WPA2 Connection Problems between Android and DLink DIR-825 running OpenWRT
j at w1.fi
Wed Jul 28 10:44:44 EDT 2010
On Tue, Jul 27, 2010 at 10:44:11PM -0700, David Levitan wrote:
> 1. I rooted the phone a few weeks ago (before upgrading the router) and
> installed one of the third-party 2.2 ROMs, so I should be able to go as
> far as recompiling all of Android if need be. I think that the driver
> itself is also available, but I'm not 100% sure (I haven't done any
> Android development). I know that Android 2.2 is running wpa_supplicant
> 0.6.10, and from my reading there appear to have been a few bugs that
> seemed related to something like this. Would any of those affect this,
> or is this something that would be definitely be in the driver itself?
The driver and wpa_supplicant need to agree on the RSN IE contents. This
can be resolved by changing either the driver or the supplicant.. I
haven't looked at the newer Android versions, so I do not know what
exactly they have done with wpa_supplicant. Anyway, it should be easy to
change this in wpa_supplicant to match the driver (assuming the driver
is hardcoding the value) by modifying src/rsn_supp/wpa_ie.c
wpa_gen_wpa_ie_rsn() function (search for RSN Capabilities to find the
field that was different). This is not really a complete fix for the
More proper fix would be to make the driver report the WPA/RSN IE it
used during association to wpa_supplicant, so that wpa_supplicant knows
which value needs to be used in 4-way handshake. This would be needed
for PMKSA caching to work.
> 2. Why is the phone able to connect to other networks and could connect
> to the previous router, but not now? Are other implementations simply
> more lenient (as you mentioned I could modify hostpad and ignore the RSN
> IE differences)?
If those networks are using WPA or WPA2, it sounds like the
AP/Authenticator is not really compliant with the IEEE 802.11 standard
and may be susceptible to security downgrade attacks.
Jouni Malinen PGP id EFC895FA
More information about the HostAP