fragattack: add --amsdu-ssp option

2024-11-28 10:18:21 -05:00 · 2020-08-05 07:17:59 +04:00 · 2020-08-05 07:17:59 +04:00 · 303b9cbec8
commit 303b9cbec8
parent d3e11e9bc1
3 changed files with 7 additions and 6 deletions
--- a/research/fragattack.py
+++ b/research/fragattack.py
@ -158,12 +158,12 @@ def args2ptype(args):

 def args2msdu(args):
 	# Only one of these should be given
-	if args.amsdu + args.fake_amsdu > 1:
-		log(STATUS, "You cannot combine --amsdu and --fake-amsdu. Please only supply one of them.")
+	if args.amsdu + args.amsdu_fake > 1:
+		log(STATUS, "You cannot combine --amsdu and --amsdu-fake. Please only supply one of them.")
 		quit(1)

 	if args.amsdu: return 1
-	if args.fake_amsdu: return 2
+	if args.amsdu_fake: return 2

 	return None

@ -183,7 +183,8 @@ if __name__ == "__main__":
 	parser.add_argument('--delay', type=float, default=0, help="Delay between fragments in certain tests.")
 	parser.add_argument('--inc-pn', type=int, help="To test non-sequential packet number in fragments.")
 	parser.add_argument('--amsdu', default=False, action='store_true', help="Encapsulate pings in an A-MSDU frame.")
-	parser.add_argument('--fake-amsdu', default=False, action='store_true', help="Set A-MSDU flag but include normal payload.")
+	parser.add_argument('--amsdu-fake', default=False, action='store_true', help="Set A-MSDU flag but include normal payload.")
+	parser.add_argument('--amsdu-ssp', default=False, action='store_true', help="Force authentication of QoS A-MSDU flag.")
 	parser.add_argument('--arp', default=False, action='store_true', help="Override default request with ARP request.")
 	parser.add_argument('--dhcp', default=False, action='store_true', help="Override default request with DHCP discover.")
 	parser.add_argument('--icmp', default=False, action='store_true', help="Override default request with ICMP ping request.")
--- a/research/fraginternals.py
+++ b/research/fraginternals.py
@ -446,7 +446,7 @@ class Station():
 			# TODO: Implement and test this function
 			encrypted = encrypt_tkip(frame, key, self.pn[idx], keyid)
 		elif len(key) == 16:
-			encrypted = encrypt_ccmp(frame, key, self.pn[idx], keyid)
+			encrypted = encrypt_ccmp(frame, key, self.pn[idx], keyid, self.options.amsdu_ssp)
 		else:
 			encrypted = encrypt_wep(frame, key, self.pn[idx], keyid)

--- a/research/tests_common.py
+++ b/research/tests_common.py
@ -155,7 +155,7 @@ class LinuxTest(Test):

 		# Fragment 2: make Linux update latest used crypto Packet Number. Use a dummy packet
 		# that can't accidently aggregate with the first fragment in a corrrect packet.
-		p = station.get_header(prior=2)/LLC()/SNAP()/IP()/Raw(b"linux_plain decoy fragment")
+		p = station.get_header(prior=2)/LLC()/SNAP()/IP()/Raw(b"linux-plain decoy fragment")
 		p.SC = frag2.SC ^ (1 << 4)

 		# - In the attack against Linux, the decoy frame must have the same QoS TID.