Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2024-11-25 00:38:24 -05:00
Code Issues Projects Releases Wiki Activity

fragattacks: ignore old EAPOL replay counters

Browse Source 
When testing the TelenetWiFree hotspot using the command:

  ./fragattack.py wlan0 --no-drivercheck ping I,F,E --rekey-req --rekey-plain

Then the AP would reuse old EAPOL replay counters in the rekey 4-way
handshake. So for the rekey handshake to succeed, the client has to
accept these EAPOL handshake messages with a "reused" replay counter.

Note that these networks also performed the rekey handshake in
plaintext, which will be handled by a subsequent patch.
This commit is contained in:
Mathy Vanhoef 2023-10-11 22:39:10 +02:00
parent 05a607526e
commit c894c820ff
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/rsn_supp/wpa.c
View File

@ -2615,10 +2615,16 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
if (sm->rx_replay_counter_set && if (sm->rx_replay_counter_set &&
os_memcmp(key->replay_counter, sm->rx_replay_counter, os_memcmp(key->replay_counter, sm->rx_replay_counter,
WPA_REPLAY_COUNTER_LEN) <= 0) { WPA_REPLAY_COUNTER_LEN) <= 0) {
#ifndef CONFIG_TESTING_OPTIONS
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
"WPA: EAPOL-Key Replay Counter did not increase - " "WPA: EAPOL-Key Replay Counter did not increase - "
"dropping packet"); "dropping packet");
goto out; goto out;
#else /* CONFIG_TESTING_OPTIONS */
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
"WPA: Ignoring that EAPOL-Key Replay Counter did "
"not increase - can happen during rekeys");
#endif /* CONFIG_TESTING_OPTIONS */
} }
if (key_info & WPA_KEY_INFO_SMK_MESSAGE) { if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {