1 /* 2 * Reaver - Common definitions 3 * Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License as published by 7 * the Free Software Foundation; either version 2 of the License, or 8 * (at your option) any later version. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program; if not, write to the Free Software 17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 18 * 19 * 20 * In addition, as a special exception, the copyright holders give 21 * permission to link the code of portions of this program with the 22 * OpenSSL library under certain conditions as described in each 23 * individual source file, and distribute linked combinations 24 * including the two. 25 * You must obey the GNU General Public License in all respects 26 * for all of the code used other than OpenSSL. * If you modify 27 * file(s) with this exception, you may extend this exception to your 28 * version of the file(s), but you are not obligated to do so. * If you 29 * do not wish to do so, delete this exception statement from your 30 * version. * If you delete this exception statement from all source 31 * files in the program, then also delete it here. 32 */ 33 34 #ifndef DEFS_H 35 #define DEFS_H 36 37 #include <stdio.h> 38 #include <stdlib.h> 39 #include <stdint.h> 40 #include <unistd.h> 41 #include <string.h> 42 #include <time.h> 43 #include <pcap.h> 44 #include "utils/endianness.h" 45 46 #include "wps.h" 47 #include "cprintf.h" 48 49 #define NULL_MAC "\x00\x00\x00\x00\x00\x00" 50 #define DEFAULT_MAX_NUM_PROBES 15 51 #define MAX_ASSOC_FAILURES 10 52 53 #define TIMESTAMP_LEN 8 54 #define MAC_ADDR_LEN 6 55 #define SSID_TAG_NUMBER 0 56 #define RATES_TAG_NUMBER 1 57 #define CHANNEL_TAG_NUMBER 3 58 #define WPS_TAG_NUMBER 0xDD 59 #define VENDOR_SPECIFIC_TAG 0xDD 60 #define RSN_TAG_NUMBER 0x30 61 #define HT_CAPS_TAG_NUMBER 0x2d 62 63 #define CAPABILITY_WEP 0x10 64 65 #define WPA_IE_ID "\x00\x50\xF2\x01\x01\x00" 66 #define WPA_IE_ID_LEN 6 67 68 #define MANAGEMENT_FRAME 0x00 69 #define SUBTYPE_BEACON 0x08 70 71 #define DOT1X_AUTHENTICATION 0x888E 72 #define DOT1X_EAP_PACKET 0x00 73 74 #define SIMPLE_CONFIG 0x00000001 75 76 #define P1_SIZE 10000 77 #define P2_SIZE 1000 78 79 #define EAPOL_START_MAX_TRIES 10 80 #define WARN_FAILURE_COUNT 10 81 82 #define EAPOL_START 1 83 #define EAP_IDENTITY 0x01 84 #define EAP_EXPANDED 0xFE 85 86 #define M57_DEFAULT_TIMEOUT 400000 /* uSeconds */ 87 #define M57_MAX_TIMEOUT 1000000 /* uSeconds */ 88 #define DEFAULT_DELAY 1 /* Seconds */ 89 #define DEFAULT_TIMEOUT 10 /* Seconds */ 90 #define DEFAULT_LOCK_DELAY 60 /* Seconds */ 91 #define SEC_TO_US 1000000 /* uSeconds in a Second */ 92 93 #define WPS_DEVICE_NAME "Glau" 94 #define WPS_MANUFACTURER "Microsoft" 95 #define WPS_MODEL_NAME "Windows" 96 #define WPS_MODEL_NUMBER "6.1.7601" 97 #define WPS_DEVICE_TYPE "\x00\x01\x00\x50\xF2\x04\x00\x01" 98 #define WPS_OS_VERSION "\x01\x00\x06\x00" 99 #define WPS_RF_BANDS 0x01 100 101 enum encryption_type 102 { 103 NONE, 104 WEP, 105 WPA 106 }; 107 108 enum key_state 109 { 110 KEY1_WIP = 0, 111 KEY2_WIP = 1, 112 KEY_DONE = 2 113 }; 114 115 enum eap_codes 116 { 117 EAP_REQUEST = 1, 118 EAP_RESPONSE = 2, 119 EAP_SUCCESS = 3, 120 EAP_FAILURE = 4 121 }; 122 123 enum wps_result 124 { 125 KEY_ACCEPTED = 0, 126 KEY_REJECTED = 1, 127 RX_TIMEOUT = 2, 128 EAP_FAIL = 3, 129 UNKNOWN_ERROR = 4 130 }; 131 132 enum nack_code 133 { 134 NO_NACK = -1, 135 NO_ERROR = 0, 136 OOB_RRAD_ERROR = 1, 137 CRC_FAILURE = 2, 138 CHANNEL_24_NS = 3, 139 CHANNEL_50_NS = 4, 140 WEAK_SIGNAL = 5, 141 NET_AUTH_FAILURE = 6, 142 NET_ASSOCIATION_FAILURE = 7, 143 NO_DHCP_RESPONSE = 8, 144 FAILED_DHCP_CONFIG = 9, 145 IP_ADDR_CONFLICT = 10, 146 REGISTRAR_CONNECT_FAILURE = 11, 147 MULTIPLE_PBC = 12, 148 ROGUE_ACTIVITY = 13, 149 DEVICE_BUSY = 14, 150 SETUP_LOCKED = 15, 151 MESSAGE_TIMEOUT = 16, 152 REGISTRATION_TIMEOUT = 17, 153 AUTH_FAILURE = 18 154 }; 155 156 enum wps_type 157 { 158 TERMINATE = -1, 159 UNKNOWN = 0, 160 IDENTITY_REQUEST = 1, 161 IDENTITY_RESPONSE = 2, 162 M1 = 0x04, 163 M2 = 0x05, 164 M3 = 0x07, 165 M4 = 0x08, 166 M5 = 0x09, 167 M6 = 0x0A, 168 M7 = 0x0B, 169 M8 = 0x0C, 170 DONE = 0x0F, 171 NACK = 0x0E, 172 WPS_PT_DEAUTH = 0xFF 173 }; 174 175 enum wfa_elements 176 { 177 AP_CHANNEL = 0x1001, 178 ASSOCIATION_STATE = 0x1002, 179 AUTHENTICATION_TYPE = 0x1003, 180 AUTHENTICATION_TYPE_FLAGS = 0x1004, 181 AUTHENTICATOR = 0x1005, 182 CONFIG_METHODS = 0x1008, 183 CONFIGURATION_ERROR = 0x1009, 184 CONFIRMATION_URL_4 = 0x100A, 185 CONFIRMATION_URL_6 = 0x100B, 186 CONNECTION_TYPE = 0x100C, 187 CONNECTION_TYPE_FLAGS = 0x100D, 188 CREDENTIAL = 0x100E, 189 DEVICE_NAME = 0x1011, 190 DEVICE_PASSWORD_ID = 0x1012, 191 ENROLLEE_HASH_1 = 0x1014, 192 ENROLLEE_HASH_2 = 0x1015, 193 ENROLLEE_SNONCE_1 = 0x1016, 194 ENROLLEE_SNONCE_2 = 0x1017, 195 ENCRYPTED_SETTINGS = 0x1018, 196 ENCRYPTION_TYPE = 0x100F, 197 ENCRYPTION_TYPE_FLAGS = 0x1010, 198 ENROLLEE_NONCE = 0x101A, 199 FEATURE_ID = 0x101B, 200 IDENTITY = 0x101C, 201 IDENTITY_PROOF = 0x101D, 202 KEY_WRAP_AUTHENTICATOR = 0x101E, 203 KEY_IDENTIFIER = 0x101F, 204 MAC_ADDRESS = 0x1020, 205 MANUFACTURER = 0x1021, 206 MESSAGE_TYPE = 0x1022, 207 MODEL_NAME = 0x1023, 208 MODEL_NUMBER = 0x1024, 209 NETWORK_INDEX = 0x1026, 210 NETWORK_KEY = 0x1027, 211 NETWORK_KEY_INDEX = 0x1028, 212 NEW_DEVICE_NAME = 0x1029, 213 NEW_PASSWORD = 0x102A, 214 OOB_DEVICE_PASSWORD = 0x102C, 215 OS_VERSION = 0x102D, 216 POWER_LEVEL = 0x102F, 217 PSK_CURRENT = 0x1030, 218 PSK_MAX = 0x1031, 219 PUBLIC_KEY = 0x1032, 220 RADIO_ENABLED = 0x1033, 221 REBOOT = 0x1034, 222 REGISTRAR_CURRENT = 0x1035, 223 REGISTRAR_ESTABLISHED = 0x1036, 224 REGISTRAR_LIST = 0x1037, 225 REGISTRAR_MAX = 0x1038, 226 REGISTRAR_NONCE = 0x1039, 227 REQUEST_TYPE = 0x103A, 228 RESPONSE_TYPE = 0x103B, 229 RF_BANDS = 0x103C, 230 REGISTRAR_HASH_1 = 0x103D, 231 REGISTRAR_HASH_2 = 0x103E, 232 REGISTRAR_SNONCE_1 = 0x103F, 233 REGISTRAR_SNONCE_2 = 0x1040, 234 SELECTED_REGISTRAR = 0x1041, 235 SERIAL_NUMBER = 0x1042, 236 WPS_STATE = 0x1044, 237 SSID = 0x1045, 238 TOTAL_NETWORKS = 0x1046, 239 ENROLLEE_UUID = 0x1047, 240 REGISTRAR_UUID = 0x1048, 241 VENDOR_EXTENSION = 0x1049, 242 VERSION = 0x104A, 243 X509_CERT_REQUEST = 0x104B, 244 X509_CERT = 0x104C, 245 WPS_EAP_IDENTITY = 0x104D, 246 MESSAGE_COUNTER = 0x104E, 247 PUBLIC_KEY_HASH = 0x104F, 248 REKEY_KEY = 0x1050, 249 KEY_LIFETIME = 0x1051, 250 PERMITTED_CONFIG_METHODS = 0x1052, 251 SELECTED_REGISTRAR_CONFIG_METHODS = 0x1053, 252 PRIMARY_DEVICE_TYPE = 0x1054, 253 SECONDARY_DEVICE_TYPE_LIST = 0x1055, 254 PORTABLE_DEVICE = 0x1056, 255 AP_SETUP_LOCKED = 0x1057, 256 APPLICATION_EXTENSION = 0x1058, 257 EAP_TYPE = 0x1059, 258 INITIALIZATION_VECTOR = 0x1060, 259 KEY_PROVIDED_AUTOMATICALLY = 0x1061, 260 ENABLED_8021X = 0x1062, 261 APP_SESSION_KEY = 0x1063, 262 WEP_TRANSMIT_KEY = 0x10064 263 }; 264 265 #define IEEE80211_FCTL_VERS 0x0003 266 #define IEEE80211_FCTL_FTYPE 0x000c 267 #define IEEE80211_FCTL_STYPE 0x00f0 268 #define IEEE80211_FCTL_TODS 0x0100 269 #define IEEE80211_FCTL_FROMDS 0x0200 270 #define IEEE80211_FCTL_MOREFRAGS 0x0400 271 #define IEEE80211_FCTL_RETRY 0x0800 272 #define IEEE80211_FCTL_PM 0x1000 273 #define IEEE80211_FCTL_MOREDATA 0x2000 274 #define IEEE80211_FCTL_PROTECTED 0x4000 275 #define IEEE80211_FCTL_ORDER 0x8000 276 277 #define IEEE80211_SCTL_FRAG 0x000F 278 #define IEEE80211_SCTL_SEQ 0xFFF0 279 280 #define IEEE80211_FTYPE_MGMT 0x0000 281 #define IEEE80211_FTYPE_CTL 0x0004 282 #define IEEE80211_FTYPE_DATA 0x0008 283 284 /* management */ 285 #define IEEE80211_STYPE_ASSOC_REQ 0x0000 286 #define IEEE80211_STYPE_ASSOC_RESP 0x0010 287 #define IEEE80211_STYPE_REASSOC_REQ 0x0020 288 #define IEEE80211_STYPE_REASSOC_RESP 0x0030 289 #define IEEE80211_STYPE_PROBE_REQ 0x0040 290 #define IEEE80211_STYPE_PROBE_RESP 0x0050 291 #define IEEE80211_STYPE_BEACON 0x0080 292 #define IEEE80211_STYPE_ATIM 0x0090 293 #define IEEE80211_STYPE_DISASSOC 0x00A0 294 #define IEEE80211_STYPE_AUTH 0x00B0 295 #define IEEE80211_STYPE_DEAUTH 0x00C0 296 #define IEEE80211_STYPE_ACTION 0x00D0 297 298 /* control */ 299 #define IEEE80211_STYPE_BACK_REQ 0x0080 300 #define IEEE80211_STYPE_BACK 0x0090 301 #define IEEE80211_STYPE_PSPOLL 0x00A0 302 #define IEEE80211_STYPE_RTS 0x00B0 303 #define IEEE80211_STYPE_CTS 0x00C0 304 #define IEEE80211_STYPE_ACK 0x00D0 305 #define IEEE80211_STYPE_CFEND 0x00E0 306 #define IEEE80211_STYPE_CFENDACK 0x00F0 307 308 /* data */ 309 #define IEEE80211_STYPE_DATA 0x0000 310 #define IEEE80211_STYPE_DATA_CFACK 0x0010 311 #define IEEE80211_STYPE_DATA_CFPOLL 0x0020 312 #define IEEE80211_STYPE_DATA_CFACKPOLL 0x0030 313 #define IEEE80211_STYPE_NULLFUNC 0x0040 314 #define IEEE80211_STYPE_CFACK 0x0050 315 #define IEEE80211_STYPE_CFPOLL 0x0060 316 #define IEEE80211_STYPE_CFACKPOLL 0x0070 317 #define IEEE80211_STYPE_QOS_DATA 0x0080 318 #define IEEE80211_STYPE_QOS_DATA_CFACK 0x0090 319 #define IEEE80211_STYPE_QOS_DATA_CFPOLL 0x00A0 320 #define IEEE80211_STYPE_QOS_DATA_CFACKPOLL 0x00B0 321 #define IEEE80211_STYPE_QOS_NULLFUNC 0x00C0 322 #define IEEE80211_STYPE_QOS_CFACK 0x00D0 323 #define IEEE80211_STYPE_QOS_CFPOLL 0x00E0 324 #define IEEE80211_STYPE_QOS_CFACKPOLL 0x00F0 325 326 /* these types denote that the values are stored in a specific byte order */ 327 #ifndef LE16_DEFINED 328 #define LE16_DEFINED 329 typedef uint16_t le16; 330 typedef uint32_t le32; 331 332 typedef uint16_t be16; 333 typedef uint32_t be32; 334 #endif 335 336 #pragma pack(1) 337 struct radio_tap_header 338 { 339 uint8_t revision; 340 uint8_t pad; 341 le16 len; 342 le32 flags; 343 #ifdef RADIOTAP_HEADER_WITH_RATE 344 uint8_t rate; 345 uint8_t pad2; 346 #endif 347 le16 txflags; 348 }; 349 350 struct dot11_frame_header 351 { 352 le16 fc; 353 le16 duration; 354 unsigned char addr1[MAC_ADDR_LEN]; 355 unsigned char addr2[MAC_ADDR_LEN]; 356 unsigned char addr3[MAC_ADDR_LEN]; 357 le16 frag_seq; 358 }; 359 360 struct authentication_management_frame 361 { 362 le16 algorithm; 363 le16 sequence; 364 le16 status; 365 }; 366 367 struct association_request_management_frame 368 { 369 le16 capability; 370 le16 listen_interval; 371 }; 372 373 struct association_response_management_frame 374 { 375 le16 capability; 376 le16 status; 377 le16 id; 378 }; 379 380 struct beacon_management_frame 381 { 382 unsigned char timestamp[TIMESTAMP_LEN]; 383 le16 beacon_interval; 384 le16 capability; 385 }; 386 387 struct llc_header 388 { 389 uint8_t dsap; 390 uint8_t ssap; 391 uint8_t control_field; 392 unsigned char org_code[3]; 393 be16 type; 394 }; 395 396 struct dot1X_header 397 { 398 uint8_t version; 399 uint8_t type; 400 uint16_t len; 401 }; 402 403 struct eap_header 404 { 405 uint8_t code; 406 uint8_t id; 407 uint16_t len; 408 uint8_t type; 409 }; 410 411 struct wfa_expanded_header 412 { 413 unsigned char id[3]; 414 be32 type; 415 uint8_t opcode; 416 uint8_t flags; 417 }; 418 419 struct wfa_element_header 420 { 421 uint16_t type; 422 uint16_t length; 423 }; 424 425 struct tagged_parameter 426 { 427 uint8_t number; 428 uint8_t len; 429 }; 430 #pragma pack() 431 432 #define MIN_BEACON_SIZE (sizeof(struct radio_tap_header) + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame)) 433 434 #endif 435