This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Can not decrypt SSL PSK traffic

0

Hi, in our project we use SSL PSK encryption with a 20 byte binary key. I hope we read all available documentation about that but we were not able to decrypt the traffic even when we have the complete traffic and the PSK key.

The example works with a 16 byte text password. As said we use a 20 byte binary password.

Can anyone help?

Thank you.

asked 24 Sep '13, 06:20

trolly's gravatar image

trolly
11112
accept rate: 0%


One Answer:

0

In Wireshark 1.10.2, there is currently a hard-coded limit of 16 bytes for the PSK.

A fix was submitted at the wireshark bugtracker (bug 9216), so if you use a development snapshot of SVN revision 52335 or later, it should work. Otherwise you can try to apply the patch on https://gist.github.com/Lekensteyn/6781709 yourself.

answered 01 Oct '13, 10:00

Lekensteyn's gravatar image

Lekensteyn
2.2k3724
accept rate: 30%

edited 14 Oct '13, 06:24

Thanks. I will see if i can do that.

(02 Oct '13, 02:49) trolly

@trolly The patch has been accepted, if you did not succeed in compiling your own, try a snapshot from https://www.wireshark.org/download/automated/

(02 Oct '13, 13:06) Lekensteyn

Thanks. We tried but it did not work. It will simply not output the decrypted data. Do you have an example with a 20 byte?

(14 Oct '13, 06:22) trolly

@trolly, you can find an example capture in the bug report. Be sure to add leading zeroes as needed (if your last octet is lower than 16 (0x0f and below)

(14 Oct '13, 06:26) Lekensteyn

Hi, what should I see in the example when the decryption works? Looks strange here.

(14 Oct '13, 07:05) trolly

You should see HTTP traffic.

(14 Oct '13, 07:59) Lekensteyn

Sorry for the long delay. We built wireshark with the suggested patch but it did not work, even with the provided sample. Is this bug already integrated? Are there some limitations for the key?

Confused ...

(29 Jan '14, 02:28) trolly

@trolly Ensure that the key is the hexadecimal representation of the binary key (with an even length, so prepend a zero if the length is odd).

(31 Jan '14, 05:31) Lekensteyn

Hi, in which wireshark release is this bug fixed? 1.10.x? Or will it be fixed in 1.11.x?

(25 Mar '14, 01:47) ws_user13

This bug is already fixed in 1.11.x, it will probably not be fixed in 1.10.x.

(25 Mar '14, 03:08) Lekensteyn
showing 5 of 10 show 5 more comments