Content management system 识别未知的ASN.1对象
我们在可执行文件中搜索DER编码序列。在对这些看起来像是有效的DER编码数据的数据进行切磋之后,我们想分析它们是如何使用的 X.509证书和CMS对象很容易识别(因为我们知道它们),但我们也发现了有效的编码,从中我们无法判断它们的用途 例如,看一下openssl asn1parse(…)的以下输出:Content management system 识别未知的ASN.1对象,content-management-system,analysis,x509,asn.1,der,Content Management System,Analysis,X509,Asn.1,Der,我们在可执行文件中搜索DER编码序列。在对这些看起来像是有效的DER编码数据的数据进行切磋之后,我们想分析它们是如何使用的 X.509证书和CMS对象很容易识别(因为我们知道它们),但我们也发现了有效的编码,从中我们无法判断它们的用途 例如,看一下openssl asn1parse(…)的以下输出: 0:d=0 hl=4 l=1804 cons:SEQUENCE 4:d=1 hl=2 l=1初始值:整数:03 7:d=1 hl=4 l=1797 cons:序列 11:d=2 hl=2 l=20
0:d=0 hl=4 l=1804 cons:SEQUENCE
4:d=1 hl=2 l=1初始值:整数:03
7:d=1 hl=4 l=1797 cons:序列
11:d=2 hl=2 l=20 cons:序列
13:d=3 hl=2 l=8主要目标:des-ede3-cbc
23:d=3 hl=2 l=8原始值:八位字节字符串[十六进制转储]:0000000000000000
33:d=2 hl=2 l=3初始值:可打印字符串:
38:d=2 hl=2 l=13初始时间:
53:d=2 hl=2 l=1初始值:整数:01
56:d=2 hl=4 l=1748 cons:设置
60:d=3 hl=4 l=830 cons:序列
64:d=4 hl=2 l=6 prim:PRINTABLESTRING:PKRoot
72:d=4 hl=2 l=13初始时间:
87:d=4 hl=2 l=5初始:对象:1.3.36.2.5.1
94:d=4 hl=4 l=796 cons:序列
98:d=5 hl=2 l=69 cons:序列
100:d=6 hl=2 l=11 cons:设置
102:d=7 hl=2 l=9 cons:序列
104:d=8 hl=2 l=3 prim:OBJECT:countryName
109:d=8 hl=2 l=2 prim:PRINTABLESTRING:
113:d=6 hl=2 l=31 cons:设置
115:d=7 hl=2 l=29 cons:序列
117:d=8 hl=2 l=3 prim:OBJECT:organizationName
122:d=8 hl=2 l=22初始值:可打印字符串:
146:d=6 hl=2 l=21 cons:设置
148:d=7 hl=2 l=19 cons:序列
150:d=8 hl=2 l=3 prim:OBJECT:commonName
155:d=8 hl=2 l=12初始值:可打印字符串:
169:d=5 hl=4 l=614 cons:序列
173:d=6 hl=2 l=3 cons:cont[0]
175:d=7 hl=2 l=1初始值:整数:02
178:d=6 hl=2 l=1初始值:整数:00
181:d=6 hl=4 l=290 cons:序列
185:d=7 hl=2 l=13 cons:序列
187:d=8 hl=2 l=9原始:对象:RSA加密
198:d=8 hl=2 l=0初始值:空
200:d=7 hl=4 l=271原始:位字符串
475:d=6 hl=2 l=32 cons:cont[1]
477:d=7 hl=2 l=30 cons:序列
479:d=8 hl=2 l=13初始时间:
494:d=8 hl=2 l=13初始时间:
509:d=6 hl=2 l=15 cons:cont[2]
511:d=7 hl=2 l=13 cons:序列
513:d=8 hl=2 l=9原始:对象:SHA256WithRSA加密
524:d=8 hl=2 l=0初始值:空
526:d=6 hl=4 l=257原始:位字符串
787:d=5 hl=2 l=105 cons:cont[0]
789:d=6 hl=2 l=103 cons:序列
791:d=7 hl=2 l=15 cons:序列
793:d=8 hl=2 l=3原始:对象:X509v3基本约束
798:d=8 hl=2 l=1 prim:BOOLEAN:255
801:d=8 hl=2 l=5原始:八位字节字符串[十六进制转储]:
808:d=7 hl=2 l=37 cons:序列
810:d=8 hl=2 l=3原始:对象:X509v3受试者备选名称
815:d=8 hl=2 l=30原始:八位字节字符串[十六进制转储]:
847:d=7 hl=2 l=14 cons:序列
849:d=8 hl=2 l=3 prim:OBJECT:X509v3密钥用法
854:d=8 hl=2 l=1基本值:布尔值:255
857:d=8 hl=2 l=4原始:八位字节字符串[十六进制转储]:
863:d=7 hl=2 l=29 cons:序列
865:d=8 hl=2 l=3 prim:OBJECT:X509v3主题密钥标识符
870:d=8 hl=2 l=22原始:八位字节字符串[十六进制转储]:
894:d=3 hl=4 l=910 cons:序列
898:d=4 hl=2 l=4原始:可打印字符串:证书
904:d=4 hl=2 l=13初始时间:
919:d=4 hl=2 l=5初始:对象:1.3.36.2.1.3
926:d=4 hl=4 l=878 cons:序列
930:d=5 hl=4 l=598 cons:序列
934:d=6 hl=2 l=3 cons:cont[0]
936:d=7 hl=2 l=1初始值:整数:02
939:d=6 hl=2 l=1初始值:整数:00
942:d=6 hl=2 l=13 cons:序列
944:d=7 hl=2 l=9 prim:OBJECT:sha256带rsa加密
955:d=7 hl=2 l=0初始值:空
957:d=6 hl=2 l=69 cons:序列
959:d=7 hl=2 l=11 cons:设置
961:d=8 hl=2 l=9 cons:序列
963:d=9 hl=2 l=3 prim:OBJECT:countryName
968:d=9 hl=2 l=2 prim:PRINTABLESTRING:
972:d=7 hl=2 l=31 cons:SET
974:d=8 hl=2 l=29 cons:序列
976:d=9 hl=2 l=3 prim:OBJECT:organizationName
981:d=9 hl=2 l=22初始值:可打印字符串:
1005:d=7 hl=2 l=21 cons:设置
1007:d=8 hl=2 l=19 cons:序列
1009:d=9 hl=2 l=3 prim:OBJECT:commonName
1014:d=9 hl=2 l=12初始值:可打印字符串:
1028:d=6 hl=2 l=30 cons:序列
1030:d=7 hl=2 l=13初始时间:
1045:d=7 hl=2 l=13初始时间:
1060:d=6 hl=2 l=69 cons:序列
1062:d=7 hl=2 l=11 cons:设置
1064:d=8 hl=2 l=9 cons:序列
1066:d=9 hl=2 l=3原始:对象:countryNa
0:d=0 hl=4 l=1804 cons: SEQUENCE
4:d=1 hl=2 l= 1 prim: INTEGER :03
7:d=1 hl=4 l=1797 cons: SEQUENCE
11:d=2 hl=2 l= 20 cons: SEQUENCE
13:d=3 hl=2 l= 8 prim: OBJECT :des-ede3-cbc
23:d=3 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:0000000000000000
33:d=2 hl=2 l= 3 prim: PRINTABLESTRING :<OMITTED>
38:d=2 hl=2 l= 13 prim: UTCTIME :<OMITTED>
53:d=2 hl=2 l= 1 prim: INTEGER :01
56:d=2 hl=4 l=1748 cons: SET
60:d=3 hl=4 l= 830 cons: SEQUENCE
64:d=4 hl=2 l= 6 prim: PRINTABLESTRING :PKRoot
72:d=4 hl=2 l= 13 prim: UTCTIME :<OMITTED>
87:d=4 hl=2 l= 5 prim: OBJECT :1.3.36.2.5.1
94:d=4 hl=4 l= 796 cons: SEQUENCE
98:d=5 hl=2 l= 69 cons: SEQUENCE
100:d=6 hl=2 l= 11 cons: SET
102:d=7 hl=2 l= 9 cons: SEQUENCE
104:d=8 hl=2 l= 3 prim: OBJECT :countryName
109:d=8 hl=2 l= 2 prim: PRINTABLESTRING :<OMITTED>
113:d=6 hl=2 l= 31 cons: SET
115:d=7 hl=2 l= 29 cons: SEQUENCE
117:d=8 hl=2 l= 3 prim: OBJECT :organizationName
122:d=8 hl=2 l= 22 prim: PRINTABLESTRING :<OMITTED>
146:d=6 hl=2 l= 21 cons: SET
148:d=7 hl=2 l= 19 cons: SEQUENCE
150:d=8 hl=2 l= 3 prim: OBJECT :commonName
155:d=8 hl=2 l= 12 prim: PRINTABLESTRING :<OMITTED>
169:d=5 hl=4 l= 614 cons: SEQUENCE
173:d=6 hl=2 l= 3 cons: cont [ 0 ]
175:d=7 hl=2 l= 1 prim: INTEGER :02
178:d=6 hl=2 l= 1 prim: INTEGER :00
181:d=6 hl=4 l= 290 cons: SEQUENCE
185:d=7 hl=2 l= 13 cons: SEQUENCE
187:d=8 hl=2 l= 9 prim: OBJECT :rsaEncryption
198:d=8 hl=2 l= 0 prim: NULL
200:d=7 hl=4 l= 271 prim: BIT STRING
475:d=6 hl=2 l= 32 cons: cont [ 1 ]
477:d=7 hl=2 l= 30 cons: SEQUENCE
479:d=8 hl=2 l= 13 prim: UTCTIME :<OMITTED>
494:d=8 hl=2 l= 13 prim: UTCTIME :<OMITTED>
509:d=6 hl=2 l= 15 cons: cont [ 2 ]
511:d=7 hl=2 l= 13 cons: SEQUENCE
513:d=8 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
524:d=8 hl=2 l= 0 prim: NULL
526:d=6 hl=4 l= 257 prim: BIT STRING
787:d=5 hl=2 l= 105 cons: cont [ 0 ]
789:d=6 hl=2 l= 103 cons: SEQUENCE
791:d=7 hl=2 l= 15 cons: SEQUENCE
793:d=8 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
798:d=8 hl=2 l= 1 prim: BOOLEAN :255
801:d=8 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:<OMITTED>
808:d=7 hl=2 l= 37 cons: SEQUENCE
810:d=8 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name
815:d=8 hl=2 l= 30 prim: OCTET STRING [HEX DUMP]:<OMITTED>
847:d=7 hl=2 l= 14 cons: SEQUENCE
849:d=8 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage
854:d=8 hl=2 l= 1 prim: BOOLEAN :255
857:d=8 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:<OMITTED>
863:d=7 hl=2 l= 29 cons: SEQUENCE
865:d=8 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
870:d=8 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:<OMITTED>
894:d=3 hl=4 l= 910 cons: SEQUENCE
898:d=4 hl=2 l= 4 prim: PRINTABLESTRING :Cert
904:d=4 hl=2 l= 13 prim: UTCTIME :<OMITTED>
919:d=4 hl=2 l= 5 prim: OBJECT :1.3.36.2.1.3
926:d=4 hl=4 l= 878 cons: SEQUENCE
930:d=5 hl=4 l= 598 cons: SEQUENCE
934:d=6 hl=2 l= 3 cons: cont [ 0 ]
936:d=7 hl=2 l= 1 prim: INTEGER :02
939:d=6 hl=2 l= 1 prim: INTEGER :00
942:d=6 hl=2 l= 13 cons: SEQUENCE
944:d=7 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
955:d=7 hl=2 l= 0 prim: NULL
957:d=6 hl=2 l= 69 cons: SEQUENCE
959:d=7 hl=2 l= 11 cons: SET
961:d=8 hl=2 l= 9 cons: SEQUENCE
963:d=9 hl=2 l= 3 prim: OBJECT :countryName
968:d=9 hl=2 l= 2 prim: PRINTABLESTRING :<OMITTED>
972:d=7 hl=2 l= 31 cons: SET
974:d=8 hl=2 l= 29 cons: SEQUENCE
976:d=9 hl=2 l= 3 prim: OBJECT :organizationName
981:d=9 hl=2 l= 22 prim: PRINTABLESTRING :<OMITTED>
1005:d=7 hl=2 l= 21 cons: SET
1007:d=8 hl=2 l= 19 cons: SEQUENCE
1009:d=9 hl=2 l= 3 prim: OBJECT :commonName
1014:d=9 hl=2 l= 12 prim: PRINTABLESTRING :<OMITTED>
1028:d=6 hl=2 l= 30 cons: SEQUENCE
1030:d=7 hl=2 l= 13 prim: UTCTIME :<OMITTED>
1045:d=7 hl=2 l= 13 prim: UTCTIME :<OMITTED>
1060:d=6 hl=2 l= 69 cons: SEQUENCE
1062:d=7 hl=2 l= 11 cons: SET
1064:d=8 hl=2 l= 9 cons: SEQUENCE
1066:d=9 hl=2 l= 3 prim: OBJECT :countryName
1071:d=9 hl=2 l= 2 prim: PRINTABLESTRING :<OMITTED>
1075:d=7 hl=2 l= 31 cons: SET
1077:d=8 hl=2 l= 29 cons: SEQUENCE
1079:d=9 hl=2 l= 3 prim: OBJECT :organizationName
1084:d=9 hl=2 l= 22 prim: PRINTABLESTRING :<OMITTED>
1108:d=7 hl=2 l= 21 cons: SET
1110:d=8 hl=2 l= 19 cons: SEQUENCE
1112:d=9 hl=2 l= 3 prim: OBJECT :commonName
1117:d=9 hl=2 l= 12 prim: PRINTABLESTRING :<OMITTED>
1131:d=6 hl=4 l= 290 cons: SEQUENCE
1135:d=7 hl=2 l= 13 cons: SEQUENCE
1137:d=8 hl=2 l= 9 prim: OBJECT :rsaEncryption
1148:d=8 hl=2 l= 0 prim: NULL
1150:d=7 hl=4 l= 271 prim: BIT STRING
1425:d=6 hl=2 l= 105 cons: cont [ 3 ]
1427:d=7 hl=2 l= 103 cons: SEQUENCE
1429:d=8 hl=2 l= 15 cons: SEQUENCE
1431:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
1436:d=9 hl=2 l= 1 prim: BOOLEAN :255
1439:d=9 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:<OMITTED>
1446:d=8 hl=2 l= 37 cons: SEQUENCE
1448:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name
1453:d=9 hl=2 l= 30 prim: OCTET STRING [HEX DUMP]:<OMITTED>
1485:d=8 hl=2 l= 14 cons: SEQUENCE
1487:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage
1492:d=9 hl=2 l= 1 prim: BOOLEAN :255
1495:d=9 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:<OMITTED>
1501:d=8 hl=2 l= 29 cons: SEQUENCE
1503:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
1508:d=9 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:<OMITTED>
1532:d=5 hl=2 l= 13 cons: SEQUENCE
1534:d=6 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
1545:d=6 hl=2 l= 0 prim: NULL
1547:d=5 hl=4 l= 257 prim: BIT STRING
TeleTrusT - IT Security Association Germany
Security information object
Certificate