Comments (21)
This is the default behavior of the Wifimanager library, so you can reconfigure in case no connection is necessary. I see your point though, this could be used for an attack. At this time you can't disable the access point, I'll look into adding it as an option.
For now to mitigate it, you should add a username and password so that at least the broker can't be reconfigured.
from nuki_hub.
I found a different solution to this issue: If you've configured credentials to access the NUKI Hub web portal, these credentials are now required to access the Wifimanager configuration portal too. Please test the attached firmware. Configure credentials, and although the wifi configuration portal opens, an attacker can't change anything since he needs a valid user and password.
from nuki_hub.
Hello,
thanks for the quick feedback.
OK, so far it works. But I can't save MQTT or the Network- configuration with this Firmware. If I do that, I get kicked off the Network and it opens the access point to reconnect.
Thank you for your great work!
from nuki_hub.
Hi. The code for saving configuration hasn't been touched at all compared to the released 8.29 binary, and I have no problem at all saving it. Can you get serial logs to see what's going on? Speed is 115200 baud.
from nuki_hub.
ok, i haven't done that yet, it's a new hobby for me. I'll read up on it and give it a try.
from nuki_hub.
Connect your ESP to your PC, and then use for example HTERM to read serial output of the ESP
from nuki_hub.
Hi, I did it with Arduino IDE. I reflashed the ESP (M5StackATOM LITE) and connected it to my WLAN. Here is the log when configuring the MQTT broker:
`MQTT Broker not configured, aborting connection attempt.
Restarting
ets Jun 8 2016 00:22:57
rst:0xc (SW_CPU_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
configsip: 188777542, SPIWP:0xee
clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00
mode:DIO, clock div:1
load:0x3fff0018,len:4
load:0x3fff001c,len:1044
load:0x40078000,len:8896
load:0x40080400,len:5816
entry 0x400806ac
E (552) esp_core_dump_flash: �� core dump partition found!
E (552) esp_core_dump_flash: No core dump partition found!
NUKI Hub version 8.29-pre-2
IP address empty, falling back to DHCP.
IP configuration: IP address: 0.0.0.0, Subnet: 0.0.0.0, Gateway: 0.0.0.0, DNS: 0.0.0.0
Hardware detect : 0
Network device: Wifi only
MQTT without TLS.
*wm:AutoConnect
*wm:No wifi saved, skipping
*wm:AutoConnect: FAILED
*wm:StartAP with SSID: ESP32_9FDAD4D4
*wm:AP IP address: 192.168.4.1
*wm:Starting Web Portal `
from nuki_hub.
Hi. Sorry for my mistake. I did not flash the new firmware via OTA, but directly. I would not have thought that OTA is possible, but that's how it works.
Thank you very much for your support!
from nuki_hub.
OTA should be possible actually. It works now?
from nuki_hub.
Hi, yes it works. When I send the ESP a Deauth-Command, an input mask is now displayed.
Still, it would be ideal if I could disable the Access Point.
from nuki_hub.
I agree, otherwise the ESP doesn't come back online after a WiFi outage.
from nuki_hub.
ok, I'll look into it. At least for now reconfiguring Wifi is prevented.
from nuki_hub.
Here's a binary to test. You'll find the option under the selection for network hardware. The behavior is slighly different depending on which hardware is configured:
- If "Wifi only" is selected, the Wifi configuration portal is disabled, and the ESP will just reboot until it can eventually connect to Wifi again
- If some LAN hardware is elected, fallback to the Wifi device is disabled, and thus the Wifi config portal will not open. The ESP will reboot until it can connect to LAN again.
To the user, both behaviors should look very similar. Please test, if it works as intended, I'll release a new version.
from nuki_hub.
Hi, thanks for the quick response! I'll get back to you when I've tested it....
from nuki_hub.
I just had time and tried it out.
Only tested with "Wifi only", I don't have an ESP32 with LAN connection.
The Wifi configuration portal is deactivated, which is OK. But the ESP no longer logs into the WLAN after the attack, even after 5 minutes. After a reboot everything works again.
from nuki_hub.
With reboot you mean you have to power-cycle it.
from nuki_hub.
yes, or with the reset button, it works with both
from nuki_hub.
What software do you use to send the deauth packets?
from nuki_hub.
I've added some code to deinitialize the wifi driver before rebooting, please give it a try.
Also, upon sending the deauth give it some time to reconnect. I didn't try with deauth, but just renamed by AP SSID. After renaming it back to the correct name, it took about 30 seconds to reconnect.
from nuki_hub.
Great, now it works!
I have now tested it several times. No AP is displayed during the attack and after the attack the ESP is back in the WLAN after 20 seconds at the latest.
Many Thanks
from nuki_hub.
Included in release 8.31, issue resolved :)
from nuki_hub.
Related Issues (20)
- Nuki Opener cannot be configured via HA HOT 7
- updating to 8.34 version HOT 3
- Another one with Battery discharge HOT 8
- delay, missing states, button press info HOT 16
- Low performance in answer of Nuki HOT 3
- Latest authorizationName" in log overwrites all "authorizationName" entries in nuki/lock/log HOT 4
- ring detect and ring locked loging permanent HOT 4
- Nuki hub crash by changing setting of Nuki Opener HOT 4
- [Feature Request] Nuki Keypad display authorization code information HOT 2
- [Feature Request] Rolling log for lock/log MQTT topic
- [Feature Request] Keypad entry codes as sensors in HA HOT 1
- [Feature Request] Adding firmware version to Home Assistant HOT 5
- ESP32 S3 does not show up as wifi device after successfully flashing via browser HOT 5
- S3 Mini Flashing Error using Web Flasher HOT 6
- Restart if Bluetooth beacons not received, disabled by default HOT 2
- Locked status not getting updated in home assistant HOT 2
- [Solution Provided] Nuki Lock state undefined since version 8.35 HOT 16
- AuthorizationId doesn't change on rolling auth log HOT 3
- How upgrade? HOT 9
- problem update at 8.35 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nuki_hub.