Man In Remote

 

Man In Remote Setup
Man In Remote Setup

After presenting this talk first at RootedCon and a month later at Hackito Ergo Sum the time for releasing the code behind it has arrived.

To understand the source code, you only need to have a look at the deployment diagram where the attacker is drawn in red and the victim in green.They have been designed as two independent components which exchange method invocations using a simple Marshalling/UnMarshalling scheme.

Although the proof is conceptually multiplatform I have only implemented the windows part so the source code is a Microsoft Visual Studio Solution with two projects, Attacker and Victim.

Attacker

  • It is a dll implementing the PKCS#11 API ready to be added as a Security Device in Firefox as follows: Tools->Options->Encryption Tab->Security Devices->Load
  • Instead of accessing any local device each method marshalls the parameters and sends them to the remote peer then  waiting for the response to arrive.
  • A file at C:\pkcs11-ip.cfg must contain the IP address where the library will be sending requests.

Victim

  • Binds a socket and waits for PKCS#11 requests to arrive
  • After a new request has been read, the official PKCS#11 library is used to perform the selected operation and retrieve its output sending it back to the Attacker.

I have uploaded the source code to github, it is provided with known issues so do not blame for them, this is just a PoC.

Here you can find the presentation in Spanish and here in English, they are pretty much the same.

Any question, bug, improvement, whatever please leave a comment below!

2 thoughts on “Man In Remote

    1. Don’t think so, I haven’t received any invitation + it is pretty far from where I am currently based. I hope it turns out to be a great event!

Comments are closed.