david wong

Hey! I'm David, the author of the Real-World Cryptography book. I'm a crypto engineer at O(1) Labs on the Mina cryptocurrency, previously I was the security lead for Diem (formerly Libra) at Novi (Facebook), and a security consultant for the Cryptography Services of NCC Group. This is my blog about cryptography and security and other related topics that I find interesting.

A tutorial on how to get into an admin account on ANY windows. posted February 2015

windows

A step by step tutorial showing you how to get admin credentials on a windows machine: http://imgur.com/gallery/H8obU

tl;dr:

  • reboot in start-up repair mode
  • read privacy statement of one menu should open notepad
  • thanks to notepad replace sethc 1 with cmd
  • so now when you press 5 times on shift it will call cmd instead of sethc 1
  • you know have a shell, use command net localgroup Administrators to get a list of the admins
  • type net user <ACCOUNT NAME HERE> * to change one account's password.

If you're looking for a "fix", microsoft advise you to turn off sticky keys all completely

And here's another exploit for windows 98

Note that as soon as you can access the hard drive, you don't need to use the first trick and can switch around programs in system32 as you wish (except if windows is encrypted with bitlocker). For example you can do this with an ubuntu live cd and swap cmd with the magnifier tool and you will be able to do the same thing.

comment on this story

Firefox Time Tracker posted February 2015

I always thought I could reduce the amount of time slacking if I could track my time on facebook, reddit, hackernews... like I track my calories intake to reduce my weight. I couldn't find a good firefox plugin for that so I decided to make one.

I'm opensourcing the code right here: https://github.com/mimoo/FirefoxTimeTracker

I'm pretty surprised with Firefox SDK and it's actually easier than what I thought to build a browser plugin. It might also help that everything Mozilla documents is clear and pretty.

At the moment the code successfully logs the time passed on different websites across sessions. It just lacks nice graphs. If you want to try it just wait a couple days until I ship.

comment on this story

Kleptography: hidding a private key in plain sight posted January 2015

from wikipedia:

A kleptographic attack is an attack which uses asymmetric encryption to implement a cryptographic backdoor. For example, one such attack could be to subtly modify how the public and private key pairs are generated by the cryptosystem so that the private key could be derived from the public key. In a well-designed attack, the outputs of the infected cryptosystem would be computationally indistinguishable from the outputs of the corresponding uninfected cryptosystem. If the infected cryptosystem is a black-box implementation such as a hardware security module, a smartcard, or a Trusted Platform Module, a successful attack could go completely unnoticed.

I've seen implementations of this in the wild, here on reddit (python) and here on lobsters (C#)

comment on this story

Explanation of Shellshock posted January 2015

Here's an awesome explanation of shellshock: https://bitbucket.org/carter-yagemann/shellshock/src/f0a88573f912?at=master

This repository contains useful documents which I have written to help educate the cybersecurity community on the "ShellShock" bash vulnerability. These documents are designed to help facilitate learning, including on how to identify possibly vulnerable services and how to remediate such vulnerabilities.

It's actually the clearest explanation I've seen on the subject.

Made by these guys from Syracuse:

  • Carter Yagemann
  • Amit Ahlawat
comment on this story

One example of a crypto backdoor: NSA's backdoor in Lotus-Notes posted January 2015

Excellent finding from Adam Back.

If I understand the article correctly, when exporting encrypted content with Lotus-Notes, 24 bits of the 64 bits key would be encrypted under one of the NSA's public key and then appended to the encrypted content (I guess). This would allow NSA to decrypt those 24 bits of key with their corresponding private key and they would then have to brute force only 40 bits instead of 64 bits.

This shouldn't allow any bad attacker to get any advantage if they don't know the NSA's private key to decrypt those bits. And if they do acquire it, and they do decrypt 24bits of key, they would still have to have the computing power to brute force 40 bits of key. I have no idea what I'm talking about but I have the feeling the NSA might be the most powerful computing power when it comes to brute forcing ciphers.

comment on this story

Awk in 20 minutes posted January 2015

I posted a tutorial of awk a few posts bellow. But this one is easier to get into I found. It says Awk in 20 minutes but I would say it takes way less than 20 minutes and it's concise and straight to the point, that's how I like it.

http://ferd.ca/awk-in-20-minutes.html

EDIT1: And here's a video of someone using a bunch of unix tools (awk, grep, cut, sed, sort, curl...) to parse a log file, pretty impressive and informative: https://vimeo.com/11202537

EDIT2: Here's another post playing with grep, sort, uniq, awk, xargs, find... http://aadrake.com/command-line-tools-can-be-235x-faster-than-your-hadoop-cluster.html

comment on this story

How Differential Power Analysis (DPA) works? An explanation of the first paper from Kocher et al (1998) posted January 2015

I wanted to get into educational videos and this is my first big try (of 13minutes). I made some quick animations in Flash and some slides and I recorded it. I didn't want to spend too much time on it. It doesn't feel that clear, my English kinda got stuck sometimes and my animations were... crappy, let's say that :D but it's a first try, I will release other videos and improve on the way hopefully :) (I really need to get more pedagogical). So I hope this will at least help some of my fellow students (or people interested in the subject) in understanding Differential Power Analysis

Note: I made a mistake at the start of the video, DPA is non-invasive (source)

1 comment