2010-09-14 - the slides from my recent (re-)presentation (with lots of extra bits) at SEC-T 2010, will soon be online! exploit code [...]
2009-12-18 - The slides from my recent presentation at CRESTCon 2009, the 'replacement' for CHECKCon, are now online! exploit code for the demonstrations [...]
:.home.other stuff.DESlock+ Debacle3.141..protect your data, use truecrypt.
"Impersonating the University of Kent since 7/1/2008!$%!"
"[listen], I have made alot of money out of selling DESlock. [....]
we get alot of threats, emails and alike, how do we know you are not an eastern european terrorist?"
- David Tomlinson, Director
"ohhh you must be the bot farmer that threatened to down our web-site?"
- David Tomlinson, Director (whilst impersonating a salesman @infosec'09)
$ fgrep "feels_like_he_is_being_watched" ~/logs/access_log
220.127.116.11 - - [06/May/2008:09:58:23 +0100] "GET /*feels_like_he_is_being_watched*.php HTTP/1.1" 404 302 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
DESlock+ is a software (and hardware) based encryption product for home/office use. The software based product provides users with the ability to encrypt/decrypt files, folders, pseudo-filesystems (entire drives emulated from DESlock+ encrypted files) and emails (much like GNU/OpenPGP, but suffice to say, much less-useful). The software itself can be obtained from http://www.deslock.com.
The initial purpose of my research into DESlock+ was simply to satisfy myself that the product was, at least, 'secure' with respect to cryptographic best practice. However, upon taking an initial look through the kernel drivers used to provide file system manipulation support to userland components, it became alarmingly apparent just how bad the DESlock+ kernel drivers really were. In less than 2 days, I had discovered enough trivially exploitable vulnerabilities to write a total of some 5 local kernel exploits!. This page details 'what happened next', and is perhaps one of the greatest examples of why there exists a 'stupid' vendor category at the pwnie awards.
The result of my fairly innocuous effort to reverse engineer DESlock+ is suffice to say, a little interesting.
Initial contact between myself and Data Encryption Systems was initiated via email on the 8th January, 2008. These initial efforts resulted in a prompt reply stating simply that the email had been received and a response would be formulated accordingly. At roughly the same time as the reply was received, a number of hits were registered on the digit-labs.org site from approximately 4 different hosts utilising the same IP over a period of 2 hours. These hits did not initially register any interest until the hits started coming from pages/articles linking to digit-labs.org, at this point it became clear that whoever it was, was researching (read googling) digit-labs.org for whatever reason.
The answer became alarmingly apparent in the evening of the 8th January, 2008. At approximately 5pm (GMT), a relative answered the phone to an individual who identified himself as being a representative of the University of Kent. The individual said that he had a message or package he needed to deliver to me, and thus asked to speak to me. Having no reason to doubt the identity of the individual, and given that I previously attended the University of Kent, I answered the phone myself and the individual on the other end immediately hung-up. I immediately had my suspicions as to the identity of the individual on the phone, given what had taken place early in the day. Alas, my suspicions were confirmed the following day when I received a letter delivered by Special Delivery addressed to myself, at my home address. Of course this somewhat alarmed me given the immediate escalation from electronic to written communications, particularly when the written communication utilises the legalese phrase, "Without Prejudice" (a term relating to dispute resolution). Further, the means by which Data Encryption Systems had used to identify myself, and verify my address is somewhat offensive since it involved the wanton impersonation of a University of Kent official and the placing of what was, a nuisance telephone call (not to mention deceiving a close relative).
A copy of the letter itself can be found below,
At this point, feeling somewhat dismayed, I placed a call to Data Encryption Systems and asked to speak to David Tomlinson, the Managing Director of Data Encryption Systems. I eventually succeeded upon the second attempt and proceeded to ask why it is that Data Encryption Systems had chosen to react in such a manner and was subsequently berated with a multitude of excuses obviously designed to dodge the simple question: "Why did you lie regarding your identity?". The answer to which was a complete and constant denial. Further, upon demanding to know exactly why Data Encryption Systems required to know my identity I was yet again bombarded with excuses, some of which included,
- the requirement to preclude my being an 'Eastern European Terrorist'.
- the apparent requirement to investigate any such contact due to the need to protect 'Government Interests'.
To summarise the facts regarding the odious actions of David Tomlinson, his agents, and as a corollary, Data Encryption Systems,
- will respond to any assumed opposition with actions designed to wantonly intimidate the individuals involved regardless of motive. We may conclude this given that they did not even attempt to ascertain any motive prior to intimidation.
- will impersonate an individual of trust and standing in order to further their own goals.
- will utilise legalese, and the threat of legal action in a vain attempt to deny individuals the right to reverse engineer DESlock+ despite this being unenforceable given current EU/UK Copyright Law (RE: provisions relating to the construction of interoperable products). Further, note that these provisions were entered into the DESlock+ EULA only in response to my research, proof in case.
- will knowingly allow users to continue using, and downloading a version of DESlock+ which contains known exploitable vulnerabilities in order to continue pushing the CESG CCTM accreditation. It is important to know that patched versions of DESlock+ do exist according to the DESlock+ 4.0.0 Release Notes (available locally here).
The CESG Claims Tested Mark (CCTM) scheme provides a government quality mark for the public and private sectors based on accredited independent testing, designed to prove the validity of security functionality claims made by vendors. In more colloquial terms, the CCTM is designed to assure public bodies that a product or service does 'what it says on the box'. [ http://www.cctmark.gov.uk ]
The CCTM was 'applied' to DESlock+ v3.2.7 on the 13th May 2008 and is valid until 12th May 2010 [ 2008/05/0036 ]. This is reassuring since you can of course be absolutely sure that DESlock+ is a securely implemented cryptographic product for the home/office. However, whilst a government seal of approval may convince many people, history as shown on many occasions that governments will often put their name to anything for a suitable fee (and it seems the CCTM is no different).
It is important to note that whilst the CCTM accreditation is valid, it is not subject to periodic review, or even review by exception. For instance, should a third-party demonstrate that a CCTM accreditated product does in fact not meet its 'security functionality claims' then the product does not have its CCTM accreditation revoked. This is of course an assumption given that I contacted CESG via email with respect to DESlock+ and the numerous security vulnerabilities found within it and received no response. I guess the 'CCTM fee' is more important to CESG, and as a corollary, the UK Government than actually providing a valid "government quality mark for the public and private sectors based on accredited independent testing, designed to prove the validity of security functionality claims made by vendors".
If you are an active user of DESlock+, you should probably be asking yourself one or more of the following questions,
- why is DESlock+ plagued with so many problems?,
- why do these problems continue to occur even after they are 'patched'?,
- why can only 'business' users obtain a copy of DESlock 4.0.x?
- why am I not using truecrypt?
My personal opinions regarding the security of DESlock+ are pretty obvious to the astute reader, so much so that I do not believe I have to explicitly express them here!. However, I feel I must say this, in all my time reverse engineering, programming and bug hunting, I have never come across anything that even closely resembles the shambles that is DESlock+. A security vulnerability is in essence an unintended bug placed in a piece of software by accident, it is the exception to the rule, however in the case of DESlock+ insecure programming is the norm. I wish David Tomlinson and Data Encryption Systems as a whole all the best of luck!, but from where I am sitting it certainly does look like your efforts to secure DESlock+ are akin to arranging deck chairs on the Titanic...
and I haven't even gotten to the userland components of DESlock+ yet!...
The following are a list of vulnerabilities I have personally found in DESlock+, the list is current although by no means is it complete!...
- February 08-11
- DESLock+ <= 4.1.2 vdlptokn.sys Driver Local Kernel ring0 Code Execution
[ deslock-vdlptokn-v3.c ]
- August 10-09
- DESLock+ <= 4.0.2 dlpcrypt.sys Driver Local Kernel Denial of Service
[ deslock-dlpcrypt-v2.c ]
- August 10-09
- DESLock+ <= 4.0.3 vdlptokn.sys Driver Local Kernel ring0 Code Execution
[ deslock-vdlptokn.c ]
- August 10-09
- DESLock+ <= 4.0.3 vdlptokn.sys Driver Local Kernel Denial of Service
[ deslock-vdlptokn-v2.c - CVE-2008-4362 ]
- June 18-09
- DESLock+ 4.0.2 dlpcrypt.sys Driver Local Kernel ring0 Code Execution
[ deslock-dlpcrypt.c - CVE-2009-4832 - BID-35432 ]
- September 20-08
- DESLock+ <= 3.2.7 DLMFENC.sys Driver Local Kernel Vulnerabilities
[ deslock-overflow.c - deslock-probe-race.c - deslock-probe-read.c - CVE-2008-4363 - BID-31273 ]
- February 18-08
- DESLock+ <= 3.2.6 DLMFENC.sys Driver Local Kernel ring0 Code Execution
[ deslock-list-zero.c - deslock-list-zero-v2.c - CVE-2008-1138 - CVE-2008-1139 - BID-27862 ]
- February 18-08
- DESLock+ <= 3.2.6 DLMFDISK.sys Driver Local Kernel ring0 Code Execution
[ deslock-pown-v2.c - CVE-2008-1140 - BID-27862 ]
- February 18-08
- DESLock+ <= 3.2.6 DLMFENC.sys Driver Local Kernel Memory Leak
[ deslock-list-leak.c - CVE-2008-1141 - BID-27862 ]