Presentation is loading. Please wait.

Presentation is loading. Please wait.

DR. MIGUEL ÁNGEL OROS HERNÁNDEZ 5. Descifrado de formatos de archivo.

Similar presentations


Presentation on theme: "DR. MIGUEL ÁNGEL OROS HERNÁNDEZ 5. Descifrado de formatos de archivo."— Presentation transcript:

1 DR. MIGUEL ÁNGEL OROS HERNÁNDEZ 5. Descifrado de formatos de archivo

2 5. Decifrado de formatos de archivos 1. Introducción 2. Cryptex 3. Proceso de verificación de contraseñas 4. Proceso de extracción de archivos

3 Introducción

4 To achieve interoperability with a third party’s software product Interoperability means getting the software to cooperate with software written by someone else Undocumented file formats or networking protocols cannot be accessed by any program other than those written by the original owner of the format No one else knows the details of the propietary format Using data reverse engineering Obtain the missing information regarding a propietary data format Write code that reads or even generates data in the propietary format Examples  Undocumented file format (.doc format)  Windows has contained hundreds of undocumented APIs

5 Cryptex

6 A program written by Eldad Eilam A command-line data encryption tool It can encrypt files using a password It manages archive files (.crx) that can contain multiple encrypted files It uses 3DES encryption algorithm 3DES  An enhanced version of the original Data Encryption Standard (DES) algorithm (IBM, 1976), 56-bit key to encrypt data  Uses 56-bit keys and encrypts the plaintext three times using the DES algorithm, each time with a different key  56*3=168-bit key  Security: 12345, your name versus j8&1`#:#mAkQ)d

7 Cryptex using Cryptex

8 Cryptex reason that justify deciphering the file format of a program To evaluate the level of security offered by the product A back door? A trivial encryption algorithm? An incorrect use of strong, industry- standard encryption algorithm Reversing file formats? For compatibility For interoperatibility

9 Cryptex reversing Cryptex Code that reads from the file But not to the code that generates files using that format Time for studying the code that reads the file format The password is somehow stored in the file! Cryptex a Test asterisks.txt Cryptex 1.0 – Written by Eldad Eilam Archive “Test1.crx” does not exists. Creating a new archive. Adding file “asterisks.txt” to archive “Test1” Encrypting “asterisks.txt” – percent completed.

10 Cryptex reversing Cryptex Cryptex l Test Cryptex 1.0 – Written by Eldad Eilam Listing all files in archive “Test1” File Size File Name 3K asterisks.txt Total files listed: 1 Total size: 3K Cryptex l Test Cryptex 1.0 – Written by Eldad Eilam Listing all files in archive “Test1” ERROR: Invalid password. Unable to process file.

11 Cryptex reversing Cryptex: inside the Cryptex archive files Detect apparently random byte secuence Entire contents + the file table have been encrypted As expected  Password  asterisks.txt file name  actual asterisks cannot be found within the file Look inside the program in order to see how it manages its data Windows Crypto API: a generic cryptographic library: CryptEncript, CryptDecrypt functions Cryptographic Service Providers (CSPs) Symmetric and Asymmetric Cryptographic algoritms: DES, RSA, AES

12 Proceso de verificación de contraseñas

13 Catching the “bad password” message 1. Create an archive 2. Start Cryptex in a debugger feeding an incorrect password 3. Try to catch the place in the code where Cryptex notifies the user that a bad password has been supplied 4. Trace back from that call to see how Cryptex made the decision to print that message 1. WinDbg, OllyDbg: place breakpoint on the printf function from MSVCR71.DLL

14 Proceso de verificación de contraseñas The Password Transformation Algorithm 1. Place a memory breakpoint on the global variable that stores the currently type password 2. Look at the stack 3. Try to trace back 4. Find the call made from Cryptex to the encryption engine

15 Proceso de verificación de contraseñas Cryptex’s key-generation and password-verification process

16 Proceso de extracción de archivos

17 Cryptex: decrypt and extract files from its encrypted archive files Scanning the File List Decrypting the File The Decryption Loop Verifying the Hash Value

18 Bibliografía Reversing: Secrets of Reverse Engineering  Eldad Eilam  Wiley Publishing, Inc.  2005

19 Fin


Download ppt "DR. MIGUEL ÁNGEL OROS HERNÁNDEZ 5. Descifrado de formatos de archivo."

Similar presentations


Ads by Google