wpa_supplicant的状态机迁移

最新推荐文章于 2023-01-30 17:22:59 发布
最新推荐文章于 2023-01-30 17:22:59 发布
阅读量1k 收藏 2
点赞数
分类专栏: Wifi-蓝牙-FM
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/yudelian/article/details/119865896
版权

分析空口包的抓包资源:https://download.csdn.net/download/yudelian/21455721 (本文使用的空口包)

分析空口包,可以发现连接流程是:

Authentication --> association --> 4-way hanshake

管理帧分为两类:

1、帧主体中大部份的数据,如果使用长度固定的位,就称为固定式位

     如下图,在wireshark上叫Fixed parameters


2、如果位长度不定,就称为信息元素(information element);

     如下图,在wireshark上叫Tagged parameters

wifi认证

Authentiaction帧:

长度固定的管理帧,即Authentication Algorithm Number(身份认证算法编号),目前只定义了两种值,如下图:

现在的80211一般这个值一般为0,指的是后面使用802.1X认证;

为1时,deprecated by 802.11i显示被802.1i废弃,应该在wep时的认证(需要再考证一下

association之后会进行4-way的802.1X认证

Association Request包解析:

 IEEE 802.11 Wireless Management
    Fixed parameters (4 bytes)
        Capabilities Information: 0x0031
        Listen Interval: 0x0001
    Tagged parameters (127 bytes)
        Tag: SSID parameter set: Xiaomi_EFE1_5G
        Tag: Supported Rates 6(B), 9, 12(B), 18, 24(B), 36, 48, 54, [Mbit/sec]
        Tag: RSN Information
            Tag Number: RSN Information (48)
            Tag length: 20
            RSN Version: 1
            Group Cipher Suite: 00:0f:ac (Ieee 802.11) TKIP
                Group Cipher Suite OUI: 00:0f:ac (Ieee 802.11)
                Group Cipher Suite type: TKIP (2)
            Pairwise Cipher Suite Count: 1
            Pairwise Cipher Suite List 00:0f:ac (Ieee 802.11) AES (CCM)
                Pairwise Cipher Suite: 00:0f:ac (Ieee 802.11) AES (CCM)
                    Pairwise Cipher Suite OUI: 00:0f:ac (Ieee 802.11)
                    Pairwise Cipher Suite type: AES (CCM) (4)
            Auth Key Management (AKM) Suite Count: 1
            Auth Key Management (AKM) List 00:0f:ac (Ieee 802.11) PSK
                Auth Key Management (AKM) Suite: 00:0f:ac (Ieee 802.11) PSK
                    Auth Key Management (AKM) OUI: 00:0f:ac (Ieee 802.11)
                    Auth Key Management (AKM) type: PSK (2)
            RSN Capabilities: 0x0000
                .... .... .... ...0 = RSN Pre-Auth capabilities: Transmitter does not support pre-authentication
                .... .... .... ..0. = RSN No Pairwise capabilities: Transmitter can support WEP default key 0 simultaneously with Pairwise key
                .... .... .... 00.. = RSN PTKSA Replay Counter capabilities: 1 replay counter per PTKSA/GTKSA/STAKeySA (0x0)
                .... .... ..00 .... = RSN GTKSA Replay Counter capabilities: 1 replay counter per PTKSA/GTKSA/STAKeySA (0x0)
                .... .... .0.. .... = Management Frame Protection Required: False
                .... .... 0... .... = Management Frame Protection Capable: False
                .... ...0 .... .... = Joint Multi-band RSNA: False
                .... ..0. .... .... = PeerKey Enabled: False
                ..0. .... .... .... = Extended Key ID for Individually Addressed Frames: Not supported
        Tag: Supported Operating Classes
        Tag: VHT Capabilities
        Tag: Vendor Specific: Microsoft Corp.: WMM/WME: Information Element
        Tag: Vendor Specific: Qualcomm Inc.

Association response的帧解析:

association response:
IEEE 802.11 Wireless Management
    Fixed parameters (6 bytes)
        Capabilities Information: 0x0031
        Status code: Successful (0x0000)
        ..00 0000 0000 0001 = Association ID: 0x0001
    Tagged parameters (204 bytes)
        Tag: Supported Rates 6(B), 9, 12(B), 18, 24(B), 36, 48, 54, [Mbit/sec]
        Tag: Vendor Specific: Microsoft Corp.: WMM/WME: Parameter Element
        Tag: HT Capabilities (802.11n D1.10)
        Tag: HT Information (802.11n D1.10)
        Tag: Vendor Specific: Epigram, Inc.: HT Capabilities (802.11n D1.10)
        Tag: Vendor Specific: Epigram, Inc.: HT Additional Capabilities (802.11n D1.00)
        Tag: Overlapping BSS Scan Parameters
        Tag: VHT Capabilities
        Tag: VHT Operation
        Tag: Extended Capabilities (8 octets)
        Tag: Vendor Specific: Ralink Technology, Corp. 

4-way handshake:

1hanshake:
Key Information: 0x008a
    .... .... .... .010 = Key Descriptor Version: AES Cipher, HMAC-SHA1 MIC (2)
    .... .... .... 1... = Key Type: Pairwise Key
    .... .... ..00 .... = Key Index: 0
    .... .... .0.. .... = Install: Not set
    .... .... 1... .... = Key ACK: Set
    .... ...0 .... .... = Key MIC: Not set
    .... ..0. .... .... = Secure: Not set
    .... .0.. .... .... = Error: Not set
    .... 0... .... .... = Request: Not set
    ...0 .... .... .... = Encrypted Key Data: Not set
    ..0. .... .... .... = SMK Message: Not set
WPA Key Nonce: 9e4501d537bdf13a30fa17133acfd20735a741d97542c18530d06c833077a332
Key IV: 00000000000000000000000000000000
WPA Key RSC: 0000000000000000
WPA Key ID: 0000000000000000
WPA Key MIC: 00000000000000000000000000000000

 2hanshake:
Key Information: 0x010a
    .... .... .... .010 = Key Descriptor Version: AES Cipher, HMAC-SHA1 MIC (2)
    .... .... .... 1... = Key Type: Pairwise Key
    .... .... ..00 .... = Key Index: 0
    .... .... .0.. .... = Install: Not set
    .... .... 0... .... = Key ACK: Not set
    .... ...1 .... .... = Key MIC: Set
    .... ..0. .... .... = Secure: Not set
    .... .0.. .... .... = Error: Not set
    .... 0... .... .... = Request: Not set
    ...0 .... .... .... = Encrypted Key Data: Not set
    ..0. .... .... .... = SMK Message: Not set
WPA Key Nonce: 7460b9d95fb0b4a4e0660a437a8558812e6e6c10b23355854e738b04a0f3146f
Key IV: 00000000000000000000000000000000
WPA Key RSC: 0000000000000000
WPA Key ID: 0000000000000000
WPA Key MIC: bce61494be0e381a9cbcd0e463102c11
WPA Key Data: 30140100000fac020100000fac040100000fac020000
    Tag: RSN Information
        Tag Number: RSN Information (48)
        Tag length: 20
        RSN Version: 1
        Group Cipher Suite: 00:0f:ac (Ieee 802.11) TKIP
            Group Cipher Suite OUI: 00:0f:ac (Ieee 802.11)
            Group Cipher Suite type: TKIP (2)
        Pairwise Cipher Suite Count: 1
        Pairwise Cipher Suite List 00:0f:ac (Ieee 802.11) AES (CCM)
            Pairwise Cipher Suite: 00:0f:ac (Ieee 802.11) AES (CCM)
                Pairwise Cipher Suite OUI: 00:0f:ac (Ieee 802.11)
                Pairwise Cipher Suite type: AES (CCM) (4)
        Auth Key Management (AKM) Suite Count: 1
        Auth Key Management (AKM) List 00:0f:ac (Ieee 802.11) PSK
            Auth Key Management (AKM) Suite: 00:0f:ac (Ieee 802.11) PSK
                Auth Key Management (AKM) OUI: 00:0f:ac (Ieee 802.11)
                Auth Key Management (AKM) type: PSK (2)
        RSN Capabilities: 0x0000
            .... .... .... ...0 = RSN Pre-Auth capabilities: Transmitter does not support pre-authentication
            .... .... .... ..0. = RSN No Pairwise capabilities: Transmitter can support WEP default key 0 simultaneously with Pairwise key
            .... .... .... 00.. = RSN PTKSA Replay Counter capabilities: 1 replay counter per PTKSA/GTKSA/STAKeySA (0x0)
            .... .... ..00 .... = RSN GTKSA Replay Counter capabilities: 1 replay counter per PTKSA/GTKSA/STAKeySA (0x0)
            .... .... .0.. .... = Management Frame Protection Required: False
            .... .... 0... .... = Management Frame Protection Capable: False
            .... ...0 .... .... = Joint Multi-band RSNA: False
            .... ..0. .... .... = PeerKey Enabled: False
            ..0. .... .... .... = Extended Key ID for Individually Addressed Frames: Not supported

3hanshake:
802.1X Authentication
    Version: 802.1X-2001 (1)
    Type: Key (3)
    Key Descriptor Type: EAPOL RSN Key (2)
    .... .... .... .010 = Key Descriptor Version: AES Cipher, HMAC-SHA1 MIC (2)
    .... .... .... 1... = Key Type: Pairwise Key
    .... .... ..00 .... = Key Index: 0
    .... .... .1.. .... = Install: Set
    .... .... 1... .... = Key ACK: Set
    .... ...1 .... .... = Key MIC: Set
    .... ..1. .... .... = Secure: Set
    .... .0.. .... .... = Error: Not set
    .... 0... .... .... = Request: Not set
    ...1 .... .... .... = Encrypted Key Data: Set
    ..0. .... .... .... = SMK Message: Not set

    WPA Key Nonce: 9e4501d537bdf13a30fa17133acfd20735a741d97542c18530d06c833077a332
    Key IV: 00000000000000000000000000000000
    WPA Key RSC: df0b000000000000
    WPA Key ID: 0000000000000000
    WPA Key MIC: 0c904248df4cb58119561536b6a5f9f4
    WPA Key Data Length: 80
    WPA Key Data: 0187687631b588f887a3be70d0b59ec439a8e70e78f3678aef6de229550af19b91696d91…

4hanshake:
Key Information: 0x030a
    .... .... .... .010 = Key Descriptor Version: AES Cipher, HMAC-SHA1 MIC (2)
    .... .... .... 1... = Key Type: Pairwise Key
    .... .... ..00 .... = Key Index: 0
    .... .... .0.. .... = Install: Not set
    .... .... 0... .... = Key ACK: Not set
    .... ...1 .... .... = Key MIC: Set
    .... ..1. .... .... = Secure: Set
    .... .0.. .... .... = Error: Not set
    .... 0... .... .... = Request: Not set
    ...0 .... .... .... = Encrypted Key Data: Not set
    ..0. .... .... .... = SMK Message: Not set
WPA Key Nonce: 0000000000000000000000000000000000000000000000000000000000000000
Key IV: 00000000000000000000000000000000
WPA Key RSC: 0000000000000000
WPA Key ID: 0000000000000000
WPA Key MIC: 00f4f175e65a985de56bbf672505ab10
WPA Key Data Length: 0 

 wpa-psk/wpa2-psk、wpa/wpa2、wep的区别?

http://www.lotpc.com/lyqzs/5171.html

追梦-北极星
关注
专栏目录
wpa_supplicant 状态机的切换以及事件驱动
Zach-Zona的博客
09-29 7955
wpa_supplicant 状态机的切换 adb logcat | findstr "wpa_supplicant:.wlan0:.State:" 1.一次打开WIFI自动连接的过程 09-29 20:53:59.796  4882  4882 D wpa_supplicant: wlan0: State: DISCONNECTED -> DISCONNECTED 09-29 2
Linux WIFI系列协议--802.11n-增强高吞吐量简称HT--600Mbit
最新发布
m0_74282605的博客
03-06 632
一些区分HT STA和非HT STA的物理层特性被称为多输入、多输出(MIMO)操作,空间多路复用(SM),空间映射(包括发射波束形成),空时分组编码(STBC),低密度奇偶校验(LDPC)编码和天线选择(ASEL)。高吞吐量的位设置为1时,表明AP由这个BSSID HT AP包括HT功能元素的Beacons,HT功能元素的内容是相同元素的广播的HT功能AP发送报告。使用前导训练字段来测量信道,用于包含训练字段的物理层收敛过程(PLCP)协议数据单元(PPDU)的数据部分的解调之外的目的。
wpa_supplicant状态机
一个Android菜鸟的博客
01-15 1926
wpa_supplicant状态机 像WAPI、EAP之类在关联之前也会进行认证。 DISCONNECTED 此状态表明客户端未关联,但是可能开始寻找接入点。 连接断开时进入此状态。 INACTIVE 如果没有启用的网络,则进入此状态 , wpa_supplicant没有尝试与新的 网络和外部互动,wpa_supplicant是disabled INTERFACE_DISABLED 如果禁用网络接口,则进入此状态。 wpa_supplicant拒绝任何会 使用无线电,直到启用接口为止。 AUTH
wpa_supplicant EAP状态机分析
htt789的博客
01-29 968
wpa_supplicant EAP状态机分析
wpa_supplicant EAPOL状态机分析
htt789的博客
01-30 909
wpa_supplicant EAPOL状态机分析
wpa_cli_with_wpa_supplicant_编译和使用指导文档.pdf
03-11
本篇文档主要讲述了如何使用wpa_cli工具与wpa_supplicant程序进行WiFi网络的连接操作,尤其针对君正T31平台移植rtl8188 WiFi模块时可能遇到的问题进行了详细说明和解决方案的提供。文档主要分为两部分内容:编译wpa_...
wpa_supplicant_8 源码
10-28
《深入剖析wpa_supplicant_8源码:无线网络安全连接的核心》 在无线网络的世界里,wpa_supplicant是一个至关重要的组件,它负责处理无线网络的连接与安全认证。本资源提供的是wpa_supplicant_8的源码,对于那些想要...
wpa_supplicant-2.7.tar.gz
06-08
wpa_supplicant的职责包括进行身份验证、密钥协商以及管理无线接口的连接状态。它的设计使得它可以与其他系统组件(如DHCP客户端、网络管理工具等)无缝集成,为用户提供了一个安全、稳定的无线网络环境。 在这个...
wpa_supplicant-2.9.zip
06-13
wpa_supplicant-2.9.zip:配置与管理WiFi热点的详解》 wpa_supplicant是一款开源且功能强大的无线网络认证客户端,广泛应用于Linux、Android等操作系统中,用于处理Wi-Fi连接。在这个名为“wpa_supplicant-2.9....
wpa_supplicant 移植
zhanzheng520的专栏
11-28 2449
http://blog.chinaunix.net/uid-24517893-id-372286.html 客户要使用realtek的wifi usb dongle(rtl8712_8188_8191_8192SU_usb_linux_v2.6.6.0.20101111),需要移植驱动和 wpa_supplicant(wpa_supplicant-0.7.3),另外也需要openssl
wpa_supplicant 笔记
hellolwl的专栏
04-16 1643
原文地址:http://hi.baidu.com/leran0222/item/a4b33b77923ecd44ef1e53fc 来自于wpa_supplicant-devel文档 2、代码结构 核心功能、通用辅助功能、加密功能、TLS库、配置、控制接口、WPA提供者、EAP点、EAPOL提供、窗口端口和测试程序。 wpa_supplicant的实现被分成几个独立的模块。核心代码功能包
忆龙2009:细节看802.1x supplicant 状态机
忆龙2009
12-19 4041
        本文以客户端周期性收到交换机的EAP-IDENTITY REQUEST报文为例,从细节看2001版本及2004版本的区别。这也顺带解答网友yangffjj的提问。       注意:本文讨论的是SUPPLICANT状态机,而不是AUTHENTICATOR状态机,也就是观察的角度是从客户端来看的,因此您需要特别注意您所处的角度,否则您一定会质疑本文所提到的流程。      
RSN Informatioon Element
走在路上
07-30 788
WLAN RSN介绍
CWSP -RSN Information Element
lixiangminghate的专栏
03-08 755
RSN-IE (Robust Security Network Information Element) is an optional field of variable length that can be found in 802.11 management frames.RSN element has an element ID of48& present in below di...
无线局域网:Alpine linuxarm64使用wpa_supplicant连接到无线局域网
02-28
在Alpine Linux中,`wpa_supplicant`的配置文件通常位于`/etc/wpa_supplicant/wpa_supplicant.conf`。在这个文件中,每条网络配置都以`network=`开头,例如: ```conf network={ ssid="你的网络名称" psk="你的...
ciscoAP配置
凯歌响起的博客
08-15 1万+
ciscoAP的配置,一些实践。
有关802.11的Beacon帧
热门推荐
网络知识精读
02-16 5万+
Beacon帧是802.11中一个周期性的帧,Beacon周期调高,对应睡眠周期拉长,故节能(即越来休息100ms再起来发一个包,现在休息200ms再起来发一个包这样),不够节能意味着本身就没有什么接入速率的要求。Beacon周期调低,发送beacon较为频繁,适合漫游之类的环境,可以高速切换到功率高,性能好的AP身上。这里主要讨论了Beacon中具体的组成。
AuthenticationManager 认证原理分析 (Spring Security)
qq_44815020的博客
12-24 2410
这里写目录标题说明概述代码执行流程认证函数执行流程图总结 说明 AuthenticationManager 是 Spring Security提供的一套认证服务 类运行流程图: 概述 上述是AuthenticationManager 认证流程的类流程,现在咱们逐个分析这些类 1.SysLoginController:登录控制器 2.SysLoginService 登录业务类 3. WebSecurityConfigurerAdapter:网络安全配置器适配器 AuthenticationMa
hostapd wpa_supplicant madwifi详细分析(十三)——EAPOL(802.1X-2004/IEEE Std 802.1X-2010)
奔跑的路
08-07 5862
这篇文章主要介绍EAPOL,关于它的详细定义可以到802.1X-2004/IEEE Std 802.1X-2010两个文档里面查询。 如果有阅读前面一篇文章,应该会了解EAPOL在局域网中是用来为EAP服务的,它主要用来装载EAP数据包,完成802.1x的认证过程。EAPOL也工作在LLC层,现在我们来了解一下。 一、总概 1.使用范围 为了让无线局域网中的设备能够安全的连接通信,802.
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值