Pattern Juggled ie ðørkßöt pjstorm

## gist:b1616d28483780fc0304

This is a quick note to keep track of some work-in-process data relating to the forged 'Flame' certificates used as part of the Stuxnet attacks. I've bumped into Didier's analysis of those certs (http://blog.didierstevens.com/2012/06/06/flame-authenticode-dumps-kb2718704/) several times, and each time felt there was a piece we're all missing, right under our noses.

I think we've begun to understand what that piece is, now. As this is a partial post, not a full exposition, I'll go thin on the backstory. And jump right to the interesting bits.

Looking at the certs in question, there's obvious formatting issues in some of the fields - in terms of how they come out of a conventional de-pem'ing tool. That's always seemed particularly salient to me, but statistical work on those outputs got me nowhere. Now that I'm less ignorant of the underlying non-transitive parsing and encoding that can (and is) done in certs, I had a better idea where to look.

Based on other research cryptostorm has done for several months

## gist:3a904f12dfcc5c943b3b
package main

import (
	"bufio"
	"fmt"
	"io"
	"net"
	"strings"
)

## check_freak.sh
#!/usr/bin/env bash

# check_freak.sh
# (c) 2015 Martin Seener

# Simple script which checks SSL/TLS services for the FREAK vulnerability (CVE 2015-0204)
# It will output if the checked host is vulnerable and returns the right exit code
# so it can also be used as a nagios check!

PROGNAME=$(basename $0)

## check_freak.sh
#!/usr/bin/env bash

# check_freak.sh
# (c) 2015 Martin Seener

# Simple script which checks SSL/TLS services for the FREAK vulnerability (CVE 2015-0204)
# It will output if the checked host is vulnerable and returns the right exit code
# so it can also be used as a nagios check!

PROGNAME=$(basename $0)

## sha512.html
<meta name="description" content="Easily calculate SHA-512 algorithms" />
<script type="text/javascript" src="assets/js/sha512.js">
</script>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script type="text/javascript">
//<![CDATA[

function calcSHA()
{
    calcHash("SHA-512");

## gist:359cf3243c10e655cf50
Superfish uses an SDK from Komodia to do SSL MITM. That's probably known by now.

Superfish isn't the only product to use that sdk. there's others too.

Each product that uses the Komodia SDK to MITM, has its OWN CA cert and private
key pair. Seems a lot of people think they all use the superfish cert. That is
NOT the case.

First thing I checked was komodia's own parental control software,
Keep My Family Secure. (mentioned on komodia's own website).

## fb.js
var a='';
for(var i=0;i<50000;i++){a+='=';}

var wait = setTimeout(function(){
  alert('Logged in fb')
},15000)

var cb=function(){
  clearTimeout(wait);
  alert('Not logged in fb');

## fb.js
var a='';
for(var i=0;i<50000;i++){a+='=';}

var wait = setTimeout(function(){
  alert('Logged in fb')
},15000)

var cb=function(){
  clearTimeout(wait);
  alert('Not logged in fb');

## gist:d14ad9eeadab77117481
Verifying that +pjstorm is my openname (Bitcoin username). https://onename.com/pjstorm

## gist:9c98366106b5eaa7d5a7
### Keybase proof

I hereby claim:

  * I am pjstorm on github.
  * I am p_j (https://keybase.io/p_j) on keybase.
  * I have a public key whose fingerprint is 5209 C8E4 70D1 0149 C79D  43A2 F353 E403 758E 787B

To claim this, I am signing this object:

	This is a quick note to keep track of some work-in-process data relating to the forged 'Flame' certificates used as part of the Stuxnet attacks. I've bumped into Didier's analysis of those certs (http://blog.didierstevens.com/2012/06/06/flame-authenticode-dumps-kb2718704/) several times, and each time felt there was a piece we're all missing, right under our noses.

	I think we've begun to understand what that piece is, now. As this is a partial post, not a full exposition, I'll go thin on the backstory. And jump right to the interesting bits.

	Looking at the certs in question, there's obvious formatting issues in some of the fields - in terms of how they come out of a conventional de-pem'ing tool. That's always seemed particularly salient to me, but statistical work on those outputs got me nowhere. Now that I'm less ignorant of the underlying non-transitive parsing and encoding that can (and is) done in certs, I had a better idea where to look.

	Based on other research cryptostorm has done for several months
	#!/usr/bin/env bash

	# check_freak.sh
	# (c) 2015 Martin Seener

	# Simple script which checks SSL/TLS services for the FREAK vulnerability (CVE 2015-0204)
	# It will output if the checked host is vulnerable and returns the right exit code
	# so it can also be used as a nagios check!

	PROGNAME=$(basename $0)
	<meta name="description" content="Easily calculate SHA-512 algorithms" />
	<script type="text/javascript" src="assets/js/sha512.js">
	</script>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<script type="text/javascript">
	//<![CDATA[

	function calcSHA()
	{
	calcHash("SHA-512");
	Superfish uses an SDK from Komodia to do SSL MITM. That's probably known by now.

	Superfish isn't the only product to use that sdk. there's others too.

	Each product that uses the Komodia SDK to MITM, has its OWN CA cert and private
	key pair. Seems a lot of people think they all use the superfish cert. That is
	NOT the case.

	First thing I checked was komodia's own parental control software,
	Keep My Family Secure. (mentioned on komodia's own website).
	var a='';
	for(var i=0;i<50000;i++){a+='=';}

	var wait = setTimeout(function(){
	alert('Logged in fb')
	},15000)

	var cb=function(){
	clearTimeout(wait);
	alert('Not logged in fb');
	### Keybase proof

	I hereby claim:

	* I am pjstorm on github.
	* I am p_j (https://keybase.io/p_j) on keybase.
	* I have a public key whose fingerprint is 5209 C8E4 70D1 0149 C79D 43A2 F353 E403 758E 787B

	To claim this, I am signing this object: