Re: Proof of concept that PGP AUTHENTICATION CAN BE BYPASSED WITHOUTPATCHING

["madsys" <h4x0r () ercist iscas ac cn>]

hi, I dont think you can easily decrypt the PGPdisk without knowing the encryption key or the private key. But I think 
what you mentioned is a bug -- PGPdisk shouldn't show the contained files list before dectypting the disk.


        madsys

======= 2006-05-28 05:31:18：=======

> This to answer Mr Jon Callas (PGP CTO) and to show him the last proof-of-concept. If he did not get it we consider we 
> have done our part to report a BIG problem in PGP unless this is some kinda of HIDDEN features.
>
>
>
> --Adonis, Abed Comments--
>
> We do not agree with some of PGP comments. 
>
>
>
> We do not know why they just see one side of the coin.
>
>
>
> What if you had  created a virtual disk  and give that to  someone. That someone
>
> use it as his/her own disk and  decided to change the password because they  own
>
> the disk  now (You  give them  to them  with the  pass). So  they did change the
>
> passowrd, but the originator  can still access that  disk if he/she replace  the
>
> passphrase  bytes in  the binary  file. So  I consider  this an  attack on  data
>
> INTEGRITY and  data AVAILABILITY since the legitimate user will be denied access
>
> to the disk after replacing the passphrase bytes.
>
>
>
> "why you do not want to see that your password verification can be simply 
>
> bypassed, besides a reputable co. like PGP should at least put anti-debugging 
>
> tweaks, or even encrypt/hide the passphrase location"
>
>
>
> To pgp, your authentication can be bypassed, even if you have created two
>
> different .sda file with two different content. the authentication can be
>
> overwritten and the file can be extracted if you use a debugger if you do not
>
> use a debugger you will be able to just bypass the authentication but without
>
> extraction. why don't you see that mr. jon? instead of bitching and stuff? why
>
> cannot you be professional and just explain fact after you do your home work
>
> with a nice debugger.? is that to much asking, I think we are talking among
>
> human and adults no?.
>
>
>
> We think Mr. Jon (PGP) should play this flash video SLOW REAL SLOW.
>
>
>
> http://www.safehack.com/Advisory/pgp/answerjon.html
>
>
>
> PGP comments: http://www.securityfocus.com/archive/1/435155 
>
>
>
> Quote from Mr Jon comments: "For completeness, I'll note that we are discussing
>
> whether we should add in a warning dialog to the passphrase change on a PGP
>
> Disk, to tell the user that an attacker who has learned an old passphrase, has
>
> an old disk and a hex editor can patch the disk so that it can be opened. On the
>
> one hand, this might be a good thing to do". 
>
>
>
> So if Mr Jon does not see the problem why they are talking about adding a
>
> message box?. Why the passphrase location is not hidden? etc. I still see this
>
> as INTEGRITY and AVAILABILITY attacks on PGP. I do not think it is normal
>
> behavior of an encryption application to reveal it is passphrase location and I
>
> do not see bypassing the passphrase dialog-box as Feature either.
>
>
>
>
>
>
>
> Proof of concept that PGP AUTHENTICATION CAN BE BYPASSED WITHOUT PATCHING THE 
>
> BINARY FILE EVEN.
>
>
>
> This Flash video is dedicated to Mr. Jon Callas (PGP CTO, CSO).
>
> http://www.safehack.com/Advisory/pgp/proof_of_concept_PGP_Authentication_BYPASS.html
>
> http://www.safehack.com/Advisory/pgp/proof_of_concept_PGP_Authentication_BYPASS.html
>
>
>
> We had reported that PGP Authentication can be bypassed by patching the binary 
>
> file. After reading Mr. Jon Callas NON PROFESSIONAL answer, me and abed decided 
>
> to show him that is not true. By using a SIMPLE Debugger PGP Authentication can 
>
> be bypassed.
>
>
>
> Here is Mr Jon Callas Comments http://www.securityfocus.com/archive/1/435155 
>
> Summing up, we are disappointed that for whatever reasons, we were not contacted 
>
> about this research before it was put on the web and posted on bugtraq. Had we 
>
> been contacted, we could discuss this in private rather than have to air the 
>
> details of this misunderstanding in a public forum. I am truly sorry for the 
>
> sake of the Information Security Institute of Quebec and its staff that this 
>
> complex issue has turned into a public brouhaha.
>
>
>
> We load the file in the debugger and set the break points then we start by 
>
> hitting F9 we will see the password dialog we enter ANY password here. When it 
>
> stop at 00409797 Hit F9 6 times You see 
>
>
>
> on 00405D70 |. E8 4FFBFFFF CALL a_sda.004058C4
>
> we hit 6 times F9
>
> A break point should be set on 00405D70 to see this.
>
>
>
> After running the sda in olly we end up here. We hit F9 couples of time then we change ESI EDI
>
> ON 00409797 |. F3:A7 REPE CMPS DWORD PTR ES:[EDI],DWORD PTR D>; 
>
>
>
> We see the stack values
>
> ECX=00000002 (decimal 2.)
>
> DS:[ESI]=stack [00BBF68C]=DC3F5C82 <-- IF WE ENTER A BAD PASSWORD THESE WONT BE THE SAME
>
> ES:[EDI]=stack [00BBFF98]=DC3F5C82 EQUAL... WE JUST MAKE THEM EQUAL THEN CONTINUE THE QUEST. 
>
>
>
> AT THIS POINT PGP Authentication is bypassed.
>
>
>
> I hope that help Mr. Jon (PGP) seeing the problem. Again Mr Jon Bitching does not help you fixing your products.
>
>
>
> -- End Comment--
>
>
> Peace
> .

= = = = = = = = = = = = = = = = = = = =
                        

                                 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/