Wireshark-dev: [Wireshark-dev] how to decrypting PEAP Traffic
From: Harsha gowda <harsha.k.gowda@xxxxxxxxx>
Date: Thu, 4 Jun 2009 17:58:53 +0530
Hi,
According to RFC2716 section 3.5 says
PMK=TLS-PRF(MasterKey, “client EAP encryption” | clientHello.random| serverHello.random)
can you help me what exactly is MasterKey,
In one of the blog i read
MasterKey = TLS-PRF(PreMasterKey, “master secret” | clientHello.random| serverHello.random)
and PreMasterKey is a 48 Byte random number which is generated by client and sent to server by encrypting with server's public key.
I tried to decrypt the 32 bytes which is a handshake message in packet # 550 (as shown in "what-is-premasterkey.JPG")
with Privatekey "privatekey.txt"
"28 1a d7 a8 a5 0d e4 24 23 80 a5 0a dd 7f 1d bb e9 83 c8 2f 68 96 26 25 8d c9 ba ca f2 81 5e a1"
asuming this is premasterkey (client generated random number)
after decrypting i got
0c 03 33 0a 6e 95 fb d9 5f bf 0d 03 a2 27 a8 f3
cd e4 eb 27 f2 29 37 da c4 4b 0b d3 16 16 f0 93
9b b5 7b d9 bf e6 eb fe 79 cb 96 0d 22 7d a3 5a
72 35 80 a0 63 f9 0d cb fa f9 11 53 bb 7d f1 40
3c 4e 2f 34 21 9c 01 56 40 70 ea 7c 62 21 6d bf
ea ad c7 6a f4 7e 99 ea b6 be e5 57 88 56 b3 44
4b 40 0e 11 73 f3 22 4d da 69 11 8f ef 79 bd 41
f8 19 8d 10 f7 bb 1e 89 0e 5c 51 fd eb e7 d8 5c
f7 68 86 35 c8 80 e4 ec b6 ae eb 42 d0 03 3f 52
87 d5 13 b0 cd 5a dc e8 87 7b a0 d4 58 cf 71 d9
14 fb dc 8a 11 6c 4f 73 76 53 ce c2 96 b9 39 3f
e7 b7 e5 4e ee 8a 34 4f 7c 0e a3 b8 4c 4e 12 5a
25 11 73 6f 08 1c 72 e5 e8 54 fb 97 eb d4 f2 06
2c 64 15 b3 84 01 66 73 f1 19 96 ae 02 e6 61 ed
39 24 7d ca f7 94 a2 52 e5 be 31 dc bd 87 2c 79
8b 44 d0 58 fb 7a 19 51 9d a8 2e aa 80 d3 4a 2e
So my question is what is my PremasterKey...
Thanks you....
Waiting for all of your responce
Regards
Harsha
Private-Key: (2048 bit) modulus: 00:b6:fe:69:44:d5:3d:e2:24:bc:8e:dc:9b:9c:12: b4:e5:2d:13:38:91:41:4b:38:6e:b7:ea:56:78:92: 35:80:77:3f:86:83:e5:fa:e7:2f:c3:3b:a3:c9:9e: fd:dd:bf:31:e0:fa:99:5a:ff:67:b0:b6:19:a8:ac: ba:51:81:b0:87:3e:5d:32:3d:03:1b:45:b1:cf:de: 7d:cb:61:e2:2f:5e:b4:e9:8c:7b:6e:6f:81:38:df: 99:01:d7:0e:19:09:87:58:41:5f:12:2f:7e:fa:56: 02:20:07:38:85:b4:1b:92:39:04:06:39:3d:e5:35: 08:53:2f:e8:81:5d:d8:ce:88:3d:c2:41:f9:90:4b: 46:59:6c:45:13:aa:ff:68:09:6a:ba:08:1f:a3:de: 15:ed:ea:96:01:fa:ab:6e:ec:60:ad:6b:68:f9:7d: 8a:73:68:ae:c1:b9:b7:8f:ea:ba:38:8e:49:2d:c3: 26:83:e5:32:66:89:27:ad:6c:d2:41:92:8b:b1:29: 5c:96:3f:2e:de:77:a4:59:ce:7b:35:a1:44:da:c6: 8f:97:03:c9:9e:45:98:80:bf:ea:2d:39:68:de:7d: aa:92:5f:64:92:4e:cf:52:d7:3e:63:2e:c9:94:d3: d3:a7:78:4a:4e:9c:f4:de:de:1c:ab:0b:ae:e6:09: 9d:c5 publicExponent: 65537 (0x10001) privateExponent: 00:84:1e:99:38:76:51:70:b6:1f:61:72:0b:f3:9a: 59:fa:e1:19:70:8d:07:3c:5c:e9:2b:66:48:ba:52: ad:c8:2b:d0:b4:b9:04:51:ab:9b:03:75:4a:e2:e6: 24:da:76:11:78:22:d6:98:29:b0:de:98:0b:5c:8a: 21:17:79:f0:4f:25:0a:ba:9b:ec:63:43:65:86:f4: 57:94:80:fe:82:3e:f9:95:69:b5:30:5d:d7:49:8d: be:75:e2:a4:2e:15:80:1f:8b:4b:2d:e1:16:e7:7d: 33:99:96:3d:0b:e3:a6:c8:62:db:f1:f6:60:26:dd: ac:3e:0b:67:ee:07:28:e2:ab:a8:88:5f:66:8b:de: b6:3c:26:21:6b:0e:cc:a1:12:50:93:58:50:59:42: 31:0b:06:9a:a7:b1:b2:dc:b9:06:c5:aa:ff:e7:53: 39:24:64:18:5e:a4:8a:43:b8:b7:08:31:02:c0:63: fd:9c:7e:ef:18:75:11:7e:a7:16:9c:81:d7:41:e5: 44:4d:e9:45:49:a3:61:16:3e:76:1d:3f:8c:47:76: 00:36:52:c2:eb:ce:65:44:40:3f:45:43:75:d5:3c: c3:fd:c5:5f:a4:82:27:16:ed:a2:49:60:c5:e9:6d: 38:f3:b6:96:e3:a2:cd:4e:7a:42:af:2b:81:fc:65: a4:81 prime1: 00:d9:64:50:8c:1f:ba:b8:be:ab:71:7e:07:ef:14: 99:f4:0d:59:37:a1:ca:30:97:8d:e9:c6:17:f2:5c: b6:f1:d8:a9:52:b9:03:3a:43:e1:e8:9d:06:db:0e: 85:53:8c:15:05:92:26:f1:d7:d2:68:2b:f6:65:99: 86:4c:5b:cf:d1:d4:5e:79:c2:97:7c:f6:17:67:01: 6f:95:bf:0e:81:cb:86:43:7c:c5:10:a3:9c:9a:1c: d2:8d:76:53:91:01:e6:70:13:59:c6:64:f3:61:ff: 54:a0:bb:8d:26:6b:fc:70:d7:a4:ff:b0:01:f7:1a: c3:6b:0d:05:15:a2:1c:9f:a5 prime2: 00:d7:7e:31:c0:4e:de:28:7d:e8:aa:3e:46:80:16: 69:a9:03:94:35:40:e7:a1:e5:85:5a:cd:37:36:7d: a7:1f:67:63:ca:f5:cb:06:f8:4b:f1:89:17:d0:1e: ac:94:9e:5f:c9:86:fb:66:78:b4:73:d4:4e:7a:ec: 39:35:1e:44:db:33:c8:3d:43:c2:56:f5:f5:27:9a: 69:56:18:c3:ff:97:14:c1:be:22:6e:42:74:0d:a9: 00:db:ae:57:14:a4:90:4b:f1:09:79:23:87:17:2a: 9d:78:b3:c8:5b:7f:b1:44:ab:d9:66:e1:bf:c8:20: 6a:de:52:06:a8:48:ee:ab:a1 exponent1: 4f:5d:56:22:b1:fa:c3:33:a8:f7:98:21:61:61:4e: 0b:51:4c:3f:09:2b:fd:ad:76:bb:df:fc:22:19:43: 18:ec:16:75:02:e2:70:c5:13:96:8e:ad:50:0f:ef: 10:df:55:55:61:54:22:7a:be:70:15:8c:b0:ee:e9: 9e:ba:ee:16:16:c8:1e:ff:b1:ba:87:45:67:ef:98: 43:3d:2b:18:ab:aa:ea:bc:84:5d:5c:bd:f1:6d:90: 58:e0:d8:05:5a:82:3c:6c:74:1c:00:02:f2:c5:fa: a9:6b:8f:4e:75:a2:05:b8:54:9e:9c:2d:3b:7f:63: d4:93:3e:45:f5:97:29:99 exponent2: 00:be:62:8a:b7:f9:b6:03:16:42:71:ee:75:41:03: 0c:34:bb:a9:bc:66:ec:7e:b7:96:5b:03:c5:cd:09: b4:96:65:34:e0:82:c9:ee:0d:7e:a3:15:d9:09:11: a0:ad:e9:42:7d:7d:19:2d:8e:64:f7:94:d2:05:7e: 20:88:d2:86:49:17:f5:c8:52:ce:27:20:44:88:c9: be:58:c7:a6:9a:70:b3:70:fc:77:d4:ec:37:36:3e: 63:38:b3:4d:d2:3a:16:16:52:0d:69:8e:3e:f2:f3: be:8e:7e:5f:fc:9e:d3:51:f5:76:2c:94:34:69:2e: 62:dc:aa:a1:a1:1a:56:6b:21 coefficient: 00:b4:20:f3:60:95:95:ff:9d:42:fe:f2:7e:24:0b: 7b:3a:50:35:a3:88:1c:f4:08:db:fd:3c:e2:29:47: 90:41:20:80:fd:2e:d1:40:79:1d:2e:d6:9e:c1:a5: d0:71:ad:fe:8f:41:96:f2:26:85:dd:9c:98:10:97: 75:32:e2:76:dc:b3:0b:d9:6c:40:97:6e:3a:e6:c5: 77:d9:fd:df:da:29:46:ef:51:ff:07:3f:a6:de:a6: 88:ec:01:43:35:99:40:d9:0e:38:19:e3:16:2e:c3: fb:4e:1b:45:83:50:72:39:7d:96:be:a2:5b:39:74: 4f:bf:72:f5:46:b0:4d:4f:cd
Attachment:
what-is-premasterkey.JPG
Description: JPEG image
Attachment:
EAP1.cap
Description: Binary data
- Prev by Date: Re: [Wireshark-dev] Program test
- Next by Date: Re: [Wireshark-dev] Patch supplied for wiretap/Makefile.nmake
- Previous by thread: Re: [Wireshark-dev] Program test
- Next by thread: Re: [Wireshark-dev] [Wireshark-users] bit operations are missing from lua bindings?
- Index(es):