securitywifihandshakewpa

wifi wpa2 security : why can't i just use data captured from the client to the AP to authenticate to the AP


So i did a lot of searching the internet on the topic of how 4 way handshake in wpa2 wifi works.

I`m still confused to why can't i just use the captured data moving from client to AP for initial fresh authentication. process: 4 way handshake

scenario i wanna create is:

client MITM AP sends auth data forwards it receives it and sends back a response

so the AP will believe the MITM to be the client.

can anyone gimme few reasons why isn't this possible. thank you


Solution

  • In the four-way handshake, the first message from the AP contains a large random number (known as a nonce, and represented as ANonce in the diagram you posted). The client combines this number with a random number they generate (called SNonce in the diagram), their MAC address, and, most importantly, a secret it shares with the AP to create whats called the PTK (Pairwise Transient Key).

    It then uses this key to "sign" its random number (SNonce), and send the SNonce+signature back to the AP. The AP uses its random number (ANonce), the number it received in that message (SNonce), the MAC address of the client who sent that message, and, again most importantly, the shared secret (which is, functionally, the WiFi password) to gererate the same PTK that the client has generated.

    If the AP is able to use the PTK it has generated to verify the signature on the message it received from the client, then it knows that the client must have known the current ANonce, the SNonce that was sent to the AP, its own MAC address, and the shared secret; otherwise, it wouldn't be able to create the same PTK. Therefore, replaying a recording of an earlier handshake won't authenticate with the AP; you will be providing a message signed with a key created from the correct shared secret, (assumedly) the right MAC address, and a valid SNonce, but with a completely different ANonce than the one the AP sent you at the start of the handshake. The AP won't be able to tell why exactly your key is wrong, but you will fail authentication regardless.

    Of course, things would be different if the AP happened to send the same ANonce that it sent in your recorded transaction. Then you would be able to successfully authenticate with your recorded data, and the AP would be none the wiser. This would be useless, however, as you still wouldn't have the keys you'd need to encrypt/decrypt data you are exchanging with the AP.