EAP: Received EAP-Request id=29 method=13 vendor=0 vendorMethod=0EAP: EAP entering state GET_METHODngeth0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13EAP: Status notification: accept proposed method (param=TLS)EAP: Initialize selected EAP method: vendor 0 method 13 (TLS)TLS: using phase1 config optionsTLS: Trusted root certificate(s) loadedOpenSSL: tls_connection_client_cert - SSL_use_certificate_file failed error:0A00018E:SSL routines::ca md too weakTLS: Failed to set TLS connection parametersENGINE: engine deinitEAP-TLS: Failed to initialize SSL.
eapol_version=1ap_scan=0fast_reauth=1openssl_ciphers=DEFAULT@SECLEVEL=0network={ eap=TLS eapol_flags=0 key_mgmt=IEEE8021X phase1="allow_canned_success=1 allow_unsafe_renegotiation=1"}
#!/bin/shenv OPENSSL_CONF=/conf/wpa/openssl.conf /usr/local/sbin/wpa_supplicant -Dwired -i igb0 -B -C /var/run/wpa_supplicant -c /conf/wpa/wpa_supplicant.conf
openssl_conf = openssl_init[openssl_init]ssl_conf = ssl_sect[ssl_sect]system_default = system_default_sect[system_default_sect]Options = UnsafeLegacyRenegotiationMinProtocol = TLSv1CipherString = DEFAULT@SECLEVEL=0
# Generated by 802.1x Credential Extraction Tool# Copyright (c) 2018-2019 devicelocksmith.com# Version: 1.04 windows 386# # Change file names to absolute pathsctrl_interface=DIR=/var/run/wpa_supplicantopenssl_ciphers=DEFAULT@SECLEVEL=0eapol_version=2ap_scan=0fast_reauth=1network={ ca_cert="/conf/wpa/ca.pem" client_cert="/conf/wpa/client.pem" eap=TLS eapol_flags=0 identity="REDACTED" # Internet (ONT) interface MAC address must match this value key_mgmt=IEEE8021X phase1="allow_canned_success=1" private_key="/conf/wpa/private.pem"}
Mine is still not working with the code above. The openatt.sh script seems to work just fine, however, something is not working with wpa_supplicant. I tried manually executing the script in early and it gets to “daemonize” and gives me a permission denied. Any way to further debug it?
I'm back up and running as well. I scrapped everything and went to the 8311 Discord channel for bypassing and got the proper info. Here are the files and contents that I used. Netgraph is no longer used/needed anymore./usr/local/etc/rc.syshook.d/early/04-wpa (make sure to chmod +x this file)Code: [Select]#!/bin/shenv OPENSSL_CONF=/conf/wpa/openssl.conf /usr/local/sbin/wpa_supplicant -Dwired -i igb0 -B -C /var/run/wpa_supplicant -c /conf/wpa/wpa_supplicant.conf/conf/wpa/openssl.confCode: [Select]openssl_conf = openssl_init[openssl_init]ssl_conf = ssl_sect[ssl_sect]system_default = system_default_sect[system_default_sect]Options = UnsafeLegacyRenegotiationMinProtocol = TLSv1CipherString = DEFAULT@SECLEVEL=0/conf/wpa/wpa_supplicant.confCode: [Select]# Generated by 802.1x Credential Extraction Tool# Copyright (c) 2018-2019 devicelocksmith.com# Version: 1.04 windows 386# # Change file names to absolute pathsctrl_interface=DIR=/var/run/wpa_supplicantopenssl_ciphers=DEFAULT@SECLEVEL=0eapol_version=2ap_scan=0fast_reauth=1network={ ca_cert="/conf/wpa/ca.pem" client_cert="/conf/wpa/client.pem" eap=TLS eapol_flags=0 identity="REDACTED" # Internet (ONT) interface MAC address must match this value key_mgmt=IEEE8021X phase1="allow_canned_success=1" private_key="/conf/wpa/private.pem"}
Quote from: effex on August 09, 2024, 11:28:24 pmMine is still not working with the code above. The openatt.sh script seems to work just fine, however, something is not working with wpa_supplicant. I tried manually executing the script in early and it gets to “daemonize” and gives me a permission denied. Any way to further debug it?No need for the openatt.sh script using my method above. Just ensure certs are in the folders specified in the file.
If someone wants this integrated in the GUI I'd appreciate a GitHub ticket more than these discussions after random releases breaking this stuff we never had integrated. Cheers,Franco