Home - Blog - Advisories - Research - Papers - Books - Presentations - Tools - About

All your private keys are belong to us - Extracting RSA private keys and certificates from process memory

This paper discusses a method to find and extract RSA private keys and certificates from process memory in a very reliable way. This method can be used by an attacker to steal sensitive cryptographic material. As a proof of concept an IDA Pro plugin as well as an exploit payload will be discussed.

Download paper:

Language: English
Version: 1.0 (25.02.2006)

Tools

Here are the two SSL Key/Cert Finder implementations discussed in the paper:

SSL Key/Cert finder IDA Pro plugin - No longer available because of §202c (en)
SSL Key/Cert finder exploit payload - No longer available because of §202c (en)

:: Copyright (c) 2000-2010 Tobias Klein. All rights reserved. ::