Skip to content
/ tlsdump Public

A ptrace-based TLS 1.2 master secret extractor for reverse engineering (PoC)

License

GPL-3.0 license
22 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

blechschmidt/tlsdump

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits

.github/workflows

.github/workflows

 
 

src

src

 
 

tests

tests

 
 

.gitattributes

.gitattributes

 
 

.gitignore

.gitignore

 
 

CMakeLists.txt

CMakeLists.txt

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Repository files navigation

TLSDump

Ptrace-based TLS 1.2 master secret extractor

Approaches to automatically extract TLS keys from memory have been described in the TeLeScope, TLSkex and DroidKex publications. Unfortunately, their source code has never been released. This is a proof-of-concept implementation of a TLS 1.2 key extractor based on ptrace. It is not very sophisticated and does not implement many possible optimizations. TLS 1.3 is not supported.

Usage

Compilation requires CMake. First clone the repository, cd into it, then run:

cmake . && make

TLSDump will output the key in SSLKEYLOGFILE Format.

The following will output the key material for the curl command:

tlsdump -- curl --tlsv1.2 --tls-max 1.2 --http1.1 https://example.org

Alternatively, the -w option can be used to specify a file which to write the key material to:

tlsdump -w /tmp/sslkeylogfile.txt -- curl --tlsv1.2 --tls-max 1.2 --http1.1 https://example.org

How does it work?

TLSDump performs syscall hooking using ptrace. Upon a call to connect, it will remember the returned file descriptor. TLSDump will then monitor this file descriptor for TLS handshakes by hooking the write, sendto, and sendmsg syscalls, as well as their read, recvfrom, and recvmsg counterparts. Once the completion of a handshake is detected, TLSDump will pause the target program, extract its memory and perform an exhaustive search over the memory by testing whether the current search position is the start of a TLS master secret. To this end, decryption functions copied from the Wireshark project are used.

Why?

Sometimes you might want to inspect the TLS traffic of closed-source applications without having to tediously reverse engineer them.

TLS 1.3

TLS 1.3 is currently not supported. However, adding support for TLS 1.3 should be possible as follows: First, identify the CLIENT_HANDSHAKE_TRAFFIC_SECRET by trying to decrypt the Handshake Protocol: Finished message through an exhaustive search in memory for the key. Having identified this secret, an exhaustive search for the CLIENT_TRAFFIC_SECRET_0 should be possible.

Limitations

  • A target program can easily evade this approach by obfuscating the keys stored in memory. A simple XOR would suffice.
  • The current implementation does not support processes that perform fork operations.

About

A ptrace-based TLS 1.2 master secret extractor for reverse engineering (PoC)

Topics

tls telescope droidkex tlsdump tlskex

Resources

Readme

License

GPL-3.0 license
Activity

Stars

22 stars

Watchers

2 watching

Forks

4 forks
Report repository

Languages