Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
29 lines (26 sloc) 2.85 KB

Question: Can you break TLS? [200PTS]
Note: Flag doesn't start with flag{}
Category: Crypto
File: tls_16970cb3b09a9dd01f5b82449d9c1795.tar.gz

Introduction
The goal of this question is to decrypt the TLS encrypted contents in the PCAP file (of course). The detailed techinical document for the techniques/tools used for answering the question are authored by Marco Ortisi (thank you very much indeed!) and here is his white paper.

Since I only have access to the PCAP, I used the information from the passive approach discribed in Marco's white paper to determine whether there is a faulty signature to allow further actions to be done in attempt to obtain the private key.

The steps in solving this question is simple as the required tools have been written by Marco. IMHO, it is important to understand why this attack works in this scenario and how it works. Therefore, I strongly recommend all readers of this write up spare some time to read the white paper produced by Marco. This attack works on products that are using RSA-CRT, but the fix is simple......disabling RSA-CRT!!!

Solution

  1. Review and analyse the protocols in the PCAP file and it's TLS 1.2 in this PCAP file.
  2. Check whether all prerequisites are fulfilled for the attack.
  3. Split up the PCAP file using tcpflow by running:
    tcpflow -r <PCAP file>
  4. Run ls -la to make sure there are outputs in the directory.
  5. Go download the awesome tool written by Marco from here and compile "piciolla".
  6. Compile "piciolla" and place the executable in the same directory of "piciolla.sh"
  7. Execute "piciolla.sh" with splited PCAP files folder path as parameter:
    ./piciolla.sh <Folder of splited PCAP files>
  8. "piciolla" will start to analyse the packets.
  9. Results are placed in the "results".
  10. Finally, use the private key in the "results" folder to decrypt the traffics in your favorite tools!
References
Factoring RSA Keys With TLS Perfect Forward Secrecy, Red Hat, 2015
Recover a RSA private key from a TLS session with Perfect Forward Secrecy (White Paper), Marco Ortisi, 2016

Please let me know if you have any questions.
Email: zack@zack.idv.hk