Reply for people that has the same issue.
The patches are ok. They apply to Android 5 old wpa_supplicant_8 with conflicts but they are good. The confusion is in the krackattacks-scripts. The script checks if the tested device is vulnerable to ( group key re-installations in the 4-way handshake
or client accepts replayed broadcast frames ) then print error. And those November bulletin patches only fix the first part of the if - "block key re installations" - but do not fix "replayed broadcast frames" which is a separate issue.
If you need to check vulnerability for key re-installation . Turn on debug logging in wpa_supplicant
wpa_supplicant_/Android.mk
define CONFIG_ANDROID_LOG
or just hardcode in this Android.mk
C_FLAGS += -DCONFIG_ANDROID_LOG
and run the krackattacks-script test and you will see this only once first time just after connecting to fake accesspoint:
I/wpa_supplicant( 1070): wlan0: WPA:
Installing GTK to the driver (keyidx=1 tx=0 len=16)
and all consecutive tries you will see this:
I/wpa_supplicant( 1070): RSN: received GTK in pairwise handshake - hexdump(len=18): [REMOVED]
I/wpa_supplicant( 1070): wlan0: WPA:
Not reinstalling already in-use GTK to the driver (keyidx=1 tx=0 len=16)
This means fixed by this patch:
https://android.googlesource.com/platform/external/wpa_supplicant_8/+/10bfd644d0adaf334c036f8cda91a73984dbb7b9%5E%21/#F1I've found out that other people had same confusion and were discussing it here:
https://github.com/vanhoefm/krackattacks-scripts/issues/24Have a nice day!