# Revision history [back]

### PSK TLS decryption using hex dump

Hi,

I am using hex dum and dummy TCP header. I can see that handshak is successful using PSK, and firs post message from client to server is successfully decrypted. For packet from server to client I changed interchanged the port so that now Wireshark can see it is from server:

dissect_ssl enter frame #7 (first time) packet_from_server: is from server - TRUE conversation = 00000228E46BA9F0, ssl_session = 00000228E46BAEA0 record: offset = 0, reported_length_remaining = 357 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 352, ssl state 0x3F packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available

But here I am getting issue for no decoder available.

Packet I have used in hexdump is: 0000 20 53 45 4e 44 00 20 52 45 43 56 00 08 00 45 00 01 8d 12 34 00 00 ff 06 a2 31 02 02 02 02 01 01 01 01 11 4E 98 34 00 00 5d af 00 00 00 00 50 00 20 00 a6 67 00 00 17 03 01 01 60 16 06 0F 09 BC 3A D3 06 26 1B 95 AF 95 17 21 69 51 26 2B 0A 37 53 36 D2 54 A9 39 5E D4 66 B6 8A DE 11 30 9F FB B9 99 68 0F 73 B8 FA 5C 06 0B 2C 0B 3B 52 2E EB 29 42 50 6C FB E8 48 66 24 7F 53 29 AE 15 3D 85 BB 25 1C BF 35 A3 96 55 DC AC AA 83 01 7E 59 28 E8 CE 87 58 06 14 20 DE 8A BD 3C D6 FA 96 CF D0 62 C8 18 76 88 32 89 C6 D0 84 40 23 6F 40 F3 26 45 30 A2 6E B5 BB 01 CC 1B 92 A8 36 45 79 D2 26 96 BA 5B FE 5E F3 9A 62 7A E6 59 D9 D1 72 3F 81 3B 84 2C 03 39 0C 94 17 F0 D4 36 E6 82 AA 77 08 19 54 C4 1F EA 9E 45 61 03 B5 46 86 FE 34 76 F1 C6 4F 39 D7 46 24 4E DA D2 BD 66 8D 17 09 3A D6 5A EF D4 C1 A4 56 EC 55 D1 AE A4 7E 59 A7 F9 39 1E 41 78 54 7A 8B 34 D7 97 25 F8 29 0D 63 D8 32 D2 30 86 68 18 6C 31 D3 F0 D9 2C BE 01 BB D2 3D 02 C0 AC F3 4A F2 3B 4B C8 B4 EC 8D D8 4D DA 2E C2 75 D3 6A 0E 34 2C CA 84 57 84 1E 98 2F D0 5A B9 69 0A FC 89 63 B5 BD 5F 47 0F 56 63 E0 98 61 D0 A3 07 48 0F 9E D3 35 41 77 5C 87 5B EE 07 A6 48 03 C3 8D 93 97 2E 32 F7 AA D6 C2 7C 5B 6C 17 27 9C 47 9B 01 2E 86 47 2C DD 2B BA ED C9 76 36 9C 97 33 22 A6 E3 C1 80 59 BE 6A

I can see all session keys are successfully generated in Change Chiper specs frame:

Client MAC key[20]: | 38 85 93 aa 4e 51 b7 21 30 26 11 90 8c 30 13 71 |8...NQ.!0&...0.q| | d0 52 7e 1e |.R~. | Server MAC key[20]: | 2e d4 50 50 cc 21 39 cd d4 c5 fb 1b e7 2e 75 01 |..PP.!9.......u.| | ff 51 56 f3 |.QV. | Client Write key[16]: | 5b 9d c8 e3 80 ec c2 37 50 e1 4b 87 96 8c 6b c2 |[......7P.K...k.| Server Write key[16]: | 05 ee 28 3c 6c d3 d2 c8 14 5e a8 61 30 63 fe a5 |..(<l....^.a0c..| client="" write="" iv[16]:="" |="" 11="" 5b="" bc="" ac="" 3c="" 74="" 6f="" f0="" 74="" 82="" 7a="" 49="" 5e="" b9="" 2e="" 33="" |.[..<to.t.zi^..3|="" server="" write="" iv[16]:="" |="" 28="" 96="" ad="" cc="" 19="" 5a="" 11="" 28="" a9="" 93="" 4c="" 72="" 7e="" 49="" 3c="" a5="" |(....z.(..lr~i&lt;.|<="" p="">

 2 None grahamb 23339 ●4 ●779 ●226 https://www.wireshark.org

### PSK TLS decryption using hex dump

Hi,

I am using hex dum dump and dummy TCP header. I can see that handshak handshake is successful using PSK, and firs first post message from client to server is successfully decrypted. For packet from server to client I changed interchanged the port so that now Wireshark can see it is from server:

dissect_ssl enter frame #7 (first time)
packet_from_server: is from server - TRUE
conversation = 00000228E46BA9F0, ssl_session = 00000228E46BAEA0
record: offset = 0, reported_length_remaining = 357
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 352, ssl state 0x3F
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder availableavailable


But here I am getting issue for no decoder available.

Packet I have used in hexdump is: is:

0000   20 53 45 4e 44 00 20 52 45 43 56 00 08 00 45 00 01 8d 12 34 00 00 ff 06 a2 31 02 02 02 02 01 01 01 01 11 4E 98 34 00 00 5d af 00 00 00 00 50 00 20 00 a6 67 00 00 17 03 01 01 60 16 06 0F 09 BC 3A D3 06 26 1B 95 AF 95 17 21 69 51 26 2B 0A 37 53 36 D2 54 A9 39 5E D4 66 B6 8A DE 11 30 9F FB B9 99 68 0F 73 B8 FA 5C 06 0B 2C 0B 3B 52 2E EB 29 42 50 6C FB E8 48 66 24 7F 53 29 AE 15 3D 85 BB 25 1C BF 35 A3 96 55 DC AC AA 83 01 7E 59 28 E8 CE 87 58 06 14 20 DE 8A BD 3C D6 FA 96 CF D0 62 C8 18 76 88 32 89 C6 D0 84 40 23 6F 40 F3 26 45 30 A2 6E B5 BB 01 CC 1B 92 A8 36 45 79 D2 26 96 BA 5B FE 5E F3 9A 62 7A E6 59 D9 D1 72 3F 81 3B 84 2C 03 39 0C 94 17 F0 D4 36 E6 82 AA 77 08 19 54 C4 1F EA 9E 45 61 03 B5 46 86 FE 34 76 F1 C6 4F 39 D7 46 24 4E DA D2 BD 66 8D 17 09 3A D6 5A EF D4 C1 A4 56 EC 55 D1 AE A4 7E 59 A7 F9 39 1E 41 78 54 7A 8B 34 D7 97 25 F8 29 0D 63 D8 32 D2 30 86 68 18 6C 31 D3 F0 D9 2C BE 01 BB D2 3D 02 C0 AC F3 4A F2 3B 4B C8 B4 EC 8D D8 4D DA 2E C2 75 D3 6A 0E 34 2C CA 84 57 84 1E 98 2F D0 5A B9 69 0A FC 89 63 B5 BD 5F 47 0F 56 63 E0 98 61 D0 A3 07 48 0F 9E D3 35 41 77 5C 87 5B EE 07 A6 48 03 C3 8D 93 97 2E 32 F7 AA D6 C2 7C 5B 6C 17 27 9C 47 9B 01 2E 86 47 2C DD 2B BA ED C9 76 36 9C 97 33 22 A6 E3 C1 80 59 BE 6A6A


I can see all session keys are successfully generated in Change Chiper Cipher specs frame:

Client MAC key[20]:
| 38 85 93 aa 4e 51 b7 21 30 26 11 90 8c 30 13 71 |8...NQ.!0&...0.q|
| d0 52 7e 1e                                     |.R~.            |
Server MAC key[20]:
| 2e d4 50 50 cc 21 39 cd d4 c5 fb 1b e7 2e 75 01 |..PP.!9.......u.|
| ff 51 56 f3                                     |.QV.            |
Client Write key[16]:
| 5b 9d c8 e3 80 ec c2 37 50 e1 4b 87 96 8c 6b c2 |[......7P.K...k.|
Server Write key[16]:
| 05 ee 28 3c 6c d3 d2 c8 14 5e a8 61 30 63 fe a5 |..(<l....^.a0c..| client="" write="" iv[16]:="" |="" 11="" 5b="" bc="" ac="" 3c="" 74="" 6f="" f0="" 74="" 82="" 7a="" 49="" 5e="" b9="" 2e="" 33="" |.[..<to.t.zi^..3|="" server="" write="" iv[16]:="" |="" 28="" 96="" ad="" cc="" 19="" 5a="" 11="" 28="" a9="" 93="" 4c="" 72="" 7e="" 49="" 3c="" a5="" |(....z.(..lr~i&lt;.|<="" p="">

|..(<l....^.a0c..|
Client Write IV[16]:
| 11 5b bc ac 3c 74 6f f0 74 82 7a 49 5e b9 2e 33 |.[..<to.t.zI^..3|
Server Write IV[16]:
| 28 96 ad cc 19 5a 11 28 a9 93 4c 72 7e 49 3c a5 |(....Z.(..Lr~I<.|


### PSK TLS decryption using hex dump

Hi,

I am using hex dump and dummy TCP header. I can see that handshake is successful using PSK, and first post message from client to server is successfully decrypted. For packet from server to client I changed interchanged the port so that now Wireshark can see it is from server:

dissect_ssl enter frame #7 (first time)
packet_from_server: is from server - TRUE
conversation = 00000228E46BA9F0, ssl_session = 00000228E46BAEA0
record: offset = 0, reported_length_remaining = 357
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 352, ssl state 0x3F
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available


But here I am getting issue for no decoder available.

Packet I have used in hexdump is:

0000   20 53 45 4e 44 00 20 52 45 43 56 00 08 00 45 00 01 8d 12 34 00 00 ff 06 a2 31 02 02 02 02 01 01 01 01 11 4E 98 34 00 00 5d af 00 00 00 00 50 00 20 00 a6 67 00 00 17 03 01 01 60 16 06 0F 09 BC 3A D3 06 26 1B 95 AF 95 17 21 69 51 26 2B 0A 37 53 36 D2 54 A9 39 5E D4 66 B6 8A DE 11 30 9F FB B9 99 68 0F 73 B8 FA 5C 06 0B 2C 0B 3B 52 2E EB 29 42 50 6C FB E8 48 66 24 7F 53 29 AE 15 3D 85 BB 25 1C BF 35 A3 96 55 DC AC AA 83 01 7E 59 28 E8 CE 87 58 06 14 20 DE 8A BD 3C D6 FA 96 CF D0 62 C8 18 76 88 32 89 C6 D0 84 40 23 6F 40 F3 26 45 30 A2 6E B5 BB 01 CC 1B 92 A8 36 45 79 D2 26 96 BA 5B FE 5E F3 9A 62 7A E6 59 D9 D1 72 3F 81 3B 84 2C 03 39 0C 94 17 F0 D4 36 E6 82 AA 77 08 19 54 C4 1F EA 9E 45 61 03 B5 46 86 FE 34 76 F1 C6 4F 39 D7 46 24 4E DA D2 BD 66 8D 17 09 3A D6 5A EF D4 C1 A4 56 EC 55 D1 AE A4 7E 59 A7 F9 39 1E 41 78 54 7A 8B 34 D7 97 25 F8 29 0D 63 D8 32 D2 30 86 68 18 6C 31 D3 F0 D9 2C BE 01 BB D2 3D 02 C0 AC F3 4A F2 3B 4B C8 B4 EC 8D D8 4D DA 2E C2 75 D3 6A 0E 34 2C CA 84 57 84 1E 98 2F D0 5A B9 69 0A FC 89 63 B5 BD 5F 47 0F 56 63 E0 98 61 D0 A3 07 48 0F 9E D3 35 41 77 5C 87 5B EE 07 A6 48 03 C3 8D 93 97 2E 32 F7 AA D6 C2 7C 5B 6C 17 27 9C 47 9B 01 2E 86 47 2C DD 2B BA ED C9 76 36 9C 97 33 22 A6 E3 C1 80 59 BE 6A


I can see all session keys are successfully generated in Change Cipher specs frame:

Client MAC key[20]:
| 38 85 93 aa 4e 51 b7 21 30 26 11 90 8c 30 13 71 |8...NQ.!0&...0.q|
| d0 52 7e 1e                                     |.R~.            |
Server MAC key[20]:
| 2e d4 50 50 cc 21 39 cd d4 c5 fb 1b e7 2e 75 01 |..PP.!9.......u.|
| ff 51 56 f3                                     |.QV.            |
Client Write key[16]:
| 5b 9d c8 e3 80 ec c2 37 50 e1 4b 87 96 8c 6b c2 |[......7P.K...k.|
Server Write key[16]:
| 05 ee 28 3c 6c d3 d2 c8 14 5e a8 61 30 63 fe a5 |..(<l....^.a0c..|
Client Write IV[16]:
| 11 5b bc ac 3c 74 6f f0 74 82 7a 49 5e b9 2e 33 |.[..<to.t.zI^..3|
Server Write IV[16]:
| 28 96 ad cc 19 5a 11 28 a9 93 4c 72 7e 49 3c a5 |(....Z.(..Lr~I<.|


Also it is possible that TLS data from cat_tp SEND DATA command can be dissected. Below is example:

000000 80 12 00 00 4E D0 4C 81 03 01 43 01 82 02 81 21 36 41 16 03 03 00 3C 01 00 00 38 03 03 7E 4C AA 10 04 1F F6 83 2A 77 11 B6 FA 1D 6E 70 AC FA 2C E9 BD 16 FD 63 01 09 F7 70 0C 4E CE B9 00 00 0A 00 AE 00 8B 00 8C 00 B0 00 2C 01 00 00 05 00 01 00 01 04 90 00