0

I'm trying to reproduce the skipTLS attack against cyassl < 3.3.0 (wolfSSL) that allows to skip steps in the handshake and thus impersonate a server and force the client to communicate in clear. The specific attack is described here : http://www.ieee-security.org/TC/SP2015/papers-archived/6949a535.pdf (p. 9-10).

This exploit relies on the fact that unitialised memory in the cyassl client (coded in C) is set to 0 (a 12-long byte array).

The attack inexplicably fails, and I wanted to check if it was because the unitialised memory wasn't set to 0.

Now, the papers claims :

Consequently, the byte array that stores the transcript MAC remains uninitialized, and in most runtime environments this array contains zeroes.

I'm running the client on Ubuntu 16.04.

Would you know of a way to check if the memory contains 0s (debugging would be quite painful as I'm working in blackbox) ?

Or, alternatively, would there be an environment in which the probability that this area of uninitialised memory contains 0s would be higher ?

I know that I can't ever be sure that it always contains 0, but if it works from time to time, it's fine by me.

watts
  • 127
  • 2
  • 7
  • Well you could modify the code of cyassl and just check it by brute force (iterating over the array). Other than that, I don't think you can avoid using a debugger. – Dunno Mar 22 '17 at 10:41
  • @watts please keep us posted on your findings. wolfSSL is very proactive when it comes to any vulnerabilities and they guarantee a fix and new release following any such reports. If you do identify a weakness in the wolfSSL implementation please alert them by emailing support@wolfssl.com as soon as possible! – Kaleb Mar 23 '17 at 12:36

0 Answers0