Hi all As I read it the password is checked using a algorithm that involves the 32 Byte block. The result of this operation must be a certain value also 32 byte long and this value is constant even if the password is changed. So by patching the software (or running it in a debugger) it is possible to make sure that the check is always succesful. This means that the password is always correct and you can then gain access to the data via normal operation.
So the weakness resides in the way the password is checked. rgds Johan Møller On Wed, Jan 6, 2010 at 4:55 AM, Michael Salmon <[email protected]>wrote: > Below is the whitepaper from the security company that discovered the flaw. > I uploaded the pdf document to Google Translator to try to read it. My > understanding is that basically the Kingston software, exmpsvr.exe, creates > this 32 byte block of data that doesn't change even if the password is > changed or the key is formatted and is used to decrypt the encrypted data. > Syss wrote a program that modifies the exmpsvr.exe application at runtime > and basically bypasses the password request code and jumps to the 32 byte > block to start decrypting. > > Please correct me if I am wrong or I misunderstand, the translation is a > bit difficult for me to read. > > WhitePaper: > > http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_Kingston_USB-Stick.pdf > > CNET article: > http://news.zdnet.co.uk/security/0,1000000189,39963327,00.htm?tag=mncol;txt > Dark Reading: > http://www.darkreading.com/insiderthreat/security/encryption/showArticle.jhtml?articleID=222200174 > > Thanks, > > Michael Salmon > > > On Tue, Jan 5, 2010 at 9:51 PM, David A. Gershman < > [email protected]> wrote: > >> >> Oh my, do tell. And please provide a link to the white paper if possible. >> >> > >> > I hope I'm not double posting, but has anyone else seen the whitepaper >> on >> > the recently discovered vulnerability in FIPS certified >> > Kingston/Sandisk/Verbatium usb keys? It seems like a very amateur >> > vulnerability in the software. >> > >> > >> >> ---------------------------------------- >> David A. Gershman >> [email protected] >> http://dagertech.net/gershman/ >> "It's all about the path!" --d. gershman >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
