Script to disable HW crypto + improved output + use wlan0

hostapd/hostapd.conf

@@ -5,7 +5,7 @@
 # management frames with the Host AP driver); wlan0 with many nl80211 drivers
 # Note: This attribute can be overridden by the values supplied with the '-i'
 # command line parameter.
-interface=wlp0s20u1
+interface=wlan0
 
 # In case of atheros and nl80211 driver interfaces, an additional
 # configuration parameter, bridge, may be used to notify hostapd if the

krackattack/disable-hwcrypto.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+set -e
+
+NOHWCRYPT="ath5k ath9k ath9k_htc rt2800usb carl9170 b43 p54common rt2500usb rt2800pci rt2800usb rt73usb"
+SWCRYPTO="iwlwifi iwl3945 iwl4965"
+HWCRYPTO="ipw2200"
+
+
+# 1. Create nohwcrypt.conf options file
+
+rm /etc/modprobe.d/nohwcrypt.conf 2> /dev/null || true
+
+for MODULE in $NOHWCRYPT
+do echo "options $MODULE nohwcrypt=1" >> /etc/modprobe.d/nohwcrypt.conf; done
+
+for MODULE in $SWCRYPTO
+do echo "options $MODULE swcrypto=1" >> /etc/modprobe.d/nohwcrypt.conf; done
+
+for MODULE in $HWCRYPTO
+do echo "options $MODULE hwcrypto=0" >> /etc/modprobe.d/nohwcrypt.conf; done
+
+
+# 2. Remove loaded modules so they'll reload parameters
+
+for MODULE in $NOHWCRYPT $SWCRYPTO $HWCRYPTO
+do rmmod $MODULE 2> /dev/null || true; done
+
+
+# 3. Done. To be sure parameters are reloaded, reboot computer.
+
+echo "Done. Reboot your computer."

krackattack/krack-test-client.py

@@ -251,10 +251,10 @@ class ClientState():
 
 		if self.groupkey_num_canaries >= 5:
 			assert self.vuln_group != ClientState.VULNERABLE
-			# TODO: Either accepts replayed messages, or vulnerable to group key reinstallation attack
-			log(INFO, ("%s: Received %d unique replies to replayed broadcast ARP requests. " +
-				"Client is vulnerable to group key reinstallations in the %s handshake!") \
-				% (self.mac, self.groupkey_num_canaries, "group key" if self.groupkey_grouphs else "4-way"), color="green")
+			log(INFO, "%s: Received %d unique replies to replayed broadcast ARP requests. Client is vulnerable to group" \
+				% (self.mac, self.groupkey_num_canaries), color="green")
+			log(INFO, "                   key reinstallations in the %s handshake (or client accepts replayed broadcast frames)!" \
+				% ("group key" if self.groupkey_grouphs else "4-way"),  color="green")
 			self.vuln_group = ClientState.VULNERABLE
 			self.groupkey_state = ClientState.FINISHED
 
@@ -297,8 +297,12 @@ class KRAckAttackClient():
 	def __init__(self, interface):
 		self.nic_iface = interface
 		self.nic_mon = interface + "mon"
-		self.apmac = scapy.arch.get_if_hwaddr(interface)
 		self.test_grouphs = False
+		try:
+			self.apmac = scapy.arch.get_if_hwaddr(interface)
+		except:
+			log(ERROR, "Failed to get MAC address of %s. Does this interface exist?" % interface)
+			raise
 
 		self.sock_mon = None
 		self.sock_eth = None
@@ -403,7 +407,7 @@ class KRAckAttackClient():
 		self.process_eth_rx(p)
 
 	def configure_interfaces(self):
-		log(STATUS, "Note: disable Wi-Fi in your network manager so it doesn't interfere with this script")
+		log(STATUS, "Note: disable Wi-Fi in network manager & disable hardware encryption. Both may interfere with this script.")
 
 		# 1. Remove unused virtual interfaces to start from a clean state
 		subprocess.call(["iw", self.nic_mon, "del"], stdout=subprocess.PIPE, stdin=subprocess.PIPE)