Last active
August 29, 2015 14:15
-
-
Save nekoruri/a41657d4479b0301be38 to your computer and use it in GitHub Desktop.
superfish
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SuperfishのCA証明書 | |
| % cat superfish_ca.pem | |
| -----BEGIN CERTIFICATE----- | |
| MIIC9TCCAl6gAwIBAgIJANL8E4epRNznMA0GCSqGSIb3DQEBBQUAMFsxGDAWBgNV | |
| BAoTD1N1cGVyZmlzaCwgSW5jLjELMAkGA1UEBxMCU0YxCzAJBgNVBAgTAkNBMQsw | |
| CQYDVQQGEwJVUzEYMBYGA1UEAxMPU3VwZXJmaXNoLCBJbmMuMB4XDTE0MDUxMjE2 | |
| MjUyNloXDTM0MDUwNzE2MjUyNlowWzEYMBYGA1UEChMPU3VwZXJmaXNoLCBJbmMu | |
| MQswCQYDVQQHEwJTRjELMAkGA1UECBMCQ0ExCzAJBgNVBAYTAlVTMRgwFgYDVQQD | |
| Ew9TdXBlcmZpc2gsIEluYy4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOjz | |
| Shh2Xxk/sc9Y6X9DBwmVgDXFD/5xMSeBmRImIKXfj2r8QlU57gk4idngNsSsAYJb | |
| 1Tnm+Y8HiN/+7vahFM6pdEXY/fAXVyqC4XouEpNarIrXFWPRt5tVgA9YvBxJ7SBi | |
| 3bZMpTrrHD2g/3pxptMQeDOuS8Ic/ZJKocPnQaQtAgMBAAGjgcAwgb0wDAYDVR0T | |
| BAUwAwEB/zAdBgNVHQ4EFgQU+5izU38URC7o7tUJml4OVoaoNYgwgY0GA1UdIwSB | |
| hTCBgoAU+5izU38URC7o7tUJml4OVoaoNYihX6RdMFsxGDAWBgNVBAoTD1N1cGVy | |
| ZmlzaCwgSW5jLjELMAkGA1UEBxMCU0YxCzAJBgNVBAgTAkNBMQswCQYDVQQGEwJV | |
| UzEYMBYGA1UEAxMPU3VwZXJmaXNoLCBJbmMuggkA0vwTh6lE3OcwDQYJKoZIhvcN | |
| AQEFBQADgYEApHyg7ApKx3DEcWjzOyLi3JyN0JL+c35yK1VEmxu0Qusfr76645Oj | |
| 1IsYwpTws6a9ZTRMzST4GQvFFQra81eLqYbPbMPuhC+FCxkUF5i0DNSWi+kczJXJ | |
| TtCqSwGl9t9JEoFqvtW+znZ9TqyLiOMw7TGEUI+88VAqW0qmXnwPcfo= | |
| -----END CERTIFICATE----- | |
| # 上記で署名された証明書っぽいやつ | |
| # http://pastebin.com/hJvXCFQP | |
| # 現時点でfakehost.lenovo.comというサイトは無いので、Superfishの通常の使い方の範疇ではこの証明書は発行されないはず。 | |
| % openssl x509 -in faked.pem -text | |
| Certificate: | |
| Data: | |
| Version: 1 (0x0) | |
| Serial Number: | |
| 95:37:4e:b4:60:08:7a:e3 | |
| Signature Algorithm: sha256WithRSAEncryption | |
| Issuer: O=Superfish, Inc., L=SF, ST=CA, C=US, CN=Superfish, Inc. | |
| Validity | |
| Not Before: Feb 19 10:25:50 2015 GMT | |
| Not After : Mar 21 10:25:50 2015 GMT | |
| Subject: C=CN, ST=Some-State, O=Lenovo, CN=fakehost.lenovo.com | |
| Subject Public Key Info: | |
| Public Key Algorithm: rsaEncryption | |
| RSA Public Key: (2048 bit) | |
| Modulus (2048 bit): | |
| 00:bf:4f:1b:fa:c8:66:03:6f:b9:da:83:1f:d2:cf: | |
| 1b:2a:52:32:4e:a6:c4:45:c1:9c:9a:2d:7d:5b:97: | |
| 48:a9:58:14:cc:56:60:92:af:45:e2:19:ef:ab:1e: | |
| 13:1e:d6:5b:d0:e3:a6:f0:1f:d4:de:a4:13:02:32: | |
| 81:e2:02:0d:89:45:d6:14:d8:a9:fc:c8:d5:7d:bb: | |
| aa:78:23:7b:f8:22:6e:4d:dc:40:c3:cd:c6:2c:78: | |
| 65:0f:8f:b1:ea:42:6b:9d:ca:88:b6:d0:33:57:dd: | |
| 6b:7a:91:49:4a:0b:3e:d8:5f:df:dc:dc:96:a2:6f: | |
| 9c:14:17:bb:47:8e:f6:9b:aa:17:3c:71:c8:63:34: | |
| 5e:1b:c2:2f:9a:7e:66:aa:3b:a7:1f:5e:7e:f1:f4: | |
| 22:88:38:57:8f:42:60:8c:db:9e:2e:d1:0b:32:53: | |
| b3:7a:e2:27:dc:2b:a5:7c:8f:10:67:69:c2:07:10: | |
| 27:47:2f:88:c4:94:32:12:3c:fa:8f:a5:dd:68:db: | |
| 8b:ab:d2:e5:1e:9d:0d:ed:6a:1d:c4:20:71:00:fe: | |
| 65:42:a7:9e:c8:df:04:56:80:3c:da:6a:1a:d7:25: | |
| 80:20:b7:e7:9a:c8:dc:22:56:b9:06:b8:93:b1:5f: | |
| e4:f4:ad:2f:24:da:6b:9f:eb:83:6f:09:e5:e1:b5: | |
| eb:35 | |
| Exponent: 65537 (0x10001) | |
| Signature Algorithm: sha256WithRSAEncryption | |
| 49:dd:2b:75:36:9b:90:a4:73:a3:cc:89:bf:b6:70:74:75:35: | |
| 15:b7:b9:f0:3b:06:2e:c7:e6:ed:f4:ca:34:a9:6b:39:2f:9d: | |
| 1c:bc:2c:b4:dc:57:ed:73:61:06:04:03:71:b1:7b:b9:dc:b1: | |
| 0c:19:7c:6a:55:1a:40:89:16:8d:54:0c:a9:e3:c2:dd:8a:2b: | |
| d0:76:f2:ab:4f:88:13:e4:1a:0b:7e:d1:c1:82:3c:d0:89:06: | |
| cf:08:e0:c7:cc:51:47:78:39:b0:5d:06:42:5a:72:a8:79:48: | |
| cc:7f:f3:98:4e:30:4b:9f:14:11:09:94:61:e8:06:ca:74:53: | |
| 7e:16 | |
| -----BEGIN CERTIFICATE----- | |
| MIICpzCCAhACCQCVN060YAh64zANBgkqhkiG9w0BAQsFADBbMRgwFgYDVQQKEw9T | |
| dXBlcmZpc2gsIEluYy4xCzAJBgNVBAcTAlNGMQswCQYDVQQIEwJDQTELMAkGA1UE | |
| BhMCVVMxGDAWBgNVBAMTD1N1cGVyZmlzaCwgSW5jLjAeFw0xNTAyMTkxMDI1NTBa | |
| Fw0xNTAzMjExMDI1NTBaMFExCzAJBgNVBAYTAkNOMRMwEQYDVQQIDApTb21lLVN0 | |
| YXRlMQ8wDQYDVQQKDAZMZW5vdm8xHDAaBgNVBAMME2Zha2Vob3N0Lmxlbm92by5j | |
| b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/Txv6yGYDb7nagx/S | |
| zxsqUjJOpsRFwZyaLX1bl0ipWBTMVmCSr0XiGe+rHhMe1lvQ46bwH9TepBMCMoHi | |
| Ag2JRdYU2Kn8yNV9u6p4I3v4Im5N3EDDzcYseGUPj7HqQmudyoi20DNX3Wt6kUlK | |
| Cz7YX9/c3Jaib5wUF7tHjvabqhc8cchjNF4bwi+afmaqO6cfXn7x9CKIOFePQmCM | |
| 254u0QsyU7N64ifcK6V8jxBnacIHECdHL4jElDISPPqPpd1o24ur0uUenQ3tah3E | |
| IHEA/mVCp57I3wRWgDzaahrXJYAgt+eayNwiVrkGuJOxX+T0rS8k2muf64NvCeXh | |
| tes1AgMBAAEwDQYJKoZIhvcNAQELBQADgYEASd0rdTabkKRzo8yJv7ZwdHU1Fbe5 | |
| 8DsGLsfm7fTKNKlrOS+dHLwstNxX7XNhBgQDcbF7udyxDBl8alUaQIkWjVQMqePC | |
| 3Yor0Hbyq0+IE+QaC37RwYI80IkGzwjgx8xRR3g5sF0GQlpyqHlIzH/zmE4wS58U | |
| EQmUYegGynRTfhY= | |
| -----END CERTIFICATE----- | |
| # 検証してみる | |
| % openssl verify -verbose -CAfile superfish_ca.pem faked.pem | |
| fakeroot.pem: OK | |
| # やった! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://twitter.com/supersat/status/568372787196243968
https://www.canibesuperphished.com/
としてSuperfish署名のサイトができているので、
上記のSuperfishを騙して証明書を発行させる手法では無い事を確認。
というわけで、ほぼSuperfish CAのルート証明書秘密鍵は漏洩しているとみて良さそう。