New attack on WPA/WPA2 using PMKID
#72
Pushed a small update hcxdumptool. From now on we parse SAE completely:

[10:10:20 - 005] c83a35000002 -> c83a35000001 [AUTHENTICATION, SAE COMMIT, STATUS 0, SEQUENCE 304]
[10:10:20 - 005] c83a35000001 -> c83a35000002 [AUTHENTICATION, SAE COMMIT, STATUS 0, SEQUENCE 337]
[10:10:20 - 005] c83a35000002 -> c83a35000001 [AUTHENTICATION, SAE CONFIRM, STATUS 0, SEQUENCE 305]
[10:10:20 - 005] c83a35000001 -> c83a35000002 [AUTHENTICATION, SAE CONFIRM, STATUS 0, SEQUENCE 338]
[10:10:20 - 005] c83a35000001 -> c83a35000002 [FOUND PMKID]
[10:10:20 - 005] c83a35000001 -> c83a35000002 [FOUND AUTHORIZED HANDSHAKE, EAPOL TIMEOUT 3741]

as you can see here:
[10:10:20 - 005] c83a35000001 -> c83a35000002 [FOUND PMKID]
We are not able to attack SAE yet...

Remarks:
SAE = Simultaneous authentication of equals
pre-shared password-based authentication with stronger security than WPA-PSK (as known as WPA3-Personal)


struct sae_commit_authentication_frame
{
 uint16_t    group_id;
 uint8_t    scalar[32];
 uint8_t    commit_element_x[32];
 uint8_t    commit_element_y[32];
} __attribute__((__packed__));


struct sae_confirm_authentication_frame
{
 uint16_t    send_confirm;
 uint8_t    confirm[32];
} __attribute__((__packed__));


read more about the status codes (reason codes) here:
https://community.cisco.com/t5/wireless-...-p/3148055

read more about WPA3-Personal and WPA3-Enterprise here:
https://blogs.cisco.com/wireless/greater...r-security


Messages In This Thread
New attack on WPA/WPA2 using PMKID - by atom - 08-04-2018, 06:50 PM
RE: New attack on WPA/WPA using PMKID - by hash93 - 08-04-2018, 09:18 PM
RE: New attack on WPA/WPA using PMKID - by ZerBea - 08-05-2018, 10:53 AM
RE: New attack on WPA/WPA2 using PMKID - by kcdtv - 08-05-2018, 11:41 PM
RE: New attack on WPA/WPA2 using PMKID - by lint - 08-06-2018, 06:09 PM
RE: New attack on WPA/WPA2 using PMKID - by lint - 11-07-2018, 07:05 PM
RE: New attack on WPA/WPA2 using PMKID - by atom - 08-08-2018, 11:16 AM
RE: New attack on WPA/WPA2 using PMKID - by atom - 08-08-2018, 11:55 AM
RE: New attack on WPA/WPA2 using PMKID - by kcdtv - 08-09-2018, 04:11 PM
RE: New attack on WPA/WPA2 using PMKID - by octf - 08-11-2018, 07:21 AM
RE: New attack on WPA/WPA2 using PMKID - by skan - 08-13-2018, 03:57 AM
RE: New attack on WPA/WPA2 using PMKID - by LoZio - 08-17-2018, 01:49 PM
RE: New attack on WPA/WPA2 using PMKID - by L3pus - 08-21-2018, 09:23 AM
RE: New attack on WPA/WPA2 using PMKID - by ZerBea - 08-26-2018, 10:23 AM
RE: New attack on WPA/WPA2 using PMKID - by lint - 09-03-2018, 12:07 PM
RE: New attack on WPA/WPA2 using PMKID - by sao - 08-27-2018, 06:10 AM
RE: New attack on WPA/WPA2 using PMKID - by Mem5 - 08-27-2018, 07:24 PM
RE: New attack on WPA/WPA2 using PMKID - by JCas - 09-01-2018, 02:13 PM
RE: New attack on WPA/WPA2 using PMKID - by dafez - 09-03-2018, 04:40 PM
RE: New attack on WPA/WPA2 using PMKID - by dafez - 09-07-2018, 04:55 AM
RE: New attack on WPA/WPA2 using PMKID - by marcou3000 - 09-21-2018, 03:43 AM
RE: New attack on WPA/WPA2 using PMKID - by Mem5 - 09-21-2018, 09:39 AM
RE: New attack on WPA/WPA2 using PMKID - by marcou3000 - 09-21-2018, 12:51 PM
RE: New attack on WPA/WPA2 using PMKID - by marcou3000 - 09-22-2018, 01:49 AM
RE: New attack on WPA/WPA2 using PMKID - by marcou3000 - 09-22-2018, 04:50 PM
RE: New attack on WPA/WPA2 using PMKID - by marcou3000 - 09-22-2018, 10:22 PM
RE: New attack on WPA/WPA2 using PMKID - by Rit - 10-23-2018, 11:07 PM
RE: New attack on WPA/WPA2 using PMKID - by Rit - 10-27-2018, 06:29 PM
RE: New attack on WPA/WPA2 using PMKID - by Rit - 10-27-2018, 06:20 PM
RE: New attack on WPA/WPA2 using PMKID - by Rit - 10-27-2018, 06:31 PM
RE: New attack on WPA/WPA2 using PMKID - by lint - 11-07-2018, 07:10 PM