Lets go straight to the point... WPS is broken.
IMHO the WPS pin thing was trash and was a mistake from the idea to the implementation but the Push Button idea was good and actually better than the current implementation of WiFi Easy Connect where you need QRCode and shit...
So the question is... Does anyone have any advice on how to correctly investigate the problem? From using airmon and wireshark to analyze the pcap...
The present problem is that it does work for the first connect but on subsequent connection mac80211 complain for mismatched key / algo (now i don't remember it clearly)
This is present for both WPA2 and WPA3... And practically make WPS Push Button broken and not working... Hope anyway can help in investigating this or giving me some hint...
Wireshark can listen to the whole exchange but unless you have the DH key, you won’t be able to see what’s going on. I guess look for the whole M1-M7 exchange in wireshark by capturing the exchange with airodump-ng.
Model BT Home Hub 5A
Architecture xRX200 rev 1.2
Target Platform lantiq/xrx200
Firmware Version OpenWrt 23.05.2 r23630-842932a63d / LuCI openwrt-23.05 branch git-23.306.39416-c86c256
Kernel Version 5.15.137
This corresponds with my experience - the first time I connect a device using the WPS button method it works fine, but subsequent attempts by the device to connect will fail. And as you say, this renders WPS effectively useless - unless you think it acceptable to have to go through the procedure repeatedly to print a document or watch the TV! I don't.
Is this problem restricted to certain router hardware types? Or certain client types? I assume Yes is the answer to at least one of these questions, otherwise surely there would be more users talking about the issue! I say this because I made a post about it in the Installing and Using OpenWrt forum category and not a single person responded, and I had to search quite hard to find your post.
The other thing that confuses me is how this faulty behaviour is even possible! I thought that in a successful WPS transaction the actual shared key was passed to the client, which then uses it to establish the first connection, and that subsequent connections proceed as normal using the shared key. But I assume now that this cannot be true and that the first connection is allowed by default, i.e., without using the passed key, simply because the WPS button is being pressed. And so it is only on subsequent connection attempts that it is revealed that the passing of the shared key actually failed! If this is true then I would extend your statement that "the WPS pin thing was trash and was a mistake from the idea to the implementation" to say that the implementation of the Push Button idea was also trash...
None of this is useful for getting the problem fixed, and I'm not a developer so I can't help, so this is just me thinking aloud
Hi Ansuel, I've done some more careful testing. I was wrong in thinking that only the first connection attempt succeeds. In fact all attempts will succeed until the router is rebooted. All subsequent connection attempts will then fail in the manner described above, i.e., the client believes it has the correct credentials and so attempts to connect but the connection fails. I carried out the tests using a Panasonic TV as follows:
boot router
connect TV using WPS
power cycle TV
test connection status, success
reboot router
test connection status, failure
Performing the same sequence but with the initial connection made by manually entering the WPA2 PSK key, instead of using WPS, the connection succeeds every time.
The only other thing notable is that when the connection attempt fails the failure is immediate! There is not the usual delay which one expects for wireless handshakes, it seems that the router decides very early on that it is not going to play ball with this client...
thanks for confirming that. That match with what I repro in my case and I bisected the problem. A fix is proposed but it might take time since a better solution might be needed... I can provide a quick workaround if you need it.
Hi Ansuel, strangely I didn't get notified that you had posted a reply in this thread...
Yes, I'm interested to hear about your workaround.
Thanks
John