neverforeverdotnet

The CIA recently declassified an assload of papers under the Freedom of Information Act. While some of these go pretty far back, it’s still an interesting read nonetheless… if you’re into this kind of thing. Some of these have had their TOP SECRET classifications struck over with a pen like it really doesn’t matter at all.

From a subsite:

The CAESAR, POLO, and ESAU Papers

Cold War Era Hard Target Analysis of Soviet and Chinese Policy and Decision Making, 1953-1973

This collection of declassified analytic monographs and reference aids, designated within the Central Intelligence Agency (CIA) Directorate of Intelligence (DI) as the CAESAR, ESAU, and POLO series, highlights the CIA’s efforts from the 1950s through the mid-1970s to pursue in-depth research on Soviet and Chinese internal politics and Sino-Soviet relations. The documents reflect the views of seasoned analysts who had followed closely their special areas of research and whose views were shaped in often heated debate.

Linky.

I’ll let you know if I find anything interesting. You do the same.

Gary :: Jun.27.2007 :: A thousand words, Good readin', Crypto, Stifle me, stifle you :: No Comments »

Brilliant pic via WiredLet’s not even go into the specifics here ok? I’m just aggregating the madness.

• Backstory on CNet
• Backstory on the NYT
• Photoshopped pics (hurhur)
• Screenshots of digg revolt
• And another (creative buggers)
• Google search for “digg revolt”
• Merchandise
• The free speech flag
• The song

Gary :: May.03.2007 :: A thousand words, Tech, All the news that's fit to print, Crypto :: No Comments »

Two weeks ago, a hacker named muslix64 left a post on the doom9 forums claiming he had broken the AACS content protection system used by HD-DVDs - by simply extracting the relevant keys from memory (oops!). He attached to that post a video and the source code used to decrypt an AACS-protected movie:

The movie he originally posted on YouTube (but which Warner Bros has already managed to C&D).

The news spread far and wide, and now torrents for HD-DVD rips are starting to show up on tracker sites like the Pirate Bay.

On the site, he left a little timeline outlining how long it took for him to break it:

The Saga of decrypting an AACS protected movie, by Muslix64.

December 6:
I just bought a HD-DVD drive to plug on my PC, and a HD movie, cool! But when I realized the 2 software
players on windows don’t allowed me to play the movie at all, because my video card is not HDCP compliant and because I
have a HD monitor plugged with DVI interface, I started to get mad… This is not what we can call “fair use”! So I
decide to decrypt that movie. I start reading the AACS specification I have found on the net. I estimate it will take
me about 4 weeks of full time job to decrypt that. I was wrong, it was in fact, easy…

BTW, when I disable my HD monitor, I can watch the movie,on my old VGA screen, but, what is the point of having
a HD monitor and not being able to watch a HD movie on it!

December 7 to December 12:
Nothing, I try many things, but I’m going nowhere. I change my technique

December 13:
Now I focus only on title key. I was very surprise to realize that the title key is there, in memory! Can it be
that easy? Around 7PM, I decrypt my first movie “pack”. Around 11PM, I have now a totally decrypted movie! But there is
a problem. Frame skipping.

December 14:
After many tests, I found a field in the Nav pack, that fix the frame skipping problem.
Wow! Now I can watch a smooth playback of an HDDVD film that I have decrypted!
After only 8 days of work, I was able to decrypt an HD-DVD movie! What’s the problem? There is a major
security problem somewhere.

December 15 and December 16:
I put together a small program called “BackupHDDVD”, a java based command line utility to decrypt movies.

December 17:
I made a small video called “AACS is Unbreakable” where you can see the output of the program while decrypting.
You can also see a playback of a decrypted movie.

December 18:
Upload that video on YouTube
http://www.youtube.com/watch?v=_oZGYb92isE

December 20:
Upload the program and source code on RapidShare (V0.99)
http://rapidshare.com/files/8318838/…HDDVD.zip.html

December 21:
I want to go further in the decryption, so I decide to track down the “Volume unique key” instead of title key.
I found it also! I’m preparing BackupHDDVD V1.00, that will support volume key and title keys.

December 25:
Merry Christmas!

December 26:
I create a thread on the Doom9 forum about BackupHDDVD. People don’t believe it…

Groundbreaking, indeed. The work of this one person has just greatly undermined the multi-million dollar effort by a consortium of movie studios and the **AAs to dictate what hardware you should and should not own. Bravo… bravo!

Gary :: Jan.14.2007 :: 1337, Crypto :: No Comments »

[begin rant]
So I finally received my 2FA auth token from DBS. So fun.

Just the other day I was having a little argument with Alex and Weijian and Nathan about how these damn things work. I refused to believe that the only thing setting the tokens and the server on the same footing was system time. Kinda unreliable, isn’t it? Unless you’ve got some caesium atoms in there I’m willing to bet that those clocks drift. Probably at different rates too, so I did a little googling…

(I’m basing this on what I read about RSA’s securID tokens. I don’t know who made the DBS ones, but they can’t be too far off.)

Turns out these things aren’t as magical as they seem. There IS a shared secret between the tokens and the auth server (CHAY!) in the form of a truely-random seed. It is then hashed by AES (or some other hashing algo) into the 6-digit number you see, parameterized by system time(!!) and salted by the serial number of the individual tokens.

System time eh? Since these things only roll over once every 60 seconds, what’s stopping me from building a phishing site, collecting PINs and 2FA-generated numbers from ignorant idiots, then turning around and supplying those same credentials to the real DBS site within 60 (possibly less, depending on how slow the victim types) seconds?

Thoughts like these don’t make me feel very safe.
[end rant]

UPDATE:

Giving further thought to the entire man-in-the-middle thing, I realized the old system of sending one-time-passwords to the user’s mobile phone was more troublesome for phishers, but not entirely unlike the attack described above. Using the bank as an oracle, I could:

1. set up a fake page looking like DBS, and trick the victim into visiting.
2. the victim supplies his user id and password.
3. I turn around and supply these to the real bank.
4. The bank directly sends the victim an OTP via sms. The victim is expecting this.
5. I present a fake OTP page.
6. The victim enters the OTP on my page.
7. I turn around and give the bank the OTP it previously sent out, and I’m in.

Note: I don’t take credit for “inventing” any of these attacks. These have been around since forever. I’m only pointing out that the old and new systems are still vulnerable, given a stupid user.

Gary :: Jan.11.2007 :: General, Crypto :: 1 Comment »

---

30 Aug 06 @ 2042Hrs: Updated with a pdf of the comments on Fark so far. Download.

---

I was on my way to work this afternoon (yes, I know it’s a Sunday) when I chanced upon a strange thing lying on the grass verge lining the footpath leading to my office.

It was a little piece of A4-sized cardboard, with what seemed to be some code scribbled on it. When I first saw it, it took every bit of willpower I could muster to resist picking it up, but apparently it wasn’t enough, and 50m down the path I gave in and did a quick about-turn to retrieve it.

Here it is:

The fact that this was scrawled on a piece of cardboard then carelessly discarded beside a busy footpath rather than sealed in a vault on triple-redundant hard disks leads me gently to the assumption that it - if a code - is probably some form of simple monoalphabetic substitution cipher. Polyalphabetic at most.

Here’s what I gather upon initial inspection:

• The spaces look natural I’ve changed my mind. There seems to be too many five-letter words.
• Some “words” don’t have vowels, lowering the chance of this being some transposition scheme. Besides, what sort of word is “CCBA”?
• The handwriting looks shaky and uncertain, but is consistent. The work of a child? Maybe. Kinda rules out 256-bit AES.

The bottom line is that my gut feeling tells me this is breakable, if it’s anything at all. I shall give it a go one of these days and let you folks know what happens. In the meantime, any of you want to have a go at it programmatically, here’s the text for your convenience:

CCBA DAHIJ EFGABI
BICGHG BACHEFG CBA
HCIBCG FECAB BBCEG
AIBG DE GGJC BEGD
GFHABA JCGEF BCDEF
IIGHCA ECCFG DEJJJ
HICEF ICBCA AAFFG CJ
EGA BCADD BBAI DJJ

UPDATE: Alex pointed out that the chinese words scribbled in blue at the top, “Xian Xin Liang Ku” (闲心良苦) could well be a taunt. It’s a take on a common Chinese phrase “Yong Xin Liang Ku” (用心良苦) which loosely means that someone has given a lot of thought or put a lot of effort into something. “Xian Xin” here means “an idle heart / mind”.

UPDATE: Whamdangler from TotalFark pointed out that the second word is “JIHAD” spelt backwards. Coincidence?
Also, he sez “2210 30789 456018 182676 1027456 210 728126 54201 11246 0816 34 6692 1463 657010 92645 12345 886720 42256 34999 78245 82120 00556 29 460 12033 1108 399

That’s the code in numbers, if anyone cares. Note, it’s 0-9 instead of 1-10″

UPDATE: I_C_Weener from TotalFark figures, “My guess is its a substitution cipher, but after each substitution, you rotate to the next letter.
So, the first time, J = A, and the second time you see J, it = B. That is how you have words with 2 or 3 of the same letter.
But, if I deciphered it for you, where would be the fun.
Here is a hint: The first line is ‘For a good time call….’”

UPDATE: Micheal Slater has kindly recommended this frequency-analysis tool. I’ll give it a shot and see if anything turns up.

---

In other news:

On my way home from work, I alighted at Outram Park and crossed the road via the overhead bridge in order to catch a bus home. On the stairs leading down from the bridge was this woman dressed in a pink spag-strap top and really short, thin shorts. She was… erm… oversized. She was also desparately grabbing at her arse in an effort to remove a wad of panty-cloth which had become stuck between those huge cheeks. She dug and yanked all the way down the stairs, her lopsided waddle imparting unto her thighs secondary motion usually only associated with pachyderms or various porcine beasts.

She dug and yanked all the way to the bus stop.

If they made a documentary about her it could be titled Cellulite on Celluloid, but they’d need IMAX film to do it.

Pass the eye bleach please.

Gary :: Aug.27.2006 :: Bitchin', All the news that's fit to print, w00t!, Crypto :: 6 Comments »

Kryptos, for the unaware, is a hulking metallic sculpture sitting in the CIA’s Langley headquarters and is designed by American artist James Sanborn. It is made to resemble a large scroll divided into four sections, each bearing a ciphertext. This interesting structure has intrigued CIA employees and multitudes of cryptanalysts since its dedication in November 1990.

Three of its sections have since been broken, with the fourth remaining publicly unsolved (I say publicly, because we all know how secretive crypto people are, don’t we - er…).

Anyhoo, the artist has just revealed that a long-thought “correct” decryption of the third section is actually wrong, due to a typo in the ciphertext. It seems that, for “aesthetic reasons” (!!), an ‘X’ was omitted from the ciphertext resulting in a change of a section of the plaintext from “ID BY ROW S” to “X LAYER TWO”.

The corrected text now reads:

IT WAS TOTALLY INVISIBLE HOWS THAT POSSIBLE ? THEY USED THE EARTHS MAGNETIC FIELD X THE INFORMATION WAS GATHERED AND TRANSMITTED UNDERGRUUND TO AN UNKNOWN LOCATION X DOES LANGLEY KNOW ABOUT THIS ? THEY SHOULD ITS BURIED OUT THERE SOMEWHERE X WHO KNOWS THE EXACT LOCATION ? ONLY WW THIS WAS HIS LAST MESSAGE X THIRTY EIGHT DEGREES FIFTY SEVEN MINUTES SIX POINT FIVE SECONDS NORTH SEVENTY SEVEN DEGREES EIGHT MINUTES FORTY FOUR SECONDS WEST ID BY ROW SX LAYER TWO

Well done, Sanborn!

Who knows? Maybe it will soon come to light that the fourth section is actually one-time-padded with a table of geiger-counter readings which has long been destroyed…

P.S. I am suddenly reminded of staying up till 4+ in the morning many years back, with Wai Kay on ICQ, tweaking the source code of a QuickBasic program I wrote to help perform frequency analysis on a monoalphabetic substitution cipher (I was lazy to manually count). After about an hour of playing fill-in-the-blanks, the ciphertext dissolved into a passage from the bible, containing clues to solving the next tier of the puzzle I was working on. I never did get around to that…

Hmm.

Gary :: Apr.21.2006 :: Crypto :: 2 Comments »