Ask Your Question
0

Unable to decrypt TLS using (Pre)-Master-Secret log and/or RSA Keys

asked 2020-11-11 22:45:32 +0000

RyoSaeba gravatar image

updated 2020-11-11 22:49:35 +0000

I need to decrypt the exchanged data (TLSv1.2 packets with Diffie-Hellman key exchange) between two Web API on the same web server. I have executed all the steps described in the following article: https://www.comparitech.com/net-admin...

I have tried using only the (Pre)-Master-Secret log, using only the RSA Keys and using both at the same time, but the result is always the same: at the Packet byte view the tabs underneath the view are not displayed. The Decrypted SSL data and the Uncompressed entity body tabs are not displayed as you can see in the following image:

image description

While I was expecting to see the tabs like those in the following image:

image description

In the SSL debug log file there is the following error:

dissect_ssl frame #93 (first time) 
packet_from_server: is from server - TRUE 
  conversation = 0E4B2598, ssl_session = 0E4B2C50 
  record: offset = 0, reported_length_remaining = 145 
ssl_try_set_version found version 0x0303 -> state 0x91 
dissect_ssl3_record: content_type 22 Handshake 
decrypt_ssl3_record: app_data len 89, ssl state 0x91 
packet_from_server: is from server - TRUE 
decrypt_ssl3_record: using server decoder 
decrypt_ssl3_record: no decoder available 
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 85 bytes 
ssl_try_set_version found version 0x0303 -> state 0x91 
Calculating hash with offset 5 89 
ssl_dissect_hnd_hello_common found SERVER RANDOM -> state 0x93 
ssl_set_cipher found CIPHER 0xC030 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 -> state 0x97 
trying to use TLS keylog in C:\Temp\ssl-keys.log 
  checking keylog line: CLIENT_HANDSHAKE_TRAFFIC_SECRET ... 
    matched client_handshake 
  checking keylog line: SERVER_HANDSHAKE_TRAFFIC_SECRET ... 
    matched server_handshake 
  checking keylog line: CLIENT_TRAFFIC_SECRET_0 ... 
    matched client_appdata 
  checking keylog line: SERVER_TRAFFIC_SECRET_0 ... 
    matched server_appdata 
  checking keylog line: EXPORTER_SECRET ... 
    matched exporter 
  checking keylog line: CLIENT_HANDSHAKE_TRAFFIC_SECRET ... 
    matched client_handshake 
  checking keylog line: SERVER_HANDSHAKE_TRAFFIC_SECRET ... 
    matched server_handshake 
  checking keylog line: CLIENT_TRAFFIC_SECRET_0 ... 
    matched client_appdata 
  checking keylog line: SERVER_TRAFFIC_SECRET_0 ... 
    matched server_appdata 
  checking keylog line: EXPORTER_SECRET ... 
    matched exporter 
tls13_load_secret TLS version 0x303 is not 1.3 
tls13_load_secret TLS version 0x303 is not 1.3 
  record: offset = 94, reported_length_remaining = 51 
dissect_ssl3_record: content_type 20 Change Cipher Spec 
decrypt_ssl3_record: app_data len 1, ssl state 0x197 
packet_from_server: is from server - TRUE 
decrypt_ssl3_record: using server decoder 
decrypt_ssl3_record: no decoder available 
ssl_dissect_change_cipher_spec Session resumption using Session ID 
trying to use TLS keylog in C:\Temp\ssl-keys.log 
ssl_finalize_decryption state = 0x197 
ssl_restore_master_key can't find master secret by Session ID 
ssl_restore_master_key can't restore master secret using an empty Session Ticket 
ssl_restore_master_key can't find master secret by Client Random 
  Cannot find master secret 
packet_from_server: is from server - TRUE 
ssl_change_cipher SERVER (No decoder found - retransmission?) 
  record: offset = 100, reported_length_remaining = 45 
dissect_ssl3_record: content_type 22 Handshake 
decrypt_ssl3_record: app_data len 40, ssl state 0x197 
packet_from_server: is from server - TRUE 
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available

Thanks for your help.

edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted
0

answered 2020-11-12 08:44:57 +0000

grahamb gravatar image

Using a more canonical reference such as the project's own wiki page on TLS you should note the following about decryption:

The RSA private key file can only be used in the following circumstances:

  • The cipher suite selected by the server is not using (EC)DHE.

And as the linked article notes, you can determine if a DH key exchange is in use by examining the SSL debug log and looking for the cipher being used. From your log:

ssl_set_cipher found CIPHER 0xC030 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 -> state 0x97

So a DH keyexchange is occurring and an RSA master key will not be able to decrypt the data, you will need a pre-master secret from the sslkeylogfile. The debug log indicates that the TLS dissector couldn't find valid keying material in the keylog file:

ssl_dissect_change_cipher_spec Session resumption using Session ID 
trying to use TLS keylog in C:\Temp\ssl-keys.log 
ssl_finalize_decryption state = 0x197 
ssl_restore_master_key can't find master secret by Session ID 
ssl_restore_master_key can't restore master secret using an empty Session Ticket 
ssl_restore_master_key can't find master secret by Client Random 
  Cannot find master secret

The log also indicates that this was a session resumption. Is it possible that the original session occurred before the sslkeylog file was created?

edit flag offensive delete link more

Comments

I have executed the following steps:

  1. Open Firefox
  2. Visit https://www.google.com and the second Web API urls
  3. Check of the sslkeylog file: the keys are present in the file
  4. Open Wireshark
  5. Start the capture of the loopback adapter traffic
  6. Execute the post to the first Web API
  7. Stop the capture of traffic
  8. The TLSv1.2 packets exchanged between the first Web API and the second Web API are present in the captured traffic but are always crypted.

Also I have tried to open Wireshark (step 4) before step 1, but the result is the same.

Thanks.

RyoSaeba gravatar imageRyoSaeba ( 2020-11-12 21:10:24 +0000 )edit

So many questions:

  • Why are you capturing on the loopback adaptor?
  • How are you executing the post?
  • Can you explain some more about the relationship between Google and the first and second Web API?
  • Are the Web API URLs local to the host or remote?
grahamb gravatar imagegrahamb ( 2020-11-13 08:46:35 +0000 )edit

(1) I’m capturing on the loopback adapter because the two Web APIs are on the same local Web server and in Wireshark I see all the traffic in the loopback adapter. This the exchanged data complete sequence:

Captured Sequence Traffic

(2) The sequence starts with the HTTP post to the first Web API (A) from another server using Postman. The conversation between the first Web API (A) and the second Web API (B) on the same Web server starts with the “Client Hello” packet. I need to decrypt the TLSv1.2 packets in this sequence starting from this packet. The sequence ends with the “HTTP/1.1 204 No Content” answer from the first Web API (A).

I’m executing the HTTP post to the first Web API (A) using Postman from another server. The Web API (A) execute the HTTPS Post to the second Web API (B) on ...(more)

RyoSaeba gravatar imageRyoSaeba ( 2020-11-14 02:05:30 +0000 )edit

From the above explanation it seems you are trying to decrypt the traffic between the two web API's on the local web server. Obtaining the keying material to decrypt thus depends on the web server writing to the key log file. What is the web server, as specific methods may be required?

grahamb gravatar imagegrahamb ( 2020-11-14 17:37:41 +0000 )edit

Yes, I’m trying to decrypt the traffic between the two web API's on the local web server. I also think that the keys in the sslkeylog file are not valid for this case. The two Web (REST) APIs are built with ASP.NET Core. How can I get the right keys in the sslkeylog file? Thanks.

RyoSaeba gravatar imageRyoSaeba ( 2020-11-15 06:09:18 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2020-11-11 22:45:32 +0000

Seen: 4,515 times

Last updated: Nov 15 '20