# Access Point selection?



## mefizto (Jan 16, 2011)

Greetings all,

I have successfully enabled wireless on FreeBSD 8.2 as follows:

/etc/rc.conf:

```
wlans_wpi0="wlan0"
ifconfig_wlan0="authmode shared wepmode on weptxkey 1 wepkey my_wepkey DHCP"
```

However, this works for only my Access Point (AP) specified in the /etc/rc.conf.  Since I need to access multiple APs, I tried:

/etc/rc.conf:

```
wlans_wpi0="wlan0"
ifconfig_wlan0="WPA DHCP"
```

and

/etc/wpa_supplicant.conf

```
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel
network={
	 ssid="MY_SSID"
	 scan_ssid=1
	 key_mgmt=NONE
	 wep_tx_keyidx=1
	 wep_key0=my_wepkey
     }
```

for my AP, and


```
network={
        ssid="Other_SSID"
        key_mgmt=NONE
}
```

for another unencrypted AP.

However, although:


```
#ifconfig wlan0 up scan
```

returns both SSIDs, no association is made.

What am I missing?

Kindest regards,

M


----------



## SirDice (Jan 16, 2011)

STOP using WEP! Seriously. I can crack _any_ WEP key in about 5 minutes.

WEP is horribly, and proven, insecure. Use WPA-EAP with a proper passkey instead, it's much safer.


----------



## mefizto (Jan 16, 2011)

SirDice,

I agree with you in regards the WEP.  However, the AP belongs to my landlady, and although I explained her the ramifications, she does not care.  Are you really serious about the 5 minutes, or is it just a figure of speech?  I was under the impression that one has to acquire a certain number of packets to retrieve the password.

Apart from that topic, do you see a reason why my selection mechanism does not work?

Kindest regards,

Pavel


----------



## SirDice (Jan 17, 2011)

mefizto said:
			
		

> Are you really serious about the 5 minutes, or is it just a figure of speech?


I am deadly serious about the 5 minutes.



> I was under the impression that one has to acquire a certain number of packets to retrieve the password.


That's correct. However there are techniques that will cause an AP to send more traffic and thus make it easier to crack.

http://www.schneier.com/blog/archives/2007/04/breaking_wep_in.html


Back on topic. I see no issues with the set up but I have only used wpa_supplicant on WPA protected networks. Try restarting the interface:
`# /etc/rc.d/netif restart wpi0`


----------



## bschmidt (Jan 17, 2011)

what might shed some light on this, try
`# pkill wpa_supplicant`
`# wpa_supplicant -Dbsd -iwlan0 -c/etc/wpa_supplicant.conf -ddt`
and post the result.


----------



## mefizto (Jan 18, 2011)

SirDice,

interesting read.  As I understand it, the method requires 802.11 card with packet injection.  Is this common?

bschmidt,

I tried the command:


```
# wpa_supplicant -Dbsd -iwlan0 -c/etc/wpa_supplicant.conf -ddt
```

however, the result goes on and on.   How much of it is needed for the analysis?

Kindest regards,

M


----------



## bschmidt (Jan 18, 2011)

mefizto said:
			
		

> SirDice,
> bschmidt,
> 
> I tried the command:
> ...



If you can post everything, that would be good. If you notice that something repeats, the repeating part would be enough I guess.


----------



## mefizto (Jan 24, 2011)

Dear bschmidt,

I apologize for the late reply, but I was not on my home network.  Here is the response to


```
# wpa_supplicant -Dbsd -iwlan0 -c/etc/wpa_supplicant.conf -ddt
```


```
1295838285.649145: Initializing interface 'wlan0' conf '/etc/wpa_supplicant.con' driver 'bsd' ctrl_interface 'N/A' bridge 'N/A'
1295838285.649209: Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_spplicant.conf'
1295838285.649219: Reading configuration file '/etc/wpa_supplicant.conf'
1295838285.669876: ctrl_interface='/var/run/wpa_supplicant'
1295838285.669887: ctrl_interface_group='wheel'
1295838285.669905: ap_scan=1
1295838285.669910: Line: 7 - start of a new network block
1295838285.669927: ssid - hexdump_ascii(len=8):
     32 57 49 52 45 32 36 38                           2WIRE268        
1295838285.669936: scan_ssid=1 (0x1)
1295838285.669942: key_mgmt: 0x4
1295838285.669951: wep_key1 - hexdump(len=5): [REMOVED]
1295838285.669956: wep_tx_keyidx=1 (0x1)
1295838285.669966: Line: 16 - start of a new network block
1295838285.669971: ssid - hexdump_ascii(len=4):
     73 64 70 6c                                       sdpl            
1295838285.669979: key_mgmt: 0x4
1295838285.670002: Priority group 0
1295838285.670006:    id=0 ssid='2WIRE268'
1295838285.670010:    id=1 ssid='sdpl'
1295838285.670014: Initializing interface (2) 'wlan0'
1295838285.671630: Own MAC address: 00:1f:3c:4d:d5:04
1295838285.671639: wpa_driver_bsd_set_wpa: enabled=1
1295838285.671645: wpa_driver_bsd_set_wpa_internal: wpa=3 privacy=1
1295838285.671657: wpa_driver_bsd_del_key: keyidx=0
1295838285.671665: wpa_driver_bsd_del_key: keyidx=1
1295838285.671671: wpa_driver_bsd_del_key: keyidx=2
1295838285.671677: wpa_driver_bsd_del_key: keyidx=3
1295838285.671682: wpa_driver_bsd_set_countermeasures: enabled=0
1295838285.671688: wpa_driver_bsd_set_drop_unencrypted: enabled=1
1295838285.671693: RSN: flushing PMKID list in the driver
1295838285.671712: Setting scan request: 0 sec 100000 usec
1295838285.692362: EAPOL: SUPP_PAE entering state DISCONNECTED
1295838285.692373: EAPOL: KEY_RX entering state NO_KEY_RECEIVE
1295838285.692376: EAPOL: SUPP_BE entering state INITIALIZE
1295838285.692381: EAP: EAP entering state DISABLED
1295838285.692444: Using existing control interface directory.
1295838285.692922: ctrl_interface_group=0 (from group name 'wheel')
1295838285.693137: Added interface wlan0
1295838285.772867: State: DISCONNECTED -> SCANNING
1295838285.772875: Starting AP scan (specific SSID)
1295838285.772878: Scan SSID - hexdump_ascii(len=8):
     32 57 49 52 45 32 36 38                           2WIRE268        
1295838285.772886: Trying to get current scan results first without requesting  new scan to speed up initial association
1295838285.772953: Received 0 bytes of scan results (0 BSSes)
1295838285.772958: Scan results: 01295838285.772971: Cached scan results are empty - not posting
1295838285.772976: Selecting BSS from priority group 0
1295838285.772979: Try to find WPA-enabled AP
1295838285.772982: Try to find non-WPA AP
1295838285.772986: No suitable AP found.
1295838285.772990: Setting scan request: 0 sec 0 usec
1295838285.773007: Starting AP scan (broadcast SSID)
1295838286.693873: EAPOL: disable timer tick
1295838288.603890: Received 0 bytes of scan results (1 BSSes)
1295838288.603902: Scan results: 1
1295838288.603914: CTRL-EVENT-SCAN-RESULTS 
1295838288.603919: Selecting BSS from priority group 0
1295838288.603923: Try to find WPA-enabled AP
1295838288.603927: 0: 00:18:3f:75:82:e9 ssid='2WIRE268' wpa_ie_len=0 rsn_ie_len0 caps=0x31
1295838288.603933:    skip - no WPA/RSN IE
1295838288.603937: Try to find non-WPA AP
1295838288.603940: 0: 00:18:3f:75:82:e9 ssid='2WIRE268' wpa_ie_len=0 rsn_ie_len0 caps=0x31
1295838288.603946:    selected non-WPA AP 00:18:3f:75:82:e9 ssid='2WIRE268'
1295838288.603955: Trying to associate with 00:18:3f:75:82:e9 (SSID='2WIRE268' req=2437 MHz)
1295838288.603959: Cancelling scan request
1295838288.603963: WPA: clearing own WPA/RSN IE
1295838288.603967: Automatic auth_alg selection: 0x1
1295838288.603971: wpa_driver_bsd_set_auth_alg alg 0x1 authmode 1
1295838288.603979: WPA: clearing AP WPA IE
1295838288.603983: WPA: clearing AP RSN IE
1295838288.603986: WPA: clearing own WPA/RSN IE
1295838288.603990: No keys have been configured - skip key clearing
1295838288.604042: wpa_driver_bsd_set_key: alg=WEP addr=ff:ff:ff:ff:ff:ff ke x=1 set_tx=1 seq_len=0 key_len=5
1295838288.604055: wpa_driver_bsd_set_drop_unencrypted: enabled=1
1295838288.604060: State: SCANNING -> ASSOCIATING
1295838288.604064: wpa_driver_bsd_associate: ssid '2WIRE268' wpa ie len 0 pa se 1 group 1 key mgmt 2
1295838288.604075: wpa_driver_bsd_associate: set PRIVACY 1
1295838288.604140: Setting authentication timeout: 10 sec 0 usec
1295838288.604149: EAPOL: External notification - EAP success=0
1295838288.604155: EAPOL: External notification - EAP fail=0
1295838288.604159: EAPOL: External notification - portControl=ForceAuthorize 
1295838288.608276: State: ASSOCIATING -> ASSOCIATED
1295838288.608316: Associated to a new BSS: BSSID=00:18:3f:75:82:e9
1295838288.608323: Associated with 00:18:3f:75:82:e9
1295838288.608327: WPA: Association event - clear replay counter
1295838288.608330: WPA: Clear old PTK
1295838288.608334: EAPOL: External notification - portEnabled=0
1295838288.608338: EAPOL: External notification - portValid=0
1295838288.608341: EAPOL: External notification - portEnabled=1
1295838288.608345: EAPOL: SUPP_PAE entering state S_FORCE_AUTH
1295838288.608349: EAPOL: SUPP_BE entering state IDLE
1295838288.608353: Cancelling authentication timeout
1295838288.608358: State: ASSOCIATED -> COMPLETED
1295838288.608365: CTRL-EVENT-CONNECTED - Connection to 00:18:3f:75:82:e9 co ted (auth) [id=0 id_str=]
1295838288.608369: Cancelling scan request
1295838311.488656: CTRL-EVENT-TERMINATING - signal 2 received
1295838311.488668: Removing interface wlan0
1295838311.488672: State: COMPLETED -> DISCONNECTED
1295838311.488677: wpa_driver_bsd_deauthenticate
1295838311.488711: wpa_driver_bsd_del_key: keyidx=0
1295838311.488722: wpa_driver_bsd_del_key: keyidx=1
1295838311.488729: wpa_driver_bsd_del_key: keyidx=2
1295838311.488734: wpa_driver_bsd_del_key: keyidx=3
1295838311.488743: wpa_driver_bsd_del_key: addr=00:18:3f:75:82:e9 keyidx=0
1295838311.488755: EAPOL: External notification - portEnabled=0
1295838311.488760: EAPOL: SUPP_PAE entering state DISCONNECTED
1295838311.488798: EAPOL: SUPP_BE entering state INITIALIZE
1295838311.488804: EAPOL: External notification - portValid=0
1295838311.488808: wpa_driver_bsd_set_wpa: enabled=0
1295838311.488812: wpa_driver_bsd_set_wpa_internal: wpa=0 privacy=0
1295838311.488924: Failed to disable WPA in the driver.
1295838311.488929: wpa_driver_bsd_set_drop_unencrypted: enabled=0
1295838311.488935: wpa_driver_bsd_set_countermeasures: enabled=0
1295838311.488941: No keys have been configured - skip key clearing
1295838311.489615: Cancelling scan request
1295838311.489626: Cancelling authentication timeout
1295838311.490095: wpa_driver_bsd_set_wpa_internal: wpa=0 privacy=1
ELOOP: remaining socket: sock=4 eloop_data=0x800e0b1c0 user_data=0x800e070f0 dler=0x41fb19
```

Any ideas please?

Kindest regards,

M


----------



## bschmidt (Jan 24, 2011)

I do not see any error in that log, are you sure no association happens? From that log it looks pretty much like there is connection.

Hm.. maybe the WEP key is just wrong? Can you try with

```
network={
	 ssid="MY_SSID"
	 scan_ssid=1
	 key_mgmt=NONE
	 wep_tx_keyidx=[B]0[/B]
	 wep_key0=[B]"[/B]my_wepkey[B]"[/B]
}
```

or convert your key to hex and use


```
network={
	 ssid="MY_SSID"
	 scan_ssid=1
	 key_mgmt=NONE
	 wep_tx_keyidx=[B]0[/B]
	 wep_key0=[B]0x[/B]ABCDEF0123
}
```

?


----------



## nakal (Jan 24, 2011)

mefizto said:
			
		

> interesting read.  As I understand it, the method requires 802.11 card with packet injection.  Is this common?



Yes, it is.


----------



## mefizto (Jan 25, 2011)

Dear bschmidt,

Aligning the wep_tx_keyidx and the wep_key per your suggestion, and omitting the leading "0x" in the wep_key per the Handbook, viz the example in section 31.3.3.1.4 WEP, did the trick:


```
network={
	 ssid="MY_SSID"
	 scan_ssid=1
	 key_mgmt=NONE
	 wep_tx_keyidx=0
	 wep_key0=ABCDEF0123
}
```

Thank you very much for your help.

Kindest regards,

M


----------

