1
0

fuzzAuth.c 3.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149
  1. /*
  2. Fuzzes Authentication Information element
  3. */
  4. #include <stdio.h>
  5. #include <stdlib.h>
  6. #include <stdint.h>
  7. #include <string.h>
  8. #include "frameDefinitions.h"
  9. #include "AUTHieid.h"
  10. #include "AUTHoversize.h"
  11. #include "AUTHduplicate.h"
  12. #include "AUTHallies.h"
  13. #include "AUTHstatic.h"
  14. //Indecates whether the AuthFuzzer is running
  15. int AuthRunningState = 0;
  16. //Number of fuzzing states
  17. const int AuthStates = 5;
  18. //Steps of fuzzers for each fuzzing state
  19. const int AuthSteps[] = {256*4, 16, 16, 4, 14};
  20. //Current state and step of the AuthFuzzer
  21. int fuzzState;
  22. int fuzzStep;
  23. void AuthPrintCurrentState()
  24. {
  25. switch (fuzzState)
  26. {
  27. case 0:
  28. {
  29. printf("\e[33mFuzzing Auth Generic stuff\e[39m\n");
  30. printf("Trying basic overflows on all possible IEs\n");
  31. break;
  32. }
  33. case 1:
  34. {
  35. printf("Fuzzing frame body length\n");
  36. break;
  37. }
  38. case 2:
  39. {
  40. printf("Fuzzing duplicate elements\n");
  41. break;
  42. }
  43. case 3:
  44. {
  45. printf("Fuzzing all ies at the same time\n");
  46. break;
  47. }
  48. case 4:
  49. {
  50. printf("Fuzzing static elements\n");
  51. break;
  52. }
  53. case 5:
  54. {
  55. printf("\e[33mDone with fuzzing Auth\e[39m\n");
  56. break;
  57. }
  58. }
  59. }
  60. //Updates AuthFuzzer
  61. //Status 0 indicates start
  62. //Status 1 indicates increaseStep
  63. //Status 2 indicates stop
  64. //Returns -1 if done with fuzzing
  65. int AuthFuzzUpdate(int status)
  66. {
  67. switch (status)
  68. {
  69. case 0: //start fuzzer
  70. {
  71. AuthRunningState = 1;
  72. fuzzState = 0;
  73. fuzzStep = 0;
  74. AuthPrintCurrentState();
  75. break;
  76. }
  77. case 1: //update fuzzer
  78. {
  79. if (AuthRunningState == 1) //sanity check
  80. {
  81. //increase steps until all steps are done
  82. if (fuzzStep < AuthSteps[fuzzState]-1)
  83. fuzzStep = fuzzStep + 1;
  84. //then increase state and notify
  85. else
  86. {
  87. fuzzStep = 0;
  88. fuzzState = fuzzState + 1;
  89. AuthPrintCurrentState();
  90. }
  91. //when all states are done, stop
  92. if (fuzzState == AuthStates)
  93. {
  94. AuthRunningState = 0;
  95. return -1;
  96. }
  97. }
  98. break;
  99. }
  100. case 2: //stop fuzzer
  101. {
  102. AuthRunningState = 0;
  103. break;
  104. }
  105. }
  106. return 0;
  107. }
  108. //Creates Probe response frame
  109. u_char *AuthFuzz(u_char *dstAddress, int *packetSize, u_char * radioTapHeader, u_char *myMAC)
  110. {
  111. switch(fuzzState)
  112. {
  113. case 0:
  114. {
  115. return Authieid(dstAddress, packetSize, radioTapHeader, myMAC, fuzzStep);
  116. break;
  117. }
  118. case 1:
  119. {
  120. return Authoversize(dstAddress, packetSize, radioTapHeader, myMAC, fuzzStep);
  121. break;
  122. }
  123. case 2:
  124. {
  125. return Authduplicate(dstAddress, packetSize, radioTapHeader, myMAC, fuzzStep);
  126. break;
  127. }
  128. case 3:
  129. {
  130. return Authallies(dstAddress, packetSize, radioTapHeader, myMAC, fuzzStep);
  131. break;
  132. }
  133. case 4:
  134. {
  135. return Authstatic(dstAddress, packetSize, radioTapHeader, myMAC, fuzzStep);
  136. break;
  137. }
  138. }
  139. //return packet
  140. return NULL;
  141. }