encrypted trace question

asked 2018-03-27 01:00:09 +0000

Anonymous

I am working with a trace file captured between a smart home controller C4 and the client app.

Due to the lack of documentation for the communication protocol used I am trying to reverse engineer the commands from the existing trace, however it ?seems? to be encrypted with a self signed cert.

I have root access to the C4 controller (linux distro) and can easily obtain the self signed certificate .pem file.

Is my assumption about the trace being encrypted correct and if so how could I decrypt it using the private certificate obtained from the C4 controller?

image description

Some useful info here - http://pwn2ownnow.blogspot.com/

Thank you

edit retag flag offensive close merge delete

add a comment

answered 2018-03-27 12:05:54 +0000

Jasper
24103 ●5 ●111 ●292 Düsseldorf, Germany

Have you tried decoding that stream as HTTPS, to check if they have the typical key exchange in the beginning of the conversation? You can right click on the stream and use "decode as" to force Wireshark to do that for you. Very often developers just use existing protocols and put them on arbitrary ports, which Wireshark doesn't recognize without some help.

Other than that I don't think the CRT .pem will help - for decryption you need the key, not the certificate if I'm not totally mistaken. If you have access to that as well you could try to decrypt the session using Wireshark, but I'm no expert for that kind of thing.

edit flag offensive delete link

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

encrypted trace question

1 Answer

Your Answer

Question Tools

Stats

Related questions

encrypted trace question edit

1 Answer

Your Answer

Question Tools

Stats

Related questions

encrypted trace question