4-Way Handshake simulation in C#
I was doing some code in C# where I wanted to emulate a 4-way handshake
used in WPA nets. Using the Python code from this question: wpa-handshake
with python - hashing difficulties
I have translated the code from Python to C#. The generation of the PMK is
right, but for the PTK and the MIC is wrong. Here is the code:
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
using System.Threading.Tasks;
namespace ConsoleApplication1
{
class Program
{
static byte[] GetBytes(string str)
{
return System.Text.Encoding.ASCII.GetBytes(str);
}
static string getString(byte[] b)
{
return System.Text.Encoding.ASCII.GetString(b);
}
static string a2b_hex(string hexvalue)
{
StringBuilder binaryval = new StringBuilder();
for (int i = 0; i < hexvalue.Length; i++)
{
string byteString = hexvalue.Substring(i, 1);
byte b = Convert.ToByte(byteString, 16);
binaryval.Append(Convert.ToString(b, 2).PadLeft(4, '0'));
}
return binaryval.ToString();
}
static string b2a_hex(byte[] ba)
{
StringBuilder hex = new StringBuilder(ba.Length * 2);
foreach (byte b in ba)
hex.AppendFormat("{0:x2}", b);
return hex.ToString();
}
static string min(string a, string b)
{
return a.CompareTo(b) >= 0 ? b : a;
}
static string max(string a, string b)
{
return a.CompareTo(b) <= 0 ? b : a;
}
static string chr(int n) {
return ((char) n)+"";
}
static string customPRF512(byte[] key, string A, string B){
int i = 0;
string r = "";
while(i <= 4){
var hmacsha1 = new HMACSHA1(key);
string msg = A + chr(0x00) + B + chr(i);
//Console.Out.WriteLine(msg);
hmacsha1.ComputeHash(GetBytes(msg));
byte[] data = hmacsha1.Hash;
r = r + getString(data);
Console.Out.WriteLine(r);
i++;
}
return r.Substring(0, 64);
}
public static void Main(string[] passwordargs)
{
string passPhrase = "10zZz10ZZzZ";
string ssid = "Netgear 2/158";
string A = "Pairwise key expansion";
string APmac = a2b_hex("001e2ae0bdd0");
string Clientmac = a2b_hex("cc08e0620bc8");
string ANonce =
a2b_hex("61c9a3f5cdcdf5fae5fd760836b8008c863aa2317022c7a202434554fb38452b");
string SNonce =
a2b_hex("60eff10088077f8b03a0e2fc2fc37e1fe1f30f9f7cfbcfb2826f26f3379c4318");
string B =
min(APmac,Clientmac)+max(APmac,Clientmac)+min(ANonce,SNonce)+max(ANonce,SNonce);
string data =
a2b_hex("0103005ffe01090020000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000");
Rfc2898DeriveBytes pbkdf2 = new Rfc2898DeriveBytes(passPhrase,
GetBytes(ssid), 4096);
byte[] pmk = pbkdf2.GetBytes(32);
string ptk = customPRF512(pmk,A,B);
HMAC hmac = HMAC.Create();
byte[] bptk = GetBytes(ptk);
byte[] key = new byte[16];
for (int i = 0; i < 16; i++) key[i] = bptk[i];
hmac.Key = key;
byte[] mic = hmac.ComputeHash(GetBytes(data));
Console.Out.WriteLine("desired pmk:\t
01b809f9ab2fb5dc47984f52fb2d112e13d84ccb6b86d4a7193ec5299f851c48");
Console.Out.WriteLine("pmk:\t\t"+b2a_hex(pmk)+"\n");
Console.Out.WriteLine("desired
ptk:\t"+"bf49a95f0494f44427162f38696ef8b6");
Console.Out.WriteLine("ptk:\t\t"+b2a_hex(key)+"\n");
Console.Out.WriteLine("desired
mic:\t"+"45282522bc6707d6a70a0317a3ed48f0");
Console.Out.WriteLine("mic:\t\t"+b2a_hex(mic)+"\n");
Console.In.Read();
}
}
}
Can someone help me? I think the problem is in the transformation fo the
string in the PFR-512 function, but I'm not entirely sure. Thanks to
everyone that is going to help me : ))
No comments:
Post a Comment