# Install dependencies
sudo apt install libelf-dev build-essential bison pkg-config libpcap-dev \
flex linux-headers-$(uname -r) libnuma-dev
# pull the repo and submodule (PF_RING) repos
git clone --recursive git@github.com:IanMartiny/ecdsa-attack.git
# Build PF_RING
cd PF_RING
make
# Build Parser
cd ../
make
Run simple version off local network interface.
$ ./rust-src/target/release/tls_fingerprint --help
TLS Fingerprint Debugger 1.0
Reads from either PCAP or interface for debugging TLS fingerprint tool. Defaults
to reading from pcap and writing to terminal if no input or database respectively
is specified.
USAGE:
tls_fingerprint [-i INTERFACE | -p FILE] [-d DSN_URL]
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
OPTIONS:
-d, --database <DSN_URL> Enable write to database and use provided
credentials to connect to postgresql.
-i, --interface <INTERFACE> Interface from which to read live packets
-p, --pcap <FILE> Custom PCAP file to open
$ ./rust-src/target/release/tls_fingerprint -i eth0
Run with advanced PF_RING
integration.
See PF_RING Documentation for the latest information on how to run PF_RING ZC correctly.
cd PF_RING/kernel
make
sudo make install
See the docs for more options.
# sudo insmod ./pf_ring.ko [min_num_slots=N] [enable_tx_capture=1|0] [ enable_ip_defrag=1|0]
sudo insmod pf_ring.ko min_num_slots=65536
min_num_slots Minimum number of packets the kernel module should be able to enqueue (default – 4096).
# Determine the driver family
ethtool -i eth1 | grep driver
> e1000e
# Compile and load the corresponding driver
cd PF_RING/drivers/intel
make
cd e1000e/e1000e-*-zc/src
sudo ./load_driver.sh
Start the ZC load balancer establishing cluster and queues to interface with.
See the docs for more options
cd PF_R/userland/examples_zc
# sudo zbalance_ipc -i zc:eth1 -n $CORES -c $CLUSTER_NUM -g 1
sudo ./zbalance_ipc -i zc:eth1 -n 2 -c 10 -g 1
-g is the core affinity for the capture/distribution thread
-c declares the ZC cluster ID
-n specifies the number of egress queues
Connect the ecdsa-attack
parser to PF_RING and we're off!
# sudo ./tls-fingerprint -c $CLUSTER_NUM -n $CORES -d $DATA_SOURCE_NAME [-m $QUEUE_OFFSET]
sudo ./rsa-faulty-signatures -c 10 -n 2 -d "postgresql://user:secret@localhost/dbname" -m 0
-c specifies the ZC cluster ID
-n specifies the number of egress queues
-m cluster queue numeric offset
-d data source name for connecting to database