removed WPS information field

Author: =

changelog

@@ -1,6 +1,10 @@
 03.03.2025
 ==========
-changed option -c to -t because output is tabulator separated an not comma separated
+hcxnmealog: removed WPS information - all tested APs use WPS 2.0!
+
+03.03.2025
+==========
+hcxnmealog: changed option -c to -t because output is tabulator separated an not comma separated
 
 02.03.2025
 ==========
@@ -134,11 +138,6 @@ less common options:
 added new passive GPS logger hcxnmealog. It can run in parallel with hcxdumptool, tshark or Wireshark
 data is logged to NMEA 0183 format (BSSID only - can be prosssed by gpsbabel) and CSV (tabulator separeted)
 
-There is still work in progress:
-evaluation of RSN-IE and log to CSV
-evaluation of WPA-IE and log to CSV
-evaluation of WPS-IE and log to CSV
-
 hcxnmealog:
 -n <file>      : output nmea 0183 track to file
                   track append to file: filename
@@ -154,11 +153,9 @@ hcxnmealog:
                    ESSID (network name)
                    COUNTRY CODE (ISO / IEC 3166 alpha2 country code)
                    ENCRYPTION (encrypted / open)
-                   RSN INFORMATION ELEMENT
-                    bitmask (--help for more information)
-                   WPA INFORMATION ELEMENT
+                   RSN INFORMATION ELEMENT (WPA2/WPA3)
                     bitmask (--help for more information)
-                   WPS INFORMATION ELEMENT
+                   WPA INFORMATION ELEMENT (WPA1)
                     bitmask (--help for more information)
                    FREQUENCY (interface frequency in MHz)
                    CHANNEL
@@ -184,9 +181,42 @@ hcxnmealog:
 
 --bpf=<file>   : input Berkeley Packet Filter (BPF) code (maximum 4096 instructions) in tcpdump decimal numbers format
                   see --help for more information
---help         : show this help
+--help         : show additional help
 --version      : show version
 
+Additional information:
+ 0x00000000 suite not in use
+Cipher Suites (bitmask)
+ 0x00000001 WEP
+ 0x00000002 TKIP
+ 0x00000004 RESERVED
+ 0x00000008 CCMP-128
+ 0x00000010 WEP-104
+ 0x00000020 BIP-CMAC-128
+ 0x00000040 Group Address Traffic Not Allowed
+ 0x00000080 GCMP-128
+ 0x00000100 GCMP-256
+ 0x00000200 CCMP-256
+ 0x00000400 BIP-GMAC-128
+ 0x00000800 BIP-GMAC-256
+ 0x00001000 BIP-CMAC-256
+ 0x00008000 unknown
+Authentication Management Suites (bitmask)
+ 0x00010000 802.1X
+ 0x00020000 PSK
+ 0x00040000 FT + 802.1X
+ 0x00080000 FT + PSK
+ 0x00100000 802.1X SHA-256
+ 0x00200000 PSK SHA-256
+ 0x00400000 TDLS
+ 0x00800000 SAE SHA-256
+ 0x01000000 FT + SAE SHA-256
+ 0x02000000 AP Peer Key Authentication
+ 0x04000000 802.1X Suite B EAP SH-256
+ 0x08000000 802.1X Suite B EAP SH-384
+ 0x10000000 FT + 802.1X SHA-384
+ 0x80000000 unknown
+
 11.11.2024
 ==========
 release v6.3.5

hcxnmealog.c

@@ -584,16 +584,16 @@ return;
 /*===========================================================================*/
 static inline __attribute__((always_inline)) void write_tsv(int i)
 {
-if((aplist + i)->apdata->essid[0] != 0) fprintf(fh_tsv, "%lld\t%02x%02x%02x%02x%02x%02x\t%.*s\t%c%c\t%s\t%08x\t%08x\t%8u\t%u\t%d\t%d\t%f\t%f\t%f%c\t%f\t%f\t%f\t%f\n",
+if((aplist + i)->apdata->essid[0] != 0) fprintf(fh_tsv, "%lld\t%02x%02x%02x%02x%02x%02x\t%.*s\t%c%c\t%s\t%08x\t%08x\t%u\t%d\t%d\t%f\t%f\t%f%c\t%f\t%f\t%f\t%f\n",
 	(long long)(aplist + i)->tsakt,
 	macfrx->addr3[0], macfrx->addr3[1], macfrx->addr3[2], macfrx->addr3[3], macfrx->addr3[4], macfrx->addr3[5], (aplist + i)->apdata->essidlen, (aplist + i)->apdata->essid, (aplist + i)->apdata->country[0], (aplist + i)->apdata->country[1],
-	(aplist + i)->apdata->encmode, (aplist + i)->apdata->rsnie, (aplist + i)->apdata->wpaie, (aplist + i)->apdata->wpsie,
+	(aplist + i)->apdata->encmode, (aplist + i)->apdata->rsnie, (aplist + i)->apdata->wpaie,
 	(aplist + i)->apdata->frequency, (aplist + i)->apdata->channel,(s8)(aplist + i)->apdata->rssi,
 	(aplist + i)->apdata->latitude, (aplist + i)->apdata->longitude, (aplist + i)->apdata->altitude, (aplist + i)->apdata->altitudeunit, (aplist + i)->apdata->speed, (aplist + i)->apdata->pdop, (aplist + i)->apdata->hdop, (aplist + i)->apdata->vdop);
-else fprintf(fh_tsv, "%lld\t%02x%02x%02x%02x%02x%02x\t<WILDCARD SSID LEN %d>\t%c%c\t%s\t%8u\t%08x\t%08x\t%u\t%d\t%d\t%f\t%f\t%f%c\t%f\t%f\t%f\t%f\n",
+else fprintf(fh_tsv, "%lld\t%02x%02x%02x%02x%02x%02x\t<WILDCARD SSID LEN %d>\t%c%c\t%s\t%8u\t%08x\t%u\t%d\t%d\t%f\t%f\t%f%c\t%f\t%f\t%f\t%f\n",
 	(long long)(aplist + i)->tsakt,
 	macfrx->addr3[0], macfrx->addr3[1], macfrx->addr3[2], macfrx->addr3[3], macfrx->addr3[4], macfrx->addr3[5], (aplist + i)->apdata->essidlen,  (aplist + i)->apdata->country[0], (aplist + i)->apdata->country[1],
-	(aplist + i)->apdata->encmode, (aplist + i)->apdata->rsnie, (aplist + i)->apdata->wpaie, (aplist + i)->apdata->wpsie,
+	(aplist + i)->apdata->encmode, (aplist + i)->apdata->rsnie, (aplist + i)->apdata->wpaie,
 	(aplist + i)->apdata->frequency, (aplist + i)->apdata->channel, (s8)(aplist + i)->apdata->rssi,
 	(aplist + i)->apdata->latitude, (aplist + i)->apdata->longitude, (aplist + i)->apdata->altitude, (aplist + i)->apdata->altitudeunit, (aplist + i)->apdata->speed, (aplist + i)->apdata->pdop, (aplist + i)->apdata->hdop, (aplist + i)->apdata->vdop);
 return;
@@ -747,6 +747,8 @@ static u16 twstatus;
 static int tlen;
 static size_t i;
 
+printf("\n\n");
+
 twstatus = 0;
 while(0 < infolen)
 	{
@@ -1074,7 +1076,7 @@ fprintf(stdout, "%s %s  (C) %s ZeroBeat\n"
 	" 0x04000000 802.1X Suite B EAP SH-256\n"
 	" 0x08000000 802.1X Suite B EAP SH-384\n"
 	" 0x10000000 FT + 802.1X SHA-384\n"
-	" 0x80000000 unknown\n\n"
+	" 0x80000000 unknown\n"
 	"\n", eigenname, VERSION_TAG, VERSION_YEAR);
 exit(EXIT_SUCCESS);
 }
@@ -1105,10 +1107,6 @@ fprintf(stdout, "%s %s (C) %s ZeroBeat\n"
 	"                    bitmask (--help for more information)\n"
 	"                   WPA INFORMATION ELEMENT (WPA1)\n"
 	"                    bitmask (--help for more information)\n"
-	"                   WPS INFORMATION ELEMENT\n"
-	"                    0 = WPS not in use\n"
-	"                    1 = WPS 1.0\n"
-	"                    2 = WPS 2.0\n"
 	"                   FREQUENCY (interface frequency in MHz)\n"
 	"                   CHANNEL\n"
 	"                   RSSI (signal strength in dBm)\n"
@@ -1133,7 +1131,7 @@ fprintf(stdout, "%s %s (C) %s ZeroBeat\n"
 	"\n"
 	"--bpf=<file>   : input Berkeley Packet Filter (BPF) code (maximum %d instructions) in tcpdump decimal numbers format\n"
 	"                  see --help for more information\n"
-	"--help         : show this help\n"
+	"--help         : show additional help\n"
 	"--version      : show version\n"
 	"\n", eigenname, VERSION_TAG, VERSION_YEAR, eigenname, BPF_MAXINSNS);
 exit(EXIT_SUCCESS);

include/ieee80211.h

@@ -202,6 +202,17 @@ typedef struct __attribute__((__packed__))
 
 }ieee80211_ietag_t;
 #define IEEE80211_IETAG_SIZE offsetof(ieee80211_ietag_t, ie)
+
+/*---------------------------------------------------------------------------*/
+typedef struct __attribute__((__packed__))
+{
+ u16	id;
+#define TAG_SSID	0x00
+ u16	len;
+ u8	et[1];
+}ieee80211_ieet_t;
+#define IEEE80211_IEET_SIZE offsetof(ieee80211_ieet_t, ie)
+
 /*---------------------------------------------------------------------------*/
 typedef struct __attribute__((__packed__))
 {
@@ -405,7 +416,10 @@ static const u8 wpapsk[SUITE_SIZE] =
 {
 0x00, 0x50, 0xf2, 0x02
 };
-
+static const u8 wpstype[SUITE_SIZE] =
+{
+0x00, 0x50, 0xf2, 0x04
+};
 
 static const int vendoraprg[] =
 {