{"title":"从。net应用程序中提取加密密钥","authors":"Shaun Mc Brearty, William Farrelly, K. Curran","doi":"10.30564/SSID.V3I2.3347","DOIUrl":null,"url":null,"abstract":"In the absence of specialized encryption hardware,cryptographic operations must be performed in main memory.As such,it is common place for cyber criminals to examine the content of main memory with a view to retrieving high-value data in plaintext form and/or the associated decryption key.In this paper,the author presents a number of simple methods for identifying and extracting cryptographic keys from memory dumps of software applications that utilize the Microsoft .NET Framework,as well as sourcecode level countermeasures to protect against same.Given the EXE file of an application and a basic knowledge of the cryptographic libraries utilized in the .NET Framework,the author shows how to create a memory dump of a running application and how to extract cryptographic keys from same using WinDBG - without any prior knowledge of the cryptographic key utilized.Whilst the proof-of-concept application utilized as part of this paper uses an implementation of the DES cipher,it should be noted that the steps shown can be utilized against all three generations of symmetric and asymmetric ciphers supported within the .NET Framework.","PeriodicalId":315789,"journal":{"name":"Semiconductor Science and Information Devices","volume":"105 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-07-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Extracting Cryptographic Keys from .NET Applications\",\"authors\":\"Shaun Mc Brearty, William Farrelly, K. Curran\",\"doi\":\"10.30564/SSID.V3I2.3347\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In the absence of specialized encryption hardware,cryptographic operations must be performed in main memory.As such,it is common place for cyber criminals to examine the content of main memory with a view to retrieving high-value data in plaintext form and/or the associated decryption key.In this paper,the author presents a number of simple methods for identifying and extracting cryptographic keys from memory dumps of software applications that utilize the Microsoft .NET Framework,as well as sourcecode level countermeasures to protect against same.Given the EXE file of an application and a basic knowledge of the cryptographic libraries utilized in the .NET Framework,the author shows how to create a memory dump of a running application and how to extract cryptographic keys from same using WinDBG - without any prior knowledge of the cryptographic key utilized.Whilst the proof-of-concept application utilized as part of this paper uses an implementation of the DES cipher,it should be noted that the steps shown can be utilized against all three generations of symmetric and asymmetric ciphers supported within the .NET Framework.\",\"PeriodicalId\":315789,\"journal\":{\"name\":\"Semiconductor Science and Information Devices\",\"volume\":\"105 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-07-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Semiconductor Science and Information Devices\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.30564/SSID.V3I2.3347\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Semiconductor Science and Information Devices","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.30564/SSID.V3I2.3347","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Extracting Cryptographic Keys from .NET Applications
In the absence of specialized encryption hardware,cryptographic operations must be performed in main memory.As such,it is common place for cyber criminals to examine the content of main memory with a view to retrieving high-value data in plaintext form and/or the associated decryption key.In this paper,the author presents a number of simple methods for identifying and extracting cryptographic keys from memory dumps of software applications that utilize the Microsoft .NET Framework,as well as sourcecode level countermeasures to protect against same.Given the EXE file of an application and a basic knowledge of the cryptographic libraries utilized in the .NET Framework,the author shows how to create a memory dump of a running application and how to extract cryptographic keys from same using WinDBG - without any prior knowledge of the cryptographic key utilized.Whilst the proof-of-concept application utilized as part of this paper uses an implementation of the DES cipher,it should be noted that the steps shown can be utilized against all three generations of symmetric and asymmetric ciphers supported within the .NET Framework.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
