Hacking into system Dlls
-
Hello, I am creating an application that utilizes CryptoAPI and concerned whether it is possible to hack and extract my DES/RSA keys [which are hard coded in my app. and imported into CryptoAPI using CryptImportKey()] from it using one of the following methods: (1) replacing the CryptoAPI dll (advapi32.dll) with some dll that will be loaded between the CryptoAPI dll and the executable. This dll will store the keys in some db and then forward the call to the CryptoAPI dll. The user might not even be aware that this is happening. (2) Since the CryptoAPI methods are exported by name and their addresses are known - it is possible to run the application under a debugger, put a breakpoint in memory in the function CrypyImportKey() and using assmebler knowledge track down the location in memory of the passed parameters and reveal the key. Anybody got any knowledge whether any of these is possible? Thanks a lot!
-
Hello, I am creating an application that utilizes CryptoAPI and concerned whether it is possible to hack and extract my DES/RSA keys [which are hard coded in my app. and imported into CryptoAPI using CryptImportKey()] from it using one of the following methods: (1) replacing the CryptoAPI dll (advapi32.dll) with some dll that will be loaded between the CryptoAPI dll and the executable. This dll will store the keys in some db and then forward the call to the CryptoAPI dll. The user might not even be aware that this is happening. (2) Since the CryptoAPI methods are exported by name and their addresses are known - it is possible to run the application under a debugger, put a breakpoint in memory in the function CrypyImportKey() and using assmebler knowledge track down the location in memory of the passed parameters and reveal the key. Anybody got any knowledge whether any of these is possible? Thanks a lot!
I think that you may be confusing the key with the password. Lets say a hacker virus got onto your compuetr, then it managed to fool your anti-virus into thinking that changing a system dll is ok. Then the hacker finds and passes the key to himself. This part of cause is possible, so I'm not saying it can't be done somehow. We have to assume that not all software users are as aware as us here of how important security on a PC is. Anyway, all he has then is the key, not the password. If you were using this program for, say, a secure site, then you would pass the key to your users, depending on your security system it could be . once only . on a per day basis . per log in is not a good one for public traffic because a hacker only has to keep pounding you with login attempts to get a pattern to your security, which is something that I read recently. The hole is this case was blocked. (I refuse to say it was on a Linux site, cos I have mates on there). . and others The key is used on the local machine with the users password to create a, erm, dam dam, I've forgotten the proper word for it, lets call it a ReturnValue (I'm sure I'll remember the word in a minute). From then on, its that ReturnValue that is used to log in the user and identify his traffic (if you intend to go that far, which is wise since if it needs secure users it also needs secure messaging in my book). The imaginary hacker who stole the key has to still know or hack the password, plus has to work out which of the algorithms you used. He has to be carefull incase your key is date/time related so must keep his computer within a timeframe. I'm not saying hacking Crypt's can't be done, but unless too much info is given to potential hackers, its a long time consuming process. What is that word for the returned value? its in my head somewhere..... We do it for the joy of seeing the users struggle.