diff --git a/APs/config/mgt/hostapd_wpe_tls.eap_user.tmp b/APs/config/mgt/hostapd_wpe_tls.eap_user.tmp index eb1208c..fe2137a 100644 --- a/APs/config/mgt/hostapd_wpe_tls.eap_user.tmp +++ b/APs/config/mgt/hostapd_wpe_tls.eap_user.tmp @@ -113,4 +113,4 @@ # Existing user identities "${IDENTITY_MGT_TLS}" TLS -"${USER_GLOBALMANAGER}" TLS +"${IDENTITY_MGT_PHISHING}" TLS diff --git a/APs/config/owe/hostapd_owe.conf.tmp b/APs/config/owe/hostapd_owe.conf.tmp index 90657e8..52b4893 100644 --- a/APs/config/owe/hostapd_owe.conf.tmp +++ b/APs/config/owe/hostapd_owe.conf.tmp @@ -10,17 +10,12 @@ channel=$CHANNEL_OWE # SSID ------------------------------------------------------------------ ssid=$ESSID_OWE -ieee80211n=1 -ieee80211ac=1 - auth_algs=1 wpa=2 wpa_key_mgmt=OWE - -wpa_pairwise=CCMP rsn_pairwise=CCMP - ieee80211w=2 +owe_groups=19 ctrl_interface=/run/hostapd-$WLAN_OWE -ctrl_interface_group=0 \ No newline at end of file +ctrl_interface_group=0 diff --git a/APs/mac80211_hwsim/dragondrain.sh b/APs/mac80211_hwsim/dragondrain.sh index c06e917..d38faac 100644 --- a/APs/mac80211_hwsim/dragondrain.sh +++ b/APs/mac80211_hwsim/dragondrain.sh @@ -1,7 +1,100 @@ #!/bin/bash set -euo pipefail -patch_FILE="${1:-mac80211_hwsim.c}" +usage() { + cat <<'EOF' +Usage: + bash dragondrain.sh [mac80211_hwsim.c] + bash dragondrain.sh --file mac80211_hwsim.c [--simulate-dos|--detect-only] + +Environment tuning (all optional): + PATCH_AUTH_THRESHOLD auth req/sec threshold (default: 30) + PATCH_SAE_AUTH_THRESHOLD SAE auth req/sec threshold (default: 8) + PATCH_ASSOC_THRESHOLD assoc+reassoc req/sec threshold (default: 20) + PATCH_TOTAL_THRESHOLD total auth+assoc req/sec threshold (default: 40) + PATCH_DETECT_WINDOWS consecutive flood windows before trigger (default: 3) + PATCH_QUIET_WINDOWS quiet windows before reset (default: 6) + PATCH_BLOCK_SECONDS DoS block duration when detected (default: 30) + PATCH_SIMULATE_DOS 1 enables periodic simulated DoS (default: 0) + PATCH_SIM_INTERVAL_SECONDS interval between simulations (default: 90) + PATCH_SIM_BLOCK_SECONDS simulated DoS duration (default: 15) +EOF +} + +require_posint() { + local name="$1" + local value="$2" + if ! [[ "$value" =~ ^[0-9]+$ ]] || [[ "$value" -lt 1 ]]; then + echo "[-] $name must be a positive integer, got: $value" >&2 + exit 1 + fi +} + +patch_FILE="mac80211_hwsim.c" +patch_FILE_SET=0 + +while [[ $# -gt 0 ]]; do + case "$1" in + --help|-h) + usage + exit 0 + ;; + --file) + patch_FILE="${2:-}" + if [[ -z "$patch_FILE" ]]; then + echo "[-] --file requires a path" >&2 + exit 1 + fi + patch_FILE_SET=1 + shift 2 + ;; + --simulate-dos) + PATCH_SIMULATE_DOS=1 + shift + ;; + --detect-only) + PATCH_SIMULATE_DOS=0 + shift + ;; + *) + if [[ "$patch_FILE_SET" -eq 0 && "$1" != --* ]]; then + patch_FILE="$1" + patch_FILE_SET=1 + shift + else + echo "[-] Unknown argument: $1" >&2 + usage + exit 1 + fi + ;; + esac +done + +PATCH_AUTH_THRESHOLD="${PATCH_AUTH_THRESHOLD:-30}" +PATCH_SAE_AUTH_THRESHOLD="${PATCH_SAE_AUTH_THRESHOLD:-8}" +PATCH_ASSOC_THRESHOLD="${PATCH_ASSOC_THRESHOLD:-20}" +PATCH_TOTAL_THRESHOLD="${PATCH_TOTAL_THRESHOLD:-40}" +PATCH_DETECT_WINDOWS="${PATCH_DETECT_WINDOWS:-3}" +PATCH_QUIET_WINDOWS="${PATCH_QUIET_WINDOWS:-6}" +PATCH_BLOCK_SECONDS="${PATCH_BLOCK_SECONDS:-30}" +PATCH_SIMULATE_DOS="${PATCH_SIMULATE_DOS:-0}" +PATCH_SIM_INTERVAL_SECONDS="${PATCH_SIM_INTERVAL_SECONDS:-90}" +PATCH_SIM_BLOCK_SECONDS="${PATCH_SIM_BLOCK_SECONDS:-15}" + +require_posint PATCH_AUTH_THRESHOLD "$PATCH_AUTH_THRESHOLD" +require_posint PATCH_SAE_AUTH_THRESHOLD "$PATCH_SAE_AUTH_THRESHOLD" +require_posint PATCH_ASSOC_THRESHOLD "$PATCH_ASSOC_THRESHOLD" +require_posint PATCH_TOTAL_THRESHOLD "$PATCH_TOTAL_THRESHOLD" +require_posint PATCH_DETECT_WINDOWS "$PATCH_DETECT_WINDOWS" +require_posint PATCH_QUIET_WINDOWS "$PATCH_QUIET_WINDOWS" +require_posint PATCH_BLOCK_SECONDS "$PATCH_BLOCK_SECONDS" +require_posint PATCH_SIM_INTERVAL_SECONDS "$PATCH_SIM_INTERVAL_SECONDS" +require_posint PATCH_SIM_BLOCK_SECONDS "$PATCH_SIM_BLOCK_SECONDS" + +if [[ "$PATCH_SIMULATE_DOS" != "0" && "$PATCH_SIMULATE_DOS" != "1" ]]; then + echo "[-] PATCH_SIMULATE_DOS must be 0 or 1" >&2 + exit 1 +fi if [[ ! -f "$patch_FILE" ]]; then echo "[-] File not found: $patch_FILE" >&2 @@ -14,6 +107,8 @@ patch_HELPERS_MARK="/* [HWSIM-PATCH] kick helpers */" patch_APFILTER_MARK="/* [HWSIM-PATCH] ap dest filter */" patch_RX_MARK_BEGIN="/* [HWSIM-PATCH-RX] begin */" +echo "[i] Tuning: auth=$PATCH_AUTH_THRESHOLD sae_auth=$PATCH_SAE_AUTH_THRESHOLD assoc=$PATCH_ASSOC_THRESHOLD total=$PATCH_TOTAL_THRESHOLD detect_windows=$PATCH_DETECT_WINDOWS quiet_windows=$PATCH_QUIET_WINDOWS block_s=$PATCH_BLOCK_SECONDS simulate_dos=$PATCH_SIMULATE_DOS sim_interval_s=$PATCH_SIM_INTERVAL_SECONDS sim_block_s=$PATCH_SIM_BLOCK_SECONDS" + # 1) Ensure required headers if ! grep -q '' "$patch_FILE"; then perl -i -pe 'BEGIN{$patch_done=0} if(!$patch_done && /^#include\b/){ print "#include \n"; $patch_done=1 }' "$patch_FILE" @@ -32,13 +127,17 @@ fi # 2) Add patch_ fields to struct mac80211_hwsim_data if ! grep -q "patch_attack_triggered" "$patch_FILE"; then sed -i '/struct mac80211_hwsim_data[[:space:]]*{/a\ -\t/* Patch flood detection (receiver only) */\ +\t/* Patch flood detection and DoS simulation */\ \tbool patch_attack_triggered;\ \tint patch_auth_counter;\ +\tint patch_sae_auth_counter;\ +\tint patch_assoc_counter;\ \tunsigned long patch_last_jiffies;\ \tint patch_flood_streak;\ \tint patch_quiet_streak;\ \tunsigned long patch_block_until_jiffies;\ +\tunsigned long patch_simulate_next_jiffies;\ +\tunsigned long patch_simulate_until_jiffies;\ ' "$patch_FILE" echo "[+] Added patch_ fields to struct mac80211_hwsim_data" else @@ -50,6 +149,10 @@ if ! grep -qF "$patch_HELPERS_MARK" "$patch_FILE"; then patch_HELPERS_CONTENT=$(cat <<'PATCH_EOF' /* [HWSIM-PATCH] kick helpers */ +#ifndef WLAN_AUTH_SAE +#define WLAN_AUTH_SAE 3 +#endif + static struct work_struct patch_kick_work; static struct ieee80211_hw *patch_kick_hw; static bool patch_kick_inited; @@ -132,7 +235,7 @@ static bool patch_is_for_local_ap(struct ieee80211_hw *patch_hw, #endif ieee80211_iterate_active_interfaces_atomic(patch_hw, patch_iter_flags, - patch_ap_match_iter, &patch_ctx); + patch_ap_match_iter, &patch_ctx); return patch_ctx.patch_match; } PATCH_EOF @@ -148,28 +251,44 @@ else echo "[=] patch_ AP destination filter helpers already present" fi -# 5) RX wrapper (receiver-only flood detection) +# 5) RX wrapper (receiver-only flood detection + optional DoS simulation) if grep -qF "$patch_RX_MARK_BEGIN" "$patch_FILE"; then echo "[=] RX wrapper already present" else - patch_RX_WRAPPER=$(cat <<'PATCH_EOF' + patch_RX_WRAPPER=$(cat <hw; struct sk_buff *patch_skb = skb; struct mac80211_hwsim_data *patch_p = patch_hw->priv; struct ieee80211_hdr *patch_hdr; + struct ieee80211_mgmt *patch_mgmt; u16 patch_fc; + u16 patch_auth_alg = 0; unsigned long patch_now = jiffies; - - if (patch_skb && patch_skb->len >= 2) { + bool patch_mgmt_req; + bool patch_is_sae_auth = false; + bool patch_flood; + int patch_total; + bool patch_attack_active; + bool patch_simulation_active; + + if (patch_skb && patch_skb->len >= 24) { patch_hdr = (struct ieee80211_hdr *)patch_skb->data; + patch_mgmt = (struct ieee80211_mgmt *)patch_skb->data; patch_fc = le16_to_cpu(patch_hdr->frame_control); + patch_mgmt_req = ieee80211_is_auth(patch_fc) || + ieee80211_is_assoc_req(patch_fc) || + ieee80211_is_reassoc_req(patch_fc); + if (ieee80211_is_auth(patch_fc) && patch_skb->len >= 26) { + patch_auth_alg = le16_to_cpu(patch_mgmt->u.auth.auth_alg); + patch_is_sae_auth = patch_auth_alg == WLAN_AUTH_SAE; + } /* Receiver only: - * If addr1 is broadcast/multicast, use addr3 (BSSID) to identify the AP. - * If addr1 is unicast, match either addr1 or addr3 against the AP vif. - */ + * If addr1 is broadcast/multicast, use addr3 (BSSID) to identify the AP. + * If addr1 is unicast, match either addr1 or addr3 against the AP vif. + */ if (is_multicast_ether_addr(patch_hdr->addr1)) { if (!patch_is_for_local_ap(patch_hw, NULL, patch_hdr->addr3)) goto patch_pass; @@ -177,40 +296,75 @@ do { if (!patch_is_for_local_ap(patch_hw, patch_hdr->addr1, patch_hdr->addr3)) goto patch_pass; } - if (patch_p->patch_attack_triggered && - time_before(patch_now, patch_p->patch_block_until_jiffies)) { - if (ieee80211_is_auth(patch_fc) || - ieee80211_is_assoc_req(patch_fc) || - ieee80211_is_reassoc_req(patch_fc)) { - dev_kfree_skb_any(patch_skb); - patch_skb = NULL; + + if (${PATCH_SIMULATE_DOS}) { + if (!patch_p->patch_simulate_next_jiffies) + patch_p->patch_simulate_next_jiffies = patch_now + ${PATCH_SIM_INTERVAL_SECONDS} * HZ; + + if (time_after_eq(patch_now, patch_p->patch_simulate_next_jiffies)) { + patch_p->patch_simulate_until_jiffies = patch_now + ${PATCH_SIM_BLOCK_SECONDS} * HZ; + patch_p->patch_simulate_next_jiffies = patch_now + ${PATCH_SIM_INTERVAL_SECONDS} * HZ; + + if (!patch_kick_inited) { + INIT_WORK(&patch_kick_work, patch_kick_workfn); + patch_kick_inited = true; + } + patch_kick_hw = patch_hw; + ieee80211_queue_work(patch_hw, &patch_kick_work); + pr_info("[HWSIM-PATCH][%s] Simulated DoS for %ds\n", + wiphy_name(patch_hw->wiphy), ${PATCH_SIM_BLOCK_SECONDS}); } } - if (patch_skb && ieee80211_is_auth(patch_fc)) { + patch_attack_active = patch_p->patch_attack_triggered && + time_before(patch_now, patch_p->patch_block_until_jiffies); + patch_simulation_active = ${PATCH_SIMULATE_DOS} && + time_before(patch_now, patch_p->patch_simulate_until_jiffies); + + if ((patch_attack_active && patch_mgmt_req) || + (patch_simulation_active && (patch_mgmt_req || ieee80211_is_data(patch_fc)))) { + dev_kfree_skb_any(patch_skb); + patch_skb = NULL; + } + + if (patch_skb && patch_mgmt_req) { if (time_before(patch_now, patch_p->patch_last_jiffies + HZ)) { - patch_p->patch_auth_counter++; + if (ieee80211_is_auth(patch_fc)) { + patch_p->patch_auth_counter++; + if (patch_is_sae_auth) + patch_p->patch_sae_auth_counter++; + } else { + patch_p->patch_assoc_counter++; + } } else { - if (patch_p->patch_auth_counter > 20) { + patch_total = patch_p->patch_auth_counter + patch_p->patch_assoc_counter; + patch_flood = patch_p->patch_auth_counter >= ${PATCH_AUTH_THRESHOLD} || + patch_p->patch_sae_auth_counter >= ${PATCH_SAE_AUTH_THRESHOLD} || + patch_p->patch_assoc_counter >= ${PATCH_ASSOC_THRESHOLD} || + patch_total >= ${PATCH_TOTAL_THRESHOLD}; + + if (patch_flood) { patch_p->patch_flood_streak++; patch_p->patch_quiet_streak = 0; - pr_info("[HWSIM-PATCH][%s] Flood window (%d/5)\n", - wiphy_name(patch_hw->wiphy), patch_p->patch_flood_streak); + pr_info("[HWSIM-PATCH][%s] Flood window auth=%d sae_auth=%d assoc=%d total=%d (streak=%d/%d)\n", + wiphy_name(patch_hw->wiphy), + patch_p->patch_auth_counter, + patch_p->patch_sae_auth_counter, + patch_p->patch_assoc_counter, + patch_total, + patch_p->patch_flood_streak, + ${PATCH_DETECT_WINDOWS}); } else { - patch_p->patch_flood_streak = 0; + if (patch_p->patch_flood_streak > 0) + patch_p->patch_flood_streak--; if (patch_p->patch_attack_triggered) patch_p->patch_quiet_streak++; - else - patch_p->patch_quiet_streak = 0; } - if (patch_p->patch_flood_streak >= 5 && - !patch_p->patch_attack_triggered) { + if (patch_p->patch_flood_streak >= ${PATCH_DETECT_WINDOWS} && !patch_attack_active) { patch_p->patch_attack_triggered = true; - patch_p->patch_block_until_jiffies = patch_now + 30 * HZ; - - pr_info("[HWSIM-PATCH][%s] Flood detected -> restarting hw to drop all stations\n", - wiphy_name(patch_hw->wiphy)); + patch_p->patch_block_until_jiffies = patch_now + ${PATCH_BLOCK_SECONDS} * HZ; + patch_p->patch_quiet_streak = 0; if (!patch_kick_inited) { INIT_WORK(&patch_kick_work, patch_kick_workfn); @@ -218,16 +372,23 @@ do { } patch_kick_hw = patch_hw; ieee80211_queue_work(patch_hw, &patch_kick_work); + pr_info("[HWSIM-PATCH][%s] DragonDrain detected -> DoS mode for %ds\n", + wiphy_name(patch_hw->wiphy), ${PATCH_BLOCK_SECONDS}); } if (patch_p->patch_attack_triggered && - patch_p->patch_quiet_streak >= 10) { + patch_p->patch_quiet_streak >= ${PATCH_QUIET_WINDOWS}) { patch_p->patch_attack_triggered = false; - pr_info("[HWSIM-PATCH][%s] Quiet 10s -> mode RESET\n", + patch_p->patch_flood_streak = 0; + patch_p->patch_quiet_streak = 0; + patch_p->patch_sae_auth_counter = 0; + pr_info("[HWSIM-PATCH][%s] Quiet windows reached -> reset detection state\n", wiphy_name(patch_hw->wiphy)); } - patch_p->patch_auth_counter = 1; + patch_p->patch_auth_counter = ieee80211_is_auth(patch_fc) ? 1 : 0; + patch_p->patch_sae_auth_counter = (ieee80211_is_auth(patch_fc) && patch_is_sae_auth) ? 1 : 0; + patch_p->patch_assoc_counter = ieee80211_is_auth(patch_fc) ? 0 : 1; patch_p->patch_last_jiffies = patch_now; } } diff --git a/APs/mac80211_hwsim/install.sh b/APs/mac80211_hwsim/install.sh index ebe337e..7de13a9 100644 --- a/APs/mac80211_hwsim/install.sh +++ b/APs/mac80211_hwsim/install.sh @@ -15,11 +15,12 @@ sudo apt install linux-headers-$(uname -r) -y || true sudo apt-get install -y gcc-12 g++-12 build-essential || true ### ---- Download the code and parche ---------------------------------- +rm -f mac80211_hwsim.c mac80211_hwsim.h mac80211_hwsim.c.bak bash patch80211.sh -bash dragondrain.sh +PATCH_SAE_AUTH_THRESHOLD=4 PATCH_DETECT_WINDOWS=2 bash dragondrain.sh --simulate-dos -TARGET_VERSION_ERROR="2.4-WiFiChallengeLab-version" +TARGET_VERSION_ERROR="2.4.1-WiFiChallengeLab-version" TARGET_VERSION=$(grep -oP 'MODULE_VERSION\("([^"]+)"\)' mac80211_hwsim.c | grep -oP '(?<=")[^"]+(?=")' || echo $TARGET_VERSION_ERROR) ### ---- Compile and install @@ -49,7 +50,7 @@ ${ALT_MODNAME}-objs := mac80211_hwsim.o EOF echo "==> Building ${ALT_MODNAME}.ko …" -make -s -C "/lib/modules/${KVER}/build" M="${BUILD_DIR}" modules +SKIP_BTF=1 make -s -C "/lib/modules/${KVER}/build" M="${BUILD_DIR}" modules # verify version of freshly‑built binary NEW_VER="$(modver "./${ALT_MODNAME}.ko")" diff --git a/APs/mac80211_hwsim/patch80211.sh b/APs/mac80211_hwsim/patch80211.sh index c6db71e..0a58875 100644 --- a/APs/mac80211_hwsim/patch80211.sh +++ b/APs/mac80211_hwsim/patch80211.sh @@ -36,7 +36,7 @@ CFILE="${DEST}/mac80211_hwsim.c" # MODULE_VERSION if ! grep -q 'WiFiChallengeLab-version' "$CFILE"; then - perl -0777 -i -pe 's/MODULE_LICENSE\("GPL"\);\n/MODULE_LICENSE("GPL");\nMODULE_VERSION("2.4-WiFiChallengeLab-version");\n/s' "$CFILE" + perl -0777 -i -pe 's/MODULE_LICENSE\("GPL"\);\n/MODULE_LICENSE("GPL");\nMODULE_VERSION("2.4.1-WiFiChallengeLab-version");\n/s' "$CFILE" echo " • MODULE_VERSION added" else echo " • MODULE_VERSION already present" diff --git a/APs/mac80211_hwsim/uninstall.sh b/APs/mac80211_hwsim/uninstall.sh new file mode 100644 index 0000000..cfe30cb --- /dev/null +++ b/APs/mac80211_hwsim/uninstall.sh @@ -0,0 +1,109 @@ +#!/usr/bin/env bash +set -euo pipefail + +ALT_MODNAME="mac80211_hwsim_WiFiChallenge" +STOCK_MODNAME="mac80211_hwsim" +TARGET_VERSION="2.4.1-WiFiChallengeLab-version" + +RELOAD_STOCK=1 +REMOVE_ANY_VERSION=0 + +usage() { + cat <<'EOF' +Usage: + sudo bash uninstall.sh [--no-reload-stock] [--remove-any-version] + +Options: + --no-reload-stock Do not load stock mac80211_hwsim after removal + --remove-any-version Remove the custom module file even if version != 2.4.1 + -h, --help Show this help +EOF +} + +while [[ $# -gt 0 ]]; do + case "$1" in + --no-reload-stock) + RELOAD_STOCK=0 + ;; + --remove-any-version) + REMOVE_ANY_VERSION=1 + ;; + -h|--help) + usage + exit 0 + ;; + *) + echo "[-] Unknown argument: $1" >&2 + usage + exit 1 + ;; + esac + shift +done + +if [[ "${EUID}" -ne 0 ]]; then + echo "[-] Run as root (use sudo)." >&2 + exit 1 +fi + +KVER="$(uname -r)" +DEST_DIR="/lib/modules/${KVER}/kernel/drivers/net/wireless" +ALT_MOD_PATH="${DEST_DIR}/${ALT_MODNAME}.ko" +DKMS_MOD_PATH="/lib/modules/${KVER}/updates/dkms/${ALT_MODNAME}.ko" + +echo "[*] Unloading ${ALT_MODNAME} if loaded..." +modprobe -r "${ALT_MODNAME}" 2>/dev/null || true + +declare -a CANDIDATE_PATHS=( + "${ALT_MOD_PATH}" + "${DKMS_MOD_PATH}" +) + +if RESOLVED_PATH="$(modinfo -n "${ALT_MODNAME}" 2>/dev/null)"; then + if [[ -n "${RESOLVED_PATH}" && "${RESOLVED_PATH}" != "(builtin)" ]]; then + CANDIDATE_PATHS+=("${RESOLVED_PATH}") + fi +fi + +declare -A SEEN=() +REMOVED=0 +SKIPPED=0 + +for MOD_PATH in "${CANDIDATE_PATHS[@]}"; do + [[ -n "${MOD_PATH}" ]] || continue + [[ -f "${MOD_PATH}" ]] || continue + + if [[ -n "${SEEN[${MOD_PATH}]:-}" ]]; then + continue + fi + SEEN["${MOD_PATH}"]=1 + + MOD_VER="$(modinfo -F version "${MOD_PATH}" 2>/dev/null || true)" + + if [[ "${REMOVE_ANY_VERSION}" -eq 1 || "${MOD_VER}" == "${TARGET_VERSION}" ]]; then + rm -f "${MOD_PATH}" + echo "[+] Removed ${MOD_PATH} (version: ${MOD_VER:-unknown})" + ((REMOVED+=1)) + else + echo "[=] Keeping ${MOD_PATH} (version: ${MOD_VER:-unknown})" + ((SKIPPED+=1)) + fi +done + +if [[ "${REMOVED}" -gt 0 ]]; then + echo "[*] Running depmod..." + depmod -a +else + echo "[=] No module files removed." +fi + +if [[ "${RELOAD_STOCK}" -eq 1 ]]; then + echo "[*] Loading stock ${STOCK_MODNAME}..." + if modprobe "${STOCK_MODNAME}" 2>/dev/null; then + echo "[+] Loaded ${STOCK_MODNAME}" + else + echo "[!] Could not load ${STOCK_MODNAME}. You can load it manually later." + fi +fi + +echo "[+] Done. removed=${REMOVED} skipped=${SKIPPED}" diff --git a/Clients/config/cronClients.sh b/Clients/config/cronClients.sh index d5a273c..fe47998 100755 --- a/Clients/config/cronClients.sh +++ b/Clients/config/cronClients.sh @@ -225,6 +225,7 @@ while : do #Infine traffic WEP dhclien-wifichallenge $WLAN_CLIENT_WEP -v + timeout -k 1 60s ping $IP_WEP.1 -s 1000 -f & timeout -k 1 60s fping -l -p 1000 -b 1000 -q "$IP_WEP.1" done & diff --git a/Clients/config/oweClient/owe.conf.tmp b/Clients/config/oweClient/owe.conf.tmp index ac0f4b7..395c665 100644 --- a/Clients/config/oweClient/owe.conf.tmp +++ b/Clients/config/oweClient/owe.conf.tmp @@ -1,12 +1,6 @@ network={ ssid="$ESSID_OWE" key_mgmt=OWE - proto=RSN - pairwise=CCMP - group=CCMP ieee80211w=2 - - # Proactive roaming - # simple::: - bgscan="simple:5:-200:10" + scan_ssid=1 } diff --git a/docker-compose-local.yml b/docker-compose-local.yml index 5ce19c1..e0c1647 100644 --- a/docker-compose-local.yml +++ b/docker-compose-local.yml @@ -7,7 +7,8 @@ services: network: host restart: on-failure # Automatically restart on failure container_name: WiFiChallengeLab-APs - #env_file: ./APs/.env + env_file: + - ./wlan_config volumes: - ./certs:/root/certs/:ro - ./certs:/root/mgt/certs/:ro @@ -37,7 +38,8 @@ services: network: host restart: on-failure # Automatically restart on failure container_name: WiFiChallengeLab-Clients - #env_file: ./Clients/.env + env_file: + - ./wlan_config volumes: - ./certs:/root/certs/:ro - /lib/modules:/lib/modules @@ -67,7 +69,7 @@ services: restart: on-failure # Automatically restart on failure env_file: - ./nzyme/.env - - ./APs/config/wlan_config + - ./wlan_config #env_file: .env container_name: WiFiChallengeLab-nzyme security_opt: diff --git a/docker-compose-minimal.yml b/docker-compose-minimal.yml index 6e862c7..e654820 100644 --- a/docker-compose-minimal.yml +++ b/docker-compose-minimal.yml @@ -3,7 +3,8 @@ services: image: r4ulcl/wifichallengelab-aps:latest restart: on-failure # Automatically restart on failure container_name: WiFiChallengeLab-APs - #env_file: ./APs/.env + env_file: + - ./wlan_config volumes: - ./certs:/root/certs/:ro - ./certs:/root/mgt/certs/:ro @@ -29,7 +30,8 @@ services: image: r4ulcl/wifichallengelab-clients:latest restart: on-failure # Automatically restart on failure container_name: WiFiChallengeLab-Clients - #env_file: ./Clients/.env + env_file: + - ./wlan_config volumes: - ./certs:/root/certs/:ro - /lib/modules:/lib/modules diff --git a/docker-compose.yml b/docker-compose.yml index dc47be0..2034bdd 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,8 @@ services: image: r4ulcl/wifichallengelab-aps:latest restart: on-failure # Automatically restart on failure container_name: WiFiChallengeLab-APs - #env_file: ./APs/.env + env_file: + - ./wlan_config volumes: - ./certs:/root/certs/:ro - ./certs:/root/mgt/certs/:ro @@ -29,7 +30,8 @@ services: image: r4ulcl/wifichallengelab-clients:latest restart: on-failure # Automatically restart on failure container_name: WiFiChallengeLab-Clients - #env_file: ./Clients/.env + env_file: + - ./wlan_config volumes: - ./certs:/root/certs/:ro - /lib/modules:/lib/modules @@ -55,7 +57,7 @@ services: restart: on-failure # Automatically restart on failure env_file: - ./nzyme/.env - - ./APs/config/wlan_config + - ./wlan_config #env_file: .env container_name: WiFiChallengeLab-nzyme security_opt: diff --git a/vagrant/vagrantfile b/vagrant/vagrantfile index 88d08ce..ef27f88 100644 --- a/vagrant/vagrantfile +++ b/vagrant/vagrantfile @@ -13,7 +13,7 @@ Vagrant.configure('2') do |config| hv_vm.vm.hostname = 'WiFiChallengeLab' hv_vm.vm.provider 'hyperv' do |hv| - hv.vmname = 'WiFiChallenge Lab v2.5' + hv.vmname = 'WiFiChallenge Lab v2.4.1' hv.maxmemory = 4096 hv.memory = 4096 hv.cpus = 4 @@ -56,7 +56,7 @@ Vagrant.configure('2') do |config| vb_vm.vm.provider 'virtualbox' do |vb| vb.memory = 4096 vb.cpus = 4 - vb.name = 'WiFiChallenge Lab v2.5' + vb.name = 'WiFiChallenge Lab v2.4.1' vb.customize ['modifyvm', :id, '--graphicscontroller', 'vmsvga'] vb.check_guest_additions = false vb.functional_vboxsf = false @@ -171,7 +171,7 @@ Vagrant.configure('2') do |config| v.clone_directory = 'E:/VMWare' v.force_vmware_license = 'workstation' v.gui = true - v.vmx['displayName'] = 'WiFiChallenge Lab v2.5' + v.vmx['displayName'] = 'WiFiChallenge Lab v2.4.1' v.memory = 4096 v.cpus = 4 # Force sound device present/connected (Windows host) @@ -223,7 +223,7 @@ Vagrant.configure('2') do |config| qemu.audio = 'on' qemu.disk_interface = 'virtio' qemu.network_interface = 'virtio-net' - qemu.name = 'WiFiChallenge Lab v2.5 (QEMU)' + qemu.name = 'WiFiChallenge Lab v2.4.1 (QEMU)' qemu.qemu_dir = 'C:/Program Files/qemu' qemu.uefi = 'C:/Program Files/qemu/share/edk2-x86_64-code.fd' qemu.gui = true