1 /*
2     This file is part of Kismet
3 
4     Kismet is free software; you can redistribute it and/or modify
5     it under the terms of the GNU General Public License as published by
6     the Free Software Foundation; either version 2 of the License, or
7     (at your option) any later version.
8 
9     Kismet is distributed in the hope that it will be useful,
10       but WITHOUT ANY WARRANTY; without even the implied warranty of
11     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12     GNU General Public License for more details.
13 
14     You should have received a copy of the GNU General Public License
15     along with Kismet; if not, write to the Free Software
16     Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
17 */
18 
19 #ifndef __PACKETDISSECTORS_H__
20 #define __PACKETDISSECTORS_H__
21 
22 #include "config.h"
23 
24 #ifdef HAVE_STDINT_H
25 #include <stdint.h>
26 #endif
27 #ifdef HAVE_INTTYPES_H
28 #include <inttypes.h>
29 #endif
30 
31 #include <vector>
32 #include <string>
33 #include <map>
34 
35 #include "globalregistry.h"
36 #include "kis_netframe.h"
37 #include "packetchain.h"
38 #include "macaddr.h"
39 #include "filtercore.h"
40 
41 /*
42  * Basic built-in Kismet dissectors that handle ieee80211 dissection and
43  * data dissection.  This should be instantiated from main() and left alone
44  * for the most part, we're just wrapped in a class so that we can easily track
45  * our alert references and so that main() isn't making a pile of random
46  * links
47  */
48 
49 // Protocol stuff
50 enum WEPKEY_fields {
51     WEPKEY_origin, WEPKEY_bssid, WEPKEY_key, WEPKEY_decrypted, WEPKEY_failed
52 };
53 
54 // Protocol hooks
55 int proto_WEPKEY(PROTO_PARMS);
56 int clicmd_LISTWEPKEYS_hook(CLIENT_PARMS);
57 int clicmd_ADDWEPKEY_hook(CLIENT_PARMS);
58 int clicmd_DELWEPKEY_hook(CLIENT_PARMS);
59 int clicmd_STRINGS_hook(CLIENT_PARMS);
60 int clicmd_STRINGSFILTER_hook(CLIENT_PARMS);
61 
62 // Basic dissector hooks
63 int kis_80211_dissector(CHAINCALL_PARMS);
64 int kis_turbocell_dissector(CHAINCALL_PARMS);
65 int kis_data_dissector(CHAINCALL_PARMS);
66 int kis_string_dissector(CHAINCALL_PARMS);
67 
68 // Basic decryptor hooks
69 int kis_wep_decryptor(CHAINCALL_PARMS);
70 
71 // Basic mangler hooks
72 int kis_wep_mangler(CHAINCALL_PARMS);
73 
74 // Strings protocol
75 enum STRINGS_fields {
76 	STRINGS_bssid, STRINGS_source, STRINGS_dest, STRINGS_string,
77 	STRINGS_maxfield
78 };
79 typedef struct {
80 	string text;
81 	mac_addr bssid;
82 	mac_addr source;
83 	mac_addr dest;
84 } string_proto_info;
85 int proto_STRINGS(PROTO_PARMS);
86 
87 // String reference
88 class kis_string_info : public packet_component {
89 public:
kis_string_info()90 	kis_string_info() {
91 		self_destruct = 1;
92 	}
93 
94 	vector<string> extracted_strings;
95 };
96 
97 // Wep keys
98 typedef struct {
99     int fragile;
100     mac_addr bssid;
101     unsigned char key[WEPKEY_MAX];
102     unsigned int len;
103     unsigned int decrypted;
104     unsigned int failed;
105 } wep_key_info;
106 
107 class KisBuiltinDissector {
108 public:
109 	KisBuiltinDissector();
110 	KisBuiltinDissector(GlobalRegistry *in_globalreg);
111 	~KisBuiltinDissector();
112 
113 	int ieee80211_dissector(kis_packet *in_pack);
114 	int basicdata_dissector(kis_packet *in_pack);
115 	int basicstring_dissector(kis_packet *in_pack);
116 
117 	int wep_data_decryptor(kis_packet *in_pack);
118 	int wep_data_mangler(kis_packet *in_pack);
119 
120 	int GetIEEETagOffsets(unsigned int init_offset, kis_datachunk *in_chunk,
121 						  map<int, vector<int> > *tag_cache_map);
122 
123 	int WPACipherConv(uint8_t cipher_index);
124 	int WPAKeyMgtConv(uint8_t mgt_index);
125 
126 	void SetStringExtract(int in_extr);
127 
128 	void AddWepKey(mac_addr bssid, uint8_t *key, unsigned int len, int temp);
129 
130 	void BlitKeys(int in_fd);
131 
132 	// Transform an encrypted chunk into a plaintext chunk, abstracted for use
133 	// by other components
134 	static kis_datachunk *DecryptWEP(kis_ieee80211_packinfo *in_packinfo,
135 									 kis_datachunk *in_chunk,
136 									 unsigned char *in_key, int in_key_len,
137 									 unsigned char *in_id);
138 
139 protected:
140 	int cmd_listwepkeys(CLIENT_PARMS);
141 	int cmd_addwepkey(CLIENT_PARMS);
142 	int cmd_delwepkey(CLIENT_PARMS);
143 	int cmd_strings(CLIENT_PARMS);
144 	int cmd_stringsfilter(CLIENT_PARMS);
145 
146 	GlobalRegistry *globalreg;
147 
148 	int netstumbler_aref;
149 	int nullproberesp_aref;
150 	int lucenttest_aref;
151 	int msfbcomssid_aref;
152 	int msfdlinkrate_aref;
153 	int msfnetgearbeacon_aref;
154 	int longssid_aref;
155 	int disconcodeinvalid_aref;
156 	int deauthcodeinvalid_aref;
157 	int dhcp_clientid_aref;
158 
159 	int client_wepkey_allowed;
160 	macmap<wep_key_info *> wepkeys;
161 
162 	int dissect_data;
163 
164 	FilterCore *string_filter;
165 	int dissect_strings;
166 	int dissect_all_strings;
167 	macmap<int> string_nets;
168 
169 	int listwepkey_cmdid;
170 	int addwepkey_cmdid;
171 	int delwepkey_cmdid;
172 	int strings_cmdid;
173 	int stringsfilter_cmdid;
174 
175 	int blit_time_id;
176 
177 	unsigned char wep_identity[256];
178 
179 	friend int clicmd_LISTWEPKEYS_hook(CLIENT_PARMS);
180 	friend int clicmd_ADDWEPKEY_hook(CLIENT_PARMS);
181 	friend int clicmd_DELWEPKEY_hook(CLIENT_PARMS);
182 	friend int clicmd_STRINGS_hook(CLIENT_PARMS);
183 	friend int clicmd_STRINGSFILTER_hook(CLIENT_PARMS);
184 };
185 
186 #endif
187 
188