ESP32 IEEE802.11 payload encryption and decryption API

Ankit Siddhapura
Posts: 21
Joined: Sat Jun 30, 2018 1:04 pm

ESP32 IEEE802.11 payload encryption and decryption API

Postby Ankit Siddhapura » Thu Jul 05, 2018 1:43 pm

Hi,
I have developed sample WiFi sniffer application using esp32 promiscuous mode functionality.
able to receive packets successfully, Now my query is how can I check that received payload is encrypted or not?

Is it possible to decrypt packets, received using promiscuous mode received callback function?

Thank you,
Ankit Siddhapura

Xarlan
Posts: 12
Joined: Tue Jul 10, 2018 3:09 pm

Re: ESP32 IEEE802.11 payload encryption and decryption API

Postby Xarlan » Mon Dec 24, 2018 9:32 am

Hi
Now my query is how can I check that received payload is encrypted or not?
Look at the MAC header -> Frame Control -> Protected Frame Field
However, this bit indicate only thst frame is encrypted, but what type of encryption - WEP/WPA/WPA2 - has no information

Question continued
for example, I know the password/key in the current Wi-Fi network.
Does IDF has function like wpa2_decrypt(*message, *wpa2_key) to decrypte received frame?

Thank you

Ritesh
Posts: 1383
Joined: Tue Sep 06, 2016 9:37 am
Location: India
Contact:

Re: ESP32 IEEE802.11 payload encryption and decryption API

Postby Ritesh » Fri Dec 28, 2018 7:10 pm

Xarlan wrote:
Mon Dec 24, 2018 9:32 am
Hi
Now my query is how can I check that received payload is encrypted or not?
Look at the MAC header -> Frame Control -> Protected Frame Field
However, this bit indicate only thst frame is encrypted, but what type of encryption - WEP/WPA/WPA2 - has no information

Question continued
for example, I know the password/key in the current Wi-Fi network.
Does IDF has function like wpa2_decrypt(*message, *wpa2_key) to decrypte received frame?

Thank you
Hi,

I believe there should not be any function to decrypt message due to security reason at stack level still need to confirm with Espressif Team for that.
Regards,
Ritesh Prajapati

ESP_Sprite
Posts: 9772
Joined: Thu Nov 26, 2015 4:08 am

Re: ESP32 IEEE802.11 payload encryption and decryption API

Postby ESP_Sprite » Sat Dec 29, 2018 8:18 am

I don't know that much about WPA, but I wouldn't be surprised if it uses random ephemeral keys that are exchanged by something like Diffie-Helman. In that case, the keys aren't really retrievable in any fashion if you don't have access to either the AP or the client.

Xarlan
Posts: 12
Joined: Tue Jul 10, 2018 3:09 pm

Re: ESP32 IEEE802.11 payload encryption and decryption API

Postby Xarlan » Fri Jan 04, 2019 6:24 pm

I believe there should not be any function to decrypt message due to security reason at stack level still need to confirm with Espressif Team for that.
I mean use this "magic function" ( like wpa2_decrypt(*message, *wpa2_key)) to decrypt message into my wi-fi network.
For example, I have some device which connected to my router via Wi-Fi and I would like to see which data is transfered between my device and my router.

Also the question to Espressif Team
The section "Wi-Fi Sniffer Mode" https://docs.espressif.com/projects/esp ... /wifi.html
The driver don't support:
802.11 Control frame
802.11 error frame, such as the frame with a CRC error, etc.
But, in esp-idf -> esp_wifi_types.h there are a lot of "WIFI_PROMIS_*" to filter a lot of different packet (including Control Frame, etc).
Moreover, why "esp_wifi_80211_tx" can transmit only "beacon/probe request/probe response/action and non-QoS data frame"?

As I understand it is only program limitation/driver limitation. Is it possible to remove this limitation that esp32 support all type of frame and may transmit all type of frame.
For example СС3100/CC3200 http://processors.wiki.ti.com/index.php ... iver_Mode# may receive and transmit all 802.11 frame.

Thank you

Ritesh
Posts: 1383
Joined: Tue Sep 06, 2016 9:37 am
Location: India
Contact:

Re: ESP32 IEEE802.11 payload encryption and decryption API

Postby Ritesh » Sat Jan 05, 2019 5:04 pm

Xarlan wrote:
Fri Jan 04, 2019 6:24 pm
I believe there should not be any function to decrypt message due to security reason at stack level still need to confirm with Espressif Team for that.
I mean use this "magic function" ( like wpa2_decrypt(*message, *wpa2_key)) to decrypt message into my wi-fi network.
For example, I have some device which connected to my router via Wi-Fi and I would like to see which data is transfered between my device and my router.

Also the question to Espressif Team
The section "Wi-Fi Sniffer Mode" https://docs.espressif.com/projects/esp ... /wifi.html
The driver don't support:
802.11 Control frame
802.11 error frame, such as the frame with a CRC error, etc.
But, in esp-idf -> esp_wifi_types.h there are a lot of "WIFI_PROMIS_*" to filter a lot of different packet (including Control Frame, etc).
Moreover, why "esp_wifi_80211_tx" can transmit only "beacon/probe request/probe response/action and non-QoS data frame"?

As I understand it is only program limitation/driver limitation. Is it possible to remove this limitation that esp32 support all type of frame and may transmit all type of frame.
For example СС3100/CC3200 http://processors.wiki.ti.com/index.php ... iver_Mode# may receive and transmit all 802.11 frame.

Thank you
Thanks for reply.

Espressif Team can help for you query and I believe they are providing due to security reason or something like that.
Regards,
Ritesh Prajapati

Ankit Siddhapura
Posts: 21
Joined: Sat Jun 30, 2018 1:04 pm

Re: ESP32 IEEE802.11 payload encryption and decryption API

Postby Ankit Siddhapura » Thu Jan 17, 2019 1:09 pm

Hi All,
Sniffer generates key using SSID and password for given authentication mode. Online same key can be generated.

using same key I have encrypted packet using esp encrypt API and decrypting packet with same decrypt API of ESP-IDF.

I did this practice long ago, need to check once whole procedure and confirm output.

Regards,
Ankit Siddhapura

geoff2802
Posts: 1
Joined: Tue Aug 17, 2021 7:37 am

Re: ESP32 IEEE802.11 payload encryption and decryption API

Postby geoff2802 » Tue Aug 17, 2021 8:09 am

Hi,
New to this forum.
I have the same question as the OP on this thread. It doesn't seem to have been fully answered.

Is it possible to programmatically decrypt packets that were encrypted using WPA Personal? Of course I have the wifi password.
I'm using an Adafruit Huzzah32 ESP32 board and Arduino IDE. My project is home automation with Sonos.

Cheers,
Geoff.

Ritesh
Posts: 1383
Joined: Tue Sep 06, 2016 9:37 am
Location: India
Contact:

Re: ESP32 IEEE802.11 payload encryption and decryption API

Postby Ritesh » Sat Aug 28, 2021 10:41 am

geoff2802 wrote:
Tue Aug 17, 2021 8:09 am
Hi,
New to this forum.
I have the same question as the OP on this thread. It doesn't seem to have been fully answered.

Is it possible to programmatically decrypt packets that were encrypted using WPA Personal? Of course I have the wifi password.
I'm using an Adafruit Huzzah32 ESP32 board and Arduino IDE. My project is home automation with Sonos.

Cheers,
Geoff.
Yes. if you have certificates or key then it can be possible to decrypt data which are encrypted with some keys or certicate.
Regards,
Ritesh Prajapati

ESP_Sprite
Posts: 9772
Joined: Thu Nov 26, 2015 4:08 am

Re: ESP32 IEEE802.11 payload encryption and decryption API

Postby ESP_Sprite » Mon Aug 30, 2021 2:54 am

Ritesh wrote:
Sat Aug 28, 2021 10:41 am
Yes. if you have certificates or key then it can be possible to decrypt data which are encrypted with some keys or certicate.
Note that in the case of WPA Personal, 1. it depends on you having sniffed the connection start as well (as the nonce that is used in the rest of the connection encryption is exchanged there) and 2. the implementation of this is left as an exercise to the reader (as in: there's not really any code for this in ESP-IDF or Arduino). Basically, unless you're willing to dive deep into the technical details of the protocol and our WiFi logic, I posit it's not practically possible at this moment.

Who is online

Users browsing this forum: No registered users and 81 guests