Results 1 to 19 of 19
Like Tree15Likes
  • 2 Post By dkirker
  • 1 Post By bbito
  • 3 Post By dkirker
  • 2 Post By Herrie
  • 1 Post By briest
  • 1 Post By bbito
  • 1 Post By bbito
  • 4 Post By Herrie
  1.    #1  
    This could be a big killer for those still on webOS devices. Any chance for a security patch for webOS?

    Krack Wi-Fi Hack: Google, Apple and Microsoft Scramble to Fix WPA2 Vulnerability
    Follow me on Twitter
    For the latest webOS news check out pivotCE
  2. #2  
    I'd guess the WiFi code is open or fairly easily replaced - not sure why Palm would create a proprietary one. But who has the skillls, time and motivation?

    imore have a router list - apparently both ends of the connection need to be secured: https://www.imore.com/these-are-rout...a2-wi-fi-flaws

    https://www.krackattacks.com/
    Last edited by Preemptive; 10/17/2017 at 06:21 PM.
  3. #3  
    The WPA2 stuff is the wpa_supplicant application, and I think hostapd is also used for Wifi tethering (I would have to check with this). It might have some Palm custom code in it, but that would have been on opensource.palm.com.

    I imagine, whenever wpa_supplicant is patched (I am not sure if it has been yet? looking in between stuff at work), then the process would be:
    1. Download Palm compatible version of wpa_supplicant
    2. Apply Palm patches
    3. Look to upgrade wpa_supplicant to the patched version

    I believe that there are patches here: https://w1.fi/security/2017-1/

    EDIT:
    So, digging through http://www.openwebosproject.org/opensource/ it doesn't seem like there are separate wpa_supplicant or hostapd packages, so it might either be unpatched, or it is in wireless-tools (which I have not checked yet).
    Last edited by dkirker; 10/17/2017 at 07:55 PM.
    Did you know:

    webOS ran on a Treo 800 during initial development.
    bbito and Preemptive like this.
  4. #4  
    Quote Originally Posted by dkirker View Post
    wpa2_supplicant
    Hey dkirker, Thanks for looking at this - it is way beyond me! I did poke around a little before I saw your post however I did not find any "wpa2_supplicant" only the
    Code:
    /usr/sbin/wpa_supplicant
    binary file (from Pre2 doctor).

    I also found that Matej Zagiba made a POC wrapper for it in 2012 that may or may not be of any use: Advanced Wifi/wrapper - WebOS Internals
    See also: Advanced Wifi - WebOS Internals
    Preemptive likes this.
  5. #5  
    Quote Originally Posted by bbito View Post
    Hey dkirker, Thanks for looking at this - it is way beyond me! I did poke around a little before I saw your post however I did not find any "wpa2_supplicant" only the
    Code:
    /usr/sbin/wpa_supplicant
    binary file (from Pre2 doctor).

    I also found that Matej Zagiba made a POC wrapper for it in 2012 that may or may not be of any use: Advanced Wifi/wrapper - WebOS Internals
    See also: Advanced Wifi - WebOS Internals
    Heh Yeah, the binary/tool is wpa_supplicant. I just updated my post. For some reason I thought it was wpa2_supplicant. So good catch!

    EDIT:
    Yeah, a lot of Linux networking tools have wrappers, and then call other scripts. It gets crazy! Each distro then ends up doing its own thing... Though it is possible with an update that this script may not be needed. I am not super familiar with wpa_supplicant and hostapd, however. The version of wpa_supplicant in webOS appears to be 0.6.10, so it definitely seems that an update is needed. :P
    Did you know:

    webOS ran on a Treo 800 during initial development.
    bbito, Preemptive and Rnp like this.
  6. #6  
    Usually there are no changes made to wpa_supplicant itself from what I've seen in LuneOS and other projects using it. It has been patched upstream in wpa_supplicant. They fix made it into the Yocto project within 24 hours and is already in our latest LuneOS build.

    For it to be backported to webOS it would require someone to patch our version or update our version to the soon to be released 1.7 version. This would require similar engineering as the OpenSSL update. It shouldn't be rocket science though for people with the right knowledge. This is one of the reasons why we try to stay on the bleeding edge with LuneOS. Most CVE's are patched within days in Yocto and reach our builds shortly after.

    -- Sent from my TouchPad using Communities
    HP Veer (daily driver), HP Pre 3, HP Touchpad Proper 4G/LTE (Sierra MC7710), HP Touchpad 32GB WiFi, Palm Pre 2
    bbito and Preemptive like this.
  7. #7  
    Quote Originally Posted by Herrie View Post
    For it to be backported to webOS it would require someone to patch our version or update our version to the soon to be released 1.7 version. This would require similar engineering as the OpenSSL update. It shouldn't be rocket science though for people with the right knowledge.
    So I guess the first thing is to establish whether a drop-in replacement will work (as the easiest solution) or if any rewriting (therefore a patch) is required for webOS.

    The advanced WiFi wrapper mentioned above looks interesting as it claims to increase the functionality of webOS to include enterprise networks. If a patch is needed, throwing in the extra benefits might be done at the same time, though perhaps the wrapper can simply be installed independently of a fix ..?
  8. #8  
    Yeah, the updated wpa_supplicant and the script would be separate and can co-exist. An updated wpa_supplicant would just be a new binary built from the latest code from its maintainers. And yeah, I looked over that script again to refresh my memory. webOS would auto-generate a custom wap_supplicant.conf file and have wpa_supplicant use that, which would mean any manual changes would be lost when the autogenerated script was generate. So that super script just pretends to be wpa_supplicant.
    Did you know:

    webOS ran on a Treo 800 during initial development.
  9. #9  
    I saw this: https://community.plus.net/t5/My-Rou...1484287/page/3 (post 35)

    It seems there maybe an (imperfect) work around by limiting the retransmissions of the key.

    wpa_disable_eapol_key_retries=1

    I doubt this is a user accessible setting on webOS, but perhaps it could be accessed by a simple patch in lieu of a full fix?

    I think the downside is possibly flaky connections.
  10. briest's Avatar
    Posts
    134 Posts
    Global Posts
    135 Global Posts
    #10  
    Quote Originally Posted by Preemptive View Post
    It seems there maybe an (imperfect) work around by limiting the retransmissions of the key.

    wpa_disable_eapol_key_retries=1
    It seems it's hostapd option, so is probably useless to us. Hostapd runs on acces point, not on wifi client (well, never bothered to investigate how FreeTether works... even if FT uses hostapd, it won't protect our devices while in normal mode). I have just turned wifi off, maybe that 50+ GB of cumulated bonus will find its use at once.
    T5, Clié NZ90, Treo 650, Centro, Pre, Pre+, Pre 2, Pre 2, Pre2, Nexus7@LuneOS
    Preemptive likes this.
  11. #11  
    Quote Originally Posted by dkirker View Post
    The version of wpa_supplicant in webOS appears to be 0.6.10
    Seems this may be a case of benign neglect, as the KRACK Attacks website found that "Our attack is especially catastrophic against version 2.4 and above of wpa_supplicant"
    https://www.krackattacks.com/
    -See "Android and Linux" section
    -wpa_supplicant Change Log:
    https://w1.fi/cgit/hostap/plain/wpa_...cant/ChangeLog
  12. #12  
    Quote Originally Posted by dkirker View Post
    So, digging through Welcome to HP webOS open source compliance it doesn't seem like there are separate wpa_supplicant or hostapd packages, so it might either be unpatched, or it is in wireless-tools (which I have not checked yet).
    Hey dkirker, did you ever find anything? I not familiar with building webOS-CE or building anything from source for that matter, but for the life of me I cannot find any package or reference to wpa_supplicant in the openwebosproject.org documentation or downloads. I unpacked wireless-tools as well as CE-build-support and ran searches in NPP for "wpa_s" but got no hits... I got lots of hits for "wpa", but nothing that looked relevant. The only thing I find is the notice in the on-device OSS PDF:
    Wpa_supplicant
    This Device may contain portions of WPA Supplicant open source software package.
    Copyright © 2003-2008, Jouni Malinen <j@w1.fi> and contributors
    All Rights Reserved.
    This program is dual-licensed under both the GPL version 2 and BSD license. Either license may be used at your option.
    -Any luck on your end?
  13. #13  
    Quote Originally Posted by bbito View Post
    I unpacked wireless-tools as well as CE-build-support and ran searches in NPP for "wpa_s" but got no hits... I got lots of hits for "wpa", but nothing that looked relevant. The only thing I find is the notice in the on-device OSS PDF
    I wonder if there is a way to scan for the code itself in the open webOS project if it has been incorporated into something with a different name? Maybe LuneOS uses something entirely different, but perhaps Herrie can point to the location of wpa_supplicant?

    Glancing briefly at the info on the wi.fi linbks, it appears the code is written in C.

    I searched github for wpa_supplicant and sorted by most recent update. Some familiar project names there. Given that it was designed to be cross-platform, it would be great if it was simply a matter of incorporating the recent fixes into the correct places in webOS, but I have no idea of what complexity might be involved here.

    Search . wpa_supplicant . Github
    Last edited by Preemptive; 10/21/2017 at 04:21 PM.
  14. #14  
    Quote Originally Posted by Preemptive View Post
    I wonder if there is a way to scan for the code itself in the open webOS project if it has been incorporated into something with a different name? Maybe LuneOS uses something entirely different, but perhaps Herrie can point to the location of wpa_supplicant?

    Glancing briefly at the info on the wi.fi linbks, it appears the code is written in C.

    I searched github for wpa_supplicant and sorted by most recent update. Some familiar project names there. Given that it was designed to be cross-platform, it would be great if it was simply a matter of incorporating the recent fixes into the correct places in webOS, but I have no idea of what complexity might be involved here.

    Search . wpa_supplicant . Github
    wpa_supplicant can be considered as an add-on to ConnMan. Both are available and used in LuneOS. I'm not sure about ConnMan in legacy, but it's used in Open webOS as well: https://github.com/openwebos/webos-connman-adapter
    HP Veer (daily driver), HP Pre 3, HP Touchpad Proper 4G/LTE (Sierra MC7710), HP Touchpad 32GB WiFi, Palm Pre 2
  15. #15  
    Quote Originally Posted by Preemptive View Post
    I wonder if there is a way to scan for the code itself in the open webOS project
    Yeah, one can search for the string "wpa_supplicant" in github.com/openwebos with: https://github.com/search?l=&q=wpa_s...utf8=%E2%9C%93
    What is confusing me is why it seems that the package does not appear to be pulled into any of the repos, nor do I find a makefile or script that is pulling it from git://w1.fi/hostap.git, Index of /hostap.git or git://w1.fi/srv/git/hostap.git
    I see the little bit of code referencing it, but I don't see how wpa_supplicant gets pulled into openwebOS so that it ends up at /usr/sbin/wpa_supplicant when built...
    Preemptive likes this.
  16. #16  
    Quote Originally Posted by bbito View Post
    I see the little bit of code referencing it, but I don't see how wpa_supplicant gets pulled into openwebOS so that it ends up at /usr/sbin/wpa_supplicant when built...
    Okay ... Finally found it: https://github.com/openwebos/meta-we...nt-2.0.inc#L48
    Code:
    install -m 755 wpa_supplicant/wpa_supplicant ${D}${sbindir}
    So OpenWebOS is pulling from http://hostap.epitest.fi/releases/wpa_supplicant-${PV}.tar.gz
    I wish I could figure out where the variable PV is being set, but from the recipe name I will assume PV=2.0
    So version 2.0 is pulled and patched with at least one patch I've found: https://github.com/openwebos/meta-we...0bb3ea4a49d038
    Perhaps someday I'll figure out how to turn this disparate info into a patched wpa_supplicant for my 2.2.4 FrankenPre2 and 3.0.5 TouchPads...
    Preemptive likes this.
  17. #17  
    Quote Originally Posted by bbito View Post
    Okay ... Finally found it: https://github.com/openwebos/meta-we...nt-2.0.inc#L48
    Code:
    install -m 755 wpa_supplicant/wpa_supplicant ${D}${sbindir}
    So OpenWebOS is pulling from http://hostap.epitest.fi/releases/wpa_supplicant-${PV}.tar.gz
    I wish I could figure out where the variable PV is being set, but from the recipe name I will assume PV=2.0
    So version 2.0 is pulled and patched with at least one patch I've found: https://github.com/openwebos/meta-we...0bb3ea4a49d038
    Perhaps someday I'll figure out how to turn this disparate info into a patched wpa_supplicant for my 2.2.4 FrankenPre2 and 3.0.5 TouchPads...
    I'll try clarify a bit. Yocto uses a number of layers for building a distro like Open webOS. The ones for Open webOS are defined in: https://github.com/openwebos/build-w...slayers.py#L60 Layers can provide various components and they are structured by their group/type of functionality usually. Each component to be build has their own bitbake recipe (.bb file) where all actions and requirements are defined in order to build that particular component. You can extend the functionality of a bitbake recipe with a .bbappend file. This was you can use an upstream recipe for building connman from the Yocto project for example and put your distro specific bits in a .bbappend in your own layer (like meta-webos in this case).

    As you can see it uses the Dylan branch which is quite old really (April 2013). Yocto uses a system with DEPENDS (requirements for building a component), RDEPENDS (runtime dependency for a component), RRECOMMENDS (runtime recommendation for a component) etc in the recipe for each component.

    There are a number of packagegroups (list of components that are required to be build for particular type of image):

    https://github.com/openwebos/meta-we...tended.bb#L102

    As you can see webos-connman-adapter is listed. When we then check the webos-connman-adapter recipe we see it has a runtime dependency on connman. When I look in meta-webos I only see a .bbappend for connman. The .bbappend in this case doesn't help much in this case since it doesn't list requirements, so we need to check another layers for the original connman bitbake recipe. It comes from the openembedded-core layer.. However there it also doesn't list any DEPENDS. However the first line refers to an include file. In case the machine we're building for has wifi it will have wpa-supplicant as requirement. It would then build wpa-supplicant from meta-webos or when it's not available there (in our case), it would take it from an upstream layer such as openembedded-core.

    As you can see this is quite a spiderweb of components. In the bitbake tools there are some easier ways to do all this: https://www.openembedded.org/wiki/Inspect_DEPENDS and https://elinux.org/Bitbake_Cheat_Sheet

    We use a similar build system for LuneOS. With all DEPENDS, RDEPENDS we have between 2000 and 2500 packages that are being built in order to create a working LuneOS image (number varies per target device due to different functionalities that are available)!
    Last edited by Herrie; 10/22/2017 at 01:38 AM.
    HP Veer (daily driver), HP Pre 3, HP Touchpad Proper 4G/LTE (Sierra MC7710), HP Touchpad 32GB WiFi, Palm Pre 2
  18. #18  
    Hey Herrie, thanks for the description! Is there a good "getting started" resource for Yocto/BitBake? This is literally one of the biggest reasons I have failed to be of much use the last few years... :'( I just couldn't really get those figured out (and really didn't have time) without explicit step by step instructions. :/ And then with CMake thrown in....
    Did you know:

    webOS ran on a Treo 800 during initial development.

Similar Threads

  1. Replies: 8
    Last Post: 11/04/2017, 09:58 AM
  2. webOS Doctor for Windsornot?
    By mcbeaven in forum Upcoming & Rumored webOS Devices
    Replies: 6
    Last Post: 10/19/2017, 12:11 AM
  3. [HOW TO] Fix emulator slugishness by upgrading VirtualBox
    By ami mizuno in forum webOS Development
    Replies: 4
    Last Post: 10/03/2017, 05:27 AM

Posting Permissions