---------- Forwarded message ---------- Date: Fri, 10 Apr 1998 15:40:04 -0300 From: Anonymous Sender <nobodyat_private> To: cypherpunksat_private Subject: announce: weaken for netscape !! -----BEGIN PGP SIGNED MESSAGE----- Hello. since it is possible to fortify netscape navigator, it is also possible to weaken it. i'm releasing this patch to underline the fact that you should really think about the degree of trust you put in your crypto software or any modifications done to it by others. so what's this patch is ? this is WEAKEN for netscape (should i put a (TM) logo ? )! it makes crypto in ssl useless !! for people who dont believe me ... here's some tech details : during handshake, ssl client and server exchange two random 32 bytes sequences (Client.Random and Server.Random) in cleartext. when the client receives the server's public key (if the cipherspec uses rsa), it generates a 48 bytes random structure (this is the premaster secret) and sends it to the server encrypted with that public key. so if you can patch the software, how to make this schema useless ? just make the premaster secret predictible, since the master secret is a function of it, plus the two random structures which are available in clear to you (attacker) you may now ask why this is interesting ? after all, if an attacker gains access to your machine all the security is lost anyway. I released this to say that : 1- it is easy to fortify netscape, but can't verify that it really works (i mean you cant verify that it offers real 128 security, what is saied in the properties window in netscape after fortifying it is not a proof of security) 2- weakening netscape is easy ... but u can verify that it works !! 3- this is a very short byte sequence !! imagine what happenes if : 3-1 that sequence is propagated by a virus ! 3-2 your boss installs that sequence by night in your computer !! 3-3 some vendors already ship their software with the weaken sequence !!! enough with args, here is the stuff : this patch works on communicator pro export for win32, i downloaded the copy i worked on a few hours ago ... so by downloading the latest communicator 4.04 export, english from netscape's ftp site you will be able to weaken your browser ;) ... anyway if you want to be sure about your version before weakening it, download fortify, and run it's md5 program with following parameter : md5 -r 0x400-0x32ca00,0x384a00:0x58400 ...\program\netscape.exe there is a line matching the version i'm talking about in the "index" file you will find with fortify.exe (download the whole fortify from www.fortify.net), here's a copy from that line : 4096512 0x400-0x32ca00,0x384a00:0x58400 aea2aba6f731468e34fd1141f603ea20 pro 4.04 0 2 morphs-1.2 x86win32 (97325) netscape's executable size : 4096512 bytes by running md5 as indicated, you should obtain this hash aea2aba6f731468e34fd1141f603ea20 now this is the patch to apply : look for byte sequence : 52 88 8d e0 fe ff ff 8a 40 01 6a 00 88 85 e1 fe ff ff e8 9e 27 00 00 83 c4 0c 8b f8 and change with 6a 72 52 88 8d e0 fe ff ff 8a 40 01 88 85 e1 fe ff ff e8 cd 98 94 77 83 c4 0c 33 ff that's all !!!! in short, i'm changing a call to GenerateRandom to memset >;-) 72 is the ascii code for 'r' (my favorite char). if you can play with ssleay, you can change the ssl/ssl_txt.c, ssl/s3_srvr.c and ssl/ssl.h in order to keep the premaster secret in memory so you can display it in the output given by s_server -accept <port> -www good luck -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: cp850 iQCVAwUBNS59fpVRLpSyKBl9AQFQPQP/fxAuSA80MmLTZtkFI776HfTylXbhXbvM Eq6rWdEip7OhuaG8Nemjc+lVH95I+YRHqG5iHWdT9and1PhQ9QHGwxmWLVT8wa0x HlOVuoMK4BuyfwbcvYAXUwtdgbA6hcVXX/BD+jCPXhE+ZDYPbHGF+NRYaeBIhWRC x1QsId+jPQQ= =eOS5 -----END PGP SIGNATURE----- Ken Williams ORG: NC State Computer Science Dept VP of The E.H.A.P. Corp. EML: jkwilli2at_private ehapat_private WWW: http://152.7.11.38/~tattooman/ http://www.hackers.com/ehap/ PGP: finger tattoomanat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:48:53 PDT