[WireGuard] Session Key Extraction & Request for Dissector

Jason A. Donenfeld Jason at zx2c4.com
Thu Aug 25 00:51:19 CEST 2016


On Thu, Aug 25, 2016 at 12:40 AM, Jason A. Donenfeld <Jason at zx2c4.com> wrote:
> The first value is the index, which should...

Small improvement:

# ./extract-keys wg0
0xe25d9516 IHHXzJVLOm2fw6J4dGsVDNUH4l6plYw70b0IozmH8KQ=
0xd29e7538 D7ZiiRXaVA+UXNT3FBoAiKCu+3eSrp/fHCz0KisxaVk=
0x90c99abb EI33BYVaI0rziFUxvLBsVM8z6glhW7tLWR7+MTAe43s=
0x9540a866 yAjjnONW6TGrZm/tdrg7KIAZ2ipxn/YqWSba4lh377U=

The first field is the index. The second field is the key. If you see
a packet with the index, decrypt it with the key. Plain and simple.
This actually amounts to printing out:

    REMOTE_KEY_ID SENDING_KEY
    LOCAL_KEY_ID RECEIVING_KEY

But from the point of view of a dissector it doesn't really matter.
See a packet, match the index, decrypt the payload.


More information about the WireGuard mailing list