Home - Blog - Advisories - Research - Papers - Books - Presentations - Tools - About

All your private keys are belong to us - Extracting RSA private keys and certificates out of the process memory

This paper discusses a method to find and extract RSA private keys and certificates out of the process memory in a very reliable way. This method can be used by an attacker to steal sensitive cryptographic material. As a proof of concept an IDA Pro plugin as well as an exploit payload will be discussed.

Download paper:

Language: english
Version: 1.0 (20060205)

Tools

Here are the two SSL Key/Cert Finder implementations discussed in the above mentioned paper.

SSL Key/Cert finder IDA Pro plugin - No longer available because of §202c
SSL Key/Cert finder exploit payload - No longer available because of §202c

:: Copyright (c) 2000-2010 Tobias Klein. All rights reserved. ::