用python进行wpa握手 - 哈希困难 [英] wpa-handshake with python - hashing difficulties

问题描述

我尝试编写一个计算WPA握手的Python程序，但是我遇到了散列问题。为了比较，我安装了cowpatty （以查看我开始出错的地方）。。

我的PMK生成工作正常，但PTK计算似乎是错误的。我不确定是否必须格式化我的输入（macadresses和noces），或者只是将它们作为字符串输入函数。

I将给你我的路由信息​​，这是没有问题的，因为我只是设置它进行测试。

我的程序如下所示：

 输入hmac，hashlib，binascii 
 
 passPhrase =10zZz10ZZzZ
 ssid =Netgear 2/158
 A = 成对密钥扩展 
 APmac = 001e2ae0bdd0 
 Clientmac = cc08e0620bc8 
的ANonce = 61c9a3f5cdcdf5fae5fd760836b8008c863aa2317022c7a202434554fb38452b 
 SNONCE = 60eff10088077f8b03a0e2fc2fc37e1fe1f30f9f7cfbcfb2826f26f3379c4318 
 b =分钟（ APmac，Clientmac）+ MAX（APmac，Clientmac）+分钟（的ANonce，SNONCE）+ MAX（的ANonce，SNONCE）
数据=0103005ffe010900200000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 000000
 
 def customPRF512（key，A，B）：
 blen = 64 
i = 0 
 R =''
当i <= （b）+（b）+（b）+（b）+（b）（b） R = R + hmacsha1.digest（）
 return R [：blen] 
 
 
 pmk = pbkdf2（passPhrase，ssid，4096，32）#no sourcecode，since b2a_p pmk）输出适合于那些cowpatty 
 
 ptk = customPRF512（pmk，A，B）＃prf函数适合ieee中的伪代码，但不会给我正确的输出（比如cowpatty） ）
＃并且我不知道为什么:( 
 
 print b2a_p（pmk），\\\
\\\
\\\

 print b2a_p（ptk）， \\\
\\\
\\\

 
 mic1 = hmac.new（ptk [0:16]，data）
 print mic1.hexdigest（）＃应该是麦克风计算，不知道这是否正确... 
  

期望的输出（哪个cowpatty确认） ：

  PMK是
 01b8 09f9 ab2f b5dc 4798 4f52 fb2d 112E 
 13d8 4ccb 6b86 d4a7 193e上C529 9f85 1c48 
 
计算 10zZz10ZZzZ PTK是
 bf49 a95f 0494 F444 2716 2f38 696e f8b6 
 428B cf8b a3c6 f0d7 245A D314的14 C 0d18 
 efd6 38AA E653 C908 a7ab c648 0a7f 4068 
 2479 c970 8aaa ABC3 eb7e da28 9d06 D535 
 
计算与 10zZz10ZZzZ MIC是
 4528 2522 bc67 07d6 a70a 0317 a3ed 48f0 
  

也许有人会告诉我，为什么我的程序根本无法工作。 hmac函数是否正常工作？我的输入格式错误？我是否需要在任何地方考虑亲子关系？感谢您的时间提前，我将不胜感激任何帮助！

解决方案

好吧，我自己想出了...更多通过绝望的测试和一些运气，而不是成功的研究，导致没有足够的时间。我不得不使用MAC地址和随机数作为他们的字符串，我不得不解除它们。我用

  a2b_hex（）＃另外unhexlify（）
  

我的最终代码看起来有点像这样，不包括defs：

  import hmac ，hashlib，binascii 
口令= 10zZz10ZZzZ 
 SSID = 网件一百五十八分之二 
 A = 成对密钥扩展 
 APmac = a2b_hex（ 001e2ae0bdd0）
 Clientmac = a2b_hex（ cc08e0620bc8）
的ANonce = a2b_hex（ 61c9a3f5cdcdf5fae5fd760836b8008c863aa2317022c7a202434554fb38452b）
 SNONCE = a2b_hex（ 60eff10088077f8b03a0e2fc2fc37e1fe1f30f9f7cfbcfb2826f26f3379c4318）
 b =分钟（APmac，Clientmac）+ MAX（APmac ，Clientmac）+ min（ANonce，SNonce）+ max（ANonce，SNonce）
 data = a2b_hex（0103005ffe01090020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000）
 $ b pmk = pbkdf2（passPhrase，ssid，4096,32）
 ptk = customPRF512（PMK，A，B）
 MIC = hmac.new（PTK [0:16]，数据）
 
打印 desiredpmk：\t， 01b809f9ab2fb5dc47984f52fb2d112e13d84ccb6b86d4a7193ec5299f851c48 
打印pmk：\t\t，b2a_hex（pmk），\\\

 printdesired ptk：\ t，bf49a95f0494f44427162f38696ef8b6
 printptk：\ t \ t，b2a_hex（ptk [0:16]），\\\

打印所需麦克风：\ t，45282522bc6707d6a70a0317a3ed48f0
 printmic：\ t \\ \\ t，mic.hexdigest（），\\\

  

是的，是的，hashfunctions正常工作，是的，输入格式错误，没有，没有endianess问题。

I try to write a Python program which calculates the WPA-handshake, but I have problems with the hashes. For comparison I installed cowpatty (to see where I start beeing wrong).

My PMK-generation works fine, but the PTK-calculation alsways seems to be wrong. I am not sure if I have to format my input (macadresses and noces) or just give them into the function as a string.

I will give you my routerinformation, which is no problem since I just set it up for testing.

My program looks as follows:

import hmac,hashlib,binascii

passPhrase  = "10zZz10ZZzZ"
ssid        = "Netgear 2/158" 
A           = "Pairwise key expansion" 
APmac       = "001e2ae0bdd0"
Clientmac   = "cc08e0620bc8"
ANonce      = "61c9a3f5cdcdf5fae5fd760836b8008c863aa2317022c7a202434554fb38452b"
SNonce      = "60eff10088077f8b03a0e2fc2fc37e1fe1f30f9f7cfbcfb2826f26f3379c4318"
B           = min(APmac,Clientmac)+max(APmac,Clientmac)+min(ANonce,SNonce)+max(ANonce,SNonce)
data="0103005ffe010900200000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"

def customPRF512(key,A,B):
    blen = 64
    i    = 0
    R    = ''
    while i<=((blen*8+159)/160):
        hmacsha1 = hmac.new(key,A+chr(0x00)+B+chr(i),sha)
        i+=1
        R = R+hmacsha1.digest()
    return R[:blen]


pmk = pbkdf2(passPhrase, ssid, 4096, 32) #no sourcecode, since b2a_p(pmk) output fits to those of cowpatty

ptk = customPRF512(pmk,A,B) #the prf-function fits the pseudocode in the ieee, but does not give me the correct output (like cowpatty does)
# and i have no idea why :(

print b2a_p(pmk),"\n\n\n"
print b2a_p(ptk),"\n\n\n"

mic1 = hmac.new(ptk[0:16],data)
print mic1.hexdigest() #should be the mic-calculation, not sure if this is correct...

the desired outputs (which cowpatty confirmed) are:

PMK is
 01b8 09f9 ab2f b5dc 4798 4f52 fb2d 112e
 13d8 4ccb 6b86 d4a7 193e c529 9f85 1c48

Calculated PTK for "10zZz10ZZzZ" is
 bf49 a95f 0494 f444 2716 2f38 696e f8b6 
 428b cf8b a3c6 f0d7 245a d314 a14c 0d18
 efd6 38aa e653 c908 a7ab c648 0a7f 4068
 2479 c970 8aaa abc3 eb7e da28 9d06 d535

Calculated MIC with "10zZz10ZZzZ" is
 4528 2522 bc67 07d6 a70a 0317 a3ed 48f0

Maybe someone of you could tell me, why my program simply doesn't work. Do the hmac-functions work correctly? Is my input formatted wrong? Do I have to regard endianess anywhere? Thanks for your time in advance, I would appreciate any help!

解决方案

Alright, I figured it out by myself... more by desperate testing and some luck, than successful research, which lead to nothing long enough. Instead of using the MAC-adresses and nonces as the strings they were, I had to unhexlify them. I used

a2b_hex() #alternatively unhexlify()

My final code looks somewhat like this, defs excluded:

import hmac,hashlib,binascii
passPhrase="10zZz10ZZzZ"
ssid        = "Netgear 2/158"
A           = "Pairwise key expansion"
APmac       = a2b_hex("001e2ae0bdd0")
Clientmac   = a2b_hex("cc08e0620bc8")
ANonce      = a2b_hex("61c9a3f5cdcdf5fae5fd760836b8008c863aa2317022c7a202434554fb38452b")
SNonce      = a2b_hex("60eff10088077f8b03a0e2fc2fc37e1fe1f30f9f7cfbcfb2826f26f3379c4318")
B           = min(APmac,Clientmac)+max(APmac,Clientmac)+min(ANonce,SNonce)+max(ANonce,SNonce)
data        = a2b_hex("0103005ffe01090020000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000")

pmk     = pbkdf2(passPhrase, ssid, 4096, 32) 
ptk     = customPRF512(pmk,A,B)
mic     = hmac.new(ptk[0:16],data)

print "desiredpmk:\t","01b809f9ab2fb5dc47984f52fb2d112e13d84ccb6b86d4a7193ec5299f851c48"
print "pmk:\t\t",b2a_hex(pmk),"\n"
print "desired ptk:\t","bf49a95f0494f44427162f38696ef8b6"
print "ptk:\t\t",b2a_hex(ptk[0:16]),"\n"
print "desired mic:\t","45282522bc6707d6a70a0317a3ed48f0"
print "mic:\t\t",mic.hexdigest(),"\n"

So the answers to my questions were: yes, hashfunctions work correctly, yes, input is formatted wrong, no, no endianess-issues.

这篇关于用python进行wpa握手 - 哈希困难的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！