This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

From the Client I am logging all the master secret key for all the sessions.Using that key how to generate the .key file and is that be possible to decrypt the DHE messages in wireshark using Master secret key? Wireshark will be able to understand the way of decrypting DHE?

This question is marked "community wiki".

asked 07 May '13, 21:28

Kalai's gravatar image

Kalai
165510
accept rate: 0%


While it is not possible to create the private key of the server from the master keys, you will be able to decrypt the sessions in the tracefile that correspond to the logged master keys.

You will need to put the master keys in a file as follows (from the source code):

         "RSA <EPMS> <PMS>\n"
         "RSA Session-ID:<SSLID> Master-Key:<MS>\n"
         "\n"
         "Where:\n"
         "<EPMS> = First 8 bytes of the Encrypted PMS\n"
         "<PMS> = The Pre-Master-Secret (PMS)\n"
         "<SSLID> = The SSL Session ID\n"
         "<MS> = The Master-Secret (MS)\n"
         "\n"
         "(All fields are in hex notation)",

So for example:

RSA Session-ID:fbcf322128ed0a00b272d6ac85843f50deccdd94ac33261523189639f5ba189a Master-Key:bda6ea472f6c39a9fcfd5dc79eb161d1a4cae5d924fdde800f276263fd6df1ee8ed246b5a6412e328eb85744c9bf7cf2
RSA Session-ID:db00c2aad79cfda109ce4f65a9801aa8d5f1bbeb9e1f848f6a2f7551f9de7577 Master-Key:92cdc769c670ba6f48cfe756992ad435401a26d0235900c0f67c846b5f360c108df167ca6b6f443f4d2b118de0ccadb8

You then point to the file in the SSL protocol preferences by using the "(Pre-)Master-secret log filename" setting.

permanent link

answered 07 May '13, 22:34

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

edited 07 May '13, 22:37

Hi.Thanks for the reply.Do I need Encrypted PMS and PMS keys? If so What are those keys? As Master secret is used to encrypt and decrypt the messages in DHE, only master secret and session Id's are not enough like in your example?

(08 May '13, 00:11) Kalai

And also I used %02x format to print Master secret. Should I have to use the same format for session Id's also?

(08 May '13, 00:57) Kalai

You will only need the SessionID/Master Secret combinations. The other format is for the export that Chrome/Firefox can make when compiled with a debug option.

Yes, the sessionID should also be in hexformat.

(08 May '13, 01:02) SYN-bit ♦♦

I provided the log file in Edit>preference>pre-master key log file tab (RSA Session-ID:9835348 Master-Key:EC6B8B3131B3842CCFB47308B73B31BB9F870E43B1FA26098064B2C724FA14E910D8F509676BA37D74F15AA6351EDBC0) But nothing is happening ... The ssl debug file is showing the following:

dissect_ssl enter frame #1 (first time) ssl_session_init: initializing ptr 056610A4 size 588 conversation = 05660E64, ssl_session = 056610A4 record: offset = 0, reported_length_remaining = 437 dissect_ssl3_record found version 0x0301(TLS 1.0) -> state 0x10 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 432, ssl state 0x10 association_find: TCP port 9970 found 00000000 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available association_find: TCP port 9970 found 00000000 association_find: TCP port 3456 found 00000000 association_find: TCP port 0 found 00000000

What could be the issue?

(08 May '13, 03:47) Kalai

The SSL SessionID is usually a 32 octet value. It's best to take it from the ServerHello:

Session ID Length: 32
Session ID: db00c2aad79cfda109ce4f65a9801aa8d5f1bbeb9e1f848f...

The value listed by wireshark is truncated, but can be capied by rightclick -> copy -> bytes -> hex stream. This will result in:

db00c2aad79cfda109ce4f65a9801aa8d5f1bbeb9e1f848f6a2f7551f9de7577
(08 May '13, 07:17) SYN-bit ♦♦

Hi in the server hello the session ID length is 0, and also am getting the following lines in the debug file checking keylog line: RSA Session-ID:9E7D348s3 line does not match encrypted pre-master secret line does not match checking keylog line: Master-Key:530BAAC26D6D57CE75B1DF8284EA57291882F46BD337DC72171BFBC3201F8B263B0E98607C1F4F673E39052AC70FC23F line does not match

Is that the problem with the session-ID?

(08 May '13, 08:56) Kalai

OK, if there is no session id, you will need to revert to the first method of logging the first 8 octets of the encrypted Pre-Mastersecret together with the Pre-Mastersecret. Both in hex notation.

This will need to look like this:

RSA 46BD337DC72171BF \
  B1DF8284EA57291882F46BD337DC72171BFBC3201F8B263B0E98607C1FB1DF8284EA57291882F46BD337DC72171BFBC3
(08 May '13, 14:28) SYN-bit ♦♦

Hi my keylog file is looking like this:

RSA D0135C1A76C9857E C80D3BC9FD3654BC95A3E68124B747C6B581FD06EC427AEFAD871104F5C42DCFBBF237067FAABF11266A0D76B049CBC3CB68DFC3659736DABEE5CA092B5D05831498F6354EDE3A0CD65DFDA7701C1F4600834FFDE9AA9B5848437255F4391A78E779084ADD5D5F5FEA8E05E8E97F02BC5613C1B73082AF6EB3A0B52BDACBEBC8
RSA Session-ID:8C8C348
Master-Key:3FB3843CDD2DC0FB7AD4C81B75A19C4434AEA0A5B977EB562BB2B099A180B0884CBFC380A03FA767AF01032601703C6B

Still I am getting,

trying to use SSL keylog in C:\keylog.txt
  checking keylog line: RSA D0135C1A76C9857E C80D3BC9FD3654BC95A3E68124B747C6B581FD06EC427AEFAD871104F5C42DCFBBF237067FAABF11266A0D76B049CBC3CB68DFC3659736DABEE5CA092B5D05831498F6354EDE3A0CD65DFDA7701C1F4600834FFDE9AA9B5848437255F4391A78E779084ADD5D5F5FEA8E05E8E97F02BC5613C1B73082AF6EB3A0B52BDACBEBC8
    line does not match encrypted pre-master secret    line does not match
  checking keylog line: RSA Session-ID:8C8C348
    line does not match encrypted pre-master secret    line does not match
  checking keylog line: Master-Key:3FB3843CDD2DC0FB7AD4C81B75A19C4434AEA0A5B977EB562BB2B099A180B0884CBFC380A03FA767AF01032601703C6
    line does not match
  record: offset = 139, reported_length_remaining = 59
dissect_ssl3_record: content_type 20 Change Cipher Spec
dissect_ssl3_change_cipher_spec
packet_from_server: is from server - FALSE
ssl_change_cipher CLIENT
  record: offset = 145, reported_length_remaining = 53
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 48, ssl state 0x17
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 85 offset 150 length 7676257 bytes, remaining 198
(09 May '13, 07:18) Kalai

Are you able to post the tracefile on www.cloudshark.org? If you are worried about the application data, only the SSL handshake is needed.

(09 May '13, 09:44) SYN-bit ♦♦

I have added the file in the link: http://cloudshark.org/captures/4161807df249 RSA Session-ID:8C8C348 Master-Key:3FB3843CDD2DC0FB7AD4C81B75A19C4434AEA0A5B977EB562BB2B099A180B0884CBFC380A03FA767AF01032601703C6B PreMaster key-C80D3BC9FD3654BC95A3E68124B747C6B581FD06EC427AEFAD871104F5C42DCFBBF237067FAABF11266A0D76B049CBC3CB68DFC3659736DABEE5CA092B5D05831498F6354EDE3A0CD65DFDA7701C1F4600834FFDE9AA9B5848437255F4391A78E779084ADD5D5F5FEA8E05E8E97F02BC5613C1B73082AF6EB3A0B52BDACBEBC8

(09 May '13, 22:21) Kalai

I am having access to the client completely.Any other workaround which will decrypt the application data in wireshark?

(13 May '13, 03:11) Kalai

I was looking at your trace and made a trace myself, but I need to look into the source code to see if it is a simple fix to be able to decrypt SSL sessions for which the key has been exchanged by DH. It does not seem to do that now, even though I believe that logging the (pre-)master secret would be enough to go on (as long as it can be indexed in some way to identify the session).

Unfortunately, I do not have the time at the moment to dive some deeper. So for now I'm afraid there is no decryption possible for DH sessions, not even with the session keys logged.

(13 May '13, 04:47) SYN-bit ♦♦

Hi The decryption of DHE session is working when I used CLIENT_RANDOM <hex clientrandom=""> <hex masterkey="">. When I used capital letters for hex it was not working and its working fine when I use small letters.Thanks for your help...

(15 May '13, 03:02) Kalai
showing 5 of 13 show 8 more comments
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×165
×7
×2

question asked: 07 May '13, 21:28

question was seen: 11,776 times

last updated: 15 May '13, 03:02

p​o​w​e​r​e​d by O​S​Q​A