Dave, That's ok. Glad to have helped out :)
Cheers, Chris. On Thu, Dec 9, 2010 at 1:07 PM, mrx <m...@propergander.org.uk> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 09/12/2010 10:26, Christian Sciberras wrote: > >> I tried installing this plugin to Firefox 3.6.12 in a virtualbox > XP32(SP3) > > environment and it is incompatible. > >> I may wait for an update to the plugin and analyse its behaviour, > > providing my curiosity doesn't wane in the meantime. > > > > Alternatively, you can just decompress the XPI (it's in fact a zip) and > > inspect the js files and/or decompress any binaries. > > I suppose they are distributing some form of driver, so you'd find > > IDA/ollydbg useful. > > > > > > > > Chris. > > > > I extracted the files (various .js files and an exe) from the xpi. > The .js files version check and create an instance of keyscrambler.sys with > the current firefox window passed to it as an argument. > > I also extracted the contents of the executable; setup.exe. > Setup.exe contained various dll's and one sys file. I presumed this sys > file; keyscrambler.sys, is the driver and main component of this addon. > To confirm I monitored the running of setup.exe. > > My preumption was correct keyscrambler.sys is installed in system32 folder > and is registered as an autostarting service, although it is hidden > from the services pane in computer management. > > This is where my "skills" bottom out. ASM is something I have not yet got > my head around. > I have a clue, but that's about all I do have... in time ;-) > > Thanks for your advice and input > regards > Dave > > > > > On Thu, Dec 9, 2010 at 11:23 AM, mrx <m...@propergander.org.uk> wrote: > > > > On 08/12/2010 11:30, Tim Gurney wrote: > >>>> Hi > >>>> > >>>> This seems to contradict itself somewhat. A plugin to firefox should > >>>> have no way to encrypt things at a driver level within the kernel, > that > >>>> would require installing seperate software at the root level, a plugin > >>>> should not be able to do this and i would be VERY worried and > surprised > >>>> if it could as it would mean bypassing the security of the OS. > > > > I tried installing this plugin to Firefox 3.6.12 in a virtualbox > XP32(SP3) > > environment and it is incompatible. > > I may wait for an update to the plugin and analyse its behaviour, > providing > > my curiosity doesn't wane in the meantime. > > > > I am not a professional, I do this kind of research as a hobby and for > > educational purposes, when I have some free time. > > > > > >>>> Also if the driver is encrypting the key strokes and the plugin is > >>>> decrypting, what about all the keystrokes that are not in firefox, > like > >>>> email, word processing, programming, there is nothing to decrypt these > >>>> so you would end up only ever being able to use firefox on the machine > >>>> and nothing else every again. > > > > The devs do state that it only encrypts keystrokes in Firefox and not > other > > applications, although they do sell a version that supposedly works > > "in over 160 browsers and applications". > >>>> > >>>> personally I would not touch this with a barge pole and I would do a > lot > >>>> more more digging and checking into this. > > > > Yes, I am sceptical of claims, hence the post to this list. > > > > > > > >>>> regards > >>>> > >>>> Tim > > > > > > Thanks for your input > > Dave. > > > > > >>>> > >>>> On 08/12/10 11:12, mrx wrote: > >>>>> Hi list, > >>>> > >>>>> Is anyone familiar with the firefox addon KeyScrambler? According to > > developers this encrypts keystrokes. > >>>> > >>>>> Quote: > >>>>> "How KeyScrambler Works: > >>>>> When you type on your keyboard, the keys travel along a path within > the > > operating system before it arrives at your browser. Keyloggers plant > >>>>> themselves along this path and observe and record your keystrokes. > The > > collected information is then sent to the criminals who will use it to > >>>>> steal from you. > >>>> > >>>>> KeyScrambler defeats keyloggers by encrypting your keystrokes at the > > keyboard driver level, deep within the operating system. When the > encrypted > >>>>> keystrokes reach your browser, KeyScrambler then decrypts them so you > > see exactly the keys you've typed. Keyloggers can only record the > >>>>> encrypted keys, which are completely indecipherable." > >>>> > >>>>> Can this be trusted? As in trusted I mean not bypassed. > >>>> > >>>>> Input from the professionals on this list would be much appreciated. > >>>> > >>>>> Thank you > >>>>> regards > >>>>> Dave > >>>> > >>>> > >>>> _______________________________________________ > >>>> Full-Disclosure - We believe in it. > >>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >>>> Hosted and sponsored by Secunia - http://secunia.com/ > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > > >> > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > >> > > - -- > Mankind's systems are white sticks tapping walls. > Thanks Roy > http://www.propergander.org.uk > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iQEVAwUBTQDGZrIvn8UFHWSmAQKuQgf/anyexT49oGKy7rvr0orBtSnPSAyhIoh9 > tF0kwb6odcmF7WXW1NHi54ztuTwg7Ue0iJ4FNYSYedAhstJQuQRC6A6En76+xRe9 > b5psFqongyeqnvA+nUAuO/TagxlA8fiAZSu8VNr1yOx3y0030jrOnUgDdwmOcMIV > lefxk87YV9PKRFlgts7FVN4aqlEFsyQfYgyq7Z5NhBcAO6BnvAtbSro3rCZIhYt4 > kWi4UdjpszqI+uYJFWv4r/ZwOVjXEZzFbqJUU4qcN24q8X0GyFXxs/4I0evBwMyI > tYZ4gpCJ9ocYI+A11fRpeX1z3k0xnh/HguvsNae5nLLjrDUE6cws/Q== > =7GDE > -----END PGP SIGNATURE----- >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/