Skip to content

Instantly share code, notes, and snippets.

@Wack0

Wack0/1-torrents-time-certs-keys.md

Last active June 10, 2022 12:39
Show Gist options
  • Star 7 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Wack0/8eecd90f688e85fef86b to your computer and use it in GitHub Desktop.
Save Wack0/8eecd90f688e85fef86b to your computer and use it in GitHub Desktop.
Download ZIP
Torrents Time bundles certificates and private keys.
Raw
1-torrents-time-certs-keys.md

Torrents Time bundles certificates and private keys

So, with all the news about how Torrents Time is insecure.. I figured I might as well reverse it.

It seems to have three components, one (on windows) is a native service (TTService.exe) that runs as SYSTEM, another (TTPlayer.exe) runs under a lower privileged user. There's also a nodejs application, server.js.

The native service seems to set up a localhost HTTPd, on either port 12400, 11400, 10400 or 9400, using whichever is open.

So, I browsed to it, and was astonished to discover it was running with TLS, and gave the browser a valid certificate, signed by Thawte! (the cert was issued to localhost.ttconfig.xyz, obviously to work around new CA rules. For the record, it currently resolves to 127.0.0.1 as you'd probably expect.)

Quick examination shows that the certificate and corresponding private key is located base64 encoded inside the TTService.exe binary. (And yes, they base64 encoded PEM format certificates and private keys, which are themselves base64 encoded...)

And not just that one. Base64 encoded inside the binary I found a grand total of three certificates, and corresponding private keys. All were issued to localhost.ttconfig.xyz, but they were issued by different CAs:

  • One certificate issued by Comodo, valid from 22 October, 2015 to 21 October, 2016
  • One certificate issued by RapidSSL, valid from 24 October, 2015 to 25 October, 2016
  • One certificate issued by Thawte, valid from 25 October, 2015 to 24 October, 2016

Each of those certificates and the corresponding private keys can be found attached to this gist in PEM format. Hopefully the CAs will revoke them quickly. Sure, it'll break Torrents Time in a visible way, but as you already know, having read this post, it was broken anyway.

Uninstallation of Torrents Time is extremely recommended, it seems the Torrents Time devs really don't know what they are doing...

-> slipstream, a member of Ring of Lightning and LizardHQ <-

Raw
comodo-cert-key.txt
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA1ECzHjRVDtjpRhsgmnyYtQjSYCVaASXCBSXjd8CXlbSKox9A
Tkm4+XKyNZlxbZtrmomGiHrMsnoMX1UwEZVH3zOW0CcsYPM3ISkUBezHIa8oGGSb
LZLQuLSI/yrFJFvnMEGBQK3C1DzipBH2FJ5rsFXttCxZBfMSEZqajwvbDSH1+sRK
6xc8XKHWZLLqoGqbIcLMI2F4NYTIkmW4kBgq71fR8sGALS6/tdQOUqCSC3yj+4Cn
LdhF8ZIj8sAhPOmF1gAEIykJmu/AXcP7dSvvSTQAcdu0fbNg9pRieV9HD3/1AQpS
ZOQzaN7AwC7kUyY+dfGaSS62d21wralLZOn1+wIDAQABAoIBAQC/7u3KL2qHLZDs
a1V1PZxdgGe0t7IG/ZzQSO3D+W1Z29POJFFjOflB4PzTyTiv8+4+5YO5YMo/zmvn
vUHldId0h9Ml0XapCOZeXyYTIYUEqb5pKHjGok+J5v9HNubktRJ/KYz27uoSQCh2
UyOii4s3/swftEagQaiiMJr5JbBk0x41+UspcA+Dt/OE0SmIRORs47cDcZ11OWqD
/xuYymf5GSqjC/OGYFu8i1m5p0ooC3SvnGTst8eQYS1vJJAAKYsX1qK/05cVLbhR
2CbttLcOpfa+YfWQc2p6LWKcSqycxrvESDkVGRZUm2A1CPNvp7vjH+4ZfEQBFZS8
7hm+EMWhAoGBAPA1JUizW6ABaoz9YhGmIwJPl6mw7bMoqo14wIv06KMQBm5wbq5x
8KaUzJEmQ//srQwraLlxZP+14HCAcAa3EbnfwzpqZGEzlJCJ0IFudrcI9vrC8DMv
B+OgVwlnaTeiPKQcbvPLlOTdFkH/yFruQTRRqU695uRibdmiK27I8EcrAoGBAOI1
DhF55JD5i3+wypsw0829Exzr5PJvF52E4TdEiUdG+21iD635whdc2Bmy1sbVIYj7
os9VWkZdzKyUw0M5d8OGFwFOVlhoX0efdKnVTxxtDjHVbnz0oBBxT9z6j1rWsoZn
3KOXmBjA+Awn88198+N0ccJaH/KLE1uco7ZuSaRxAoGBAOTUrEUa4IGId9oClMdd
buKHsmKss3VGm1uUmlF6KZkV7hqNr1MuJmR7QnpQat1Guf/q5qQq+12DBWIHaTFs
e02IdnKS4jebLL+ZGnIDKsLpnmd7B9qqxig6GlBSHHEsc/qfP6+u1JRGbirHojXF
3YYa+WCTFn+hqSZ4EEpE0GnrAoGBAIK7junivIpc7pZZon6WdZKOF6G7Y5IJSmir
B05duckL6PuKlO1DTz0ZV3titGYtfzgf1jRla8sHIucLAt6zM9g4gssqbxShHY/T
RCVzNkmDbZS3eSeWaXuXQUTBOmCRfJPZKtcRIcIMpE7COFEm3fEytxxP4e7XGdT0
bllc3ArBAoGAZ6t0w9G9xy7NAB3zWbkU0qgptyMrn2sReLAiq0UF1IwCxQ4DQGST
hFtgcp7Yd5tjPZynxedZ1dObcGOqn2dUtF5OXa8ywzgAW3pWQmUl62obXNEtfPMN
qoEzASWmHnx+l53M3LEnes8zqZrvAL+rLWzCLUiU+dyK3SYcoYJf3VM=
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIFZjCCBE6gAwIBAgIQJpz9txMZ5hYunYbkAZWnQjANBgkqhkiG9w0BAQsFADCB
kDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNV
BAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD
QTAeFw0xNTEwMjIwMDAwMDBaFw0xNjEwMjEyMzU5NTlaMFoxITAfBgNVBAsTGERv
bWFpbiBDb250cm9sIFZhbGlkYXRlZDEUMBIGA1UECxMLUG9zaXRpdmVTU0wxHzAd
BgNVBAMTFmxvY2FsaG9zdC50dGNvbmZpZy54eXowggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDUQLMeNFUO2OlGGyCafJi1CNJgJVoBJcIFJeN3wJeVtIqj
H0BOSbj5crI1mXFtm2uaiYaIesyyegxfVTARlUffM5bQJyxg8zchKRQF7MchrygY
ZJstktC4tIj/KsUkW+cwQYFArcLUPOKkEfYUnmuwVe20LFkF8xIRmpqPC9sNIfX6
xErrFzxcodZksuqgapshwswjYXg1hMiSZbiQGCrvV9HywYAtLr+11A5SoJILfKP7
gKct2EXxkiPywCE86YXWAAQjKQma78Bdw/t1K+9JNABx27R9s2D2lGJ5X0cPf/UB
ClJk5DNo3sDALuRTJj518ZpJLrZ3bXCtqUtk6fX7AgMBAAGjggHvMIIB6zAfBgNV
HSMEGDAWgBSQr2o6lFoL2JDqElZz30O0Oija5zAdBgNVHQ4EFgQUbMy2KRrFyw8u
LF38ATfdZK75J94wDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0l
BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCME8GA1UdIARIMEYwOgYLKwYBBAGyMQEC
AgcwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNvbS9DUFMw
CAYGZ4EMAQIBMFQGA1UdHwRNMEswSaBHoEWGQ2h0dHA6Ly9jcmwuY29tb2RvY2Eu
Y29tL0NPTU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcmww
gYUGCCsGAQUFBwEBBHkwdzBPBggrBgEFBQcwAoZDaHR0cDovL2NydC5jb21vZG9j
YS5jb20vQ09NT0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNy
dDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMD0GA1UdEQQ2
MDSCFmxvY2FsaG9zdC50dGNvbmZpZy54eXqCGnd3dy5sb2NhbGhvc3QudHRjb25m
aWcueHl6MA0GCSqGSIb3DQEBCwUAA4IBAQBnbnZ4RunC9pvagzBbAgv69ArVuPVt
cXWMPcQgakjogBog78g92wHjLm0Yu+ouU2P5i/pa/KoLPVJOwfRaMgZPZcXK68Xj
taI+qeUnZLg569LbusQo0Ap0D5pLTdeDSNbCfeOCdAbmaLie+UxJNAQjhMn0jhT1
0ARK0V+dbPdTFXrlFAiek7UcgJK1v4owdaBI8giwApCTRXak9TElnfoeVBNgh7eN
GcnhnOR9fh+zpERvvSe7k8HIWa7hTboSs/MpsFw/r0r2+K9toLEW/tayJ/2VYIPC
3VBYt0OU8RtuQj867hGlv/vMYBKCJI26FRGizZQIF+PvMAhjk7QODTSJ
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIGCDCCA/CgAwIBAgIQKy5u6tl1NmwUim7bo3yMBzANBgkqhkiG9w0BAQwFADCB
hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV
BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQwMjEy
MDAwMDAwWhcNMjkwMjExMjM1OTU5WjCBkDELMAkGA1UEBhMCR0IxGzAZBgNVBAgT
EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR
Q09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZh
bGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAI7CAhnhoFmk6zg1jSz9AdDTScBkxwtiBUUWOqigwAwCfx3M28Sh
bXcDow+G+eMGnD4LgYqbSRutA776S9uMIO3Vzl5ljj4Nr0zCsLdFXlIvNN5IJGS0
Qa4Al/e+Z96e0HqnU4A7fK31llVvl0cKfIWLIpeNs4TgllfQcBhglo/uLQeTnaG6
ytHNe+nEKpooIZFNb5JPJaXyejXdJtxGpdCsWTWM/06RQ1A/WZMebFEh7lgUq/51
UHg+TLAchhP6a5i84DuUHoVS3AOTJBhuyydRReZw3iVDpA3hSqXttn7IzW3uLh0n
c13cRTCAquOyQQuvvUSH2rnlG51/ruWFgqUCAwEAAaOCAWUwggFhMB8GA1UdIwQY
MBaAFLuvfgI9+qbxPISOre44mOzZMjLUMB0GA1UdDgQWBBSQr2o6lFoL2JDqElZz
30O0Oija5zAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNV
HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGwYDVR0gBBQwEjAGBgRVHSAAMAgG
BmeBDAECATBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNvbW9kb2NhLmNv
bS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBxBggrBgEFBQcB
AQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9E
T1JTQUFkZFRydXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21v
ZG9jYS5jb20wDQYJKoZIhvcNAQEMBQADggIBAE4rdk+SHGI2ibp3wScF9BzWRJ2p
mj6q1WZmAT7qSeaiNbz69t2Vjpk1mA42GHWx3d1Qcnyu3HeIzg/3kCDKo2cuH1Z/
e+FE6kKVxF0NAVBGFfKBiVlsit2M8RKhjTpCipj4SzR7JzsItG8kO3KdY3RYPBps
P0/HEZrIqPW1N+8QRcZs2eBelSaz662jue5/DJpmNXMyYE7l3YphLG5SEXdoltMY
dVEVABt0iN3hxzgEQyjpFv3ZBdRdRydg1vs4O2xyopT4Qhrf7W8GjEXCBgCq5Ojc
2bXhc3js9iPc0d1sjhqPpepUfJa3w/5Vjo1JXvxku88+vZbrac2/4EjxYoIQ5QxG
V/Iz2tDIY+3GH5QFlkoakdH368+PUq4NCNk+qKBR6cGHdNXJ93SrLlP7u3r7l+L4
HyaPs9Kg4DdbKDsx5Q5XLVq4rXmsXiBmGqW5prU5wfWYQ//u+aen/e7KJD2AFsQX
j4rBYKEMrltDR5FL1ZoXX/nUh8HCjLfn4g8wGTeGrODcQgPmlKidrv0PJFGUzpII
0fxQ8ANAe4hZ7Q7drNJ3gjTcBpUC2JD5Leo31Rpg0Gcg19hCC0Wvgmje3WYkN5Ap
lBlGGSW4gNfL1IYoakRwJiNiqZ+Gb7+6kHDSVneFeO/qJakXzlByjAA6quPbYzSf
+AZxAeKCINT+b72x
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgIQJ2buVutJ846r13Ci/ITeIjANBgkqhkiG9w0BAQwFADBv
MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow
gYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYD
VQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkq
hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkehUktIKVrGsDSTdxc9EZ3SZKzejfSNw
AHG8U9/E+ioSj0t/EFa9n3Byt2F/yUsPF6c947AEYe7/EZfH9IY+Cvo+XPmT5jR6
2RRr55yzhaCCenavcZDX7P0N+pxs+t+wgvQUfvm+xKYvT3+Zf7X8Z0NyvQwA1onr
ayzT7Y+YHBSrfuXjbvzYqOSSJNpDa2K4Vf3qwbxstovzDo2a5JtsaZn4eEgwRdWt
4Q08RWD8MpZRJ7xnw8outmvqRsfHIKCxH2XeSAi6pE6p8oNGN4Tr6MyBSENnTnIq
m1y9TBsoilwie7SrmNnu4FGDwwlGTm0+mfqVF9p8M1dBPI1R7Qu2XK8sYxrfV8g/
vOldxJuvRZnio1oktLqpVj3Pb6r/SVi+8Kj/9Lit6Tf7urj0Czr56ENCHonYhMsT
8dm74YlguIwoVqwUHZwK53Hrzw7dPamWoUi9PPevtQ0iTMARgexWO/bTouJbt7IE
IlKVgJNp6I5MZfGRAy1wdALqi2cVKWlSArvX31BqVUa/oKMoYX9w0MOiqiwhqkfO
KJwGRXa/ghgntNWutMtQ5mv0TIZxMOmm3xaG4Nj/QN370EKIf6MzOi5cHkERgWPO
GHFrK+ymircxXDpqR+DDeVnWIBqv8mqYqnK8V0rSS527EPywTEHl7R09XiidnMy/
s1Hap0flhFMCAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73g
JMtUGjAdBgNVHQ4EFgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQD
AgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1UdHwQ9
MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVy
bmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6
Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAGS/g/FfmoXQ
zbihKVcN6Fr30ek+8nYEbvFScLsePP9NDXRqzIGCJdPDoCpdTPW6i6FtxFQJdcfj
Jw5dhHk3QBN39bSsHNA7qxcS1u80GH4r6XnTq1dFDK8o+tDb5VCViLvfhVdpfZLY
Uspzgb8c8+a4bmYRBbMelC1/kZWSWfFMzqORcUx8Rww7Cxn2obFshj5cqsQugsv5
B5a6SE2Q8pTIqXOi6wZ7I53eovNNVZ96YUWYGGjHXkBrI/V5eu+MtWuLt29G9Hvx
PUsE2JOAWVrgQSQdso8VYFhH2+9uRv0V9dlfmrPb2LjkQLPNlzmuhbsdjrzch5vR
pu/xO28QOG8=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt
H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
-----END CERTIFICATE-----
Raw
rapidssl-cert-key.txt
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCy954AV53roOxr
cRsOiIItFGAyxtuqCFciW+De3OtiuSD0SHiNRf7iVRew2IDhlaelFjJFNdtNCMtz
YyfsJiJJb7mnVDGaQ9crbhFtFZM3H8SBFldLVOG2uA+iwWoWAZb5qqI+mHa8UsAE
mviDjXKuhtguKFmarbSmKFaQ3m87IjETCs8dzjRLWqTnH+EqSpREnHQG1SBNsjq2
nSZuw61uZnzhOB8XKwRQdlmBCTuvcHc4RUkhKCM2PfwpTJEZ7+wUbNZERKhtRWob
rtLYnjwaQtqYljcGIK7Nl58UXKvnxJKaXBwBasn9FloAFsDiAaFBtyWFthnr1r0B
1j7Gj5l/AgMBAAECggEAbZ3G8/S2cFVPmXtclCk+engJd/BfKSUUoaHe+QIdVomH
yrf8xqMBvAVcjl/9iK5OUYpn3gZfvS5O1uz7zeOJiqtY7kleXFuDFkHDgKn/Unst
s9dIPobN/Ul9ojWPUc1FeMRvvaFK0IxquidlYcYoYQeMr7DdOSV+CWuZof/r5y5B
+m450TRcg2K2RL+1708GNqpfIgcx7odYlBz5MPVnA/aB77vlfJhz1h867P1dBUKO
Yx9kRkKmycW8DR71M95AYXnUT7LQWS2lkAI6SY6J43Sz5V3T9+vbvvkL+RmyDjWc
8ZllUA+pF+1RF37GEU/Jh4UNQ0didcQami7wzcM+mQKBgQDoudthdrn5mZOCMmj1
bBcizEVdGw+KxJl252IOAuA2Gz4OlmYkpPF1YzRDcYLH/1gvk34J94uTE3Bxg+2T
BNDRxvCuldG0vUqQHlt/Ux17FriFkT5ZWjpGSrQDIktFQCAnkw0Zv7ugr0uj5GS8
mJWH2mDCjaZGH/O9aOdSOiPBbQKBgQDE3XQmoT4RTlNNinAmzHYap6a6Flb0HAoV
SScZlSQTsWHn2kVVXgpWHloT/jBzdE1Kw6qB0POndLF7S9Skln/UOMuDB5fbuiVL
qia2r9nM6G6gPqT7ESt1s3lvwt0atkL7OrJOro4WJ6HtUC1FfxPHKeFFbr5K230o
7ADe1RYfGwKBgFbPLRP383s1XB6OqzQQs7iZNa57L5r1psEBokPTssq78rQCSeuV
UzQUYyRdLQlpJ/3nKHaTTg74i1LsgSv7+eCmMpUM8YJXsX58tGiUGkUVvpKkEPvH
ekFKEEey/RzBxLy+T36xVE2l1bM2uJTY3b4lKT6pE8LInGSkwtSbN0cpAoGBAIol
MM2u1qRER3ahUAQZ9ELOJNRuusQALR80v0hXfQKItkCBzaeTH0PBdsqS1CMgmOB/
H9aK74AyBh2UX/rDVZ5x4HXpTSo2nNdU5mfKTNdav86ZRyKbsNiegffoUUneXnB3
hwppuXFYjGvAmJQtEY7wF5Gmnchf75tYyV+VPjnDAoGAQvZIinfEgAy7YVfhwK5k
wsF4LygCT4K24ruKXMCF+HMi8+Rv6E/epSWKVMZWmxPhp2hsrtEFGfDajkBOBmqW
Hl+3NnDHo0EqVu2GVD8PEIQll+SRX7wXqaInugqfCBIVVjQcJDRJnAHIUb6fLBW6
ZXgn7HkXxzDaAUh7bwMYQKE=
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIENTCCAx2gAwIBAgIDB9R0MA0GCSqGSIb3DQEBCwUAMEcxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMSAwHgYDVQQDExdSYXBpZFNTTCBTSEEy
NTYgQ0EgLSBHMzAeFw0xNTEwMjQxODU1NThaFw0xNjEwMjUwOTQwNDRaMCExHzAd
BgNVBAMTFmxvY2FsaG9zdC50dGNvbmZpZy54eXowggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCy954AV53roOxrcRsOiIItFGAyxtuqCFciW+De3OtiuSD0
SHiNRf7iVRew2IDhlaelFjJFNdtNCMtzYyfsJiJJb7mnVDGaQ9crbhFtFZM3H8SB
FldLVOG2uA+iwWoWAZb5qqI+mHa8UsAEmviDjXKuhtguKFmarbSmKFaQ3m87IjET
Cs8dzjRLWqTnH+EqSpREnHQG1SBNsjq2nSZuw61uZnzhOB8XKwRQdlmBCTuvcHc4
RUkhKCM2PfwpTJEZ7+wUbNZERKhtRWobrtLYnjwaQtqYljcGIK7Nl58UXKvnxJKa
XBwBasn9FloAFsDiAaFBtyWFthnr1r0B1j7Gj5l/AgMBAAGjggFOMIIBSjAfBgNV
HSMEGDAWgBTDnPP800YINLvORn+gfFvz4gjLWTBXBggrBgEFBQcBAQRLMEkwHwYI
KwYBBQUHMAGGE2h0dHA6Ly9ndi5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6
Ly9ndi5zeW1jYi5jb20vZ3YuY3J0MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAU
BggrBgEFBQcDAQYIKwYBBQUHAwIwIQYDVR0RBBowGIIWbG9jYWxob3N0LnR0Y29u
ZmlnLnh5ejArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vZ3Yuc3ltY2IuY29tL2d2
LmNybDAMBgNVHRMBAf8EAjAAMEEGA1UdIAQ6MDgwNgYGZ4EMAQIBMCwwKgYIKwYB
BQUHAgEWHmh0dHBzOi8vd3d3LnJhcGlkc3NsLmNvbS9sZWdhbDANBgkqhkiG9w0B
AQsFAAOCAQEAiN0LnzKfO3lENYXqoHfCKjUFdB1PEhdk/8lV8k914AydB24+2Mvi
pITyCk+bP7lNxW6JMVVk1Arb1lI8eBGo6Tl9KvdXCr8gXmyUQiV6ahoFKGGwy3Cy
m/DhtCPNPyQmFEBgsQh2+A3UytU82h9/KMJpzte7Kp8+OimuVkpo0VltjMlmJX/X
r598IEIsuwumTWQ7biivoUCg9vOnNLFbU9rXMtgWzotF6YtMupegXiljF4Y4sXjo
u+vwBcE45RenMY/9A3riQdLALmnNMmZKJn0UJtaTpq1c+nZZIDC+pVdzWJGosQXx
iqdIbU8bkIF4no54cHBNpSXmYf4/IqTYnA==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEJTCCAw2gAwIBAgIDAjp3MA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMTQwODI5MjEzOTMyWhcNMjIwNTIwMjEzOTMyWjBHMQswCQYDVQQG
EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXUmFwaWRTU0wg
U0hBMjU2IENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv
VJvZWF0eLFbG1eh/9H0WA//Qi1rkjqfdVC7UBMBdmJyNkA+8EGVf2prWRHzAn7Xp
SowLBkMEu/SW4ib2YQGRZjEiwzQ0Xz8/kS9EX9zHFLYDn4ZLDqP/oIACg8PTH2lS
1p1kD8mD5xvEcKyU58Okaiy9uJ5p2L4KjxZjWmhxgHsw3hUEv8zTvz5IBVV6s9cQ
DAP8m/0Ip4yM26eO8R5j3LMBL3+vV8M8SKeDaCGnL+enP/C1DPz1hNFTvA5yT2AM
QriYrRmIV9cE7Ie/fodOoyH5U/02mEiN1vi7SPIpyGTRzFRIU4uvt2UevykzKdkp
YEj4/5G8V1jlNS67abZZAgMBAAGjggEdMIIBGTAfBgNVHSMEGDAWgBTAephojYn7
qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUw5zz/NNGCDS7zkZ/oHxb8+IIy1kwEgYD
VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwNQYDVR0fBC4wLDAqoCig
JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMC4GCCsGAQUF
BwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDovL2cuc3ltY2QuY29tMEwGA1UdIARF
MEMwQQYKYIZIAYb4RQEHNjAzMDEGCCsGAQUFBwIBFiVodHRwOi8vd3d3Lmdlb3Ry
dXN0LmNvbS9yZXNvdXJjZXMvY3BzMA0GCSqGSIb3DQEBCwUAA4IBAQCjWB7GQzKs
rC+TeLfqrlRARy1+eI1Q9vhmrNZPc9ZE768LzFvB9E+aj0l+YK/CJ8cW8fuTgZCp
fO9vfm5FlBaEvexJ8cQO9K8EWYOHDyw7l8NaEpt7BDV7o5UzCHuTcSJCs6nZb0+B
kvwHtnm8hEqddwnxxYny8LScVKoSew26T++TGezvfU5ho452nFnPjJSxhJf3GrkH
uLLGTxN5279PURt/aQ1RKsHWFf83UTRlUfQevjhq7A6rvz17OQV79PP7GqHQyH5O
ZI3NjGFVkP46yl0lD/gdo0p0Vk8aVUBwdSWmMy66S6VdU5oNMOGNX2Esr8zvsJmh
gP8L8mJMcCaY
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
-----END CERTIFICATE-----
Raw
thawte-cert-key.txt
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+zfdQfvLN8okk
qiM6ElIOkDQcJnCzwo1jVNgn6rQBJ7ADTl9h4JGn1dqyoNAdpRvI0QcERInknOHN
kIBjG7C5Fkxa0R/4MoJziRO/Zx0fVNyVJpb+SBNkq+yjT3D5Uruq4VypE33V0YUg
NPvwAH9j2yPYJtRklPvp/4Cefg8gAz+mxB3IOv93Y6tj6RISxzJOrrPo4GOBeQLA
wpOtIohBNCuQUYil2LsujgBuCcehEwpvz5LYzwdm5r2LcCCHpt1pgWzizmNiR8Gi
pXV2DC2nYG4FDivFQd93FiyMxEodUKe8atbDwP8VpCOGUjEvep/nSeGMO3BawmTy
yN7oPJtVAgMBAAECggEAOIQhgUJZAQ+Z97Y9gPH0REQKa1wnfddesdFrxUcL0lvD
Evef4Qn3mtMJWGexvVYuiKkBfw4eGg0uBQmMPc7x5aDpNO1Enuu3ICm2I7eTNLia
LcOkbeVDeUpDaYwaVn9e/xqJq7sORssst4F6Lni3Qwih8WBvAOvwQjtgCZIlQMGy
h5Qjtt+moIZsD3bjIaoyUZvz+f0sShLHcb8rM8rHfsWv+7tR4alxaluyMQBrps0N
YgoLc5t0rEmaoe7OosN6C457wYx9c+r4zy2Ixr9n+bSEjN0XbDSNsvcpAldnJK0e
SXnEksREPCJDKxIQUgpDt+8rumAXXvmRCATPYXLHgQKBgQDmz+ZYacLH+flwyxzw
1scsGmCdZ0+CLT+xoXzk9vg9sO+lpep8P1Mb1AljrxRyNKyaUKiSbsvkNeq06I9k
LahVWXBvwN/jFnhFVOoRQT9rDImMZrLomq7bdBAQCc6wpWDmlbGV1VplJd0SxHiZ
t6Z3XJzqcDgEvpygWi0xd6tVLQKBgQDToGRmiTTIBmUoNvVYxhWZfME438OLMl6/
/2BPJATmeYQ1tzDMnJm7k/L1ujqjxM0kOaQN5YQ3FPGach341glVssu8aCPK7ukc
5tY+AsojtF1CxHlGGm7Nr0wBsb50irZgDjGap0gSXJHZWeocWJ5vTevZSOggB784
XQcxE3yHyQKBgQClrq8m4CRV8HbCJMsNht9KJVUdKD/Grjx+gfFpWm8vuYcNXWBI
+BvsafSjfdYrdOxBiYy4MJhjpOBqJFZqDuw6+Azh643LMSH8gsvSvweLDGDgTAg5
OHA0T8gH+0JHQy+f1ey4JYLSALAE/MulbFMuc2igURWlMj60TIcMb16psQKBgFRa
q4p/iG1utyWnenZvRq7OnopYDy7N3hyz46TIG7fumfd7VNVKWrD9USwHllYvHQIi
g7USVnhKPd+tOyszzba+NR2deR7ryjm9/YnsPLysqTvy6tA5uw77n9VRDzSPEhEJ
t1YI9d5zzaMQhxPTcxu0uJz8xaH21I7X7gTu2oWZAoGBAJ33crz+kod20QOg8QjX
1ePV10d3nT8WKVkkXvOIsY1sAwW0ZIkzPT/pynKF/F5JtLZrc8ekdpZhKCuwtJOE
BeEqAbxLdx4WUF/XycYpkwQMBoNc8gEluaghYmA+CpMfhIAfTQ9w1i9DuSkqShXN
Vk9Wh1RDvXTSMzpxVIXBMw5f
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIEiDCCA3CgAwIBAgIQXaIoVDkXMlrWeWYR5KkhZjANBgkqhkiG9w0BAQsFADBj
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMR0wGwYDVQQLExRE
b21haW4gVmFsaWRhdGVkIFNTTDEeMBwGA1UEAxMVdGhhd3RlIERWIFNTTCBDQSAt
IEcyMB4XDTE1MTAyNTAwMDAwMFoXDTE2MTAyNDIzNTk1OVowITEfMB0GA1UEAxQW
bG9jYWxob3N0LnR0Y29uZmlnLnh5ejCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAL7N91B+8s3yiSSqIzoSUg6QNBwmcLPCjWNU2CfqtAEnsANOX2HgkafV
2rKg0B2lG8jRBwREieSc4c2QgGMbsLkWTFrRH/gygnOJE79nHR9U3JUmlv5IE2Sr
7KNPcPlSu6rhXKkTfdXRhSA0+/AAf2PbI9gm1GSU++n/gJ5+DyADP6bEHcg6/3dj
q2PpEhLHMk6us+jgY4F5AsDCk60iiEE0K5BRiKXYuy6OAG4Jx6ETCm/PktjPB2bm
vYtwIIem3WmBbOLOY2JHwaKldXYMLadgbgUOK8VB33cWLIzESh1Qp7xq1sPA/xWk
I4ZSMS96n+dJ4Yw7cFrCZPLI3ug8m1UCAwEAAaOCAXgwggF0MCEGA1UdEQQaMBiC
FmxvY2FsaG9zdC50dGNvbmZpZy54eXowCQYDVR0TBAIwADArBgNVHR8EJDAiMCCg
HqAchhpodHRwOi8vdG4uc3ltY2IuY29tL3RuLmNybDBuBgNVHSAEZzBlMGMGBmeB
DAECATBZMCYGCCsGAQUFBwIBFhpodHRwczovL3d3dy50aGF3dGUuY29tL2NwczAv
BggrBgEFBQcCAjAjDCFodHRwczovL3d3dy50aGF3dGUuY29tL3JlcG9zaXRvcnkw
HwYDVR0jBBgwFoAUn7jBqWzy9cAiKpTtXJms1OzXxgcwDgYDVR0PAQH/BAQDAgWg
MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBXBggrBgEFBQcBAQRLMEkw
HwYIKwYBBQUHMAGGE2h0dHA6Ly90bi5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0
dHA6Ly90bi5zeW1jYi5jb20vdG4uY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQDkP041
PIu9DttLktNjEoNrR140uuF/IospnWWd/KburA+t3n1o/FjejqZQVwJjimyJM8W1
FYlC+R+x2l7XpoRCaWuwWy1oAXJtC9KMO24zyoGCZn87/SlWqb36iItXUI1HLKh5
YA71Y0JF8nNURfYIPyrytmS6O3Z7SfxSgsr12ucCyjesurd9JoEl2NTLHdforHum
II5Bq94xcQIquXJ0aa9ubDoeswKgp1ypDSOl6dy2i6MJulp4i71hE0pjKdO4JZYs
43/O68jZ/SdlxEx5XlEKJ4XZPCPDqutflUeXkNk85HomDg1so/NJIRjJlSEcrqSn
k4IFhYw04e22Li30
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIQLGnhL2pnC9md0g+RnvCeUTANBgkqhkiG9w0BAQsFADCB
qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw
MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV
BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMTQwNjEwMDAwMDAwWhcNMjQw
NjA5MjM1OTU5WjBjMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMu
MR0wGwYDVQQLExREb21haW4gVmFsaWRhdGVkIFNTTDEeMBwGA1UEAxMVdGhhd3Rl
IERWIFNTTCBDQSAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
6pQHhchBLPaDEmySX6sfANSWb3TNLhHpbA85AblIkEA5TcSiyHlqpZq9kURld1St
/yVf7kL7swIP6l163RpUntdzQpvMeV/FTfS3Cxg5IHrdUAFdNEVfTBEO9YcmJrSw
835xoDFxUIloWmOKFGLljDoWVQ0+66qAHXF644cHq72idM3aCAGdG8wniIxH1Gkl
Qta7UG2FUNBIgg0In+kj40LGPJi4u27FcBPfGR0B/dK1TuZi9Af6a30Rd8RiT0BO
pXiXqyxNDKd8w8RQMp/QcJsP//91WTSFrUnVNe5PW9TUNpWgfujFoRy9E0597mNq
lhmZyKcqAOZRjUbrMFjoLQIDAQABo4IBOTCCATUwEgYDVR0TAQH/BAgwBgEB/wIB
ADBBBgNVHSAEOjA4MDYGCmCGSAGG+EUBBzYwKDAmBggrBgEFBQcCARYaaHR0cHM6
Ly93d3cudGhhd3RlLmNvbS9jcHMwDgYDVR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEB
BCIwIDAeBggrBgEFBQcwAYYSaHR0cDovL3Quc3ltY2QuY29tMDEGA1UdHwQqMCgw
JqAkoCKGIGh0dHA6Ly90LnN5bWNiLmNvbS9UaGF3dGVQQ0EuY3JsMCkGA1UdEQQi
MCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTY5ODAdBgNVHQ4EFgQUn7jB
qWzy9cAiKpTtXJms1OzXxgcwHwYDVR0jBBgwFoAUe1tFz6/Oy3r9MZIaarbzRutX
SFAwDQYJKoZIhvcNAQELBQADggEBAFNU8keoAtfvqjV4vkoIDZAYS22eKlMr6VQX
d3QpftA3BwW45Pq4tGOYRNzGT4EGjDq+xzBXxnD81pMZn8NV1z4fcoqdMFo1lzLL
Y+TGct/7aMppL9vNUDg+K7urO4LH/UubvXxBmO8BU9g1jyXJAwbmnFfBUQ+e9n2T
Tfh2yDpr9MSPMzJ/nSGENNmn+ZL6QZFhhAWdo3lGzmfngfJerEy8qKtqbRXinE5a
2WOAvPdC65pExoxrBja0izKJ3sLxqCaqqaz/6nGm54xB+hc1u7OHMamTwshY4QpO
lYOcue07pe8I4HT5wxvmB6PuB9dCInkhoKHUHSbT0NamXStBwHk=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCB
qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw
MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV
BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3MDAwMDAwWhcNMzYw
NzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5j
LjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYG
A1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl
IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFs
W0hoSVk3/AszGcJ3f8wQLZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta
3RGNKJpchJAQeg29dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk
6KHYcWUNo1F77rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6
Sk/KaAcdHJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94J
NqR32HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA
MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7W0XP
r87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7ORtvzw6WfU
DW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeEuzLlQRHAd9mz
YJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX
xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2
/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/
LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7
jVaMaA==
-----END CERTIFICATE-----
@SchizoDuckie
Copy link

image
^torrents time devs

@m00dy
Copy link

m00dy commented Feb 13, 2016

So what ?

@wodim
Copy link

wodim commented Feb 13, 2016

As long as localhost.ttconfig.xyz always resolves to 127.0.0.1 what's the damn problem?

@joepie91
Copy link

@wodim That you've now introduced an MITM vector that wasn't there before.

@jduncanator
Copy link

@wodim Assuming the attacker is in a position to MITM the traffic anyway, it doesn't matter what the DNS records say for localhost.ttconfig.xyz, if I'm in a position to alter every packet to and from your computer, I can just modify the DNS response to point to a location of my choice, use the private keys in the binary to MITM the TLS connection and exploit any number of available XSS attacks present in TT to run arbitrary JavaScript on any page the plugin is present on. Private keys are called private keys for a reason.

@andrewmd5
Copy link

The ride never ends! http://blog.andrew.im/post/139084882590/torrents-time-security-issues

@krisives
Copy link

As long as localhost.ttconfig.xyz always resolves to 127.0.0.1 what's the damn problem?

How would we guarantee that it always resolves to that? We can't, so it's a problem.

@krisives
Copy link

@jduncanator Currently one person (the owner of the DNS records) could flip a switch and essentially start MITM anyone using Torrents-Time even though he doesn't have the ability to MITM the individual connections.

@SchizoDuckie
Copy link

All of this together is really a 3 way attack vector:

  • we already knew you can do malicious stuff from javascript, that requires browsing to a hijacked page (passive)
  • the thing is listening on 0.0.0.0, so you can connect to the socket from lan and send malicous commands (active)
  • You can hijack the dns and send forged traffic when someone wants to connect to it (passive)

@Wack0
Copy link
Author

Wack0 commented Feb 15, 2016

The Comodo cert has been revoked.

comodorevoked

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment