#include <stdio.h>
|
#include <stdint.h>
|
#include <stdbool.h>
|
#include <string.h>
|
#include <err.h>
|
#include <openssl/x509.h>
|
|
int main(int argc, char **argv)
|
{
|
uint32_t *serial;
|
uint32_t desired;
|
X509 *cert;
|
|
OpenSSL_add_all_algorithms();
|
ERR_load_crypto_strings();
|
|
if (argc != 2) {
|
errx(EXIT_FAILURE, "usage: %s <desired 32bit hash> < template.der", *argv);
|
}
|
|
desired = strtoul(argv[1], NULL, 0);
|
cert = d2i_X509_fp(stdin, NULL);
|
|
if (!cert)
|
errx(EXIT_FAILURE, "failed to parse template certificate");
|
}
|
|
// Verify the serialNumber is big enough.
|
if (cert->cert_info->serialNumber->length < sizeof(uint32_t)) {
|
errx(EXIT_FAILURE, "serialNumber is too short to bruteforce");
|
}
|
|
// Fetch pointer to serialNumber bytes.
|
serial = (uint32_t *) cert->cert_info->serialNumber->data;
|
|
// Keep hashing until we find a match.
|
while ((uint32_t) X509_issuer_and_serial_hash(cert) != desired) {
|
++*serial;
|
}
|
|
fprintf(stdout, "serial %u matches hash %#lx\n",
|
ntohl(*serial),
|
X509_issuer_and_serial_hash(cert));
|
|
|
X509_free(cert);
|
return 0;
|
}
|