maemo.org - Talk

maemo.org - Talk (https://talk.maemo.org/index.php)
-   Applications (https://talk.maemo.org/forumdisplay.php?f=41)
-   -   WPSCrack on N900 (https://talk.maemo.org/showthread.php?t=81377)

StefanL 2012-01-05 17:53
WPSCrack on N900
 
This is similar to reaver, however needs some more work since it is the researcher of the exploit's 'fast and dirty' proof of concept code.

Managed to get it mostly working, however need to get home to my AP to test properly. After making the following change in line 480, it runs, but is stuck in the infinite loop at pin 0000 (similar to other reports on the internet):

Code:
elif (self.rcved.is_set() is False):

to

elif (self.rcved.set() is False):
When running, there is a warning message about IPv6, this one can safely be ignored. It is generated by python-scapy and correctly indicates that the N900 is not running IPv6.

Will post more on requirements and tutorials etc. later.

Requirements:
Python
Python-Scapy (as per readme)
PyCrypto (as per readme)
tcpdump
sudser (suggested to be able to run as root without being root)

Running It:
Set the N900 wireless connection to monitor mode:
Code:
ifconfig wlan0 down
iwconfig wlan0 mode Monitor
ifconfig wlan0 up
Run the program from the directory wpscrack.py is located in. You need to be root to run this properly (seems like it is a requirement for tcpdump to work properly on my set-up):

Code:
sudo python wpscrack.py -i wlan0 -c XX:XX:XX:XX:XX:XX -b XX:XX:XX:XX:XX:XX -s AP_SSID -v
Loads of reports on the internet (as well as from the readme itself ;)) that python-scapy 2.2.0 is required to make this script work (latest Maemo version is 2.0.0 or something), however I downloaded and installed 2.2.0 from the source, without an improvement. I contacted the packager for the Maemo version Yves-Alexis Perez, but he replied that he will not be able to help anymore:

> Is it possible for you to provide a deb for the latest version (2.2.0) for maemo?

Same reply as for Christos Zamantzas. I don't have my n900 anymore and doesn't have any build architecture ready, so not really. Regards,-- Yves-Alexis

If anybody is interested in making a deb package from the Debian source, Yves-Alexis provides the following hint:

Afair (it was a long time ago), what I did was just to pick the Debian source package, remove the libatm-dev build-dependencies and rebuild in scratchbox, then upload. Regards,-- Yves-Alexis

Update:
Managed to properly install scapy from the source as per the following. Download from the previous link and untar in your favourite location, change to the newly created scapy directory, build the package and then install
Code:
tar -xzvf scapy-latest.tar.gz
cd scapy
python setup.py build
sudo python setup.py install
Now the program runs with only the IPv6 Warning Message but is still stuck in the infinite loop at pin 0000 (small steps :p).

Saturn 2012-01-08 13:02
Re: WPSCrack on N900
 
Yes I mentioned in the other thread that I contacted him.

Anyway, just for info:

check the bdist_maemo option.

Code:
~/scapy-2.2.0 $ python setup.py --help-commands
Standard commands:
  build            build everything needed to install
  build_py        "build" pure Python modules (copy to build directory)
  build_ext        build C/C++ extensions (compile/link to build directory)
  build_clib      build C/C++ libraries used by Python extensions
  build_scripts    "build" scripts (copy and fixup #! line)
  clean            clean up temporary files from 'build' command
  install          install everything from build directory
  install_lib      install all Python modules (extensions and pure Python)
  install_headers  install C/C++ header files
  install_scripts  install scripts (Python or otherwise)
  install_data    install data files
  sdist            create a source distribution (tarball, zip file, etc.)
  register        register the distribution with the Python package index
  bdist            create a built (binary) distribution
  bdist_dumb      create a "dumb" built distribution
  bdist_maemo      Package for distribution on Maemo platform
  bdist_rpm        create an RPM distribution
  bdist_wininst    create an executable installer for MS Windows

usage: setup.py [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...]
  or: setup.py --help [cmd1 cmd2 ...]
  or: setup.py --help-commands
  or: setup.py cmd --help
also:

Code:
~/scapy-2.2.0 $ python setup.py bdist_maemo --help
Common commands: (see '--help-commands' for more)

  setup.py build      will build the package underneath 'build/'
  setup.py install    will install the package

Global options:
  --verbose (-v)  run verbosely (default)
  --quiet (-q)    run quietly (turns verbosity off)
  --dry-run (-n)  don't actually do anything
  --help (-h)    show detailed help message

Options for 'bdist_maemo' command:
  --name          Package name
  --section      Section (Only 'user/*' will display in AI usually)
  --priority      Priority
  --architecture  Architecture
  --depends      Other Debian package dependencies (comma separated)

usage: setup.py [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...]
  or: setup.py --help [cmd1 cmd2 ...]
  or: setup.py --help-commands
  or: setup.py cmd --help

I was able to create a deb with that, but something else was not working for me there. So i gave up since i dont have time to play more with this.

hope it helps.

te37v 2012-01-27 16:47
Re: WPSCrack on N900
 
Wpscrack uses the wlan0 interface rather than Mon0?

StefanL 2012-01-31 16:56
Re: WPSCrack on N900
 
Quote:
Originally Posted by te37v (Post 1156611)
Wpscrack uses the wlan0 interface rather than Mon0?
I am not sure it makes a difference, to get the mon0 interface you need to run something like
Code:
airmon-ng start wlan
.

te37v 2012-02-01 00:50
Re: WPSCrack on N900
 
You're right. I haven't manually done that in a while :)


All times are GMT. The time now is 07:11.

vBulletin® Version 3.8.8