wpa keyexchange problem

Joachim Schiele js
Thu Jul 7 06:19:11 PDT 2005


hey ;-)
just out of interest in the key exchange i've captured my heavy secured ap 
session exchange. the keyword used was "schnuffel" but as a matter of fact 
"attacker" does not work. i think the problem is in the key exchange. i'm 
using tkip and wpa_supplicant together with hostapd.

my configuration in detail at the end of the mail:
one thing i don't understand is why the snonce and anonce size differs while 
the original has
4x16 byte the one i captured has only 3x16 byte ;P

another question would be:
did i collect the right package for the hexdump field which is 19 in my 
capture?

thanks for any help
joachim schiele

ps: the connection is quite stable and working.


the ethereal capture is here:
http://lastlog.de/misc/wpa_cry_for_help.cap

======= hostapd ===========
interface=ath0
driver=madwifi
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
debug=4
dump_file=/tmp/hostapd.dump
ssid=NSA-net
wpa=1
wpa_psk=94d5d3eb7601d7534e8c4694bd6a6a9b0f64e9cffbce7c021faa5d04ebc77914
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
wpa_group_rekey=600
wpa_gmk_rekey=86400

======= wpa_supplicant ===========
network={
        ssid="NSA-net"
        # key is "schnuffel" without " at the beg and end
        psk=94d5d3eb7601d7534e8c4694bd6a6a9b0f64e9cffbce7c021faa5d04ebc77914
}

========================== the example comming with attacker 
======================
ssid: linksys2
anonce: 000000000000000000e1ffffffffffffffffffffffffffffffffffffffffffff
snonce: 15ca4b5992d8208ef572a3b0897c23f37dc403dbf6d9ac25c6f7c28cc019afc9
host mac: 0030ab209adc
ap mac: 000c41c15c85
hexdump: 
000c41c15c850030ab209adc888e01030079fe01090020000000000000000015ca4b5992d8208ef572a3b0897c23f37dc403dbf6d9ac25c6f7c28cc019afc90000000000000000000000000000000000000000000000000000000000000000d0282e4c6c2b8a41158ccdd8e6f9fb66001add180050f20101000050f20201000050f20201000050f2020000

====== my secured net ;-) =====================================

NSA-net
anonce: 7388234FB19FF4575AF62543B0C86F15E510AFBA9B2B7E93
snonce: D3EA5466C68827B846D5A0375DDA86B7B24C59685E44DBA3
host mac: 000fa380cadf
ap mac  : 000fa380cb0b
hexdump: 
0a59b411db0602d1c0618a4953323ed9963ab18250485c22efa484239aeda7d82824e1907a584e9431fac9c374d482664d50050a1e24f6a414e9b8614c400dc2312e15e1ae9875ab6cf846c01baef5599dc357320652a85258a32dfc6a8fc2f59bc73fd0fbd2ddbd68fe5c53e7c6ef152b6142e0aa1543afd088d0eec91fd7e66e2549af00df266085a2f91a28f34610402359d5709c29
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050707/e21307a8/attachment.pgp 



More information about the Hostap mailing list