LittleBlackBox v0.1.1: Breaking SSL on Embedded Devices

LittleBlackBox is a collection of thousands of private SSL and SSH keys extracted from various embedded devices. These private keys are stored in a database where they are correlated with their public certificates as well as the hardware/firmware that are known to use those private keys.

A command line utility is included to aid in the identification of devices or network traffic that use these known private keys. Given a public certificate, the utility will search the database to see if it has a corresponding private key; if so, the private key is displayed and can be used for traffic decryption or MITM attacks. Alternatively, it will also display a table of hardware and firmware that is known to use that private key.

The utility can obtain a public certificate several different ways:

  1. You may give it the path to a public SSL certificate file.
  2. You may give it the SHA1 hash of a public SSL/SSH certificate.
  3. Given a host, it will retrieve the host’s public SSL certificate.
  4. Given a pcap file, it will parse the file looking for public SSL certificate exchanges.
  5. Given a live network interface, it will listen for public SSL certificate exchanges.



NJ Ouchn

"Passion is needed for any great work, and for the revolution, passion and audacity are required in big doses"