Didier Stevens

Sunday 7 September 2008

Mister P and Q’s Excellent Solution

Filed under: Encryption,Hacking,Puzzle — Didier Stevens @ 15:49

Mr. P and Q has solved my Authenticode Challenge. You can download his solution here, I copied his howto here below. I’ll add my own details in an upcoming post, but in the meantime, be sure to do a web search for the modulus.


What you need:
An internet connection
A windows system
A CPP compiler
OpenSSL installed

Step 1:
Export the certificate used by Didier from ac.exe to didier.cer
Select AC.EXE, Right click properties, Digital Signatures tab, "Details button", "View Certificate" button,Details tab, "Copy to File" button, select
the "DER encoded binary X.509(.CER)" option and export to didier.exe

Step 2:
Use OpenSSL to extract the modulus of the certificate used
OpenSSL>x509 -modulus -inform DER -in didier.cer

Step 3:
Use OpenSSL to convert didier's certificate in PEM format (for later use)
OpenSSL>x509 -inform DER -in didier.cer -outform PEM -out didier.pem

Step 4:
Copy the modulus extracted in step2 into FindPQ.cpp, build the application, execute and (wait ... wait ... wait ...) ^1000
or download http://www.boo.net/~jasonp/msieve.exe.
Start msieve
msieve -v -n 0xD0EA1ABA978DF0065B2009F75C846F28B04ED5143B237B3FC24272245ADE837EFE0271E1A2854E0C81BA9F70A83AD86D47B0EACD062BC15BC61A99DC83124EC9
and (wait ... wait ... wait ...)^100 until it finally displays:
prp78 factor: 102639592829741105772054196573991675900716567808038066803341933521790711307779
prp78 factor: 106603488380168454820927220360012878679207958575989291522270608237193062808643

Step 5:
Create a 'real' RSA key so we can re-sign the modified ac.exe (remember the first part of this challenge)
Copy the two factors found(step 4) into CreatePEM.cpp, build the application and excute.
The application will produce newkey.pem

Step 6:
Use OpenSSL to combine newkey.pem and didier.pem (step3) into a PKCS12 keyfile (you will need to provide a password of your choice)
OpenSSL>pkcs12 -export -in didier.pem -inkey newkey.pem -out magic.p12

Step 7:
Import magic.p12 into your Windows system
Simply double click magic.p12 select all the default options specify the password you defined in Step 6 when asked.

Step 8:
Download signcode

https://www.thawte.com/dynamic/en/images/support/inetSDk5.zip

unzip

Step 9
Start signcode, select the modified ac.exe, select the "Didier" key and you're done ...

Good luck
Mister P and Q.

1 Comment »

  1. [...] à l’excellente solution de messieurs P & Q au challenge Authenticode de Didier Stevens, ça a été très [...]

    Pingback by Nibbles microblog » Write-up Codegate 2010 – Déchiffrer un https utilisant RSA-768bits — Monday 15 March 2010 @ 17:37


RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 236 other followers

%d bloggers like this: