MISC-16: Review Changes to OpenPLC Utils DAK Generation



Issue Information

Issue Type: Task
 
Priority: Major
Status: In Progress

Reported By:
Ben Tasker
Assigned To:
Ben Tasker
Project: Miscellaneous (MISC)
Resolution: Unresolved
Affects Version: HomeplugAV,
Target version: HomeplugAV,
Labels: HomePlugAV,

Created: 2016-01-12 00:49:19
Time Spent Working
Estimated:
 
60 minutes
Remaining:
  
55 minutes
Logged:
  
5 minutes


Description
During an email conversation earlier it was noted that the DAK generation utility within OpenPLC Utils appears to have been updated.

By default it now generates a different DAK on every execution. A new option (-m) has been introduced which derives the DAK from the MAC address but still gives a different result to the earlier versions of the utility.

Would be interesting to look a little closer at the changes and see what they've done.


Issue Links

Infiltrating a Network via HomeplugAV Adapters
Current version of Mac2PW (Github)
Archive of previous OpenPLC Utils version (bentasker.co.uk)
Toggle State Changes

Activity


btasker changed status from 'Open' to 'In Progress'
Looks as though the change started here - https://github.com/qca/open-plc-utils/commit/7f002ff621105e585a26f6b621cf609460d9b752 though that's since been updated from "NEWPasswords" to using either MACPasswords or RNDPasswords depending on the options passed on the command line.

The changes made to MACPasswords between that and the version I have are below
ben@milleniumfalcon:/tmp/compare$ diff -u old MACPasswords.c 
--- old	2016-01-12 00:54:08.301390618 +0000
+++ MACPasswords.c	2016-01-12 00:53:57.825192931 +0000
@@ -4,69 +4,49 @@
  *
  *   All rights reserved.
  *
- *   Redistribution and use in source and binary forms, with or 
- *   without modification, are permitted (subject to the limitations 
- *   in the disclaimer below) provided that the following conditions 
+ *   Redistribution and use in source and binary forms, with or
+ *   without modification, are permitted (subject to the limitations
+ *   in the disclaimer below) provided that the following conditions
  *   are met:
  *
- *   * Redistributions of source code must retain the above copyright 
+ *   * Redistributions of source code must retain the above copyright
  *     notice, this list of conditions and the following disclaimer.
  *
- *   * Redistributions in binary form must reproduce the above 
- *     copyright notice, this list of conditions and the following 
- *     disclaimer in the documentation and/or other materials 
+ *   * Redistributions in binary form must reproduce the above
+ *     copyright notice, this list of conditions and the following
+ *     disclaimer in the documentation and/or other materials
  *     provided with the distribution.
  *
- *   * Neither the name of Qualcomm Atheros nor the names of 
- *     its contributors may be used to endorse or promote products 
- *     derived from this software without specific prior written 
+ *   * Neither the name of Qualcomm Atheros nor the names of
+ *     its contributors may be used to endorse or promote products
+ *     derived from this software without specific prior written
  *     permission.
  *
- *   NO EXPRESS OR IMPLIED LICENSES TO ANY PARTY'S PATENT RIGHTS ARE 
- *   GRANTED BY THIS LICENSE. THIS SOFTWARE IS PROVIDED BY THE 
- *   COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR 
- *   IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 
- *   WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 
- *   PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER 
- *   OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 
- *   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 
- *   NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
- *   LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- *   HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
- *   CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE 
- *   OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
- *   SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.  
+ *   NO EXPRESS OR IMPLIED LICENSES TO ANY PARTY'S PATENT RIGHTS ARE
+ *   GRANTED BY THIS LICENSE. THIS SOFTWARE IS PROVIDED BY THE
+ *   COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR
+ *   IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ *   WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ *   PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+ *   OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ *   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ *   NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ *   LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ *   HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ *   CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ *   OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ *   SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
  *--------------------------------------------------------------------*/
 
 /*====================================================================*
  *
- *   void  MACPasswords (uint32_t vendor, uint32_t device, unsigned number, unsigned count, unsigned group, unsigned space, flag_t flags);
+ *   void  MACPasswords (unsigned vendor, unsigned device, unsigned number, unsigned count, unsigned group, char space, flag_t flags);
  *
  *   keys.h
  *
  *   print a range of device address/password pairs on stdout; print
- *   an optional usage flag in the first column for PTS compatability;
- *
- *   vendor is the 24-bit OUI expressed as an integer; device is the
- *   24-bit starting unit address expressed as an integer; number is
- *   the number of address/password pairs to generate; count is the
- *   number of letters in the password excluding delimiters;
- *
- *   passwords consists of letters arranged in groups separated by
- *   spaces; count is the number of letters; group is the number of
- *   letters in each group; space is the character that separates
- *   each group;
- *
- *   vendor is used to seed the random number generator and create
- *   a character set having the 256 random upper case letters used
- *   for all vendor passwords; most letters will appear more than
- *   once in the character set;
- *
- *   device is used to seed the random number generator and select
- *   count random letters from the character set until the password
- *   has been constructed;
- *
+ *   an optional usage flag in first column for PTS compatability;
  *
  *   Contributor(s):
  *	Charles Maier <cmaier@<Domain Hidden>>
@@ -81,7 +61,6 @@
 #include <stdlib.h>
 #include <stdint.h>
 #include <limits.h>
-#include <netinet/in.h>
 
 #include "../tools/types.h"
 #include "../tools/flags.h"
@@ -96,36 +75,59 @@
 	return (temp);
 }
 
-static uint32_t MACRand ()
+static unsigned MACRand ()
 
 {
 	MACSeed *= 0x41C64E6D;
 	MACSeed += 0x00003029;
-	return ((uint32_t)((MACSeed >> 0x10) & 0x7FFFFFFF));
+	return ((unsigned)((MACSeed >> 0x10) & 0x7FFFFFFF));
 }
 
-static void MACPassword (uint32_t device, char const charset [], unsigned count, unsigned alpha, unsigned group, char space)
+/*====================================================================*
+ *
+ *   void MACPassword (unsigned device, char const charset [], unsigned limit, unsigned count, unsigned group, char space);
+ *
+ *   keys.h
+ *
+ *   Contributor(s):
+ *	Charles Maier <cmaier@<Domain Hidden>>
+ *
+ *--------------------------------------------------------------------*/
+
+void MACPassword (unsigned device, char const charset [], unsigned limit, unsigned count, unsigned group, char space)
 
 {
-	unsigned letter = 0;
 	MACSRand (device);
-	while (letter < alpha)
+	while (count--)
 	{
-		unsigned offset = MACRand () % count;
-		if ((letter) && (group) && !(letter%group))
+		unsigned index = MACRand () % limit;
+		putc (charset [index & limit], stdout);
+		if ((count) && (group) && !(count % group))
 		{
 			putc (space, stdout);
 		}
-		putc (charset [offset], stdout);
-		letter++;
 	}
 	return;
 }
 
-void MACPasswords (uint32_t vendor, uint32_t device, unsigned count, unsigned alpha, unsigned group, unsigned space, flag_t flags)
+/*====================================================================*
+ *
+ *   void  MACPasswords (unsigned vendor, unsigned device, unsigned number, unsigned count, unsigned group, char space, flag_t flags);
+ *
+ *   keys.h
+ *
+ *   print a range of device address/password pairs on stdout; print
+ *   an optional usage flag in first column for PTS compatability;
+ *
+ *   Contributor(s):
+ *	Charles Maier <cmaier@<Domain Hidden>>
+ *
+ *--------------------------------------------------------------------*/
+
+void MACPasswords (unsigned vendor, unsigned device, unsigned number, unsigned count, unsigned group, char space, flag_t flags)
 
 {
-	char charset [UCHAR_MAX + 1];
+	char charset [UCHAR_MAX];
 	unsigned offset = 0;
 	if (vendor >> 24)
 	{
@@ -135,7 +137,7 @@
 	{
 		return;
 	}
-	if (count >> 24)
+	if (number >> 24)
 	{
 		return;
 	}
@@ -148,7 +150,7 @@
 			charset [offset++] = c;
 		}
 	}
-	while (count--)
+	while (number--)
 	{
 		if (_anyset (flags, PASSWORD_VERBOSE))
 		{
@@ -161,7 +163,7 @@
 			printf ("%06X", device & 0x00FFFFFF);
 			putc (' ', stdout);
 		}
-		MACPassword (device, charset, sizeof (charset), alpha, group, space);
+		MACPassword (device, charset, sizeof (charset), count, group, space);
 		putc ('\n', stdout);
 		device++;
 	}


As the name implies RNDPassword simply generates a random string, ultimately by calling putpwd - https://github.com/qca/open-plc-utils/blob/master/key/putpwd.c
I've updated my earlier article to include a link to a copy of the version of OpenPLC utils that I used whilst writing it. Otherwise anyone concerned that their devices may be affected is currently unable to actually check for themselves with the current version
btasker changed timespent from '0 minutes' to '5 minutes'
Although it's (unsurprisingly) vast, the following is the list of changes when the older version is written over the top of the current state of the repo

- List of changed files - http://projectsstatic.bentasker.co.uk/MISC/MISC16/changes/filechanges.txt
- Diff of all changes - http://projectsstatic.bentasker.co.uk/MISC/MISC16/changes/diff.txt
- Diff of changes within "key" - http://projectsstatic.bentasker.co.uk/MISC/MISC16/changes/keychanges.txt

Work log


Ben Tasker
Permalink
2016-01-15 12:34:24

Time Spent: 5 minutes
Log Entry: Updating earlier article