February 20, 2018, 07:13:40 AM
Welcome, Guest. Please login or register.

THS Promising Student Scholarship has been introduced! Full and partial scholarships available. See http://www.top-hat-sec.com/scholarships.html for more details

Author Topic: [Instruction] Connecting Surface Pro / Win8.1 to Hidden WPA Access Point  (Read 3055 times)

Offline 0E 800

  • If something can corrupt you, you're corrupted already.
  • Top Hat Member
  • Elite
  • ********
  • Posts: 961
  • Internets: +154/-0
  • ??? ???????? ?s ?? ??c?c??-???
This is mostly for my own reference / future use.

The company I work for has a Hidden AP set to WPA-TKIP encryption.
We have had issues with certain Windows 8.1 tablet not being able to connect to the AP or they connect but then need to be re-added the next day; this ends up creating alot of wireless profiles with a number at the end; eg: wifi, wifi1, wifi2, wifi3.

Searching through the net I found alot of people complaining that as soon as they updated their computers/devices to Windows 8.1 they lost the ability to add a wifi network with WPA-TKIP; the only options are Open, WEP, WPA2, WPA2-Enterprise only AES no TKIP.

I haven't read anything formal from M$ regarding the reasons for dropping support for WPA-TKIP; but this is was marked as the answer by a M$ moderator:
We removed the WPA option in Windows 8.1 for two reasons:
WPA is less secure than WPA2.  Most devices support WPA2, so there's little reason to use the less-secure encryption of WPA.
The Wi-Fi Alliance international standards organization released a new 2.0 version of the WSC protocol.  Version 2.0 removes support for WPA, so new 2.0-compliant devices may not be able to support WPA.  It would be misleading if Windows showed the option when the option would probably just fail on 2.0 devices anyway.

The answer doesnt really make much sense to me. The reason being; I have multiple laptops with Windows 8.1 and I am able to connect them to the hidden WPA-tkip AP just fine. I usually only run into this issue with the Surface Pros. Maybe its something to do with more recent hardware/firmwares.

Anyways, for anyone trying to connect and having troubles connecting to their hidden access point or are curious to know how to manually add/edit wifi profiles, here is the recipe:

First, access the command promt
(WinKey + r, type cmd [enter])
Type in terminal:


netsh> wlan

netsh wlan> show profiles

If you see your access point in the profile, you will need to remove it:
netsh wlan> delete profile name=<yournetwork>
(your wifi ap might not be listed, this is to remove the profile for the ap you are having trouble connecting to.)

Keep netsh window open

Right click the connection icon in lower right corner
 - open Network and Sharing Center
 - Set up a new connection or network
 - Manually connect to a wireless network

Create a profile, and try to get as many details to correspond with your requirement. We will manually change those settings later. So even thought WPA isnt there or tkip, just chose WPA2 aes.

Go back to your netsh terminal

netsh wlan> show profile <profilename>
This will show your wifi ap profile info.

To change the encryption from WPA2-aes to WPA-tkip:
netsh wlan> set profileparameter name=<profilename> authentication=wpa encryption=tkip authMode=userOnly UseOneX=yes

Don't exit yet.

Click  on the connection icon in lower right panel, and connect to your wifi network.
It will ask you the password and you should now be able to connect.

You can export your profile settings for easier installation next time with
netsh wlan> export profile name=<profile name>

Hope this helps.

The majority of content was edit from:
« Last Edit: October 02, 2014, 02:17:20 PM by 0E 800 »
"He who passes not his days in the realm of dreams is the slave of the days."