TransWikia.com

PMK is what prevent to generate the PTK and decrypt the traffic?

Information Security Asked by loopOfNegligence on December 4, 2021

I’m trying to establish a connection to an encrypted SSID, using scapy.
My intent was basically to sniff the frames of the handshake from the victim, acting as a proxy (MITM), and redirect the frames to the actual AP, changing source and destination.
But I realized that would be impossible for me to decrypt the traffic because the only information that is encrypted, in the 4 frames, is the PMK. Am I right?

Otherwise I believe I could calculate the PTK very easily since that the rest of the data are unencrypted.

Thank you very much.

2 Answers

There is no need to act as a proxy to capture the four way handshake.

No you are wrong, the PMK is not sent, never.

The only way to decipher the PTK is almost like defalt said.

You need to be sniffing at the time the connection between the AP and the STA is being established, capturing the four way handshake. This can also be done by sending a death packet to the AP spoofing the client, so it disconnects and reconnects, hence, sending the four way handshake.

It is only the first two packets that you need of the four way handshake. The first one contain the AP MAC and the ANounce, and the second contains the Client MAC, the SNounce and the MIC to verify that the PTK match.

In order to decrypt the traffic you need to generate your own PMK also called Pre-shaked Key (PSK) then create a PTK out of it and test it to match the MIC.

Answered by Azteca on December 4, 2021

To decipher the traffic of your victim, PMK is what prevents you to figure out the PTK of that client. To generate PTK 5 things are required:

  • PMK
  • AP MAC Address
  • Client's MAC Address
  • ANonce
  • SNonce

You can capture 4 of them from the handshake except PMK. PMK is never sent over the network. The 4th frame of the handshake carries only Message Authentication Code. As long as you don't know PMK you can't decrypt the traffic.

Answered by defalt on December 4, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP