packz/gist:2240158

## gistfile1.c
/*
 *
 * Implementazione dello script originariamente al seguente URL
 *
 * 	http://www.evilsocket.net
 * 		/1126/script-per-il-calcolo-della-chiave-wpa-nei-router-fastweb-pirelli.html
 *
 * 	http://wifiresearchers.wordpress.com/
 *
 *
 * http://cocoadevcentral.com/d/learn_objectivec/
 *
 * http://developer.apple.com/mac/library/documentation/Cocoa/Reference/Foundation/Miscellaneous/Foundation_Functions/Reference/
 */
//#import <Foundation/Foundation.h>
//#import <CommonCrypto/CommonDigest.h>

#include <stdio.h>
#include <openssl/md5.h>

/* get mask from MSB of length 5*/
unsigned int mask(unsigned int size, unsigned int idx, unsigned int step) {
	unsigned int mask = 0;
	unsigned int cycle;
	for (cycle = 0 ; cycle < 5 ; cycle++) {
		mask |= (1 << (size - (step*idx) - cycle - 1));
	}

	return mask;
}

int main(int argc, char* argv[]) {
	if (argc < 2) {
		fprintf(stderr, "usage: %s <hex>\n", argv[0]);
		return 1;
	}

	char* numerical_essid = argv[1];

	if (strlen(numerical_essid) != 12) {
		fprintf(stderr, "ESSID must be of 12 digits\n");
		return 1;
	}

	unsigned char md5checksum[16];
	/*
	 * 20 byte costanti cablati nel firmware dei Pirelli Fastweb.
	 *
	 * N.B: per questioni di endianess va tutto ribaltato rispetto
	 * allo script originale.
	 */
	//unsigned char code[] = "\x22\x33\x11\x34\x02\x81\xFA\x22\x11\x41\x68\x11\x12\x01\x05\x22\x71\x42\x10\x66";
	unsigned char code[] = "\x66\x10\x42\x71\x22\x05\x01\x12\x11\x68\x41\x11\x22\xfa\x81\x02\x34\x11\x33\x22";

	/*
	 * questa parte di codice prende la stringa dell'ESSID
	 * la trasforma nella sua rappresentazione binaria
	 * e gli aggiunge i 20 byte in 'code'.
	 */
	unsigned int cycle;
	char digit[3] = {'\0', '\0', '\0'};
	unsigned char hex_digit[26] = "";
	unsigned int hex;
	for (cycle = 0 ; cycle < 6 ; cycle++) {
		digit[0] = numerical_essid[2*cycle];
		digit[1] = numerical_essid[2*cycle + 1];

		sscanf(digit, "%02x", &hex);
		hex_digit[25 - cycle] = hex;
	}
	memcpy(hex_digit , code, 20);

	unsigned char reversed_hex[26];
	for (cycle = 0 ; cycle < 26 ; cycle++) {
		reversed_hex[cycle] = hex_digit[25 - cycle];
	}

	/* not portable */
	MD5(reversed_hex, 26, md5checksum);

#if 0
	write(1, reversed_hex, 26);
	return 0;
#endif

	/**************************/
	/* calcoliamo la password */
	/**************************/
	unsigned char hex_psw[5];
#if 1
	unsigned int seq;
	/* from little endian to big endian */
	for (cycle = 0 ; cycle < 4 ; cycle++) {
		((unsigned char*)&seq)[cycle] = md5checksum[3 - cycle];
	}
#else
	unsigned int seq = 0xa37d4267;
#endif
	/* prendo i primi 4 byte in 5 gruppi di 5 bits */
	for (cycle = 0 ; cycle < 5 ; cycle++) {
		hex_psw[cycle] =
			(seq & mask(32, cycle, 5)) >> (27 - 5*cycle);
		hex_psw[cycle] = hex_psw[cycle] < 0x0A ?
			hex_psw[cycle] : hex_psw[cycle] + 0x57;
	}

	printf( "WPA: ");
	for (cycle = 0 ; cycle < 5 ; cycle++) {
		printf("%02x", hex_psw[cycle]);
	}
	puts("");

	return 0;
}
	/*
	*
	* Implementazione dello script originariamente al seguente URL
	*
	* http://www.evilsocket.net
	* /1126/script-per-il-calcolo-della-chiave-wpa-nei-router-fastweb-pirelli.html
	*
	* http://wifiresearchers.wordpress.com/
	*
	*
	* http://cocoadevcentral.com/d/learn_objectivec/
	*
	* http://developer.apple.com/mac/library/documentation/Cocoa/Reference/Foundation/Miscellaneous/Foundation_Functions/Reference/
	*/
	//#import <Foundation/Foundation.h>
	//#import <CommonCrypto/CommonDigest.h>

	#include <stdio.h>
	#include <openssl/md5.h>

	/* get mask from MSB of length 5*/
	unsigned int mask(unsigned int size, unsigned int idx, unsigned int step) {
	unsigned int mask = 0;
	unsigned int cycle;
	for (cycle = 0 ; cycle < 5 ; cycle++) {
	mask \|= (1 << (size - (step*idx) - cycle - 1));
	}

	return mask;
	}

	int main(int argc, char* argv[]) {
	if (argc < 2) {
	fprintf(stderr, "usage: %s <hex>\n", argv[0]);
	return 1;
	}

	char* numerical_essid = argv[1];

	if (strlen(numerical_essid) != 12) {
	fprintf(stderr, "ESSID must be of 12 digits\n");
	return 1;
	}

	unsigned char md5checksum[16];
	/*
	* 20 byte costanti cablati nel firmware dei Pirelli Fastweb.
	*
	* N.B: per questioni di endianess va tutto ribaltato rispetto
	* allo script originale.
	*/
	//unsigned char code[] = "\x22\x33\x11\x34\x02\x81\xFA\x22\x11\x41\x68\x11\x12\x01\x05\x22\x71\x42\x10\x66";
	unsigned char code[] = "\x66\x10\x42\x71\x22\x05\x01\x12\x11\x68\x41\x11\x22\xfa\x81\x02\x34\x11\x33\x22";

	/*
	* questa parte di codice prende la stringa dell'ESSID
	* la trasforma nella sua rappresentazione binaria
	* e gli aggiunge i 20 byte in 'code'.
	*/
	unsigned int cycle;
	char digit[3] = {'\0', '\0', '\0'};
	unsigned char hex_digit[26] = "";
	unsigned int hex;
	for (cycle = 0 ; cycle < 6 ; cycle++) {
	digit[0] = numerical_essid[2*cycle];
	digit[1] = numerical_essid[2*cycle + 1];

	sscanf(digit, "%02x", &hex);
	hex_digit[25 - cycle] = hex;
	}
	memcpy(hex_digit , code, 20);

	unsigned char reversed_hex[26];
	for (cycle = 0 ; cycle < 26 ; cycle++) {
	reversed_hex[cycle] = hex_digit[25 - cycle];
	}

	/* not portable */
	MD5(reversed_hex, 26, md5checksum);

	#if 0
	write(1, reversed_hex, 26);
	return 0;
	#endif

	/**************************/
	/* calcoliamo la password */
	/**************************/
	unsigned char hex_psw[5];
	#if 1
	unsigned int seq;
	/* from little endian to big endian */
	for (cycle = 0 ; cycle < 4 ; cycle++) {
	((unsigned char*)&seq)[cycle] = md5checksum[3 - cycle];
	}
	#else
	unsigned int seq = 0xa37d4267;
	#endif
	/* prendo i primi 4 byte in 5 gruppi di 5 bits */
	for (cycle = 0 ; cycle < 5 ; cycle++) {
	hex_psw[cycle] =
	(seq & mask(32, cycle, 5)) >> (27 - 5*cycle);
	hex_psw[cycle] = hex_psw[cycle] < 0x0A ?
	hex_psw[cycle] : hex_psw[cycle] + 0x57;
	}

	printf( "WPA: ");
	for (cycle = 0 ; cycle < 5 ; cycle++) {
	printf("%02x", hex_psw[cycle]);
	}
	puts("");

	return 0;
	}