Hi list, WireGuard does not provide a userspace interface for getting transport data session keys, or ephemeral handshake keys. This is by design. No backdoors!
However, Peter (CC'd) wants to write a Wireshark dissector, so we've made a little kprobe-based utility to extract just the minimal amount of cryptographic information from the kernel upon a certain event, and then this information can be combined with information gathered over the wire from packets in order to derive every secret used by the system and decrypt all packets. We first determine struct offsets using offset-finder [1]. This exploit-trick is first compiled using the kernel toolchain, and then compiled again using the normal toolchain, and then the two object files are linked together [2] and the result prints the struct offsets. Fortunately these will be stable offsets because they're not dependent on kernel config values or weird types. Next we install kprobes on one particular function using extract-handshakes.sh [3], which then starts dumping output from that probe and writing it to standard out in base64 format. >From quick tests, this all is quite reliable. For a few days, I'll run a simple netcat server on demo.wireguard.com. Try typing `nc demo.wireguard.com 58812` and then connecting to the demo box like usual. Basically, it's every cryptographer's girlfriend Eve's wildest fantasy. All of the key compromises all of the time! Code lives here: https://git.zx2c4.com/WireGuard/tree/contrib/examples/extract-handshakes Enjoy! Jason [1] https://git.zx2c4.com/WireGuard/tree/contrib/examples/extract-handshakes/offset-finder.c [2] https://git.zx2c4.com/WireGuard/tree/contrib/examples/extract-handshakes/Makefile [3] https://git.zx2c4.com/WireGuard/tree/contrib/examples/extract-handshakes/extract-handshakes.sh _______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
