Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/deltatecs/voses

Volatile Secret Searcher - massively parallel, brute force memory dump analysis for (D)TLS secret extraction
https://github.com/deltatecs/voses

cuda memory-hacking reverse-engineering tls

Last synced: 7 months ago
JSON representation

Volatile Secret Searcher - massively parallel, brute force memory dump analysis for (D)TLS secret extraction

Awesome Lists containing this project

README 

          
# VoSeS

Volatile Secret Searcher - massively parallel, brute force memory dump analysis for (D)TLS 1.2 secret extraction



You have:

- A wireshark capture file of application traffic

- A memory dump of the machine that was made while the application ran

and you want to decrypt the application traffic?



Then this tool works for you. Requirements:

- CUDA capable device * happy jensen noises *

- the traffic must be encrypted with tls 1.2 or dtls 1.2

- this tool supports only GCM_AES_128_SHA_256 and GCM_AES_256_SHA_384 encryption



Compile on windows:

1. `mkdir build`

2. `cd build`

3. `cmake ..`

4. `cmake --build .`



Run:

```

voses.exe

  --client_random|-cr <32-byte hex>

  --server_random|-sr <32-byte hex>

  --client_finished|-cf 

  --algorithm|-a 

  --haystack|-h   (memory dump file path)

  [--entropy|-e ]

  [--entropy-scan|-es]

```



set entropy to a different filter value if you like. scan will show you how many 48 byte locations match your filter.



When a master secret matching your randoms and cipher text is found it will be printed in a format that can be read by wireshark as a master secret log file.



This tool uses a custom cuda port based on the AES implementation of https://github.com/kokke/tiny-AES-c