Dynamical Models for Computer Viruses Propagation, Hacking and IT E-Book Dump Release, pobierz pdf

[ Pobierz całość w formacie PDF ]
1
Malicious crypto
(Ab)use cryptology
2
3
Frederic Raynal
4
EADS Corporate Research Center
MISC Magazine
5
EuSecWest 2006
Fred Raynal
Fred Raynal
Malicious crypto
Cryptovirology
A matter of precision
A matter of time
A matter of stealth
Last words
Cryptovirology
A matter of precision
A matter of time
A matter of stealth
Last words
Cryptology and malwares
Cryptovirus
What am I doing here?
Cryptology and malwares
Cryptovirus
What am I doing here?
1
1
2
2
3
3
4
4
5
5
Fred Raynal
Fred Raynal
Malicious crypto
Cryptovirology
A matter of precision
A matter of time
A matter of stealth
Last words
Cryptovirology
A matter of precision
A matter of time
A matter of stealth
Last words
Cryptology and malwares
Cryptovirus
What am I doing here?
Cryptology and malwares
Cryptovirus
What am I doing here?
Cryptology
[Anti]Virology
What is it?
Virus:
self-replicating
program that
spreads
by inserting (possibly
modiﬁed) copies of itself into other executable code or documents
Usually regarded as malicious because of the payloads and other
anti-anti-viral techniques
Anti-virus: program that attempt to
identify, thwart and eliminate
computer viruses and other malicious software
Mainly built upon pattern matching (signatures) or upon identifying
suspicious behaviors (heuristics)
What is it?
Cryptography: designing algorithms to
ensure
conﬁdentiality,
authentication, integrity, and so on
Usually based on a secret called key and/or speciﬁc mathematical
functions (one-way)
Cryptanalysis: designing algorithms to
bypass
conﬁdentiality,
authentication, integrity, and so on
Usually based on complex mathematical theories, but also on good
tricks to achieve the same goals (operational cryptanalysis)
Fred Raynal
Fred Raynal
Malicious crypto
Cryptovirology
A matter of precision
A matter of time
A matter of stealth
Last words
Cryptovirology
A matter of precision
A matter of time
A matter of stealth
Last words
Cryptology and malwares
Cryptovirus
What am I doing here?
Cryptology and malwares
Cryptovirus
What am I doing here?
Malwares
Malwares
What is it?
Hardware, software or ﬁrmware capable of performing an unauthorized
function on the system in order to break its conﬁdentiality, integrity or
availability
What is it?
Hardware, software or ﬁrmware capable of performing an unauthorized
function on the system in order to break its conﬁdentiality, integrity or
availability
Classiﬁcation
Simple malwares
Logical bombs: wait for a trigger condition to “detonate”
Trojan horse: program with overt actions hiding covert actions
Self-replicating malwares
Virus: parasitic code unable to spread by itself
Worm: stand-alone code able to spread by itself over networks
Classiﬁcation
Simple malwares
Logical bombs: wait for a trigger condition to “detonate”
Trojan horse: program with overt actions hiding covert actions
Self-replicating malwares
Virus: parasitic code unable to spread by itself
Worm: stand-alone code able to spread by itself over networks
Fred Raynal
Fred Raynal
Malicious crypto
                                                                                                                                                                                                      Cryptography & malwares
1
Usual ways to use cryptography when dealing with malwares
Ensure conﬁdentiality of data in
anti-virus
Protect signatures database, updates, . . .
Ensure conﬁdentiality of data in
virus
(mainly payload)
Ciphering of the payload to make it mysterious
Avoid the detection and analysis of a virus:
Code replacement, either at source code or opcode level
(polymorphism / metamorphism)
Armored virus, where cryptography is used to delay the analyze of
the malware
2
3
4
5
Fred Raynal
Fred Raynal
Malicious crypto
Cryptovirology
A matter of precision
A matter of time
A matter of stealth
Last words
Cryptovirology
A matter of precision
A matter of time
A matter of stealth
Last words
Cryptology and malwares
Cryptovirus
What am I doing here?
Cryptology and malwares
Cryptovirus
What am I doing here?
Before the cryptovirus
Cryptovirus: a deﬁnition
Break that symmetric view !!!
If the ciphering is known, the deciphering routine can be guessed
If the key is present in the virus, the virus is fully known
Before the origin
A virus writer tries to put stealth, robustness, replication strategies,
and optionally a payload in its creation
When an analyst gets a hold on a virus, he learns how the virus
works, what it does. . .
The virus writer and the analyst share the same view of the virus: a
Turing machine (state-transition table and a starting state)
)Use asymmetric cryptography
Cryptovirus
[
A cryptovirus is a virus embedding and using a public-key
Fred Raynal
Fred Raynal
Malicious crypto
Cryptovirology
A matter of precision
A matter of time
A matter of stealth
Last words
Cryptovirology
A matter of precision
A matter of time
A matter of stealth
Last words
Cryptology and malwares
Cryptovirus
What am I doing here?
Cryptology and malwares
Cryptovirus
What am I doing here?
Cryptovirus: a deﬁnition
Racket through virus (basic model)
Give me your money
The writer of a virus creates a RSA key
The public key appears in the body of the virus
The private key is kept by the author
The virus spreads, and the payload uses the public key
e.g. it ciphers the data of the targets with the public key
The author requires a ransom before sending the private key
Break that symmetric view !!!
If the ciphering is known, the deciphering routine can be guessed
If the key is present in the virus, the virus is fully known
)Use asymmetric cryptography
Cryptovirus
[
A cryptovirus is a virus embedding and using a public-key
Such a perfect guy
Anonymity: how to get the money without being caught?
Re-usability: what if the victim publish the private key?
The victim could send his data, however, he may not enjoy to give it
in clear text to the extortioner
Fred Raynal
Fred Raynal
Malicious crypto
Cryptovirology
A matter of precision
A matter of time
A matter of stealth
Last words
Cryptovirology
A matter of precision
A matter of time
A matter of stealth
Last words
Cryptology and malwares
Cryptovirus
What am I doing here?
Racket through virus (basic model)
Cryptology and malwares
Cryptovirus
What am I doing here?
Racket through virus . . . again (hybrid model)
Give me your money
The writer of a virus creates a RSA key
The public key appears in the body of the virus
The private key is kept by the author
The virus spreads, and the payload uses the public key
e.g. it ciphers the data of the targets with the public key
The author requires a ransom before sending the private key
Give me more money
The writer of a virus creates a RSA key
The public key is put in the body of the virus
The private key is kept by the author
The virus spreads
The payload creates a secret key
The secret key is used to cipher data on the disk
The secret key is ciphered with the public key
The author asks for a ransom before deciphering himself the secret
key
Such a perfect guy
Anonymity: how to get the money without being caught?
Re-usability: what if the victim publish the private key?
The victim could send his data, however, he may not enjoy to give it
in clear text to the extortioner
Fred Raynal
Fred Raynal
Malicious crypto
                                                                                                                                                                                                            A matter of state of mind
1
Usual state of mind in cryptovirology
How can I use a given crypto-stu in virology?
2
My state of mind here
How can I improve a given tactical factor with cryptology?
How can I maliciously use cryptology?
3
4
5
Fred Raynal
Fred Raynal
Malicious crypto
Cryptovirology
A matter of precision
A matter of time
A matter of stealth
Last words
Cryptovirology
A matter of precision
A matter of time
A matter of stealth
Last words
Cryptology and malwares
Cryptovirus
What am I doing here?
Cryptology and malwares
Cryptovirus
What am I doing here?
A matter of state of mind
Purpose of this talk
How to improve malware’s e
ciency with crypto?
Target harvesting: mechanisms to discover valid targets to infect
and control the spreading
Delay the analysis: ﬁnd ways to delay or even forbid the analysis of
malware
Stealth: not being detected is a good way not to die
Usual state of mind in cryptovirology
How can I use a given crypto-stu in virology?
My state of mind here
How can I improve a given tactical factor with cryptology?
How can I maliciously use cryptology?
How can I exploit poor crypto?
Malwares are not the only attackers on Internet
Let’s see what others can also do
Fred Raynal
Fred Raynal
Malicious crypto
Cryptovirology
A matter of precision
A matter of time
A matter of stealth
Last words
Cryptovirology
A matter of precision
A matter of time
A matter of stealth
Last words
Where to ﬁnd targets in crypto?
SuckIt: blue or red pill?
SSH worm
Other locations for crypto
Cryptology and malwares
Cryptovirus
What am I doing here?
Purpose of this talk
1
How to improve malware’s e
ciency with crypto?
Target harvesting: mechanisms to discover valid targets to infect
and control the spreading
Delay the analysis: ﬁnd ways to delay or even forbid the analysis of
malware
Stealth: not being detected is a good way not to die
2
3
How can I exploit poor crypto?
Malwares are not the only attackers on Internet
Let’s see what others can also do
4
5
Where can cryptology be used or abused?
Fred Raynal
Fred Raynal
Malicious crypto
Cryptovirology
A matter of precision
A matter of time
A matter of stealth
Last words
Cryptovirology
A matter of precision
A matter of time
A matter of stealth
Last words
Where to ﬁnd targets in crypto?
SuckIt: blue or red pill?
SSH worm
Other locations for crypto
Where to ﬁnd targets in crypto?
SuckIt: blue or red pill?
SSH worm
Other locations for crypto
Find the crypto . . .
1
2
Crypto is everywhere
Layer 2: WEP, WPA/TKIP, . . .
Layers 3+: IPSec, SSH, SSL, Kerberos, PGP, . . .
Crypto for everything
Authentication: password, pre-shared key, key exchange, token, . . .
Ciphering: AES, DES, 3DES, IDEA, RC4, . . .
3
4
5
Fred Raynal
Fred Raynal
Malicious crypto
                                                                                                                                                                                                              And follow the keys!
And follow the keys!
Abuse crypto
When crypto is used at one end, it is also used at the other end
There is often either a (weak?) password or a trust relationship
between entities
Crypto protocols are usually complex, and require many conditions
which are not often checked in the implementation
Abuse crypto
When crypto is used at one end, it is also used at the other end
There is often either a (weak?) password or a trust relationship
between entities
Crypto protocols are usually complex, and require many conditions
which are not often checked in the implementation
)Let’s exploit all these weaknesses
Fred Raynal
Fred Raynal
Malicious crypto
Cryptovirology
A matter of precision
A matter of time
A matter of stealth
Last words
Cryptovirology
A matter of precision
A matter of time
A matter of stealth
Last words
Where to ﬁnd targets in crypto?
SuckIt: blue or red pill?
SSH worm
Other locations for crypto
Where to ﬁnd targets in crypto?
SuckIt: blue or red pill?
SSH worm
Other locations for crypto
SuckIt for dummies
1
2
Main features
Well-known rootkit for Linux
Many (cool) features: hide processes, ﬁles, remote access, . . .
Client-server model with authentication
Direct access to kernel memory
2 versions in the wild:
v1.x: mainly a nice proof of concept
v2.x the binary is encrypted with RC4 and protected by a password
3
4
5
Fred Raynal
Fred Raynal
Malicious crypto
Cryptovirology
A matter of precision
A matter of time
A matter of stealth
Last words
Cryptovirology
A matter of precision
A matter of time
A matter of stealth
Last words
Where to ﬁnd targets in crypto?
SuckIt: blue or red pill?
SSH worm
Other locations for crypto
What to do when you ﬁnd an unknown suckit binary?
Where to ﬁnd targets in crypto?
SuckIt: blue or red pill?
SSH worm
Other locations for crypto
What to do when you ﬁnd an unknown suckit binary?
Exploit weak crypto!!!
v1: bad authentication scheme
v2: same authentication scheme but ciphered
v1 or v2: same result, one can own a SuckIted network
Authentication is only based on comparison of 2 hashes, we just
need to get the right hash
Exploit weak crypto!!!
v1: bad authentication scheme
v2: same authentication scheme but ciphered
v1 or v2: same result, one can own a SuckIted network
Authentication is only based on comparison of 2 hashes, we just
need to get the right hash
Fred Raynal
Fred Raynal
Malicious crypto
Cryptovirology
A matter of precision
A matter of time
A matter of stealth
Last words
Cryptovirology
A matter of precision
A matter of time
A matter of stealth
Last words
Where to ﬁnd targets in crypto?
SuckIt: blue or red pill?
SSH worm
Other locations for crypto
Where to ﬁnd targets in crypto?
SuckIt: blue or red pill?
SSH worm
Other locations for crypto
Blue pill: suckit v1
Red pill: suckit v2
SuckIt v2: the hack back
When run for the 1st time, RC4 seed (64 bytes) and conﬁguration
(292 bytes) are appended at the end of the binary
/*
* >> ls -altr ./binary.*
* -rwx ------ 1 user users 33124 Jul 8 19:39 ./binary.dump*
* -rwx ------ 1 user users 32768 Jul 8 19:41 ./binary.orig*
*/
s t r u c t
c o n f i g
{
c h a r
home
[ 2 5 6 ] ;
c h a r
h i d e s t r
[ 1 6 ] ;
u c h a r h a s h p a s s
[ 2 0 ] ;
}
a t t r i b u t e
( (
packed
) ) ;
But it is ciphered at the end of the ﬁle
SuckIt v1: the hack back
Extract HASHPASS from the binary
Compile a new patched client using this hashpass as password:
+
c h a r
h a s h p a s s
[ ]
=
"\x77\xa0\x56\x93\x5a\xba\xb3\x29\xf4\xf3"
+
"\x18\x2f\x42\xee\xd8\x86\x76\xc7\x24\x47"
−
hash160
(
p
,
s t r l e n
(
p
) ,
&
h
) ;
+
/* hash160(p, strlen(p), &h); */
+
memcpy
(
h
.
v a l
,
h a s h p a s s
,
s i z e o f
(
h
.
v a l
) ) ;
Connect to the identiﬁed target, nothing more needed, as
authentication is only based on the hash
Fred Raynal
Fred Raynal
Malicious crypto
                                                                                                                                                                                                                   Red pill: suckit v2
Red pill: suckit v2
SuckIt v2: the hack back
Look at the conﬁguration and RC4 seed put at the end:
$ gdb -q -p ‘pidof binary‘
(gdb) x /s 0x5debcaba
; home
0x5debcaba: "/usr/share/locale/.dk20"
(gdb) x /s 0x5debcbba
; hidestr
0x5debcbba: "dk20"
(gdb) x/5x 0x5debcbca
; hashpass
0x5debcbca: 0x77a05693 0x1266a41b 0x15fa6e9d 0x969a4e3c
0x5debcbda: 0635151acb
SuckIt v2: the hack back
Examine an unknown suckit binary found somewhere
SuckIt is deciphered in memory
before
the password is checked:
dump it !
(gdb) dump binary memory sk.clear 0x5deb4bde 0x5debcbde
Replace the
ptrace()
call (if any) by
NOP
s
hashpass
is at 0x5debcbca, just need to get these 20 bytes
Fred Raynal
Fred Raynal
Malicious crypto
Cryptovirology
A matter of precision
A matter of time
A matter of stealth
Last words
Cryptovirology
A matter of precision
A matter of time
A matter of stealth
Last words
Where to ﬁnd targets in crypto?
SuckIt: blue or red pill?
SSH worm
Other locations for crypto
Where to ﬁnd targets in crypto?
SuckIt: blue or red pill?
SSH worm
Other locations for crypto
Red pill: suckit v2
Welcome to the real world
SuckIt v2: the hack back
We run our own binary with a wrong hashpass
We inject the one found in the unknown binary
// hash extract from the unknown binary
c h a r
Grave robbers
You just need (easy) reverse engineering and a patch (either for the
sources or the binary) to steal SuckIted hosts
Find interesting targets: where the intruder comes from . . . but also
from SuckIt’s own snied data (
.sniffer
)
b i n a r y h a s h
[ ]
=
"\x77\xa0\x56\x93\x5a\xba\xb3\x29\xf4\xf3"
"\x18\x2f\x42\xee\xd8\x86\x76\xc7\x24\x47"
p t r a c e
(
PTRACE ATTACH
,
p i d
,
NULL
,
NULL
) ;
w a i t p i d
(
p i d
,
NULL
,
WUNTRACED
) ;
f o r
(
i
=0;
i
< 2 0 ;
i
+=4)
p t r a c e
(
PTRACE POKEDATA
,
p i d
,
mysk2 hash
+
i
,
∗(
i n t
∗) (
b i n a r y h a s h
+
i
) ) ;
p t r a c e
(
PTRACE DETACH
,
p i d
,
NULL
,
NULL
) ;
Doors are now open :)
Fred Raynal
Fred Raynal
Malicious crypto
Cryptovirology
A matter of precision
A matter of time
A matter of stealth
Last words
Cryptovirology
A matter of precision
A matter of time
A matter of stealth
Last words
Where to ﬁnd targets in crypto?
SuckIt: blue or red pill?
SSH worm
Other locations for crypto
Where to ﬁnd targets in crypto?
SuckIt: blue or red pill?
SSH worm
Other locations for crypto
SSH for dummies
1
What is SSH
Protocol to log into a remote machine and execute commands on it
Support many authentication ways: password, challenge/response,
kerberos, public cryptography, . . .
Use server authentication based on asymmetric cryptography
Allow TCP proxy through the secure channel
Provide a per user Forward Agent managing the corresponding
keyring to avoid entering several times passphrases
2
3
Let’s build a ssh worm
A remote exploit on ssh is useful but not necessary
Let’s assume it carries some local exploits to gain root/admin
privilege
Spreading will be made based on ssh features and human weakness
4
5
Fred Raynal
Fred Raynal
Malicious crypto
Cryptovirology
A matter of precision
A matter of time
A matter of stealth
Last words
Cryptovirology
A matter of precision
A matter of time
A matter of stealth
Last words
Where to ﬁnd targets in crypto?
SuckIt: blue or red pill?
SSH worm
Other locations for crypto
Where to ﬁnd targets in crypto?
SuckIt: blue or red pill?
SSH worm
Other locations for crypto
Playing with SSH: the r(a)ise of the worms
SSH for dummies
What is SSH
Protocol to log into a remote machine and execute commands on it
Support many authentication ways: password, challenge/response,
kerberos, public cryptography, . . .
Use server authentication based on asymmetric cryptography
Allow TCP proxy through the secure channel
Provide a per user Forward Agent managing the corresponding
keyring to avoid entering several times passphrases
The problems
How to propagate on a “ssh network” from a single host?
Find interesting targets to spread
Find a way to enter into these targets
The answers
Build a connected graph based on asymmetric cryptography and implicit
trust relationship
Outgoing edges: a user connects to remote systems, which indicates
a new target, with new users, and so on
Incoming edges: a user connects from somewhere, and that maybe
an opportunity i a ssh server is running there
Then break or bypass authentication on the remote targets
Let’s build a ssh worm
A remote exploit on ssh is useful but not necessary
Let’s assume it carries some local exploits to gain root/admin
privilege
Spreading will be made based on ssh features and human weakness
Fred Raynal
Fred Raynal
Malicious crypto
                                                                                                                                                                                                                    [ Pobierz całość w formacie PDF ]

download, do ÂściÂągnięcia, pdf, ebook, pobieranie

Pokrewne