Removed msflorcon in favor of the new ruby-lorcon module

git-svn-id: file:///home/svn/framework3/trunk@4105 4d416f70-5f16-0410-b530-b9f4589650da
2024-11-12 11:52:01 +01:00 · 2006-11-06 00:26:35 +00:00 · 2006-11-06 00:26:35 +00:00 · 2982440a28
commit 2982440a28
parent e659032c35
11 changed files with 335 additions and 269 deletions
--- a/external/msflorcon/Makefile
+++ b/external/msflorcon/Makefile
@ -1,19 +0,0 @@
-#
-# Makefile for msflorcon
-#
-
-NAME=msflorcon-$(shell ruby -e 'puts RUBY_PLATFORM')
-CFLAGS  := -I. -I/usr/include -I/usr/local/include
-LDFLAGS := -L. -lorcon
-
-%.o:
-	$(CC) -fPIC -c $(CFLAGS) *.c
-	
-shared: %.o
-	$(CC) -fPIC -shared -o $(NAME).so *.o $(LDFLAGS)
-	
-all: shared
-	strip *.so
-
-clean:
-	rm -f *.o core a.out *.so
--- a/external/msflorcon/features.rb
+++ b/external/msflorcon/features.rb
@ -1,62 +0,0 @@
-#
-# This class wraps the lorcon 802.11 packet injection library
-#
-
-class MSFLorcon
-
-	# Symbol definitions for userstack interface
-	LIBSYMBOLS = 
-	{
-		:msflorcon_setchannel    => 'IPI',
-		:msflorcon_getchannel    => 'IP',
-		:msflorcon_send          => 'IPPIII',
-		:msflorcon_close         => '0P',
-		:msflorcon_open          => 'IPPPI',
-		:msflorcon_driverlist    => 'IPI',
-		:msflorcon_in_tx_size    => 'I',			
-	}
-
-	LIBSYMBOLS.each_pair { |name, args| LORCON::SYM[name] = LORCON::LIB[name.to_s, args] }
-
-		
-	def self.driverlist
-		buff = DL.malloc(1024)
-		r, rs = LORCON::SYM[:msflorcon_driverlist].call(buff, buff.size)
-		r == 1 ? buff.to_str.gsub("\x00", '').split(",") : []
-	end
-	
-	def self.open(iface='ath0', driver='madwifi', channel=11)
-		r, rs = LORCON::SYM[:msflorcon_in_tx_size].call()
-		tx = DL.malloc(r)	
-		r, rs = LORCON::SYM[:msflorcon_open].call(tx, iface, driver, channel)
-		r == 1 ? Interface.new(tx) : nil
-	end
-
-	class Interface
-		attr_accessor :tx
-		
-		def initialize(tx)
-			self.tx = tx
-		end
-		
-		def close
-			r, rs = LORCON::SYM[:msflorcon_close].call(self.tx)
-		end
-		
-		def write(buff, count=1, delay=0)
-			r, rs = LORCON::SYM[:msflorcon_send].call(self.tx, buff.to_ptr, buff.length, count, delay)
-			return r
-		end
-		
-		def channel(chan=nil)
-			if (chan)
-				r, rs = LORCON::SYM[:msflorcon_setchannel].call(self.tx, chan)
-			else
-				r, rs = LORCON::SYM[:msflorcon_getchannel].call(self.tx)
-			end
-		end
-		
-	end	
-	
-
-end
--- a/external/msflorcon/msflorcon.c
+++ b/external/msflorcon/msflorcon.c
@ -1,131 +0,0 @@
-#include <msflorcon.h>
-
-/*
-    This is a derivative of the tx.c sample included with lorcon
-
-    lorcon is free software; you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation; either version 2 of the License, or
-    (at your option) any later version.
-
-    lorcon is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License
-    along with lorcon; if not, write to the Free Software
-    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-
-    Copyright (c) 2005 dragorn and Joshua Wright
-	
-	Metasploit/MSFLorcon specifics are Copyright (c) 2006 Metasploit LLC
-*/
-
-/* This is quick and ugly code I wrote as PoC */
-
-
-int msflorcon_setchannel(struct tx80211 *in_tx, int channel) {
-	return(tx80211_setchannel(in_tx, channel));
-}
-
-int msflorcon_getchannel(struct tx80211 *in_tx) {
-	return(tx80211_getchan(in_tx));
-}
-
-int msflorcon_in_tx_size(void) {
-	return(sizeof(struct tx80211));
-}
-
-int msflorcon_send(struct tx80211 *in_tx, char *buff, int len, int cnt, int delay) {
-	struct tx80211_packet in_packet;
-	int ret = 0;
-	int c = cnt;
-	
-	in_packet.packet = buff;
-	in_packet.plen = len;
-	
-	for (; c > 0; c--) {
-		ret = tx80211_txpacket(in_tx, &in_packet);
-		if (ret < 0) 
-			return(ret);
-		if (delay > 0)
-			usleep(delay);
-	}
-	
-	return(cnt);
-}
-
-		
-int msflorcon_open(struct tx80211 *in_tx, char *iface, char *driver, int channel) {
-	int ret = 0;
-	int drivertype = INJ_NODRIVER;
-
-	drivertype = tx80211_resolvecard(driver);
-	if (drivertype == INJ_NODRIVER) {
-		fprintf(stderr, "msflorcon: driver name not recognized.\n");
-		return(0);
-	}
-	
-	if (tx80211_init(in_tx, iface, drivertype) < 0) {
-		perror("tx80211_init");
-		return(0);
-	}
-		
-	ret = tx80211_setmode(in_tx, IW_MODE_MONITOR);
-	if (ret != 0) {
-		fprintf(stderr, "msflorcon: error setting mode, returned %d.\n", ret);
-		return(0);
-	}
-
-	/* Switch to the given channel */
-	ret = tx80211_setchannel(in_tx, channel);
-	if (ret < 0) {
-		fprintf(stderr, "msflorcon: error setting channel, returned %d.\n", ret);
-		return(0);
-	}
-
-	/* Open the interface to get a socket */
-	ret = tx80211_open(in_tx);
-	if (ret < 0) {
-		fprintf(stderr, "msflorcon: unable to open interface %s.\n", in_tx->ifname);
-		return(0);
-	}
-	
-	return(1);		
-}
-
-void msflorcon_close(struct tx80211 *in_tx) {
-	tx80211_close(in_tx);
-}
-
-int msflorcon_driverlist(char *buff, int len) {
-	struct tx80211_cardlist *cardlist = NULL;
-	int i,l,r;
-
-	if (buff == NULL)
-		return(0);
-	
-	cardlist = tx80211_getcardlist();
-	if (cardlist == NULL) {
-		free(buff);
-		return(0);
-	}
-	
-	r = len;
-	for (i = 1; i < cardlist->num_cards; i++) {
-		
-		l = strlen(cardlist->cardnames[i]);
-		
-		if (l + 1 > r)
-			return(0);
-		
-		strcat(buff, cardlist->cardnames[i]);
-		if (i + 1 < cardlist->num_cards)
-			strcat(buff, ",");
-
-		r -= l + 1;
-	}
-
-	return(1);
-}
--- a/external/msflorcon/msflorcon.rb
+++ b/external/msflorcon/msflorcon.rb
@ -1,38 +0,0 @@
-#
-# This class wraps the lorcon 802.11 packet injection library
-# The real wrapper code can be found in msflorcon.c and features.rb
-#
-
-$:.unshift(File.join(File.dirname(__FILE__)))
-
-class MSFLorcon
-
-	LIBNAME = File.join(File.dirname(__FILE__), "msflorcon-" + RUBY_PLATFORM + ".so")
-	
-	require 'dl'
-
-	@@loaded = nil
-
-	def self.loaded
-		@@loaded
-	end
-
-	def self.open(*args)
-		nil
-	end
-		
-	begin
-		module LORCON
-			LIB = DL.dlopen(LIBNAME)
-			SYM = { }
-		end	
-
-		require 'features'
-		
-		@@loaded = true	
-		
-	rescue ::Exception => e
-		$stderr.puts "Error loading the Lorcon features: #{e} #{e.backtrace.to_s}"
-	end
-
-end
--- a/external/ruby-lorcon/Lorcon.c
+++ b/external/ruby-lorcon/Lorcon.c
@ -0,0 +1,164 @@
+#include "Lorcon.h"
+#include "ruby.h"
+
+/*
+    This is a derivative of the tx.c sample included with lorcon
+
+    lorcon is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    lorcon is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with lorcon; if not, write to the Free Software
+    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+    Copyright (c) 2005 dragorn and Joshua Wright
+*/
+
+/*	
+	Ruby-Lorcon specifics are Copyright (c) 2006 Metasploit LLC
+*/
+
+VALUE mLorcon;
+VALUE cDevice;
+
+static VALUE lorcon_driver_list(VALUE self) {	
+	VALUE list;
+	struct tx80211_cardlist *cards = NULL;
+	int i;
+
+	list  = rb_ary_new();
+	cards = tx80211_getcardlist();
+	if (cards == NULL) {
+		return(Qnil);
+	}
+	
+	for (i = 1; i < cards->num_cards; i++)
+		rb_ary_push(list, rb_str_new2(cards->cardnames[i]));
+	
+	return(list);
+}
+
+static VALUE lorcon_driver_get_channel(VALUE self) {
+	struct tx80211 *in_tx;
+	Data_Get_Struct(self, struct tx80211, in_tx);
+	return INT2NUM(tx80211_getchan(in_tx));
+}
+
+static VALUE lorcon_driver_set_channel(VALUE self, VALUE channel) {
+	struct tx80211 *in_tx;
+	Data_Get_Struct(self, struct tx80211, in_tx);
+	tx80211_setchannel(in_tx, NUM2INT(channel));
+	return INT2NUM(tx80211_getchan(in_tx));
+}
+
+void lorcon_driver_free(struct tx80211 *in_tx) {
+	tx80211_close(in_tx);
+	free(in_tx);
+}
+
+static VALUE lorcon_driver_open(int argc, VALUE *argv, VALUE self) {
+	struct tx80211 *in_tx;
+	int ret = 0;
+	int drivertype = INJ_NODRIVER;
+	char *driver, *intf;
+	VALUE rbdriver, rbintf, rbchannel;
+	VALUE obj;
+		
+	if (rb_scan_args(argc, argv, "21", &rbintf, &rbdriver, &rbchannel) == 2) {
+		rbchannel = INT2NUM(11);		
+	}
+
+	driver = STR2CSTR(rbdriver);
+	intf = STR2CSTR(rbintf);
+	
+	obj = Data_Make_Struct(cDevice, struct tx80211, 0, lorcon_driver_free, in_tx);
+
+	drivertype = tx80211_resolvecard(driver);
+	if (drivertype == INJ_NODRIVER) {
+		rb_raise(rb_eArgError, "Lorcon did not recognize the specified driver");
+		return(Qnil);
+	}
+	
+	if (tx80211_init(in_tx, intf, drivertype) < 0) {
+		rb_raise(rb_eRuntimeError, "Lorcon could not initialize the interface");
+		return(Qnil);
+	}
+		
+	ret = tx80211_setmode(in_tx, IW_MODE_MONITOR);
+	if (ret != 0) {
+		rb_raise(rb_eRuntimeError, "Lorcon could not place the card into monitor mode");
+		return(Qnil);
+	}
+
+	/* Switch to the given channel */
+	ret = tx80211_setchannel(in_tx, NUM2INT(rbchannel));
+	if (ret < 0) {
+		rb_raise(rb_eRuntimeError, "Lorcon could not set the channel");
+		return(Qnil);
+	}
+
+	/* Open the interface to get a socket */
+	ret = tx80211_open(in_tx);
+	if (ret < 0) {
+		rb_raise(rb_eRuntimeError, "Lorcon could not open the interface");
+		return(Qnil);
+	}	
+
+	rb_obj_call_init(obj, 0, 0);	
+	return(obj);
+}
+
+static VALUE lorcon_driver_write(int argc, VALUE *argv, VALUE self) {
+	struct tx80211_packet in_packet;
+	struct tx80211 *in_tx;
+	int ret = 0;
+	int cnt = 0;
+	int dly = 0;
+	
+	VALUE rbbuff, rbcnt, rbdelay;
+	
+	Data_Get_Struct(self, struct tx80211, in_tx);	
+		
+	switch(rb_scan_args(argc, argv, "12", &rbbuff, &rbcnt, &rbdelay)) {	
+		case 1:
+			rbdelay = INT2NUM(0);
+		case 2:	
+			rbcnt = INT2NUM(1);
+		default:
+			break;
+	}
+
+	cnt = NUM2INT(rbcnt);
+	dly = NUM2INT(rbdelay);
+	
+	in_packet.packet = StringValuePtr(rbbuff);
+	in_packet.plen = RSTRING(rbbuff)->len;
+
+	for (; cnt > 0; cnt--) {
+		ret = tx80211_txpacket(in_tx, &in_packet);
+		if (ret < 0) 
+			return(INT2NUM(ret));
+		if (dly > 0)
+			usleep(dly);
+	}
+
+	return (rbcnt);
+}
+
+void Init_Lorcon() {	
+	mLorcon = rb_define_module("Lorcon");
+	rb_define_module_function(mLorcon, "drivers", lorcon_driver_list, 0);
+	
+	cDevice = rb_define_class_under(mLorcon, "Device", rb_cObject);
+	rb_define_singleton_method(cDevice, "new", lorcon_driver_open, -1);
+	rb_define_method(cDevice, "channel", lorcon_driver_get_channel, 0);
+	rb_define_method(cDevice, "channel=", lorcon_driver_set_channel, 0);
+	rb_define_method(cDevice, "write", lorcon_driver_write, -1);
+}
--- a/external/msflorcon/msflorcon.h
+++ b/external/msflorcon/msflorcon.h
--- a/external/ruby-lorcon/Makefile
+++ b/external/ruby-lorcon/Makefile
@ -0,0 +1,142 @@
+
+SHELL = /bin/sh
+
+#### Start of system configuration section. ####
+
+srcdir = .
+topdir = /usr/lib/ruby/1.8/i686-linux
+hdrdir = $(topdir)
+VPATH = $(srcdir):$(topdir):$(hdrdir)
+prefix = $(DESTDIR)/usr
+exec_prefix = $(DESTDIR)/usr
+sitedir = $(DESTDIR)/usr/lib/ruby/site_ruby
+rubylibdir = $(libdir)/ruby/$(ruby_version)
+archdir = $(rubylibdir)/$(arch)
+sbindir = $(exec_prefix)/sbin
+datadir = $(DESTDIR)/usr/share
+includedir = $(prefix)/include
+infodir = $(DESTDIR)/usr/share/info
+sysconfdir = $(DESTDIR)/etc
+mandir = $(DESTDIR)/usr/share/man
+libdir = $(DESTDIR)/usr/lib
+sharedstatedir = $(prefix)/com
+oldincludedir = $(DESTDIR)/usr/include
+sitearchdir = $(sitelibdir)/$(sitearch)
+bindir = $(exec_prefix)/bin
+localstatedir = $(DESTDIR)/var/lib
+sitelibdir = $(sitedir)/$(ruby_version)
+libexecdir = $(exec_prefix)/libexec
+
+CC = i686-pc-linux-gnu-gcc
+LIBRUBY = $(LIBRUBY_SO)
+LIBRUBY_A = lib$(RUBY_SO_NAME)-static.a
+LIBRUBYARG_SHARED = -Wl,-R -Wl,$(libdir) -L$(libdir) -L. -l$(RUBY_SO_NAME)
+LIBRUBYARG_STATIC = -l$(RUBY_SO_NAME)-static
+
+RUBY_EXTCONF_H = 
+CFLAGS   =  -fPIC -O2 -march=pentium4  -fPIC 
+INCFLAGS = -I. -I. -I/usr/lib/ruby/1.8/i686-linux -I.
+CPPFLAGS =  
+CXXFLAGS = $(CFLAGS) 
+DLDFLAGS =   
+LDSHARED = $(CC) -shared
+AR = i686-pc-linux-gnu-ar
+EXEEXT = 
+
+RUBY_INSTALL_NAME = ruby18
+RUBY_SO_NAME = ruby18
+arch = i686-linux
+sitearch = i686-linux
+ruby_version = 1.8
+ruby = /usr/bin/ruby18
+RUBY = $(ruby)
+RM = rm -f
+MAKEDIRS = mkdir -p
+INSTALL = /bin/install -c
+INSTALL_PROG = $(INSTALL) -m 0755
+INSTALL_DATA = $(INSTALL) -m 644
+COPY = cp
+
+#### End of system configuration section. ####
+
+preload = 
+
+libpath = $(libdir)
+LIBPATH =  -L'$(libdir)' -Wl,-R'$(libdir)'
+DEFFILE = 
+
+CLEANFILES = 
+DISTCLEANFILES = 
+
+extout = 
+extout_prefix = 
+target_prefix = 
+LOCAL_LIBS = 
+LIBS = $(LIBRUBYARG_SHARED) -lorcon  -ldl -lcrypt -lm   -lc
+SRCS = Lorcon.c
+OBJS = Lorcon.o
+TARGET = Lorcon
+DLLIB = $(TARGET).so
+EXTSTATIC = 
+STATIC_LIB = 
+
+RUBYCOMMONDIR = $(sitedir)$(target_prefix)
+RUBYLIBDIR    = $(sitelibdir)$(target_prefix)
+RUBYARCHDIR   = $(sitearchdir)$(target_prefix)
+
+TARGET_SO     = $(DLLIB)
+CLEANLIBS     = $(TARGET).so $(TARGET).il? $(TARGET).tds $(TARGET).map
+CLEANOBJS     = *.o *.a *.s[ol] *.pdb *.exp *.bak
+
+all:		$(DLLIB)
+static:		$(STATIC_LIB)
+
+clean:
+		@-$(RM) $(CLEANLIBS) $(CLEANOBJS) $(CLEANFILES)
+
+distclean:	clean
+		@-$(RM) Makefile $(RUBY_EXTCONF_H) conftest.* mkmf.log
+		@-$(RM) core ruby$(EXEEXT) *~ $(DISTCLEANFILES)
+
+realclean:	distclean
+install: install-so install-rb
+
+install-so: $(RUBYARCHDIR)
+install-so: $(RUBYARCHDIR)/$(DLLIB)
+$(RUBYARCHDIR)/$(DLLIB): $(DLLIB)
+	$(INSTALL_PROG) $(DLLIB) $(RUBYARCHDIR)
+install-rb: pre-install-rb install-rb-default
+install-rb-default: pre-install-rb-default
+pre-install-rb: Makefile
+pre-install-rb-default: Makefile
+$(RUBYARCHDIR):
+	$(MAKEDIRS) $@
+
+site-install: site-install-so site-install-rb
+site-install-so: install-so
+site-install-rb: install-rb
+
+.SUFFIXES: .c .m .cc .cxx .cpp .C .o
+
+.cc.o:
+	$(CXX) $(INCFLAGS) $(CPPFLAGS) $(CXXFLAGS) -c $<
+
+.cxx.o:
+	$(CXX) $(INCFLAGS) $(CPPFLAGS) $(CXXFLAGS) -c $<
+
+.cpp.o:
+	$(CXX) $(INCFLAGS) $(CPPFLAGS) $(CXXFLAGS) -c $<
+
+.C.o:
+	$(CXX) $(INCFLAGS) $(CPPFLAGS) $(CXXFLAGS) -c $<
+
+.c.o:
+	$(CC) $(INCFLAGS) $(CPPFLAGS) $(CFLAGS) -c $<
+
+$(DLLIB): $(OBJS)
+	@-$(RM) $@
+	$(LDSHARED) $(DLDFLAGS) $(LIBPATH) -o $@ $(OBJS) $(LOCAL_LIBS) $(LIBS)
+
+
+
+$(OBJS): ruby.h defines.h
--- a/external/ruby-lorcon/README
+++ b/external/ruby-lorcon/README
@ -4,3 +4,7 @@ available on Linux and with lorcon-supported wireless drivers.

 For more information, please see the lorcon documentation and code:
 http://www.802.11mercenary.net/lorcon/
+
+To build this extension:
+$ ruby extconf.rb
+$ make
--- a/external/ruby-lorcon/extconf.rb
+++ b/external/ruby-lorcon/extconf.rb
@ -0,0 +1,8 @@
+#!/usr/bin/env ruby
+require 'mkmf'
+
+if have_library("orcon", "tx80211_txpacket")
+	create_makefile("Lorcon")
+else
+	puts "Error: the lorcon library was not found, please see the README"
+end
--- a/external/ruby-lorcon/test.rb
+++ b/external/ruby-lorcon/test.rb
@ -1,13 +1,9 @@
 #!/usr/bin/env ruby

-require 'msflorcon'
+$:.unshift(File.dirname(__FILE__))
+require "Lorcon"

-if (not MSFLorcon.loaded)
-	$stderr.puts "Error: msflorcon could not be loaded"
-	exit(0)
-end
-
-$stdout.puts "Drivers: " + MSFLorcon.driverlist.join(", ")
+$stdout.puts "Drivers: " + Lorcon.drivers.join(", ")

 # Beacon frame from tx.c
 packet = [
@ -28,7 +24,7 @@ packet = [
 	0x50, 0xf2, 0x02
 ].pack('C*')

-tx = MSFLorcon.open('ath0', 'madwifi', 1)
+tx = Lorcon::Device.new('ath0', 'madwifi', 1)

 sa = Time.now.to_f
 tx.write(packet, 500, 0)
@ -38,7 +34,5 @@ sb = Time.now.to_f
 1.upto(500) { |i| tx.write(packet, 11, 0) }
 eb = Time.now.to_f - sb

-tx.close
-
-$stdout.puts "Sent 500 packets (C) in #{ea.to_s}"
-$stdout.puts "Sent 500 packets (Ruby) in #{eb.to_s}"
+$stdout.puts "Sent 500 packets (C) in #{ea.to_s} seconds"
+$stdout.puts "Sent 500 packets (Ruby) in #{eb.to_s} seconds"
--- a/lib/msf/core/exploit/lorcon.rb
+++ b/lib/msf/core/exploit/lorcon.rb
@ -3,13 +3,11 @@ module Msf
 ###
 #
 # This module provides methods for sending raw 802.11 frames
-# using the MSFLorcon module, a wrapper for the lorcon library.
+# using the Ruby Lorcon module, a wrapper for the lorcon library.
 #
 ###
 module Exploit::Lorcon

-
-
 	#
 	# Initializes an instance of an exploit module that accesses a 802.11 network
 	#
@ -27,7 +25,13 @@ module Exploit::Lorcon

 		$:.unshift(File.join(Msf::Config.install_root, 'external'))
 	
-		require 'msflorcon/msflorcon'
+		begin
+			require 'ruby-lorcon/Lorcon'
+			@lorcon_loaded = true
+		rescue ::Exception => e
+			@lorcon_loaded = false
+			@lorcon_error  = e
+		end
 	
 	end

@ -36,12 +40,12 @@ module Exploit::Lorcon
 	#
 	def open_wifi
 	
-		if (not ::MSFLorcon.loaded)
-			print_status("The MSFLorcon module is not available, please see external/msflorcon/README")
+		if (not @lorcon_loaded)
+			print_status("The Lorcon module is not available, please see external/ruby-lorcon/README")
 			return
 		end
 		
-		self.wifi = ::MSFLorcon.open(datastore['INTERFACE'], datastore['DRIVER'], datastore['CHANNEL'])
+		self.wifi = ::Lorcon::Device.new(datastore['INTERFACE'], datastore['DRIVER'], datastore['CHANNEL'])
 		
 		if (not self.wifi)
 			raise RuntimeError, "Could not open the wireless device interface"