1

I would like to examine the Lenova/Superfish root certificate being used in the wild.

I've worked through articles like Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS connections, and looked at similar questions like How to detect if I am vulnerable to “Superfish”, and how to remove it? and What security risks are posed by software vendors deploying SSL Intercepting proxies on user desktops (e.g. Superfish).

If you have a copy of the certificate, then you can receive a textual representation of it with:

cat superfish.cert | openssl x509 -text -noout

But what is in the certificate? What attributes are included, and which algorithms were used?

1 Answers1

3

Robert Graham of Errata Security has generously extracted (and provided for download) the Superfish certificate, and cracked its password as well. See this link.

EDIT (per suggestions):

$ cat superfish.cert | openssl x509 -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 15203047915477327079 (0xd2fc1387a944dce7)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: O=Superfish, Inc., L=SF, ST=CA, C=US, CN=Superfish, Inc.
        Validity
            Not Before: May 12 16:25:26 2014 GMT
            Not After : May  7 16:25:26 2034 GMT
        Subject: O=Superfish, Inc., L=SF, ST=CA, C=US, CN=Superfish, Inc.
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:e8:f3:4a:18:76:5f:19:3f:b1:cf:58:e9:7f:43:
                    07:09:95:80:35:c5:0f:fe:71:31:27:81:99:12:26:
                    20:a5:df:8f:6a:fc:42:55:39:ee:09:38:89:d9:e0:
                    36:c4:ac:01:82:5b:d5:39:e6:f9:8f:07:88:df:fe:
                    ee:f6:a1:14:ce:a9:74:45:d8:fd:f0:17:57:2a:82:
                    e1:7a:2e:12:93:5a:ac:8a:d7:15:63:d1:b7:9b:55:
                    80:0f:58:bc:1c:49:ed:20:62:dd:b6:4c:a5:3a:eb:
                    1c:3d:a0:ff:7a:71:a6:d3:10:78:33:ae:4b:c2:1c:
                    fd:92:4a:a1:c3:e7:41:a4:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:TRUE
            X509v3 Subject Key Identifier: 
                FB:98:B3:53:7F:14:44:2E:E8:EE:D5:09:9A:5E:0E:56:86:A8:35:88
            X509v3 Authority Key Identifier: 
                keyid:FB:98:B3:53:7F:14:44:2E:E8:EE:D5:09:9A:5E:0E:56:86:A8:35:88
                DirName:/O=Superfish, Inc./L=SF/ST=CA/C=US/CN=Superfish, Inc.
                serial:D2:FC:13:87:A9:44:DC:E7

    Signature Algorithm: sha1WithRSAEncryption
         a4:7c:a0:ec:0a:4a:c7:70:c4:71:68:f3:3b:22:e2:dc:9c:8d:
         d0:92:fe:73:7e:72:2b:55:44:9b:1b:b4:42:eb:1f:af:be:ba:
         e3:93:a3:d4:8b:18:c2:94:f0:b3:a6:bd:65:34:4c:cd:24:f8:
         19:0b:c5:15:0a:da:f3:57:8b:a9:86:cf:6c:c3:ee:84:2f:85:
         0b:19:14:17:98:b4:0c:d4:96:8b:e9:1c:cc:95:c9:4e:d0:aa:
         4b:01:a5:f6:df:49:12:81:6a:be:d5:be:ce:76:7d:4e:ac:8b:
         88:e3:30:ed:31:84:50:8f:bc:f1:50:2a:5b:4a:a6:5e:7c:0f:
         71:fa
AviD
  • 72,138
  • 22
  • 136
  • 218
Panther Modern
  • 521
  • 2
  • 7