======== wps pin ======== WPS PIN frame exchange ------------------------ WPS (WiFi Protected Setup): Allows home users who know little of wireless security and may be intimidated by the available security options to set up Wi-Fi Protected Access, as well as making it easy to add new devices to an existing network without entering long passphrases. WPS_PIN : PIN must then be entered at the "representant" of the network, usually the network's access point. Alternately, a PIN provided by the access point may be entered into the new device. This method is the mandatory baseline mode and everything must support it. When the PIN matches on both side, connection will start between both devices. The following is a resprestaion of WPS_PIN handshake ``Hostapd(AP) wpa_supplicant(station)`` ``|<<-----------------------Auth_Req---------------------------|`` ``|-------------------------Auth_Resp------------------------>>|`` ``|<<-----------------------Assoc_Req--------------------------|`` ``|-------------------------Assoc_Resp----------------------->>|`` ``|-------------------------EAP_Req_Identity----------------->>|`` ``|<<-----------------------EAP_Resp_Identity------------------|`` ``|-------------------------EAP_EXP_WSC_START---------------->>|`` ``|<<-----------------------EAP_EXP_WSC_M1---------------------|`` ``|-------------------------EAP_EXP_WSC_M2------------------->>|`` ``|<<-----------------------EAP_EXP_WSC_M3---------------------|`` ``|-------------------------EAP_EXP_WSC_M4------------------->>|`` ``|<<-----------------------EAP_EXP_WSC_M5---------------------|`` ``|-------------------------EAP_EXP_WSC_M6------------------->>|`` ``|<<-----------------------EAP_EXP_WSC_M7---------------------|`` ``|-------------------------EAP_EXP_WSC_M8------------------->>|`` ``|<<-----------------------EAP_EXP_WSC_DONE-------------------|`` ``|-------------------------EAP_Failure---------------------->>|`` ``|<<-----------------------Deauth-----------------------------|`` ``|<<-----------------------Auth_Req---------------------------|`` ``|-------------------------Auth_Resp------------------------>>|`` ``|<<-----------------------Assoc_Req--------------------------|`` ``|-------------------------Assoc_Resp----------------------->>|`` ``|-------------------------EAPOL-M1------------------------->>|`` ``|<<-----------------------EAPOL-M2---------------------------|`` ``|-------------------------EAPOL-M3------------------------->>|`` ``|<<-----------------------EAPOL-M4---------------------------|`` Test bed ------------ Inorder to execute below practical example, two Linux machines are needed with ubuntu version >= 16.04. * Check the Ubuntu version on your machine. Ubuntu version used for in this site is 20.04 .. literalinclude:: test_bed_cmds/cmd_test_bed_ubuntu_ver.py wpa_supplicant compilation ----------------------------------- The daemon process that runs in the client stations. It implements WPA key negotiation with a WPA Authenticator and EAP authentication with Authentication Server. In addition, it controls the roaming and IEEE 802.11 authentication/association of the wireless LAN driver. Following are the steps to download and compiling wpa_supplicant from source code 1. Download latest wpa_supplicant .. literalinclude:: supp_cmds/cmd_supp_download.py 2. Install required packages .. literalinclude:: supp_cmds/cmd_supp_pkgs.py below messages indicate that packages are installed successfully .. literalinclude:: supp_cmds/cmd_supp_pkgs_installed_msg.py 3. Extract the tar file .. literalinclude:: supp_cmds/cmd_supp_untar.py 4. Go to wpa_supplicant directory .. literalinclude:: supp_cmds/cmd_supp_cd.py 5. Copy the default configuration into .conf file .. literalinclude:: supp_cmds/cmd_supp_defconfig.py 6. Enable below configs in .config .. literalinclude:: supp_cmds/cmd_supp_defconfig_configs.py 7. Build the wpa_supplicant .. literalinclude:: supp_cmds/cmd_supp_make.py Below is the list of files compiled based on the features enabled in ".config" .. literalinclude:: supp_cmds/cmd_supp_make_log.py 8. Install the compiled commands (optional) .. literalinclude:: supp_cmds/cmd_supp_install.py hostapd compilation ----------------------------------- The hostapd is a user space daemon for access point and authentication servers. It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators, RADIUS client, EAP server, and RADIUS authentication server. Following are the steps to download and compiling hostapd from source code 1. Download latest hostapd .. literalinclude:: hostapd_cmds/cmd_hostapd_download.py 2. Install required packages .. literalinclude:: hostapd_cmds/cmd_hostapd_pkgs.py below messages indicate that packages are installed successfully .. literalinclude:: hostapd_cmds/cmd_hostapd_pkgs_installed_msg.py 3. Extract the tar file .. literalinclude:: hostapd_cmds/cmd_hostapd_untar.py 4. Go to Hostapd directory .. literalinclude:: hostapd_cmds/cmd_hostapd_cd.py 5. Copy the default configuration into .conf file .. literalinclude:: hostapd_cmds/cmd_hostapd_defconfig.py 6. Enable below configs in .config .. literalinclude:: hostapd_cmds/cmd_hostapd_defconfig_configs.py 7. Build the Hostapd .. literalinclude:: hostapd_cmds/cmd_hostapd_make.py Below is the list of files compiled based on the features enabled in ".config" .. literalinclude:: hostapd_cmds/cmd_hostapd_make_log.py 8. Install the compiled commands (optional) .. literalinclude:: hostapd_cmds/cmd_hostapd_install.py Running hostapd ------------------------ 1. Check if wifi interface with the name "wlan0" is available. This is created on boot up of the ubuntu machine or by installing wifi driver manually .. literalinclude:: hostapd_cmds/cmd_hostapd_iwx_status.py 2. Create a hostapd.conf file in /etc/hostapd/ folder with below content .. literalinclude:: hostapd_cmds/cmd_hostapd_conf_edit.py Copy below content .. literalinclude:: hostapd_cmds/cmd_hostapd_conf_content.py 3. Go to hostapd directory .. literalinclude:: hostapd_cmds/cmd_hostapd_cd.py 4. Run hostapd by issuing follwing command .. literalinclude:: hostapd_cmds/cmd_hostapd_run.py Below log messages are seen on console after running hostapd .. literalinclude:: hostapd_cmds/cmd_hostapd_run_log.py 5. Verify that AP is working in WPS security mode in beacon frame ``Beacon->Wireless_Managment->tagged_parameter->Vendor_spec=WPS`` 6. Mode of "wlan0" interface is now assigned as "AP/Master". Check this by querying information via iwconfig/iw command .. literalinclude:: hostapd_cmds/cmd_hostapd_iwx_status_ap.py Running wpa_supplicant --------------------------------- 1. Check if wifi interface with the name "wlan1" is available. This is created on boot up of the ubuntu machine or by installing wifi driver manually .. literalinclude:: supp_cmds/cmd_supp_iwx_status.py 2. Go to wpa_supplicant directory .. literalinclude:: supp_cmds/cmd_supp_cd.py 3. Create wpa_supplicant.conf file without a network block .. literalinclude:: supp_cmds/cmd_supp_conf_content_no_nw_block.py 4. Run wpa_supplicant without network block in wpa_supplicant.conf file .. literalinclude:: supp_cmds/cmd_supp_run.py WPS-PIN connection commands ---------------------------- ============================= ============================================================ ================================================================ Steps AP Station ============================= ============================================================ ================================================================ Step 1 : Start hostapd_cli sudo ./hostapd_cli -i wlan0 Step 2 : Start wpa_cli sudo ./wpa_cli -i wlan1 Step 3 : Start enrollee > wps_pin any - 86559560 Step 4 : Get UUID of station > status - uuid=572cf82f-c957-5653-9b16-b5cfb298abf1 Step 4 : Start registrar > wps_pin 572cf82f-c957-5653-9b16-b5cfb298abf1 86559560 ============================= ============================================================ ================================================================ hostapd_cli logs after connecition """""""""""""""""""""""""""""""""""" .. literalinclude:: hostapd_cmds/cmd_hostapd_cli_wps_logs.py hostapd logs after connection """""""""""""""""""""""""""""" .. literalinclude:: hostapd_cmds/cmd_hostapd_wps_logs.py wpa_cli logs after connection """""""""""""""""""""""""""""" .. literalinclude:: supp_cmds/cmd_supp_wpa_cli_wps_logs.py wpa_supplicant logs after connection """""""""""""""""""""""""""""""""""""" .. literalinclude:: supp_cmds/cmd_supp_wps_logs.py Run data traffic ------------------ ========================== =========================================================== ================================================================ Steps AP Station ========================== =========================================================== ================================================================ Step 1 : Assign IP address .. literalinclude:: traffic_cmds/cmd_ifconfig_set_ap.py .. literalinclude:: traffic_cmds/cmd_ifconfig_set_station.py Step 2 : Check IP address .. literalinclude:: traffic_cmds/cmd_ifconfig_ap_status.py .. literalinclude:: traffic_cmds/cmd_ifconfig_station_status.py Step 3 : Check ping .. literalinclude:: traffic_cmds/cmd_ping_sta_from_ap.py .. literalinclude:: traffic_cmds/cmd_ping_ap_from_sta.py Step 4 : Run iperf TCP DL .. literalinclude:: traffic_cmds/cmd_tcp_dl_ap.py .. literalinclude:: traffic_cmds/cmd_tcp_dl_station.py Step 5 : Run iperf TCP UL .. literalinclude:: traffic_cmds/cmd_tcp_ul_ap.py .. literalinclude:: traffic_cmds/cmd_tcp_ul_station.py Step 6 : Run iperf UDP DL .. literalinclude:: traffic_cmds/cmd_udp_dl_ap.py .. literalinclude:: traffic_cmds/cmd_udp_dl_station.py Step 7 : Run iperf UDP UL .. literalinclude:: traffic_cmds/cmd_udp_ul_ap.py .. literalinclude:: traffic_cmds/cmd_udp_ul_station.py ========================== =========================================================== ================================================================