Decrypt DTLS packet

dtls

asked 2021-08-09 05:40:02 +0000

won
1 ●1 ●1

Hi, I'm trying to decrypt DTLS packet, also used some other PSK's, but it doesn't work at all. Do you have any references for decrypting DTLS packet with version 3.4.7? I'm telling that i'm using the latest version of Wireshark.

edit retag flag offensive close merge delete

Comments

A PSK only works when using RSA ciphers, which are becoming less often used. Can you share a capture, or at least the output of the TLS debug log?

grahamb ( 2021-08-09 07:36:54 +0000 )edit

This is the part of captured file that I've done.(Not sure the image shows well.) (+ I don't know how to upload the image file.) I've checked to "Edit -> Preferences -> Protocol -> DTLS", but it requires PSK to decrypt.link text

won ( 2021-08-09 08:01:45 +0000 )edit

An image of a capture doesn't really help, as noted above we need either the capture, or the TLS debug log (see the TLS dissector preferences).

Captures, logs, images etc. should be uploaded to an external public share and then a link to the item posted back here. Your image isn't publicly shared.

grahamb ( 2021-08-09 08:59:12 +0000 )edit

add a comment

answered 2021-08-09 18:06:28 +0000

Jaap

13742 ●711 ●115

updated 2021-08-09 19:36:09 +0000

Here's a working scenario on a Linux box,

Start Wireshark, set DTLS preferences Pre-Shared Key to 0102030405060708090a0b0c0d0e0f, and start the capture on the loopback interface.

As a server run this in a Linux console

$ PSK=0102030405060708090a0b0c0d0e0f
$ openssl s_server -dtls -psk $PSK -cipher PSK-AES128-CBC-SHA -nocert -accept 23000

As a client run this in another Linux console

$ PSK=0102030405060708090a0b0c0d0e0f
$ openssl s_client -psk $PSK -dtls -connect 127.0.0.1:23000

Type something in the client console and press enter, it should show up on the server console, and in Wireshark the DTLS packets should show this same data in an Application Data packet.

edit flag offensive delete link

Comments

You might want to BOLD the first step to "Start Wireshark" capture before the dtls handshake.

Not sure if the original question was really for "decrypt DTLS packet" or a full dtls session.

Chuckc ( 2021-08-09 18:37:30 +0000 )edit

@Chuckc done, and, I don't know either but having an example is always a good start.

Jaap ( 2021-08-09 19:37:30 +0000 )edit

@Jaap - yes, I tend to learn the hard way and it was useful to see that the startup is needed for decode.
Added it to the DTLS Wiki page

Chuckc ( 2021-08-09 19:51:20 +0000 )edit

So should I have to install openssl on Linux? Actually I tried once, I'm a little bit curious that should I have to write PSK = 0102030405060708090a0b0c0d0e0f on Linux console;it didn't worked.

won ( 2021-08-11 04:09:54 +0000 )edit

@won You asked about decrypting DTLS with Wireshark, and mentioned the use of PSK's. So I created a working example of creating such network traffic, capture and dissection of the DTLS packets and decryption of the payload.

This example uses the openssl command line program features to setup the server and client for the DTLS connection. It may be possible to do the same with other programs, this is just an example.

In the example the PSK is setup in an environment variable in the opened Bash-like shell. Other shell types may have different ways of setting environment variables. Copying the line after the '$' prompt should work fine.

Jaap ( 2021-08-11 09:45:08 +0000 )edit

add a comment

Decrypt DTLS packet

Comments

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

Decrypt DTLS packet edit

Comments

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

Decrypt DTLS packet