All About HackingBlackhat Hacking ToolsFree CoursesHacking

Ethical hacking: Breaking cryptography (for hackers) by Blackhat Pakistan 2023

Cryptography is the science of protecting secrets. As a result in Ethical hacking, it is designed to prevent an unauthorized party (such as a hacker) from gaining access to protected data. While early encryption algorithms had significant flaws and were easily broken, the current state of encryption has improved greatly.

That being said, cryptography can be broken under the right circumstances.

The first step to breaking cryptography is to identify the cryptographic algorithm being used. This can be achieved in several ways, including:

  • Manual reverse engineering
  • Keywords search algorithm names
  • Executable dependency analysis
  • Ciphertext analysis (e.g. observation of block lengths)

With this information in hand, it’s time to start looking for exploitable vulnerabilities.

Exploitation of cryptographic vulnerabilities[Ethical hacking]

Modern cryptography is secure by design. However, security by design does not necessarily mean perfect security. If cryptography is poorly implemented or misused, vulnerabilities can be created that a hacker can exploit. There are many different ways to use modern cryptosystems.

Also Read:How UEFI Secure Boot works-Knew everything by Blackhat Pakistan 2023

Key management

Encryption algorithms are designed to ensure that only the sender and recipient can access the message. This access is protected using secret keys known only to two authorized parties.

However, key management is one of the most common ways cryptography fails. Key management systems have the classic problem of having to balance usability and security, with usability often winning out. Encryption keys are often based on or protected by passwords. Because many users routinely use weak or repetitive passwords, stealing the encryption key is often an effective way to bypass encryption protection.

Streaming cipher security flaws

Encryption algorithms come in two main varieties: block and stream ciphers. In general, block ciphers are more intuitive and easier to use, but less efficient (because you have to work in set block sizes). As a result, developers occasionally use stream ciphers.

While stream ciphers can certainly be secure, they also have their drawbacks. One potential problem is the fact that stream ciphers perform bit-level encryption. If the developer does not implement integrity checks, a hacker may not be able to read protected data, but can modify it without detection.

Weak/broken encryption algorithms

Another major problem that exists with stream ciphers (and also block ciphers) is the use of insecure encryption algorithms. RC4 is probably the stream cipher with the highest name recognition, and that recognition means it’s used.

However, developers who use it don’t always know how to use it properly. RC4 has a serious cryptographic weakness where the first bits of its output bitstream are strongly correlated with the secret key. If the developer does not use RC4 (i.e. discards these bits) and the attacker can guess the output bitstream (i.e. if he can choose the input to the cipher), he may be able to derive the encryption key or at least enough bits. to make it vulnerable to a brute force attack.

Despite its shortcomings, RC4 is still considered a usable cipher if used correctly. Other encryption algorithms (like DES) are known to be vulnerable. Examining the vulnerabilities of an encryption algorithm can allow a hacker to defeat the encryption.

Custom algorithms/protocols

“Never throw your own crypto” is basically a law of cryptography. Expert cryptanalysts can spend years developing a cipher and it can quickly be cracked by a vulnerability they didn’t consider.

Despite this, people still believe that they can create their own algorithms that are better than the standardized ones. If you can get a copy of the software and it has a function with an excessive number of XORs and bit shifts, it is probably a custom algorithm. This is definitely worth the effort of reverse engineering as it is almost certainly insecure.

Abusing the algorithm

Another common mistake made by developers is the incorrect use of algorithms. For example, encryption of server-to-client traffic should always use asymmetric cryptography. Otherwise, the encryption key is embedded somewhere in the client code. If you believe the code in question uses symmetric encryption for communication, it’s time to look for that key in the executable.

Abusing the algorithm also covers a lot of other mistakes. Key reuse can be a significant problem for certain algorithms, so look for a function that generates a shared key between the client and the server. If none exists, the algorithm may be vulnerable to attack. If present, it is possible for a man-in-the-middle attack to allow traffic to be decrypted.

Algorithms can also be abused by misusing certain values. If the encryption algorithm:

  • Hashes a password without a unique salt
  • Uses a non-random or non-unique initialization vector

… then it is probably vulnerable to attack. Finding a specific algorithm and how it affects its security may be the key to cracking it.

Side channels

Side-channel analysis is an attack against cryptography where data is inadvertently leaked due to how the system is implemented. For example, the power consumption of some cryptographic algorithms depends in some way on the secret key.

Trying to measure the power consumption of an algorithm may not be feasible, but execution time is another common side channel. Some algorithms have execution times that are based on their inputs.

A non-cryptographic example is an authentication system that checks a password character by character and immediately returns when the password is identified as incorrect. This type of system can be defeated by guessing the password one character at a time and meeting the execution time. Whichever character takes the longest to process is likely the correct one for that bit of the password. If an encryption algorithm has similar timing leaks, it may be vulnerable to attack.

When performing a lateral channel analysis, it is important to consider all possible causes of leakage. For example, the Heartbleed vulnerability is caused by caching that creates a timing side channel.

Out of range

Finally, encryption algorithms are only effective at protecting data when it is encrypted. Encryption cannot protect data before encryption is performed or after decryption. If important data is encrypted at rest or in transit, it is often best to try to steal the data while it is unencrypted by monitoring the memory space of the process doing the encryption and any calls to cryptographic libraries.

Conclusion: Cracking the cryptography

Ultimately, cryptography is only truly breakable when done incorrectly. Modern encryption algorithms are designed to make brute-force guessing the secret key the most effective attack vector, and to be computationally infeasible on modern hardware.

However, encryption algorithms are also extremely sensitive to errors in design or implementation. Even a tiny mistake can make the algorithm vulnerable to attack.


Leave a Reply

Your email address will not be published. Required fields are marked *