# [SOLVED] WPA: 4-Way Handshake failed

## fberger

Hi,

I have problems connecting to a particular wifi acces point. Generally, wifi works fine on my machine. The setup is:

```
lspci:

03:03.0 Ethernet controller: Atheros Communications Inc. AR2413 802.11bg NIC (rev 01)

lsmod:

Module                  Size  Used by

ath5k                 124082  0 

ath                     6632  1 ath5k

led_class               1715  1 ath5k
```

I am able to connect to most wifi networks using

```
ifconfig wlan0 up

wpa_supplicant -B -c/path/to/wpas.conf -iwlan0

dhcpcd wlan0
```

The scan of the problematic access point is

```
Cell 01 - Address: 00:27:19:FD:CA:94

          Channel:1

          Frequency:2.412 GHz (Channel 1)

          Quality=36/70  Signal level=-74 dBm  

          Encryption key:on

          ESSID:"XXXXXXXXX"

          Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6 Mb/s

                    12 Mb/s; 24 Mb/s; 36 Mb/s

          Bit Rates:9 Mb/s; 18 Mb/s; 48 Mb/s; 54 Mb/s

          Mode:Master

          Extra:tsf=000000060c9d0181

          Extra: Last beacon: 599ms ago

          IE: Unknown: 000841414A5F574C414E

          IE: Unknown: 010882848B960C183048

          IE: Unknown: 030101

          IE: Unknown: 2A0100

          IE: Unknown: 32041224606C

          IE: IEEE 802.11i/WPA2 Version 1

              Group Cipher : CCMP

              Pairwise Ciphers (1) : CCMP

              Authentication Suites (1) : PSK

             Preauthentication Supported

          IE: Unknown: DD0900037F01010008FF7F

          IE: Unknown: DD1A00037F0301000000002719FDCA94022719FDCA9414003C000808
```

wpa_supplicant.conf:

```
network={

        ssid="XXXXXXXX"

        psk=<psk is verified and correct>

        proto=WPA2

}
```

When trying connect to the AP, wpa_supplicant gets stuck in an infinite loop. Here is an excerpt:

```
...

State: DISCONNECTED -> SCANNING

Starting AP scan (broadcast SSID)

Scan requested (ret=0) - scan timeout 30 seconds

RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])

RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added

Wireless event: cmd=0x8b19 len=8

Received 3891 bytes of scan results (9 BSSes)

CTRL-EVENT-SCAN-RESULTS 

Selecting BSS from priority group 0

Try to find WPA-enabled AP

0: 00:27:19:fd:ca:94 ssid='XXXXXXXX' wpa_ie_len=0 rsn_ie_len=20 caps=0x11

   skip - SSID mismatch

   skip - SSID mismatch

   skip - SSID mismatch

   selected based on RSN IE

   selected WPA AP 00:27:19:fd:ca:94 ssid='XXXXXXXX'

Trying to associate with 00:27:19:fd:ca:94 (SSID='XXXXXXXX' freq=2412 MHz)

Cancelling scan request

WPA: clearing own WPA/RSN IE

Automatic auth_alg selection: 0x1

RSN: using IEEE 802.11i/D9.0

WPA: Selected cipher suites: group 16 pairwise 16 key_mgmt 2 proto 2

WPA: clearing AP WPA IE

WPA: set AP RSN IE - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 01 00

WPA: using GTK CCMP

WPA: using PTK CCMP

WPA: using KEY_MGMT WPA-PSK

WPA: Set own WPA IE default - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 00 00

No keys have been configured - skip key clearing

wpa_driver_wext_set_drop_unencrypted

State: SCANNING -> ASSOCIATING

wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)

WEXT: Operstate: linkmode=-1, operstate=5

wpa_driver_wext_associate

wpa_driver_wext_set_psk

Setting authentication timeout: 10 sec 0 usec

EAPOL: External notification - EAP success=0

EAPOL: External notification - EAP fail=0

EAPOL: External notification - portControl=Auto

RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])

RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added

Wireless event: cmd=0x8b06 len=8

RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])

RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added

Wireless event: cmd=0x8b04 len=12

RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])

RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added

Wireless event: cmd=0x8b1a len=16

RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])

RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added

RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])

RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added

Wireless event: cmd=0x8c08 len=24

AssocResp IE wireless event - hexdump(len=16): 01 08 82 84 8b 96 0c 18 30 48 32 04 12 24 60 6c

RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])

RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added

Wireless event: cmd=0x8b15 len=20

Wireless event: new AP: 00:27:19:fd:ca:94

Association info event

resp_ies - hexdump(len=16): 01 08 82 84 8b 96 0c 18 30 48 32 04 12 24 60 6c

State: ASSOCIATING -> ASSOCIATED

wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)

WEXT: Operstate: linkmode=-1, operstate=5

Associated to a new BSS: BSSID=00:27:19:fd:ca:94

No keys have been configured - skip key clearing

Associated with 00:27:19:fd:ca:94

WPA: Association event - clear replay counter

WPA: Clear old PTK

EAPOL: External notification - portEnabled=0

EAPOL: External notification - portValid=0

EAPOL: External notification - EAP success=0

EAPOL: External notification - portEnabled=1

EAPOL: SUPP_PAE entering state CONNECTING

EAPOL: SUPP_BE entering state IDLE

Setting authentication timeout: 10 sec 0 usec

Cancelling scan request

RX EAPOL from 00:27:19:fd:ca:94

Setting authentication timeout: 10 sec 0 usec

IEEE 802.1X RX: version=1 type=3 length=95

  EAPOL-Key type=2

  key_info 0x8a (ver=2 keyidx=0 rsvd=0 Pairwise Ack)

  key_length=16 key_data_length=0

  replay_counter - hexdump(len=8): 00 00 00 00 00 00 00 01

  key_nonce - hexdump(len=32): af a0 0b 03 51 8b 24 56 a1 2b 35 21 8f 94 94 85 27 26 76 33 6c 7e b0 cf 2f 14 19 

  key_iv - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

  key_rsc - hexdump(len=8): 00 00 00 00 00 00 00 00

  key_id (reserved) - hexdump(len=8): 00 00 00 00 00 00 00 00

  key_mic - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

State: ASSOCIATED -> 4WAY_HANDSHAKE

WPA: RX message 1 of 4-Way Handshake from 00:27:19:fd:ca:94 (ver=2)

RSN: msg 1/4 key data - hexdump(len=0):

WPA: Renewed SNonce - hexdump(len=32): 6d e5 7b a9 a6 3a 7e 8e b7 c8 a2 40 d1 f1 9c 6e 76 73 50 ec e1 77 84 38 0

WPA: PTK derivation - A1=00:80:48:3d:5d:60 A2=00:27:19:fd:ca:94

WPA: PMK - hexdump(len=32): [REMOVED]

WPA: PTK - hexdump(len=64): [REMOVED]

WPA: WPA IE for msg 2/4 - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 00 00

WPA: Sending EAPOL-Key 2/4

RX EAPOL from 00:27:19:fd:ca:94

IEEE 802.1X RX: version=1 type=3 length=95

  EAPOL-Key type=2

  key_info 0x8a (ver=2 keyidx=0 rsvd=0 Pairwise Ack)

  key_length=16 key_data_length=0

  replay_counter - hexdump(len=8): 00 00 00 00 00 00 00 02

  key_nonce - hexdump(len=32): af a0 0b 03 51 8b 24 56 a1 2b 35 21 8f 94 94 85 27 26 76 33 6c 7e b0 cf 2f 14 19 

  key_iv - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

  key_rsc - hexdump(len=8): 00 00 00 00 00 00 00 00

  key_id (reserved) - hexdump(len=8): 00 00 00 00 00 00 00 00

  key_mic - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

State: 4WAY_HANDSHAKE -> 4WAY_HANDSHAKE

WPA: RX message 1 of 4-Way Handshake from 00:27:19:fd:ca:94 (ver=2)

RSN: msg 1/4 key data - hexdump(len=0):

WPA: PTK derivation - A1=00:80:48:3d:5d:60 A2=00:27:19:fd:ca:94

WPA: PMK - hexdump(len=32): [REMOVED]

WPA: PTK - hexdump(len=64): [REMOVED]

WPA: WPA IE for msg 2/4 - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 00 00

WPA: Sending EAPOL-Key 2/4

RX EAPOL from 00:27:19:fd:ca:94

IEEE 802.1X RX: version=1 type=3 length=95

  EAPOL-Key type=2

  key_info 0x8a (ver=2 keyidx=0 rsvd=0 Pairwise Ack)

  key_length=16 key_data_length=0

  replay_counter - hexdump(len=8): 00 00 00 00 00 00 00 03

  key_nonce - hexdump(len=32): af a0 0b 03 51 8b 24 56 a1 2b 35 21 8f 94 94 85 27 26 76 33 6c 7e b0 cf 2f 14 19 

  key_iv - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

  key_rsc - hexdump(len=8): 00 00 00 00 00 00 00 00

  key_id (reserved) - hexdump(len=8): 00 00 00 00 00 00 00 00

  key_mic - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

State: 4WAY_HANDSHAKE -> 4WAY_HANDSHAKE

WPA: RX message 1 of 4-Way Handshake from 00:27:19:fd:ca:94 (ver=2)

RSN: msg 1/4 key data - hexdump(len=0):

WPA: PTK derivation - A1=00:80:48:3d:5d:60 A2=00:27:19:fd:ca:94

WPA: PMK - hexdump(len=32): [REMOVED]

WPA: PTK - hexdump(len=64): [REMOVED]

WPA: WPA IE for msg 2/4 - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 00 00

WPA: Sending EAPOL-Key 2/4

EAPOL: startWhen --> 0

EAPOL: disable timer tick

EAPOL: SUPP_PAE entering state CONNECTING

EAPOL: enable timer tick

EAPOL: txStart

WPA: drop TX EAPOL in non-IEEE 802.1X mode (type=1 len=0)

RX EAPOL from 00:27:19:fd:ca:94

IEEE 802.1X RX: version=1 type=3 length=95

  EAPOL-Key type=2

  key_info 0x8a (ver=2 keyidx=0 rsvd=0 Pairwise Ack)

  key_length=16 key_data_length=0

  replay_counter - hexdump(len=8): 00 00 00 00 00 00 00 04

  key_nonce - hexdump(len=32): af a0 0b 03 51 8b 24 56 a1 2b 35 21 8f 94 94 85 27 26 76 33 6c 7e b0 cf 2f 14 19 

  key_iv - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

  key_rsc - hexdump(len=8): 00 00 00 00 00 00 00 00

  key_id (reserved) - hexdump(len=8): 00 00 00 00 00 00 00 00

  key_mic - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

State: 4WAY_HANDSHAKE -> 4WAY_HANDSHAKE

WPA: RX message 1 of 4-Way Handshake from 00:27:19:fd:ca:94 (ver=2)

RSN: msg 1/4 key data - hexdump(len=0):

WPA: PTK derivation - A1=00:80:48:3d:5d:60 A2=00:27:19:fd:ca:94

WPA: PMK - hexdump(len=32): [REMOVED]

WPA: PTK - hexdump(len=64): [REMOVED]

WPA: WPA IE for msg 2/4 - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 00 00

WPA: Sending EAPOL-Key 2/4

RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])

RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added

RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])

RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added

Wireless event: cmd=0x8b15 len=20

Wireless event: new AP: 00:00:00:00:00:00

WPA: 4-Way Handshake failed - pre-shared key may be incorrect

Setting scan request: 0 sec 100000 usec

BSSID 00:27:19:fd:ca:94 blacklist count incremented to 2

CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys

wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0

wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0

wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0

wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0

wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0

State: 4WAY_HANDSHAKE -> DISCONNECTED

...
```

... and again from the top.

There's two MS Windows boxes running flawlessly with the access point. There is no MAC blocking or anything. But still WPA: 4-Way Handshake failed - pre-shared key may be incorrect - no idea why this happens.

Any pointers where to start getting this to work?

Thanks,

fberger

P.S. I hope the hexdumps above are safe to post in public.   :Wink: Last edited by fberger on Thu Nov 11, 2010 9:32 am; edited 1 time in total

----------

## d2_racing

Do you use " " when you add your passphase ?

Because you really need them.

----------

## fberger

 *d2_racing wrote:*   

> Do you use " " when you add your passphase ?

 

Yes, I do:

```
$ wpa_passphrase "test" "passphrase"

network={

   ssid="test"

   #psk="passphrase"

   psk=a8f6fbf02bfbd7ddd27249ac101487ff51c245b2c34c2efe46b6e680b367ee32

}
```

And that went >> wpa_supplicant.conf.

----------

## fberger

Alright, I've solved it.

```
network={

   ssid="test"

   #psk="passphrase"

   psk=a8f6fbf02bfbd7ddd27249ac101487ff51c245b2c34c2efe46b6e680b367ee32

}
```

does not work. However, when I give the passphrase in clear text

```
network={

   ssid="test"

   psk="passphrase"

}
```

it suddenly works.  :Confused: 

As I understand, in the latter case the actual key is computed at runtime. In theory, it shouldn't make any difference.

My guess is that it is an encoding issue, since the passphrase contains a tilde (~) character.

Regards,

fberger

----------

## d2_racing

Nice, at least it's working now  :Razz: 

----------

