Open christophert opened 7 years ago
Thanks, I'll look into this later today for sure.
It seems like the implementation of EAPOL in the library doesn't take into account all possible packet types. I'll work on this in a few days as it's not a trivial change (e.g. there's no support for parsing the EAP part of the frames).
Any update to this?
No, I'll be having some busy next couple of weeks and given this is a decent amount of work, I don't think I'll be able to sit down and work on it until after that. Sorry for the inconvenience.
Additionally, I've noticed that the EAPOL implementation does not take into account the EAP Type (Key (3) or EAP Packet (0)) when determining RSN/RC4 EAPOL.
For example, in this capture, frame 38 is an EAP WPS Request (802.1x Type 0, EAP Code 1, EAP Type 254 (Expanded Type)) and frame 39 is an EAP WPS Response (802.1x Type 0, EAP Code 2, EAP Type 254) however it is parsed as a RC4 and RSN EAPOL packet. It seems that it should check for EAP Type 3 before parsing into RC4/RSN EAPOL?
I am using this Wireshark example capture: https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=wpsdata.cap
Yeah, the implementation surely has some issues. I haven't forgotten about this, I just haven't had time to sit down and fix it. I should have some this week so I'll try to have a look at it.
Is it possible to pull the byte payload of the layer once it's parsed at the RSN/RC4 EAPOL layer? Or would we just have to pull the full raw PDU?
You'd have to get the full raw PDU. Once the layer is parsed, the raw data is gone.
Any progress on this issue?
No updates on this and I don't have much free time so I'm not sure when I'll be able to work on it. Sorry!
I would like to put some effort into solving this issue but am not sure how to properly implement this since there doesn't seem to be much documentation on implementing this type of protocol. Are there any resources that I can look at to kickstart that?
I don't think there's any documentation on how to do that but it shouldn't be hard to infer from existing protocols. You could grab some small one like UDP for example to get an idea.
also having this issue , probably will work to fix this in the next few days, im planning to completely overhaul all the existing code for eapol so im not sure if anyone will want it
The library is unable to parse any EAPOL-Start or Identity packets included in this capture file.
The EAPOL-Start packet throws a backtrace when attempting to decode the header because of the packet indicating that the length is 0?
All the other packets seem to fail once it attempts to determine whether it is RSNEAPOL or RC4EAPOL.
eapol_malformed_libtins.pcap.zip