Android 5.1.1 KRACK wpa_supplicant_8 patch is not applicable for Android 5. Security/bulletin/2017-11-01 System patches.
115 views
Skip to first unread message
Zbigniew Mazur
Jan 17, 2018, 10:29:15 AM1/17/18
to android-platform
According to this security bulletin https://source.android.com/security/bulletin/2017-11-01 the patch for system code (external/wpa_supplicant_8) is applicable to Android version 5.1.1. But for Android 5 the patch presented is not applicable. This patch changes code that do not exist in Android 5 or add code that refers to symbols that do not exists in Android 5. Has anyone successfully solved those conflicts. By successfully I mean proven by passing KRACK test (https://github.com/vanhoefm/krackattacks-scripts) .
Does anyone have such patch for Android 5?
Thank you!
Does anyone have such patch for Android 5?
Thank you!
Zbigniew Mazur
Jan 25, 2018, 10:08:14 AM1/25/18
to android-platform
Reply for people that has the same issue.
The patches are ok. They apply to Android 5 old wpa_supplicant_8 with conflicts but they are good. The confusion is in the krackattacks-scripts. The script checks if the tested device is vulnerable to ( group key re-installations in the 4-way handshake or client accepts replayed broadcast frames ) then print error. And those November bulletin patches only fix the first part of the if - "block key re installations" - but do not fix "replayed broadcast frames" which is a separate issue.
If you need to check vulnerability for key re-installation . Turn on debug logging in wpa_supplicant
wpa_supplicant_/Android.mk
define CONFIG_ANDROID_LOG
or just hardcode in this Android.mk
C_FLAGS += -DCONFIG_ANDROID_LOG
and run the krackattacks-script test and you will see this only once first time just after connecting to fake accesspoint:
I/wpa_supplicant( 1070): wlan0: WPA: Installing GTK to the driver (keyidx=1 tx=0 len=16)
and all consecutive tries you will see this:
I/wpa_supplicant( 1070): RSN: received GTK in pairwise handshake - hexdump(len=18): [REMOVED]
I/wpa_supplicant( 1070): wlan0: WPA: Not reinstalling already in-use GTK to the driver (keyidx=1 tx=0 len=16)
This means fixed by this patch:
https://android.googlesource.com/platform/external/wpa_supplicant_8/+/10bfd644d0adaf334c036f8cda91a73984dbb7b9%5E%21/#F1
I've found out that other people had same confusion and were discussing it here:
https://github.com/vanhoefm/krackattacks-scripts/issues/24
Have a nice day!
The patches are ok. They apply to Android 5 old wpa_supplicant_8 with conflicts but they are good. The confusion is in the krackattacks-scripts. The script checks if the tested device is vulnerable to ( group key re-installations in the 4-way handshake or client accepts replayed broadcast frames ) then print error. And those November bulletin patches only fix the first part of the if - "block key re installations" - but do not fix "replayed broadcast frames" which is a separate issue.
If you need to check vulnerability for key re-installation . Turn on debug logging in wpa_supplicant
wpa_supplicant_/Android.mk
define CONFIG_ANDROID_LOG
or just hardcode in this Android.mk
C_FLAGS += -DCONFIG_ANDROID_LOG
and run the krackattacks-script test and you will see this only once first time just after connecting to fake accesspoint:
I/wpa_supplicant( 1070): wlan0: WPA: Installing GTK to the driver (keyidx=1 tx=0 len=16)
and all consecutive tries you will see this:
I/wpa_supplicant( 1070): RSN: received GTK in pairwise handshake - hexdump(len=18): [REMOVED]
I/wpa_supplicant( 1070): wlan0: WPA: Not reinstalling already in-use GTK to the driver (keyidx=1 tx=0 len=16)
This means fixed by this patch:
https://android.googlesource.com/platform/external/wpa_supplicant_8/+/10bfd644d0adaf334c036f8cda91a73984dbb7b9%5E%21/#F1
I've found out that other people had same confusion and were discussing it here:
https://github.com/vanhoefm/krackattacks-scripts/issues/24
Have a nice day!
Reply all
Reply to author
Forward
0 new messages