-
Notifications
You must be signed in to change notification settings - Fork 37
/
README
125 lines (99 loc) · 4.63 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
Midgetpack
~-~-~-~-~-
Table of contents:
1- What is Midgetpack
2- Features
3- Use
4- Shortcomings
5- Installation
***********************************************************
1- What is Midgetpack
Midgetpack is a binary packer for ELF binaries, such as burneye, upx or
other tools. Its goal is to protect your assets (tools, exploits) when using
them on untrusted systems (e.g on a monitored customer's system during a
pentest).
Midgetpack contains two modes of operation: password and curve25519 key exchange.
The password mode is the classical password that is asked when starting the
binary. I believe the binary to be secure against cracking if you choose a
strong password, but once someone has both binary and password he can do whatever
he wants.
The curve25519 is the real advantage of midgetpack. In this mode, you do not
provide any password or key. Instead, a key file is generated at packing time.
This key file must be used everytime you wish to use the binary. When you start
the binary, it will give a challenge and expect a response. You copy/paste the
challenge in the input of the mpkex tool and receive a response containing the
encrypted key to the binary.
This key exchange is protected by Curve25519 key exchange, the key is encrypted
with aes-128 and the whole exchange is authenticated with HMAC-SHA256 to avoid
generic man-in-the-middle attacks.
This mode is truly secure as eavesdropping the terminal will *not* be enough to
recover the key or the unprotected binary.
2- Features
Midgetpack is able to pack binaries in different architectures using the same
executable. This makes possible to pack an x86 binary on an amd64 one.
Currently Linux and freebsd are supported.
CPU supported: x86-32, x86-64, arm
Encryption:
- Password (PBKCS2, AES128-cbc, HMAC-SHA256)
- curve25519 (Curve25519 kex, AES128-cbc, HMAC-SHA256)
3- Use
As stated above, there are 2 different operation modes: password and curve25519.
- Password:
$ ./midgetpack -o binary -p src/tests/test32-dynamic
x86 ELF file
Adding new pheader with vaddr base badd000, offset 0 of filesz 5eca
Please enter password:
Enter the password again:
$ chmod +x binary
$ ./binary
starting stub...
Password:
Hello, world !
- Curve25519
$ ./midgetpack -o binary -c src/tests/test32-dynamic
x86 ELF file
Adding new pheader with vaddr base badd000, offset 0 of filesz 5eca
Key data written in file key
Then, two consoles are needed:
$ ./binary | $ src/packer/mpkex key
starting stub... | Waiting for challenge...
challenge: |
ZABpaSpiAkNzJTFKkiE3S7mW-vC7YrcBainilU |
1yScpWEWZB9epppJHeicqd9wj4 |
| ZABpaSpiAkNzJTFKkiE3S7mW-vC7YrcBainilU
| 1yScpWEWZB9epppJHeicqd9wj4
| Response:
| jvDFJApVgXUASz-7hLj_2BJ40ppY0EsJ9GOsM-f
| 7pkBVFsu6cnV4XWBSO5nz82lVopPJJ5PRy7Pi-l
| urGgtPDDAA
jvDFJApVgXUASz-7hLj_2BJ40ppY0EsJ9GOsM- | $
f7pkBVFsu6cnV4XWBSO5nz82lVopPJJ5PRy7Pi |
-lurGgtPDDAA |
Hello, world ! |
4- Shortcomings
The password version of midgetpack is not very secure. The password is currently
echoed back so it appears in cleartext on honeypots. However it may be enough when
there's good confidence that the system is not monitored.
The Curve25519 version is stronger, but is subject to replay attacks if the PRNG
can be forced to replay same numbers. To do so, an attacker would need to hook
/dev/urandom, the rdtsc instruction and the ELF Aux vector on the first run
to force output of the same numbers.
The Curve25519 version is also vulnerable to some active man-in-the middle attacks
in which an attacker would need to extract the HMAC key from the binary and dynamically
replace the binary's challenge with its own.
Both these attacks are unlikely to be seen in the wild.
Both versions are vulnerable to snapshots attacks, in which a snapshot of the VM or
the running process is taken in order to analyse the cleartext version of the binary.
Reducing the impact of these attacks may be a target for next versions.
5- Installation
Requirements:
- cmake
- C compiler (tested with gcc, may fail on clang)
$ mkdir build/
$ cd build/
$ cmake ..
(note: cmake .. -DWITH_PRECOMPILED_STUBS if you don't want any binary blob)
$ make
$ src/packer/midgetpack -o packed -P mypassword src/tests/test32-dynamic
$ ./packed