3

我试图计算 WPA 握手数据包的 MIC,但不幸的是它失败了。更准确地说,我采用了 802.1x 数据包(如规范所述)。

MIC = HMAC_MD5(MIC Key, 16, 802.1x data)

这是相关的代码:

mic = hmac.new(ptk[0:16],data)
print "mic: " + mic.hexdigest()  + "\n"

其中 hmac.new 取自 hmac 库:

import hmac,hashlib,binascii

加密的密钥显然由 Pairwise Transcient Key(所谓的密钥确认密钥)的前 16 个字节组成。PTK 由名为 cowPatty 的程序确认。所以我可以排除这两个因素是错误的。这是我的 802.1x 数据,由十六进制值 0103 引入:

01030077fe010a001000000000000000
01ae11df37f5fb100665ce0c849f5950
c0e7901da3224ddfc9e9434babad5512
73000000000000000000000000000000
00000000000000000000000000000000
00e8b4b90bfc3fd97b657afeb66262ae
940018dd160050f20101000050f20201
000050f20401000050f202

Wireshark 计算的 MIC 为:

e8b4b90bfc3fd97b657afeb66262ae94

我计算的 MIC 是:

5492624bb538b52d6aa6261c692bd595

不幸的是,我做什么都没关系,我永远无法计算相同的 MIC。也许一些专家有宝贵的意见,那真的很感激!

Best regards!

4

1 回答 1

6

Here is the EAPOL data (starting right after the Logical-Link Control) from the second message in a 4 way handshake:

unsigned char eapol[] =
{
    '\x01',        // Version
    '\x03',        // Type
    '\x00','\x77', // Length
    '\xfe',        // Key Descriptor Type
    '\x01','\x0a', // Key information
    '\x00','\x10', // Key length
    // Replay counter
    '\x00','\x00','\x00','\x00','\x00','\x00','\x00','\x01',
    // WPA Key Nounce
    '\x77','\xd6','\x54','\xad','\x0c','\x1f','\xea','\x2f',
    '\x20','\x99','\xf1','\xdd','\x1c','\xae','\xdb','\xd8',
    '\xf7','\xe8','\x86','\xb0','\x81','\x60','\xed','\x7f',
    '\x70','\xdd','\xbb','\x33','\xb6','\xf1','\xd9','\x98',
    // Key IV
    '\x00','\x00','\x00','\x00','\x00','\x00','\x00','\x00',
    '\x00','\x00','\x00','\x00','\x00','\x00','\x00','\x00',
    // Key RSC
    '\x00','\x00','\x00','\x00','\x00','\x00','\x00','\x00',
    // Key ID
    '\x00','\x00','\x00','\x00','\x00','\x00','\x00','\x00',
    // MIC **************** CHANGE HERE ********************
//  '\x0a','\x62','\x24','\x07','\x11','\x36','\xd5','\x67',
//  '\x87','\xc0','\x7b','\x82','\x6b','\x06','\xf7','\xff',
    '\x00','\x00','\x00','\x00','\x00','\x00','\x00','\x00',
    '\x00','\x00','\x00','\x00','\x00','\x00','\x00','\x00',
    // Key Data Length
    '\x00','\x18',
    // Key Data
    '\xdd','\x16','\x00','\x50','\xf2','\x01','\x01','\x00',
    '\x00','\x50','\xf2','\x04','\x01','\x00','\x00','\x50',
    '\xf2','\x04','\x01','\x00','\x00','\x50','\xf2','\x02'
};

Make sure you replace the 16 bytes of MIC field by '\x00' and you'll have a valid EAPOL data ready to be calculated against Michael algorithm.

Also, make sure you're using the right algorithm based on WPA version. WPA1 uses HMAC with MD5 hash function, WPA2 uses HMAC with SHA1 hash, as you can see in aircrack-ng source:

if (ap->wpa.keyver == 1)
    HMAC(EVP_md5(), ptk[j], 16, ap->wpa.eapol, ap->wpa.eapol_size, mic[j], NULL);
else
    HMAC(EVP_sha1(), ptk[j], 16, ap->wpa.eapol, ap->wpa.eapol_size, mic[j], NULL);

I think python uses MD5 by default in HMAC object.

于 2013-05-26T09:36:03.207 回答