In association with heise online

In contrast to the missing preformat of the entire disk, an XOR with an unchanging cipher block does represent a major cryptographic flaw – in fact, the open kind of flaw that, used in this way, is susceptible to what are known as "known plain-text attacks". XOR encryption works like this:

  Ciphertext1 = plaintext1 XOR cipher block(key 1)
  Ciphertext2 = plaintext2 XOR cipher block(key 2)
  Ciphertext3 = plaintext3 XOR cipher block(key 3)

The same operations are used for decryption, only with the role of plaintext and ciphertext reversed:

  Plaintextn = ciphertextn XOR cipher block(key n)

When the cipher block is the same for every sector, as above, the result is:

  cipher block(key) = ciphertextn XOR plaintextn

for any block n. In other words, you only need to find a 512-byte sector with known plaintext to calculate the universal cipher block. Such attacks are therefore called "known plaintext attacks." To make matters worse, sector 67 consists almost completely of zeros if the first partition is formatted with FAT32:

00008400  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00008410 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00008420 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
...
000085d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000085e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000085f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 aa |..............U.|

As a result, you can get almost the entire encryption cipher just by reading sector 67 from the encrypted drive – after all:

  cipher block(key) = ciphertextn XOR 0 = ciphertext n

So if you take the output of: dd if=/dev/sdc bs=512 count=1 skip=67 | hexdump -vC, you have almost the entire 512-byte block you are looking for:

00008400  77 c8 54 35 ee 90 a9 6a  dc 21 53 d5 7d 43 a6 aa  |w.T5...j.!S.}C..|
00008410 3f 86 4c 55 7e 0c 99 aa 39 18 32 55 72 30 64 aa |?.LU~...9.2Ur0d.|
00008420 21 60 c8 54 42 c0 90 a9 41 80 21 53 82 00 43 a6 |!`.TB...A.!S..C.|
...
000085d0 01 07 00 92 c7 0e 00 24 8e 1d 00 48 1c 3b 00 90 |.......$...H.;..|
000085e0 fd 76 00 20 fa ed 00 40 f4 db 01 80 2d b7 03 00 |.v. ...@....-...|
000085f0 5a 6e 07 00 b4 dc 0e 00 68 b9 1d 00 d0 72 6e aa |Zn......h....rn.|

But we still don't have the last two bytes 6e aa right, which have to be XORed with 55 aa to produce the final result 3b 00. Now we know the entire 512-byte encryption cipher, which we can use to decrypt all other hard drive sectors.

Print Version | Permalink: http://h-online.com/-746199
  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit