Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2024-11-24 16:28:23 -05:00
Code Issues Projects Releases Wiki Activity

fragattack: improved scapy fix and driver/hostap version check

Browse Source
This commit is contained in:
Mathy Vanhoef 2021-01-21 01:49:12 +04:00
parent ac012353e9
commit 6f8d45f37e
4 changed files with 42 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
research/README.md
View File

@ -50,8 +50,11 @@ the paper also briefly discusses the applicability of the attacks against WEP.
- Fixed injection of fragmented frames when using ath9k_htc dongles in combination with 802.11n. - Fixed injection of fragmented frames when using ath9k_htc dongles in combination with 802.11n.
- The python `requirements.txt` file now references a patched scapy version to address an - The `pysetup.sh` script has been added to create the python virtual environment. This script also fixes
[incompatibility](https://github.com/secdev/scapy/commit/46fa40fde4049ad7770481f8806c59640df24059) with Python 3.9. [a bug](https://github.com/secdev/scapy/commit/46fa40fde4049ad7770481f8806c59640df24059) in the scapy library
when used with Python 3.9.
- The patched drivers have been updated to properly compile on Linux 5.9.0.
- Fixed the `ping-frag-sep` test. Previously it behaved like `ping-frag-sep --pn-per-qos`. Note that this test - Fixed the `ping-frag-sep` test. Previously it behaved like `ping-frag-sep --pn-per-qos`. Note that this test
is not used to detect vulnerabilities but only to better understand implementations. is not used to detect vulnerabilities but only to better understand implementations.
@ -99,25 +102,23 @@ sequence or fragment number of injected frames, or may reorder frames of differe
interferes with the test tool (i.e. the tool might say a device is secure although it's not). interferes with the test tool (i.e. the tool might say a device is secure although it's not).
I have confirmed that the following network cards work properly: I have confirmed that the following network cards work properly:
| Network Card | USB | 5GHz | mixed mode | injection mode | hwsim mode | | Network Card | USB | 5GHz | mixed mode | injection mode |
| ---------------------- | --- | ---- | ----------------------- | ----------------------- | -------------------- | | ---------------------- | --- | ---- | ----------------------- | ----------------------- |
| Technoethical N150 HGA | Yes | No | patched driver/firmware | patched driver/firmware | _under development_ | | Technoethical N150 HGA | Yes | No | patched driver/firmware | patched driver/firmware |
| TP-Link TL-WN722N v1.x | Yes | No | patched driver/firmware | patched driver/firmware | _under development_ | | TP-Link TL-WN722N v1.x | Yes | No | patched driver/firmware | patched driver/firmware |
| Alfa AWUS036NHA | Yes | No | patched driver/firmware | patched driver/firmware | _under development_ | | Alfa AWUS036NHA | Yes | No | patched driver/firmware | patched driver/firmware |
| Intel Wireless-AC 8265 | No | Yes | patched driver | yes | _under development_ | | Intel Wireless-AC 8265 | No | Yes | patched driver | yes |
| Intel Wireless-AC 3160 | No | Yes | patched driver | yes | _under development_ | | Intel Wireless-AC 3160 | No | Yes | patched driver | yes |
| Alfa AWUS036ACM | Yes | Yes | patched driver | yes | _under development_ | | Alfa AWUS036ACM | Yes | Yes | patched driver | yes |
| Netgear WN111v2 | Yes | No | patched driver | yes | _under development_ | | Netgear WN111v2 | Yes | No | patched driver | yes |
| Alfa AWUS036ACH | Yes | Yes | **TODO** | **TODO** | _under development_ | | Alfa AWUS036ACH | Yes | Yes | **TODO** | **TODO** |
The three last colums signify: The three two colums signify:
1. Mixed mode: whether the network card can be used in [mixed mode](#id-mixed-mode). 1. Mixed mode: whether the network card can be used in [mixed mode](#id-mixed-mode).
2. Injection mode: whether the network card can be used as a second interface to inject frames in [injection mode](#id-injection-mode). 2. Injection mode: whether the network card can be used as a second interface to inject frames in [injection mode](#id-injection-mode).
3. Hwsim mode: whether the network card can be used in the experimental [hwsim mode](#id-hwsim-mode).
_Yes_ indicates the card works out-of-the-box in the given mode. _Patched driver/firmware_ _Yes_ indicates the card works out-of-the-box in the given mode. _Patched driver/firmware_
means that the card is compatible when used with patched drivers and/or firmware. means that the card is compatible when used with patched drivers and/or firmware.
_No_ means this mode is not supported by the network card. _No_ means this mode is not supported by the network card.
@ -170,10 +171,7 @@ Now clone this repository, build the tools, and configure a virtual python3 envi
# git clone https://github.com/vanhoefm/fragattack.git fragattack # git clone https://github.com/vanhoefm/fragattack.git fragattack
cd fragattack/research cd fragattack/research
./build.sh ./build.sh
python3 -m venv venv ./pysetup.sh
source venv/bin/activate
pip install wheel
pip install -r requirements.txt
The above instructions only have to be executed once. After pulling in new code using git you do The above instructions only have to be executed once. After pulling in new code using git you do
have to execute `./build.sh` again. have to execute `./build.sh` again.

12
research/fraginternals.py
View File

@ -732,8 +732,9 @@ class Daemon(metaclass=abc.ABCMeta):
log(STATUS, "To ignore this warning and timeout add the parameter --no-drivercheck") log(STATUS, "To ignore this warning and timeout add the parameter --no-drivercheck")
time.sleep(5) time.sleep(5)
elif FRAGVERSION != open("/sys/module/mac80211/parameters/fragattack_version").read().strip(): elif FRAGVERSION != open("/sys/module/mac80211/parameters/fragattack_version").read().strip():
version = open("/sys/module/mac80211/parameters/fragattack_version").read().strip()
log(ERROR, f"This script has version {FRAGVERSION} but the modified drivers are version {version}.") log(ERROR, f"This script has version {FRAGVERSION} but the modified drivers are version {version}.")
log(ERROR, f"Please recompile and reinstall the modified drivers (see the README for details).") log(ERROR, f"Recompile and reinstall the modified drivers or add --no-drivercheck (see the README for details).")
quit(1) quit(1)
# 1. Assign/create interfaces according to provided options # 1. Assign/create interfaces according to provided options
@ -801,9 +802,16 @@ class Daemon(metaclass=abc.ABCMeta):
def connect_wpaspy(self): def connect_wpaspy(self):
# Wait until daemon started # Wait until daemon started
while not os.path.exists("wpaspy_ctrl/" + self.nic_iface): time_abort = time.time() + 10
while not os.path.exists("wpaspy_ctrl/" + self.nic_iface) and time.time() < time_abort:
time.sleep(0.1) time.sleep(0.1)
# Abort if daemon didn't start properly
if not os.path.exists("wpaspy_ctrl/" + self.nic_iface):
log(ERROR, "Unable to connect to control interface. Did hostap/wpa_supplicant start properly?")
log(ERROR, "Try recompiling them using ./build.sh and double-check client.conf and hostapd.conf.")
quit(1)
# Open the wpa_supplicant or hostapd control interface # Open the wpa_supplicant or hostapd control interface
try: try:
self.wpaspy_ctrl = Ctrl("wpaspy_ctrl/" + self.nic_iface) self.wpaspy_ctrl = Ctrl("wpaspy_ctrl/" + self.nic_iface)

14
research/pysetup.sh Executable file
View File

@ -0,0 +1,14 @@
#!/bin/bash
# Start from a clean environment
rm -rf venv/
# Basic python3 virtual environment
python3 -m venv venv
source venv/bin/activate
pip install wheel
pip install -r requirements.txt
# Fix a bug in scapy that isn't fixed in the PyPI version yet. For background see
# https://github.com/secdev/scapy/commit/46fa40fde4049ad7770481f8806c59640df24059
sed -i 's/find_library("libc")/find_library("c")/g' venv/lib/python*/site-packages/scapy/arch/bpf/core.py

2
research/requirements.txt
View File

@ -8,7 +8,7 @@ py==1.8.1
pycryptodome==3.9.7 pycryptodome==3.9.7
pyparsing==2.4.6 pyparsing==2.4.6
pytest==5.3.5 pytest==5.3.5
git+https://github.com/vanhoefm/scapy.git@v2.4.4fix1#egg=scapy scapy==2.4.3
simpy==3.0.11 simpy==3.0.11
six==1.14.0 six==1.14.0
sympy==1.5.1 sympy==1.5.1