Cerias tech Report 2015-01 The Weakness of Winrar encrypted Archives to Compression Side-channel Attacks
Yüklə 274,97 Kb. Pdf görüntüsü
|
16 This attacks requires modification of the archive’s file header. This can be ac complished with a hex editor. For the purposes of this paper, the author used HxD HexEditor to test the attack [31]. This is an opensource hex editor that provides several useful features such as built-in calculation of CRC32. When carrying out this attack, the original authors noted that there may be an issue in Step 3 when Bob attempts to decompress the modified file. WinRAR will return an error that the CRC check failed and the decompressed file will be automatically deleted. The authors suggest using an unerase utility such as Norton’s Unerase Utility to recover the lost file. However, this can be prevented using a built-in feature of WinRAR. When indicating the file path to extract the archive into, the user can simply check the ”Keep broken files” option under miscellaneous. The user will still receive an error, but the extracted file will be saved where indicated. An internet search shows that CRC checksum errors are common when extracting archives and this is a frequently used method. There are two important notes involving the modification of the compression method. First, the compression may be changed to any of six possible methods. However, modifying the method without altering the packed and total file sizes will result in some loss of file contents. It is also difficult to accurately predict the cor rect compression ratio of various methods. To circumvent this issue, the compression method is set to 0x30, which indicates no compression. The total file size is then modified to equal the packed file size which requires no extra calculations on the part of the attacker. Secondly, the choice of no compression is important to preserving the contents of the original file. In Step 2, Bob must enter his secret password in order for WinRAR to proceed with decryption and decompression of the file. WinRAR first decrypts the contents of the archive before attempting decompression. Recall that Eve has modified the file header within the archive to indicate that there is no compression on the file. This results in WinRAR outputting the exact contents contained in the archive. The file that is obtained from this step is the version of the original 17 Secret.txt compressed using compression method 1. Due to the compression, the file appears incomprehensible to Bob, who was expecting a decompressed file. This Corrupted-Secret.txt is all that is needed for Eve to reconstruct Secret.txt. Eve’s choice of the compression method in Step 4 is significant to the success of the attack. Adding Corrupted-Secret.txt to a WinRAR archive using no compression ensures that the archive contains a copy of the original file under compression method 1. If another method is applied, the archive will contain two layers of compression on the file and subsequent attempts at decompression will result in Corrupt-Secret.txt as opposed to the desired Secret.txt. Eve can obtain the original text by modifying the compression method field in the header to compression method 1. When the archive is unpacked, WinRAR will then use compression method 1, which matches the compression on Corrupted-Secret.txt and the file will successfully be recovered. This attack is tested using both WinRAR v5.0 and v3.42 for verification. The RAR filetype is tested on both WinRAR v3.42 and v5.10 while the new RAR5 format is tested only on version 5.10. Due to differences in file format, the modification of the file header is slightly difference between versions. Information discussing the identification of header information for RAR file types is outlined in Appendix B. Deeper discussion of the RAR5 format is in the following section. 3.3.1 RAR5 file header New to the RAR5 format is the use of variable integers as data types in the header information. Previous versions of WinRAR use unsigned integer values. Variable length quantities allow for the storage of larger values. It also adds slightly more work for an adversary to modify the file header. However, this should not be relied on to increase the security of the archive. In a variable integer, the lowest 7 bits of each byte contain the integer data while the highest bit is a continuation flag. 1 indicates that further bytes are present in the
18 sequence while 0 indicates the final byte. RAR5 has a maximum of 10 bytes used to represent an integer [32]. To convert the decimal numbers to a variable length quantity, the following steps must be done: 1. Represent the decimal value in binary notation. 2. Beginning with the least significant bit, divide the binary number into into groups of 7 digits. If a group has fewer than 7 bits available, pad with 0. 3. Append 0 to the beginning of the lowest 7 bits to indicate the end of the integer. Append 1 to the other groups of 7. Fig. 3.1. A RAR5 archive with packed size and compression information highlighted It is most convenient to modify the total file size field first. The total and packed file sizes can be obtained through the ”info” option in WinRAR. Convert both sizes to variable length quantities as outlined above and replace the total file size field with the appropriate integer. Next, the two bytes containing compression information can be located relative to the Host OS field. According to the WinRAR technote [32], the compression method immediately precedes the Host OS field. First, convert the original bytes to binary. Bits 8-10 define the compression method. In decimal form, 0 indicates no compression while 5 is best compression. Modify the bits as necessary. Convert the binary number back to hexadecimal and replace the fields as necessary.
Yüklə 274,97 Kb. Dostları ilə paylaş:
|