|
|
| |
"Pretty Good Privacy (PGP) is a computer program which provides cryptographic privacy and authentication. "
PGP Self Decrypting Archive (SDA) allow users to send conventionally encrypted files to people who do not have PGP installed.
A design flaw allows attackers to bypass authentication with PGP SDA. |
| |
Credit:
The information has been provided by sinoda swan.
The original article can be found at: http://www.safehack.com/Advisory/pgp/PGPcrack.html
|
| |
Vulnerable Systems:
* PGP version 8
* PGP version 9
When a user create a text file and wrote inside it "aa" and then create a SDA, an hex edit of the exe out, will show the user at the very buttom of the file some bytes separated by 803E.
Example:
E7 93 A0 90 E9 62 D1 21
803E
A1 50 AF 5F 6F 9E FE D6
Analyzing the bytes carefully, you will notice that 803E is the value used for a loop. The loop starts at 0040590D. Further analysis showed that the bytes right before 803E, are used for extraction and authentication.
Authentication is done in the following way:
When some enters a passphrase a series of instructions is executed against the bytes right before 803E, to be exact in the function at address 00404E8F. This function generates a series of bytes which are compared later on to the bytes AFTER 803E. If they match the user is granted authentication.
There are two ways to bypass the authentication need:
1. Modifying the contents of the address 00890D70.
The modification should be done in:
0040598F |. E8 AC3D0000 CALL filename_s.00409740
At: 00409740 /$ 8B4424 0C MOV EAX,DWORD PTR SS:[ESP+C]
At this point change the contents of 00890D70.
After the bytes change, you will have to bypass authentication. After bypassing authentication you will be able to extract.
2. Modifying the contents of the address 00BAF670
The Modification should be done in:
0040595F FF15 90324100 CALL DWORD PTR DS:[413290]
At: 004019DA /$ FF7424 08 PUSH DWORD PTR SS:[ESP+8]
At this point change the contents of 00BAF670.
NOTE: At this point if you change the contents of 00BAF670, you won't have to bypass authentication, it will work like a charm, and it will grant authentication/extract.
Once you have patched the passphrase location attackers can do whatever they like to do to the users. The problem with user management is a clear issue. When the passphrase is changed PGP does not change the underlying key which will allow any user who had access to regain that access back.
Note to forensic investigators: Imagine you are working on some cases and for some reason you do not want Mr. Y to have access to some of the evidence file, so you decided to change the passphrase on your PGP virtual Disk. Mr. Y can still access the evidence if he patch the Virtual Disk binary file.
Related Links:
* Extraction bytes GENERATION location for PGP SDA file.
* Locating 78 DA sequence area.
* Two Ways to bypass PGP SDA Authentication and EXTRACT with success
* Semi Detailed Block Diagram
* Other Discovered issues with PGP
|
| Subject:
|
How long... |
Date: |
7 Jun. 2006 |
| From: |
Edd0Aloha |
| How long has PGP been notified? This was tested with 9.02 and PGP is now shipping 9.06. Is the current distribution still vulnerable? Do not see a fix reference for this in 9.06 Release Notes. |
|
| Subject:
|
PGP 9.06 |
Date: |
8 Jun. 2006 |
| From: |
ahariribalamand.edu.lb |
| We believe it is vuln. because it is a design issue, and PGP did not officially address this issue.
|
|
| Subject:
|
See also PGP comment at BugTraq |
Date: |
9 Jun. 2006 |
| From: |
michael.werweinnohack.de |
| http://www.securityfocus.com/archive/1/435155 |
|
|
|
|
