• April 21, 2021, 05:59:13 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Pages: 1 [2]

Author Topic: No WPA2 only?!  (Read 6609 times)

nlost

  • Level 1 Member
  • *
  • Posts: 6
Re: No WPA2 only?!
« Reply #15 on: January 02, 2021, 09:50:40 AM »

Sorry to revive this topic, but with more than 4k views, I think my solution is worth sharing.
The DIR-868L revision B1 and C1 have a dumbed-down interface where it is not possible to select WPA2 with AES only; however, this is only a web UI issue and it can be tricked to select this option anyway.

To proceed, go to Settings > Wireless, and open your browser's console (on Chrome, press F12, press Esc a few times to locate the console at the bottom of the screen).
In the console, if you type:
Code: [Select]
document.getElementById("security_24").valuethen press Enter, it should show you:
Code: [Select]
"WPAORWPA2-PSK"
Now, type:
Code: [Select]
opt = document.createElement('option');
opt.value = 'WPA2-AES';
s=document.getElementById("security_24");
s.appendChild(opt);
s.options.selectedIndex=s.options.length-1;

opt = document.createElement('option');
opt.value = 'WPA2-AES';
s=document.getElementById("security_5");
s.appendChild(opt);
s.options.selectedIndex=s.options.length-1;
then press Enter.

This will "select" WPA2 with AES only for both the 2.4GHz and 5GHz settings.

Toggle and revert any settings to enable the Save button (e.g., add a space to your passphrase and remove it), and click Save.
You will not be able to see the change reflected from the web UI, but if you look at the network requests, you will see that it's effective. One of the requests to /HNAP1/ will return something like:
Code: [Select]
<GetWLanRadioSecurityResponse xmlns="http://purenetworks.com/HNAP1/">
<GetWLanRadioSecurityResult>OK</GetWLanRadioSecurityResult>
<Enabled>true</Enabled>
<Type>WPA2-PSK</Type>
<Encryption>AES</Encryption>

Enjoy!

----
EDIT: You will need to redo this operation each time you want to change the WiFi settings, as the web interface will default back to WPA+WPA2 when you submit new changes.

Note also that the guest network's wireless security is managed separately.
If you do the procedure above you will end up with only the main network using AES only:


To ensure that the guest network is also WPA2-AES only, the procedure is slightly different. On the Guest WiFi settings page, open the browser's console (see above), then paste this code, and press Enter. It will return you "undefined", this is fine.
Code: [Select]
function SetResult_3rd(result_xml)
{
HNAP_WLanRadioSecurity = result_xml;
if (result_xml != null)
{
result_xml.Set("SetWLanRadioSecurity/RadioID", "RADIO_2.4GHz_Guest");
if (document.getElementById("password_24g").value != "")
{
result_xml.Set("SetWLanRadioSecurity/Enabled", "true");
result_xml.Set("SetWLanRadioSecurity/Type", "WPA2-PSK");
result_xml.Set("SetWLanRadioSecurity/Encryption", "AES");
result_xml.Set("SetWLanRadioSecurity/KeyRenewal", "3600");
result_xml.Set("SetWLanRadioSecurity/Key", document.getElementById("password_24g").value);
}
else { result_xml.Set("SetWLanRadioSecurity/Enabled", "false"); }
// Send HNAP to DUT
HNAP.SetXMLAsync("SetWLanRadioSecurity", result_xml, function(xml) { SetResult_4th(xml); });
}
else { if (DebugMode == 1) { alert("[!!SetXML Error!!] Function: SetResult_3rd"); } window.location.reload(); }
}
function SetResult_5th(result_xml)
{
var SetResult_5th = result_xml.Get("SetWLanRadioSettingsResponse/SetWLanRadioSettingsResult");
if (SetResult_5th == "OK")
{
var tmpxml = HNAP_WLanRadioSecurity;
tmpxml.Set("SetWLanRadioSecurity/RadioID", "RADIO_5GHz_Guest");
if (document.getElementById("password_5g").value != "")
{
tmpxml.Set("SetWLanRadioSecurity/Enabled", "true");
tmpxml.Set("SetWLanRadioSecurity/Type", "WPA2-PSK");
tmpxml.Set("SetWLanRadioSecurity/Encryption", "AES");
tmpxml.Set("SetWLanRadioSecurity/KeyRenewal", "3600");
tmpxml.Set("SetWLanRadioSecurity/Key", document.getElementById("password_5g").value);
}
else { tmpxml.Set("SetWLanRadioSecurity/Enabled", "false"); }
// Send HNAP to DUT
HNAP.SetXMLAsync("SetWLanRadioSecurity", tmpxml, function(xml) { SetResult_6th(xml); });
}
if (SetResult_5th == "ERROR") { if (DebugMode == 1) { alert("[!!SetXML Error!!] Function: SetResult_5th"); } window.location.reload(); }
}

This will redefine 2 functions to enforce AES only when you submit the new settings.
Next, similar to the main network's page, toggle and revert any settings to enable the Save button (e.g., add a space to your passphrase and remove it), and click Save. Again, do this every time you change something on the Guest WiFi settings page.
« Last Edit: January 28, 2021, 10:41:12 PM by nlost »
Logged

barts

  • Level 1 Member
  • *
  • Posts: 1
Re: No WPA2 only?!
« Reply #16 on: January 20, 2021, 06:36:27 AM »

Sorry to revive this topic, but with more than 4k views, I think my solution is worth sharing.

I made an account just to say: thank you!
Logged

nlost

  • Level 1 Member
  • *
  • Posts: 6
Re: No WPA2 only?!
« Reply #17 on: January 28, 2021, 10:42:30 PM »

I added instructions for the guest network in the original post.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49602
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: No WPA2 only?!
« Reply #18 on: January 29, 2021, 01:48:01 PM »

So I thought I would try this on different model D-Link router that also has this same WPA Auto problem.
I'm getting ""None"" when I copy and paste in
Code: [Select]
document.getElementById("security_24").value in Chromes console

I can apply the bock of code that you said to input, then I get
Code: [Select]
document.getElementById("security_24").value"WPA2-AES" after the code is sent. However when I change someting in the UI to enable the Save button, select the Save button and have the UI save it, sending document.getElementById("security_24").value results in ""None"" after the router is back to ready.

I am I doing this right or is maybe this other model router not supporting of this modification?

I added instructions for the guest network in the original post.
Logged
Cable: 1Gb/50Mb>NetGear CAX80>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

nlost

  • Level 1 Member
  • *
  • Posts: 6
Re: No WPA2 only?!
« Reply #19 on: February 09, 2021, 09:35:35 AM »

If you don't get anything returned from
Code: [Select]
document.getElementById("security_24").value, then my code won't work. I guess your web interface is slightly different than with the 868L. Can you copy the source of the WiFi settings page? Just strip your info if they are included.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49602
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: No WPA2 only?!
« Reply #20 on: February 10, 2021, 03:42:04 PM »

What do I need to do to capture the source information you need?

If you don't get anything returned from
Code: [Select]
document.getElementById("security_24").value, then my code won't work. I guess your web interface is slightly different than with the 868L. Can you copy the source of the WiFi settings page? Just strip your info if they are included.
Logged
Cable: 1Gb/50Mb>NetGear CAX80>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

nlost

  • Level 1 Member
  • *
  • Posts: 6
Re: No WPA2 only?!
« Reply #21 on: February 18, 2021, 03:52:24 AM »

Right-click on the page > View page source. Or Ctrl-U. Just copy here the HTML source code of the page.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49602
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: No WPA2 only?!
« Reply #22 on: February 18, 2021, 09:01:59 PM »

Ok, so is there a particular section of the HTML code your interested in? I copied the code from the wifi settings page and it's over 2000 Lines.  :o

Right-click on the page > View page source. Or Ctrl-U. Just copy here the HTML source code of the page.
Logged
Cable: 1Gb/50Mb>NetGear CAX80>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

nlost

  • Level 1 Member
  • *
  • Posts: 6
Re: No WPA2 only?!
« Reply #23 on: February 19, 2021, 11:07:33 PM »

I don't know what to look for, but I can guess if the page is somehow similar, maybe you have a Javascript function called "SetWLanSecurity" that might be interesting to look at, can you copy this one? It's probably <100 lines.
On the 868L, this function contains a big case switch that depends on the WiFi security mode, which I try to force to something else.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49602
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: No WPA2 only?!
« Reply #24 on: February 20, 2021, 12:07:52 PM »

I found nothing for "SetWLanSecurity" however I did find "GetWLanSecurity" and "SetWLanRadioSecurity". 172 lines with SetWLanRadioSecurity in them.

For the types I see WEP, WPAORWPA2, SHARED etc. However I see in some lines of code:
Code: [Select]
xml_SetWLanRadioSecurity.Set("SetWLanRadioSecurity/Type", "WPA-PSK"); and
xml_SetWLanRadioSecurity.Set("SetWLanRadioSecurity/Encryption", "AES");

Do I presume these values may need to be used as well?

More investigation, I did the following:
Code: [Select]
document.getElementById("security_smartconnect").value
"WPA/WPA2-Personal"
Since this is Tri band router that uses Smart Connect and it can not be disabled, I presume the values needed for this model router will differ some.

Also I noticed these lines which we may need to check into:
Code: [Select]
security_24.options.add(new Option(security, security));
security_24.options.add(new Option(security, security));
security_smartconnect.options.add(new Option(security, security));
security_smartconnect.options.add(new Option(security, security));
security_5.options.add(new Option(security, security));
security_5.options.add(new Option(security, security));
security_5hi.options.add(new Option(security, security));
security_5hi.options.add(new Option(security, security));

I tried the following:
Code: [Select]
opt = document.createElement('option');
opt.value = 'WPA2-PSK';
s=document.getElementById("security_24");
s.appendChild(opt);
s.options.selectedIndex=s.options.length-1;

opt = document.createElement('option');
opt.value = 'WPA2-PSK';
s=document.getElementById("security_smartconnect");
s.appendChild(opt);
s.options.selectedIndex=s.options.length-1;

opt = document.createElement('option');
opt.value = 'WPA2-PSK';
s=document.getElementById("security_5");
s.appendChild(opt);
s.options.selectedIndex=s.options.length-1;

opt = document.createElement('option');
opt.value = 'WPA2-PSK';
s=document.getElementById("security_5hi");
s.appendChild(opt);
s.options.selectedIndex=s.options.length-1;

Sending:
Code: [Select]
document.getElementById("security_smartconnect").valueReturns:
"WPA2-PSK"

After I select the Save button after the code was sent:
Code: [Select]
document.getElementById("security_smartconnect").valueReturns:
"WPA/WPA2-Personal"

And iPhone still reports "week security".

I presume the above code needs some adjusting.

I don't know what to look for, but I can guess if the page is somehow similar, maybe you have a Javascript function called "SetWLanSecurity" that might be interesting to look at, can you copy this one? It's probably <100 lines.
On the 868L, this function contains a big case switch that depends on the WiFi security mode, which I try to force to something else.
« Last Edit: February 20, 2021, 01:03:52 PM by FurryNutz »
Logged
Cable: 1Gb/50Mb>NetGear CAX80>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

nlost

  • Level 1 Member
  • *
  • Posts: 6
Re: No WPA2 only?!
« Reply #25 on: February 20, 2021, 09:39:55 PM »

It sounds like it's a pretty different code. I guess you can't customize what SmartConnect uses for the WiFi security. Did you try disabling this feature first before running the code?
To get a proper understanding of the code, I would still need to see the whole code. Can you send it to pastebin.com and link it here?

Also, which model is this?
« Last Edit: February 20, 2021, 11:28:22 PM by nlost »
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49602
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: No WPA2 only?!
« Reply #26 on: February 21, 2021, 09:55:12 AM »

Sent you a PM.

I can't disable SC on COVR systems. It D-Link one model that can't disable SC since there a MESH system.

COVR-3902.
Logged
Cable: 1Gb/50Mb>NetGear CAX80>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49602
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: No WPA2 only?!
« Reply #27 on: February 22, 2021, 02:16:59 PM »

Ok, so this works on COVR-3902.
NOTE: This does not work with the 1300 extender unit that comes with the 3902 system at this time.  :(

Using Chrome browser.
Log in to the routers web page.
Go to the wireless settings section on the routers web page.
Press F12 on your keyboard until you see the browser console on the right side of the browser window.
Select the MIMO button to disable it, then re-enable it, the SAVE button should be enabled here. Don't press Save.
Copy and paste the following lines of code into the browser console prompt: From "function" all the way down to the last bracket.
Code: [Select]
function SaveSmartConnectValue(id, band) {
    /* set wlan radio settings */
    var xml_SetWLanRadioSettings = HNAP.GetXML("SetWLanRadioSettings");
    var xml_SetSmartconnectSettings = HNAP.GetXML("SetSmartconnectSettings");
    xml_SetWLanRadioSettings.Set("SetWLanRadioSettings/RadioID", id);
    if (document.getElementById("mimo_enable_ck").checked)
        xml_SetWLanRadioSettings.Set("SetWLanRadioSettings/MuMiMo", "1");
    else
        xml_SetWLanRadioSettings.Set("SetWLanRadioSettings/MuMiMo", "0");
    var enable = document.getElementById("status_" + band + "_ck").checked;
    if (enable == "1") {
        xml_SetWLanRadioSettings.Set("SetWLanRadioSettings/Enabled", "true");
        xml_SetSmartconnectSettings.Set("SetSmartconnectSettings/Enabled", "true");
        xml_SetSmartconnectSettings.Set("SetSmartconnectSettings/GZ_Enabled", "true");
    } else {
        xml_SetWLanRadioSettings.Set("SetWLanRadioSettings/Enabled", "true");
        xml_SetSmartconnectSettings.Set("SetSmartconnectSettings/Enabled", "false");
        xml_SetSmartconnectSettings.Set("SetSmartconnectSettings/GZ_Enabled", "false");
    }
    var xml_SetSmartconnectSettingsResult = HNAP.SetXML("SetSmartconnectSettings", xml_SetSmartconnectSettings);
    var wifi_ssid = document.getElementById("wifiName_" + band).value;
    xml_SetWLanRadioSettings.Set("SetWLanRadioSettings/SSID", wifi_ssid);
    xml_SetWLanRadioSettings.Set("SetWLanRadioSettings/Mode", "802.11bgn");
    xml_SetWLanRadioSettings.Set("SetWLanRadioSettings/Channel", "0");
    var txpower = document.getElementById("transmissionPower_" + band).value;
    xml_SetWLanRadioSettings.Set("SetWLanRadioSettings/TXPower", txpower);
    xml_SetWLanRadioSettings.Set("SetWLanRadioSettings/ChannelWidth", "0");
    xml_SetWLanRadioSettings.Set("SetWLanRadioSettings/SSIDBroadcast", "true");
    var schedule = document.getElementById("schedule_" + band).value;
    schedule = encode_char_text(schedule);
    xml_SetWLanRadioSettings.Set("SetWLanRadioSettings/ScheduleName", schedule);
    if (band == 24) {
        var coeStatus = COMM_ToSTRING(COMM_ToBOOL(document.getElementById("coexistence_" + band + "_ck").checked));
        xml_SetWLanRadioSettings.Set("SetWLanRadioSettings/Coexistence", coeStatus);
    }
    /* set wlan radio security */
    var xml_SetWLanRadioSecurity = HNAP.GetXML("SetWLanRadioSecurity");
    xml_SetWLanRadioSecurity.Set("SetWLanRadioSecurity/RadioID", id);
    var security_mode = document.getElementById("security_" + band).value;
    var password = document.getElementById("password_" + band).value;
    var weptype;
    if (password.length == 5 || password.length == 10)
        weptype = "WEP-64";
    else if (password.length == 13 || password.length == 26)
        weptype = "WEP-128";
    switch (security_mode) {
        case "None":
            xml_SetWLanRadioSecurity.Set("SetWLanRadioSecurity/Enabled", "false");
            break;
        case "WEP":
            xml_SetWLanRadioSecurity.Set("SetWLanRadioSecurity/Enabled", "true");
            xml_SetWLanRadioSecurity.Set("SetWLanRadioSecurity/Type", "WEP-SHARED");
            xml_SetWLanRadioSecurity.Set("SetWLanRadioSecurity/Encryption", weptype);
            xml_SetWLanRadioSecurity.Set("SetWLanRadioSecurity/Key", password);
            xml_SetWLanRadioSecurity.Set("SetWLanRadioSecurity/KeyRenewal", "3600");
            break;
        case "WPA/WPA2-Personal":
            // changes here
            xml_SetWLanRadioSecurity.Set("SetWLanRadioSecurity/Enabled", "true");
            xml_SetWLanRadioSecurity.Set("SetWLanRadioSecurity/Type", "WPA2-PSK");
            xml_SetWLanRadioSecurity.Set("SetWLanRadioSecurity/Encryption", "AES");
            xml_SetWLanRadioSecurity.Set("SetWLanRadioSecurity/Key", password);
            xml_SetWLanRadioSecurity.Set("SetWLanRadioSecurity/KeyRenewal", "3600");
            break;
    }
    if (enable == "1" && isWifiSonEnb == "true") {
        if ((oldSsid != wifi_ssid) || (oldPwd != password)) {
            xml_SetWLanRadioSettings.Set("SetWLanRadioSettings/isChangedSsidPwd", "1");
            xml_SetWLanRadioSecurity.Set("SetWLanRadioSecurity/isChangedSsidPwd", "1");
        } else {
            xml_SetWLanRadioSettings.Set("SetWLanRadioSettings/isChangedSsidPwd", "0");
            xml_SetWLanRadioSecurity.Set("SetWLanRadioSecurity/isChangedSsidPwd", "0");
        }
    }
    var xml_SetWLanRadioSettingsResult = HNAP.SetXML("SetWLanRadioSettings", xml_SetWLanRadioSettings);
    var xml_SetWLanRadioSecurityResult = HNAP.SetXML("SetWLanRadioSecurity", xml_SetWLanRadioSecurity);
}
Including the last bracket.
The browser console will return a "undefined" which is expected.

Go back to the wireless settings page and now select Save. Let the router reboot.

Check your iOS device. Should no longer see the "weak security" message when it's connected to the COVR system. This works on my iPhone 12 Max iOS 14.4

NOTE: This modification will persist thru a reboot or power cycle of the router. However, if you make any changes to the wireless settings page, You'll need to re-apply the block of code again prior to selecting the Save button using the process above.
« Last Edit: February 23, 2021, 10:00:13 AM by FurryNutz »
Logged
Cable: 1Gb/50Mb>NetGear CAX80>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.
Pages: 1 [2]