Reputation: 11
4-way handshake failed with freeradius on openWrt?
I used freeradius-server on openWrt to get sim IMSI. Because I did have some sim value(rand, sres, kc),I changed the source code use fake value. It can be authenticated successfully. But in the process of 4-way handshake, it failed! It just have one handshake.
I captured some package with wireshark, anyone can help me analysis the reason or have a better way to get imsi on openWrt?
eap-sim authenticate process
handshake 1 of 4
Upvotes: 0
Views: 302
Answers (1)
Reputation: 11
I found the reason! At the begining, I do not have the sim value(RAND, sres, kc), so I create some fake value. The code need the correct msk value to build up PMK package, like these:
static int eap_sim_sendsuccess(EAP_HANDLER *handler)
{
unsigned char *p;
struct eap_sim_server_state *ess;
VALUE_PAIR **outvps;
VALUE_PAIR *newvp;
/* outvps is the data to the client. */
outvps= &handler->request->reply->vps;
ess = (struct eap_sim_server_state *)handler->opaque;
/* set the EAP_ID - new value */
newvp = paircreate(ATTRIBUTE_EAP_ID, PW_TYPE_INTEGER);
newvp->vp_integer = ess->sim_id++;
pairreplace(outvps, newvp);
p = ess->keys.msk; //**look here**!
add_reply(outvps, "MS-MPPE-Recv-Key", p, EAPTLS_MPPE_KEY_LEN);
p += EAPTLS_MPPE_KEY_LEN;
add_reply(outvps, "MS-MPPE-Send-Key", p, EAPTLS_MPPE_KEY_LEN);
return 1;
}
So, It built a wrong PMK package. The mobile phone recieved the 1/4 handshake and droped it.
Upvotes: 1
Related Questions
- FreeRadius - Failed binding to authentication address
- FreeRADIUS error Refusing to start due to insecure configuration
- FreeRADIUS doesn't receive any requests
- Freeradius extra open port
- Freeradius + Openldap ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
- Freeradius - No authenticate method found
- Freeradius server authentication issue
- Unable to authorize on FreeRADIUS
- rlm_eap error running freeradius in openwrt