rizal.m.nur@arc.itb.ac.id wrote:
I curious why EAP-Message from phone was detected as EAP-SIM type but can't be handled/decoded
The EAP-Message attribute contains an EAP packet. That packet contains a type, which is EAP-SIM. The *rest* of the data in the EAP-Message is data specific to EAP-SIM. That data may be malformed, or contain the wrong authentication information.
I dont think its because value of RAND, SRES, and KC.
Yes, it is because of those values. They serve a similar purpose to the password supplied by the user. They're used to calculate the EAP-SIM authentication data.
I tried to test using false RAND, SRES, and KC before with radeapclient command, and then server still be able to process it as EAP-SIM, although it just end with Access-Challenge reply (not Access-Accept).
Because EAP-SIM involves multiple challenges. If the client doesn't like the response from the server, it stops talking to the server. This is what you're seeing. Alan DeKok.