lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Sun, 16 Mar 2008 13:29:17 +0100
From: "Collin R. Mulliner" <collin@...aversion.net>
To: full-disclosure@...ts.grok.org.uk
Subject: raidsonic nas-4220 crypt disk key leak (stored in
	plain on	unencrypted partition)

Manufacturer: RaidSonic (www.raidsonic.de)
Device:       NAS-4220-B
Firmware:     2.6.0-n(2007-10-11)
Device Type:  end user grade NAS box
OS:           Linux 2.6.15
Architecture: ARM 
Designed by:  Storm Semiconductor Inc (www.storlinksemi.com)


Problem: 
 Hard disk encryption key stored in plain on unencrypted partition.


Time line:
 Found: 09. March 2008
 Reported: 09. March 2008
 Disclosed: 16. March 2008 


Summary:
 The NAS-4220-B offers disk encryption through it's web interface. The  
 key used for encrypting the disk(s) is stored on a unencrypted 
 partition. Therefore one can extract the encryption key by removing 
 the disk from the NAS and reading the value from the unencrypted 
 partition. The key itself is stored in a file in plain (base64 
 encoded). Therefore the NAS-4220 crypt disk support can not be 
 considered secure.


Details:
 The NAS-4220-B can hold two SATA disks. Disk are encrypted through a 
 loop back device using AES128. The problem came to my attention when
 I could access the NAS after reboot without suppling the hard disk key.
 
 The key is stored in /system/.crypt, "/system" is a small 
 configuration partition on the same disk that holds the encrypted 
 partition. The system partition is created by the system software 
 running on the NAS-4220. The configuration partition of the second 
 hard disk is not mounted by default but also contains the .crypt file 
 holding the key for the encrypted partition on the same disk.


 Accessing the key (key value is the example I used):
  $ cat /system/.crypt
  MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=
 
  key in plain           key in base64
  12345678901234567890   MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=


 Base64 decode:
  #!/usr/bin/python
  from base64 import *
  print b64decode("MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=")


Reported by:
 Collin Mulliner <collin(AT)betaversion.net >




Collin's Advisories: http://www.mulliner.org/security/advisories/

--
Collin R. Mulliner <collin@...aversion.net>
BETAVERSiON Systems [www.betaversion.net]
info/pgp: finger collin@...aversion.net
If you have to run heating in winter, you don't own enough computers.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists