Hello everyone, i'm trying to decrypt a dtls trace with the server private key. I I have provided the private key to Wireshark DTLS protocol preference, but it's not working. In attached the decrypt log. Hope some of you could help me. Thanks in advance.
Wireshark SSL debug log
Wireshark version: 3.0.5 (v3.0.5-0-g752a55954770)
GnuTLS version: 3.6.3
Libgcrypt version: 1.8.3
KeyID[20]:
| 92 40 4a 81 c7 01 8d 55 d6 e4 30 aa 38 7f 6a e4 |[email protected].|
| 38 49 53 7e |8IS~ |
ssl_init private key file C:/Users/Andrea/Documents/snmp traccia/manager.key successfully loaded.
ssl_init port '10161' filename 'C:/Users/Andrea/Documents/snmp traccia/manager.key' password(only for p12 file) ''
association_add dtls.port port 10161 handle 0000017FC03570D0
packet_from_server: is from server - FALSE
packet_from_server: is from server - FALSE
dissect_dtls_record: content_type 22
decrypt_dtls_record: no session key
Calculating hash with offset 13 173
ssl_dissect_hnd_hello_common found CLIENT RANDOM -> state 0x01
packet_from_server: is from server - TRUE
packet_from_server: is from server - TRUE
ssl_try_set_version found version 0xFEFF -> state 0x11
dissect_dtls_record: content_type 22
decrypt_dtls_record: no session key
Calculating hash with offset 13 35
dissect_dtls_handshake erasing previous handshake_messages: 208
packet_from_server: is from server - FALSE
packet_from_server: is from server - FALSE
dissect_dtls_record: content_type 22
decrypt_dtls_record: no session key
Calculating hash with offset 13 193
ssl_dissect_hnd_hello_common found CLIENT RANDOM -> state 0x11
packet_from_server: is from server - TRUE
packet_from_server: is from server - TRUE
dissect_dtls_record: content_type 22
decrypt_dtls_record: no session key
Calculating hash with offset 13 66
ssl_try_set_version found version 0xFEFF -> state 0x11
ssl_dissect_hnd_hello_common found SERVER RANDOM -> state 0x13
ssl_set_cipher found CIPHER 0x0035 TLS_RSA_WITH_AES_256_CBC_SHA -> state 0x17
packet_from_server: is from server - TRUE
dissect_dtls_record: content_type 22
decrypt_dtls_record: no session key
packet_from_server: is from server - TRUE
dissect_dtls_record: content_type 22
decrypt_dtls_record: no session key
packet_from_server: is from server - TRUE
dissect_dtls_record: content_type 22
decrypt_dtls_record: no session key
packet_from_server: is from server - TRUE
dissect_dtls_record: content_type 22
decrypt_dtls_record: no session key
packet_from_server: is from server - TRUE
dissect_dtls_record: content_type 22
decrypt_dtls_record: no session key
packet_from_server: is from server - TRUE
dissect_dtls_record: content_type 22
decrypt_dtls_record: no session key
Calculating hash with offset 1293 6
Calculating hash with offset 0 3
Calculating hash with offset 1294 3
Calculating hash with offset 0 1238
Certificate.KeyID[20]:
| d0 6e 44 e7 1e 7c 56 d6 5a bd ca ea 97 e9 b6 b7 |.nD..|V.Z.......|
| 83 c9 80 8f |.... |
packet_from_server: is from server - TRUE
dissect_dtls_record: content_type 22
decrypt_dtls_record: no session key
Calculating hash with offset 1480 18
packet_from_server: is from server - TRUE
dissect_dtls_record: content_type 22
decrypt_dtls_record: no session key
Calculating hash with offset 1511 12
packet_from_server: is from server - FALSE
packet_from_server: is from server - FALSE
dissect_dtls_record: content_type 22
decrypt_dtls_record: no session key
packet_from_server: is from server - FALSE
dissect_dtls_record: content_type 22
decrypt_dtls_record: no session key
packet_from_server: is from server - FALSE
dissect_dtls_record: content_type 22
decrypt_dtls_record: no session key
packet_from_server: is from server - FALSE
dissect_dtls_record: content_type 22
decrypt_dtls_record: no session key
packet_from_server: is from server - FALSE
dissect_dtls_record: content_type 22
decrypt_dtls_record: no session key
packet_from_server: is from server - FALSE
dissect_dtls_record: content_type 22
decrypt_dtls_record: no session key
Calculating hash with offset 1293 6
Calculating hash with offset 0 3
Calculating hash with offset 1294 3
Calculating hash with offset 0 1253
packet_from_server: is from server - FALSE
dissect_dtls_record: content_type 22
decrypt_dtls_record: no session key
packet_from_server: is from server - FALSE
dissect_dtls_record: content_type 22
decrypt_dtls_record: no session key
Calculating hash with offset 1549 6
Calculating hash with offset 0 3
Calculating hash with offset 1550 3
Calculating hash with offset 0 258
ssl_load_keyfile dtls/tls.keylog_file is not configured!
ssl_generate_pre_master_secret: found SSL_HND_CLIENT_KEY_EXCHG, state 17
ssl_restore_master_key can't find pre-master secret by Unencrypted pre-master secret
pre master encrypted[256]:
| 10 b2 90 d8 93 68 ca 2c 16 82 00 66 53 d2 3f aa |.....h.,...fS.?.|
| 0a a6 f8 f1 07 10 aa b1 c8 ee df 56 b6 24 46 61 |...........V.$Fa|
| 08 00 eb db 42 2d 59 b4 8e 26 4f f5 55 35 26 32 |....B-Y..&O.U5&2|
| 38 f9 c8 23 8a a1 eb ad dd 4b 30 c2 63 3b 7d 9f |8..#.....K0.c;}.|
| 5f f6 2a 9b 0c 0d c7 e5 e7 fa 62 f3 86 6b 29 8f |_.*.......b..k).|
| a9 99 eb dd ef ca 74 8a 8a 0d ee bd 92 de 2f 24 |......t......./$|
| f5 d6 9d de 95 e4 9f cf 13 bc 58 8e a4 52 d8 06 |..........X..R..|
| 22 86 67 19 fd d8 52 13 07 16 f3 fa 9f d3 7e 03 |".g...R.......~.|
| 38 c6 ba 44 fa f3 f5 47 bc 47 37 94 cd 77 89 3b |8..D...G.G7..w.;|
| a2 6a 2d 74 96 ae 25 45 9c d5 b4 00 21 2b a7 7c |.j-t..%E....!+.||
| e9 18 3c 7a 2a 50 de 29 fc ea 00 c9 d8 0c 05 70 |..<z*p.).......p| |="" d5="" c2="" 7c="" f1="" 4a="" f2="" 2e="" 63="" 43="" 31="" b1="" c0="" 81="" a4="" f2="" af="" |..|.j..cc1......|="" |="" 3b="" 61="" 30="" ad="" f0="" ea="" 4f="" 43="" f9="" 8a="" d6="" aa="" 57="" 9f="" 41="" 08="" |;a0...oc....w.a.|="" |="" 3d="" 2b="" d3="" 5a="" 0e="" 56="" 77="" d8="" c5="" 0a="" 72="" 31="" 1c="" b5="" 1b="" 25="" |="+.Z.Vw...r1...%|" |="" 3f="" b1="" e7="" 52="" 7a="" 87="" ec="" c2="" 4e="" f2="" 1d="" c8="" 33="" 19="" 10="" 18="" |?..rz...n...3...|="" |="" a7="" 7d="" 21="" 63="" a6="" 5f="" 31="" 33="" b8="" 30="" ad="" 0d="" 72="" f7="" 4e="" 22="" |.}!c._13.0..r.n"|="" ssl_decrypt_pre_master_secret:="" rsa_private_decrypt="" ssl_decrypt_pre_master_secret:="" decryption="" failed:="" -49="" (no="" certificate="" was="" found.)="" ssl_generate_pre_master_secret:="" can't="" decrypt="" pre-master="" secret="" ssl_restore_master_key="" can't="" find="" pre-master="" secret="" by="" encrypted="" pre-master="" secret="" dissect_dtls_handshake="" can't="" generate="" pre="" master="" secret="" packet_from_server:="" is="" from="" server="" -="" false="" dissect_dtls_record:="" content_type="" 22="" decrypt_dtls_record:="" no="" session="" key="" packet_from_server:="" is="" from="" server="" -="" false="" dissect_dtls_record:="" content_type="" 22="" decrypt_dtls_record:="" no="" session="" key="" packet_from_server:="" is="" from="" server="" -="" false="" dissect_dtls_record:="" content_type="" 20="" decrypt_dtls_record:="" no="" session="" key="" ssl_load_keyfile="" dtls="" tls.keylog_file="" is="" not="" configured!="" ssl_finalize_decryption="" state="0x17" ssl_restore_master_key="" can't="" restore="" master="" secret="" using="" an="" empty="" session="" id="" ssl_restore_master_key="" can't="" find="" master="" secret="" by="" client="" random="" cannot="" find="" master="" secret="" packet_from_server:="" is="" from="" server="" -="" false="" ssl_change_cipher="" client="" packet_from_server:="" is="" from="" server="" -="" false="" dissect_dtls_record:="" content_type="" 22="" decrypt_dtls_record:="" no="" session="" key="" packet_from_server:="" is="" from="" server="" -="" true="" packet_from_server:="" is="" from="" server="" -="" true="" dissect_dtls_record:="" content_type="" 22="" decrypt_dtls_record:="" no="" session="" key="" packet_from_server:="" is="" from="" server="" -="" true="" dissect_dtls_record:="" content_type="" 22="" decrypt_dtls_record:="" no="" session="" key="" packet_from_server:="" is="" from="" server="" -="" true="" dissect_dtls_record:="" content_type="" 22="" decrypt_dtls_record:="" no="" session="" key="" packet_from_server:="" is="" from="" server="" -="" true="" dissect_dtls_record:="" content_type="" 22="" decrypt_dtls_record:="" no="" session="" key="" packet_from_server:="" is="" from="" server="" -="" true="" dissect_dtls_record:="" content_type="" 22="" decrypt_dtls_record:="" no="" session="" key="" packet_from_server:="" is="" from="" server="" -="" true="" dissect_dtls_record:="" content_type="" 22="" decrypt_dtls_record:="" no="" session="" key="" packet_from_server:="" is="" from="" server="" -="" true="" dissect_dtls_record:="" content_type="" 22="" decrypt_dtls_record:="" no="" session="" key="" calculating="" hash="" with="" offset="" 1549="" 6="" calculating="" hash="" with="" offset="" 0="" 3="" calculating="" hash="" with="" offset="" 1550="" 3="" calculating="" hash="" with="" offset="" 0="" 1414="" ssl_save_master_key="" not="" saving="" empty="" (pre-)master="" secret="" for="" session="" ticket!="" packet_from_server:="" is="" from="" server="" -="" true="" dissect_dtls_record:="" content_type="" 20="" decrypt_dtls_record:="" no="" session="" key="" ssl_dissect_change_cipher_spec="" not="" using="" session="" resumption="" ssl_load_keyfile="" dtls="" tls.keylog_file="" is="" not="" configured!="" ssl_finalize_decryption="" state="0x417" ssl_restore_master_key="" can't="" restore="" master="" secret="" using="" an="" empty="" session="" id="" ssl_restore_master_key="" can't="" find="" master="" secret="" by="" client="" random="" cannot="" find="" master="" secret="" packet_from_server:="" is="" from="" server="" -="" true="" ssl_change_cipher="" server="" packet_from_server:="" is="" from="" server="" -="" true="" dissect_dtls_record:="" content_type="" 22="" decrypt_dtls_record:="" no="" session="" key="" packet_from_server:="" is="" from="" server="" -="" false="" packet_from_server:="" is="" from="" server="" -="" false="" dissect_dtls_record:="" content_type="" 23="" decrypt_dtls_record:="" no="" session="" key="" packet_from_server:="" is="" from="" server="" -="" true="" packet_from_server:="" is="" from="" server="" -="" true="" dissect_dtls_record:="" content_type="" 23="" decrypt_dtls_record:="" no="" session="" key="" packet_from_server:="" is="" from="" server="" -="" false="" packet_from_server:="" is="" from="" server="" -="" false="" dissect_dtls_record:="" content_type="" 23="" decrypt_dtls_record:="" no="" session="" key="" packet_from_server:="" is="" from="" server="" -="" true="" packet_from_server:="" is="" from="" server="" -="" true="" dissect_dtls_record:="" content_type="" 23="" decrypt_dtls_record:="" no="" session="" key="" packet_from_server:="" is="" from="" server="" -="" false="" packet_from_server:="" is="" from="" server="" -="" false="" dissect_dtls_record:="" content_type="" 21="" decrypt_dtls_record:="" no="" session="" key="" packet_from_server:="" is="" from="" server="" -="" false="" packet_from_server:="" is="" from="" server="" -="" false="" dissect_dtls_record:="" content_type="" 22="" decrypt_dtls_record:="" no="" session="" key="" calculating="" hash="" with="" offset="" 13="" 173="" ssl_dissect_hnd_hello_common="" found="" client="" random="" -=""> state 0x01
packet_from_server: is from server - TRUE
packet_from_server: is from server - TRUE
ssl_try_set_version found version 0xFEFF -> state 0x11
dissect_dtls_record: content_type 22
decrypt_dtls_record: no session key
Calculating hash with offset 13 35
dissect_dtls_handshake erasing previous handshake_messages: 208
packet_from_server: is from server - FALSE
packet_from_server: is from server - FALSE
dissect_dtls_record: content_type 22
decrypt_dtls_record: no session key
Calculating hash with offset 13 193
ssl_dissect_hnd_hello_common found CLIENT RANDOM -> state 0x11
packet_from_server: is from server - TRUE
packet_from_server: is from server - TRUE
dissect_dtls_record: content_type 22
decrypt_dtls_record: no session key
Calculating hash with offset 13 66
ssl_try_set_version found version 0xFEFF -> state 0x11
ssl_dissect_hnd_hello_common found SERVER RANDOM -> state 0x13
ssl_set_cipher found CIPHER 0x0035 TLS_RSA_WITH_AES_256_CBC_SHA -> state 0x17
packet_from_server: is from server - TRUE
dissect_dtls_record: content_type 22
decrypt_dtls_record: no session key
packet_from_server: is from server - TRUE
dissect_dtls_record: content_type 22
decrypt_dtls_record: no session key
packet_from_server: is from server - TRUE
dissect_dtls_record: content_type 22
decrypt_dtls_record: no session key
packet_from_server: is from server - TRUE
dissect_dtls_record: content_type 22
decrypt_dtls_record: no session key
packet_from_server: is from server - TRUE
dissect_dtls_record: content_type 22
decrypt_dtls_record: no session key
packet_from_server: is from server - TRUE
dissect_dtls_record: content_type 22
decrypt_dtls_record: no session key
Calculating hash with offset 1293 6
Calculating hash with offset 0 3
Calculating hash with offset 1294 3
Calculating hash with offset 0 1238
