ph4r05 dev blog.
Dušan Klinec (Ph4r05)
Our security related blog with topics on router firmware reverse engineering, deserialization vulnerabilities and more…
I’ve designed transaction signature protocol suitable for use with Trezor hardware wallet which is simple and easy to analyze.
I’ve later implemented the protocol in C (trezor-crypto extensions, missing ed25519 functions, fromfe_frombytes_vartime, Monero crypto functions, …) and Micropython to the hardware wallet codebase. I’ve implemented native Monero C++ binding, currently as a PR.
As a part of this project I’ve implemented the python version of the both wallet and device versions in the monero-agent which may serve for educational purposes and further research prototyping. For this I need to implement:
- Several serialization schemes used in the Monero (blockchain format, Boost, RPC/key-value format) in the monero-serialize python library.
- py-trezor-crypto python library which provides python binding to the trezor-crypto cryptographic library.
py-cryptonight Python binding for cryptonight PoW function
- Port Bulletproofs, Borromean and MLSAG algorithms from C++ to Python, optimize it for memory constrained environment.
I was part of the team working on the ROCA attack (known for affecting eID in Estonia and Slovakia).
- Performed data collection, scanning and analysis.
- Discovered that Estonia was still vulnerable in August 2017 by scanning and analysing public keys database. Our notification helped them to address problem prior the public disclosure.
- Authored the roca detector - versatile detection tool.
Certificate expiry, certificate monitoring for TLS, HTTPS, Let’s Encrypt, with free cloud service. Automatic monitoring of subdomain servers as they are set up.
I’ve implemented the first KeyChest version based on Python backend daemon scanning, crawling and processing X509 certificates, performing analysis and storing results to the database.
Technologies: python, redis, mysql/pgsql, alembic, sqlalchemy, flask, gevent, websockets, roca-detector, php, laravel, vue.js, vuex, webpack, npm, promises, acacha, admin-lte
Secure mobile communication system.
- End-to-end encrypted voice calls, text messages, file transfer.
- Perfect forward secrecy.
- ZRTP, AES-256.
- Android application
- iOS application
- Used backend technologies:
- Java/Spring based servers, PHP/Laravel license server, ActiveMQ messaging,
- XMPP Server Openfire + our plugin for signalling over XMPP and push messages integration (GCM, iOS).
- OpenSips server + custom msilo plugin for reliable message delivery over unstable mobile links. I’ve controbuted to OpenSips by fixing several vulnerabilities found by Coverity.
- Very simple to use end-to-end encrypted file sharing web service.
- File is encrypted in the browser, uploaded to your GoogleDrive.
- Enables to attach text message.
- AES-256-GCM, per-file encryption keys.
- Enables to set per-file password (optional).
- Uses hardware powered cloud encryption service EnigmaBridge to increase protection level and protect from bruteforce attacks.
- After upload you get the link to download the file. For download only link is needed.
Open Source, EnigmaBridge/EnigmaLink
- Download example: https://enigmalink.io/d#u=fw&c=FWhyyHNOMuF9TkhVe8BIbA&f=0B8RUMrk78PeINnJTcVB2WEFYVUU&n=YC4WWaE5NNRHgLtV2P4krA
My master thesis focused on analysis and implementation of the selected Whitebox schemes for AES. I’ve implemented the basic Chow and Karroumi scheme. The Karroumi scheme was discovered to be vulnerable in the thesis. Implementations are released under permissive licenses. For more info please refer to my master thesis. Implementations in C++ and Java are available.
More of my projects you can find on my GitHub account Here is a small selection:
- Booltest, the randomness distinguisher tool implemented in Python.
- php-aho-corasick PHP module for Aho-Corasick pattern matching
- laravel-queue-database-ph4 Optimistic queueing for Laravel
- javacard-gradle-template Project template for easy JavaCard development, based on Gradle.