Wifi TKIP on WEP/RC4 hardware - is it really possible?

You can talk about almost anything that you want to on this board.

Moderator: Moderators

Post Reply
Posts: 1199
Joined: Fri Feb 24, 2012 12:09 pm

Wifi TKIP on WEP/RC4 hardware - is it really possible?

Post by nocash » Thu Feb 07, 2019 7:07 pm

Both WEP and WPA-TKIP are using RC4 for encryption.
WPA-TKIP is having some extras (Extended IV and MIC) that were supposed to be implemented as firmware upgrade, without needing new hardware.
So far that's nice - but is it really working?

TKIP uses "Phase1" and "Phase2" functions to update the RC4 key based on the IV in the packet. If the RC4 hardware is automatically decrypting incoming packets then one must set the RC4 key in advance, and thereby, one must know the IV in advance before receiving the packet. That could be actually possible because the IV is increased by one per packet, so one could re-use the IV from previous packet plus 1.

I don't understand if or how it could work in some specific cases:

Lost Packets: How would one increment the IV in such cases? The specs say something about ignoring "out of order" packets, and increasing the "replay" in such cases (which I think it means to increment the IV, and which might help to resync after lost packets).
The problem would be that one can't receive (and decrypt) any such "out of order" packets because of the wrong IV (and thereby wrong RC4 key).
At best, the hardware might throw a "decryption error" interrupt in such cases, one could perhaps treat that as "out of order" and increment the IV accordingly, but... which IV... the IV for the pairwise key, or the IV for the group key?

RX vs TX: The "Phase1" function uses the transmitters MAC address, so one would need at least two different RC4 keys, one for client-to-AP and one for AP-to-client. To some level one could forcefully switch to using the other key before/after transmitting packets.
But that could get wrong if there are queued packets and such stuff. It might be possible to work around that, eg. by testing that there is no RX in progress before switching to TX key.

Access Points: The AP needs to have different pairwise keys for each network member, but the original WEP/RC4 hardware wasn't designed to support such things. So a firmware upgrade for access points would be even more difficult than firmware upgrades for client side.

Alltoghether I can't see how TKIP could have ever been implemented as firmware upgrade. At least not if the hardware is automatically applying RC4 decryption on the fly, without allowing to examine the packet header & change the RC4 key before decryption.

Post Reply