Logo Search packages:      
Sourcecode: weplab version File versions  Download package

bruteforce.c

/*

      weplab - Wep Key Cracker

      Copyright (C) 2004 Jose Ignacio Sanchez Martin - Topo[LB]

      This program is free software; you can redistribute it and/or modify
      it under the terms of the GNU General Public License as published by
      the Free Software Foundation; either version 2, or (at your option)
      any later version.

      This program is distributed in the hope that it will be useful,
      but WITHOUT ANY WARRANTY; without even the implied warranty of
      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      GNU General Public License for more details.

      You should have received a copy of the GNU General Public License
      along with this program; if not, write to the Free Software Foundation,
      Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.  

      ---------

      bruteforce.c: dictionary based wep crack.
*/

#include <pcap.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <unistd.h>
#include <signal.h>
#include <time.h>
#include <sys/types.h>
#include <sys/wait.h>
#include "globals.h"
#include "debug.h"
#include "bruteforce.h"
#include "wep.h"

unsigned long int totalTests=0;
short nTotalTests=0;
t_bruteforceKey key;
time_t initialTime;
time_t lastTime;
time_t actualTime;

pid_t arrayProcesses[64];
int currentProcessNumber=0;

unsigned char finalByte=0xFF;
unsigned char initByte=0x00;

short IncrementKey(t_bruteforceKey *key){
      int i;
      for (i=0; i<global_v.key_len; i++) {
            if (key->logicalStatus[i]==key->keyspace[i].total-1){
                  key->logicalStatus[i]=0;
                  key->key[i]=key->keyspace[i].values[key->logicalStatus[i]];
            }else{
                  key->logicalStatus[i]++;
                  key->key[i]=key->keyspace[i].values[key->logicalStatus[i]];
                  break;
            }
      }
      //for (i=0; i<global_v.key_len; i++) key->key[i]=key->keyspace[i].values[key->logicalStatus[i]];
      if (i==global_v.key_len && key->logicalStatus[i]==0) return 1;
      return 0;
}

inline void IncrementKeyOptimized(t_bruteforceKey *key){
      register int i;
      for (i=0; i<global_v.key_len; i++) {
            if (!i && key->byte0IntValue+global_v.processes>finalByte){  
                  key->key[i]=initByte+currentProcessNumber;
                  key->byte0IntValue=key->key[i];
            }else if (i && key->key[i]==finalByte){
                  key->key[i]=initByte;
              if (i==(global_v.key_len-1)) {
                /* We have already covered the whole keyspace so we can show statistics and quit */
                  printf(" => Process %u finished!\n",currentProcessNumber); 
                  kill(getpid(), SIGUSR1);
                //exit(1);
              }               
            }else{
                  if (!i){
                        //key->key[i]+=global_v.processes;
                        key->byte0IntValue+=global_v.processes;
                        key->key[i]=key->byte0IntValue;     
                        break;
                  }else{
                        if (!key->key[i]) {
                              if (!initByte) key->key[i]=initByte+1;
                              else key->key[i]=initByte;
                        }else key->key[i]++;
                        break;
                  }
            }
      }
//printf("Process %u: ",currentProcessNumber);
//ViewKey (key->key,global_v.key_len);
}


void catch_int(int sig_num){
      int i;
      if (!currentProcessNumber) for (i=1; i<global_v.processes; i++) kill(arrayProcesses[i],SIGUSR1);
      signal(SIGUSR1, catch_int);
      actualTime=time(NULL);
      printf("Process number: %u ===>",currentProcessNumber);
      if (!nTotalTests) printf(" %lu keys tested [",totalTests);
      else printf(" %d * %lu keys tested [",nTotalTests, totalTests);
      if (actualTime-lastTime) printf("%lu c/s] >>> ",(unsigned long int)totalTests/(actualTime-lastTime));
      ViewKey (key.key,global_v.key_len);
      
}

void bruteforce (void){
      t_storedPacket *packets[10];
      pcap_t *file;
      pid_t mpid;
      int i;
      int j;
      int c;
      int totalPackets;
      //unsigned char key2[13]="\x3e\x9a\xa0\xa4\xc6\x2e\xad\x59\x5a\x07\xa1\x80\x1f";
      int trues;
      int totalTemp=0;
      
      #ifdef _DEBUG
      debug("Starting bruteforce based cracking.");
      #endif
      
      file=OpenPcapFile(global_v.packetsFilename);    

      signal(SIGUSR1, SIG_IGN);
      
      for (i=0; i<10; i++) {
            packets[i]=malloc(sizeof(t_storedPacket));
            packets[i]->packet=NULL;
      }

      totalPackets=GetLessSizedPackets(file, packets);
      DebugView10Packets(packets, totalPackets);
      ClosePcapFile(file);

      initByte=0;
      if (global_v.ascii) {
            finalByte=0x7F; 
            printf(" => Ascii mode selected. Only values from 0x00 to 0x7F will be tested\n\n");
      }
      else finalByte=0xFF;
      if (global_v.alpha) {
            finalByte=0x7A; 
            printf(" => Alpha mode selected. Only values from 0x41 to 0x7A will be tested\n\n");
            initByte=0x41;    
      }

      if (global_v.alnum) {
            finalByte=0x7A;
            initByte=0x30;
            printf(" => Alphanumeric mode selected. Only values from 0x30 to 0x7A will be tested\n\n");
      }


      for (i=0; i<global_v.key_len; i++) key.key[i]=0;

      currentProcessNumber=0;       
      
      // Here I start creating processes
      for (i=0; i<global_v.processes-1 && mpid; i++){
            mpid=fork();            
            currentProcessNumber++;       
            if (mpid) arrayProcesses[currentProcessNumber]=mpid;        
      }
      
      if (mpid) currentProcessNumber=0;

      debug("Launched process number %u",currentProcessNumber);

      
      for (i=0; i<global_v.key_len-1; i++){
            for (j=initByte; j<=finalByte-initByte; j++) key.keyspace[i].values[j]=j;
            key.keyspace[i].total=finalByte-initByte;
            key.logicalStatus[i]=0;
      }
      
      //Ahora relleno de acorde con el proceso actual
      for (j=0; j<=finalByte-initByte; j++){
            if (j%global_v.processes==currentProcessNumber){
                  key.keyspace[global_v.key_len-1].values[totalTemp]=j;
                  totalTemp++;            
            }     
      }
      key.keyspace[global_v.key_len-1].total=totalTemp;
      key.logicalStatus[global_v.key_len-1]=0;
      //key.key[global_v.key_len-1]=key.keyspace[global_v.key_len-1].values[0];

      key.byte0IntValue=initByte+currentProcessNumber-global_v.processes;
      key.key[0]=key.byte0IntValue;

// TEST
      initialTime=time(NULL);
      lastTime=time(NULL);
      if (!currentProcessNumber) mpid=fork();
      else mpid=0;
      if (!(mpid)){     
            signal(SIGUSR1, catch_int);
            printf("Bruteforce started! Please hit enter to get statistics.\n");
            fflush(stdout);
            while (1){
                  IncrementKeyOptimized(&key);        
                  // IncrementKey(&key);        
                  
                  if (!++totalTests){
                        lastTime=time(NULL);
                        nTotalTests++;    
                  }
                  if (VerifyPacketWithKey(packets[0],key.key)){
                        printf("It seems that the first control data packet verifies the key! Let's test it with others....\n");
                        if (Verify10PacketsWithKey(packets, key.key)>2){
                              printf("Right KEY found!!\n");
                              ViewKey(key.key,global_v.key_len);  
                              fflush(stdout);
                              exit(1);
                        }
                  }
            }
      }else{
            arrayProcesses[0]=mpid;       
            while (!waitpid(0,NULL,WNOHANG)) {
                  c=getchar();
                  if (c=='\n') kill(mpid,SIGUSR1);
            }     
            
      }
// END TEST


      trues=Verify10PacketsWithKey(packets, key.key);
      if (trues) printf("HURRA! %d packets verified the key!",trues);
      fflush(stdout);   
      
}




Generated by  Doxygen 1.6.0   Back to index