popierdulka
June 30th, 2008, 12:31
As we all know ms signe crypto api providers dll's in XP to prevent users to make modifictions. Idea is simple - calculate MD5 on dll and then crypt it with
privet RSA key. Public key is in advapi32.dll. If we want to use protected provider dll the advapi32 check if the caluclated MD5 is the same with this crypted by private RSA key. If not then provider dll is not loaded. RSA 1024 is used for protection. So it is really impossble to break this protection. I do not want to talk about simple cracking procedures in advapi32 now.
But if we generate our own private RSA key and put its public key in advapi32then we can signe all dll's using our privet key. We do not have to break RSA used by ms - we can simply chang it for ours.
At first moment we can think that we have to sign again all dll's that are signed by ms. We can do this but we do not have to. There are two RSA keys in advapi32 and only one is used by ms the second one is not used ( N_S_A key ). So if they provided this for us - why not use it ?
This was about XP but in new systems we have certificates - i do not use vista - but I think it is the same idea. If we put our own certificate as root certificate we can do what we want and signe all drivers and dll's.
Ok this is only idea - any comments ?
pop
privet RSA key. Public key is in advapi32.dll. If we want to use protected provider dll the advapi32 check if the caluclated MD5 is the same with this crypted by private RSA key. If not then provider dll is not loaded. RSA 1024 is used for protection. So it is really impossble to break this protection. I do not want to talk about simple cracking procedures in advapi32 now.
But if we generate our own private RSA key and put its public key in advapi32then we can signe all dll's using our privet key. We do not have to break RSA used by ms - we can simply chang it for ours.
At first moment we can think that we have to sign again all dll's that are signed by ms. We can do this but we do not have to. There are two RSA keys in advapi32 and only one is used by ms the second one is not used ( N_S_A key ). So if they provided this for us - why not use it ?
This was about XP but in new systems we have certificates - i do not use vista - but I think it is the same idea. If we put our own certificate as root certificate we can do what we want and signe all drivers and dll's.
Ok this is only idea - any comments ?
pop