Professional Documents
Culture Documents
SensePostBlog
Sharethis:
Home About
Services
Research&Labs
THU,17MAY2012
AcloserlookintotheRSASecureIDsoftwaretoken
Tags:analysis,public,research,reversingbehrang@12:00
Widespreaduseofsmartphonesbyemployeestoperformworkrelatedactivitieshasintroducedtheideaofusing
thesedevicesasanauthenticationtoken.Asanexampleofsuchattempts,RSASecureIDsoftwaretokensare
availableforiPhone,NokiaandtheWindowsplatforms.Obviously,mobilephoneswouldnotbeabletoprovidethe
leveloftamperresistancethathardwaretokenswould,butIwasinterestedtoknowhoweasy/harditcouldbefora
potentialattackertocloneRSASecureIDsoftwaretokens.IusedtheWindowsversionoftheRSASecurID
SoftwareTokenforMicrosoftWindowsversion4.10formyanalysisanddiscoveredthefollowingissues:
Deviceserialnumberoftokenscanbecalculatedbyaremoteattacker:
EveryinstanceoftheinstalledSecurIDsoftwaretokenapplicationcontainsaharddriveplugin(implementedin
tokenstoreplugin.dll)thathasauniquedeviceserialnumber.Thisserialnumbercanbeusedfor"DeviceBinding"
andtheRSAdocumentationdefinesitasfollows:
BeforethesoftwaretokenisissuedbyRSAAuthenticationManager,anadditionalextensionattribute
(<DeviceSerialNumber/>)canbeaddedtothesoftwaretokenrecordtobindthesoftwaretokentoaspecific
devicedeviceserialnumberisusedtobindatokentoaspecificdevice.Ifthesameuserinstallsthe
applicationonadifferentcomputer,theusercannotimportsoftwaretokensintotheapplicationbecausethe
harddrivepluginonthesecondcomputerhasadifferentdeviceserialnumberfromtheonetowhichtheuser's
tokensarebound.
ReverseengineeringtheHardDiskplugin(tokenstoreplugin.dll)indicatedthatthedeviceserialnumberisdependent
onthesystem'shostnameandcurrentuser'swindowssecurityidentifier(SID).Anattacker,withaccesstothese
values,caneasilycalculatethetargettoken'sdeviceserialnumberandbypasstheabovementionedprotection.
AccountSIDscanbeenumeratedinmostoftheMicrosoftactivedirectorybasednetworksusingpubliclyavailable
tools,iftheenumerationofSAMaccountsandsharessecuritysettingwasnotsettodisabled.Hostnamescan
beeasilyresolvedusinginternalDNSorMicrosoftRPC.Thefollowingfiguresshowthedeviceserialnumber
generationcode:
http://www.sensepost.com/blog/7045.html
Events
Blog Contact
Categoriers
.ac.za(1)
.za(2)
44con(6)
about:us(45)
analysis(10)
auctions(1)
auditors(1)
bsides(2)
backdoor(1)
blackhat(33)
blog(10)
broadview(5)
buildit(2)
ccdcoe(1)
challenge(2)
clickjacking(1)
cloud(12)
community(21)
conferences(83)
consulting(1)
crypto(7)
defcon(2)
defense(2)
estonia(1)
fail(3)
foos(1)
footprinting(2)
fun(55)
goodbye(1)
hackathon(1)
hackrack(2)
Hope?(2)
howto(17)
imsojaded(2)
imtoobusytochooseacategory
(1)
infosecsoapies(26)
infrastructure(4)
internals(1)
interns(1)
ios(1)
jobs(5)
linux(1)
local(8)
mac(15)
Maltego(2)
malware(1)
management(12)
materials(4)
memcached(2)
1/6
2/23/2015
SensePostBlog
TheSecureIDdeviceserialnumbercalculationcanberepresentedwiththefollowingformula:
device_serial_number=Left(SHA1(host_name+user_SID+RSACopyright2008),10)
Token'scopyprotection:
Thesoftwaretokeninformation,includingthesecretseedvalue,isstoredinaSQLiteversion3databasefile
namedRSASecurIDStorageunderthe%USERPROFILE%\LocalSettings\ApplicationData\RSA\RSASecurID
SoftwareTokenLibrarydirectory.ThisfilecanbeviewedbyanySQLitedatabasebrowser,butsensitive
informationsuchasthechecksumandseedvaluesareencrypted.RSAdocumentationstatesthatthisdatabase
fileisbothencryptedandcopyprotected:RSASecurIDSoftwareTokenforWindowsusesthefollowingdata
protectionmechanismstotiethetokendatabasetoaspecificcomputer:
Bindingthedatabasetothecomputer'sprimaryharddiskdrive
ImplementingtheWindowsDataProtectionAPI(DPAPI)
Thesemechanismsensurethatanintrudercannotmovethetokendatabasetoanothercomputerandaccessthe
tokens.Evenifyoudisablecopyprotection,thedatabaseisstillprotectedbyDPAPI.
TheRSASecurIDStoragedatabasefilehastwotables:PROPERTIESandTOKENS.TheDatabaseKeyand
CryptoChecksumrowsfoundinthePROPERTIEStableswerefoundtobeusedforcopyprotectionpurposeas
showninthefigurebelow:
Reverseengineeringofthecopyprotectionmechanismindicatedthat:
TheCryptoChecksumvalueisencryptedusingthemachine'smasterkey,whichcanonlybedecryptedon
thesamecomputersystem,unlesstheattackercanfindawaytoimportthemachinekeyandother
supportingdatatotheirmachine
TheDatabaseKeyisencryptedusingthecurrentloggedonuser'smasterkeyandprovidestokenbindingto
thatuseraccount
PreviousresearchontheMicrosoftWindowsDPAPIinternalshasmadeofflinedecryptionoftheDPAPIprotected
datapossible.ThismeansthatiftheattackerwasabletocopytheRSAtokendatabasefilealongwiththe
encryptionmasterkeystotheirsystem(forinstancebyinfectingavictim'smachinewitharootkit),thenitwouldbe
possibletodecryptthetokendatabasefileontheirmachine.ThedetailedattackstepstocloneaSecurIDsoftware
tokenbycopyingthetokendatabasefilefromavictim'ssystemareasfollows:
1. Copythetokendatabasefile,RSASecurIDStorage,fromtheuserprofiledirectory
2. Copytheuser'smasterkeyfrom%PROFILEDIR%\ApplicationData\Microsoft\Protect\%SID%thecurrent
masterkey'sGUIDcanbereadfromPreferredfileasshowninthefigurebelow:
http://www.sensepost.com/blog/7045.html
memory(1)
metasploit(3)
metricon(2)
metrics(3)
mindlesspolitics(4)
mindmaps(1)
mobile(9)
modelling(5)
nmap(1)
PCI(2)
penny(1)
pentest(5)
phone(1)
pickle(4)
policy(1)
postexploitation(2)
postit(1)
presentations(9)
Press(4)
privacy(7)
product(4)
programming(18)
public(399)
python(9)
qo[w|m|?](5)
rambling(2)
README(1)
realworld(18)
Release(4)
reportinfo(1)
research(59)
reversing(13)
risk(2)
rogueap(1)
SAP(2)
securityfyi(8)
securitynews(6)
shells(2)
showoff(1)
sillyyammerings
(21)
skype(2)
snoopy(3)
solution(1)
suru(1)
techtoys(3)
threat(5)
timewaster(6)
tinfoilhat(6)
tools(54)
training(47)
travel(2)
tricks(4)
UK(2)
Uncategorized(3)
uncon(2)
vendors(7)
videos(6)
vulnerability(10)
wasc(1)
webapps(9)
web_x.0(2)
wifi(6)
windows(1)
writingadvice(1)
xml(1)
zaprize(2)
zenhacking(6)
Archives
Feburary2015(1)
January2015(1)
October2014(1)
September2014(1)
August2014(2)
June2014(6)
May2014(4)
April2014(2)
2/6
2/23/2015
SensePostBlog
3. Copythemachine'smasterkeyfromthe%WINDIR%\system32\Microsoft\Protect\directory.Microsoft
WindowsprotectsmachinekeysagainsttamperingbyusingSHA1hashvalues,whicharestoredand
handledbytheLocalSecurityAuthoritySubsystemService(LSASS)processinMicrosoftWindows
operatingsystems.TheattackershouldalsodumpthesehashvaluesfromLSAusingpubliclyavailable
toolslikelsadump.
4. Havingalltherequiredmasterkeysandtokendatabasefile,installanddeployawindowsmachineand
changethemachineanduserSIDstothevictim'ssystemSIDbyusingavailabletoolssuchasnewSID.
5. Overwritethetokendatabasefile,userandmachinemasterkeyswiththeonescopiedfromvictim'ssystem.
YouwouldalsoneedtofindawaytoupdatetheDPAPI_SYSTEMvalueinLSAsecretsoftheWindows
machine.Currently,thisistheonlychallengethatIwasnotabletosolve,butitshouldbepossibletowrite
atoolsimilartolsadumpwhichupdatesLSAsecrets.
6. Whentheabovehasbeenperformed,youshouldhavesuccessfullyclonedthevictim'ssoftwaretokenandif
theyruntheSecurIDsoftwaretokenprogramonyourcomputer,itwillgeneratetheexactsamerandom
numbersthataredisplayedonthevictim'stoken.
Inordertodemonstratethepossibilityoftheabovementionedattack,IinstalledandactivatedtokenAandtokenB
ontwoseparatewindowsXPvirtualmachinesandattemptedtoclonetokenBonthevirtualmachinethatwas
runningtokenA.Takingtheabovesteps,tokenBwassuccessfullyclonedonthemachinerunningtokenAas
showninthefollowingfigures:
Inordertocountertheaforementionedissues,Iwouldrecommendtheuseof"trustedplatformmodule"(TPM)
bindings,whichassociatesthesoftwaretokenwiththeTPMchiponthesystem(TPMchipformobiles?thereare
vendorsworkingonit).
26COMMENTS
hazmaton2012/5/18
Pleaserefertothisearlierworkfrom2001"InitialCryptanalysisoftheRSASecurIDAlgorithm"
http://www.comms.engg.susx.ac.uk/fft/crypto/initial_securid_analysis.pdf
behrangon2012/5/18
Thanksforthelinkhazmat,theresearchyoumentionedwasabouttheRSAalgorithmwheremypostisrelatedtothe
tokenprotectionissues(bindingandcopyprotection)
httpon2012/5/20
AstheRSAalgorithmisknown,whycloneeverything?Justgetthenecessarydatafromfirstsystemanddothe
"randomvalue"calculationsyourself.
Itisobviousthatthisprotectioncannotworkbydesign.Goodresearcharticlethough.
behrangon2012/5/20
Thankshttp,Thearticleactuallyattemptstodiscussmethodsofcollectingthose"necessarydata"andfeedingitto
anotherRSAtokenorasyoumentionedtopubliclyavailablesoftwaretoolsemulatinganRSAtoken.
Oliveon2012/5/21
ActuallysomearmbasedchipsetsusedinmobiledevicesalreadyprovidesomethingsimilartoTPM.SeealsoARM's
"trustzone".
http://www.sensepost.com/blog/7045.html
Feburary2014(1)
January2014(2)
December2013(2)
November2013(4)
September2013(2)
August2013(2)
July2013(1)
June2013(4)
May2013(6)
April2013(2)
March2013(4)
Feburary2013(2)
January2013(1)
December2012(3)
November2012(6)
October2012(1)
September2012(3)
August2012(3)
July2012(1)
June2012(2)
May2012(5)
April2012(1)
March2012(3)
Feburary2012(1)
December2011(3)
November2011(2)
October2011(6)
September2011(3)
August2011(3)
July2011(3)
June2011(2)
May2011(6)
March2011(3)
Feburary2011(3)
January2011(1)
December2010(2)
November2010(4)
October2010(3)
August2010(4)
July2010(1)
June2010(4)
May2010(3)
April2010(3)
March2010(7)
Feburary2010(2)
January2010(3)
December2009(4)
November2009(4)
October2009(3)
September2009(5)
August2009(9)
July2009(1)
June2009(5)
May2009(4)
April2009(10)
March2009(13)
Feburary2009(12)
January2009(11)
December2008(9)
November2008(8)
October2008(5)
September2008(5)
August2008(6)
July2008(6)
June2008(6)
May2008(2)
April2008(3)
March2008(7)
Feburary2008(12)
January2008(9)
December2007(8)
November2007(4)
October2007(9)
September2007(14)
August2007(18)
July2007(13)
June2007(17)
May2007(2)
3/6
2/23/2015
SensePostBlog
behrangon2012/5/21
ThanksOlive,Ikenewabouttrustzonebutdidn'tknowthatit'simplementedinsomephones.Canyoupleaseletme
knowthephonevendorandmodel?
July2006(1)
April2006(1)
August2005(1)
June2005(1)
May2005(2)
nmon2012/5/21
Therearen'tmobileTPMyet,butthesamethingcouldbeimplantedbyintelIPT(includingmobile)infuture.
(http://ipt.intel.com/welcome.aspx)
ph0enixon2012/5/22
WouldthatbepossibleforRSAappsrunningunderiOSorAndroid?
jjon2012/5/22
Ihaveadoubtaboutyour"final"demo.
Youmentionthatyoucouldn'tfindawayofupdatingtheLSAsecrets,sohowdidyoumanagetogetthe"copy"ofthe
tokenworking?
DidyoujustclonetheVM(andthushavereallytwoinstancesofthesameVM)andleavethe"updatetheLSA
secrets"partasa"exercisetothereader"?
Ithinkthearticleisveryinterestingandprovidesalotofusefulinformation,butIdon'treallysee(maybeit'sjustme!)
thatisshowsacompleteendtoendattack.
Thanksalotforthegreatworkandforpublishingit!
Berndon2012/5/22
WhyisitatallneededtorecreateasecondwindowsenvironemntwiththesameSIDs.Wouldntitbealsopossibleto
overwritethetokenscodetoreadthosevalueswiththefixednumbers(orevenrecreatethewholealgorithm...)
BTW:itisnotsuprisingthatsofttokencanbecloned,itismuchmoresuprisingthatpeoplethinkitcant(andRSA
claimsitcant).
Aslongasyoudonotusehardwareplatformbindingmethods(TPMorsimiliar)issimplyconceptuallyimposibleto
bindcodetoauntrustedhost.
Andthemoreintegratedyouare,thelessyouneeda"softtoken"atall,justgoforasmartcard.OhIforgot,thevast
revenuefromtheendpointsecuritymarket....
Bernd
Berndon2012/5/22
IstheTPMbindingdoingtheactual(challengedpartofit)RSAprngcalculationintheTPM?
Jimon2012/5/22
Doesn'tthesofttokenrequireuserentryofaPINthatprotectsthekeyinadditiontothemeasuresshownhere?You
don'tshowthisdoyouassumetheattackerhasalsostolenthePIN?
Nobodyon2012/5/22
Caincandothissinceages...
JonBohackon2012/5/22
Byelevatingyourpermissionsthrupsexeccanyouobtainthelsasecrets?
OverFlow636on2012/5/22
Verynicearticle.Iusedtouseollydebugforeveragoandthescreenshotsbroughtbackmemories.
DanKaminskyon2012/5/22
Imisunderstoodthispost,soperhapsIcanclarify.
YoucannotcloneaSecureIDwiththedeviceserialnumber.Specifically,theseedusedtogenerateallIDsisnot
publishedinDNSandAD.
GivenrootkitlevelaccesstoaPC,youcanextracttheseed.Youcanthenmaketheextractedseedworkonother
machinesusingthedeviceserialnumber,whichatthatpointyou'dneverneedtodiscoverremotelybecauseheh,
youhaverootkitlevelaccess.
Ifyouinterpretedtheaboveresearchtoimplythatyoucouldremotelydiscoverenoughaboutauser'stokentoclone
it,thisisclearlynotthecase.However,Imadethesamemistaketoo.PerhapsSensepostwouldliketoclarifytheir
researchtopreventfuturemisunderstandings.
http://www.sensepost.com/blog/7045.html
4/6
2/23/2015
SensePostBlog
behrangon2012/5/22
Thankyouallforthecomments.Ijustwantedtoemphasisthatthepurposeofthisarticlewastoassessthedifficulty
ofreplicatingasoftwaretokenwhichisbasedonasecretseed.It'sanobviousfactthatthesoftwaretokensdoesnot
provideverygoodleveloftamperresistanceofhardwaretokens.Thearticlepointedoutthetwomajorattackscenario:
1)Attackonebasedonbypassingtokenbindings:InmostcasesRSAthesoftwaretoken"provisioning"fileisemailed
totheusers.Ifanattackercancapturethatemailthenhecanusethefirstmentionedmethodtochangehissystem
configurations(hsotname,SIDs),thussuccessfuly"import"theprovisioningfileandactivatethetoken.
2)Attacktwoassumesthattheattackerhascompormisedthevictim'ssystemremotelyorgainedphysicalaccessto
itinordertoextracttherequiredDPAPIblobsandLSAsecretsandreplicatethetokeninasimulator(cainprovides
one)oranothercopyofRSAsoftwaretoken.
JonBohackon2012/5/22
AfterreadingDan'spostandbehrangthismakessense...Iwasundertheimpressionaswellthatyoucouldclonethe
SecureID,untilIreaditagain.Dan...drink!:)andbehranggreatresearch.Ibelievethatmanycompaniespractice
securitythruobscurity.Ifyouknow..whoyourtargetisandwhattheyrun,youcanownthemwithenoughresearch.
Strictlyspeakingfromanauditperspective.
Thisarticleprovesthattwofactorsecuritycanbeduplicatedifsomeonehasphysicalaccesstothelaptop.Thisis
oftenthecasewhenleavingyourhotelroominashadycountry...We'veallheardhorrorstories.
MarkGamacheon2012/5/23
GREATWORK!I'vebeenmakingthispointforyearsandpeopleactedlikeIwascrazy.IfRSA'scodecanreadand
storetheseed,socansomeoneelse's.Adminorphysicalaccessistotalownage.I'mjustnotsmrtenoughtousethe
toolstofindsuchthings.
behrangon2012/5/23
Javier,
Youmentionthatthisdoesnotreflectacompleteendtoendattack.I'dliketopointoutthatthisisnotaresearch
project.Itwasperformedduringarealworledassessmentinatimeframeof5days.UpdatingLSASecretswouldbe
theoreticallypossibleapointIbelievewementioned.
Nigeon2012/5/23
IfLSASecretscan'tbeupdatedthenthewholethingfallsintoaheap.Youadmitthatyoucouldn'tdothis,therefore
yourscreenshotsshowingtheattackworkingaresuspectintheextreme.
Sebastianon2012/5/23
ItseemsliketheSamsungGalaxyS3isthefirstonetohavetheTrustZoneenabled.Buthowadeveloperor
researchercanusethisIdonotknow.
behrangon2012/5/23
Nige,youreallydon'tneedtoupdatetheLSAtomakethiswork:).Iincludedthatsteptorelateittothepervious
researchon"offlineDPAPI"forensicsdonebystanforduniversity.Otherwise,foramalwarerunninginthecontextofa
loggedonuser,itwouldbemoreeasiertohook/callCryptUnprotectDataandcapture/decrypttheseed.
behrangon2012/5/23
ThanksSebastien,probablythey'veprovidedtheSDKtophonevendorsonly.I'mveryinterestedinanyinformationon
trustzoneSDK.
Berndon2012/5/23
WhyisitatallneededtorecreateasecondwindowsenvironemntwiththesameSIDs.Wouldntitbealsopossibleto
overwritethetokenscodetoreadthosevalueswiththefixednumbers(orevenrecreatethewholealgorithm...)
BTW:itisnotsuprisingthatsofttokencanbecloned,itismuchmoresuprisingthatpeoplethinkitcant(andRSA
claimsitcant).
Aslongasyoudonotusehardwareplatformbindingmethods(TPMorsimiliar)issimplyconceptuallyimposibleto
bindcodetoauntrustedhost.
Andthemoreintegratedyouare,thelessyouneeda"softtoken"atall,justgoforasmartcard.OhIforgot,thevast
revenuefromtheendpointsecuritymarket....
Bernd
behrangon2012/5/24
Bernd,Itotallyagreewithyouonsmartcards,modernsmartcardshavecryptoCPUsintegratedandcost<10USD
eachifyoudon'tbuyinbatches
LEAVEACOMMENT
http://www.sensepost.com/blog/7045.html
5/6
2/23/2015
SensePostBlog
Name*:
Email*:
(Won'tbedisplayed)
URL:
Comment*:
*required
Send!
Social:
Email:info@sensepost.com
Tel(SouthAfrica):+27(0)124600880
Tel(UnitedKingdom):+44(0)2079568826
Accreditations:PCIASV,CREST
http://www.sensepost.com/blog/7045.html
SouthAfrica
UnitedKingdom
2ndFloor,ParkDevBuilding
BrooklynBridgeOfficePark
570FehrsenStreet
Broodlyn
Pretoria
SouthAfrica
3.34WhitechapelTechnologyCentre
75WhitechapelRoad
London
E11DU
UnitedKingdom
6/6