Anonymous Sender (nobody@privacy.nb.ca)
Fri, 10 Apr 1998 15:30:09 -0300
-----BEGIN PGP SIGNED MESSAGE-----
Hello.
since it is possible to fortify netscape navigator, it is also possible
to weaken it. i'm releasing this patch to underline the fact that you should
really think about the degree of trust you put in your crypto software or any
modifications done to it by others.
so what's this patch is ?
this is WEAKEN for netscape (should i put a (TM) logo ? )! it makes crypto in ssl useless !!
for people who dont believe me ... here's some tech details :
during handshake, ssl client and server exchange two random 32 bytes
sequences (Client.Random and Server.Random) in cleartext.
when the client receives the server's public key (if the cipherspec uses rsa),
it generates a 48 bytes random structure (this is the premaster secret) and
sends it to the server encrypted with that public key.
so if you can patch the software, how to make this schema useless ? just make
the premaster secret predictible, since the master secret is a function of
it, plus the two random structures which are available in clear to you (attacker)
you may now ask why this is interesting ? after all, if an attacker gains access
to your machine all the security is lost anyway. I released this to say that :
1- it is easy to fortify netscape, but can't verify that it really works (i mean
you cant verify that it offers real 128 security, what is saied in the properties
window in netscape after fortifying it is not a proof of security)
2- weakening netscape is easy ... but u can verify that it works !!
3- this is a very short byte sequence !! imagine what happenes if :
3-1 that sequence is propagated by a virus !
3-2 your boss installs that sequence by night in your computer !!
3-3 some vendors already ship their software with the weaken sequence !!!
enough with args, here is the stuff :
this patch works on communicator pro export for win32,
i downloaded the copy i worked on a few hours ago ... so by downloading the
latest communicator 4.04 export, english from netscape's ftp site you will
be able to weaken your browser ;) ... anyway if you want to be sure about your
version before weakening it, download fortify, and run it's md5 program with
following parameter :
md5 -r 0x400-0x32ca00,0x384a00:0x58400 ...\program\netscape.exe
there is a line matching the version i'm talking about in the "index" file you
will find with fortify.exe (download the whole fortify from www.fortify.net),
here's a copy from that line :
4096512 0x400-0x32ca00,0x384a00:0x58400 aea2aba6f731468e34fd1141f603ea20 pro 4.04 0 2 morphs-1.2 x86win32 (97325)
netscape's executable size : 4096512 bytes
by running md5 as indicated, you should obtain this hash
aea2aba6f731468e34fd1141f603ea20
now this is the patch to apply :
look for byte sequence :
52 88 8d e0 fe ff ff 8a 40 01 6a 00 88 85 e1 fe ff ff e8 9e 27 00 00 83 c4 0c 8b f8
and change with
6a 72 52 88 8d e0 fe ff ff 8a 40 01 88 85 e1 fe ff ff e8 cd 98 94 77 83 c4 0c 33 ff
that's all !!!!
in short, i'm changing a call to GenerateRandom to memset >;-)
72 is the ascii code for 'r' (my favorite char).
if you can play with ssleay, you can change the ssl/ssl_txt.c, ssl/s3_srvr.c
and ssl/ssl.h in order to keep the premaster secret in memory so you can display it
in the output given by s_server -accept <port> -www
good luck
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: cp850
iQCVAwUBNS59fpVRLpSyKBl9AQFQPQP/fxAuSA80MmLTZtkFI776HfTylXbhXbvM
Eq6rWdEip7OhuaG8Nemjc+lVH95I+YRHqG5iHWdT9and1PhQ9QHGwxmWLVT8wa0x
HlOVuoMK4BuyfwbcvYAXUwtdgbA6hcVXX/BD+jCPXhE+ZDYPbHGF+NRYaeBIhWRC
x1QsId+jPQQ=
=eOS5
-----END PGP SIGNATURE-----
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:16:56 ADT