osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

Giles Scott: Port weak key detection from Airsnort 

svn path=/trunk/; revision=12772
This commit is contained in:
Jörg Mayer 2004-12-19 04:04:49 +00:00
parent 9f87afbca5
commit 1e51ddbae3
2 changed files with 56 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
AUTHORS
View File

@ -1911,6 +1911,7 @@ Giles Scott <gscott [AT] arubanetworks.com> {
Nortel/SynOptics Network Management Protocol support
Alteon/Nortel Transparent Proxy Control Protocol support
Ethernet MAC Control Frame support
Port weak key detection from Airsnort
}
Vincent Jardin <vincent.jardin [AT] 6wind.com> {
@ -2358,3 +2359,6 @@ webbrowser calling routine to be used.
Christophe Devine <c.devine[at]cr0.net> gave permission for his
SHA1 routines to be used.
snax <snax[AT]shmoo.com> gave permission to use his(?) weak key
detection code from Airsnort.

53
epan/dissectors/packet-ieee80211.c
View File

@ -89,6 +89,7 @@ static int *wep_keylens = NULL;
static void init_wepkeys(void);
static int wep_decrypt(guint8 *buf, guint32 len, int key_override);
static tvbuff_t *try_decrypt_wep(tvbuff_t *tvb, guint32 offset, guint32 len);
static int weak_iv(guchar *iv);
#define SSWAP(a,b) {guint8 tmp = s[a]; s[a] = s[b]; s[b] = tmp;}
/* #define USE_ENV */
@ -458,6 +459,7 @@ static int tag_interpretation = -1;
static int hf_fixed_parameters = -1; /* Protocol payload for management frames */
static int hf_tagged_parameters = -1; /* Fixed payload item */
static int hf_wep_iv = -1;
static int hf_wep_iv_weak = -1;
static int hf_tkip_extiv = -1;
static int hf_ccmp_extiv = -1;
static int hf_wep_key = -1;
@ -1669,6 +1671,8 @@ dissect_ieee80211_common (tvbuff_t * tvb, packet_info * pinfo,
volatile encap_t encap_type;
guint8 octet1, octet2;
char out_buff[SHORT_STR];
gint is_iv_bad;
guchar iv_buff[4];
if (check_col (pinfo->cinfo, COL_PROTOCOL))
col_set_str (pinfo->cinfo, COL_PROTOCOL, "IEEE 802.11");
@ -2244,7 +2248,7 @@ dissect_ieee80211_common (tvbuff_t * tvb, packet_info * pinfo,
* Also, just pass the data *following* the WEP parameters as the
* buffer to decrypt.
*/
iv = tvb_get_letoh24(tvb, hdr_len);
iv = tvb_get_ntoh24(tvb, hdr_len);
if (tree) {
proto_item *wep_fields;
@ -2253,6 +2257,12 @@ dissect_ieee80211_common (tvbuff_t * tvb, packet_info * pinfo,
wep_tree = proto_item_add_subtree (wep_fields, ett_wep_parameters);
proto_tree_add_uint (wep_tree, hf_wep_iv, tvb, hdr_len, 3, iv);
tvb_memcpy(tvb, iv_buff, hdr_len, 3);
is_iv_bad = weak_iv(iv_buff);
if (is_iv_bad != -1){
proto_tree_add_text(wep_tree,tvb,0,0,"Weak IV for key byte %d", is_iv_bad);
proto_tree_add_boolean_hidden(wep_tree,hf_wep_iv_weak,tvb,0,0,1 );
}
}
if (tree)
proto_tree_add_uint (wep_tree, hf_wep_key, tvb, hdr_len + 3, 1, key);
@ -2938,6 +2948,10 @@ proto_register_ieee80211 (void)
{"Initialization Vector", "wlan.wep.iv", FT_UINT24, BASE_HEX, NULL, 0,
"Initialization Vector", HFILL }},
{&hf_wep_iv_weak,
{"Weak IV", "wlan.wep.weakiv", FT_BOOLEAN,BASE_NONE, NULL,0x0,
"Weak IV",HFILL}},
{&hf_tkip_extiv,
{"TKIP Ext. Initialization Vector", "wlan.tkip.extiv", FT_STRING,
BASE_HEX, NULL, 0, "TKIP Extended Initialization Vector", HFILL }},
@ -3448,3 +3462,40 @@ static void init_wepkeys(void) {
}
g_byte_array_free(bytes, TRUE);
}
/*
* This code had been taken from AirSnort crack.c function classify()
* Permission granted by snax <at> shmoo dot com
* weak_iv - determine which key byte an iv is useful in resolving
* parm - p, pointer to the first byte of an IV
* return - n - this IV is weak for byte n of a WEP key
* -1 - this IV is not weak for any key bytes
*
* This function tests for IVs that are known to satisfy the criteria
* for a weak IV as specified in FMS section 7.1
*
*/
static
int
weak_iv(guchar *iv)
{
guchar sum, k;
if (iv[1] == 255 && iv[0] > 2 && iv[0] < 16) {
return iv[0] -3;
}
sum = iv[0] + iv[1];
if (sum == 1) {
if (iv[2] <= 0x0a) {
return iv[2] +2;
}
else if (iv[2] == 0xff){
return 0;
}
}
k = 0xfe - iv[2];
if (sum == k && (iv[2] >= 0xf2 && iv[2] <= 0xfe && iv[2] != 0xfd)){
return k;
}
return -1;
}