
Cracking Cloudflare's heartbleed challenge - tomkwok
https://blog.indutny.com/9.heartbleed
======
jgrahamc
This is the code used by the first person to extract the private key.

~~~
tomkwok
And as he mentioned, it's a node.js script (plus the node-v0.10.26.patch).

------
filipedeschamps
Thank you for the post explaining.

It's great to have good guys like you around. Keep up with the good job.

~~~
sp332
indutny: your sibling comment is dead because it's the exact same text as your
previous comment, and HN code killed it as a double-post.
[https://news.ycombinator.com/item?id=7576670](https://news.ycombinator.com/item?id=7576670)
<\- from 3 days ago lol

~~~
indutny
Thanks for letting me know. I'll try to be unpredictable.

~~~
bpicolo
But, you know, predictably unpredictable.

~~~
mikeash
Just include a UUID at the end of every comment.
0445BD22-4DB2-4238-AB12-38E8766E8FBF

------
tomkwok
Which one's better:
[https://github.com/indutny/heartbleed](https://github.com/indutny/heartbleed)
(in node.js) or
[https://github.com/robertdavidgraham/heartleech](https://github.com/robertdavidgraham/heartleech)
(in C)?

~~~
sp332
I couldn't get heartleech to build at all. The Makefile is malformed, for a
start.

~~~
Malus
That is because the tab on line 4 was converted to 4 spaces. A simple find +
replace fixes the problem.

~~~
sp332
Sure, if you can interpret "Makefile:4: * * * missing separator. Stop."

~~~
teach
To be fair, if you have hand-created many Makefiles, you'd already be quite
familiar with that error.

------
gojomo
An interesting variant of prime-number search. It may not turn up the largest
primes yet known... just the economically valuable smaller ones.

------
user2994cb
Nice. To speed things up, you could look for 128 byte malloc'ed chunks with a
16 byte header of "xx xx xx xx 90 00 00 00" or "xx xx xx xx 91 00 00 00" (for
a 2048 bit modulus).

Looks to me like OpenSSL caches the modulus for Montgomery multiplication and
that's where the primes in higher memory are coming from (see rsa_eay.c around
line 774).

