wepdecrypt.c

About WepDecrypt: Wepdecrypt is a Wireless LAN Tool written in c which guesses WEP Keys based o

/********************************************************************************
* File:   		wepdecrypt.c
* Date:   		2002-09-24
* Author: 		Alain Girardet/Dominik Blunk/Fernando Tarin
* Last Modified:	3-02-2005
*
*
* Description: Read guessed passwords from stdin and applies RC4
* on sniffed encrypted 802.11 DATA packets
*
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free Software
* Foundation; either version 2 of the License, or (at your option) any later
* version. See http://www.fsf.org/copyleft/gpl.txt.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY
* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
* PARTICULAR PURPOSE. See the GNU General Public License for more details.
*
********************************************************************************/

#include <time.h>
#include <sys/time.h>
#include <sys/timeb.h>
#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <errno.h>
#include <unistd.h>
#include <zlib.h>
#include <math.h>
#include <ctype.h>
#include <signal.h>
#include <string.h>
#include "wepdecrypt.h"
#include "wepfilter.h"
#include "log.h"
#include "config.h"
#include "modes.h"
#include "messages.h"
#include "misc.h"
#include "localkeygen.h"
#include "wepserver.h"
#include "wepclient.h"


wlan_packet_list* current_packet;

// local list with wlan packets
static wlan_packet_list* list_packet_to_crack;

// filepointer to read wordlist from
static FILE * fp;

// for time measuring
struct timeval t_val_start, t_val_end;
struct timezone t_zone;

// statistics
static long word_count = 1;
static double duration = 0;

// default mode (all modes sequential)
unsigned char use_modes = 0x01;

// to check bssid
char* BSSID=NULL;
wlan_packet_list* bssids_list=NULL;
int is_bssid_check_set = 0;

// server_mode
int	server_mode = 0;

//Key Used
unsigned char key[20];

void clean_up();

//
// get a line from stream
//
int get_line (char * line, FILE * stream, int lenght)
{
	int i=0;
	
	while (i < lenght && (line[i] = fgetc(stream)) != '\n') i++;
	line[i] = '\0';
	
	if (i == lenght) return 0;
	else return 1;
}

//
// load wlan packets from infile
//
void load_packets(char *infile, int network) {

	int network_count = 0, num_networks = 0;
	wlan_packet_list* aux;
	wlan_packet_list* aux_2;
	wlan_packet_list* aux3;
	char bssid_aux[18],bssid_aux2[13],bssid_aux3[18],bssid_aux4[13];

	// load networks from file
	list_packet_to_crack = get_packets(infile, server_mode);

	// check if at least one network is found
	if (list_packet_to_crack == NULL) {
		fprintf(stdout, "\n0 networks loaded...\n");
		exit(1);
	}

	current_packet = list_packet_to_crack;

	// make another list with provided bssid
	if (is_bssid_check_set){
		for (aux=current_packet; aux!=NULL;aux=aux->next){
			sprintf(bssid_aux,"%.2X:%.2X:%.2X:%.2X:%.2X:%.2X",aux->frame.bssid[0],aux->frame.bssid[1],aux->frame.bssid[2],aux->frame.bssid[3],aux->frame.bssid[4],aux->frame.bssid[5]);
			sprintf(bssid_aux2,"%.2X%.2X%.2X%.2X%.2X%.2X",aux->frame.bssid[0],aux->frame.bssid[1],aux->frame.bssid[2],aux->frame.bssid[3],aux->frame.bssid[4],aux->frame.bssid[5]);
			sprintf(bssid_aux3,"%.2x:%.2x:%.2x:%.2x:%.2x:%.2x",aux->frame.bssid[0],aux->frame.bssid[1],aux->frame.bssid[2],aux->frame.bssid[3],aux->frame.bssid[4],aux->frame.bssid[5]);
			sprintf(bssid_aux4,"%.2x%.2x%.2x%.2x%.2x%.2x",aux->frame.bssid[0],aux->frame.bssid[1],aux->frame.bssid[2],aux->frame.bssid[3],aux->frame.bssid[4],aux->frame.bssid[5]);
			if ((strncmp(bssid_aux,BSSID,17) == 0) || (strncmp(bssid_aux2,BSSID,12) == 0) || (strncmp(bssid_aux3,BSSID,17) == 0) || (strncmp(bssid_aux4,BSSID,12) == 0)){
				aux_2 = malloc(sizeof(wlan_packet_list));
				memcpy(&aux_2->frame.frameControl, aux->frame.frameControl, 2);
				memcpy(&aux_2->frame.duration, aux->frame.duration, 2);
				memcpy(&aux_2->frame.srcAddress, aux->frame.srcAddress, 6);
				memcpy(&aux_2->frame.dstAddress, aux->frame.dstAddress, 6);
				memcpy(&aux_2->frame.bssid, aux->frame.bssid, 6);
				if(aux->frame.address4 > 0) {
					memcpy(&aux_2->frame.address4, aux->frame.address4, 6);
				}
				memcpy(&aux_2->frame.sequenceControl, aux->frame.sequenceControl, 2);
				memcpy(&aux_2->frame.iv, &aux->frame.iv, 3);
				aux_2->frame.key=aux->frame.key;
				memcpy(&aux_2->frame.payload, aux->frame.payload, (aux->framesize)- (aux->frame.limits_payload));
				if (bssids_list == NULL){
					aux3 = malloc(sizeof(wlan_packet_list));
					aux3->next = NULL;
					bssids_list = aux3;
				}
				aux_2->framesize = aux->framesize;
				aux_2->next = bssids_list;
				bssids_list = aux_2;
			}
		}
		if (bssids_list != NULL){
		// we must free the old list
			delete_list(list_packet_to_crack);
			list_packet_to_crack = bssids_list;
			current_packet = list_packet_to_crack;
		}
		else printf("\n\nProvided BSSID not found. Cracking all networks");
	}
	
	// list all available networks
    printf("\n\nFounded BSSID:");
    while (current_packet->next != NULL) {
		network_count++;
		printf("\n%d)  ", network_count);
		print_hex_array(stdout, current_packet->frame.bssid, 6);
		printf("/ Key %d", current_packet->frame.key);
		current_packet = current_packet->next;
	}

	if (network >= network_count)
		network = 0;

	if (network){
		aux = current_packet = list_packet_to_crack;
		num_networks = network;
		while (num_networks != network_count){
			list_packet_to_crack = current_packet = current_packet->next;
			free(aux);
			aux = current_packet;
			num_networks++;
		}
		network_count = network;
	}		

	printf("\n%d network%s loaded...\n", network_count, network_count>1?"s":"");

}

//

// test if all packets are cracked
//
int all_packets_cracked() {

	int all = 1;

	// set current packet to first packet
	current_packet = list_packet_to_crack;
	// test each packet
	while (current_packet->next != NULL) {
		if (current_packet->cracked != 1)
			all--;
		current_packet = current_packet->next;
	}

	current_packet = list_packet_to_crack;
	return (all<1)?0:1;
}

//
// test key on every packet with requested modes
//
void loop_packets (unsigned char *key, unsigned char * server_host, int server_port, unsigned char * packet_file, int client_mode){
	int KEY_SIZE;

	while(current_packet->next != NULL) {
		if (!current_packet->cracked) {
			// mode wep 64 bit
			if ((use_modes & 0x07) == 0 || (use_modes & 0x07) == 1) {
				//correct size of the key
				if ((use_modes & 0x07) == 0) KEY_SIZE = 5;
				else KEY_SIZE = strlen(key);

				if (mode_wep(key, KEY_SIZE, 5)){
					wlan_key_cracked();
					if (client_mode) server_connection(server_host, server_port, packet_file, NULL, NULL, key, current_packet->frame.bssid, NULL, DECRYPTED_KEYS);
				}
			}
			// mode wep 128 bit
			if ((use_modes & 0x07) == 2 || (use_modes & 0x07) == 1) {
				//correct size of the key
				if ((use_modes & 0x07) == 2) KEY_SIZE = 13;
				else KEY_SIZE = strlen(key);

				if (mode_wep(key, KEY_SIZE, 13)){
					wlan_key_cracked();
					if (client_mode) server_connection(server_host, server_port, packet_file, NULL, NULL, key, current_packet->frame.bssid, NULL, DECRYPTED_KEYS);
				}					
			}
			// mode with keygen 64 bit
			if ((use_modes & 0x07) == 4 || (use_modes & 0x07) == 1 || (use_modes & 0x07) == 3){
				if (mode_keygen(key, strlen(key), 5))
					wlan_key_cracked();
			}
			// mode with keygen 128 bit
			if ((use_modes & 0x07) == 6 || (use_modes & 0x07) == 1 || (use_modes & 0x07) == 3){				
				if (mode_keygen(key, strlen(key), 13))
					wlan_key_cracked();
			}
		}
		current_packet = current_packet->next;
	}
}

//
// signal handler for ctrl+c
//
void sigint() {

	if (!server_mode){
		printf("\nAborting... writing result to '%s'\n", logfile);
		clean_up();
	}
	else{
		server_stop();
		exit(0);
	}
}

void sigchld(int sign){	
	waitpid(-1,NULL,WNOHANG);
}

void sighup(){
	server_stop();
	exit(0);
}

//
// print statistic and update logfile with uncracked networks
//
void clean_up() {

	// get end time
	gettimeofday(&t_val_end, &t_zone);

	// calculate elapsed time
	duration = difftime_us(&t_val_start, &t_val_end);
	printf("\ntime: %f sec\twords: %ld\n\n", duration, word_count);

	// write ucracked packets to logfile
	log_uncracked(list_packet_to_crack, key, use_modes);

	// close word input stream
	fclose(fp);

	delete_list(list_packet_to_crack);

	exit(0);
}

//
// main for wepdecrypt
//
int main(int argc, char * argv[]) {

	FILE*		pf;
	char* 		mode_opt;
	int 		i = 0, server_port=0, number_blocks = 0, keygen_mode = -1;
	int			initialized_start_key=0, initialized_end_key=0, total_blocks, line_len;
	register int 	op;
	char 		*packet_file = NULL, *word_file = "stdin all modes";
	int 		network_arg = 0;
	int 		control_key = 1;
	int			network_count = 0;
	int			client_mode = 0;
	int			get_file = 0;
	int			hexkeyfile = 0;
	unsigned char *start_key = NULL, *end_key = NULL;
	unsigned char skey[13], ekey[13];
	unsigned char *server_data = NULL, *server_host = NULL;
	unsigned char line[50];
#ifdef __CYGWIN__
	char * win_file_name[100], * win_word_file[100];
#endif

	fp = stdin;

	// install signal handler
	signal(SIGINT, sigint);	
	signal(SIGCHLD, sigchld);
	signal(SIGHUP, sighup);

	// if no arguments are given, exit
	if(argc <= 1) {
		show_help();
		return 0;
	}

	// process command line options
	// program will terminate, if invalid options are passed
    while((op = getopt(argc, argv, "n:b:m:f:i:e:c:d:w:l:?vhsg")) != -1) {
    	switch(op) {
		case 'n':
			network_arg = atoi(optarg);
			break;
		case 'b':
			BSSID = optarg;
			is_bssid_check_set = 1;
			break;
        // arg for packet file to read from
		case 'f':
			if (packet_file != NULL){
				fprintf(stdout,"\nUsage error: -f option can't be used twice\n\n");
				show_help();
				return 0;
			}
            packet_file = optarg;

#ifdef __CYGWIN__
			cygwin_conv_to_win32_path(packet_file, win_file_name);
			packet_file = win_file_name;
#endif
			
            break;
		// server mode
#ifndef __CYGWIN__
		case 's':
			server_mode = 1;
			break;
#endif
		// client_mode
		case 'c':
			client_mode = 1;
			word_file = "Client mode";		
			server_data = optarg;
			for (i=0;i<strlen(server_data);i++){
				if (server_data[i] == ':') break; 
			}
			if (i==strlen(server_data) || i==(strlen(server_data) - 1)){
				printf("\nBad client connection data!\n\n");
				show_help();
				return 0;
			}
			//Parse the server data
			server_host=malloc(i+1);
			memcpy(server_host,server_data,(i));
			server_host[i+1] = '\0';			
			server_port=atoi(server_data + (i+1));			
			break;
		// to get the file from server
		case 'g':
			get_file = 1;			
			break;
		// set number blocks
		case 'l':
			number_blocks = atoi(optarg);
			total_blocks = number_blocks;
			if (number_blocks == 0) number_blocks = -1;
			break;
		// arg for modes
        case 'm':
			mode_opt = optarg;
			if (strcmp(mode_opt,"64")== 0){
				if ((strcmp(word_file,"stdin all modes")!=0) && !hexkeyfile){
					fprintf(stdout,"\nUsage error: w option can't be used with 64 or 128 mode!\n\n");
					show_help();
					return 0;
				}
				word_file = "64 Bit Keygen";