0

I examine an application that uses OpenSSL 1.0.2l to secure connections. I suspect the application uses some of OpenSSL cryptographic functions to encrypt/decrypt some authorization data. After examination it turned out that in order to authorize a trial the app receives and "do something" with a 80 characters length hex string.

In order to figure out what is being done, I debugged the actions the application performs after receiving the hex string. Here's the list of OpenSSL's modules it uses:

.\\crypto\\bn\\bn_mont.c
.\\crypto\\bn\\bn_ctx.c
.\\crypto\\bn\\bn_lib.c

.\\crypto\\asn1\\a_bitstr.c
.\\crypto\\asn1\\tasn_new.c
.\\crypto\\asn1\\x_pubkey.c
.\\crypto\\asn1\\a_object.c
.\\crypto\\asn1\\a_int.c
.\\crypto\\asn1\\asn1_lib.c

.\\crypto\\dsa\\dsa_lib.c
.\\crypto\\dsa\\dsa_sign.c

.\\crypto\\stack\\stack.c

.\\crypto\\ex_data.c

.\\crypto\\lhash\\lhash.c

.\\crypto\\evp\\p_lib.c

I'm quite sure that some of those functions are being used in order to handle the secure connections, but I think some of those may be used for that kind of encryption. What do you think?

EDIT: I forgot to mention an important thing - OpenSSL 1.0.2l is statically linked.

StackOverflow
  • 47
  • 1
  • 6
  • 1
    A debugger and call stacks will tell you a helluvalot more than we can. Best of luck in breaking the trial-auth of whatever you're hacking. – WhozCraig Dec 17 '20 at 14:22
  • Trace the actual calls with arguments to figure out what's going on. Assuming Windows, use https://stackoverflow.com/a/12861291/1216776 – stark Dec 17 '20 at 14:43

0 Answers0