-Caveat Lector- found on the web..... Dave Hartley http://www.Asheville-Computer.com http://www.ioa.com/~davehart ======================================== http://www.cryptonym.com/ Removing the NSA A sample program which replaces the NSA key with a test key, and leaves the rest of the CryptoAPI system intact, can be downloaded by clicking this link (currently only for WinNT and Win2k). For legal reasons, source code will be provided for free, but only be available through a Nondisclosure Agreement with Cryptonym. You can download the NDA here. These files are provided for demonstration purposes only, and may not be redistributed or used for any purpose other than demonstration without the written authorization and license of Cryptonym Corporation. For more information, please contact: Andrew Fernandes email: [EMAIL PROTECTED] Phone +1 919 469 4714 Fax +1 919 469 8708 Win95/98 Programmers: we could use help in porting the software to Win95/98. If you have a strong background in Win95/98 virtual memory management, virtual device writing, and Windows 'internals', and don't mind volunteering your time, please contact Andrew at the addresses above! Microsoft, the NSA, and You Here is the press release; for the full details, look here. A sample program which replaces the NSA's key is here, at the bottom of the page. FOR IMMEDIATE RELEASE Microsoft Installs US Spy Agency with Windows Research Triangle Park, NC - 31 August 1999 - Between Hotmail hacks and browser bugs, Microsoft has a dismal track record in computer security. Most of us accept these minor security flaws and go on with life. But how is an IT manager to feel when they learn that in every copy of Windows sold, Microsoft may have installed a 'back door' for the National Security Agency (NSA - the USA's spy agency) making it orders of magnitude easier for the US government to access their computers? While investigating the security subsystems of WindowsNT4, Cryptonym's Chief Scientist Andrew Fernandes discovered exactly that - a back door for the NSA in every copy of Win95/98/NT4 and Windows2000. Building on the work of Nicko van Someren (NCipher), and Adi Shamir (the 'S' in 'RSA'), Andrew was investigating Microsoft's "CryptoAPI" architecture for security flaws. Since the CryptoAPI is the fundamental building block of cryptographic security in Windows, any flaw in it would open Windows to electronic attack. Normally, Windows components are stripped of identifying information. If the computer is calculating "number_of_hours = 24 * number_of_days", the only thing a human can understand is that the computer is multiplying "a = 24 * b". Without the symbols "number_of_hours" and "number_of_days", we may have no idea what 'a' and 'b' stand for, or even that they calculate units of time. In the CryptoAPI system, it was well known that Windows used special numbers called "cryptographic public keys" to verify the integrity of a CryptoAPI component before using that component's services. In other words, programmers already knew that windows performed the calculation "component_validity = crypto_verify(23479237498234...,crypto_component)", but no-one knew exactly what the cryptographic key "23479237498234..." meant semantically. Then came WindowsNT4's Service Pack 5. In this service release of software from Microsoft, the company crucially forgot to remove the symbolic information identifying the security components. It turns out that there are really two keys used by Windows; the first belongs to Microsoft, and it allows them to securely load CryptoAPI services; the second belongs to the NSA. That means that the NSA can also securely load CryptoAPI services... on your machine, and without your authorization. The result is that it is tremendously easier for the NSA to load unauthorized security services on all copies of Microsoft Windows, and once these security services are loaded, they can effectively compromise your entire operating system. For non-American IT managers relying on WinNT to operate highly secure data centers, this find is worrying. The US government is currently making it as difficult as possible for "strong" crypto to be used outside of the US; that they have also installed a cryptographic back-door in the world's most abundant operating system should send a strong message to foreign IT managers. There is good news among the bad, however. It turns out that there is a flaw in the way the "crypto_verify" function is implemented. Because of the way the crypto verification occurs, users can easily eliminate or replace the NSA key from the operating system without modifying any of Microsoft's original components. Since the NSA key is easily replaced, it means that non-US companies are free to install "strong" crypto services into Windows, without Microsoft's or the NSA's approval. Thus the NSA has effectively removed export control of "strong" crypto from Windows. A demonstration program that replaces the NSA key can be found on Cryptonym's website. Cryptonym: Bringing you the Next Generation of Internet Security, using cryptography, risk management, and public key infrastructure. Interview Contact: Andrew Fernandes Telephone: +1 919 469 4714 email: [EMAIL PROTECTED] Fax: +1 919 469 8708 Cryptonym Corporation 1695 Lincolnshire Boulevard Mississauga, Ontario Canada L5E 2T2 http://www.cryptonym.com # # # ---------------------------------------------------------------------------- ---- The Full Details These details are essentially the contents of the "Rump Session" talk that Andrew Fernandes gave at the Crypto'99 Conference, on 15 August 1999, in Santa Barbara, California. Note 1: many people have written us and assumed that we "reverse engineered" Microsoft's code. This is not true; we did not reverse engineer Microsoft code at any time. In fact, the debugging symbols were found using standard Microsoft-purchased programmer's tools, completely by accident, when debugging one of our own programs. Note 2: many reporters have stated that Andrew studied computer science at the University of Waterloo and was a classmate of Ian Goldberg of Zero Knowlege Systems. In fact, Andrew studied biochemistry and mathematics at Waterloo for his undergraduate, and mathematics at McGill for his graduate work. He and Ian graduated in the same year, but really did not know each other at the time. An Overview of the Microsoft's CryptoAPI Microsoft's CryptoAPI allows independent software vendors (ISVs) to dynamically load Cryptographic Serivce Providers (CSPs) as in the following diagram: This arrangement of having Windows verify the CSP signature is what allows Microsoft to add cryptographic functionality to Windows. They will not digitally sign a CSP unless you first agree to abide by US export rules. Translation: Microsoft will not allow non-US companies to add strong crypto functions to Windows. Fortunately, the verification of the CSP's digital signature opens up a security flaw in this picture. Observations Using NT4 Server, SP5 (domestic, 128-bit encryption version), and Visual C++ 6, SP3. These same results have been found in Win95osr2, Win98, Win98gold, WinNT4 (all versions), and Win2000 (up to and including build 2072, RC1). Many people have emailed us to say that these debugging symbols are actually present in NT4-Workstation, and are in the original CD's debugging symbols! Thanks, people! Before CSP loading in ADVAPI32.DLL Address 0x77DF5530 -> A9 F1 CB 3F DB 97 F5 ... ... ... Address 0x77DF55D0 -> 90 C6 5F 68 6B 9B D4 ... ... ... After RC4 encryption using we see A2 17 9C 98 CA => R S A 1 ... 00 01 00 01 ... (looks like an RSA public key) A0 15 9E 9A C8 => R S A 1 ... 00 01 00 01 ... (looks like an RSA public key) Looking at SP5 debugging symbols in "_CProvVerifyImage@8" Address 0x77DF5530 <- has data tag "_KEY" Address 0x77DF55D0 <- has data tag "_NSAKEY" Screenshots One, Two, Three, Four, and Five showing the actual debugging information. The Flaw An attack: Replace "_KEY" with your own key... ...but Windows will stop working since it cannot verify its own security subsystem! An better attack: Replace "_NSAKEY" with your own key... ... Windows keeps working, since Microsoft's key is still there stops the NSA works because Windows tries to verify the CSP first using "_KEY", and then silently fails over to "_NSAKEY" The Result: Windows CryptoAPI system still functional the NSA is kicked out the user can load an arbitrary CSP, not just one that Microsoft or the NSA signed! Implications What is the purpose of "_NSAKEY"? Espionage? Or do they simply not want to rely on Microsoft when installing their own CSPs? Using RSA's Data Security's (now Security Dynamics) "BSafe" toolkit actually makes analysis of a program easier. We do not need to modify the "advapi32.dll" file in order to remove the NSA key, nor do we need special privilleges on the machine. use self-modifying code needs undocumented vxd calls under Win95 and Win98 needs special memory features under WinNT and Win2k It is easy for any process to bypass any CSP and substitute its own. Export control is effectively dead for Windows. Note for Win2k - there appear to be three keys in Win2k; Microsoft's, the NSA's, and an unknown third party's. Thanks to Nicko van Someren for bringing this to our attention. Removing the NSA A sample program which replaces the NSA key with a test key, and leaves the rest of the CryptoAPI system intact, can be downloaded by clicking this link (currently only for WinNT and Win2k). For legal reasons, source code will be provided for free, but only be available through a Nondisclosure Agreement with Cryptonym. You can download the NDA here. These files are provided for demonstration purposes only, and may not be redistributed or used for any purpose other than demonstration without the written authorization and license of Cryptonym Corporation. For more information, please contact: Andrew Fernandes email: [EMAIL PROTECTED] Phone +1 919 469 4714 Fax +1 919 469 8708 Win95/98 Programmers: we could use help in porting the software to Win95/98. If you have a strong background in Win95/98 virtual memory management, virtual device writing, and Windows 'internals', and don't mind volunteering your time, please contact Andrew at the addresses above! ---------------------------------------------------------------------------- ---- :: Home :: Products :: Services :: Research :: Hot Topics :: Company Info :: Contact Us :: Copyright © 1999 Cryptonym Corporation. All rights reserved. :: Frames :: No-Frames :: ---------------------------------------------------------------------------- ---- DECLARATION & DISCLAIMER ========== CTRL is a discussion and informational exchange list. Proselyzting propagandic screeds are not allowed. Substance—not soapboxing! These are sordid matters and 'conspiracy theory', with its many half-truths, misdirections and outright frauds is used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRL gives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credeence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. ======================================================================== Archives Available at: http://home.ease.lsoft.com/archives/CTRL.html http:[EMAIL PROTECTED]/ ======================================================================== To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om
