Home - Blog - Advisories - Research - Papers - Books - Presentations - Tools - About

All Your Private Keys are Belong to Us - Extracting RSA Private Keys and Certificates from Process Memory

This paper discusses a reliable method to find and extract RSA private keys and certificates from process memory. This method can be used by an attacker to steal sensitive cryptographic material. As a proof of concept an IDA Pro plugin as well as an exploit payload will be discussed.

Download paper:

Language: English
Version: 1.0 (25.02.2006)

Tools

Here are the two SSL Key/Cert Finder implementations discussed in the paper:

SSL Key/Cert finder IDA Pro plugin - No longer available because of §202c (en)
SSL Key/Cert finder exploit payload - No longer available because of §202c (en)

:: Copyright (c) 2000-2012 Tobias Klein. All rights reserved. ::