histsdk

dohertj2/histsdk

Fork 0

Commit Graph

Author	SHA1	Message	Date
Joseph Doherty	b2ac35b98e	docs(grpc-events): trace the ExchangeKey token crypto — KDF=SHA256(secret); token construction localized Frida-hooked Windows CNG (scripts/frida/aahclientmanaged-cng-exchangekey.js) during a real native ExchangeKey to recover the token derivation: - The ECDH + KDF are standard CNG driven by managed System.Security.Cryptography .ECDiffieHellmanCng: NCryptSecretAgreement (P-256) -> NCryptDeriveKey(KDF=HASH, SHA256, 32 bytes). So the derived key = SHA256(ECDH shared secret). - "ECK1" is the standard CNG BCRYPT_ECCPUBLIC_BLOB magic (P-256), confirming our BuildExchangeKeyClientHello wire format. - The 26-byte token (constant 0x8e marker) is a custom construction over the derived key: a 528-candidate offline cracker (HMAC/SHA/AES-GCM/CBC/CTR over the derived key x request slices x creds) found no match, and it matches none of the traced hash digests. It is built in aahClientManaged's C++/CLI <Module> code between the DeriveKeyMaterial call and the openParameters assembly. Next: ILSpy cannot decompile the mixed-mode assembly (crashes, exit 70); use dnlib (IL-level) to dump the <Module> method referencing DeriveKeyMaterial and read the post-derive token construction. 2 of 3 layers cleared (key exchange + client key); the 3rd (token) is localized, pending dnlib extraction. Orchestrator stays on v6. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01B6mcaT2PjRFKcogzp9UkfC	2026-06-23 11:11:21 -04:00

Author

SHA1

Message

Date

Joseph Doherty

b2ac35b98e

docs(grpc-events): trace the ExchangeKey token crypto — KDF=SHA256(secret); token construction localized

Frida-hooked Windows CNG (scripts/frida/aahclientmanaged-cng-exchangekey.js) during
a real native ExchangeKey to recover the token derivation:

- The ECDH + KDF are standard CNG driven by managed System.Security.Cryptography
  .ECDiffieHellmanCng: NCryptSecretAgreement (P-256) -> NCryptDeriveKey(KDF=HASH,
  SHA256, 32 bytes). So the derived key = SHA256(ECDH shared secret).
- "ECK1" is the standard CNG BCRYPT_ECCPUBLIC_BLOB magic (P-256), confirming our
  BuildExchangeKeyClientHello wire format.
- The 26-byte token (constant 0x8e marker) is a custom construction over the
  derived key: a 528-candidate offline cracker (HMAC/SHA/AES-GCM/CBC/CTR over the
  derived key x request slices x creds) found no match, and it matches none of the
  traced hash digests. It is built in aahClientManaged's C++/CLI <Module> code
  between the DeriveKeyMaterial call and the openParameters assembly.

Next: ILSpy cannot decompile the mixed-mode assembly (crashes, exit 70); use dnlib
(IL-level) to dump the <Module> method referencing DeriveKeyMaterial and read the
post-derive token construction. 2 of 3 layers cleared (key exchange + client key);
the 3rd (token) is localized, pending dnlib extraction. Orchestrator stays on v6.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01B6mcaT2PjRFKcogzp9UkfC

2026-06-23 11:11:21 -04:00

1 Commits