Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] WLAN decryption using a hex PSK key

From: Sho Amano <samano.and@xxxxxxxxx>
Date: Tue, 23 Oct 2012 02:10:48 +0900
Hi Pascal,

2012/10/22 Pascal Quantin <pascal.quantin@xxxxxxxxx>
Le 20/10/2012 17:33, Sho Amano a écrit :
> Okey, I figured out that following quick hack works for me. Now I can see
> the decrypted TCP packets.
> (build running on Ubuntu 12.04 amd64)
>
> $ svn diff
> Index: epan/dissectors/packet-ieee80211.c
> ===================================================================
> --- epan/dissectors/packet-ieee80211.c    (revision 45658)
> +++ epan/dissectors/packet-ieee80211.c    (working copy)
> @@ -17369,7 +17369,7 @@
>          keys->Keys[keys->nKeys] = key;
>          keys->nKeys++;
>        }
> -      else if(dk->type == AIRPDCAP_KEY_TYPE_WPA_PMK)
> +      else if(dk->type == AIRPDCAP_KEY_TYPE_WPA_PSK)
>        {
>          key.KeyType = AIRPDCAP_KEY_TYPE_WPA_PMK;
>
>
> Thanks.

Hi Sho,

thanks for the report and patch. I committed a slightly different
version in r45696 and scheduled it for backport in 1.8.4.

Thanks, I tried r45696 on Ubuntu 12.04 (amd64) and it worked well.
But I have some questions.

packet-ieee80211.c, line 17374:
  Since we convert PSK (64-byte ASCII) into PMK (32-byte binary) on line 17377,
  what's the point of setting key.KeyType = AIRPDCAP_KEY_TYPE_WPA_PSK ?

packet-ieee80211.c, line 17380:
  Using debugger, I verified that bytes->len is 32. So it is always smaller than
  AIRPDCAP_WPA_PSK_LEN, which is 64.

packet-ieee80211.c, line 17381:
  Since we are using the converted PMK, maybe we should copy it into key.KeyData.Wpa.Pmk?
  (I know that is actually the same place :-)

Thanks.
Sho


Regards,
Pascal.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe