This is in regards to the newest WPA2 vunlerability, "KRACK" (https://www.krackattacks.com/). I've read that base DD-WRT has been patched against the newest vulnerability - http://svn.dd-wrt.com/changeset/33525 - and I'm now wondering what the news is for us users of Kong Mod for our routers. Is there a new build on the horizon for the Netgear R7000s that includes any patches for the vulnerability?
Thanks.
Kong is reviewing this as we speak. It has already been patched in DD-WRT in general:
http://svn.dd-wrt.com/ticket/6005#no1
Kong has already posted some updated builds to his site today -- we'll be updating the community with the latest builds once confirmed.
Thank you.
Looking for a new build due to KRACK for my R7000 (AC1700)
Running
v3.0-r32170M kongac (06/11/17)
Yesterday I backed up my config, downloaded the stock firmware (completely lost where I stashed all my old files):
R7000-V1.0.9.12_1.2.23.zip
Downloaded Kongs .chk for updating a stock firmware:
dd-wrt.K3_R7000.chk (23851066 bytes)
Have one other file, not sure where I got it from or why:
dd-wrt.K3_R7000_7.zip
It contains the same dd-wrt.K3_R7000.chk file dated *** June 12 2017 *** 23334970 bytes
Any idea where this came from or why I grabbed it (yeah, I forgot)?
Looking forward to updating of the router first, will work on clients (all laptops are Mint Sonya, maybe SOL on the Samsung phones running android 6 from what I read).
TIA!
BTW, I do see an update to Sonya today (have not looked up all the patches but MAYBE the KRACK patch is in there):
wpa (2.4-0ubuntu6.2) xenial-security; urgency=medium
* SECURITY UPDATE: Multiple issues in WPA protocol
- debian/patches/2017-1/*.patch: Add patches from Debian stretch
- CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080,
CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087,
CVE-2017-13088
* SECURITY UPDATE: Denial of service issues
- debian/patches/2016-1/*.patch: Add patches from Debian stretch
- CVE-2016-4476
- CVE-2016-4477
* This package does _not_ contain the changes from 2.4-0ubuntu6.1 in
xenial-proposed.
-- Marc Deslauriers <[email protected]> Mon, 16 Oct 2017 07:58:48 -0400
For sure that is our client wpa2 patch.
But Reading this https://papers.mathyvanhoef.com/ccs2017.pdf and this https://www.krackattacks.com/
I understand it could be happening already all the time to someone with
a very bad connection. As it is the protocol itself that allows it to
happen.
“Ha. I wonder what happens if that function is called twice”. At
the time I (correctly) guessed that calling it twice might reset the
nonces associated to the key. And since message 3 can be retransmitted
by the Access Point, in practice it might indeed be called twice.
So,
the acces point should not allow that to happen if a secure connection
has already been established in the past. Or it should ask for a total
new connection with no retransmit possibility. As that is the root of
the problem. the 2nd zero transmit and the purge of the real key. Our
patch will be something like. Never purge the key if the 4way handshake
has not been completed as it should in 1 flawless ride with no hickups
...
Since I have the Kong build as well I was hoping that I might be able to patch this today. Is it recommended to wait for the Kong patch or would I be able to use the 10-17-2017-r33525 beta netgear-R7000-webflash.bin to update it or just level the router using the factory-to-dd-wrt.chk that has been provided by DD-WRT to patch my R7000?
I'm still very much a noob here. Just wondering if there is an update yet I can flash on my R7000 to patch this in kong mod?
Any updates? Perhaps use the TEST builds???
Can anyone confirm if the November 4th Kong release includes the patch for Krack? I was not able to find release notes or mention of what is included in the release. (http://www.desipro.de/ddwrt/K3-AC-Arm/)