Scribd
Upload
41 views190 pages

They Thinked Differently DerbyCon2013

Uploaded by

jpgress
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
41 views190 pages

They Thinked Differently DerbyCon2013

Uploaded by

jpgress
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 190

What's common in Oracle and Samsung?

They tried to think differently...

László Tóth, Ferenc Spala

28/09/2013 @ DerbyCon 3.0

Saturday, September 28, 13 1


Capital Budapest

Area 35 919 sq mi

Population 9.9 million

Language Hungarian

Internet TDL .hu

Worth reading:
http://9gag.com/gag/
6832266

Saturday, September 28, 13 2


Who are we?

• @Work: Pentest, Vuln. assessment,


Security audits ...

• László

• 12+ years ITSec


• Ferenc
• 6+ years ITSec
• Speakers @ DerbyCon 2.0

• Members of Hacktivity Team

• Co-founders of Hekkcamp

Saturday, September 28, 13 3


Where does the fun begin?

• Samsung phone encryption Android world

• Samsung SD card encryption Android world

• Introduction of a new framework TOOL world

• Oracle link password encryption Odd-one-out

Sorry we have not played with Knox yet.

Saturday, September 28, 13 4


Samsung phone encryption Part 1
It is Android but... “We are different than the others!”

Saturday, September 28, 13 5


WARNING!!!

When we mention S2, S3 and S4, we mean:

• Samsung S2 -> 4.0.3 -> IML74K.XWLP7

• Samsung S3 -> 4.1.2 -> JZO54K.I9300XXEMC2

• Samsung S4 -> 4.2.2 -> JDQ.I9505XXUBMEA

Saturday, September 28, 13 6


What’s the point?

• Android supports disk encryption from


version 3

• In case of phones it supports from


version 4

• The algorithm is known...

Saturday, September 28, 13 7


What’s the point?

• Android supports disk encryption from


version 3

KFC
mark of
red trade
• In case of phones it supports from

a registe
version 4

is
The logo
• The algorithm is known...

boring

Saturday, September 28, 13 7


What’s the point?

• Android supports disk encryption from


version 3

KFC
mark of
red trade
• In case of phones it supports from

a registe
version 4

is
The logo
• The algorithm is known...

boring

t h in k s d iff e re n tly
But Samsung
Saturday, September 28, 13 7
Normal way

Saturday, September 28, 13 8


Normal way

password

Saturday, September 28, 13 8


Normal way

password PBKDF2

Saturday, September 28, 13 8


Normal way

password PBKDF2

partition footer

or

/efs/metadata

Saturday, September 28, 13 8


Normal way

password PBKDF2

partition footer AES128

or

/efs/metadata

Saturday, September 28, 13 8


Normal way

password PBKDF2

partition footer AES128


EDK

or

/efs/metadata

Saturday, September 28, 13 8


Normal way

password PBKDF2

DEK
partition footer AES128 dmcrypt
EDK

or

/efs/metadata

Saturday, September 28, 13 8


Normal way

password PBKDF2 c=2000

DEK
partition footer AES128 dmcrypt
EDK

or

/efs/metadata

Saturday, September 28, 13 8


Normal way

password PBKDF2 c=2000

DEK
partition footer AES128 dmcrypt
EDK

or aes-cbc-
essiv:sha256
keylen=128
/efs/metadata

Saturday, September 28, 13 8


Normal way

password PBKDF2 c=2000

DEK
partition footer AES128 dmcrypt
EDK

or aes-cbc-
essiv:sha256
keylen=128
/efs/metadata

http://xelusprime.wix.com/ettiennev

Saturday, September 28, 13 8


Normal way

Saturday, September 28, 13 9


Normal way
Key length

Saturday, September 28, 13 9


Normal way
Key length EDK

Saturday, September 28, 13 9


Normal way
Key length EDK

IV

Saturday, September 28, 13 9


Normal way
Key length EDK Padding

IV

Saturday, September 28, 13 9


Samsung way

Saturday, September 28, 13 10


Samsung way

partition footer

password PBKDF2 or

/efs/metadata

Saturday, September 28, 13 10


Samsung way

HEX1

partition footer

password PBKDF2 or

/efs/metadata

HEX2

Saturday, September 28, 13 10


Samsung way

HEX1 AES256

partition footer

password PBKDF2 or

/efs/metadata

HEX2 AES256

Saturday, September 28, 13 10


Samsung way

HEX1 AES256

partition footer

password PBKDF2 or

/efs/metadata

HEX2 AES256

Saturday, September 28, 13 10


Samsung way

HEX1 AES256 XOR

partition footer

password PBKDF2 or

/efs/metadata

HEX2 AES256 XOR

Saturday, September 28, 13 10


Samsung way

1st half of EDK


HEX1 AES256 XOR

partition footer

password PBKDF2 or

/efs/metadata

HEX2 AES256 XOR 2nd half of EDK

Saturday, September 28, 13 10


Samsung way

1st half of EDK


HEX1 AES256 XOR

partition footer

password PBKDF2 DEK or

/efs/metadata

HEX2 AES256 XOR 2nd half of EDK

Saturday, September 28, 13 10


Samsung way

1st half of EDK


HEX1 AES256 XOR

1st half of DEK


partition footer

password PBKDF2 DEK or

2nd half of DEK


/efs/metadata

HEX2 AES256 XOR 2nd half of EDK

Saturday, September 28, 13 10


Samsung way

1st half of EDK


HEX1 AES256 XOR

1st half of DEK


partition footer

password PBKDF2 DEK dmcrypt or

2nd half of DEK


/efs/metadata

HEX2 AES256 XOR 2nd half of EDK

Saturday, September 28, 13 10


Samsung way

1st half of EDK


HEX1 AES256 XOR

1st half of DEK


partition footer

password PBKDF2 DEK dmcrypt or

2nd half of DEK


aes-cbc- /efs/metadata
essiv:sha256

HEX2 AES256 XOR 2nd half of EDK

Saturday, September 28, 13 10


Samsung way

1st half of EDK


HEX1 AES256 XOR

1st half of DEK


partition footer
c=4096
password PBKDF2 DEK dmcrypt or

2nd half of DEK


aes-cbc- /efs/metadata
essiv:sha256

HEX2 AES256 XOR 2nd half of EDK

Saturday, September 28, 13 10


Samsung way

1st half of EDK


HEX1 AES256 XOR

1st half of DEK


partition footer
c=4096
password PBKDF2 DEK dmcrypt or

2nd half of DEK


aes-cbc- /efs/metadata
essiv:sha256

HEX2 AES256 XOR 2nd half of EDK

FIPS documentation helped 140sp1632.pdf

Saturday, September 28, 13 10


Samsung way

1st half of EDK


HEX1 AES256 XOR

1st half of DEK


partition footer
c=4096
password PBKDF2 DEK dmcrypt or

2nd half of DEK


aes-cbc- /efs/metadata
essiv:sha256

HEX2 AES256 XOR 2nd half of EDK

http://hammerheadgraphics.iwarp.com/

FIPS documentation helped 140sp1632.pdf

Saturday, September 28, 13 10


Samsung way

Saturday, September 28, 13 11


Samsung way
Key length

Saturday, September 28, 13 11


Samsung way
Key length EDK

Saturday, September 28, 13 11


Samsung way
Key length EDK

IV

Saturday, September 28, 13 11


Samsung way
Key length EDK Padding

IV

Saturday, September 28, 13 11


Samsung way

Saturday, September 28, 13 12


Samsung way

Samsung Android

Saturday, September 28, 13 12


Samsung way

Samsung PBKDF2 Android

Saturday, September 28, 13 12


Samsung way

Samsung PBKDF2 Android

4096 VS 2000*2

Saturday, September 28, 13 12


Samsung way

Samsung Android

Saturday, September 28, 13 13


Samsung way

Samsung Key Length Android

Saturday, September 28, 13 13


Samsung way

Samsung Key Length Android

256 VS 128

Saturday, September 28, 13 13


Samsung way

Samsung Android

Saturday, September 28, 13 14


Samsung way

Samsung Padding Android

Saturday, September 28, 13 14


Samsung way

Samsung Padding Android

HMAC-SHA256(EDK, VS All zero


PBKDF2(pwd))

Saturday, September 28, 13 14


Samsung way

Samsung Padding Android

HMAC-SHA256(EDK, VS All zero


PBKDF2(pwd))

no t h a v e to d e c ry p t th e
p h o nes the v o ld d o e s
On Samsung a s s w o rd
key to v e rify th e p

Saturday, September 28, 13 14


Samsung way

Saturday, September 28, 13 15


Samsung way

Wrong password

Saturday, September 28, 13 15


Samsung way

Wrong password

Good password

Saturday, September 28, 13 15


Samsung way

Wrong password

Good password

Wrong password

Saturday, September 28, 13 15


Samsung way

Wrong password

Good password

Wrong password

This does not work on S2 and S3, but works on S4


Saturday, September 28, 13 15
Samsung way

Samsung S4 Android

Saturday, September 28, 13 16


Samsung way

Samsung S4 function Android

Saturday, September 28, 13 16


Samsung way

Samsung S4 function Android

verify_EDK VS cryptfs_verify_passwd
in cryptfs.c
in libsec_km.so

Saturday, September 28, 13 16


Android

} else {
decrypt_master_key
decrypt_master_key(passwd, salt, encrypted_master_key,
decrypted_master_key);
if (!memcmp(decrypted_master_key,
decrypted_master_key saved_master_key,
saved_master_key
crypt_ftr.keysize)) {
/* They match, the password is correct */
rc = 0;
} else {
/* If incorrect, sleep for a bit to prevent
dictionary attacks */
sleep(1);
rc = 1;
}
}

return rc;

Saturday, September 28, 13 17


Android

decrypt_master_key
decrypted_master_key
} else {
decrypt_master_key(passwd, salt, encrypted_master_key,
decrypted_master_key); saved_master_key
if (!memcmp(decrypted_master_key, saved_master_key,
crypt_ftr.keysize)) {
/* They match, the password is correct */
rc = 0;
} else {
/* If incorrect, sleep for a bit to prevent
dictionary attacks */
sleep(1);
rc = 1;
}
}

return rc;

Saturday, September 28, 13 17


Android

decrypt_master_key
decrypted_master_key
} else {
decrypt_master_key(passwd, salt, encrypted_master_key,
decrypted_master_key); saved_master_key
if (!memcmp(decrypted_master_key, saved_master_key,
crypt_ftr.keysize)) {
/* They match, the password is correct */
rc = 0;
} else {
/* If incorrect, sleep for a bit to prevent
dictionary attacks */
sleep(1);
rc = 1;
}

sleep(1);
}

return rc;

Saturday, September 28, 13 17


Android

static unsigned char saved_master_key[KEY_LEN_BYTES];

Saturday, September 28, 13 18


Android

static unsigned char saved_master_key[KEY_LEN_BYTES];

in s th e d e c ry p t e d d is k
rc es s m em o ry co nta
The vold po
encryption key.

Saturday, September 28, 13 18


Samsung way

Saturday, September 28, 13 19


Samsung way

pbkdf

SECKM_HMAC_SHA256

memcmp

Saturday, September 28, 13 19


Samsung way

GREAT! Samsung does not store the clear text key in


the vold process memory!

Saturday, September 28, 13 20


Samsung way

GREAT! Samsung does not store the clear text key in


the vold process memory!

Saturday, September 28, 13 20


Samsung way

GREAT! Samsung does not store the clear text key in


the vold process memory!

DEMO
Saturday, September 28, 13 20
Samsung way

Saturday, September 28, 13 21


Samsung way

• Yes! You saw the password there

Saturday, September 28, 13 21


Samsung way

• Yes! You saw the password there

• This works on S2 (4.0.3) and S3 (4.1.2)

Saturday, September 28, 13 21


Samsung way

• Yes! You saw the password there

• This works on S2 (4.0.3) and S3 (4.1.2)

• You need adb and root on the phone (vold runs as root)

Saturday, September 28, 13 21


Samsung way

• Yes! You saw the password there

• This works on S2 (4.0.3) and S3 (4.1.2)

• You need adb and root on the phone (vold runs as root)

• Probably several other method can be developed to get these as root

Saturday, September 28, 13 21


Samsung way

• Yes! You saw the password there

• This works on S2 (4.0.3) and S3 (4.1.2)

• You need adb and root on the phone (vold runs as root)

• Probably several other method can be developed to get these as root

• BUT now you have one...

Saturday, September 28, 13 21


Samsung way

Saturday, September 28, 13 22


Samsung way

• But, what if we do not have that access

Saturday, September 28, 13 22


Samsung way

• But, what if we do not have that access

• Create a recovery image that runs the adb, have root and dd

Saturday, September 28, 13 22


Samsung way

• But, what if we do not have that access

• Create a recovery image that runs the adb, have root and dd

• Get the partition footer from the phone

Saturday, September 28, 13 22


Samsung way

• But, what if we do not have that access

• Create a recovery image that runs the adb, have root and dd

• Get the partition footer from the phone

• Try to crack it

Saturday, September 28, 13 22


Samsung way

• But, what if we do not have that access

• Create a recovery image that runs the adb, have root and dd

• Get the partition footer from the phone

• Try to crack it

DEMO
Saturday, September 28, 13 22
Samsung way

Saturday, September 28, 13 23


Samsung way

• Yes we developed a john the ripper module, but just for demonstration
purposes (no optimization)

Saturday, September 28, 13 23


Samsung way

• Yes we developed a john the ripper module, but just for demonstration
purposes (no optimization)

• It is slow because of the 4096 cycle in the PBKDF2

Saturday, September 28, 13 23


Samsung way

• Yes we developed a john the ripper module, but just for demonstration
purposes (no optimization)

• It is slow because of the 4096 cycle in the PBKDF2

• Samsung requires at least 6 character password with one number

Saturday, September 28, 13 23


Samsung way

• Yes we developed a john the ripper module, but just for demonstration
purposes (no optimization)

• It is slow because of the 4096 cycle in the PBKDF2

• Samsung requires at least 6 character password with one number

• The dictionary attack is feasible

Saturday, September 28, 13 23


Samsung way

• Yes we developed a john the ripper module, but just for demonstration
purposes (no optimization)

• It is slow because of the 4096 cycle in the PBKDF2

• Samsung requires at least 6 character password with one number

• The dictionary attack is feasible

• We did not test it, but with GPU the 6 character all lower case might be feasible
also

Saturday, September 28, 13 23


Samsung way

• Yes we developed a john the ripper module, but just for demonstration
purposes (no optimization)

• It is slow because of the 4096 cycle in the PBKDF2

• Samsung requires at least 6 character password with one number

• The dictionary attack is feasible

• We did not test it, but with GPU the 6 character all lower case might be feasible
also

• And users tends to use even weaker password on a mobile device than an a
PC

Saturday, September 28, 13 23


Samsung way

Why does not this work on S4?

Saturday, September 28, 13 24


Samsung S4 phone encryption Part 2
It is Android, but... “We are even more different!”

Saturday, September 28, 13 25


Samsung way

Saturday, September 28, 13 26


Samsung way
Key length

Saturday, September 28, 13 26


Samsung way
Key length Length

Saturday, September 28, 13 26


Samsung way
Key length Length Encrypted footer

Saturday, September 28, 13 26


Samsung way

Saturday, September 28, 13 27


Samsung way

TEE
Saturday, September 28, 13 27
Samsung way

mobicore
kernel

TEE
Saturday, September 28, 13 27
Samsung way

trustlet

trustlet

trustlet

mobicore
kernel

TEE
Saturday, September 28, 13 27
Samsung way
partition footer

/dev/socket/vold
trustlet vold vdc

trustlet

trustlet

mobicore
kernel

TEE
Saturday, September 28, 13 27
Samsung way
partition footer

/dev/socket/vold
trustlet vold vdc
/dev/ashmem/secure_storage_ashmem
trustlet
secure_storage_daemon
trustlet

mobicore
kernel

TEE
Saturday, September 28, 13 27
Samsung way
partition footer

/dev/socket/vold
trustlet vold vdc
/dev/ashmem/secure_storage_ashmem
trustlet
secure_storage_daemon
trustlet /dev/mobicore
/dev/mobicor-user
libMcClient.so

mobicore mckernelapi
kernel mcdrvmodule

TEE Android kernel


Saturday, September 28, 13 27
Samsung way
partition footer

/dev/socket/vold
trustlet vold vdc
/dev/ashmem/secure_storage_ashmem
trustlet
secure_storage_daemon
trustlet /dev/mobicore
/dev/mobicor-user
libMcClient.so

mobicore mckernelapi
kernel mcdrvmodule

TEE Android kernel


Saturday, September 28, 13 27
Samsung way

Saturday, September 28, 13 28


Samsung way

Saturday, September 28, 13 28


Samsung way

Saturday, September 28, 13 28


Samsung way

Saturday, September 28, 13 28


Samsung way

mcOpenDevice

mcMAllocWsm

mcMap

mcOpenSession

mcMap, mcMap, mcMap

mcNotify

mcWaitNotification

Saturday, September 28, 13 29


Samsung way

mcOpenSession

mcOpenDevice

mcMAllocWsm

mcMap

mcOpenSession

mcMap, mcMap, mcMap

mcNotify

mcWaitNotification

Saturday, September 28, 13 29


Samsung way
UUID
mcOpenSession #strings ffffffffd00000000000000000000004.tlbin

mcOpenDevice

mcMAllocWsm

mcMap

mcOpenSession

mcMap, mcMap, mcMap

mcNotify

mcWaitNotification

Saturday, September 28, 13 29


Samsung way
UUID
mcOpenSession #strings ffffffffd00000000000000000000004.tlbin

mcOpenDevice

mcMAllocWsm

mcMap

mcOpenSession

mcMap, mcMap, mcMap

mcNotify

mcWaitNotification

Saturday, September 28, 13 29


Samsung way

WOW! This can be a very nice research!

Saturday, September 28, 13 30


Samsung way

WOW! This can be a very nice research!

Saturday, September 28, 13 30


Samsung way

Saturday, September 28, 13 31


Samsung way

• Yes, it will be in the future

Saturday, September 28, 13 31


Samsung way

• Yes, it will be in the future

• But now we just would like to be able to - at least - offline brute-force the
password

Saturday, September 28, 13 31


Samsung way

• Yes, it will be in the future

• But now we just would like to be able to - at least - offline brute-force the
password

m u c h s im p le r wa y!!
We have a

Saturday, September 28, 13 31


Samsung way

Saturday, September 28, 13 32


Samsung way

• Change the recovery image of a samsung firmware to start the mobicore


environment (vold, secure_storage_daemon, mcDriverDaemon)

Saturday, September 28, 13 32


Samsung way

• Change the recovery image of a samsung firmware to start the mobicore


environment (vold, secure_storage_daemon, mcDriverDaemon)

• Put a break point in vold to the verify_EDK function

Saturday, September 28, 13 32


Samsung way

• Change the recovery image of a samsung firmware to start the mobicore


environment (vold, secure_storage_daemon, mcDriverDaemon)

• Put a break point in vold to the verify_EDK function

• Run vdc cryptfs verifypw pwd

Saturday, September 28, 13 32


Samsung way

• Change the recovery image of a samsung firmware to start the mobicore


environment (vold, secure_storage_daemon, mcDriverDaemon)

• Put a break point in vold to the verify_EDK function

• Run vdc cryptfs verifypw pwd

• Dump the first parameter

Saturday, September 28, 13 32


Samsung way

• Change the recovery image of a samsung firmware to start the mobicore


environment (vold, secure_storage_daemon, mcDriverDaemon)

• Put a break point in vold to the verify_EDK function

• Run vdc cryptfs verifypw pwd

• Dump the first parameter

DEMO
Saturday, September 28, 13 32
Samsung way

Saturday, September 28, 13 33


Samsung way

• And you will have the encrypted DEK

Saturday, September 28, 13 33


Samsung way

• And you will have the encrypted DEK

• In the same format that is used by S2 and S3

Saturday, September 28, 13 33


Samsung way

• And you will have the encrypted DEK

• In the same format that is used by S2 and S3

• You can start the offline cracking

Saturday, September 28, 13 33


Samsung way

You have offline brute-force attack, despite


of the TrustZone and mobicore magic!!

Saturday, September 28, 13 34


Samsung SD card encryption Part 3
It is secure! You cannot use it in a different phone or in computer

Saturday, September 28, 13 35


Samsung SD card encryption

Saturday, September 28, 13 36


Samsung SD card encryption

• On Samsung phones the SD card can be encrypted

Saturday, September 28, 13 36


Samsung SD card encryption

• On Samsung phones the SD card can be encrypted

• After the encryption you cannot use it in other phones or in a computer

Saturday, September 28, 13 36


Samsung SD card encryption

• On Samsung phones the SD card can be encrypted

• After the encryption you cannot use it in other phones or in a computer

• Let’s see what is happening there...

Saturday, September 28, 13 36


Samsung SD card encryption

Saturday, September 28, 13 37


Samsung SD card encryption

• It uses the ecryptfs file based encryption

Saturday, September 28, 13 37


Samsung SD card encryption

• It uses the ecryptfs file based encryption

• The key is stored in the following file:

Saturday, September 28, 13 37


Samsung SD card encryption

• It uses the ecryptfs file based encryption

• The key is stored in the following file:

/data/system/edk_p_sd

Saturday, September 28, 13 37


Samsung SD card encryption

• It uses the ecryptfs file based encryption

• The key is stored in the following file:

/data/system/edk_p_sd

• The format of the file is the same as the partition footer or the /efs/metadata

Saturday, September 28, 13 37


Samsung SD card encryption

• It uses the ecryptfs file based encryption

• The key is stored in the following file:

/data/system/edk_p_sd

• The format of the file is the same as the partition footer or the /efs/metadata

• and it is encrypted in the same way

Saturday, September 28, 13 37


Samsung SD card encryption

What’s wrong with the following picture?


S2 (4.0.3)

Saturday, September 28, 13 38


Samsung SD card encryption

What’s wrong with the following picture?


S2 (4.0.3)

Saturday, September 28, 13 38


Samsung SD card encryption

Saturday, September 28, 13 39


Samsung SD card encryption

• On S2 (4.0.3) it is world readable

Saturday, September 28, 13 39


Samsung SD card encryption

• On S2 (4.0.3) it is world readable

• On S3 (4.1.2) and S4 (4.2.2) it is


readable by root only

Saturday, September 28, 13 39


Samsung SD card encryption

• On S2 (4.0.3) it is world readable

• On S3 (4.1.2) and S4 (4.2.2) it is


readable by root only

• Wait! The first S3s came with


4.0.3...

Saturday, September 28, 13 39


Samsung SD card encryption

• On S2 (4.0.3) it is world readable

• On S3 (4.1.2) and S4 (4.2.2) it is


readable by root only

• Wait! The first S3s came with


4.0.3...

• If you encrypted your SD card


before the upgrade...

Saturday, September 28, 13 39


Samsung SD card encryption

• On S2 (4.0.3) it is world readable

• On S3 (4.1.2) and S4 (4.2.2) it is


readable by root only

• Wait! The first S3s came with


4.0.3...

• If you encrypted your SD card


before the upgrade...

Saturday, September 28, 13 39


Samsung SD card encryption

• On S2 (4.0.3) it is world readable

• On S3 (4.1.2) and S4 (4.2.2) it is


readable by root only

• Wait! The first S3s came with


4.0.3...

• If you encrypted your SD card


before the upgrade...

Saturday, September 28, 13 39


Samsung SD card encryption

Saturday, September 28, 13 40


Samsung SD card encryption

Saturday, September 28, 13 40


Samsung SD card encryption

Saturday, September 28, 13 40


Samsung SD card encryption

...

Saturday, September 28, 13 40


Samsung SD card encryption

...

Saturday, September 28, 13 40


Samsung SD card encryption

...

Saturday, September 28, 13 40


Samsung SD card encryption

Saturday, September 28, 13 41


Samsung SD card encryption

• The firs 8 bytes of the key is in


the mount output

Saturday, September 28, 13 41


Samsung SD card encryption

• The firs 8 bytes of the key is in


the mount output

• 256 --> 192

Saturday, September 28, 13 41


Samsung SD card encryption

• The firs 8 bytes of the key is in


the mount output

• 256 --> 192

• The mount command can run


by everyone

Saturday, September 28, 13 41


Samsung SD card encryption

• The firs 8 bytes of the key is in


the mount output

• 256 --> 192

• The mount command can run


by everyone

DEMO

Saturday, September 28, 13 41


Samsung SD card encryption

• The firs 8 bytes of the key is in


the mount output

• 256 --> 192

• The mount command can run


by everyone

DEMO

Saturday, September 28, 13 41


one more thing...

Saturday, September 28, 13 42


Oracle

CREATE DATABASE LINK...

DB LINK

ORACLE1 ORACLE2

Saturday, September 28, 13 43


Oracle

Saturday, September 28, 13 44


Oracle

Saturday, September 28, 13 45


Oracle

Saturday, September 28, 13 46


Oracle

Saturday, September 28, 13 46


Oracle

Saturday, September 28, 13 46


Oracle

Saturday, September 28, 13 46


Oracle

Saturday, September 28, 13 47


Oracle

Saturday, September 28, 13 47


Oracle

The python script is 83KB

Saturday, September 28, 13 47


Oracle

The python script is 83KB

Saturday, September 28, 13 47


Oracle

The python script is 83KB

It is not because of the complexity

Saturday, September 28, 13 47


There is a 16K long constant!

Saturday, September 28, 13 48


There is a 16K long constant!

Saturday, September 28, 13 48


There is a 16K long constant!

Saturday, September 28, 13 48


There is a 16K long constant!

Saturday, September 28, 13 48


Oracle

Saturday, September 28, 13 49


Oracle

• One constant changed in the algorithm from 11.2.0.3 to 12.0.1

Saturday, September 28, 13 49


Oracle

• One constant changed in the algorithm from 11.2.0.3 to 12.0.1

• The link$ table is well protected

Saturday, September 28, 13 49


Oracle

• One constant changed in the algorithm from 11.2.0.3 to 12.0.1

• The link$ table is well protected

• This is obfuscation, not encryption

Saturday, September 28, 13 49


Summary

Saturday, September 28, 13 50


Summary

• It is a good idea to cleanup the keys and passwords from the memory

Saturday, September 28, 13 50


Summary

• It is a good idea to cleanup the keys and passwords from the memory

• TrustZone is not the final solution for everything

Saturday, September 28, 13 50


Summary

• It is a good idea to cleanup the keys and passwords from the memory

• TrustZone is not the final solution for everything

• Now - after a proper backup - you can mount your encrypted SD card

Saturday, September 28, 13 50


Summary

• It is a good idea to cleanup the keys and passwords from the memory

• TrustZone is not the final solution for everything

• Now - after a proper backup - you can mount your encrypted SD card

• Playing with Oracle is always fun

Saturday, September 28, 13 50


References

• http://www.sensepost.com/blog/9114.html

• https://viaforensics.com/

• http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/
140sp1632.pdf

• https://hashcat.net/forum/thread-2270.html

• https://source.android.com/devices/tech/encryption/
android_crypto_implementation.html

Saturday, September 28, 13 51


Thank You!
[  DEBUG  ]:  Thx  to  Alex  Kornbust,  Pete  Finnigen,
Paul  Wright,  Zsombor  Kovács  and  Ettienne  
Vorster!

[  INFO    ]:  Thx  to  the  hekkcamp  participants!

[  OK        ]:  See  U  at  DerbyCon  4.0!

[  ERROR  ]:  More  beer  needed!


László Tóth Ferenc Spala
donctl spala.ferenc
Get all the goodies from:
http://soonerorlater.hu @donctl @FerencSpala
https://github.com/donctl/sandy n/a spala.ferenc
László Tóth Ferenc Spala

Saturday, September 28, 13 52

You might also like