====================================================================
A Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8 & 9
To read more http://www.safehack.com/Advisory/pgp/PGPcrack.html
====================================================================
We have discovered a security bug in PGP. PGP said this is not a bug
but rather a feature.
Since when bypassing authentication in a crypto application is a
feature ?
Affected Products:
* PGP 8.x PGP 9.x maybe older version too
PGP disk or SDA can be cracked in 3 major steps:
------------------------------------------------
1. Editing PGP protected file using a hex editor. (Patching the
passphrase).
2. Tracing PGP protected file using a debugger. (You need a lot of
time and coding/cracking experience)
3. Patching the responsible bytes.
Conclusions for 6 days debugging and testing:
=============================================
* PGP Virtual Disk and PGP and PGP SDA has a serious bug. I have
tested PGP 8.1 Entreprise. Other version many be vulnerable too.
* PGP corporation made the same error in PGP 9.x you can bypass the
passphrase Dialog box same way.
* PGP corporation could avoid this type of issue by calculation the
HASH for the encrypted file. They should make it harder to locate the
passphrase.
* PGP Virtual Disk First Level protection bypass. Passphrase
bypass. (Working 100%)
* PGP Virtual Disk Backdooring (Working 100%).
* PGP Virtual Disk Mounting / Adding Users / Deleting Users / Re-
Encrypting Disk (Working 100%).
* PGP Virtual Disk Mounting and Data Access (Working 40%. Need more
time to debug).
* PGP SDA Passphrase bypass. (Working 100%)
* PGP SDA Extraction is possible IF the input file is the same
(Working 100% Patching using a Debugger)
* PGP SDA Extraction is possible of any file (Working 80%. Need
more time to debug)
* WINZIP was not affected. 1- In winzip you do not know where is
the password location 2- If you change one bit your file wont work
* We DO NOT HAVE more time to test, but We am sure many smart dudes
out their would love to play some more.
* To do: Build an application to mount PGP Virtual disk using this
bug.
* To do: Build an application to extract PGP SDA files using this
bug.
PGP SDA authentication method
=============================
Let's say you created a text file and wrote inside it "aa", then
created an SDA.
IF you hex edit the output exe, you will notice at the very buttom of
the file some bytes seperated by 803E.
Ex:
E7 93 A0 90 E9 62 D1 21
803E
A1 50 AF 5F 6F 9E FE D6
Analysing the bytes carefully, you will notice that 803E is the value
used for a loop. The loop starts at 0040590D. Further analysis showed
that the bytes right before 803E, are used for extraction and
authentication. Authentication is done in the following way:
When some enters a passphrase a series of instructions is executed
against the bytes right before 803E, to be exact in the function at
address 00404E8F. This function generates a series of bytes which are
compared later on to the bytes AFTER 803E. If they match you are
granted auth.
The auth. byte comarison is done in the following instruction:
00409797 |. F3:A7 REPE CMPS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI]
Anyone can easily bypass this by modifying the values provided by the
memory addresses, to make them match.
To read more http://www.safehack.com/Advisory/pgp/PGPcrack.html
====================================================================
Author: Adonis a.K.a NtWaK0, Abed, a.K.a. nophie
Date: 2006-05-08
© 2006 All rights reserved www.isiq.ca
====================================================================
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
