Home » Android » Connect Android to WiFi Enterprise network EAP(PEAP)

Connect Android to WiFi Enterprise network EAP(PEAP)

Posted by: admin May 14, 2020 Leave a comment

Questions:

I have been trying to connect my android device to an enterprise network programatically over the past few days without any success, I have been following multiple examples online, but most of the ones I find are for EAP(TLS) networks and the one where I work is EAP(PEAP), here is the type of network.

802.1x EAP

EAP method: PEAP

Phase 2 Authentication: MSCHAPV2

the authentication always fails and logcat doesn’t indicate me where the problem is I just know it fails when the authentication is being performed.

Here is a copy of my current code and the logs from logcat where it fails:

/****************** CODE ******************************/

public class WPAActivity extends LauncherActivity 
{

private static final String TAG = "WPAActivity";

/************* Definitions to find variables ***************************/
private static final String INT_PRIVATE_KEY = "private_key";
private static final String INT_PHASE2 = "phase2";
private static final String INT_PASSWORD = "password";
private static final String INT_IDENTITY = "identity";
private static final String INT_EAP = "eap";
private static final String INT_CLIENT_CERT = "client_cert";
private static final String INT_CA_CERT = "ca_cert";
private static final String INT_ANONYMOUS_IDENTITY = "anonymous_identity";
final String INT_ENTERPRISEFIELD_NAME ="android.net.wifi.WifiConfiguration$EnterpriseField";
/************************************************************************/

/********************************Configuration Strings*********************/
final String ENTERPRISE_EAP = "PEAP";
final String ENTERPRISE_CLIENT_CERT = "";
final String ENTERPRISE_PRIV_KEY = "";
final String ENTERPRISE_PHASE2 = "\"MSCHAPV2\"";
final String ENTERPRISE_ANON_IDENT = "";
final String ENTERPRISE_CA_CERT = "";
final String userName = "\"my Username";
final String passString = "\"my Password\"";

/**************************************************************************/


/** Called when the activity is first created. */
@Override
public void onCreate(Bundle savedInstanceState) 
{


super.onCreate(savedInstanceState);
    setContentView(R.layout.main);

    WifiManager wifi = (WifiManager) getSystemService(Context.WIFI_SERVICE);
    WifiConfiguration wc = new WifiConfiguration();
    wc.SSID = "\"mySSID\"";
    wc.preSharedKey  = "\"my Password\"";
    wc.hiddenSSID = true;
    wc.status = WifiConfiguration.Status.ENABLED;        

    wc.allowedKeyManagement.clear();
    wc.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.IEEE8021X);
    wc.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.WPA_EAP);


    /*Group Ciphers*/
    wc.allowedGroupCiphers.clear();
    wc.allowedPairwiseCiphers.set(WifiConfiguration.PairwiseCipher.CCMP);
    wc.allowedPairwiseCiphers.set(WifiConfiguration.PairwiseCipher.TKIP);

    /*Protocols*/
    wc.allowedProtocols.clear();
    wc.allowedProtocols.set(WifiConfiguration.Protocol.RSN);
    wc.allowedProtocols.set(WifiConfiguration.Protocol.WPA);

    Class[] enterpriseFieldArray  = WifiConfiguration.class.getClasses();
    Class<?> enterpriseFieldClass = null;


    for(Class<?> myClass : enterpriseFieldArray)
    {
        if(myClass.getName().equals(INT_ENTERPRISEFIELD_NAME))
        {
        enterpriseFieldClass = myClass;
        break;
        }
    }
    Log.d(TAG, "class chosen " + enterpriseFieldClass.getName() );


    Field anonymousId = null, caCert = null, clientCert = null, 
        eap = null, identity = null, password = null, 
        phase2 = null, privateKey =  null;

    Field[] fields = WifiConfiguration.class.getFields();


    for (Field tempField : fields) 
    {
        if (tempField.getName().trim().equals(INT_ANONYMOUS_IDENTITY))
        {
        anonymousId = tempField;
        Log.d(TAG, "field " + anonymousId.getName() );
        }
        else if (tempField.getName().trim().equals(INT_CA_CERT))
        {
        caCert = tempField;
        }
        else if (tempField.getName().trim().equals(INT_CA_CERT))
        {
        }
        else if (tempField.getName().trim().equals(INT_CLIENT_CERT))
        {
        clientCert = tempField;
        Log.d(TAG, "field " + clientCert.getName() );
        }    
        else if (tempField.getName().trim().equals(INT_EAP))
        {
        eap = tempField;
        Log.d(TAG, "field " + eap.getName() );
        }
        else if (tempField.getName().trim().equals(INT_IDENTITY))
        {
        identity = tempField;
        Log.d(TAG, "field " + identity.getName() );
        }
        else if (tempField.getName().trim().equals(INT_PASSWORD))
        {
        password = tempField;
        Log.d(TAG, "field " + password.getName() );
        }
        else if (tempField.getName().trim().equals(INT_PHASE2))
        {
        phase2 = tempField;
        Log.d(TAG, "field " + phase2.getName() );

        }
        else if (tempField.getName().trim().equals(INT_PRIVATE_KEY))
        {
        privateKey = tempField;
        }
    }


    Method setValue = null;


    for(Method m: enterpriseFieldClass.getMethods())
    {
        if(m.getName().trim().equals("setValue"))
        {
        Log.d(TAG, "method " + m.getName() );
        setValue = m;
        break;
        }
    }

    try
    {
        // EAP
        setValue.invoke(eap.get(wc), ENTERPRISE_EAP);

        // EAP Phase 2
        setValue.invoke(phase2.get(wc), ENTERPRISE_PHASE2);

        // EAP Anonymous Id
        setValue.invoke(anonymousId.get(wc), ENTERPRISE_ANON_IDENT);

        // EAP CA Certificate
        setValue.invoke(caCert.get(wc), ENTERPRISE_CA_CERT);

        // Private Key
        setValue.invoke(privateKey.get(wc), ENTERPRISE_PRIV_KEY);

        // EAP Identity
        setValue.invoke(identity.get(wc), userName);

        // EAP Password
        setValue.invoke(password.get(wc), passString);

        // EAP Client certificate
        setValue.invoke(clientCert.get(wc), ENTERPRISE_CLIENT_CERT);

    }
    catch (Exception e)
    {

    }

    Log.d("WifiPreference", "2");
    int res = wifi.addNetwork(wc);
    Log.d("WifiPreference", "add Network returned " + res );
    boolean b = wifi.enableNetwork(res, true);        
    Log.d("WifiPreference", "enableNetwork returned " + b );
    }
}

and these are the logs indicating where the connection attempt fails

/************************And here are the logs********************/

02-09 09:23:30.514: I/ActivityManager(2084): Displayed activity com.test.wpa/.WPAActivity: 445 ms (total 445 ms)

02-09 09:23:31.514: I/wpa_supplicant(27633): CTRL-EVENT-SCAN-RESULTS  Ready

02-09 09:23:31.514: I/wpa_supplicant(27633): Trying to associate with 00:1c:0f:82:04:e0 (SSID='*****' freq=2437 MHz)

02-09 09:23:31.514: I/wpa_supplicant(27633): CTRL-EVENT-STATE-CHANGE id=-1 state=3

02-09 09:23:31.649: V/WifiMonitor(2084): Event [Trying to associate with 00:1c:0f:82:04:e0 (SSID='*****' freq=2437 MHz)]

02-09 09:23:31.649: V/WifiMonitor(2084): Event [CTRL-EVENT-STATE-CHANGE id=-1 state=3]

02-09 09:23:31.654: V/WifiStateTracker(2084): Changing supplicant state: SCANNING ==> ASSOCIATING

02-09 09:23:31.654: D/NetworkStateTracker(2084): setDetailed state, old =SCANNING and new state=CONNECTING

02-09 09:23:31.659: D/ConnectivityService(2084): ConnectivityChange for WIFI: CONNECTING/CONNECTING

02-09 09:23:32.621: I/wpa_supplicant(27633): CTRL-EVENT-STATE-CHANGE id=0 state=4

02-09 09:23:32.621: V/WifiMonitor(2084): Event [CTRL-EVENT-STATE-CHANGE id=0 state=4]

02-09 09:23:32.624: I/wpa_supplicant(27633): Associated with 00:1c:0f:82:04:e0

02-09 09:23:32.624: I/wpa_supplicant(27633): CTRL-EVENT-EAP-STARTED EAP authentication started

02-09 09:23:32.629: V/WifiMonitor(2084): Event [Associated with 00:1c:0f:82:04:e0]

**02-09 09:23:32.629: V/WifiMonitor(2084): Event [CTRL-EVENT-EAP-STARTED EAP authentication started]**

02-09 09:23:32.629: V/WifiStateTracker(2084): Changing supplicant state: ASSOCIATING ==> ASSOCIATED

**02-09 09:23:32.629: D/NetworkStateTracker(2084): setDetailed state, old =CONNECTING and new state=CONNECTING**

**02-09 09:23:32.634: I/wpa_supplicant(27633): CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys**

02-09 09:23:32.644: I/wpa_supplicant(27633): CTRL-EVENT-STATE-CHANGE id=0 state=0

**02-09 09:23:32.644: V/WifiMonitor(2084): Event [CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys]**

02-09 09:23:32.644: V/WifiMonitor(2084): Event [CTRL-EVENT-STATE-CHANGE id=0 state=0]

I couldn’t find examples online about EAP (PEAP) authentication programmatically, I have tried changing the WiFi configuration with no success. Any Ideas or helpful sites/examples on how to connect to a Enterprise network EAP (PEAP), or can someone point me in the right direction?

How to&Answers:

Finally, I’ve defeated my CiSCO EAP-FAST corporate wifi network, and all our Android devices are now able to connect to it.

The walk-around I’ve performed in order to gain access to this kind of networks from an Android device are easiest than you can imagine.

There’s a Wifi Config Editor in the Google Play Store you can use to “activate” the secondary CISCO Protocols when you are setting up a EAP wifi connection.

Its name is Wifi Config Advanced Editor.

  • First, you have to setup your wireless network manually as close as you can to your “official” corporate wifi parameters.

  • Save it.

  • Go to the WCE and edit the parameters of the network you have created in the previous step.

  • There are 3 or 4 series of settings you should activate in order to force the Android device to use them as a way to connect (the main site I think you want to visit is Enterprise Configuration, but don’t forget to check all the parameters to change them if needed.
    As a suggestion, even if you have a WPA2 EAP-FAST Cipher, try LEAP in your setup. It worked for me as a charm.

  • When you finished to edit the config, go to the main Android wifi controller, and force to connect to this network.

  • Do not Edit the network again with the Android wifi interface.

I have tested it on Samsung Galaxy 1 and 2, Note mobile devices, and on a Lenovo Thinkpad Tablet.

Answer:

Thanks for enlightening us Cypawer.

I also tried this app https://play.google.com/store/apps/details?id=com.oneguyinabasement.leapwifi

and it worked flawlessly.

Leap Wifi Connector