packz · March 29, 2012 17:15 · Jimmy1Error · Apr 26, 2025
diff --git a/gistfile1.c b/gistfile1.c
 /*
 *
 * Implementazione dello script originariamente al seguente URL
 *
 * 	http://www.evilsocket.net
 * 		/1126/script-per-il-calcolo-della-chiave-wpa-nei-router-fastweb-pirelli.html
 *
 * 	http://wifiresearchers.wordpress.com/
 *
 *
 * http://cocoadevcentral.com/d/learn_objectivec/
 *
 * http://developer.apple.com/mac/library/documentation/Cocoa/Reference/Foundation/Miscellaneous/Foundation_Functions/Reference/
 */
 //#import <Foundation/Foundation.h>
 //#import <CommonCrypto/CommonDigest.h>

 #include <stdio.h>
 #include <openssl/md5.h>

 /* get mask from MSB of length 5*/
 unsigned int mask(unsigned int size, unsigned int idx, unsigned int step) {
 	unsigned int mask = 0;
 	unsigned int cycle;
 	for (cycle = 0 ; cycle < 5 ; cycle++) {
 		mask |= (1 << (size - (step*idx) - cycle - 1));
 	}

 	return mask;
 }

 int main(int argc, char* argv[]) {
 	if (argc < 2) {
 		fprintf(stderr, "usage: %s <hex>\n", argv[0]);
 		return 1;
 	}

 	char* numerical_essid = argv[1];

 	if (strlen(numerical_essid) != 12) {
 		fprintf(stderr, "ESSID must be of 12 digits\n");
 		return 1;
 	}

 	unsigned char md5checksum[16];
 	/*
 	 * 20 byte costanti cablati nel firmware dei Pirelli Fastweb.
 	 *
 	 * N.B: per questioni di endianess va tutto ribaltato rispetto
 	 * allo script originale.
 	 */
 	//unsigned char code[] = "\x22\x33\x11\x34\x02\x81\xFA\x22\x11\x41\x68\x11\x12\x01\x05\x22\x71\x42\x10\x66";
 	unsigned char code[] = "\x66\x10\x42\x71\x22\x05\x01\x12\x11\x68\x41\x11\x22\xfa\x81\x02\x34\x11\x33\x22";

 	/* 
 	 * questa parte di codice prende la stringa dell'ESSID
 	 * la trasforma nella sua rappresentazione binaria
 	 * e gli aggiunge i 20 byte in 'code'.
 	 */
 	unsigned int cycle;
 	char digit[3] = {'\0', '\0', '\0'};
 	unsigned char hex_digit[26] = "";
 	unsigned int hex;
 	for (cycle = 0 ; cycle < 6 ; cycle++) {
 		digit[0] = numerical_essid[2*cycle];
 		digit[1] = numerical_essid[2*cycle + 1];

 		sscanf(digit, "%02x", &hex);
 		hex_digit[25 - cycle] = hex;
 	}
 	memcpy(hex_digit , code, 20);

 	unsigned char reversed_hex[26];
 	for (cycle = 0 ; cycle < 26 ; cycle++) {
 		reversed_hex[cycle] = hex_digit[25 - cycle];
 	}

 	/* not portable */
 	MD5(reversed_hex, 26, md5checksum);

 #if 0
 	write(1, reversed_hex, 26);
 	return 0;
 #endif

 	/**************************/
 	/* calcoliamo la password */
 	/**************************/
 	unsigned char hex_psw[5];
 #if 1
 	unsigned int seq;
 	/* from little endian to big endian */
 	for (cycle = 0 ; cycle < 4 ; cycle++) {
 		((unsigned char*)&seq)[cycle] = md5checksum[3 - cycle];
 	}
 #else
 	unsigned int seq = 0xa37d4267;
 #endif
 	/* prendo i primi 4 byte in 5 gruppi di 5 bits */
 	for (cycle = 0 ; cycle < 5 ; cycle++) {
 		hex_psw[cycle] =
 			(seq & mask(32, cycle, 5)) >> (27 - 5*cycle);
 		hex_psw[cycle] = hex_psw[cycle] < 0x0A ?
 			hex_psw[cycle] : hex_psw[cycle] + 0x57;
 	}

 	printf( "WPA: ");
 	for (cycle = 0 ; cycle < 5 ; cycle++) {
 		printf("%02x", hex_psw[cycle]);
 	}
 	puts("");

 	return 0;
 }
	/*
	*
	* Implementazione dello script originariamente al seguente URL
	*
	* http://www.evilsocket.net
	* /1126/script-per-il-calcolo-della-chiave-wpa-nei-router-fastweb-pirelli.html
	*
	* http://wifiresearchers.wordpress.com/
	*
	*
	* http://cocoadevcentral.com/d/learn_objectivec/
	*
	* http://developer.apple.com/mac/library/documentation/Cocoa/Reference/Foundation/Miscellaneous/Foundation_Functions/Reference/
	*/
	//#import <Foundation/Foundation.h>
	//#import <CommonCrypto/CommonDigest.h>

	#include <stdio.h>
	#include <openssl/md5.h>

	/* get mask from MSB of length 5*/
	unsigned int mask(unsigned int size, unsigned int idx, unsigned int step) {
	unsigned int mask = 0;
	unsigned int cycle;
	for (cycle = 0 ; cycle < 5 ; cycle++) {
	mask \|= (1 << (size - (step*idx) - cycle - 1));
	}

	return mask;
	}

	int main(int argc, char* argv[]) {
	if (argc < 2) {
	fprintf(stderr, "usage: %s <hex>\n", argv[0]);
	return 1;
	}

	char* numerical_essid = argv[1];

	if (strlen(numerical_essid) != 12) {
	fprintf(stderr, "ESSID must be of 12 digits\n");
	return 1;
	}

	unsigned char md5checksum[16];
	/*
	* 20 byte costanti cablati nel firmware dei Pirelli Fastweb.
	*
	* N.B: per questioni di endianess va tutto ribaltato rispetto
	* allo script originale.
	*/
	//unsigned char code[] = "\x22\x33\x11\x34\x02\x81\xFA\x22\x11\x41\x68\x11\x12\x01\x05\x22\x71\x42\x10\x66";
	unsigned char code[] = "\x66\x10\x42\x71\x22\x05\x01\x12\x11\x68\x41\x11\x22\xfa\x81\x02\x34\x11\x33\x22";

	/*
	* questa parte di codice prende la stringa dell'ESSID
	* la trasforma nella sua rappresentazione binaria
	* e gli aggiunge i 20 byte in 'code'.
	*/
	unsigned int cycle;
	char digit[3] = {'\0', '\0', '\0'};
	unsigned char hex_digit[26] = "";
	unsigned int hex;
	for (cycle = 0 ; cycle < 6 ; cycle++) {
	digit[0] = numerical_essid[2*cycle];
	digit[1] = numerical_essid[2*cycle + 1];

	sscanf(digit, "%02x", &hex);
	hex_digit[25 - cycle] = hex;
	}
	memcpy(hex_digit , code, 20);

	unsigned char reversed_hex[26];
	for (cycle = 0 ; cycle < 26 ; cycle++) {
	reversed_hex[cycle] = hex_digit[25 - cycle];
	}

	/* not portable */
	MD5(reversed_hex, 26, md5checksum);

	#if 0
	write(1, reversed_hex, 26);
	return 0;
	#endif

	/**************************/
	/* calcoliamo la password */
	/**************************/
	unsigned char hex_psw[5];
	#if 1
	unsigned int seq;
	/* from little endian to big endian */
	for (cycle = 0 ; cycle < 4 ; cycle++) {
	((unsigned char*)&seq)[cycle] = md5checksum[3 - cycle];
	}
	#else
	unsigned int seq = 0xa37d4267;
	#endif
	/* prendo i primi 4 byte in 5 gruppi di 5 bits */
	for (cycle = 0 ; cycle < 5 ; cycle++) {
	hex_psw[cycle] =
	(seq & mask(32, cycle, 5)) >> (27 - 5*cycle);
	hex_psw[cycle] = hex_psw[cycle] < 0x0A ?
	hex_psw[cycle] : hex_psw[cycle] + 0x57;
	}

	printf( "WPA: ");
	for (cycle = 0 ; cycle < 5 ; cycle++) {
	printf("%02x", hex_psw[cycle]);
	}
	puts("");

	return 0;
	}