Page 1 of 2 12 LastLast
Results 1 to 15 of 16

Thread: how does certificate generation work ?

  1. #1

    how does certificate generation work ?

    how can we generate a key file to a certificate already made
    actually is the process used to generate cert from a key file reversible
    this kind of protection is used in signing a symbian sis file


    certificate i really want to reverse is sha1rsa
    Last edited by p_2001; December 7th, 2008 at 07:12.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    How about YOU do some of you own basic research as you are directed by the FAQ to do yourself. You DID READ THE FAQ, didn't you? You DID notice the BIG RED LETTERS at the top of the FORUMS on your way in!

    How about YOU put something like:

    reverse sha1rsa

    and/or

    reversing sha1rsa

    into YOUR favorite search engine and YOU read some of the information YOU will find. Once YOU do that, as is required, YOU will have a better idea of the possibilities and will not look like someone who is too lazy to do even the minimum required by our Rules.


    Regards,
    JMI

  3. #3
    AND.... another one bites the dust.

    Doubtful we'll ever see him/her again...

    Have Phun
    Blame Microsoft, get l337 !!

  4. #4
    Registered User upb's Avatar
    Join Date
    May 2003
    Posts
    50
    Blog Entries
    4
    generating a key for a ceritifacate is very different from reversing sha1rsa so the help you gave doesnt really work :P
    “The key to understanding complicated things is to know what not to look at and what not to compute and what not to think.”

  5. #5
    well i have googled a lot and never found any thing at all
    my motive is to create a key for a certificate which is already generated and i dont have a key of

    i did google it before any post , yet failed to get a result ........

    simply answer it that is it really possible to generate a key from a certificate ..... ( without taking many years )

    i really promise that i have used google upto about 20 pages and did not find a solution
    Last edited by p_2001; March 12th, 2009 at 10:40.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    It's theoretically impossible to derive a private key from the public key embedded in the certificate, even though the keys are somewhat related and it's possible to find the public key from the private.

    --UPDATE--
    Btw, I forgot to mention there are a few factors that can make the RSA easily broken. Of the top of my head:
    - If the primes, p and q, are not large enough;
    - If the primes, p and q, are relatively close to each other (even if they are very big numbers);
    - The current standard states that the key length must be 2048bits, so I guess that any lower length must be somewhat breakable by BF.
    I'm sure there are some more ways of attacking the cipher, but these are the ones I can recall. Just search for RSA Security.
    A good site to search for attacking vectors on ciphers is Google Scholar. There are plenty of research papers written about the matter.
    -----------

    regards,
    r3aper
    Last edited by r3aper; March 12th, 2009 at 18:29. Reason: Update info on RSA Attacks

  7. #7
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Posts
    1,281
    If you're looking for a tool to brute force the private key, you can use http://quequero.org/uicwiki/images/RSATool2.rar

  8. #8
    there are certs already stored in a symbian phone
    the device and the signing tool check if the key used is correct or not .... thus my logic is that if i m able to generate a key which "fits" my certificate , then i can i can sign any app which i develop and wont need the symbian signed every time . there must be a way that is used by a device to recognize the key used , so i just need to fool it .
    the key length is 1024 bits
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  9. #9
    Why don't you replace the public key in the certificate (assuming the public key is not used for encrypting the soft) with the one generate from YOUR own keypair... Then decrypt using YOUR own private key?

    Or maybe I've hit the bottle once too many, heh!

    Have Phun
    Blame Microsoft, get l337 !!

  10. #10
    Aimless, I suppose that wouldn't work. I think you cannot change the public key from the root certificates, even if you did the certificate signature would appear invalid!

    Quote Originally Posted by "P_2001" View Post
    thus my logic is that if i m able to generate a key which "fits" my certificate , then i can i can sign any app which i develop and wont need the symbian signed every time . there must be a way that is used by a device to recognize the key used , so i just need to fool it .
    Easier said than done!
    When you sign an application, the mobile device will check with it's certificates trying to validate the signature. So if the private key used to sign the application can't be related to any of the public keys of the certificates stored in the mobile device, the application is flagged as invalid.
    So you would have to get a certificate from some CA which has a chain linked to any other CA which already have a certificate on your device (the so-called root certificates) (actually this process is what you do using symbian signed).

    Bottom line is, if you want to sign your application with your keys and don't want to get a certificate from any CA, you have to generate a self-signed certificate, this is possible with tools like openssl, then you would have to insert that certificate on your mobile device as a root certificate and that's the hard part.

    How you insert a certificate as root on your mobile device that's something you must research, can't help you there, but I'm guessing if it's possible is via some exploit.

    cheers,
    r3aper

  11. #11
    yes
    thats the only way right now available ...
    we make a cert using openssl and then use exploits to place them in resource folders in the memory

    now what i wanted was , that i copied a rootcert from my phones rom , but i dont have the key to it ..

    so , i wanted to forge a key for the cert ....

    actually , i have difficulty understanding the verification method used by phone to verify the key.

    since it only has the public key that is placed in cert file ..... how does it verifies
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  12. #12
    The Certificate, in it's most basic form, is composed by a Public Key, user identity (which is irrelevant in this case) and a Digital Signature.

    As I told you before in my first post, the relation between the Public Key and the Private Key is purely mathematical and it's made in such a way that is trivial to relate both keys. Nevertheless it is impossible (unless the generated parameters of RSA are weak) to derive the Public Key from the Private Key.

    So if you sign something with a Private Key the mobile device just needs to do some computation with the Public Key to verify the validity of the content. So the device doesn't really care about the Private Key.

    Now you can try to do what Aimless told you, you generate a KeyPair and substitute the Public Key of the certificate with your own. But then you would have also to replace the Digital Signature, which I guess from your first post is SHA-1. So you hash the whole new certificate and voilà you have a new Digital Signature.

    But then again you would have to exploit the mobile device to add this new certificate, so I don't know why you would want to modify an existing certificate as opposed to create a new one, if the end result is the same.

    regards,
    r3aper

  13. #13
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Posts
    1,281
    Too bad about your Symbian phone... it's ridiculously easy to install new root certificates on Windows Mobile devices: http://support.microsoft.com/kb/915840

  14. #14
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Posts
    1,281
    Actually, did you even try to search for this info for Symbian? It looks rather painless to install a new root cert on Symbian: http://www.google.com/search?q=symbian+%22root+certificate%22+import+OR+install

  15. #15
    well...... no it isnt easy .....
    nokia doesnt allow it . u cannot store ur own root certs ... ( only by using exploits ..... which are eventually closed in upgrades and new devices )

    the exploits we use break the warranty .... * imagine damaging ur screen and now u r unable to remove the certs u installed by exploits because u cannot see the screen at all *

    i wanted to create a valid key for existing cert found in the rom and sign app with it .. ( no warranty broken )

    also if anyone wants to distribute their app as freeware they have to get a publisher i d for $ 200 and then go through testing app for $20
    when the app is free why is symbiansigned bothered with money ( only to destroy freeware ) ...
    also there are cool apps developed by people which are free (and apps which are not free are hyped and overpriced and have lesser functionality in some cases ) but are limited to a single imei , or the user must sign it himself ....( most are noobs ) and dont understand even the meaning of signing ....... ( scares them away )

    while i bought a phone why a part of it is locked by ......... ( its not theirs anymore since i bought and i must be free to do anything i want to )
    on name of virus protection ( by signing process ) they are shielding their inept protections against cracking of an app
    and also killing freeware ( win win condition @ our money )

    and i really promise i did search google about placing a rootcert in nokia

    ( there are entire forums based on using exploits to hack a phone )
    till date hacks are available ( one is no longer valid , fixed by .......) .
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Key generation
    By rebx in forum The Newbie Forum
    Replies: 4
    Last Post: December 17th, 2011, 12:46
  2. License generation WLSCGEN
    By calvin in forum The Newbie Forum
    Replies: 0
    Last Post: March 2nd, 2010, 04:38
  3. ImageRemCert - Removes certificate from PE image.
    By Jupiter in forum Blogs Forum
    Replies: 4
    Last Post: January 4th, 2008, 10:18
  4. FlexLM license generation
    By Killer_l00p in forum Malware Analysis and Unpacking Forum
    Replies: 2
    Last Post: June 18th, 2001, 13:14
  5. FlexLM license generation
    By Killer_l00p in forum Malware Analysis and Unpacking Forum
    Replies: 0
    Last Post: June 15th, 2001, 05:30

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •