Ask Your Question
0

encrypted trace question

asked 2018-03-27 01:00:09 +0000

anonymous user

Anonymous

I am working with a trace file captured between a smart home controller C4 and the client app.

Due to the lack of documentation for the communication protocol used I am trying to reverse engineer the commands from the existing trace, however it ?seems? to be encrypted with a self signed cert.

I have root access to the C4 controller (linux distro) and can easily obtain the self signed certificate .pem file.

Is my assumption about the trace being encrypted correct and if so how could I decrypt it using the private certificate obtained from the C4 controller?

image description

Some useful info here - http://pwn2ownnow.blogspot.com/

Thank you

edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted
1

answered 2018-03-27 12:05:54 +0000

Jasper gravatar image

Have you tried decoding that stream as HTTPS, to check if they have the typical key exchange in the beginning of the conversation? You can right click on the stream and use "decode as" to force Wireshark to do that for you. Very often developers just use existing protocols and put them on arbitrary ports, which Wireshark doesn't recognize without some help.

Other than that I don't think the CRT .pem will help - for decryption you need the key, not the certificate if I'm not totally mistaken. If you have access to that as well you could try to decrypt the session using Wireshark, but I'm no expert for that kind of thing.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-03-27 01:00:09 +0000

Seen: 77 times

Last updated: Mar 27