Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Update disable HW encryption script and README

Mathy Vanhoef 3 years ago
parent
f8db52f37c
commit
a6914795ee
2 changed files with 17 additions and 6 deletions
Unified View Show Diff Stats
  1. 2 0
      README.md
  2. 15 6
      krackattack/disable-hwcrypto.sh

+ 2 - 0
README.md
View File 

@@ -42,6 +42,8 @@ Every time before you use the scripts you must **disable Wi-Fi** in your network
 
 After doing this you can executing the scripts multiple times as long as you don't close the terminal.
 
 After doing this you can executing the scripts multiple times as long as you don't close the terminal.
 
 
 
 
 
+If you want to undo the effects of the `disable-hwcrypto.sh` then delete the file `/etc/modprobe.d/nohwcrypt.conf`.
 
+
 
 # Testing Clients
 
 # Testing Clients
 
 
 
 First modify `hostapd/hostapd.conf` and **edit the line `interface=` to specify the Wi-Fi interface** that will be used to execute the tests. Note that for all tests, once the script is running, you must let the device being tested connect to the **SSID testnetwork using the password abcdefgh**. You can change settings of the AP by modifying `hostapd/hostapd.conf`. In all tests the **client must use DHCP to get an IP** after connecting to the Wi-Fi network. This is because some tests only start after the client has requested an IP using DHCP!
 
 First modify `hostapd/hostapd.conf` and **edit the line `interface=` to specify the Wi-Fi interface** that will be used to execute the tests. Note that for all tests, once the script is running, you must let the device being tested connect to the **SSID testnetwork using the password abcdefgh**. You can change settings of the AP by modifying `hostapd/hostapd.conf`. In all tests the **client must use DHCP to get an IP** after connecting to the Wi-Fi network. This is because some tests only start after the client has requested an IP using DHCP!

+ 15 - 6
krackattack/disable-hwcrypto.sh
View File 

@@ -10,23 +10,31 @@ set -e
 
 NOHWCRYPT="ath5k ath9k ath9k_htc rt2800usb carl9170 b43 p54common rt2500usb rt2800pci rt73usb"
 
 NOHWCRYPT="ath5k ath9k ath9k_htc rt2800usb carl9170 b43 p54common rt2500usb rt2800pci rt73usb"
 
 SWCRYPTO="iwlwifi iwl3945 iwl4965"
 
 SWCRYPTO="iwlwifi iwl3945 iwl4965"
 
 HWCRYPTO="ipw2200"
 
 HWCRYPTO="ipw2200"
 
+MODFILE="/etc/modprobe.d/nohwcrypt.conf"
 
+
 
+# 0. Check if we have root privileges
 
+if [[ $EUID -ne 0 ]]; then
 
+   echo "This script must be run as root"
 
+   exit 1
 
+fi
 
 
 
 
 
 # 1. Create nohwcrypt.conf options file
 
 # 1. Create nohwcrypt.conf options file
 
 
 
-rm /etc/modprobe.d/nohwcrypt.conf 2> /dev/null || true
 
+rm $MODFILE 2> /dev/null || true
 
 
 
 for MODULE in $NOHWCRYPT
 
 for MODULE in $NOHWCRYPT
 
-do echo "options $MODULE nohwcrypt=1" >> /etc/modprobe.d/nohwcrypt.conf; done
 
+do echo "options $MODULE nohwcrypt=1" >> $MODFILE; done
 
 
 
 for MODULE in $SWCRYPTO
 
 for MODULE in $SWCRYPTO
 
-do echo "options $MODULE swcrypto=1" >> /etc/modprobe.d/nohwcrypt.conf; done
 
+do echo "options $MODULE swcrypto=1" >> $MODFILE; done
 
 
 
 for MODULE in $HWCRYPTO
 
 for MODULE in $HWCRYPTO
 
-do echo "options $MODULE hwcrypto=0" >> /etc/modprobe.d/nohwcrypt.conf; done
 
+do echo "options $MODULE hwcrypto=0" >> $MODFILE; done
 
 
 
 
 
-# 2. Remove loaded modules so they'll reload parameters
 
+# 2. Remove loaded modules so they'll reload parameters. Note that modules that
 
+#    are in use by others won't be removed (e.g. iwlwifi won't be removed).
 
 
 
 for MODULE in $NOHWCRYPT $SWCRYPTO $HWCRYPTO
 
 for MODULE in $NOHWCRYPT $SWCRYPTO $HWCRYPTO
 
 do rmmod $MODULE 2> /dev/null || true; done
 
 do rmmod $MODULE 2> /dev/null || true; done
 
@@ -34,4 +42,5 @@ do rmmod $MODULE 2> /dev/null || true; done
 
 
 
 # 3. Done. To be sure parameters are reloaded, reboot computer.
 
 # 3. Done. To be sure parameters are reloaded, reboot computer.
 
 
 
-echo "Hardware decryption disabled. Reboot your computer."
 
+echo "Created config file $MODFILE to disable hardware decryption."
 
+echo "Reboot your computer to apply the changes."