ESP-NOW message decryption

hobbyistesp · Postby **hobbyistesp** » Sun Jul 05, 2020 12:26 pm

Hello Forum,

I'm trying to communicate between 2 ESP32 over encrypted ESP-NOW.
For the test I use both PMK & LMK of all zeros, the communication works and Wireshark shows me the frame:

Code: Select all

0000   00 00 12 00 2e 48 00 00 10 02 8f 09 a0 00 bc 00
0010   00 00 d0 40 3a 01 30 ae a4 45 4a a4 24 0a c4 1d
0020   58 68 ff ff ff ff ff ff 10 00 01 00 00 e0 00 00
0030   00 00 b9 a2 58 74 d2 02 d2 fe 90 67 f8 6a 63 cd
0040   0a 1b 35 5a 2c b6 b5 0a ba ca 99 02 eb c1 33 cd
0050   19 34 84 ee 21 ef fc ef 38 9b 97 d9 f5

with following parts to detect:
MAC-Header (starting at offset 0x12) :

Code: Select all

d0 40 
3a 01 
30 ae a4 45 4a a4 
24 0a c4 1d 58 68 
ff ff ff ff ff ff 
10 00

followed by CCMP-Header:

Code: Select all

01 00 00 e0 00 00 00 00

Encrypted data:

Code: Select all

b9 a2 58 74 d2 02 d2 fe
90 67 f8 6a 63 cd 0a 1b
35 5a 2c b6 b5 0a ba ca
99 02 eb c1 33 cd 19 34
84 ee 21

And finally, 8 bytes of MIC:

Code: Select all

ef fc ef 38 9b 97 d9 f5

My question is, how can I decrypt this message outside of the ESP?

The documentation states

ESP-NOW uses the CCMP method, which is described in IEEE Std. 802.11-2012, to protect the vendor-specific action frame

and

PMK is used to encrypt LMK with the AES-128 algorithm

so, I'm initializing AES with the PMK and process LMK trough it. Resulting key is

Code: Select all

66 e9 4b d4 ef 8a 2c 3b 88 4c fa 59 ca 34 2b 2e

and I can also find this key in the ESP32's internal memory structures.
My next step - again initialize AES with this key and process the frame according to CCMP algorithm. Unfortunately, this does not work, decryption does not result in original message. I'm using the NONCE of

Code: Select all

10 24 0a c4 1d 58 68 00 00 00 00 00 01

what gives AES input vector of

Code: Select all

01 10 24 0a c4 1d 58 68 00 00 00 00 00 01 00 ii

for every 16-byte block 01, 02 and 03.
Please help me finding the error!
Do I initialize the AES with the right key? Is the input vector correct?

Thanks in advance!

hobbyistesp · Postby **hobbyistesp** » Sun Oct 18, 2020 12:00 pm

Hi,

unfortunately no response/information from Espressif since 3 month.
Please provide some more details on encryption of the NOW-frame. It is nice feature to protect data, but unfortunately not possible for me to decode it outside of the esp. (e.g. raspberry)

Thanks in advance!