Cracking OpenSSL Master Key
Designer: Ching Tzu Chen
Date: 2016/4/5
/Description/
In SSL/TLS handshake of OpenSSL, the client will first generate a random secret, and encryptes it under server's public key and sends it to the server, the server then decrypts the random secret by its private key, then now both client and server use this random secret to generate the master key. All the further communication between this client and server will be protected by this master key.
This program is designed to crack the random secret generated by the client, and the master key of the communication in openssl.
It's achieved by hijacking the OpenSSL library (libssl.so) with LD_PRELOAD.
/Target/ openssl s_client
/Hijacked Information/
- The random secret generated by the client
- The master key between the client and the server
- The IP address of the connected server
- The arguments of the involved operations
/Usage/ We've provided a shell script "crackSSL.sh" for you, you may simply use: sh crackSSL.sh [Server HostName:Server Port]
for example: sh crackSSL.sh www.google.com:443 sh crackSSL.sh cs.nctu.edu.tw:443 sh crackSSL.sh csie.ntu.edu.tw:443 sh crackSSL.sh yahoo.com:443
/Check the Result/ The script will automatically compile and link the source, then it uses LD_PRELOAD command to load our generated shared library, and it will output a single file called "MasterKey.txt"
You may press "CTRL C" to terminate the client program (openssl s_client) and " cat MasterKey.txt " to see the hijacked information.
You may check that the Master Key obtained by our program should be identical to the master key shown in the openssl s_client information.