improve wps + improve sessions

kimocoder · kimocoder · commit 09121e94d15b · 2025-11-02T23:35:10.000+01:00
diff --git a/wifite/attack/attack_monitor.py b/wifite/attack/attack_monitor.py
@@ -337,14 +337,17 @@ def log_attack_event(self, event):
             timestamp_str = time.strftime('%Y-%m-%dT%H:%M:%S', time.localtime(event['timestamp']))
 
             # Format log entry as CSV
+            # Convert channel to string if it's an integer
+            channel_str = str(event.get('channel', '')) if event.get('channel') is not None else ''
+            
             log_entry = '%s,%s,%s,%s,%s,%s,%s\n' % (
                 timestamp_str,
                 event['type'],
                 event['source_mac'],
                 event['dest_mac'],
                 event['bssid'],
                 event.get('essid', ''),
-                event.get('channel', '')
+                channel_str
             )
 
             # Add to buffer
@@ -543,6 +546,9 @@ def run(self):
                     self.tui_view.add_log(traceback.format_exc())
                 else:
                     Color.pl('{!} {R}%s{W}' % traceback.format_exc())
+            
+            # Ensure cleanup happens even on exception
+            self.cleanup()
             return False
         finally:
             # Stop TUI view if it was started
diff --git a/wifite/model/handshake.py b/wifite/model/handshake.py
@@ -100,8 +100,12 @@ def cowpatty_handshakes(self):
             command.append('-2')
         command.extend([
             '-r', self.capfile,
-            '-c'  # Check for handshake
+            '-c'  # Check for handshake (requires ESSID)
         ])
+        
+        # Add ESSID if available (required for -c option)
+        if self.essid:
+            command.append(self.essid)
 
         proc = Process(command, devnull=False)
         return next(
diff --git a/wifite/tools/bully.py b/wifite/tools/bully.py
@@ -60,9 +60,10 @@ def __init__(self, target2, target3=None, pixie_dust=True):
         self.cmd.extend([
             'bully',
             '--bssid', self.target.bssid,
-            '--channel', self.target.channel,
+            '--channel', str(self.target.channel),
             '--force',
             '-v', '4',
+            '--nofcs',
             Configuration.interface
         ])
 
@@ -463,7 +464,7 @@ def get_psk_from_pin(target3, pin):
         """
         cmd = [
             'bully',
-            '--channel', target3.channel,
+            '--channel', str(target3.channel),
             '--bssid', target3.bssid,
             '--pin', pin,
             '--bruteforce',
diff --git a/wifite/tools/reaver.py b/wifite/tools/reaver.py
@@ -51,7 +51,7 @@ def __init__(self, target, pixie_dust=True, null_pin=False):
             'reaver',
             '--interface', Configuration.interface,
             '--bssid', self.target.bssid,
-            '--channel', self.target.channel,
+            '--channel', str(self.target.channel),
             '-vv',
             '-N',
         ]
@@ -86,15 +86,21 @@ def run(self):
         except Exception as e:
             # Unexpected errors
             self.pattack('{R}Failed:{O} Unexpected error: %s' % str(e), newline=True)
-            return self.crack_result is not None
-
-        # Stop reaver if it's still running
-        if self.reaver_proc.poll() is None:
-            self.reaver_proc.interrupt()
+        finally:
+            # Always clean up resources, even on exception
+            # Stop reaver if it's still running
+            if self.reaver_proc and self.reaver_proc.poll() is None:
+                try:
+                    self.reaver_proc.interrupt()
+                except Exception:
+                    pass  # Ignore errors during cleanup
 
-        # Clean up open file handle
-        if self.output_write:
-            self.output_write.close()
+            # Clean up open file handle
+            if self.output_write:
+                try:
+                    self.output_write.close()
+                except Exception:
+                    pass  # Ignore errors during cleanup
 
         return self.crack_result is not None
 
diff --git a/wifite/util/color.py b/wifite/util/color.py
@@ -92,8 +92,10 @@ def pattack(attack_type, target, attack_name, progress):
         e.g.: Router2G (23db) WEP replay attack: 102 IVs
         """
         essid = '{C}%s{W}' % target.essid if target.essid_known else '{O}unknown{W}'
+        # Convert power to string to avoid type errors in string formatting
+        power_str = str(target.power) if target.power is not None else '??'
         Color.p('\r{+} {G}%s{W} ({C}%sdb{W}) {G}%s {C}%s{W}: %s ' % (
-            essid, target.power, attack_type, attack_name, progress))
+            essid, power_str, attack_type, attack_name, progress))
 
     @staticmethod
     def pexception(exception):
diff --git a/wifite/util/crack.py b/wifite/util/crack.py
@@ -20,6 +20,67 @@
 
 # TODO: Bring back the 'print' option, for easy copy/pasting. Just one-liners people can paste into terminal.
 
+def decode_hex_essid_if_needed(essid):
+    """
+    Decode hex-encoded ESSID with strict validation to prevent false positives.
+    
+    Only decodes if ALL of the following criteria are met:
+    1. Length >= 16 characters (minimum for 8-char ESSID encoded as hex)
+    2. Length is even (valid hex pairs)
+    3. All characters are valid hexadecimal digits
+    4. Decoded result is shorter than original (hex encoding expands length)
+    5. Decoded result contains only printable characters (ASCII 32-126 or UTF-8 >= 128)
+    
+    This prevents false positives for legitimate network names like "CAFE", "DEAD", "BEEF", etc.
+    
+    Args:
+        essid: ESSID string to potentially decode
+        
+    Returns:
+        Decoded ESSID if valid hex-encoded, otherwise original ESSID
+    """
+    # Validation check 1: Minimum length (too short to be hex-encoded)
+    if len(essid) < 16:
+        return essid
+    
+    # Validation check 2: Even length (valid hex pairs)
+    if len(essid) % 2 != 0:
+        return essid
+    
+    # Validation check 3: All characters are hex digits
+    if not all(c in '0123456789ABCDEFabcdef' for c in essid):
+        return essid
+    
+    try:
+        # Try to decode from hex with strict error handling
+        decoded_essid = bytes.fromhex(essid).decode('utf-8', errors='strict')
+        
+        # Validation check 4: Decoded result must not be empty
+        if not decoded_essid or len(decoded_essid) == 0:
+            return essid
+        
+        # Validation check 5: Hex encoding should make string longer, not shorter
+        if len(decoded_essid) >= len(essid):
+            return essid
+        
+        # Validation check 6: Check for printable characters (ASCII 32-126 or extended UTF-8)
+        if not all(32 <= ord(c) <= 126 or ord(c) >= 128 for c in decoded_essid):
+            return essid
+        
+        # All checks passed, use decoded version
+        if Configuration.verbose > 1:
+            Color.pl('{+} {C}Decoded hex ESSID: {O}%s{W} -> {G}%s{W}' % (essid, decoded_essid))
+        
+        return decoded_essid
+        
+    except (ValueError, UnicodeDecodeError) as e:
+        # Decoding failed, keep original
+        # This is expected for legitimate network names like "CAFE", "DEAD", etc.
+        if Configuration.verbose > 2:
+            Color.pl('{!} {O}Hex ESSID decode failed for %s: %s{W}' % (essid, str(e)))
+        return essid
+
+
 class CrackHelper:
     """Manages handshake retrieval, selection, and running the cracking commands."""
 
@@ -197,30 +258,8 @@ def get_handshakes(cls):
                 essid = essid if essid_discovery is None else essid_discovery
             elif hs_type == 'PMKID':
                 # Decode hex-encoded ESSID from passive PMKID capture
-                # Only decode if it looks like hex-encoded UTF-8 (not just valid hex)
-                # Criteria:
-                # 1. Length >= 16 (minimum for 8-char ESSID encoded as hex)
-                # 2. Even length (valid hex pairs)
-                # 3. All characters are hex digits
-                # 4. Decoded result is shorter than original (hex encoding expands)
-                # 5. Decoded result contains only printable characters
-                if (len(essid) >= 16 and 
-                    len(essid) % 2 == 0 and 
-                    all(c in '0123456789ABCDEFabcdef' for c in essid)):
-                    try:
-                        # Try to decode from hex (strict mode)
-                        decoded_essid = bytes.fromhex(essid).decode('utf-8', errors='strict')
-                        
-                        # Validate decoded result
-                        if (decoded_essid and 
-                            len(decoded_essid) > 0 and
-                            len(decoded_essid) < len(essid) and  # Hex encoding should be longer
-                            all(32 <= ord(c) <= 126 or ord(c) >= 128 for c in decoded_essid)):  # Printable chars
-                            essid = decoded_essid
-                    except (ValueError, UnicodeDecodeError):
-                        # If decoding fails, keep the original hex string
-                        # This is expected for legitimate network names like "CAFE", "DEAD", etc.
-                        pass
+                # Use dedicated function with strict validation to prevent false positives
+                essid = decode_hex_essid_if_needed(essid)
             
             handshake = {
                 'filename': os.path.join(hs_dir, hs_file),
diff --git a/wifite/util/session.py b/wifite/util/session.py
@@ -323,12 +323,28 @@ def create_session(self, targets: List, config) -> SessionState:
     
     def save_session(self, session: SessionState) -> None:
         """
-        Persist session state to disk.
+        Persist session state to disk with atomic file operations.
+        
+        This method implements atomic session saving to prevent corruption:
+        1. Creates unique temporary file with secure permissions (0600)
+        2. Writes session data to temporary file
+        3. Atomically renames temp file to final location
+        4. Cleans up on error
+        
+        The atomic rename ensures that:
+        - Multiple instances never corrupt each other's session files
+        - Session files are never partially written
+        - No race conditions occur during concurrent saves
         
         Args:
             session: SessionState to save
+            
+        Raises:
+            IOError: If save operation fails (with detailed error message)
         """
         import tempfile
+        from ..config import Configuration
+        from ..util.color import Color
         
         session.updated_at = time.time()
         session_path = self._get_session_path(session.session_id)
@@ -341,23 +357,29 @@ def save_session(self, session: SessionState) -> None:
         try:
             # Create secure temporary file in same directory as target
             # This ensures atomic rename works (same filesystem)
+            # Prefix with session ID for uniqueness across multiple instances
             temp_fd, temp_path = tempfile.mkstemp(
                 suffix='.tmp',
                 prefix=f'.{session.session_id}_',
                 dir=self.session_dir
             )
             
             # Write session data using file descriptor
+            # fdopen takes ownership of the file descriptor
             with os.fdopen(temp_fd, 'w') as f:
-                temp_fd = None  # fdopen takes ownership
+                temp_fd = None  # Prevent double-close
                 json.dump(session.to_dict(), f, indent=2)
             
             # Permissions already secure (0600 by default from mkstemp)
-            # Atomic rename to final location
+            # Atomic rename to final location (replaces existing file atomically)
             os.rename(temp_path, session_path)
-            temp_path = None  # Successfully renamed
+            temp_path = None  # Successfully renamed, prevent cleanup
+            
+            # Log successful save in verbose mode
+            if Configuration.verbose > 1:
+                Color.pl('{+} {G}Session saved: %s{W}' % session.session_id)
             
-        except Exception:
+        except Exception as e:
             # Clean up temp file on error
             if temp_fd is not None:
                 try:
@@ -371,7 +393,8 @@ def save_session(self, session: SessionState) -> None:
                 except OSError:
                     pass
             
-            raise  # Re-raise the original exception
+            # Re-raise with detailed context
+            raise IOError(f'Failed to save session {session.session_id}: {str(e)}') from e
     
     def load_session(self, session_id: str = None) -> SessionState:
         """
