nexmon – Blame information for rev 1

Subversion Repositories:
Rev:
Rev Author Line No. Line
1 office 1 /*
2 * coWPAtty - Brute-force dictionary attack against WPA-PSK.
3 *
4 * Copyright (c) 2004-2005, Joshua Wright <jwright@hasborg.com>
5 *
6 * $Id: cowpatty.h,v 4.3 2008-11-12 14:22:27 jwright Exp $
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License version 2 as
10 * published by the Free Software Foundation. See COPYING for more
11 * details.
12 *
13 * coWPAtty is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 */
18  
19 /*
20 * Significant code is graciously taken from the following:
21 * wpa_supplicant by Jouni Malinen. This tool would have been MUCH more
22 * difficult for me if not for this code. Thanks Jouni.
23 */
24  
25 #include "common.h"
26  
27 /* IEEE 802.11 frame information */
28 #define DOT11HDR_A3_LEN 24
29 #define DOT11_FC_TYPE_MGMT 0
30 #define DOT11_FC_TYPE_CTRL 1
31 #define DOT11_FC_TYPE_DATA 2
32  
33 #define DOT11_FC_SUBTYPE_DATA 0
34 #define DOT11_FC_SUBTYPE_DATACFACK 1
35 #define DOT11_FC_SUBTYPE_DATACFPOLL 2
36 #define DOT11_FC_SUBTYPE_DATACFACKPOLL 3
37 #define DOT11_FC_SUBTYPE_DATANULL 4
38 #define DOT11_FC_SUBTYPE_CFACK 5
39 #define DOT11_FC_SUBTYPE_CFACKPOLL 6
40 #define DOT11_FC_SUBTYPE_CFACKPOLLNODATA 7
41 #define DOT11_FC_SUBTYPE_QOSDATA 8
42 /* 9 - 11 reserved as of 11/7/2005 - JWRIGHT */
43 #define DOT11_FC_SUBTYPE_QOSNULL 12
44  
45 struct dot11hdr {
46 union {
47 struct {
48 uint8_t version:2;
49 uint8_t type:2;
50 uint8_t subtype:4;
51 uint8_t to_ds:1;
52 uint8_t from_ds:1;
53 uint8_t more_frag:1;
54 uint8_t retry:1;
55 uint8_t pwrmgmt:1;
56 uint8_t more_data:1;
57 uint8_t protected:1;
58 uint8_t order:1;
59 } __attribute__ ((packed)) fc;
60  
61 uint16_t fchdr;
62 } u1;
63  
64 uint16_t duration;
65 uint8_t addr1[6];
66 uint8_t addr2[6];
67 uint8_t addr3[6];
68  
69 union {
70 struct {
71 uint16_t fragment:4;
72 uint16_t sequence:12;
73 } __attribute__ ((packed)) seq;
74  
75 uint16_t seqhdr;
76 } u2;
77  
78 } __attribute__ ((packed));
79  
80  
81 /* IEEE 802.1X frame information */
82  
83 struct ieee802_1x_hdr {
84 u8 version;
85 u8 type;
86 u16 length;
87 /* followed by length octets of data */
88 } __attribute__ ((packed));
89  
90 /* The 802.1x header indicates a version, type and length */
91 struct ieee8021x {
92 u8 version;
93 u8 type;
94 u16 length;
95 } __attribute__ ((packed));
96  
97 #define MAXPASSLEN 64
98 #define MEMORY_DICT 0
99 #define STDIN_DICT 1
100 #define EAPDOT1XOFFSET 4
101 #define BIT(n) (1 << (n))
102 #define WPA_KEY_INFO_TYPE_MASK (BIT(0) | BIT(1) | BIT(2))
103 #define WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 BIT(0)
104 #define WPA_KEY_INFO_TYPE_HMAC_SHA1_AES BIT(1)
105 #define WPA_KEY_INFO_KEY_TYPE BIT(3) /* 1 = Pairwise, 0 = Group key */
106 /* bit4..5 is used in WPA, but is reserved in IEEE 802.11i/RSN */
107 #define WPA_KEY_INFO_KEY_INDEX_MASK (BIT(4) | BIT(5))
108 #define WPA_KEY_INFO_KEY_INDEX_SHIFT 4
109 #define WPA_KEY_INFO_INSTALL BIT(6) /* pairwise */
110 #define WPA_KEY_INFO_TXRX BIT(6) /* group */
111 #define WPA_KEY_INFO_ACK BIT(7)
112 #define WPA_KEY_INFO_MIC BIT(8)
113 #define WPA_KEY_INFO_SECURE BIT(9)
114 #define WPA_KEY_INFO_ERROR BIT(10)
115 #define WPA_KEY_INFO_REQUEST BIT(11)
116 #define WPA_KEY_INFO_ENCR_KEY_DATA BIT(12) /* IEEE 802.11i/RSN only */
117 #define WPA_NONCE_LEN 32
118 #define WPA_REPLAY_COUNTER_LEN 8
119  
120 struct wpa_eapol_key {
121 u8 type;
122 u16 key_info;
123 u16 key_length;
124 u8 replay_counter[WPA_REPLAY_COUNTER_LEN];
125 u8 key_nonce[WPA_NONCE_LEN];
126 u8 key_iv[16];
127 u8 key_rsc[8];
128 u8 key_id[8]; /* Reserved in IEEE 802.11i/RSN */
129 u8 key_mic[16];
130 u16 key_data_length;
131 /* u8 key_data[0]; */
132 } __attribute__ ((packed));
133  
134 struct wpa_ptk {
135 u8 mic_key[16]; /* EAPOL-Key MIC Key (MK) */
136 u8 encr_key[16]; /* EAPOL-Key Encryption Key (EK) */
137 u8 tk1[16]; /* Temporal Key 1 (TK1) */
138 union {
139 u8 tk2[16]; /* Temporal Key 2 (TK2) */
140 struct {
141 u8 tx_mic_key[8];
142 u8 rx_mic_key[8];
143 } auth;
144 } u;
145 } __attribute__ ((packed));
146  
147 struct user_opt {
148 char ssid[256];
149 char dictfile[256];
150 char pcapfile[256];
151 char hashfile[256];
152 u8 nonstrict;
153 u8 checkonly;
154 u8 verbose;
155 u8 unused;
156 };
157  
158 struct capture_data {
159 char pcapfilename[256];
160 int pcaptype;
161 int dot1x_offset;
162 int l2type_offset;
163 int dstmac_offset;
164 int srcmac_offset;
165 };
166  
167 struct crack_data {
168 u8 aa[6];
169 u8 spa[6];
170 u8 snonce[32];
171 u8 anonce[32];
172 u8 eapolframe[99];
173 u8 eapolframe2[125];
174 u8 keymic[16];
175 u8 aaset;
176 u8 spaset;
177 u8 snonceset;
178 u8 anonceset;
179 u8 keymicset;
180 u8 eapolframeset;
181 u8 replay_counter[8];
182  
183 int ver; /* Hashing algo, MD5 or AES-CBC-MAC */
184 int eapolframe_size;
185 };
186  
187 struct hashdb_head {
188 uint32_t magic;
189 uint8_t reserved1[3];
190 uint8_t ssidlen;
191 uint8_t ssid[32];
192 };
193  
194 struct hashdb_rec {
195 uint8_t rec_size;
196 char *word;
197 uint8_t pmk[32];
198 } __attribute__ ((packed));