x(struct crack_data *cdata, struct capture_data *capdata) ++void handle_dot1x(struct crack_data *cdata, struct capture_data *capdata, struct user_opt *opt) + { + struct ieee8021x *dot1xhdr; + struct wpa_eapol_key *eapolkeyhdr; +@@ -415,8 +415,8 @@ + cdata->ver = key_info & WPA_KEY_INFO_TYPE_MASK; + index = key_info & WPA_KEY_INFO_KEY_INDEX_MASK; + +- /* Check for EAPOL version 1, type EAPOL-Key */ +- if (dot1xhdr->version != 1 || dot1xhdr->type != 3) { ++ /* Check for type EAPOL-Key */ ++ if (dot1xhdr->type != 3) { + return; + } + +@@ -427,59 +427,78 @@ + + if (cdata->ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) { + /* Check for WPA key, and pairwise key type */ +- if (eapolkeyhdr->type != 254 || ++ if ((eapolkeyhdr->type != 2 && eapolkeyhdr->type != 254) || + (key_info & WPA_KEY_INFO_KEY_TYPE) == 0) { + return; + } + } else if (cdata->ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { +- if (eapolkeyhdr->type != 2 || ++ if ((eapolkeyhdr->type != 2 && eapolkeyhdr->type != 254) || + (key_info & WPA_KEY_INFO_KEY_TYPE) == 0) { + return; + } + } + ++ if (opt->verbose > 2) { ++ printf ("WPA_KEY_INFO_TYPE_HMAC_MD5_RC4: %d\n", WPA_KEY_INFO_TYPE_HMAC_MD5_RC4); ++ printf ("WPA_KEY_INFO_TYPE_HMAC_SHA1_AES: %d\n", WPA_KEY_INFO_TYPE_HMAC_SHA1_AES); ++ printf ("key version: %d\n", cdata->ver); ++ printf ("eapol key header type: %d\n", eapolkeyhdr->type); ++ } ++ ++ /* Check for frame 1 of the 4-way handshake */ ++ if ((key_info & WPA_KEY_INFO_MIC) == 0 ++ && (key_info & WPA_KEY_INFO_ACK) ++ && (key_info & WPA_KEY_INFO_INSTALL) == 0 ) { ++ /* All we need from this frame is the authenticator nonce */ ++ memcpy(cdata->anonce, eapolkeyhdr->key_nonce, ++ sizeof(cdata->anonce)); ++ cdata->anonceset = 1; ++ + /* Check for frame 2 of the 4-way handshake */ +- if ((key_info & WPA_KEY_INFO_MIC) && (key_info & WPA_KEY_INFO_ACK) == 0 +- && (key_info & WPA_KEY_INFO_INSTALL) == 0 +- && eapolkeyhdr->key_data_length > 0) { +- /* All we need from this frame is the authenticator nonce */ +- memcpy(cdata->snonce, eapolkeyhdr->key_nonce, +- sizeof(cdata->snonce)); +- cdata->snonceset = 1; ++ } else if ((key_info & WPA_KEY_INFO_MIC) ++ && (key_info & WPA_KEY_INFO_INSTALL) == 0 ++ && (key_info & WPA_KEY_INFO_ACK) == 0 ++ && eapolkeyhdr->key_data_length > 0) { + +- } else if ( /* Check for frame 3 of the 4-way handshake */ +- (key_info & WPA_KEY_INFO_MIC) +- && (key_info & WPA_KEY_INFO_INSTALL) +- && (key_info & WPA_KEY_INFO_ACK)) { ++ cdata->eapolframe_size = ( packet[capdata->dot1x_offset + 2] << 8 ) ++ + packet[capdata->dot1x_offset + 3] + 4; + + memcpy(cdata->spa, &packet[capdata->dstmac_offset], +- sizeof(cdata->spa)); +- memcpy(cdata->aa, &packet[capdata->srcmac_offset], +- sizeof(cdata->aa)); +- memcpy(cdata->anonce, eapolkeyhdr->key_nonce, +- sizeof(cdata->anonce)); +- cdata->aaset = 1; +- cdata->spaset = 1; +- cdata->anonceset = 1; +- /* We save the replay counter value in the 3rd frame to match +- against the 4th frame of the four-way handshake */ +- memcpy(cdata->replay_counter, eapolkeyhdr->replay_counter, 8); +- +- } else if ( /* Check for frame 4 of the four-way handshake */ +- (key_info & WPA_KEY_INFO_MIC) +- && (key_info & WPA_KEY_INFO_ACK) == 0 +- && (key_info & WPA_KEY_INFO_INSTALL) == 0 +- && +- (memcmp +- (cdata->replay_counter, eapolkeyhdr->replay_counter, +- 8) == 0)) { ++ sizeof(cdata->spa)); ++ memcpy(cdata->aa, &packet[capdata->srcmac_offset], ++ sizeof(cdata->aa)); ++ memcpy(cdata->snonce, eapolkeyhdr->key_nonce, ++ sizeof(cdata->snonce)); ++ cdata->aaset = 1; ++ cdata->spaset = 1; ++ cdata->snonceset = 1; + + memcpy(cdata->keymic, eapolkeyhdr->key_mic, +- sizeof(cdata->keymic)); ++ sizeof(cdata->keymic)); + memcpy(cdata->eapolframe, &packet[capdata->dot1x_offset], +- sizeof(cdata->eapolframe)); ++ cdata->eapolframe_size); ++ + cdata->keymicset = 1; + cdata->eapolframeset = 1; ++ ++ /* Check for frame 3 of the 4-way handshake */ ++ } else if ((key_info & WPA_KEY_INFO_MIC) ++ && (key_info & WPA_KEY_INFO_ACK) ++ && (key_info & WPA_KEY_INFO_INSTALL)) { ++ /* All we need from this frame is the authenticator nonce */ ++ memcpy(cdata->anonce, eapolkeyhdr->key_nonce, ++ sizeof(cdata->anonce)); ++ cdata->anonceset = 1; ++ ++ } ++ ++ if (opt->verbose > 2) { ++ printf("aaset: %d\n",cdata->aaset); ++ printf("spaset: %d\n",cdata->spaset); ++ printf("snonceset: %d\n",cdata->snonceset); ++ printf("keymicset: %d\n",cdata->keymicset); ++ printf("eapolframeset: %d\n",cdata->eapolframeset); ++ printf("anonceset: %d\n", cdata->anonceset); + } + } + +@@ -507,8 +526,7 @@ + printf("\n"); + + printf("eapolframe is:"); +- lamont_hdump(cdata.eapolframe, 99); /* Bug in lamont_hdump makes this look +- wrong, only shows 98 bytes */ ++ lamont_hdump(cdata.eapolframe, cdata.eapolframe_size); + printf("\n"); + + } +@@ -706,7 +724,7 @@ + } + + hmac_hash(cdata->ver, ptkset->mic_key, 16, cdata->eapolframe, +- sizeof(cdata->eapolframe), keymic); ++ cdata->eapolframe_size, keymic); + + if (opt->verbose > 2) { + printf("Calculated MIC with \"%s\" is", passphrase); +@@ -815,7 +833,7 @@ + } + + hmac_hash(cdata->ver, ptkset->mic_key, 16, cdata->eapolframe, +- sizeof(cdata->eapolframe), keymic); ++ cdata->eapolframe_size, keymic); + + if (opt->verbose > 2) { + printf("Calculated MIC with \"%s\" is", passphrase); +@@ -874,7 +892,7 @@ + 0 && (h->len > + capdata.l2type_offset + sizeof(struct wpa_eapol_key))) { + /* It's a dot1x frame, process it */ +- handle_dot1x(&cdata, &capdata); ++ handle_dot1x(&cdata, &capdata, &opt); + if (cdata.aaset && cdata.spaset && cdata.snonceset && + cdata.anonceset && cdata.keymicset + && cdata.eapolframeset) { +@@ -909,7 +927,6 @@ + eapkeypacket = + (struct wpa_eapol_key *)&cdata.eapolframe[EAPDOT1XOFFSET]; + memset(&eapkeypacket->key_mic, 0, sizeof(eapkeypacket->key_mic)); +- eapkeypacket->key_data_length = 0; + + printf("Starting dictionary attack. Please be patient.\n"); + fflush(stdout); +diff -uNr cowpatty-4.3/cowpatty.h cowpatty-4.3-fixup2/cowpatty.h +--- cowpatty-4.3/cowpatty.h 2008-03-20 09:49:38.000000000 -0700 ++++ cowpatty-4.3-fixup2/cowpatty.h 2009-05-21 23:37:52.533281370 -0700 +@@ -94,7 +94,7 @@ + u16 length; + } __attribute__ ((packed)); + +-#define MAXPASSLEN 63 ++#define MAXPASSLEN 64 + #define MEMORY_DICT 0 + #define STDIN_DICT 1 + #define EAPDOT1XOFFSET 4 +@@ -166,7 +166,8 @@ + u8 spa[6]; + u8 snonce[32]; + u8 anonce[32]; +- u8 eapolframe[99]; /* Length the same for all packets? */ ++ u8 eapolframe[99]; ++ u8 eapolframe2[125]; + u8 keymic[16]; + u8 aaset; + u8 spaset; +@@ -177,6 +178,7 @@ + u8 replay_counter[8]; + + int ver; /* Hashing algo, MD5 or AES-CBC-MAC */ ++ int eapolframe_size; + }; + + struct hashdb_head { diff --git a/net-wireless/cowpatty/files/cowpatty-4.3-hashfix.patch b/net-wireless/cowpatty/files/cowpatty-4.3-hashfix.patch new file mode 100644 index 00000000..2ae6fcd2 --- /dev/null +++ b/net-wireless/cowpatty/files/cowpatty-4.3-hashfix.patch @@ -0,0 +1,12 @@ +diff -uNr cowpatty-4.3/cowpatty.c cowpatty-4.3-hashfix/cowpatty.c +--- cowpatty-4.3/cowpatty.c 2008-03-20 09:49:38.000000000 -0700 ++++ cowpatty-4.3-hashfix/cowpatty.c 2008-10-19 23:29:22.000000000 -0700 +@@ -202,7 +202,7 @@ + } + + /* Test that the files specified exist and are greater than 0 bytes */ +- if (!IsBlank(opt->hashfile)) { ++ if (!IsBlank(opt->hashfile) && strncmp(opt->hashfile, "-", 1) != 0) { + if (stat(opt->hashfile, &teststat)) { + usage("Could not stat hashfile. Check file path."); + exit(-1); diff --git a/net-wireless/cowpatty/files/cowpatty-4.6-fixup14.patch b/net-wireless/cowpatty/files/cowpatty-4.6-fixup14.patch new file mode 100644 index 00000000..c27e2b18 --- /dev/null +++ b/net-wireless/cowpatty/files/cowpatty-4.6-fixup14.patch @@ -0,0 +1,346 @@ +diff -uNr cowpatty-4.6/cowpatty.c cowpatty-4.6-fixup14/cowpatty.c +--- cowpatty-4.6/cowpatty.c 2009-07-03 08:15:50.000000000 -0700 ++++ cowpatty-4.6-fixup14/cowpatty.c 2009-07-17 19:16:21.792816008 -0700 +@@ -94,8 +94,7 @@ + "\t-d \tHash file (genpmk)\n" + "\t-r \tPacket capture file\n" + "\t-s \tNetwork SSID (enclose in quotes if SSID includes spaces)\n" +- "\t-2 \tUse frames 1 and 2 or 2 and 3 for key attack (nonstrict mode)\n" +- "\t-c \tCheck for valid 4-way frames, does not crack\n" ++ "\t-c \tCheck for valid 4-way frames, does not crack\n" + "\t-h \tPrint this help information and exit\n" + "\t-v \tPrint verbose information (more -v for more verbosity)\n" + "\t-V \tPrint program version and exit\n" "\n"); +@@ -151,7 +150,7 @@ + + int c; + +- while ((c = getopt(argc, argv, "f:r:s:d:c2nhvV")) != EOF) { ++ while ((c = getopt(argc, argv, "f:r:s:d:cnhvV")) != EOF) { + switch (c) { + case 'f': + strncpy(opt->dictfile, optarg, sizeof(opt->dictfile)); +@@ -166,9 +165,6 @@ + strncpy(opt->hashfile, optarg, sizeof(opt->hashfile)); + break; + case 'n': +- case '2': +- opt->nonstrict++; +- break; + case 'c': + opt->checkonly++; + break; +@@ -435,21 +431,11 @@ + cdata->ver = key_info & WPA_KEY_INFO_TYPE_MASK; + index = key_info & WPA_KEY_INFO_KEY_INDEX_MASK; + +- if (opt->nonstrict == 0) { +- +- /* Check for EAPOL version 1, type EAPOL-Key */ +- if (dot1xhdr->version != 1 || dot1xhdr->type != 3) { +- return; +- } +- +- } else { +- +- /* Check for type EAPOL-Key */ +- if (dot1xhdr->type != 3) { +- return; +- } +- ++ /* Check for type EAPOL-Key */ ++ if (dot1xhdr->type != 3) { ++ return; + } ++ + if (cdata->ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && + cdata->ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { + return; +@@ -457,12 +443,12 @@ + + if (cdata->ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) { + /* Check for WPA key, and pairwise key type */ +- if (eapolkeyhdr->type != 254 || ++ if ((eapolkeyhdr->type != 2 && eapolkeyhdr->type != 254) || + (key_info & WPA_KEY_INFO_KEY_TYPE) == 0) { + return; + } + } else if (cdata->ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { +- if (eapolkeyhdr->type != 2 || ++ if ((eapolkeyhdr->type != 2 && eapolkeyhdr->type != 254) || + (key_info & WPA_KEY_INFO_KEY_TYPE) == 0) { + return; + } +@@ -472,19 +458,22 @@ + + /* Check for frame 2 of the 4-way handshake */ + if ((key_info & WPA_KEY_INFO_MIC) +- && (key_info & WPA_KEY_INFO_ACK) == 0 +- && (key_info & WPA_KEY_INFO_INSTALL) == 0 +- && eapolkeyhdr->key_data_length > 0) { ++ && (key_info & WPA_KEY_INFO_ACK) == 0 ++ && (key_info & WPA_KEY_INFO_INSTALL) == 0 ++ && eapolkeyhdr->key_data_length > 0) { + + /* All we need from this frame is the authenticator nonce */ + memcpy(cdata->snonce, eapolkeyhdr->key_nonce, + sizeof(cdata->snonce)); + cdata->snonceset = 1; ++ memcpy(cdata->replay_counter1, ++ eapolkeyhdr->replay_counter, 8); ++ cdata->replay_counter1[7] = cdata->replay_counter1[7] + 1; + + /* Check for frame 3 of the 4-way handshake */ + } else if ((key_info & WPA_KEY_INFO_MIC) +- && (key_info & WPA_KEY_INFO_INSTALL) +- && (key_info & WPA_KEY_INFO_ACK)) { ++ && (key_info & WPA_KEY_INFO_INSTALL) ++ && (key_info & WPA_KEY_INFO_ACK)) { + + memcpy(cdata->spa, &packet[capdata->dstmac_offset], + sizeof(cdata->spa)); +@@ -497,15 +486,17 @@ + cdata->anonceset = 1; + /* We save the replay counter value in the 3rd frame to match + against the 4th frame of the four-way handshake */ +- memcpy(cdata->replay_counter, ++ memcpy(cdata->replay_counter2, + eapolkeyhdr->replay_counter, 8); + + /* Check for frame 4 of the four-way handshake */ + } else if ((key_info & WPA_KEY_INFO_MIC) +- && (key_info & WPA_KEY_INFO_ACK) == 0 +- && (key_info & WPA_KEY_INFO_INSTALL) == 0 +- && (memcmp (cdata->replay_counter, +- eapolkeyhdr->replay_counter, 8) == 0)) { ++ && (key_info & WPA_KEY_INFO_ACK) == 0 ++ && (key_info & WPA_KEY_INFO_INSTALL) == 0 ++ && (memcmp (cdata->replay_counter1, ++ cdata->replay_counter2, 8) == 0) ++ && (memcmp (cdata->replay_counter2, ++ eapolkeyhdr->replay_counter, 8) == 0)) { + + memcpy(cdata->keymic, eapolkeyhdr->key_mic, + sizeof(cdata->keymic)); +@@ -513,57 +504,76 @@ + sizeof(cdata->eapolframe)); + cdata->keymicset = 1; + cdata->eapolframeset = 1; ++ cdata->counters = 1; + } +- } else { +- +- /* Check for frame 1 of the 4-way handshake */ +- if ((key_info & WPA_KEY_INFO_MIC) == 0 +- && (key_info & WPA_KEY_INFO_ACK) +- && (key_info & WPA_KEY_INFO_INSTALL) == 0 ) { +- /* All we need from this frame is the authenticator nonce */ +- memcpy(cdata->anonce, eapolkeyhdr->key_nonce, +- sizeof(cdata->anonce)); +- cdata->anonceset = 1; +- +- /* Check for frame 2 of the 4-way handshake */ +- } else if ((key_info & WPA_KEY_INFO_MIC) +- && (key_info & WPA_KEY_INFO_INSTALL) == 0 +- && (key_info & WPA_KEY_INFO_ACK) == 0 +- && eapolkeyhdr->key_data_length > 0) { + +- cdata->eapolframe_size = ( packet[capdata->dot1x_offset + 2] << 8 ) +- + packet[capdata->dot1x_offset + 3] + 4; +- +- memcpy(cdata->spa, &packet[capdata->dstmac_offset], +- sizeof(cdata->spa)); +- cdata->spaset = 1; +- +- memcpy(cdata->aa, &packet[capdata->srcmac_offset], +- sizeof(cdata->aa)); +- cdata->aaset = 1; +- +- memcpy(cdata->snonce, eapolkeyhdr->key_nonce, +- sizeof(cdata->snonce)); +- cdata->snonceset = 1; ++ } else { + +- memcpy(cdata->keymic, eapolkeyhdr->key_mic, +- sizeof(cdata->keymic)); +- cdata->keymicset = 1; ++ /* Check for frame 1 of the 4-way handshake */ ++ if ((key_info & WPA_KEY_INFO_MIC) == 0 ++ && (key_info & WPA_KEY_INFO_ACK) ++ && (key_info & WPA_KEY_INFO_INSTALL) == 0 ) { ++ ++ /* All we need from this frame is the authenticator nonce */ ++ memcpy(cdata->anonce, eapolkeyhdr->key_nonce, ++ sizeof(cdata->anonce)); ++ cdata->anonceset = 1; ++ ++ memcpy(cdata->replay_counter1, ++ eapolkeyhdr->replay_counter, 8); ++ cdata->replay_counter1[7] = cdata->replay_counter1[7] + 1; ++ ++ /* Check for frame 2 or 4 of the 4-way handshake */ ++ } else if ((key_info & WPA_KEY_INFO_MIC) ++ && (key_info & WPA_KEY_INFO_INSTALL) == 0 ++ && (key_info & WPA_KEY_INFO_ACK) == 0) { ++ ++ cdata->eapolframe_size = ( packet[capdata->dot1x_offset + 2] << 8 ) ++ + packet[capdata->dot1x_offset + 3] + 4; ++ ++ memcpy(cdata->spa, &packet[capdata->dstmac_offset], ++ sizeof(cdata->spa)); ++ cdata->spaset = 1; ++ ++ memcpy(cdata->aa, &packet[capdata->srcmac_offset], ++ sizeof(cdata->aa)); ++ cdata->aaset = 1; ++ ++ memcpy(cdata->snonce, eapolkeyhdr->key_nonce, ++ sizeof(cdata->snonce)); ++ cdata->snonceset = 1; ++ ++ memcpy(cdata->keymic, eapolkeyhdr->key_mic, ++ sizeof(cdata->keymic)); ++ cdata->keymicset = 1; ++ ++ memcpy(cdata->eapolframe, &packet[capdata->dot1x_offset], ++ cdata->eapolframe_size); ++ cdata->eapolframeset = 1; + +- memcpy(cdata->eapolframe, &packet[capdata->dot1x_offset], +- cdata->eapolframe_size); +- cdata->eapolframeset = 1; ++ memcpy(cdata->replay_counter2, ++ eapolkeyhdr->replay_counter, 8); ++ cdata->replay_counter2[7] = cdata->replay_counter2[7] + 1; ++ memcpy(cdata->replay_counter3, ++ eapolkeyhdr->replay_counter, 8); ++ cdata->replay_counter3[7] = cdata->replay_counter3[7] + 2; ++ ++ /* Check for frame 3 of the 4-way handshake */ ++ } else if ((key_info & WPA_KEY_INFO_MIC) ++ && (key_info & WPA_KEY_INFO_ACK) ++ && (key_info & WPA_KEY_INFO_INSTALL)) { ++ ++ /* All we need from this frame is the authenticator nonce */ ++ memcpy(cdata->anonce, eapolkeyhdr->key_nonce, ++ sizeof(cdata->anonce)); ++ cdata->anonceset = 1; ++ ++ memcpy(cdata->replay_counter4, ++ eapolkeyhdr->replay_counter, 8); ++ cdata->replay_counter4[7] = cdata->replay_counter4[7] + 1; + ++ } + +- /* Check for frame 3 of the 4-way handshake */ +- } else if ((key_info & WPA_KEY_INFO_MIC) +- && (key_info & WPA_KEY_INFO_ACK) +- && (key_info & WPA_KEY_INFO_INSTALL)) { +- /* All we need from this frame is the authenticator nonce */ +- memcpy(cdata->anonce, eapolkeyhdr->key_nonce, +- sizeof(cdata->anonce)); +- cdata->anonceset = 1; +- } + } + } + +@@ -982,10 +992,82 @@ + } + } + ++ if (!(cdata.aaset && cdata.spaset && cdata.snonceset && ++ cdata.anonceset && cdata.keymicset && cdata.eapolframeset)) { ++ ++ cdata.aaset = 0; ++ cdata.spaset = 0; ++ cdata.snonceset = 0; ++ cdata.anonceset = 0; ++ cdata.keymicset = 0; ++ cdata.eapolframeset = 0; ++ ++ opt.nonstrict = 1; ++ ++ memset(&capdata, 0, sizeof(struct capture_data)); ++ memset(&cdata, 0, sizeof(struct crack_data)); ++ memset(&eapolkey_nomic, 0, sizeof(eapolkey_nomic)); ++ ++ /* Populate capdata struct */ ++ strncpy(capdata.pcapfilename, opt.pcapfile, ++ sizeof(capdata.pcapfilename)); ++ if (openpcap(&capdata) != 0) { ++ printf("Unsupported or unrecognized pcap file.\n"); ++ exit(-1); ++ } ++ ++ /* populates global *packet */ ++ while (getpacket(&capdata) > 0) { ++ if (opt.verbose > 2) { ++ lamont_hdump(packet, h->len); ++ } ++ /* test packet for data that we are looking for */ ++ if (memcmp(&packet[capdata.l2type_offset], DOT1X_LLCTYPE, 2) == ++ 0 && (h->len >capdata.l2type_offset + sizeof(struct wpa_eapol_key))) { ++ /* It's a dot1x frame, process it */ ++ handle_dot1x(&cdata, &capdata, &opt); ++ ++ if (cdata.aaset && cdata.spaset && cdata.snonceset ++ && cdata.anonceset && cdata.keymicset ++ && cdata.eapolframeset) { ++ ++ if (cdata.replay_counter1 != 0 ++ && cdata.replay_counter2 != 0) { ++ ++ if (memcmp (cdata.replay_counter1, ++ cdata.replay_counter2, 8) == 0) { ++ ++ cdata.counters = 1; ++ /* We've collected everything we need. */ ++ break; ++ ++ } ++ ++ } ++ ++ if (cdata.replay_counter3 != 0 ++ && cdata.replay_counter4 != 0) { ++ ++ if (memcmp (cdata.replay_counter3, ++ cdata.replay_counter4, 8) == 0) { ++ ++ cdata.counters = 1; ++ /* We've collected everything we need. */ ++ break; ++ ++ } ++ ++ } ++ ++ } ++ } ++ } ++ } ++ + closepcap(&capdata); + + if (!(cdata.aaset && cdata.spaset && cdata.snonceset && +- cdata.anonceset && cdata.keymicset && cdata.eapolframeset)) { ++ cdata.anonceset && cdata.keymicset && cdata.eapolframeset && cdata.counters)) { + printf("End of pcap capture file, incomplete four-way handshake " + "exchange. Try using a\ndifferent capture.\n"); + exit(-1); +diff -uNr cowpatty-4.6/cowpatty.h cowpatty-4.6-fixup14/cowpatty.h +--- cowpatty-4.6/cowpatty.h 2009-06-04 06:24:16.000000000 -0700 ++++ cowpatty-4.6-fixup14/cowpatty.h 2009-07-17 16:16:58.043152023 -0700 +@@ -178,7 +178,11 @@ + u8 anonceset; + u8 keymicset; + u8 eapolframeset; +- u8 replay_counter[8]; ++ u8 replay_counter1[8]; ++ u8 replay_counter2[8]; ++ u8 replay_counter3[8]; ++ u8 replay_counter4[8]; ++ u8 counters; + + int ver; /* Hashing algo, MD5 or AES-CBC-MAC */ + int eapolframe_size; |