Bug 1070482 (reaver-wps)

Summary: Review Request: reaver - Brute force attack against Wifi Protected Setup
Product: [Fedora] Fedora Reporter: James Wilson Harshaw IV <jwharshaw>
Component: Package ReviewAssignee: Jaroslav Škarvada <jskarvad>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: rawhideCC: dcbw, gwync, itamar, jskarvad, jwharshaw, mail, olegon, package-review, pahan, rebus
Target Milestone: ---Flags: jskarvad: fedora-review+
gwync: fedora-cvs+
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: reaver-1.4-3.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-06-25 16:29:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 563471    
Attachments:
Description Flags
wpa_supplicant -> reaver diff
none
reaver SPEC
none
Reaver SRPM none

Description James Wilson Harshaw IV 2014-02-26 23:27:25 UTC
Spec URL: http://jamesharshaw.com/reaver.spec
SRPM URL: http://jamesharshaw.com/reaver-1.4-2.1.src.rpm
Description: Reaver-wps is a great an integral security tool for wireless security. It would be a great addition to the Fedora Security Lab. 

It works by exploiting a vulnerability in WPS (Wifi Protected Setup) and bruteforcing the pins. 

Fedora Account System Username: bits3rpent

Comment 1 Christopher Meng 2014-02-26 23:38:49 UTC
Hi,

Can you setup your _real name_ in bugzilla? Currently it's only an email address.

Also for new packagers, please follow the steps described at:

http://fedoraproject.org/wiki/Join_the_package_collection_maintainers#Introduce_yourself

https://fedoraproject.org/wiki/How_to_get_sponsored_into_the_packager_group

Thanks.

Comment 2 Christopher Meng 2014-02-26 23:41:04 UTC
I think I've pointed out that this package bundles libraries, please solve them.

Comment 3 James Wilson Harshaw IV 2014-02-26 23:43:17 UTC
Many libraries are modified specifically for this program, what shall I do about them?

Comment 4 James Wilson Harshaw IV 2014-02-26 23:45:02 UTC
(In reply to Christopher Meng from comment #2)
> I think I've pointed out that this package bundles libraries, please solve
> them.

Comment 6 James Wilson Harshaw IV 2014-02-27 01:26:22 UTC
(In reply to Michael Schwendt from comment #5)
> * https://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries
> *
> https://fedoraproject.org/wiki/Packaging:
> No_Bundled_Libraries#Standard_questions

Noted, contacted upstream for list of modified libraries.

Comment 7 Jaroslav Škarvada 2014-03-07 09:20:28 UTC
Hi,

unfortunately I packaged reaver in parallel :) So at least I can share my patches and observations.

It seems reaver is bundling wireless-tools and wpa_supplicant. I wasn't able to detect any relevant changes of the wireles-tools, so I unbundled it. Regarding wpa_supplicant I am afraid it is not possible to unbundle it. There is no library we could link to, the part of the code is there used like copylib.

In case you are interested, my spec, srpm with patches:
http://fedorapeople.org/~jskarvad/reaver/

Feel free to cherrypick anything you need from it. Also I could help you co-maintain the package.

Comment 8 James Wilson Harshaw IV 2014-03-07 15:30:16 UTC
(In reply to Jaroslav Škarvada from comment #7)
> Hi,
> 
> unfortunately I packaged reaver in parallel :) So at least I can share my
> patches and observations.
> 
> It seems reaver is bundling wireless-tools and wpa_supplicant. I wasn't able
> to detect any relevant changes of the wireles-tools, so I unbundled it.
> Regarding wpa_supplicant I am afraid it is not possible to unbundle it.
> There is no library we could link to, the part of the code is there used
> like copylib.
> 
> In case you are interested, my spec, srpm with patches:
> http://fedorapeople.org/~jskarvad/reaver/
> 
> Feel free to cherrypick anything you need from it. Also I could help you
> co-maintain the package.

No problem at all! I had also come to the realization that we couldn't unbundle the modified wpa_supplicant since it is integral to the functioning of reaver. I would love to co-maintain the package with you!

We now just need to go on an make a case for the bundled (and modified) wpa_supplicant.

Feel free to email me.

-James

Comment 9 Jaroslav Škarvada 2014-03-07 15:54:45 UTC
(In reply to James Wilson Harshaw IV from comment #8)
According to [1] I think we need:
Provides: bundled(wpa_supplicant) = 0.7.3

I will create FESCO ticket for bundling exception.

Also I will take the review.

[1] https://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries#Requirement_if_you_bundle

Comment 10 James Wilson Harshaw IV 2014-03-07 15:58:02 UTC
Wunderbar.

Comment 11 Jaroslav Škarvada 2014-03-07 16:03:58 UTC
I think I currently cannot sponsor you, but I will try to become sponsor (I am already proven packager). I will open another ticket :)

Comment 12 James Wilson Harshaw IV 2014-03-07 16:06:06 UTC
Thank you so much :)

Comment 13 Jaroslav Škarvada 2014-03-07 20:56:36 UTC
We need reply to the following question: 
Whether the bundled wpa_supplicant code was modified and if yes, how it was modified.

I need it to open the FPC ticket. James, I noticed, you have already contacted upstream, could you ask them this question? Thanks.

Also CCing wpa_supplicant maintainer in case he would have any comments.

Comment 14 James Wilson Harshaw IV 2014-03-07 21:00:24 UTC
I have contacted upstream awhile ago asking that question, and have yet to receive a response. I will try again though.

Comment 15 James Wilson Harshaw IV 2014-03-07 21:07:05 UTC
It does state in the README that 
"The following files have been taken from wpa_supplicant. Some have been modified from their original sources:

		o common/*
		o crypto/*
		o tls/*
		o utils/*
		o wps/*
"

but does not state which were modified.

Comment 16 James Wilson Harshaw IV 2014-03-07 21:08:22 UTC
We could possibly just take those specific files from wpa_supplicant and see what code differs.

Comment 17 Jaroslav Škarvada 2014-03-07 22:26:25 UTC
(In reply to Jaroslav Škarvada from comment #11)
> I think I currently cannot sponsor you, but I will try to become sponsor (I
> am already proven packager). I will open another ticket :)

Ticket:
https://fedorahosted.org/packager-sponsors/ticket/125

Comment 18 Jaroslav Škarvada 2014-03-25 14:41:49 UTC
I am sponsor now. I will add "sponsored" status to your FAS account once we progress through this review.

Comment 19 Jaroslav Škarvada 2014-04-07 12:10:13 UTC
Created attachment 883600 [details]
wpa_supplicant -> reaver diff

By looking into the code, I can confirm there is bundled wpa_supplicant 0.7.3. It cannot be easily unbundled, because it is not library and reaver moded it the way allowing extraction of credentials, force usage of small DH keys for fast computation on the AP side, etc. I doubt these changes could ever get upstream, because some of them are there to weaken the security, but the goal of the wpa_supplicant is the opposite. Attaching diff with the Fedora wpa_supplicant 0.7.3.

Comment 20 Jaroslav Škarvada 2014-04-07 12:36:05 UTC
By looking into the reaver source code and comparing it with the wireless-tools-29 I cannot find any differences, thus I think it can be safely unbundled as I did in comment 7 (but I haven't checked the functionality of the resulting binary :). James, please provide new spec/srpm with unbundled wireless-tools and with "Provides: bundled(wpa_supplicant) = 0.7.3". Also please consider moving reaver state file from the /etc to the /var as I also did in comment 7.

Comment 21 Jaroslav Škarvada 2014-04-07 13:07:59 UTC
FPC ticket for bundling exception:
https://fedorahosted.org/fpc/ticket/418

Comment 22 Jaroslav Škarvada 2014-05-20 12:35:16 UTC
(In reply to Jaroslav Škarvada from comment #21)
> FPC ticket for bundling exception:
> https://fedorahosted.org/fpc/ticket/418

Bundling exception got approved, see the ticket above for details.

absal0m: ping, could you provide updated spec/srpm?

Comment 23 James Wilson Harshaw IV 2014-06-27 18:06:45 UTC
Apologies, have been away for awhile.

Glad to hear it has been approved!

I will get right on the updated spec/srpm.

Comment 24 Itamar Reis Peixoto 2014-11-13 22:45:33 UTC
any news about this ?

Comment 25 James Wilson Harshaw IV 2014-11-14 00:08:26 UTC
(In reply to Itamar Reis Peixoto from comment #24)
> any news about this ?

Will hopefully be done before Saturday.

Comment 26 Jaroslav Škarvada 2014-11-14 11:06:53 UTC
Fixed assignee.

Comment 27 Jaroslav Škarvada 2014-11-14 11:07:44 UTC
(In reply to James Wilson Harshaw IV from comment #25)
> (In reply to Itamar Reis Peixoto from comment #24)
> > any news about this ?
> 
> Will hopefully be done before Saturday.

Please upload new SPEC and SRPM.

Comment 28 James Wilson Harshaw IV 2014-11-14 16:26:03 UTC
SPEC : https://drive.google.com/file/d/0B9pYRhIhuHiqTkdzb2dTc1V3d1E/view?usp=sharing

SRPM : https://drive.google.com/file/d/0B9pYRhIhuHiqbW9BTlNibE5aY0k/view?usp=sharing

Sorry for the google drive location, will be setting up fedora hosted.

Build tested, functionality remains intact after modifications.

Comment 29 Jaroslav Škarvada 2014-11-24 15:26:26 UTC
(In reply to James Wilson Harshaw IV from comment #28)

Thanks, found issues:

- you need to bump release if doing changes and adding changelog entry, i.e. change "Release: 1%{?dist}" to "Release: 2%{?dist}" and change the release in changelog appropriately, i.e.:
* Fri Nov 14 2014 James W. Harshaw <jwharshaw> - 1.4-2

- Please add newline before %description and between changelog entries.

- Please add link to FPC ticket with bundling exception (according to [1]), i.e. add the following comment:

# https://fedorahosted.org/fpc/ticket/418
Provides: bundled(wpa_supplicant) = 0.7.3

Please upload updated SPEC and SRPM.

[1] https://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries#Requirement_if_you_bundle

Comment 30 James Wilson Harshaw IV 2014-11-25 21:10:42 UTC
Created attachment 961379 [details]
reaver SPEC

New reaver SPEC file

Comment 31 James Wilson Harshaw IV 2014-11-25 21:11:23 UTC
Created attachment 961380 [details]
Reaver SRPM

New reaver SRPM

Comment 32 Jaroslav Škarvada 2014-11-26 09:43:30 UTC
Thanks. The only blocker remaining now:

- there is inconstitent release and changelog, please change:
Release: 1%{?dist}
to
Release: 2%{?dist}

The release number must be consistent with the changelog, there is 1.4-2 in the changelog, the number after the dash (2) is the release.

Please re-upload updated SPEC and SRPM.

Comment 33 James Wilson Harshaw IV 2015-01-01 21:25:07 UTC
(In reply to Jaroslav Škarvada from comment #32)
> Thanks. The only blocker remaining now:
> 
> - there is inconstitent release and changelog, please change:
> Release: 1%{?dist}
> to
> Release: 2%{?dist}
> 
> The release number must be consistent with the changelog, there is 1.4-2 in
> the changelog, the number after the dash (2) is the release.
> 
> Please re-upload updated SPEC and SRPM.

SPEC: https://truck.it/p/0jUIzy9rD8

SRPM: https://truck.it/p/xBlu8Jl38L

Comment 34 James Wilson Harshaw IV 2015-01-01 21:35:27 UTC
wrongs SRPM link: https://truck.it/p/wR5bEYqbVV

Comment 35 Jaroslav Škarvada 2015-01-09 16:25:13 UTC
I cannot see any problem now, approving.

Comment 36 James Wilson Harshaw IV 2015-03-25 14:38:03 UTC
New Package SCM Request
=======================
Package Name: reaver
Short Description: Brute force attack against Wifi Protected Setup
Upstream URL: http://code.google.com/p/reaver-wps/
Owners: absal0m, jskarvad
Branches: f20 f21 f22 el6 epel7
InitialCC:

Comment 37 Gwyn Ciesla 2015-03-25 17:26:02 UTC
WARNING: Requested package name reaver doesn't match bug summary reaver-wps

Comment 38 James Wilson Harshaw IV 2015-03-25 17:31:36 UTC
(In reply to Jon Ciesla from comment #37)
> WARNING: Requested package name reaver doesn't match bug summary reaver-wps

New Package SCM Request
=======================
Package Name: reaver-wps
Short Description: Brute force attack against Wifi Protected Setup
Upstream URL: http://code.google.com/p/reaver-wps/
Owners: absal0m, jskarvad
Branches: f20 f21 f22 el6 epel7
InitialCC:

Comment 39 James Wilson Harshaw IV 2015-03-25 17:39:28 UTC
Changed SPEC and SRPM to reflect package name reaver-wps. As seen above SCM request was also modified accordingly.

Comment 40 Gwyn Ciesla 2015-03-25 17:54:05 UTC
Git done (by process-git-requests).

Comment 41 Jaroslav Škarvada 2015-06-24 13:43:59 UTC
Package Change Request
======================
Package Name: reawer-wps

I would like to rename the package to 'reaver'. I think this name is more appropriate. Debian and gentoo also uses this name. Source archive and binaries are also named 'reaver'. I think it should be safely renamed in git, because there haven't been any successful build since import and it is not in repo. I am reviewer, co-maintainer. I am going to rename this review request to stay in sync.

Comment 42 Jaroslav Škarvada 2015-06-24 13:44:58 UTC
(In reply to Jaroslav Škarvada from comment #41)
Package Change Request
======================
Package Name: reaver

So this is probably the right request, for details see comment 41.

Comment 43 Gwyn Ciesla 2015-06-24 18:39:00 UTC
Misformatted request.

Comment 44 Jaroslav Škarvada 2015-06-25 08:21:00 UTC
(In reply to Jon Ciesla from comment #43)
> Misformatted request.

???

I proceeded according to 
https://fedoraproject.org/wiki/Package_SCM_admin_requests

> If you need other special changes done which cannot be handled by the template
> field, such as a package that was created with the wrong name that has never
> been imported or built, or otherwise out of the scope of the template please
> state your desire and justification below the template in your Bugzilla
> comment. 

So what's misformatted?

Comment 45 Gwyn Ciesla 2015-06-25 14:04:29 UTC
The last request must be complete, not simply a single field, so copy and paste the original, modify what you need, and reset the flag.

Comment 46 Jaroslav Škarvada 2015-06-25 14:08:21 UTC
Package Change Request
=======================
Package Name: reaver
Short Description: Brute force attack against Wifi Protected Setup
Upstream URL: http://code.google.com/p/reaver-wps/
Owners: absal0m, jskarvad
Branches: f20 f21 f22 el6 epel7
InitialCC:

Comment 47 Gwyn Ciesla 2015-06-25 14:11:56 UTC
Sorry, it needs to be New Package since it doesn't exist yet.

Comment 48 Jaroslav Škarvada 2015-06-25 14:16:02 UTC
New Package SCM Request
=======================
Package Name: reaver
Short Description: Brute force attack against Wifi Protected Setup
Upstream URL: http://code.google.com/p/reaver-wps/
Owners: absal0m, jskarvad
Branches: f20 f21 f22 el6 epel7
InitialCC:

Comment 49 Gwyn Ciesla 2015-06-25 14:19:17 UTC
Git done (by process-git-requests).

Comment 50 Jaroslav Škarvada 2015-06-25 14:27:11 UTC
(In reply to Jon Ciesla from comment #49)
> Git done (by process-git-requests).

Thanks, but the current state is still not correct. I wanted to rename reaver-wps to reaver, but currently there is:

reaver
reaver-wps

and both are the same package. Could you delete reaver-wps? It hasn't been successfully build in koji since imported and it is not in repo.

Comment 51 Gwyn Ciesla 2015-06-25 14:34:00 UTC
I can't rename it in place, you'll need to do:

https://fedoraproject.org/wiki/How_to_remove_a_package_at_end_of_life

on reaver-wps.

Comment 52 Fedora Update System 2015-06-25 16:04:51 UTC
reaver-1.4-3.fc22 has been submitted as an update for Fedora 22.
https://admin.fedoraproject.org/updates/reaver-1.4-3.fc22

Comment 53 Fedora Update System 2015-06-25 16:11:48 UTC
reaver-1.4-3.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/reaver-1.4-3.fc21

Comment 54 Fedora Update System 2015-06-25 16:23:02 UTC
reaver-1.4-3.el7 has been submitted as an update for Fedora EPEL 7.
https://admin.fedoraproject.org/updates/reaver-1.4-3.el7

Comment 55 Fedora Update System 2015-06-25 16:28:56 UTC
reaver-1.4-3.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/reaver-1.4-3.el6

Comment 56 Fedora Update System 2015-07-04 20:11:47 UTC
reaver-1.4-3.fc22 has been pushed to the Fedora 22 stable repository.

Comment 57 Fedora Update System 2015-07-04 20:13:35 UTC
reaver-1.4-3.fc21 has been pushed to the Fedora 21 stable repository.

Comment 58 Fedora Update System 2015-07-13 18:31:15 UTC
reaver-1.4-3.el6 has been pushed to the Fedora EPEL 6 stable repository.

Comment 59 Fedora Update System 2015-07-13 18:31:42 UTC
reaver-1.4-3.el7 has been pushed to the Fedora EPEL 7 stable repository.