'Re: [Wireshark-dev] Cannot Decrypt Fast BSS Transition (802.11r) Packets'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wireshark-dev
Subject:    Re: [Wireshark-dev] Cannot Decrypt Fast BSS Transition (802.11r) Packets
From:       Mikael Kanstrup <mikael.kanstrup () gmail ! com>
Date:       2020-05-16 15:46:40
Message-ID: CACZXzRCzRZFejzCujs4=170zDL-m7=tWtnOMupXsUE3EwLv9Rw () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


> The idea is to allow user to enter TK as decryption key. When decrypting
> packets if no valid SA exist either due to 4WHS missing in packet capture
> or due to non supported AKMS Wireshark would try decrypting using all user
> entered TKs and all supported ciphers. If a packet can be successfully
> decrypted an SA would be formed from the inputs used. Then on subsequent
> packets the SA already exists and decryption can continue without repeated
> attempts. Performance should be acceptable I hope.
>

I uploaded a non-finished patch implementing support for decryption using
TK entered by user here:
https://code.wireshark.org/review/#/c/37217/

Mohit Khattar: If you know how to download patches from Gerrit and build,
feel free to try it out. Hopefully it can be used to successfully decrypt
your FT captures.

/Mikael

[Attachment #5 (text/html)]

<div dir="ltr"><div dir="ltr"><br></div><div class="gmail_quote"><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"><div dir="auto"><div dir="auto">The idea is to \
allow user to enter TK as decryption key. When decrypting packets if no valid SA \
exist either due to 4WHS missing in packet capture or due to non supported AKMS \
Wireshark would try decrypting using all user entered TKs and all supported ciphers. \
If a packet can be successfully decrypted an SA would be formed from the inputs used. \
Then on subsequent packets the SA already exists and decryption can continue without \
repeated attempts. Performance should be acceptable I \
hope.</div></div></blockquote><div><br></div><div>I uploaded a non-finished patch \
implementing support for decryption using TK entered by user here:</div><div><a \
href="https://code.wireshark.org/review/#/c/37217/">https://code.wireshark.org/review/#/c/37217/</a><br></div><div><br></div><div><span \
style="white-space:pre-wrap">Mohit Khattar: If you know how to download patches from \
Gerrit and build, feel free to try it out. Hopefully it can be used to successfully \
decrypt your FT captures.</span><br></div><div><span \
style="white-space:pre-wrap"><br></span></div><div><span \
style="white-space:pre-wrap">/Mikael</span></div></div></div>


[Attachment #6 (text/plain)]

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic