Reverse of DPAPI - BlackHat DC 2010

Embed Size (px)

DESCRIPTION

Talk I did for BlackHat DC 2010 with DPAPI reverse engineering and a tool to decrypt things related to DPAPI

Text of Reverse of DPAPI - BlackHat DC 2010

  • Decrypting DPAPI data Jean-Michel Picod, Elie Bursztein EADS, Stanford University Wednesday, February 3, 2010 1
  • Data Protection API Introduced in Windows 2000 Aim to be an easy way for application to store safely data on disk Tie encryption key to user password and the account SID Jean-Michel Picod, Elie Bursztein http://www.dpapick.com Wednesday, February 3, 2010 2
  • Developer point of view DPAPI Application Jean-Michel Picod, Elie Bursztein http://www.dpapick.com Wednesday, February 3, 2010 3
  • GTalk Wednesday, February 3, 2010 4
  • DPAPI is a simple API* *http://msdn.microsoft.com/en-us/library/ms995355.aspx Wednesday, February 3, 2010 5
  • Why digging deeper ? Ofine forensic EFS on Linux Security / cool things ? Jean-Michel Picod, Elie Bursztein http://www.dpapick.com Wednesday, February 3, 2010 6
  • Previous work Multiples attempts to analyze DPAPI Some incomplete (Wine) Some close source (Nir Sofer - NirSoft) Jean-Michel Picod, Elie Bursztein http://www.dpapick.com Wednesday, February 3, 2010 7
  • Take away Decrypt ofine sensitive data Recover user previous passwords (Yes all of them) Do a key escrow attack Jean-Michel Picod, Elie Bursztein http://www.dpapick.com Wednesday, February 3, 2010 8
  • Outline Jean-Michel Picod, Elie Bursztein http://www.dpapick.com Wednesday, February 3, 2010 9
  • Outline DPAPI overview Jean-Michel Picod, Elie Bursztein http://www.dpapick.com Wednesday, February 3, 2010 9
  • Outline DPAPI overview Decryption process Jean-Michel Picod, Elie Bursztein http://www.dpapick.com Wednesday, February 3, 2010 9
  • Outline DPAPI overview Decryption process Security design implications Jean-Michel Picod, Elie Bursztein http://www.dpapick.com Wednesday, February 3, 2010 9
  • Outline DPAPI overview Decryption process Security design implications DPAPIck demo Jean-Michel Picod, Elie Bursztein http://www.dpapick.com Wednesday, February 3, 2010 9
  • Crypto 911 HMAC HMAC (Message authentication code) Usually used to detect data tampering Used here to derive encrypt key and IV ipad = 0x36 xor key opad = 0x5c xor key HMAC= (opad . SHA1(ipad.data)) Jean-Michel Picod, Elie Bursztein http://www.dpapick.com Wednesday, February 3, 2010 10
  • Crypto 911: PBKDF2 PBKDF2 = Password based key derivation function Basically it is a hash function (SHA1 for us) applied n times to slow down the computation. Used to defend against brute-force Salt is used against rainbow tables attacks. Jean-Michel Picod, Elie Bursztein http://www.dpapick.com Wednesday, February 3, 2010 11
  • Crypto 911 : 3DES 3DES : Triple DES encryption Encrypt, Decrypt, Encrypt Exist in two avor : 2 keys or 3 keys (64 bits each) Windows use the strong version with 3 keys Jean-Michel Picod, Elie Bursztein http://www.dpapick.com Wednesday, February 3, 2010 12
  • How the system interacts with DPAPI Jean-Michel Picod, Elie Bursztein http://www.dpapick.com Wednesday, February 3, 2010 13
  • How the system interacts with DPAPI DPAPI cryptoAPI crypt32.dll Jean-Michel Picod, Elie Bursztein http://www.dpapick.com Wednesday, February 3, 2010 13
  • How the system interacts with DPAPI DPAPI cryptoAPI crypt32.dll Local Security Authority cryptoAPI crypt32.dll Jean-Michel Picod, Elie Bursztein http://www.dpapick.com Wednesday, February 3, 2010 13
  • How the system interacts with DPAPI EFS Encrypted le DPAPI cryptoAPI crypt32.dll Local Security Authority cryptoAPI crypt32.dll Jean-Michel Picod, Elie Bursztein http://www.dpapick.com Wednesday, February 3, 2010 13
  • How the system interacts with DPAPI EFS Encrypted le DPAPI cryptoAPI EFS crypt32.dll Local Security Authority cryptoAPI crypt32.dll Jean-Michel Picod, Elie Bursztein http://www.dpapick.com Wednesday, February 3, 2010 13
  • How the system interacts with DPAPI EFS EFS user private Encrypted le key DPAPI cryptoAPI EFS crypt32.dll Local Security Authority cryptoAPI crypt32.dll Jean-Michel Picod, Elie Bursztein http://www.dpapick.com Wednesday, February 3, 2010 13
  • How the system interacts with DPAPI EFS EFS user private Encrypted le key DPAPI cryptoAPI EFS crypt32.dll Local Security Authority