WPA2 Connection Problems between Android and DLink DIR-825 running OpenWRT

Jouni Malinen j at w1.fi
Wed Jul 28 10:44:44 EDT 2010


On Tue, Jul 27, 2010 at 10:44:11PM -0700, David Levitan wrote:
> 1. I rooted the phone a few weeks ago (before upgrading the router) and 
> installed one of the third-party 2.2 ROMs, so I should be able to go as 
> far as recompiling all of Android if need be. I think that the driver 
> itself is also available, but I'm not 100% sure (I haven't done any 
> Android development). I know that Android 2.2 is running wpa_supplicant 
> 0.6.10, and from my reading there appear to have been a few bugs that 
> seemed related to something like this. Would any of those affect this, 
> or is this something that would be definitely be in the driver itself?

The driver and wpa_supplicant need to agree on the RSN IE contents. This
can be resolved by changing either the driver or the supplicant.. I
haven't looked at the newer Android versions, so I do not know what
exactly they have done with wpa_supplicant. Anyway, it should be easy to
change this in wpa_supplicant to match the driver (assuming the driver
is hardcoding the value) by modifying src/rsn_supp/wpa_ie.c
wpa_gen_wpa_ie_rsn() function (search for RSN Capabilities to find the
field that was different). This is not really a complete fix for the
issue, though.

More proper fix would be to make the driver report the WPA/RSN IE it
used during association to wpa_supplicant, so that wpa_supplicant knows
which value needs to be used in 4-way handshake. This would be needed
for PMKSA caching to work.

> 2. Why is the phone able to connect to other networks and could connect 
> to the previous router, but not now? Are other implementations simply 
> more lenient (as you mentioned I could modify hostpad and ignore the RSN 
> IE differences)?

If those networks are using WPA or WPA2, it sounds like the
AP/Authenticator is not really compliant with the IEEE 802.11 standard
and may be susceptible to security downgrade attacks.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list