{"id":37167163,"url":"https://github.com/cyberdefenseinstitute/tpmproxy","last_synced_at":"2026-01-14T19:47:37.717Z","repository":{"id":257811064,"uuid":"859669895","full_name":"CyberDefenseInstitute/tpmproxy","owner":"CyberDefenseInstitute","description":"An Library to assist in TPM communication capture and tampering","archived":false,"fork":false,"pushed_at":"2024-10-17T05:01:21.000Z","size":239,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"main","last_synced_at":"2024-10-19T07:16:27.445Z","etag":null,"topics":["packet-capture","qemu","reverse-engineering","swtpm","tpm2"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CyberDefenseInstitute.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-09-19T04:35:41.000Z","updated_at":"2024-10-17T05:01:25.000Z","dependencies_parsed_at":"2024-10-05T20:55:38.375Z","dependency_job_id":null,"html_url":"https://github.com/CyberDefenseInstitute/tpmproxy","commit_stats":null,"previous_names":["cyberdefenseinstitute/tpmproxy"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/CyberDefenseInstitute/tpmproxy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberDefenseInstitute%2Ftpmproxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberDefenseInstitute%2Ftpmproxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberDefenseInstitute%2Ftpmproxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberDefenseInstitute%2Ftpmproxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CyberDefenseInstitute","download_url":"https://codeload.github.com/CyberDefenseInstitute/tpmproxy/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberDefenseInstitute%2Ftpmproxy/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28432911,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T18:57:19.464Z","status":"ssl_error","status_checked_at":"2026-01-14T18:52:48.501Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["packet-capture","qemu","reverse-engineering","swtpm","tpm2"],"created_at":"2026-01-14T19:47:36.987Z","updated_at":"2026-01-14T19:47:37.697Z","avatar_url":"https://github.com/CyberDefenseInstitute.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# TPMProxy\n\nTPMProxy is a library that proxies TPM communications, makes them analyzable, and supports tampering.\nIt also provides several tools as usage examples of the library.\n\n## Disclaimer\n\nThe purpose of TPMProxy is to support TPM application development and security research.\nTPMProxy intentionally lowers security for communication analysis.\nDo not use in a production environment.\n\n## Features\n\nAll features are available only on Linux. Windows and Mac are not supported.\n\n* Proxy the UNIX domain socket communication between [QEMU](https://www.qemu.org/) and [SWTPM](https://github.com/stefanberger/swtpm) to TCP communication, making it analyzable with [Wireshark](https://www.wireshark.org/).\n* Assist in analyzing TPM commands and responses using [Go-TPM](https://github.com/google/go-tpm). Currently, this feature is limited, but it allows for more detailed parameter analysis than Wireshark.\n* Support the tampering of TPM commands and responses. You need to implement the tampering program yourself.\n* Create a virtual TPM device using [CUSE(libfuse)](https://github.com/libfuse/libfuse) and pass through to the actual TPM. It allows to analyze the communication to the actual TPM with Wireshark, analyze it with Go-TPM, and tamper with it.\n\n## Usage example\n\n```\n$ swtpm socket --tpmstate dir=path/to/state --tpm2 --server port=2321 --ctrl type=tcp,port=2322\n$ go run github.com/CyberDefenseInstitute/tpmproxy/example/qemu_swtpm_dissect@latest\n$ qemu-system-x86_64 \\\n    ...options... \\\n    -chardev socket,id=chrtpm,path=/tmp/qemu_swtpm_fwd.sock \\\n    -tpmdev emulator,id=tpm0,chardev=chrtpm \\\n    -device tpm-tis,tpmdev=tpm0\n```\n\n![dissect](img/dissect.webp)\n\n![tamper](img/tamper.webp)\n\n## More detailed usage examples (blog posts)\n\n* [Capturing and Tampering TPM Communication in Windows Virtual Machines](https://io.cyberdefense.jp/en/entry/capturing-and-tampering-tpm-communication-in-windows-virtual-machines/)\n* [Experience Stealing BitLocker Keys from TPM Communication and Decrypting an Encrypted Volume Using an Emulator](https://io.cyberdefense.jp/en/entry/experience-stealing-bitlocker-keys-from-tpm-communication-and-decrypting-an-encrypted-volume-using-an-emulator/)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyberdefenseinstitute%2Ftpmproxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcyberdefenseinstitute%2Ftpmproxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyberdefenseinstitute%2Ftpmproxy/lists"}