implement -O which writes a pcap file with interesting packets

currently only packets which are reported as having bad FCS are written.

src/80211.c

@@ -36,6 +36,7 @@
 #include "send.h"
 #include "utils/radiotap.h"
 #include "crc.h"
+#include "pcapfile.h"
 #include <libwps.h>
 #include <assert.h>
 
@@ -70,6 +71,9 @@ unsigned char *next_packet(struct pcap_pkthdr *header)
 			if(!warning_shown)
 				cprintf(INFO, "[!] Found packet with bad FCS, skipping...\n");
 			warning_shown = 1;
+			int fd;
+			if((fd = get_output_fd()) != -1)
+				pcapfile_write_packet(fd, header, packet);
 			continue;
 		}
 

src/Makefile

@@ -95,7 +95,7 @@ LIB_OBJS=libwps/libwps.o $(WPS_OBJS) $(UTILS_OBJS) \
 
 MAIN_OBJS=globule.o init.o sigint.o iface.o sigalrm.o \
  misc.o session.o send.o pins.o 80211.o builder.o \
- keys.o crc.o pixie.o version.o
+ keys.o crc.o pixie.o version.o pcapfile.o
 
 PROG_OBJS=$(MAIN_OBJS) exchange.o argsparser.o wpscrack.o wpsmon.o cracker.o main.o
 

src/argsparser.c

@@ -34,6 +34,7 @@
 #include <stdio.h>
 #include <getopt.h>
 #include <ctype.h>
+#include <fcntl.h>
 #include "globule.h"
 #include "defs.h"
 #include "iface.h"
@@ -49,7 +50,7 @@ int process_arguments(int argc, char **argv)
 	int long_opt_index = 0;
 	char bssid[MAC_ADDR_LEN] = { 0 };
 	char mac[MAC_ADDR_LEN] = { 0 };
-	char *short_options = "b:e:m:i:t:d:c:T:x:r:g:l:p:s:C:KZA5ELfnqvDShwN6JF";
+	char *short_options = "b:e:m:i:t:d:c:T:x:r:g:l:p:s:C:O:KZA5ELfnqvDShwN6JF";
 	struct option long_options[] = {
 		{ "pixie-dust", no_argument, NULL, 'K' },
 		{ "interface", required_argument, NULL, 'i' },
@@ -82,16 +83,26 @@ int process_arguments(int argc, char **argv)
 		{ "help", no_argument, NULL, 'h' },
 		{ "timeout-is-nack", no_argument, NULL, 'J' },
 		{ "ignore-fcs", no_argument, NULL, 'F' },
+		{ "output-file", required_argument, NULL, 'O'},
 		{ 0, 0, 0, 0 }
 	};
 
+	set_output_fd(-1);
+
 	/* Since this function may be called multiple times, be sure to set opt index to 0 each time */
 	optind = 0;
 
 	while((c = getopt_long(argc, argv, short_options, long_options, &long_opt_index)) != -1)
         {
                 switch(c)
                 {
+			case 'O':
+				{
+					int ofd = open(optarg, O_WRONLY|O_CREAT|O_TRUNC, 0660);
+					set_output_fd(ofd);
+					if(ofd == -1) perror("open outputfile failed: ");
+				}
+				break;
                         case 'Z':
                         case 'K':
                                 pixie.do_pixie = 1;

src/globule.c

@@ -75,7 +75,9 @@ void globule_deinit()
 		if(globule->static_p2) free(globule->static_p2);
 		if(globule->fp) fclose(globule->fp);
 		if(globule->exec_string) free(globule->exec_string);
-
+
+		if(globule->output_fd != -1) close(globule->output_fd);
+
 		free(globule);
 	}
 }
@@ -639,4 +641,10 @@ int get_repeat_m6(void) {
 	return globule->repeat_m6;
 }
 
+int get_output_fd(void) { return globule->output_fd; }
 
+#include "pcapfile.h"
+void set_output_fd(int fd) {
+	globule->output_fd = fd;
+	if (fd != -1) pcapfile_write_header(fd);
+}

src/globule.h

@@ -148,6 +148,8 @@ struct globals
 
         pcap_t *handle;                 /* Pcap handle */
 
+	int output_fd;			/* handle for output pcap file */
+
         struct wps_data *wps;           /* 
 					 * wpa_supplicant's wps_data structure, needed for almost all wpa_supplicant
                                          * function calls.
@@ -262,4 +264,6 @@ void set_vendor(int, const unsigned char*);
 unsigned char *get_vendor(void);
 void set_repeat_m6(int);
 int get_repeat_m6(void);
+void set_output_fd(int fd);
+int get_output_fd(void);
 #endif

src/pcapfile.c

@@ -0,0 +1,25 @@
+#include <unistd.h>
+#include <pcap/pcap.h>
+
+void pcapfile_write_header(int outfd) {
+	write(outfd, "\xD4\xC3\xB2\xA1" "\x02\x00\x04\x00"
+	             "\x00\x00\x00\x00" "\x00\x00\x00\x00"
+	             "\x00\x00\x04\x00" "\x7F\x00\x00\x00", 24);
+}
+
+void pcapfile_write_packet(int outfd, struct pcap_pkthdr *h_out, const unsigned char* data) {
+	struct pcap_file_pkthdr {
+		unsigned sec_epoch;
+		unsigned ms_sec;
+		unsigned caplen;
+		unsigned len;
+	} hdr_out = {
+		.sec_epoch = h_out->ts.tv_sec,
+		.ms_sec = h_out->ts.tv_usec,
+		.caplen = h_out->caplen,
+		.len = h_out->len,
+	};
+	write(outfd, &hdr_out, sizeof hdr_out);
+	write(outfd, data, h_out->len);
+}
+

src/pcapfile.h

@@ -0,0 +1,10 @@
+#ifndef PCAPFILE_H
+#define PCAPFILE_H
+
+#include <pcap/pcap.h>
+
+void pcapfile_write_header(int outfd);
+void pcapfile_write_packet(int outfd, struct pcap_pkthdr *h_out, const unsigned char* data);
+
+#endif
+

src/wpscrack.c

@@ -180,6 +180,7 @@ static int reaver_usage(char *prog_name)
 	fprintf(stderr, "\t-w, --win7                      Mimic a Windows 7 registrar [False]\n");
 	fprintf(stderr, "\t-K, --pixie-dust                Run pixiedust attack\n");
 	fprintf(stderr, "\t-Z                              Run pixiedust attack\n");
+        fprintf(stderr, "\t-O, --output-file=<filename>    Write packets of interest into pcap file\n");
 
         fprintf(stderr, "\nExample:\n\t%s -i wlan0mon -b 00:90:4C:C1:AC:21 -vv\n\n", prog_name);