With a deauth-command, the WIFI access point opens! about nuki_hub HOT 21 CLOSED

This is the default behavior of the Wifimanager library, so you can reconfigure in case no connection is necessary. I see your point though, this could be used for an attack. At this time you can't disable the access point, I'll look into adding it as an option.

For now to mitigate it, you should add a username and password so that at least the broker can't be reconfigured.

from nuki_hub.

I found a different solution to this issue: If you've configured credentials to access the NUKI Hub web portal, these credentials are now required to access the Wifimanager configuration portal too. Please test the attached firmware. Configure credentials, and although the wifi configuration portal opens, an attacker can't change anything since he needs a valid user and password.

nuki_hub-8.29-pre-2.zip

from nuki_hub.

Hello,

thanks for the quick feedback.

OK, so far it works. But I can't save MQTT or the Network- configuration with this Firmware. If I do that, I get kicked off the Network and it opens the access point to reconnect.

Thank you for your great work!

from nuki_hub.

Hi. The code for saving configuration hasn't been touched at all compared to the released 8.29 binary, and I have no problem at all saving it. Can you get serial logs to see what's going on? Speed is 115200 baud.

from nuki_hub.

ok, i haven't done that yet, it's a new hobby for me. I'll read up on it and give it a try.

from nuki_hub.

Connect your ESP to your PC, and then use for example HTERM to read serial output of the ESP

from nuki_hub.

Hi, I did it with Arduino IDE. I reflashed the ESP (M5StackATOM LITE) and connected it to my WLAN. Here is the log when configuring the MQTT broker:

`MQTT Broker not configured, aborting connection attempt.
Restarting
ets Jun 8 2016 00:22:57

rst:0xc (SW_CPU_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
configsip: 188777542, SPIWP:0xee
clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00
mode:DIO, clock div:1
load:0x3fff0018,len:4
load:0x3fff001c,len:1044
load:0x40078000,len:8896
load:0x40080400,len:5816
entry 0x400806ac
E (552) esp_core_dump_flash: �� core dump partition found!
E (552) esp_core_dump_flash: No core dump partition found!
NUKI Hub version 8.29-pre-2
IP address empty, falling back to DHCP.
IP configuration: IP address: 0.0.0.0, Subnet: 0.0.0.0, Gateway: 0.0.0.0, DNS: 0.0.0.0
Hardware detect : 0
Network device: Wifi only
MQTT without TLS.
*wm:AutoConnect
*wm:No wifi saved, skipping
*wm:AutoConnect: FAILED
*wm:StartAP with SSID: ESP32_9FDAD4D4
*wm:AP IP address: 192.168.4.1
*wm:Starting Web Portal `

from nuki_hub.

Hi. Sorry for my mistake. I did not flash the new firmware via OTA, but directly. I would not have thought that OTA is possible, but that's how it works.

Thank you very much for your support!

from nuki_hub.

OTA should be possible actually. It works now?

from nuki_hub.

Hi, yes it works. When I send the ESP a Deauth-Command, an input mask is now displayed.

Still, it would be ideal if I could disable the Access Point.

from nuki_hub.

I agree, otherwise the ESP doesn't come back online after a WiFi outage.

from nuki_hub.

ok, I'll look into it. At least for now reconfiguring Wifi is prevented.

from nuki_hub.

Here's a binary to test. You'll find the option under the selection for network hardware. The behavior is slighly different depending on which hardware is configured:

• If "Wifi only" is selected, the Wifi configuration portal is disabled, and the ESP will just reboot until it can eventually connect to Wifi again
• If some LAN hardware is elected, fallback to the Wifi device is disabled, and thus the Wifi config portal will not open. The ESP will reboot until it can connect to LAN again.

To the user, both behaviors should look very similar. Please test, if it works as intended, I'll release a new version.

nuki_hub-8.31-pre-1.zip

from nuki_hub.

Hi, thanks for the quick response! I'll get back to you when I've tested it....

from nuki_hub.

I just had time and tried it out.

Only tested with "Wifi only", I don't have an ESP32 with LAN connection.

The Wifi configuration portal is deactivated, which is OK. But the ESP no longer logs into the WLAN after the attack, even after 5 minutes. After a reboot everything works again.

from nuki_hub.

With reboot you mean you have to power-cycle it.

from nuki_hub.

yes, or with the reset button, it works with both

from nuki_hub.

What software do you use to send the deauth packets?

from nuki_hub.

I've added some code to deinitialize the wifi driver before rebooting, please give it a try.

Also, upon sending the deauth give it some time to reconnect. I didn't try with deauth, but just renamed by AP SSID. After renaming it back to the correct name, it took about 30 seconds to reconnect.

nuki_hub-8.31-pre-2.zip

from nuki_hub.

Great, now it works!

I have now tested it several times. No AP is displayed during the attack and after the attack the ESP is back in the WLAN after 20 seconds at the latest.

Many Thanks

from nuki_hub.

Included in release 8.31, issue resolved :)

from nuki_hub.