Re: [Wireshark-dev] WLAN decryption using a hex PSK key

Mon, 22 Oct 2012 11:16:52 -0700 

2012/10/22 Sho Amano <samano....@gmail.com>

> Hi Pascal,
>
> 2012/10/22 Pascal Quantin <pascal.quan...@gmail.com>
>
>> Le 20/10/2012 17:33, Sho Amano a écrit :
>> > Okey, I figured out that following quick hack works for me. Now I can
>> see
>> > the decrypted TCP packets.
>> > (build running on Ubuntu 12.04 amd64)
>> >
>> > $ svn diff
>> > Index: epan/dissectors/packet-ieee80211.c
>> > ===================================================================
>> > --- epan/dissectors/packet-ieee80211.c    (revision 45658)
>> > +++ epan/dissectors/packet-ieee80211.c    (working copy)
>> > @@ -17369,7 +17369,7 @@
>> >          keys->Keys[keys->nKeys] = key;
>> >          keys->nKeys++;
>> >        }
>> > -      else if(dk->type == AIRPDCAP_KEY_TYPE_WPA_PMK)
>> > +      else if(dk->type == AIRPDCAP_KEY_TYPE_WPA_PSK)
>> >        {
>> >          key.KeyType = AIRPDCAP_KEY_TYPE_WPA_PMK;
>> >
>> >
>> > Thanks.
>>
>> Hi Sho,
>>
>> thanks for the report and patch. I committed a slightly different
>> version in r45696 and scheduled it for backport in 1.8.4.
>>
>
> Thanks, I tried r45696 on Ubuntu 12.04 (amd64) and it worked well.
> But I have some questions.
>
> packet-ieee80211.c, line 17374:
>   Since we convert PSK (64-byte ASCII) into PMK (32-byte binary) on line
> 17377,
>   what's the point of setting key.KeyType = AIRPDCAP_KEY_TYPE_WPA_PSK ?
>
> packet-ieee80211.c, line 17380:
>   Using debugger, I verified that bytes->len is 32. So it is always
> smaller than
>   AIRPDCAP_WPA_PSK_LEN, which is 64.
>
> packet-ieee80211.c, line 17381:
>   Since we are using the converted PMK, maybe we should copy it into
> key.KeyData.Wpa.Pmk?
>   (I know that is actually the same place :-)
>

Hi Sho,

I did mainly the change because using the PMK union / structure member for
a PSK key configured in UAT was hurting my eyes and looked like a bug.
>From a quick glance it looks like the handling of PSK / PMK seems a bit
messy (PMK defines / union are almost not used, and mixed with PMK ones). I
will let someone more aware of those subtle differences do a follow-up
cleanup if needed.

Regards,
Pascal.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Reply via email to