hashcat Forum Misc General Talk v
WPA3 Dragonblood Vulnerabilities Disclosure

Threaded Mode
WPA3 Dragonblood Vulnerabilities Disclosure
MrMiller Offline
Junior Member
**
Posts: 5
Threads: 1
Joined: Apr 2019
#1
04-17-2019, 11:47 AM
Interesting information and paper

https://wpa3.mathyvanhoef.com/

Hope this is safe from Milzo here
Find
Reply
ZerBea Offline
Moderator
*****
Posts: 1,042
Threads: 2
Joined: Jun 2017
#2
04-17-2019, 08:53 PM (This post was last modified: 04-17-2019, 08:58 PM by ZerBea.)
Yes, very good and interesting analysis of some WPA3 flaws. Unfortunately the side channel attack requires at least unprivileged access to the victim (dragonblood.pdf: 7.2 Attack Scenario). In other words: The attacker must install code on the target device.

Additionally, most of the flaws are already patched:
SAE side-channel attacks
https://w1.fi/security/2019-1/

EAP-pwd side-channel attack
https://w1.fi/security/2019-2/

SAE confirm missing state validation
https://w1.fi/security/2019-3/

EAP-pwd missing commit validation
https://w1.fi/security/2019-4/
Find
Reply
MrMiller Offline
Junior Member
**
Posts: 5
Threads: 1
Joined: Apr 2019
#3
04-19-2019, 06:53 PM
(04-17-2019, 08:53 PM)ZerBea Wrote: Additionally, most of the flaws are already patched:

Yes, Jouni Malinen has access to WPA3 specifications through
representing Qualcomm at the Wi-Fi Alliance and this ensures
his wpa_supplicant/hostapd has the most up to date and
patched implementation for WPA3. So whilst everyone else
outside the closed doors of the Wi-Fi Alliance is waiting
to see a copy of the WPA3 spec, this codebase is the best
reference publically available.
Find
Reply
ZerBea Offline
Moderator
*****
Posts: 1,042
Threads: 2
Joined: Jun 2017
#4
04-20-2019, 10:11 AM
Yes, wpa_supplicant and hostapd are amazing open source tools. I really love them both and they are an integral part of my test environment to improve hcxdumptool.
Find
Reply
Mem5 Offline
Posting Freak
*****
Posts: 803
Threads: 135
Joined: Feb 2011
#5
05-14-2020, 09:51 AM
Hi,
How does hcxdumptool work with WPA3?
Do you reuse tools from Dragloblood?
Handshakes and PMKID extraction is no longer possible?
Find
Reply
ZerBea Offline
Moderator
*****
Posts: 1,042
Threads: 2
Joined: Jun 2017
#6
05-15-2020, 10:34 PM
How does hcxdumptool work with WPA3?
It only detect the AUTHENTICATION.

Do you reuse tools from Dragloblood?
No, this tools are useless, because they require at least unprivileged access to the victim.

Handshakes and PMKID extraction is no longer possible?
It is possible, but I deactivated it (KDV 0 - Authentication Key Management defined) in hcxdumptool and hcxpcapngtool, because hashcat has no hash mode to recover the pre-shared key.

WPA3 PMK calculation - totally different to WPA1/WPA2:
KCK || PMK = KDF-512(keyseed, "SAE KCK and PMK", (commit-scalar + peer-commit-scalar) modulo r)

WPA3 PMKID calculation - totally different to WPA2:
PMKID = L((commit-scalar + peer-commit-scalar) modulo r, 0, 128)
Find
Reply