[EN TEST] Connexion FreeWifi_Secure Nexus 4

Willo · 27 février 2013

NE PAS SUIVRE NI UTILISER CE QUI SUIS, SI VOUS N'AVEZ PAS UN MINIMUM DE CONNAISSANCES SUR L'UTILISATION D'ANDROID, DU FLASH ET DE LA RESTAURATION D'UN SYSTEM ANDROID A SON ÉTAT INITIAL.

Il est conseillé d'attendre que des personnes expérimentées sur le bon fonctionnement de la procédure qui suit fassent des retours.

IMPORTANT:

Ni moi, ni le Forum ou membre de se forum, ne pourra être tenu pour responsable en cas de crash, voir de brick de votre mobile.

Personne ne vous force à flasher le fichier.

Comme on le rappel souvent le risque zéro n'existe pas. Ça peut fonctionner pour certains et ne pas passer pour d'autres.

En conclusion, en utilisant ce fichier, Vous serez donc l'unique responsable en cas de problème avec votre téléphone.

Comme je l'ai dit dans un autre sujet, je n'ai malheureusement pas de Nexus 4, je n'ai donc pas pu tester les fichiers zip moi-même.

La méthode que j'utilise pour me connecter au freeWifi_Secure sans perdre les paramètres de connexion Wifi après redémarrage de mon SGS-GTI900 est celle employé par FreeMobile sur le SGSII et le galaxy ace s5830.

Quand mon SGS bascule sur FreeWifi_Secure je n'ai rien à entrer (ni identifiant, ni password) la connexion et automatique. C'est donc bien ma Sim qui est prise en compte lors de la connexion.

Précaution:

Avant utilisation, Il est vivement conseillé de faire une sauvegarde NANDROID avant de Flasher l'archive.

Le fichier qui va être ajouté dans le fimware va remettre les paramètres wifi à zéro.

Quand vous aurez rebooté le mobile, vous serez donc obligé de reconfigurer toutes vos connexions Wifi personnelles (maison, travail, amies etc...).

Ne surtout pas restaurer votre ancienne configuration wifi en passant par titanium ou autre logiciel de sauvegarde, sinon ça ne sert à rien de flasher le zip

J'ai fait 2 archives qui se trouvent dans NexusIV_FreeWifi.zip flashable uniquement par le recovery, une pour injecter le fichier et une autre qui servira pour le supprimer si ça ne fonctionne pas.

NexusIV_FreeWifi.zip ici

CRC32: F66A6303

MD5 : DFC43912AB737D82D4F1BCE26C3830D1

SHA-1 : E145DBA9D03FC82A3687E3EAD209671F01189F2F

MOT DE PASSE DE L'ARCHIVE: GoogleNexus4_FreeWifi

----- contenu de NexusIV_FreeWifi.zip -----

2 archives séparées.

ARCHIVE 1: pour injecter

NexusIV_FreeWifi_SecureConfig.zip

CRC32: 8233BBEE

MD5 : E8E810C73F815AA35101081D3F45B551

SHA-1 : 819B8AB8E859FC72BDA3A959A2F1EE651FD59A34

ARCHIVE 2: pour supprimer

NexusIV_FreeWifi_SecureRemove.zip

CRC32: 318C8557

MD5 : 33985575E7A67C41C80C71C9F599C559

SHA-1 : 4DA8DB59389B2632D8031C81AFE91F4A277CCBCD

Bonus: Sonnerie Free Mobile

freerevolution.mp3

CRC32: 49146559

MD5 : C49003284E38C77EF21D68C3E4CC9C4B

SHA-1 : FE4B87E6561C4BC13E41A9DD2DA4F86C7125598C

Tuto By WillSGS_NEODroid

Modifié 1 mars 2013 par WillSGS

DoRiTo · 27 février 2013

Merci pour ce tuto, je teste ça ce soir dès que j'aurais un réseau freewifi_secure. :D

Willo · 27 février 2013

Merci pour ce tuto, je teste ça ce soir dès que j'aurais un réseau freewifi_secure. :D

De rien en espèrent que la méthode que j'utilise fonction pour le N4.

Sur mon screen on voit que autoriser connexion de donné est décocher. Il n'y a pas besoin de décocher.

Moi je l'ai décocher volontairement pour faire mon test et être sur que c’était bien le wifi qui était pris en compte et non un bug d’icône 3G-Wifi

Modifié 27 février 2013 par WillSGS

Kuiper · 27 février 2013

Bon, désolé mais apparemment, ça ne fonctionne pas...

Il reste bloqué sur "Connexion..."

desspil · 27 février 2013

Question "con" : C'est un zip qui permet de se connecter à free wifi même quand on est chez un autre opérateur ???

J'en aurais ajouté d'autres Minux....

Modifié 27 février 2013 par desspil

Willo · 27 février 2013

Mince, étrange quand même se truc.

Regarde dans tes paramètre wifi si tes anciennes connexion, celle que tu utilise chez toi sont toujours active, il est possible que le fichier qui est injecté n'est pas réinitialisée le fichier situer dans data/wifi/bmc_conf = sur SGS sur nexus le fichier doit avoir un autre nom.

Il me semble mais je ne suis pas sur que moi la 1ere fois après avoir flasher le zip et après le reboot j'avais du réinitialisé le fichier contenant la configuration des réseau wifi (celui qui contient nos clé wep et id) car pareil, ça resté bloqué sur connexion et ça n’allai pas plus loin.

Envoyé depuis Tapatalk 2

Merci Minux je corrige les fautes se soir, je ne suis actuellement plus sur mon PC :(

Envoyé depuis Tapatalk 2

Modifié 27 février 2013 par WillSGS

Willo · 27 février 2013

@Desspil

Non desolé c'est réservé uniquement à freeMobile.

Envoyé depuis Tapatalk 2

Modifié 27 février 2013 par WillSGS

Kuiper · 27 février 2013

Question "con" : C'est un zip qui permet de se connecter à free wifi même quand on est chez un autre opérateur ???

Le but de l'EAP-SIM est de te connecter sans mot de passe, c'est ta carte sim qui sert de certificat d'authentification. Donc, une carte sim Free est obligatoire.

Par contre en épluchant de wpa-suplicant.conf d'Android 4.2.2, on dirait bien que l'EAP-SIM est en cours d'intégration, mais en "test".

Modifié 27 février 2013 par Kuiper

Willo · 27 février 2013

Le but de l'EAP-SIM est de te connecter sans mot de passe, c'est ta carte sim qui sert de certificat d'authentification. Donc, une carte sim Free est obligatoire.

Par contre en épluchant de wpa-suplicant.conf d'Android 4.2.2, on dirait bien que l'EAP-SIM est en cours d'intégration, mais en "test".

En fait sur Android 2.3.6 ont retrouve aussi des bout de code EAP-SIM dans un fichier binaire wpa-suplicant celui qui se trouve dans /system/bin . visible en l'ouvrant avec un éditeur hexadécimal ou notepad2.

c'est comme ça que je me suis rendu compte que Free sur le Galaxy ace s5830 et le SGSII n'avait qu’injecter le fichier que j'utilise en même temps que leur CSC rien de plus rien de moins.

C'est aussi pour ça qu'il n'ont pas conçu un apk, qu'ils auraient ensuite mis sur le play store a téléchargé. Car se fichier ne peut être ajouté que si le mobile et rooté ou alors injecter par le recovery vu qu'il doit obligatoirement être placé dans la partition system/etc/wifi

Je regarderais un truc se soir car en ouvrant le fimware du N4 hier, j'ai vu qu'il y avait 2 endroit identique avec les même fichier qui sont dans system/etc/wifi/

et une autre fichier ou juste une ligne de code est différente comparé a celui d'un SGSII c'est peut lui qui bloque la connexion mais pas sur faut voir, je ferai une recherche sur le net pour être bien sur de l'utilité de cette ligne.

Modifié 27 février 2013 par WillSGS

Kuiper · 27 février 2013

Pour l'EAP, c'est un peu plus compliqué que ça à intégrer

Mais il y ça de nouveau dans le fichier wpa_suplicant.conf

## EAP-SIM with a GSM SIM or USIM
#network={
# ssid="eap-sim-test"
# key_mgmt=WPA-EAP
# eap=SIM
# pin="1234"
# pcsc=""
#}

Qui vient de faire son apparition.

Modifié 27 février 2013 par Kuiper

Willo · 27 février 2013

j'ai pas lu plus loin, mais "ce qui suit"...

Pour l'EAP, c'est un peu plus compliqué que ça à intégrer

Mais il y ça de nouveau dans le fichier wpa_suplicant.conf
## EAP-SIM with a GSM SIM or USIM
#network={
# ssid="eap-sim-test"
# key_mgmt=WPA-EAP
# eap=SIM
# pin="1234"
# pcsc=""
#}
Qui vient de faire son apparition.

le fichier que tu dit wpa_suplicant.conf c'est celui que tu as dans system/etc/wifi/ ou alors il se trouve dans data/wifi

le fichier que tu dit wpa_suplicant.conf c'est celui que tu as dans system/etc/wifi/ ou alors il se trouve dans data/wifi

c'est bon je voix de quel wpa_suplicant.conf tu veut dire. C'est justement de se fichier que je parlé qui à une ligne de code de redirection non identique a celui du GSII ^_^

En fait tout se que tu vois qui a des # devant sont des ligne non configuré elle servent d'exemple pour la configuration définitive. Dans se même fichier en principe tu doit trouvé des ligne sans # (ligne finale et implanté dans un fichier situer dans /data/wifi et dans /ect/wifi/

Modifié 27 février 2013 par WillSGS

Willo · 27 février 2013

EXEMPLE du wpa_supplicant.conf du NEXUS 4:

##### Example wpa_supplicant configuration file ###############################

#

# This file describes configuration file format and lists all available option.

# Please also take a look at simpler configuration examples in 'examples'

# subdirectory.

#

# Empty lines and lines starting with # are ignored

# NOTE! This file may contain password information and should probably be made

# readable only by root user on multiuser systems.

# Note: All file paths in this configuration file should use full (absolute,

# not relative to working directory) path in order to allow working directory

# to be changed. This can happen if wpa_supplicant is run in the background.

# Whether to allow wpa_supplicant to update (overwrite) configuration

#

# This option can be used to allow wpa_supplicant to overwrite configuration

# file whenever configuration is changed (e.g., new network block is added with

# wpa_cli or wpa_gui, or a password is changed). This is required for

# wpa_cli/wpa_gui to be able to store the configuration changes permanently.

# Please note that overwriting configuration file will remove the comments from

# it.

update_config=1

# global configuration (shared by all network blocks)

#

# Parameters for the control interface. If this is specified, wpa_supplicant

# will open a control interface that is available for external programs to

# manage wpa_supplicant. The meaning of this string depends on which control

# interface mechanism is used. For all cases, the existance of this parameter

# in configuration is used to determine whether the control interface is

# enabled.

#

# For UNIX domain sockets (default on Linux and BSD): This is a directory that

# will be created for UNIX domain sockets for listening to requests from

# external programs (CLI/GUI, etc.) for status information and configuration.

# The socket file will be named based on the interface name, so multiple

# wpa_supplicant processes can be run at the same time if more than one

# interface is used.

# /var/run/wpa_supplicant is the recommended directory for sockets and by

# default, wpa_cli will use it when trying to connect with wpa_supplicant.

#

# Access control for the control interface can be configured by setting the

# directory to allow only members of a group to use sockets. This way, it is

# possible to run wpa_supplicant as root (since it needs to change network

# configuration and open raw sockets) and still allow GUI/CLI components to be

# run as non-root users. However, since the control interface can be used to

# change the network configuration, this access needs to be protected in many

# cases. By default, wpa_supplicant is configured to use gid 0 (root). If you

# want to allow non-root users to use the control interface, add a new group

# and change this value to match with that group. Add users that should have

# control interface access to this group. If this variable is commented out or

# not included in the configuration file, group will not be changed from the

# value it got by default when the directory or socket was created.

#

# When configuring both the directory and group, use following format:

# DIR=/var/run/wpa_supplicant GROUP=wheel

# DIR=/var/run/wpa_supplicant GROUP=0

# (group can be either group name or gid)

#

ctrl_interface=<will be set by wifi.c>

# IEEE 802.1X/EAPOL version

# wpa_supplicant is implemented based on IEEE Std 802.1X-2004 which defines

# EAPOL version 2. However, there are many APs that do not handle the new

# version number correctly (they seem to drop the frames completely). In order

# to make wpa_supplicant interoperate with these APs, the version number is set

# to 1 by default. This configuration value can be used to set it to the new

# version (2).

eapol_version=1

# AP scanning/selection

# By default, wpa_supplicant requests driver to perform AP scanning and then

# uses the scan results to select a suitable AP. Another alternative is to

# allow the driver to take care of AP scanning and selection and use

# wpa_supplicant just to process EAPOL frames based on IEEE 802.11 association

# information from the driver.

# 1: wpa_supplicant initiates scanning and AP selection

# 0: driver takes care of scanning, AP selection, and IEEE 802.11 association

# parameters (e.g., WPA IE generation); this mode can also be used with

# non-WPA drivers when using IEEE 802.1X mode; do not try to associate with

# APs (i.e., external program needs to control association). This mode must

# also be used when using wired Ethernet drivers.

# 2: like 0, but associate with APs using security policy and SSID (but not

# BSSID); this can be used, e.g., with ndiswrapper and NDIS drivers to

# enable operation with hidden SSIDs and optimized roaming; in this mode,

# the network blocks in the configuration file are tried one by one until

# the driver reports successful association; each network block should have

# explicit security policy (i.e., only one option in the lists) for

# key_mgmt, pairwise, group, proto variables

ap_scan=1

# EAP fast re-authentication

# By default, fast re-authentication is enabled for all EAP methods that

# support it. This variable can be used to disable fast re-authentication.

# Normally, there is no need to disable this.

fast_reauth=1

# OpenSSL Engine support

# These options can be used to load OpenSSL engines.

# The two engines that are supported currently are shown below:

# They are both from the opensc project (http://www.opensc.org/)

# By default no engines are loaded.

# make the opensc engine available

#opensc_engine_path=/usr/lib/opensc/engine_opensc.so

# make the pkcs11 engine available

#pkcs11_engine_path=/usr/lib/opensc/engine_pkcs11.so

# configure the path to the pkcs11 module required by the pkcs11 engine

#pkcs11_module_path=/usr/lib/pkcs11/opensc-pkcs11.so

# Dynamic EAP methods

# If EAP methods were built dynamically as shared object files, they need to be

# loaded here before being used in the network blocks. By default, EAP methods

# are included statically in the build, so these lines are not needed

#load_dynamic_eap=/usr/lib/wpa_supplicant/eap_tls.so

#load_dynamic_eap=/usr/lib/wpa_supplicant/eap_md5.so

# Driver interface parameters

# This field can be used to configure arbitrary driver interace parameters. The

# format is specific to the selected driver interface. This field is not used

# in most cases.

#driver_param="field=value"

# Country code

# The ISO/IEC alpha2 country code for the country in which this device is

# currently operating.

#country=US

# Maximum lifetime for PMKSA in seconds; default 43200

#dot11RSNAConfigPMKLifetime=43200

# Threshold for reauthentication (percentage of PMK lifetime); default 70

#dot11RSNAConfigPMKReauthThreshold=70

# Timeout for security association negotiation in seconds; default 60

#dot11RSNAConfigSATimeout=60

# Wi-Fi Protected Setup (WPS) parameters

# Universally Unique IDentifier (UUID; see RFC 4122) of the device

# If not configured, UUID will be generated based on the local MAC address.

#uuid=12345678-9abc-def0-1234-56789abcdef0

# Device Name

# User-friendly description of device; up to 32 octets encoded in UTF-8

#device_name=Wireless Client

# Manufacturer

# The manufacturer of the device (up to 64 ASCII characters)

#manufacturer=Company

# Model Name

# Model of the device (up to 32 ASCII characters)

#model_name=cmodel

# Model Number

# Additional device description (up to 32 ASCII characters)

#model_number=123

# Serial Number

# Serial number of the device (up to 32 characters)

#serial_number=12345

# Primary Device Type

# Used format: <categ>-<OUI>-<subcateg>

# categ = Category as an integer value

# OUI = OUI and type octet as a 4-octet hex-encoded value; 0050F204 for

# default WPS OUI

# subcateg = OUI-specific Sub Category as an integer value

# Examples:

# 1-0050F204-1 (Computer / PC)

# 1-0050F204-2 (Computer / Server)

# 5-0050F204-1 (Storage / NAS)

# 6-0050F204-1 (Network Infrastructure / AP)

#device_type=1-0050F204-1

# OS Version

# 4-octet operating system version number (hex string)

#os_version=01020300

# Credential processing

# 0 = process received credentials internally (default)

# 1 = do not process received credentials; just pass them over ctrl_iface to

# external program(s)

# 2 = process received credentials internally and pass them over ctrl_iface

# to external program(s)

#wps_cred_processing=0

# network block

#

# Each network (usually AP's sharing the same SSID) is configured as a separate

# block in this configuration file. The network blocks are in preference order

# (the first match is used).

#

# network block fields:

#

# disabled:

# 0 = this network can be used (default)

# 1 = this network block is disabled (can be enabled through ctrl_iface,

# e.g., with wpa_cli or wpa_gui)

#

# id_str: Network identifier string for external scripts. This value is passed

# to external action script through wpa_cli as WPA_ID_STR environment

# variable to make it easier to do network specific configuration.

#

# ssid: SSID (mandatory); either as an ASCII string with double quotation or

# as hex string; network name

#

# scan_ssid:

# 0 = do not scan this SSID with specific Probe Request frames (default)

# 1 = scan with SSID-specific Probe Request frames (this can be used to

# find APs that do not accept broadcast SSID or use multiple SSIDs;

# this will add latency to scanning, so enable this only when needed)

#

# bssid: BSSID (optional); if set, this network block is used only when

# associating with the AP using the configured BSSID

#

# priority: priority group (integer)

# By default, all networks will get same priority group (0). If some of the

# networks are more desirable, this field can be used to change the order in

# which wpa_supplicant goes through the networks when selecting a BSS. The

# priority groups will be iterated in decreasing priority (i.e., the larger the

# priority value, the sooner the network is matched against the scan results).

# Within each priority group, networks will be selected based on security

# policy, signal strength, etc.

# Please note that AP scanning with scan_ssid=1 and ap_scan=2 mode are not

# using this priority to select the order for scanning. Instead, they try the

# networks in the order that used in the configuration file.

#

# mode: IEEE 802.11 operation mode

# 0 = infrastructure (Managed) mode, i.e., associate with an AP (default)

# 1 = IBSS (ad-hoc, peer-to-peer)

# Note: IBSS can only be used with key_mgmt NONE (plaintext and static WEP)

# and key_mgmt=WPA-NONE (fixed group key TKIP/CCMP). In addition, ap_scan has

# to be set to 2 for IBSS. WPA-None requires following network block options:

# proto=WPA, key_mgmt=WPA-NONE, pairwise=NONE, group=TKIP (or CCMP, but not

# both), and psk must also be set.

#

# frequency: Channel frequency in megahertz (MHz) for IBSS, e.g.,

# 2412 = IEEE 802.11b/g channel 1. This value is used to configure the initial

# channel for IBSS (adhoc) networks. It is ignored in the infrastructure mode.

# In addition, this value is only used by the station that creates the IBSS. If

# an IBSS network with the configured SSID is already present, the frequency of

# the network will be used instead of this configured value.

#

# proto: list of accepted protocols

# WPA = WPA/IEEE 802.11i/D3.0

# RSN = WPA2/IEEE 802.11i (also WPA2 can be used as an alias for RSN)

# If not set, this defaults to: WPA RSN

#

# key_mgmt: list of accepted authenticated key management protocols

# WPA-PSK = WPA pre-shared key (this requires 'psk' field)

# WPA-EAP = WPA using EAP authentication

# IEEE8021X = IEEE 802.1X using EAP authentication and (optionally) dynamically

# generated WEP keys

# NONE = WPA is not used; plaintext or static WEP could be used

# WPA-PSK-SHA256 = Like WPA-PSK but using stronger SHA256-based algorithms

# WPA-EAP-SHA256 = Like WPA-EAP but using stronger SHA256-based algorithms

# If not set, this defaults to: WPA-PSK WPA-EAP

#

# auth_alg: list of allowed IEEE 802.11 authentication algorithms

# OPEN = Open System authentication (required for WPA/WPA2)

# SHARED = Shared Key authentication (requires static WEP keys)

# LEAP = LEAP/Network EAP (only used with LEAP)

# If not set, automatic selection is used (Open System with LEAP enabled if

# LEAP is allowed as one of the EAP methods).

#

# pairwise: list of accepted pairwise (unicast) ciphers for WPA

# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]

# TKIP = Temporal Key Integrity Protocol [iEEE 802.11i/D7.0]

# NONE = Use only Group Keys (deprecated, should not be included if APs support

# pairwise keys)

# If not set, this defaults to: CCMP TKIP

#

# group: list of accepted group (broadcast/multicast) ciphers for WPA

# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]

# TKIP = Temporal Key Integrity Protocol [iEEE 802.11i/D7.0]

# WEP104 = WEP (Wired Equivalent Privacy) with 104-bit key

# WEP40 = WEP (Wired Equivalent Privacy) with 40-bit key [iEEE 802.11]

# If not set, this defaults to: CCMP TKIP WEP104 WEP40

#

# psk: WPA preshared key; 256-bit pre-shared key

# The key used in WPA-PSK mode can be entered either as 64 hex-digits, i.e.,

# 32 bytes or as an ASCII passphrase (in which case, the real PSK will be

# generated using the passphrase and SSID). ASCII passphrase must be between

# 8 and 63 characters (inclusive).

# This field is not needed, if WPA-EAP is used.

# Note: Separate tool, wpa_passphrase, can be used to generate 256-bit keys

# from ASCII passphrase. This process uses lot of CPU and wpa_supplicant

# startup and reconfiguration time can be optimized by generating the PSK only

# only when the passphrase or SSID has actually changed.

#

# eapol_flags: IEEE 802.1X/EAPOL options (bit field)

# Dynamic WEP key required for non-WPA mode

# bit0 (1): require dynamically generated unicast WEP key

# bit1 (2): require dynamically generated broadcast WEP key

# (3 = require both keys; default)

# Note: When using wired authentication, eapol_flags must be set to 0 for the

# authentication to be completed successfully.

#

# mixed_cell: This option can be used to configure whether so called mixed

# cells, i.e., networks that use both plaintext and encryption in the same

# SSID, are allowed when selecting a BSS form scan results.

# 0 = disabled (default)

# 1 = enabled

#

# proactive_key_caching:

# Enable/disable opportunistic PMKSA caching for WPA2.

# 0 = disabled (default)

# 1 = enabled

#

# wep_key0..3: Static WEP key (ASCII in double quotation, e.g. "abcde" or

# hex without quotation, e.g., 0102030405)

# wep_tx_keyidx: Default WEP key index (TX) (0..3)

#

# peerkey: Whether PeerKey negotiation for direct links (IEEE 802.11e DLS) is

# allowed. This is only used with RSN/WPA2.

# 0 = disabled (default)

# 1 = enabled

#peerkey=1

#

# wpa_ptk_rekey: Maximum lifetime for PTK in seconds. This can be used to

# enforce rekeying of PTK to mitigate some attacks against TKIP deficiencies.

#

# Following fields are only used with internal EAP implementation.

# eap: space-separated list of accepted EAP methods

# MD5 = EAP-MD5 (unsecure and does not generate keying material ->

# cannot be used with WPA; to be used as a Phase 2 method

# with EAP-PEAP or EAP-TTLS)

# MSCHAPV2 = EAP-MSCHAPv2 (cannot be used separately with WPA; to be used

# as a Phase 2 method with EAP-PEAP or EAP-TTLS)

# OTP = EAP-OTP (cannot be used separately with WPA; to be used

# as a Phase 2 method with EAP-PEAP or EAP-TTLS)

# GTC = EAP-GTC (cannot be used separately with WPA; to be used

# as a Phase 2 method with EAP-PEAP or EAP-TTLS)

# TLS = EAP-TLS (client and server certificate)

# PEAP = EAP-PEAP (with tunnelled EAP authentication)

# TTLS = EAP-TTLS (with tunnelled EAP or PAP/CHAP/MSCHAP/MSCHAPV2

# authentication)

# If not set, all compiled in methods are allowed.

#

# identity: Identity string for EAP

# This field is also used to configure user NAI for

# EAP-PSK/PAX/SAKE/GPSK.

# anonymous_identity: Anonymous identity string for EAP (to be used as the

# unencrypted identity with EAP types that support different tunnelled

# identity, e.g., EAP-TTLS)

# password: Password string for EAP. This field can include either the

# plaintext password (using ASCII or hex string) or a NtPasswordHash

# (16-byte MD4 hash of password) in hash:<32 hex digits> format.

# NtPasswordHash can only be used when the password is for MSCHAPv2 or

# MSCHAP (EAP-MSCHAPv2, EAP-TTLS/MSCHAPv2, EAP-TTLS/MSCHAP, LEAP).

# EAP-PSK (128-bit PSK), EAP-PAX (128-bit PSK), and EAP-SAKE (256-bit

# PSK) is also configured using this field. For EAP-GPSK, this is a

# variable length PSK.

# ca_cert: File path to CA certificate file (PEM/DER). This file can have one

# or more trusted CA certificates. If ca_cert and ca_path are not

# included, server certificate will not be verified. This is insecure and

# a trusted CA certificate should always be configured when using

# EAP-TLS/TTLS/PEAP. Full path should be used since working directory may

# change when wpa_supplicant is run in the background.

# On Windows, trusted CA certificates can be loaded from the system

# certificate store by setting this to cert_store://<name>, e.g.,

# ca_cert="cert_store://CA" or ca_cert="cert_store://ROOT".

# Note that when running wpa_supplicant as an application, the user

# certificate store (My user account) is used, whereas computer store

# (Computer account) is used when running wpasvc as a service.

# ca_path: Directory path for CA certificate files (PEM). This path may

# contain multiple CA certificates in OpenSSL format. Common use for this

# is to point to system trusted CA list which is often installed into

# directory like /etc/ssl/certs. If configured, these certificates are

# added to the list of trusted CAs. ca_cert may also be included in that

# case, but it is not required.

# client_cert: File path to client certificate file (PEM/DER)

# Full path should be used since working directory may change when

# wpa_supplicant is run in the background.

# Alternatively, a named configuration blob can be used by setting this

# to blob://<blob name>.

# private_key: File path to client private key file (PEM/DER/PFX)

# When PKCS#12/PFX file (.p12/.pfx) is used, client_cert should be

# commented out. Both the private key and certificate will be read from

# the PKCS#12 file in this case. Full path should be used since working

# directory may change when wpa_supplicant is run in the background.

# Windows certificate store can be used by leaving client_cert out and

# configuring private_key in one of the following formats:

# cert://substring_to_match

# hash://certificate_thumbprint_in_hex

# for example: private_key="hash://63093aa9c47f56ae88334c7b65a4"

# Note that when running wpa_supplicant as an application, the user

# certificate store (My user account) is used, whereas computer store

# (Computer account) is used when running wpasvc as a service.

# Alternatively, a named configuration blob can be used by setting this

# to blob://<blob name>.

# private_key_passwd: Password for private key file (if left out, this will be

# asked through control interface)

# dh_file: File path to DH/DSA parameters file (in PEM format)

# This is an optional configuration file for setting parameters for an

# ephemeral DH key exchange. In most cases, the default RSA

# authentication does not use this configuration. However, it is possible

# setup RSA to use ephemeral DH key exchange. In addition, ciphers with

# DSA keys always use ephemeral DH keys. This can be used to achieve

# forward secrecy. If the file is in DSA parameters format, it will be

# automatically converted into DH params.

# subject_match: Substring to be matched against the subject of the

# authentication server certificate. If this string is set, the server

# sertificate is only accepted if it contains this string in the subject.

# The subject string is in following format:

# /C=US/ST=CA/L=San Francisco/CN=Test AS/emailAddress=as@example.com

# altsubject_match: Semicolon separated string of entries to be matched against

# the alternative subject name of the authentication server certificate.

# If this string is set, the server sertificate is only accepted if it

# contains one of the entries in an alternative subject name extension.

# altSubjectName string is in following format: TYPE:VALUE

# Example: EMAIL:server@example.com

# Example: DNS:server.example.com;DNS:server2.example.com

# Following types are supported: EMAIL, DNS, URI

# phase1: Phase1 (outer authentication, i.e., TLS tunnel) parameters

# (string with field-value pairs, e.g., "peapver=0" or

# "peapver=1 peaplabel=1")

# 'peapver' can be used to force which PEAP version (0 or 1) is used.

# 'peaplabel=1' can be used to force new label, "client PEAP encryption",

# to be used during key derivation when PEAPv1 or newer. Most existing

# PEAPv1 implementation seem to be using the old label, "client EAP

# encryption", and wpa_supplicant is now using that as the default value.

# Some servers, e.g., Radiator, may require peaplabel=1 configuration to

# interoperate with PEAPv1; see eap_testing.txt for more details.

# 'peap_outer_success=0' can be used to terminate PEAP authentication on

# tunneled EAP-Success. This is required with some RADIUS servers that

# implement draft-josefsson-pppext-eap-tls-eap-05.txt (e.g.,

# Lucent NavisRadius v4.4.0 with PEAP in "IETF Draft 5" mode)

# include_tls_length=1 can be used to force wpa_supplicant to include

# TLS Message Length field in all TLS messages even if they are not

# fragmented.

# sim_min_num_chal=3 can be used to configure EAP-SIM to require three

# challenges (by default, it accepts 2 or 3)

# result_ind=1 can be used to enable EAP-SIM and EAP-AKA to use

# protected result indication.

# 'crypto_binding' option can be used to control PEAPv0 cryptobinding

# behavior:

# * 0 = do not use cryptobinding (default)

# * 1 = use cryptobinding if server supports it

# * 2 = require cryptobinding

# EAP-WSC (WPS) uses following options: pin=<Device Password> or

# pbc=1.

# phase2: Phase2 (inner authentication with TLS tunnel) parameters

# (string with field-value pairs, e.g., "auth=MSCHAPV2" for EAP-PEAP or

# "autheap=MSCHAPV2 autheap=MD5" for EAP-TTLS)

# Following certificate/private key fields are used in inner Phase2

# authentication when using EAP-TTLS or EAP-PEAP.

# ca_cert2: File path to CA certificate file. This file can have one or more

# trusted CA certificates. If ca_cert2 and ca_path2 are not included,

# server certificate will not be verified. This is insecure and a trusted

# CA certificate should always be configured.

# ca_path2: Directory path for CA certificate files (PEM)

# client_cert2: File path to client certificate file

# private_key2: File path to client private key file

# private_key2_passwd: Password for private key file

# dh_file2: File path to DH/DSA parameters file (in PEM format)

# subject_match2: Substring to be matched against the subject of the

# authentication server certificate.

# altsubject_match2: Substring to be matched against the alternative subject

# name of the authentication server certificate.

#

# fragment_size: Maximum EAP fragment size in bytes (default 1398).

# This value limits the fragment size for EAP methods that support

# fragmentation (e.g., EAP-TLS and EAP-PEAP). This value should be set

# small enough to make the EAP messages fit in MTU of the network

# interface used for EAPOL. The default value is suitable for most

# cases.

#

# EAP-FAST variables:

# pac_file: File path for the PAC entries. wpa_supplicant will need to be able

# to create this file and write updates to it when PAC is being

# provisioned or refreshed. Full path to the file should be used since

# working directory may change when wpa_supplicant is run in the

# background. Alternatively, a named configuration blob can be used by

# setting this to blob://<blob name>

# phase1: fast_provisioning option can be used to enable in-line provisioning

# of EAP-FAST credentials (PAC):

# 0 = disabled,

# 1 = allow unauthenticated provisioning,

# 2 = allow authenticated provisioning,

# 3 = allow both unauthenticated and authenticated provisioning

# fast_max_pac_list_len=<num> option can be used to set the maximum

# number of PAC entries to store in a PAC list (default: 10)

# fast_pac_format=binary option can be used to select binary format for

# storing PAC entries in order to save some space (the default

# text format uses about 2.5 times the size of minimal binary

# format)

#

# wpa_supplicant supports number of "EAP workarounds" to work around

# interoperability issues with incorrectly behaving authentication servers.

# These are enabled by default because some of the issues are present in large

# number of authentication servers. Strict EAP conformance mode can be

# configured by disabling workarounds with eap_workaround=0.

# Example blocks:

# Simple case: WPA-PSK, PSK as an ASCII passphrase, allow all valid ciphers

#network={

# ssid="simple"

# psk="very secret passphrase"

# priority=5

#}

#

## Same as previous, but request SSID-specific scanning (for APs that reject

## broadcast SSID)

#network={

# ssid="second ssid"

# scan_ssid=1

# psk="very secret passphrase"

# priority=2

#}

#

## Only WPA-PSK is used. Any valid cipher combination is accepted.

#network={

# ssid="example"

# proto=WPA

# key_mgmt=WPA-PSK

# pairwise=CCMP TKIP

# group=CCMP TKIP WEP104 WEP40

# psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb

# priority=2

#}

#

## WPA-Personal(PSK) with TKIP and enforcement for frequent PTK rekeying

#network={

# ssid="example"

# proto=WPA

# key_mgmt=WPA-PSK

# pairwise=TKIP

# group=TKIP

# psk="not so secure passphrase"

# wpa_ptk_rekey=600

#}

#

## Only WPA-EAP is used. Both CCMP and TKIP is accepted. An AP that used WEP104

## or WEP40 as the group cipher will not be accepted.

#network={

# ssid="example"

# proto=RSN

# key_mgmt=WPA-EAP

# pairwise=CCMP TKIP

# group=CCMP TKIP

# eap=TLS

# identity="user@example.com"

# ca_cert="/etc/cert/ca.pem"

# client_cert="/etc/cert/user.pem"

# private_key="/etc/cert/user.prv"

# private_key_passwd="password"

# priority=1

#}

#

## EAP-PEAP/MSCHAPv2 configuration for RADIUS servers that use the new peaplabel

## (e.g., Radiator)

#network={

# ssid="example"

# key_mgmt=WPA-EAP

# eap=PEAP

# identity="user@example.com"

# password="foobar"

# ca_cert="/etc/cert/ca.pem"

# phase1="peaplabel=1"

# phase2="auth=MSCHAPV2"

# priority=10

#}

#

## EAP-TTLS/EAP-MD5-Challenge configuration with anonymous identity for the

## unencrypted use. Real identity is sent only within an encrypted TLS tunnel.

#network={

# ssid="example"

# key_mgmt=WPA-EAP

# eap=TTLS

# identity="user@example.com"

# anonymous_identity="anonymous@example.com"

# password="foobar"

# ca_cert="/etc/cert/ca.pem"

# priority=2

#}

#

## EAP-TTLS/MSCHAPv2 configuration with anonymous identity for the unencrypted

## use. Real identity is sent only within an encrypted TLS tunnel.

#network={

# ssid="example"

# key_mgmt=WPA-EAP

# eap=TTLS

# identity="user@example.com"

# anonymous_identity="anonymous@example.com"

# password="foobar"

# ca_cert="/etc/cert/ca.pem"

# phase2="auth=MSCHAPV2"

#}

#

## WPA-EAP, EAP-TTLS with different CA certificate used for outer and inner

## authentication.

#network={

# ssid="example"

# key_mgmt=WPA-EAP

# eap=TTLS

# # Phase1 / outer authentication

# anonymous_identity="anonymous@example.com"

# ca_cert="/etc/cert/ca.pem"

# # Phase 2 / inner authentication

# phase2="autheap=TLS"

# ca_cert2="/etc/cert/ca2.pem"

# client_cert2="/etc/cer/user.pem"

# private_key2="/etc/cer/user.prv"

# private_key2_passwd="password"

# priority=2

#}

#

## Both WPA-PSK and WPA-EAP is accepted. Only CCMP is accepted as pairwise and

## group cipher.

#network={

# ssid="example"

# bssid=00:11:22:33:44:55

# proto=WPA RSN

# key_mgmt=WPA-PSK WPA-EAP

# pairwise=CCMP

# group=CCMP

# psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb

#}

#

## Special characters in SSID, so use hex string. Default to WPA-PSK, WPA-EAP

## and all valid ciphers.

#network={

# ssid=00010203

# psk=000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f

#}

#

## EAP-SIM with a GSM SIM or USIM

#network={

# ssid="eap-sim-test"

# key_mgmt=WPA-EAP

# eap=SIM

# pin="1234"

# pcsc=""

#}

#

## EAP-PSK

#network={

# ssid="eap-psk-test"

# key_mgmt=WPA-EAP

# eap=PSK

# anonymous_identity="eap_psk_user"

# password=06b4be19da289f475aa46a33cb793029

# identity="eap_psk_user@example.com"

#}

#

## IEEE 802.1X/EAPOL with dynamically generated WEP keys (i.e., no WPA) using

## EAP-TLS for authentication and key generation; require both unicast and

## broadcast WEP keys.

#network={

# ssid="1x-test"

# key_mgmt=IEEE8021X

# eap=TLS

# identity="user@example.com"

# ca_cert="/etc/cert/ca.pem"

# client_cert="/etc/cert/user.pem"

# private_key="/etc/cert/user.prv"

# private_key_passwd="password"

# eapol_flags=3

#}

#

## LEAP with dynamic WEP keys

#network={

# ssid="leap-example"

# key_mgmt=IEEE8021X

# eap=LEAP

# identity="user"

# password="foobar"

#}

#

## EAP-IKEv2 using shared secrets for both server and peer authentication

#network={

# ssid="ikev2-example"

# key_mgmt=WPA-EAP

# eap=IKEV2

# identity="user"

# password="foobar"

#}

#

## EAP-FAST with WPA (WPA or WPA2)

#network={

# ssid="eap-fast-test"

# key_mgmt=WPA-EAP

# eap=FAST

# anonymous_identity="FAST-000102030405"

# identity="username"

# password="password"

# phase1="fast_provisioning=1"

# pac_file="/etc/wpa_supplicant.eap-fast-pac"

#}

#

#network={

# ssid="eap-fast-test"

# key_mgmt=WPA-EAP

# eap=FAST

# anonymous_identity="FAST-000102030405"

# identity="username"

# password="password"

# phase1="fast_provisioning=1"

# pac_file="blob://eap-fast-pac"

#}

#

## Plaintext connection (no WPA, no IEEE 802.1X)

#network={

# ssid="plaintext-test"

# key_mgmt=NONE

#}

#

## Shared WEP key connection (no WPA, no IEEE 802.1X)

#network={

# ssid="static-wep-test"

# key_mgmt=NONE

# wep_key0="abcde"

# wep_key1=0102030405

# wep_key2="1234567890123"

# wep_tx_keyidx=0

# priority=5

#}

#

## Shared WEP key connection (no WPA, no IEEE 802.1X) using Shared Key

## IEEE 802.11 authentication

#network={

# ssid="static-wep-test2"

# key_mgmt=NONE

# wep_key0="abcde"

# wep_key1=0102030405

# wep_key2="1234567890123"

# wep_tx_keyidx=0

# priority=5

# auth_alg=SHARED

#}

#

## IBSS/ad-hoc network with WPA-None/TKIP.

#network={

# ssid="test adhoc"

# mode=1

# frequency=2412

# proto=WPA

# key_mgmt=WPA-NONE

# pairwise=NONE

# group=TKIP

# psk="secret passphrase"

#}

#

## Catch all example that allows more or less all configuration modes

#network={

# ssid="example"

# scan_ssid=1

# key_mgmt=WPA-EAP WPA-PSK IEEE8021X NONE

# pairwise=CCMP TKIP

# group=CCMP TKIP WEP104 WEP40

# psk="very secret passphrase"

# eap=TTLS PEAP TLS

# identity="user@example.com"

# password="foobar"

# ca_cert="/etc/cert/ca.pem"

# client_cert="/etc/cert/user.pem"

# private_key="/etc/cert/user.prv"

# private_key_passwd="password"

# phase1="peaplabel=0"

#}

#

## Example of EAP-TLS with smartcard (openssl engine)

#network={

# ssid="example"

# key_mgmt=WPA-EAP

# eap=TLS

# proto=RSN

# pairwise=CCMP TKIP

# group=CCMP TKIP

# identity="user@example.com"

# ca_cert="/etc/cert/ca.pem"

# client_cert="/etc/cert/user.pem"

#

# engine=1

#

# # The engine configured here must be available. Look at

# # OpenSSL engine support in the global section.

# # The key available through the engine must be the private key

# # matching the client certificate configured above.

#

# # use the opensc engine

# #engine_id="opensc"

# #key_id="45"

#

# # use the pkcs11 engine

# engine_id="pkcs11"

# key_id="id_45"

#

# # Optional PIN configuration; this can be left out and PIN will be

# # asked through the control interface

# pin="1234"

#}

#

## Example configuration showing how to use an inlined blob as a CA certificate

## data instead of using external file

#network={

# ssid="example"

# key_mgmt=WPA-EAP

# eap=TTLS

# identity="user@example.com"

# anonymous_identity="anonymous@example.com"

# password="foobar"

# ca_cert="blob://exampleblob"

# priority=20

#}

#

#blob-base64-exampleblob={

#SGVsbG8gV29ybGQhCg==

#}

# Wildcard match for SSID (plaintext APs only). This example select any

# open AP regardless of its SSID.

#network={

# key_mgmt=NONE

#}

Modifié 27 février 2013 par WillSGS

Willo · 27 février 2013

EXEMPLE de celui du Samsung Galaxy-Ace s5830 que j'ai extrait d'un Fimware FreeMobile: