Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2024-11-24 16:28:23 -05:00
Code Issues Projects Releases Wiki Activity

fragattack: add RT5572 notes

Browse Source
This commit is contained in:
Mathy Vanhoef 2022-01-27 17:15:05 +01:00
parent 0e9ef74801
commit 568d566478
2 changed files with 57 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
README.md
View File

@ -467,7 +467,8 @@ In case the test tool doesn't appear to be working, check the following:
1. Check that no other process is using the network card (e.g. kill your network manager). 1. Check that no other process is using the network card (e.g. kill your network manager).
2. If everything worked previously, try unplugging your Wi-Fi dongle, restart your computer or virtual 2. If everything worked previously, try unplugging your Wi-Fi dongle, restart your computer or virtual
machine, and then try again. machine, and then try again. Also try to disable hardware encryption using the `disable-hwcrypto.sh`
script (reboot your computer after executing this script).
3. Assure the device you are testing doesn't enter a sleep state (causing it to miss injected frames). 3. Assure the device you are testing doesn't enter a sleep state (causing it to miss injected frames).
I recommend running the test tool in [mixed mode](#id-mixed-mode) since this better handles clients I recommend running the test tool in [mixed mode](#id-mixed-mode) since this better handles clients
@ -940,6 +941,15 @@ I tested the Intel AX200 and found that it is _not_ compatible with the test too
after injecting a frame with the More Fragments flag set. If an Intel developer is reading this, please after injecting a frame with the More Fragments flag set. If an Intel developer is reading this, please
update the firmware and make it possible to inject fragmented frames. update the firmware and make it possible to inject fragmented frames.
### RT5572-based chips
I tested this chipset using the general [CSL USB 2.0 WLAN Adapter 300Mbit adapter](http://www.amazon.de/dp/B00LLIOT34?tag=modwiffir-20).
After disabling hardware decryption by executing the `disable-hwcrypto.sh` script I was able to perform
a basic ping test (`ping`). A fragmented ping test (`ping I,E,E`) was very unreliable but sometimes worked.
The current conclusion is that RT5572 chips _might_ work with the test tool after disabling hardware
encryption. But extra experiments are needed to confirm this (feedback is welcome).
<a id="id-hwsim-details"></a> <a id="id-hwsim-details"></a>
## 9.9. Hwsim mode details ## 9.9. Hwsim mode details

46
research/disable-hwcrypto.sh Executable file
View File

@ -0,0 +1,46 @@
#!/bin/bash
# Copyright (c) 2017, Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
#
# This code may be distributed under the terms of the BSD license.
# See README for more details.
set -e
NOHWCRYPT="ath5k ath9k ath9k_htc rt2800usb carl9170 b43 p54common rt2500usb rt2800pci rt73usb"
SWCRYPTO="iwlwifi iwl3945 iwl4965"
HWCRYPTO="ipw2200"
MODFILE="/etc/modprobe.d/nohwcrypt.conf"
# 0. Check if we have root privileges
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root"
exit 1
fi
# 1. Create nohwcrypt.conf options file
rm $MODFILE 2> /dev/null || true
for MODULE in $NOHWCRYPT
do echo "options $MODULE nohwcrypt=1" >> $MODFILE; done
for MODULE in $SWCRYPTO
do echo "options $MODULE swcrypto=1" >> $MODFILE; done
for MODULE in $HWCRYPTO
do echo "options $MODULE hwcrypto=0" >> $MODFILE; done
# 2. Remove loaded modules so they'll reload parameters. Note that modules that
# are in use by others won't be removed (e.g. iwlwifi won't be removed).
for MODULE in $NOHWCRYPT $SWCRYPTO $HWCRYPTO
do rmmod $MODULE 2> /dev/null || true; done
# 3. Done. To be sure parameters are reloaded, reboot computer.
echo "Created config file $MODFILE to disable hardware decryption."
echo "Reboot your computer to apply the changes."