WPA Keys can cause Router to reset to factory default
Denys Vlasenko
vda.linux at googlemail.com
Mon Mar 2 14:22:30 UTC 2009
On Monday 02 March 2009 12:51:33 pm Chris Rigg-Milner wrote:
> This problem has been annoying me for a couple of years now, so I finally
> got around to doing some investigation after installing an upgrade to my
> Belkin f5d7633uk router which uses Busybox V1.00.
>
> I will admit that I am not 100% sure the problem is down to the busybox
> software but as I cannot get Belkin to do anything about it I am trying this
> so here goes anyway.
This can be helped only if you have a way to log in the router
and modify files on its filesystem(s), including scripts.
> THE PROBLEM:
>
> Some characters cause major problems to the router/router software.
>
> Specifically 2 main issues:
>
> If a " (double quote) appears in the string (valid according to the spec for
> WPA Keys) this causes the key to become useless as the router saves the key
> in the config file as a double quote delimited string.
...
> Some characters that appear in the generated key cause the router to reset
> to what I assume is a factory default setting.
>
> This happens when you make the changes on the admin panel supplied, in my
> case by Belkin.
>
> When you save the changes to the security setting the router reboots, as I
> suppose one would expect. The result of that reboot does not give any
> indication of a problems but you now have a router with NO SECURITY AT ALL.
> The admin password is reset to "" (blank, nothing, nada). The wireless
> security is set to OFF, and in many cases the ISP userid/password is lost
> and the router must be re-configured from scratch.
...
> Now this has happened to me using various WPA keys but this one is the last
> one that caused it to happen, obviously not my current key.
>
> wpakey="c/S/4Sc`oLTM at r_\?rJa$~Lu82Tr!^IA HXPQD9\P2RpJvz(+<:Lzk^2A#x{^c4"
Well duh, with characters like ` this may invoke shell's command substitution,
and this can be very bad. $ and \ are bad also.
> I had already removed any " (double quote) character and added something in
> its place but still, total mayhem on saving it to the router from the admin
> panel security page.
> I hope this is not your problem and if not, please let me know and I will
> have another attempt at getting Belkin to fix the problem.
Basically, what needs to be fixed is that the script which saves the key
in the form of wpakey=... must be fixed.
I suggest discarding any control characters first (with codes less than 32),
maybe also discarding all non-ascii chars (codes >= 127).
Piping the key through tr -cd ' -~' command will do it.
Then store the key with SINGLE quotes. They are more restrictive for shells:
only single quote has special meaning inside. Thus you need to escape only
single quote.
Sed command s/'/'"'"'/g would do it, but we need to massage it so
that shell itself would not be confused by "s and 's:
dq='"'
echo "any 'junk'" | tr -cd ' -~' | sed "s/'/'$dq'$dq'/g"
> This is a great pity as the mix of their hardware and your software make a
> perfectly adequate package apart from this issue.
If you can identify part of the script which does that, and replace it
with something like this:
wpakey=`dq='"'; echo "any 'junk'" | tr -cd ' -~' | sed "s/'/'$dq'$dq'/g"`
echo "wpakey='$wpakey'" >>some_configfile
it should do the trick. In this example, it should end up
writing the string wpakey='any '"'"'junk'"'"''
to some_configfile. Which is correct.
With your example string:
# raw='c/S/4Sc`oLTM at r_\?rJa$~Lu82Tr!^IA HXPQD9\P2RpJvz(+<:Lzk^2A#x{^c4'
# wpakey=`dq='"'; echo "$raw" | tr -cd ' -~' | sed "s/'/'$dq'$dq'/g"`
# echo "wpakey='$wpakey'"
wpakey='c/S/4Sc`oLTM at r_\?rJa$~Lu82Tr!^IA HXPQD9\P2RpJvz(+<:Lzk^2A#x{^c4'
it still seems to work correctly.
--
vda
More information about the busybox
mailing list