2 files changed, 214 insertions, 0 deletions
diff --git a/examples/parse_eapol/README.md b/examples/parse_eapol/README.md
new file mode 100644
index 0000000..4aa206a
--- /dev/null
+++ b/examples/parse_eapol/README.md

@@ -0,0 +1,74 @@
+# Parsing 802.11 Handshake / EAPOL Frames
+This example shows the reader how to parse 802.11 Handshakes from a pcap, outputting the EAPOL version, type, length, and data such as Nonce, IV, MIC and EAPOL Key Data.
+# Building and Using
+```
+>> cd examples/parse_eapol/
+>> make
+clang -Wall -Werror -O3 -o parse_eapol   -c -o parse_eapol.o parse_eapol.c
+clang -Wall -Werror -O3 -o parse_eapol parse_eapol.c -lpcap -lwifi
+>> ./parse_eapol --file ~/libwifi-handshake.pcap
+[+] Setup Complete
+WPA Handshake Message: 1 (Message 1)
+EAPOL: Version: 2
+EAPOL: Type: 3
+EAPOL: Length: 95
+EAPOL: Descriptor: 2
+EAPOL: Key Info: Information: 0x008a
+EAPOL: Key Info: Key Length: 16
+EAPOL: Key Info: Replay Counter: 1
+EAPOL: Key Info: Nonce: 43 79 98 09 6a 0e dc 73 8d 44 3b 55 ce b5 47 2c fd 39 0c 87 51 e4 f0 77 d9 5b 5c e1 dc 59 bd 75 
+EAPOL: Key Info: IV: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
+EAPOL: Key Info: RSC: 00 00 00 00 00 00 00 00 
+EAPOL: Key Info: ID: 00 00 00 00 00 00 00 00 
+EAPOL: Key Info: MIC: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
+EAPOL: Key Info: Key Data Length: 0
+WPA Handshake Message: 2 (Message 2)
+EAPOL: Version: 1
+EAPOL: Type: 3
+EAPOL: Length: 123
+EAPOL: Descriptor: 2
+EAPOL: Key Info: Information: 0x010a
+EAPOL: Key Info: Key Length: 0
+EAPOL: Key Info: Replay Counter: 1
+EAPOL: Key Info: Nonce: de ed a2 79 e3 c4 96 ba 25 8b ba 84 76 0a 00 69 2e 2c 10 41 24 1a f3 6f 70 9a 4b db 5f 93 47 80 
+EAPOL: Key Info: IV: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
+EAPOL: Key Info: RSC: 00 00 00 00 00 00 00 00 
+EAPOL: Key Info: ID: 00 00 00 00 00 00 00 00 
+EAPOL: Key Info: MIC: 6c 23 fe 8d 68 35 c9 5a 77 82 25 4b 56 41 70 71 
+EAPOL: Key Info: Key Data Length: 28
+EAPOL: Key Info: Key Data: 30 1a 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 80 00 00 00 00 0f ac 06 
+WPA Handshake Message: 4 (Message 3)
+EAPOL: Version: 2
+EAPOL: Type: 3
+EAPOL: Length: 183
+EAPOL: Descriptor: 2
+EAPOL: Key Info: Information: 0x13ca
+EAPOL: Key Info: Key Length: 16
+EAPOL: Key Info: Replay Counter: 2
+EAPOL: Key Info: Nonce: 43 79 98 09 6a 0e dc 73 8d 44 3b 55 ce b5 47 2c fd 39 0c 87 51 e4 f0 77 d9 5b 5c e1 dc 59 bd 75 
+EAPOL: Key Info: IV: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
+EAPOL: Key Info: RSC: 00 00 00 00 00 00 00 00 
+EAPOL: Key Info: ID: 00 00 00 00 00 00 00 00 
+EAPOL: Key Info: MIC: b7 e7 f1 60 f8 cf 3f ec 8f b3 c5 29 e4 a1 d0 05 
+EAPOL: Key Info: Key Data Length: 88
+EAPOL: Key Info: Key Data: 5e b1 a7 ef db 8d 55 06 d5 c8 89 e7 ca 55 ea cf f5 fa 08 18 ef 4e 46 6e b6 3e 62 d1 30 e7 e5 38 ef 2b 37 61 55 03 9e 84 31 75 3e 44 bd 87 12 9c 94 52 db fb 6a 58 4e 1f 94 e0 16 a9 e9 cb 36 48 c8 ed 20 d3 ff 37 a6 7e 12 3f 0b fc 2c a6 cb 72 c3 6a bf 01 32 b1 6e 1b 
+WPA Handshake Message: 8 (Message 4)
+EAPOL: Version: 1
+EAPOL: Type: 3
+EAPOL: Length: 95
+EAPOL: Descriptor: 2
+EAPOL: Key Info: Information: 0x030a
+EAPOL: Key Info: Key Length: 0
+EAPOL: Key Info: Replay Counter: 2
+EAPOL: Key Info: Nonce: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
+EAPOL: Key Info: IV: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
+EAPOL: Key Info: RSC: 00 00 00 00 00 00 00 00 
+EAPOL: Key Info: ID: 00 00 00 00 00 00 00 00 
+EAPOL: Key Info: MIC: 13 6e 07 be 17 51 01 e2 03 5d 4c b1 43 e1 4b c7 
+EAPOL: Key Info: Key Data Length: 0
+>>
+```
diff --git a/examples/parse_eapol/parse_eapol.c b/examples/parse_eapol/parse_eapol.c
new file mode 100644
index 0000000..259ee5f
--- /dev/null
+++ b/examples/parse_eapol/parse_eapol.c

@@ -0,0 +1,140 @@
+#include <libwifi.h>
+#include <pcap.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+static int has_radiotap = 0;
+void handle_pkt(unsigned char *args, const struct pcap_pkthdr *header, const unsigned char *packet) {
+    unsigned long data_len = header->caplen;
+    unsigned char *data = (unsigned char *) packet;
+    // Initialise a libwifi_frame struct and populate it
+    struct libwifi_frame frame = {0};
+    int ret = libwifi_get_wifi_frame(&frame, data, data_len, has_radiotap);
+    if (ret != 0) {
+        return;
+    }
+    // Ensure the parsed frame is a data frame
+    if (frame.frame_control.type == TYPE_DATA) {
+        // Ensure the parsed data frame is a WPA handshake
+        if (libwifi_check_wpa_handshake(&frame) > 0) {
+            // Use libwifi to get the EAPOL message part, and also pretty-print it
+            int part = libwifi_check_wpa_message(&frame);
+            printf("WPA Handshake Message: %d (%s)\n", part, libwifi_get_wpa_message_string(&frame));
+            // Initlaise a WPA Authentication Data struct and populate it
+            struct libwifi_wpa_auth_data data = {0};
+            libwifi_get_wpa_data(&frame, &data);
+            // Print all of the available WPA Auth data
+            printf("EAPOL: Version: %d\n", data.version);
+            printf("EAPOL: Type: %d\n", data.type);
+            printf("EAPOL: Length: %d\n", data.length);
+            printf("EAPOL: Descriptor: %d\n", data.descriptor);
+            printf("EAPOL: Key Info: Information: 0x%04x\n", data.key_info.information);
+            printf("EAPOL: Key Info: Key Length: %d\n", data.key_info.key_length);
+            printf("EAPOL: Key Info: Replay Counter: %lu\n", data.key_info.replay_counter);
+            printf("EAPOL: Key Info: Nonce: ");
+            for (size_t i = 0; i < sizeof(data.key_info.nonce); ++i) {
+                printf("%02x ", data.key_info.nonce[i]);
+            }
+            printf("\n");
+            printf("EAPOL: Key Info: IV: ");
+            for (size_t i = 0; i < sizeof(data.key_info.iv); ++i) {
+                printf("%02x ", data.key_info.iv[i]);
+            }
+            printf("\n");
+            printf("EAPOL: Key Info: RSC: ");
+            for (size_t i = 0; i < sizeof(data.key_info.rsc); ++i) {
+                printf("%02x ", data.key_info.rsc[i]);
+            }
+            printf("\n");
+            printf("EAPOL: Key Info: ID: ");
+            for (size_t i = 0; i < sizeof(data.key_info.id); ++i) {
+                printf("%02x ", data.key_info.id[i]);
+            }
+            printf("\n");
+            printf("EAPOL: Key Info: MIC: ");
+            for (size_t i = 0; i < sizeof(data.key_info.mic); ++i) {
+                printf("%02x ", data.key_info.mic[i]);
+            }
+            printf("\n");
+            printf("EAPOL: Key Info: Key Data Length: %d\n", data.key_info.key_data_length);
+            if (data.key_info.key_data_length) {
+                printf("EAPOL: Key Info: Key Data: ");
+                for (size_t i = 0; i < data.key_info.key_data_length; ++i) {
+                    printf("%02x ", data.key_info.key_data[i]);
+                }
+                printf("\n");
+            }
+            // Cleanup the WPA Data
+            libwifi_free_wpa_data(&data);
+            printf("\n");
+        }
+    }
+    // Clean up the libwifi frame
+    libwifi_free_wifi_frame(&frame);
+}
+void helpexit() {
+    fprintf(stderr, "[!] Usage: ./parse_eapol --file <file.pcap>\n");
+    exit(EXIT_FAILURE);
+}
+int main(int argc, char **argv) {
+    struct bpf_program *filter = NULL;
+    pcap_t *handle = NULL;
+    pcap_dumper_t *dumper = NULL;
+    char errbuf[PCAP_ERRBUF_SIZE];
+    if (argc < 2) {
+        helpexit();
+    }
+    if (strcmp(argv[1], "--file") == 0) {
+        if ((handle = pcap_open_offline(argv[2], errbuf)) == NULL) {
+            fprintf(stderr, "[!] Error opening file %s (%s)\n", argv[2], errbuf);
+            exit(EXIT_FAILURE);
+        }
+    } else {
+        helpexit();
+    }
+    int linktype = pcap_datalink(handle);
+    if (linktype == DLT_IEEE802_11_RADIO) {
+        has_radiotap = 1;
+    }
+    if (linktype != DLT_IEEE802_11 && linktype != DLT_IEEE802_11_RADIO) {
+        fprintf(stderr, "[!] 802.11 and radiotap headers not provided (%d)\n", pcap_datalink(handle));
+        pcap_close(handle);
+        exit(EXIT_FAILURE);
+    }
+    if ((filter = malloc(sizeof(struct bpf_program))) == NULL) {
+        fprintf(stderr, "[!] There was an error allocating memory for the filter.\n");
+        pcap_close(handle);
+        exit(EXIT_FAILURE);
+    }
+    printf("[+] Setup Complete\n");
+    dumper = pcap_dump_open(handle, "/tmp/parse_eapol.pcap");
+    pcap_loop(handle, -1 /*INFINITY*/, &handle_pkt, (unsigned char *) dumper);
+    pcap_dump_close(dumper);
+    pcap_close(handle);
+    return 0;
+}

diff --git a/examples/parse_eapol/README.md b/examples/parse_eapol/README.md new file mode 100644 index 0000000..4aa206a --- /dev/null +++ b/examples/parse_eapol/README.md
@@ -0,0 +1,74 @@
	1	# Parsing 802.11 Handshake / EAPOL Frames
	2	This example shows the reader how to parse 802.11 Handshakes from a pcap, outputting the EAPOL version, type, length, and data such as Nonce, IV, MIC and EAPOL Key Data.
	3
	4	# Building and Using
	5	```
	6	>> cd examples/parse_eapol/
	7	>> make
	8	clang -Wall -Werror -O3 -o parse_eapol -c -o parse_eapol.o parse_eapol.c
	9	clang -Wall -Werror -O3 -o parse_eapol parse_eapol.c -lpcap -lwifi
	10	>> ./parse_eapol --file ~/libwifi-handshake.pcap
	11	[+] Setup Complete
	12	WPA Handshake Message: 1 (Message 1)
	13	EAPOL: Version: 2
	14	EAPOL: Type: 3
	15	EAPOL: Length: 95
	16	EAPOL: Descriptor: 2
	17	EAPOL: Key Info: Information: 0x008a
	18	EAPOL: Key Info: Key Length: 16
	19	EAPOL: Key Info: Replay Counter: 1
	20	EAPOL: Key Info: Nonce: 43 79 98 09 6a 0e dc 73 8d 44 3b 55 ce b5 47 2c fd 39 0c 87 51 e4 f0 77 d9 5b 5c e1 dc 59 bd 75
	21	EAPOL: Key Info: IV: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
	22	EAPOL: Key Info: RSC: 00 00 00 00 00 00 00 00
	23	EAPOL: Key Info: ID: 00 00 00 00 00 00 00 00
	24	EAPOL: Key Info: MIC: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
	25	EAPOL: Key Info: Key Data Length: 0
	26
	27	WPA Handshake Message: 2 (Message 2)
	28	EAPOL: Version: 1
	29	EAPOL: Type: 3
	30	EAPOL: Length: 123
	31	EAPOL: Descriptor: 2
	32	EAPOL: Key Info: Information: 0x010a
	33	EAPOL: Key Info: Key Length: 0
	34	EAPOL: Key Info: Replay Counter: 1
	35	EAPOL: Key Info: Nonce: de ed a2 79 e3 c4 96 ba 25 8b ba 84 76 0a 00 69 2e 2c 10 41 24 1a f3 6f 70 9a 4b db 5f 93 47 80
	36	EAPOL: Key Info: IV: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
	37	EAPOL: Key Info: RSC: 00 00 00 00 00 00 00 00
	38	EAPOL: Key Info: ID: 00 00 00 00 00 00 00 00
	39	EAPOL: Key Info: MIC: 6c 23 fe 8d 68 35 c9 5a 77 82 25 4b 56 41 70 71
	40	EAPOL: Key Info: Key Data Length: 28
	41	EAPOL: Key Info: Key Data: 30 1a 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 80 00 00 00 00 0f ac 06
	42
	43	WPA Handshake Message: 4 (Message 3)
	44	EAPOL: Version: 2
	45	EAPOL: Type: 3
	46	EAPOL: Length: 183
	47	EAPOL: Descriptor: 2
	48	EAPOL: Key Info: Information: 0x13ca
	49	EAPOL: Key Info: Key Length: 16
	50	EAPOL: Key Info: Replay Counter: 2
	51	EAPOL: Key Info: Nonce: 43 79 98 09 6a 0e dc 73 8d 44 3b 55 ce b5 47 2c fd 39 0c 87 51 e4 f0 77 d9 5b 5c e1 dc 59 bd 75
	52	EAPOL: Key Info: IV: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
	53	EAPOL: Key Info: RSC: 00 00 00 00 00 00 00 00
	54	EAPOL: Key Info: ID: 00 00 00 00 00 00 00 00
	55	EAPOL: Key Info: MIC: b7 e7 f1 60 f8 cf 3f ec 8f b3 c5 29 e4 a1 d0 05
	56	EAPOL: Key Info: Key Data Length: 88
	57	EAPOL: Key Info: Key Data: 5e b1 a7 ef db 8d 55 06 d5 c8 89 e7 ca 55 ea cf f5 fa 08 18 ef 4e 46 6e b6 3e 62 d1 30 e7 e5 38 ef 2b 37 61 55 03 9e 84 31 75 3e 44 bd 87 12 9c 94 52 db fb 6a 58 4e 1f 94 e0 16 a9 e9 cb 36 48 c8 ed 20 d3 ff 37 a6 7e 12 3f 0b fc 2c a6 cb 72 c3 6a bf 01 32 b1 6e 1b
	58
	59	WPA Handshake Message: 8 (Message 4)
	60	EAPOL: Version: 1
	61	EAPOL: Type: 3
	62	EAPOL: Length: 95
	63	EAPOL: Descriptor: 2
	64	EAPOL: Key Info: Information: 0x030a
	65	EAPOL: Key Info: Key Length: 0
	66	EAPOL: Key Info: Replay Counter: 2
	67	EAPOL: Key Info: Nonce: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
	68	EAPOL: Key Info: IV: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
	69	EAPOL: Key Info: RSC: 00 00 00 00 00 00 00 00
	70	EAPOL: Key Info: ID: 00 00 00 00 00 00 00 00
	71	EAPOL: Key Info: MIC: 13 6e 07 be 17 51 01 e2 03 5d 4c b1 43 e1 4b c7
	72	EAPOL: Key Info: Key Data Length: 0
	73	>>
	74	```


diff --git a/examples/parse_eapol/parse_eapol.c b/examples/parse_eapol/parse_eapol.c new file mode 100644 index 0000000..259ee5f --- /dev/null +++ b/examples/parse_eapol/parse_eapol.c
@@ -0,0 +1,140 @@
	1	#include <libwifi.h>
	2
	3	#include <pcap.h>
	4
	5	#include <stdio.h>
	6	#include <stdlib.h>
	7	#include <string.h>
	8
	9	static int has_radiotap = 0;
	10
	11	void handle_pkt(unsigned char args, const struct pcap_pkthdr header, const unsigned char *packet) {
	12	unsigned long data_len = header->caplen;
	13	unsigned char data = (unsigned char ) packet;
	14
	15	// Initialise a libwifi_frame struct and populate it
	16	struct libwifi_frame frame = {0};
	17	int ret = libwifi_get_wifi_frame(&frame, data, data_len, has_radiotap);
	18	if (ret != 0) {
	19	return;
	20	}
	21
	22	// Ensure the parsed frame is a data frame
	23	if (frame.frame_control.type == TYPE_DATA) {
	24	// Ensure the parsed data frame is a WPA handshake
	25	if (libwifi_check_wpa_handshake(&frame) > 0) {
	26	// Use libwifi to get the EAPOL message part, and also pretty-print it
	27	int part = libwifi_check_wpa_message(&frame);
	28	printf("WPA Handshake Message: %d (%s)\n", part, libwifi_get_wpa_message_string(&frame));
	29
	30	// Initlaise a WPA Authentication Data struct and populate it
	31	struct libwifi_wpa_auth_data data = {0};
	32	libwifi_get_wpa_data(&frame, &data);
	33
	34	// Print all of the available WPA Auth data
	35	printf("EAPOL: Version: %d\n", data.version);
	36	printf("EAPOL: Type: %d\n", data.type);
	37	printf("EAPOL: Length: %d\n", data.length);
	38	printf("EAPOL: Descriptor: %d\n", data.descriptor);
	39	printf("EAPOL: Key Info: Information: 0x%04x\n", data.key_info.information);
	40	printf("EAPOL: Key Info: Key Length: %d\n", data.key_info.key_length);
	41	printf("EAPOL: Key Info: Replay Counter: %lu\n", data.key_info.replay_counter);
	42	printf("EAPOL: Key Info: Nonce: ");
	43	for (size_t i = 0; i < sizeof(data.key_info.nonce); ++i) {
	44	printf("%02x ", data.key_info.nonce[i]);
	45	}
	46	printf("\n");
	47
	48	printf("EAPOL: Key Info: IV: ");
	49	for (size_t i = 0; i < sizeof(data.key_info.iv); ++i) {
	50	printf("%02x ", data.key_info.iv[i]);
	51	}
	52	printf("\n");
	53
	54	printf("EAPOL: Key Info: RSC: ");
	55	for (size_t i = 0; i < sizeof(data.key_info.rsc); ++i) {
	56	printf("%02x ", data.key_info.rsc[i]);
	57	}
	58	printf("\n");
	59
	60	printf("EAPOL: Key Info: ID: ");
	61	for (size_t i = 0; i < sizeof(data.key_info.id); ++i) {
	62	printf("%02x ", data.key_info.id[i]);
	63	}
	64	printf("\n");
	65
	66	printf("EAPOL: Key Info: MIC: ");
	67	for (size_t i = 0; i < sizeof(data.key_info.mic); ++i) {
	68	printf("%02x ", data.key_info.mic[i]);
	69	}
	70	printf("\n");
	71
	72	printf("EAPOL: Key Info: Key Data Length: %d\n", data.key_info.key_data_length);
	73	if (data.key_info.key_data_length) {
	74	printf("EAPOL: Key Info: Key Data: ");
	75	for (size_t i = 0; i < data.key_info.key_data_length; ++i) {
	76	printf("%02x ", data.key_info.key_data[i]);
	77	}
	78	printf("\n");
	79	}
	80
	81	// Cleanup the WPA Data
	82	libwifi_free_wpa_data(&data);
	83
	84	printf("\n");
	85	}
	86	}
	87
	88	// Clean up the libwifi frame
	89	libwifi_free_wifi_frame(&frame);
	90	}
	91
	92	void helpexit() {
	93	fprintf(stderr, "[!] Usage: ./parse_eapol --file <file.pcap>\n");
	94	exit(EXIT_FAILURE);
	95	}
	96
	97	int main(int argc, char **argv) {
	98	struct bpf_program *filter = NULL;
	99	pcap_t *handle = NULL;
	100	pcap_dumper_t *dumper = NULL;
	101	char errbuf[PCAP_ERRBUF_SIZE];
	102
	103	if (argc < 2) {
	104	helpexit();
	105	}
	106	if (strcmp(argv[1], "--file") == 0) {
	107	if ((handle = pcap_open_offline(argv[2], errbuf)) == NULL) {
	108	fprintf(stderr, "[!] Error opening file %s (%s)\n", argv[2], errbuf);
	109	exit(EXIT_FAILURE);
	110	}
	111	} else {
	112	helpexit();
	113	}
	114
	115	int linktype = pcap_datalink(handle);
	116	if (linktype == DLT_IEEE802_11_RADIO) {
	117	has_radiotap = 1;
	118	}
	119	if (linktype != DLT_IEEE802_11 && linktype != DLT_IEEE802_11_RADIO) {
	120	fprintf(stderr, "[!] 802.11 and radiotap headers not provided (%d)\n", pcap_datalink(handle));
	121	pcap_close(handle);
	122	exit(EXIT_FAILURE);
	123	}
	124
	125	if ((filter = malloc(sizeof(struct bpf_program))) == NULL) {
	126	fprintf(stderr, "[!] There was an error allocating memory for the filter.\n");
	127	pcap_close(handle);
	128	exit(EXIT_FAILURE);
	129	}
	130
	131	printf("[+] Setup Complete\n");
	132
	133	dumper = pcap_dump_open(handle, "/tmp/parse_eapol.pcap");
	134	pcap_loop(handle, -1 /INFINITY/, &handle_pkt, (unsigned char *) dumper);
	135
	136	pcap_dump_close(dumper);
	137	pcap_close(handle);
	138
	139	return 0;
	140	}