How to know when a client is not vulnerable to WPA attack?

[pdelteil]

I'm running "./krack-test-client.py --replay-broadcast" and I receive many messages with the text:

"Reset PN for GTK"

Can I conclude that the client passed the test successfully?

Same thing with test 2 ./krack-test-client.py --group --gtkinit I get many:

"Renewed the group key"

Same with 3 ./krack-test-client.py --group, 4 ( /krack-test-client.py ) and 5 (./krack-test-client.py --tptk)

"Reset PN for GTK"

Thank you !

[vanhoefm]

The script will inform you when a device is or isn't vulnerable (with a line containing either the words this is good or this is bad). In your case it seems the tests didn't start for some reason. Try pulling in the latest changes and recompiling hostapd, then run the script, connect with a client, and wait until the client requests an IP address using DHCP.

[pdelteil]

Hi @vanhoefm, thanks for your answer. I did try all the steps to run the script, but I will try it again more carefully. I'll post again if any improvement.

[deng5]

Hi @pdelteil ,I also encountered the same problem.Have you solved this problem? Thank you!

[vanhoefm]

Can you provide the full output? Your device likely isn't request an IP address using DHCP (or the script is not detecting the DHCP requests).

[deng5]

Hi @vanhoefm ,thanks for your reply!
The full output of test 1 is as follows (test 3, test 4, test 5):
deng5@deng5-ThinkPad-E520:~/krackattacks-scripts-research/krackattack$ sudo /home/deng5/anaconda2/bin/python2.7 krack-test-client.py --replay-broadcast
[10:21:19] Note: disable Wi-Fi in network manager & disable hardware encryption. Both may interfere with this script.
[10:21:20] Starting hostapd ...
Configuration file: /home/deng5/krackattacks-scripts-research/krackattack/hostapd.conf
Using interface wlp9s0 with hwaddr 38:59:f9:e3:e4:ab and ssid "testnetwork"
wlp9s0: interface state UNINITIALIZED->ENABLED
wlp9s0: AP-ENABLED
[10:21:21] Ready. Connect to this Access Point to start the tests. Make sure the client requests an IP using DHCP!
[10:21:22] Reset PN for GTK
[10:21:24] Reset PN for GTK
[10:21:26] Reset PN for GTK
[10:21:28] Reset PN for GTK
[10:21:30] Reset PN for GTK
[10:21:32] Reset PN for GTK
wlp9s0: STA 24:00:ba:6a:30:eb IEEE 802.11: authenticated
wlp9s0: STA 24:00:ba:6a:30:eb IEEE 802.11: associated (aid 1)
wlp9s0: AP-STA-CONNECTED 24:00:ba:6a:30:eb
wlp9s0: STA 24:00:ba:6a:30:eb RADIUS: starting accounting session 19AB2577DD9E6430
[10:21:33] 24:00:ba:6a:30:eb: 4-way handshake completed (RSN)
[10:21:33] 24:00:ba:6a:30:eb: DHCP reply 192.168.100.2 to 24:00:ba:6a:30:eb
[10:21:34] Reset PN for GTK
[10:21:36] Reset PN for GTK
[10:21:38] Reset PN for GTK
[10:21:40] Reset PN for GTK
[10:21:42] Reset PN for GTK
[10:21:44] Reset PN for GTK
[10:21:46] Reset PN for GTK
[10:21:48] Reset PN for GTK
[10:21:50] Reset PN for GTK
[10:21:52] Reset PN for GTK
[10:21:54] Reset PN for GTK
[10:21:56] Reset PN for GTK
[10:21:58] Reset PN for GTK
^Cwlp9s0: interface state ENABLED->DISABLED
wlp9s0: AP-STA-DISCONNECTED 24:00:ba:6a:30:eb
Traceback (most recent call last):
File "krack-test-client.py", line 622, in
wlp9s0: AP-DISABLED
wlp9s0: CTRL-EVENT-TERMINATING
attack.run(options=options)
File "krack-test-client.py", line 481, in run
nl80211: deinit ifname=wlp9s0 disabled_11b_rates=0
sel = select.select([self.sock_mon, self.sock_eth], [], [], 1)
KeyboardInterrupt
[10:21:59] Closing hostapd and cleaning up ...

The full output of test2 is as follows (test 6):
deng5@deng5-ThinkPad-E520:~/krackattacks-scripts-research/krackattack$ sudo /home/deng5/anaconda2/bin/python2.7 krack-test-client.py --group --gtkinit
[10:28:03] Note: disable Wi-Fi in network manager & disable hardware encryption. Both may interfere with this script.
[10:28:04] Starting hostapd ...
Configuration file: /home/deng5/krackattacks-scripts-research/krackattack/hostapd.conf
Using interface wlp9s0 with hwaddr 38:59:f9:e3:e4:ab and ssid "testnetwork"
wlp9s0: interface state UNINITIALIZED->ENABLED
wlp9s0: AP-ENABLED
[10:28:05] Ready. Connect to this Access Point to start the tests. Make sure the client requests an IP using DHCP!
[10:28:06] Renewed the group key
[10:28:08] Renewed the group key
wlp9s0: STA 24:00:ba:6a:30:eb IEEE 802.11: authenticated
wlp9s0: STA 24:00:ba:6a:30:eb IEEE 802.11: associated (aid 1)
wlp9s0: AP-STA-CONNECTED 24:00:ba:6a:30:eb
wlp9s0: STA 24:00:ba:6a:30:eb RADIUS: starting accounting session 2BDFBAB76C6251A9
[10:28:09] 24:00:ba:6a:30:eb: 4-way handshake completed (RSN)
[10:28:10] 24:00:ba:6a:30:eb: DHCP reply 192.168.100.2 to 24:00:ba:6a:30:eb
[10:28:10] Renewed the group key
[10:28:12] Renewed the group key
[10:28:14] Renewed the group key
[10:28:16] Renewed the group key
[10:28:18] Renewed the group key
^Cwlp9s0: interface state ENABLED->DISABLED
wlp9s0: AP-STA-DISCONNECTED 24:00:ba:6a:30:eb
Traceback (most recent call last):
File "krack-test-client.py", line 622, in
wlp9s0: AP-DISABLED
wlp9s0: CTRL-EVENT-TERMINATING
nl80211: deinit ifname=wlp9s0 disabled_11b_rates=0
attack.run(options=options)
File "krack-test-client.py", line 481, in run
sel = select.select([self.sock_mon, self.sock_eth], [], [], 1)
KeyboardInterrupt
[10:28:19] Closing hostapd and cleaning up ...

PS. I'm running these tests on Ubuntu 16.04. I don't know where the problem is.
Thank you!

[sumukh5]

even I am facing the same issue

[sumukh5]

root@kali:~/krackattacks-scripts-research/krackattack# ./krack-test-client.py
[05:31:25] Note: disable Wi-Fi in network manager & disable hardware encryption. Both may interfere with this script.
[05:31:27] Starting hostapd ...
Configuration file: /root/krackattacks-scripts-research/krackattack/hostapd.conf
Using interface wlan0 with hwaddr 62:f3:fd:e1:24:f1 and ssid "testnetwork"
wlan0: interface state UNINITIALIZED->ENABLED
wlan0: AP-ENABLED
[05:31:28] Ready. Connect to this Access Point to start the tests. Make sure the client requests an IP using DHCP!
[05:31:29] Reset PN for GTK
[05:31:31] Reset PN for GTK
[05:31:33] Reset PN for GTK
[05:31:35] Reset PN for GTK
[05:31:37] Reset PN for GTK
[05:31:39] Reset PN for GTK
[05:31:41] Reset PN for GTK
[05:31:43] Reset PN for GTK
[05:31:45] Reset PN for GTK
wlan0: STA 14:ab:c5:ed:c7:40 IEEE 802.11: authenticated
wlan0: STA 14:ab:c5:ed:c7:40 IEEE 802.11: associated (aid 1)
wlan0: AP-STA-CONNECTED 14:ab:c5:ed:c7:40
wlan0: STA 14:ab:c5:ed:c7:40 RADIUS: starting accounting session AD4F0A75FFF739D7
[05:31:45] 14:ab:c5:ed:c7:40: 4-way handshake completed (RSN)
[05:31:45] 14:ab:c5:ed:c7:40: DHCP reply 192.168.100.2 to 14:ab:c5:ed:c7:40
[05:31:45] 14:ab:c5:ed:c7:40: DHCP reply 192.168.100.2 to 14:ab:c5:ed:c7:40
[05:31:47] Reset PN for GTK
[05:31:49] Reset PN for GTK
[05:31:51] Reset PN for GTK
[05:31:53] Reset PN for GTK
[05:31:55] Reset PN for GTK
[05:31:57] Reset PN for GTK
[05:31:59] Reset PN for GTK

[sumukh5]

Hi @vanhoefm any solution for this?

[vanhoefm]

I'm not sure what the problem was here. Perhaps there was an incompatibility with the version of Scapy used by your Linux distribution. With the updated tool, a specific Scapy version will be installed, which hopefully avoids this problem.

[mdalag]

Hi @vanhoefm
There's 10 CVE's for krack attacks. Are this testing scripts cover all of them except for CVE-2017-13088(WNM)?