I have a Mac with Mavericks. It is a well-known fact that on a Mac, you can only create a WPA2 secured Wi-Fi network using Internet Sharing in System Preferences. No preinstalled, documented application on the command line can create an infrastructure mode network.
/usr/libexec/airportd has an undocumented option, startHostAPModeWithSSID that can create an ad-hoc network, optionally using WEP.
Note that this is just an interface to a CoreWLAN function of the same name, which is a public framework and is documented. Also, note that the flow of API's to access the wireless hardware on a mac goes like this: userspace program --> CoreWLAN.framework (public) or others --> Apple80211.framework (private, undocumented) --> IO80211Family.kext (kernelspace, private, undocumented, family-type kext: manages all Wi-Fi kexts) --> specific kext inside IO80211Family (could be AirportAtheros40.kext, AirportBrcm4360.kext, AppleAirportBrcm43224.kext, etc.)
Is there a way to make a WPA2 secured network on a Mac via the command line? Without all the overhead of internet sharing like NAT, dhcp, and others.
Many other questions like this have been answered incompletely. I tried to see what functions the internet sharing preference pane uses, and it uses a few private frameworks:
$ otool -L /System/Library/PreferencePanes/SharingPref.prefPane
/Contents/MacOS/SharingPref
[shortened for legibility]
/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Apple80211 (compatibility version 1.0.0, current version 1.0.0)
/System/Library/PrivateFrameworks/PreferencePanesSupport.framework/Versions/A/PreferencePanesSupport (compatibility version 1.0.0, current version 1.0.0)
/System/Library/PrivateFrameworks/CoreWLANKit.framework/Versions/A/CoreWLANKit (compatibility version 1.0.0, current version 1.0.0)
/System/Library/PrivateFrameworks/SystemAdministration.framework/Versions/A/SystemAdministration (compatibility version 1.0.0, current version 1.0.0)
It does use a long list of public frameworks like CoreWLAN, but these are the private frameworks it utilizes. However, none of these appear to handle anything related to the WPA2 security that can be utilized from the internet sharing options.
To try to devise how the WPA2 encryption is enabled, I looked at what the internet sharing preference pane depends on. I went for the launchdaemon com.apple.internetsharing.plist. It just calls /usr/libexec/internetsharing, which is undocumented but does offer some help:
$ /usr/libexec/internetsharing --help
/usr/libexec/internetsharing: illegal option -- -
Usage: /usr/libexec/internetsharing [-dDnv] [-e EXTIF] [-l LOGFILE] [-p LO] [-P HI] [-c THREADS] [-t TIMEOUT]
ptions: [sic]
-d Enable debugging
-v Enable verbose logging
-6 Disable(Enable) IPv6 on iOS(MacOS)
-e EXTIF External interface name
-l LOGFILE Enable logging to file
-p LO Port forwarding range, LO
-P HI Port forwarding range, HI
-c THREADS max # of worker threads
-t TIMEOUT Idle timeout
[Yes, the "ptions" is actually how it was printed to stdout] It seems like it may have something to do with this after all. What it may not expose directly, we can reveal by what it depends on. So:
$ otool -L /usr/libexec/internetsharing
/usr/libexec/internetsharing:
/System/Library/PrivateFrameworks/PacketFilter.framework/Versions/A/PacketFilter (compatibility version 1.0.0, current version 1.0.0)
/System/Library/Frameworks/Security.framework/Versions/A/Security (compatibility version 1.0.0, current version 55456.0.0)
/System/Library/Frameworks/ServiceManagement.framework/Versions/A/ServiceManagement (compatibility version 1.0.0, current version 1.0.0)
/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation (compatibility version 150.0.0, current version 855.0.0)
/System/Library/Frameworks/CoreWLAN.framework/Versions/A/CoreWLAN (compatibility version 1.0.0, current version 1.0.0)
/System/Library/PrivateFrameworks/EAP8021X.framework/Versions/A/EAP8021X (compatibility version 1.0.0, current version 1.0.0)
/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation (compatibility version 300.0.0, current version 1054.0.0)
/System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration (compatibility version 1.0.0, current version 596.12.0)
/System/Library/Frameworks/IOKit.framework/Versions/A/IOKit (compatibility version 1.0.0, current version 275.0.0)
/usr/lib/libdns_services.dylib (compatibility version 1.0.0, current version 1.0.0)
/usr/lib/libbsm.0.dylib (compatibility version 1.0.0, current version 1.0.0)
/usr/lib/libobjc.A.dylib (compatibility version 1.0.0, current version 228.0.0)
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1197.1.1)
As you can see, it uses 2 private frameworks: PacketFilter, which probably does what you'd expect, and EAP8021X. The latter is likely responsible for enabling WPA2, however being a private framework it is devoid of any documentation. Note that /usr/libexec/internetsharing does (or calls the programs to do) NAT (natd,) dhcp (bootpd,) DNS (named a.k.a BIND,) ipfw, and many other little bits. Using /usr/libexec/internetsharing is not an option as it is finicky and does NAT, dhcp, dns, and all the funky things that are not necessary. Is there a way to create a WPA2 network on a mac using the command line only?
