#!/usr/bin/env python # coding: utf-8 # In[1]: from hashlib import sha1, sha256 from Crypto.Util.number import bytes_to_long, long_to_bytes, inverse from ecdsa import ellipticcurve from ecdsa.ecdsa import curve_256, generator_256, Public_key, Private_key from random import randint # # Prerequisites # - ecdsa # # Theory # ## Certificate # - https://en.wikipedia.org/wiki/Public_key_certificate # - https://en.wikipedia.org/wiki/Certificate_authority # **Def** # - A public key certificate is an electronic document used to prove the ownership of a public key. # - The certificate includes information about the key, information about the identity of its owner (called the subject), and the digital signature of an entity that has verified the certificate's contents (called the issuer). # - If the signature is valid, and the software examining the certificate trusts the issuer, then it can use that key to communicate securely with the certificate's subject # **Components** # - Subject # - Validation date # - Usage # - *Public key* # - *Algorithm* # - *Algorithm parameters* -> in our case the *Curve* parameters # # ![image.png](attachment:image.png) # ## Attack # - https://www.youtube.com/watch?v=8RI60aRyhoE - must watch # - https://crypto.stackexchange.com/questions/83308/what-is-the-chainoffools-curveball-attack-on-ecdsa-on-windows-10-cryptoapi # ![image.png](attachment:image.png) # The fault was at how the certificates were stored # - Once the ceritificate was validated once, it would cache and verify the **Public key $P$** only (not the algorithm parameters) # - When the certificate is already in the cache, it will only check with the public key # - Therefore you can send the public key and **custom curve parameters** => you can spoof certificates as a malicious CA # # Code # # Resources # - https://research.kudelskisecurity.com/2020/01/15/cve-2020-0601-the-chainoffools-attack-explained-with-poc/ # - https://github.com/ollypwn/CurveBall -> https://news.ycombinator.com/item?id=22048619 # - https://news.ycombinator.com/item?id=22059900 # - https://cooleleute.live/Curveball.pdf - nice presentation # In[ ]: