Desperate Hacker
Chapter 8 A loophole like Heartbleed 1
Chapter 8 A loophole like a bleeding heart
After Chen Qingfeng and Zhao Changan finished talking about business in the cafe, Chen Qingfeng turned and left.
Along the way, he took the subway back home. As soon as he got home, an indescribable and uncomfortable feeling suddenly hit him.So Chen Qingfeng accidentally fell to the ground.
So he moved on the floor with difficulty.
Until he slowly moved into the bedroom, he quickly opened the drawer and took out a few analgesics that the doctor prescribed to him when he returned from the imperial capital.
Then he swallowed it dryly.
It took a while before Chen Qingfeng finally calmed down.
It was okay, he walked slowly to the kitchen hungry and cooked himself a bowl of noodles with clear soup.
He couldn't eat anything because he felt so sick.
There was only vermicelli that he didn't need to chew, and he could barely eat it.
In this way, after cooking the noodles, he took the pot and came to his familiar study room.
Then I turned on the computer and started doing what I do every day, which is reading the code.
As a programmer, Chen Qingfeng has always liked reading well-known open source codes.
In recent days, he has been studying openSSL.
Because this project is the most well-known encryption protocol in the world.And at the same time it is also an open source project.
SSL was originally a connection protocol, but then more and more people used it, so some people thought of encryption methods to prevent hackers from destroying it.
So the openSSL project was born.
Now what Chen Qingfeng wants to do is a hacker-type plug-in. If he can understand some principles of openSSL.That would be very helpful for his plug-in career. At least he could know which programmers had made fatal mistakes, and how should he start?
Chen Qingfeng was eating noodles and reading the code in his project documents.
Debugging code is a tedious task, but it's also a conversation between programmers and programmers.
You can improve yourself by learning other people's programs.
And only people who understand technology will enjoy this process.
In addition, Chen Qingfeng also discovered another benefit, that is, while having fun debugging code, the body and brain will temporarily forget about the cancer in his body.
This is very helpful in alleviating the discomfort caused by the disease.
"Heartbeat detection!"
This is a function used for time synchronization. Although it is very important, many programs have heartbeat detection, so this code reads similar.
Chen Qingfeng slowly worked on the nodes in the code, and he built a small test program that can test open SSL.
Through breakpoints, you can see clearly what is stored in the memory?
Chen Qingfeng first sent the heartbeat packet according to the conventional strategy.
It didn’t take long for his breakpoint to receive a response!
All this was within his expectation, but at this moment, his hand accidentally touched the chopsticks, and the chopsticks hit the keyboard. Chen Qingfeng was in a hurry, and suddenly touched the mouse and clicked the compile button. See As he watched the long compilation process, he couldn't help but feel a headache.
Fortunately, the compiler only compiles the code he modified.
But at this moment, the breakpoint was triggered again.
Chen Qingfeng looked at all this in surprise.
Then he turned back and looked at the parts of the code that he had modified.
A piece of content that was originally supposed to be sent exceeded the 64KB limit. Chen Qingfeng accidentally added an extra 0 at the end.
It stands to reason that after this illegal message is sent, the breakpoint will not be triggered.
But now it has been triggered?
What exactly is going on?
Chen Qingfeng felt a little strange, the program should not have reached this point.
So he tried it again and added a few more breakpoints.
So the program began to be followed step by step by Chen Qingfeng.When Chen Qingfeng saw an if judgment, he suddenly discovered that the pointer of this program unexpectedly jumped to the if-true code segment contrary to convention!
Chen Qingfeng looked at this piece of program code in surprise.
He repeated it over and over with his eyes wide open.
Finally, he couldn't help but take a deep breath.
Then he thought he had discovered an indescribably momentous fact.
Open SSL programmers actually made mistakes?
An illegally accessed message was actually considered correct.
This also means that I have obtained the message stored in an unknown area inside the server.
Cross-border access?
Is there something wrong with a well-known open source encryption project?
There are so many programmers around the world, and countless pairs of eyes are staring at the basic program, but the bug has been adjusted out by myself.
what does this mean?
Chen Qingfeng still couldn't believe it, because according to common sense, this was simply impossible.
But now it is clearly happening.
So Chen Qingfeng patiently opened the page of a major manufacturer.
The OpenSSL protocol is now most commonly used by these major manufacturers, especially in the e-commerce field.
Now Chen Qingfeng wants to try it out.
So he picked it up and took a sip of the cold noodle soup.Then he moved his fingers and started tapping quickly on the keyboard.
He forged a similar illegal message that exceeded the limit.
Then with a trembling heart, I sent it to the server of the e-commerce website.
Immediately afterwards, he waited for the other party's response in the program.
In almost less than a second, he received a message.
When Chen Qingfeng opened it, a smile of joy and relief suddenly appeared on his face.
He was not wrong, the Open SSL programmers did make a fatal mistake.
It obtained the 64KB data returned from the server through an extremely long message.
The data even contained a stranger’s username and password.
A module used for heartbeat detection actually caused the program to leak information in the memory.
And important data was seeped out of the loopholes bit by bit.It was as if there was a bleeding hole leaking from the aorta of the heart, bleeding bit by bit.
And Chen Qingfeng can be sure that if he masters this vulnerability, at least on this night, all websites in the world that use openSSL protocol encryption will be opened in front of him.
what does this mean?
This means that God suddenly opened a door to wealth for him at that moment.
But he wasn't sure when the vulnerability would be discovered by programmers.
But if he had taken action early, at least one thing was certain, he wouldn't have to worry about the cost of treatment!
Chen Qingfeng couldn't help but stood up from the table.
He walked to his bookcase and took down the bottle of Wuliangye directly on it.
Then he unscrewed it and poured it into his stomach.
However, Chen Qingfeng, who didn't drink much on weekdays, soon started coughing.
However, at this moment, he encountered the happiest moment in his life.
He had never felt as accomplished as he did today.
It turns out that even the best programmers in the world and the most rigorous open source projects in the world sometimes make mistakes.
(End of this chapter)
After Chen Qingfeng and Zhao Changan finished talking about business in the cafe, Chen Qingfeng turned and left.
Along the way, he took the subway back home. As soon as he got home, an indescribable and uncomfortable feeling suddenly hit him.So Chen Qingfeng accidentally fell to the ground.
So he moved on the floor with difficulty.
Until he slowly moved into the bedroom, he quickly opened the drawer and took out a few analgesics that the doctor prescribed to him when he returned from the imperial capital.
Then he swallowed it dryly.
It took a while before Chen Qingfeng finally calmed down.
It was okay, he walked slowly to the kitchen hungry and cooked himself a bowl of noodles with clear soup.
He couldn't eat anything because he felt so sick.
There was only vermicelli that he didn't need to chew, and he could barely eat it.
In this way, after cooking the noodles, he took the pot and came to his familiar study room.
Then I turned on the computer and started doing what I do every day, which is reading the code.
As a programmer, Chen Qingfeng has always liked reading well-known open source codes.
In recent days, he has been studying openSSL.
Because this project is the most well-known encryption protocol in the world.And at the same time it is also an open source project.
SSL was originally a connection protocol, but then more and more people used it, so some people thought of encryption methods to prevent hackers from destroying it.
So the openSSL project was born.
Now what Chen Qingfeng wants to do is a hacker-type plug-in. If he can understand some principles of openSSL.That would be very helpful for his plug-in career. At least he could know which programmers had made fatal mistakes, and how should he start?
Chen Qingfeng was eating noodles and reading the code in his project documents.
Debugging code is a tedious task, but it's also a conversation between programmers and programmers.
You can improve yourself by learning other people's programs.
And only people who understand technology will enjoy this process.
In addition, Chen Qingfeng also discovered another benefit, that is, while having fun debugging code, the body and brain will temporarily forget about the cancer in his body.
This is very helpful in alleviating the discomfort caused by the disease.
"Heartbeat detection!"
This is a function used for time synchronization. Although it is very important, many programs have heartbeat detection, so this code reads similar.
Chen Qingfeng slowly worked on the nodes in the code, and he built a small test program that can test open SSL.
Through breakpoints, you can see clearly what is stored in the memory?
Chen Qingfeng first sent the heartbeat packet according to the conventional strategy.
It didn’t take long for his breakpoint to receive a response!
All this was within his expectation, but at this moment, his hand accidentally touched the chopsticks, and the chopsticks hit the keyboard. Chen Qingfeng was in a hurry, and suddenly touched the mouse and clicked the compile button. See As he watched the long compilation process, he couldn't help but feel a headache.
Fortunately, the compiler only compiles the code he modified.
But at this moment, the breakpoint was triggered again.
Chen Qingfeng looked at all this in surprise.
Then he turned back and looked at the parts of the code that he had modified.
A piece of content that was originally supposed to be sent exceeded the 64KB limit. Chen Qingfeng accidentally added an extra 0 at the end.
It stands to reason that after this illegal message is sent, the breakpoint will not be triggered.
But now it has been triggered?
What exactly is going on?
Chen Qingfeng felt a little strange, the program should not have reached this point.
So he tried it again and added a few more breakpoints.
So the program began to be followed step by step by Chen Qingfeng.When Chen Qingfeng saw an if judgment, he suddenly discovered that the pointer of this program unexpectedly jumped to the if-true code segment contrary to convention!
Chen Qingfeng looked at this piece of program code in surprise.
He repeated it over and over with his eyes wide open.
Finally, he couldn't help but take a deep breath.
Then he thought he had discovered an indescribably momentous fact.
Open SSL programmers actually made mistakes?
An illegally accessed message was actually considered correct.
This also means that I have obtained the message stored in an unknown area inside the server.
Cross-border access?
Is there something wrong with a well-known open source encryption project?
There are so many programmers around the world, and countless pairs of eyes are staring at the basic program, but the bug has been adjusted out by myself.
what does this mean?
Chen Qingfeng still couldn't believe it, because according to common sense, this was simply impossible.
But now it is clearly happening.
So Chen Qingfeng patiently opened the page of a major manufacturer.
The OpenSSL protocol is now most commonly used by these major manufacturers, especially in the e-commerce field.
Now Chen Qingfeng wants to try it out.
So he picked it up and took a sip of the cold noodle soup.Then he moved his fingers and started tapping quickly on the keyboard.
He forged a similar illegal message that exceeded the limit.
Then with a trembling heart, I sent it to the server of the e-commerce website.
Immediately afterwards, he waited for the other party's response in the program.
In almost less than a second, he received a message.
When Chen Qingfeng opened it, a smile of joy and relief suddenly appeared on his face.
He was not wrong, the Open SSL programmers did make a fatal mistake.
It obtained the 64KB data returned from the server through an extremely long message.
The data even contained a stranger’s username and password.
A module used for heartbeat detection actually caused the program to leak information in the memory.
And important data was seeped out of the loopholes bit by bit.It was as if there was a bleeding hole leaking from the aorta of the heart, bleeding bit by bit.
And Chen Qingfeng can be sure that if he masters this vulnerability, at least on this night, all websites in the world that use openSSL protocol encryption will be opened in front of him.
what does this mean?
This means that God suddenly opened a door to wealth for him at that moment.
But he wasn't sure when the vulnerability would be discovered by programmers.
But if he had taken action early, at least one thing was certain, he wouldn't have to worry about the cost of treatment!
Chen Qingfeng couldn't help but stood up from the table.
He walked to his bookcase and took down the bottle of Wuliangye directly on it.
Then he unscrewed it and poured it into his stomach.
However, Chen Qingfeng, who didn't drink much on weekdays, soon started coughing.
However, at this moment, he encountered the happiest moment in his life.
He had never felt as accomplished as he did today.
It turns out that even the best programmers in the world and the most rigorous open source projects in the world sometimes make mistakes.
(End of this chapter)
Tap the screen to use advanced tools
Tip: You can use left and right keyboard keys to browse between chapters.
You'll Also Like
-
Huayu: The director just wants to save money
Chapter 521 2 hours ago -
Reborn as a great painter, with a system, you can be willful
Chapter 529 2 hours ago -
My new wife discovered my past
Chapter 250 2 hours ago -
I inject positive energy into the world
Chapter 172 2 hours ago -
Hu Hu, I have to lose weight before the disaster!
Chapter 106 2 hours ago -
Start with Tianlong Murong family, fight against the heavens
Chapter 838 2 hours ago -
Douluo: Wuhun Tianjing, Opening VS Qiandaoliu
Chapter 146 2 hours ago -
People in the chat group, girlfriend Ma Xiaotao
Chapter 207 2 hours ago -
With the shopping system in hand, I became the richest man in the 1980s
Chapter 168 2 hours ago -
Under One Person: I am alone, reviving the Tang Sect
Chapter 628 2 hours ago
