SSLv2 faking or cracking?

[ayu]

So I'm currently running some experiments on my network, most of them involving my Nintendo 3DS (but that's for another post).
Anyway so currently what I have is a server listening for HTTPS connections on port 443, and it only supports SSLv2.

SSLv2 has loads of flaws, but I want to know the following (that I haven't been able to find much about yet):

1: Is there any data anywhere, that describes the procedure of cracking a SSLv2 cipher?
I know the rough procedure of doing it, but I need some more data of actually DOING it.

2: If 1 is not possible to find, is it then possible to create a false certificate that will be accepted as valid, if signed with the same cipher?
The server supports weak 64bit MD5 atm, which should be fine.

3: If none of the above would work, is there any known exploit that would somehow make the client think that the cert is valid, and continue.
Currently what I'm trying to do, is to trick my 3DS to believe that it's connecting to the right server, but it seems that it's checking for a valid cert.


Any kind of information about this would be greatly appreciated
I will continue to search in the meantime.

[bad_brain]

hm, nothing for #1, except software-specific procedures that actually just evade SSL2 and don't use flaws of the protocol itself (and even those are just working for outdated stuff like IE6).

give me a day to process 2 & 3, 2 might be possible but I need some non-multitasking time to think about it...

[ayu]

Awesome b_b, thanks a bunch!

[ayu]

Been researching about the BEAST and CRIME attacks, but they are merely attacks to steal HTTPS session cookies, I need more than this.
The server supports all of the weakest SSLv2 ciphers, so there should be something that I can use.

The problem is that I'm not planning to make this as big as writing a tool for breaking the encryption.
Or at least I don't want to right now, since it will take a lot of time, and I don't plan to make this project that big.

I found another attack called BREACH that is at least doing something similar to what I want.
But they are picking out bits and pieces of the stream that they want to decrypt, while I want everything.

Will continue to search.

[bad_brain]

have been thinking about creating false certificates....and I am not sure anymore if it is possible (at least not without rooting the original server and getting it from there).
the problem, at least when wanting a certificate that is automatically trusted, is the certification authority....it has to be listed in the browser settings. the only chance I see would be to try all the standard authorities and see if one of them has a weak verification mechanism (usually the verification is done through the email address for the domain registrant listed in the WHOIS records). with a little luck an authority is a little sloppy in that context, best look for the small ones located in non-western countries.

[ayu]

References

Code: Select all

http://hurricanelabs.com/blog/verifying-crime-sslv2-and-plain-text-tls-injection-with-openssl/

http://security.stackexchange.com/questions/33374/whats-an-easy-way-to-perform-a-man-in-the-middle-attack-on-ssl

https://www.ssllabs.com/ssltest/analyze.html?d=npfl.c.app.nintendowifi.net

http://breachattack.com

EDIT (saw your response):

The cert is self signed by Nintendo, but it's using SSLv2 which is veeeery old and veeeery weak.
The server even supports the weakest ciphers, so if I can just find a method of brute forcing the data or anything, then I would be satisfied for now.
The first step for me is to just get my hands on the data that the console is sending to the server, so that I can at least figure out if my theory works (I want to make a private game server for the game basically).

Code: Select all

Subject: 	Nintendo CA - G3   Not in trust store
SHA1: 68a07705ccc7a408416e0ed7ad65f2ec3fea9862
Valid until: 	Tue Dec 28 12:00:00 UTC 2049 (expires in 36 years and 2 months)	
Key:		RSA 2048 bits
Issuer:		Nintendo CA - G3   Self-signed	
Signature algorithm: 	SHA256withRSA 

Although RSA 2048 might be a bit hard ^^.
Gah, so annoying that something like this stops me

[bad_brain]

erm...wait...just to make sure I get this right:
it's like the certificate is only working for Nintendo devices (because it's trusted there by default) and for any non-Nintendo device it would throw an "untrusted" error like every regular self-signed one does?
if yes you could give it a try by simply setting up a box with the same specs (IP- and hostname-wise, and resolving it through records in the hosts file) and then create a self-signed one too there....of course you would also have to copy all the specs of the CA found in the certificate.

[ayu]

erm...wait...just to make sure I get this right:
it's like the certificate is only working for Nintendo devices (because it's trusted there by default) and for any non-Nintendo device it would throw an "untrusted" error like every regular self-signed one does?
if yes you could give it a try by simply setting up a box with the same specs (IP- and hostname-wise, and resolving it through records in the hosts file) and then create a self-signed one too there....of course you would also have to copy all the specs of the CA found in the certificate.

Yup, that seems to be the case.

I will try with what you said, and hope it will be accepted.
I'm having a hard time imagining this to work, since it would beat the whole purpose of having the SSL cert in the first place.
But seeing as they are using such ancient tech for the server, then it might be possible I guess.

I will add it to my list of things to try.

Currently these are the options I'm going to try:

1: What b_b said about creating a self signed cert and play with the specs
2: Be more naughty and "borrow" the "key" *hinthint* from them (This will be my last resort though, but I'm not afraid to use force to finish my projects)
3: Get a second 3DS (I don't want to modify my limited edition one that I use to play on) and install a custom firmware on it, and see if I can make it accept my cert, just to be able to grab that traffic. Or at least set it to accept all certs or such.
4: Find more info on creating fake certs, like MD5 collision, although the problem there is that the cert doesn't seem to be MD5 signed?

[bad_brain]

I'm having a hard time imagining this to work, since it would beat the whole purpose of having the SSL cert in the first place.

well, it's simply the downside of not using an official 3rd party CA which stores the certificate for you and allows everyone to verify it if in doubt. I can't say if it works inside the "Nintendo network", but for a standard browser (for example) it would make no difference if the certificate is the real one from Nintendo or a fake one you created....technically both are "fake" because no trusted official CA signed it.

[ayu]

To tie the knots a bit, here's a thread I made on the issue, on a forum for console hacking

Code: Select all

http://gbatemp.net/threads/3ds-mitm-attack.356189/

[maboroshi]

I don't know if this will help with what you are planning. But the Flame Virus, I don't know if you have heard of it, used something I think could be called SSL Interception. It would use a fake certificate and validate itself against MS Update Servers to download whatever it wanted.

There seems to be a few things out there pertaining to this. On a quick glance

Code: Select all

http://mitmproxy.org/doc/ssl.html

But I don't know if this is exactly it. Just a quick glance.

[ayu]

I don't know if this will help with what you are planning. But the Flame Virus, I don't know if you have heard of it, used something I think could be called SSL Interception. It would use a fake certificate and validate itself against MS Update Servers to download whatever it wanted.

Maaaaabbbbsss

Yeah I mentioned mitmproxy in that other thread above together with sslstrip
Very handy tools, but they can't get the job done at the moment.

I will try to create a cert that the device will accept however

Thanks for the input guys, keep it coming!

[maboroshi]

Will this help you by chance?

Code: Select all

http://my.safaribooksonline.com/book/web-development/1932266674/case-studies/syn1932266674-section-2-casestudy-2.2

I am not sure what you're looking for in terms of an exploit there seems to be many of them.

[ayu]

@mabs, yup I found that before as well, thanks for looking buddy

I have considered trying that, but will wait a little bit before doing it, since it a bit of a "last resort" ^^