CC3000 Smart Configtransmitting SSID and keyphrase.docx
- 文档编号:10532523
- 上传时间:2023-02-21
- 格式:DOCX
- 页数:18
- 大小:25.72KB
CC3000 Smart Configtransmitting SSID and keyphrase.docx
《CC3000 Smart Configtransmitting SSID and keyphrase.docx》由会员分享,可在线阅读,更多相关《CC3000 Smart Configtransmitting SSID and keyphrase.docx(18页珍藏版)》请在冰豆网上搜索。
CC3000SmartConfigtransmittingSSIDandkeyphrase
InitiallyTIclearlydocumentedhowtheSSIDandpasswordweretransmittedtoaCC3000enableddeviceintheir "CC3000FirstTimeConfiguration" document.Howeverwith release1.10 theychangedtheapproachtoonecalledSmartConfigandnowdocumentthe API butnolongerexplainwhatishappeningatthenetworklevel.HereIcoverthismissinginformationforthenewapproach.
Solet'sstartatthestart-wehaveaproblem-wewanttosendtwopiecesofinformation,anSSIDandthekeyphrase,fromonepartythatisalreadyamemberofthewifinetworktoanexternalpartywhocanmonitoralltheencryptedwifitrafficbutwhocannotdecryptit.
Someonewhocannotdecryptthewifitrafficcanstillseequitealotofinformation,e.g.theycanseethesourceandreceiverMACaddressesofeverypacketsent.
Theycanalsoseethelengthofthedataportionofthepackets.Theencryptionaffectsthatsizeofthepacketssentbutinaconsistentmanner,e.g.ifonesends n bytesofdatainagivenpacketthentheencryptedpacketwillcontain (n+x) byteswhere x isconstantacrossallpackets.
Sothesolutiontoourproblemistoencodetheinformationinthesizeofthepacketssent(theactualcontentisirrelevant).
ThepartyonthesecurednetworkjustsendsUDPpacketswithparticularlengthstoanotherpartyonthenetwork.Thattheotherpartyisnotinterestedinreceivingthepacketsisnotimportant.
TheexternalpartycannottelldirectlythatapacketthatitislookingatcontainsUDPdata,howeverthepacketsstillincludebasictypeinformationthatallowsmanypacketstobeexcludedfromconsideration,e.g.anypacketthatisnotof802.11subtype"QoSdata"canbeexcluded.
Astheexternalpartydoesnotknowinadvancewhichwifichanneltolookatorwhichsourceandreceiveraddresspairtopayattentiontoonemust,inadditiontotheunderlyingdata,i.e.encodedSSIDetc.,sendregularrepeatingpatternsthatallowthisdatatobespotted.
WeconvertourSSIDandkeyphraseintoasequenceoftagvalues,stringlengths,nibblevaluesandseparatorsvaluesandthenencodeandtransmitallthesevaluesaspacketlengths.
Let'slookindetailatthevaluessent.
Weusetwotags-anSSIDtagwithvalue1399andakeyphrasetagwithvalue1459andonestandardseparatorsequenceconsistingoftwovalues-3followedby23.
Andweusetwoconstants,Lwithvalue28andCwithvalue593,thatwewillseeusedbelow.
SofortheSSIDthefollowingsequenceofvaluesaregeneratedinthisorder:
∙TheSSIDtag1399.
∙LplusthelengthoftheSSIDinbytes.
∙Thetwoseparatorvalues3and23.
∙ThenweloopovereachbyteoftheSSIDandgenerateasetoffourvaluesforeach:
Twovalues-one foreachnibbleofthebyte,asdescribedinthenextsection.
Followedbythetwoseparatorvalues3and23.
Valuesaregeneratedinanidenticalfashionforthekeyphrase(exceptthatthekeyphrasetag1459isusedinplaceoftheSSIDtag).
Note:
theTIAndroidlibraryandJavaappletlibrarygeneratevaluesasdescribedabove,oddlytheTIiOSlibraryproducesaslightlydifferentordering(whichclearlydoesn'taffecttheCC3000'sabilitytodecodethedata).Thisdifferencecanbeseenintheexampledatalengthdumpsshownlatter.
OncewehaveallthesevaluesthenUDPpackets,eachwithanamountofdatacorrespondingtooneofthesevalues,aresentfromthemachinerunningtheSmartConfigapplication,i.e.theonethathasgeneratedthevaluesjustdescribed,toanothersystemonthesamenetwork(currentlyalwaysthenetwork'sdefaultgateway).
Thevaluesaresentrepeatedlyuntiltheexternalparty,i.e.theCC3000enableddevice,successfullysiftsthemoutfromalltheothernetworktrafficandusesthemtoconnecttothenetwork,atwhichpointit advertisesitspresenceonthenetwork inamannerthatthetransmittingapplicationcandetectandwhichcausesittostoptransmitting.
Notethattherangeofpacketlengthsthatneedtobesupportedplacesalowerboundonthemaximumtransmissionunit(MTU)forthenetwork.CurrentlytheSmartConfigclientapplicationexpectstheMTUtobe1500orgreater(thisisareasonableexpectationonanynormalnetwork).
TheTISmartConfigreferenceimplementationresendsthefullsetofUDPpacketscorrespondingtotheSSIDandkeyphraserepeatedly.TheTIJavaappletlibrarypauses100msaftereachcompletetransmissionofthefullsetofvalues,theAndroidandiOSlibrariesdonotbotherpausing.
EncodingthecharactersoftheSSIDorkeyphrase.
IfanSSIDconsistsof n characters 0 to n-1 thenwegenerate 2n correspondingvalues.
Note:
accordingtoIEEEstandard 802.11i-2004,AnnexH.4.1,usersmayenterkeysasastringof64hexadecimaldigits(oralternativelyasapassphraseofprintableASCIIcharacters).PresumablyWEPandWPAspecifysimilarrestrictions.TheSSIDmustbeasequenceofbetween1and32bytes,thereisnomandatedcharacterset(moredetailsin thisStackOverflowanswer)andhowtheSSIDisdisplayedisleftuptotheenduserapplication(howevermanyroutersapparentlyonlyacceptprintableASCIIcharactersfortheSSID).
SoifweassumeASCIIcharactersencodedas8bitvaluestheneachvalueconsistsofahighandlownibble.
E.g.'M'inASCIIishex0x4D,thehighnibbleis0x4andthelowernibbleis0xD.
Ifwemaintainasequencenumberstartingfrom0andincrementiteachtimewegenerateavaluethenforcharacter i oftheSSID,consistingofahighandlownibbleHi andLi,wegeneratetwovalueswithsequencenumber 2i and (2i+1) respectively.Eachofthesevalueshasahighandlownibblecalculatedasfollows:
Seq.
High
Low
2i
Li-1 ^(2i%16)
Hi
2i+1
Hi ^((2i+1)%16)
Li
Notethatthevaluecontainingthehighnibbleof i isgeneratedbeforetheonecontainingthelownibbleofi.Andnotethatcaret,i.e.'^',isusedheretomean XOR,ratherthan powerof.
ThefollowingshowshowtheSSID"MyPlace"wouldbesplitupintohighandlownibbles:
'M'
'y'
'P'
'l'
'a'
'c'
'e'
Hex:
0x4D
0x79
0x50
0x6C
0x61
0x63
0x65
Nibbles:
0x4
0xD
0x7
0x9
0x5
0x0
0x6
0xC
0x6
0x1
0x6
0x3
0x6
0x5
H0
L0
H1
L1
H2
L2
H3
L3
H4
L4
H5
L5
H6
L6
Foreach4bitnibblewegenerateavaluewhoselower4bitsconsistofthenibbleitselfandwhosehigher4bitsconsistofthecurrentsequencenumberXORedwiththevalueofthepreviously usednibblevalue.WethenaddtheconstantCmentionedabove,i.e.593,toeachvaluegeneratedinthiswayandthisbecomesthelengthofthepacketthatencodessuchavalue.
Notethatthe4bitconstraintmeansthatweonlyusethelower4bitsofthecurrentsequencenumber,i.e.ifthesequencenumber S isabove15thenweuse S%16.
Thisresultsinthegenerationof14valuesforthe7characteroftheSSIDname"MyPlace"likeso:
C
h
a
r
S
e
q
→
Hi
Lo
→
Byte
Hi
Lo
→
Hi
Lo
→
Sum
→
Len
'M'
0
0x0
H0
0x4D
0x0
0x4
0x0
0x4
0x04+593
597
1
H0 ^0x1
L0
0x4^0x1
0xD
0x5
0xD
0x5D+593
686
'y'
2
L0 ^0x2
H1
0x79
0xD^0x2
0x7
0xF
0x7
0xF7+593
840
3
H1 ^0x3
L1
0x7^0x3
0x9
0x4
0x9
0x49+593
666
'P'
4
L1 ^0x4
H2
0x50
0x9^0x4
0x5
0xD
0x5
0xD5+593
806
5
H2 ^0x5
L2
0x5^0x5
0x0
0x0
0x0
0x00+593
593
'l'
6
L2 ^0x6
H3
0x6C
0x0^0x6
0x6
0x6
0x6
0x66+593
695
7
H3 ^0x7
L3
0x6^0x7
0xC
0x1
0xC
0x1C+593
621
'a'
8
L3 ^0x8
H4
0x61
0xC^0x8
0x6
0x4
0x6
0x46+593
663
9
H4 ^0x9
L4
0x6^0x9
0x1
0xF
0x1
0xF1+593
834
'c'
10
L4 ^0xA
H5
0x63
0x1^0xA
0x6
0xB
0x6
0xB6+593
775
11
H5 ^0xB
L5
0x6^0xB
0x3
0xD
0x3
0xD3+593
804
'e'
12
L5 ^0xC
H6
0x65
0x3^0xC
0x6
0xF
0x6
0xF6+593
839
13
H6 ^0xD
L6
0x6^0xD
0x5
0xB
0x5
0xB5+593
774
Thekeyphraseisencodedinthesameway,notethatthesequencenumberstartsagainfrom0whenencodingthekeyphrase,i.e.thevalueisnotcarriedoverfromencodingtheSSID.
CurrentlySmartConfigenforcesanupperlimitof32charactersonthekeyphraselength,i.e.shorterthanthemaximumlengthallowedbytherelevantWPA2standard.
Ifindtheapproachusedtoactivelyleakinformationfromasecurewirelessnetworktoanexternalparty(thatdoesnothavetherelevantnetworkkeyphrase)interestingandwouldliketohearifanyonehascomeacrossitbeforeorwhetheritisnovel?
Iaskedaboutthison StackOverflowbuthavesincemovedthe question tothesistersiteafterpeoplesuggesteditwasmoreappropriatethere.
UpdateOct21,2013:
I'venowgotatleastonegood answer.Inapaperfrom2007byP.Martincalled"Covertchannelsinsecurewirelessnetworks"youcanfindsection4.4.2"UDPPacketSizevsMACFrameSizeExperiment"thatessentiallydescribesexactlytheprocessusedbySmartConfig.ThequestionofpatentshascomeuponceortwiceinrelationtoSmartConfig(thoughnoonehaseverprovidedpointerstoanyactualpatentapplicationsorgrantedpatentnumbers).Theanswersandothercommentsonmyquestionwouldseemtosuggestthatthere'sdefinitelypriorartforthefundamentalideabehindSmartConfig.
ChoosingthedestinationfortheUDPpackets
ThecurrentlogicalwayssendstheUDPmessages,thatencodetheSSIDetc.,tothedefaultgatewayaddress.Howeveritdoesn'tactuallymatterwhataddressthey'resenttoaslongasit'stheaddressofanothermachineonthenetworkthatactuallyexistsandiscapableofreceivingpackets.Howeveritmakessensetohavedecidedonadefiniteaddress.
TheCC3000doesn'tsupportadhocnetworkssoyoua
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- CC3000 Smart Config transmitting SSID and keyphrase
链接地址:https://www.bdocx.com/doc/10532523.html