1 /* 2 This file is part of Kismet 3 4 Kismet is free software; you can redistribute it and/or modify 5 it under the terms of the GNU General Public License as published by 6 the Free Software Foundation; either version 2 of the License, or 7 (at your option) any later version. 8 9 Kismet is distributed in the hope that it will be useful, 10 but WITHOUT ANY WARRANTY; without even the implied warranty of 11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 GNU General Public License for more details. 13 14 You should have received a copy of the GNU General Public License 15 along with Kismet; if not, write to the Free Software 16 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 17 */ 18 19 #ifndef __PACKETDISSECTORS_H__ 20 #define __PACKETDISSECTORS_H__ 21 22 #include "config.h" 23 24 #ifdef HAVE_STDINT_H 25 #include <stdint.h> 26 #endif 27 #ifdef HAVE_INTTYPES_H 28 #include <inttypes.h> 29 #endif 30 31 #include <vector> 32 #include <string> 33 #include <map> 34 35 #include "globalregistry.h" 36 #include "kis_netframe.h" 37 #include "packetchain.h" 38 #include "macaddr.h" 39 #include "filtercore.h" 40 41 /* 42 * Basic built-in Kismet dissectors that handle ieee80211 dissection and 43 * data dissection. This should be instantiated from main() and left alone 44 * for the most part, we're just wrapped in a class so that we can easily track 45 * our alert references and so that main() isn't making a pile of random 46 * links 47 */ 48 49 // Protocol stuff 50 enum WEPKEY_fields { 51 WEPKEY_origin, WEPKEY_bssid, WEPKEY_key, WEPKEY_decrypted, WEPKEY_failed 52 }; 53 54 // Protocol hooks 55 int proto_WEPKEY(PROTO_PARMS); 56 int clicmd_LISTWEPKEYS_hook(CLIENT_PARMS); 57 int clicmd_ADDWEPKEY_hook(CLIENT_PARMS); 58 int clicmd_DELWEPKEY_hook(CLIENT_PARMS); 59 int clicmd_STRINGS_hook(CLIENT_PARMS); 60 int clicmd_STRINGSFILTER_hook(CLIENT_PARMS); 61 62 // Basic dissector hooks 63 int kis_80211_dissector(CHAINCALL_PARMS); 64 int kis_turbocell_dissector(CHAINCALL_PARMS); 65 int kis_data_dissector(CHAINCALL_PARMS); 66 int kis_string_dissector(CHAINCALL_PARMS); 67 68 // Basic decryptor hooks 69 int kis_wep_decryptor(CHAINCALL_PARMS); 70 71 // Basic mangler hooks 72 int kis_wep_mangler(CHAINCALL_PARMS); 73 74 // Strings protocol 75 enum STRINGS_fields { 76 STRINGS_bssid, STRINGS_source, STRINGS_dest, STRINGS_string, 77 STRINGS_maxfield 78 }; 79 typedef struct { 80 string text; 81 mac_addr bssid; 82 mac_addr source; 83 mac_addr dest; 84 } string_proto_info; 85 int proto_STRINGS(PROTO_PARMS); 86 87 // String reference 88 class kis_string_info : public packet_component { 89 public: kis_string_info()90 kis_string_info() { 91 self_destruct = 1; 92 } 93 94 vector<string> extracted_strings; 95 }; 96 97 // Wep keys 98 typedef struct { 99 int fragile; 100 mac_addr bssid; 101 unsigned char key[WEPKEY_MAX]; 102 unsigned int len; 103 unsigned int decrypted; 104 unsigned int failed; 105 } wep_key_info; 106 107 class KisBuiltinDissector { 108 public: 109 KisBuiltinDissector(); 110 KisBuiltinDissector(GlobalRegistry *in_globalreg); 111 ~KisBuiltinDissector(); 112 113 int ieee80211_dissector(kis_packet *in_pack); 114 int basicdata_dissector(kis_packet *in_pack); 115 int basicstring_dissector(kis_packet *in_pack); 116 117 int wep_data_decryptor(kis_packet *in_pack); 118 int wep_data_mangler(kis_packet *in_pack); 119 120 int GetIEEETagOffsets(unsigned int init_offset, kis_datachunk *in_chunk, 121 map<int, vector<int> > *tag_cache_map); 122 123 int WPACipherConv(uint8_t cipher_index); 124 int WPAKeyMgtConv(uint8_t mgt_index); 125 126 void SetStringExtract(int in_extr); 127 128 void AddWepKey(mac_addr bssid, uint8_t *key, unsigned int len, int temp); 129 130 void BlitKeys(int in_fd); 131 132 // Transform an encrypted chunk into a plaintext chunk, abstracted for use 133 // by other components 134 static kis_datachunk *DecryptWEP(kis_ieee80211_packinfo *in_packinfo, 135 kis_datachunk *in_chunk, 136 unsigned char *in_key, int in_key_len, 137 unsigned char *in_id); 138 139 protected: 140 int cmd_listwepkeys(CLIENT_PARMS); 141 int cmd_addwepkey(CLIENT_PARMS); 142 int cmd_delwepkey(CLIENT_PARMS); 143 int cmd_strings(CLIENT_PARMS); 144 int cmd_stringsfilter(CLIENT_PARMS); 145 146 GlobalRegistry *globalreg; 147 148 int netstumbler_aref; 149 int nullproberesp_aref; 150 int lucenttest_aref; 151 int msfbcomssid_aref; 152 int msfdlinkrate_aref; 153 int msfnetgearbeacon_aref; 154 int longssid_aref; 155 int disconcodeinvalid_aref; 156 int deauthcodeinvalid_aref; 157 int dhcp_clientid_aref; 158 159 int client_wepkey_allowed; 160 macmap<wep_key_info *> wepkeys; 161 162 int dissect_data; 163 164 FilterCore *string_filter; 165 int dissect_strings; 166 int dissect_all_strings; 167 macmap<int> string_nets; 168 169 int listwepkey_cmdid; 170 int addwepkey_cmdid; 171 int delwepkey_cmdid; 172 int strings_cmdid; 173 int stringsfilter_cmdid; 174 175 int blit_time_id; 176 177 unsigned char wep_identity[256]; 178 179 friend int clicmd_LISTWEPKEYS_hook(CLIENT_PARMS); 180 friend int clicmd_ADDWEPKEY_hook(CLIENT_PARMS); 181 friend int clicmd_DELWEPKEY_hook(CLIENT_PARMS); 182 friend int clicmd_STRINGS_hook(CLIENT_PARMS); 183 friend int clicmd_STRINGSFILTER_hook(CLIENT_PARMS); 184 }; 185 186 #endif 187 188