Skip to content

Commit e9ca4dc

Browse files
n1474335n1474335
committed
Added HASSH operations
1 parent 57bb8fb commit e9ca4dc

8 files changed

+384
-13
lines changed

src/core/config/Categories.json

+2
Original file line numberDiff line numberDiff line change
@@ -195,6 +195,8 @@
195195
"VarInt Decode",
196196
"JA3 Fingerprint",
197197
"JA3S Fingerprint",
198+
"HASSH Client Fingerprint",
199+
"HASSH Server Fingerprint",
198200
"Format MAC addresses",
199201
"Change IP format",
200202
"Group IP addresses",

src/core/operations/HASSHClientFingerprint.mjs

+166
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,166 @@
1+
/**
2+
* @author n1474335 [[email protected]]
3+
* @copyright Crown Copyright 2021
4+
* @license Apache-2.0
5+
*
6+
* HASSH created by Salesforce
7+
* Ben Reardon (@benreardon)
8+
* Adel Karimi (@0x4d31)
9+
* and the JA3 crew:
10+
* John B. Althouse
11+
* Jeff Atkinson
12+
* Josh Atkins
13+
*
14+
* Algorithm released under the BSD-3-clause licence
15+
*/
16+
17+
import Operation from "../Operation.mjs";
18+
import OperationError from "../errors/OperationError.mjs";
19+
import Utils from "../Utils.mjs";
20+
import Stream from "../lib/Stream.mjs";
21+
import {runHash} from "../lib/Hash.mjs";
22+
23+
/**
24+
* HASSH Client Fingerprint operation
25+
*/
26+
class HASSHClientFingerprint extends Operation {
27+
28+
/**
29+
* HASSHClientFingerprint constructor
30+
*/
31+
constructor() {
32+
super();
33+
34+
this.name = "HASSH Client Fingerprint";
35+
this.module = "Crypto";
36+
this.description = "Generates a HASSH fingerprint to help identify SSH clients based on hashing together values from the Client Key Exchange Init message.<br><br>Input: A hex stream of the SSH_MSG_KEXINIT packet application layer from Client to Server.";
37+
this.infoURL = "https://engineering.salesforce.com/open-sourcing-hassh-abed3ae5044c";
38+
this.inputType = "string";
39+
this.outputType = "string";
40+
this.args = [
41+
{
42+
name: "Input format",
43+
type: "option",
44+
value: ["Hex", "Base64", "Raw"]
45+
},
46+
{
47+
name: "Output format",
48+
type: "option",
49+
value: ["Hash digest", "HASSH algorithms string", "Full details"]
50+
}
51+
];
52+
}
53+
54+
/**
55+
* @param {string} input
56+
* @param {Object[]} args
57+
* @returns {string}
58+
*/
59+
run(input, args) {
60+
const [inputFormat, outputFormat] = args;
61+
62+
input = Utils.convertToByteArray(input, inputFormat);
63+
const s = new Stream(new Uint8Array(input));
64+
65+
// Length
66+
const length = s.readInt(4);
67+
if (s.length !== length + 4)
68+
throw new OperationError("Incorrect packet length.");
69+
70+
// Padding length
71+
const paddingLength = s.readInt(1);
72+
73+
// Message code
74+
const messageCode = s.readInt(1);
75+
if (messageCode !== 20)
76+
throw new OperationError("Not a Key Exchange Init.");
77+
78+
// Cookie
79+
s.moveForwardsBy(16);
80+
81+
// KEX Algorithms
82+
const kexAlgosLength = s.readInt(4);
83+
const kexAlgos = s.readString(kexAlgosLength);
84+
85+
// Server Host Key Algorithms
86+
const serverHostKeyAlgosLength = s.readInt(4);
87+
s.moveForwardsBy(serverHostKeyAlgosLength);
88+
89+
// Encryption Algorithms Client to Server
90+
const encAlgosC2SLength = s.readInt(4);
91+
const encAlgosC2S = s.readString(encAlgosC2SLength);
92+
93+
// Encryption Algorithms Server to Client
94+
const encAlgosS2CLength = s.readInt(4);
95+
s.moveForwardsBy(encAlgosS2CLength);
96+
97+
// MAC Algorithms Client to Server
98+
const macAlgosC2SLength = s.readInt(4);
99+
const macAlgosC2S = s.readString(macAlgosC2SLength);
100+
101+
// MAC Algorithms Server to Client
102+
const macAlgosS2CLength = s.readInt(4);
103+
s.moveForwardsBy(macAlgosS2CLength);
104+
105+
// Compression Algorithms Client to Server
106+
const compAlgosC2SLength = s.readInt(4);
107+
const compAlgosC2S = s.readString(compAlgosC2SLength);
108+
109+
// Compression Algorithms Server to Client
110+
const compAlgosS2CLength = s.readInt(4);
111+
s.moveForwardsBy(compAlgosS2CLength);
112+
113+
// Languages Client to Server
114+
const langsC2SLength = s.readInt(4);
115+
s.moveForwardsBy(langsC2SLength);
116+
117+
// Languages Server to Client
118+
const langsS2CLength = s.readInt(4);
119+
s.moveForwardsBy(langsS2CLength);
120+
121+
// First KEX packet follows
122+
s.moveForwardsBy(1);
123+
124+
// Reserved
125+
s.moveForwardsBy(4);
126+
127+
// Padding string
128+
s.moveForwardsBy(paddingLength);
129+
130+
// Output
131+
const hassh = [
132+
kexAlgos,
133+
encAlgosC2S,
134+
macAlgosC2S,
135+
compAlgosC2S
136+
];
137+
const hasshStr = hassh.join(";");
138+
const hasshHash = runHash("md5", Utils.strToArrayBuffer(hasshStr));
139+
140+
switch (outputFormat) {
141+
case "HASSH algorithms string":
142+
return hasshStr;
143+
case "Full details":
144+
return `Hash digest:
145+
${hasshHash}
146+
147+
Full HASSH algorithms string:
148+
${hasshStr}
149+
150+
Key Exchange Algorithms:
151+
${kexAlgos}
152+
Encryption Algorithms Client to Server:
153+
${encAlgosC2S}
154+
MAC Algorithms Client to Server:
155+
${macAlgosC2S}
156+
Compression Algorithms Client to Server:
157+
${compAlgosC2S}`;
158+
case "Hash digest":
159+
default:
160+
return hasshHash;
161+
}
162+
}
163+
164+
}
165+
166+
export default HASSHClientFingerprint;

src/core/operations/HASSHServerFingerprint.mjs

+166
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,166 @@
1+
/**
2+
* @author n1474335 [[email protected]]
3+
* @copyright Crown Copyright 2021
4+
* @license Apache-2.0
5+
*
6+
* HASSH created by Salesforce
7+
* Ben Reardon (@benreardon)
8+
* Adel Karimi (@0x4d31)
9+
* and the JA3 crew:
10+
* John B. Althouse
11+
* Jeff Atkinson
12+
* Josh Atkins
13+
*
14+
* Algorithm released under the BSD-3-clause licence
15+
*/
16+
17+
import Operation from "../Operation.mjs";
18+
import OperationError from "../errors/OperationError.mjs";
19+
import Utils from "../Utils.mjs";
20+
import Stream from "../lib/Stream.mjs";
21+
import {runHash} from "../lib/Hash.mjs";
22+
23+
/**
24+
* HASSH Server Fingerprint operation
25+
*/
26+
class HASSHServerFingerprint extends Operation {
27+
28+
/**
29+
* HASSHServerFingerprint constructor
30+
*/
31+
constructor() {
32+
super();
33+
34+
this.name = "HASSH Server Fingerprint";
35+
this.module = "Crypto";
36+
this.description = "Generates a HASSH fingerprint to help identify SSH servers based on hashing together values from the Server Key Exchange Init message.<br><br>Input: A hex stream of the SSH_MSG_KEXINIT packet application layer from Server to Client.";
37+
this.infoURL = "https://engineering.salesforce.com/open-sourcing-hassh-abed3ae5044c";
38+
this.inputType = "string";
39+
this.outputType = "string";
40+
this.args = [
41+
{
42+
name: "Input format",
43+
type: "option",
44+
value: ["Hex", "Base64", "Raw"]
45+
},
46+
{
47+
name: "Output format",
48+
type: "option",
49+
value: ["Hash digest", "HASSH algorithms string", "Full details"]
50+
}
51+
];
52+
}
53+
54+
/**
55+
* @param {string} input
56+
* @param {Object[]} args
57+
* @returns {string}
58+
*/
59+
run(input, args) {
60+
const [inputFormat, outputFormat] = args;
61+
62+
input = Utils.convertToByteArray(input, inputFormat);
63+
const s = new Stream(new Uint8Array(input));
64+
65+
// Length
66+
const length = s.readInt(4);
67+
if (s.length !== length + 4)
68+
throw new OperationError("Incorrect packet length.");
69+
70+
// Padding length
71+
const paddingLength = s.readInt(1);
72+
73+
// Message code
74+
const messageCode = s.readInt(1);
75+
if (messageCode !== 20)
76+
throw new OperationError("Not a Key Exchange Init.");
77+
78+
// Cookie
79+
s.moveForwardsBy(16);
80+
81+
// KEX Algorithms
82+
const kexAlgosLength = s.readInt(4);
83+
const kexAlgos = s.readString(kexAlgosLength);
84+
85+
// Server Host Key Algorithms
86+
const serverHostKeyAlgosLength = s.readInt(4);
87+
s.moveForwardsBy(serverHostKeyAlgosLength);
88+
89+
// Encryption Algorithms Client to Server
90+
const encAlgosC2SLength = s.readInt(4);
91+
s.moveForwardsBy(encAlgosC2SLength);
92+
93+
// Encryption Algorithms Server to Client
94+
const encAlgosS2CLength = s.readInt(4);
95+
const encAlgosS2C = s.readString(encAlgosS2CLength);
96+
97+
// MAC Algorithms Client to Server
98+
const macAlgosC2SLength = s.readInt(4);
99+
s.moveForwardsBy(macAlgosC2SLength);
100+
101+
// MAC Algorithms Server to Client
102+
const macAlgosS2CLength = s.readInt(4);
103+
const macAlgosS2C = s.readString(macAlgosS2CLength);
104+
105+
// Compression Algorithms Client to Server
106+
const compAlgosC2SLength = s.readInt(4);
107+
s.moveForwardsBy(compAlgosC2SLength);
108+
109+
// Compression Algorithms Server to Client
110+
const compAlgosS2CLength = s.readInt(4);
111+
const compAlgosS2C = s.readString(compAlgosS2CLength);
112+
113+
// Languages Client to Server
114+
const langsC2SLength = s.readInt(4);
115+
s.moveForwardsBy(langsC2SLength);
116+
117+
// Languages Server to Client
118+
const langsS2CLength = s.readInt(4);
119+
s.moveForwardsBy(langsS2CLength);
120+
121+
// First KEX packet follows
122+
s.moveForwardsBy(1);
123+
124+
// Reserved
125+
s.moveForwardsBy(4);
126+
127+
// Padding string
128+
s.moveForwardsBy(paddingLength);
129+
130+
// Output
131+
const hassh = [
132+
kexAlgos,
133+
encAlgosS2C,
134+
macAlgosS2C,
135+
compAlgosS2C
136+
];
137+
const hasshStr = hassh.join(";");
138+
const hasshHash = runHash("md5", Utils.strToArrayBuffer(hasshStr));
139+
140+
switch (outputFormat) {
141+
case "HASSH algorithms string":
142+
return hasshStr;
143+
case "Full details":
144+
return `Hash digest:
145+
${hasshHash}
146+
147+
Full HASSH algorithms string:
148+
${hasshStr}
149+
150+
Key Exchange Algorithms:
151+
${kexAlgos}
152+
Encryption Algorithms Server to Client:
153+
${encAlgosS2C}
154+
MAC Algorithms Server to Client:
155+
${macAlgosS2C}
156+
Compression Algorithms Server to Client:
157+
${compAlgosS2C}`;
158+
case "Hash digest":
159+
default:
160+
return hasshHash;
161+
}
162+
}
163+
164+
}
165+
166+
export default HASSHServerFingerprint;

src/core/operations/JA3Fingerprint.mjs

+1-1
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ class JA3Fingerprint extends Operation {
3030

3131
this.name = "JA3 Fingerprint";
3232
this.module = "Crypto";
33-
this.description = "Generates a JA3 fingerprint to help identify TLS clients based on hashing together values from the Client Hello.<br><br>Input: A hex stream of the TLS Client Hello application layer.";
33+
this.description = "Generates a JA3 fingerprint to help identify TLS clients based on hashing together values from the Client Hello.<br><br>Input: A hex stream of the TLS Client Hello packet application layer.";
3434
this.infoURL = "https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-247362855967";
3535
this.inputType = "string";
3636
this.outputType = "string";

src/core/operations/JA3SFingerprint.mjs

+1-1
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ class JA3SFingerprint extends Operation {
3030

3131
this.name = "JA3S Fingerprint";
3232
this.module = "Crypto";
33-
this.description = "Generates a JA3S fingerprint to help identify TLS servers based on hashing together values from the Server Hello.<br><br>Input: A hex stream of the TLS Server Hello record in the application layer.";
33+
this.description = "Generates a JA3S fingerprint to help identify TLS servers based on hashing together values from the Server Hello.<br><br>Input: A hex stream of the TLS Server Hello record application layer.";
3434
this.infoURL = "https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-247362855967";
3535
this.inputType = "string";
3636
this.outputType = "string";

tests/operations/index.mjs

+2
Original file line numberDiff line numberDiff line change
@@ -105,6 +105,8 @@ import "./tests/RSA.mjs";
105105
import "./tests/CBOREncode.mjs";
106106
import "./tests/CBORDecode.mjs";
107107
import "./tests/JA3Fingerprint.mjs";
108+
import "./tests/JA3SFingerprint.mjs";
109+
import "./tests/HASSH.mjs";
108110

109111

110112
// Cannot test operations that use the File type yet

0 commit comments

Comments
 (0)