fragattack: automatically detect rekey request timeout

This commit is contained in:
Mathy Vanhoef 2020-11-11 21:22:08 +04:00
parent 805bd55942
commit dd3f2ba7f2

View File

@ -329,6 +329,9 @@ class Station():
# To trigger Connected event 1-2 seconds after Authentication # To trigger Connected event 1-2 seconds after Authentication
self.time_connected = None self.time_connected = None
def stop_test(self):
self.test = None
def reset_keys(self): def reset_keys(self):
self.tk = None self.tk = None
self.gtk = None self.gtk = None
@ -341,7 +344,7 @@ class Station():
if self.test != None and self.test.check != None and self.test.check(p): if self.test != None and self.test.check != None and self.test.check(p):
log(STATUS, "Received packet: " + repr(p)) log(STATUS, "Received packet: " + repr(p))
log(STATUS, ">>> TEST COMPLETED SUCCESSFULLY", color="green") log(STATUS, ">>> TEST COMPLETED SUCCESSFULLY", color="green")
self.test = None self.stop_test()
def send_mon(self, data, prior=1, plaintext=False): def send_mon(self, data, prior=1, plaintext=False):
""" """
@ -614,7 +617,7 @@ class Station():
self.handle_connected() self.handle_connected()
elif self.test != None and self.test.timedout(): elif self.test != None and self.test.timedout():
log(ERROR, ">>> Test timed out! Retry to be sure, or manually check result.") log(ERROR, ">>> Test timed out! Retry to be sure, or manually check result.")
self.test = None self.stop_test()
# ----------------------------------- Client and AP Daemons ----------------------------------- # ----------------------------------- Client and AP Daemons -----------------------------------
@ -1063,6 +1066,7 @@ class Supplicant(Daemon):
self.dhcp_xid = None self.dhcp_xid = None
self.dhcp_offer_frame = False self.dhcp_offer_frame = False
self.time_retrans_dhcp = None self.time_retrans_dhcp = None
self.time_rekey_req = None
def get_tk(self, station): def get_tk(self, station):
tk = self.wpaspy_command("GET tk") tk = self.wpaspy_command("GET tk")
@ -1091,6 +1095,7 @@ class Supplicant(Daemon):
if self.options.rekey_request: if self.options.rekey_request:
log(STATUS, "Actively requesting PTK rekey", color="green") log(STATUS, "Actively requesting PTK rekey", color="green")
self.wpaspy_command("KEY_REQUEST 0 1") self.wpaspy_command("KEY_REQUEST 0 1")
self.time_rekey_req = time.time() + 4
else: else:
log(STATUS, "Client cannot force rekey. Waiting on AP to start PTK rekey.", color="orange") log(STATUS, "Client cannot force rekey. Waiting on AP to start PTK rekey.", color="orange")
@ -1099,6 +1104,11 @@ class Supplicant(Daemon):
log(WARNING, "Retransmitting DHCP message", color="orange") log(WARNING, "Retransmitting DHCP message", color="orange")
self.get_ip(self) self.get_ip(self)
if self.time_rekey_req != None and time.time() > self.time_rekey_req:
self.time_rekey_req = None
log(ERROR, "Rekey request timed out. Configure AP to periodically renew PTK instead.")
self.station.stop_test()
self.station.time_tick() self.station.time_tick()
def send_dhcp_discover(self): def send_dhcp_discover(self):
@ -1162,6 +1172,10 @@ class Supplicant(Daemon):
if BOOTP in p and p[BOOTP].xid == self.dhcp_xid: if BOOTP in p and p[BOOTP].xid == self.dhcp_xid:
self.handle_eth_dhcp(p) self.handle_eth_dhcp(p)
else: else:
# Assume any EAPOL reply means rekey request worked (this isn't 100% accurate but should do)
if EAPOL in p:
self.time_rekey_req = None
if self.arp_sock != None: if self.arp_sock != None:
self.arp_sock.reply(p) self.arp_sock.reply(p)
self.station.handle_eth(p) self.station.handle_eth(p)