diffie hellman – ESP32: Secure WiFi credentials via WebCrypto?

Background information:

I am not a computer scientist. However, in a research project I am currently building a ESP32-based sensor. Multiple sensors of this type are going to be used by multiple users.

Every time a user wants to utilize a sensor, the sensor needs to get the WiFi credentials of this specific user so that the ESP32 can connect to the WiFi (for publishing the sensor data in a dashboard). In order to deliver these WiFi credentials, the ESP32 will be set up as a WiFi access point (AP) during configuration phase. Each user shall be able to use his/her smartphone to connect to the ESP, which runs a small HTTP server and delivers a login form to the user’s smartphone. After entering the credentials, they are sent via HTTP to the ESP32, which then can use this to login to the WiFi of my institute. Obviously, transferring the WiFi credentials via HTTP is not safe and, thus, they need to be encrypted.

Although it would be possible with a few workarounds, I don’t want to use HTTPS for the communication between smartphone and ESP32, since it seems to involve a lot of implementation inconveniences. I also don’t want to use a separate smartphone app, but want to stay with the browser-based approach, if possible.

The idea:

I found the following blog post which demonstrate how one can achieve a Curve25519-based Diffie-Hellman (DH) key exchange between a Node-JS Server and an ESP8266. Additionally, I stumbled across WebCrypto yesterday. This led me to the following idea:

My ESP32 might deliver a WebCrypto code together with the login form, which it sends to the user’s smartphone. Since WebCrypto seems to be supported by most of the modern smartphone browsers, the smartphone could locally generate a key pair via WebCrypto. The ESP32 could generate it’s own key pair via the Crypto library mentioned in the link. Then both devices can do a Diffie-Hellman key exchange, the smartphone can encrypt the WiFi password, sent it to the ESP32, which can then decrypt it and use it.

Questions:

I have absolutely no experience with encryption, coding Diffie-Hellman key exchange, or using WebCrypto. Obviously, there is a lot that can be implemented in a wrong way and cause a false security feeling. Furthermore, WebCrypto seems to have no implementation of Curve25519. Therefore, I have a few questions:

  1. Is there a simpler approach to achieve a secure WiFi credential transfer from the smartphone to the ESP32?

  2. Is the proposed idea realistic and safe?

  3. What are the biggest security pitfalls which I need to consider during implementation of this idea?

  4. If you have experience with WebCrypto, what alternatives to the Curve25519 key generation would be the best?

  5. At the end of the aforementioned link, the author mentioned that ensuring device identity is a problem which is not solved in their example. What does that mean?

networking – Two WiFi Cards/Adapters

Note: Remove the blacklisting for the iwlwifi driver.

To switch between wifi adapters, or only have one specific adapter connect, do a variation like this…

Example:

Let’s assume that you have two different wireless networks, wifi-a and wifi-b.

Let’s assume that you have two different wireless adapters, wlan0 and wlan1.

Edit all wireless connection profiles for all local wireless networks, and un-check Connect automatically.

enter image description here

Edit the wifi-a connection profile, and change the MAC address to wlan0.

Edit the wifi-b connection profile, and change the MAC address to wlan1.

If you always want one particular wireless interface to always connect at boot/login time, then reselect the Connect automatically for the desired profile.

enter image description here

By using these two settings, you can tailor the exact desired configuration.

network – Macbook 2007 (A1181) Wi-Fi issues in Windows

I have:

  • Macbook A1181
  • Windows 8.1 in Bootcamp with the latest patches
  • All bootcamp drivers installed
  • Keenetic Viva router with 2.4/5 GHz dual-band Wi-Fi, located in ~1m from the Macbook

The issue is that download/upload speed via Wi-Fi is very low in any app (~60kbps) and often interrupts. On the other hand, ethernet connection works great.

And the same Macbook works great with Wi-Fi when I boot macOS, but, unfortunately, I need Windows.

Other devices, like M1 Macbook Pro (late 2020), iPhones and lots of Android phones (even 2.4 GHz) work fine too, so it seems to be a driver issue.

Any ideas on how to fix it?

Stolen Package with Ipad Pro WiFi only

Stolen Package with Ipad Pro WiFi only – Ask Different

networking – WIFI IS NOT WORKING I HAVE TRIED EVERYTHING

I restarted my kali and my wifi was not working any help

IWconfig gives this result

lo no wireless extensions.

eth0 no wireless extensions.

usb0 no wireless extensions.

ifconfig gives this result

eth0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 54:e1:ad:0e:bb:68 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1000 (Local Loopback)
RX packets 224 bytes 19008 (18.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 224 bytes 19008 (18.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

usb0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.42.12 netmask 255.255.255.0 broadcast 192.168.42.255
inet6 fe80::78ef:7aff:fe46:18af prefixlen 64 scopeid 0x20
ether 7a:ef:7a:46:18:af txqueuelen 1000 (Ethernet)
RX packets 2548 bytes 1510180 (1.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2817 bytes 446110 (435.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

i have tried to reinstall the drivers using iwlwifi commands but it has not worked however the strange thing is the wifi card is working on windows in dual boot can someone help me

BTW i am unable to find my wifi cards name

Why can’t we perform a replay attack on wifi networks

I was wondering that when a hacker is trying to hack a wifi network he would try to capture a handshake and then try to decrypt it,whereas when you wanna login to your wifi you would type in your password and the password would be encrypted then sent to the router which would decrypt it using a key.
So why can’t we just resend the encrypted password(the handshake) to the router without having to decrypt it like a replay attack.

Why did my WiFi, bluetooth and hotspot stop working all of a sudden?

I had this very awkward experience, today. My Samsung Galaxy A10s running Android 10 has ran into some serious trouble. I am shocked to find that my Wi-Fi is not turning on, my bluetooth is frozen and my hotspot is also not turning on. I do not realize, why this is happening. I am not a regular Wi-Fi user, I prefer Mobile networks, and it is extremely shocking to find that my device is not properly working.

My attempts to fix this

  • I tried clearing the cache memory, of all apps, individually one by one, freeing up almost 120+ MB from internal memory.

  • I tried booting into safe mode, and then tried to enable Wi-Fi / hotspot/bluetooth, but still my efforts were all in vain.

  • I updated it manually to get the latest patches. But, still it is not fixed.

  • I tried resetting the network settings to default, but, still, my problems still persist.

I do not know what else to do, to save my phone. All these features, that I lost are very very important to me. I humbly request to help me. Every help will greatly appreciated.

wi fi – How to use Wi-Fi and hotspot at the same time on Android?

I don’t know of any straight forward tool other than Android apps (which use Wi-Fi Direct) that will let use wi-fi and hotspot at the same time. Neither it’s a standard feature introduced in custom ROM’s so far (AFAIK). However you can do this manually if you are comfortable with commandline usage. But it’s NOT possible without root.

  • Rooted device
  • Device must support nl80211 driver

    All newer devices with Qualcomm MSM chipset support this AFAIK e.g. Xiaomi’s Redmi Note 4 (mido) built with MSM8953.

    Kernel must also support this driver. To confirm:

    ~# zcat /proc/config.gz | grep CONFIG_CFG80211
    CONFIG_CFG80211=y
    
    ~# lshw | grep wireless=
           configuration: broadcast=yes driver=wcnss_wlan multicast=yes wireless=Qcom:802.11n
    
  • Device must support managed mode and AP mode at the same time.

    ~# iw phy | grep -iA2 'valid interface combinations'
            valid interface combinations:
             * #{ managed } <= 3, #{ IBSS, AP } <= 1, #{ P2P-client, P2P-GO } <= 1,
               total <= 3, #channels <= 1
    

    This means that your wireless chip supports creating at maximum 3 interfaces, one of which can be in AP mode, with others being in managed or P2P mode, and at maximum 1 channel is supported. If channels value is 2, you can operate both interfaces on different channels. However using same channel is recommended to avoid interference.

    Standard wi-fi interface on Android devices (usually wlan0) is always run in managed mode. We are going to create a virtual wireless interface to be run in AP mode.

  • Linux tools: iw, ip, iptables, hostapd, dnsmasq etc.

    You can also use wpa_supplicant in place of hostapd with slightly different configuration.

    Usually these binaries come bundled with Android. However there are modifications by Google and vendors to make these tools fit for Android needs. So they may not behave as standard Linux tools and in rare cases you might need to compile them from source.

    Wireless tools should be newer enough to have support for driver nl80211.

  • Terminal emulator (Termux is a good one)

For ease of use, I have summarized all steps in a shell script with brief explanation. You can put this on your $PATH e.g. /system/bin/android_ap and execute it directly: ~# android_ap start. A Custom Quick Settings Tile can also be created for ease of use.

#!/system/bin/sh
set -e
#set -x

( "$(id -u)" != 0 ) && echo 'Not running as root!' && exit

SSID=MyAP                           # set this to your desired string (avoid spaces and non-ascii characters)
PASSCODE=foobarfoobar               # set this to your desired string (8 to 63 characters)
WIFI_INTERFACE=wlan0                # set this according to your device (lshw | grep -A10 Wireless | grep 'logical name')
SUBNET=192.168.42                   # must be different than WIFI_INTERFACE
AP_INTERFACE=${WIFI_INTERFACE}-AP
IP=${SUBNET}.1
DIR=/data/local/tmp/$AP_INTERFACE

USAGE()
{
    echo 'Usage:'
    printf 't%sn' "$(basename "$0") start|stop"
    exit
}

STOP() {
    # hope there are no other instances of same daemons
    pkill -15 hostapd dnsmasq
    # remove iptables rules
    iptables -D INPUT -i $AP_INTERFACE -p udp -m udp --dport 67 -j ACCEPT
    iptables -t nat -D POSTROUTING -s ${SUBNET}.0/24 ! -o $AP_INTERFACE -j MASQUERADE
    iptables -D FORWARD -i $AP_INTERFACE -s ${IP}/24 -j ACCEPT
    iptables -D FORWARD -i $WIFI_INTERFACE -d ${SUBNET}.0/24 -j ACCEPT
    # delete AP interface
    ip link show | grep "${AP_INTERFACE}:" && iw $AP_INTERFACE del
    rm -rf $DIR
} >/dev/null 2>&1

CHECKS()
{
    for binary in iw ip iptables hostapd dnsmasq; do
        which $binary >/dev/null && continue
        exit
    done

    # this check is necessary if need to use single channel
    if iw dev $WIFI_INTERFACE link | grep -q '^Not connected'
    then
        echo 'First connect to Wi-Fi for internet sharing.'
        exit
    fi

    if ! iw phy | grep -iqE '{.*managed.*AP.*}' && ! iw phy | grep -iqE '{.*AP.*managed.*}'
    then
        echo 'AP mode not supported.'
        exit
    fi
}

CREATE_AP()
{
    if ! iw dev $WIFI_INTERFACE interface add $AP_INTERFACE type __ap
    then
        echo "Couldn't create AP."  # :(
        exit
    fi
}

FIND_CHANNEL()
{
    # find what channel wi-fi is using
    CHANNEL="$(iw $WIFI_INTERFACE scan | grep -C5 "$(iw $WIFI_INTERFACE link | grep SSID | cut -d: -f2-)" | grep -i channel | tail -c3)"
    if ( -z "$CHANNEL" )
    then
        echo  "Couldn't find channel info. Are you are connected to Wi-Fi?"
        STOP
        exit
    fi

    # if more than 1 channels are supported, use any frequency
    ( ! -z "$CHANNEL" ) || CHANNEL=11
}

ADD_IP_ROUTE()
{
    # activate the interface and add IP
    ip link set up dev $AP_INTERFACE
    ip addr add ${IP}/24 broadcast ${SUBNET}.255 dev $AP_INTERFACE

    # routing table 97 needs to be put necessarily on Android
    # because in main table, route for $WIFI_INTERFACE takes priority (ip route show)
    # and all traffic goes there ignoring $AP_INTERFACE
    ip route add ${SUBNET}.0/24 dev $AP_INTERFACE table 97
}

HOSTAPD_CONFIG()
{
    mkdir -p "$DIR"
    cat <<-EOF >$DIR/hostapd.conf
        # network name
        ssid=$SSID
        # network interface to listen on
        interface=$AP_INTERFACE
        # wi-fi driver
        driver=nl80211
        # WLAN channel to use
        channel=$CHANNEL
        # ser operation mode, what frequency to use
        hw_mode=g
        # enforce Wireless Protected Access (WPA)
        wpa=2
        # passphrase to use for protected access
        wpa_passphrase=$PASSCODE
        # WPA protocol
        wpa_key_mgmt=WPA-PSK
    EOF

    # you can tune other parameters such as mtu, beacon_int, ieee80211n, wowlan_triggers (if supported)
    # for better performace and options such as *_pairwise for better security
}

INTERNET_SHARE()
{
    # allow IP forwarding
    echo 1 >/proc/sys/net/ipv4/ip_forward
    # route and allow forwrding through firewall
    iptables -t nat -I POSTROUTING -s ${SUBNET}.0/24 ! -o $AP_INTERFACE -j MASQUERADE
    iptables -I FORWARD -i $AP_INTERFACE -s ${IP}/24 -j ACCEPT
    iptables -I FORWARD -i $WIFI_INTERFACE -d ${SUBNET}.0/24 -j ACCEPT
}

DHCP_SERVER()
{
    # configuration
    cat <<-EOF >$DIR/dnsmasq.conf
        # we dont want DNS server, only DHCP
        port=0
        # only listen on AP interface
        interface=$AP_INTERFACE
        listen-address=$IP

        #bind-interfaces

        # range of IPs to make available to wlan devices andwhen to renew IP
        dhcp-range=$IP,${SUBNET}.254,24h
        # where to save leases
        dhcp-leasefile=$DIR/dnsmasq.leases
        # set default gateway
        dhcp-option-force=option:router,$IP
        # add OpenDNS servers for DNS lookup to announce
        dhcp-option-force=option:dns-server,208.67.220.220,208.67.222.222

        #dhcp-option-force=option:mtu,1500

        # respond to a client who is requesting from a different IP broadcast subnet
        # or requesting an out of range / occupied IP
        # or requesting an IP from expired lease of previous sessions
        # or obtained from some other server which is offline now
        dhcp-authoritative
        # don't look for any hosts file and resolv file
        no-hosts
        no-resolv
    EOF

    # open listening port
    iptables -I INPUT -i $AP_INTERFACE -p udp -m udp --dport 67 -j ACCEPT

    # start dhcp server
    dnsmasq -C $DIR/dnsmasq.conf
}

if ( "$1" = stop )
then
    STOP || true
    exit
fi

( "$1" = start ) || USAGE

# basic check
CHECKS
# stop running instances
STOP || true
# create virtual wireless interface
CREATE_AP
# find channed already used ny wi-fi
FIND_CHANNEL
# configre newly created interface
ADD_IP_ROUTE
# configure acces point daemon
HOSTAPD_CONFIG
# start hostapd
hostapd -B $DIR/hostapd.conf
# share internet from Wi-Fi to AP
INTERNET_SHARE
# run a dhcp server to assign IP's dynamically
# otherwise assign a static IP to connected device in subnet range (2 to 254)
DHCP_SERVER

echo Done.

SOURCES:

wi fi – Can android mobile device support the access to WiFi (No internet) and Mobile data which provides internet at the same time?

Question: I would like to connect android mobile device to WiFi Router (No internet) and to use mobile data simultaneously. The use case is, one android application works on LAN created by WiFi router and other applications (e.g. gmail, youtube etc) work using mobile data. I would like to use all these applications together on a mobile device.

I tried this but I am able to connect to either WiFi or mobile data but not both at the same time. I have used different phones for e.g. Samsung, Redmi running on Android 9, 10, 11. I have got the same results.

Maybe, this question has already been asked many times in the past. I have found answers like the mobile device shall support “Multi path TCP” technology, the mobile device needs to be rooted, the mobile device needs to be in developer option etc.

I don’t want to root my phone and I don’t want to use developer options.

How to check which phones support this kind of operation? If it is not supported, what can be the limitation – it is a hardware or Android OS which does not support it? How to check all this?

DreamProxies - Cheapest USA Elite Private Proxies 100 Private Proxies 200 Private Proxies 400 Private Proxies 1000 Private Proxies 2000 Private Proxies ExtraProxies.com - Buy Cheap Private Proxies Buy 50 Private Proxies Buy 100 Private Proxies Buy 200 Private Proxies Buy 500 Private Proxies Buy 1000 Private Proxies Buy 2000 Private Proxies ProxiesLive Proxies-free.com New Proxy Lists Every Day Proxies123