Commit 99d5023c authored by Mati's avatar Mati

Merge tag 'upstream/1.2-beta2'

Upstream version 1.2-beta2
parents 18ebaef0 3929d7eb
Version 1.2-beta2 (changes from aircrack-ng 1.2-beta1) - Released 30 November 2013:
* Airbase-ng: Fixed order of IE when creating soft Access Point.
* Airbase-ng: Fixed Caffe Latte Attack not working for all clients.
* Aircrack-ng: Improved PTW speed thanks to Ramiro Polla.
* Airmon-zc: Fixed improper use of the interface.
* Airdecap-ng: Fixed decoding captures with WMM enabled.
* Various: Fixed memory leaks in Aircrack-ng, Aireplay-ng, OSdep.
* Added support for static analysis using Coverity Scan.
* Fixed compilation due to PIC unfriendly assembly on Gentoo hardened.
* Fixed running tests using 'make check'.
* Fixed building aircrack-ng with recent version of gcc and also on cygwin.
* Various other small fixes.
Version 1.2-beta1 (changes from aircrack-ng 1.1) - Released 25 May 2013:
* Airmon-ng: Added chipset information for ar9170usb, wl, rt2800usb, ar9271, wl12xx, RT3070STA, ath9k_htc, r871x_usb_drv, ath5k, carl9170 and various Intel drivers.
* Airmon-ng: Fixed chipset information ipw2200.
......
......@@ -11,12 +11,32 @@ include $(AC_ROOT)/common.mak
DOCFILES = ChangeLog INSTALLING README LICENSE AUTHORS VERSION
COVERITY_BUILD ?= cov-build
COVERITY_DIR = cov-int
COVERITY_TAR_GZ = Aircrack-ng.tar.gz
COVERITY_CREDS_DIR = coverity
COVERITY_TOKEN = $(shell cat ${COVERITY_CREDS_DIR}/token)
COVERITY_EMAIL = $(shell cat ${COVERITY_CREDS_DIR}/email)
default: all
all:
$(MAKE) -C src $(@)
coverity-build:
$(COVERITY_BUILD) --dir $(COVERITY_DIR) $(MAKE) sqlite=true unstable=true libnl=true
coverity-package: coverity-build
tar czvf $(COVERITY_TAR_GZ) $(COVERITY_DIR)
coverity-upload: coverity-package
curl --form project=Aircrack-ng --form token=$(COVERITY_TOKEN) --form email=$(COVERITY_EMAIL) --form file=@$(COVERITY_TAR_GZ) --form version=r$(REVISION) --form description="Aircrack-ng svn r$(REVISION)" http://scan5.coverity.com/cgi-bin/upload.py
coverity-show-creds:
@echo "Token: $(COVERITY_TOKEN)"
@echo "Email: $(COVERITY_EMAIL)"
aircrack-ng-opt-prof_gen: all
mkdir -p prof
$(MAKE) -C src $(@)
......@@ -45,6 +65,7 @@ doc:
install -m 644 $(DOCFILES) $(DESTDIR)$(docdir)
clean:
-rm -rf $(COVERITY_DIR)
$(MAKE) -C src $(@)
$(MAKE) -C test/cryptounittest $(@)
......
1.2-beta1
\ No newline at end of file
1.2-beta2
\ No newline at end of file
......@@ -86,16 +86,7 @@ ifeq ($(subst TRUE,true,$(filter TRUE true,$(airpcap) $(AIRPCAP))),true)
endif
ifneq ($(origin CC),environment)
ifeq ($(OSNAME), cygwin)
ARCHITECTURE = $(shell uname -m)
ifeq ($(ARCHITECTURE), i686)
CC = $(TOOL_PREFIX)gcc-4
else
CC = $(TOOL_PREFIX)gcc
endif
else
CC = $(TOOL_PREFIX)gcc
endif
CC = $(TOOL_PREFIX)gcc
endif
RANLIB ?= $(TOOL_PREFIX)ranlib
......
ROOT = ../..
include $(ROOT)/common.mak
CFLAGS = -g -I$(ROOT)/../developers/Airpcap_Devpack/include -I$(ROOT)/src/osdep
#LIBS = -L $(ROOT)/../developers/Airpcap_Devpack/lib -lairpcap -L $(ROOT)/src/osdep -losdep
LIBS = -L $(ROOT)/../developers/Airpcap_Devpack/lib -lairpcap
CFLAGS += $(PIC)
OBJS = airpcap.o
DLL = airpcap.dll
all: $(DLL)
$(DLL): $(OBJS)
$(CC) ${CFLAGS} -shared -o $(DLL) $(OBJS) ${LIBS}
clean:
rm -f $(DLL) $(OBJS)
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include <windows.h>
#include <airpcap.h>
#include "osdep.h"
#include "tap-win32/common.h"
static const char * DEFAULT_ADAPT_NAME = "\\\\.\\airpcap00";
static const char * DEVICE_HEADER = "\\\\.\\";
//pcap_t *winpcap_adapter;
static PAirpcapHandle airpcap_handle;
// Use PPI later
#define PPH_PH_VERSION ((u_int8_t)0x00)
#define PPI_FIELD_TYPE_802_11_COMMON ((u_int16_t)0x02)
typedef struct _PPI_PACKET_HEADER
{
u_int8_t PphVersion;
u_int8_t PphFlags;
u_int16_t PphLength;
u_int32_t PphDlt;
}
PPI_PACKET_HEADER, *PPPI_PACKET_HEADER;
typedef struct _PPI_FIELD_HEADER
{
u_int16_t PfhType;
u_int16_t PfhLength;
}
PPI_FIELD_HEADER, *PPPI_FIELD_HEADER;
typedef struct _PPI_FIELD_802_11_COMMON
{
u_int64_t TsfTimer;
u_int16_t Flags;
u_int16_t Rate;
u_int16_t ChannelFrequency;
u_int16_t ChannelFlags;
u_int8_t FhssHopset;
u_int8_t FhssPattern;
int8_t DbmAntSignal;
int8_t DbmAntNoise;
}
PPI_FIELD_802_11_COMMON, *PPPI_FIELD_802_11_COMMON;
static int ppi_decode(const u_char *p, int caplen, int *hdrlen, int *power)
{
PPPI_PACKET_HEADER pPpiPacketHeader;
PPPI_FIELD_HEADER pFieldHeader;
ULONG position = 0;
// Sanity checks
if (caplen < sizeof(*pPpiPacketHeader))
{
// Packet smaller than the PPI fixed header
return( 1 );
}
pPpiPacketHeader = (PPPI_PACKET_HEADER)p;
*hdrlen = pPpiPacketHeader->PphLength;
if(caplen < *hdrlen)
{
// Packet smaller than the PPI fixed header
return( 1 );
}
position = sizeof(*pPpiPacketHeader);
if (pPpiPacketHeader->PphVersion != PPH_PH_VERSION)
{
fprintf( stderr, "Unknown PPI packet header version (%u)\n", pPpiPacketHeader->PphVersion);
return( 1 );
}
do
{
// now we suppose to have an 802.11-Common header
if (*hdrlen < sizeof(*pFieldHeader) + position)
{
break;
}
pFieldHeader = (PPPI_FIELD_HEADER)(p + position);
position += sizeof(*pFieldHeader);
switch(pFieldHeader->PfhType)
{
case PPI_FIELD_TYPE_802_11_COMMON:
if (pFieldHeader->PfhLength != sizeof(PPI_FIELD_802_11_COMMON) || caplen - position < sizeof(PPI_FIELD_802_11_COMMON))
{
// the header is bogus, just skip it
fprintf( stderr, "Bogus 802.11-Common Field. Skipping it.\n");
}
else
{
PPPI_FIELD_802_11_COMMON pField = (PPPI_FIELD_802_11_COMMON)(p + position);
if (pField->DbmAntSignal != -128)
{
*power = (int)pField->DbmAntSignal;
}
else
{
*power = 0;
}
}
break;
default:
// we do not know this field. Just print type and length and skip
break;
}
position += pFieldHeader->PfhLength;
}
while(TRUE);
return( 0 );
}
int cygwin_set_mac(unsigned char *mac)
{
if (*mac) {}
return 0;
}
void cygwin_close(void)
{
// By default, when plugged in, the adapter is set in monitor mode;
// Application may assume it's already in monitor mode and forget to set it
// So, do not remove monitor mode.
if (airpcap_handle != NULL)
{
AirpcapClose(airpcap_handle);
}
}
int cygwin_get_mac(unsigned char *mac)
{
// Don't use the function from Airpcap
if (*mac) {}
return 0;
}
// Use PPI headers to obtain the different information for ri
// Use AirpcapConvertFrequencyToChannel() to get channel
// Add an option to give frequency instead of channel
int cygwin_sniff(void *buf, int len, struct rx_info *ri)
{
UINT BytesReceived = 0;
// Wait for the next packet
// Maybe add an event packets to read
// WaitForSingleObject(ReadEvent, INFINITE);
// Read a packet
if(AirpcapRead(airpcap_handle, buf, len, &BytesReceived))
return (int)BytesReceived;
return -1;
}
int cygwin_inject(void *buf, int len, struct tx_info *ti)
{
if (AirpcapWrite (airpcap_handle, buf, len) != 1)
return -1;
return len;
}
static int printErrorCloseAndReturn(const char * err, int retValue)
{
if (err && airpcap_handle)
{
if (strlen(err))
{
if (airpcap_handle)
fprintf( stderr, err, AirpcapGetLastError(airpcap_handle));
else
fprintf( stderr, err);
}
}
cygwin_close();
return retValue;
}
int cygwin_init(char *param)
{
char * iface;
char errbuf[AIRPCAP_ERRBUF_SIZE ];
iface = (char *)calloc(1, strlen(param) + strlen(DEVICE_HEADER) +1);
strcpy (iface, DEFAULT_ADAPT_NAME);
if (param)
{
// if it's empty, use the default adapter
if (strlen(param) > 0)
{
// Make sure the adapter name contains the '\\.\' at its begining
memset(iface, 0, strlen(param) + strlen(DEVICE_HEADER) +1);
if (strstr(param, DEVICE_HEADER) == NULL)
{
// Not found, add it
strcpy(iface, DEVICE_HEADER);
strcat(iface, param);
}
else
{
// Already contains the adapter header
strcpy(iface, param);
}
}
}
airpcap_handle = AirpcapOpen(iface, errbuf);
if(airpcap_handle == NULL)
{
fprintf( stderr, "This adapter doesn't have wireless extensions. Quitting\n");
//pcap_close( winpcap_adapter );
return( -1 );
}
/* Tell the adapter that the packets we'll send and receive don't include the FCS */
if(!AirpcapSetFcsPresence(airpcap_handle, FALSE))
return printErrorCloseAndReturn("Error setting FCS presence: %s\n", -1);
/* Set the link layer to bare 802.11 */
if(!AirpcapSetLinkType(airpcap_handle, AIRPCAP_LT_802_11))
return printErrorCloseAndReturn("Error setting the link type: %s\n", -1);
/* Accept correct frames only */
if( !AirpcapSetFcsValidation(airpcap_handle, AIRPCAP_VT_ACCEPT_CORRECT_FRAMES) )
return printErrorCloseAndReturn("Error setting FCS validation: %s\n", -1);
/* Set a low mintocopy for better responsiveness */
if(!AirpcapSetMinToCopy(airpcap_handle, 1))
return printErrorCloseAndReturn("Error setting MinToCopy: %s\n", -1);
return 0;
}
int cygwin_set_chan(int chan)
{
// Make sure a valid channel is given
if (chan <= 0)
return -1;
if(!AirpcapSetDeviceChannel(airpcap_handle, chan))
{
printf("Error setting the channel to %d: %s\n", chan, AirpcapGetLastError(airpcap_handle));
return -1;
}
return 0;
}
ROOT = ../..
include $(ROOT)/common.mak
CFLAGS += $(PIC) -I$(ROOT)/src/osdep
OBJS = commview.o
DLL = commview.dll
LIBS = -liphlpapi -lsetupapi -luuid -lpthread
all: $(DLL)
$(DLL): $(OBJS)
$(CC) -shared -o $(DLL) $(OBJS) $(LIBS)
clean:
rm -f $(DLL) $(OBJS)
This diff is collapsed.
ROOT = ../..
include $(ROOT)/common.mak
CFLAGS += $(PIC) -I$(ROOT)/src/osdep
NAME = omnipeek
OBJS = $(NAME).o
DLL = $(NAME).dll
LIBS =
all: $(DLL)
$(DLL): $(OBJS)
$(CC) -shared -o $(DLL) $(OBJS) $(LIBS)
clean:
rm -f $(DLL) $(OBJS)
/* ripped from devine's windows airodump */
#include <string.h>
#include <dlfcn.h>
#include <windows.h>
#include <pthread.h>
#include <assert.h>
#include <err.h>
#include "osdep.h"
#include "cygwin.h"
#ifdef UNUSED
#elif defined(__GNUC__)
# define UNUSED(x) UNUSED_ ## x __attribute__((unused))
#elif defined(__LCLINT__)
# define UNUSED(x) /*@unused@*/ x
#else
# define UNUSED(x) x
#endif
#define MAGIC1 0x3E8000
#define MAGIC2 0x21
#define MAGICCHAN 0xFF636713
struct pstate
{
void *ps_lib;
HANDLE ps_adapter;
HANDLE ps_ctx;
pthread_cond_t ps_sem;
pthread_mutex_t ps_mtx;
unsigned char ps_data[4096];
int ps_len;
int (*ps_peek_initialize_library)(void);
HANDLE (*ps_peek_open_adapter)(LPSTR);
int (*ps_peek_start_capture)(HANDLE);
int (*ps_peek_request)(HANDLE, void*, void*);
int (*ps_peek_stop_capture)(HANDLE);
int (*ps_peek_close_adapter)(HANDLE);
int (*ps_peek_packet_send)(HANDLE, void*, int, int*, LPOVERLAPPED,
int);
HANDLE (*ps_peek_create_capture_context)(HANDLE, void*, int,
int, void*);
} _pstate;
static struct pstate *get_ps(void)
{
return &_pstate;
}
static int init_lib(struct pstate *ps)
{
char *libname = "Peek.dll";
void *lib;
if (!(lib = dlopen(libname, RTLD_LAZY)))
return -1;
ps->ps_lib = lib;
ps->ps_peek_open_adapter = dlsym(lib, "PeekOpenAdapter");
ps->ps_peek_start_capture = dlsym(lib, "PeekStartCapture");
ps->ps_peek_request = dlsym(lib, "PeekRequest");
ps->ps_peek_stop_capture = dlsym(lib, "PeekStopCapture");
ps->ps_peek_close_adapter = dlsym(lib, "PeekCloseAdapter");
ps->ps_peek_packet_send = dlsym(lib, "PeekPacketSend");
ps->ps_peek_create_capture_context =
dlsym(lib, "PeekCreateCaptureContext");
ps->ps_peek_initialize_library =
dlsym(lib, "PeekInitializeLibrary");
if (!(ps->ps_peek_open_adapter
&& ps->ps_peek_start_capture
&& ps->ps_peek_request
&& ps->ps_peek_stop_capture
&& ps->ps_peek_close_adapter
&& ps->ps_peek_packet_send
&& ps->ps_peek_create_capture_context
&& ps->ps_peek_initialize_library
))
return -1;
return 0;
}
static void do_cleanup(struct pstate *ps)
{
if (!ps->ps_lib)
return;
if (ps->ps_ctx != INVALID_HANDLE_VALUE)
ps->ps_peek_stop_capture(ps->ps_ctx);
if (ps->ps_adapter != INVALID_HANDLE_VALUE)
ps->ps_peek_close_adapter(ps->ps_adapter);
dlclose(ps->ps_lib);
}
static int set_chan(struct pstate *ps, int channel)
{
unsigned long reqdata[139];
OVERLAPPED iodata;
memset(reqdata, 0, sizeof(reqdata));
memset(&iodata, 0, sizeof(iodata));
iodata.hEvent = CreateEvent(0, 0, 0, 0);
reqdata[5] = 1;
reqdata[6] = MAGICCHAN;
reqdata[7] = (unsigned long) &channel;
reqdata[8] = 4;
return ps->ps_peek_request(ps->ps_adapter, reqdata, &iodata);
}
static void do_lock(struct pstate *ps)
{
if (pthread_mutex_lock(&ps->ps_mtx))
err(1, "pthread_mutex_lock()");
}
static void do_signal(struct pstate *ps)
{
do_lock(ps);
if (pthread_cond_signal(&ps->ps_sem))
err(1, "pthread_cond_signal()");
}
static void do_wait(struct pstate *ps)
{
do_lock(ps);
if (pthread_cond_wait(&ps->ps_sem, &ps->ps_mtx))
err(1, "pthread_cond_wait()");
}
static int WINAPI callback(unsigned char *data, int len, int UNUSED(caplen),
__int64 UNUSED(timestamp), int flags,
int UNUSED(arg7))
{
struct pstate *ps = get_ps();
if ((flags & 1) != 0)
return 1;
assert(len <= (int) sizeof(ps->ps_data));
ps->ps_len = len;
memcpy(ps->ps_data, data, ps->ps_len);
/* tell him we wrote */
do_signal(ps);
/* wait for him to copy */
do_wait(ps);
return 1;
}
static int init_card(struct pstate *ps, char *dev)
{
int rc, len;
char *unicode, *p;
if (ps->ps_peek_initialize_library() == 0)
return -1;
/* convert dev to unicode - i'm sure there's a standard function, but
* aingottime.
* Format: \Device\{GUID}
*/
if (!dev)
return -1;
len = strlen(dev);
unicode = p = malloc((len+1)*2);
if (!unicode)
return -1;
for (rc = 0; rc < len; rc++) {
*p++ = dev[rc];
*p++ = 0;
}
*p++ = 0;
*p++ = 0;
ps->ps_adapter = ps->ps_peek_open_adapter(unicode);
free(unicode);
if (ps->ps_adapter == INVALID_HANDLE_VALUE)
return -1;
ps->ps_ctx = ps->ps_peek_create_capture_context(ps->ps_adapter,
callback, MAGIC1, MAGIC2, NULL);
if ((rc = ps->ps_peek_start_capture(ps->ps_ctx)))
return rc;
return set_chan(ps, 1);
}
int CYGWIN_DLL_INIT (char *param)
{
struct pstate *ps = get_ps();
int rc;
memset(ps, 0, sizeof(*ps));
ps->ps_adapter = INVALID_HANDLE_VALUE;
ps->ps_ctx = INVALID_HANDLE_VALUE;
if ((rc = pthread_cond_init(&ps->ps_sem, NULL)))
goto out;
if ((rc = pthread_mutex_init(&ps->ps_mtx, NULL)))
goto out;
if ((rc = init_lib(ps)))
goto out;
if ((rc = init_card(ps, param)))
goto out;
return 0;
out:
do_cleanup(ps);
return rc;
}
int CYGWIN_DLL_SET_CHAN (int chan)
{
struct pstate *ps = get_ps();
return set_chan(ps, chan) ? -1 : 0;
}
int CYGWIN_DLL_INJECT (void* buf, int len,
struct tx_info* UNUSED(ti))
{
struct pstate *ps = get_ps();
int rc;
int wrote = 0;
OVERLAPPED iodata;
memset(&iodata, 0, sizeof(iodata));
iodata.hEvent = CreateEvent(0, 0, 0, 0);
rc = ps->ps_peek_packet_send(ps->ps_adapter, buf, len, &wrote,
&iodata, 0);
if (rc)
return rc;
return len;
}
int CYGWIN_DLL_SNIFF (void *buf, int len, struct rx_info* UNUSED(ri))
{
struct pstate *ps = get_ps();
/* wait for shit */
do_wait(ps);
/* copy it */
if (ps->ps_len < len)
len = ps->ps_len;
memcpy(buf, ps->ps_data, len);
/* tell him we're done */
do_signal(ps);
return len;
}
int CYGWIN_DLL_GET_MAC (unsigned char* UNUSED(mac))
{
return -1;
}
int CYGWIN_DLL_SET_MAC (unsigned char* UNUSED(mac))
{
return -1;
}
void CYGWIN_DLL_CLOSE (void)
{
struct pstate *ps = get_ps();
do_cleanup(ps);
}
.TH AIRBASE-NG 8 "May 2013" "Version 1.2-beta1"
.TH AIRBASE-NG 8 "November 2013" "Version 1.2-beta2"
.SH NAME
airbase-ng - multi-purpose tool aimed at attacking clients as opposed to the Access Point (AP) itself
......
.TH AIRCRACK-NG 1 "May 2013" "Version 1.2-beta1"
.TH AIRCRACK-NG 1 "November 2013" "Version 1.2-beta2"
.SH NAME
aircrack-ng - a 802.11 WEP / WPA-PSK key cracker
......