diff options
-rw-r--r-- | pcr/cowpatty/PKGBUILD | 34 | ||||
-rw-r--r-- | pcr/cowpatty/cowpatty-4.6-fixup16.patch | 403 |
2 files changed, 426 insertions, 11 deletions
diff --git a/pcr/cowpatty/PKGBUILD b/pcr/cowpatty/PKGBUILD index 200ace245..ef5aa6524 100644 --- a/pcr/cowpatty/PKGBUILD +++ b/pcr/cowpatty/PKGBUILD @@ -1,3 +1,4 @@ +# Contributor (Arch) : Levente Polyak <levente[at]leventepolyak[dot]net> # Contributor (Arch) : CRT <crt.011@gmail.com> # Contributor (Arch) : Sébastien Duquette <ekse.0x@gmail.com> # Contributor (Arch) : icarus <icarus.roaming@gmail.com> @@ -6,24 +7,35 @@ pkgname=cowpatty pkgver=4.6 -pkgrel=5 +pkgrel=6 pkgdesc="Wireless WPA/WPA2 PSK handshake cracking utility" -arch=('i686' 'x86_64' 'mips64el') -url="http://www.wirelessdefence.org/Contents/coWPAttyMain.htm" +url="http://www.willhackforsushi.com/?page_id=50" +arch=('i686' 'x86_64') license=('GPL') depends=('openssl' 'libpcap') options=('docs' '!makeflags') -source=("http://www.wirelessdefence.org/Contents/Files/cowpatty-$pkgver.tgz") +source=(http://www.willhackforsushi.com/code/${pkgname}/${pkgver}/${pkgname}-${pkgver}.tgz + cowpatty-4.6-fixup16.patch) +sha512sums=('87c55f3f43c0342cbcc46227a1e4cfe3f23e215adc68e376991b85344b00b56e7b57e3cf0f1e3d18378cd830a247b2e36644b41b5c0f00a2a382b410f4ab35af' + 'ad98cbf6abc2e08e15eba733d0e572c1ae08559dc458da7c07c5def920fd1d1885c63635f464533062fef9dcf31eb55dcdfff62936fdeb25f23d1e60da3b5990') + +prepare() { + cd "${pkgname}-${pkgver}" + sed -ri 's|(= -pipe)|+\1|g' Makefile + patch -p1 < ../cowpatty-4.6-fixup16.patch +} build() { - cd "$srcdir/$pkgname-$pkgver" - make - make strip + cd "${pkgname}-${pkgver}" + make all strip } package() { - cd "$srcdir/$pkgname-$pkgver" - make DESTDIR="$pkgdir/" BINDIR="/usr/bin/" install - install -D -m644 dict "$pkgdir"/usr/share/cowpatty/dict - install -D -m644 COPYING "$pkgdir"/usr/share/licenses/"$pkgname"/COPYING + cd "${pkgname}-${pkgver}" + make DESTDIR="${pkgdir}" BINDIR="/usr/bin" install + install -Dm 644 dict "${pkgdir}/usr/share/cowpatty/dict" + install -Dm 644 COPYING "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" + install -Dm 644 README "${pkgdir}/usr/share/doc/${pkgname}/README" } + +# vim: ts=2 sw=2 et: diff --git a/pcr/cowpatty/cowpatty-4.6-fixup16.patch b/pcr/cowpatty/cowpatty-4.6-fixup16.patch new file mode 100644 index 000000000..4c4574763 --- /dev/null +++ b/pcr/cowpatty/cowpatty-4.6-fixup16.patch @@ -0,0 +1,403 @@ +diff -uNr cowpatty-4.6/cowpatty.c cowpatty-4.6-fixup16/cowpatty.c +--- cowpatty-4.6/cowpatty.c 2009-07-03 08:15:50.000000000 -0700 ++++ cowpatty-4.6-fixup16/cowpatty.c 2009-08-01 13:26:14.820815924 -0700 +@@ -94,8 +94,7 @@ + "\t-d \tHash file (genpmk)\n" + "\t-r \tPacket capture file\n" + "\t-s \tNetwork SSID (enclose in quotes if SSID includes spaces)\n" +- "\t-2 \tUse frames 1 and 2 or 2 and 3 for key attack (nonstrict mode)\n" +- "\t-c \tCheck for valid 4-way frames, does not crack\n" ++ "\t-c \tCheck for valid 4-way frames, does not crack\n" + "\t-h \tPrint this help information and exit\n" + "\t-v \tPrint verbose information (more -v for more verbosity)\n" + "\t-V \tPrint program version and exit\n" "\n"); +@@ -151,7 +150,7 @@ + + int c; + +- while ((c = getopt(argc, argv, "f:r:s:d:c2nhvV")) != EOF) { ++ while ((c = getopt(argc, argv, "f:r:s:d:cnhvV")) != EOF) { + switch (c) { + case 'f': + strncpy(opt->dictfile, optarg, sizeof(opt->dictfile)); +@@ -166,9 +165,6 @@ + strncpy(opt->hashfile, optarg, sizeof(opt->hashfile)); + break; + case 'n': +- case '2': +- opt->nonstrict++; +- break; + case 'c': + opt->checkonly++; + break; +@@ -271,6 +267,7 @@ + case DLT_IEEE802_11: + case DLT_PRISM_HEADER: + case DLT_IEEE802_11_RADIO: ++ case DLT_PPI: + break; + default: + /* Unknown/unsupported pcap type */ +@@ -293,7 +290,9 @@ + /* Assume it's a libpcap file for now */ + int ret; + struct ieee80211_radiotap_header *rtaphdr; ++ struct ieee80211_radiotap_header *ppihdr; + int rtaphdrlen=0; ++ int ppihdrlen=0; + struct dot11hdr *dot11 = NULL; + + /* Loop on pcap_next_ex until we get a packet we want, return from +@@ -399,6 +398,37 @@ + return(ret); + break; + ++ case DLT_PPI: ++ ++ ppihdr = (struct ieee80211_radiotap_header *)packet; ++ ppihdrlen = le16_to_cpu(ppihdr->it_len); ++ ++ if (ppihdrlen > (h->len - 10)) { ++ return -2; ++ } ++ ++ if (ppihdrlen == 24) ++ ppihdrlen = 32; ++ ++ capdata->dstmac_offset = 4 + ppihdrlen; ++ capdata->srcmac_offset = 10 + ppihdrlen; ++ ++ dot11 = ((struct dot11hdr *)(packet+ppihdrlen)); ++ /* differentiate QoS data and non-QoS data frames */ ++ if (dot11->u1.fc.subtype == DOT11_FC_SUBTYPE_QOSDATA) { ++ capdata->dot1x_offset = 34 + ppihdrlen; ++ capdata->l2type_offset = 32 + ppihdrlen; ++ } else if (dot11->u1.fc.subtype == ++ DOT11_FC_SUBTYPE_DATA) { ++ capdata->dot1x_offset = 32 + ppihdrlen; ++ capdata->l2type_offset = 30 + ppihdrlen; ++ } else { ++ /* Not a data frame we support */ ++ continue; ++ } ++ return(ret); ++ break; ++ + default: + /* Unknown/unsupported pcap type */ + return (1); +@@ -435,21 +465,11 @@ + cdata->ver = key_info & WPA_KEY_INFO_TYPE_MASK; + index = key_info & WPA_KEY_INFO_KEY_INDEX_MASK; + +- if (opt->nonstrict == 0) { +- +- /* Check for EAPOL version 1, type EAPOL-Key */ +- if (dot1xhdr->version != 1 || dot1xhdr->type != 3) { +- return; +- } +- +- } else { +- +- /* Check for type EAPOL-Key */ +- if (dot1xhdr->type != 3) { +- return; +- } +- ++ /* Check for type EAPOL-Key */ ++ if (dot1xhdr->type != 3) { ++ return; + } ++ + if (cdata->ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 && + cdata->ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { + return; +@@ -457,12 +477,12 @@ + + if (cdata->ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) { + /* Check for WPA key, and pairwise key type */ +- if (eapolkeyhdr->type != 254 || ++ if ((eapolkeyhdr->type != 2 && eapolkeyhdr->type != 254) || + (key_info & WPA_KEY_INFO_KEY_TYPE) == 0) { + return; + } + } else if (cdata->ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { +- if (eapolkeyhdr->type != 2 || ++ if ((eapolkeyhdr->type != 2 && eapolkeyhdr->type != 254) || + (key_info & WPA_KEY_INFO_KEY_TYPE) == 0) { + return; + } +@@ -472,19 +492,22 @@ + + /* Check for frame 2 of the 4-way handshake */ + if ((key_info & WPA_KEY_INFO_MIC) +- && (key_info & WPA_KEY_INFO_ACK) == 0 +- && (key_info & WPA_KEY_INFO_INSTALL) == 0 +- && eapolkeyhdr->key_data_length > 0) { ++ && (key_info & WPA_KEY_INFO_ACK) == 0 ++ && (key_info & WPA_KEY_INFO_INSTALL) == 0 ++ && eapolkeyhdr->key_data_length > 0) { + + /* All we need from this frame is the authenticator nonce */ + memcpy(cdata->snonce, eapolkeyhdr->key_nonce, + sizeof(cdata->snonce)); + cdata->snonceset = 1; ++ memcpy(cdata->replay_counter1, ++ eapolkeyhdr->replay_counter, 8); ++ cdata->replay_counter1[7] = cdata->replay_counter1[7] + 1; + + /* Check for frame 3 of the 4-way handshake */ + } else if ((key_info & WPA_KEY_INFO_MIC) +- && (key_info & WPA_KEY_INFO_INSTALL) +- && (key_info & WPA_KEY_INFO_ACK)) { ++ && (key_info & WPA_KEY_INFO_INSTALL) ++ && (key_info & WPA_KEY_INFO_ACK)) { + + memcpy(cdata->spa, &packet[capdata->dstmac_offset], + sizeof(cdata->spa)); +@@ -497,15 +520,17 @@ + cdata->anonceset = 1; + /* We save the replay counter value in the 3rd frame to match + against the 4th frame of the four-way handshake */ +- memcpy(cdata->replay_counter, ++ memcpy(cdata->replay_counter2, + eapolkeyhdr->replay_counter, 8); + + /* Check for frame 4 of the four-way handshake */ + } else if ((key_info & WPA_KEY_INFO_MIC) +- && (key_info & WPA_KEY_INFO_ACK) == 0 +- && (key_info & WPA_KEY_INFO_INSTALL) == 0 +- && (memcmp (cdata->replay_counter, +- eapolkeyhdr->replay_counter, 8) == 0)) { ++ && (key_info & WPA_KEY_INFO_ACK) == 0 ++ && (key_info & WPA_KEY_INFO_INSTALL) == 0 ++ && (memcmp (cdata->replay_counter1, ++ cdata->replay_counter2, 8) == 0) ++ && (memcmp (cdata->replay_counter2, ++ eapolkeyhdr->replay_counter, 8) == 0)) { + + memcpy(cdata->keymic, eapolkeyhdr->key_mic, + sizeof(cdata->keymic)); +@@ -513,57 +538,77 @@ + sizeof(cdata->eapolframe)); + cdata->keymicset = 1; + cdata->eapolframeset = 1; +- } +- } else { ++ cdata->counters = 1; + +- /* Check for frame 1 of the 4-way handshake */ +- if ((key_info & WPA_KEY_INFO_MIC) == 0 +- && (key_info & WPA_KEY_INFO_ACK) +- && (key_info & WPA_KEY_INFO_INSTALL) == 0 ) { +- /* All we need from this frame is the authenticator nonce */ +- memcpy(cdata->anonce, eapolkeyhdr->key_nonce, +- sizeof(cdata->anonce)); +- cdata->anonceset = 1; +- +- /* Check for frame 2 of the 4-way handshake */ +- } else if ((key_info & WPA_KEY_INFO_MIC) +- && (key_info & WPA_KEY_INFO_INSTALL) == 0 +- && (key_info & WPA_KEY_INFO_ACK) == 0 +- && eapolkeyhdr->key_data_length > 0) { +- +- cdata->eapolframe_size = ( packet[capdata->dot1x_offset + 2] << 8 ) +- + packet[capdata->dot1x_offset + 3] + 4; +- +- memcpy(cdata->spa, &packet[capdata->dstmac_offset], +- sizeof(cdata->spa)); +- cdata->spaset = 1; +- +- memcpy(cdata->aa, &packet[capdata->srcmac_offset], +- sizeof(cdata->aa)); +- cdata->aaset = 1; ++ } + +- memcpy(cdata->snonce, eapolkeyhdr->key_nonce, +- sizeof(cdata->snonce)); +- cdata->snonceset = 1; ++ } else { + +- memcpy(cdata->keymic, eapolkeyhdr->key_mic, +- sizeof(cdata->keymic)); +- cdata->keymicset = 1; ++ /* Check for frame 1 of the 4-way handshake */ ++ if ((key_info & WPA_KEY_INFO_MIC) == 0 ++ && (key_info & WPA_KEY_INFO_ACK) ++ && (key_info & WPA_KEY_INFO_INSTALL) == 0 ) { ++ ++ /* All we need from this frame is the authenticator nonce */ ++ memcpy(cdata->anonce, eapolkeyhdr->key_nonce, ++ sizeof(cdata->anonce)); ++ cdata->anonceset = 1; ++ ++ memcpy(cdata->replay_counter1, ++ eapolkeyhdr->replay_counter, 8); ++ cdata->replay_counter1[7] = cdata->replay_counter1[7] + 1; ++ ++ /* Check for frame 2 or 4 of the 4-way handshake */ ++ } else if ((key_info & WPA_KEY_INFO_MIC) ++ && (key_info & WPA_KEY_INFO_INSTALL) == 0 ++ && (key_info & WPA_KEY_INFO_ACK) == 0) { ++ ++ cdata->eapolframe_size = ( packet[capdata->dot1x_offset + 2] << 8 ) ++ + packet[capdata->dot1x_offset + 3] + 4; ++ ++ memcpy(cdata->spa, &packet[capdata->dstmac_offset], ++ sizeof(cdata->spa)); ++ cdata->spaset = 1; ++ ++ memcpy(cdata->aa, &packet[capdata->srcmac_offset], ++ sizeof(cdata->aa)); ++ cdata->aaset = 1; ++ ++ memcpy(cdata->snonce, eapolkeyhdr->key_nonce, ++ sizeof(cdata->snonce)); ++ cdata->snonceset = 1; ++ ++ memcpy(cdata->keymic, eapolkeyhdr->key_mic, ++ sizeof(cdata->keymic)); ++ cdata->keymicset = 1; ++ ++ memcpy(cdata->eapolframe, &packet[capdata->dot1x_offset], ++ cdata->eapolframe_size); ++ cdata->eapolframeset = 1; + +- memcpy(cdata->eapolframe, &packet[capdata->dot1x_offset], +- cdata->eapolframe_size); +- cdata->eapolframeset = 1; ++ memcpy(cdata->replay_counter2, ++ eapolkeyhdr->replay_counter, 8); ++ cdata->replay_counter2[7] = cdata->replay_counter2[7] + 1; ++ memcpy(cdata->replay_counter3, ++ eapolkeyhdr->replay_counter, 8); ++ cdata->replay_counter3[7] = cdata->replay_counter3[7] + 2; ++ ++ /* Check for frame 3 of the 4-way handshake */ ++ } else if ((key_info & WPA_KEY_INFO_MIC) ++ && (key_info & WPA_KEY_INFO_ACK) ++ && (key_info & WPA_KEY_INFO_INSTALL)) { ++ ++ /* All we need from this frame is the authenticator nonce */ ++ memcpy(cdata->anonce, eapolkeyhdr->key_nonce, ++ sizeof(cdata->anonce)); ++ cdata->anonceset = 1; ++ ++ memcpy(cdata->replay_counter4, ++ eapolkeyhdr->replay_counter, 8); ++ cdata->replay_counter4[7] = cdata->replay_counter4[7] + 1; + ++ } + +- /* Check for frame 3 of the 4-way handshake */ +- } else if ((key_info & WPA_KEY_INFO_MIC) +- && (key_info & WPA_KEY_INFO_ACK) +- && (key_info & WPA_KEY_INFO_INSTALL)) { +- /* All we need from this frame is the authenticator nonce */ +- memcpy(cdata->anonce, eapolkeyhdr->key_nonce, +- sizeof(cdata->anonce)); +- cdata->anonceset = 1; +- } + } + } + +@@ -982,10 +1027,82 @@ + } + } + ++ if (!(cdata.aaset && cdata.spaset && cdata.snonceset && ++ cdata.anonceset && cdata.keymicset && cdata.eapolframeset)) { ++ ++ cdata.aaset = 0; ++ cdata.spaset = 0; ++ cdata.snonceset = 0; ++ cdata.anonceset = 0; ++ cdata.keymicset = 0; ++ cdata.eapolframeset = 0; ++ ++ opt.nonstrict = 1; ++ ++ memset(&capdata, 0, sizeof(struct capture_data)); ++ memset(&cdata, 0, sizeof(struct crack_data)); ++ memset(&eapolkey_nomic, 0, sizeof(eapolkey_nomic)); ++ ++ /* Populate capdata struct */ ++ strncpy(capdata.pcapfilename, opt.pcapfile, ++ sizeof(capdata.pcapfilename)); ++ if (openpcap(&capdata) != 0) { ++ printf("Unsupported or unrecognized pcap file.\n"); ++ exit(-1); ++ } ++ ++ /* populates global *packet */ ++ while (getpacket(&capdata) > 0) { ++ if (opt.verbose > 2) { ++ lamont_hdump(packet, h->len); ++ } ++ /* test packet for data that we are looking for */ ++ if (memcmp(&packet[capdata.l2type_offset], DOT1X_LLCTYPE, 2) == ++ 0 && (h->len >capdata.l2type_offset + sizeof(struct wpa_eapol_key))) { ++ /* It's a dot1x frame, process it */ ++ handle_dot1x(&cdata, &capdata, &opt); ++ ++ if (cdata.aaset && cdata.spaset && cdata.snonceset ++ && cdata.anonceset && cdata.keymicset ++ && cdata.eapolframeset) { ++ ++ if (cdata.replay_counter1 != 0 ++ && cdata.replay_counter2 != 0) { ++ ++ if (memcmp (cdata.replay_counter1, ++ cdata.replay_counter2, 8) == 0) { ++ ++ cdata.counters = 1; ++ /* We've collected everything we need. */ ++ break; ++ ++ } ++ ++ } ++ ++ if (cdata.replay_counter3 != 0 ++ && cdata.replay_counter4 != 0) { ++ ++ if (memcmp (cdata.replay_counter3, ++ cdata.replay_counter4, 8) == 0) { ++ ++ cdata.counters = 1; ++ /* We've collected everything we need. */ ++ break; ++ ++ } ++ ++ } ++ ++ } ++ } ++ } ++ } ++ + closepcap(&capdata); + + if (!(cdata.aaset && cdata.spaset && cdata.snonceset && +- cdata.anonceset && cdata.keymicset && cdata.eapolframeset)) { ++ cdata.anonceset && cdata.keymicset && cdata.eapolframeset && cdata.counters)) { + printf("End of pcap capture file, incomplete four-way handshake " + "exchange. Try using a\ndifferent capture.\n"); + exit(-1); +diff -uNr cowpatty-4.6/cowpatty.h cowpatty-4.6-fixup16/cowpatty.h +--- cowpatty-4.6/cowpatty.h 2009-06-04 06:24:16.000000000 -0700 ++++ cowpatty-4.6-fixup16/cowpatty.h 2009-07-17 16:16:58.043152023 -0700 +@@ -178,7 +178,11 @@ + u8 anonceset; + u8 keymicset; + u8 eapolframeset; +- u8 replay_counter[8]; ++ u8 replay_counter1[8]; ++ u8 replay_counter2[8]; ++ u8 replay_counter3[8]; ++ u8 replay_counter4[8]; ++ u8 counters; + + int ver; /* Hashing algo, MD5 or AES-CBC-MAC */ + int eapolframe_size; |