1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399
|
/*
weplab - Wep Key Cracker
Copyright (C) 2004 Jose Ignacio Sanchez Martin - Topo[LB]
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software Foundation,
Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
---------
main.c: application entry point.
*/
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#define _GNU_SOURCE
#include <getopt.h>
#include <pcap.h>
#include "globals.h"
#include "debug.h"
#include "dictionary.h"
#include "bruteforce.h"
#include "heuristics.h"
#include "analpfile.h"
#include "capture.h"
#include "attack.h"
void ShowVersion(void){
printf("\n%s\n\n",PROGRAM_VERSION);
exit(0);
}
void ShowBanner(void){
printf("%s Wep Key Cracker (%s).\n%s\n\n",PROGRAM_NAME, PROGRAM_VERSION, PROGRAM_AUTHOR);
}
void SimpleUsageMsg(char *programName){
ShowBanner();
printf("Usage: %s [-a|-b|-r|-y|-c] [-k <keylength>] [extended options] <pcap file>\n", programName);
printf(" Modes:\n");
printf(" -a analyze pcap file and show information\n");
printf(" -y uses words (from stdin or wordfile) as wep keys\n");
printf(" -b brute forces wep keys\n");
printf(" -r uses statistical attacks to break the key\n");
printf(" -c capture encrypted data packets from a wireless interface\n");
printf(" -k [64|128] specifies 128 or 64 bits (default) key\n");
printf(" -h, --help display help about extended options\n");
printf("\n");
exit(1);
}
void UsageMsg(char *programName){
ShowBanner();
printf("Usage: %s [OPTIONS]... FILE\n", programName);
printf(" Options:\n");
printf(" --debug <debuglevel> prints debug information\n");
printf(" -v, --verbose print more information\n");
printf(" -y, --dictionary <file> uses words (from stdin) as wep keys\n");
printf(" -k, --key [64|128] specifies 128 or 64 bits (default) key\n");
printf(" -b, --bruteforce <file> brute forces wep keys\n");
printf(" -c, --capture capture encrypted data packets\n");
printf(" -i, --interface for capturing packets with --capture \n");
printf(" -r, --heuristics file uses weak keys and intelligent bruteforce\n");
printf(" -a, --analysis analyze file and get lite statistics\n");
printf(" -m, --multiprocess <number> Assume <number> of processes. Number must be between 1-64. Default 1.\n");
printf(" --caplen <length> maximun length of captured packets with --capture (default 80) \n");
printf(" --fcs assume all captured frames has the FCS field\n");
printf(" --keyid <id> just analyze specific id Wep packets. Only for 64 bits keys. (default 0)\n");
printf(" --prismheader assume all captured frames has the Prism header\n");
printf(" --allow_dups do not control packets with duplicated IVs\n");
printf(" --perc <number> uses this minimun percentage of succeed when using FMS cracking\n");
printf(" --wordfile <file> instead of reading words from stdin it uses this text file as wordfile for the dictionary attack\n");
printf(" --ascii just use bytes 0x00-0x7F for bruteforce wep key with --bruteforce\n");
printf(" --alpha just use bytes 0x41-0x7A for bruteforce wep key with --bruteforce\n");
printf(" --alnum just use bytes 0x30-0x7A for bruteforce wep key with --bruteforce\n");
printf(" --stability selects level of stability. Another way to specify which attacks, depending on their stability level, will be launched\n");
printf(" --debugkey <key> Gives the real wep key to weplab to gather information about a crack. <key> must be in the form of AA:BB:CC:DD... and may be incomplete.\n");
printf(" --attacks <number1,number2,...> allows you to select which attacks will be used for heuristic mode.\n");
printf(" --bssid <MAC> does only process those packets that belongs to specified BSSID\n");
printf(" -h, --help display this help and exit\n");
printf(" -V, --version output version information and exit\n");
printf("\n");
exit(1);
}
void ShowHelp(void){
char programName[2048];
sprintf(programName,"%s %s",PROGRAM_NAME, PROGRAM_VERSION);
UsageMsg(programName);
}
void QuitParameterError(char *error){
printf("\n ERROR:");
printf(error);
printf("\n\n Maybe you should take a look at the extended options (--help), read the manual (README) or visit the website http://weplab.sourceforge.net\n\n\n");
exit(1);
}
int hex2int(char buffer){
if (buffer=='0') return 0;
else if (buffer=='1') return 1;
else if (buffer=='2') return 2;
else if (buffer=='3') return 3;
else if (buffer=='4') return 4;
else if (buffer=='5') return 5;
else if (buffer=='6') return 6;
else if (buffer=='7') return 7;
else if (buffer=='8') return 8;
else if (buffer=='9') return 9;
else if (buffer=='A' || buffer=='a') return 10;
else if (buffer=='B' || buffer=='b') return 11;
else if (buffer=='C' || buffer=='c') return 12;
else if (buffer=='D' || buffer=='d') return 13;
else if (buffer=='E' || buffer=='e') return 14;
else if (buffer=='F' || buffer=='f') return 15;
else return 20;
}
int ReadHexByteArray(unsigned char *asciiByteArray, unsigned char *destination, int asciiByteArrayMaxSize){
int i,j;
int total=0;
unsigned char h1, h2;
for (i=0; asciiByteArray[i]!=0 && asciiByteArray[i+1]!=0 && i<asciiByteArrayMaxSize; i+=3){
total++;
h1=hex2int(asciiByteArray[i]);
h2=hex2int(asciiByteArray[i+1]);
if (h1==20 || h2==20) return 0;
destination[total-1]=(h1<<4)|(h2);
if (asciiByteArray[i+2]!=':' && optarg[i+2]!=0) return 0;
if (asciiByteArray[i+2]==0) break;
if (asciiByteArray[i+3]==0) break;
}
destination[total]=0;
return total;
}
int main(int argc, char **argv){
int optionSelected=1; // 2 words, 3 heuristics, 4 bruteforce
int opt;
int keySize=64;
int i,j;
int sizeaux;
unsigned char *saux;
int tmp[6];
struct option long_options[]={
{"version",0,NULL,'V'},
{"help",0,NULL,'h'},
{"debug",1,NULL,'d'},
{"verbose",0,NULL,'v'},
{"dictionary",0,NULL,'y'},
{"capture",0,NULL,'c'},
{"key",1,NULL,'k'},
{"interface",1,NULL,'i'},
{"stability",1,NULL,'s'},
{"fcs",0,NULL,0},
{"allow_dups",0,NULL,0},
{"caplen",1,NULL,0},
{"keyid",1,NULL,0},
{"perc",1,NULL,0},
{"multiprocess",1,NULL,'m'},
{"prismheader",0,NULL,0},
{"heuristics",2,NULL,'r'},
{"ascii",0,NULL,0},
{"alpha",0,NULL,0},
{"wordfile",1,NULL,0},
{"alnum",0,NULL,0},
{"bruteforce",0,NULL,'b'},
{"analysis",0,NULL,'a'},
{"debugkey",1,NULL,0},
{"attacks",1,NULL,0},
{"bssid",1,NULL,0},
{NULL,0,NULL,0}
};
int option_index=0;
int totalArgvParameters=1;
int h1, h2;
if (argc<2) SimpleUsageMsg(argv[0]);
while ((opt = getopt_long(argc, argv,"fpcVvhyabm:s:i:d:k:r::", long_options, &option_index)) != EOF) {
switch (opt) {
case 'V':
totalArgvParameters+=1;
ShowVersion();
break;
case 'v':
totalArgvParameters+=1;
global_v.verbose=1;
break;
case 'h':
totalArgvParameters+=1;
ShowHelp();
break;
case 'd':
totalArgvParameters+=2;
if (!optarg || optarg[0]=='-' || totalArgvParameters == argc) QuitParameterError("Debug level must be specified as a positive number");
global_v.debug=atoi(optarg);
break;
case 'a':
optionSelected*=0;
totalArgvParameters+=1;
break;
case 'y':
totalArgvParameters+=1;
optionSelected*=2;
break;
case 'r':
optionSelected*=3;
totalArgvParameters+=1;
if (optarg) {
//if (totalArgvParameters < argc-1){
strncpy(global_v.weakPcapFilename, optarg, 200);
printf("%s\n\n",optarg);
//totalArgvParameters+=1;
//}
}
break;
case 'b':
optionSelected*=4;
totalArgvParameters+=1;
break;
case 'c':
optionSelected*=5;
totalArgvParameters+=1;
break;
case 'k':
totalArgvParameters+=2;
if (!optarg || optarg[0]=='-' || totalArgvParameters == argc) QuitParameterError("key length must be either 64 or 128");
keySize=atoi(optarg);
break;
case 's':
totalArgvParameters+=2;
if (!optarg || optarg[0]=='-' || totalArgvParameters == argc) QuitParameterError("stability level must be a positive number from 1 to 5");
global_v.stability=atoi(optarg)-1;
break;
case 'm':
totalArgvParameters+=2;
if (!optarg || optarg[0]=='-' || totalArgvParameters == argc) QuitParameterError("number of processes must be defined as a positive number");
global_v.processes=atoi(optarg);
break;
case 'i':
totalArgvParameters+=2;
if (!optarg || optarg[0]=='-' || totalArgvParameters == argc) QuitParameterError("you must specify the interface name");
strncpy(global_v.device,optarg,20);
break;
case 0:
if (!strncmp(long_options[option_index].name,"prismheader",50))
{
totalArgvParameters+=1;
global_v.prismHeaderPresent=1;
}else if (!strncmp(long_options[option_index].name,"fcs",50)){
totalArgvParameters+=1;
global_v.fcsPresent=1;
}else if (!strncmp(long_options[option_index].name,"allow_dups",50)){
totalArgvParameters+=1;
global_v.allowdups=1;
}else if (!strncmp(long_options[option_index].name,"ascii",50)){
totalArgvParameters+=1;
global_v.ascii=1;
}else if (!strncmp(long_options[option_index].name,"alnum",50)){
totalArgvParameters+=1;
global_v.alnum=1;
}else if (!strncmp(long_options[option_index].name,"alpha",50)){
totalArgvParameters+=1;
global_v.alpha=1;
}else if (!strncmp(long_options[option_index].name,"caplen",50)){
totalArgvParameters+=2;
if (!optarg || optarg[0]=='-' || totalArgvParameters == argc) QuitParameterError("maximun packet lenght must be defined");
global_v.caplen=atoi(optarg);
}else if (!strncmp(long_options[option_index].name,"perc",50)){
totalArgvParameters+=2;
if (!optarg || optarg[0]=='-' || totalArgvParameters == argc) QuitParameterError("minimun percentaje of succeed mut be defined as a positive number from 1 to 100");
global_v.percSucceed=atoi(optarg);
}else if (!strncmp(long_options[option_index].name,"attacks",50)){
totalArgvParameters+=2;
if (!optarg || optarg[0]=='-' || totalArgvParameters == argc) QuitParameterError("you must define which attacks will be launched");
for (i=0; i<NUMBER_ATTACKS; i++) defaultAttacks[STABILITY_LEVELS][i]=0;
global_v.totalAttacksSelected=0;
sizeaux=strlen(optarg);
if (sizeaux<1) QuitParameterError("you must define which attacks will be launched");
saux=optarg;
for (i=1; i<sizeaux+1; i++) if (optarg[i]==',' || optarg[i]==0){
optarg[i]=0;
global_v.totalAttacksSelected++;
if (atoi(saux)>NUMBER_ATTACKS || !atoi(saux)) QuitParameterError("attacks to be launched must be defined as positive numbers from 1 to 5 splitted by commas and no spaces");
defaultAttacks[STABILITY_LEVELS][atoi(saux)-1]=1;
global_v.stability=0;
saux=(&optarg[i])+1;
}
}else if (!strncmp(long_options[option_index].name,"keyid",50)){
totalArgvParameters+=2;
if (!optarg || optarg[0]=='-' || totalArgvParameters == argc) QuitParameterError("keyid must be a positive number from 1 to 4");
global_v.keyid=atoi(optarg);
}else if (!strncmp(long_options[option_index].name,"wordfile",50)){
totalArgvParameters+=2;
if (!optarg || optarg[0]=='-' || totalArgvParameters == argc) QuitParameterError("you must specify a file to be used as wordfile");
strncpy(global_v.wordfile,optarg,255);
}else if (!strncmp(long_options[option_index].name,"bssid",50)){
totalArgvParameters+=2;
if (!optarg || optarg[0]=='-' || totalArgvParameters == argc) QuitParameterError("BSSID must be specified");
if (sscanf(optarg, "%x:%x:%x:%x:%x:%x", &tmp[0], &tmp[1], &tmp[2], &tmp[3], &tmp[4], &tmp[5]) < 6) {
printf("unable to parse bssid\n");
exit(2);
}
for(i = 0; i < 6; i++) {
global_v.target_bssid[i] = tmp[i] & 0xff;
}
global_v.target_bssid_selected = 1;
}else if (!strncmp(long_options[option_index].name,"debugkey",50)){
totalArgvParameters+=2;
if (!optarg || optarg[0]=='-' || totalArgvParameters == argc) QuitParameterError("debug key must be specified");
global_v.useDebugKey=ReadHexByteArray(optarg,global_v.debugKey,strlen(optarg)+1);
if (global_v.useDebugKey==0){
printf("ERROR: you have to specify the key like AA:BB:CC:DD:EE \n");
exit (1);
}
}
break;
default:
QuitParameterError("ERROR: unknown option.\n\n");
}
}
//debug("%u %u %u",option_index,argc,totalArgvParameters);
if (totalArgvParameters != argc-1){
QuitParameterError("Take a look at the command line options help.\nPerhaps you have selected two pcap files instead of one.\n\n");
}
strncpy(global_v.packetsFilename,argv[totalArgvParameters],200);
if (!strcmp(global_v.weakPcapFilename,"")) strncpy(global_v.weakPcapFilename, global_v.packetsFilename, 200);
if (optionSelected==1){
QuitParameterError("You must select 1 attack: dictionary, heuristics, brute force.\n\n");
}
if (optionSelected>5){
QuitParameterError("You can just select 1 attack: dictionary, heuristics, brute force; or packets capture mode\n\n");
}
if (keySize==128) global_v.key_len=13;
else if (keySize!=64) {
QuitParameterError("You must specify the key size. Sizes supported in this version: 64, 128\n\n");
}
if (global_v.stability<0 || global_v.stability>STABILITY_LEVELS-1){
QuitParameterError("stability level must be between 1 and 5\n\n");
}
if (global_v.processes<1 && global_v.processes>64){
QuitParameterError("Number of processors must be between 1 and 64.\n\n");
}
ShowBanner();
#ifdef _DEBUG
debug("Debug mode initialized");
debug("Using pcap version %s",pcap_lib_version());
#endif
// Initializing S for KSA of rc4
for(i = 0; i < 256; i++) S_InitialBackup[i] = i;
if (optionSelected==2) dictionary();
else if (optionSelected==3) heuristics();
else if (optionSelected==4) bruteforce();
else if (optionSelected==5) captureWeakPackets();
else if (optionSelected==0) AnalyzePcapFile();
#ifdef _DEBUG
debug("Finishing the program...");
#endif
return 0;
}
|