1

It's possible to print wpa passphrase in hostapd (by editing the code)?

This is the conf of hostapd (we use TKIP) :

wpa=1
#wpa_psk=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
wpa_passphrase=passphrase
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP

In the file hostpad/src/ap/wpa_auth.c, we have lots of information about the connection :

SM_STATE(WPA_PTK, PTKCALCNEGOTIATING) 
{

    struct wpa_ptk PTK;
    int ok = 0, psk_found = 0;
    const u8 *pmk = NULL;
    unsigned int pmk_len;

    SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk);
    sm->EAPOLKeyReceived = FALSE;
    sm->update_snonce = FALSE;



    /* WPA with IEEE 802.1X: use the derived PMK from EAP
     * WPA-PSK: iterate through possible PSKs and select the one matching
     * the packet */
    for (;;) {
        if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
            pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr,
                           sm->p2p_dev_addr, pmk);

            if (pmk == NULL)
                break;
            psk_found = 1;
            pmk_len = PMK_LEN;
        } else {
            pmk = sm->PMK;
            pmk_len = sm->pmk_len;
        }

        wpa_derive_ptk(sm, sm->SNonce, pmk, pmk_len, &PTK);

        if (wpa_verify_key_mic(sm->wpa_key_mgmt, &PTK,
                       sm->last_rx_eapol_key,
                       sm->last_rx_eapol_key_len) == 0) {
            ok = 1;
            break;
        }

        if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt))
            break;
    }

    if (!ok) {
        wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
                "invalid MIC in msg 2/4 of 4-Way Handshake");
        if (psk_found)
            wpa_auth_psk_failure_report(sm->wpa_auth, sm->addr);
        return;
    }

#ifdef CONFIG_IEEE80211R
    // ....
#endif /* CONFIG_IEEE80211R */

    sm->pending_1_of_4_timeout = 0;
    eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);

    if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
        /* PSK may have changed from the previous choice, so update
         * state machine data based on whatever PSK was selected here.
         */
        os_memcpy(sm->PMK, pmk, PMK_LEN);
        sm->pmk_len = PMK_LEN;
    }

    sm->MICVerified = TRUE;

    os_memcpy(&sm->PTK, &PTK, sizeof(PTK));
    sm->PTK_valid = TRUE;
}

My knowledge in networks are limited, and I do not understand very well WPA protocol. There is an article interesting on the question here, but the situation is a little bit different because we are in the case of an attack "man in the middle".

Community
  • 1
  • 1
stackstack31
  • 11
  • 2

0 Answers0