Commit b69ffa8f authored by Devon Kearns's avatar Devon Kearns

Imported Upstream version 1.4

parents
This diff is collapsed.
CFLAGS = -pipe -Wall -O2 -ggdb -g3
LDLIBS = -lpcap -lcrypto
PROG = eapmd5pass
PROGOBJ = utils.o
all: $(PROGOBJ) $(PROG)
utils.o: utils.c utils.h
$(CC) $(CFLAGS) -c utils.c
eapmd5pass: eapmd5pass.c eapmd5pass.h utils.c utils.h
$(CC) $(CFLAGS) -o eapmd5pass $(PROGOBJ) eapmd5pass.c $(LDLIBS)
clean:
$(RM) $(PROG) $(PROGOBJ) *~
strip:
@strip $(PROG)
eapmd5pass - offline EAP-MD5 dictionary attack.
Copyright(c) 2007-2008, Joshua Wright <jwright@hasborg.com>
$Id: README,v 1.2 2008/02/10 02:24:34 jwright Exp $
--------------------------------------------------------------------------------
EAP-MD5 is a legacy authentication mechanism that does not provide sufficient
protection for user authentication credentials. Users who authenticate using
EAP-MD5 subject themselves to an offline dictionary attack vulnerability.
This tool reads from a live network interface in monitor-mode, or from a
stored libpcap capture file, and extracts the portions of the EAP-MD5
authentication exchange. Once the challenge and response portions have been
collected from this exchange, eapmd5pass will mount an offline dictionary
attack against the user's password.
SAMPLE CAPTURES
The following sample EAP-MD5 packet captures have the corresponding
passwords:
File Password
---- --------
eapmd5-sample.dump beaVIs
EAPMD5-Challenge-01.cap bradtest
brad.eaptest.cap bradtest
bra.eaptest2.cap bradtest
USE NOTES
Normal operation of this tool will be to specify a dictionary file of words
to use as potential passwords, one per line, along with a packet capture file
from wireless network of an EAP-MD5 exchange, as shown below:
$ ./eapmd5pass -w dict -r eapmd5-sample.dump
eapmd5pass - Dictionary attack against EAP-MD5
Collected all data necessary to attack password for "jwright", starting attack.
User password is "beaVIs".
3917111 passwords in 6.55 seconds: 598165.01 passwords/second.
However, there may be cases where mounting an EAP-MD5 attack is necessary
even when a packet capture is not available. If you have observed an EAP-MD5
exchange but do not have the data in a wireless packet capture that is
understood by this tool, you can manually specify the following parameters
as command-line arguments:
+ username
+ EAP challenge (16 bytes)
+ EAP response (16 bytes)
+ EAP Id of the EAP response frame (usually "2")
+ Dictionary file
An example of using eapmd5pass in this manner is shown below:
$ ./eapmd5pass -w dict -U jwright -C d7:ec:2f:ff:2a:da:43:7f:9d:cd:4e:3b:0d:f4:4d:50 -R 1f:fc:6c:26:59:bc:5b:b9:41:44:fd:01:eb:75:6e:37 -E 2
eapmd5pass - Dictionary attack against EAP-MD5
User password is "beaVIs".
3917111 passwords in 7.05 seconds: 555990.03 passwords/second.
Note that this tool isn't particularly useful; with no native supplicant
support for EAP-MD5 in Microsoft Windows, and the lack of support for
encryption in an EAP-MD5 network, it is rare to see EAP-MD5 in use. However,
the Windows IAS server has support for EAP-MD5 enabled by default, so it is
conceivable that a user could setup their own workstation to use this
protocol, unaware of the risks associated with this EAP type. It should be
noted that the Funk Odyssey and Mac OS X supplicants both support EAP-MD5
authentication.
Why did I write this? I'm not sure. It's possible that I wrote this during a
chrono-synclastic infundibulum experience, where it may have meant more to me
at the time.
THANKS
Special thanks to Brad Antoniewicz for his patches and additional test
capture files.
COMMENTS/QUESTIONS/CONCERNS?
Please contact me at jwright@hasborg.com. Thanks!
/* Copyright (c) 2007, Joshua Wright <jwright@hasborg.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation. See COPYING for more
* details.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*/
#ifndef BYTESWAP_H
#define BYTESWAP_H
#define __swab16(x) \
({ \
uint16_t __x = (x); \
((uint16_t)( \
(((uint16_t)(__x) & (uint16_t)0x00ffU) << 8) | \
(((uint16_t)(__x) & (uint16_t)0xff00U) >> 8) )); \
})
#define __swab32(x) \
({ \
uint32_t __x = (x); \
((uint32_t)( \
(((uint32_t)(__x) & (uint32_t)0x000000ffUL) << 24) | \
(((uint32_t)(__x) & (uint32_t)0x0000ff00UL) << 8) | \
(((uint32_t)(__x) & (uint32_t)0x00ff0000UL) >> 8) | \
(((uint32_t)(__x) & (uint32_t)0xff000000UL) >> 24) )); \
})
#define __swab64(x) \
({ \
uint64_t __x = (x); \
((uint64_t)( \
(uint64_t)(((uint64_t)(__x) & (uint64_t)0x00000000000000ffULL) << 56) | \
(uint64_t)(((uint64_t)(__x) & (uint64_t)0x000000000000ff00ULL) << 40) | \
(uint64_t)(((uint64_t)(__x) & (uint64_t)0x0000000000ff0000ULL) << 24) | \
(uint64_t)(((uint64_t)(__x) & (uint64_t)0x00000000ff000000ULL) << 8) | \
(uint64_t)(((uint64_t)(__x) & (uint64_t)0x000000ff00000000ULL) >> 8) | \
(uint64_t)(((uint64_t)(__x) & (uint64_t)0x0000ff0000000000ULL) >> 24) | \
(uint64_t)(((uint64_t)(__x) & (uint64_t)0x00ff000000000000ULL) >> 40) | \
(uint64_t)(((uint64_t)(__x) & (uint64_t)0xff00000000000000ULL) >> 56) )); \
})
#ifdef WORDS_BIGENDIAN
#warning "Compiling for big-endian"
#define le16_to_cpu(x) __swab16(x)
#define le32_to_cpu(x) __swab32(x)
#define le64_to_cpu(x) __swab64(x)
#else
#define le16_to_cpu(x) (x)
#define le32_to_cpu(x) (x)
#define le64_to_cpu(x) (x)
#endif
#endif /* BYTESWAP_H */
This diff is collapsed.
/* Copyright (c) 2007, Joshua Wright <jwright@hasborg.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation. See COPYING for more
* details.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*/
#ifndef EAPMD5PASS_H
#define EAPMD5PASS_H
#define DOT11_OFFSET_DOT11 0
#define DOT11_OFFSET_TZSP 29
#define DOT11_OFFSET_PRISMAVS 144
#define PCAP_DONOTBLOCK 1
#define IEEE802_MACLEN 6
#define PCAP_LOOP_CNT -1
#define SNAPLEN 2312
#define PROMISC 1
#define TIMEOUT 500
struct eapmd5pass_data {
uint8_t bssid[6];
char wordfile[1024];
unsigned int mcastid;
uint8_t bssidset;
int recovered_pass;
/* Parser tracking values */
uint8_t namefound;
uint8_t chalfound;
uint8_t respfound;
uint8_t succfound;
uint8_t eapid;
/* Extracted from EAP-MD5 exchange */
char username[64];
uint8_t challenge[16];
uint8_t response[16];
uint8_t respeapid;
};
void cleanexit();
void usage();
int radiotap_offset(pcap_t *p, struct pcap_pkthdr *h);
void assess_packet(char *user, struct pcap_pkthdr *h, u_int8_t *pkt);
void eapmd5_nexttarget(struct eapmd5pass_data *em);
int extract_eapusername(uint8_t *eap, int eaplen, struct eapmd5pass_data *em);
int extract_eapchallenge(uint8_t *eap, int eaplen, struct eapmd5pass_data *em);
int extract_eapresponse(uint8_t *eap, int eaplen, struct eapmd5pass_data *em);
int extract_eapsuccess(uint8_t *eap, int eaplen, struct eapmd5pass_data *em);
void break_pcaploop();
int main(int argc, char *argv[]);
void eapmd5_attack(struct eapmd5pass_data *em);
#endif
/* Copyright (c) 2007, Joshua Wright <jwright@hasborg.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation. See COPYING for more
* details.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*/
#ifndef IEEE80211_H
#define IEEE80211_H
#define DOT11HDR_A1_LEN 10
#define DOT11HDR_A3_LEN 24
#define DOT11HDR_A4_LEN 30
#define DOT11HDR_MAC_LEN 6
#define DOT11HDR_MINLEN DOT11HDR_A1_LEN
#define DOT11_FC_TYPE_MGMT 0
#define DOT11_FC_TYPE_CTRL 1
#define DOT11_FC_TYPE_DATA 2
#define DOT11_FC_SUBTYPE_ASSOCREQ 0
#define DOT11_FC_SUBTYPE_ASSOCRESP 1
#define DOT11_FC_SUBTYPE_REASSOCREQ 2
#define DOT11_FC_SUBTYPE_REASSOCRESP 3
#define DOT11_FC_SUBTYPE_PROBEREQ 4
#define DOT11_FC_SUBTYPE_PROBERESP 5
#define DOT11_FC_SUBTYPE_BEACON 8
#define DOT11_FC_SUBTYPE_ATIM 9
#define DOT11_FC_SUBTYPE_DISASSOC 10
#define DOT11_FC_SUBTYPE_AUTH 11
#define DOT11_FC_SUBTYPE_DEAUTH 12
#define DOT11_FC_SUBTYPE_PSPOLL 10
#define DOT11_FC_SUBTYPE_RTS 11
#define DOT11_FC_SUBTYPE_CTS 12
#define DOT11_FC_SUBTYPE_ACK 13
#define DOT11_FC_SUBTYPE_CFEND 14
#define DOT11_FC_SUBTYPE_CFENDACK 15
#define DOT11_FC_SUBTYPE_DATA 0
#define DOT11_FC_SUBTYPE_DATACFACK 1
#define DOT11_FC_SUBTYPE_DATACFPOLL 2
#define DOT11_FC_SUBTYPE_DATACFACKPOLL 3
#define DOT11_FC_SUBTYPE_DATANULL 4
#define DOT11_FC_SUBTYPE_CFACK 5
#define DOT11_FC_SUBTYPE_CFACKPOLL 6
#define DOT11_FC_SUBTYPE_CFACKPOLLNODATA 7
#define DOT11_FC_SUBTYPE_QOSDATA 8
/* 9 - 11 reserved as of 11/7/2005 - JWRIGHT */
#define DOT11_FC_SUBTYPE_QOSNULL 12
struct dot11hdr {
union {
struct {
uint8_t version:2;
uint8_t type:2;
uint8_t subtype:4;
uint8_t to_ds:1;
uint8_t from_ds:1;
uint8_t more_frag:1;
uint8_t retry:1;
uint8_t pwrmgmt:1;
uint8_t more_data:1;
uint8_t protected:1;
uint8_t order:1;
} __attribute__ ((packed)) fc;
uint16_t fchdr;
} u1;
uint16_t duration;
uint8_t addr1[6];
uint8_t addr2[6];
uint8_t addr3[6];
union {
struct {
uint16_t fragment:4;
uint16_t sequence:12;
} __attribute__ ((packed)) seq;
uint16_t seqhdr;
} u2;
} __attribute__ ((packed));
#define dot11hdra3 dot11hdr
#define ieee80211 dot11hdr
struct ieee80211_qos {
uint8_t priority:3;
uint8_t reserved3:1;
uint8_t eosp:1;
uint8_t ackpol:2;
uint8_t reserved1:1;
uint8_t reserved2;
} __attribute__ ((packed));
#define DOT11HDR_QOS_LEN 2
struct ieee8022 {
uint8_t dsap;
uint8_t ssap;
uint8_t control;
uint8_t oui[3];
uint16_t type;
} __attribute__ ((packed));
#define DOT2HDR_LEN sizeof(struct ieee8022)
#define IEEE8022_SNAP 0xaa
#define IEEE8022_TYPE_IP 0x0800
#define IEEE8022_TYPE_DOT1X 0x888e
#define IEEE8022_TYPE_ARP 0x0806
#endif
/* Copyright (c) 2007, Joshua Wright <jwright@hasborg.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation. See COPYING for more
* details.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*/
#ifndef IEEE8021X_H
#define IEEE8021X_H
/* The 802.1X header indicates a version, type and length */
struct ieee8021x {
uint8_t version;
uint8_t type;
uint16_t len;
} __attribute__ ((packed));
#define DOT1XHDR_LEN sizeof(struct ieee8021x)
#define DOT1X_VERSION1 1
#define DOT1X_VERSION2 2
#define DOT1X_TYPE_EAP 0
#endif
/* Copyright (c) 2007, Joshua Wright <jwright@hasborg.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation. See COPYING for more
* details.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*/
#ifndef IETFPROTO_H
#define IETFPROTO_H
/* EAP message constants */
#define EAP_REQUEST 1
#define EAP_RESPONSE 2
#define EAP_SUCCESS 3
#define EAP_FAILURE 4
/* EAP types, more at http://www.iana.org/assignments/eap-numbers */
#define EAP_TYPE_EAP 0
#define EAP_TYPE_ID 1
#define EAP_TYPE_MD5 4
struct eap_hdr {
uint8_t code; /* 1=request, 2=response, 3=success, 4=failure? */
uint8_t identifier;
uint16_t length; /* Length of the entire EAP message */
/* The following fields may not be present in all EAP frames */
uint8_t type;
uint8_t flags;
uint32_t totallen;
} __attribute__ ((packed));
#define EAPHDR_MIN_LEN 4
#endif
/* $FreeBSD: src/sys/net80211/ieee80211_radiotap.h,v 1.5 2005/01/22 20:12:05 sam Exp $ */
/* $NetBSD: ieee80211_radiotap.h,v 1.11 2005/06/22 06:16:02 dyoung Exp $ */
/*-
* Copyright (c) 2003, 2004 David Young. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of David Young may not be used to endorse or promote
* products derived from this software without specific prior
* written permission.
*
* THIS SOFTWARE IS PROVIDED BY DAVID YOUNG ``AS IS'' AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL DAVID
* YOUNG BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
* OF SUCH DAMAGE.
*/
#ifndef RADIOTAP_H
#define RADIOTAP_H
/* Kluge the radiotap linktype for now if we don't have it */
#ifndef LNX_ARPHRD_IEEE80211_RADIOTAP
#define LNX_ARPHRD_IEEE80211_RADIOTAP 803
#endif
/* Radiotap header version (from official NetBSD feed) */
#define IEEE80211RADIOTAP_VERSION "1.5"
/* Base version of the radiotap packet header data */
#define PKTHDR_RADIOTAP_VERSION 0
/* The radio capture header precedes the 802.11 header. */
struct ieee80211_radiotap_header {
u_int8_t it_version; /* Version 0. Only increases
* for drastic changes,
* introduction of compatible
* new fields does not count.
*/
u_int8_t it_pad;
u_int16_t it_len; /* length of the whole
* header in bytes, including
* int_version, it_pad,
* it_len, and data fields.
*/
u_int32_t it_present; /* A bitmap telling which
* fields are present. Set bit 31
* (0x80000000) to extend the
* bitmap by another 32 bits.
* Additional extensions are made
* by setting bit 31.
*/
};
/* Name Data type Units
* ---- --------- -----
*
* IEEE80211_RADIOTAP_TSFT u_int64_t microseconds
*
* Value in microseconds of the MAC's 64-bit 802.11 Time
* Synchronization Function timer when the first bit of the
* MPDU arrived at the MAC. For received frames, only.
*
* IEEE80211_RADIOTAP_CHANNEL 2 x u_int16_t MHz, bitmap
*
* Tx/Rx frequency in MHz, followed by flags (see below).
*
* IEEE80211_RADIOTAP_FHSS u_int16_t see below
*
* For frequency-hopping radios, the hop set (first byte)
* and pattern (second byte).
*
* IEEE80211_RADIOTAP_RATE u_int8_t 500kb/s
*
* Tx/Rx data rate
*
* IEEE80211_RADIOTAP_DBM_ANTSIGNAL int8_t decibels from
* one milliwatt (dBm)
*
* RF signal power at the antenna, decibel difference from
* one milliwatt.
*
* IEEE80211_RADIOTAP_DBM_ANTNOISE int8_t decibels from
* one milliwatt (dBm)
*
* RF noise power at the antenna, decibel difference from one
* milliwatt.
*
* IEEE80211_RADIOTAP_DB_ANTSIGNAL u_int8_t decibel (dB)
*
* RF signal power at the antenna, decibel difference from an
* arbitrary, fixed reference.
*
* IEEE80211_RADIOTAP_DB_ANTNOISE u_int8_t decibel (dB)
*
* RF noise power at the antenna, decibel difference from an
* arbitrary, fixed reference point.
*
* IEEE80211_RADIOTAP_LOCK_QUALITY u_int16_t unitless
*
* Quality of Barker code lock. Unitless. Monotonically
* nondecreasing with "better" lock strength. Called "Signal
* Quality" in datasheets. (Is there a standard way to measure
* this?)
*
* IEEE80211_RADIOTAP_TX_ATTENUATION u_int16_t unitless
*
* Transmit power expressed as unitless distance from max
* power set at factory calibration. 0 is max power.
* Monotonically nondecreasing with lower power levels.
*
* IEEE80211_RADIOTAP_DB_TX_ATTENUATION u_int16_t decibels (dB)
*
* Transmit power expressed as decibel distance from max power
* set at factory calibration. 0 is max power. Monotonically
* nondecreasing with lower power levels.
*
* IEEE80211_RADIOTAP_DBM_TX_POWER int8_t decibels from
* one milliwatt (dBm)
*
* Transmit power expressed as dBm (decibels from a 1 milliwatt
* reference). This is the absolute power level measured at
* the antenna port.
*
* IEEE80211_RADIOTAP_FLAGS u_int8_t bitmap
*
* Properties of transmitted and received frames. See flags
* defined below.
*
* IEEE80211_RADIOTAP_ANTENNA u_int8_t antenna index
*
* Unitless indication of the Rx/Tx antenna for this packet.
* The first antenna is antenna 0.
*
* IEEE80211_RADIOTAP_FCS u_int32_t data
*
* FCS from frame in network byte order.
*/
enum ieee80211_radiotap_type {
IEEE80211_RADIOTAP_TSFT = 0,
IEEE80211_RADIOTAP_FLAGS = 1,
IEEE80211_RADIOTAP_RATE = 2,
IEEE80211_RADIOTAP_CHANNEL = 3,
IEEE80211_RADIOTAP_FHSS = 4,
IEEE80211_RADIOTAP_DBM_ANTSIGNAL = 5,
IEEE80211_RADIOTAP_DBM_ANTNOISE = 6,
IEEE80211_RADIOTAP_LOCK_QUALITY = 7,
IEEE80211_RADIOTAP_TX_ATTENUATION = 8,
IEEE80211_RADIOTAP_DB_TX_ATTENUATION = 9,
IEEE80211_RADIOTAP_DBM_TX_POWER = 10,
IEEE80211_RADIOTAP_ANTENNA = 11,
IEEE80211_RADIOTAP_DB_ANTSIGNAL = 12,
IEEE80211_RADIOTAP_DB_ANTNOISE = 13,
IEEE80211_RADIOTAP_FCS = 14,
IEEE80211_RADIOTAP_EXT = 31,
};
/* Channel flags. */
#define IEEE80211_CHAN_TURBO 0x0010 /* Turbo channel */
#define IEEE80211_CHAN_CCK 0x0020 /* CCK channel */
#define IEEE80211_CHAN_OFDM 0x0040 /* OFDM channel */
#define IEEE80211_CHAN_2GHZ 0x0080 /* 2 GHz spectrum channel. */
#define IEEE80211_CHAN_5GHZ 0x0100 /* 5 GHz spectrum channel */
#define IEEE80211_CHAN_PASSIVE 0x0200 /* Only passive scan allowed */
#define IEEE80211_CHAN_DYN 0x0400 /* Dynamic CCK-OFDM channel */
#define IEEE80211_CHAN_GFSK 0x0800 /* GFSK channel (FHSS PHY) */
/* For IEEE80211_RADIOTAP_FLAGS */
#define IEEE80211_RADIOTAP_F_CFP 0x01 /* sent/received
* during CFP
*/
#define IEEE80211_RADIOTAP_F_SHORTPRE 0x02 /* sent/received
* with short
* preamble
*/
#define IEEE80211_RADIOTAP_F_WEP 0x04 /* sent/received
* with WEP encryption
*/
#define IEEE80211_RADIOTAP_F_FRAG 0x08 /* sent/received
* with fragmentation
*/
#define IEEE80211_RADIOTAP_F_FCS 0x10 /* frame includes FCS */
#define IEEE80211_RADIOTAP_F_DATAPAD 0x20 /* frame has padding between
* 802.11 header and payload
* (to 32-bit boundary)
*/
/* Ugly macro to convert literal channel numbers into their mhz equivalents
* There are certianly some conditions that will break this (like feeding it '30')
* but they shouldn't arise since nothing talks on channel 30. */
#define ieee80211chan2mhz(x) \
(((x) <= 14) ? \
(((x) == 14) ? 2484 : ((x) * 5) + 2407) : \
((x) + 1000) * 5)
#endif /* RADIOTAP_H */
/* Copyright (c) 2007, Joshua Wright <jwright@hasborg.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation. See COPYING for more
* details.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*/
#include <stdlib.h>
#include <stdio.h>
#include <stdarg.h>
#include <string.h>
#include <stdint.h>
#include <crypt.h>
#include <unistd.h>
#include <ctype.h>
#include <netinet/in.h> /* for ntohs() */
#include <errno.h>
#include <sys/types.h>
#include "utils.h"
void lamont_hdump(unsigned char *bp, unsigned int length);
char *printmac(unsigned char *mac);
/* A better version of hdump, from Lamont Granquist. Modified slightly
by Fyodor (fyodor@DHP.com) */
void lamont_hdump(unsigned char *bp, unsigned int length)
{
/* stolen from tcpdump, then kludged extensively */
static const char asciify[] =
"................................ !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~.................................................................................................................................";
const unsigned short *sp;
const unsigned char *ap;
unsigned int i, j;
int nshorts, nshorts2;
int padding;
printf("\n\t");
padding = 0;
sp = (unsigned short *)bp;
ap = (unsigned char *)bp;
nshorts = (unsigned int)length / sizeof(unsigned short);
nshorts2 = (unsigned int)length / sizeof(unsigned short);
i = 0;
j = 0;
while (1) {
while (--nshorts >= 0) {
printf(" %04x", ntohs(*sp));
sp++;
if ((++i % 8) == 0)
break;
}
if (nshorts < 0) {
if ((length & 1) && (((i - 1) % 8) != 0)) {
printf(" %02x ", *(unsigned char *)sp);
padding++;
}
nshorts = (8 - (nshorts2 - nshorts));
while (--nshorts >= 0) {
printf(" ");
}
if (!padding)
printf(" ");
}
printf(" ");
while (--nshorts2 >= 0) {
printf("%c%c", asciify[*ap], asciify[*(ap + 1)]);
ap += 2;
if ((++j % 8) == 0) {
printf("\n\t");
break;
}
}
if (nshorts2 < 0) {
if ((length & 1) && (((j - 1) % 8) != 0)) {
printf("%c", asciify[*ap]);
}
break;
}
}
if ((length & 1) && (((i - 1) % 8) == 0)) {
printf(" %02x", *(unsigned char *)sp);
printf(" %c",
asciify[*ap]);
}
printf("\n");
}
int str2mac(char *string, uint8_t *mac)
{
char *ptr, *next;
unsigned long val;
int i;
to_upper(string);
ptr = next = string;
for (i = 0; i < 6; i++) {
if ((val = strtoul(next, &ptr, 16)) > 255) {
return (-1);
}
mac[i] = (uint8_t) val;
if ((next == ptr) && (i != 6 - 1)) {
return (-1);
}
next = ptr + 1;
}
return (0);
}
void to_upper (char *s)