I would like to patch wpa_supplicant on my Beelink W95 that is susceptible to the KRACK WPA2 WiFi exploit.
I tested the W95 with vanhoefm/krackattacks-scripts (look on github, can't post links) and it failed the first test. I would like to patch wpa_supplicant so I can proceed with the other tests.. Except I'm not sure how to do this.
I've compiled programs for Linux and I've used Android studio. I'm really not sure how to cross compile from Linux to android and I don't think I need the full blown Android studio experience.
Are there any good guides to compiling just individual command line programs. I know I'd have to get the source, then do .configure then make, what I'd like some clarity on is if I need specific source from the device manufacturer or can I just use vanilla android code. Further, what options does make take, and basically what do I need to know so I can just compile wpa_supplicant with the patches I need to apply.
Thank you
Progress...
I decided that the first step should be to compile a generic wpa_supplicant and not worry about patches or security updates or anything like that. In order to do that, I had to compile openssl and libnl libraries. I went through a lot of versions of all three because I would always run into some problem or another. After a lot of trial and error (and some learning) I managed to successfully compile wpa_supplicant for the W95 box.
Yet I'm stuck. I can run wpa_supplicant from adb shell but I have not been able to successfully associate with an access point. I figured this might be some sort of conflict with Network or WiFi manager and two wpa_supplicants running at the same time. I wanted to successfully associate before I continued on to try and replace the wpa_supplicant on the Android box with my compiled version. My problem here was that I could not figure out how to enable wlan0 without network manager. In any case I got desperate and punted. I went ahead and tried to replace the original wpa_supplicant with the one that I compiled. Now everything's a mess.
Now that I think about it, I could probably enable the ssv6051 wifi driver module and bring up wlan0 with ifconfig or ip but did I know that back then? No.
Since I did already try and replace wpa_supplicant with my compilation I figured all bets were off. In any case, I could always copy back the original wpa_supplicant right? Well, not exactly. At this time, neither one works and I'm racking my brains just trying to get things back to square one. I get a vague error about not being able to start HAL. I read some about HAL and a possible culprit, selinux (although this is unlikely due to the w95 box being in Permissive mode by default) but I still am not anywhere closer to fixing my wifi. The button moves on temporarily, the driver modules load, but the HAL error occurs and it does not list any wifi networks.
I think I messed up when I edited one of the wpa_supplicant.conf files. Or it could have something to do with the wifi vendor. I don't know, but I'm close to getting this working. Then I can patch wpa_supplicant and it will no longer be vulnerable to the KRACK attack. At the very least I can continue the other tests.
Thank you for reading. Your input is appreciated.
Related
Hi all, I'm sorry if I posted this in the wrong place.
I have an Archos 32 and I have an ad-hoc wireless network at my home. I've been trying to get my Archos 32 to connect to it and the only way that I have done so is through UrukDroid 1.0. UrukDroid however won't allow me to run some applications such as Camera and WeatherBug that I really would like to be able to run (they just crash). So I downloaded the GPL Source Code from Archos and made the changes to the wpa_supplicant source code via the patch that is found online. I've followed the guide on CNXSoft (can't post the link) for compiling the entire source on Ubuntu 10.10 (although I'm running 11.04). I have successfully created a zImage and a cramfs file, as well as a squashfs file. What do I do now? Are there any more steps that I need to do as far as installing it on my device? I've searched high and low and can't find anything so I figured I would post here. If someone could help me I'd appreciate it.
Lol I can't believe this is such a hard question that nobody knows how to answer it.
Anyway, I got it sorted, sorta. With wifi on the device turned off, I deleted the wpa_supplicant.conf from /data/misc/wifi, and changed the WifiAdhoc value to 1 in /data/misc/wifi/tiwlan.ini, then pushed it over, as well as a patched wpa_supplicant file via ADB over to the device. Now I can connect to my adhoc network on 2.3.26, and still have WeatherBug and the Camera and all the other apps that crashed on UrukDroid. The only drawback is that the wpa_supplicant file gets replaced with the original one everytime I reboot the device. Not sure how to avoid that. So everytime I reboot the device I have to copy the patched wpa_supplicant file again. But other than that it works great.
Anyway thanks for reading.
First, the current "MF9" OSRC source release actually contains the MDL kernel sources. While we wait for that to get corrected, I'm using (at noobnl's suggestion) the SCH-R970X MFA sources. I've confirmed that kernels generated from the MFA source tree closely approximate (in as much as any souce-built kernels do) the MF9 kernel shipped in the update. Folks may wish to take a look at the repository I have on GitHub, otherwise there's nothing fundamentally different from MDL in regard to compiling the kernel sources.
Second, wpa_supplicant has been enhanced in MF9 to store network credentials (e.g., WPA-PSK keys) in secure storage now. As secure storage is incompatible with custom kernels (I believe it depends on a TIMA-enabled, signed kernel for TrustZone support), wpa_supplicant can no longer read or store credentials, requiring keys to be reentered everytime WiFi is toggled.
Fortunately wpa_supplicant can be coerced into its old behavior of storing credentials in plaintext (/data/misc/wifi/wpa_supplicant.conf) by disabling the secure_storage service. Attached is a patch against boot's initramfs to do that.
Otherwise the only other things needed to have usable root-capable custom kernels is the usual disable of CONFIG_SEC_RESTRICT_ROOTING and friends, and removing "/system/app/KNOXAgent.*". Elsewhere folks have suggested to also remove "/system/app/KNOXStore.*", but I have yet to find a need to do so. Plus, I think disabling secure_storage neuters it anyways.
So, I'm a little confused on how this works. What all does the wpa_supplicant rely on?
Let me explain my issue right now. The ROM I have built (MF9 based), works with a custom kernel no problems with Wi-Fi.
If I go back to a stock kernel, it stops working properly. Wi-Fi just doesn't turn on. So, I delete (rename) /data/misc/wpa_supplicant.conf, which allows the Wi-Fi to then turn on. (It's extremely slow to do so) But it's got major lag in the menus and logcat spits out the following errors repeatedly.
Code:
[ 07-17 21:55:42.438 5506: 5506 E/secure_storage_api_full.c, ln. 747 ] Client SS library: connect: Connection refused
[ 07-17 21:55:42.438 5506: 5506 E/secure_storage_api_full.c, ln. 384 ] SS_ConnectToDmnSndCmnData error
How exactly are these WPA requests routed through this new system of apks/libraries? In my ROM Base, I've removed most (if not all) of the KNOX stuff, so I figured I'd put all that back (ContainerAgent.apk, the containers folder along with those apks, EnterprisePermissions.apk, KNOXStore.apk and KNOXAgent.apk) but that still doesn't get it to function as expected.
I'm just trying to figure out what I need to put back in so that it will work with the stock kernel as well, or what to include in the stock kernel flashable package to ensure it functions.
Unknownforce said:
What all does the wpa_supplicant rely on?
Click to expand...
Click to collapse
wpa_supplicant requires libsecure_storage.so, which communicates with secure_storage_daemon through /dev/.secure_storage/ssd_socket.
On the other side, where it looks like you're having trouble, secure_storage_daemon runs after the propery ro.securestorage.ready is set true. The property is set at the end of ss-presetup.sh. So you'll need all those items at least.
Otherwise I don't think the apks are necessary, as this operates below the framework level anyways.
Unknownforce said:
I'm just trying to figure out what I need to put back in so that it will work with the stock kernel as well, or what to include in the stock kernel flashable package to ensure it functions.
Click to expand...
Click to collapse
What I'd probably do is remove ss-presetup.sh. This will disable the use of secure storage, much as the initramfs patch does, but without having to modify the stock initramfs. This should force wpa_supplicant to fall-back to the behavior of storing credentials in wpa_supplicant.conf, which is probably what folks would prefer, so that WiFi passwords don't have to be reentered when switching between kernels.
Of course, that breaks secure storage, but I'm not aware of a compelling purpose for it at this point.
mkasick said:
wpa_supplicant requires libsecure_storage.so, which communicates with secure_storage_daemon through /dev/.secure_storage/ssd_socket.
On the other side, where it looks like you're having trouble, secure_storage_daemon runs after the propery ro.securestorage.ready is set true. The property is set at the end of ss-presetup.sh. So you'll need all those items at least.
Otherwise I don't think the apks are necessary, as this operates below the framework level anyways.
What I'd probably do is remove ss-presetup.sh. This will disable the use of secure storage, much as the initramfs patch does, but without having to modify the stock initramfs. This should force wpa_supplicant to fall-back to the behavior of storing credentials in wpa_supplicant.conf, which is probably what folks would prefer, so that WiFi passwords don't have to be reentered when switching between kernels.
Of course, that breaks secure storage, but I'm not aware of a compelling purpose for it at this point.
Click to expand...
Click to collapse
I figured out the problem. It was the mobicore scripts in /system/bin. I renamed them because in custom kernels they aren't used and they continuously error in logcat, so naturally renaming them gets rid of that spam. After re-setting them it works again. Thanks for the reply.
I'm planning to mess with my device's (Galaxy S4) wifi, and for a start I need to recompile the bcmdhd driver.
So I've prepared an environment for compilation, and succeed in compiling a demo-module which the devices accepts and loads. Then I recompiled the dhd, and it was accepted too, but wasn't loaded completely - its 'init_module' failed, because I just insmod'd it without the required parameters it accepts.
I need to get Android to load it when the wifi is enabled, so I replaced mine with the module at /system/lib/modules/dhd.ko. Then the wifi failed to start (I'd just click ON and it would become stuck.). dmesg showed nothing, I don't think the driver was actually insmod'd at all. Even when I replaced back the original dhd.ko, the problem persisted (I actually had to reflash my backup of /system).
I guess Android has its constraints before tries to load the module. What can I do to get my module "accepted"?
Solved, it turns out to be much less complicated than I've though.
The CM file manager simply messed up the permissions when copying the .ko from /sdcard to /system, and it removed the S_IROTH permission. I guess that the thread which eventually loads the module does not run as root at the time it tries to read the module, so it fails. Too bad Android does not give any sign...
Should've used the CLI in the first place, a simple 'cp' had worked
I've been through all the relevant threads on AskUbuntu and they are either outdated, conflicting and/or dont work.
My Nexus10 sees the atheros AR9271 device on Bus 001 USB but does not create an additional WLAN for it.(wlan0 is the normal integrated wifi) I assume I need the ath9k or ath9k_htc driver? I installed backports 4.4.2-1 and unzipped it. If I try to do a 'make' or 'make clean' I get:'your kernel headers are incomplete/not installed'. I've already got the latest version of build-essential. If I try to install 'firmware-atheros', it cannot find the package. I've been through several other things to no avail.
I've read the driver is installed with 15.x+ anyway, true? and if so how to install it? If someone could do a step-by-step wifi driver install for a U-touch or at least Ubuntu 15.x I'd be very very grateful.
I do not want to bridge the 722n, I want to use it instead of the integrated card. Not even there yet, but just in case it matters.
Thanks!
roninisc said:
I've been through all the relevant threads on AskUbuntu and they are either outdated, conflicting and/or dont work.
My Nexus10 sees the atheros AR9271 device on Bus 001 USB but does not create an additional WLAN for it.(wlan0 is the normal integrated wifi) I assume I need the ath9k or ath9k_htc driver? I installed backports 4.4.2-1 and unzipped it. If I try to do a 'make' or 'make clean' I get:'your kernel headers are incomplete/not installed'. I've already got the latest version of build-essential. If I try to install 'firmware-atheros', it cannot find the package. I've been through several other things to no avail.
I've read the driver is installed with 15.x+ anyway, true? and if so how to install it? If someone could do a step-by-step wifi driver install for a U-touch or at least Ubuntu 15.x I'd be very very grateful.
I do not want to bridge the 722n, I want to use it instead of the integrated card. Not even there yet, but just in case it matters.
Thanks!
Click to expand...
Click to collapse
anyone anyone, Beuller...
Hey, saw this was unanswered and figured I could help. First off, you will not be able to compile or install headers in the Ubuntu Touch system, as /lib/modules/<kernel version> is a bind-mount into the read-only LXC system image, one way to work around this issue on device is to mount the LXC container's system image read-write somewhere, move out the lib/modules directory to someplace else, umount, reboot and then link your moved lib/modules back into /lib/modules. You will need to do this compilation outside of your Nexus 10 in a cross-compilation environment or in an armhf chroot (imho, a chroot running the ARM build of Ubuntu works very well for this).
Once you have that, you can install the kernel package for your device (which I believe are labeled linux-headers-manta and linux-image-manta respectively) and build the driver you seek. However the kernel already comes with backports 4.4.2 in it's tree, so you may be able to apt-get source linux-image-manta and build the driver and/or the kernel itself if you wish. (I believe building the kernel builds the firmware needed for the drivers as well, but I have no way of knowing as I haven't actually rebuilt any drivers with firmware yet in my foray into linux-image-flo's source.)
One piece of advice: Make sure to join together the config.*.ubuntu files under the debian.flo and debian.master folders to get the working .config for your device. The defconfig from arch/arm/configs doesn't have all the needed options for uTouch and won't boot it.
Your 'thanks meter' improved, and big thanks for answering, but this is beyond my level. Was hoping I could run an external wifi stick on a tablet with some flavor of linux, but looks like a no go for mortal users.
roninisc said:
Your 'thanks meter' improved, and big thanks for answering, but this is beyond my level. Was hoping I could run an external wifi stick on a tablet with some flavor of linux, but looks like a no go for mortal users.
Click to expand...
Click to collapse
Sadly at this time, it definitely seems to be. The normal linux way of building drivers doesn't work on here because the modules directory (/lib/modules/3.4.0-5-flo) is read-only, also due to this kernel headers cannot be installed, this can be worked around, but it is definitely not something that the casual user can do easily. I hope this will change so I could start compiling modules and NOT need to rebuild the entire kernel for it.
Glad I could be of help and I love answering questions, I am currently using Ubuntu Touch as my main OS on my Nexus 7 as I'm trying to make it into my own portable workstation. So I'm constantly digging into the system and learning what I can, and I love to share.
Even tho not being able to connect to a hidden SSID is not a problem for the majority of the users. But for those that need that feature it can be fixed, as DanielHK proved back in 2017 with a one line patch for his android_device_lenovo_aio_otfp.
But what I first missed is that you have to use the WPA_SUPPLICANT binary that is built when compiling your ROM. So simply removing the old one that was in the vendor repository for the device I'm tinkering with, a fork of the Krillin device made by Paplito2020, and adding the patch, fixed that little issue.
I hope this may be of help for other.
/Magnus