search

blkph0x / CVE_2024_30078_POC_WIFI

basic concept for the latest windows wifi driver CVE
204 stars 68 forks source link

Can you connect to the AP network enabled using AP_Test.py? #11

Open zhefox opened 4 days ago

zhefox commented 4 days ago

I can't seem to connect to the network

blkph0x commented 4 days ago

A few people are having this same issue we are trying to get to the bottom of this, it maybe hardware related or region. Some people are able to join a real open AP first then it will connect to the fake AP but hit and miss ill try get to the bottom of this tonight. will also get the whole write up done tonight also

zhefox commented 4 days ago

I found that the problem occurred when receiving the auth package. No auth was returned, resulting in no asso req

t9n5h1 commented 3 days ago

Hello there.

I have the same issue with my set and I found several mistakes in the script: 1) In the function create_probe_response you create Dot11Beacon, but not Dot11ProbeResp 2) There must be answer for Dot11Auth (currently there is no). I could not check it with haslayer(Dor11Auth), but it works if I check with packet.subtype==11. I created answer for it. 3) sequence number has to be changed not only for beacon packets, but also for probe response. Also regarding SEQ I noted from https://github.com/rpp0/scapy-fakeap/blob/master/fakeap/callbacks.py#L60 the SEQ must be dropped to 0 for the client which is trying to auth.

But even with these 3 changes I still can not connect my device to the fake AP.

I have tried to sniff traffic with wireshark and see what happens. For me it seems like stations not always correctly reacting on our probe response and in most of attempts even not trying to send auth request. Also I have seen repeated packets from stations (same packet, but with flag R and SEQ number the same): may be it takes too long to answer and station already tries to have next attempt to connect?

Any ideas?

blkph0x commented 3 days ago

Thanks for the efforts. I have just updated the code again with a few chnages i have yet to test it as im super busy with work but ill be checking it shortly once im done with work for the day if you want fork the repo and submit a pull request or there is a discussions page setup here for any issues or ideas fixes, again thanks for the input

zhefox commented 3 days ago

I have already fixed it and adjusted it yesterday to reproduce the normal out-of-bounds situation.

blkph0x commented 3 days ago

care to share hahaha