/rsa-faulty-signatures

Primary LanguageRust

RSA Faulty Signatures

Rust PFRing integration

Installing

# Install dependencies
sudo apt install libelf-dev build-essential bison pkg-config libpcap-dev \
    flex linux-headers-$(uname -r) libnuma-dev

# pull the repo and submodule (PF_RING) repos
git clone --recursive git@github.com:IanMartiny/ecdsa-attack.git

# Build PF_RING
cd PF_RING
make

# Build Parser
cd ../
make

Running

Simple

Run simple version off local network interface.

$ ./rust-src/target/release/tls_fingerprint --help
TLS Fingerprint Debugger 1.0
Reads from either PCAP or interface for debugging TLS fingerprint tool. Defaults 
to reading from pcap  and writing to terminal if no input or database respectively 
is specified.

USAGE:
    tls_fingerprint [-i INTERFACE | -p FILE] [-d DSN_URL]

FLAGS:
    -h, --help       Prints help information
    -V, --version    Prints version information

OPTIONS:
    -d, --database <DSN_URL>       Enable write to database and use provided 
                                   credentials to connect to postgresql.
    -i, --interface <INTERFACE>    Interface from which to read live packets
    -p, --pcap <FILE>              Custom PCAP file to open


$ ./rust-src/target/release/tls_fingerprint -i eth0

Advanced

Run with advanced PF_RING integration.

See PF_RING Documentation for the latest information on how to run PF_RING ZC correctly.

1. Install the PF_RING kernel Module

cd PF_RING/kernel
make
sudo make install

2. Run PF_RING

See the docs for more options.

# sudo insmod ./pf_ring.ko [min_num_slots=N] [enable_tx_capture=1|0] [ enable_ip_defrag=1|0]
sudo insmod pf_ring.ko min_num_slots=65536

min_num_slots Minimum number of packets the kernel module should be able to enqueue (default – 4096).

3. Compile and run Zero Copy (ZC) drivers

# Determine the driver family
ethtool -i eth1 | grep driver
> e1000e

# Compile and load the corresponding driver
cd PF_RING/drivers/intel
make
cd e1000e/e1000e-*-zc/src
sudo ./load_driver.sh

4. Run Zero Copy Load Balancer

Start the ZC load balancer establishing cluster and queues to interface with.

See the docs for more options

cd PF_R/userland/examples_zc
# sudo zbalance_ipc -i zc:eth1 -n $CORES -c $CLUSTER_NUM -g 1
sudo ./zbalance_ipc -i zc:eth1 -n 2 -c 10 -g 1

-g is the core affinity for the capture/distribution thread

-c declares the ZC cluster ID

-n specifies the number of egress queues

5. Run Application

Connect the ecdsa-attack parser to PF_RING and we're off!

# sudo ./tls-fingerprint -c $CLUSTER_NUM -n $CORES -d $DATA_SOURCE_NAME [-m $QUEUE_OFFSET]
sudo ./rsa-faulty-signatures -c 10 -n 2 -d "postgresql://user:secret@localhost/dbname" -m 0

-c specifies the ZC cluster ID

-n specifies the number of egress queues

-m cluster queue numeric offset

-d data source name for connecting to database

Useful RFC's