TEST CASE #1 HASH THE PASSWORD TO GET PMK, GMK IS RANDOM Passphrase = ThisIsAPassword SSID = ThisIsASSID pmk (hashed) = 0d c0 d6 eb 90 55 5e d6 41 97 56 b9 a1 5e c3 e3 20 9b 63 df 70 7d d5 08 d1 45 81 f8 98 27 21 af gmk (random) = 92 09 fb 91 8e de ea 3c 6d c7 05 42 b8 72 04 df 90 e2 ea 3c d5 6c 7e 2b 25 98 c1 81 d8 38 c2 65 CONVERT {PMK, Auth_Addr, Supplicant_Addr, ANONCE, SNONCE} to PTK auth_addr = 01 02 03 04 05 06 supp_addr = 06 65 64 63 62 61 anonce = 00 01 02 03 04 05 06 07 10 11 12 13 14 15 16 17 20 21 22 23 24 25 26 27 30 31 32 33 34 35 36 37 snonce = f0 f1 f2 f3 f4 f5 f6 f7 e0 e1 e2 e3 e4 e5 e6 e7 d0 d1 d2 d3 d4 d5 d6 d7 c0 c1 c2 c3 c4 c5 c6 c7 ptk = 96 bc bb 9c 5d bd 3f 90 d7 e4 06 48 0e 22 30 bc 09 37 cf 12 2c ea cc aa 3e 05 27 cf 56 86 ac 03 40 c5 53 0c 9e 56 d8 ec 6f 34 5f 50 5e 87 91 73 64 91 9c 89 12 20 f3 e8 6d 3d e0 4e 17 d9 bf 8c mk = 96 bc bb 9c 5d bd 3f 90 d7 e4 06 48 0e 22 30 bc ek = 09 37 cf 12 2c ea cc aa 3e 05 27 cf 56 86 ac 03 tk1 = 40 c5 53 0c 9e 56 d8 ec 6f 34 5f 50 5e 87 91 73 tk2 TKIP only =64 91 9c 89 12 20 f3 e8 6d 3d e0 4e 17 d9 bf 8c CONVERT {GMK, Auth_Address, GNONCE} to GTK auth_addr = 01 02 03 04 05 06 gnonce = 50 51 52 53 54 55 56 57 60 61 62 63 64 65 66 67 70 71 72 73 74 75 76 77 80 81 82 83 84 85 86 87 gtk = 07 5e 20 a6 9d 2a 29 63 85 28 56 61 6b 35 38 a0 cf b6 2d ad e1 54 cf 96 1a 04 a3 48 13 96 08 8c group_tk1 = 07 5e 20 a6 9d 2a 29 63 85 28 56 61 6b 35 38 a0 group_tk2 TKIP only =cf b6 2d ad e1 54 cf 96 1a 04 a3 48 13 96 08 8c MAP THE PTK TO TKIP KEY and MIC KEY MIC_KEY = 6d 3d e0 4e 17 d9 bf 8c ENCRYPTION_KEY =40 c5 53 0c 9e 56 d8 ec 6f 34 5f 50 18 df ff bf GET THE MSDU AND ADDRESSES MSDU = aa aa 03 00 00 00 08 00 45 00 00 4e 66 1a 00 00 80 11 be 64 0a 00 01 22 0a ff ff ff 00 89 00 89 00 3a 00 00 80 a6 01 10 00 01 00 00 00 00 00 00 20 45 43 45 4a 45 48 45 43 46 43 45 50 46 45 45 49 45 46 46 43 43 41 43 41 43 41 43 41 43 41 41 41 00 00 20 00 01 MSDU Length = 86 sa = 06 65 64 63 62 61 ta = 06 65 64 63 62 61 ra = 01 02 03 04 05 06 da = 01 02 03 04 05 06 bssid = 01 02 03 04 05 06 CALCULATE MIC OVER MSDU MIC Key = 6d 3d e0 4e 17 d9 bf 8c MIC = 88 79 65 c7 dd 5f 9b c4 MSDU with MIC = aa aa 03 00 00 00 08 00 45 00 00 4e 66 1a 00 00 80 11 be 64 0a 00 01 22 0a ff ff ff 00 89 00 89 00 3a 00 00 80 a6 01 10 00 01 00 00 00 00 00 00 20 45 43 45 4a 45 48 45 43 46 43 45 50 46 45 45 49 45 46 46 43 43 41 43 41 43 41 43 41 43 41 41 41 00 00 20 00 01 88 79 65 c7 dd 5f 9b c4 PROCESS 2 FRAGMENTS fragmentation_threshold = 47 FRAGMENT #0 fc = 0x4108 duration = 0x0123 qos_ctl = 0x0000 header_length = 24 payload_length = 55 PN = 0x123456785BA0 RSN Header = a0 7b 5b 20 78 56 34 12 fragment data =aa aa 03 00 00 00 08 00 45 00 00 4e 66 1a 00 00 80 11 be 64 0a 00 01 22 0a ff ff ff 00 89 00 89 00 3a 00 00 80 a6 01 10 00 01 00 00 00 00 00 MPDU = 08 41 23 01 01 02 03 04 05 06 06 65 64 63 62 61 01 02 03 04 05 06 00 00 a0 7b 5b 20 78 56 34 12 aa aa 03 00 00 00 08 00 45 00 00 4e 66 1a 00 00 80 11 be 64 0a 00 01 22 0a ff ff ff 00 89 00 89 00 3a 00 00 80 a6 01 10 00 01 00 00 00 00 00 mpdu_length = 79 MIX the TK1, PN and ta to get an RC4 Key TK1 = 40 c5 53 0c 9e 56 d8 ec 6f 34 5f 50 18 df ff bf ta = 06 65 64 63 62 61 rc4Key = a0 7b 5b 99 66 00 dd a9 e9 43 e5 ef bc a9 73 d2 Cipherstream = 80 83 80 e3 b9 1d b6 24 0e 39 f9 0e b9 06 d9 73 1d 1c 82 02 9d 4c 21 18 bf 9c 43 69 6e 35 fc 63 d3 a0 58 33 bf 98 bb 5a 5a 2f 57 de f9 25 5b CRC = 91 c0 cd 01 protected MPDU =08 41 23 01 01 02 03 04 05 06 06 65 64 63 62 61 01 02 03 04 05 06 00 00 a0 7b 5b 20 78 56 34 12 2a 29 83 e3 b9 1d be 24 4b 39 f9 40 df 1c d9 73 9d 0d 3c 66 97 4c 20 3a b5 63 bc 96 6e bc fc ea d3 9a 58 33 3f 3e ba 4a 5a 2e 57 de f9 25 5b 91 c0 cd 01 FRAGMENT #1 fc = 0x4108 duration = 0x0123 qos_ctl = 0x0000 header_length = 24 payload_length = 55 PN = 0x123456785BA1 RSN Header = a1 7b 5b 20 78 56 34 12 fragment data =00 20 45 43 45 4a 45 48 45 43 46 43 45 50 46 45 45 49 45 46 46 43 43 41 43 41 43 41 43 41 43 41 41 41 00 00 20 00 01 88 79 65 c7 dd 5f 9b c4 MPDU = 08 41 23 01 01 02 03 04 05 06 06 65 64 63 62 61 01 02 03 04 05 06 01 00 a1 7b 5b 20 78 56 34 12 00 20 45 43 45 4a 45 48 45 43 46 43 45 50 46 45 45 49 45 46 46 43 43 41 43 41 43 41 43 41 43 41 41 41 00 00 20 00 01 88 79 65 c7 dd 5f 9b c4 mpdu_length = 79 MIX the TK1, PN and ta to get an RC4 Key TK1 = 40 c5 53 0c 9e 56 d8 ec 6f 34 5f 50 18 df ff bf ta = 06 65 64 63 62 61 rc4Key = a1 7b 5b 19 fd fd cd 85 f5 f7 17 14 8d 77 73 09 Cipherstream = f5 71 81 e4 64 50 e2 77 da f6 c9 db 5f 27 71 f3 27 11 88 82 5f 53 bb 2e 61 c8 e1 1f 80 90 93 0e ce e1 4c ce ff 76 32 fd 7d ba d8 2e 91 af 91 CRC = 28 63 fd a8 protected MPDU =08 41 23 01 01 02 03 04 05 06 06 65 64 63 62 61 01 02 03 04 05 06 01 00 a1 7b 5b 20 78 56 34 12 f5 51 c4 a7 21 1a a7 3f 9f b5 8f 98 1a 77 37 b6 62 58 cd c4 19 10 f8 6f 22 89 a2 5e c3 d1 d0 4f 8f a0 4c ce df 76 33 75 04 df 1f f3 ce 34 55 28 63 fd a8