forked from snoopspy/wdecrypt
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaircrack-ng.h
300 lines (251 loc) · 9.91 KB
/
aircrack-ng.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
/*
* 802.11 WEP / WPA-PSK Key Cracker
*
* Copyright (C) 2007-2012 Martin Beck <hirte@aircrack-ng.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
*
* In addition, as a special exception, the copyright holders give
* permission to link the code of portions of this program with the
* OpenSSL library under certain conditions as described in each
* individual source file, and distribute linked combinations
* including the two.
* You must obey the GNU General Public License in all respects
* for all of the code used other than OpenSSL. * If you modify
* file(s) with this exception, you may extend this exception to your
* version of the file(s), but you are not obligated to do so. * If you
* do not wish to do so, delete this exception statement from your
* version. * If you delete this exception statement from all source
* files in the program, then also delete it here.
*/
#ifndef _AIRCRACK_NG_H
#define _AIRCRACK_NG_H
#include <stdint.h>
#include <stdio.h>
#include <time.h>
#include <sys/time.h>
#if defined(__FreeBSD__)
#include <unistd.h>
#endif
#include "aircrack-ptw-lib.h"
#include "eapol.h"
#include <pthread.h>
#define SUCCESS 0
#define FAILURE 1
#define RESTART 2
#ifndef O_BINARY
#define O_BINARY 0
#endif
#define MAX_DICTS 128
#define ASCII_LOW_T 0x21
#define ASCII_HIGH_T 0x7E
#define ASCII_VOTE_STRENGTH_T 150
#define ASCII_DISREGARD_STRENGTH 1
#define TEST_MIN_IVS 4
#define TEST_MAX_IVS 32
#define PTW_TRY_STEP 5000
#define KEYHSBYTES PTW_KEYHSBYTES
#define MAX_THREADS 128
#define CLOSE_IT 100000
#define GENPMKMAGIC 0x43575041
struct hashdb_head {
uint32_t magic;
uint8_t reserved1[3];
uint8_t ssidlen;
uint8_t ssid[32];
};
struct hashdb_rec {
uint8_t rec_size;
char *word;
uint8_t pmk[32];
} __attribute__ ((packed));
struct _cpuinfo {
int simdsize; /* SIMD size */
char *flags; /* Feature Flags */
char *model; /* CPU Model */
int cores; /* Real CPU cores */
int coreperid; /* Max cores per id */
int htt; /* Hyper-Threading */
int maxlogic; /* Max addressible lCPU */
int hv; /* Hypervisor detected */
int cpufreq_cur; /* CPUfreq Current */
int cpufreq_max; /* CPUfreq Maximum */
float coretemp; /* CPU Temperature */
char *cputemppath; /* Linux CPU Sensor Path*/
};
extern float chrono(struct timeval *start, int reset);
extern char * getVersion(char * progname, int maj, int min, int submin, int svnrev, int beta, int rc);
extern int getmac(char * macAddress, int strict, unsigned char * mac);
extern int readLine(char line[], int maxlength);
extern int hexToInt(char s[], int len);
extern int hexCharToInt(unsigned char c);
extern int cpuid_simdsize();
extern int cpuid_getinfo();
extern struct _cpuinfo cpuinfo;
extern int get_nb_cpus();
#define S_LLC_SNAP "\xAA\xAA\x03\x00\x00\x00"
#define S_LLC_SNAP_ARP (S_LLC_SNAP "\x08\x06")
#define S_LLC_SNAP_IP (S_LLC_SNAP "\x08\x00")
#define IEEE80211_FC1_DIR_FROMDS 0x02 /* AP ->STA */
#define KEYLIMIT 1000000
#define N_ATTACKS 17
enum KoreK_attacks
{
A_u15, /* semi-stable 15% */
A_s13, /* stable 13% */
A_u13_1, /* unstable 13% */
A_u13_2, /* unstable ? 13% */
A_u13_3, /* unstable ? 13% */
A_s5_1, /* standard 5% (~FMS) */
A_s5_2, /* other stable 5% */
A_s5_3, /* other stable 5% */
A_u5_1, /* unstable 5% no good ? */
A_u5_2, /* unstable 5% */
A_u5_3, /* unstable 5% no good */
A_u5_4, /* unstable 5% */
A_s3, /* stable 3% */
A_4_s13, /* stable 13% on q = 4 */
A_4_u5_1, /* unstable 5% on q = 4 */
A_4_u5_2, /* unstable 5% on q = 4 */
A_neg /* helps reject false positives */
};
struct dictfiles {
off_t dictsize; /* Total file size */
off_t dictpos; /* Current position of dictionary */
off_t wordcount; /* Total amount of words in dict file */
int loaded; /* Have finished processing? */
} dicts;
struct options_
{
int amode; /* attack mode */
int essid_set; /* essid set flag */
int bssid_set; /* bssid set flag */
char essid[33]; /* target ESSID */
unsigned char bssid[6]; /* target BSSID */
int nbcpu; /* # of cracker threads
(= # of CPU) */
int is_quiet; /* quiet mode flag */
unsigned char debug[64]; /* user-defined WEP key */
int debug_row[64] ; /* user-defined Row WEP key */
unsigned char maddr[6]; /* MAC address filter */
int keylen; /* WEP key length */
int index; /* WEP key index */
float ffact; /* bruteforce factor */
int korek; /* attack strategy */
int is_fritz; /* use numeric keyspace */
int is_alnum; /* alphanum keyspace */
int is_bcdonly; /* binary coded decimal */
int do_brute; /* bruteforce last 2 KB */
int do_mt_brute; /* bruteforce last 2 KB
multithreaded for SMP*/
int do_testy; /* experimental attack */
int do_ptw; /* PTW WEP attack */
char *dicts[MAX_DICTS]; /* dictionary files */
FILE *dict; /* dictionary file */
int nbdict; /* current dict number */
int no_stdin; /* if dict == stdin */
int hexdict[MAX_DICTS]; /* if dict in hex */
long long int wordcount; /* Total wordcount for all dicts*/
struct dictfiles dictidx[MAX_DICTS]; /* Dictionary structure */
int totaldicts; /* total loaded dictionaries */
int dictfinish; /* finished processing all dicts*/
int showASCII; /* Show ASCII version of*/
/* the wepkey */
int l33t; /* no comment */
int stdin_dict;
int probability; /* %of correct answers */
int votes[N_ATTACKS]; /* votes for korek attacks */
int brutebytes[64]; /* bytes to bruteforce */
int next_ptw_try;
int max_ivs;
char *bssidmerge;
unsigned char *firstbssid;
struct mergeBSSID * bssid_list_1st;
struct AP_info *ap;
int wep_decloak;
int ptw_attack;
int visual_inspection; /* Enabling/disabling visual */
/* inspection of the different */
/* keybytes */
int oneshot; /* Do PTW once */
char * logKeyToFile;
int forced_amode; /* signals disregarding automatic detection of encryption type */
char * wkp; /* EWSA Project file */
char * hccap; /* Hashcat capture file */
}
opt_;
typedef struct { int idx, val; }
vote;
struct WEP_data
{
unsigned char key[64]; /* the current chosen WEP key */
unsigned char *ivbuf; /* buffer holding all the IVs */
int nb_aps; /* number of targeted APs */
long nb_ivs; /* # of unique IVs in buffer */
long nb_ivs_now; /* # of unique IVs available */
int fudge[64]; /* bruteforce level (1 to 256) */
int depth[64]; /* how deep we are in the fudge */
vote poll[64][256]; /* KoreK cryptanalysis results */
} wep;
struct AP_info
{
struct AP_info *next; /* next AP in linked list */
unsigned char bssid[6]; /* access point MAC address */
char essid[33]; /* access point identifier */
unsigned char lanip[4]; /* IP address if unencrypted */
unsigned char *ivbuf; /* table holding WEP IV data */
unsigned char **uiv_root; /* IV uniqueness root struct */
long ivbuf_size; /* IV buffer allocated size */
long nb_ivs; /* total number of unique IVs */
long nb_ivs_clean; /* total number of unique IVs */
long nb_ivs_vague; /* total number of unique IVs */
int crypt; /* encryption algorithm */
int eapol; /* set if EAPOL is present */
int target; /* flag set if AP is a target */
struct ST_info *st_1st; /* linked list of stations */
struct WPA_hdsk wpa; /* valid WPA handshake data */
PTW_attackstate *ptw_clean;
PTW_attackstate *ptw_vague;
};
struct ST_info
{
struct AP_info *ap; /* parent AP */
struct ST_info *next; /* next supplicant */
struct WPA_hdsk wpa; /* WPA handshake data */
unsigned char stmac[6]; /* client MAC address */
};
struct mergeBSSID
{
unsigned char bssid [6]; /* BSSID */
char unused[2]; /* Alignment */
int convert; /* Does this BSSID has to */
/* be converted */
struct mergeBSSID * next;
};
struct WPA_data {
struct AP_info* ap; /* AP information */
int thread; /* number of this thread */
int threadid; /* id of this thread */
int nkeys; /* buffer capacity */
char *key_buffer; /* queue as a circular buffer for feeding and consuming keys */
int front; /* front marker for the circular buffers */
int back; /* back marker for the circular buffers */
char key[128]; /* cracked key (0 while not found) */
pthread_cond_t cond; /* condition for waiting when buffer is full until keys are tried and new keys can be written */
pthread_mutex_t mutex;
};
void show_wep_stats( int B, int force, PTW_tableentry table[PTW_KEYHSBYTES][PTW_n], int choices[KEYHSBYTES], int depth[KEYHSBYTES], int prod );
#endif /* _AIRCRACK_NG_H */