Skip to content

Revert modes & improvements#4

Merged
fulvius31 merged 5 commits into
mainfrom
revert-modes
Mar 30, 2026
Merged

Revert modes & improvements#4
fulvius31 merged 5 commits into
mainfrom
revert-modes

Conversation

@fulvius31

Copy link
Copy Markdown
Owner

No description provided.

…K build.

*   Modify `CMakeLists.txt` to include a `PATCH_COMMAND` that overwrites the `pixiewps` source files (`pixiewps.c`, `pixiewps.h`, and `Makefile`) with local versions before building.
*   Add patched `pixiewps.c` and `pixiewps.h` featuring updated PRNG implementations, including support for Broadcom, MediaTek MT76xx, XorShift32, and Windows CE LCG.
*   Update the `pixiewps` command-line interface and internal logic to support new cracking modes and multi-threaded seed searching for expanded chipset compatibility.
*   Include a custom `Makefile` for the native component to ensure compatibility with the project's build environment.
* Add `--mode 1,2,3,4,5,6,7,8,9,10,11` to the `pixiewps` command string for both standard and forced execution.
*   **WPS Exchange Logging**:
    *   Added `exchange_log` to `wps_result_t` in the native layer to accumulate relevant WPS exchange lines (Enrollee Nonce, Hashes, AuthKey, Public Keys).
    *   Updated JNI and Java models (`WpsResult`, `NetworkToTest`) to propagate the accumulated exchange log to the application layer.
    *   Modified `supplicant_launcher.c` to identify and capture hex-dumped WPS parameters from the supplicant output.

*   **Pixie Dust Improvements**:
    *   Corrected the labeling of Public Keys in logs and parameter extraction: `dh_own_pubkey` is now correctly identified as PKR and `dh_peer_pubkey` as PKE.
    *   Simplified the `pixiewps` command execution by removing redundant mode flags and defaulting to `--force` for better compatibility.
    *   Updated `PixieDustExecutor` to disable the manual `--force` flag in favor of faster automatic mode.

*   **Bug Fixes & Refinement**:
    *   Enhanced `WpsNative` deployment logic to verify all required executables are present instead of just checking for the supplicant.
    *   Improved error logging in `pixiewps_wrapper.c` to include the process exit status and the tail of the output on failure.
    *   Updated `ConnectionUpdateCallback` and service handlers to support passing the exchange log upon successful Pixie Dust attacks.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the WPS/Pixie Dust workflow to (1) surface and propagate a WPS exchange log from native supplicant parsing up into Java results/models, and (2) adjust Pixie Dust/pixiewps integration (including patched pixiewps sources and build wiring) alongside a few executor/deployment tweaks.

Changes:

  • Add exchangeLog support end-to-end (native parsing → JNI → ndk.WpsResultservices.WpsResultNetworkToTest/callbacks).
  • Adjust Pixie Dust compute mode behavior (--force/auto) and improve native pixiewps error logging.
  • Wire pixiewps patch sources into the external build and refine executable deployment detection.

Reviewed changes

Copilot reviewed 17 out of 17 changed files in this pull request and generated 7 comments.

Show a summary per file
File Description
lib/src/main/java/sangiorgi/wps/lib/services/WpsResult.java Adds exchangeLog field + accessor methods on the high-level result object.
lib/src/main/java/sangiorgi/wps/lib/services/WpsExecutor.java Propagates native exchange log into services.WpsResult and through PixieDust aggregation.
lib/src/main/java/sangiorgi/wps/lib/services/PixieDustExecutor.java Changes Pixie pin computation to pass force=false (auto mode).
lib/src/main/java/sangiorgi/wps/lib/services/ConnectionService.java Stores exchange log into NetworkToTest and passes it via Pixie success callback.
lib/src/main/java/sangiorgi/wps/lib/ndk/WpsResult.java Extends native-result Java DTO with an exchangeLog constructor arg + getter.
lib/src/main/java/sangiorgi/wps/lib/ndk/WpsNative.java Adjusts executable deployment verification logic.
lib/src/main/java/sangiorgi/wps/lib/models/NetworkToTest.java Adds wpsExchangeLog field for later UI/reporting.
lib/src/main/java/sangiorgi/wps/lib/handlers/ConnectionHandler.java Stores exchange log into NetworkToTest on successful connection.
lib/src/main/java/sangiorgi/wps/lib/ConnectionUpdateCallback.java Adds 3-arg onPixieDustSuccess(..., wpsExchangeLog) overload with delegation.
lib/src/main/cpp/supplicant/supplicant_launcher.c Accumulates selected hexdump lines into an exchange log buffer; tweaks pixie param logging labels.
lib/src/main/cpp/pixiewps/pixiewps_wrapper.c Changes pixiewps invocation and improves unexpected-output logging.
lib/src/main/cpp/pixiewps/patches/pixiewps.h Adds patched pixiewps header used by the external build patching step.
lib/src/main/cpp/pixiewps/patches/pixiewps.c Adds patched pixiewps implementation used by the external build patching step.
lib/src/main/cpp/pixiewps/patches/Makefile Adds patched pixiewps Makefile used by the external build patching step.
lib/src/main/cpp/jni/wpsnative_jni.h Extends wps_result_t to carry exchange log + length; clarifies pixie key roles.
lib/src/main/cpp/jni/wpsnative_jni.c Updates JNI constructor signature and passes exchange log up to Java.
lib/src/main/cpp/CMakeLists.txt Adds PATCH_COMMAND to copy patched pixiewps sources/Makefile into the external project.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment on lines +52 to +87
@@ -80,15 +82,9 @@ int pixiewps_compute(const char *pke, const char *pkr,
close(pipefd[1]);

char cmd[8192];
if (force) {
snprintf(cmd, sizeof(cmd),
"%s --force --pke %s --pkr %s --e-hash1 %s --e-hash2 %s --authkey %s --e-nonce %s",
pixiewps_exec_path, pke, pkr, e_hash1, e_hash2, auth_key, e_nonce);
} else {
snprintf(cmd, sizeof(cmd),
"%s --pke %s --pkr %s --e-hash1 %s --e-hash2 %s --authkey %s --e-nonce %s",
pixiewps_exec_path, pke, pkr, e_hash1, e_hash2, auth_key, e_nonce);
}
snprintf(cmd, sizeof(cmd),
"%s --pke %s --pkr %s --e-hash1 %s --e-hash2 %s --authkey %s --e-nonce %s --force",
pixiewps_exec_path, pke, pkr, e_hash1, e_hash2, auth_key, e_nonce);

Copilot AI Mar 30, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The force parameter is currently ignored and the constructed command always includes --force. This makes the Java computePixiePin(..., force) flag ineffective and contradicts callers that pass false expecting auto mode. Either honor force when building the command, or remove the parameter from the JNI/Java API to avoid a misleading no-op flag.

Copilot uses AI. Check for mistakes.
params[3], // authKey
params[0], // eNonce (Enrollee Nonce)
true // --force
false // no --force: auto mode is fast (~seconds)

Copilot AI Mar 30, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

computePixiePin(..., false) is documented here as running without --force, but the native wrapper currently hard-codes --force and ignores this flag. Please align the Java flag/comment with the native behavior (either restore conditional --force handling natively, or drop the parameter and update this comment).

Suggested change
false // no --force: auto mode is fast (~seconds)
true // native pixiewps wrapper currently always runs with --force

Copilot uses AI. Check for mistakes.
Comment on lines +118 to 125
int foundCount = 0;
for (String line : output) {
Log.i(TAG, "deploy: " + line);
if (line.contains("libwpa_supplicant_exec.so") && !line.contains("No such file")) {
hasSupplicant = true;
for (String name : EXECUTABLES) {
if (line.contains(name) && !line.contains("No such file")) {
foundCount++;
}
}

Copilot AI Mar 30, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

foundCount is incremented for any output line containing an executable name unless it contains "No such file". This can produce false positives (e.g., a cp error like "Permission denied" still contains the name and will be counted even if the subsequent ls output shows the file is missing). Prefer checking deployment success based on ls/test -f results per executable (e.g., build a Set of filenames seen in the directory listing) rather than counting name substrings across all command output.

Copilot uses AI. Check for mistakes.
Comment on lines 265 to +269
strncpy(result->raw_line, line, sizeof(result->raw_line) - 1);
append_exchange_line(result, line);
if (is_wps_exchange_line(line)) {
LOGD("supplicant: %s", line);
}

Copilot AI Mar 30, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

strncpy(result->raw_line, line, sizeof(result->raw_line) - 1) does not guarantee NUL-termination when line is >= 1023 bytes (MAX_LINE is 2048). Since raw_line is later passed to NewStringUTF, this can read past the buffer. Please explicitly set result->raw_line[sizeof(result->raw_line)-1] = '\0' after the copy (or use snprintf).

Copilot uses AI. Check for mistakes.
Comment on lines +236 to +242
public String getExchangeLog() {
return exchangeLog;
}

public void setExchangeLog(String exchangeLog) {
this.exchangeLog = exchangeLog;
}

Copilot AI Mar 30, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR introduces exchangeLog as a new surfaced result field. There are extensive unit tests for WpsResult, but none currently cover the new getter/setter or the expected semantics (e.g., null vs empty). Please add/update tests in WpsResultTest to cover exchangeLog so future refactors don’t accidentally drop it.

Copilot uses AI. Check for mistakes.
Comment on lines 189 to 196
if (networkKey != null) {
result.setPassword(networkKey);
}
String exchangeLog = nativeResult.getExchangeLog();
if (exchangeLog != null) {
result.setExchangeLog(exchangeLog);
}
return result;

Copilot AI Mar 30, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

exchangeLog propagation was added here, but WpsExecutorTest/PixieDustResultTest don’t currently assert that the log is carried from the native result into the returned services.WpsResult (and through PixieDust aggregation). Adding a focused unit test for this propagation would help prevent regressions.

Copilot uses AI. Check for mistakes.
Comment on lines +24 to +26
default void onPixieDustSuccess(String pin, String password, String wpsExchangeLog) {
onPixieDustSuccess(pin, password);
}

Copilot AI Mar 30, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A new overload onPixieDustSuccess(pin, password, wpsExchangeLog) was added. The existing unit test only calls the 2-arg overload; please extend ConnectionUpdateCallbackTest to also invoke the 3-arg overload and verify it delegates to the 2-arg method as intended.

Copilot uses AI. Check for mistakes.
… changes

* Update all `WpsResult` instantiations in `WpsResultTest.java` to include a fourth null parameter, reflecting the updated class constructor.
…ult logging

*   Modify `pixiewps_wrapper.c` to conditionally include the `--force` flag based on the `force` parameter, instead of hardcoding it.
*   Update `PixieDustExecutor.java` to enable the `force` flag during Pixie Dust attacks to perform a full range brute-force.
*   Add a null-terminator to `raw_line` in `supplicant_launcher.c` to prevent potential buffer overflows.
*   Expand `ConnectionUpdateCallback` and `WpsResult` to support passing and retrieving an exchange log during successful Pixie Dust attacks.
*   Add unit tests in `ConnectionUpdateCallbackTest.java` and `WpsResultTest.java` to verify the new exchange log delegation and retrieval logic.
@fulvius31 fulvius31 merged commit 1bcf3fd into main Mar 30, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants