[ActiveLock-Development] First security hole spotted (and sealed - hopefully)
Brought to you by:
ialkan
Menu
▾
▴
[ActiveLock-Development] First security hole spotted (and sealed - hopefully)
|
From: Thanh H. T. <th...@sy...> - 2003-08-02 06:50:43
|
Just to let everyone know, Dan Sanders (wizzardme2000) found the first = gaping hole with my md5 checksum bit. Turns out someone can write a fake = ALCrypto.dll with a dummy md5_hash function which can return the = epxected checksum for ActiveLock2.dll, effectively fooling the app into = thinking that ActiveLock2.dll is authentic when in fact it may have = been tampered. Looks like I'm going to have resort to the = MapFileAndCheckSum() API call suggested on the forum by vbclassicforever = a while back. Round of applause for Dan. :-) Hack on, bro! Now it gets a little = interesting. Anyway, below are the excerpts from our conversation, if anyone's = interested. Cheers, Thanh. ------------------------------------------------------------------- 02/08/2003 12:38:23 AM Dan Thanh Are you working on the multiple = lock-types thing, or am I still on that?=20 02/08/2003 12:38:42 AM Thanh Dan i'll take it from here...thanks=20 02/08/2003 12:38:53 AM Dan Thanh ok, cause I have free time now=20 02/08/2003 12:39:20 AM Thanh Dan ok=20 02/08/2003 12:40:18 AM Thanh Dan if you have time...may be you can = play with softice/smartcheck some more to see if you can crack it....=20 02/08/2003 12:41:36 AM Dan Thanh ok... and just to let you know, you = dont have to "if (lockto and lockhd) =3D lockhd then"... you can use "if = lockto and lock hd then". It has the same effect, but it seem a little = more english=20 02/08/2003 12:42:10 AM Thanh Dan yeah i figured as much....just that = it's easier to read=20 02/08/2003 12:53:51 AM Dan Thanh I think I found the kind of hole = you were looking for...=20 02/08/2003 1:05:30 AM Dan Thanh All you have to do to use a fake = activelock2.dll is make a fake alcrypto.dll that works properly on md5 = hashes, and checks if its testing a dll, then returns a fake hash so = that the program wont know. I don't know what to do to fix it, but = something along the lines of adding md5 dll hashing functions to the = actual apps so that they can chack alcrypto and activelock2 themselves = might be in order.=20 |
