From 964cff951f71b138f9f4cb482b78fba205097366 Mon Sep 17 00:00:00 2001
From: Jens Steube <jens.steube@gmail.com>
Date: Mon, 29 Nov 2021 10:40:06 +0100
Subject: [PATCH] Fixed functional error when nonce-error-corrections that were
 set on the command line in hash-mode 22000/22001 were not accepted

---
 docs/changes.txt           |  6 ++++
 src/modules/module_22000.c | 57 +++++++++++++++++++++++++++++++++++++-
 src/modules/module_22001.c | 57 +++++++++++++++++++++++++++++++++++++-
 3 files changed, 118 insertions(+), 2 deletions(-)

diff --git a/docs/changes.txt b/docs/changes.txt
index 3989799b3..efc0f9f88 100644
--- a/docs/changes.txt
+++ b/docs/changes.txt
@@ -1,5 +1,11 @@
 * changes v6.2.5 -> v6.2.x
 
+##
+## Bugs
+##
+
+- Fixed functional error when nonce-error-corrections that were set on the command line in hash-mode 22000/22001 were not accepted
+
 ##
 ## Technical
 ##
diff --git a/src/modules/module_22000.c b/src/modules/module_22000.c
index 942b02703..382ace959 100644
--- a/src/modules/module_22000.c
+++ b/src/modules/module_22000.c
@@ -192,6 +192,7 @@ int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE
 
       memset (hashes_buf[hashes_cnt].esalt, 0, sizeof (wpa_t));
 
+      /* moved to module_hash_decode_postprocess()
       wpa_t *wpa = (wpa_t *) hashes_buf[hashes_cnt].esalt;
 
       wpa->message_pair_chgd = user_options->hccapx_message_pair_chgd;
@@ -199,6 +200,7 @@ int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE
 
       wpa->nonce_error_corrections_chgd = user_options->nonce_error_corrections_chgd;
       wpa->nonce_error_corrections      = user_options->nonce_error_corrections;
+      */
 
       hash_t *hash = &hashes_buf[hashes_cnt];
 
@@ -225,6 +227,7 @@ int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE
 
       memset (hashes_buf[hashes_cnt].esalt, 0, sizeof (wpa_t));
 
+      /* moved to module_hash_decode_postprocess()
       wpa_t *wpa = (wpa_t *) hashes_buf[hashes_cnt].esalt;
 
       wpa->message_pair_chgd = user_options->hccapx_message_pair_chgd;
@@ -232,6 +235,7 @@ int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE
 
       wpa->nonce_error_corrections_chgd = user_options->nonce_error_corrections_chgd;
       wpa->nonce_error_corrections      = user_options->nonce_error_corrections;
+      */
 
       hash_t *hash = &hashes_buf[hashes_cnt];
 
@@ -1044,6 +1048,9 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
 
     const u8 message_pair = hex_to_u8 (message_pair_pos);
 
+    wpa->message_pair = message_pair;
+
+    /* moved to module_hash_decode_postprocess()
     if (wpa->message_pair_chgd == true)
     {
       // we can filter some message types here
@@ -1080,6 +1087,7 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
         }
       }
     }
+    */
 
     // now some optimization related to replay counter endianess
     // hcxtools has techniques to detect them
@@ -1273,6 +1281,53 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
   return line_len;
 }
 
+int module_hash_decode_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
+{
+  wpa_t *wpa = (wpa_t *) esalt_buf;
+
+  wpa->message_pair_chgd = user_options->hccapx_message_pair_chgd;
+  //wpa->message_pair      = user_options->hccapx_message_pair;
+
+  wpa->nonce_error_corrections_chgd = user_options->nonce_error_corrections_chgd;
+  //wpa->nonce_error_corrections      = user_options->nonce_error_corrections;
+
+  if (wpa->message_pair_chgd == true)
+  {
+    // we can filter some message types here
+
+    if (user_options->hccapx_message_pair != (wpa->message_pair & 0x7f)) return (PARSER_HCCAPX_MESSAGE_PAIR);
+  }
+
+  if (wpa->nonce_error_corrections_chgd == true)
+  {
+    wpa->nonce_error_corrections = user_options->nonce_error_corrections;
+  }
+  else
+  {
+    wpa->nonce_error_corrections = NONCE_ERROR_CORRECTIONS;
+  }
+
+  if (wpa->message_pair & (1 << 4))
+  {
+    // ap-less attack detected, nc not needed
+
+    wpa->nonce_error_corrections = 0;
+  }
+  else
+  {
+    if (wpa->message_pair & (1 << 7))
+    {
+      // replaycount not checked, nc needed
+    }
+    else
+    {
+      wpa->nonce_error_corrections = 0;
+    }
+  }
+
+  return (PARSER_OK);
+}
+
 void module_init (module_ctx_t *module_ctx)
 {
   module_ctx->module_context_size             = MODULE_CONTEXT_SIZE_CURRENT;
@@ -1300,7 +1355,7 @@ void module_init (module_ctx_t *module_ctx)
   module_ctx->module_hash_binary_count        = module_hash_binary_count;
   module_ctx->module_hash_binary_parse        = module_hash_binary_parse;
   module_ctx->module_hash_binary_save         = module_hash_binary_save;
-  module_ctx->module_hash_decode_postprocess  = MODULE_DEFAULT;
+  module_ctx->module_hash_decode_postprocess  = module_hash_decode_postprocess;
   module_ctx->module_hash_decode_potfile      = module_hash_decode_potfile;
   module_ctx->module_hash_decode_zero_hash    = MODULE_DEFAULT;
   module_ctx->module_hash_decode              = module_hash_decode;
diff --git a/src/modules/module_22001.c b/src/modules/module_22001.c
index 22eced6a1..f9aed27e2 100644
--- a/src/modules/module_22001.c
+++ b/src/modules/module_22001.c
@@ -193,6 +193,7 @@ int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE
 
       memset (hashes_buf[hashes_cnt].esalt, 0, sizeof (wpa_t));
 
+      /* moved to module_hash_decode_postprocess()
       wpa_t *wpa = (wpa_t *) hashes_buf[hashes_cnt].esalt;
 
       wpa->message_pair_chgd = user_options->hccapx_message_pair_chgd;
@@ -200,6 +201,7 @@ int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE
 
       wpa->nonce_error_corrections_chgd = user_options->nonce_error_corrections_chgd;
       wpa->nonce_error_corrections      = user_options->nonce_error_corrections;
+      */
 
       hash_t *hash = &hashes_buf[hashes_cnt];
 
@@ -226,6 +228,7 @@ int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE
 
       memset (hashes_buf[hashes_cnt].esalt, 0, sizeof (wpa_t));
 
+      /* moved to module_hash_decode_postprocess()
       wpa_t *wpa = (wpa_t *) hashes_buf[hashes_cnt].esalt;
 
       wpa->message_pair_chgd = user_options->hccapx_message_pair_chgd;
@@ -233,6 +236,7 @@ int module_hash_binary_parse (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE
 
       wpa->nonce_error_corrections_chgd = user_options->nonce_error_corrections_chgd;
       wpa->nonce_error_corrections      = user_options->nonce_error_corrections;
+      */
 
       hash_t *hash = &hashes_buf[hashes_cnt];
 
@@ -1044,6 +1048,9 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
 
     const u8 message_pair = hex_to_u8 (message_pair_pos);
 
+    wpa->message_pair = message_pair;
+
+    /* moved to module_hash_decode_postprocess()
     if (wpa->message_pair_chgd == true)
     {
       // we can filter some message types here
@@ -1080,6 +1087,7 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
         }
       }
     }
+    */
 
     // now some optimization related to replay counter endianess
     // hcxtools has techniques to detect them
@@ -1273,6 +1281,53 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
   return line_len;
 }
 
+int module_hash_decode_postprocess (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
+{
+  wpa_t *wpa = (wpa_t *) esalt_buf;
+
+  wpa->message_pair_chgd = user_options->hccapx_message_pair_chgd;
+  //wpa->message_pair      = user_options->hccapx_message_pair;
+
+  wpa->nonce_error_corrections_chgd = user_options->nonce_error_corrections_chgd;
+  //wpa->nonce_error_corrections      = user_options->nonce_error_corrections;
+
+  if (wpa->message_pair_chgd == true)
+  {
+    // we can filter some message types here
+
+    if (user_options->hccapx_message_pair != (wpa->message_pair & 0x7f)) return (PARSER_HCCAPX_MESSAGE_PAIR);
+  }
+
+  if (wpa->nonce_error_corrections_chgd == true)
+  {
+    wpa->nonce_error_corrections = user_options->nonce_error_corrections;
+  }
+  else
+  {
+    wpa->nonce_error_corrections = NONCE_ERROR_CORRECTIONS;
+  }
+
+  if (wpa->message_pair & (1 << 4))
+  {
+    // ap-less attack detected, nc not needed
+
+    wpa->nonce_error_corrections = 0;
+  }
+  else
+  {
+    if (wpa->message_pair & (1 << 7))
+    {
+      // replaycount not checked, nc needed
+    }
+    else
+    {
+      wpa->nonce_error_corrections = 0;
+    }
+  }
+
+  return (PARSER_OK);
+}
+
 void module_init (module_ctx_t *module_ctx)
 {
   module_ctx->module_context_size             = MODULE_CONTEXT_SIZE_CURRENT;
@@ -1300,7 +1355,7 @@ void module_init (module_ctx_t *module_ctx)
   module_ctx->module_hash_binary_count        = module_hash_binary_count;
   module_ctx->module_hash_binary_parse        = module_hash_binary_parse;
   module_ctx->module_hash_binary_save         = module_hash_binary_save;
-  module_ctx->module_hash_decode_postprocess  = MODULE_DEFAULT;
+  module_ctx->module_hash_decode_postprocess  = module_hash_decode_postprocess;
   module_ctx->module_hash_decode_potfile      = module_hash_decode_potfile;
   module_ctx->module_hash_decode_zero_hash    = MODULE_DEFAULT;
   module_ctx->module_hash_decode              = module_hash_decode;