This to answer Mr Jon Callas (PGP CTO) and to show him the last proof-of-concept. If he did not get it we consider we have done our part to report a BIG problem in PGP unless this is some kinda of HIDDEN features. --Adonis, Abed Comments-- We do not agree with some of PGP comments. We do not know why they just see one side of the coin. What if you had created a virtual disk and give that to someone. That someone use it as his/her own disk and decided to change the password because they own the disk now (You give them to them with the pass). So they did change the passowrd, but the originator can still access that disk if he/she replace the passphrase bytes in the binary file. So I consider this an attack on data INTEGRITY and data AVAILABILITY since the legitimate user will be denied access to the disk after replacing the passphrase bytes. "why you do not want to see that your password verification can be simply bypassed, besides a reputable co. like PGP should at least put anti-debugging tweaks, or even encrypt/hide the passphrase location" To pgp, your authentication can be bypassed, even if you have created two different .sda file with two different content. the authentication can be overwritten and the file can be extracted if you use a debugger if you do not use a debugger you will be able to just bypass the authentication but without extraction. why don't you see that mr. jon? instead of bitching and stuff? why cannot you be professional and just explain fact after you do your home work with a nice debugger.? is that to much asking, I think we are talking among human and adults no?. We think Mr. Jon (PGP) should play this flash video SLOW REAL SLOW. http://www.safehack.com/Advisory/pgp/answerjon.html PGP comments: http://www.securityfocus.com/archive/1/435155 Quote from Mr Jon comments: "For completeness, I'll note that we are discussing whether we should add in a warning dialog to the passphrase change on a PGP Disk, to tell the user that an attacker who has learned an old passphrase, has an old disk and a hex editor can patch the disk so that it can be opened. On the one hand, this might be a good thing to do". So if Mr Jon does not see the problem why they are talking about adding a message box?. Why the passphrase location is not hidden? etc. I still see this as INTEGRITY and AVAILABILITY attacks on PGP. I do not think it is normal behavior of an encryption application to reveal it is passphrase location and I do not see bypassing the passphrase dialog-box as Feature either. Proof of concept that PGP AUTHENTICATION CAN BE BYPASSED WITHOUT PATCHING THE BINARY FILE EVEN. This Flash video is dedicated to Mr. Jon Callas (PGP CTO, CSO). http://www.safehack.com/Advisory/pgp/proof_of_concept_PGP_Authentication_BYPASS.html http://www.safehack.com/Advisory/pgp/proof_of_concept_PGP_Authentication_BYPASS.html We had reported that PGP Authentication can be bypassed by patching the binary file. After reading Mr. Jon Callas NON PROFESSIONAL answer, me and abed decided to show him that is not true. By using a SIMPLE Debugger PGP Authentication can be bypassed. Here is Mr Jon Callas Comments http://www.securityfocus.com/archive/1/435155 Summing up, we are disappointed that for whatever reasons, we were not contacted about this research before it was put on the web and posted on bugtraq. Had we been contacted, we could discuss this in private rather than have to air the details of this misunderstanding in a public forum. I am truly sorry for the sake of the Information Security Institute of Quebec and its staff that this complex issue has turned into a public brouhaha. We load the file in the debugger and set the break points then we start by hitting F9 we will see the password dialog we enter ANY password here. When it stop at 00409797 Hit F9 6 times You see on 00405D70 |. E8 4FFBFFFF CALL a_sda.004058C4 we hit 6 times F9 A break point should be set on 00405D70 to see this. After running the sda in olly we end up here. We hit F9 couples of time then we change ESI EDI ON 00409797 |. F3:A7 REPE CMPS DWORD PTR ES:[EDI],DWORD PTR D>; We see the stack values ECX=00000002 (decimal 2.) DS:[ESI]=stack [00BBF68C]=DC3F5C82 <-- IF WE ENTER A BAD PASSWORD THESE WONT BE THE SAME ES:[EDI]=stack [00BBFF98]=DC3F5C82 EQUAL... WE JUST MAKE THEM EQUAL THEN CONTINUE THE QUEST. AT THIS POINT PGP Authentication is bypassed. I hope that help Mr. Jon (PGP) seeing the problem. Again Mr Jon Bitching does not help you fixing your products. -- End Comment-- Peace
