First of all, I'm a beginner in the OpenSSL world. I apologize in advance for any basic, barbaric errors.
Consider a flow:
Initialize OpenSSL with engine using hardware (let's call it EngineHW).
Call an OpenSSL function, e.g. X509_sign.
How to check if the function called was performed on the hardware?
How to verify the EngineHW function was called? What if the function is not defined by EngineHW - will OpenSSL fallback to any default engine it has?
The question is related to asserting quality - since I've got the hardware to do crypto for me, I consider using software a regression (at least for the important functions).
Not sure what the purpose of this is. Are you testing that OpenSSL works or are you testing your own code?
It seems you want to do regression testing of OpenSSL and HSM?
However, if you want to test if X509_sign works then remove all software/disk based keys from the test system and check if you can sign something. If you get a valid signature you can be sure it comes from your HSM. If you get null back, it is not.
OpenSSL doesn't fallback to a different sign function and even if it did, it can't sign since it needs a key to sign.
Hope that answered your question.
Related
I am using a Keygen application (.exe). There are two input fields in it's GUI:
p1 - at least 1 digit, 10 digits max - ^[0-9]{1,10}$
p2 - 12 chars max - uppercase letters/digits/underscores - ^[A-Z0-9_]{0,12}$
Pressing generate button produce a key x.
x - 20 digits exactly - ^[0-9]{20}$
For each pair (p1,p2), there is only one x (in other words: f(p1,p2) = x is a function)
I am interested in it's encryption algorithm.
Is there any way of reverse engineering the algorithm?
I thought of two ways:
decompiling. I used snowman, but the output is too polluted. The decompiled code probably contains non-relevant parts, such as the GUI.
analyzing of input and output. I wonder if there any option to determine the used encryption algorithm by analyzing a set of f(p1,p2) = x results.
As you mentioned, using snowman or some other decompiling tools is probably the way to go.
I doubt you would be able to determine the algorithm just by looking at the input output combinations, since it is possible to write any kind of arbitrary algorithm, that can behave in any way.
Perhaps you could just ask the author what algorithm they're using ?
Unless it's something really simple, I'd rule out your option 2 of trying to figure it out by looking at input and output pairs.
For decompiling / reverse engineering a static binary, you should first determine whether it's a .NET application or something else. If it's written in .NET you can try this for decompilation:
https://www.jetbrains.com/decompiler/
It's really easy to use, unless the binary has been obfuscated.
If the application is not a .NET application, you can try Ghidra and/or Cutter which both has pretty impressive decompilers built in:
https://ghidra-sre.org/
https://cutter.re/
If static code analysis is not enough, you can add a debugger to it. Ghidra and x64dbg work really well together, and can be synced via a plugin installed in both.
If you're new to this, I can recommend both that you look into basic assembler for the x86 platform so you have a general idea of how the CPU works. Another way to get started is "crackme" style challenges from CTF competitions. Often there great write-ups with the solution, so you have both the question and answer available.
Good luck!
Type in p1 and p2. Scan the process for that byte string. Then put a hardware breakpoint for memory access on it. Generate the key, it will hit that hardware breakpoint. Then you have the address which accesses it and start reversing from there in Ghidra(Don't forget to use BASE + OFFSET) since ghidra's output won't have the same base as the running application. The relevant code HAS to access the inputs. So you know where the algorithm is. Since it either directly accesses it, or somewhere within that call chain is accessed relatively fast. Nobody can know without actually seeing the executable.
I'm trying to update a software system to JDK-11 using modules, and everything was going just fine right up until I slammed head-on into the aforementioned issue.
I have a legacy signed JAR that I need to incorporate for interaction with legacy systems. There's no way to update the JAR and no way to get a new version. The JAR must be signed in order to be usable (the whole "trusted code" deal and whatnot). The problem is that the JAR contains classes in the unnamed (root) package. Yeah. Stupid. Bad practice. Blablabla. It's still there, and I still need to use it.
I've not found any documentation or answers anywhere that would remotely suggest that what I need is possible. In fact, the opposite is true: everyone is adamant that in the "new"(ish) module system, no class may reside in the unnamed package.
Needless to say I'm unable to both modify the contents of the JAR, or get at the sources to render a new one - that's without even considering the issue of the signature...
That said: I refuse to believe the folks at Oracle would leave such a glaring oversight with regards to legacy code. As we all know, a lot of the time we have no choice but to use it for legitimate reasons, and we can't do anything to fix/update/refactor/etc... I would have hoped there was a mechanism added to the module system to support this, albeit for extreme cases only, etc...etc...
Disclaimer: I do fully understand why this isn't meant to be supported. What I'm having a hard time with is the lack of a workaround...
Thanks!
I've already tried:
creating a facade module that transitively adds the offending module (obviously no dice, same problem)
unpacking-and-repacking the module while temporarily disabling signature validation in a test env (fails because the class is apparently referenced within many other, properly-organized classes)
finding an updated module (no luck here, either)
beheading a chicken and roasting it over a pentagram while invoking the aid of ancient pagan gods (tasty, but didn't fix it)
curling up in a ball under my desk and weeping until execution succeeds (that's where I'm typing this from)...
I want to add an ssl support to an old chat application I wrote years ago. I did a lot of reading on OpenSSL and LibreSSL and I decided to try a new libtls API. I think developers did a really great job on this one.
I found it to be very easy to use - almost no changes to my existing code where required. But here is one thing I need to figure out now:
Back in a day, I was using select() to monitor sockets and recv() to read a data. This was easy, because both of those functions are working on file descriptors.
Now, with libtls, function tls_read() requires a tls context as a first argument. This means I need to search the list of clients to get an appropriate tls context every time I have a descriptor ready to be read. This is not that hard but maybe someone knows a better solution? I will appreciate all comments and code samples.
Unless I'm misreading the documentation, it seems to me that if you create the sockets yourself, and then use tls_connect_fds/tls_connect_socket/tls_accept_fds/tls_accept_socket afterwards, you'll have normal file handles available you can trivially use with select()/poll()/etc. You'd still need to keep around some sort of file descriptor to context mapping to actually issue the tls_read/tls_write once you were ready, but that's just your choice of linked list or hashtable, depending on what language you're using and what stdlib you have available.
The documentation says
OpenSSL keeps an internal table of digest algorithms and ciphers. It uses this table to lookup ciphers via functions such as EVP_get_cipher_byname().
OpenSSL_add_all_digests() adds all digest algorithms to the table.
My question is, where is this table stored? How does my code know that this method has executed?...how does it work internally, what if i want more SSL connections and one to have all digests added and one not?
Does anyone know any good documentation for this?
Thank you
The NOTES section of the manual page pretty much sums it up:
A typical application will call OpenSSL_add_all_algorithms() initially and EVP_cleanup() before exiting.
and
The cipher and digest lookup functions are used in many parts of the library. If the table is not initialized several functions will misbehave and complain they cannot find algorithms. This includes the PEM, PKCS#12, SSL and S/MIME libraries. This is a common query in the OpenSSL mailing lists.
So assuming that you are writing a typical application, you will add this to your OpenSSL initialization code:
OpenSSL_add_all_algorithms();
and this to the OpenSSL cleanup code:
EVP_cleanup();
and you are done. You are always responsible for calling these yourself in applications which use OpenSSL. If you want to know how OpenSSL stores the table internally, use the source, Luke.
To control which ciphers are available for a specific SSL context, you would use SSL_CTX_set_cipher_list.
As for better documentation than the manual page, I can recommend "Network Security with OpenSSL" by John Viega, Matt Messier & Pravir Chandra. The book is old and does not cover newer versions of OpenSSL, but most of it is still very applicable.
OpenSSL_add_all_algorithms() is not needed for newer OpenSSL versions and is ignored.
For backward and forward compatibility, use this:
# if OPENSSL_API_COMPAT < 0x10100000L
OpenSSL_add_all_algorithms();
# endif
And
# if OPENSSL_API_COMPAT < 0x10100000L
EVP_cleanup();
# endif
The same applies to OpenSSL_add_all_ciphers() and OpenSSL_add_all_digests().
For more details, see the man page at
https://www.openssl.org/docs/man1.1.0/man3/OpenSSL_add_all_digests.html
This is an old question. The API was deprecated some years ago:
The OpenSSL_add_all_algorithms(), OpenSSL_add_all_ciphers(), OpenSSL_add_all_digests(), and EVP_cleanup(), functions were deprecated in OpenSSL 1.1.0 by OPENSSL_init_crypto().
Reference:
https://www.openssl.org/docs/man1.1.0/man3/OpenSSL_add_all_algorithms.html
My VB.NET application has a very important boolean variable. I need to be able to save it "somewhere" and read it back in the future (even if the application is closed).
Currently, I store the variable as a .bin file somewhere. But I fear that the user can simply grab the file and do some magic to edit the value.
I need to make this value completely unavailable from the user's eyes. Or at least, make it impossible to edit. What is the best way to hide such value?
I managed to store the variable in my online MySQL database. But honestly, that doesn't work very well for my purposes. I need to store it locally...
Any ideas?
Theoretically, you can never hide this variable at all. However, you can make it harder to find or read. To know how to hide the variable, you must first know some common ways of retrieving it.
Typical problems and solutions
How others could theoretically retrieve your variable value
Decompiling your program with a single click using .NET Reflector or any other .NET Decompilation program.
Analyze the memory of the PC while the program is running, and retrieve the value from there.
If your value was saved in a file, the user could easily find it by analyzing harddrive IO activity through a hook or a dump comparison.
If your value was saved in the registry, a simple registry hook or registry dump comparison tool could figure out where the value is stored.
If your value is encrypted, method #1 (decompiling the program) could be used to figuring out how a decryption could be done.
Solving the possible issues above
A general obfuscation program can be used to make it harder to decompile applications. For this, I suggest SmartAssembly. Other than that, there's a tool called Spoon Studio (previously called PostBuild) which will recompile your application into assembly code (and also make it run without the .NET Framework installed).
The SecureString class could be used to make it harder to find and decrypt the value while it's in the memory. This class also cleans itself up after usage, but is generally slightly slower to use than a normal string.
Storing things in a file is not nescessarily a bad idea (even if people can sniff file activity), since you can always store the variable in a non-pretty way. For instance, you could have a file called IsFullScreen.bin, that contained the value of your boolean variable (1 or 0, or true or false), even though it has nothing to do with full-screen rendering. This would make it a bit confusing, but also not very pretty programming-wise.
For the registry, everything in solution #3 still applies.
Encryption is not a bad idea either, and it is hard to decrypt some encryption types (for instance public/private key encryption if you have a server), or hashing (such as MD5 or SHA1).
In your scenario, could you store the value on a server instead?
So to summarize ...
You can't protect your application entirely. But you can use some of the solutions above (or combine them) for a better protection making it harder.
Of course, premature security is bad. If that boolean isn't VERY important, then some simple encryption would be fine too in my opinion.
There's more ...
Edit 1
I just noticed that you've commented on your own answer saying that the file should not be "valid" after copying it to another computer and reading it from there.
If that's the case, you could use some key-based encryption such as XOR encryption, and then use the MAC-address of the PC or the motherboard serial number as key for that encryption.
Being on the computer that the file was created on would then be needed to read the file as well. If you're interested in this, add a comment and I'll give you a code example.
I would store it in the registry in a non-obvious way. For example, make the name of the registry entry appear to be important and store a random numeric value then ensure it ends in 0 or 1 or contains a 0 or 1 embedded at a fixed position in the number.
You can then read the value from the registry and extract the 0 or 1 from the appropriate location.
Encrypt the value before storing it. Use .NET Cryptography Model. For more on how to implement something using that model see