Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 29 Sep 2012 00:12:27 +0530
From: Dhiru Kholia <>
Subject: [PoC] Cryptographic flaws in Oracle Database authentication protocol


for details.

Marcel has written "o5logoncrack" program to crack the password given
AUTH_SESSKEY and AUTH_VFR_DATA. However Marcel hasn't released any
algorithm details or source code.

So, I spent the day trying to figure out the "cryptographic flaw" in
O5LOGON protocol. I have successfully developed a PoC program to
demonstrate the flaw.

Algorithm: A key is generated by taking the SHA1 hash of candidate
password and AUTH_VFR_DATA (salt). For details see,
oracle11_fmt_plug.c or attached PoC code. This key is padded with
zeroes to make the length 24 bytes. This serves as a key to AES192
algorithm (used in CBC mode with zero IV) which is used to decrypt
AUTH_SESSKEY. We can now detect if the candidate password was correct
by looking at the padding in the decrypted data. The last 8 bytes
should have value 8 if the candidate password was right! This is the
same trick which JtR uses to crack Apple's Keychain files.

➜  ~  python2

I will write a JtR format soon for this. From reading nmap-dev
messages, it seems that AUTH_SESSKEY and AUTH_VFR_DATA values can be
extracted silently. Time to learn Lua ;)


Download attachment "" of type "application/octet-stream" (1583 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.