wpa_supplicant end process if wrong password detected

Question

Normally when I run wpa_supplicant I'll get some output like this:

Successfully initialized wpa_supplicant
ioctl[SIOCSIWAP]: Operation not permitted
ioctl[SIOCSIWENCODEEXT]: Invalid argument
ioctl[SIOCSIWENCODEEXT]: Invalid argument
wlan3: Trying to associate with 9c:3d:cf:fb:95:96 (SSID='Bell420' freq=2462 MHz)
wlan3: Association request to the driver failed
wlan3: Associated with 9c:3d:cf:fb:95:96
wlan3: Authentication with 9c:3d:cf:fb:95:96 timed out.
ioctl[SIOCSIWAP]: Operation not permitted
wlan3: CTRL-EVENT-DISCONNECTED bssid=9c:3d:cf:fb:95:96 reason=3 locally_generated=1
wlan3: WPA: 4-Way Handshake failed - pre-shared key may be incorrect

The problem is it just keeps trying over and over.

Is there a way I can tell wpa_supplicant to quit as soon as it gets an obvious error like wrong key?

I'm on an older embedded device with wpa_supplicant v2.1.

I wrote a workaround for monitoring wpa_supplicant for incorrect keys. Using grep on wpa_supplicant (with stdbuf based on Stéphane Chazelas' comment here):

  # Create conf file with ssid and password
  wpa_passphrase "$ssid" "$password" > /etc/wpa_supplicant/wpa_supplicant.conf

  # If wifi key is wrong kill subshell
  subshell=$BASHPID
  (sudo stdbuf -o0 wpa_supplicant -Dwext -iwlan1 -c/etc/wpa_supplicant/wpa_supplicant.conf 2>&1 \
    | grep -m 1 "pre-shared key may be incorrect" \
    && kill -s PIPE "$subshell") &

Note: the above block is inside a subshell in a script.

It seemed to work initially but over time I found sometimes it would cause the whole script to fail when the password was fine. Other times it would work as expected.

There must be a better way to do this.

Edit: Maybe I should be using wpa_cli here instead?

@GAD3R notice the line `wpa_passphrase "$ssid" "$password" > /etc/wpa_supplicant/wpa_supplicant.conf` if you really want to know my wifi $ssid and $password it is Bell420 and philiprichardkirkbride. Set those and run `wpa_passphrase` and you'll have my conf :-) — Philip Kirkbride, Nov 30 '17 at 23:44
This looks a bit like wpa_supplicant and the driver don't match, and the first tries to use operations the second doesn't support. The "association request to driver failed" followed by a "associated" message certainly looks wrong. Are you *sure* it's an incorrect key? What happens if you `disable_network` the offending network with `wpa_cli`? (BTW, do `wpa_cli help`, the man-page doesn't contain all commands). — dirkt, Dec 04 '17 at 15:16
@dirkt I'm sure because I run the same code with a correct password and it works. My current solution for case user enters wrong password with the above behavior is to use `timeout` on the whole process. If I could more quickly detect a wrong password I could lower the wrong password scenario from 85 seconds to 45 seconds. So yes I know the password is wrong because I'm purposely testing that scenario, correct password works fine. — Philip Kirkbride, Dec 04 '17 at 15:21
Does the `CTRL-EVENT-DISCONNECTED` event show up in `wpa_cli`? Can you try to add a wrapper to `/sbin/wpa_action` (or modify it directly) and in this way catch the event/ — dirkt, Dec 05 '17 at 13:54
Take a look at http://w1.fi/wpa_supplicant/devel/ctrl_iface_page.html you should be able to use ``` wpa_ctrl_attach()``` to detect your CTRL-EVENT-DISCONNECTED event. — Dougie, Dec 09 '18 at 15:26

score 0 · Answer 1 · edited Jul 05 '23 at 08:13

#!/bin/bash

# SSID and password
ssid="YourSSID"
password="YourPassword"

# Create wpa_supplicant.conf
wpa_passphrase "$ssid" "$password" > /etc/wpa_supplicant/wpa_supplicant.conf

# Run wpa_supplicant in the background
wpa_supplicant -Dwext -iwlan1 -c/etc/wpa_supplicant/wpa_supplicant.conf > /tmp/wpa_supplicant.log 2>&1 &

# Monitor log file for error messages
tail -f /tmp/wpa_supplicant.log | while read -r line; do
    if [[ $line == *"pre-shared key may be incorrect"* ]]; then
        echo "Incorrect key detected. Exiting..."
        kill $!
    fi
done

wpa_supplicant is run in the background, and its output is redirected to a log file. The tail command continuously reads the log file and checks for the specified error message. If the error message is found, it prints a message and terminates the script by killing the wpa_supplicant process.

wpa_supplicant end process if wrong password detected

1 Answers1

Linked