Patchwork [OpenWrt-Devel] packages: add reaver-wps WPS penetration testing utility

login
register
Submitter Paul Fertser
Date 2012-07-12 19:36:37
Message ID <1342121797-13793-1-git-send-email-fercerpav@gmail.com>
Download mbox | patch
Permalink /patch/2373/
State Accepted
Delegated to: Vasilis Tsiligiannis
Headers show

Comments

Paul Fertser - 2012-07-12 19:36:37
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
---
 net/reaver/Makefile                                |   53 ++
 .../patches/0001-wpscrack-big-endian-fixes.patch   |  565 ++++++++++++++++++++
 ...rent-directory-for-storing-and-loading-se.patch |   53 ++
 ...-use-less-useless-spaces-in-output-to-fit.patch |   38 ++
 4 files changed, 709 insertions(+), 0 deletions(-)
 create mode 100644 net/reaver/Makefile
 create mode 100644 net/reaver/patches/0001-wpscrack-big-endian-fixes.patch
 create mode 100644 net/reaver/patches/0002-Use-the-current-directory-for-storing-and-loading-se.patch
 create mode 100644 net/reaver/patches/0003-wash-wpsmon-use-less-useless-spaces-in-output-to-fit.patch
Vasilis Tsiligiannis - 2012-07-15 13:15:42
Στις Πεμ 12 Ιουλ 2012 23:36:37 Paul Fertser έγραψε:
> Signed-off-by: Paul Fertser <fercerpav@gmail.com>

Applied in r32726. Thanks!

Patch

diff --git a/net/reaver/Makefile b/net/reaver/Makefile
new file mode 100644
index 0000000..3534744
--- /dev/null
+++ b/net/reaver/Makefile
@@ -0,0 +1,53 @@ 
+#
+# Copyright (C) 2012 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=reaver
+PKG_REV:=113
+PKG_VERSION:=r$(PKG_REV)
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=http://reaver-wps.googlecode.com/svn/trunk
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
+PKG_SOURCE_VERSION:=$(PKG_REV)
+PKG_SOURCE_PROTO:=svn
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/reaver
+  SECTION:=net
+  CATEGORY:=Network
+  SUBMENU:=wireless
+  TITLE:=Efficient brute force attack against Wifi Protected Setup
+  URL:=https://code.google.com/p/reaver-wps/
+  DEPENDS:=+libpcap +libsqlite3
+endef
+
+define Package/reaver/description
+  Reaver targets the external registrar functionality mandated by the WiFi
+  Protected Setup specification.
+  Access points will provide authenticated registrars with their current
+  wireless configuration (including the WPA PSK), and also accept a new
+  configuration from the registrar.
+endef
+
+CONFIGURE_PATH:=src
+
+MAKE_PATH:=src
+
+TARGET_CFLAGS+=$(TARGET_CPPFLAGS)
+
+define Package/reaver/install
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/{reaver,wash} $(1)/usr/bin/
+	$(INSTALL_DIR) $(1)/etc/reaver
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/src/reaver.db $(1)/etc/reaver/
+endef
+
+$(eval $(call BuildPackage,reaver)) 
diff --git a/net/reaver/patches/0001-wpscrack-big-endian-fixes.patch b/net/reaver/patches/0001-wpscrack-big-endian-fixes.patch
new file mode 100644
index 0000000..da76c2e
--- /dev/null
+++ b/net/reaver/patches/0001-wpscrack-big-endian-fixes.patch
@@ -0,0 +1,565 @@ 
+From 4e7af9f022996cb0a03b30f6af265b757807dfa2 Mon Sep 17 00:00:00 2001
+From: Paul Fertser <fercerpav@gmail.com>
+Date: Wed, 27 Jun 2012 17:44:55 +0400
+Subject: [PATCH 1/3] wpscrack: big-endian fixes
+
+This should fix access to the radiotap, 802.11, LLC/SNAP and WFA
+headers' fields. Run-time tested on an ar71xx BE system.
+
+Signed-off-by: Paul Fertser <fercerpav@gmail.com>
+---
+ src/80211.c    |   65 +++++++++++++++++++------------
+ src/builder.c  |   23 +++++------
+ src/defs.h     |  116 +++++++++++++++++++++++++++++++++++++++-----------------
+ src/exchange.c |   23 ++++++-----
+ src/wpsmon.c   |   13 ++++--
+ 5 files changed, 151 insertions(+), 89 deletions(-)
+
+diff --git a/src/80211.c b/src/80211.c
+index c2aff59..19f1e92 100644
+--- a/src/80211.c
++++ b/src/80211.c
+@@ -90,17 +90,19 @@ void read_ap_beacon()
+                 if(header.len >= MIN_BEACON_SIZE)
+                 {
+                         rt_header = (struct radio_tap_header *) radio_header(packet, header.len);
+-                        frame_header = (struct dot11_frame_header *) (packet + rt_header->len);
+-
++			size_t rt_header_len = __le16_to_cpu(rt_header->len);
++			frame_header = (struct dot11_frame_header *) (packet + rt_header_len);
++			
+ 			if(is_target(frame_header))
+ 			{
+-                                if(frame_header->fc.type == MANAGEMENT_FRAME && frame_header->fc.sub_type == SUBTYPE_BEACON)
++                                if((frame_header->fc & __cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) ==
++				   __cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_BEACON))
+                                 {
+-                                       	beacon = (struct beacon_management_frame *) (packet + rt_header->len + sizeof(struct dot11_frame_header));
++                                       	beacon = (struct beacon_management_frame *) (packet + rt_header_len + sizeof(struct dot11_frame_header));
+                                        	set_ap_capability(beacon->capability);
+ 
+ 					/* Obtain the SSID and channel number from the beacon packet */
+-					tag_offset = rt_header->len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
++					tag_offset = rt_header_len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
+ 					channel = parse_beacon_tags(packet, header.len);
+ 					
+ 					/* If no channel was manually specified, switch to the AP's current channel */
+@@ -135,29 +137,31 @@ int8_t signal_strength(const u_char *packet, size_t len)
+ 	{
+ 		header = (struct radio_tap_header *) packet;
+ 
+-		if((header->flags & SSI_FLAG) == SSI_FLAG)
++		uint32_t flags = __le32_to_cpu(header->flags);
++		
++		if((flags & SSI_FLAG) == SSI_FLAG)
+ 		{
+-			if((header->flags & TSFT_FLAG) == TSFT_FLAG)
++			if((flags & TSFT_FLAG) == TSFT_FLAG)
+ 			{
+ 				offset += TSFT_SIZE;
+ 			}
+ 
+-			if((header->flags & FLAGS_FLAG) == FLAGS_FLAG)
++			if((flags & FLAGS_FLAG) == FLAGS_FLAG)
+ 			{
+ 				offset += FLAGS_SIZE;
+ 			}
+ 	
+-			if((header->flags & RATE_FLAG) == RATE_FLAG)
++			if((flags & RATE_FLAG) == RATE_FLAG)
+ 			{
+ 				offset += RATE_SIZE;
+ 			}
+ 
+-			if((header->flags & CHANNEL_FLAG) == CHANNEL_FLAG)
++			if((flags & CHANNEL_FLAG) == CHANNEL_FLAG)
+ 			{
+ 				offset += CHANNEL_SIZE;
+ 			}
+ 
+-			if((header->flags & FHSS_FLAG) == FHSS_FLAG)
++			if((flags & FHSS_FLAG) == FHSS_FLAG)
+ 			{
+ 				offset += FHSS_FLAG;
+ 			}
+@@ -196,11 +200,13 @@ int is_wps_locked()
+ 		if(header.len >= MIN_BEACON_SIZE)
+ 		{
+ 			rt_header = (struct radio_tap_header *) radio_header(packet, header.len);
+-			frame_header = (struct dot11_frame_header *) (packet + rt_header->len);
++			size_t rt_header_len = __le16_to_cpu(rt_header->len);
++			frame_header = (struct dot11_frame_header *) (packet + rt_header_len);
+ 
+ 			if(memcmp(frame_header->addr3, get_bssid(), MAC_ADDR_LEN) == 0)
+ 			{
+-				if(frame_header->fc.type == MANAGEMENT_FRAME && frame_header->fc.sub_type == SUBTYPE_BEACON)
++                                if((frame_header->fc & __cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) ==
++				   __cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_BEACON))
+ 				{
+ 					if(parse_wps_parameters(packet, header.len, &wps))
+ 					{
+@@ -411,24 +417,30 @@ int associate_recv_loop()
+                 if(header.len >= MIN_AUTH_SIZE)
+                 {
+ 			rt_header = (struct radio_tap_header *) radio_header(packet, header.len);
+-                        dot11_frame = (struct dot11_frame_header *) (packet + rt_header->len);
++			size_t rt_header_len = __le16_to_cpu(rt_header->len);
++			dot11_frame = (struct dot11_frame_header *) (packet + rt_header_len);
+ 
+                         if((memcmp(dot11_frame->addr3, get_bssid(), MAC_ADDR_LEN) == 0) &&
+                            (memcmp(dot11_frame->addr1, get_mac(), MAC_ADDR_LEN) == 0))
+                         {
+-				if(dot11_frame->fc.type == MANAGEMENT_FRAME)
++                                if((dot11_frame->fc & __cpu_to_le16(IEEE80211_FCTL_FTYPE)) ==
++				   __cpu_to_le16(IEEE80211_FTYPE_MGMT))
+ 				{
+-                                	auth_frame = (struct authentication_management_frame *) (packet + sizeof(struct dot11_frame_header) + rt_header->len);
+-                                	assoc_frame = (struct association_response_management_frame *) (packet + sizeof(struct dot11_frame_header) + rt_header->len);
++                                	auth_frame = (struct authentication_management_frame *) (packet + sizeof(struct dot11_frame_header) + rt_header_len);
++                                	assoc_frame = (struct association_response_management_frame *) (packet + sizeof(struct dot11_frame_header) + rt_header_len);
+ 
+ 					/* Did we get an authentication packet with a successful status? */
+-					if((dot11_frame->fc.sub_type == SUBTYPE_AUTHENTICATION) && (auth_frame->status == AUTHENTICATION_SUCCESS))
++					if((dot11_frame->fc & __cpu_to_le16(IEEE80211_FCTL_STYPE)) ==
++					   __cpu_to_le16(IEEE80211_STYPE_AUTH)
++					   && (auth_frame->status == __cpu_to_le16(AUTHENTICATION_SUCCESS)))
+                                		{
+                                	        	ret_val = AUTH_OK;
+                                	        	break;
+                                		}
+ 					/* Did we get an association packet with a successful status? */
+-                               		else if((dot11_frame->fc.sub_type == SUBTYPE_ASSOCIATION) && (assoc_frame->status == ASSOCIATION_SUCCESS))
++                               		else if((dot11_frame->fc & __cpu_to_le16(IEEE80211_FCTL_STYPE)) ==
++						__cpu_to_le16(IEEE80211_STYPE_ASSOC_RESP)
++						&& (assoc_frame->status == __cpu_to_le16(ASSOCIATION_SUCCESS)))
+ 					{
+ 						ret_val = ASSOCIATE_OK;
+ 						break;
+@@ -455,13 +467,14 @@ enum encryption_type supported_encryption(const u_char *packet, size_t len)
+ 	if(len > MIN_BEACON_SIZE)
+ 	{
+ 		rt_header = (struct radio_tap_header *) radio_header(packet, len);
+-		beacon = (struct beacon_management_frame *) (packet + rt_header->len + sizeof(struct dot11_frame_header));
+-		offset = tag_offset = rt_header->len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
++		size_t rt_header_len = __le16_to_cpu(rt_header->len);
++		beacon = (struct beacon_management_frame *) (packet + rt_header_len + sizeof(struct dot11_frame_header));
++		offset = tag_offset = rt_header_len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
+ 		
+ 		tag_len = len - tag_offset;
+ 		tag_data = (const u_char *) (packet + tag_offset);
+ 
+-		if((beacon->capability & CAPABILITY_WEP) == CAPABILITY_WEP)
++		if((__le16_to_cpu(beacon->capability) & CAPABILITY_WEP) == CAPABILITY_WEP)
+ 		{
+ 			enc = WEP;
+ 
+@@ -509,7 +522,7 @@ int parse_beacon_tags(const u_char *packet, size_t len)
+ 	struct radio_tap_header *rt_header = NULL;
+ 
+ 	rt_header = (struct radio_tap_header *) radio_header(packet, len);
+-	tag_offset = rt_header->len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
++	tag_offset = __le16_to_cpu(rt_header->len) + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
+ 
+ 	if(tag_offset < len)
+ 	{
+@@ -548,7 +561,7 @@ int parse_beacon_tags(const u_char *packet, size_t len)
+ 		{
+ 			if(ie_len  == 1)
+ 			{
+-				memcpy((int *) &channel, channel_data, ie_len);
++				channel = *(uint8_t*)channel_data;
+ 			}
+ 			free(channel_data);
+ 		}
+@@ -603,13 +616,13 @@ int check_fcs(const u_char *packet, size_t len)
+ 	if(len > 4)
+ 	{
+ 		/* Get the packet's reported FCS (last 4 bytes of the packet) */
+-		memcpy((uint32_t *) &fcs, (packet + (len-4)), 4);
++		fcs = __le32_to_cpu(*(uint32_t*)(packet + (len-4)));
+ 
+ 		/* FCS is not calculated over the radio tap header */
+ 		if(has_rt_header())
+ 		{
+ 			rt_header = (struct radio_tap_header *) packet;
+-			offset += rt_header->len;
++			offset += __le16_to_cpu(rt_header->len);
+ 		}
+ 
+ 		if(len > offset)
+diff --git a/src/builder.c b/src/builder.c
+index 37f2de7..6bf89e7 100644
+--- a/src/builder.c
++++ b/src/builder.c
+@@ -44,9 +44,8 @@ const void *build_radio_tap_header(size_t *len)
+ 		memset((void *) buf, 0, sizeof(struct radio_tap_header));
+ 		rt_header = (struct radio_tap_header *) buf;
+ 
+-		rt_header->len = sizeof(struct radio_tap_header);
+-	
+-		*len = rt_header->len;
++		*len = sizeof(struct radio_tap_header);
++		rt_header->len = __cpu_to_le16(*len);
+ 	}
+ 	
+ 	return buf;
+@@ -67,9 +66,9 @@ const void *build_dot11_frame_header(uint16_t fc, size_t *len)
+ 	
+ 		frag_seq += SEQ_MASK;
+ 
+-		header->duration = DEFAULT_DURATION;
+-		memcpy((void *) &header->fc, (void *) &fc, sizeof(struct frame_control));
+-		header->frag_seq = frag_seq;
++		header->duration = __cpu_to_le16(DEFAULT_DURATION);
++		header->fc = __cpu_to_le16(fc);
++		header->frag_seq = __cpu_to_le16(frag_seq);
+ 
+ 		memcpy((void *) header->addr1, get_bssid(), MAC_ADDR_LEN);
+ 		memcpy((void *) header->addr2, get_mac(), MAC_ADDR_LEN);
+@@ -91,8 +90,8 @@ const void *build_authentication_management_frame(size_t *len)
+ 		memset((void *) buf, 0, *len);
+ 		frame = (struct authentication_management_frame *) buf;
+ 
+-		frame->algorithm = OPEN_SYSTEM;
+-		frame->sequence = 1;
++		frame->algorithm = __cpu_to_le16(OPEN_SYSTEM);
++		frame->sequence = __cpu_to_le16(1);
+ 		frame->status = 0;
+ 	}
+ 	
+@@ -111,8 +110,8 @@ const void *build_association_management_frame(size_t *len)
+ 		memset((void *) buf, 0, *len);
+ 		frame = (struct association_request_management_frame *) buf;
+ 
+-		frame->capability = get_ap_capability();
+-		frame->listen_interval = LISTEN_INTERVAL;
++		frame->capability = __cpu_to_le16(get_ap_capability());
++		frame->listen_interval = __cpu_to_le16(LISTEN_INTERVAL);
+ 	}
+ 
+ 	return buf;
+@@ -133,7 +132,7 @@ const void *build_llc_header(size_t *len)
+ 		header->dsap = LLC_SNAP;
+ 		header->ssap = LLC_SNAP;
+ 		header->control_field = UNNUMBERED_FRAME;
+-		header->type = DOT1X_AUTHENTICATION;
++		header->type = __cpu_to_be16(DOT1X_AUTHENTICATION);
+ 
+ 	}
+ 
+@@ -279,7 +278,7 @@ const void *build_wfa_header(uint8_t op_code, size_t *len)
+ 		header = (struct wfa_expanded_header *) buf;
+ 	
+ 		memcpy(header->id, WFA_VENDOR_ID, sizeof(header->id));
+-		header->type = SIMPLE_CONFIG;
++		header->type = __cpu_to_be32(SIMPLE_CONFIG);
+ 		header->opcode = op_code;
+ 	}
+ 	
+diff --git a/src/defs.h b/src/defs.h
+index b2f45ea..0c628e7 100644
+--- a/src/defs.h
++++ b/src/defs.h
+@@ -41,6 +41,7 @@
+ #include <string.h>
+ #include <time.h>
+ #include <pcap.h>
++#include <asm/byteorder.h>
+ 
+ #include "wps.h"
+ 
+@@ -65,10 +66,10 @@
+ #define MANAGEMENT_FRAME	0x00
+ #define SUBTYPE_BEACON		0x08
+ 
+-#define DOT1X_AUTHENTICATION	0x8E88
++#define DOT1X_AUTHENTICATION	0x888E
+ #define DOT1X_EAP_PACKET	0x00
+ 
+-#define SIMPLE_CONFIG		0x01000000
++#define SIMPLE_CONFIG		0x00000001
+ 
+ #define P1_SIZE			10000
+ #define P2_SIZE			1000
+@@ -282,66 +283,111 @@ enum wfa_elements
+ 	WEP_TRANSMIT_KEY = 0x10064
+ };
+ 
++#define IEEE80211_FCTL_VERS		0x0003
++#define IEEE80211_FCTL_FTYPE		0x000c
++#define IEEE80211_FCTL_STYPE		0x00f0
++#define IEEE80211_FCTL_TODS		0x0100
++#define IEEE80211_FCTL_FROMDS		0x0200
++#define IEEE80211_FCTL_MOREFRAGS	0x0400
++#define IEEE80211_FCTL_RETRY		0x0800
++#define IEEE80211_FCTL_PM		0x1000
++#define IEEE80211_FCTL_MOREDATA		0x2000
++#define IEEE80211_FCTL_PROTECTED	0x4000
++#define IEEE80211_FCTL_ORDER		0x8000
++
++#define IEEE80211_SCTL_FRAG		0x000F
++#define IEEE80211_SCTL_SEQ		0xFFF0
++
++#define IEEE80211_FTYPE_MGMT		0x0000
++#define IEEE80211_FTYPE_CTL		0x0004
++#define IEEE80211_FTYPE_DATA		0x0008
++
++/* management */
++#define IEEE80211_STYPE_ASSOC_REQ	0x0000
++#define IEEE80211_STYPE_ASSOC_RESP	0x0010
++#define IEEE80211_STYPE_REASSOC_REQ	0x0020
++#define IEEE80211_STYPE_REASSOC_RESP	0x0030
++#define IEEE80211_STYPE_PROBE_REQ	0x0040
++#define IEEE80211_STYPE_PROBE_RESP	0x0050
++#define IEEE80211_STYPE_BEACON		0x0080
++#define IEEE80211_STYPE_ATIM		0x0090
++#define IEEE80211_STYPE_DISASSOC	0x00A0
++#define IEEE80211_STYPE_AUTH		0x00B0
++#define IEEE80211_STYPE_DEAUTH		0x00C0
++#define IEEE80211_STYPE_ACTION		0x00D0
++
++/* control */
++#define IEEE80211_STYPE_BACK_REQ	0x0080
++#define IEEE80211_STYPE_BACK		0x0090
++#define IEEE80211_STYPE_PSPOLL		0x00A0
++#define IEEE80211_STYPE_RTS		0x00B0
++#define IEEE80211_STYPE_CTS		0x00C0
++#define IEEE80211_STYPE_ACK		0x00D0
++#define IEEE80211_STYPE_CFEND		0x00E0
++#define IEEE80211_STYPE_CFENDACK	0x00F0
++
++/* data */
++#define IEEE80211_STYPE_DATA			0x0000
++#define IEEE80211_STYPE_DATA_CFACK		0x0010
++#define IEEE80211_STYPE_DATA_CFPOLL		0x0020
++#define IEEE80211_STYPE_DATA_CFACKPOLL		0x0030
++#define IEEE80211_STYPE_NULLFUNC		0x0040
++#define IEEE80211_STYPE_CFACK			0x0050
++#define IEEE80211_STYPE_CFPOLL			0x0060
++#define IEEE80211_STYPE_CFACKPOLL		0x0070
++#define IEEE80211_STYPE_QOS_DATA		0x0080
++#define IEEE80211_STYPE_QOS_DATA_CFACK		0x0090
++#define IEEE80211_STYPE_QOS_DATA_CFPOLL		0x00A0
++#define IEEE80211_STYPE_QOS_DATA_CFACKPOLL	0x00B0
++#define IEEE80211_STYPE_QOS_NULLFUNC		0x00C0
++#define IEEE80211_STYPE_QOS_CFACK		0x00D0
++#define IEEE80211_STYPE_QOS_CFPOLL		0x00E0
++#define IEEE80211_STYPE_QOS_CFACKPOLL		0x00F0
++
+ #pragma pack(1)
+ struct radio_tap_header
+ {
+ 	uint8_t revision;	
+ 	uint8_t pad;
+-	uint16_t len;
+-	uint32_t flags;
+-};
+-
+-struct frame_control
+-{
+-        unsigned version : 2;
+-        unsigned type : 2;
+-        unsigned sub_type : 4;
+-
+-        unsigned to_ds : 1;
+-        unsigned from_ds : 1;
+-        unsigned more_frag : 1;
+-        unsigned retry : 1;
+-        unsigned pwr_mgt : 1;
+-        unsigned more_data : 1;
+-        unsigned protected_frame : 1;
+-        unsigned order : 1;
++	__le16 len;
++	__le32 flags;
+ };
+ 
+ struct dot11_frame_header
+ {
+-	struct frame_control fc;
+-        uint16_t duration;
++	__le16 fc;
++	__le16 duration;
+ 	unsigned char addr1[MAC_ADDR_LEN];
+ 	unsigned char addr2[MAC_ADDR_LEN];
+ 	unsigned char addr3[MAC_ADDR_LEN];
+-	uint16_t frag_seq;
++	__le16 frag_seq;
+ };
+ 
+ struct authentication_management_frame
+ {
+-	uint16_t algorithm;
+-	uint16_t sequence;
+-	uint16_t status;
++	__le16 algorithm;
++	__le16 sequence;
++	__le16 status;
+ };
+ 
+ struct association_request_management_frame
+ {
+-	uint16_t capability;
+-	uint16_t listen_interval;
++	__le16 capability;
++	__le16 listen_interval;
+ };
+ 
+ struct association_response_management_frame
+ {
+-	uint16_t capability;
+-	uint16_t status;
+-	uint16_t id;
++	__le16 capability;
++	__le16 status;
++	__le16 id;
+ };
+ 
+ struct beacon_management_frame
+ {
+ 	unsigned char timestamp[TIMESTAMP_LEN];
+-	uint16_t beacon_interval;
+-	uint16_t capability;
++	__le16 beacon_interval;
++	__le16 capability;
+ };
+ 
+ struct llc_header
+@@ -350,7 +396,7 @@ struct llc_header
+ 	uint8_t ssap;
+ 	uint8_t control_field;
+ 	unsigned char org_code[3];
+-	uint16_t type;
++	__be16 type;
+ };
+ 
+ struct dot1X_header
+@@ -371,7 +417,7 @@ struct eap_header
+ struct wfa_expanded_header
+ {
+ 	unsigned char id[3];
+-	uint32_t type;
++	__be32 type;
+ 	uint8_t opcode;
+ 	uint8_t flags;
+ };
+diff --git a/src/exchange.c b/src/exchange.c
+index 23c87e9..4f9a82b 100644
+--- a/src/exchange.c
++++ b/src/exchange.c
+@@ -306,26 +306,27 @@ enum wps_type process_packet(const u_char *packet, struct pcap_pkthdr *header)
+ 
+ 	/* Cast the radio tap and 802.11 frame headers and parse out the Frame Control field */
+ 	rt_header = (struct radio_tap_header *) packet;
+-	frame_header = (struct dot11_frame_header *) (packet+rt_header->len);
++	size_t rt_header_len = __le16_to_cpu(rt_header->len);
++	frame_header = (struct dot11_frame_header *) (packet+rt_header_len);
+ 
+ 	/* Does the BSSID/source address match our target BSSID? */
+ 	if(memcmp(frame_header->addr3, get_bssid(), MAC_ADDR_LEN) == 0)
+ 	{
+ 		/* Is this a data packet sent to our MAC address? */
+-		if(frame_header->fc.type == DATA_FRAME && 
+-			frame_header->fc.sub_type == SUBTYPE_DATA && 
+-			(memcmp(frame_header->addr1, get_mac(), MAC_ADDR_LEN) == 0)) 
++		if (((frame_header->fc & __cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) ==
++		     __cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA)) &&
++		    (memcmp(frame_header->addr1, get_mac(), MAC_ADDR_LEN) == 0)) 
+ 		{
+ 			llc = (struct llc_header *) (packet +
+-							rt_header->len +
++							rt_header_len +
+ 							sizeof(struct dot11_frame_header)
+ 			);
+ 
+ 			/* All packets in our exchanges will be 802.1x */
+-			if(llc->type == DOT1X_AUTHENTICATION)
++			if(llc->type == __cpu_to_be16(DOT1X_AUTHENTICATION))
+ 			{
+ 				dot1x = (struct dot1X_header *) (packet +
+-								rt_header->len +
++								rt_header_len +
+ 								sizeof(struct dot11_frame_header) +
+ 								sizeof(struct llc_header)
+ 				);
+@@ -334,7 +335,7 @@ enum wps_type process_packet(const u_char *packet, struct pcap_pkthdr *header)
+ 				if(dot1x->type == DOT1X_EAP_PACKET && (header->len >= EAP_PACKET_SIZE))
+ 				{
+ 					eap = (struct eap_header *) (packet +
+-									rt_header->len +
++									rt_header_len +
+ 									sizeof(struct dot11_frame_header) +
+ 									sizeof(struct llc_header) +
+ 									sizeof(struct dot1X_header)
+@@ -366,7 +367,7 @@ enum wps_type process_packet(const u_char *packet, struct pcap_pkthdr *header)
+ 						else if((eap->type == EAP_EXPANDED) && (header->len > WFA_PACKET_SIZE))
+ 						{
+ 							wfa = (struct wfa_expanded_header *) (packet +
+-											rt_header->len +
++											rt_header_len +
+ 											sizeof(struct dot11_frame_header) +
+ 											sizeof(struct llc_header) +
+ 											sizeof(struct dot1X_header) +
+@@ -374,14 +375,14 @@ enum wps_type process_packet(const u_char *packet, struct pcap_pkthdr *header)
+ 							);
+ 						
+ 							/* Verify that this is a WPS message */
+-							if(wfa->type == SIMPLE_CONFIG)
++							if(wfa->type == __cpu_to_be32(SIMPLE_CONFIG))
+ 							{
+ 								wps_msg_len = 	(size_t) ntohs(eap->len) - 
+ 										sizeof(struct eap_header) - 
+ 										sizeof(struct wfa_expanded_header);
+ 
+ 								wps_msg = (const void *) (packet +
+-											rt_header->len +
++											rt_header_len +
+                                                                        	                sizeof(struct dot11_frame_header) +
+                                                                                	        sizeof(struct llc_header) +
+                                                                                        	sizeof(struct dot1X_header) +
+diff --git a/src/wpsmon.c b/src/wpsmon.c
+index d976924..22a394f 100644
+--- a/src/wpsmon.c
++++ b/src/wpsmon.c
+@@ -295,7 +295,8 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *
+         }
+ 
+ 	rt_header = (struct radio_tap_header *) radio_header(packet, header->len);
+-	frame_header = (struct dot11_frame_header *) (packet + rt_header->len);
++	size_t rt_header_len = __le16_to_cpu(rt_header->len);
++	frame_header = (struct dot11_frame_header *) (packet + rt_header_len);
+ 
+ 	/* If a specific BSSID was specified, only parse packets from that BSSID */
+ 	if(!is_target(frame_header))
+@@ -323,15 +324,17 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *
+ 				channel_changed = 1;
+ 			}
+ 
+-			if(frame_header->fc.sub_type == PROBE_RESPONSE ||
+-                                   frame_header->fc.sub_type == SUBTYPE_BEACON)
++			unsigned fsub_type = frame_header->fc & __cpu_to_le16(IEEE80211_FCTL_STYPE);
++
++			if(fsub_type == __cpu_to_le16(IEEE80211_STYPE_PROBE_RESP) ||
++			   fsub_type == __cpu_to_le16(IEEE80211_STYPE_BEACON))
+ 			{
+ 				wps_parsed = parse_wps_parameters(packet, header->len, wps);
+ 			}
+ 	
+ 			if(!is_done(bssid) && (get_channel() == channel || source == PCAP_FILE))
+ 			{
+-				if(frame_header->fc.sub_type == SUBTYPE_BEACON && 
++				if(fsub_type == __cpu_to_le16(IEEE80211_STYPE_BEACON) && 
+ 				   mode == SCAN && 
+ 				   !passive && 
+ 				   should_probe(bssid))
+@@ -369,7 +372,7 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *
+ 				 * If there was no WPS information, then the AP does not support WPS and we should ignore it from here on.
+ 				 * If this was a probe response, then we've gotten all WPS info we can get from this AP and should ignore it from here on.
+ 				 */
+-				if(!wps_parsed || frame_header->fc.sub_type == PROBE_RESPONSE)
++				if(!wps_parsed || fsub_type == __cpu_to_le16(IEEE80211_STYPE_PROBE_RESP))
+ 				{
+ 					mark_ap_complete(bssid);
+ 				}
+-- 
+1.7.7
+
diff --git a/net/reaver/patches/0002-Use-the-current-directory-for-storing-and-loading-se.patch b/net/reaver/patches/0002-Use-the-current-directory-for-storing-and-loading-se.patch
new file mode 100644
index 0000000..dd1bb42
--- /dev/null
+++ b/net/reaver/patches/0002-Use-the-current-directory-for-storing-and-loading-se.patch
@@ -0,0 +1,53 @@ 
+From cd444949f3176790101b8bdc9656831a03d8c01d Mon Sep 17 00:00:00 2001
+From: Paul Fertser <fercerpav@gmail.com>
+Date: Tue, 10 Jul 2012 11:13:29 +0400
+Subject: [PATCH 2/3] Use the current directory for storing and loading
+ sessions
+
+This allows the user to always explicitely choose (by changing the
+current directory before launching the program) where the session
+files should go. Useful e.g. to avoid hogging the precious space on
+embedded devices, just cd /tmp before starting the app.
+
+Signed-off-by: Paul Fertser <fercerpav@gmail.com>
+---
+ src/session.c |   16 +++-------------
+ 1 files changed, 3 insertions(+), 13 deletions(-)
+
+diff --git a/src/session.c b/src/session.c
+index d3af0c3..308f213 100644
+--- a/src/session.c
++++ b/src/session.c
+@@ -62,7 +62,7 @@ int restore_session()
+ 		memset(file, 0, FILENAME_MAX);
+ 
+ 		bssid = mac2str(get_bssid(), '\0');
+-		snprintf(file, FILENAME_MAX, "%s/%s.%s", CONF_DIR, bssid, CONF_EXT);
++		snprintf(file, FILENAME_MAX, "%s.%s", bssid, CONF_EXT);
+ 		free(bssid);
+ 	}
+ 
+@@ -199,18 +199,8 @@ int save_session()
+ 		}
+ 		else
+ 		{	
+-			/* 
+-			 * If the configuration directory exists, save the session file there; else, save it to the 
+-			 * current working directory.
+-			 */
+-			if(configuration_directory_exists())
+-			{
+-        			snprintf((char *) &file_name, FILENAME_MAX, "%s/%s.%s", CONF_DIR, bssid, CONF_EXT);
+-			}
+-			else
+-			{
+-				snprintf((char *) &file_name, FILENAME_MAX, "%s.%s", bssid, CONF_EXT);
+-			}
++			/* save session to the current directory */
++			snprintf((char *) &file_name, FILENAME_MAX, "%s.%s", bssid, CONF_EXT);
+ 		}
+ 
+ 		/* Don't bother saving anything if nothing has been done */
+-- 
+1.7.7
+
diff --git a/net/reaver/patches/0003-wash-wpsmon-use-less-useless-spaces-in-output-to-fit.patch b/net/reaver/patches/0003-wash-wpsmon-use-less-useless-spaces-in-output-to-fit.patch
new file mode 100644
index 0000000..64b290b
--- /dev/null
+++ b/net/reaver/patches/0003-wash-wpsmon-use-less-useless-spaces-in-output-to-fit.patch
@@ -0,0 +1,38 @@ 
+From 638bb8d70d6c7e5dc99975e0bf57d8ce0455e2cc Mon Sep 17 00:00:00 2001
+From: Paul Fertser <fercerpav@gmail.com>
+Date: Tue, 10 Jul 2012 11:25:00 +0400
+Subject: [PATCH 3/3] wash/wpsmon: use less useless spaces in output to fit
+ narrow terminals
+
+Signed-off-by: Paul Fertser <fercerpav@gmail.com>
+---
+ src/wpsmon.c |    6 +++---
+ 1 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/wpsmon.c b/src/wpsmon.c
+index 22a394f..e0948b3 100644
+--- a/src/wpsmon.c
++++ b/src/wpsmon.c
+@@ -262,8 +262,8 @@ void monitor(char *bssid, int passive, int source, int channel, int mode)
+ 
+ 	if(!header_printed)
+ 	{
+-		cprintf(INFO, "BSSID                  Channel       RSSI       WPS Version       WPS Locked        ESSID\n");
+-		cprintf(INFO, "---------------------------------------------------------------------------------------------------------------\n");
++		cprintf(INFO, "BSSID              Channel  RSSI  WPS Version  WPS Locked  ESSID\n");
++		cprintf(INFO, "--------------------------------------------------------------------------------------\n");
+ 		header_printed = 1;
+ 	}
+ 
+@@ -360,7 +360,7 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *
+ 							break;
+ 					}
+ 
+-					cprintf(INFO, "%17s      %2d            %.2d        %d.%d               %s               %s\n", bssid, channel, rssi, (wps->version >> 4), (wps->version & 0x0F), lock_display, ssid);
++					cprintf(INFO, "%17s    %2d       %.2d   %d.%d          %s         %s\n", bssid, channel, rssi, (wps->version >> 4), (wps->version & 0x0F), lock_display, ssid);
+ 				}
+ 
+ 				if(probe_sent)
+-- 
+1.7.7
+