Ask Your Question
0

wifi decryption key format with id and password

asked 2019-10-29 03:24:27 +0000

Abecid gravatar image

So

<password>:<ssid>

is the format.

what if I the wifi took two inputs. Id and password.

What would the format be?

edit retag flag offensive close merge delete

Comments

Do you mean in a WPA Enterprise context?

Jaap gravatar imageJaap ( 2019-10-29 04:35:47 +0000 )edit

Yes!!! Thats right

Abecid gravatar imageAbecid ( 2019-10-29 04:38:55 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-10-30 09:02:57 +0000

Bob Jones gravatar image

There is no entry format for ID/Password when trying to decrypt using WPA2-Enterprise. Use the type:

wpa-psk

and then paste in the PMK to Wireshark. This would not be derived from the user/password, but rather is the keying material that is generated after authentication takes place. You will most likely have to get this from one of several places:

  1. RADIUS server, perhaps in debug mode (e.g. can try freeradius -X and see if keys are shown)
  2. Capture wired RADIUS traffic between WiFI system and RADIUS server, then decrypt and extract (need RADIUS shared secret)
  3. From the WiFi system (would depend on what system you have, and in many cases would not be possible)
  4. From some type of client debug where you can dump the PMK (wpa_supplicant can do this in debug mode with -K)
  5. Capture the EAPOL TLS tunnel traffic (assuming, for instance, the user/password is used with an EAP method that uses TLS, such as PEAP or TTLS) and try to decrypt the TLS tunnel traffic which contains the PMK. Hope (or force) that DHE is not used for key exchange and need access to server private key.

With the PMK (which will likely be different for each client, each time the client does a full re-authentication) and the 4-way EAPOL handshake, you could then decrypt 802.11 traffic. Watch, though, session timeouts on certain platforms - the subsequent EAPOL exchange after the first may be encrypted; so its a daisy-chain type effect: need to decrypt the first, then with that can decrypt the second, and with that key set can decrypt the third, etc. Lose any critical information along the way and the chain breaks and decryption ceases to be possible until a full, unencrypted authentication takes place.

This is difficult work, but not impossible with the right access.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2019-10-29 03:24:27 +0000

Seen: 176 times

Last updated: Oct 30 '19