Bug 1070482 - (reaver-wps) Review Request: reaver - Brute force attack against Wifi Protected Setup
Review Request: reaver - Brute force attack against Wifi Protected Setup
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
unspecified Severity medium
: ---
: ---
Assigned To: Jaroslav Škarvada
Fedora Extras Quality Assurance
:
Depends On:
Blocks: FE-SECLAB
  Show dependency treegraph
 
Reported: 2014-02-26 18:27 EST by James Wilson Harshaw IV
Modified: 2015-07-13 14:31 EDT (History)
10 users (show)

See Also:
Fixed In Version: reaver-1.4-3.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-06-25 12:29:35 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
jskarvad: fedora‑review+
limburgher: fedora‑cvs+


Attachments (Terms of Use)
wpa_supplicant -> reaver diff (24.45 KB, patch)
2014-04-07 08:10 EDT, Jaroslav Škarvada
no flags Details | Diff
reaver SPEC (1.64 KB, text/plain)
2014-11-25 16:10 EST, James Wilson Harshaw IV
no flags Details
Reaver SRPM (707.00 KB, application/x-rpm)
2014-11-25 16:11 EST, James Wilson Harshaw IV
no flags Details

  None (edit)
Description James Wilson Harshaw IV 2014-02-26 18:27:25 EST
Spec URL: http://jamesharshaw.com/reaver.spec
SRPM URL: http://jamesharshaw.com/reaver-1.4-2.1.src.rpm
Description: Reaver-wps is a great an integral security tool for wireless security. It would be a great addition to the Fedora Security Lab. 

It works by exploiting a vulnerability in WPS (Wifi Protected Setup) and bruteforcing the pins. 

Fedora Account System Username: bits3rpent
Comment 1 Christopher Meng 2014-02-26 18:38:49 EST
Hi,

Can you setup your _real name_ in bugzilla? Currently it's only an email address.

Also for new packagers, please follow the steps described at:

http://fedoraproject.org/wiki/Join_the_package_collection_maintainers#Introduce_yourself

https://fedoraproject.org/wiki/How_to_get_sponsored_into_the_packager_group

Thanks.
Comment 2 Christopher Meng 2014-02-26 18:41:04 EST
I think I've pointed out that this package bundles libraries, please solve them.
Comment 3 James Wilson Harshaw IV 2014-02-26 18:43:17 EST
Many libraries are modified specifically for this program, what shall I do about them?
Comment 4 James Wilson Harshaw IV 2014-02-26 18:45:02 EST
(In reply to Christopher Meng from comment #2)
> I think I've pointed out that this package bundles libraries, please solve
> them.
Comment 6 James Wilson Harshaw IV 2014-02-26 20:26:22 EST
(In reply to Michael Schwendt from comment #5)
> * https://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries
> *
> https://fedoraproject.org/wiki/Packaging:
> No_Bundled_Libraries#Standard_questions

Noted, contacted upstream for list of modified libraries.
Comment 7 Jaroslav Škarvada 2014-03-07 04:20:28 EST
Hi,

unfortunately I packaged reaver in parallel :) So at least I can share my patches and observations.

It seems reaver is bundling wireless-tools and wpa_supplicant. I wasn't able to detect any relevant changes of the wireles-tools, so I unbundled it. Regarding wpa_supplicant I am afraid it is not possible to unbundle it. There is no library we could link to, the part of the code is there used like copylib.

In case you are interested, my spec, srpm with patches:
http://fedorapeople.org/~jskarvad/reaver/

Feel free to cherrypick anything you need from it. Also I could help you co-maintain the package.
Comment 8 James Wilson Harshaw IV 2014-03-07 10:30:16 EST
(In reply to Jaroslav Škarvada from comment #7)
> Hi,
> 
> unfortunately I packaged reaver in parallel :) So at least I can share my
> patches and observations.
> 
> It seems reaver is bundling wireless-tools and wpa_supplicant. I wasn't able
> to detect any relevant changes of the wireles-tools, so I unbundled it.
> Regarding wpa_supplicant I am afraid it is not possible to unbundle it.
> There is no library we could link to, the part of the code is there used
> like copylib.
> 
> In case you are interested, my spec, srpm with patches:
> http://fedorapeople.org/~jskarvad/reaver/
> 
> Feel free to cherrypick anything you need from it. Also I could help you
> co-maintain the package.

No problem at all! I had also come to the realization that we couldn't unbundle the modified wpa_supplicant since it is integral to the functioning of reaver. I would love to co-maintain the package with you!

We now just need to go on an make a case for the bundled (and modified) wpa_supplicant.

Feel free to email me.

-James
Comment 9 Jaroslav Škarvada 2014-03-07 10:54:45 EST
(In reply to James Wilson Harshaw IV from comment #8)
According to [1] I think we need:
Provides: bundled(wpa_supplicant) = 0.7.3

I will create FESCO ticket for bundling exception.

Also I will take the review.

[1] https://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries#Requirement_if_you_bundle
Comment 10 James Wilson Harshaw IV 2014-03-07 10:58:02 EST
Wunderbar.
Comment 11 Jaroslav Škarvada 2014-03-07 11:03:58 EST
I think I currently cannot sponsor you, but I will try to become sponsor (I am already proven packager). I will open another ticket :)
Comment 12 James Wilson Harshaw IV 2014-03-07 11:06:06 EST
Thank you so much :)
Comment 13 Jaroslav Škarvada 2014-03-07 15:56:36 EST
We need reply to the following question: 
Whether the bundled wpa_supplicant code was modified and if yes, how it was modified.

I need it to open the FPC ticket. James, I noticed, you have already contacted upstream, could you ask them this question? Thanks.

Also CCing wpa_supplicant maintainer in case he would have any comments.
Comment 14 James Wilson Harshaw IV 2014-03-07 16:00:24 EST
I have contacted upstream awhile ago asking that question, and have yet to receive a response. I will try again though.
Comment 15 James Wilson Harshaw IV 2014-03-07 16:07:05 EST
It does state in the README that 
"The following files have been taken from wpa_supplicant. Some have been modified from their original sources:

		o common/*
		o crypto/*
		o tls/*
		o utils/*
		o wps/*
"

but does not state which were modified.
Comment 16 James Wilson Harshaw IV 2014-03-07 16:08:22 EST
We could possibly just take those specific files from wpa_supplicant and see what code differs.
Comment 17 Jaroslav Škarvada 2014-03-07 17:26:25 EST
(In reply to Jaroslav Škarvada from comment #11)
> I think I currently cannot sponsor you, but I will try to become sponsor (I
> am already proven packager). I will open another ticket :)

Ticket:
https://fedorahosted.org/packager-sponsors/ticket/125
Comment 18 Jaroslav Škarvada 2014-03-25 10:41:49 EDT
I am sponsor now. I will add "sponsored" status to your FAS account once we progress through this review.
Comment 19 Jaroslav Škarvada 2014-04-07 08:10:13 EDT
Created attachment 883600 [details]
wpa_supplicant -> reaver diff

By looking into the code, I can confirm there is bundled wpa_supplicant 0.7.3. It cannot be easily unbundled, because it is not library and reaver moded it the way allowing extraction of credentials, force usage of small DH keys for fast computation on the AP side, etc. I doubt these changes could ever get upstream, because some of them are there to weaken the security, but the goal of the wpa_supplicant is the opposite. Attaching diff with the Fedora wpa_supplicant 0.7.3.
Comment 20 Jaroslav Škarvada 2014-04-07 08:36:05 EDT
By looking into the reaver source code and comparing it with the wireless-tools-29 I cannot find any differences, thus I think it can be safely unbundled as I did in comment 7 (but I haven't checked the functionality of the resulting binary :). James, please provide new spec/srpm with unbundled wireless-tools and with "Provides: bundled(wpa_supplicant) = 0.7.3". Also please consider moving reaver state file from the /etc to the /var as I also did in comment 7.
Comment 21 Jaroslav Škarvada 2014-04-07 09:07:59 EDT
FPC ticket for bundling exception:
https://fedorahosted.org/fpc/ticket/418
Comment 22 Jaroslav Škarvada 2014-05-20 08:35:16 EDT
(In reply to Jaroslav Škarvada from comment #21)
> FPC ticket for bundling exception:
> https://fedorahosted.org/fpc/ticket/418

Bundling exception got approved, see the ticket above for details.

absal0m: ping, could you provide updated spec/srpm?
Comment 23 James Wilson Harshaw IV 2014-06-27 14:06:45 EDT
Apologies, have been away for awhile.

Glad to hear it has been approved!

I will get right on the updated spec/srpm.
Comment 24 Itamar Reis Peixoto 2014-11-13 17:45:33 EST
any news about this ?
Comment 25 James Wilson Harshaw IV 2014-11-13 19:08:26 EST
(In reply to Itamar Reis Peixoto from comment #24)
> any news about this ?

Will hopefully be done before Saturday.
Comment 26 Jaroslav Škarvada 2014-11-14 06:06:53 EST
Fixed assignee.
Comment 27 Jaroslav Škarvada 2014-11-14 06:07:44 EST
(In reply to James Wilson Harshaw IV from comment #25)
> (In reply to Itamar Reis Peixoto from comment #24)
> > any news about this ?
> 
> Will hopefully be done before Saturday.

Please upload new SPEC and SRPM.
Comment 28 James Wilson Harshaw IV 2014-11-14 11:26:03 EST
SPEC : https://drive.google.com/file/d/0B9pYRhIhuHiqTkdzb2dTc1V3d1E/view?usp=sharing

SRPM : https://drive.google.com/file/d/0B9pYRhIhuHiqbW9BTlNibE5aY0k/view?usp=sharing

Sorry for the google drive location, will be setting up fedora hosted.

Build tested, functionality remains intact after modifications.
Comment 29 Jaroslav Škarvada 2014-11-24 10:26:26 EST
(In reply to James Wilson Harshaw IV from comment #28)

Thanks, found issues:

- you need to bump release if doing changes and adding changelog entry, i.e. change "Release: 1%{?dist}" to "Release: 2%{?dist}" and change the release in changelog appropriately, i.e.:
* Fri Nov 14 2014 James W. Harshaw <jwharshaw@gmail.com> - 1.4-2

- Please add newline before %description and between changelog entries.

- Please add link to FPC ticket with bundling exception (according to [1]), i.e. add the following comment:

# https://fedorahosted.org/fpc/ticket/418
Provides: bundled(wpa_supplicant) = 0.7.3

Please upload updated SPEC and SRPM.

[1] https://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries#Requirement_if_you_bundle
Comment 30 James Wilson Harshaw IV 2014-11-25 16:10:42 EST
Created attachment 961379 [details]
reaver SPEC

New reaver SPEC file
Comment 31 James Wilson Harshaw IV 2014-11-25 16:11:23 EST
Created attachment 961380 [details]
Reaver SRPM

New reaver SRPM
Comment 32 Jaroslav Škarvada 2014-11-26 04:43:30 EST
Thanks. The only blocker remaining now:

- there is inconstitent release and changelog, please change:
Release: 1%{?dist}
to
Release: 2%{?dist}

The release number must be consistent with the changelog, there is 1.4-2 in the changelog, the number after the dash (2) is the release.

Please re-upload updated SPEC and SRPM.
Comment 33 James Wilson Harshaw IV 2015-01-01 16:25:07 EST
(In reply to Jaroslav Škarvada from comment #32)
> Thanks. The only blocker remaining now:
> 
> - there is inconstitent release and changelog, please change:
> Release: 1%{?dist}
> to
> Release: 2%{?dist}
> 
> The release number must be consistent with the changelog, there is 1.4-2 in
> the changelog, the number after the dash (2) is the release.
> 
> Please re-upload updated SPEC and SRPM.

SPEC: https://truck.it/p/0jUIzy9rD8

SRPM: https://truck.it/p/xBlu8Jl38L
Comment 34 James Wilson Harshaw IV 2015-01-01 16:35:27 EST
wrongs SRPM link: https://truck.it/p/wR5bEYqbVV
Comment 35 Jaroslav Škarvada 2015-01-09 11:25:13 EST
I cannot see any problem now, approving.
Comment 36 James Wilson Harshaw IV 2015-03-25 10:38:03 EDT
New Package SCM Request
=======================
Package Name: reaver
Short Description: Brute force attack against Wifi Protected Setup
Upstream URL: http://code.google.com/p/reaver-wps/
Owners: absal0m, jskarvad
Branches: f20 f21 f22 el6 epel7
InitialCC:
Comment 37 Jon Ciesla 2015-03-25 13:26:02 EDT
WARNING: Requested package name reaver doesn't match bug summary reaver-wps
Comment 38 James Wilson Harshaw IV 2015-03-25 13:31:36 EDT
(In reply to Jon Ciesla from comment #37)
> WARNING: Requested package name reaver doesn't match bug summary reaver-wps

New Package SCM Request
=======================
Package Name: reaver-wps
Short Description: Brute force attack against Wifi Protected Setup
Upstream URL: http://code.google.com/p/reaver-wps/
Owners: absal0m, jskarvad
Branches: f20 f21 f22 el6 epel7
InitialCC:
Comment 39 James Wilson Harshaw IV 2015-03-25 13:39:28 EDT
Changed SPEC and SRPM to reflect package name reaver-wps. As seen above SCM request was also modified accordingly.
Comment 40 Jon Ciesla 2015-03-25 13:54:05 EDT
Git done (by process-git-requests).
Comment 41 Jaroslav Škarvada 2015-06-24 09:43:59 EDT
Package Change Request
======================
Package Name: reawer-wps

I would like to rename the package to 'reaver'. I think this name is more appropriate. Debian and gentoo also uses this name. Source archive and binaries are also named 'reaver'. I think it should be safely renamed in git, because there haven't been any successful build since import and it is not in repo. I am reviewer, co-maintainer. I am going to rename this review request to stay in sync.
Comment 42 Jaroslav Škarvada 2015-06-24 09:44:58 EDT
(In reply to Jaroslav Škarvada from comment #41)
Package Change Request
======================
Package Name: reaver

So this is probably the right request, for details see comment 41.
Comment 43 Jon Ciesla 2015-06-24 14:39:00 EDT
Misformatted request.
Comment 44 Jaroslav Škarvada 2015-06-25 04:21:00 EDT
(In reply to Jon Ciesla from comment #43)
> Misformatted request.

???

I proceeded according to 
https://fedoraproject.org/wiki/Package_SCM_admin_requests

> If you need other special changes done which cannot be handled by the template
> field, such as a package that was created with the wrong name that has never
> been imported or built, or otherwise out of the scope of the template please
> state your desire and justification below the template in your Bugzilla
> comment. 

So what's misformatted?
Comment 45 Jon Ciesla 2015-06-25 10:04:29 EDT
The last request must be complete, not simply a single field, so copy and paste the original, modify what you need, and reset the flag.
Comment 46 Jaroslav Škarvada 2015-06-25 10:08:21 EDT
Package Change Request
=======================
Package Name: reaver
Short Description: Brute force attack against Wifi Protected Setup
Upstream URL: http://code.google.com/p/reaver-wps/
Owners: absal0m, jskarvad
Branches: f20 f21 f22 el6 epel7
InitialCC:
Comment 47 Jon Ciesla 2015-06-25 10:11:56 EDT
Sorry, it needs to be New Package since it doesn't exist yet.
Comment 48 Jaroslav Škarvada 2015-06-25 10:16:02 EDT
New Package SCM Request
=======================
Package Name: reaver
Short Description: Brute force attack against Wifi Protected Setup
Upstream URL: http://code.google.com/p/reaver-wps/
Owners: absal0m, jskarvad
Branches: f20 f21 f22 el6 epel7
InitialCC:
Comment 49 Jon Ciesla 2015-06-25 10:19:17 EDT
Git done (by process-git-requests).
Comment 50 Jaroslav Škarvada 2015-06-25 10:27:11 EDT
(In reply to Jon Ciesla from comment #49)
> Git done (by process-git-requests).

Thanks, but the current state is still not correct. I wanted to rename reaver-wps to reaver, but currently there is:

reaver
reaver-wps

and both are the same package. Could you delete reaver-wps? It hasn't been successfully build in koji since imported and it is not in repo.
Comment 51 Jon Ciesla 2015-06-25 10:34:00 EDT
I can't rename it in place, you'll need to do:

https://fedoraproject.org/wiki/How_to_remove_a_package_at_end_of_life

on reaver-wps.
Comment 52 Fedora Update System 2015-06-25 12:04:51 EDT
reaver-1.4-3.fc22 has been submitted as an update for Fedora 22.
https://admin.fedoraproject.org/updates/reaver-1.4-3.fc22
Comment 53 Fedora Update System 2015-06-25 12:11:48 EDT
reaver-1.4-3.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/reaver-1.4-3.fc21
Comment 54 Fedora Update System 2015-06-25 12:23:02 EDT
reaver-1.4-3.el7 has been submitted as an update for Fedora EPEL 7.
https://admin.fedoraproject.org/updates/reaver-1.4-3.el7
Comment 55 Fedora Update System 2015-06-25 12:28:56 EDT
reaver-1.4-3.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/reaver-1.4-3.el6
Comment 56 Fedora Update System 2015-07-04 16:11:47 EDT
reaver-1.4-3.fc22 has been pushed to the Fedora 22 stable repository.
Comment 57 Fedora Update System 2015-07-04 16:13:35 EDT
reaver-1.4-3.fc21 has been pushed to the Fedora 21 stable repository.
Comment 58 Fedora Update System 2015-07-13 14:31:15 EDT
reaver-1.4-3.el6 has been pushed to the Fedora EPEL 6 stable repository.
Comment 59 Fedora Update System 2015-07-13 14:31:42 EDT
reaver-1.4-3.el7 has been pushed to the Fedora EPEL 7 stable repository.

Note You need to log in before you can comment on or make changes to this bug.