E7mer
commented
1 year ago Hi Noam, would it be better to put the seed definition in fuzzing_option?
but... it's okay :)
Closed nrathaus closed 1 year ago
E7mer
commented
1 year ago Hi Noam, would it be better to put the seed definition in fuzzing_option?
but... it's okay :)
nrathaus
commented
1 year ago Hi
I can move it inside
I didn’t want to change the structure without asking …
I am threading carefully here as I don’t understand the whole code structure yet …
On Mon, 6 Feb 2023 at 05:15, E7mer @.***> wrote:
Hi Noam, would it be better to put the seed definition in fuzzing_option?
but... it's okay :)
— Reply to this email directly, view it on GitHub https://github.com/alipay/Owfuzz/pull/22#issuecomment-1418444387, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAPQE3WAUOQPSAOB5X5R4T3WWBUETANCNFSM6AAAAAAURBQXIM . You are receiving this because you authored the thread.Message ID: @.***>
--
Thanks, Noam Rathaus
E7mer
commented
1 year ago Hi,
The previous code has a lot to optimize.
It's ok, you can modify it according to your ideas.
You have done a great job.
Thank you very much for your efforts.
Noam Rathaus @.***> 于2023年2月6日周一 12:42写道:
Hi
I can move it inside
I didn’t want to change the structure without asking …
I am threading carefully here as I don’t understand the whole code structure yet …
On Mon, 6 Feb 2023 at 05:15, E7mer @.***> wrote:
Hi Noam, would it be better to put the seed definition in fuzzing_option?
but... it's okay :)
— Reply to this email directly, view it on GitHub https://github.com/alipay/Owfuzz/pull/22#issuecomment-1418444387, or unsubscribe < https://github.com/notifications/unsubscribe-auth/AAPQE3WAUOQPSAOB5X5R4T3WWBUETANCNFSM6AAAAAAURBQXIM
. You are receiving this because you authored the thread.Message ID: @.***>
--
Thanks, Noam Rathaus
— Reply to this email directly, view it on GitHub https://github.com/alipay/Owfuzz/pull/22#issuecomment-1418510180, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEFWLMA6G52W4L4GYUZWSWTWWB6KXANCNFSM6AAAAAAURBQXIM . You are receiving this because you modified the open/close state.Message ID: @.***>
nrathaus
commented
1 year ago I see
I have committed the changes as you suggested
And I see you merged them
That’s great
On Mon, 6 Feb 2023 at 17:03, E7mer @.***> wrote:
Hi,
The previous code has a lot to optimize.
It's ok, you can modify it according to your ideas.
You have done a great job.
Thank you very much for your efforts.
--
Thanks, Noam Rathaus
E7mer
commented
1 year ago Yes, thanks.
nrathaus
commented
1 year ago Hi,
Do you know if hdr->flags's FCS field is being observed? it seems a lot of packets owfuzz sees are incorrect (bad FCS)
So I added this check: (RX_FLAG_FAILED_FCS_CRC != (hdr->flags & RX_FLAG_FAILED_FCS_CRC))
To try and avoid these packets (they confuse the code I added)
On Tue, Feb 7, 2023 at 12:21 PM E7mer @.***> wrote:
Yes, thanks.
— Reply to this email directly, view it on GitHub https://github.com/alipay/Owfuzz/pull/22#issuecomment-1420534280, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAPQE3RYAMBJTPXCOEMPZVTWWIO3XANCNFSM6AAAAAAURBQXIM . You are receiving this because you authored the thread.Message ID: @.***>
nrathaus
commented
1 year ago Hi,
Also maybe you know why 'osdep_send_packet_ex' gets stuck on the 'if (-1 == wi_write(wi, pkt->data, pkt->len, NULL))' call?
It seems to happen around 140 packets -> 250 packets range... seems pretty random
On Tue, Feb 7, 2023 at 3:03 PM Noam Rathaus @.***> wrote:
Hi,
Do you know if hdr->flags's FCS field is being observed? it seems a lot of packets owfuzz sees are incorrect (bad FCS)
So I added this check: (RX_FLAG_FAILED_FCS_CRC != (hdr->flags & RX_FLAG_FAILED_FCS_CRC))
To try and avoid these packets (they confuse the code I added)
On Tue, Feb 7, 2023 at 12:21 PM E7mer @.***> wrote:
Yes, thanks.
— Reply to this email directly, view it on GitHub https://github.com/alipay/Owfuzz/pull/22#issuecomment-1420534280, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAPQE3RYAMBJTPXCOEMPZVTWWIO3XANCNFSM6AAAAAAURBQXIM . You are receiving this because you authored the thread.Message ID: @.***>
E7mer
commented
1 year ago Hi, I don't quite understand. where is FCS field in hdr->flags ?
E7mer
commented
1 year ago I didn't notice this problem, does it happen every time in 140 packets -> 250 packets range?
nrathaus
commented
1 year ago Hi
FCS -> if I use tcpdump I see about 20% packets have bad checksum
In Owfuzz these 20% don’t seem to be skipped - I think it’s a good idea to skip these - as interpreting bad packets is bad behavior (especially if you look at their MAC address or values like length)
IW write block -> it’s very consistent I tried to send the same data (ie prevent fuzzed data) and it gets stuck, I tried to look at what was sent and there was no pattern
I am using SDRPi - could it be a hardware issue?
On Thu, 9 Feb 2023 at 17:37, E7mer @.***> wrote:
I didn't notice this problem, does it happen every time in 140 packets -> 250 packets range?
— Reply to this email directly, view it on GitHub https://github.com/alipay/Owfuzz/pull/22#issuecomment-1424391217, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAPQE3S47LJY3HBEMX2CRODWWUFK5ANCNFSM6AAAAAAURBQXIM . You are receiving this because you authored the thread.Message ID: @.***>
--
Thanks, Noam Rathaus
E7mer
commented
1 year ago Hi,
I think it's no need to care about checksum, owfuzz only handle mac layer packet format, or could you please provide some packet pacp or code for example, I'm not sure exactly what part you're referring to.
In the second case, could you provide the packet pcap? I think it's a hardware issue, you can try to send the same data with a wireless card.
Noam Rathaus @.***> 于2023年2月10日周五 00:46写道:
Hi
FCS -> if I use tcpdump I see about 20% packets have bad checksum
In Owfuzz these 20% don’t seem to be skipped - I think it’s a good idea to skip these - as interpreting bad packets is bad behavior (especially if you look at their MAC address or values like length)
IW write block -> it’s very consistent I tried to send the same data (ie prevent fuzzed data) and it gets stuck, I tried to look at what was sent and there was no pattern
I am using SDRPi - could it be a hardware issue?
On Thu, 9 Feb 2023 at 17:37, E7mer @.***> wrote:
I didn't notice this problem, does it happen every time in 140 packets -> 250 packets range?
— Reply to this email directly, view it on GitHub https://github.com/alipay/Owfuzz/pull/22#issuecomment-1424391217, or unsubscribe < https://github.com/notifications/unsubscribe-auth/AAPQE3S47LJY3HBEMX2CRODWWUFK5ANCNFSM6AAAAAAURBQXIM
. You are receiving this because you authored the thread.Message ID: @.***>
--
Thanks, Noam Rathaus
— Reply to this email directly, view it on GitHub https://github.com/alipay/Owfuzz/pull/22#issuecomment-1424495407, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEFWLMG5F3XBB77INKUJBNDWWUNOBANCNFSM6AAAAAAURBQXIM . You are receiving this because you modified the open/close state.Message ID: @.***>
nrathaus
commented
1 year ago Hi,
If you pull my https://github.com/nrathaus/Owfuzz/tree/fixed_seed branch, which displays MACs that don't match the one you provided for capture/fuzzing - you will notice a lot of MAC addresses which is due to noise/malformed packets not being discarded
On Sat, Feb 11, 2023 at 7:51 AM E7mer @.***> wrote:
Hi,
I think it's no need to care about checksum, owfuzz only handle mac layer packet format, or could you please provide some packet pacp or code for example, I'm not sure exactly what part you're referring to.
In the second case, could you provide the packet pcap? I think it's a hardware issue, you can try to send the same data with a wireless card.
Message ID: @.***>
E7mer
commented
1 year ago Hi,
if you are not inside a faraday cage, owfuzz may see many packets from other devices in the same channel, so owfuzz filter these packets based on mac address fields, malformed or not.
-
There might be an incompleteness of filtering here, right?
I think I see the problem, you use openwifi platform -- sdrpi, openwifi doesn't seem to filter these malformed packets.
And, when sending packets, It may get stuck, I had this problem before.
Noam Rathaus @.***> 于2023年2月11日周六 14:06写道:
Hi,
- The easiest way to see it, is run Owfuzz - have it listen on some channel where there is other traffic (WiFi) and you will see MACs that are malformed will show up - they are malformed because they aren't real WiFi card on your network
If you pull my https://github.com/nrathaus/Owfuzz/tree/fixed_seed branch, which displays MACs that don't match the one you provided for capture/fuzzing - you will notice a lot of MAC addresses which is due to noise/malformed packets not being discarded
- I was under the impression that you needed SDRPi or similar hardware to use Owfuzz - i.e. to be able to send packets - is that not the case?
On Sat, Feb 11, 2023 at 7:51 AM E7mer @.***> wrote:
Hi,
I think it's no need to care about checksum, owfuzz only handle mac layer packet format, or could you please provide some packet pacp or code for example, I'm not sure exactly what part you're referring to.
In the second case, could you provide the packet pcap? I think it's a hardware issue, you can try to send the same data with a wireless card.
Message ID: @.***>
— Reply to this email directly, view it on GitHub https://github.com/alipay/Owfuzz/pull/22#issuecomment-1426630757, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEFWLMB4OFX2QVRYM6HXSR3WW4T5LANCNFSM6AAAAAAURBQXIM . You are receiving this because you modified the open/close state.Message ID: @.***>
nrathaus
commented
1 year ago Hi,
What is the best way to solve the SDRPi problem/OpenWifi?
On Sat, Feb 11, 2023 at 8:51 AM E7mer @.***> wrote:
Hi,
if you are not inside a faraday cage, owfuzz may see many packets from other devices in the same channel, so owfuzz filter these packets based on mac address fields, malformed or not.
-
There might be an incompleteness of filtering here, right?
I think I see the problem, you use openwifi platform -- sdrpi, openwifi doesn't seem to filter these malformed packets.
And, when sending packets, It may get stuck, I had this problem before.
Noam Rathaus @.***> 于2023年2月11日周六 14:06写道:
Hi,
- The easiest way to see it, is run Owfuzz - have it listen on some channel where there is other traffic (WiFi) and you will see MACs that are malformed will show up - they are malformed because they aren't real WiFi card on your network
If you pull my https://github.com/nrathaus/Owfuzz/tree/fixed_seed branch, which displays MACs that don't match the one you provided for capture/fuzzing - you will notice a lot of MAC addresses which is due to noise/malformed packets not being discarded
- I was under the impression that you needed SDRPi or similar hardware to use Owfuzz - i.e. to be able to send packets - is that not the case?
On Sat, Feb 11, 2023 at 7:51 AM E7mer @.***> wrote:
Hi,
I think it's no need to care about checksum, owfuzz only handle mac layer packet format, or could you please provide some packet pacp or code for example, I'm not sure exactly what part you're referring to.
In the second case, could you provide the packet pcap? I think it's a hardware issue, you can try to send the same data with a wireless card.
Message ID: @.***>
— Reply to this email directly, view it on GitHub https://github.com/alipay/Owfuzz/pull/22#issuecomment-1426630757, or unsubscribe < https://github.com/notifications/unsubscribe-auth/AEFWLMB4OFX2QVRYM6HXSR3WW4T5LANCNFSM6AAAAAAURBQXIM
. You are receiving this because you modified the open/close state.Message ID: @.***>
— Reply to this email directly, view it on GitHub https://github.com/alipay/Owfuzz/pull/22#issuecomment-1426637990, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAPQE3SMVWVMVUTUM3C47TDWW4ZGHANCNFSM6AAAAAAURBQXIM . You are receiving this because you authored the thread.Message ID: @.***>
E7mer
commented
1 year ago Hi, I haven't solved the problem yet. At that time, I thought it was openwifi's problem when sending packets in monitor mode and didn't delve into the root cause. I need to refocus on this case.
Noam Rathaus @.***> 于2023年2月11日周六 15:18写道:
Hi,
What is the best way to solve the SDRPi problem/OpenWifi?
On Sat, Feb 11, 2023 at 8:51 AM E7mer @.***> wrote:
Hi,
if you are not inside a faraday cage, owfuzz may see many packets from other devices in the same channel, so owfuzz filter these packets based on mac address fields, malformed or not.
-
There might be an incompleteness of filtering here, right?
I think I see the problem, you use openwifi platform -- sdrpi, openwifi doesn't seem to filter these malformed packets.
And, when sending packets, It may get stuck, I had this problem before.
Noam Rathaus @.***> 于2023年2月11日周六 14:06写道:
Hi,
- The easiest way to see it, is run Owfuzz - have it listen on some channel where there is other traffic (WiFi) and you will see MACs that are malformed will show up - they are malformed because they aren't real WiFi card on your network
If you pull my https://github.com/nrathaus/Owfuzz/tree/fixed_seed branch, which displays MACs that don't match the one you provided for capture/fuzzing - you will notice a lot of MAC addresses which is due to noise/malformed packets not being discarded
- I was under the impression that you needed SDRPi or similar hardware to use Owfuzz - i.e. to be able to send packets - is that not the case?
On Sat, Feb 11, 2023 at 7:51 AM E7mer @.***> wrote:
Hi,
I think it's no need to care about checksum, owfuzz only handle mac layer packet format, or could you please provide some packet pacp or code for example, I'm not sure exactly what part you're referring to.
In the second case, could you provide the packet pcap? I think it's a hardware issue, you can try to send the same data with a wireless card.
Message ID: @.***>
— Reply to this email directly, view it on GitHub https://github.com/alipay/Owfuzz/pull/22#issuecomment-1426630757, or unsubscribe <
https://github.com/notifications/unsubscribe-auth/AEFWLMB4OFX2QVRYM6HXSR3WW4T5LANCNFSM6AAAAAAURBQXIM
. You are receiving this because you modified the open/close state.Message ID: @.***>
— Reply to this email directly, view it on GitHub https://github.com/alipay/Owfuzz/pull/22#issuecomment-1426637990, or unsubscribe < https://github.com/notifications/unsubscribe-auth/AAPQE3SMVWVMVUTUM3C47TDWW4ZGHANCNFSM6AAAAAAURBQXIM
. You are receiving this because you authored the thread.Message ID: @.***>
— Reply to this email directly, view it on GitHub https://github.com/alipay/Owfuzz/pull/22#issuecomment-1426645203, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEFWLMAI33HEMSDCP4ZEK5LWW44LLANCNFSM6AAAAAAURBQXIM . You are receiving this because you modified the open/close state.Message ID: @.***>
nrathaus
commented
1 year ago Hi
Thank you for the answer
May I ask how do you use Owfuzz if not through openwifi?
Or is Owfuzz an implementation of something that you built internally and cannot share that does not have this issue?
On Sat, 11 Feb 2023 at 09:35, E7mer @.***> wrote:
Hi, I haven't solved the problem yet. At that time, I thought it was openwifi's problem when sending packets in monitor mode and didn't delve into the root cause. I need to refocus on this case.
Noam Rathaus @.***> 于2023年2月11日周六 15:18写道:
Hi,
What is the best way to solve the SDRPi problem/OpenWifi?
On Sat, Feb 11, 2023 at 8:51 AM E7mer @.***> wrote:
Hi,
if you are not inside a faraday cage, owfuzz may see many packets from other devices in the same channel, so owfuzz filter these packets based on mac address fields, malformed or not.
-
There might be an incompleteness of filtering here, right?
I think I see the problem, you use openwifi platform -- sdrpi, openwifi doesn't seem to filter these malformed packets.
And, when sending packets, It may get stuck, I had this problem before.
Noam Rathaus @.***> 于2023年2月11日周六 14:06写道:
Hi,
- The easiest way to see it, is run Owfuzz - have it listen on some channel where there is other traffic (WiFi) and you will see MACs that are malformed will show up - they are malformed because they aren't real WiFi card on your network
If you pull my https://github.com/nrathaus/Owfuzz/tree/fixed_seed branch, which displays MACs that don't match the one you provided for capture/fuzzing - you will notice a lot of MAC addresses which is due to noise/malformed packets not being discarded
- I was under the impression that you needed SDRPi or similar hardware to use Owfuzz - i.e. to be able to send packets - is that not the case?
On Sat, Feb 11, 2023 at 7:51 AM E7mer @.***> wrote:
Hi,
I think it's no need to care about checksum, owfuzz only handle mac layer packet format, or could you please provide some packet pacp or code for example, I'm not sure exactly what part you're referring to.
In the second case, could you provide the packet pcap? I think it's a hardware issue, you can try to send the same data with a wireless card.
Message ID: @.***>
— Reply to this email directly, view it on GitHub https://github.com/alipay/Owfuzz/pull/22#issuecomment-1426630757, or unsubscribe <
https://github.com/notifications/unsubscribe-auth/AEFWLMB4OFX2QVRYM6HXSR3WW4T5LANCNFSM6AAAAAAURBQXIM
. You are receiving this because you modified the open/close state.Message ID: @.***>
— Reply to this email directly, view it on GitHub https://github.com/alipay/Owfuzz/pull/22#issuecomment-1426637990, or unsubscribe <
https://github.com/notifications/unsubscribe-auth/AAPQE3SMVWVMVUTUM3C47TDWW4ZGHANCNFSM6AAAAAAURBQXIM
. You are receiving this because you authored the thread.Message ID: @.***>
— Reply to this email directly, view it on GitHub https://github.com/alipay/Owfuzz/pull/22#issuecomment-1426645203, or unsubscribe < https://github.com/notifications/unsubscribe-auth/AEFWLMAI33HEMSDCP4ZEK5LWW44LLANCNFSM6AAAAAAURBQXIM
. You are receiving this because you modified the open/close state.Message ID: @.***>
— Reply to this email directly, view it on GitHub https://github.com/alipay/Owfuzz/pull/22#issuecomment-1426647866, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAPQE3URDESWWTP65JON2X3WW46LZANCNFSM6AAAAAAURBQXIM . You are receiving this because you authored the thread.Message ID: @.***>
--
Thanks, Noam Rathaus
E7mer
commented
1 year ago Hi, Owfuzz can use wireless card that support monitor mode.
I use the same version as this implementation.
Allow setting of 'seed' rather than use srandom(time(NULL)...) This make repeatability easier
Clarify the code flow of owfuzz.cfg opening
Expose 'owfuzz.cfg' to higher levels, to make it accessible (not completed)