Wireshark · Wireshark-dev: Re: [Wireshark-dev] Cannot Decrypt Fast BSS Transition (802.11r) Packets

Wireshark-dev: Re: [Wireshark-dev] Cannot Decrypt Fast BSS Transition (802.11r) Packets

From: Mikael Kanstrup <mikael.kanstrup@xxxxxxxxx>

Date: Sat, 16 May 2020 17:46:40 +0200

The idea is to allow user to enter TK as decryption key. When decrypting packets if no valid SA exist either due to 4WHS missing in packet capture or due to non supported AKMS Wireshark would try decrypting using all user entered TKs and all supported ciphers. If a packet can be successfully decrypted an SA would be formed from the inputs used. Then on subsequent packets the SA already exists and decryption can continue without repeated attempts. Performance should be acceptable I hope.

I uploaded a non-finished patch implementing support for decryption using TK entered by user here:

https://code.wireshark.org/review/#/c/37217/

Mohit Khattar: If you know how to download patches from Gerrit and build, feel free to try it out. Hopefully it can be used to successfully decrypt your FT captures.

/Mikael

References:
- [Wireshark-dev] Cannot Decrypt Fast BSS Transition (802.11r) Packets
  - From: Mohit Khattar
- Re: [Wireshark-dev] Cannot Decrypt Fast BSS Transition (802.11r) Packets
  - From: Mikael Kanstrup
- Re: [Wireshark-dev] Cannot Decrypt Fast BSS Transition (802.11r) Packets
  - From: Richard Sharpe
- Re: [Wireshark-dev] Cannot Decrypt Fast BSS Transition (802.11r) Packets
  - From: Mikael Kanstrup

Prev by Date: Re: [Wireshark-dev] asn2wrs.py no longer seems to generate the same code ...
Next by Date: Re: [Wireshark-dev] asn2wrs.py no longer seems to generate the same code ...
Previous by thread: Re: [Wireshark-dev] Cannot Decrypt Fast BSS Transition (802.11r) Packets
Next by thread: Re: [Wireshark-dev] Cannot Decrypt Fast BSS Transition (802.11r) Packets
Index(es):
- Date
- Thread