WangYihang · September 1, 2021 05:59
diff --git a/openssl-keylog-dumper.py b/openssl-keylog-dumper.py
 from __future__ import print_function
 import frida
 import sys

 device = frida.get_device_manager().add_remote_device('127.0.0.1:27042')
 session = device.attach(int(sys.argv[1]))

 code = '''
 Interceptor.attach(Module.findExportByName("libssl-ws.so", "tls1_setup_key_block"), {
    onEnter: function(args) {
 	var s = args[0];
 	var s3 = ptr(ptr(s.add(128)).readU64());
        var session = ptr(ptr(s.add(304)).readU64())
 	var server_random_ptr = s3.add(0xA4);
 	var server_random = server_random_ptr.readByteArray(0x20);
 	var client_random_ptr = s3.add(0xC4);
 	var client_random = client_random_ptr.readByteArray(0x20);
 	var master_key_ptr = session.add(0x14);
        var master_key_length = session.add(0x10).readU32();
 	var master_key = master_key_ptr.readByteArray(master_key_length);
 	console.log('server_random:', hexdump(server_random));
 	console.log('client_random:', hexdump(client_random));
 	console.log('master_key:', hexdump(master_key));
        var data = {
 	    'cr': new Uint8Array(client_random),
 	    'sr': new Uint8Array(server_random),
 	    'mk': new Uint8Array(master_key),
 	};
        send(data);
    }
 });
 '''

 script = session.create_script(code)
 def on_message(message, data):
    payload = message["payload"]
    client_random = bytes([v for k, v in payload["cr"].items()]).hex().upper()
    master_key = bytes([v for k, v in payload["mk"].items()]).hex().upper()
    with open("keylog.txt", "a+") as f:
        content = "CLIENT_RANDOM {} {}".format(client_random, master_key)
        print(content)
        f.write(content)
        f.write("\n")

 script.on('message', on_message)
 script.load()
 sys.stdin.read()
	from __future__ import print_function
	import frida
	import sys

	device = frida.get_device_manager().add_remote_device('127.0.0.1:27042')
	session = device.attach(int(sys.argv[1]))

	code = '''
	Interceptor.attach(Module.findExportByName("libssl-ws.so", "tls1_setup_key_block"), {
	onEnter: function(args) {
	var s = args[0];
	var s3 = ptr(ptr(s.add(128)).readU64());
	var session = ptr(ptr(s.add(304)).readU64())
	var server_random_ptr = s3.add(0xA4);
	var server_random = server_random_ptr.readByteArray(0x20);
	var client_random_ptr = s3.add(0xC4);
	var client_random = client_random_ptr.readByteArray(0x20);
	var master_key_ptr = session.add(0x14);
	var master_key_length = session.add(0x10).readU32();
	var master_key = master_key_ptr.readByteArray(master_key_length);
	console.log('server_random:', hexdump(server_random));
	console.log('client_random:', hexdump(client_random));
	console.log('master_key:', hexdump(master_key));
	var data = {
	'cr': new Uint8Array(client_random),
	'sr': new Uint8Array(server_random),
	'mk': new Uint8Array(master_key),
	};
	send(data);
	}
	});
	'''

	script = session.create_script(code)
	def on_message(message, data):
	payload = message["payload"]
	client_random = bytes([v for k, v in payload["cr"].items()]).hex().upper()
	master_key = bytes([v for k, v in payload["mk"].items()]).hex().upper()
	with open("keylog.txt", "a+") as f:
	content = "CLIENT_RANDOM {} {}".format(client_random, master_key)
	print(content)
	f.write(content)
	f.write("\n")

	script.on('message', on_message)
	script.load()
	sys.stdin.read()