This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Unable To Save Decryption Keys

0

I am running Wireshark 1.8.2 on a Windows 7 x64 client and I am trying to add a new wireless decription key for WPA-PWD. After specifying the type, passphrase and SSID, I click the Ok button and the key shows up in the "Decryption Key Management" window as a new key. I then click the Ok button which closes the window but then when I go back to the decryption keys, it is gone. How do I save the encryption keys? Is there a Registry entry that I can manually create?

Thanks in advance for any help you can provide.

asked 06 Dec '12, 09:39

eagle3089's gravatar image

eagle3089
1222
accept rate: 0%

One Answer:

0

The keys should be saved, at least that's what my version of Wireshark does.

Anyway: The keys are stored in this file:

%APPDATA%\Wireshark\80211_keys

or

%APPDATA%\Wireshark\profiles\xxxx\80211_keys

where xxxx is the name of your pofile. The syntax of the file is like this:

# This file is automatically generated, DO NOT MODIFY.
"wep","01:02:03:04:05:06"
"wep","02:02:02:02:02:02"

Instead of wep, you can use whatever is available in the drop-down list in the GUI. The key format is as shown in the GUI (Preferences).

Regards
Kurt

answered 06 Dec '12, 10:01

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Thanks Kurt but after modifying the file, when I started Wireshark, I got an error as shown in the following screen shot.

alt text

The entry I made was as follows.

"wpa-pwd","MyPassphrase","MySSID"

What is the propper syntax for a WPA-PWD entry?

(06 Dec '12, 10:32) eagle3089

according to the code, the key should be in this format.

WPA-PWD should be in the form
<key data>[:<ssid>]

So, the file should be:

"wpa-pwd","MyPassphrase:MySSID"

However, Wireshark 1.8.4 does not accept that format, so there seems to be a bug in the key parsing function or the wrong string is passed to that function.

airpdcap.c:parse_key_string()

Please file a bug report at bugs.wireshark.org.

Regards
Kurt

(06 Dec '12, 14:35) Kurt Knochner ♦

Hi Kurt. I will go ahead and get a bug filed as you suggested. However, I will be flying cross country to a customer site next month to troubleshoot wireless networking issues they are having between their access points and our product and will need to be able to decrypt the traffic (they are using WPA-PWD). Is there an older version that works?

Thanks for the help.

(07 Dec '12, 07:34) eagle3089

1.6.12 seems to be working. The key is entered in a different way, but it is stored correctly in the preferences file.

wlan.wep_key1: wpa-pwd:mypasswd:myssi

(07 Dec '12, 07:43) Kurt Knochner ♦

I have the same problem still with 1.8.5 are there any updates to this?

(20 Feb '13, 10:09) wmann