From e085bb5090e70b3bad7b606dfd6d78ad0b17a1f7 Mon Sep 17 00:00:00 2001
From: xfangfang <2553041586@qq.com>
Date: Mon, 27 May 2024 04:07:22 +0800
Subject: [PATCH] Fix LCP magic number

---
 src/exploit.cpp  | 2 +-
 tests/output.cpp | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/exploit.cpp b/src/exploit.cpp
index c271762..f151be8 100644
--- a/src/exploit.cpp
+++ b/src/exploit.cpp
@@ -781,7 +781,7 @@ int Exploit::stage1() {
         auto &&echoReply = PacketBuilder::lcpEchoReply(etherLayer->getDestMac(), etherLayer->getSourceMac(),
                                                        pppLayer->getPPPoEHeader()->sessionId,
                                                        pppLayer->getLayerPayload()[1], // id
-                                                       *(uint32_t * ) & pppLayer->getLayerPayload()[4]); // magic number
+                                                       htole32(*(uint32_t * ) & pppLayer->getLayerPayload()[4])); // magic number
         device->sendPacket(&echoReply);
     }, nullptr);
 
diff --git a/tests/output.cpp b/tests/output.cpp
index 19f2251..328cc7e 100644
--- a/tests/output.cpp
+++ b/tests/output.cpp
@@ -72,7 +72,9 @@ int main() {
     std::cout << "BAD LCP" << std::endl;
     buildMaliciousLcp(nullptr, 0);
     std::cout << "LCP echo" << std::endl;
-    buildLcpEchoReply(nullptr, 0, "12:23:34:45:56:67", "a0:a1:a2:a3:a4:a5", 123, 2, 345);
+    uint8_t magic_number[] = {0x12, 0x34, 0x56, 0x78};
+    buildLcpEchoReply(nullptr, 0, "12:23:34:45:56:67", "a0:a1:a2:a3:a4:a5", 123, 2,
+                      htole32(*(uint32_t *) &magic_number));
     std::cout << "LCP term" << std::endl;
     buildLcpTerminate(nullptr, 0);