본문 바로가기

CTFs/Plaid 2014

[Plaid 2014] forensic : curlcore

2. Curlcore

1
2
3
4
Forensic - curlcore
We managed to grab a memory dump off of The Plague’s computer while he was making a secure download. 
We think he may have been looking for new places to hide the Prime Factorizer. 
Can you figure out what messages were sent through his computer?
cs

First, Open the curlcore.sh and we could see the codes ...

1
curl -k https://curlcore.local.plaidctf.com/flag.html & PID=$!;
cs

and capture the packets as dumpcap file named "capture". So, let's see capture file with Wireshark



But it was downloaded over HTTPS protocol which means encrypted with SSL. So, we need to decrypt that packets.


We can find encryption algorithm and the Session ID from packet.


Wireshark supports decryption if private key and Session ID are exist.

We already found the Session ID. Then, where is private key ( SSL master key )?


Google says "Curl depends on OpenSSL for supporting TLS protocol. So let's find where OpenSSL stores private key on memory.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
struct ssl_session_st
    {
    int ssl_version;    /* what ssl version session info is
                 * being kept in here? */
 
    /* only really used in SSLv2 */
    unsigned int key_arg_length;
    unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH];
    int master_key_length;
    unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
    /* session_id - valid? */
    unsigned int session_id_length;
    unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
    /* this is used to determine whether the session is being reused in
     * the appropriate context. It is up to the application to set this,
     * via SSL_new */
    unsigned int sid_ctx_length;
    unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
}
cs

I found the structure on ssl.h. SSL master_key ( private key ) is stored near the session_id what we found. 

Then all we got to do is just searching near the session id and we'll get the private key.


On tmp/corefile, we can find that structure's data.


As following picture, 

1
2
3
4
unsigned int key_arg_length = 0x30
unsigned char key_arg[SSL_MAX_MASTER_KEY_LENGTH] = 191E5042E6B31371AA65258E13B2DC714D984DF8D68FAD678FF0A2FC49476D65C3A161F718572C3F5DB8566A0DE89E58
unsigned int session_id_length = 0x20
unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH] = 19AB5EDC02F097D5074890E44B483A49B083B043682993F046A55F265F11B5F4
cs


From that info, making SSL master key what Wireshark required.

1
2
RSA Session-ID:19AB5EDC02F097D5074890E44B483A49B083B043682993F046A55F265F11B5F4 
Master-Key:191E5042E6B31371AA65258E13B2DC714D984DF8D68FAD678FF0A2FC49476D65C3A161F718572C3F5DB8566A0DE89E58
cs

Apply that key then we can see the plain text!


The flag is congratz_you_beat_openssl_as_a_whitebox


'CTFs > Plaid 2014' 카테고리의 다른 글

[Plaid 2014] pwnable : ezhp  (0) 2016.08.27
[Plaid 2014] reversing : hudak  (0) 2016.08.27
[Plaid 2014] forensic : zfs  (0) 2016.08.27
[Plaid 2014] forensic : rsa  (0) 2016.08.27
[Plaid 2014] forensic : bbos  (0) 2016.08.27