summaryrefslogtreecommitdiff
path: root/net-wireless/reaver/files
diff options
context:
space:
mode:
Diffstat (limited to 'net-wireless/reaver/files')
-rw-r--r--net-wireless/reaver/files/0001-wpscrack-big-endian-fixes.patch565
-rw-r--r--net-wireless/reaver/files/0002-Use-the-current-directory-for-storing-and-loading-se.patch53
-rw-r--r--net-wireless/reaver/files/0003-wash-wpsmon-use-less-useless-spaces-in-output-to-fit.patch38
-rw-r--r--net-wireless/reaver/files/0004-wash-probe-request.patch31
-rw-r--r--net-wireless/reaver/files/0005-soreau-show-status-r2.patch97
-rw-r--r--net-wireless/reaver/files/0005-soreau-show-status.patch97
6 files changed, 881 insertions, 0 deletions
diff --git a/net-wireless/reaver/files/0001-wpscrack-big-endian-fixes.patch b/net-wireless/reaver/files/0001-wpscrack-big-endian-fixes.patch
new file mode 100644
index 00000000..da76c2e3
--- /dev/null
+++ b/net-wireless/reaver/files/0001-wpscrack-big-endian-fixes.patch
@@ -0,0 +1,565 @@
+From 4e7af9f022996cb0a03b30f6af265b757807dfa2 Mon Sep 17 00:00:00 2001
+From: Paul Fertser <fercerpav@gmail.com>
+Date: Wed, 27 Jun 2012 17:44:55 +0400
+Subject: [PATCH 1/3] wpscrack: big-endian fixes
+
+This should fix access to the radiotap, 802.11, LLC/SNAP and WFA
+headers' fields. Run-time tested on an ar71xx BE system.
+
+Signed-off-by: Paul Fertser <fercerpav@gmail.com>
+---
+ src/80211.c | 65 +++++++++++++++++++------------
+ src/builder.c | 23 +++++------
+ src/defs.h | 116 +++++++++++++++++++++++++++++++++++++++-----------------
+ src/exchange.c | 23 ++++++-----
+ src/wpsmon.c | 13 ++++--
+ 5 files changed, 151 insertions(+), 89 deletions(-)
+
+diff --git a/src/80211.c b/src/80211.c
+index c2aff59..19f1e92 100644
+--- a/src/80211.c
++++ b/src/80211.c
+@@ -90,17 +90,19 @@ void read_ap_beacon()
+ if(header.len >= MIN_BEACON_SIZE)
+ {
+ rt_header = (struct radio_tap_header *) radio_header(packet, header.len);
+- frame_header = (struct dot11_frame_header *) (packet + rt_header->len);
+-
++ size_t rt_header_len = __le16_to_cpu(rt_header->len);
++ frame_header = (struct dot11_frame_header *) (packet + rt_header_len);
++
+ if(is_target(frame_header))
+ {
+- if(frame_header->fc.type == MANAGEMENT_FRAME && frame_header->fc.sub_type == SUBTYPE_BEACON)
++ if((frame_header->fc & __cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) ==
++ __cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_BEACON))
+ {
+- beacon = (struct beacon_management_frame *) (packet + rt_header->len + sizeof(struct dot11_frame_header));
++ beacon = (struct beacon_management_frame *) (packet + rt_header_len + sizeof(struct dot11_frame_header));
+ set_ap_capability(beacon->capability);
+
+ /* Obtain the SSID and channel number from the beacon packet */
+- tag_offset = rt_header->len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
++ tag_offset = rt_header_len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
+ channel = parse_beacon_tags(packet, header.len);
+
+ /* If no channel was manually specified, switch to the AP's current channel */
+@@ -135,29 +137,31 @@ int8_t signal_strength(const u_char *packet, size_t len)
+ {
+ header = (struct radio_tap_header *) packet;
+
+- if((header->flags & SSI_FLAG) == SSI_FLAG)
++ uint32_t flags = __le32_to_cpu(header->flags);
++
++ if((flags & SSI_FLAG) == SSI_FLAG)
+ {
+- if((header->flags & TSFT_FLAG) == TSFT_FLAG)
++ if((flags & TSFT_FLAG) == TSFT_FLAG)
+ {
+ offset += TSFT_SIZE;
+ }
+
+- if((header->flags & FLAGS_FLAG) == FLAGS_FLAG)
++ if((flags & FLAGS_FLAG) == FLAGS_FLAG)
+ {
+ offset += FLAGS_SIZE;
+ }
+
+- if((header->flags & RATE_FLAG) == RATE_FLAG)
++ if((flags & RATE_FLAG) == RATE_FLAG)
+ {
+ offset += RATE_SIZE;
+ }
+
+- if((header->flags & CHANNEL_FLAG) == CHANNEL_FLAG)
++ if((flags & CHANNEL_FLAG) == CHANNEL_FLAG)
+ {
+ offset += CHANNEL_SIZE;
+ }
+
+- if((header->flags & FHSS_FLAG) == FHSS_FLAG)
++ if((flags & FHSS_FLAG) == FHSS_FLAG)
+ {
+ offset += FHSS_FLAG;
+ }
+@@ -196,11 +200,13 @@ int is_wps_locked()
+ if(header.len >= MIN_BEACON_SIZE)
+ {
+ rt_header = (struct radio_tap_header *) radio_header(packet, header.len);
+- frame_header = (struct dot11_frame_header *) (packet + rt_header->len);
++ size_t rt_header_len = __le16_to_cpu(rt_header->len);
++ frame_header = (struct dot11_frame_header *) (packet + rt_header_len);
+
+ if(memcmp(frame_header->addr3, get_bssid(), MAC_ADDR_LEN) == 0)
+ {
+- if(frame_header->fc.type == MANAGEMENT_FRAME && frame_header->fc.sub_type == SUBTYPE_BEACON)
++ if((frame_header->fc & __cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) ==
++ __cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_BEACON))
+ {
+ if(parse_wps_parameters(packet, header.len, &wps))
+ {
+@@ -411,24 +417,30 @@ int associate_recv_loop()
+ if(header.len >= MIN_AUTH_SIZE)
+ {
+ rt_header = (struct radio_tap_header *) radio_header(packet, header.len);
+- dot11_frame = (struct dot11_frame_header *) (packet + rt_header->len);
++ size_t rt_header_len = __le16_to_cpu(rt_header->len);
++ dot11_frame = (struct dot11_frame_header *) (packet + rt_header_len);
+
+ if((memcmp(dot11_frame->addr3, get_bssid(), MAC_ADDR_LEN) == 0) &&
+ (memcmp(dot11_frame->addr1, get_mac(), MAC_ADDR_LEN) == 0))
+ {
+- if(dot11_frame->fc.type == MANAGEMENT_FRAME)
++ if((dot11_frame->fc & __cpu_to_le16(IEEE80211_FCTL_FTYPE)) ==
++ __cpu_to_le16(IEEE80211_FTYPE_MGMT))
+ {
+- auth_frame = (struct authentication_management_frame *) (packet + sizeof(struct dot11_frame_header) + rt_header->len);
+- assoc_frame = (struct association_response_management_frame *) (packet + sizeof(struct dot11_frame_header) + rt_header->len);
++ auth_frame = (struct authentication_management_frame *) (packet + sizeof(struct dot11_frame_header) + rt_header_len);
++ assoc_frame = (struct association_response_management_frame *) (packet + sizeof(struct dot11_frame_header) + rt_header_len);
+
+ /* Did we get an authentication packet with a successful status? */
+- if((dot11_frame->fc.sub_type == SUBTYPE_AUTHENTICATION) && (auth_frame->status == AUTHENTICATION_SUCCESS))
++ if((dot11_frame->fc & __cpu_to_le16(IEEE80211_FCTL_STYPE)) ==
++ __cpu_to_le16(IEEE80211_STYPE_AUTH)
++ && (auth_frame->status == __cpu_to_le16(AUTHENTICATION_SUCCESS)))
+ {
+ ret_val = AUTH_OK;
+ break;
+ }
+ /* Did we get an association packet with a successful status? */
+- else if((dot11_frame->fc.sub_type == SUBTYPE_ASSOCIATION) && (assoc_frame->status == ASSOCIATION_SUCCESS))
++ else if((dot11_frame->fc & __cpu_to_le16(IEEE80211_FCTL_STYPE)) ==
++ __cpu_to_le16(IEEE80211_STYPE_ASSOC_RESP)
++ && (assoc_frame->status == __cpu_to_le16(ASSOCIATION_SUCCESS)))
+ {
+ ret_val = ASSOCIATE_OK;
+ break;
+@@ -455,13 +467,14 @@ enum encryption_type supported_encryption(const u_char *packet, size_t len)
+ if(len > MIN_BEACON_SIZE)
+ {
+ rt_header = (struct radio_tap_header *) radio_header(packet, len);
+- beacon = (struct beacon_management_frame *) (packet + rt_header->len + sizeof(struct dot11_frame_header));
+- offset = tag_offset = rt_header->len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
++ size_t rt_header_len = __le16_to_cpu(rt_header->len);
++ beacon = (struct beacon_management_frame *) (packet + rt_header_len + sizeof(struct dot11_frame_header));
++ offset = tag_offset = rt_header_len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
+
+ tag_len = len - tag_offset;
+ tag_data = (const u_char *) (packet + tag_offset);
+
+- if((beacon->capability & CAPABILITY_WEP) == CAPABILITY_WEP)
++ if((__le16_to_cpu(beacon->capability) & CAPABILITY_WEP) == CAPABILITY_WEP)
+ {
+ enc = WEP;
+
+@@ -509,7 +522,7 @@ int parse_beacon_tags(const u_char *packet, size_t len)
+ struct radio_tap_header *rt_header = NULL;
+
+ rt_header = (struct radio_tap_header *) radio_header(packet, len);
+- tag_offset = rt_header->len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
++ tag_offset = __le16_to_cpu(rt_header->len) + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
+
+ if(tag_offset < len)
+ {
+@@ -548,7 +561,7 @@ int parse_beacon_tags(const u_char *packet, size_t len)
+ {
+ if(ie_len == 1)
+ {
+- memcpy((int *) &channel, channel_data, ie_len);
++ channel = *(uint8_t*)channel_data;
+ }
+ free(channel_data);
+ }
+@@ -603,13 +616,13 @@ int check_fcs(const u_char *packet, size_t len)
+ if(len > 4)
+ {
+ /* Get the packet's reported FCS (last 4 bytes of the packet) */
+- memcpy((uint32_t *) &fcs, (packet + (len-4)), 4);
++ fcs = __le32_to_cpu(*(uint32_t*)(packet + (len-4)));
+
+ /* FCS is not calculated over the radio tap header */
+ if(has_rt_header())
+ {
+ rt_header = (struct radio_tap_header *) packet;
+- offset += rt_header->len;
++ offset += __le16_to_cpu(rt_header->len);
+ }
+
+ if(len > offset)
+diff --git a/src/builder.c b/src/builder.c
+index 37f2de7..6bf89e7 100644
+--- a/src/builder.c
++++ b/src/builder.c
+@@ -44,9 +44,8 @@ const void *build_radio_tap_header(size_t *len)
+ memset((void *) buf, 0, sizeof(struct radio_tap_header));
+ rt_header = (struct radio_tap_header *) buf;
+
+- rt_header->len = sizeof(struct radio_tap_header);
+-
+- *len = rt_header->len;
++ *len = sizeof(struct radio_tap_header);
++ rt_header->len = __cpu_to_le16(*len);
+ }
+
+ return buf;
+@@ -67,9 +66,9 @@ const void *build_dot11_frame_header(uint16_t fc, size_t *len)
+
+ frag_seq += SEQ_MASK;
+
+- header->duration = DEFAULT_DURATION;
+- memcpy((void *) &header->fc, (void *) &fc, sizeof(struct frame_control));
+- header->frag_seq = frag_seq;
++ header->duration = __cpu_to_le16(DEFAULT_DURATION);
++ header->fc = __cpu_to_le16(fc);
++ header->frag_seq = __cpu_to_le16(frag_seq);
+
+ memcpy((void *) header->addr1, get_bssid(), MAC_ADDR_LEN);
+ memcpy((void *) header->addr2, get_mac(), MAC_ADDR_LEN);
+@@ -91,8 +90,8 @@ const void *build_authentication_management_frame(size_t *len)
+ memset((void *) buf, 0, *len);
+ frame = (struct authentication_management_frame *) buf;
+
+- frame->algorithm = OPEN_SYSTEM;
+- frame->sequence = 1;
++ frame->algorithm = __cpu_to_le16(OPEN_SYSTEM);
++ frame->sequence = __cpu_to_le16(1);
+ frame->status = 0;
+ }
+
+@@ -111,8 +110,8 @@ const void *build_association_management_frame(size_t *len)
+ memset((void *) buf, 0, *len);
+ frame = (struct association_request_management_frame *) buf;
+
+- frame->capability = get_ap_capability();
+- frame->listen_interval = LISTEN_INTERVAL;
++ frame->capability = __cpu_to_le16(get_ap_capability());
++ frame->listen_interval = __cpu_to_le16(LISTEN_INTERVAL);
+ }
+
+ return buf;
+@@ -133,7 +132,7 @@ const void *build_llc_header(size_t *len)
+ header->dsap = LLC_SNAP;
+ header->ssap = LLC_SNAP;
+ header->control_field = UNNUMBERED_FRAME;
+- header->type = DOT1X_AUTHENTICATION;
++ header->type = __cpu_to_be16(DOT1X_AUTHENTICATION);
+
+ }
+
+@@ -279,7 +278,7 @@ const void *build_wfa_header(uint8_t op_code, size_t *len)
+ header = (struct wfa_expanded_header *) buf;
+
+ memcpy(header->id, WFA_VENDOR_ID, sizeof(header->id));
+- header->type = SIMPLE_CONFIG;
++ header->type = __cpu_to_be32(SIMPLE_CONFIG);
+ header->opcode = op_code;
+ }
+
+diff --git a/src/defs.h b/src/defs.h
+index b2f45ea..0c628e7 100644
+--- a/src/defs.h
++++ b/src/defs.h
+@@ -41,6 +41,7 @@
+ #include <string.h>
+ #include <time.h>
+ #include <pcap.h>
++#include <asm/byteorder.h>
+
+ #include "wps.h"
+
+@@ -65,10 +66,10 @@
+ #define MANAGEMENT_FRAME 0x00
+ #define SUBTYPE_BEACON 0x08
+
+-#define DOT1X_AUTHENTICATION 0x8E88
++#define DOT1X_AUTHENTICATION 0x888E
+ #define DOT1X_EAP_PACKET 0x00
+
+-#define SIMPLE_CONFIG 0x01000000
++#define SIMPLE_CONFIG 0x00000001
+
+ #define P1_SIZE 10000
+ #define P2_SIZE 1000
+@@ -282,66 +283,111 @@ enum wfa_elements
+ WEP_TRANSMIT_KEY = 0x10064
+ };
+
++#define IEEE80211_FCTL_VERS 0x0003
++#define IEEE80211_FCTL_FTYPE 0x000c
++#define IEEE80211_FCTL_STYPE 0x00f0
++#define IEEE80211_FCTL_TODS 0x0100
++#define IEEE80211_FCTL_FROMDS 0x0200
++#define IEEE80211_FCTL_MOREFRAGS 0x0400
++#define IEEE80211_FCTL_RETRY 0x0800
++#define IEEE80211_FCTL_PM 0x1000
++#define IEEE80211_FCTL_MOREDATA 0x2000
++#define IEEE80211_FCTL_PROTECTED 0x4000
++#define IEEE80211_FCTL_ORDER 0x8000
++
++#define IEEE80211_SCTL_FRAG 0x000F
++#define IEEE80211_SCTL_SEQ 0xFFF0
++
++#define IEEE80211_FTYPE_MGMT 0x0000
++#define IEEE80211_FTYPE_CTL 0x0004
++#define IEEE80211_FTYPE_DATA 0x0008
++
++/* management */
++#define IEEE80211_STYPE_ASSOC_REQ 0x0000
++#define IEEE80211_STYPE_ASSOC_RESP 0x0010
++#define IEEE80211_STYPE_REASSOC_REQ 0x0020
++#define IEEE80211_STYPE_REASSOC_RESP 0x0030
++#define IEEE80211_STYPE_PROBE_REQ 0x0040
++#define IEEE80211_STYPE_PROBE_RESP 0x0050
++#define IEEE80211_STYPE_BEACON 0x0080
++#define IEEE80211_STYPE_ATIM 0x0090
++#define IEEE80211_STYPE_DISASSOC 0x00A0
++#define IEEE80211_STYPE_AUTH 0x00B0
++#define IEEE80211_STYPE_DEAUTH 0x00C0
++#define IEEE80211_STYPE_ACTION 0x00D0
++
++/* control */
++#define IEEE80211_STYPE_BACK_REQ 0x0080
++#define IEEE80211_STYPE_BACK 0x0090
++#define IEEE80211_STYPE_PSPOLL 0x00A0
++#define IEEE80211_STYPE_RTS 0x00B0
++#define IEEE80211_STYPE_CTS 0x00C0
++#define IEEE80211_STYPE_ACK 0x00D0
++#define IEEE80211_STYPE_CFEND 0x00E0
++#define IEEE80211_STYPE_CFENDACK 0x00F0
++
++/* data */
++#define IEEE80211_STYPE_DATA 0x0000
++#define IEEE80211_STYPE_DATA_CFACK 0x0010
++#define IEEE80211_STYPE_DATA_CFPOLL 0x0020
++#define IEEE80211_STYPE_DATA_CFACKPOLL 0x0030
++#define IEEE80211_STYPE_NULLFUNC 0x0040
++#define IEEE80211_STYPE_CFACK 0x0050
++#define IEEE80211_STYPE_CFPOLL 0x0060
++#define IEEE80211_STYPE_CFACKPOLL 0x0070
++#define IEEE80211_STYPE_QOS_DATA 0x0080
++#define IEEE80211_STYPE_QOS_DATA_CFACK 0x0090
++#define IEEE80211_STYPE_QOS_DATA_CFPOLL 0x00A0
++#define IEEE80211_STYPE_QOS_DATA_CFACKPOLL 0x00B0
++#define IEEE80211_STYPE_QOS_NULLFUNC 0x00C0
++#define IEEE80211_STYPE_QOS_CFACK 0x00D0
++#define IEEE80211_STYPE_QOS_CFPOLL 0x00E0
++#define IEEE80211_STYPE_QOS_CFACKPOLL 0x00F0
++
+ #pragma pack(1)
+ struct radio_tap_header
+ {
+ uint8_t revision;
+ uint8_t pad;
+- uint16_t len;
+- uint32_t flags;
+-};
+-
+-struct frame_control
+-{
+- unsigned version : 2;
+- unsigned type : 2;
+- unsigned sub_type : 4;
+-
+- unsigned to_ds : 1;
+- unsigned from_ds : 1;
+- unsigned more_frag : 1;
+- unsigned retry : 1;
+- unsigned pwr_mgt : 1;
+- unsigned more_data : 1;
+- unsigned protected_frame : 1;
+- unsigned order : 1;
++ __le16 len;
++ __le32 flags;
+ };
+
+ struct dot11_frame_header
+ {
+- struct frame_control fc;
+- uint16_t duration;
++ __le16 fc;
++ __le16 duration;
+ unsigned char addr1[MAC_ADDR_LEN];
+ unsigned char addr2[MAC_ADDR_LEN];
+ unsigned char addr3[MAC_ADDR_LEN];
+- uint16_t frag_seq;
++ __le16 frag_seq;
+ };
+
+ struct authentication_management_frame
+ {
+- uint16_t algorithm;
+- uint16_t sequence;
+- uint16_t status;
++ __le16 algorithm;
++ __le16 sequence;
++ __le16 status;
+ };
+
+ struct association_request_management_frame
+ {
+- uint16_t capability;
+- uint16_t listen_interval;
++ __le16 capability;
++ __le16 listen_interval;
+ };
+
+ struct association_response_management_frame
+ {
+- uint16_t capability;
+- uint16_t status;
+- uint16_t id;
++ __le16 capability;
++ __le16 status;
++ __le16 id;
+ };
+
+ struct beacon_management_frame
+ {
+ unsigned char timestamp[TIMESTAMP_LEN];
+- uint16_t beacon_interval;
+- uint16_t capability;
++ __le16 beacon_interval;
++ __le16 capability;
+ };
+
+ struct llc_header
+@@ -350,7 +396,7 @@ struct llc_header
+ uint8_t ssap;
+ uint8_t control_field;
+ unsigned char org_code[3];
+- uint16_t type;
++ __be16 type;
+ };
+
+ struct dot1X_header
+@@ -371,7 +417,7 @@ struct eap_header
+ struct wfa_expanded_header
+ {
+ unsigned char id[3];
+- uint32_t type;
++ __be32 type;
+ uint8_t opcode;
+ uint8_t flags;
+ };
+diff --git a/src/exchange.c b/src/exchange.c
+index 23c87e9..4f9a82b 100644
+--- a/src/exchange.c
++++ b/src/exchange.c
+@@ -306,26 +306,27 @@ enum wps_type process_packet(const u_char *packet, struct pcap_pkthdr *header)
+
+ /* Cast the radio tap and 802.11 frame headers and parse out the Frame Control field */
+ rt_header = (struct radio_tap_header *) packet;
+- frame_header = (struct dot11_frame_header *) (packet+rt_header->len);
++ size_t rt_header_len = __le16_to_cpu(rt_header->len);
++ frame_header = (struct dot11_frame_header *) (packet+rt_header_len);
+
+ /* Does the BSSID/source address match our target BSSID? */
+ if(memcmp(frame_header->addr3, get_bssid(), MAC_ADDR_LEN) == 0)
+ {
+ /* Is this a data packet sent to our MAC address? */
+- if(frame_header->fc.type == DATA_FRAME &&
+- frame_header->fc.sub_type == SUBTYPE_DATA &&
+- (memcmp(frame_header->addr1, get_mac(), MAC_ADDR_LEN) == 0))
++ if (((frame_header->fc & __cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) ==
++ __cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA)) &&
++ (memcmp(frame_header->addr1, get_mac(), MAC_ADDR_LEN) == 0))
+ {
+ llc = (struct llc_header *) (packet +
+- rt_header->len +
++ rt_header_len +
+ sizeof(struct dot11_frame_header)
+ );
+
+ /* All packets in our exchanges will be 802.1x */
+- if(llc->type == DOT1X_AUTHENTICATION)
++ if(llc->type == __cpu_to_be16(DOT1X_AUTHENTICATION))
+ {
+ dot1x = (struct dot1X_header *) (packet +
+- rt_header->len +
++ rt_header_len +
+ sizeof(struct dot11_frame_header) +
+ sizeof(struct llc_header)
+ );
+@@ -334,7 +335,7 @@ enum wps_type process_packet(const u_char *packet, struct pcap_pkthdr *header)
+ if(dot1x->type == DOT1X_EAP_PACKET && (header->len >= EAP_PACKET_SIZE))
+ {
+ eap = (struct eap_header *) (packet +
+- rt_header->len +
++ rt_header_len +
+ sizeof(struct dot11_frame_header) +
+ sizeof(struct llc_header) +
+ sizeof(struct dot1X_header)
+@@ -366,7 +367,7 @@ enum wps_type process_packet(const u_char *packet, struct pcap_pkthdr *header)
+ else if((eap->type == EAP_EXPANDED) && (header->len > WFA_PACKET_SIZE))
+ {
+ wfa = (struct wfa_expanded_header *) (packet +
+- rt_header->len +
++ rt_header_len +
+ sizeof(struct dot11_frame_header) +
+ sizeof(struct llc_header) +
+ sizeof(struct dot1X_header) +
+@@ -374,14 +375,14 @@ enum wps_type process_packet(const u_char *packet, struct pcap_pkthdr *header)
+ );
+
+ /* Verify that this is a WPS message */
+- if(wfa->type == SIMPLE_CONFIG)
++ if(wfa->type == __cpu_to_be32(SIMPLE_CONFIG))
+ {
+ wps_msg_len = (size_t) ntohs(eap->len) -
+ sizeof(struct eap_header) -
+ sizeof(struct wfa_expanded_header);
+
+ wps_msg = (const void *) (packet +
+- rt_header->len +
++ rt_header_len +
+ sizeof(struct dot11_frame_header) +
+ sizeof(struct llc_header) +
+ sizeof(struct dot1X_header) +
+diff --git a/src/wpsmon.c b/src/wpsmon.c
+index d976924..22a394f 100644
+--- a/src/wpsmon.c
++++ b/src/wpsmon.c
+@@ -295,7 +295,8 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *
+ }
+
+ rt_header = (struct radio_tap_header *) radio_header(packet, header->len);
+- frame_header = (struct dot11_frame_header *) (packet + rt_header->len);
++ size_t rt_header_len = __le16_to_cpu(rt_header->len);
++ frame_header = (struct dot11_frame_header *) (packet + rt_header_len);
+
+ /* If a specific BSSID was specified, only parse packets from that BSSID */
+ if(!is_target(frame_header))
+@@ -323,15 +324,17 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *
+ channel_changed = 1;
+ }
+
+- if(frame_header->fc.sub_type == PROBE_RESPONSE ||
+- frame_header->fc.sub_type == SUBTYPE_BEACON)
++ unsigned fsub_type = frame_header->fc & __cpu_to_le16(IEEE80211_FCTL_STYPE);
++
++ if(fsub_type == __cpu_to_le16(IEEE80211_STYPE_PROBE_RESP) ||
++ fsub_type == __cpu_to_le16(IEEE80211_STYPE_BEACON))
+ {
+ wps_parsed = parse_wps_parameters(packet, header->len, wps);
+ }
+
+ if(!is_done(bssid) && (get_channel() == channel || source == PCAP_FILE))
+ {
+- if(frame_header->fc.sub_type == SUBTYPE_BEACON &&
++ if(fsub_type == __cpu_to_le16(IEEE80211_STYPE_BEACON) &&
+ mode == SCAN &&
+ !passive &&
+ should_probe(bssid))
+@@ -369,7 +372,7 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *
+ * If there was no WPS information, then the AP does not support WPS and we should ignore it from here on.
+ * If this was a probe response, then we've gotten all WPS info we can get from this AP and should ignore it from here on.
+ */
+- if(!wps_parsed || frame_header->fc.sub_type == PROBE_RESPONSE)
++ if(!wps_parsed || fsub_type == __cpu_to_le16(IEEE80211_STYPE_PROBE_RESP))
+ {
+ mark_ap_complete(bssid);
+ }
+--
+1.7.7
+
diff --git a/net-wireless/reaver/files/0002-Use-the-current-directory-for-storing-and-loading-se.patch b/net-wireless/reaver/files/0002-Use-the-current-directory-for-storing-and-loading-se.patch
new file mode 100644
index 00000000..dd1bb427
--- /dev/null
+++ b/net-wireless/reaver/files/0002-Use-the-current-directory-for-storing-and-loading-se.patch
@@ -0,0 +1,53 @@
+From cd444949f3176790101b8bdc9656831a03d8c01d Mon Sep 17 00:00:00 2001
+From: Paul Fertser <fercerpav@gmail.com>
+Date: Tue, 10 Jul 2012 11:13:29 +0400
+Subject: [PATCH 2/3] Use the current directory for storing and loading
+ sessions
+
+This allows the user to always explicitely choose (by changing the
+current directory before launching the program) where the session
+files should go. Useful e.g. to avoid hogging the precious space on
+embedded devices, just cd /tmp before starting the app.
+
+Signed-off-by: Paul Fertser <fercerpav@gmail.com>
+---
+ src/session.c | 16 +++-------------
+ 1 files changed, 3 insertions(+), 13 deletions(-)
+
+diff --git a/src/session.c b/src/session.c
+index d3af0c3..308f213 100644
+--- a/src/session.c
++++ b/src/session.c
+@@ -62,7 +62,7 @@ int restore_session()
+ memset(file, 0, FILENAME_MAX);
+
+ bssid = mac2str(get_bssid(), '\0');
+- snprintf(file, FILENAME_MAX, "%s/%s.%s", CONF_DIR, bssid, CONF_EXT);
++ snprintf(file, FILENAME_MAX, "%s.%s", bssid, CONF_EXT);
+ free(bssid);
+ }
+
+@@ -199,18 +199,8 @@ int save_session()
+ }
+ else
+ {
+- /*
+- * If the configuration directory exists, save the session file there; else, save it to the
+- * current working directory.
+- */
+- if(configuration_directory_exists())
+- {
+- snprintf((char *) &file_name, FILENAME_MAX, "%s/%s.%s", CONF_DIR, bssid, CONF_EXT);
+- }
+- else
+- {
+- snprintf((char *) &file_name, FILENAME_MAX, "%s.%s", bssid, CONF_EXT);
+- }
++ /* save session to the current directory */
++ snprintf((char *) &file_name, FILENAME_MAX, "%s.%s", bssid, CONF_EXT);
+ }
+
+ /* Don't bother saving anything if nothing has been done */
+--
+1.7.7
+
diff --git a/net-wireless/reaver/files/0003-wash-wpsmon-use-less-useless-spaces-in-output-to-fit.patch b/net-wireless/reaver/files/0003-wash-wpsmon-use-less-useless-spaces-in-output-to-fit.patch
new file mode 100644
index 00000000..64b290b5
--- /dev/null
+++ b/net-wireless/reaver/files/0003-wash-wpsmon-use-less-useless-spaces-in-output-to-fit.patch
@@ -0,0 +1,38 @@
+From 638bb8d70d6c7e5dc99975e0bf57d8ce0455e2cc Mon Sep 17 00:00:00 2001
+From: Paul Fertser <fercerpav@gmail.com>
+Date: Tue, 10 Jul 2012 11:25:00 +0400
+Subject: [PATCH 3/3] wash/wpsmon: use less useless spaces in output to fit
+ narrow terminals
+
+Signed-off-by: Paul Fertser <fercerpav@gmail.com>
+---
+ src/wpsmon.c | 6 +++---
+ 1 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/wpsmon.c b/src/wpsmon.c
+index 22a394f..e0948b3 100644
+--- a/src/wpsmon.c
++++ b/src/wpsmon.c
+@@ -262,8 +262,8 @@ void monitor(char *bssid, int passive, int source, int channel, int mode)
+
+ if(!header_printed)
+ {
+- cprintf(INFO, "BSSID Channel RSSI WPS Version WPS Locked ESSID\n");
+- cprintf(INFO, "---------------------------------------------------------------------------------------------------------------\n");
++ cprintf(INFO, "BSSID Channel RSSI WPS Version WPS Locked ESSID\n");
++ cprintf(INFO, "--------------------------------------------------------------------------------------\n");
+ header_printed = 1;
+ }
+
+@@ -360,7 +360,7 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *
+ break;
+ }
+
+- cprintf(INFO, "%17s %2d %.2d %d.%d %s %s\n", bssid, channel, rssi, (wps->version >> 4), (wps->version & 0x0F), lock_display, ssid);
++ cprintf(INFO, "%17s %2d %.2d %d.%d %s %s\n", bssid, channel, rssi, (wps->version >> 4), (wps->version & 0x0F), lock_display, ssid);
+ }
+
+ if(probe_sent)
+--
+1.7.7
+
diff --git a/net-wireless/reaver/files/0004-wash-probe-request.patch b/net-wireless/reaver/files/0004-wash-probe-request.patch
new file mode 100644
index 00000000..6cb5a678
--- /dev/null
+++ b/net-wireless/reaver/files/0004-wash-probe-request.patch
@@ -0,0 +1,31 @@
+diff -urN reaver-1.4/src/wpsmon.c reaver-wps-read-only/src/wpsmon.c
+--- reaver-1.4/src/wpsmon.c 2012-01-18 17:02:39.000000000 +0800
++++ reaver-wps-read-only/src/wpsmon.c 2012-10-10 06:45:52.271329168 +0800
+@@ -132,6 +132,11 @@
+ usage(argv[0]);
+ goto end;
+ }
++ else if(get_iface())
++ {
++ /* Get the MAC address of the specified interface */
++ read_iface_mac();
++ }
+
+ if(get_iface() && source == PCAP_FILE)
+ {
+@@ -300,6 +305,7 @@
+
+ set_ssid(NULL);
+ bssid = (char *) mac2str(frame_header->addr3, ':');
++ set_bssid((unsigned char *) frame_header->addr3);
+
+ if(bssid)
+ {
+@@ -383,6 +389,7 @@
+
+ end:
+ if(wps) free(wps);
++ set_bssid((unsigned char *) NULL_MAC);
+
+ return;
+ }
diff --git a/net-wireless/reaver/files/0005-soreau-show-status-r2.patch b/net-wireless/reaver/files/0005-soreau-show-status-r2.patch
new file mode 100644
index 00000000..e55b6929
--- /dev/null
+++ b/net-wireless/reaver/files/0005-soreau-show-status-r2.patch
@@ -0,0 +1,97 @@
+Index: cracker.c
+===================================================================
+--- cracker.c (revision 113)
++++ cracker.c (working copy)
+@@ -285,18 +285,65 @@
+ }
+ }
+
++char *get_max_time_remaining(int average, int attempts_remaining)
++{
++ char *max_time, hours[8], minutes[3], seconds[3];
++ int max_hours = 0, max_minutes = 0, max_seconds = 0;
++
++ max_time = malloc(16);
++
++ if(!max_time)
++ exit(-1);
++
++ if(average)
++ {
++ max_seconds = attempts_remaining * average;
++ if(max_seconds > 60)
++ {
++ max_minutes = max_seconds / 60;
++ max_seconds -= max_minutes * 60;
++ }
++ if(max_minutes > 60)
++ {
++ max_hours = max_minutes / 60;
++ max_minutes -= max_hours * 60;
++ }
++
++ if(max_seconds < 0 || max_minutes < 0 || max_hours < 0)
++ {
++ free(max_time);
++ return NULL;
++ }
++
++ sprintf(hours, "%d", max_hours);
++ sprintf(minutes, "%s%d", max_minutes > 9 ? "" : "0", max_minutes);
++ sprintf(seconds, "%s%d", max_seconds > 9 ? "" : "0", max_seconds);
++
++ sprintf(max_time, "%s:%s:%s", hours, minutes, seconds);
++ }
++ else
++ {
++ free(max_time);
++ return NULL;
++ }
++
++ return max_time;
++}
++
+ /* Displays the status and rate of cracking */
+ void display_status(float pin_count, time_t start_time)
+ {
+ float percentage = 0;
+ int attempts = 0, average = 0;
++ int attempts_remaining = 0;
+ time_t now = 0, diff = 0;
+ struct tm *tm_p = NULL;
+- char time_s[256] = { 0 };
++ char time_s[256] = { 0 }, *max_time;
+
+ if(get_key_status() == KEY1_WIP)
+ {
+ attempts = get_p1_index() + get_p2_index();
++ attempts_remaining = 11000 - attempts;
+ }
+ /*
+ * If we've found the first half of the key, then the entire key1 keyspace
+@@ -305,10 +352,12 @@
+ else if(get_key_status() == KEY2_WIP)
+ {
+ attempts = P1_SIZE + get_p2_index();
++ attempts_remaining = 11000 - attempts;
+ }
+ else if(get_key_status() == KEY_DONE)
+ {
+ attempts = P1_SIZE + P2_SIZE;
++ attempts_remaining = 0;
+ }
+
+ percentage = (float) (((float) attempts / (P1_SIZE + P2_SIZE)) * 100);
+@@ -335,7 +384,12 @@
+ average = 0;
+ }
+
++ max_time = get_max_time_remaining(average, attempts_remaining);
++
+ cprintf(INFO, "[+] %.2f%% complete @ %s (%d seconds/pin)\n", percentage, time_s, average);
++ cprintf(INFO, "[+] Max time remaining at this rate: %s (%d pins left to try)\n", max_time ? max_time : "(undetermined)", attempts_remaining);
+
++ free(max_time);
++
+ return;
+ }
diff --git a/net-wireless/reaver/files/0005-soreau-show-status.patch b/net-wireless/reaver/files/0005-soreau-show-status.patch
new file mode 100644
index 00000000..e6f2799d
--- /dev/null
+++ b/net-wireless/reaver/files/0005-soreau-show-status.patch
@@ -0,0 +1,97 @@
+Index: cracker.c
+===================================================================
+--- cracker.c (revision 113)
++++ cracker.c (working copy)
+@@ -285,18 +285,65 @@
+ }
+ }
+
++char *get_max_time_remaining(int average, int attempts_remaining)
++{
++ char *max_time, hours[12], minutes[2], seconds[2];
++ int max_hours = 0, max_minutes = 0, max_seconds = 0;
++
++ max_time = malloc(16);
++
++ if(!max_time)
++ exit(-1);
++
++ if(average)
++ {
++ max_seconds = attempts_remaining * average;
++ if(max_seconds > 60)
++ {
++ max_minutes = max_seconds / 60;
++ max_seconds -= max_minutes * 60;
++ }
++ if(max_minutes > 60)
++ {
++ max_hours = max_minutes / 60;
++ max_minutes -= max_hours * 60;
++ }
++
++ if(max_seconds < 0 || max_minutes < 0 || max_hours < 0)
++ {
++ free(max_time);
++ return NULL;
++ }
++
++ sprintf(hours, "%d", max_hours);
++ sprintf(minutes, "%s%d", max_minutes > 9 ? "" : "0", max_minutes);
++ sprintf(seconds, "%s%d", max_seconds > 9 ? "" : "0", max_seconds);
++
++ sprintf(max_time, "%s:%s:%s", hours, minutes, seconds);
++ }
++ else
++ {
++ free(max_time);
++ return NULL;
++ }
++
++ return max_time;
++}
++
+ /* Displays the status and rate of cracking */
+ void display_status(float pin_count, time_t start_time)
+ {
+ float percentage = 0;
+ int attempts = 0, average = 0;
++ int attempts_remaining = 0;
+ time_t now = 0, diff = 0;
+ struct tm *tm_p = NULL;
+- char time_s[256] = { 0 };
++ char time_s[256] = { 0 }, *max_time;
+
+ if(get_key_status() == KEY1_WIP)
+ {
+ attempts = get_p1_index() + get_p2_index();
++ attempts_remaining = 11000 - attempts;
+ }
+ /*
+ * If we've found the first half of the key, then the entire key1 keyspace
+@@ -305,10 +352,12 @@
+ else if(get_key_status() == KEY2_WIP)
+ {
+ attempts = P1_SIZE + get_p2_index();
++ attempts_remaining = 11000 - attempts;
+ }
+ else if(get_key_status() == KEY_DONE)
+ {
+ attempts = P1_SIZE + P2_SIZE;
++ attempts_remaining = 0;
+ }
+
+ percentage = (float) (((float) attempts / (P1_SIZE + P2_SIZE)) * 100);
+@@ -335,7 +384,12 @@
+ average = 0;
+ }
+
++ max_time = get_max_time_remaining(average, attempts_remaining);
++
+ cprintf(INFO, "[+] %.2f%% complete @ %s (%d seconds/pin)\n", percentage, time_s, average);
++ cprintf(INFO, "[+] Max time remaining at this rate: %s (%d pins left to try)\n", max_time ? max_time : "(undetermined)", attempts_remaining);
+
++ free(max_time);
++
+ return;
+ } \ No newline at end of file