Hi, I'm new to this forum and I'm sorry if this isn't the right section to post my question.
I've downloaded the source code of OpenWrt for curiosity of it works. However, I couldn't see where does the password verification happen. What I mean is when someone connects to the wifi, the router (the firmware) will compare the password it has to the one the user entered.
Basically all I want is to see where the wifi password gets read and compared to either allow access to the device or just reject the password given because it doesn't match.
If anyone can point me to the right direction in which file does this all happen. I searched through the files however all i came up with was the router login. (with the username and password).
It is handled by the code in the hostap repository (hostapd / wpa_supplicant), as it is by most Linux-based systems, embedded, Android, laptop/desktop, what have you.
Also note that there is no simple password comparison with WPA. Authentication in WPA requires a three way handshake that involves access point and stations encrypting each others challenges with a known secret (the PSK) to prove their knowledge of the shared secret.
The actual plaintext PSK is never exchanged. You can find the various key derivation and comparison routines in hostapd's source code within the wpa_common.c file.
I was thinking of editing the code in order to be able to see the tried passwords on my router. I see that it isn't impossible to do but it's difficult to do it. Has someone else coded something like that or a modified version that has this version.
I'm sorry but I haven't read in depth about how WPA works so I might have everything wrong. Isn't the PSK stored in the firmware? What I meant is I wanted to edit the firmware in order to be able to see what passwords have been tried on my wifi.
Meaning I wanted to edit the file where the verification happens checking the code above which jow provided I assume I'll get the tried password on the router but it will be hashed not in plain text.
Well, it can be used to create an Evil twin router to grab other passwords but that wasn't my intention. I just was actually doing it for fun but it seems more complicated than I thought.
What everyone is telling you is that the attempted password is never actually sent.
Obviously if it was, it would be very easy to snoop from the air for a third party.
The protocol allows for proving that both parties know the secret without saying the secret itself.
I'm not sure the exact method used in WPA, but the one I am familiar with is diffie hellman.
Look at the paint mixing example in this article and I think you will see how this can be achieved.
A MAC address is a hardware identification number that uniquely identifies each device on a network. The MAC address is manufactured into every network card, such as an Ethernet card or Wi-Fi card, and therefore cannot be changed.