Crytography
Showing posts with label Crytography. Show all posts
Showing posts with label Crytography. Show all posts

Hacker Steals Ethereum Worth $7.4 Million From CryptoCurrency Trading Website

12:37:00 AM Add Comment
Hacker Steals Ethereum Worth $7 Million From CryptoCurrency Trading Website

Hacker Steals Ethereum Worth $7.4 Million From CryptoCurrency Trading Website


On Monday, CoinDash, a digital currency trading platform for Ethereum launched Initial Coin Offering (ICO) to raise funding for new cryptocurrency and at the same time Hacker took control of the website for three minutes and replaced the official Ethereum wallet address to his ETH address.

When people were trying to invest in CoinDash, they transferred their funds to the Hacker wallet, not the company wallet. At that time investors have sent approx 43,438.45 ETH which is equivalent to $7.5 Million USD (Current Exchange rate).

EtherScan.io, a website which tracks the Ethereum Wallet transactions is also giving warning. "There are reports that the CoinDash Crowdsale address has been compromised".
CoinDash Slack channel screenshot 

It Could be Scam

Cryptocurrency enthusiasts are openly sharing on Reddit and Slack that this could be a big SCAM too.
CoinDash.io @coindashio
The Token Sale is done, do not send any ETH to any address. Official statement regarding the hack will be released soon.
Twitter Ads info and privacy

CoinDash.io @coindashio
Website has been hacked.
2:13 PM - 17 Jul 2017
Twitter Ads info and privacy
Coindash giving statement,

Dear CoinDash contributors,

 It is unfortunate for us to announce that we have suffered a hacking attack during our Token Sale event. During the attack $7 Million were stolen by a currently unknown perpetrator. The CoinDash Token Sale secured $6.4 Million from our early contributors and whitelist participants and we are grateful for your support and contribution.

CoinDash is responsible to all of its contributors and will send CDTs reflective of each contribution. Contributors that sent ETH to the fraudulent Ethereum address, which was maliciously placed on our website, and sent ETH to the CoinDash.io official address will receive their CDT tokens accordingly. Transactions sent to any fraudulent address after our website was shut down will not be compensated.

This was a damaging event to both our contributors and our company but it is surely not the end of our project. We are looking into the security breach and will update you all as soon as possible about the findings.

The CoinDash vision, product and team will continue to live on. We will be fast to recover and we will create the future of trading.

Reminder: We are still under attack. Please do not send any ETH to any address, as the Token Sale has been terminated.

More information will be published on our social channels and our website.

 -CoinDash Team

Java Key Store (JKS) Private Key Cracker

6:59:00 AM Add Comment
Java Key Store (JKS) Private Key Cracker

Java Key Store (JKS) Private Key Cracker - Nail in the JKS coffin


The Java Key Store (JKS) is the Java way of storing one or several cryptographic private and public keys for asymmetric cryptography in a file. While there are various key store formats, Java and Android still default to the JKS file format.

JKS is one of the file formats for Java key stores, but JKS is confusingly used as the acronym for the general Java key store API as well. This project includes information regarding the security mechanisms of the JKS file format and how the password protection of the private key can be cracked. Due the unusual design of JKS the developed implementation can ignore the key store password and crack the private key password directly.

Because it ignores the key store password, this implementation can attack every JKS configuration, which is not the case with most other tools. By exploiting a weakness of the Password Based Encryption scheme for the private key in JKS, passwords can be cracked very efficiently. Until now, no public tool was available exploiting this weakness. This technique was implemented in hashcat to amplify the efficiency of the algorithm with higher cracking speeds on GPUs.

To get the theory part, please refer to the POC||GTFO article "15:12 Nail in the Java Key Store Coffin" in issue 0x15 included in this repository (pocorgtfo15.pdf) or available on various mirros like this beautiful one: pocorgtfo15.pdf

Before you ask: JCEKS or BKS or any other Key Store format is not supported (yet).

How you should crack JKS files

The answer is build your own cracking hardware for it ;) . But let's be a little more practical, so the answer is using your GPU:

    _____:  _____________         _____:  v3.6.0     ____________
   _\    |__\______    _/_______ _\    |_____ _______\______    /__ ______
   |     _     |  __   \   ____/____   _     |   ___/____  __    |_______/
   |     |     |  \    _\____      /   |     |   \      /  \     |     |
   |_____|     |______/     /     /____|     |_________/_________:     |
         |_____:-aTZ!/___________/     |_____:                 /_______:

* BLAKE2 * BLOCKCHAIN2 * DPAPI * CHACHA20 * JAVA KEYSTORE * ETHEREUM WALLET *

All you need to do is run the following command:

java -jar JksPrivkPrepare.jar your_JKS_file.jks > hash.txt

If your hash.txt ends up being empty, there is either no private key in the JKS file or you specified a non-JKS file.

Then feed the hash.txt file to hashcat (version 3.6.0 and above), for example like this:

$ ./hashcat -m 15500 -a 3 -1 '?u|' -w 3 hash.txt ?1?1?1?1?1?1?1?1?1
hashcat (v3.6.0) starting...

OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce GTX 1080, 2026/8107 MB allocatable, 20MCU

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

Applicable optimizers:

  Zero-Byte
* Precompute-Init
* Not-Iterated
* Appended-Salt
* Single-Hash
* Single-Salt
* Brute-Force

Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 75c

$jksprivk$*D1BC102EF5FE5F1A7ED6A63431767DD4E1569670...8*test:POC||GTFO
                                                          
Session..........: hashcat
Status...........: Cracked
Hash.Type........: JKS Java Key Store Private Keys (SHA1)
Hash.Target......: $jksprivk$*D1BC102EF5FE5F1A7ED6A63431767DD4E1569670...8*test
Time.Started.....: Tue May 30 17:41:58 2017 (8 mins, 25 secs)
Time.Estimated...: Tue May 30 17:50:23 2017 (0 secs)
Guess.Mask.......: ?1?1?1?1?1?1?1?1?1 [9]
Guess.Charset....: -1 ?u|, -2 Undefined, -3 Undefined, -4 Undefined 
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#1.....:  7946.6 MH/s (39.48ms)
Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.........: 4014116700160/7625597484987 (52.64%)
Rejected.........: 0/4014116700160 (0.00%)
Restore.Point....: 5505024000/10460353203 (52.63%)
Candidates.#1....: NNVGFSRFO -> Z|ZFVDUFO
HWMon.Dev.#1.....: Temp: 75c Fan: 89% Util:100% Core:1936MHz Mem:4513MHz Bus:1

Started: Tue May 30 17:41:56 2017
Stopped: Tue May 30 17:50:24 2017

So from this repository you basically only need the JksPrivkPrepare.jar to run a cracking session.

Other things in this repository
  • test_run.sh: A little test script that you should be able to run after a couple of minutes to see this project in action. It includes comments on how to setup the dependencies for this project.
  • benchmarking: tests that show why you should use this technique and not others. Please read the "Nail in the JKS coffin" article.
  • example_jks: generate example JKS files
  • fingerprint_creation: Every plaintext private key in PKCS#8 has it's own "fingerprint" that we expect when we guess the correct password. These fingerprints are necessary to make sure we are able to detect when we guessed the correct password. Please read the "Nail in the JKS coffin" article. This folder has the code to generate these fingerprints, it's a little bit hacky but I don't expect that it will be necessary to add any other fingerprints ever.
  • JksPrivkPrepare: The source code of how the JKS files are read and the hash calculated we need to give to hashcat.
  • jksprivk_crack.py: A proof of concept implementation that can be used instead of hashcat. Obviously this is much slower than hashcat, but it can outperform John the Ripper (JtR) in certain cases. Please read the "Nail in the JKS coffin" article.
  • jksprivk_decrypt.py: A little helper script that can be used to extract a private key once the password was correctly guessed.
  • run_example_jks.sh: A script that runs JksPrivkPrepare.jar and jksprivk_crack.py on all example JKS files in the example_jks folder. Make sure you run the generate_examples.py in example_jks script before.

Download JKS
Subscribe to: Posts (Atom)

Popular Posts