Hi,
We're getting reports of weird behavior on ath9k/mac80211 devices when
CONTROL_PORT_FRAME support is used. iwlwifi, works fine under the same
circumstances. If CONTROL_PORT_FRAME is disabled and the old legacy PAE
transport is used, everything works fine.
The short version:
- We Connect with MFP enabled
- Handshake packet 1 & 2 is exchanged
- Handshake packet 3 is received & reply sent
- Keys are set
- AP never receives our packet 4, or the card drops it locally
- Subsequent retransmissions are sent un-encrypted by the AP and are
probably sent encrypted (via MFP) by mac80211. Since the driver never
sets NO_ENCRYPT flag, userspace has no knowledge to try and send the
reply un-encrypted.
Here's a log (some parts are removed for brevity, but if someone wants
the full log, I can provide this as well):
< Request: Connect (0x2e) len 160 [ack]
1565892849.337243
Interface Index: 13 (0x0000000d)
Wiphy Frequency: 5805 (0x000016ad)
MAC Address 10:C3:7B:54:74:D4
SSID: len 9
Auth Type: 0 (0x00000000)
Privacy: true
Interface Socket Owner: true
Cipher Suites Pairwise:
CCMP (00:0f:ac) suite 04
Cipher Suite Group: CCMP (00:0f:ac) suite 04
Use MFP: 1 (0x00000001)
AKM Suites:
PSK; RSNA PSK (00:0f:ac) suite 02
WPA Versions: 2 (0x00000002)
Control Port: true
Control Port over NL80211: true
Use RRM: true
Information Elements: len 41
RSN:
Group Data Cipher Suite: len 4
CCMP (00:0f:ac) suite 04
Pairwise Cipher Suite: len 4
CCMP (00:0f:ac) suite 04
AKM Suite: len 4
PSK; RSNA PSK (00:0f:ac) suite 02
RSN capabilities: bits 2 - 3: 1 replay counter per PTKSA
RSN capabilities: bits 4 - 5: 1 replay counter per GTKSA
RSN capabilities: bit 7: Management Frame Protection Capable
01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f
................
ac 02 80 00 ....
RM Enabled Capabilities: len 5
Operating Channel Max Measurement Duration: 0
Non-Operating Channel Max Measurement Duration: 0
Measurement Pilot Capability: 0
00 00 00 00 00 .....
Extended Capabilities: len 10
Capability: bit 62: Opmode Notification
00 00 00 00 00 00 00 40 00 00 .......@..
> Event: New Station (0x13) len 32
1565892851.673886
Interface Index: 13 (0x0000000d)
MAC Address 10:C3:7B:54:74:D4
Generation: 5 (0x00000005)
Station Info: len 0
> Response: Connect (0x2e) len 4 [0x100]
1565892851.673971
Status: Success (0)
> Event: Authenticate (0x25) len 64
1565892851.676737
Wiphy: 1 (0x00000001)
Interface Index: 13 (0x0000000d)
Frame: len 41
<snip>
Here comes the Handshake packet 1 from the AP. Why the hell is it here
prior to Authenticate ? But whatever ;)
> Event: Control Port Frame (0x81) len 176
1565892851.686055
Wiphy: 1 (0x00000001)
Interface Index: 13 (0x0000000d)
Wireless Device: 4294967299 (0x0000000100000003)
MAC Address 10:C3:7B:54:74:D4
Control Port Ethertype: 34958 (0x888e)
Frame: len 121
Protocol Version: 2 (802.1X-2004)
Type: 3 (Key)
Length: 117
Descriptor Type: 2
Key MIC: false
Secure: false
Error: false
Request: false
Encrypted Key Data: false
SMK Message: false
Key Descriptor Version: 2 (02)
Key Type: true
Install: false
Key ACK: true
Key Length: 16
Key Replay Counter: 0
Key NONCE
e4 5b 1d 98 fd db 54 ae 54 98 fc 39 69 f5 bc 0b
.[....T.T..9i...
f6 a3 aa c5 50 43 9a 6d 27 e5 a4 bb e9 c5 6d de
....PC.m'.....m.
Key IV
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
Key RSC
00 00 00 00 00 00 00 00 ........
Key MIC Data
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
Key Data: len 22
Vendor specific: len 20
IEEE 802.11 (00:0f:ac) type: 04
PMKID KDE
00 0f ac 04 d9 81 f4 29 57 31 7e ad 33 57 b8 af
.......)W1~.3W..
c7 a7 40 8f ..@.
02 03 00 75 02 00 8a 00 10 00 00 00 00 00 00 00 ...u............
00 e4 5b 1d 98 fd db 54 ae 54 98 fc 39 69 f5 bc ..[....T.T..9i..
0b f6 a3 aa c5 50 43 9a 6d 27 e5 a4 bb e9 c5 6d .....PC.m'.....m
de 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 16 dd 14 00 0f ac 04 d9 81 f4 29 57 31 7e ............)W1~
ad 33 57 b8 af c7 a7 40 8f .3W....@.
> Event: Associate (0x26) len 292
1565892851.752271
Wiphy: 1 (0x00000001)
Interface Index: 13 (0x0000000d)
Frame: len 152
<snip>
> Event: Connect (0x2e) len 272
1565892851.752302
Wiphy: 1 (0x00000001)
Interface Index: 13 (0x0000000d)
MAC Address 10:C3:7B:54:74:D4
Status Code: 0 (0x0000)
Request IE: len 103
SSID: <snip>
Supported rates:
6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 Mbit/s
0c 12 18 24 30 48 60 6c ...$0H`l
Tag 33: len 2
00 1e ..
RSN:
Group Data Cipher Suite: len 4
CCMP (00:0f:ac) suite 04
Pairwise Cipher Suite: len 4
CCMP (00:0f:ac) suite 04
AKM Suite: len 4
PSK; RSNA PSK (00:0f:ac) suite 02
RSN capabilities: bits 2 - 3: 1 replay counter per PTKSA
RSN capabilities: bits 4 - 5: 1 replay counter per GTKSA
RSN capabilities: bit 7: Management Frame Protection Capable
01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f
................
ac 02 80 00 ....
RM Enabled Capabilities: len 5
Operating Channel Max Measurement Duration: 0
Non-Operating Channel Max Measurement Duration: 0
Measurement Pilot Capability: 0
00 00 00 00 00 .....
HT Capabilities: len 26
HT Capabilities Info: bit 1: Supported Channel Width Set
HT Capabilities Info: bits 2-3: Disabled
HT Capabilities Info: bit 6: Short GI for 40Mhz
HT Capabilities Info: bit 7: Tx STBC
HT Capabilities Info: bits 8-9: One spatial stream
HT Capabilities Info: bit 12: DSSS/CCK Mode in 40Mhz
A-MPDU Parameters: Maximum A-MPDU Length Exponent: 3
A-MPDU Parameters: Minimum MPDU Start Spacing: 8 us
Supported MCS: MCS 0
Supported MCS: MCS 1
Supported MCS: MCS 2
Supported MCS: MCS 3
Supported MCS: MCS 4
Supported MCS: MCS 5
Supported MCS: MCS 6
Supported MCS: MCS 7
Supported MCS: MCS 8
Supported MCS: MCS 9
Supported MCS: MCS 10
Supported MCS: MCS 11
Supported MCS: MCS 12
Supported MCS: MCS 13
Supported MCS: MCS 14
Supported MCS: MCS 15
MCS Set: bit 96: Tx MCS set defined
HT Extended Capabilities: PCO: supported
HT Extended Capabilities: MCS Feedback: No feedback
HT Extended Capabilities: +HTC: not supported
HT Extended Capabilities: RD Responder: not supported
ce 11 1b ff ff 00 00 00 00 00 00 00 00 00 00 01
................
00 00 00 00 00 00 00 00 00 00 ..........
Extended Capabilities: len 10
Capability: bit 62: Opmode Notification
00 00 00 00 00 00 00 40 00 00 .......@..
Vendor specific: len 7
Microsoft (00:50:f2) type: 02
00 50 f2 02 00 01 00 .P.....
Response IE: len 122
Supported rates:
6.0(B) 9.0 12.0(B) 18.0 24.0(B) 36.0 48.0 54.0 Mbit/s
8c 12 98 24 b0 48 60 6c ...$.H`l
Tag 53: len 1
00 .
Tag 65: len 1
00 .
RM Enabled Capabilities: len 5
Enabled: bit 1: Neighbor Report
Enabled: bit 4: Beacon Passive Measurement
Enabled: bit 5: Beacon Active Measurement
Enabled: bit 6: Beacon Table Measurement
Enabled: bit 11: Statistics Measurement
Enabled: bit 16: AP Channel Report
Operating Channel Max Measurement Duration: 0
Non-Operating Channel Max Measurement Duration: 0
Measurement Pilot Capability: 0
72 08 01 00 00 r....
HT Capabilities: len 26
HT Capabilities Info: bit 0: LDPC Coding Capability
HT Capabilities Info: bit 1: Supported Channel Width Set
HT Capabilities Info: bits 2-3: Disabled
HT Capabilities Info: bit 5: Short GI for 20Mhz
HT Capabilities Info: bit 6: Short GI for 40Mhz
HT Capabilities Info: bit 7: Tx STBC
HT Capabilities Info: bits 8-9: One spatial stream
HT Capabilities Info: bit 11: Maximum A-MSDU Length
A-MPDU Parameters: Maximum A-MPDU Length Exponent: 3
A-MPDU Parameters: Minimum MPDU Start Spacing: 4 us
Supported MCS: MCS 0
Supported MCS: MCS 1
Supported MCS: MCS 2
Supported MCS: MCS 3
Supported MCS: MCS 4
Supported MCS: MCS 5
Supported MCS: MCS 6
Supported MCS: MCS 7
Supported MCS: MCS 8
Supported MCS: MCS 9
Supported MCS: MCS 10
Supported MCS: MCS 11
Supported MCS: MCS 12
Supported MCS: MCS 13
Supported MCS: MCS 14
Supported MCS: MCS 15
HT Extended Capabilities: PCO: supported
HT Extended Capabilities: MCS Feedback: No feedback
HT Extended Capabilities: +HTC: not supported
HT Extended Capabilities: RD Responder: not supported
ef 09 17 ff ff 00 00 00 00 00 00 00 00 00 00 00
................
00 00 00 00 00 00 00 00 00 00 ..........
HT Operation:
Primary channel 161
Information: Secondary Channel Offset: below primary channel
Information: Channel width: bit 2: Any supported channel width
Information: bit 3: RIFS permitted
Information: HT Protection: bits 8 - 9: 20 MHz protection
mode
Information: bit 10: Non-greenfield HT STAs present
Information: bit 12: OBSS non-HT STAs present
a1 0f 16 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00 00 00 00 00 00 ......
Extended Capabilities: len 8
Capability: bit 2: Extended channel switching
Capability: bit 19: BSS transition
Capability: bit 62: Opmode Notification
04 00 08 00 00 00 00 40 .......@
Vendor specific: len 9
Broadcom (00:10:18) type: 02
00 10 18 02 01 00 1c 00 00 .........
Vendor specific: len 24
Microsoft (00:50:f2) type: 02
00 50 f2 02 01 01 84 00 03 a4 00 00 27 a4 00 00
.P..........'...
42 43 5e 00 62 32 2f 00 BC^.b2/.
< Request: Control Port Frame (0x81) len 156 [ack]
1565892851.752751
Interface Index: 13 (0x0000000d)
Frame: len 121
Protocol Version: 2 (802.1X-2004)
Type: 3 (Key)
Length: 117
Descriptor Type: 2
Key MIC: true
Secure: false
Error: false
Request: false
Encrypted Key Data: false
SMK Message: false
Key Descriptor Version: 2 (02)
Key Type: true
Install: false
Key ACK: false
Key Length: 0
Key Replay Counter: 0
Key NONCE
74 29 cc 1b 86 49 4c 4d d7 cf e8 54 70 ec 67 ee
t)...ILM...Tp.g.
ea 15 f5 28 5c e7 46 ff cc c2 71 9b 0b 79 f1 d7
...(\.F...q..y..
Key IV
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
Key RSC
00 00 00 00 00 00 00 00 ........
Key MIC Data
2a 9f bc 4a 3f 53 c4 68 a5 1f 86 3e 56 ea bd 3c
*..J?S.h...>V..<
Key Data: len 22
RSN:
Group Data Cipher Suite: len 4
CCMP (00:0f:ac) suite 04
Pairwise Cipher Suite: len 4
CCMP (00:0f:ac) suite 04
AKM Suite: len 4
PSK; RSNA PSK (00:0f:ac) suite 02
RSN capabilities: bits 2 - 3: 1 replay counter per PTKSA
RSN capabilities: bits 4 - 5: 1 replay counter per GTKSA
RSN capabilities: bit 7: Management Frame Protection
Capable
01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f
................
ac 02 80 00 ....
02 03 00 75 02 01 0a 00 00 00 00 00 00 00 00 00 ...u............
00 74 29 cc 1b 86 49 4c 4d d7 cf e8 54 70 ec 67 .t)...ILM...Tp.g
ee ea 15 f5 28 5c e7 46 ff cc c2 71 9b 0b 79 f1 ....(\.F...q..y.
d7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 2a 9f bc 4a 3f 53 c4 68 a5 1f 86 3e 56 ea bd .*..J?S.h...>V..
3c 00 16 30 14 01 00 00 0f ac 04 01 00 00 0f ac <..0............
04 01 00 00 0f ac 02 80 00 .........
Control Port Ethertype: 34958 (0x888e)
MAC Address 10:C3:7B:54:74:D4
> Response: Control Port Frame (0x81) len 4 [0x100]
1565892851.755532
Status: Success (0)
Handshake packet 3:
> Event: Control Port Frame (0x81) len 240
1565892851.766837
Wiphy: 1 (0x00000001)
Interface Index: 13 (0x0000000d)
Wireless Device: 4294967299 (0x0000000100000003)
MAC Address 10:C3:7B:54:74:D4
Control Port Ethertype: 34958 (0x888e)
Frame: len 187
Protocol Version: 2 (802.1X-2004)
Type: 3 (Key)
Length: 183
Descriptor Type: 2
Key MIC: true
Secure: true
Error: false
Request: false
Encrypted Key Data: true
SMK Message: false
Key Descriptor Version: 2 (02)
Key Type: true
Install: true
Key ACK: true
Key Length: 16
Key Replay Counter: 1
Key NONCE
e4 5b 1d 98 fd db 54 ae 54 98 fc 39 69 f5 bc 0b
.[....T.T..9i...
f6 a3 aa c5 50 43 9a 6d 27 e5 a4 bb e9 c5 6d de
....PC.m'.....m.
Key IV
f6 a3 aa c5 50 43 9a 6d 27 e5 a4 bb e9 c5 6d df
....PC.m'.....m.
Key RSC
83 01 00 00 00 00 00 00 ........
Key MIC Data
01 20 2e 3f 3c 26 03 cc 2f c8 eb 98 e0 ef 75 3d .
.?<&../.....u=
Key Data: len 88
78 d0 96 78 9f 2a 99 03 39 66 80 fd bd cf aa a5
x..x.*..9f......
6f 96 e2 bb 6b 95 51 e9 63 cd 69 17 7a 4a e2 f8
o...k.Q.c.i.zJ..
f6 b2 c4 f8 a0 08 8d b3 7d 1d ec d8 4a a1 60 33
........}...J.`3
e0 cb c0 14 26 d1 92 c4 70 91 6b ce a3 d2 11 5e
....&...p.k....^
99 90 65 22 49 e6 de 9f 01 02 e9 d4 53 37 2e 53
..e"I.......S7.S
6b f9 ab df d2 b4 8e 35 k......5
02 03 00 b7 02 13 ca 00 10 00 00 00 00 00 00 00 ................
01 e4 5b 1d 98 fd db 54 ae 54 98 fc 39 69 f5 bc ..[....T.T..9i..
0b f6 a3 aa c5 50 43 9a 6d 27 e5 a4 bb e9 c5 6d .....PC.m'.....m
de f6 a3 aa c5 50 43 9a 6d 27 e5 a4 bb e9 c5 6d .....PC.m'.....m
df 83 01 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 01 20 2e 3f 3c 26 03 cc 2f c8 eb 98 e0 ef 75 .. .?<&../.....u
3d 00 58 78 d0 96 78 9f 2a 99 03 39 66 80 fd bd =.Xx..x.*..9f...
cf aa a5 6f 96 e2 bb 6b 95 51 e9 63 cd 69 17 7a ...o...k.Q.c.i.z
4a e2 f8 f6 b2 c4 f8 a0 08 8d b3 7d 1d ec d8 4a J..........}...J
a1 60 33 e0 cb c0 14 26 d1 92 c4 70 91 6b ce a3 .`3....&...p.k..
d2 11 5e 99 90 65 22 49 e6 de 9f 01 02 e9 d4 53 ..^..e"I.......S
37 2e 53 6b f9 ab df d2 b4 8e 35 7.Sk......5
< Request: Control Port Frame (0x81) len 132 [ack]
1565892851.767264
Interface Index: 13 (0x0000000d)
Frame: len 99
Protocol Version: 2 (802.1X-2004)
Type: 3 (Key)
Length: 95
Descriptor Type: 2
Key MIC: true
Secure: true
Error: false
Request: false
Encrypted Key Data: false
SMK Message: false
Key Descriptor Version: 2 (02)
Key Type: true
Install: false
Key ACK: false
Key Length: 0
Key Replay Counter: 1
Key NONCE
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
Key IV
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
Key RSC
00 00 00 00 00 00 00 00 ........
Key MIC Data
b4 fb b3 ed 13 55 92 b4 79 4d 69 77 64 0d 47 dd
.....U..yMiwd.G.
Key Data: len 0
02 03 00 5f 02 03 0a 00 00 00 00 00 00 00 00 00 ..._............
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 b4 fb b3 ed 13 55 92 b4 79 4d 69 77 64 0d 47 ......U..yMiwd.G
dd 00 00 ...
Control Port Ethertype: 34958 (0x888e)
MAC Address 10:C3:7B:54:74:D4
> Response: Control Port Frame (0x81) len 4 [0x100]
1565892851.767292
Status: Success (0)
So as you can see here, we process the handshake successfully, send the
Handshake packet 4/4 and proceed to setting keys:
< Request: New Key (0x0b) len 60 [ack]
1565892851.767323
Interface Index: 13 (0x0000000d)
Key: len 48
> Response: New Key (0x0b) len 4 [0x100]
1565892851.775960
Status: Success (0)
< Request: New Key (0x0b) len 60 [ack]
1565892851.775989
Interface Index: 13 (0x0000000d)
Key: len 48
> Response: New Key (0x0b) len 4 [0x100]
1565892851.776091
Status: Success (0)
< Request: New Key (0x0b) len 56 [ack]
1565892851.776103
Key Data: len 16
Key Cipher: CCMP (00:0f:ac) suite 04
MAC Address 10:C3:7B:54:74:D4
Key Index: 0 (0x00)
Interface Index: 13 (0x0000000d)
> Response: New Key (0x0b) len 4 [0x100]
1565892851.783032
Status: Success (0)
Here comes the REKEY_OFFLOAD which isn't supported:
< Request: Unknown (0x00) len 64 [ack]
1565892851.783051
> Response: Unknown (0x00) len 4
1565892851.783058
Status: Operation not supported (95)
< Request: Set Station (0x12) len 32 [ack]
1565892851.783075
Interface Index: 13 (0x0000000d)
MAC Address 10:C3:7B:54:74:D4
Station Flags 2: len 8
Mask: 0x00000002
Authorized
Set: 0x00000002
Authorized
> Response: Set Station (0x12) len 4 [root]
1565892851.783082
Status: Success (0)
> Event: Notify CQM (0x40) len 36
1565892852.026773
Wiphy: 1 (0x00000001)
Interface Index: 13 (0x0000000d)
CQM: len 16
RSSI threshold event: 1 (0x00000001)
Reserved: len 4
c0 ff ff ff ....
And now AP is confused, because it never received our Handshake packet 4/4:
> Event: Control Port Frame (0x81) len 240
1565892852.757161
Wiphy: 1 (0x00000001)
Interface Index: 13 (0x0000000d)
Wireless Device: 4294967299 (0x0000000100000003)
MAC Address 10:C3:7B:54:74:D4
Control Port Ethertype: 34958 (0x888e)
Frame: len 187
Protocol Version: 2 (802.1X-2004)
Type: 3 (Key)
Length: 183
Descriptor Type: 2
Key MIC: true
Secure: true
Error: false
Request: false
Encrypted Key Data: true
SMK Message: false
Key Descriptor Version: 2 (02)
Key Type: true
Install: true
Key ACK: true
Key Length: 16
Key Replay Counter: 2
Key NONCE
e4 5b 1d 98 fd db 54 ae 54 98 fc 39 69 f5 bc 0b
.[....T.T..9i...
f6 a3 aa c5 50 43 9a 6d 27 e5 a4 bb e9 c5 6d de
....PC.m'.....m.
Key IV
f6 a3 aa c5 50 43 9a 6d 27 e5 a4 bb e9 c5 6d df
....PC.m'.....m.
Key RSC
83 01 00 00 00 00 00 00 ........
Key MIC Data
d1 16 8d c7 e6 ab 4d 6e 0a c6 0c 87 97 25 76 52
......Mn.....%vR
Key Data: len 88
78 d0 96 78 9f 2a 99 03 39 66 80 fd bd cf aa a5
x..x.*..9f......
6f 96 e2 bb 6b 95 51 e9 63 cd 69 17 7a 4a e2 f8
o...k.Q.c.i.zJ..
f6 b2 c4 f8 a0 08 8d b3 7d 1d ec d8 4a a1 60 33
........}...J.`3
e0 cb c0 14 26 d1 92 c4 70 91 6b ce a3 d2 11 5e
....&...p.k....^
99 90 65 22 49 e6 de 9f 01 02 e9 d4 53 37 2e 53
..e"I.......S7.S
6b f9 ab df d2 b4 8e 35 k......5
02 03 00 b7 02 13 ca 00 10 00 00 00 00 00 00 00 ................
02 e4 5b 1d 98 fd db 54 ae 54 98 fc 39 69 f5 bc ..[....T.T..9i..
0b f6 a3 aa c5 50 43 9a 6d 27 e5 a4 bb e9 c5 6d .....PC.m'.....m
de f6 a3 aa c5 50 43 9a 6d 27 e5 a4 bb e9 c5 6d .....PC.m'.....m
df 83 01 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 d1 16 8d c7 e6 ab 4d 6e 0a c6 0c 87 97 25 76 .......Mn.....%v
52 00 58 78 d0 96 78 9f 2a 99 03 39 66 80 fd bd R.Xx..x.*..9f...
cf aa a5 6f 96 e2 bb 6b 95 51 e9 63 cd 69 17 7a ...o...k.Q.c.i.z
4a e2 f8 f6 b2 c4 f8 a0 08 8d b3 7d 1d ec d8 4a J..........}...J
a1 60 33 e0 cb c0 14 26 d1 92 c4 70 91 6b ce a3 .`3....&...p.k..
d2 11 5e 99 90 65 22 49 e6 de 9f 01 02 e9 d4 53 ..^..e"I.......S
37 2e 53 6b f9 ab df d2 b4 8e 35 7.Sk......5
We reply
< Request: Control Port Frame (0x81) len 132 [ack]
1565892852.757715
Interface Index: 13 (0x0000000d)
Frame: len 99
Protocol Version: 2 (802.1X-2004)
Type: 3 (Key)
Length: 95
Descriptor Type: 2
Key MIC: true
Secure: true
Error: false
Request: false
Encrypted Key Data: false
SMK Message: false
Key Descriptor Version: 2 (02)
Key Type: true
Install: false
Key ACK: false
Key Length: 0
Key Replay Counter: 2
Key NONCE
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
Key IV
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
Key RSC
00 00 00 00 00 00 00 00 ........
Key MIC Data
20 67 47 e4 d9 89 46 88 66 e1 bc a3 c7 74 37 87
gG...F.f....t7.
Key Data: len 0
02 03 00 5f 02 03 0a 00 00 00 00 00 00 00 00 00 ..._............
02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 20 67 47 e4 d9 89 46 88 66 e1 bc a3 c7 74 37 . gG...F.f....t7
87 00 00 ...
Control Port Ethertype: 34958 (0x888e)
MAC Address 10:C3:7B:54:74:D4
> Response: Control Port Frame (0x81) len 4 [0x100]
1565892852.757735
Status: Success (0)
But it doesn't seems to receive that one either:
> Event: Control Port Frame (0x81) len 240
1565892853.748041
Wiphy: 1 (0x00000001)
Interface Index: 13 (0x0000000d)
Wireless Device: 4294967299 (0x0000000100000003)
MAC Address 10:C3:7B:54:74:D4
Control Port Ethertype: 34958 (0x888e)
Frame: len 187
Protocol Version: 2 (802.1X-2004)
Type: 3 (Key)
Length: 183
Descriptor Type: 2
Key MIC: true
Secure: true
Error: false
Request: false
Encrypted Key Data: true
SMK Message: false
Key Descriptor Version: 2 (02)
Key Type: true
Install: true
Key ACK: true
Key Length: 16
Key Replay Counter: 3
Key NONCE
e4 5b 1d 98 fd db 54 ae 54 98 fc 39 69 f5 bc 0b
.[....T.T..9i...
f6 a3 aa c5 50 43 9a 6d 27 e5 a4 bb e9 c5 6d de
....PC.m'.....m.
Key IV
f6 a3 aa c5 50 43 9a 6d 27 e5 a4 bb e9 c5 6d df
....PC.m'.....m.
Key RSC
84 01 00 00 00 00 00 00 ........
Key MIC Data
ac d8 64 f9 f3 77 64 78 b8 fe 13 3b d4 b9 b9 4c
..d..wdx...;...L
Key Data: len 88
78 d0 96 78 9f 2a 99 03 39 66 80 fd bd cf aa a5
x..x.*..9f......
6f 96 e2 bb 6b 95 51 e9 63 cd 69 17 7a 4a e2 f8
o...k.Q.c.i.zJ..
f6 b2 c4 f8 a0 08 8d b3 7d 1d ec d8 4a a1 60 33
........}...J.`3
e0 cb c0 14 26 d1 92 c4 70 91 6b ce a3 d2 11 5e
....&...p.k....^
99 90 65 22 49 e6 de 9f 01 02 e9 d4 53 37 2e 53
..e"I.......S7.S
6b f9 ab df d2 b4 8e 35 k......5
02 03 00 b7 02 13 ca 00 10 00 00 00 00 00 00 00 ................
03 e4 5b 1d 98 fd db 54 ae 54 98 fc 39 69 f5 bc ..[....T.T..9i..
0b f6 a3 aa c5 50 43 9a 6d 27 e5 a4 bb e9 c5 6d .....PC.m'.....m
de f6 a3 aa c5 50 43 9a 6d 27 e5 a4 bb e9 c5 6d .....PC.m'.....m
df 84 01 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 ac d8 64 f9 f3 77 64 78 b8 fe 13 3b d4 b9 b9 ...d..wdx...;...
4c 00 58 78 d0 96 78 9f 2a 99 03 39 66 80 fd bd L.Xx..x.*..9f...
cf aa a5 6f 96 e2 bb 6b 95 51 e9 63 cd 69 17 7a ...o...k.Q.c.i.z
4a e2 f8 f6 b2 c4 f8 a0 08 8d b3 7d 1d ec d8 4a J..........}...J
a1 60 33 e0 cb c0 14 26 d1 92 c4 70 91 6b ce a3 .`3....&...p.k..
d2 11 5e 99 90 65 22 49 e6 de 9f 01 02 e9 d4 53 ..^..e"I.......S
37 2e 53 6b f9 ab df d2 b4 8e 35 7.Sk......5
< Request: Control Port Frame (0x81) len 132 [ack]
1565892853.748627
Interface Index: 13 (0x0000000d)
Frame: len 99
Protocol Version: 2 (802.1X-2004)
Type: 3 (Key)
Length: 95
Descriptor Type: 2
Key MIC: true
Secure: true
Error: false
Request: false
Encrypted Key Data: false
SMK Message: false
Key Descriptor Version: 2 (02)
Key Type: true
Install: false
Key ACK: false
Key Length: 0
Key Replay Counter: 3
Key NONCE
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
Key IV
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
Key RSC
00 00 00 00 00 00 00 00 ........
Key MIC Data
a7 ca 85 f4 a4 85 e8 9d 6b 0b 4e 73 c4 f4 58 cc
........k.Ns..X.
Key Data: len 0
02 03 00 5f 02 03 0a 00 00 00 00 00 00 00 00 00 ..._............
03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 a7 ca 85 f4 a4 85 e8 9d 6b 0b 4e 73 c4 f4 58 .........k.Ns..X
cc 00 00 ...
Control Port Ethertype: 34958 (0x888e)
MAC Address 10:C3:7B:54:74:D4
> Response: Control Port Frame (0x81) len 4 [0x100]
1565892853.748648
Status: Success (0)
So this cycle continues for a while until:
> Event: Unprot Deauthenticate (0x46) len 48
1565892859.690863
Wiphy: 1 (0x00000001)
Interface Index: 13 (0x0000000d)
Frame: len 26
<snip>
> Event: Unprot Deauthenticate (0x46) len 48
1565892860.204587
Wiphy: 1 (0x00000001)
Interface Index: 13 (0x0000000d)
Frame: len 26
<snip>
Regards,
-Denis
