SSL3 unsupported protocol error - from specific client

[mtnsec]

Describe the bug

EDIT - I originally thought this was isolated to the Arduino ESP devices as clients, but I've confirmed the problem with Windows 7, iOS 9 and 10, and Android 6 clients as well. Just adding the edit to the top of the report. I've also replied to this thread as I tested other legacy clients and experienced the same issue.. :(

I'm setting up a test lab, and trying to use Arduino ESP8266WiFi devices as test clients. They successfully connect to an actual EAP-PEAP and/or EAP-TTLS network with RADIUS authentication. In eaphammer I get the exact error from this past (fixed) bug report: #48

However, when we attack these clients specifically on the test network with eaphammer, the clients generate this in eaphammer:

wlan0: STA 98:f4:ab:b3:87:ed IEEE 802.11: associated
wlan0: CTRL-EVENT-EAP-STARTED 98:f4:ab:b3:87:ed
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:protocol version
OpenSSL: openssl_handshake - SSL_connect error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol
wlan0: CTRL-EVENT-EAP-FAILURE 98:f4:ab:b3:87:ed
wlan0: STA 98:f4:ab:b3:87:ed IEEE 802.1X: authentication failed - EAP type: 0 (unknown)
wlan0: STA 98:f4:ab:b3:87:ed IEEE 802.1X: Supplicant used different EAP type: 25 (PEAP)
wlan0: STA 98:f4:ab:b3:87:ed IEEE 802.11: deauthenticated due to local deauth request
wlan0: STA 98:f4:ab:b3:87:ed IEEE 802.11: disassociated

All other client types (phones, laptops, etc.) behave as expected when attacked and we are able to collect hashes and/or GTC downgrade cleartext creds.

To Reproduce
We configured the ESP8266WiFi devices per section 3.14 of the API here: https://www.espressif.com/sites/default/files/documentation/2c-esp8266_non_os_sdk_api_reference_en.pdf

Here is the sketch installed on the ESP8233:

/**
Hints
*/

#include <Arduino.h>
#include <ESP8266WiFi.h>
#include <ESP8266WiFiMulti.h>
#include <ESP8266HTTPClient.h>
#include <WiFiClient.h>
#include <WiFiClientSecureBearSSL.h>
#include "user_interface.h"
#include "wpa2_enterprise.h"

// SSID to connect to
static const char* ssid = "TEST-EAP";
// Username for authentification
static const char* username = "username";
// Password for authentication
static const char* password = "password";

void setup() {

  // put your setup code here, to run once:
  Serial.begin(115200);

  delay(500);

  // WPA2 Connection starts here
  // Setting ESP into STATION mode only (no AP mode or dual mode)
    wifi_set_opmode(STATION_MODE);
    struct station_config wifi_config;
    memset(&wifi_config, 0, sizeof(wifi_config));
    strcpy((char*)wifi_config.ssid, ssid);
    wifi_station_set_config(&wifi_config);
    wifi_station_clear_cert_key();
    wifi_station_clear_enterprise_ca_cert();
    wifi_station_clear_enterprise_identity();
    wifi_station_clear_enterprise_username();
    wifi_station_clear_enterprise_password();
    wifi_station_set_wpa2_enterprise_auth(1);
    wifi_station_set_enterprise_identity((uint8*)username, strlen(username));
    wifi_station_set_enterprise_username((uint8*)username, strlen(username));
    wifi_station_set_enterprise_password((uint8*)password, strlen(password));
    wifi_station_connect();
  // WPA2 Connection ends here

  // Normal Connection starts here
  /*
  WiFi.mode(WIFI_STA);
  Serial.write("\r\nConnect to WLAN");
  WiFi.begin(ssid, password);
  // Normal Connection ends here
  */

  // Wait for connection AND IP address from DHCP
  Serial.println();
  Serial.println("Waiting for connection and IP Address from DHCP");
  while (WiFi.status() != WL_CONNECTED) {
    delay(2000);
    Serial.print(".");
  }
  Serial.println("");
  Serial.println("WiFi connected");
  Serial.println("IP address: ");
  Serial.println(WiFi.localIP());
  IPAddress myAddr = WiFi.localIP();
}

void loop() {

}

Expected behavior

Any other (phone, laptop) client device successfully connects to eaphammer without the ssl error. We can collect hashes and GTC downgraded cleartext credentials from those.

Screenshots

See copy/paste above.

Command string(s) used

./eaphammer -i wlan0 --channel ## --auth wpa-eap --essid TEST-EAP --creds

EAPHammer verbose output (using the --debug flag)

The output is large, see attached:
20200227-2246-TEST-EAP.txt

EAPHammer Version (./eaphammer --version)

                     .__                                         
  ____ _____  ______ |  |__ _____    _____   _____   ___________ 
_/ __ \\__  \ \____ \|  |  \\__  \  /     \ /     \_/ __ \_  __ \
\  ___/ / __ \|  |_> >   Y  \/ __ \|  Y Y  \  Y Y  \  ___/|  | \/
 \___  >____  /   __/|___|  (____  /__|_|  /__|_|  /\___  >__|   
     \/     \/|__|        \/     \/      \/      \/     \/       


                        Rogue AP attacks for operators.

                             Version:  1.12.1
                            Codename:  Power Overwhelming
                              Author:  @s0lst1c3
                             Contact:  [email protected]

OS (the OS from which you are running EAPHammer)

Kali 2020.1 ARM on Raspberry Pi4

Configuration of Target Access Point (if known / applicable)

We have tested two target Access Points, the ESP8266WiFi clients are able connect to both of these without issues. We have tried the APs in EAP-PEAP and EAP-TTLS configurations without client connectivity issues.

Unifi controller with AP-PRO using built in RADIUS and test users.
Raspberry Pi1 with hostapd and local RADIUS

Configuration of Target Client Device (if known / applicable)

See sketch above. We've also experimented with the following without any affect on the problem:

wifi_station_set_enterprise_new_password
wifi_station_set_enterprise_new_user

Additional context

This is for a test lab where hardware for victim laptops and phones are extremely limited. We have a large number of these ESP8266 WiFi devices that would be perfect for this use case so we're trying to find a way to get them working.

[mtnsec]

We've located some very old phones to test. Same issue with Android 6 and IOS 9 clients. :(

Is there an option we're missing to enable the support for older/insecure ssl maybe?

[mtnsec]

Add IOS 10 to the list that generate the SSL error as well.

Am I missing a step in my setup to enable the backwards compatibility with legacy devices?

[mtnsec]

I just got my hands on a Windows 7 box to test. Same SSL error there too.

:(

[mtnsec]

Anyone? Is this user error or something else?

Thanks!

[jeepjungle]

I'm seeing this also. I have a windows 10 target using AnyConnect to control it's wifi. Operating from a kali install.
eaphammer 1.12.1
openssl 1.1.1f

wlan0: STA 20:79:18:ee:5a:cf IEEE 802.11: authenticated
wlan0: STA 20:79:18:ee:5a:cf IEEE 802.11: associated (aid 1)
wlan0: CTRL-EVENT-EAP-STARTED 20:79:18:ee:5a:cf
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=43
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:protocol version
OpenSSL: openssl_handshake - SSL_connect error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol
EAP-FAST: TLS processing failed
wlan0: CTRL-EVENT-EAP-FAILURE 20:79:18:ee:5a:cf
wlan0: STA 20:79:18:ee:5a:cf IEEE 802.1X: authentication failed - EAP type: 0 (unknown)

Maybe this has something to do with openssl and supported TLS versions?

UPDATE: OK, I see eaphammer has it's own openssl (1.1.1a). wondering if we can change up the openssl config?

UPDATE: I built eaphammer with Openssl 1.0.0, same error

[mtnsec]

UPDATE: OK, I see eaphammer has it's own openssl (1.1.1a). wondering if we can change up the openssl config?

I saw that and tried configuring eaphammer to use a couple of older 1.0.1 versions, but didn't see a difference. It was a while ago, but I can see if I took notes on which specific versions I tried.

EDIT: Also thank you for responding! Glad to hear it's not just me. :)

[mtnsec]

Okay so apparently I didn't save my notes when I rebuilt my Pi. :( I know I tried some 1.0.1 versions though but probably only the most recent versions.

If you want to test different openssl versions - the kali-setup script looks at ~/eaphammer/settings/core/eaphammer.ini to set the download URLs for openssl, dictionaries,etc. Just change the versions and links in there and re-run ./kali-setup and it will compile whatever version of openssl that file points to. :)

Edit to add: I just tested 1.0.1k and 1.0.1a and same error in both. I thought I read somewhere that the newest openssl versions don't allow sslv2 or sslv3 anymore so that's why I tried older versions. :)

[mtnsec]

@jeepjungle bummer, it seemed like a good idea! Hopefully @s0lst1c3 will have better suggestions?

[brut34orce]

I'm also experiencing this issue with the latest release (v1.13.0). Seems like a pretty serious issue if it's affecting Windows 7 and 10 clients. Any updates from the eaphammer team?

wlan1: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlan1: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:protocol version
OpenSSL: openssl_handshake - SSL_connect error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol