2/23/2015

SensePostBlog

Sharethis:

Home About

Services

Research&Labs

THU,17MAY2012

AcloserlookintotheRSASecureIDsoftwaretoken
Tags:analysis,public,research,reversingbehrang@12:00
Widespreaduseofsmartphonesbyemployeestoperformworkrelatedactivitieshasintroducedtheideaofusing
thesedevicesasanauthenticationtoken.Asanexampleofsuchattempts,RSASecureIDsoftwaretokensare
availableforiPhone,NokiaandtheWindowsplatforms.Obviously,mobilephoneswouldnotbeabletoprovidethe
leveloftamperresistancethathardwaretokenswould,butIwasinterestedtoknowhoweasy/harditcouldbefora
potentialattackertocloneRSASecureIDsoftwaretokens.IusedtheWindowsversionoftheRSASecurID
SoftwareTokenforMicrosoftWindowsversion4.10formyanalysisanddiscoveredthefollowingissues:
Deviceserialnumberoftokenscanbecalculatedbyaremoteattacker:
EveryinstanceoftheinstalledSecurIDsoftwaretokenapplicationcontainsaharddriveplugin(implementedin
tokenstoreplugin.dll)thathasauniquedeviceserialnumber.Thisserialnumbercanbeusedfor"DeviceBinding"
andtheRSAdocumentationdefinesitasfollows:
BeforethesoftwaretokenisissuedbyRSAAuthenticationManager,anadditionalextensionattribute
(<DeviceSerialNumber/>)canbeaddedtothesoftwaretokenrecordtobindthesoftwaretokentoaspecific
devicedeviceserialnumberisusedtobindatokentoaspecificdevice.Ifthesameuserinstallsthe
applicationonadifferentcomputer,theusercannotimportsoftwaretokensintotheapplicationbecausethe
harddrivepluginonthesecondcomputerhasadifferentdeviceserialnumberfromtheonetowhichtheuser's
tokensarebound.
ReverseengineeringtheHardDiskplugin(tokenstoreplugin.dll)indicatedthatthedeviceserialnumberisdependent
onthesystem'shostnameandcurrentuser'swindowssecurityidentifier(SID).Anattacker,withaccesstothese
values,caneasilycalculatethetargettoken'sdeviceserialnumberandbypasstheabovementionedprotection.
AccountSIDscanbeenumeratedinmostoftheMicrosoftactivedirectorybasednetworksusingpubliclyavailable
tools,iftheenumerationofSAMaccountsandsharessecuritysettingwasnotsettodisabled.Hostnamescan
beeasilyresolvedusinginternalDNSorMicrosoftRPC.Thefollowingfiguresshowthedeviceserialnumber
generationcode:

http://www.sensepost.com/blog/7045.html

Events

Blog Contact

Categoriers
.ac.za(1)
.za(2)
44con(6)
about:us(45)
analysis(10)
auctions(1)
auditors(1)
bsides(2)
backdoor(1)
blackhat(33)
blog(10)
broadview(5)
buildit(2)
ccdcoe(1)
challenge(2)
clickjacking(1)
cloud(12)
community(21)
conferences(83)
consulting(1)
crypto(7)
defcon(2)
defense(2)
estonia(1)
fail(3)
foos(1)
footprinting(2)
fun(55)
goodbye(1)
hackathon(1)
hackrack(2)
Hope?(2)
howto(17)
imsojaded(2)
imtoobusytochooseacategory
(1)
infosecsoapies(26)
infrastructure(4)
internals(1)
interns(1)
ios(1)
jobs(5)
linux(1)
local(8)
mac(15)
Maltego(2)
malware(1)
management(12)
materials(4)
memcached(2)

1/6

2/23/2015

SensePostBlog

TheSecureIDdeviceserialnumbercalculationcanberepresentedwiththefollowingformula:
device_serial_number=Left(SHA1(host_name+user_SID+RSACopyright2008),10)
Token'scopyprotection:
Thesoftwaretokeninformation,includingthesecretseedvalue,isstoredinaSQLiteversion3databasefile
namedRSASecurIDStorageunderthe%USERPROFILE%\LocalSettings\ApplicationData\RSA\RSASecurID
SoftwareTokenLibrarydirectory.ThisfilecanbeviewedbyanySQLitedatabasebrowser,butsensitive
informationsuchasthechecksumandseedvaluesareencrypted.RSAdocumentationstatesthatthisdatabase
fileisbothencryptedandcopyprotected:RSASecurIDSoftwareTokenforWindowsusesthefollowingdata
protectionmechanismstotiethetokendatabasetoaspecificcomputer:
Bindingthedatabasetothecomputer'sprimaryharddiskdrive
ImplementingtheWindowsDataProtectionAPI(DPAPI)
Thesemechanismsensurethatanintrudercannotmovethetokendatabasetoanothercomputerandaccessthe
tokens.Evenifyoudisablecopyprotection,thedatabaseisstillprotectedbyDPAPI.
TheRSASecurIDStoragedatabasefilehastwotables:PROPERTIESandTOKENS.TheDatabaseKeyand
CryptoChecksumrowsfoundinthePROPERTIEStableswerefoundtobeusedforcopyprotectionpurposeas
showninthefigurebelow:

Reverseengineeringofthecopyprotectionmechanismindicatedthat:
TheCryptoChecksumvalueisencryptedusingthemachine'smasterkey,whichcanonlybedecryptedon
thesamecomputersystem,unlesstheattackercanfindawaytoimportthemachinekeyandother
supportingdatatotheirmachine
TheDatabaseKeyisencryptedusingthecurrentloggedonuser'smasterkeyandprovidestokenbindingto
thatuseraccount
PreviousresearchontheMicrosoftWindowsDPAPIinternalshasmadeofflinedecryptionoftheDPAPIprotected
datapossible.ThismeansthatiftheattackerwasabletocopytheRSAtokendatabasefilealongwiththe
encryptionmasterkeystotheirsystem(forinstancebyinfectingavictim'smachinewitharootkit),thenitwouldbe
possibletodecryptthetokendatabasefileontheirmachine.ThedetailedattackstepstocloneaSecurIDsoftware
tokenbycopyingthetokendatabasefilefromavictim'ssystemareasfollows:
1. Copythetokendatabasefile,RSASecurIDStorage,fromtheuserprofiledirectory
2. Copytheuser'smasterkeyfrom%PROFILEDIR%\ApplicationData\Microsoft\Protect\%SID%thecurrent
masterkey'sGUIDcanbereadfromPreferredfileasshowninthefigurebelow:

http://www.sensepost.com/blog/7045.html

memory(1)
metasploit(3)
metricon(2)
metrics(3)
mindlesspolitics(4)
mindmaps(1)
mobile(9)
modelling(5)
nmap(1)
PCI(2)
penny(1)
pentest(5)
phone(1)
pickle(4)
policy(1)
postexploitation(2)
postit(1)
presentations(9)
Press(4)
privacy(7)
product(4)
programming(18)
public(399)
python(9)
qo[w|m|?](5)
rambling(2)
README(1)
realworld(18)
Release(4)
reportinfo(1)
research(59)
reversing(13)
risk(2)
rogueap(1)
SAP(2)
securityfyi(8)
securitynews(6)
shells(2)
showoff(1)
sillyyammerings
(21)
skype(2)
snoopy(3)
solution(1)
suru(1)
techtoys(3)
threat(5)
timewaster(6)
tinfoilhat(6)
tools(54)
training(47)
travel(2)
tricks(4)
UK(2)
Uncategorized(3)
uncon(2)
vendors(7)
videos(6)
vulnerability(10)
wasc(1)
webapps(9)
web_x.0(2)
wifi(6)
windows(1)
writingadvice(1)
xml(1)
zaprize(2)
zenhacking(6)

Archives
Feburary2015(1)
January2015(1)
October2014(1)
September2014(1)
August2014(2)
June2014(6)
May2014(4)
April2014(2)

2/6

2/23/2015

SensePostBlog
3. Copythemachine'smasterkeyfromthe%WINDIR%\system32\Microsoft\Protect\directory.Microsoft
WindowsprotectsmachinekeysagainsttamperingbyusingSHA1hashvalues,whicharestoredand
handledbytheLocalSecurityAuthoritySubsystemService(LSASS)processinMicrosoftWindows
operatingsystems.TheattackershouldalsodumpthesehashvaluesfromLSAusingpubliclyavailable
toolslikelsadump.

4. Havingalltherequiredmasterkeysandtokendatabasefile,installanddeployawindowsmachineand
changethemachineanduserSIDstothevictim'ssystemSIDbyusingavailabletoolssuchasnewSID.
5. Overwritethetokendatabasefile,userandmachinemasterkeyswiththeonescopiedfromvictim'ssystem.
YouwouldalsoneedtofindawaytoupdatetheDPAPI_SYSTEMvalueinLSAsecretsoftheWindows
machine.Currently,thisistheonlychallengethatIwasnotabletosolve,butitshouldbepossibletowrite
atoolsimilartolsadumpwhichupdatesLSAsecrets.
6. Whentheabovehasbeenperformed,youshouldhavesuccessfullyclonedthevictim'ssoftwaretokenandif
theyruntheSecurIDsoftwaretokenprogramonyourcomputer,itwillgeneratetheexactsamerandom
numbersthataredisplayedonthevictim'stoken.
Inordertodemonstratethepossibilityoftheabovementionedattack,IinstalledandactivatedtokenAandtokenB
ontwoseparatewindowsXPvirtualmachinesandattemptedtoclonetokenBonthevirtualmachinethatwas
runningtokenA.Takingtheabovesteps,tokenBwassuccessfullyclonedonthemachinerunningtokenAas
showninthefollowingfigures:

Inordertocountertheaforementionedissues,Iwouldrecommendtheuseof"trustedplatformmodule"(TPM)
bindings,whichassociatesthesoftwaretokenwiththeTPMchiponthesystem(TPMchipformobiles?thereare
vendorsworkingonit).

26COMMENTS

hazmaton2012/5/18
Pleaserefertothisearlierworkfrom2001"InitialCryptanalysisoftheRSASecurIDAlgorithm"
http://www.comms.engg.susx.ac.uk/fft/crypto/initial_securid_analysis.pdf
behrangon2012/5/18
Thanksforthelinkhazmat,theresearchyoumentionedwasabouttheRSAalgorithmwheremypostisrelatedtothe
tokenprotectionissues(bindingandcopyprotection)
httpon2012/5/20
AstheRSAalgorithmisknown,whycloneeverything?Justgetthenecessarydatafromfirstsystemanddothe
"randomvalue"calculationsyourself.
Itisobviousthatthisprotectioncannotworkbydesign.Goodresearcharticlethough.
behrangon2012/5/20
Thankshttp,Thearticleactuallyattemptstodiscussmethodsofcollectingthose"necessarydata"andfeedingitto
anotherRSAtokenorasyoumentionedtopubliclyavailablesoftwaretoolsemulatinganRSAtoken.
Oliveon2012/5/21
ActuallysomearmbasedchipsetsusedinmobiledevicesalreadyprovidesomethingsimilartoTPM.SeealsoARM's
"trustzone".

http://www.sensepost.com/blog/7045.html

Feburary2014(1)
January2014(2)
December2013(2)
November2013(4)
September2013(2)
August2013(2)
July2013(1)
June2013(4)
May2013(6)
April2013(2)
March2013(4)
Feburary2013(2)
January2013(1)
December2012(3)
November2012(6)
October2012(1)
September2012(3)
August2012(3)
July2012(1)
June2012(2)
May2012(5)
April2012(1)
March2012(3)
Feburary2012(1)
December2011(3)
November2011(2)
October2011(6)
September2011(3)
August2011(3)
July2011(3)
June2011(2)
May2011(6)
March2011(3)
Feburary2011(3)
January2011(1)
December2010(2)
November2010(4)
October2010(3)
August2010(4)
July2010(1)
June2010(4)
May2010(3)
April2010(3)
March2010(7)
Feburary2010(2)
January2010(3)
December2009(4)
November2009(4)
October2009(3)
September2009(5)
August2009(9)
July2009(1)
June2009(5)
May2009(4)
April2009(10)
March2009(13)
Feburary2009(12)
January2009(11)
December2008(9)
November2008(8)
October2008(5)
September2008(5)
August2008(6)
July2008(6)
June2008(6)
May2008(2)
April2008(3)
March2008(7)
Feburary2008(12)
January2008(9)
December2007(8)
November2007(4)
October2007(9)
September2007(14)
August2007(18)
July2007(13)
June2007(17)
May2007(2)

3/6

2/23/2015

SensePostBlog

behrangon2012/5/21
ThanksOlive,Ikenewabouttrustzonebutdidn'tknowthatit'simplementedinsomephones.Canyoupleaseletme
knowthephonevendorandmodel?

July2006(1)
April2006(1)
August2005(1)
June2005(1)
May2005(2)

nmon2012/5/21
Therearen'tmobileTPMyet,butthesamethingcouldbeimplantedbyintelIPT(includingmobile)infuture.
(http://ipt.intel.com/welcome.aspx)
ph0enixon2012/5/22
WouldthatbepossibleforRSAappsrunningunderiOSorAndroid?
jjon2012/5/22
Ihaveadoubtaboutyour"final"demo.
Youmentionthatyoucouldn'tfindawayofupdatingtheLSAsecrets,sohowdidyoumanagetogetthe"copy"ofthe
tokenworking?
DidyoujustclonetheVM(andthushavereallytwoinstancesofthesameVM)andleavethe"updatetheLSA
secrets"partasa"exercisetothereader"?
Ithinkthearticleisveryinterestingandprovidesalotofusefulinformation,butIdon'treallysee(maybeit'sjustme!)
thatisshowsacompleteendtoendattack.
Thanksalotforthegreatworkandforpublishingit!
Berndon2012/5/22
WhyisitatallneededtorecreateasecondwindowsenvironemntwiththesameSIDs.Wouldntitbealsopossibleto
overwritethetokenscodetoreadthosevalueswiththefixednumbers(orevenrecreatethewholealgorithm...)
BTW:itisnotsuprisingthatsofttokencanbecloned,itismuchmoresuprisingthatpeoplethinkitcant(andRSA
claimsitcant).
Aslongasyoudonotusehardwareplatformbindingmethods(TPMorsimiliar)issimplyconceptuallyimposibleto
bindcodetoauntrustedhost.
Andthemoreintegratedyouare,thelessyouneeda"softtoken"atall,justgoforasmartcard.OhIforgot,thevast
revenuefromtheendpointsecuritymarket....
Bernd
Berndon2012/5/22
IstheTPMbindingdoingtheactual(challengedpartofit)RSAprngcalculationintheTPM?
Jimon2012/5/22
Doesn'tthesofttokenrequireuserentryofaPINthatprotectsthekeyinadditiontothemeasuresshownhere?You
don'tshowthisdoyouassumetheattackerhasalsostolenthePIN?
Nobodyon2012/5/22
Caincandothissinceages...
JonBohackon2012/5/22
Byelevatingyourpermissionsthrupsexeccanyouobtainthelsasecrets?
OverFlow636on2012/5/22
Verynicearticle.Iusedtouseollydebugforeveragoandthescreenshotsbroughtbackmemories.
DanKaminskyon2012/5/22
Imisunderstoodthispost,soperhapsIcanclarify.
YoucannotcloneaSecureIDwiththedeviceserialnumber.Specifically,theseedusedtogenerateallIDsisnot
publishedinDNSandAD.
GivenrootkitlevelaccesstoaPC,youcanextracttheseed.Youcanthenmaketheextractedseedworkonother
machinesusingthedeviceserialnumber,whichatthatpointyou'dneverneedtodiscoverremotelybecauseheh,
youhaverootkitlevelaccess.
Ifyouinterpretedtheaboveresearchtoimplythatyoucouldremotelydiscoverenoughaboutauser'stokentoclone
it,thisisclearlynotthecase.However,Imadethesamemistaketoo.PerhapsSensepostwouldliketoclarifytheir
researchtopreventfuturemisunderstandings.

http://www.sensepost.com/blog/7045.html

4/6

2/23/2015

SensePostBlog

behrangon2012/5/22
Thankyouallforthecomments.Ijustwantedtoemphasisthatthepurposeofthisarticlewastoassessthedifficulty
ofreplicatingasoftwaretokenwhichisbasedonasecretseed.It'sanobviousfactthatthesoftwaretokensdoesnot
provideverygoodleveloftamperresistanceofhardwaretokens.Thearticlepointedoutthetwomajorattackscenario:
1)Attackonebasedonbypassingtokenbindings:InmostcasesRSAthesoftwaretoken"provisioning"fileisemailed
totheusers.Ifanattackercancapturethatemailthenhecanusethefirstmentionedmethodtochangehissystem
configurations(hsotname,SIDs),thussuccessfuly"import"theprovisioningfileandactivatethetoken.
2)Attacktwoassumesthattheattackerhascompormisedthevictim'ssystemremotelyorgainedphysicalaccessto
itinordertoextracttherequiredDPAPIblobsandLSAsecretsandreplicatethetokeninasimulator(cainprovides
one)oranothercopyofRSAsoftwaretoken.
JonBohackon2012/5/22
AfterreadingDan'spostandbehrangthismakessense...Iwasundertheimpressionaswellthatyoucouldclonethe
SecureID,untilIreaditagain.Dan...drink!:)andbehranggreatresearch.Ibelievethatmanycompaniespractice
securitythruobscurity.Ifyouknow..whoyourtargetisandwhattheyrun,youcanownthemwithenoughresearch.
Strictlyspeakingfromanauditperspective.
Thisarticleprovesthattwofactorsecuritycanbeduplicatedifsomeonehasphysicalaccesstothelaptop.Thisis
oftenthecasewhenleavingyourhotelroominashadycountry...We'veallheardhorrorstories.
MarkGamacheon2012/5/23
GREATWORK!I'vebeenmakingthispointforyearsandpeopleactedlikeIwascrazy.IfRSA'scodecanreadand
storetheseed,socansomeoneelse's.Adminorphysicalaccessistotalownage.I'mjustnotsmrtenoughtousethe
toolstofindsuchthings.
behrangon2012/5/23
Javier,
Youmentionthatthisdoesnotreflectacompleteendtoendattack.I'dliketopointoutthatthisisnotaresearch
project.Itwasperformedduringarealworledassessmentinatimeframeof5days.UpdatingLSASecretswouldbe
theoreticallypossibleapointIbelievewementioned.
Nigeon2012/5/23
IfLSASecretscan'tbeupdatedthenthewholethingfallsintoaheap.Youadmitthatyoucouldn'tdothis,therefore
yourscreenshotsshowingtheattackworkingaresuspectintheextreme.
Sebastianon2012/5/23
ItseemsliketheSamsungGalaxyS3isthefirstonetohavetheTrustZoneenabled.Buthowadeveloperor
researchercanusethisIdonotknow.
behrangon2012/5/23
Nige,youreallydon'tneedtoupdatetheLSAtomakethiswork:).Iincludedthatsteptorelateittothepervious
researchon"offlineDPAPI"forensicsdonebystanforduniversity.Otherwise,foramalwarerunninginthecontextofa
loggedonuser,itwouldbemoreeasiertohook/callCryptUnprotectDataandcapture/decrypttheseed.
behrangon2012/5/23
ThanksSebastien,probablythey'veprovidedtheSDKtophonevendorsonly.I'mveryinterestedinanyinformationon
trustzoneSDK.
Berndon2012/5/23
WhyisitatallneededtorecreateasecondwindowsenvironemntwiththesameSIDs.Wouldntitbealsopossibleto
overwritethetokenscodetoreadthosevalueswiththefixednumbers(orevenrecreatethewholealgorithm...)
BTW:itisnotsuprisingthatsofttokencanbecloned,itismuchmoresuprisingthatpeoplethinkitcant(andRSA
claimsitcant).
Aslongasyoudonotusehardwareplatformbindingmethods(TPMorsimiliar)issimplyconceptuallyimposibleto
bindcodetoauntrustedhost.
Andthemoreintegratedyouare,thelessyouneeda"softtoken"atall,justgoforasmartcard.OhIforgot,thevast
revenuefromtheendpointsecuritymarket....
Bernd
behrangon2012/5/24
Bernd,Itotallyagreewithyouonsmartcards,modernsmartcardshavecryptoCPUsintegratedandcost<10USD
eachifyoudon'tbuyinbatches

LEAVEACOMMENT

http://www.sensepost.com/blog/7045.html

5/6

2/23/2015

SensePostBlog
Name*:
Email*:

(Won'tbedisplayed)

URL:

Comment*:

*required

Send!

Social:
Email:info@sensepost.com
Tel(SouthAfrica):+27(0)124600880
Tel(UnitedKingdom):+44(0)2079568826
Accreditations:PCIASV,CREST

http://www.sensepost.com/blog/7045.html

SouthAfrica

UnitedKingdom

2ndFloor,ParkDevBuilding
BrooklynBridgeOfficePark
570FehrsenStreet
Broodlyn
Pretoria
SouthAfrica

3.34WhitechapelTechnologyCentre
75WhitechapelRoad
London
E11DU
UnitedKingdom

6/6