Getting wrong value for MIC - how to debug?

Chris Phoenix cphoenix
Mon Jan 30 22:22:35 PST 2012 

I'm trying to bring up wpa_supplicant on an embedded device. I've
gotten it to associate, and the AP (a home Belkin doing WPA) sends the
EAPOL 1_of_4, and I send back the EAPOL 2_of_4, and the Belkin sends
the 1_of_4 again, with an incremented replay counter, and after a few
more tries it disconnects.

The packet I'm sending looks fine. I confirmed this by getting my cell
phone to connect to the router, and capturing both transactions with
KisMAC. Everything but the MAC address, nonce, duration, sequence
number, and MIC was the same in packet 2_of_4 from both devices.

So, I guessed that the MIC must be wrong. So, I got a stock version of
wpa_supplicant compiled and running on my Mac, and replaced
main_none.c with code to redo the MIC computation for the packet from
my cell phone.

And I'm getting the wrong value. That is, I'm getting a different
value than the original MIC. Obviously, stock wpa_supplicant code
isn't broken. But my MIC-regenerating code is simple. So what's my
next step? (Yes, the MIC computed on my Mac version of wpa_supplicant
for my device's packets is the same as the one I computed in my
embedded device.)

#include "includes.h"

#include "common.h"
#include "wpa_supplicant_i.h"
#include "../src/common/eapol_common.h"
#include "../src/common/wpa_common.h"

#define debug_printf printf

int main(int argc, char *argv[])
{
/* Packets from my cell phone */
    u8 eapol_1_of_4[] = {
        0x08, 0x02, 0x2c, 0x00, 0x40, 0x4d, 0x8e, 0x14,
        0x08, 0xcb, 0x00, 0x11, 0x50, 0x35, 0x64, 0x8f,
        0x00, 0x11, 0x50, 0x35, 0x64, 0x8f, 0x10, 0xe7,
        0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00, 0x88, 0x8e,
        0x01, 0x03, 0x00, 0x5f, 0xfe, 0x00, 0x89, 0x00,
        0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x01, 0x8e, 0x7a, 0xfb, 0xf9, 0x2e, 0x46,
        0x82, 0xc8, 0xaf, 0x12, 0x4a, 0x48, 0x21, 0x71,
        0x2f, 0x50, 0xda, 0xdc, 0xf1, 0x05, 0xc7, 0xa3,
        0x96, 0xc8, 0xbd, 0x24, 0xce, 0x69, 0xc3, 0xf5,
        0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00 };


     u8 eapol_2_of_4[] = {
         0x08, 0x01, 0x3a, 0x01, 0x00, 0x11, 0x50, 0x35,
         0x64, 0x8f, 0x40, 0x4d, 0x8e, 0x14, 0x08, 0xcb,
         0x00, 0x11, 0x50, 0x35, 0x64, 0x8f, 0xb0, 0x2d,
         0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00, 0x88, 0x8e,
         0x01, 0x03, 0x00, 0x77, 0xfe, 0x01, 0x09, 0x00,
         0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0xcf, 0x70, 0xcf, 0x23, 0x33, 0x33, 0xb2,
         0x05, 0x87, 0x86, 0x2f, 0x63, 0x6a, 0x6c, 0xea,
         0x26, 0xe5, 0x54, 0xc5, 0x0a, 0x99, 0xfc, 0x91,
         0xad, 0xea, 0x80, 0xc0, 0x12, 0x6f, 0xdb, 0x26,
         0xfe, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x5f, 0xf8, 0xe8, 0x60, 0xd1, 0x88, 0x42,
         0x7f, 0x6b, 0x17, 0x1e, 0xc0, 0x1d, 0xd2, 0xfc,
         0xf9, 0x00, 0x18, 0xdd, 0x16, 0x00, 0x50, 0xf2,
         0x01, 0x01, 0x00, 0x00, 0x50, 0xf2, 0x02, 0x01,
         0x00, 0x00, 0x50, 0xf2, 0x02, 0x01, 0x00, 0x00,
     0x50, 0xf2, 0x02 };

/* For reference, here's the 2/4 packet from my embedded device
char pkt334[] = {
0x08, 0x01, 0x28, 0x00, 0x00, 0x11, 0x50, 0x35,
0x64, 0x8f, 0x00, 0x19, 0x88, 0x23, 0x36, 0x24,
0x00, 0x11, 0x50, 0x35, 0x64, 0x8f, 0x30, 0x00,
0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00, 0x88, 0x8e,
0x01, 0x03, 0x00, 0x77, 0xfe, 0x01, 0x09, 0x00,
0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x3b, 0xd1, 0x48, 0x31, 0x11, 0xce, 0x62,
0xea, 0xfa, 0xa8, 0xea, 0x6a, 0x99, 0x33, 0xa0,
0xb7, 0x00, 0x18, 0xdd, 0x16, 0x00, 0x50, 0xf2,
0x01, 0x01, 0x00, 0x00, 0x50, 0xf2, 0x02, 0x01,
0x00, 0x00, 0x50, 0xf2, 0x02, 0x01, 0x00, 0x00,
0x50, 0xf2, 0x02 };
*/

    u8 pmk[] = "password";

    u8 ptk[64];
    wpa_hexdump(MSG_ERROR, "pmk", pmk, strlen((char *)pmk));
    wpa_hexdump(MSG_ERROR, "en1", eapol_1_of_4 + 4, 6);
    wpa_hexdump(MSG_ERROR, "en2", eapol_2_of_4 + 4, 6);
    wpa_hexdump(MSG_ERROR, "no1", eapol_1_of_4 + 49, 32);
    wpa_hexdump(MSG_ERROR, "no2", eapol_2_of_4 + 49, 32);

    wpa_pmk_to_ptk(pmk, strlen((char *)pmk), "Pairwise key expansion",
                   eapol_1_of_4 + 4, eapol_2_of_4 + 4,
                   eapol_1_of_4 + 49, eapol_2_of_4 + 49,
                   ptk, 64, 0);

    struct wpa_eapol_key *reply;
    reply = (struct wpa_eapol_key *)(eapol_2_of_4 + 32 + sizeof(struct
ieee802_1x_hdr));

    wpa_hexdump(MSG_ERROR, "MIC b4   ", reply->key_mic, sizeof(reply->key_mic));
    memset(reply->key_mic, 0, sizeof(reply->key_mic));
    debug_printf("eapol %p, keymic %p, ptk %p\n\r", eapol_2_of_4,
reply->key_mic, ptk);
    wpa_hexdump(MSG_ERROR, "   ptk ", ptk, 64);
    wpa_hexdump(MSG_ERROR, "   buf ", eapol_2_of_4 + 32,
sizeof(eapol_2_of_4) - 32);
    wpa_eapol_key_mic(ptk, WPA_KEY_INFO_TYPE_HMAC_MD5_RC4,
                      eapol_2_of_4 + 32, sizeof(eapol_2_of_4) - 32,
                      reply->key_mic);
    wpa_hexdump(MSG_ERROR, "MIC now  ", reply->key_mic, sizeof(reply->key_mic));
    wpa_hexdump(MSG_ERROR, "   buf ", eapol_2_of_4 + 32,
sizeof(eapol_2_of_4) - 32);

    exit(0);
}


Output (notice the "MIC b4" and "MIC now" lines):
pmk - hexdump(len=8): 70 61 73 73 77 6f 72 64
en1 - hexdump(len=6): 40 4d 8e 14 08 cb
en2 - hexdump(len=6): 00 11 50 35 64 8f
no1 - hexdump(len=32): 01 8e 7a fb f9 2e 46 82 c8 af 12 4a 48 21 71 2f
50 da dc f1 05 c7 a3 96 c8 bd 24 ce 69 c3 f5 ff
no2 - hexdump(len=32): cf 70 cf 23 33 33 b2 05 87 86 2f 63 6a 6c ea 26
e5 54 c5 0a 99 fc 91 ad ea 80 c0 12 6f db 26 fe
MIC b4    - hexdump(len=16): 5f f8 e8 60 d1 88 42 7f 6b 17 1e c0 1d d2 fc f9
eapol 0xbfffea59, keymic 0xbfffeaca, ptk 0xbfffeb77
   ptk  - hexdump(len=64): 0b 73 7c 3c 79 de 14 63 fd ec 1d f1 20 74
87 62 51 a1 67 bc db 1d 82 1d 68 e1 38 3f 86 5f ba d4 e2 50 95 0d 43
6c b5 f4 9f 56 04 a1 58 4b d3 6a 29 3e 6b b5 64 68 78 1b 38 9d 7b ed
04 48 ef 45
   buf  - hexdump(len=123): 01 03 00 77 fe 01 09 00 20 00 00 00 00 00
00 00 00 cf 70 cf 23 33 33 b2 05 87 86 2f 63 6a 6c ea 26 e5 54 c5 0a
99 fc 91 ad ea 80 c0 12 6f db 26 fe 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 dd 16 00 50 f2 01 01
00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02
MIC now   - hexdump(len=16): 59 49 1d 8c 40 51 7a b2 48 19 ea ec 13 14 81 9a
   buf  - hexdump(len=123): 01 03 00 77 fe 01 09 00 20 00 00 00 00 00
00 00 00 cf 70 cf 23 33 33 b2 05 87 86 2f 63 6a 6c ea 26 e5 54 c5 0a
99 fc 91 ad ea 80 c0 12 6f db 26 fe 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 59 49
1d 8c 40 51 7a b2 48 19 ea ec 13 14 81 9a 00 18 dd 16 00 50 f2 01 01
00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02


-- 
Chris Phoenix
cphoenix at gmail.com
650-776-5195

More information about the Hostap mailing list