Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Connect Android to WiFi Enterprise network EAP(PEAP)

I have been trying to connect my android device to an enterprise network programatically over the past few days without any success, I have been following multiple examples online, but most of the ones I find are for EAP(TLS) networks and the one where I work is EAP(PEAP), here is the type of network.

802.1x EAP

EAP method: PEAP

Phase 2 Authentication: MSCHAPV2

the authentication always fails and logcat doesn't indicate me where the problem is I just know it fails when the authentication is being performed.

Here is a copy of my current code and the logs from logcat where it fails:

/****************** CODE ******************************/

public class WPAActivity extends LauncherActivity 
{

private static final String TAG = "WPAActivity";

/************* Definitions to find variables ***************************/
private static final String INT_PRIVATE_KEY = "private_key";
private static final String INT_PHASE2 = "phase2";
private static final String INT_PASSWORD = "password";
private static final String INT_IDENTITY = "identity";
private static final String INT_EAP = "eap";
private static final String INT_CLIENT_CERT = "client_cert";
private static final String INT_CA_CERT = "ca_cert";
private static final String INT_ANONYMOUS_IDENTITY = "anonymous_identity";
final String INT_ENTERPRISEFIELD_NAME ="android.net.wifi.WifiConfiguration$EnterpriseField";
/************************************************************************/

/********************************Configuration Strings*********************/
final String ENTERPRISE_EAP = "PEAP";
final String ENTERPRISE_CLIENT_CERT = "";
final String ENTERPRISE_PRIV_KEY = "";
final String ENTERPRISE_PHASE2 = "\"MSCHAPV2\"";
final String ENTERPRISE_ANON_IDENT = "";
final String ENTERPRISE_CA_CERT = "";
final String userName = "\"my Username";
final String passString = "\"my Password\"";

/**************************************************************************/


/** Called when the activity is first created. */
@Override
public void onCreate(Bundle savedInstanceState) 
{


super.onCreate(savedInstanceState);
    setContentView(R.layout.main);

    WifiManager wifi = (WifiManager) getSystemService(Context.WIFI_SERVICE);
    WifiConfiguration wc = new WifiConfiguration();
    wc.SSID = "\"mySSID\"";
    wc.preSharedKey  = "\"my Password\"";
    wc.hiddenSSID = true;
    wc.status = WifiConfiguration.Status.ENABLED;        

    wc.allowedKeyManagement.clear();
    wc.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.IEEE8021X);
    wc.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.WPA_EAP);


    /*Group Ciphers*/
    wc.allowedGroupCiphers.clear();
    wc.allowedPairwiseCiphers.set(WifiConfiguration.PairwiseCipher.CCMP);
    wc.allowedPairwiseCiphers.set(WifiConfiguration.PairwiseCipher.TKIP);

    /*Protocols*/
    wc.allowedProtocols.clear();
    wc.allowedProtocols.set(WifiConfiguration.Protocol.RSN);
    wc.allowedProtocols.set(WifiConfiguration.Protocol.WPA);

    Class[] enterpriseFieldArray  = WifiConfiguration.class.getClasses();
    Class<?> enterpriseFieldClass = null;


    for(Class<?> myClass : enterpriseFieldArray)
    {
        if(myClass.getName().equals(INT_ENTERPRISEFIELD_NAME))
        {
        enterpriseFieldClass = myClass;
        break;
        }
    }
    Log.d(TAG, "class chosen " + enterpriseFieldClass.getName() );


    Field anonymousId = null, caCert = null, clientCert = null, 
        eap = null, identity = null, password = null, 
        phase2 = null, privateKey =  null;

    Field[] fields = WifiConfiguration.class.getFields();


    for (Field tempField : fields) 
    {
        if (tempField.getName().trim().equals(INT_ANONYMOUS_IDENTITY))
        {
        anonymousId = tempField;
        Log.d(TAG, "field " + anonymousId.getName() );
        }
        else if (tempField.getName().trim().equals(INT_CA_CERT))
        {
        caCert = tempField;
        }
        else if (tempField.getName().trim().equals(INT_CA_CERT))
        {
        }
        else if (tempField.getName().trim().equals(INT_CLIENT_CERT))
        {
        clientCert = tempField;
        Log.d(TAG, "field " + clientCert.getName() );
        }    
        else if (tempField.getName().trim().equals(INT_EAP))
        {
        eap = tempField;
        Log.d(TAG, "field " + eap.getName() );
        }
        else if (tempField.getName().trim().equals(INT_IDENTITY))
        {
        identity = tempField;
        Log.d(TAG, "field " + identity.getName() );
        }
        else if (tempField.getName().trim().equals(INT_PASSWORD))
        {
        password = tempField;
        Log.d(TAG, "field " + password.getName() );
        }
        else if (tempField.getName().trim().equals(INT_PHASE2))
        {
        phase2 = tempField;
        Log.d(TAG, "field " + phase2.getName() );

        }
        else if (tempField.getName().trim().equals(INT_PRIVATE_KEY))
        {
        privateKey = tempField;
        }
    }


    Method setValue = null;


    for(Method m: enterpriseFieldClass.getMethods())
    {
        if(m.getName().trim().equals("setValue"))
        {
        Log.d(TAG, "method " + m.getName() );
        setValue = m;
        break;
        }
    }

    try
    {
        // EAP
        setValue.invoke(eap.get(wc), ENTERPRISE_EAP);

        // EAP Phase 2
        setValue.invoke(phase2.get(wc), ENTERPRISE_PHASE2);

        // EAP Anonymous Id
        setValue.invoke(anonymousId.get(wc), ENTERPRISE_ANON_IDENT);

        // EAP CA Certificate
        setValue.invoke(caCert.get(wc), ENTERPRISE_CA_CERT);

        // Private Key
        setValue.invoke(privateKey.get(wc), ENTERPRISE_PRIV_KEY);

        // EAP Identity
        setValue.invoke(identity.get(wc), userName);

        // EAP Password
        setValue.invoke(password.get(wc), passString);

        // EAP Client certificate
        setValue.invoke(clientCert.get(wc), ENTERPRISE_CLIENT_CERT);

    }
    catch (Exception e)
    {

    }

    Log.d("WifiPreference", "2");
    int res = wifi.addNetwork(wc);
    Log.d("WifiPreference", "add Network returned " + res );
    boolean b = wifi.enableNetwork(res, true);        
    Log.d("WifiPreference", "enableNetwork returned " + b );
    }
}

and these are the logs indicating where the connection attempt fails

/************************And here are the logs********************/

02-09 09:23:30.514: I/ActivityManager(2084): Displayed activity com.test.wpa/.WPAActivity: 445 ms (total 445 ms)

02-09 09:23:31.514: I/wpa_supplicant(27633): CTRL-EVENT-SCAN-RESULTS  Ready

02-09 09:23:31.514: I/wpa_supplicant(27633): Trying to associate with 00:1c:0f:82:04:e0 (SSID='*****' freq=2437 MHz)

02-09 09:23:31.514: I/wpa_supplicant(27633): CTRL-EVENT-STATE-CHANGE id=-1 state=3

02-09 09:23:31.649: V/WifiMonitor(2084): Event [Trying to associate with 00:1c:0f:82:04:e0 (SSID='*****' freq=2437 MHz)]

02-09 09:23:31.649: V/WifiMonitor(2084): Event [CTRL-EVENT-STATE-CHANGE id=-1 state=3]

02-09 09:23:31.654: V/WifiStateTracker(2084): Changing supplicant state: SCANNING ==> ASSOCIATING

02-09 09:23:31.654: D/NetworkStateTracker(2084): setDetailed state, old =SCANNING and new state=CONNECTING

02-09 09:23:31.659: D/ConnectivityService(2084): ConnectivityChange for WIFI: CONNECTING/CONNECTING

02-09 09:23:32.621: I/wpa_supplicant(27633): CTRL-EVENT-STATE-CHANGE id=0 state=4

02-09 09:23:32.621: V/WifiMonitor(2084): Event [CTRL-EVENT-STATE-CHANGE id=0 state=4]

02-09 09:23:32.624: I/wpa_supplicant(27633): Associated with 00:1c:0f:82:04:e0

02-09 09:23:32.624: I/wpa_supplicant(27633): CTRL-EVENT-EAP-STARTED EAP authentication started

02-09 09:23:32.629: V/WifiMonitor(2084): Event [Associated with 00:1c:0f:82:04:e0]

**02-09 09:23:32.629: V/WifiMonitor(2084): Event [CTRL-EVENT-EAP-STARTED EAP authentication started]**

02-09 09:23:32.629: V/WifiStateTracker(2084): Changing supplicant state: ASSOCIATING ==> ASSOCIATED

**02-09 09:23:32.629: D/NetworkStateTracker(2084): setDetailed state, old =CONNECTING and new state=CONNECTING**

**02-09 09:23:32.634: I/wpa_supplicant(27633): CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys**

02-09 09:23:32.644: I/wpa_supplicant(27633): CTRL-EVENT-STATE-CHANGE id=0 state=0

**02-09 09:23:32.644: V/WifiMonitor(2084): Event [CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys]**

02-09 09:23:32.644: V/WifiMonitor(2084): Event [CTRL-EVENT-STATE-CHANGE id=0 state=0]

I couldn’t find examples online about EAP (PEAP) authentication programmatically, I have tried changing the WiFi configuration with no success. Any Ideas or helpful sites/examples on how to connect to a Enterprise network EAP (PEAP), or can someone point me in the right direction?

like image 532
Camilo Tejeiro Avatar asked Feb 09 '12 17:02

Camilo Tejeiro


People also ask

How do I connect my Android to PEAP Wi-Fi?

On your Android device, go to Settings, then tap Wireless & networks, then Wi-Fi settings. Tap eduroam. Make sure that for EAP method, PEAP is selected. Tap Phase 2 authentication, and then select MSCHAPV2.

What is EAP method Wi-Fi PEAP?

PEAP (Protected Extensible Authentication Protocol) is a version of EAP, the authentication protocol used in wireless networks and Point-to-Point connections. PEAP is designed to provide more secure authentication for 802.11 WLANs (wireless local area networks) that support 802.1X port access control.

How does PEAP EAP work?

PEAP is similar in design to EAP-TTLS, requiring only a server-side PKI certificate to create a secure TLS tunnel to protect user authentication, and uses server-side public key certificates to authenticate the server. It then creates an encrypted TLS tunnel between the client and the authentication server.


2 Answers

I'm trying to connect company's eap wifi in my programm.

PreCondition:

1.let the IT staff add your device's mac address to network configuration.

2.my network configuration:

EAP method:PEAP

Phase2MethodVerify:NULL

CACertificateVerify:NULL

Identity:""

Password:""

Fisrt,I added some log in setting,in this way i know what happened when i click wifi submit button.

It prints like this:

* ID: -1 SSID: "SSID" PROVIDER-NAME: null BSSID: null FQDN: null PRIO: 0 HIDDEN: false
 NetworkSelectionStatus NETWORK_SELECTION_ENABLED
 hasEverConnected: false
 KeyMgmt: WPA_EAP IEEE8021X Protocols:
 AuthAlgorithms:
 PairwiseCiphers:
 GroupCiphers:
 PSK: 
Enterprise config:
password <removed>
ca_path NULL
engine 0
proactive_key_caching 1
client_cert NULL
anonymous_identity NULL
ca_cert NULL
identity "name"
domain_suffix_match NULL
key_id NULL
engine_id NULL
IP config:
IP assignment: DHCP
Proxy settings: NONE
 cuid=-1 luid=-1 lcuid=0 userApproved=USER_UNSPECIFIED noInternetAccessExpected=false isCarrierNetwork=false roamingFailureBlackListTimeMilli: 1000
triggeredLow: 0 triggeredBad: 0 triggeredNotHigh: 0
ticksLow: 0 ticksBad: 0 ticksNotHigh: 0
triggeredJoin: 0

and my config in code is :

            config.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.WPA_EAP);
        config.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.IEEE8021X);

        config.enterpriseConfig.setEapMethod(WifiEnterpriseConfig.Eap.PEAP);
        config.enterpriseConfig.setPhase2Method(WifiEnterpriseConfig.Phase2.NONE);
        config.enterpriseConfig.setCaCertificate(null);
        config.enterpriseConfig.setAnonymousIdentity(null);
        config.enterpriseConfig.setDomainSuffixMatch(null);

        String ssid = "";
        String psw = "";
        config.enterpriseConfig.setIdentity(ssid);
        config.enterpriseConfig.setPassword(psw);

And it print like this:

    * ID: -1 SSID: "SSID" PROVIDER-NAME: null BSSID: null FQDN: null PRIO: 0 HIDDEN: false
 NetworkSelectionStatus NETWORK_SELECTION_ENABLED
 hasEverConnected: false
 KeyMgmt: WPA_EAP IEEE8021X Protocols:
 AuthAlgorithms:
 PairwiseCiphers:
 GroupCiphers:
 PSK: 
Enterprise config:
anonymous_identity NULL
password <removed>
identity "name"
domain_suffix_match NULL
proactive_key_caching 1
IP config:
IP assignment: UNASSIGNED
Proxy settings: UNASSIGNED
 cuid=-1 luid=-1 lcuid=0 userApproved=USER_UNSPECIFIED noInternetAccessExpected=false isCarrierNetwork=false roamingFailureBlackListTimeMilli: 1000
triggeredLow: 0 triggeredBad: 0 triggeredNotHigh: 0
ticksLow: 0 ticksBad: 0 ticksNotHigh: 0
triggeredJoin: 0

Finally,it works~

like image 163
you Avatar answered Oct 25 '22 07:10

you


Finally, I've defeated my CiSCO EAP-FAST corporate wifi network, and all our Android devices are now able to connect to it.

The walk-around I've performed in order to gain access to this kind of networks from an Android device are easiest than you can imagine.

There's a Wifi Config Editor in the Google Play Store you can use to "activate" the secondary CISCO Protocols when you are setting up a EAP wifi connection.

Its name is Wifi Config Advanced Editor.

  • First, you have to setup your wireless network manually as close as you can to your "official" corporate wifi parameters.

  • Save it.

  • Go to the WCE and edit the parameters of the network you have created in the previous step.

  • There are 3 or 4 series of settings you should activate in order to force the Android device to use them as a way to connect (the main site I think you want to visit is Enterprise Configuration, but don't forget to check all the parameters to change them if needed.
    As a suggestion, even if you have a WPA2 EAP-FAST Cipher, try LEAP in your setup. It worked for me as a charm.

  • When you finished to edit the config, go to the main Android wifi controller, and force to connect to this network.

  • Do not Edit the network again with the Android wifi interface.

I have tested it on Samsung Galaxy 1 and 2, Note mobile devices, and on a Lenovo Thinkpad Tablet.

like image 44
Cypawer Avatar answered Oct 25 '22 07:10

Cypawer