Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HostAPd-WPE doesn't work with Windows 10 #1708

Closed
aircrack-ng opened this issue Mar 10, 2018 · 10 comments
Closed

HostAPd-WPE doesn't work with Windows 10 #1708

aircrack-ng opened this issue Mar 10, 2018 · 10 comments
Labels
bug Something isn't working #hostapd-wpe @medium
Milestone
1.3

Comments

@aircrack-ng
Copy link
Owner

Reported by misterx on 11 Dec 2016 22:09 UTC

Windows 10 (Version 10.0.14393) fails to authenticate to HostAPd-WPE (no challenge/response logged in the console). It prompts for login/password then fails after a second without prompting for the certificate.

Successful log example from an iPhone:

Configuration file: /etc/hostapd-wpe/hostapd-wpe.conf
Using interface wlan0 with hwaddr c4:e9:84:17:ff:c8 and ssid "hostapd-wpe"
wlan0: interface state UNINITIALIZED>ENABLED
wlan0: AP-ENABLED
wlan0: STA ac:fd:ec:78:72:bd IEEE 802.11: authenticated
wlan0: STA ac:fd:ec:78:72:bd IEEE 802.11: associated (aid 1)
wlan0: CTRL-EVENT-EAP-STARTED ac:fd:ec:78:72:bd
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25

mschapv2: Sat Nov 12 16:04:03 2016
username: me
challenge: 8e:0e:9d:0b:5a:3f:f5:23
response: 34:f8:42:4d:16:c7:2d:69:cc:38:10:d4:cf:71:f7:83:37:68:d8:8a:e9:86:f2:67
jtr NETNTLM: me:$NETNTLM$8e0e9d0b5a3ff523$34f8424d16c72d69cc3810d4cf71f7833768d88ae986f267

wlan0: CTRL-EVENT-EAP-FAILURE ac:fd:ec:78:72:bd
wlan0: STA ac:fd:ec:78:72:bd IEEE 802.1X: authentication failed - EAP type: 0 (unknown)
wlan0: STA ac:fd:ec:78:72:bd IEEE 802.1X: Supplicant used different EAP type: 25 (PEAP)
wlan0: STA ac:fd:ec:78:72:bd IEEE 802.11: disassociated
wlan0: STA ac:fd:ec:78:72:bd IEEE 802.11: deauthenticated due to local deauth request
wlan0: AP-DISABLED
nl80211: deinit ifname=wlan0 disabled_11b_rates=0

Unsuccessful Windows 10:

Configuration file: /etc/hostapd-wpe/hostapd-wpe.conf
Using interface wlan0 with hwaddr c4:e9:84:87:ea:d7 and ssid "hostapd-wpe"
wlan0: interface state UNINITIALIZED->ENABLED
wlan0: AP-ENABLED 
wlan0: STA 08:d4:0c:6f:ff:6f IEEE 802.11: authenticated
wlan0: STA 08:d4:0c:6f:ff:6f IEEE 802.11: associated (aid 1)
wlan0: CTRL-EVENT-EAP-STARTED 08:d4:0c:6f:ff:6f
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlan0: CTRL-EVENT-EAP-STARTED 08:d4:0c:6f:ff:6f
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
^Cwlan0: interface state ENABLED->DISABLED
wlan0: AP-DISABLED 
nl80211: deinit ifname=wlan0 disabled_11b_rates=0

It seems to be due to TLS 1.2 according to https://supportforums.cisco.com/discussion/12704186/windows-10-november-update-version-1511-wpa2-enterprise-issues but even after disabling TLS 1.2 (and even 1.1) and recompiling, it still doesn't work.
@aircrack-ng aircrack-ng added this to the 1.3 milestone Mar 10, 2018
@aircrack-ng aircrack-ng added #hostapd-wpe @medium bug Something isn't working labels Mar 10, 2018
@aircrack-ng
Copy link
Owner Author

Comment by misterx on 11 Dec 2016 22:09 UTC

-d can be used with hostapd-wpe to get more details but that includes all the frames.

Compare the difference between success and failure to find the issue.

Note: Tested with latest git from HostAPd and the problem persist.

@aircrack-ng
Copy link
Owner Author

Comment by misterx on 11 Dec 2016 22:09 UTC

Works just fine with Linux or if forwarding to a radius server (freeradius 3.0.12).

Windows seems to do something different.

@aircrack-ng
Copy link
Owner Author

Comment by misterx on 11 Dec 2016 22:09 UTC

Using PEAP, right before switching to Phase 2, it seems to have an error with SSL. Log seems pretty similar up to that point.

Here is the failure log (see line 396):

   383  IEEE 802.1X: 10 bytes from 08:d4:0c:6b:bf:6b
   384     IEEE 802.1X: version=1 type=0 length=6
   385  EAP: code=2 identifier=178 length=6
   386   (response)
   387  wlan0: STA 08:d4:0c:6b:bf:6b IEEE 802.1X: received EAP packet (code=2 id=178 len=6) from STA: EAP Response-PEAP (25)
   388  IEEE 802.1X: 08:d4:0c:6b:bf:6b BE_AUTH entering state RESPONSE
   389  EAP: EAP entering state RECEIVED
   390  EAP: parseEapResp: rxResp=1 rxInitiate=0 respId=178 respMethod=25 respVendor=0 respVendorMethod=0
   391  EAP: EAP entering state INTEGRITY_CHECK
   392  EAP: EAP entering state METHOD_RESPONSE
   393  SSL: Received packet(len=6) - Flags 0x00
   394  SSL: Received packet: Flags 0x0 Message Length 0
   395  SSL: (where=0x2002 ret=0xffffffff)
   396  SSL: SSL_accept:error in unknown state
   397  SSL: SSL_connect - want more data
   398  SSL: 0 bytes pending from ssl_out
   399  EAP: EAP entering state METHOD_REQUEST
   400  EAP: building EAP-Request: Identifier 179
   401  SSL: Generating Request
   402  SSL: Sending out 0 bytes (message sent completely)
   403  EAP: EAP entering state SEND_REQUEST
   404  EAP: EAP entering state IDLE

Here is a successful log:

   300  IEEE 802.1X: 47 bytes from ac:fd:ec:78:72:bd
   301     IEEE 802.1X: version=1 type=0 length=43
   302  EAP: code=2 identifier=131 length=43
   303   (response)
   304  wlan0: STA ac:fd:ec:78:72:bd IEEE 802.1X: received EAP packet (code=2 id=131 len=43) from STA: EAP Response-PEAP (25)
   305  IEEE 802.1X: ac:fd:ec:78:72:bd BE_AUTH entering state RESPONSE
   306  EAP: EAP entering state RECEIVED
   307  EAP: parseEapResp: rxResp=1 rxInitiate=0 respId=131 respMethod=25 respVendor=0 respVendorMethod=0
   308  EAP: EAP entering state INTEGRITY_CHECK
   309  EAP: EAP entering state METHOD_RESPONSE
   310  SSL: Received packet(len=43) - Flags 0x01
   311  SSL: Received packet: Flags 0x1 Message Length 0
   312  EAP-PEAP: received 37 bytes encrypted data for Phase 2
   313  OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
   314  EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=7): 02 83 00 07 01 6d 65
   315  EAP-PEAP: received Phase 2: code=2 identifier=131 length=7
   316  EAP-Identity: Peer identity - hexdump_ascii(len=2):
   317       6d 65                                             me
   318  EAP-PEAP: PHASE2_ID -> PHASE2_METHOD
   319  EAP-PEAP: try EAP vendor 0 type 0x1a
   320  EAP: EAP entering state METHOD_REQUEST
   321  EAP: building EAP-Request: Identifier 132

@aircrack-ng
Copy link
Owner Author

Comment by misterx on 11 Dec 2016 22:09 UTC

http://lists.infradead.org/pipermail/hostap/2016-December/036806.html

@aircrack-ng
Copy link
Owner Author

Comment by misterx on 11 Dec 2016 22:09 UTC

Might be due to MD5 used in certs.

@aircrack-ng
Copy link
Owner Author

Comment by misterx on 11 Dec 2016 22:09 UTC

Confirmed, it is due to MD5 certs. Using freeradius certs (SHA) in HostAPd worked just fine.

@aircrack-ng
Copy link
Owner Author

Comment by misterx on 11 Dec 2016 22:09 UTC

Fixed. Now there is an issue compiling with OpenSSL 1.1.0: https://mta.openssl.org/pipermail/openssl-users/2016-December/004994.html

@aircrack-ng
Copy link
Owner Author

Comment by misterx on 11 Dec 2016 22:09 UTC

See #1709

@vladinko0
Copy link

How can I implement freeradius certs (SHA) in HostAPd?

@aircrack-ng
Copy link
Owner Author

This is support and is handled in the forum. MD5 was the issue, and certificates have been switched to SHA a while ago.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working #hostapd-wpe @medium
Projects
None yet
Milestone
1.3
Development

No branches or pull requests
2 participants
@aircrack-ng @vladinko0