QR code doesn't work with iOS stock cam

[sti0]

Hi @kbr , thanks for adding the QR code feature.

I recently tested the functionality and I can't connect to the wifi with iOS stock cam scanning the qr code. The connection fails. If I use a app like Qrafter I could connect to the network. With Qrafter its possible to read out the qr code. I noticed that there is no encryption setting within the qr code.

So I wrote a script and adding the security parameter "WPA/WPA2" to make_wifi() from the segno library. It works even on a WPA2 + WPA3 network.

from segno.helpers import make_wifi
import io

ssid = "myssid"
pw = "mypw"
encryption="WPA/WPA2"

stream = io.BytesIO()
qr_code = make_wifi(ssid=ssid, password=pw, security=encryption)
qr_code.save("qr.png", kind="png")

Could you please add the encryption setting to make this work with iOS stock cam (and maybe other qr code readers)?

Thanks. sti0

[kbr]

I've tested with the Kapersky QR Scanner for reading the qr-code and it works. But however, in the next patch I can add forwarding of the security and hidden parameters.

[kbr]

Argument forwarding added in 1.9.1

[sti0]

Thanks for the quick fix. But one question about the forwarding:

Could we maybe solve this in fritzconnection? The lib should know which encryption is used in the network settings?

[kbr]

Tried to do this first but didn't found the matching service/action providing this information. If you can get it, please report.

[chemelli74]

From wlanconfigSCPD.pdf:

<NewBeaconType>11iandWPA3</NewBeaconType>
<NewX_AVM-DE_PossibleBeaconTypes>None,11i,11iandWPA3,OWETrans</NewX_AVM-DE_PossibleBeaconTypes>

Simone

[kbr]

Have done exactly that yesterday, but missed this information – for whatever reason ...

[sti0]

From wlanconfigSCPD.pdf:

<NewBeaconType>11iandWPA3</NewBeaconType>
<NewX_AVM-DE_PossibleBeaconTypes>None,11i,11iandWPA3,OWETrans</NewX_AVM-DE_PossibleBeaconTypes>

Sadly these codes will not work. iOS Stock cam reports "no usable data".

According this gist it must be one of nopass, WPA, WEP, WPA2-EAP. As I said before even WPA/WPA2 works.

My Fritzbox 7530 AX (Firmware 07.29) only allows WPA2 and WPA2+WPA3 encryptions so maybe we could set the value to WPA or WPA/WPA2 (which both work with WPA2+WPA3 setting) and don't support other encryptions as AVM doesn't allow them in higher firmware versions.

[kbr]

AVM does report about the allowed values. But what has to be checked is the mapping from the AVM internal values to the arguments expected by segno to represent the same encryption.

[chemelli74]

From wlanconfigSCPD.pdf:

<NewBeaconType>11iandWPA3</NewBeaconType>
<NewX_AVM-DE_PossibleBeaconTypes>None,11i,11iandWPA3,OWETrans</NewX_AVM-DE_PossibleBeaconTypes>

Sadly these codes will not work. iOS Stock cam reports "no usable data".

According this gist it must be one of nopass, WPA, WEP, WPA2-EAP. As I said before even WPA/WPA2 works.

as far as I know: 11i = WPA2 so 11iandWPA3 = WPA2/WPA3

Simone

[chemelli74]

Yup that's it:

The Wi-Fi Alliance refers to their approved, interoperable implementation of the full 802.11i as WPA2

Simone

[sti0]

WPA2/WPA3 doesn't work. WPA2 works with iOS and WPA2/WPA3 setting

[chemelli74]

So I think it should be WPA only.

Simone

[chemelli74]

[kbr]

Reopen this because it is work in progress again.

[chemelli74]

As far as I got it:

• None -> None
• 11i -> WPA2
• 11iandWPA3 -> WPA2 + WPA3
• OWETrans -> WPA3

so basically we can do a

if NewBeaconType == None:
    security=None
else:
    security="WPA"

Simone

[chemelli74]

@sti0 could you be so kind to test QR in all 3 different settings ? Maybe for WPA3 only we need some more info to embed

Simone

[kbr]

Yesterday inspecting my combination (7590 with 7.29) I got the mapping:

11i -> WPA(CCMP)
WPAand11i -> WPA+WPA2
11iandWPA3 -> WPA2+WPA3

To provide the security info for qr-code creation there should be a dictionary like (values here just placeholders):

BEACON_TO_SECURITY = {
    "11i": "WPA(CCMP)",
    "WPAand11i": "WPA+WPA2",
    "11iandWPA3": "WPA2+WPA3",
    ...,
}

with the values set to whatever get accepted by segno to represent the according encryption for the reported beacon-type. Then security can get set by:

security = BEACON_TO_SECURITY.get(beacontype)

[sti0]

As far as I got it:

• None -> None

• 11i -> WPA2

• 11iandWPA3 -> WPA2 + WPA3

• OWETrans -> WPA3

so basically we can do a

if NewBeaconType == None:

    security=None

else:

    security="WPA"

Simone

I think this should work. But instead of None we should pass nopass.

But I will test the combinations later today.

[chemelli74]

To provide the security info for qr-code creation there should be a dictionary like (values here just placeholders):

BEACON_TO_SECURITY = {
    "11i": "WPA(CCMP)",
    "WPAand11i": "WPA+WPA2",
    "11iandWPA3": "WPA2+WPA3",
    ...,
}

with the values set to whatever get accepted by segno to represent the according encryption for the reported beacon-type. Then security can get set by:

security = BEACON_TO_SECURITY.get(beacontype)

Am I wrong or segno just accept None and WPA ? I think the question is if the generated QR code works on WPA3 only environments or some adjustments are needed.

Simone

[kbr]

Reading the sources, segno accepts everything – with the exception of 'nopass' getting replaced by None. It's up to the caller to provide the proper data.

[chemelli74]

Looking at the code you are completely right, but based on both the documentation and the example from WI-FI Alliance, the value should always be "WPA" for all WPA standards.

So in the end it's simpler than assumed.

Simone

[kbr]

So in the end it's simpler than assumed.

Keep it simple is ok for me :)

Checking the qr-code created by the router indeed report for all WPA encryptions plainly WPA as encryption type.

[chemelli74]

@sti0, did you get the time to compare WPA, WPA2 and WPA3 qr codes generated by Fritz ? So we can be sure that we respect the format.

Simone

[sti0]

@chemelli74 sorry I didn't because I thought @kbr already did:

Checking the qr-code created by the router indeed report for all WPA encryptions plainly WPA as encryption type.

With my router I only could check WPA2(CCMP) and WPA2 + WPA3 . The Fritzbox generated qr codes with WPA/WPA2 encryption setting on both options.

I tested a qr code (segno generated) with WPA encryption which works well with iOS Stock cam, too. So I think we could go with one of both options (WPA or WPA/WPA2)

[kbr]

@sti0

So I think we could go with one of both options (WPA or WPA/WPA2)

That's ok for a tool on top of the library (so you can move on with the desired feature), but for the library itself it is not sufficient. To add an auto detection mode more care must be taken, because then the library is responsible for the correct output.

sorry I didn't because I thought @kbr already did

Ah, seems I was a bit ambiguous about it: What I've done so far was checking the qr-code generated by the router for different encryption settings.

In total this should include all wlan-networks, private, guest, encrypted and unencrypted and also the hotspot mode. In a second step it is necessary to reproduce the same qr-information by the library and cover this with tests.

[sti0]

I understand but I have no "lab" and can't run all the tests on my production setting. I don't think fritz should generate different settings on private or guest. Furthermore I can't test "unencrypted" network because my Fritzbox force me to encrypt the guest network (private would go but this would break my whole infrastructure).

If I use hotspot mode for the guest network the encryption setting says "kein Eintrag" but I don't know if it comes from the qr reader or if its within the qr code.

@chemelli74 posted a screenshot from the WIFI Alliance. (https://github.com/kbr/fritzconnection/issues/139#issuecomment-1014821533). I think this should be the way to go for encrypted session and use None for unencrypted sessions. If someone faces an error he could raise an issue here with more detailed information about this (jm2c).

[kbr]

Feel free to do this in your application – with the current qr-code implementation you can do this right now. But the library should reproduce the same output as FRITZ!OS does.

[sti0]

Even if I could test this. There are various FritzOS versions out there. Impossible to make sure it works all the same...

[kbr]

I suppose we can assume that given the same wlan-configuration, different FRITZ!OSs will produce the same output. In general the routers and OSs differ in the provided services and actions. If it turns out, that qr-codes are not depending on the wlan-settings but also on the OS-versions and router models, I would drop this feature (not the qr-creation, but the auto-encryption detection).

[sti0]

But you suppose that the QR code generation for private and guest is maybe different? That makes no sense to me.

To summarize my tests: Both encryption parameter (WPA and WPA/WPA2) work with - the for me - possible settings (WPA2(CCMP) and WPA2 + WPA3). Fritz generates WPA/WPA2 in there QR codes. So if you like do it the same way, you should use this over WPA.

[chemelli74]

@sti0, if you have the possibility to make one more test, would be nice to get the string our of the QR for each settings:

I used https://zxing.org/w/decode.jspx and got this for my WPA2 (CCMP) network:

WIFI:S:<redacted SSID>;T:WPA;P:<redacted PWD>;;

Those are my advanced settings:

[kbr]

@sti0: for the guest network one can select "Public Wi-Fi hotspot". Then the router qr-code reports "nopass" but the internal encryption setting is "OWETrans". This makes the guest wifi a bit different from the private one.

The task is to read the get_info() data (or something else with a reliable output bind to the encryption settings) and find the arguments for the security-parameter to generate the same qr-information as the router and test this. This is not too hard, but may take some time.

Tests are a bit short meanwhile – that should also get addressed.

[sti0]

@sti0, if you have the possibility to make one more test, would be nice to get the string our of the QR for each settings:

I used https://zxing.org/w/decode.jspx and got this for my WPA2 (CCMP) network:

WIFI:S:<redacted SSID>;T:WPA;P:<redacted PWD>;;

Those are my advanced settings:

I decoded the generated QR codes from the FritzOS frontend . This is tested with my GUEST network:

WPA2 (CCMP): WIFI:S:<<my ssid>>;T:WPA;P:<<my password>>;; WPA2+WPA3: WIFI:S:<<my ssid>>;T:WPA;P:<<my password>>;; Hotspot Mode: WIFI:S:<<my ssid>>;T:nopass;;;

[chemelli74]

@kbr, I think we have enough info now to safely add auto detect to the library. what you think ?

Simone

[kbr]

Yes, I also have some additional notes. Basically it is just to match the state of the router with input-values for qr-code creation to get the same output as the qr-code generated from the router. And to write tests, so we know when something changes. But as we are all volunteers, I have to find a timeslot for this.

[kbr]

Took the "easy" path: encryption is set to "WPA" if there is any kind of encryption, otherwise "nopass". It's also "nopass" if the network reports "OWETrans" as encryption: this gets reported from the Fritz!Box for an encrypted guest-network and corresponds to the FritzOS generated qr-code.

So this is reverse-engineering. I will close the issue with the next release. We can open it again (or a new one) in case the FritzOS behaviour turns out to be different.

[chemelli74]

@sti0 why closing as not planned ?