search

markwhi / reaver-wps

Automatically exported from code.google.com/p/reaver-wps
0 stars 0 forks source link

Source code patch to correct the skipping of pin checks #470

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
As described in issue #461 the bug caused skipping pin tests when checking the 
second portion of the pin.
Let me introduce this simple patch here. 

You have to have a source files tree of reaver (at best the svn checkout) and 
complete gcc toolchain installed and working to compile the sources.

Locate the file ../src/exchange.c and somewhere around the line # 233 find this 
text

    else if(premature_timeout)
    {
        /* 
         * Some WPS implementations simply drop the connection on the floor instead of sending a NACK.
         * We need to be able to handle this, but at the same time using a timeout on the M5/M7 messages
         * can result in false negatives. Thus, treating M5/M7 receive timeouts as NACKs can be disabled.
         * Only treat the timeout as a NACK if this feature is enabled.
         */
        if(get_timeout_is_nack() &&
          (last_msg == M3 || last_msg == M5) 

and in text editor replace the last condition line with the line

          ((last_msg == M3 && (get_key_status() == KEY1_WIP)) || last_msg == M5))

This condition checks additionally the status of the state machine and type of 
the last received message. So the condition is true only when we are in status 
KEY1_WIP [ie. trying the first portion of the pin] AND after receiving M3 OR 
just receiving M5. Without this check it returned the wrong ret_val = 
KEY_REJECTED  and skipped the actual pin re-try.
For completness, the same condition a few lines above of the previous 
if(got_nack) block should be written accordingly although I'm not sure if such 
condition state could occurr. Tested and now it works as expected.

My setup is Debian Wheezy, rt73usb/zd1211rw, router Tenda W311, reaver 1.4 
souces svn rev 113.
Hope it helps. Please test and respond with results.

Original issue reported on code.google.com by agent...@gmail.com on 14 Feb 2013 at 4:34

GoogleCodeExporter commented 9 years ago 
this change in the code will prevent the block wps of the AP/Router?
...
[!] WARNING: Detected AP rate limiting, waiting 60 seconds before re-checking
[!] WARNING: Detected AP rate limiting, waiting 60 seconds before re-checking
[!] WARNING: Detected AP rate limiting, waiting 60 seconds before re-checking

Original comment by deltomaf...@gmail.com on 14 Feb 2013 at 6:33

GoogleCodeExporter commented 9 years ago 
This change resolves just the bug causing skipping of some pin checks due to 
timeouts while checking the second part of the pin. This bug probably caused 
most of the runs of failed pin detects (99.9% without success).
The solution to overcome the AP rate limiting is possible only with delays 
between pin checks (-l delay switch), other more advanced hack is not known.

Original comment by agent...@gmail.com on 15 Feb 2013 at 2:42

GoogleCodeExporter commented 9 years ago 
It will be great to be updated in next rev in svn server

Original comment by kostad...@yahoo.com on 15 Feb 2013 at 8:30

GoogleCodeExporter commented 9 years ago 
Can u help whit -p option?
It will be great if pin is incorrect to continue whit the next one, not like 
now to check same pin again.

Original comment by kostad...@yahoo.com on 15 Feb 2013 at 9:01

GoogleCodeExporter commented 9 years ago 
[deleted comment]
GoogleCodeExporter commented 9 years ago 
@agent

something is wrong! Every time I tried compile your modification, I confront 
this errors after Make command, please upload your modified exchange.c file 
after that I replace it with original source i try it again
Thanks In Advance

exchange.c: In function ‘do_wps_exchange’:
exchange.c:237: error: expected statement before ‘)’ token
exchange.c:237: error: expected statement before ‘)’ token
exchange.c:242: error: expected ‘}’ before ‘else’
exchange.c: At top level:
exchange.c:252: error: expected identifier or ‘(’ before ‘else’
exchange.c:256: error: expected identifier or ‘(’ before ‘else’
exchange.c:268: warning: data definition has no type or storage class
exchange.c:268: warning: type defaults to ‘int’ in declaration of 
‘send_wsc_nack’
exchange.c:268: error: conflicting types for ‘send_wsc_nack’
send.h:49: note: previous declaration of ‘send_wsc_nack’ was here
exchange.c:269: warning: data definition has no type or storage class
exchange.c:269: warning: type defaults to ‘int’ in declaration of 
‘stop_timer’
exchange.c:269: error: conflicting types for ‘stop_timer’
sigalrm.h:46: note: previous declaration of ‘stop_timer’ was here
exchange.c:271: error: expected identifier or ‘(’ before ‘if’
exchange.c:277: error: expected identifier or ‘(’ before ‘return’
exchange.c:278: error: expected identifier or ‘(’ before ‘}’ token
make: *** [exchange.o] Error 1

Original comment by saeed.y2...@gmail.com on 1 May 2013 at 12:07

GoogleCodeExporter commented 9 years ago 
I also interested about your opinion about another topic that related to this 
topic
https://code.google.com/p/reaver-wps/issues/detail?id=195#c41
Do you have any idea about that ?

Original comment by saeed.y2...@gmail.com on 1 May 2013 at 12:19

GoogleCodeExporter commented 9 years ago 
Do you mean change this part :

                /* 
         * Some WPS implementations simply drop the connection on the floor instead of sending a NACK.
         * We need to be able to handle this, but at the same time using a timeout on the M5/M7 messages
         * can result in false negatives. Thus, treating M5/M7 receive timeouts as NACKs can be disabled.
         * Only treat the timeout as a NACK if this feature is enabled.
         */
        if(get_timeout_is_nack() &&
          (last_msg == M3 || last_msg == M5))
        {
            ret_val = KEY_REJECTED;
        }
        else
        {

to this ?

        /* 
         * Some WPS implementations simply drop the connection on the floor instead of sending a NACK.
         * We need to be able to handle this, but at the same time using a timeout on the M5/M7 messages
         * can result in false negatives. Thus, treating M5/M7 receive timeouts as NACKs can be disabled.
         * Only treat the timeout as a NACK if this feature is enabled.
         */
        if(get_timeout_is_nack() &&
          ((last_msg == M3 && (get_key_status() == KEY1_WIP)) || last_msg == M5))) 
        {
            ret_val = KEY_REJECTED;
        }
        else
        {

Original comment by saeed.y2...@gmail.com on 3 May 2013 at 8:39