View Issue Details

IDProjectCategoryView StatusLast Update
0004894Kali LinuxKali Package Bugpublic2018-08-20 15:15
ReporterRoseDeSable Assigned Torhertzog  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionwon't fix 
Product Version2018.2 
Summary0004894: airbase-ng: Android loses the connection to the rogue ap, because the ap doesn't offer the "Block Ack mechanism"
Description

Hello Team,
I run a self-written rogue ap with airbase-ng. It's a bash shell. Some newer devices can' t connect. For testing I work with a Samsung Galaxy Tab A6. It allways gives the message out, that it doesn't receive any ip-address from the ap. The pcap gives me the explanation:

Samsung Tablet Rogue AP

<=== Association Response ====
the physical connection with the ap is now established

==== Action: Add Block Ack Request        ===> 
==== QoS Null Function                    ===> 
==== QoS Null Function                    ===> 
        .... many such packets            ===>

==== Action: Add Block Ack Request ===> 
==== QoS Null Function                     ===> 
==== QoS Null Function                     ===> 
         .... many such packets            ===>

repeating the block with the Action and the QoS several times

==== Deauthentication                      ===>
     reason: no connection to the ap

If the client would correctly work, it would wait of the packet "Add Block Ack Response" from the ap. First after receiving

this packet it might send the waves of Qos packets. But android doesn't it !!!!

Other devices like a Kali client want to have an ip address immediatly after receiving a positive "Association Resonse". In

this cases no problems exist. Allthing works fine.

Theoretically I could change the modulation of my usb wlan stick to a lower level than 11n, because in elder mode no "Add

Block ACK" exists. But iwconfig says me, that this is not allowed for my sticks ...

What's to do ?

Activities

RoseDeSable

RoseDeSable

2018-08-14 07:13

reporter   ~0009443

In this link you find the structure of the "ADDBA Response"

https://www.google.com/url?sa=t&amp;rct=j&amp;q=&amp;esrc=s&amp;source=web&amp;cd=8&amp;cad=rja&amp;uact=8&amp;ved=2ahUKEwjdtYOI_uvcAhXFb1AKHQkgDTwQFjAHegQIAhAC&amp;url=https%3A%2F%2Fmentor.ieee.org%2F802.11%2Fdcn%2F03%2F11-03-0953-02-000e-rectification-block-ack-setup-procedures.doc&amp;usg=AOvVaw0EeZCV48OQ7xZJUU7jbDbO

Table 20.6 – ADDBA Response BA Action frame status field
Status Code Result Code Definition
0 SUCCESS The ADDBA Request has been accepted.
1 REFUSED The Request is refused because the recipient cannot or will not support Block Ack
2-255 Reserved

Because in this packet the ap can refuse the block ack mechanism, I believe, that airbase-ng must only send back the response the refusion. The client seems to interpret the absence of the response as the answer "yes, I support the mechanism".

Best Regards

kimocoder

kimocoder

2018-08-14 18:28

reporter   ~0009444

this should be issued on the aircrack-ng repo at https://github.com/aircrack-ng/aircrack-ng - it would be the correct place to find the answers

Mister_X

Mister_X

2018-08-18 20:05

reporter   ~0009471

As kimocoder said, it should be opened in the aircrack-ng GitHub. Add a PCAP of the exchange and mention Android version used.

It may be implemented but it is unsure as there are other issues with ACK timing preventing the normal use as a soft AP.

RoseDeSable

RoseDeSable

2018-08-20 07:15

reporter   ~0009472

Hello,
I now use the program 'hostapd'. It runs fine. It seems to handle all the functions of a modern wlan ap. I have no problems with my tablet. The performance of the ap is good. The youtube app plays videos from the internet without any outages and this over the way tablet <==> my laptop with hostapd and squid <==> DMZ <==> Internet.

Issue History

Date Modified Username Field Change
2018-08-14 06:42 RoseDeSable New Issue
2018-08-14 06:42 RoseDeSable Issue generated from: 0004893
2018-08-14 07:13 RoseDeSable Note Added: 0009443
2018-08-14 18:28 kimocoder Note Added: 0009444
2018-08-18 19:45 elwood Status new => acknowledged
2018-08-18 20:05 Mister_X Note Added: 0009471
2018-08-18 20:06 elwood Status acknowledged => closed
2018-08-20 07:15 RoseDeSable Status closed => feedback
2018-08-20 07:15 RoseDeSable Resolution open => reopened
2018-08-20 07:15 RoseDeSable Note Added: 0009472
2018-08-20 15:15 rhertzog Assigned To => rhertzog
2018-08-20 15:15 rhertzog Status feedback => closed
2018-08-20 15:15 rhertzog Resolution reopened => won't fix