Работа над расшифровкой TLS
This commit is contained in:
serega6531
@@ -2,6 +2,7 @@ package ru.serega6531.packmate.service.optimization;
|
||||
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import lombok.SneakyThrows;
|
||||
import org.springframework.security.crypto.codec.Hex;
|
||||
import ru.serega6531.packmate.model.Packet;
|
||||
import ru.serega6531.packmate.utils.PacketUtils;
|
||||
import ru.serega6531.packmate.utils.SSLUtils;
|
||||
@@ -11,6 +12,8 @@ import javax.net.ssl.SSLEngine;
|
||||
import javax.net.ssl.SSLEngineResult;
|
||||
import java.io.File;
|
||||
import java.nio.ByteBuffer;
|
||||
import java.security.SecureRandom;
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
|
||||
@RequiredArgsConstructor
|
||||
@@ -24,15 +27,82 @@ public class TlsDecryptor {
|
||||
|
||||
File pemFile = new File(getClass().getClassLoader().getResource("tls.pem").getFile());
|
||||
File keyFile = new File(getClass().getClassLoader().getResource("tls.key").getFile());
|
||||
SSLContext context = SSLUtils.createContext(pemFile, keyFile);
|
||||
SSLContext context = SSLUtils.createContext(pemFile, keyFile, new TlsFakeSecureRandom());
|
||||
SSLEngine serverEngine = context.createSSLEngine();
|
||||
serverEngine.setUseClientMode(false);
|
||||
serverEngine.setNeedClientAuth(true);
|
||||
|
||||
ByteBuffer decodedServerBuf = ByteBuffer.allocate(1000);
|
||||
ByteBuffer tmp = ByteBuffer.allocate(50);
|
||||
ByteBuffer tmp2 = ByteBuffer.allocate(50000);
|
||||
// tmp.put((byte)1);
|
||||
|
||||
unwrap(serverEngine, packets.get(0).getContent(), decodedServerBuf);
|
||||
wrap(serverEngine, tmp, tmp2);
|
||||
wrap(serverEngine, tmp, tmp2);
|
||||
wrap(serverEngine, tmp, tmp2);
|
||||
unwrap(serverEngine, packets.get(2).getContent(), decodedServerBuf);
|
||||
unwrap(serverEngine, packets.get(3).getContent(), decodedServerBuf);
|
||||
unwrap(serverEngine, packets.get(4).getContent(), decodedServerBuf);
|
||||
unwrap(serverEngine, packets.get(5).getContent(), decodedServerBuf);
|
||||
|
||||
SSLEngineResult unwrap = serverEngine.unwrap(ByteBuffer.wrap(packets.get(0).getContent()), decodedServerBuf);
|
||||
System.out.println();
|
||||
}
|
||||
|
||||
@SneakyThrows
|
||||
private void unwrap(SSLEngine serverEngine, byte[] content, ByteBuffer buf) {
|
||||
SSLEngineResult unwrap = serverEngine.unwrap(ByteBuffer.wrap(content), buf);
|
||||
System.out.println("UNWRAP " + unwrap);
|
||||
Runnable delegatedTask = serverEngine.getDelegatedTask();
|
||||
if(delegatedTask != null) {
|
||||
delegatedTask.run();
|
||||
}
|
||||
}
|
||||
|
||||
@SneakyThrows
|
||||
private void wrap(SSLEngine serverEngine, ByteBuffer src, ByteBuffer dest) {
|
||||
SSLEngineResult wrap = serverEngine.wrap(src, dest);
|
||||
System.out.println("WRAP " + wrap);
|
||||
Runnable delegatedTask = serverEngine.getDelegatedTask();
|
||||
if(delegatedTask != null) {
|
||||
delegatedTask.run();
|
||||
}
|
||||
}
|
||||
|
||||
private static class TlsFakeSecureRandom extends SecureRandom {
|
||||
|
||||
/*
|
||||
state 0 - engineInit(SSLContextImpl.java:117)
|
||||
stage 1 - SessionId.<init> -> RandomCookie
|
||||
stage 2 - server random (ServerHello.java:575)
|
||||
stage 3 - XDHKeyPairGenerator.generateKeyPair -> XECOperations.generatePrivate
|
||||
*/
|
||||
|
||||
private int state = 0;
|
||||
|
||||
@Override
|
||||
public void nextBytes(byte[] bytes) {
|
||||
System.out.println("STATE " + state);
|
||||
StackWalker.getInstance().forEach(System.out::println);
|
||||
System.out.println("-----------------");
|
||||
|
||||
switch (state) {
|
||||
case 0 -> Arrays.fill(bytes, (byte) 0);
|
||||
case 1, 2, 3 -> System.arraycopy(getFakeBytes(), 0, bytes, 0, bytes.length);
|
||||
}
|
||||
|
||||
state++;
|
||||
}
|
||||
|
||||
private byte[] getFakeBytes() {
|
||||
return switch (state) {
|
||||
case 1 -> Hex.decode("0ab8b3409555d3d658b1844f52dfc0116467c4b9088d1deb504f3935c10de893");
|
||||
case 2 -> Hex.decode("b5474b785c5e9bbadf2b0cd136e9aaf8bc2d89583ef96c479b531b94808349cc");
|
||||
case 3 -> Hex.decode("801d96be72cbbd2f4e33b5ec7e5e0b073636269e42c17d1d8996fdd28c9f7230");
|
||||
default -> throw new IllegalStateException("Unexpected value: " + state);
|
||||
};
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -9,13 +9,14 @@ import javax.net.ssl.TrustManagerFactory;
|
||||
import java.io.File;
|
||||
import java.io.FileInputStream;
|
||||
import java.security.KeyStore;
|
||||
import java.security.SecureRandom;
|
||||
|
||||
import static com.google.common.base.Preconditions.checkState;
|
||||
|
||||
public class SSLUtils {
|
||||
|
||||
@SneakyThrows
|
||||
public static SSLContext createContext(File pemFile, File keyFile) {
|
||||
public static SSLContext createContext(File pemFile, File keyFile, SecureRandom random) {
|
||||
final String pass = "abcdef";
|
||||
|
||||
File jksKeystoreFile = File.createTempFile("packmate_", ".jks");
|
||||
@@ -46,7 +47,7 @@ public class SSLUtils {
|
||||
TrustManagerFactory factory = TrustManagerFactory.getInstance(
|
||||
TrustManagerFactory.getDefaultAlgorithm());
|
||||
factory.init(keystore);
|
||||
ret.init(keyManagerFactory.getKeyManagers(), factory.getTrustManagers(), null);
|
||||
ret.init(keyManagerFactory.getKeyManagers(), factory.getTrustManagers(), random);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -5,3 +5,5 @@ out
|
||||
in
|
||||
140303000101170303003522332775a6617895c810ddad7f99ecc7d16ce79eec84cfaf1ff96933e7c9d50a2c44cb430f4483e77df7c62e3167e5936b5e8fae34
|
||||
1703030057a6cbca0de9d81daa74309ed33a8d7b739f90adf1fd434d9115f162bac1ba6ba1ddafc6e5ef4d1f5dbb531d6d0f160e77205e3a73a5a174318180e4c5595cdffe7dab9d01f3f559d08f2c1f04ff6e9e214078df21fecb17
|
||||
17030301ade0ee7e00d876bfdc3b1af18e83fd12edfb00bb8913544269212ffdfec774a3738b975da716351ccc311aec12deef57c327bc7b05b4c64cb471f117a3a0c672e48ad36ca79c689580a7e039d9b6d38a4fa9c6812fb3439d6815edc4fb3d9819f7a8a4ccccfffefddd7168fd436f9a0181420157563230f9e66cce28373c467abba43b286bff548d9e100cead7bc6dd3e3c1d9054dc32016705c64bece7f14bfc34d710ba133ca430b3119437892950ac24151b3d27485db401c9d7ddeca1d22a37c3938de2e5e63ebda1203a2c7ddefaff7103e6fce89f0ef6c4a372733def21ca525fa2812792b8f61d6f72301a7c333092a54bdea527cf3e9cdf1a1659b6c687502fb975d37e58238f2f1e5b5deaadde43dd7ce5af14b5a86271c1a2ccd66d434a03f6f81c1bfaa0ae78359d1d105fe03899a94c3f40484d0d3c8f18221434dad2a6547c012f3e36eb0006d631bceba4e0e6b088a96f0e8dbc4b6adced3e50b24515f977fe92665ae9b1cf3b119174f8ecbc3499d8bb3501e9a494d4deb16f503444132350f0ed4a6568b4dc85b9a548dd3072a7af501390f68bccffab2839918038c648e8420d4d73d3ec8e0
|
||||
170303001ab26d3805e7ecc6915b08c0dd1118021eda932dea1a38d7cfcbfc
|
||||
Reference in New Issue
Block a user