R7000, the KRACK WPA-2 vulnerability, and updates to Kong mod

10 posts / 0 new
Last post
E.M.H.
E.M.H.'s picture
R7000, the KRACK WPA-2 vulnerability, and updates to Kong mod

This is in regards to the newest WPA2 vunlerability, "KRACK" (https://www.krackattacks.com/). I've read that base DD-WRT has been patched against the newest vulnerability - http://svn.dd-wrt.com/changeset/33525 - and I'm now wondering what the news is for us users of Kong Mod for our routers. Is there a new build on the horizon for the Netgear R7000s that includes any patches for the vulnerability? 

Thanks.

MyOpenRouter Team
MyOpenRouter Team's picture
Kong is reviewing this as we

Kong is reviewing this as we speak. It has already been patched in DD-WRT in general:

http://svn.dd-wrt.com/ticket/6005#no1

Kong has already posted some updated builds to his site today -- we'll be updating the community with the latest builds once confirmed.

 

E.M.H.
E.M.H.'s picture
Thank you. 

Thank you. 

r6700nOOb
r6700nOOb's picture
Looking for a new build due

Looking for a new build due to KRACK for my R7000 (AC1700)

Running

v3.0-r32170M kongac (06/11/17)

Yesterday I backed up my config, downloaded the stock firmware (completely lost where I stashed all my old files):

R7000-V1.0.9.12_1.2.23.zip

Downloaded Kongs .chk for updating a stock firmware:

dd-wrt.K3_R7000.chk (23851066 bytes)

Have one other file, not sure where I got it from or why:

dd-wrt.K3_R7000_7.zip

It contains the same dd-wrt.K3_R7000.chk file dated *** June 12 2017 *** 23334970 bytes

Any idea where this came from or why I grabbed it (yeah, I forgot)?

Looking forward to updating of the router first, will work on clients (all laptops are Mint Sonya, maybe SOL on the Samsung phones running android 6 from what I read).

TIA!

r6700nOOb
r6700nOOb's picture
BTW, I do see an update to

BTW, I do see an update to Sonya today (have not looked up all the patches but MAYBE the KRACK patch is in there):

wpa (2.4-0ubuntu6.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Multiple issues in WPA protocol
    - debian/patches/2017-1/*.patch: Add patches from Debian stretch
    - CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080,
      CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087,
      CVE-2017-13088
  * SECURITY UPDATE: Denial of service issues
    - debian/patches/2016-1/*.patch: Add patches from Debian stretch
    - CVE-2016-4476
    - CVE-2016-4477
  * This package does _not_ contain the changes from 2.4-0ubuntu6.1 in
    xenial-proposed.

 -- Marc Deslauriers <[email protected]>  Mon, 16 Oct 2017 07:58:48 -0400

tommeke
tommeke's picture
For sure that is our client

For sure that is our client wpa2 patch.

But Reading this  https://papers.mathyvanhoef.com/ccs2017.pdf   and this   https://www.krackattacks.com/  

I understand it could be happening already all the time to someone with
a very bad connection. As it is the protocol itself that allows it to
happen.

“Ha. I wonder what happens if that function is called twice”. At
the time I (correctly) guessed that calling it twice might reset the
nonces associated to the key. And since message 3 can be retransmitted
by the Access Point, in practice it might indeed be called twice.

So,
the acces point should not allow that to happen if a secure connection
has already been established in the past.  Or it should ask for a total
new connection with no retransmit possibility. As that is the root of
the problem. the 2nd zero transmit and the purge of the real key. Our
patch will be something like. Never purge the key if the 4way handshake
has not been completed as it should in 1 flawless ride with no hickups
...

ahessler
ahessler's picture
Since I have the Kong build

Since I have the Kong build as well I was hoping that I might be able to patch this today.  Is it recommended to wait for the Kong patch or would I be able to use the 10-17-2017-r33525 beta netgear-R7000-webflash.bin to update it or just level the router using the factory-to-dd-wrt.chk that has been provided by DD-WRT to patch my R7000?

WACOMalt
WACOMalt's picture
I'm still very much a noob

I'm still very much a noob here. Just wondering if there is an update yet I can flash on my R7000 to patch this in kong mod?

r6700nOOb
r6700nOOb's picture
Any updates? Perhaps use the

Any updates? Perhaps use the TEST builds???

T.H.
T.H.'s picture
Can anyone confirm if the

Can anyone confirm if the November 4th Kong release includes the patch for Krack?  I was not able to find release notes or mention of what is included in the release. (http://www.desipro.de/ddwrt/K3-AC-Arm/)