Results 1 to 2 of 2
  1. #1
    Sergio is offline Member
    Join Date
    Aug 2010
    Posts
    2
    Rep Power
    0

    Smile How to decrypt SSL?

    Hi all,

    I'm trying to manually decrypt SSL traffic using openjdk libraries and server's private key.

    I succeed partially as the whole message is decrypted ok, except the first 16 bytes of the decrypted communication always end up as garbage.

    openjdk ServerSocket implementation works fine, as it decodes all the data without problems, so it must be an error in my manual implementation.

    Any insight is much appreciated!

    Manual implementation
    Java Code:
    			byte[] clrnd = Convert.hexStringToByteArray("e4213b134ea855f50622c0745aa1b65f6ee877215f854b09d1f0470eb5ba5186");
    			byte[] srvrnd = Convert.hexStringToByteArray("4c6b49c64589c46f6a61e4b74c3b20378598ee41612ed797203991b7703c5f2e");
    			ProtocolVersion pv = ProtocolVersion.valueOf(0x03, 0x01);
    			CipherSuite cipher_suite = CipherSuite.valueOf(0x00, 0x2f);
    			byte[] encrypted_premaster_secret = Convert.hexStringToByteArray("57d9f683f55ce1e2b3cdc396210b3258b2c5a14dad073e418d1e06f5dbde1201aaa0a3a695017b7566d49d02ba6788fdf83c871ceb8b1e50d2f7f0e2af4bb53e63fdb096e226b92a21645de8f74f97c8be6e1bc2357e69f7820cb2f7c08ce4bbbe33404a6fcc580d7bda0e2674087cffa75366f84abc083ae6ea29daeb16f499cacad7595251ba274614b38c2081bde38dd01a87fe6a62116d16b8de3cb8e5c530acc294e2ca6dba84d95ffc2ed111ade6dc547d09ae124cf76708be5c775c3cfed31aef2a60ef272a3fa97e8a01c293574259c50f139bbbeb159c11f46c6b8e89145c7312ed88ab33475a0abbeb43dc0de2457d101485f21fe20a46d4e50285");
    			byte[] client_app_data = Convert.hexStringToByteArray("17030101a0f7fc859a02534ca6b8d4c6b5c24bcf4a65529447eec800d678949a1d9d77fba50fff0c295ee608815152b5cb89ca070e0a05ef4f15727d6d456387c8b3cdb7195736a458b8719f804a135166fe5bee4657da23af105435745abba010bdd84a0cd61185211a22849d039711c10f2b2f4f14bf579896ab8527c7fc58422d8cd83fc13275f8c34568051928ab589d30399ed28072d857243699564f83c3dff08b0800ff4e8180661083a9f3362722cafa6f599600093d077f09c901f7a4737f3b232a28b8d09d07868201135f9520b0dd00165f22e553bd0be193c09f85f0d58565cdd0e53caa5b3ae046475d88cecf00631c06c8d620ea7e3e1cc20e6737cb9ae2d684dd03965f6f241ef8b5165ce3567954418e9c5569aca79559cc7aa7bbba663df0a2af9109f96eb163f962cf78f3cd2b41f8e3b7b459a873639793acf0161229294584169b930375ebaa1a9de80428e68ce74fd51bf7c03c7731538cf9762918303c2d6ee42a0e89027f73cced5d265907376ed33a23cdc84e192afe0678ab5713f770b238233cdb6a703f8f444f1a2883401314522119d68cf56862ab0449");
    
    			//Decode premaster secret
    			//see ServerHandshaker.clientKeyExchange and RSAClientKeyExchange constructor
    			SecretKey premaster = null;
    			SecureRandom sr = new SecureRandom();
            	Cipher ciph = JsseJce.getCipher(JsseJce.CIPHER_RSA_PKCS1);
                ciph.init(Cipher.UNWRAP_MODE, Certificate.getPvk());
                premaster = (SecretKey)ciph.unwrap(encrypted_premaster_secret, "TlsRsaPremasterSecret", Cipher.SECRET_KEY);
    			
    			//Calculate master secret
    	        SecretKey master = null;
    		    try {
    		        KeyGenerator kg = JsseJce.getKeyGenerator("SunTlsMasterSecret");
    		        kg.init(new TlsMasterSecretParameterSpec(premaster, pv.major, pv.minor, clrnd, srvrnd));
    		        master = kg.generateKey();
    		    } catch (GeneralSecurityException e) {
    		        if (!premaster.getAlgorithm().equals("TlsRsaPremasterSecret")) throw new ProviderException(e);
    		    }
    		    System.out.println("master[length:"+master.getEncoded().length+"]:"+Convert.bytesToString(master.getEncoded()));
    		    		    
    		    //Calculate connection keys
    	        BulkCipher cipher = cipher_suite.cipher;
    	        int expandedKeySize = cipher_suite.exportable ? cipher.expandedKeySize : 0;
    			
    	        KeyGenerator kg = JsseJce.getKeyGenerator("SunTlsKeyMaterial");
    			kg.init(new TlsKeyMaterialParameterSpec(master, pv.major, pv.minor, clrnd, srvrnd, cipher.algorithm, cipher.keySize, expandedKeySize, cipher.ivSize, cipher_suite.macAlg.size));
    			TlsKeyMaterialSpec keySpec = (TlsKeyMaterialSpec)kg.generateKey();
    			
    			SecretKey clntWriteKey = keySpec.getClientCipherKey();
    			IvParameterSpec clntWriteIV = keySpec.getClientIv();
    
    			CipherBox svbox = cipher_suite.cipher.newCipher(pv, clntWriteKey, clntWriteIV, false);
    			svbox.decrypt(client_app_data, 5, client_app_data.length-5);
    My output
    Java Code:
    Padded plaintext after DECRYPTION:  len = 416
    0000: FC 81 A8 DC 2A B7 8E 8C   37 86 70 C1 1E F4 0B 05  ....*...7.p.....
    0010: 41 63 63 65 70 74 3A 20   2A 2F 2A 0D 0A 41 63 63  Accept: */*..Acc
    0020: 65 70 74 2D 4C 61 6E 67   75 61 67 65 3A 20 65 6E  ept-Language: en
    0030: 2D 75 73 0D 0A 55 41 2D   4F 53 3A 20 57 69 6E 64  -us..UA-OS: Wind
    0040: 6F 77 73 20 43 45 20 28   50 6F 63 6B 65 74 20 50  ows CE (Pocket P
    ...
    openjdk server output
    Java Code:
    0000: 47 45 54 20 2F 20 48 54   54 50 2F 31 2E 31 0D 0A  GET / HTTP/1.1..
    0010: 41 63 63 65 70 74 3A 20   2A 2F 2A 0D 0A 41 63 63  Accept: */*..Acc
    0020: 65 70 74 2D 4C 61 6E 67   75 61 67 65 3A 20 65 6E  ept-Language: en
    0030: 2D 75 73 0D 0A 55 41 2D   4F 53 3A 20 57 69 6E 64  -us..UA-OS: Wind
    0040: 6F 77 73 20 43 45 20 28   50 6F 63 6B 65 74 20 50  ows CE (Pocket P
    ...

    Implementation example for the openjdk server socket
    Java Code:
    ServerSocket ss = null;
    		try {
    			ss = new SSLServerSocketFactoryImpl().createServerSocket(443);
    		} catch (Exception e) {
    			e.printStackTrace();
    		}
    		while(true){
    			try{
    				SSLSocket s = (SSLSocket)ss.accept();
    				System.out.println("Incoming connection from "+s.getInetAddress()+":"+s.getPort());
    				
    				//Read data
    				StringBuffer sb = new StringBuffer();
    				InputStream in = s.getInputStream();
    				int	c;
    				do {
    					c = in.read();
    					sb.append((char)c);
    				}while(in.available() > 0);
    				System.out.println(sb);
    				
    				
    				//Write data
    		        PrintWriter pw = new PrintWriter(s.getOutputStream());
    				pw.write("Zagooooor");
    				pw.flush();
    				pw.close();
    				s.close();
    				
    			}catch(Exception e){
    				e.printStackTrace();
    				System.exit(0);
    			}
    		}
    Last edited by Sergio; 08-20-2010 at 04:17 PM. Reason: Put the proper openjdk server output

  2. #2
    Sergio is offline Member
    Join Date
    Aug 2010
    Posts
    2
    Rep Power
    0

    Thumbs up To answer my own question

    Guess you folks ain't into encryption that much ;)

    While researching the encryption schemes, I've found out that initialization vector (IV) is used to encrypt the first block of data (in this case 16 bytes) while using stream ciphers.

    By reverse engineering the proper IV, I've found out that last 16 bytes in Finished message match the IV-s.

    The problem is that TLS RFC doesn't mention that anywhere.

Similar Threads

  1. Encrypt and decrypt SMS
    By ZeCute in forum CLDC and MIDP
    Replies: 8
    Last Post: 06-13-2010, 06:01 AM
  2. Replies: 2
    Last Post: 04-19-2010, 07:25 PM
  3. Ideas to decrypt this ?
    By ketku in forum Advanced Java
    Replies: 0
    Last Post: 11-16-2009, 11:52 AM
  4. Replies: 8
    Last Post: 08-26-2008, 05:50 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •