Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-15361 PoC — Infineon Trusted Platform Module Infineon RSA库安全漏洞

Source
https://github.com/Elbarbons/ROCA-attack-on-vulnerability-CVE-2017-15361
Associated Vulnerability
Title:Infineon Trusted Platform Module Infineon RSA库安全漏洞 (CVE-2017-15361)
Description:The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.
Readme
# ROCA-attack-on-vulnerability-CVE-2017-15361
This repository contains the thesis developed for my bachelor's degree in Mathematical Engineering at Polytechnic of Turin. It's a script based on python and sage.

The goal of the script is to generate an RSA key, evaluete if it's vulnerable by the ROCA attack and performe the ROCA attack.

Comments in the scripts are in italian.

### Folder structure

```
.                
└── Attacco-ROCA-sulla-vulnerabilita-CVE-2017-15361    # The folder containing this repository
    └──Program
        ├── Main.py                                                # The main file
        ├── Keygen.py                                              # Keygen of the key
        ├── Fingerprinting.py                                      # Fingerprinting of the key
        └── Attack.py                                              # ROCA attack of the key
```

### Usage and libraries needed
To use this program you need to have installed on your machine python3 and sage compatible with python3.

The libraries you need to install on sage and python are: sympy, Cryptodome, math, labmath.

To start the program, open the sage shell and use this command

```
    #sage -python3 path/to/the/folder/on/your/pc/main.py
```
File Snapshot

 [4.0K]  /data/pocs/a23e8623f3d64e03351c7a64f7f228693b1bd2a7
├── [1.0K]  LICENSE
├── [4.0K]  Program
│   ├── [3.1K]  Attack.py
│   ├── [1.0K]  Fingerprinting.py
│   ├── [2.9K]  Keygen.py
│   └── [2.9K]  Main.py
├── [1.3K]  README.md
└── [516K]  Thesis.pdf

1 directory, 7 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →