Wireshark mailing list archives
Support for TLS1.2 decryption using derived keys
From: webpentest <webpentest () gmail com>
Date: Thu, 30 Apr 2020 10:37:49 +0300
Hello list, I'm currently working on implementing a SSLKEYLOGFILE-like functions for TLS connections that use Windows SChannel APIs (e.g. IE/Edge, as well as other windows apps such as RDP client). SChannel does not expose its keys, though some research was done on recovering them (see [1] and [2]). I won't describe here the inner workings of schannel and key isolation in Windows, but the bottom line is as follows: 1. The master key is only available to the lsass.exe process and accessing it thus requires elevated privileges. Furthermore, there might be additional restrictions that prevent event admins from accessing the memory of lsass. 2. The derived keys, however, are available to the actual process that uses schannel. Notably, I can extract the client and server write keys and IV's, as well as the client random (see section 6.1 of RFC 5246, page 17). This means that it is possible to decrypt schannel traffic without the need for elevated privilege, by extracting and using those derived keys, but wireshark currently lacks the ability to ingest these values from a keylog file. Currently it can use derived keys for decryption only for TLS1.3 connections (see [3]). I've thrown together a quick and dirty implementation of using derived keys to decrypt TLS1.2 (see [4]) and verified that it works: with the keys that I extracted I was able to decrypt successfully the RDP connection that I made from a windows client. So, now my question is as follows: 1. Considering the limited use-case for this functionality (using derived keys to decrypt TLS1.2), does it have a chance of being merged into upstream? 2. If yes, is there a person familiar with wireshark's tls dissector, who is willing to advise me on what is the best way to implement these changes? I'm ready to spend time on reimplementing the patch, but I'll need someone for guidance and review. Regards, George Noseevich. [1] https://www.blackhat.com/docs/us-16/materials/us-16-Kambic-Cunning-With-CNG-Soliciting-Secrets-From-SChannel.pdf [2] https://osqa-ask.wireshark.org/questions/61698/decrypting-website-accessed-through-internet-explorer [3] https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12779#c17 [4] https://github.com/ngo/wireshark/commit/1d86cc67fac2bff5a3ceb392e469b0d443cd9d22 ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Support for TLS1.2 decryption using derived keys webpentest (Apr 30)
- Re: Support for TLS1.2 decryption using derived keys Peter Wu (Apr 30)
- Re: Support for TLS1.2 decryption using derived keys webpentest (Apr 30)
- Re: Support for TLS1.2 decryption using derived keys Peter Wu (Apr 30)
- Re: Support for TLS1.2 decryption using derived keys webpentest (Apr 30)
- Re: Support for TLS1.2 decryption using derived keys Peter Wu (Apr 30)