Wireshark mailing list archives
Re: WLAN decryption using a hex PSK key
From: Sho Amano <samano.and () gmail com>
Date: Sat, 20 Oct 2012 22:22:10 +0900
2012/10/20 <mmann78 () netscape net>
This was broken and fixed with bug 7661 ( https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7661). Perhaps its broken again (and bug needs to be reopened)?
It looks different from bug 7661, because when I tried with Wireshark 1.8.3 (which contains the fix for the bug) I still could not decrypt the sample file. Wireshark 1.8.2 (WiresharkPortable-1.8.2.paf.exe) --> Wireshark refuses to set the hex-format key, showing an error dialog which says "error updating record: Invalid key format" Wireshark 1.8.3 (WiresharkPortable-1.8.3.paf.exe) --> I do not get the error dialog and I can set the hex-format key. However I still could not decrypt WLAN frames in the file. So it looks like same situation as latest trunk. Thanks.
-----Original Message----- From: Sho Amano <samano.and () gmail com> To: wireshark-dev <wireshark-dev () wireshark org> Sent: Fri, Oct 19, 2012 3:07 pm Subject: [Wireshark-dev] WLAN decryption using a hex PSK key Hi, This is the first time I send a mail to wireshark-dev. If there are something that I'm doing wrong, just let me know, thanks in advance. Recently I noticed that I can not decrypt WLAN frames that are encrypted with WPA-PSK (or PSK2), 64-digit hex format. The thing is, I could decrypt the same file using an old Wireshark (1.6.11). Is there any extra configuration that I need to run on the latest Wireshark to decrypt WLAN file with a hex key? Here is a sample file I captured using a Ralink dongle. I used an old 802.11g AP with WPA-PSK (not PSK2) security. https://dl.dropbox.com/u/21695553/wpa_decrypt_sample.pcap SSID: APTEST WPA-PSK: 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF FYI, Here are what I tried. I'm using a x64 machine running Windows 7 Pro SP1 (64bit). Using latest Wireshark: 1. Download the latest Win64 binary "Wireshark-win64-1.9.0-SVN-45658.exe" from http://www.wireshark.org/download/automated/win64/ and install it under C:\ws64test. Restart Windows. 2. Launch Wireshark, Go "Edit" -> "Preferences..." then select "IEEE802.11" pane under "Protocols". Check "Enable decryption:", click "Edit...", click "New" and choose "wpa-psk" for the Key type. Also, Enter "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF" for the Key and click "OK" -> "OK" -> "OK". 3. Restart Wireshark. 4. Open the sample pcap file. Packet number #301, for example, is not decrypted. Using old Wireshark: 1. Download "WiresharkPortable-1.6.11.paf.exe" and install it under C:\ws32old. 2. Launch Wireshark, Go "Edit" -> "Preferences..." then select "IEEE802.11" pane under "Protocols". Check "Enable decryption:" and then type "wpa-psk:0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF" in the Key #1 box. Click "OK". 3. Restart Wireshark. 4. Open the sample pcap file. Packet number #301 is decrypted, and I can see it is a TCP SYN packet. Thanks. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe <wireshark-dev-request () wireshark org?subject=unsubscribe> ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- WLAN decryption using a hex PSK key Sho Amano (Oct 19)
- Re: WLAN decryption using a hex PSK key mmann78 (Oct 19)
- Re: WLAN decryption using a hex PSK key Sho Amano (Oct 20)
- Re: WLAN decryption using a hex PSK key Sho Amano (Oct 20)
- Re: WLAN decryption using a hex PSK key Pascal Quantin (Oct 21)
- Re: WLAN decryption using a hex PSK key Sho Amano (Oct 22)
- Re: WLAN decryption using a hex PSK key Pascal Quantin (Oct 22)
- Re: WLAN decryption using a hex PSK key Sho Amano (Oct 23)
- Re: WLAN decryption using a hex PSK key Sho Amano (Oct 20)
- Re: WLAN decryption using a hex PSK key mmann78 (Oct 19)