Decrypt WiFi AKM 25 after fast transition
Is it possible to decrypt encrypted Wi-Fi frames after fast transition? I have a capture of WiFi fast transition with authentication req/resp and reassociation req/resp. AKM suite is FT using SAE (00 0F AC 19). Pairwise cipher suite is AES (CCM) (00 0F AC 04). I've tried decrypting protected frames by specifying wpa-psk with PMK-R0 and PMK-R1, tk with PTK truncated to 32 and 16 bytes (full PTK is 48 bytes, but the key needs to be 16 or 32 bytes). None of this works - protected frames are not decrypted. Wireshark is compiled from sources from latest commit - 40634e4f14 epan: Unsigned lengths and offsets for the TVB BCD string functions.
Version 4.7.0.
Compile-time info:
Bit width: 64-bit
Compiler: GCC 15.2.1 20251211 (Red Hat 15.2.1-5)
GLib: 2.86.3
With:
+brotli +Minizip 4.0.10
+Gcrypt 1.11.1-unknown +nghttp2 1.66.0
+GnuTLS 3.8.11 and PKCS#11 +PCRE2 10.47 2025-10-21
+Kerberos (MIT) +POSIX capabilities (Linux)
+libnl 3 +Qt 6.10.1
+libpcap +QtDBus
+libsmi 0.5.0 +QtMultimedia
+libxml2 2.12.10 +Snappy 1.2.2
+Lua 5.4.8 +xxhash 0.8.3
+LZ4 1.10.0 +zlib 1.3.1.zlib-ng
+MaxMind +Zstandard 1.5.7
Without:
-automatic updates -nghttp3 -zlib-ng
Runtime info:
OS: Linux 6.17.8-300.fc43.x86_64
CPU: AMD Ryzen 9 9900X 12-Core Processor (with SSE4.2)
Memory: 61866 MB of physical memory
GLib: 2.86.3
Locale: LC_TYPE=en_US.UTF-8
Plugins: supported, 24 loaded
With:
+brotli 1.2.0 +nghttp2 1.66.0
+c-ares 1.34.5 +PCRE2 10.47 2025-10-21
+Gcrypt 1.11.1-unknown +QPA plugin "wayland"
+GnuTLS 3.8.11 +Qt 6.10.1
+HiDPI +Wayland
+libpcap 1.10.5 (with TPACKET_V3) +xxhash 803
+libsmi 0.5.0 +zlib 1.3.1.zlib-ng
+light display mode +Zstandard 1.5.7
+LZ4 1.10.0
add a comment