git subrepo clone https://github.com/rpp0/peapwn peapwn

subrepo:
  subdir:   "peapwn"
  merged:   "67d5abe"
upstream:
  origin:   "https://github.com/rpp0/peapwn"
  branch:   "master"
  commit:   "67d5abe"
git-subrepo:
  version:  "0.2.0"
  origin:   "???"
  commit:   "???"

peapwn/.gitignore

@@ -0,0 +1,32 @@
+peapwn.conf
+peapwn.sh
+*.o
+*.d
+*.gcno
+*.gcda
+*.gcov
+*.pyc
+*~
+.config
+mods/hostap/tests/hwsim/logs
+mods/hostap/wpaspy/build
+mods/hostap/wpa_supplicant/eapol_test
+mods/hostap/wpa_supplicant/nfc_pw_token
+mods/hostap/wpa_supplicant/preauth_test
+mods/hostap/wpa_supplicant/wpa_cli
+mods/hostap/wpa_supplicant/wpa_passphrase
+mods/hostap/wpa_supplicant/wpa_supplicant
+mods/hostap/wpa_supplicant/wpa_priv
+mods/hostap/wpa_supplicant/wpa_gui/Makefile
+mods/hostap/wpa_supplicant/wpa_gui/wpa_gui
+mods/hostap/wpa_supplicant/wpa_gui-qt4/Makefile
+mods/hostap/wpa_supplicant/wpa_gui-qt4/wpa_gui
+mods/hostap/hostapd/hostapd
+mods/hostap/hostapd/hostapd_cli
+mods/hostap/hostapd/hlr_auc_gw
+mods/hostap/hostapd/nt_password_hash
+mods/hostap/mac80211_hwsim/tools/hwsim_test
+mods/hostap/wlantest/libwlantest.a
+mods/hostap/wlantest/test_vectors
+mods/hostap/wlantest/wlantest
+mods/hostap/wlantest/wlantest_cli

peapwn/.gitrepo

@@ -0,0 +1,11 @@
+; DO NOT EDIT (unless you know what you are doing)
+;
+; This subdirectory is a git "subrepo", and this file is maintained by the
+; git-subrepo command. See https://github.com/git-commands/git-subrepo#readme
+;
+[subrepo]
+	remote = https://github.com/rpp0/peapwn
+	branch = master
+	commit = 67d5abe7d39fbb0ef1740dbe93ca700ef804344f
+	parent = c27383a629ac6d44a2fb6065f50fe1b42f14ee34
+	cmdver = 0.2.0

peapwn/README.md

@@ -0,0 +1,42 @@
+PEAPwn
+======
+
+PEAPwn is a proof-of-concept implementation of the Apple relay attack introduced at WiSec 2014. It uses a modified version of the ```wpa_supplicant``` tool by Jouni Malinen to establish a PEAP or EAP-TTLS session with the target Authentication Server, and a Python script to exploit several vulnerabilities in iOS < 8 and the MSCHAPv2 protocol. This allows an attacker to gain unauthorized access to any WPA2-Enterprise network that uses a tunneled authentication protocol such as PEAP or EAP-TTLS.
+
+Link to the paper: http://research.edm.uhasselt.be/~bbonne/docs/robyns14wpa2enterprise.pdf
+
+
+Building the PoC
+----------------
+
+Currently, only Linux based operating systems are supported. To build the PoC, perform the following steps:
+
+1. Install the Scapy library for Python 2.
+2. Install libnl1
+3. Navigate to mods/hostap/wpa_supplicant.
+4. cp defconfig .config
+5. Run ```make```. 
+
+
+Running the PoC
+---------------
+
+To run the PoC, one is required to have two NICs. At least one of these devices is required to support Monitor mode. The PoC can then be run as follows:
+
+```# python2 peapwn.py <infra_nic> <mon_nic> <essid>```
+
+For example, to attack a network with SSID ```testnet```:
+
+```# python2 peapwn.py wlan0 wlan1 testnet```
+
+
+Legal notice
+------------
+
+This PoC is intended for research purposes only, and should only be used in a legal context. For example, to verify the security of your own networks.
+
+
+TODO list
+---------
+
+- [ ] More robust error handling.

peapwn/mods/hostap/Android.mk

@@ -0,0 +1,16 @@
+LOCAL_PATH:= $(call my-dir)
+
+ifndef WPA_SUPPLICANT_VERSION
+WPA_SUPPLICANT_VERSION := VER_0_8_X
+endif
+ifeq ($(WPA_SUPPLICANT_VERSION),VER_0_8_X)
+# The order of the 2 Android.mks does matter!
+# TODO: Clean up the Android.mks, reset all the temporary variables at the
+# end of each Android.mk, so that one Android.mk doesn't depend on variables
+# set up in the other Android.mk.
+include $(LOCAL_PATH)/hostapd/Android.mk \
+        $(LOCAL_PATH)/wpa_supplicant/Android.mk
+endif
+ifeq ($(WPA_SUPPLICANT_VERSION),VER_2_1_DEVEL)
+include $(call all-subdir-makefiles)
+endif

peapwn/mods/hostap/CONTRIBUTIONS

@@ -0,0 +1,111 @@
+Contributions to hostap.git
+---------------------------
+
+This software is distributed under a permissive open source license to
+allow it to be used in any projects, whether open source or proprietary.
+Contributions to the project are welcome and it is important to maintain
+clear record of contributions and terms under which they are licensed.
+To help with this, following procedure is used to allow acceptance and
+recording of the terms.
+
+These terms are similar to the process used in Linux kernel development.
+The items (a) through (d) are identical to the Developer's Certificate
+of Origin 1.1. To enable cleaner licensing option to be provided in the
+future, an additional item (e) is included.
+
+Until February 11, 2012, in case of most files in hostap.git, "under the
+open source license indicated in the file" means that the contribution
+is licensed both under GPL v2 and modified BSD license (see below) and
+the choice between these licenses is given to anyone who redistributes
+or uses the software. As such, the contribution has to be licensed under
+both options to allow this choice.
+
+As of February 11, 2012, the project has chosen to use only the BSD
+license option for future distribution. As such, the GPL v2 license
+option is no longer used and the contributions are not required to be
+licensed until GPL v2. In case of most files in hostap.git, "under the
+open source license indicated in the file" means that the contribution
+is licensed under the modified BSD license (see below).
+
+
+The additional item (e) is used to collect explicit approval to license
+the contribution with only the modified BSD license (see below), i.e.,
+without the GPL v2 option. This was done to allow simpler licensing
+terms to be used in the future. It should be noted that the modified BSD
+license is compatible with GNU GPL and as such, this possible move to
+simpler licensing option does not prevent use of this software in
+GPL projects.
+
+
+By making a contribution to this project, I certify that:
+
+(a) The contribution was created in whole or in part by me and I
+    have the right to submit it under the open source license
+    indicated in the file; or
+
+(b) The contribution is based upon previous work that, to the best
+    of my knowledge, is covered under an appropriate open source
+    license and I have the right under that license to submit that
+    work with modifications, whether created in whole or in part
+    by me, under the same open source license (unless I am
+    permitted to submit under a different license), as indicated
+    in the file; or
+
+(c) The contribution was provided directly to me by some other
+    person who certified (a), (b) or (c) and I have not modified
+    it.
+
+(d) I understand and agree that this project and the contribution
+    are public and that a record of the contribution (including all
+    personal information I submit with it, including my sign-off) is
+    maintained indefinitely and may be redistributed consistent with
+    this project or the open source license(s) involved.
+
+Additionally, I certify that:
+
+(e) The contribution can be licensed under the modified BSD license
+    as shown below even in case of files that are currently licensed
+    under other terms.
+
+
+To indicate your acceptance of these terms, please add the following
+line to each contribution you make to the project:
+
+Signed-hostap: Your Name <[email protected]>
+
+using your real name. Pseudonyms or anonymous contributions cannot
+unfortunately be accepted.
+
+
+
+Modified BSD license (no advertisement clause):
+
+Copyright (c) 2002-2012, Jouni Malinen <[email protected]> and contributors
+All Rights Reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+1. Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+
+3. Neither the name(s) of the above-listed copyright holder(s) nor the
+   names of its contributors may be used to endorse or promote products
+   derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

peapwn/mods/hostap/COPYING

@@ -0,0 +1,22 @@
+wpa_supplicant and hostapd
+--------------------------
+
+Copyright (c) 2002-2012, Jouni Malinen <[email protected]> and contributors
+All Rights Reserved.
+
+
+See the README file for the current license terms.
+
+This software was previously distributed under BSD/GPL v2 dual license
+terms that allowed either of those license alternatives to be
+selected. As of February 11, 2012, the project has chosen to use only
+the BSD license option for future distribution. As such, the GPL v2
+license option is no longer used. It should be noted that the BSD
+license option (the one with advertisement clause removed) is compatible
+with GPL and as such, does not prevent use of this software in projects
+that use GPL.
+
+Some of the files may still include pointers to GPL version 2 license
+terms. However, such copyright and license notifications are maintained
+only for attribution purposes and any distribution of this software
+after February 11, 2012 is no longer under the GPL v2 option.

peapwn/mods/hostap/README

@@ -0,0 +1,56 @@
+wpa_supplicant and hostapd
+--------------------------
+
+Copyright (c) 2002-2013, Jouni Malinen <[email protected]> and contributors
+All Rights Reserved.
+
+These programs are licensed under the BSD license (the one with
+advertisement clause removed).
+
+If you are submitting changes to the project, please see CONTRIBUTIONS
+file for more instructions.
+
+
+This package may include either wpa_supplicant, hostapd, or both. See
+README file respective subdirectories (wpa_supplicant/README or
+hostapd/README) for more details.
+
+Source code files were moved around in v0.6.x releases and compared to
+earlier releases, the programs are now built by first going to a
+subdirectory (wpa_supplicant or hostapd) and creating build
+configuration (.config) and running 'make' there (for Linux/BSD/cygwin
+builds).
+
+
+License
+-------
+
+This software may be distributed, used, and modified under the terms of
+BSD license:
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+1. Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+
+3. Neither the name(s) of the above-listed copyright holder(s) nor the
+   names of its contributors may be used to endorse or promote products
+   derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

peapwn/mods/hostap/build_release

@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -e
+
+if [ -z "$1" ]; then
+    echo "build_release <version>"
+    exit 1
+fi
+
+TMP=tmp.build_release
+RELDIR=`pwd`/Release
+VER=$1
+NOW=`date +%Y-%m-%d`
+
+echo "Version: $VER - $NOW"
+
+DATEw=`head -n 3 wpa_supplicant/ChangeLog | tail -n 1 | sed "s/ .*//"`
+DATEh=`head -n 3 hostapd/ChangeLog | tail -n 1 | sed "s/ .*//"`
+
+if [ "$DATEw" != "$NOW" -o "$DATEh" != "$NOW" ]; then
+    echo "NOTE! Date mismatch in ChangeLog: wpa_supplicant $DATEw hostapd $DATEh != $NOW"
+fi
+
+if [ -r $TMP ]; then
+    echo "Temporary directory '$TMP' exists. Remove it before running this."
+    exit 1
+fi
+
+mkdir $TMP
+mkdir -p $RELDIR
+
+git archive --format=tar --prefix=wpa-$VER/ HEAD \
+	README COPYING patches src wpa_supplicant hostapd |
+	gzip > $RELDIR/wpa-$VER.tar.gz
+git archive --format=tar --prefix=hostapd-$VER/ HEAD \
+	README COPYING patches src hostapd |
+	gzip > $RELDIR/hostapd-$VER.tar.gz
+git archive --format=tar --prefix=wpa_supplicant-$VER/ HEAD \
+	README COPYING patches src wpa_supplicant |
+	tar --directory=$TMP -xf -
+
+cd $TMP
+make -C wpa_supplicant-$VER/wpa_supplicant/doc/docbook man
+rm -f wpa_supplicant-$VER/wpa_supplicant/doc/docbook/manpage.{links,refs}
+tar czf $RELDIR/wpa_supplicant-$VER.tar.gz wpa_supplicant-$VER
+cd ..
+rm -r $TMP

peapwn/mods/hostap/src/Makefile

@@ -0,0 +1,11 @@
+SUBDIRS=ap common crypto drivers eapol_auth eapol_supp eap_common eap_peer eap_server l2_packet p2p radius rsn_supp tls utils wps spoof
+
+all:
+	for d in $(SUBDIRS); do [ -d $$d ] && $(MAKE) -C $$d; done
+
+clean:
+	for d in $(SUBDIRS); do [ -d $$d ] && $(MAKE) -C $$d clean; done
+	rm -f *~
+
+install:
+	for d in $(SUBDIRS); do [ -d $$d ] && $(MAKE) -C $$d install; done

peapwn/mods/hostap/src/ap/Makefile

@@ -0,0 +1,8 @@
+all:
+	@echo Nothing to be made.
+
+clean:
+	rm -f *~ *.o *.d *.gcno *.gcda *.gcov
+
+install:
+	@echo Nothing to be made.