Re: WLAN decryption using a hex PSK key

[Sho Amano <samano.and () gmail com>]

Hi Pascal,

2012/10/23 Pascal Quantin <pascal.quantin () gmail com>

> 2012/10/22 Sho Amano <samano.and () gmail com>
>
> > Hi Pascal,
> >
> > 2012/10/22 Pascal Quantin <pascal.quantin () gmail com>
> >
> > > Le 20/10/2012 17:33, Sho Amano a écrit :
> > > > Okey, I figured out that following quick hack works for me. Now I can
> > > see
> > > > the decrypted TCP packets.
> > > > (build running on Ubuntu 12.04 amd64)
> > > >
> > > > $ svn diff
> > > > Index: epan/dissectors/packet-ieee80211.c
> > > > ===================================================================
> > > > --- epan/dissectors/packet-ieee80211.c    (revision 45658)
> > > > +++ epan/dissectors/packet-ieee80211.c    (working copy)
> > > > @@ -17369,7 +17369,7 @@
> > > >          keys->Keys[keys->nKeys] = key;
> > > >          keys->nKeys++;
> > > >        }
> > > > -      else if(dk->type == AIRPDCAP_KEY_TYPE_WPA_PMK)
> > > > +      else if(dk->type == AIRPDCAP_KEY_TYPE_WPA_PSK)
> > > >        {
> > > >          key.KeyType = AIRPDCAP_KEY_TYPE_WPA_PMK;
> > > >
> > > >
> > > > Thanks.
> > >
> > > Hi Sho,
> > >
> > > thanks for the report and patch. I committed a slightly different
> > > version in r45696 and scheduled it for backport in 1.8.4.
> >
> > Thanks, I tried r45696 on Ubuntu 12.04 (amd64) and it worked well.
> > But I have some questions.
> >
> > packet-ieee80211.c, line 17374:
> >   Since we convert PSK (64-byte ASCII) into PMK (32-byte binary) on line
> > 17377,
> >   what's the point of setting key.KeyType = AIRPDCAP_KEY_TYPE_WPA_PSK ?
> >
> > packet-ieee80211.c, line 17380:
> >   Using debugger, I verified that bytes->len is 32. So it is always
> > smaller than
> >   AIRPDCAP_WPA_PSK_LEN, which is 64.
> >
> > packet-ieee80211.c, line 17381:
> >   Since we are using the converted PMK, maybe we should copy it into
> > key.KeyData.Wpa.Pmk?
> >   (I know that is actually the same place :-)
>
> Hi Sho,
>
> I did mainly the change because using the PMK union / structure member for
> a PSK key configured in UAT was hurting my eyes and looked like a bug.
> From a quick glance it looks like the handling of PSK / PMK seems a bit
> messy (PMK defines / union are almost not used, and mixed with PMK ones). I
> will let someone more aware of those subtle differences do a follow-up
> cleanup if needed.

Thanks for your comment. Yes, I agree that PSK/PMK things look confusing,
and I also hope that someone who knows better will review & clean up
the related codes.

Anyway, I'm looking forward to 1.8.4 release. The fix will help me a lot :)

Regards,
Sho


> Regards,
> Pascal.
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe