WPA3 Dragonblood Vulnerabilities Disclosure
#1
Interesting information and paper

https://wpa3.mathyvanhoef.com/

Hope this is safe from Milzo here
Reply
#2
Yes, very good and interesting analysis of some WPA3 flaws. Unfortunately the side channel attack requires at least unprivileged access to the victim (dragonblood.pdf: 7.2 Attack Scenario). In other words: The attacker must install code on the target device.

Additionally, most of the flaws are already patched:
SAE side-channel attacks
https://w1.fi/security/2019-1/

EAP-pwd side-channel attack
https://w1.fi/security/2019-2/

SAE confirm missing state validation
https://w1.fi/security/2019-3/

EAP-pwd missing commit validation
https://w1.fi/security/2019-4/
Reply
#3
(04-17-2019, 08:53 PM)ZerBea Wrote: Additionally, most of the flaws are already patched:

Yes, Jouni Malinen has access to WPA3 specifications through
representing Qualcomm at the Wi-Fi Alliance and this ensures
his wpa_supplicant/hostapd has the most up to date and
patched implementation for WPA3. So whilst everyone else
outside the closed doors of the Wi-Fi Alliance is waiting
to see a copy of the WPA3 spec, this codebase is the best
reference publically available.
Reply
#4
Yes, wpa_supplicant and hostapd are amazing open source tools. I really love them both and they are an integral part of my test environment to improve hcxdumptool.
Reply
#5
Hi,
How does hcxdumptool work with WPA3?
Do you reuse tools from Dragloblood?
Handshakes and PMKID extraction is no longer possible?
Reply
#6
How does hcxdumptool work with WPA3?
It only detect the AUTHENTICATION.

Do you reuse tools from Dragloblood?
No, this tools are useless, because they require at least unprivileged access to the victim.

Handshakes and PMKID extraction is no longer possible?
It is possible, but I deactivated it (KDV 0 - Authentication Key Management defined) in hcxdumptool and hcxpcapngtool, because hashcat has no hash mode to recover the pre-shared key.

WPA3 PMK calculation - totally different to WPA1/WPA2:
KCK || PMK = KDF-512(keyseed, "SAE KCK and PMK", (commit-scalar + peer-commit-scalar) modulo r)

WPA3 PMKID calculation - totally different to WPA2:
PMKID = L((commit-scalar + peer-commit-scalar) modulo r, 0, 128)
Reply