Plan 9: WiFi Protected Setup

 

Demo of Wifi router connection using WiFi Protected Setup (WPS).

WiFi Protected Setup (WPS) allows you to connect to an Access Point (router) via Push Button Control (PBC) or a temporary PIN.

 

Authentication Flow 

Direction Message / Contents Phase / Purpose
Supplicant → AP Authentication Request 802.11 Authentication
Supplicant ← AP Authentication Response
Supplicant → AP Association Request 802.11 Association
Supplicant ← AP Association Response
Supplicant → AP EAPOL-Start EAP Initiation
Supplicant ← AP EAP-Request Identity
Supplicant → AP EAP-Response Identity
(Identity: “WFA-SimpleConfig-Registrar-1-0”)
Supplicant ← AP WSC Start
Enrollee → Registrar (M1) N1 || Description || PKₑ Diffie-Hellman Key Exchange
Enrollee ← Registrar (M2) N1 || N2 || Description || PKᵣ || Authenticator
Enrollee → Registrar (M3) N2 || E-Hash1 || E-Hash2 || Authenticator Commit to PIN values
Enrollee ← Registrar (M4) N1 || R-Hash1 || R-Hash2 || EKeyWrapKey(R-S1) || Authenticator Prove possession of 1st half of PIN
Enrollee → Registrar (M5) N2 || EKeyWrapKey(E-S1) || Authenticator Prove possession of 1st half of PIN
Enrollee ← Registrar (M6) N1 || EKeyWrapKey(R-S2) || Authenticator Prove possession of 2nd half of PIN
Enrollee → Registrar (M7) N2 || EKeyWrapKey(E-S2 || ConfigData) || Authenticator Prove 2nd half of PIN; send AP configuration
Enrollee ← Registrar (M8) N1 || EKeyWrapKey(ConfigData) || Authenticator Set AP configuration
 

Lessons Learnt

  1. The router sends the WSC start request only if WSC IE is sent in the association request (WPS flow).
  2. In WPA flow, you must NOT send WSC IE in the association request.
  3. PBC uses a shortened flow M1 → M2 → M3 → M5 → M7 → M8.
  4. Authenticator in M2 provides a good way of verifying cryptographic algorithm implementation.
  5. Use hnput{s,l,v} and nhget{s,l,v} defined in ip.h for byte endian conversions.  

 

Code

 

References

  1. Quick introduction to WPS
  2. Reaver codebase
  3. HostAP codebase  

 

Comments

Post a Comment

Popular posts from this blog

Plan 9 : The Infinity Notebook

Image
  Plan 9 is an Operating System (OS) from Bell Labs which is a successor to UNIX. It builds on the learnings from the previous Operating systems. Network computing and graphics is an integral part of the OS rather than an afterthought. It is modular and portable - it comes with a cross compiler . It is available, under MIT License , which anybody can use, learn and tweak. Features Everything is a file. Small Kernel:  Around 5MB size which can be built in under 2 minutes.  Singular Grid: All the computers running Plan 9 OS and connected together act like a singular grid. So there's no need for remote access solutions like VNC or RDP. This cool video shows a small glimpse of the possibilities. Process Isolation: Processes run within their own namespaces and are isolated from each other. So you can run rio (the window manager) within rio. Applications like Browsers don't need complicated sandboxing. And a crashing program is unlikely to bring down the OS. No DLL Hell : ...
Read more

Emacs: Binary File Viewer

Image
  Quick visualization tool for Binary data using C header definition. Semantic parses the C header file and generates a type definition. The type definition is passed to bindat-unpack along with the binary data. The result is displayed using speedbar . ;; Note: The command works on the binary data in the current buffer.   M-x hexl-form   (hexl-form)      The image shows the example included in the commentary section of bindat.el .   Conversions (format "%02X" 255) ;; => "FF" (string-to-number "FF" 16) ;; => 255   ;; Little endian unpacking (let* ((bindat-raw [1 2 3 4 5 6 7 8])           (bindat-idx 0))   (bindat--unpack-u64r))   ;; Little endian packing (let* ((bindat-raw [0 0 0 0 0 0 0 0])           (bindat-idx 0))   (bindat--pack-u64r #x0102030405060708)   bindat-raw)      Insert Binary Data Emacs creates a multibyte buffer ...
Read more

Plan 9 Remote File Access from Emacs

Image
  Plan 9 Operating System uses 9p protocol for file access. This is an Elisp implementation of the protocol. Plan 9 ( 9front distribution) is running in QEMU with NAT networking. Local port 12564 is forwarded to 9fs service port 564 in the virtual machine.   Code https://gitlab.com/atamariya/emacs/-/blob/dev/lisp/net/plan9.el   Troubleshooting Plan 9 connection Ensure you are booting with  -a tcp!*!564  parameters. (Tip: You can add these to your /n/9fat/plan9.ini) Ensure you have configured the network interface   ip/ipconfig   Ensure you have an IP address  cat /net/ndb  Ensure you are running cpu+auth server  cpurc  (Optional) Start graphics mode  screenrc   (Optional) Start window manager  rio   (Optional) List open connections  netstat    (Optional) Monitor network traffic  snoopy   (Optional) Debug authentication  auth/debug  (Optional)...
Read more