[iwar] FW: [NEWS] Aladdin's eToken cracked


From: Robert W. Miller
To: ,
From: snooker@iex.net
To: iwar@egroups.com

Fri, 5 May 2000 14:56:36 -0600


fc  Fri May  5 13:57:13 2000
Received: from 207.222.214.225
	by localhost with POP3 (fetchmail-5.1.0)
	for fc@localhost (single-drop); Fri, 05 May 2000 13:57:13 -0700 (PDT)
Received: by multi33.netcomi.com for fc
 (with Netcom Interactive pop3d (v1.21.1 1998/05/07) Fri May  5 20:57:06 2000)
X-From_: sentto-279987-329-fc=all.net@returns.onelist.com  Fri May  5 15:56:39 2000
Received: from fl.egroups.com (fl.egroups.com [208.50.144.74]) by multi33.netcomi.com (8.8.5/8.7.4) with SMTP id PAA04024 for ; Fri, 5 May 2000 15:56:39 -0500
X-eGroups-Return: sentto-279987-329-fc=all.net@returns.onelist.com
Received: from [10.1.10.38] by fl.egroups.com with NNFMP; 05 May 2000 20:56:46 -0000
Received: (qmail 9808 invoked from network); 5 May 2000 20:56:45 -0000
Received: from unknown (10.1.10.27) by m4.onelist.org with QMQP; 5 May 2000 20:56:45 -0000
Received: from unknown (HELO mail.iex.net) (192.156.196.5) by mta2 with SMTP; 5 May 2000 20:56:45 -0000
Received: from oemcomputer (p47-s8.cos1-ras.iex.net [209.151.65.143]) by mail.iex.net (8.9.1/8.9.1) with SMTP id OAA12348; Fri, 5 May 2000 14:46:27 -0600 (MDT)
To: , 
Message-ID: 
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
From: "Robert W. Miller" 
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe: 
Date: Fri, 5 May 2000 14:56:36 -0600
Reply-To: iwar@egroups.com
Subject: [iwar] FW: [NEWS] Aladdin's eToken cracked
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

The following security advisory is sent to the securiteam mailing
list, and can be found at the SecuriTeam web site:
http://www.securiteam.com

Aladdin's eToken cracked
-----------------------
SUMMARY

  Aladdin Knowledge Systems' eToken is a
portable
USB (Universal Serial Bus) authentication device providing complete
access
control for digital assets. eToken stores private keys, passwords or
electronic certificates in a hardware token the size of a house key.
The
eToken makes use of two-factor authentication. Using the legitimate
user's
PIN number ("what you know") and the physical USB key ("what you
have"),
access to the public and private data within the key will be granted.

The attack requires physical access to the device circuit board and
will
allow all private information to be read from the device without
knowing
the PIN number of the legitimate user. By using any number of
low-cost,
industry-standard device programmers to modify the unprotected
external
memory, the User PIN can be changed back to a default PIN. This will
allow
the attacker to successfully login to the eToken and access all public
and
private data. A homebrew device programmer could be built for under
$10
and commercial device programmers are available from a number of
companies
ranging in cost from $25 to $1000.

Users must be aware that the PIN number can be bypassed and should not
trust the security of the token if it is not always directly in their
possession. If a legitimate user loses their USB key, all data,
including
the private information, needs to be considered as if compromised.

The eToken device is also not tamper-evident. It is possible to open
the
device housing without evidence of tampering, allowing the attacker to
gain physical access to the circuit board without the legitimate
user's
knowledge. Epoxy encapsulation and other tamper hindering techniques
should be employed in the manufacturing of such hardware devices.

DETAILS

The legitimate user's PIN can be reset back to the default PIN by
simply
copying a particular 8-byte string from one area of the unprotected
external memory to another. If necessary, the legitimate user's
original
PIN can be copied back into the external memory after the attack and
no
evidence of tampering will be apparent.

All data on the eToken USB key is stored in an external memory. The
8KB
flavor of the eToken uses an Atmel 25640 SPI Serial EEPROM

 http://www.atmel.com). Serial EEPROMs are
extremely
common in the engineering industry and require minimal circuitry to
read
and write to. They are also notoriously insecure and often do not
provide
any type of security features. Due to the nature of Serial EEPROMs, it
is
possible to attach a device programmer to the device, while it is
still
attached to the circuit board, and read and write at will. The
described
experiments were carried out using the Needham's Electronics EMP-30
 h
 ttp://www.needhams.com ) which cost $995,
although a homebrew device programmer could be built with a handful of
components for under $10. Other device programmers are available from
a
number of companies, ranging in cost from $25 to $1000. A schematic of
our
findings can be found at:
 
http://www.L0pht.com/advisories/etoken_schematic.pdf

There are two PIN numbers associated with each eToken USB key,
allowing
either User or Administrator access. User access has complete control
of
the eToken file system, while Administrator is allowed to initialize
the
key, but not access private data.

Both PINs, private data, and secret data are encrypted in some manner
before being stored into the EEPROM. The public data is stored in
plaintext and can be easily read by viewing the buffer of the Serial
EEPROM.

The 8-byte strings, which determine the User and Administrator PINs,
are
stored at location $10 and $18, respectively. By copying the 8-byte
string
stored at $20 into either of those areas, we return the PIN to its
default
state. The 8-byte string defining the encrypted version of the default
PIN
is unique for each eToken.

Initial memory dump, with User PIN set to 66666666 and Admininstrator
PIN
set to 87654321:

             User PIN            Admin PIN
         /-----------------\ /-----------------\
00000010 7235 BAA8 5778 DE97 B7DD 9F01 121B 27A7 r5..Wx........'.
00000020 BE74 503B 3751 FA74 FFFF FFFF FFFF FFFF .tP;7Q.t........
         \-----------------/
         Default PIN string

Memory dump, after modification, with the User PIN now set to the
default:

00000010 BE74 503B 3751 FA74 B7DD 9F01 121B 27A7 .tP;7Q.t......'.
00000020 BE74 503B 3751 FA74 FFFF FFFF FFFF FFFF .tP;7Q.t........

Once the modified buffer is programmed back into the Serial EEPROM,
the
attacker can login to the eToken using the default PIN and make use of
the
legitimate user's credentials. Our proof-of-concept tool demonstrates
quick extraction of all private, public, and configuration data from
the
key.

The default PIN is 0xFFFFFFFFFFFFFFFF, which is 8 bytes of 0xFF, a
non-printable character. To enter the default PIN on a Windows
platform,
hold the "Alt" key while typing "0255". Release the "Alt" key between
characters. Repeat this 8 times. This sequence will enter a 0xFF
character
into the dialog box.

The physical housing of the eToken consists of a two-piece plastic
design.
A combination of glue and two mechanical features hold the unit
together.
The mechanical features aren't externally visible, so if they are
broken
during disassembly, it won't be evident. Access to the circuit board
can
be obtained by heating the device with a heat gun or hair dryer, and
carefully prying the two pieces apart using an X-acto knife and small
screwdriver blade. When the attack is complete, crazy glue can be used
to
close the device without visible evidence of tampering. Pictures of
the
step-by-step operation can be found at:
 
http://www.L0pht.com/advisories/etoken_images.html


Temporary Solution:
The quick solution, although it does not remedy the core problem, is
to be
very aware of the physical security and location of the key at all
times.
The owner of the key should, for no reason, leave the key unattended
or
loan it to a colleague. If the key is unattended for any amount of
time,
the data could possibly have been compromised due to the PIN being
bypassed with the methods described in this advisory.

A number of features could be added to the manufacturing process of
the
eToken to aid in tamper prevention. Because there is no reason for the
circuitry to be accessed after key manufacture, encapsulating the IC's
with epoxy or other material will prevent the easy manipulation that
is
currently possible. Enhancing the physical housing design to be
tamper-evident and more difficult to open will also prevent an
attacker
from easily accessing the device internals without detection. These
methods should be considered by all hardware vendors, since they help
to
raise the bar against common physical attacks.

Vendor Response:
Aladdin promptly acknowledged the security problems associated with
the
eToken as mentioned in this advisory. They informed us that version
3.3.3.x of their eToken is a demo and "proof-of-concept" product
(which is
inconsistent with the information on their web site). Also, the
following
facts support the fact that eToken is more than just a 'demo' or
'proof-of-concept':

1) The product has been available for 2 years.
2) We were unable to find reference to it being a "proof-of-concept"
tool.
3) It has been shipped in large quantities to commercial
organizations.

Press releases involving the eToken can be found at:
 
http://www.ealaddin.com/news/1999/etoken/index.asp and
 
http://www.ealaddin.com/news/2000/etoken/index.asp

It is unknown whether the production version (2.3.4.x), known as
eToken
R2, will also be considered a demo product or whether it will address
the
problems mentioned herein. eToken R2 has not yet been released.

Proof-of-Concept Code:
The proof-of-concept tool, known as "Heimlich", makes use of the PC/SC
support of the eToken to perform the following functions:

1) Search USB ports for eToken
2) Retrieve and display configuration data for the inserted key
3) Login as User using the default PIN of 0xFFFFFFFFFFFFFFFF
4) Retrieve all public and private data and export the directory
hierarchy
to DOS

The tool expects that the eToken User PIN has been reset to the
default
state, as described in this advisory. If the User PIN is not set to
default, login to the eToken will be denied.

The secret data areas are write-only and cannot be extracted using the
PC/SC interface. The secret areas are used for private keys and other
information that will never leave the key. Only the microprocessor on
the
key is allowed to have access to the secret information. However, the
encrypted secret data is stored in the external Serial EEPROM and can
be
located in the memory dump for further analysis, if desired.

The demonstration tool, in form of an application, has been written
for
the Windows 98 platform. Source code and compiled executable can be
found
at:
 
http://www.L0pht.com/advisories/heimlich.zip

Due to copyright restrictions, Aladdin's libraries and header files
are
not included. For further development and experimentation, obtain the
eToken SDK from Aladdin.


<--- cut here --->

Heimlich: Aladdin eToken USB Key Data Extractor

kingpin@atstake.com
@Stake L0pht Research Labs
http://www.atstake.com

eToken found on Slot 5

tokenId = 00 00 00 00 00 00 a6 23
slotid = 5
isConfigured = 1
verMajor = 3
verMinor = 27
color = 0
fsSize = 8088
publicSize = 3796
privateSize = 2576
secretSize = 512
freePublicSize = 2784
freePrivateSize = 2446
freeSecretSize = 496
secretGranularity = 16
fat = 10
maxfat = 100
maxAdmin = 255
maxUser = 255

Attempting eToken User login with Default PIN...Success!

dir = 3f00
file = a000
file = 1234
file = 6666
dir = feed
dir = beef
file = beef
dir = dead
file = beef
dir = face

Heimlich maneuver complete. File system successfully exported.

<--- cut here --->


ADDITIONAL INFORMATION

The information has been provided by:  
Kingpin.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and
body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email
to: list-subscribe@securiteam.com
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty
of any kind.
In no event shall we be liable for any damages whatsoever including
direct, indirect, incidental, consequential, loss of business profits
or special damages.

Det. Robert W. Miller
Colorado Internet Crimes Against
Children Task Force
Pueblo High Tech. Crime Unit
Pueblo County Sheriff's Office
320 S. Joe Martinez Blvd.
Pueblo West, CO. 81007
Tel (719)583-4736
FAX (719)583-4732
mailto:snooker@iex.net
mailto:cicactf@iex.net
http://www.co.pueblo.co.us/sheriff/
PGP key available at: http://pgpkeys.mit.edu:11371/
search on snooker@iex.net







------------------
http://all.net/