About

Welcome to ph4r05 dev blog.

Dušan Klinec (Ph4r05)

• ph4r05 GitHub profile
• ph4r05 Twitter profile
• LinkedIn profile

Projects

deadcode.me

Our security related blog with topics on router firmware reverse engineering, deserialization vulnerabilities and more…

Monero Trezor integration

Monero transaction signing implemented to the Trezor hardware wallet.

I’ve designed transaction signature protocol suitable for use with Trezor hardware wallet which is simple and easy to analyze.

I’ve later implemented the protocol in C (trezor-crypto extensions, missing ed25519 functions, fromfe_frombytes_vartime, Monero crypto functions, …) and Micropython to the hardware wallet codebase. I’ve implemented native Monero C++ binding, currently as a PR.

As a part of this project I’ve implemented the python version of the both wallet and device versions in the monero-agent which may serve for educational purposes and further research prototyping. For this I need to implement:

• Several serialization schemes used in the Monero (blockchain format, Boost, RPC/key-value format) in the monero-serialize python library.
• py-trezor-crypto python library which provides python binding to the trezor-crypto cryptographic library.

• py-cryptonight Python binding for cryptonight PoW function

• Port Bulletproofs, Borromean and MLSAG algorithms from C++ to Python, optimize it for memory constrained environment.

ROCA - Return of the Coppersmith attack

I was part of the team working on the ROCA attack (known for affecting eID in Estonia and Slovakia).

• Performed data collection, scanning and analysis.
• Discovered that Estonia was still vulnerable in August 2017 by scanning and analysing public keys database. Our notification helped them to address problem prior the public disclosure.
• Authored the roca detector - versatile detection tool.

keychest.net

Certificate expiry, certificate monitoring for TLS, HTTPS, Let’s Encrypt, with free cloud service. Automatic monitoring of subdomain servers as they are set up.

I’ve implemented the first KeyChest version based on Python backend daemon scanning, crawling and processing X509 certificates, performing analysis and storing results to the database.

Frontend was based on PHP Laravel and Vue.js with responsive elements. I’ve authored several NPM packages used in the UI. Backend and frontend communicated via Redis queues and database. Responsive UI was implemented using advanced Javascript and websockets.

Technologies: python, redis, mysql/pgsql, alembic, sqlalchemy, flask, gevent, websockets, roca-detector, php, laravel, vue.js, vuex, webpack, npm, promises, acacha, admin-lte

phone-x.net

Secure mobile communication system.

• End-to-end encrypted voice calls, text messages, file transfer.
• Perfect forward secrecy.
• ZRTP, AES-256.
• Android application
• iOS application
• Used backend technologies:
  • Java/Spring based servers, PHP/Laravel license server, ActiveMQ messaging,
  • XMPP Server Openfire + our plugin for signalling over XMPP and push messages integration (GCM, iOS).
  • OpenSips server + custom msilo plugin for reliable message delivery over unstable mobile links. I’ve controbuted to OpenSips by fixing several vulnerabilities found by Coverity.

EnigmaLink.io

• Very simple to use end-to-end encrypted file sharing web service.
• Works from the browser, JavaScript only, no special apps needed.
• File is encrypted in the browser, uploaded to your GoogleDrive.
• Enables to attach text message.
• AES-256-GCM, per-file encryption keys.
• Enables to set per-file password (optional).
• Uses hardware powered cloud encryption service EnigmaBridge to increase protection level and protect from bruteforce attacks.
• After upload you get the link to download the file. For download only link is needed.

• Open Source, EnigmaBridge/EnigmaLink

• Download example: https://enigmalink.io/d#u=fw&c=FWhyyHNOMuF9TkhVe8BIbA&f=0B8RUMrk78PeINnJTcVB2WEFYVUU&n=YC4WWaE5NNRHgLtV2P4krA

AES Whitebox implementation

My master thesis focused on analysis and implementation of the selected Whitebox schemes for AES. I’ve implemented the basic Chow and Karroumi scheme. The Karroumi scheme was discovered to be vulnerable in the thesis. Implementations are released under permissive licenses. For more info please refer to my master thesis. Implementations in C++ and Java are available.

Publications

Google Scholar

Other projects

More of my projects you can find on my GitHub account Here is a small selection:

• Booltest, the randomness distinguisher tool implemented in Python.
• php-aho-corasick PHP module for Aho-Corasick pattern matching
• laravel-queue-database-ph4 Optimistic queueing for Laravel
• javacard-gradle-template Project template for easy JavaCard development, based on Gradle.

Donations:

Monero:

85yj4pHtDWYcEdqRYcz9LuU3uYHN3TcFXMiohjUjQVhGNMvs8Ji3U3Ef9rsWXRtsufbrXAucEN5CtEW4nRucUcpNDgjmyKd

Bitcoin:

1GS42N7eLvBot4CarTvZ66FWFZQaLQo9zb