[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] Re: Proof of concept that PGP AUTHENTICATION CAN BE BYPASSED WITHOUTPATCHING
- To: "full-disclosure" <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: [Full-disclosure] Re: Proof of concept that PGP AUTHENTICATION CAN BE BYPASSED WITHOUTPATCHING
- From: "madsys" <h4x0r@xxxxxxxxxxxxxxxxxx>
- Date: Mon, 29 May 2006 18:20:42 +0800
hi, I dont think you can easily decrypt the PGPdisk without knowing the
encryption key or the private key. But I think what you mentioned is a bug --
PGPdisk shouldn't show the contained files list before dectypting the disk.
madsys
======= 2006-05-28 05:31:18:=======
>This to answer Mr Jon Callas (PGP CTO) and to show him the last
>proof-of-concept. If he did not get it we consider we have done our part to
>report a BIG problem in PGP unless this is some kinda of HIDDEN features.
>
>
>
>--Adonis, Abed Comments--
>
>We do not agree with some of PGP comments.
>
>
>
>We do not know why they just see one side of the coin.
>
>
>
>What if you had created a virtual disk and give that to someone. That
>someone
>
>use it as his/her own disk and decided to change the password because they
>own
>
>the disk now (You give them to them with the pass). So they did change
>the
>
>passowrd, but the originator can still access that disk if he/she replace
>the
>
>passphrase bytes in the binary file. So I consider this an attack on
>data
>
>INTEGRITY and data AVAILABILITY since the legitimate user will be denied
>access
>
>to the disk after replacing the passphrase bytes.
>
>
>
>"why you do not want to see that your password verification can be simply
>
>bypassed, besides a reputable co. like PGP should at least put anti-debugging
>
>tweaks, or even encrypt/hide the passphrase location"
>
>
>
>To pgp, your authentication can be bypassed, even if you have created two
>
>different .sda file with two different content. the authentication can be
>
>overwritten and the file can be extracted if you use a debugger if you do not
>
>use a debugger you will be able to just bypass the authentication but without
>
>extraction. why don't you see that mr. jon? instead of bitching and stuff? why
>
>cannot you be professional and just explain fact after you do your home work
>
>with a nice debugger.? is that to much asking, I think we are talking among
>
>human and adults no?.
>
>
>
>We think Mr. Jon (PGP) should play this flash video SLOW REAL SLOW.
>
>
>
>http://www.safehack.com/Advisory/pgp/answerjon.html
>
>
>
>PGP comments: http://www.securityfocus.com/archive/1/435155
>
>
>
>Quote from Mr Jon comments: "For completeness, I'll note that we are discussing
>
>whether we should add in a warning dialog to the passphrase change on a PGP
>
>Disk, to tell the user that an attacker who has learned an old passphrase, has
>
>an old disk and a hex editor can patch the disk so that it can be opened. On
>the
>
>one hand, this might be a good thing to do".
>
>
>
>So if Mr Jon does not see the problem why they are talking about adding a
>
>message box?. Why the passphrase location is not hidden? etc. I still see this
>
>as INTEGRITY and AVAILABILITY attacks on PGP. I do not think it is normal
>
>behavior of an encryption application to reveal it is passphrase location and I
>
>do not see bypassing the passphrase dialog-box as Feature either.
>
>
>
>
>
>
>
>Proof of concept that PGP AUTHENTICATION CAN BE BYPASSED WITHOUT PATCHING THE
>
>BINARY FILE EVEN.
>
>
>
>This Flash video is dedicated to Mr. Jon Callas (PGP CTO, CSO).
>
>http://www.safehack.com/Advisory/pgp/proof_of_concept_PGP_Authentication_BYPASS.html
>
>http://www.safehack.com/Advisory/pgp/proof_of_concept_PGP_Authentication_BYPASS.html
>
>
>
>We had reported that PGP Authentication can be bypassed by patching the binary
>
>file. After reading Mr. Jon Callas NON PROFESSIONAL answer, me and abed
>decided
>
>to show him that is not true. By using a SIMPLE Debugger PGP Authentication
>can
>
>be bypassed.
>
>
>
>Here is Mr Jon Callas Comments http://www.securityfocus.com/archive/1/435155
>
>Summing up, we are disappointed that for whatever reasons, we were not
>contacted
>
>about this research before it was put on the web and posted on bugtraq. Had we
>
>been contacted, we could discuss this in private rather than have to air the
>
>details of this misunderstanding in a public forum. I am truly sorry for the
>
>sake of the Information Security Institute of Quebec and its staff that this
>
>complex issue has turned into a public brouhaha.
>
>
>
>We load the file in the debugger and set the break points then we start by
>
>hitting F9 we will see the password dialog we enter ANY password here. When it
>
>stop at 00409797 Hit F9 6 times You see
>
>
>
>on 00405D70 |. E8 4FFBFFFF CALL a_sda.004058C4
>
>we hit 6 times F9
>
>A break point should be set on 00405D70 to see this.
>
>
>
>After running the sda in olly we end up here. We hit F9 couples of time then
>we change ESI EDI
>
>ON 00409797 |. F3:A7 REPE CMPS DWORD PTR ES:[EDI],DWORD PTR D>;
>
>
>
>We see the stack values
>
>ECX=00000002 (decimal 2.)
>
>DS:[ESI]=stack [00BBF68C]=DC3F5C82 <-- IF WE ENTER A BAD PASSWORD THESE WONT
>BE THE SAME
>
>ES:[EDI]=stack [00BBFF98]=DC3F5C82 EQUAL... WE JUST MAKE THEM EQUAL THEN
>CONTINUE THE QUEST.
>
>
>
>AT THIS POINT PGP Authentication is bypassed.
>
>
>
>I hope that help Mr. Jon (PGP) seeing the problem. Again Mr Jon Bitching does
>not help you fixing your products.
>
>
>
>-- End Comment--
>
>
>Peace
>.
= = = = = = = = = = = = = = = = = = = =
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/