Wireshark mailing list archives

Re: Cannot Decrypt Fast BSS Transition (802.11r) Packets

From: Mikael Kanstrup <mikael.kanstrup () gmail com>
Date: Sat, 16 May 2020 17:46:40 +0200

The idea is to allow user to enter TK as decryption key. When decrypting
packets if no valid SA exist either due to 4WHS missing in packet capture
or due to non supported AKMS Wireshark would try decrypting using all user
entered TKs and all supported ciphers. If a packet can be successfully
decrypted an SA would be formed from the inputs used. Then on subsequent
packets the SA already exists and decryption can continue without repeated
attempts. Performance should be acceptable I hope.


I uploaded a non-finished patch implementing support for decryption using
TK entered by user here:
https://code.wireshark.org/review/#/c/37217/

Mohit Khattar: If you know how to download patches from Gerrit and build,
feel free to try it out. Hopefully it can be used to successfully decrypt
your FT captures.

/Mikael

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Cannot Decrypt Fast BSS Transition (802.11r) Packets Mohit Khattar via Wireshark-dev (May 13)
- Re: Cannot Decrypt Fast BSS Transition (802.11r) Packets Mikael Kanstrup (May 15)
  - Re: Cannot Decrypt Fast BSS Transition (802.11r) Packets Richard Sharpe (May 15)
    - Re: Cannot Decrypt Fast BSS Transition (802.11r) Packets Mikael Kanstrup (May 15)
    - Re: Cannot Decrypt Fast BSS Transition (802.11r) Packets Mikael Kanstrup (May 16)
- Re: Cannot Decrypt Fast BSS Transition (802.11r) Packets Richard Sharpe (May 15)