Proof of concept that PGP AUTHENTICATION CAN BE BYPASSED WITHOUT PATCHING
This to answer Mr Jon Callas (PGP CTO) and to show him the last
proof-of-concept. If he did not get it we consider we have done our part to
report a BIG problem in PGP unless this is some kinda of HIDDEN features.
--Adonis, Abed Comments--
We do not agree with some of PGP comments.
We do not know why they just see one side of the coin.
What if you had created a virtual disk and give that to someone. That someone
use it as his/her own disk and decided to change the password because they own
the disk now (You give them to them with the pass). So they did change the
passowrd, but the originator can still access that disk if he/she replace the
passphrase bytes in the binary file. So I consider this an attack on data
INTEGRITY and data AVAILABILITY since the legitimate user will be denied access
to the disk after replacing the passphrase bytes.
"why you do not want to see that your password verification can be simply
bypassed, besides a reputable co. like PGP should at least put anti-debugging
tweaks, or even encrypt/hide the passphrase location"
To pgp, your authentication can be bypassed, even if you have created two
different .sda file with two different content. the authentication can be
overwritten and the file can be extracted if you use a debugger if you do not
use a debugger you will be able to just bypass the authentication but without
extraction. why don't you see that mr. jon? instead of bitching and stuff? why
cannot you be professional and just explain fact after you do your home work
with a nice debugger.? is that to much asking, I think we are talking among
human and adults no?.
We think Mr. Jon (PGP) should play this flash video SLOW REAL SLOW.
http://www.safehack.com/Advisory/pgp/answerjon.html
PGP comments: http://www.securityfocus.com/archive/1/435155
Quote from Mr Jon comments: "For completeness, I'll note that we are discussing
whether we should add in a warning dialog to the passphrase change on a PGP
Disk, to tell the user that an attacker who has learned an old passphrase, has
an old disk and a hex editor can patch the disk so that it can be opened. On the
one hand, this might be a good thing to do".
So if Mr Jon does not see the problem why they are talking about adding a
message box?. Why the passphrase location is not hidden? etc. I still see this
as INTEGRITY and AVAILABILITY attacks on PGP. I do not think it is normal
behavior of an encryption application to reveal it is passphrase location and I
do not see bypassing the passphrase dialog-box as Feature either.
Proof of concept that PGP AUTHENTICATION CAN BE BYPASSED WITHOUT PATCHING THE
BINARY FILE EVEN.
This Flash video is dedicated to Mr. Jon Callas (PGP CTO, CSO).
http://www.safehack.com/Advisory/pgp/proof_of_concept_PGP_Authentication_BYPASS.html
http://www.safehack.com/Advisory/pgp/proof_of_concept_PGP_Authentication_BYPASS.html
We had reported that PGP Authentication can be bypassed by patching the binary
file. After reading Mr. Jon Callas NON PROFESSIONAL answer, me and abed decided
to show him that is not true. By using a SIMPLE Debugger PGP Authentication can
be bypassed.
Here is Mr Jon Callas Comments http://www.securityfocus.com/archive/1/435155
Summing up, we are disappointed that for whatever reasons, we were not
contacted
about this research before it was put on the web and posted on bugtraq. Had we
been contacted, we could discuss this in private rather than have to air the
details of this misunderstanding in a public forum. I am truly sorry for the
sake of the Information Security Institute of Quebec and its staff that this
complex issue has turned into a public brouhaha.
We load the file in the debugger and set the break points then we start by
hitting F9 we will see the password dialog we enter ANY password here. When it
stop at 00409797 Hit F9 6 times You see
on 00405D70 |. E8 4FFBFFFF CALL a_sda.004058C4
we hit 6 times F9
A break point should be set on 00405D70 to see this.
After running the sda in olly we end up here. We hit F9 couples of time then we
change ESI EDI
ON 00409797 |. F3:A7 REPE CMPS DWORD PTR ES:[EDI],DWORD PTR D>;
We see the stack values
ECX=00000002 (decimal 2.)
DS:[ESI]=stack [00BBF68C]=DC3F5C82 <-- IF WE ENTER A BAD PASSWORD THESE WONT BE
THE SAME
ES:[EDI]=stack [00BBFF98]=DC3F5C82 EQUAL... WE JUST MAKE THEM EQUAL THEN
CONTINUE THE QUEST.
AT THIS POINT PGP Authentication is bypassed.
I hope that help Mr. Jon (PGP) seeing the problem. Again Mr Jon Bitching does
not help you fixing your products.
-- End Comment--
Peace