From a488cf86f1b197995cf53f02528eabcf1c7360ba Mon Sep 17 00:00:00 2001
From: derv82 <derv82@gmail.com>
Date: Sat, 24 Mar 2018 13:59:58 -0400
Subject: [PATCH] Bugfix: Don't infinitely loop while calculating Hex & ASCII
 key from WEP attack.

* Simplified HEX/ASCII conversion. Avoids infinite loop :thinking:
* Added integration test: python -m wifite.tools.aircrack

Should resolve "hanging" issues during WEP attacks such as #27.
---
 wifite/attack/wep.py     | 14 ++------
 wifite/tools/aircrack.py | 73 ++++++++++++++++++++++++----------------
 2 files changed, 47 insertions(+), 40 deletions(-)

diff --git a/wifite/attack/wep.py b/wifite/attack/wep.py
index bf74f29..7934d35 100755
--- a/wifite/attack/wep.py
+++ b/wifite/attack/wep.py
@@ -94,12 +94,7 @@ class AttackWEP(Attack):
                         if aireplay.status is not None:
                             status += ", %s" % aireplay.status
                         Color.clear_entire_line()
-                        Color.pattack("WEP",
-                                airodump_target,
-                                "%s" % attack_name,
-                                status)
-
-                        #self.aircrack_check()
+                        Color.pattack("WEP", airodump_target, "%s" % attack_name, status)
 
                         # Check if we cracked it.
                         if aircrack and aircrack.is_cracked():
@@ -109,8 +104,7 @@ class AttackWEP(Attack):
                                 essid = airodump_target.essid
                             else:
                                 essid = None
-                            Color.pl('\n{+} {C}%s{W} WEP attack {G}successful{W}\n'
-                                % attack_name)
+                            Color.pl('\n{+} {C}%s{W} WEP attack {G}successful{W}\n' % attack_name)
                             if aireplay: aireplay.stop()
                             if fakeauth_proc: fakeauth_proc.stop()
                             self.crack_result = CrackResultWEP(self.target.bssid,
@@ -143,9 +137,7 @@ class AttackWEP(Attack):
                                 # Restart aircrack after X seconds
                                 aircrack.stop()
                                 ivs_file = airodump.find_files(endswith='.ivs')[0]
-                                Color.pl('\n{+} {C}aircrack{W} ran for more than' +
-                                         ' {C}%d{W} seconds, restarting'
-                                             % Configuration.wep_restart_aircrack)
+                                Color.pl('\n{+} {C}aircrack{W} ran for more than {C}%d{W} seconds, restarting' % Configuration.wep_restart_aircrack)
                                 aircrack = Aircrack(ivs_file)
 
 
diff --git a/wifite/tools/aircrack.py b/wifite/tools/aircrack.py
index d0c73f0..04364af 100755
--- a/wifite/tools/aircrack.py
+++ b/wifite/tools/aircrack.py
@@ -39,44 +39,59 @@ class Aircrack(object):
     def get_key_hex_ascii(self):
         if not self.is_cracked():
             raise Exception('Cracked file not found')
+
         with open(self.cracked_file, 'r') as fid:
             hex_raw = fid.read()
-        hex_key = ''
+
+        return self._hex_and_ascii_key(hex_raw)
+
+    @staticmethod
+    def _hex_and_ascii_key(hex_raw):
+        hex_chars = []
         ascii_key = ''
-        while len(hex_raw) > 0:
-            # HEX
-            if hex_key != '':
-                hex_key += ':'
-            hex_key += hex_raw[0:2]
+        for index in xrange(0, len(hex_raw), 2):
+            byt = hex_raw[index:index+2]
+            hex_chars.append(byt)
+            byt_int = int(byt, 16)
+            if byt_int < 32 or byt_int > 127 or ascii_key is None:
+                ascii_key = None # Not printable
+            else:
+                ascii_key += chr(byt_int)
 
-            # ASCII
-            # Convert hex to decimal
-            code = int(hex_raw[0:2], 16)
-            if code < 32 or code > 127:
-                # Hex key is non-printable in ascii
-                ascii_key = None
-                continue
-            elif ascii_key is None:
-                # We can't generate an Ascii key
-                continue
-            # Convert decimal to char
-            ascii_key += chr(code)
-
-            # Trim first two characters
-            hex_raw = hex_raw[2:]
-            continue
+        hex_key = ':'.join(hex_chars)
 
         return (hex_key, ascii_key)
 
+    def __del__(self):
+        if os.path.exists(self.cracked_file):
+            os.remove(self.cracked_file)
+
 if __name__ == '__main__':
+    (hexkey, asciikey) = Aircrack._hex_and_ascii_key('A1B1C1D1E1')
+    assert hexkey == 'A1:B1:C1:D1:E1', 'hexkey was "%s", expected "A1:B1:C1:D1:E1"' % hexkey
+    assert asciikey is None, 'asciikey was "%s", expected None' % asciikey
+
+    (hexkey, asciikey) = Aircrack._hex_and_ascii_key('6162636465')
+    assert hexkey == '61:62:63:64:65', 'hexkey was "%s", expected "61:62:63:64:65"' % hexkey
+    assert asciikey == 'abcde', 'asciikey was "%s", expected "abcde"' % asciikey
+
     from time import sleep
+
     Configuration.initialize(False)
-    a = Aircrack('tests/files/wep-crackable.ivs')
-    while a.is_running():
+
+    ivs_file = 'tests/files/wep-crackable.ivs'
+    print "Running aircrack on %s ..." % ivs_file
+
+    aircrack = Aircrack(ivs_file)
+    while aircrack.is_running():
         sleep(1)
-    if a.is_cracked():
-        print "cracked!"
-        print '(hex, ascii) =', a.get_key_hex_ascii()
-    else:
-        print "Not cracked"
+
+    assert aircrack.is_cracked(), "Aircrack should have cracked %s" % ivs_file
+    print "aircrack process completed."
+
+    (hexkey, asciikey) = aircrack.get_key_hex_ascii()
+    print "aircrack found HEX key: (%s) and ASCII key: (%s)" % (hexkey, asciikey)
+    assert hexkey == '75:6E:63:6C:65', 'hexkey was "%s", expected "75:6E:63:6C:65"' % hexkey
+    assert asciikey == 'uncle', 'asciikey was "%s", expected "uncle"' % asciikey
+
     Configuration.exit_gracefully(0)