Fixed logic when nonce seed is found but pin is not

The logic should be rewritten in a better way. This is a quick fix before the next release.
wiire-a · Jan 23, 2018 · 706f3ba · 706f3ba
1 parent ec3c4ca
commit 706f3ba
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 3 deletions.
diff --git a/src/pixiewps.c b/src/pixiewps.c
@@ -1158,11 +1158,18 @@ int main(int argc, char **argv)
 						wps->e_s1[i] = ralink_randbyte_backwards(&prng);
 					wps->s1_seed = prng.sreg;
 
+					DEBUG_PRINT("Seed found");
 					DEBUG_PRINT_ATTEMPT(wps->e_s1, wps->e_s2);
 					if (crack(wps, wps->pin) == PIN_FOUND) {
 						found_p_mode = RT;
 						DEBUG_PRINT("Pin found (%8s)", wps->pin);
 					}
+					else {
+						wps->nonce_match = RT;
+						wps->nonce_seed = 0;
+						wps->s1_seed = 0;
+						wps->s2_seed = 0;
+					}
 				}
 				else {
 					DEBUG_PRINT("Nonce doesn't appear to be generated by this mode, skipping...");
@@ -1192,18 +1199,23 @@ int main(int argc, char **argv)
 					for (i = 0; i < WPS_SECRET_NONCE_LEN; i++) /* Advance to get E-S2 */
 						wps->e_s2[i] = (uint8_t)(ecos_rand_simple(&seed) & 0xff);
 
-					DEBUG_PRINT("Seed found");
 					break;
 				}
 				counter++;
 			}
 
-			if (wps->s1_seed) { /* Seed found */
+			if (wps->s2_seed) { /* Seed found */
+				DEBUG_PRINT("Seed found");
 				DEBUG_PRINT_ATTEMPT(wps->e_s1, wps->e_s2);
 				if (crack(wps, wps->pin) == PIN_FOUND) {
 					found_p_mode = ECOS_SIMPLE;
 					DEBUG_PRINT("Pin found (%8s)", wps->pin);
 				}
+				else {
+					wps->nonce_match = ECOS_SIMPLE;
+					wps->s1_seed = 0;
+					wps->s2_seed = 0;
+				}
 			}
 			else {
 				DEBUG_PRINT("Nonce doesn't appear to be generated by this mode, skipping...");
@@ -1316,6 +1328,12 @@ int main(int argc, char **argv)
 					found_p_mode = ECOS_SIMPLEST;
 					DEBUG_PRINT("Pin found (%8s)", wps->pin);
 				}
+				else {
+					wps->nonce_match = ECOS_SIMPLEST;
+					wps->nonce_seed = 0;
+					wps->s1_seed = 0;
+					wps->s2_seed = 0;
+				}
 			}
 			else {
 				DEBUG_PRINT("Nonce doesn't appear to be generated by this mode, skipping...");
@@ -1358,6 +1376,12 @@ int main(int argc, char **argv)
 					found_p_mode = ECOS_KNUTH;
 					DEBUG_PRINT("Pin found (%8s)", wps->pin);
 				}
+				else {
+					wps->nonce_match = ECOS_KNUTH;
+					wps->nonce_seed = 0;
+					wps->s1_seed = 0;
+					wps->s2_seed = 0;
+				}
 			}
 			else {
 				DEBUG_PRINT("Nonce doesn't appear to be generated by this mode, skipping...");
@@ -1453,7 +1477,7 @@ int main(int argc, char **argv)
 	}
 
 	if (found_p_mode == NONE) {
-		if ((!memcmp(wps->e_nonce, "\x00\x00", 2) && !memcmp(wps->e_nonce + 4, "\x00\x00", 2)) ||
+		if (wps->nonce_match || (!memcmp(wps->e_nonce, "\x00\x00", 2) && !memcmp(wps->e_nonce + 4, "\x00\x00", 2)) ||
 				(!memcmp(wps->e_nonce + 2, "\x00\x00", 2) && !memcmp(wps->e_nonce + 6, "\x00\x00", 2)) ||
 				(wps->e_nonce[0] == 0 && wps->e_nonce[4] == 0 && wps->e_nonce[8] == 0 && wps->e_nonce[12] == 0) ||
 				(wps->e_nonce[3] == 0 && wps->e_nonce[7] == 0 && wps->e_nonce[11] == 0 && wps->e_nonce[15] == 0))

diff --git a/src/pixiewps.h b/src/pixiewps.h
@@ -126,6 +126,7 @@ struct global {
 	uint8_t mode_auto;
 	uint8_t bruteforce;
 	uint8_t anylength;
+	uint8_t nonce_match;
 	int jobs;
 	int verbosity;
 	char *error;