Security Research

WPA2 4-Way Handshake
& KRACK Attack Lab

A fully containerized security lab demonstrating the IEEE 802.11i handshake, cryptographic key derivation, and live KRACK attack reproduction using real hostapd and wpa_supplicant binaries.

Docker + mac80211_hwsim CVE-2017-13077 · CVSS 8.1 EAPOL-4WAY-HS-COMPLETED MSG3 Replay Demonstrated Python MIC/PTK Analyzer Patch Verified · wpa_supplicant v2.10
LIVE
0Packets
|
0x00000000Nonce
|
0Replays
|
SECUREStatus
|
GitHub
LIVE SIMULATION — WPA2 4-WAY HANDSHAKE
📡
ACCESS POINT
hostapd v2.10
wlan0 · LabNet_01
MSG 1 / 4
ANonce · KeyInfo 0x008a
MSG 2 / 4
SNonce + MIC · 0x010a
MSG 3 / 4
GTK encrypted · 0x13ca
MSG 4 / 4
ACK + MIC · 0x030a
💻
CLIENT
wpa_supplicant v2.10
wlan1 · LabNet_01
Press PLAY to simulate the handshake
System Design

Containerized Architecture

Instead of running mac80211_hwsim directly on the host — which caused interface conflicts and was nearly impossible to reproduce — this lab uses two isolated Docker containers communicating over real virtual 802.11 interfaces. Complete process isolation, clean teardown, identical builds.

HOST OS · Ubuntu 22.04 · mac80211_hwsim kernel module
wpa2_ap container
hostapd v2.10
WPA2-PSK · AES-CCMP · MFP
wlan0 (AP mode)
SSID: LabNet_01 · Ch 6
wpa2_client container
wpa_supplicant v2.10
WPA2-PSK · RSN · CCMP
wlan1 (client mode)
Connects to LabNet_01
hwsim0 monitor
tcpdump → capture.pcap · all EAPOL frames
wlan2 · KRACK attacker
krack-test-client.py · MSG3 replay · Vanhoef PoC
analyzer.py
Python MIC/PTK/PMK verifier · HMAC-SHA1
$ sudo modprobe mac80211_hwsim radios=3
$ docker-compose up --build
[AP] Starting WPA2 Access Point...
[AP] Using interface: wlan0
[AP] tcpdump capturing on wlan0...
wlan0: AP-ENABLED
wlan0: STA 02:00:00:00:01:00 WPA: sending 1/4 msg of 4-Way Handshake
wlan0: STA 02:00:00:00:01:00 WPA: received EAPOL-Key frame (2/4 Pairwise)
wlan0: STA 02:00:00:00:01:00 WPA: sending 3/4 msg of 4-Way Handshake
wlan0: STA 02:00:00:00:01:00 WPA: received EAPOL-Key frame (4/4 Pairwise)
wlan0: EAPOL-4WAY-HS-COMPLETED 02:00:00:00:01:00
Cryptography

WPA2 Key Derivation Chain

WPA2 never transmits the raw password. Instead, it derives progressively stronger session keys through PBKDF2-SHA1 and PRF-512. Every key is verified mathematically in this lab.

Key
Size
Derivation
Purpose
PSK
8–63 ASCII
User input
Wi-Fi password — never transmitted
PMK
256 bit
PBKDF2-SHA1(PSK, SSID, 4096)
Pairwise Master Key
PTK
512 bit
PRF-512(PMK, nonces, MACs)
Pairwise Transient Key — session key
KCK
128 bit
PTK[0:16]
Key Confirmation Key — computes MIC
KEK
128 bit
PTK[16:32]
Key Encryption Key — wraps GTK
TK
128 bit
PTK[32:48]
Temporal Key — AES-CCMP data encryption
Attack Analysis

KRACK — Key Reinstallation Attack

Discovered by Mathy Vanhoef (CCS 2017), KRACK exploits the retransmission mechanism in the WPA2 4-way handshake. By replaying MSG3, an attacker forces nonce reuse in AES-CCMP — breaking encryption at the protocol level without touching the underlying cipher.

1
AP → Client: MSG1 with ANonce. Client begins PTK derivation.
KeyInfo: 0x008a · No MIC · ANonce transmitted
2
Client → AP: MSG2 with SNonce + MIC. Proves knowledge of PSK.
KeyInfo: 0x010a · MIC present · RSNE included · 181 bytes
3
AP → Client: MSG3 with encrypted GTK. Client installs PTK, resets nonce to 0.
KeyInfo: 0x13ca · Install bit=1 · GTK AES-wrapped · 241 bytes
4
Attacker blocks MSG4 from reaching the AP. AP times out and retransmits MSG3.
Mathy Vanhoef's krack-test-client.py · wlan2 interface
5
Attacker replays MSG3 repeatedly. On a vulnerable client, each replay reinstalls the PTK and resets the nonce to 0.
AES-CCMP nonce reuse → same keystream → C1 XOR C2 = P1 XOR P2
6
wpa_supplicant v2.10 blocks reinstallation. Patched system correctly detects and rejects PTK reinstallation — MSG3 replayed 6× with no key reset.
✓ client DOESN'T reinstall the pairwise key (patched · CVE-2017-13077 mitigated)
krack-test-client.py output
[15:51:50] 02:00:00:00:01:00: sending a new 4-way message 3 where the GTK has a zero RSC
[15:51:50] 02:00:00:00:01:00: received a new message 4
[15:51:52] 02:00:00:00:01:00: sending a new 4-way message 3 where the GTK has a zero RSC
[15:51:52] 02:00:00:00:01:00: received a new message 4
[15:51:54] 02:00:00:00:01:00: sending a new 4-way message 3 where the GTK has a zero RSC
[15:51:54] 02:00:00:00:01:00: received a new message 4
client DOESN'T reinstall the pairwise key in the 4-way handshake (this is good)
✓ System is patched — CVE-2017-13077 mitigated
Cryptographic Proof

Python MIC/PTK Analyzer Results

A custom Python analyzer parsed the captured pcap file, extracted nonces and MAC addresses, independently derived the complete key hierarchy, and mathematically verified all three MICs using HMAC-SHA1 with the KCK.

Derived Key Material
SSID LabNet_01
Password LabPassphrase2024!
PMK 6b19ad341f34211982​46bf68f73fe9ef…
PTK 7e0f284c57e3b69bf2​8a60628fc5bc01…
KCK 7e0f284c57e3b69bf2​8a60628fc5bc01
TK 8045f33a96d1b487d2​dd5de9d3155bf6
MSG2 MIC
VALID
a5de5d5c0fb1b466…
MSG3 MIC
VALID
bad81c36981b2c9c…
MSG4 MIC
VALID
cbec7630a24a4858…
analyzer.py · FINAL SUMMARY
============================================================
FINAL SUMMARY
============================================================
SSID : LabNet_01
Password : LabPassphrase2024!
PMK : 6b19ad341f3421198246bf68f73fe9ef...
PTK : 7e0f284c57e3b69bf28a60628fc5bc01...
KCK : 7e0f284c57e3b69bf28a60628fc5bc01
TK : 8045f33a96d1b487d2dd5de9d3155bf6
MSG2 MIC : ✓ VALID
MSG3 MIC : ✓ VALID
MSG4 MIC : ✓ VALID
HANDSHAKE: ✓ COMPLETE AND VERIFIED
============================================================
Packet Capture

EAPOL Frame Analysis

tcpdump captured all 4 EAPOL frames on hwsim0 to capture.pcap, verified with Wireshark. Each frame was decoded to extract Key Information flags, nonces, MICs and timing.

Frame Timestamp Direction Length KeyInfo MIC Purpose
MSG 1 T+0.000000s AP → Client 153 bytes 0x008a None ANonce — PTK derivation begins
MSG 2 T+0.001391s Client → AP 181 bytes 0x010a ✓ Valid SNonce + MIC + RSNE
MSG 3 T+0.002494s AP → Client 241 bytes 0x13ca ✓ Valid GTK encrypted (AES Key Wrap) + Install bit
MSG 4 T+0.004631s Client → AP 153 bytes 0x030a ✓ Valid Final ACK — handshake complete
Implementation

Technologies Used

🐳
Docker + Compose
Isolated AP and client containers with NET_ADMIN capabilities and shared volumes
📡
mac80211_hwsim
Linux kernel module providing real virtual 802.11 radio interfaces (wlan0/1/2)
🔒
hostapd v2.10
WPA2-PSK access point daemon with AES-CCMP, MFP, and PMKSA caching disabled
🔑
wpa_supplicant v2.10
Patched client — correctly rejects PTK reinstallation per CVE-2017-13077 fix
🦈
Wireshark / tcpdump
EAPOL frame capture on hwsim0 monitor interface, full 802.11i layer decode
🐍
Python Analyzer
Custom PBKDF2-SHA1, PRF-512, and HMAC-SHA1 MIC verifier parsing live pcap
⚔️
krackattacks-scripts
Mathy Vanhoef's original CVE-2017-13077 proof-of-concept MSG3 replay tool
🐧
Ubuntu 22.04 LTS
Host VM running kernel 6.x with mac80211_hwsim module and Docker daemon
Outcomes

Lab Results Summary

4/4 EAPOL frames captured
3/3 MICs verified valid
MSG3 replays blocked
100% Key hierarchy verified
TaskStatusEvidence
Docker container setup ✓ Complete docker-compose build output · two images created
WPA2 4-way handshake ✓ Complete AP logs: EAPOL-4WAY-HS-COMPLETED
EAPOL packet capture ✓ Complete capture.pcap · 4 frames · Wireshark verified
Python MIC verification ✓ Complete MSG2, MSG3, MSG4 MICs all VALID
PTK / KCK / TK derivation ✓ Complete All keys derived and mathematically verified
KRACK attack demonstration ✓ Complete MSG3 replayed 6×, patched client correctly rejected reinstallation
Patch validation ✓ Confirmed wpa_supplicant v2.10 — CVE-2017-13077 mitigated
⟐ View Source on GitHub ↗ KRACK Paper (CCS 2017) ↗ krackattacks.com
Interactive

Live Key Derivation Explorer

Type any passphrase and SSID to watch PMK derivation in real time. The nonce counter shows the CCMP replay counter — reused nonces are the heart of KRACK.

PSK / PASSPHRASE
LabPassphrase2024!
User input · never transmitted
↓ PBKDF2-SHA1 (4096 rounds)
PMK — Pairwise Master Key (256 bit)
— press DERIVE —
↓ PRF-512 (ANonce + SNonce + MACs)
KCK (128 bit)
MIC verification
KEK (128 bit)
GTK encryption
TK (128 bit)
AES-CCMP · KRACK target
CCMP Nonce Counter — KRACK Exploit Surface
Simulate the handshake to see nonce progression. KRACK forces a reset to 0, reusing the same keystream.
Live Analysis

Upload & Analyze Your .pcap

Drop a pcap file captured from a WPA2 4-way handshake to run the Python analyzer logic directly in the browser — extracts EAPOL frames, derives PMK→PTK→KCK/KEK/TK and verifies all MICs using HMAC-SHA1.

📦
DROP .pcap FILE HERE
or click to browse — classic pcap format (magic 0xd4c3b2a1)