Merge branch 'drygdryg:master' into master

fulvius31 · Nov 22, 2023 · 60f5501 · 60f5501
2 parents e6eb831 + 129fa7c
commit 60f5501
Show file tree

Hide file tree

Showing 4 changed files with 54 additions and 9 deletions.
diff --git a/.flake8 b/.flake8
@@ -0,0 +1,2 @@
+[flake8]
+max-line-length = 120
diff --git a/README.md b/README.md
@@ -73,7 +73,7 @@ Optional: getting a list of vulnerable to pixie dust devices for highlighting in
  ```
  sudo wget https://raw.githubusercontent.com/fulvius31/OneShot/master/vulnwsc.txt
  ```
-## [Termux](https://play.google.com/store/apps/details?id=com.termux)
+## [Termux](https://termux.com/)
 Please note that root access is required.  
 
 #### Using installer
@@ -84,7 +84,7 @@ Please note that root access is required.
 **Installing requirements**
  ```
  pkg install -y root-repo
- pkg install -y git tsu python wpa-supplicant pixiewps iw
+ pkg install -y git tsu python wpa-supplicant pixiewps iw openssl
  ```
 **Getting OneShot**
  ```
@@ -116,6 +116,9 @@ Please note that root access is required.
      --vuln-list=<filename>   : Use custom file with vulnerable devices list ['vulnwsc.txt']
      --iface-down             : Down network interface when the work is finished
      -l, --loop               : Run in a loop
+     -r, --reverse-scan       : Reverse order of networks in the list of networks. Useful on small displays
+     --mtk-wifi               : Activate MediaTek Wi-Fi interface driver on startup and deactivate it on exit
+                                (for internal Wi-Fi adapters implemented in MediaTek SoCs). Turn off Wi-Fi in the system settings before using this.
      -v, --verbose            : Verbose output
  ```
 
@@ -143,11 +146,7 @@ Launch online WPS bruteforce with the specified first half of the PIN:
 #### "Device or resource busy (-16)"
  Try disabling Wi-Fi in the system settings and kill the Network manager. Alternatively, you can try running OneShot with ```--iface-down``` argument.
 #### The wlan0 interface disappears when Wi-Fi is disabled on Android devices with MediaTek SoC
- Try run the following:
-```
-sudo chmod 644 /dev/wmtWifi
-sudo sh -c 'echo 1 > /dev/wmtWifi'
-```
+ Try running OneShot with the `--mtk-wifi` flag to initialize Wi-Fi device driver.
 # Acknowledgements
 ## Special Thanks
 * `rofl0r` for initial implementation;

diff --git a/oneshot.py b/oneshot.py
@@ -14,6 +14,7 @@
 import collections
 import statistics
 import csv
+from pathlib import Path
 from typing import Dict
 
 
@@ -438,8 +439,13 @@ def __init_wpa_supplicant(self):
         self.wpas = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE,
                                      stderr=subprocess.STDOUT, encoding='utf-8', errors='replace')
         # Waiting for wpa_supplicant control interface initialization
-        while not os.path.exists(self.wpas_ctrl_path):
-            pass
+        while True:
+            ret = self.wpas.poll()
+            if ret is not None and ret != 0:
+                raise ValueError('wpa_supplicant returned an error: ' + self.wpas.communicate()[0])
+            if os.path.exists(self.wpas_ctrl_path):
+                break
+            time.sleep(.1)
 
     def sendOnly(self, command):
         """Sends command to wpa_supplicant"""
@@ -452,6 +458,7 @@ def sendAndReceive(self, command):
         inmsg = b.decode('utf-8', errors='replace')
         return inmsg
 
+    @staticmethod
     def _explain_wpas_not_ok_status(command: str, respond: str):
         if command.startswith(('WPS_REG', 'WPS_PBC')):
             if respond == 'UNKNOWN COMMAND':
@@ -1079,6 +1086,8 @@ def usage():
     --iface-down             : Down network interface when the work is finished
     -l, --loop               : Run in a loop
     -r, --reverse-scan       : Reverse order of networks in the list of networks. Useful on small displays
+    --mtk-wifi               : Activate MediaTek Wi-Fi interface driver on startup and deactivate it on exit
+                               (for internal Wi-Fi adapters implemented in MediaTek SoCs). Turn off Wi-Fi in the system settings before using this.
     -v, --verbose            : Verbose output
 
 Example:
@@ -1166,6 +1175,13 @@ def usage():
         action='store_true',
         help='Reverse order of networks in the list of networks. Useful on small displays'
     )
+    parser.add_argument(
+        '--mtk-wifi',
+        action='store_true',
+        help='Activate MediaTek Wi-Fi interface driver on startup and deactivate it on exit '
+             '(for internal Wi-Fi adapters implemented in MediaTek SoCs). '
+             'Turn off Wi-Fi in the system settings before using this.'
+    )
     parser.add_argument(
         '-v', '--verbose',
         action='store_true',
@@ -1179,6 +1195,14 @@ def usage():
     if os.getuid() != 0:
         die("Run it as root")
 
+    if args.mtk_wifi:
+        wmtWifi_device = Path("/dev/wmtWifi")
+        if not wmtWifi_device.is_char_device():
+            die("Unable to activate MediaTek Wi-Fi interface device (--mtk-wifi): "
+                "/dev/wmtWifi does not exist or it is not a character device")
+        wmtWifi_device.chmod(0o644)
+        wmtWifi_device.write_text("1")
+
     if not ifaceUp(args.interface):
         die('Unable to up interface "{}"'.format(args.interface))
 
@@ -1223,3 +1247,6 @@ def usage():
 
     if args.iface_down:
         ifaceUp(args.interface, down=True)
+
+    if args.mtk_wifi:
+        wmtWifi_device.write_text("0")
diff --git a/vulnwsc.txt b/vulnwsc.txt
@@ -1,12 +1,15 @@
+ADSL Router EV-2006-07-27
 ADSL RT2860
 AIR3G WSC Wireless Access Point AIR3G WSC Device
 AirLive Wireless Gigabit AP AirLive Wireless Gigabit AP
 Archer_A9 1.0
+ArcherC20i 1.0
 Archer A2 5.0
 Archer A5 4.0
 Archer C2 1.0
 Archer C2 3.0
 Archer C5 4.0
+Archer C6 3.20
 Archer C6U 1.0.0
 Archer C20 1.0
 Archer C20 4.0
@@ -18,12 +21,15 @@ Archer C50 5.0
 Archer C50 6.0
 Archer MR200 1.0
 Archer MR200 4.0
+Archer MR400 4.2
 Archer MR200 5.0
 Archer VR300 1.20
 Archer VR400 3.0
+Archer VR2100 1.0
 B-LINK 123456
 Belkin AP EV-2012-09-01
 DAP-1360 DAP-1360
+DIR-635 B3
 DIR-819 v1.0.1
 DIR-842 DIR-842
 DWR-921C3 WBR-0001
@@ -32,7 +38,10 @@ D-Link Router DIR-605L
 D-Link Router DIR-615H1
 D-Link Router DIR-655
 D-Link Router DIR-809
+D-Link Router GO-RT-N150
+Edimax Edimax
 EC120-F5 1.0
+EC220-G5 2.0
 EV-2009-02-06
 Enhanced Wireless Router F6D4230-4 v1
 Home Internet Center KEENETIC series
@@ -44,6 +53,7 @@ Linksys Wireless Access Point EA7500
 Linksys Wireless Router WRT110
 NBG-419N NBG-419N
 Netgear AP EV-2012-08-04
+NETGEAR Wireless Access Point NETGEAR
 NETGEAR Wireless Access Point R6220
 NETGEAR Wireless Access Point R6260
 N/A EV-2010-09-20
@@ -65,6 +75,8 @@ TD-W9960 1.0
 TD-W9960 1.20
 TD-W9960v 1.0
 TD-W8968 2.0
+TEW-731BR TEW-731BR
+TL-MR100 1.0
 TL-MR3020 3.0
 TL-MR3420 5.0
 TL-MR6400 3.0
@@ -85,18 +97,21 @@ TL-WR850N 3.0
 TL-WR1042N EV-2010-09-20
 Trendnet router TEW-625br
 Trendnet router TEW-651br
+VN020-F3 1.0
 VMG3312-T20A RT2860
 VMG8623-T50A RT2860
 WAP300N WAP300N
 WAP3205 WAP3205
 Wi-Fi Protected Setup Router RT-AC1200G+
+Wi-Fi Protected Setup Router RT-AX55
 Wi-Fi Protected Setup Router RT-N10U
 Wi-Fi Protected Setup Router RT-N12
 Wi-Fi Protected Setup Router RT-N12D1
 Wi-Fi Protected Setup Router RT-N12VP
 Wireless Access Point .
 Wireless Router 123456
 Wireless Router RTL8xxx EV-2009-02-06
+Wireless Router Wireless Router
 Wireless WPS Router <#ZVMODELVZ#>
 Wireless WPS Router RT-N10E
 Wireless WPS Router RT-N10LX
@@ -135,7 +150,9 @@ WPS Router RT-N56U
 WPS Router RT-N56UB1
 WPS Router RT-N65U
 WPS Router RT-N300
+WR5570 2011-05-13
 ZyXEL NBG-416N AP Router
+ZyXEL NBG-416N AP Router NBG-416N
 ZyXEL NBG-418N AP Router
 ZyXEL NBG-418N AP Router NBG-418N
 ZyXEL Wireless AP Router NBG-417N