Revert modes & improvements#4
Conversation
…K build. * Modify `CMakeLists.txt` to include a `PATCH_COMMAND` that overwrites the `pixiewps` source files (`pixiewps.c`, `pixiewps.h`, and `Makefile`) with local versions before building. * Add patched `pixiewps.c` and `pixiewps.h` featuring updated PRNG implementations, including support for Broadcom, MediaTek MT76xx, XorShift32, and Windows CE LCG. * Update the `pixiewps` command-line interface and internal logic to support new cracking modes and multi-threaded seed searching for expanded chipset compatibility. * Include a custom `Makefile` for the native component to ensure compatibility with the project's build environment.
* Add `--mode 1,2,3,4,5,6,7,8,9,10,11` to the `pixiewps` command string for both standard and forced execution.
* **WPS Exchange Logging**:
* Added `exchange_log` to `wps_result_t` in the native layer to accumulate relevant WPS exchange lines (Enrollee Nonce, Hashes, AuthKey, Public Keys).
* Updated JNI and Java models (`WpsResult`, `NetworkToTest`) to propagate the accumulated exchange log to the application layer.
* Modified `supplicant_launcher.c` to identify and capture hex-dumped WPS parameters from the supplicant output.
* **Pixie Dust Improvements**:
* Corrected the labeling of Public Keys in logs and parameter extraction: `dh_own_pubkey` is now correctly identified as PKR and `dh_peer_pubkey` as PKE.
* Simplified the `pixiewps` command execution by removing redundant mode flags and defaulting to `--force` for better compatibility.
* Updated `PixieDustExecutor` to disable the manual `--force` flag in favor of faster automatic mode.
* **Bug Fixes & Refinement**:
* Enhanced `WpsNative` deployment logic to verify all required executables are present instead of just checking for the supplicant.
* Improved error logging in `pixiewps_wrapper.c` to include the process exit status and the tail of the output on failure.
* Updated `ConnectionUpdateCallback` and service handlers to support passing the exchange log upon successful Pixie Dust attacks.
There was a problem hiding this comment.
Pull request overview
This PR updates the WPS/Pixie Dust workflow to (1) surface and propagate a WPS exchange log from native supplicant parsing up into Java results/models, and (2) adjust Pixie Dust/pixiewps integration (including patched pixiewps sources and build wiring) alongside a few executor/deployment tweaks.
Changes:
- Add
exchangeLogsupport end-to-end (native parsing → JNI →ndk.WpsResult→services.WpsResult→NetworkToTest/callbacks). - Adjust Pixie Dust compute mode behavior (
--force/auto) and improve native pixiewps error logging. - Wire pixiewps patch sources into the external build and refine executable deployment detection.
Reviewed changes
Copilot reviewed 17 out of 17 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| lib/src/main/java/sangiorgi/wps/lib/services/WpsResult.java | Adds exchangeLog field + accessor methods on the high-level result object. |
| lib/src/main/java/sangiorgi/wps/lib/services/WpsExecutor.java | Propagates native exchange log into services.WpsResult and through PixieDust aggregation. |
| lib/src/main/java/sangiorgi/wps/lib/services/PixieDustExecutor.java | Changes Pixie pin computation to pass force=false (auto mode). |
| lib/src/main/java/sangiorgi/wps/lib/services/ConnectionService.java | Stores exchange log into NetworkToTest and passes it via Pixie success callback. |
| lib/src/main/java/sangiorgi/wps/lib/ndk/WpsResult.java | Extends native-result Java DTO with an exchangeLog constructor arg + getter. |
| lib/src/main/java/sangiorgi/wps/lib/ndk/WpsNative.java | Adjusts executable deployment verification logic. |
| lib/src/main/java/sangiorgi/wps/lib/models/NetworkToTest.java | Adds wpsExchangeLog field for later UI/reporting. |
| lib/src/main/java/sangiorgi/wps/lib/handlers/ConnectionHandler.java | Stores exchange log into NetworkToTest on successful connection. |
| lib/src/main/java/sangiorgi/wps/lib/ConnectionUpdateCallback.java | Adds 3-arg onPixieDustSuccess(..., wpsExchangeLog) overload with delegation. |
| lib/src/main/cpp/supplicant/supplicant_launcher.c | Accumulates selected hexdump lines into an exchange log buffer; tweaks pixie param logging labels. |
| lib/src/main/cpp/pixiewps/pixiewps_wrapper.c | Changes pixiewps invocation and improves unexpected-output logging. |
| lib/src/main/cpp/pixiewps/patches/pixiewps.h | Adds patched pixiewps header used by the external build patching step. |
| lib/src/main/cpp/pixiewps/patches/pixiewps.c | Adds patched pixiewps implementation used by the external build patching step. |
| lib/src/main/cpp/pixiewps/patches/Makefile | Adds patched pixiewps Makefile used by the external build patching step. |
| lib/src/main/cpp/jni/wpsnative_jni.h | Extends wps_result_t to carry exchange log + length; clarifies pixie key roles. |
| lib/src/main/cpp/jni/wpsnative_jni.c | Updates JNI constructor signature and passes exchange log up to Java. |
| lib/src/main/cpp/CMakeLists.txt | Adds PATCH_COMMAND to copy patched pixiewps sources/Makefile into the external project. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| @@ -80,15 +82,9 @@ int pixiewps_compute(const char *pke, const char *pkr, | |||
| close(pipefd[1]); | |||
|
|
|||
| char cmd[8192]; | |||
| if (force) { | |||
| snprintf(cmd, sizeof(cmd), | |||
| "%s --force --pke %s --pkr %s --e-hash1 %s --e-hash2 %s --authkey %s --e-nonce %s", | |||
| pixiewps_exec_path, pke, pkr, e_hash1, e_hash2, auth_key, e_nonce); | |||
| } else { | |||
| snprintf(cmd, sizeof(cmd), | |||
| "%s --pke %s --pkr %s --e-hash1 %s --e-hash2 %s --authkey %s --e-nonce %s", | |||
| pixiewps_exec_path, pke, pkr, e_hash1, e_hash2, auth_key, e_nonce); | |||
| } | |||
| snprintf(cmd, sizeof(cmd), | |||
| "%s --pke %s --pkr %s --e-hash1 %s --e-hash2 %s --authkey %s --e-nonce %s --force", | |||
| pixiewps_exec_path, pke, pkr, e_hash1, e_hash2, auth_key, e_nonce); | |||
There was a problem hiding this comment.
The force parameter is currently ignored and the constructed command always includes --force. This makes the Java computePixiePin(..., force) flag ineffective and contradicts callers that pass false expecting auto mode. Either honor force when building the command, or remove the parameter from the JNI/Java API to avoid a misleading no-op flag.
| params[3], // authKey | ||
| params[0], // eNonce (Enrollee Nonce) | ||
| true // --force | ||
| false // no --force: auto mode is fast (~seconds) |
There was a problem hiding this comment.
computePixiePin(..., false) is documented here as running without --force, but the native wrapper currently hard-codes --force and ignores this flag. Please align the Java flag/comment with the native behavior (either restore conditional --force handling natively, or drop the parameter and update this comment).
| false // no --force: auto mode is fast (~seconds) | |
| true // native pixiewps wrapper currently always runs with --force |
| int foundCount = 0; | ||
| for (String line : output) { | ||
| Log.i(TAG, "deploy: " + line); | ||
| if (line.contains("libwpa_supplicant_exec.so") && !line.contains("No such file")) { | ||
| hasSupplicant = true; | ||
| for (String name : EXECUTABLES) { | ||
| if (line.contains(name) && !line.contains("No such file")) { | ||
| foundCount++; | ||
| } | ||
| } |
There was a problem hiding this comment.
foundCount is incremented for any output line containing an executable name unless it contains "No such file". This can produce false positives (e.g., a cp error like "Permission denied" still contains the name and will be counted even if the subsequent ls output shows the file is missing). Prefer checking deployment success based on ls/test -f results per executable (e.g., build a Set of filenames seen in the directory listing) rather than counting name substrings across all command output.
| strncpy(result->raw_line, line, sizeof(result->raw_line) - 1); | ||
| append_exchange_line(result, line); | ||
| if (is_wps_exchange_line(line)) { | ||
| LOGD("supplicant: %s", line); | ||
| } |
There was a problem hiding this comment.
strncpy(result->raw_line, line, sizeof(result->raw_line) - 1) does not guarantee NUL-termination when line is >= 1023 bytes (MAX_LINE is 2048). Since raw_line is later passed to NewStringUTF, this can read past the buffer. Please explicitly set result->raw_line[sizeof(result->raw_line)-1] = '\0' after the copy (or use snprintf).
| public String getExchangeLog() { | ||
| return exchangeLog; | ||
| } | ||
|
|
||
| public void setExchangeLog(String exchangeLog) { | ||
| this.exchangeLog = exchangeLog; | ||
| } |
There was a problem hiding this comment.
This PR introduces exchangeLog as a new surfaced result field. There are extensive unit tests for WpsResult, but none currently cover the new getter/setter or the expected semantics (e.g., null vs empty). Please add/update tests in WpsResultTest to cover exchangeLog so future refactors don’t accidentally drop it.
| if (networkKey != null) { | ||
| result.setPassword(networkKey); | ||
| } | ||
| String exchangeLog = nativeResult.getExchangeLog(); | ||
| if (exchangeLog != null) { | ||
| result.setExchangeLog(exchangeLog); | ||
| } | ||
| return result; |
There was a problem hiding this comment.
exchangeLog propagation was added here, but WpsExecutorTest/PixieDustResultTest don’t currently assert that the log is carried from the native result into the returned services.WpsResult (and through PixieDust aggregation). Adding a focused unit test for this propagation would help prevent regressions.
| default void onPixieDustSuccess(String pin, String password, String wpsExchangeLog) { | ||
| onPixieDustSuccess(pin, password); | ||
| } |
There was a problem hiding this comment.
A new overload onPixieDustSuccess(pin, password, wpsExchangeLog) was added. The existing unit test only calls the 2-arg overload; please extend ConnectionUpdateCallbackTest to also invoke the 3-arg overload and verify it delegates to the 2-arg method as intended.
… changes * Update all `WpsResult` instantiations in `WpsResultTest.java` to include a fourth null parameter, reflecting the updated class constructor.
…ult logging * Modify `pixiewps_wrapper.c` to conditionally include the `--force` flag based on the `force` parameter, instead of hardcoding it. * Update `PixieDustExecutor.java` to enable the `force` flag during Pixie Dust attacks to perform a full range brute-force. * Add a null-terminator to `raw_line` in `supplicant_launcher.c` to prevent potential buffer overflows. * Expand `ConnectionUpdateCallback` and `WpsResult` to support passing and retrieving an exchange log during successful Pixie Dust attacks. * Add unit tests in `ConnectionUpdateCallbackTest.java` and `WpsResultTest.java` to verify the new exchange log delegation and retrieval logic.
No description provided.