Presentation is loading. Please wait.

Presentation is loading. Please wait.

DR. MIGUEL ÁNGEL OROS HERNÁNDEZ 5. Descifrado de formatos de archivo.

Published byHaden Hards Modified over 9 years ago

Similar presentations

Presentation on theme: "DR. MIGUEL ÁNGEL OROS HERNÁNDEZ 5. Descifrado de formatos de archivo."— Presentation transcript:

1 DR. MIGUEL ÁNGEL OROS HERNÁNDEZ 5. Descifrado de formatos de archivo

2 5. Decifrado de formatos de archivos 1. Introducción 2. Cryptex 3. Proceso de verificación de contraseñas 4. Proceso de extracción de archivos

3 Introducción

4 To achieve interoperability with a third party’s software product Interoperability means getting the software to cooperate with software written by someone else Undocumented file formats or networking protocols cannot be accessed by any program other than those written by the original owner of the format No one else knows the details of the propietary format Using data reverse engineering Obtain the missing information regarding a propietary data format Write code that reads or even generates data in the propietary format Examples  Undocumented file format (.doc format)  Windows has contained hundreds of undocumented APIs

5 Cryptex

6 A program written by Eldad Eilam A command-line data encryption tool It can encrypt files using a password It manages archive files (.crx) that can contain multiple encrypted files It uses 3DES encryption algorithm 3DES  An enhanced version of the original Data Encryption Standard (DES) algorithm (IBM, 1976), 56-bit key to encrypt data  Uses 56-bit keys and encrypts the plaintext three times using the DES algorithm, each time with a different key  56*3=168-bit key  Security: 12345, your name versus j8&1`#:#mAkQ)d

7 Cryptex using Cryptex

8 Cryptex reason that justify deciphering the file format of a program To evaluate the level of security offered by the product A back door? A trivial encryption algorithm? An incorrect use of strong, industry- standard encryption algorithm Reversing file formats? For compatibility For interoperatibility

9 Cryptex reversing Cryptex Code that reads from the file But not to the code that generates files using that format Time for studying the code that reads the file format The password is somehow stored in the file! Cryptex a Test1 6666666666 asterisks.txt Cryptex 1.0 – Written by Eldad Eilam Archive “Test1.crx” does not exists. Creating a new archive. Adding file “asterisks.txt” to archive “Test1” Encrypting “asterisks.txt” – 100.00 percent completed.

10 Cryptex reversing Cryptex Cryptex l Test1 6666666666 Cryptex 1.0 – Written by Eldad Eilam Listing all files in archive “Test1” File Size File Name 3K asterisks.txt Total files listed: 1 Total size: 3K Cryptex l Test1 6666666665 Cryptex 1.0 – Written by Eldad Eilam Listing all files in archive “Test1” ERROR: Invalid password. Unable to process file.

11 Cryptex reversing Cryptex: inside the Cryptex archive files Detect apparently random byte secuence Entire contents + the file table have been encrypted As expected  Password  asterisks.txt file name  actual asterisks cannot be found within the file Look inside the program in order to see how it manages its data Windows Crypto API: a generic cryptographic library: CryptEncript, CryptDecrypt functions Cryptographic Service Providers (CSPs) Symmetric and Asymmetric Cryptographic algoritms: DES, RSA, AES

12 Proceso de verificación de contraseñas

13 Catching the “bad password” message 1. Create an archive 2. Start Cryptex in a debugger feeding an incorrect password 3. Try to catch the place in the code where Cryptex notifies the user that a bad password has been supplied 4. Trace back from that call to see how Cryptex made the decision to print that message 1. WinDbg, OllyDbg: place breakpoint on the printf function from MSVCR71.DLL

14 Proceso de verificación de contraseñas The Password Transformation Algorithm 1. Place a memory breakpoint on the global variable that stores the currently type password 2. Look at the stack 3. Try to trace back 4. Find the call made from Cryptex to the encryption engine

15 Proceso de verificación de contraseñas Cryptex’s key-generation and password-verification process

16 Proceso de extracción de archivos

17 Cryptex: decrypt and extract files from its encrypted archive files Scanning the File List Decrypting the File The Decryption Loop Verifying the Hash Value

18 Bibliografía Reversing: Secrets of Reverse Engineering  Eldad Eilam  Wiley Publishing, Inc.  2005

19 Fin

Download ppt "DR. MIGUEL ÁNGEL OROS HERNÁNDEZ 5. Descifrado de formatos de archivo."

Similar presentations

Using Cryptography to Secure Information. Overview Introduction to Cryptography Using Symmetric Encryption Using Hash Functions Using Public Key Encryption.

Using Cryptography to Secure Information. Overview Introduction to Cryptography Using Symmetric Encryption Using Hash Functions Using Public Key Encryption.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Network Security: Lab#2 J. H. Wang Apr. 28, 2011.

Network Security: Lab#2 J. H. Wang Apr. 28, 2011.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
DNSSEC Cryptography Review DNSSEC Tutorial February 21, 2011 Hong Kong Will.i.am Hervey Allen.

DNSSEC Cryptography Review DNSSEC Tutorial February 21, 2011 Hong Kong Will.i.am Hervey Allen.
White-Box Cryptography

White-Box Cryptography
Sri Lanka Institute of Information Technology

Sri Lanka Institute of Information Technology
DR. MIGUEL ÁNGEL OROS HERNÁNDEZ 8. Cracking. Cracking Magnitude of piracy  All kinds of digital content (music, software, movies)  Huge economic repercussions.

DR. MIGUEL ÁNGEL OROS HERNÁNDEZ 8. Cracking. Cracking Magnitude of piracy  All kinds of digital content (music, software, movies)  Huge economic repercussions.
DR. MIGUEL ÁNGEL OROS HERNÁNDEZ 9. Técnicas anti-ingeniería inversa.

DR. MIGUEL ÁNGEL OROS HERNÁNDEZ 9. Técnicas anti-ingeniería inversa.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.

Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.

Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Introduction to Cryptography

Introduction to Cryptography
TrustPort Public Key Infrastructure. WWW.TRUSTPORT.COM Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.

Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.

Similar presentations

Ads by Google