From ae6c98a48da409d040604aeffb84a38155fb5bac Mon Sep 17 00:00:00 2001
From: Marc <foxtrot@malloc.me>
Date: Tue, 30 Nov 2021 22:39:26 +0000
Subject: Initial Commit

Signed-off-by: Marc <foxtrot@malloc.me>
---
 examples/parse_eapol/README.md     |  74 ++++++++++++++++++++
 examples/parse_eapol/parse_eapol.c | 140 +++++++++++++++++++++++++++++++++++++
 2 files changed, 214 insertions(+)
 create mode 100644 examples/parse_eapol/README.md
 create mode 100644 examples/parse_eapol/parse_eapol.c

(limited to 'examples/parse_eapol')

diff --git a/examples/parse_eapol/README.md b/examples/parse_eapol/README.md
new file mode 100644
index 0000000..4aa206a
--- /dev/null
+++ b/examples/parse_eapol/README.md
@@ -0,0 +1,74 @@
+# Parsing 802.11 Handshake / EAPOL Frames
+This example shows the reader how to parse 802.11 Handshakes from a pcap, outputting the EAPOL version, type, length, and data such as Nonce, IV, MIC and EAPOL Key Data.
+
+# Building and Using
+```
+>> cd examples/parse_eapol/
+>> make
+clang -Wall -Werror -O3 -o parse_eapol   -c -o parse_eapol.o parse_eapol.c
+clang -Wall -Werror -O3 -o parse_eapol parse_eapol.c -lpcap -lwifi
+>> ./parse_eapol --file ~/libwifi-handshake.pcap
+[+] Setup Complete
+WPA Handshake Message: 1 (Message 1)
+EAPOL: Version: 2
+EAPOL: Type: 3
+EAPOL: Length: 95
+EAPOL: Descriptor: 2
+EAPOL: Key Info: Information: 0x008a
+EAPOL: Key Info: Key Length: 16
+EAPOL: Key Info: Replay Counter: 1
+EAPOL: Key Info: Nonce: 43 79 98 09 6a 0e dc 73 8d 44 3b 55 ce b5 47 2c fd 39 0c 87 51 e4 f0 77 d9 5b 5c e1 dc 59 bd 75 
+EAPOL: Key Info: IV: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
+EAPOL: Key Info: RSC: 00 00 00 00 00 00 00 00 
+EAPOL: Key Info: ID: 00 00 00 00 00 00 00 00 
+EAPOL: Key Info: MIC: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
+EAPOL: Key Info: Key Data Length: 0
+
+WPA Handshake Message: 2 (Message 2)
+EAPOL: Version: 1
+EAPOL: Type: 3
+EAPOL: Length: 123
+EAPOL: Descriptor: 2
+EAPOL: Key Info: Information: 0x010a
+EAPOL: Key Info: Key Length: 0
+EAPOL: Key Info: Replay Counter: 1
+EAPOL: Key Info: Nonce: de ed a2 79 e3 c4 96 ba 25 8b ba 84 76 0a 00 69 2e 2c 10 41 24 1a f3 6f 70 9a 4b db 5f 93 47 80 
+EAPOL: Key Info: IV: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
+EAPOL: Key Info: RSC: 00 00 00 00 00 00 00 00 
+EAPOL: Key Info: ID: 00 00 00 00 00 00 00 00 
+EAPOL: Key Info: MIC: 6c 23 fe 8d 68 35 c9 5a 77 82 25 4b 56 41 70 71 
+EAPOL: Key Info: Key Data Length: 28
+EAPOL: Key Info: Key Data: 30 1a 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 80 00 00 00 00 0f ac 06 
+
+WPA Handshake Message: 4 (Message 3)
+EAPOL: Version: 2
+EAPOL: Type: 3
+EAPOL: Length: 183
+EAPOL: Descriptor: 2
+EAPOL: Key Info: Information: 0x13ca
+EAPOL: Key Info: Key Length: 16
+EAPOL: Key Info: Replay Counter: 2
+EAPOL: Key Info: Nonce: 43 79 98 09 6a 0e dc 73 8d 44 3b 55 ce b5 47 2c fd 39 0c 87 51 e4 f0 77 d9 5b 5c e1 dc 59 bd 75 
+EAPOL: Key Info: IV: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
+EAPOL: Key Info: RSC: 00 00 00 00 00 00 00 00 
+EAPOL: Key Info: ID: 00 00 00 00 00 00 00 00 
+EAPOL: Key Info: MIC: b7 e7 f1 60 f8 cf 3f ec 8f b3 c5 29 e4 a1 d0 05 
+EAPOL: Key Info: Key Data Length: 88
+EAPOL: Key Info: Key Data: 5e b1 a7 ef db 8d 55 06 d5 c8 89 e7 ca 55 ea cf f5 fa 08 18 ef 4e 46 6e b6 3e 62 d1 30 e7 e5 38 ef 2b 37 61 55 03 9e 84 31 75 3e 44 bd 87 12 9c 94 52 db fb 6a 58 4e 1f 94 e0 16 a9 e9 cb 36 48 c8 ed 20 d3 ff 37 a6 7e 12 3f 0b fc 2c a6 cb 72 c3 6a bf 01 32 b1 6e 1b 
+
+WPA Handshake Message: 8 (Message 4)
+EAPOL: Version: 1
+EAPOL: Type: 3
+EAPOL: Length: 95
+EAPOL: Descriptor: 2
+EAPOL: Key Info: Information: 0x030a
+EAPOL: Key Info: Key Length: 0
+EAPOL: Key Info: Replay Counter: 2
+EAPOL: Key Info: Nonce: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
+EAPOL: Key Info: IV: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
+EAPOL: Key Info: RSC: 00 00 00 00 00 00 00 00 
+EAPOL: Key Info: ID: 00 00 00 00 00 00 00 00 
+EAPOL: Key Info: MIC: 13 6e 07 be 17 51 01 e2 03 5d 4c b1 43 e1 4b c7 
+EAPOL: Key Info: Key Data Length: 0
+>>
+```
diff --git a/examples/parse_eapol/parse_eapol.c b/examples/parse_eapol/parse_eapol.c
new file mode 100644
index 0000000..259ee5f
--- /dev/null
+++ b/examples/parse_eapol/parse_eapol.c
@@ -0,0 +1,140 @@
+#include <libwifi.h>
+
+#include <pcap.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+static int has_radiotap = 0;
+
+void handle_pkt(unsigned char *args, const struct pcap_pkthdr *header, const unsigned char *packet) {
+    unsigned long data_len = header->caplen;
+    unsigned char *data = (unsigned char *) packet;
+
+    // Initialise a libwifi_frame struct and populate it
+    struct libwifi_frame frame = {0};
+    int ret = libwifi_get_wifi_frame(&frame, data, data_len, has_radiotap);
+    if (ret != 0) {
+        return;
+    }
+
+    // Ensure the parsed frame is a data frame
+    if (frame.frame_control.type == TYPE_DATA) {
+        // Ensure the parsed data frame is a WPA handshake
+        if (libwifi_check_wpa_handshake(&frame) > 0) {
+            // Use libwifi to get the EAPOL message part, and also pretty-print it
+            int part = libwifi_check_wpa_message(&frame);
+            printf("WPA Handshake Message: %d (%s)\n", part, libwifi_get_wpa_message_string(&frame));
+
+            // Initlaise a WPA Authentication Data struct and populate it
+            struct libwifi_wpa_auth_data data = {0};
+            libwifi_get_wpa_data(&frame, &data);
+
+            // Print all of the available WPA Auth data
+            printf("EAPOL: Version: %d\n", data.version);
+            printf("EAPOL: Type: %d\n", data.type);
+            printf("EAPOL: Length: %d\n", data.length);
+            printf("EAPOL: Descriptor: %d\n", data.descriptor);
+            printf("EAPOL: Key Info: Information: 0x%04x\n", data.key_info.information);
+            printf("EAPOL: Key Info: Key Length: %d\n", data.key_info.key_length);
+            printf("EAPOL: Key Info: Replay Counter: %lu\n", data.key_info.replay_counter);
+            printf("EAPOL: Key Info: Nonce: ");
+            for (size_t i = 0; i < sizeof(data.key_info.nonce); ++i) {
+                printf("%02x ", data.key_info.nonce[i]);
+            }
+            printf("\n");
+
+            printf("EAPOL: Key Info: IV: ");
+            for (size_t i = 0; i < sizeof(data.key_info.iv); ++i) {
+                printf("%02x ", data.key_info.iv[i]);
+            }
+            printf("\n");
+
+            printf("EAPOL: Key Info: RSC: ");
+            for (size_t i = 0; i < sizeof(data.key_info.rsc); ++i) {
+                printf("%02x ", data.key_info.rsc[i]);
+            }
+            printf("\n");
+
+            printf("EAPOL: Key Info: ID: ");
+            for (size_t i = 0; i < sizeof(data.key_info.id); ++i) {
+                printf("%02x ", data.key_info.id[i]);
+            }
+            printf("\n");
+
+            printf("EAPOL: Key Info: MIC: ");
+            for (size_t i = 0; i < sizeof(data.key_info.mic); ++i) {
+                printf("%02x ", data.key_info.mic[i]);
+            }
+            printf("\n");
+
+            printf("EAPOL: Key Info: Key Data Length: %d\n", data.key_info.key_data_length);
+            if (data.key_info.key_data_length) {
+                printf("EAPOL: Key Info: Key Data: ");
+                for (size_t i = 0; i < data.key_info.key_data_length; ++i) {
+                    printf("%02x ", data.key_info.key_data[i]);
+                }
+                printf("\n");
+            }
+
+            // Cleanup the WPA Data
+            libwifi_free_wpa_data(&data);
+
+            printf("\n");
+        }
+    }
+
+    // Clean up the libwifi frame
+    libwifi_free_wifi_frame(&frame);
+}
+
+void helpexit() {
+    fprintf(stderr, "[!] Usage: ./parse_eapol --file <file.pcap>\n");
+    exit(EXIT_FAILURE);
+}
+
+int main(int argc, char **argv) {
+    struct bpf_program *filter = NULL;
+    pcap_t *handle = NULL;
+    pcap_dumper_t *dumper = NULL;
+    char errbuf[PCAP_ERRBUF_SIZE];
+
+    if (argc < 2) {
+        helpexit();
+    }
+    if (strcmp(argv[1], "--file") == 0) {
+        if ((handle = pcap_open_offline(argv[2], errbuf)) == NULL) {
+            fprintf(stderr, "[!] Error opening file %s (%s)\n", argv[2], errbuf);
+            exit(EXIT_FAILURE);
+        }
+    } else {
+        helpexit();
+    }
+
+    int linktype = pcap_datalink(handle);
+    if (linktype == DLT_IEEE802_11_RADIO) {
+        has_radiotap = 1;
+    }
+    if (linktype != DLT_IEEE802_11 && linktype != DLT_IEEE802_11_RADIO) {
+        fprintf(stderr, "[!] 802.11 and radiotap headers not provided (%d)\n", pcap_datalink(handle));
+        pcap_close(handle);
+        exit(EXIT_FAILURE);
+    }
+
+    if ((filter = malloc(sizeof(struct bpf_program))) == NULL) {
+        fprintf(stderr, "[!] There was an error allocating memory for the filter.\n");
+        pcap_close(handle);
+        exit(EXIT_FAILURE);
+    }
+
+    printf("[+] Setup Complete\n");
+
+    dumper = pcap_dump_open(handle, "/tmp/parse_eapol.pcap");
+    pcap_loop(handle, -1 /*INFINITY*/, &handle_pkt, (unsigned char *) dumper);
+
+    pcap_dump_close(dumper);
+    pcap_close(handle);
+
+    return 0;
+}
-- 
cgit 1.4.1