Results 1 to 4 of 4
  1. #1
    Sergio is offline Member
    Join Date
    Aug 2010
    Posts
    2
    Rep Power
    0

    Smile How to decrypt SSL?

    Hi all,

    I'm trying to manually decrypt SSL traffic using openjdk libraries and server's private key.

    I succeed partially as the whole message is decrypted ok, except the first 16 bytes of the decrypted communication always end up as garbage.

    openjdk ServerSocket implementation works fine, as it decodes all the data without problems, so it must be an error in my manual implementation.

    Any insight is much appreciated!

    Manual implementation
    Java Code:
    			byte[] clrnd = Convert.hexStringToByteArray("e4213b134ea855f50622c0745aa1b65f6ee877215f854b09d1f0470eb5ba5186");
    			byte[] srvrnd = Convert.hexStringToByteArray("4c6b49c64589c46f6a61e4b74c3b20378598ee41612ed797203991b7703c5f2e");
    			ProtocolVersion pv = ProtocolVersion.valueOf(0x03, 0x01);
    			CipherSuite cipher_suite = CipherSuite.valueOf(0x00, 0x2f);
    			byte[] encrypted_premaster_secret = Convert.hexStringToByteArray("57d9f683f55ce1e2b3cdc396210b3258b2c5a14dad073e418d1e06f5dbde1201aaa0a3a695017b7566d49d02ba6788fdf83c871ceb8b1e50d2f7f0e2af4bb53e63fdb096e226b92a21645de8f74f97c8be6e1bc2357e69f7820cb2f7c08ce4bbbe33404a6fcc580d7bda0e2674087cffa75366f84abc083ae6ea29daeb16f499cacad7595251ba274614b38c2081bde38dd01a87fe6a62116d16b8de3cb8e5c530acc294e2ca6dba84d95ffc2ed111ade6dc547d09ae124cf76708be5c775c3cfed31aef2a60ef272a3fa97e8a01c293574259c50f139bbbeb159c11f46c6b8e89145c7312ed88ab33475a0abbeb43dc0de2457d101485f21fe20a46d4e50285");
    			byte[] client_app_data = Convert.hexStringToByteArray("17030101a0f7fc859a02534ca6b8d4c6b5c24bcf4a65529447eec800d678949a1d9d77fba50fff0c295ee608815152b5cb89ca070e0a05ef4f15727d6d456387c8b3cdb7195736a458b8719f804a135166fe5bee4657da23af105435745abba010bdd84a0cd61185211a22849d039711c10f2b2f4f14bf579896ab8527c7fc58422d8cd83fc13275f8c34568051928ab589d30399ed28072d857243699564f83c3dff08b0800ff4e8180661083a9f3362722cafa6f599600093d077f09c901f7a4737f3b232a28b8d09d07868201135f9520b0dd00165f22e553bd0be193c09f85f0d58565cdd0e53caa5b3ae046475d88cecf00631c06c8d620ea7e3e1cc20e6737cb9ae2d684dd03965f6f241ef8b5165ce3567954418e9c5569aca79559cc7aa7bbba663df0a2af9109f96eb163f962cf78f3cd2b41f8e3b7b459a873639793acf0161229294584169b930375ebaa1a9de80428e68ce74fd51bf7c03c7731538cf9762918303c2d6ee42a0e89027f73cced5d265907376ed33a23cdc84e192afe0678ab5713f770b238233cdb6a703f8f444f1a2883401314522119d68cf56862ab0449");
    
    			//Decode premaster secret
    			//see ServerHandshaker.clientKeyExchange and RSAClientKeyExchange constructor
    			SecretKey premaster = null;
    			SecureRandom sr = new SecureRandom();
            	Cipher ciph = JsseJce.getCipher(JsseJce.CIPHER_RSA_PKCS1);
                ciph.init(Cipher.UNWRAP_MODE, Certificate.getPvk());
                premaster = (SecretKey)ciph.unwrap(encrypted_premaster_secret, "TlsRsaPremasterSecret", Cipher.SECRET_KEY);
    			
    			//Calculate master secret
    	        SecretKey master = null;
    		    try {
    		        KeyGenerator kg = JsseJce.getKeyGenerator("SunTlsMasterSecret");
    		        kg.init(new TlsMasterSecretParameterSpec(premaster, pv.major, pv.minor, clrnd, srvrnd));
    		        master = kg.generateKey();
    		    } catch (GeneralSecurityException e) {
    		        if (!premaster.getAlgorithm().equals("TlsRsaPremasterSecret")) throw new ProviderException(e);
    		    }
    		    System.out.println("master[length:"+master.getEncoded().length+"]:"+Convert.bytesToString(master.getEncoded()));
    		    		    
    		    //Calculate connection keys
    	        BulkCipher cipher = cipher_suite.cipher;
    	        int expandedKeySize = cipher_suite.exportable ? cipher.expandedKeySize : 0;
    			
    	        KeyGenerator kg = JsseJce.getKeyGenerator("SunTlsKeyMaterial");
    			kg.init(new TlsKeyMaterialParameterSpec(master, pv.major, pv.minor, clrnd, srvrnd, cipher.algorithm, cipher.keySize, expandedKeySize, cipher.ivSize, cipher_suite.macAlg.size));
    			TlsKeyMaterialSpec keySpec = (TlsKeyMaterialSpec)kg.generateKey();
    			
    			SecretKey clntWriteKey = keySpec.getClientCipherKey();
    			IvParameterSpec clntWriteIV = keySpec.getClientIv();
    
    			CipherBox svbox = cipher_suite.cipher.newCipher(pv, clntWriteKey, clntWriteIV, false);
    			svbox.decrypt(client_app_data, 5, client_app_data.length-5);
    My output
    Java Code:
    Padded plaintext after DECRYPTION:  len = 416
    0000: FC 81 A8 DC 2A B7 8E 8C   37 86 70 C1 1E F4 0B 05  ....*...7.p.....
    0010: 41 63 63 65 70 74 3A 20   2A 2F 2A 0D 0A 41 63 63  Accept: */*..Acc
    0020: 65 70 74 2D 4C 61 6E 67   75 61 67 65 3A 20 65 6E  ept-Language: en
    0030: 2D 75 73 0D 0A 55 41 2D   4F 53 3A 20 57 69 6E 64  -us..UA-OS: Wind
    0040: 6F 77 73 20 43 45 20 28   50 6F 63 6B 65 74 20 50  ows CE (Pocket P
    ...
    openjdk server output
    Java Code:
    0000: 47 45 54 20 2F 20 48 54   54 50 2F 31 2E 31 0D 0A  GET / HTTP/1.1..
    0010: 41 63 63 65 70 74 3A 20   2A 2F 2A 0D 0A 41 63 63  Accept: */*..Acc
    0020: 65 70 74 2D 4C 61 6E 67   75 61 67 65 3A 20 65 6E  ept-Language: en
    0030: 2D 75 73 0D 0A 55 41 2D   4F 53 3A 20 57 69 6E 64  -us..UA-OS: Wind
    0040: 6F 77 73 20 43 45 20 28   50 6F 63 6B 65 74 20 50  ows CE (Pocket P
    ...

    Implementation example for the openjdk server socket
    Java Code:
    ServerSocket ss = null;
    		try {
    			ss = new SSLServerSocketFactoryImpl().createServerSocket(443);
    		} catch (Exception e) {
    			e.printStackTrace();
    		}
    		while(true){
    			try{
    				SSLSocket s = (SSLSocket)ss.accept();
    				System.out.println("Incoming connection from "+s.getInetAddress()+":"+s.getPort());
    				
    				//Read data
    				StringBuffer sb = new StringBuffer();
    				InputStream in = s.getInputStream();
    				int	c;
    				do {
    					c = in.read();
    					sb.append((char)c);
    				}while(in.available() > 0);
    				System.out.println(sb);
    				
    				
    				//Write data
    		        PrintWriter pw = new PrintWriter(s.getOutputStream());
    				pw.write("Zagooooor");
    				pw.flush();
    				pw.close();
    				s.close();
    				
    			}catch(Exception e){
    				e.printStackTrace();
    				System.exit(0);
    			}
    		}
    Last edited by Sergio; 08-20-2010 at 03:17 PM. Reason: Put the proper openjdk server output

  2. #2
    Sergio is offline Member
    Join Date
    Aug 2010
    Posts
    2
    Rep Power
    0

    Thumbs up To answer my own question

    Guess you folks ain't into encryption that much ;)

    While researching the encryption schemes, I've found out that initialization vector (IV) is used to encrypt the first block of data (in this case 16 bytes) while using stream ciphers.

    By reverse engineering the proper IV, I've found out that last 16 bytes in Finished message match the IV-s.

    The problem is that TLS RFC doesn't mention that anywhere.

  3. #3
    monkey521 is offline Member
    Join Date
    Jan 2016
    Posts
    6
    Rep Power
    0

    Default Re: How to decrypt SSL?

    Hi Sergio,

    I kind of am into encryption, well I have to be because of my school-project ;)
    I was wondering if you have any idea how I could pull of the same task, only knowing the ClientRandom.
    I thought you did the same but it seems that either I don't understand your code correctly or you do have another starting scenario than me!?

    So what my scenario is:
    I configured a system variable so that Firefox saves the ClientRandom and RSA keys to a txt file. With this txt file wireshark is able to decrypt a ssl/tls capture.
    I use jnetpcap library to capture traffic and analyse packages up to tcp segments. I am now looking for a possibility to access the ssl/tls info, meaning decrypt the traffic like wireshark does.
    From my understanding I cannot compute the MasterSecret because I only have the encrypted PreMaster (but you also seem to use that) in the Client Finished package. I would need the private exponent d to decrypt it, wouldn't I!?
    Further more it seems like you need more info than just the ClientRandom!?

    Hope you can find the time to help me out and still have your account here, so that you will see my reply since it now 5,5 years later :)
    Thnx

  4. #4
    jim829 is online now Senior Member
    Join Date
    Jan 2013
    Location
    Northern Virginia, United States
    Posts
    5,655
    Rep Power
    9

    Default Re: How to decrypt SSL?

    Please don't resurrect old threads. Just start your own. And even though the thread is 5 years old, the OP clearly expected to get an answer in less than two hours. Some answers come quickly. Others may take several days. It has to do with how busy folks are at the time.

    Regards,
    Jim
    The JavaTM Tutorials | SSCCE | Java Naming Conventions
    Poor planning on your part does not constitute an emergency on my part

Similar Threads

  1. Encrypt and decrypt SMS
    By ZeCute in forum CLDC and MIDP
    Replies: 8
    Last Post: 06-13-2010, 05:01 AM
  2. Replies: 2
    Last Post: 04-19-2010, 06:25 PM
  3. Ideas to decrypt this ?
    By ketku in forum Advanced Java
    Replies: 0
    Last Post: 11-16-2009, 11:52 AM
  4. Replies: 8
    Last Post: 08-26-2008, 04:50 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •