Errata Security: Extracting the SuperFish Certificate
Superfish certificate password cracked.
I extracted the certificate from the SuperFish adware and cracked the password (“komodia”) that encrypted it. I discuss how down below. The consequence is that I can intercept the encrypted communications of SuperFish’s victims (people with Lenovo laptops) while hanging out near them at a cafe wifi hotspot. Note: this is probably trafficking in illegal access devices under the proposed revisions to the CFAA, so get it now before they change the law.
I used simple reversing to find the certificate. As reported by others, program is packed and self-encrypted (like typical adware/malware). The proper way to reverse engineer this is to run the software in a debugger (or IDApro), setting break point right after it decrypts itself. The goal is to set the right break point before it actually infects your machine — reversers have been known to infect themselves this way.