Call me paranoid, but that sure would be a good way to spread a key logger!
Gary B On 12/09/2010 07:25 AM, Christian Sciberras wrote: > Dave, > > That's ok. Glad to have helped out :) > > Cheers, > Chris. > > > > On Thu, Dec 9, 2010 at 1:07 PM, mrx <m...@propergander.org.uk <mailto:m...@propergander.org.uk>> wrote: > > On 09/12/2010 10:26, Christian Sciberras wrote: > >> I tried installing this plugin to Firefox 3.6.12 in a virtualbox > XP32(SP3) > > environment and it is incompatible. > >> I may wait for an update to the plugin and analyse its behaviour, > > providing my curiosity doesn't wane in the meantime. > > > Alternatively, you can just decompress the XPI (it's in fact a zip) and > > inspect the js files and/or decompress any binaries. > > I suppose they are distributing some form of driver, so you'd find > > IDA/ollydbg useful. > > > > > Chris. > > > I extracted the files (various .js files and an exe) from the xpi. > The .js files version check and create an instance of keyscrambler.sys > with the current firefox window passed to it as an argument. > > I also extracted the contents of the executable; setup.exe. > Setup.exe contained various dll's and one sys file. I presumed this > sys file; keyscrambler.sys, is the driver and main component of this > addon. > To confirm I monitored the running of setup.exe. > > My preumption was correct keyscrambler.sys is installed in system32 > folder and is registered as an autostarting service, although it is hidden > from the services pane in computer management. > > This is where my "skills" bottom out. ASM is something I have not yet > got my head around. > I have a clue, but that's about all I do have... in time ;-) > > Thanks for your advice and input > regards > Dave > > > > On Thu, Dec 9, 2010 at 11:23 AM, mrx <m...@propergander.org.uk > <mailto:m...@propergander.org.uk>> wrote: > > > On 08/12/2010 11:30, Tim Gurney wrote: > >>>> Hi > >>>> > >>>> This seems to contradict itself somewhat. A plugin to firefox should > >>>> have no way to encrypt things at a driver level within the > kernel, that > >>>> would require installing seperate software at the root level, a > plugin > >>>> should not be able to do this and i would be VERY worried and > surprised > >>>> if it could as it would mean bypassing the security of the OS. > > > I tried installing this plugin to Firefox 3.6.12 in a virtualbox > XP32(SP3) > > environment and it is incompatible. > > I may wait for an update to the plugin and analyse its behaviour, > providing > > my curiosity doesn't wane in the meantime. > > > I am not a professional, I do this kind of research as a hobby and for > > educational purposes, when I have some free time. > > > >>>> Also if the driver is encrypting the key strokes and the plugin is > >>>> decrypting, what about all the keystrokes that are not in > firefox, like > >>>> email, word processing, programming, there is nothing to decrypt > these > >>>> so you would end up only ever being able to use firefox on the > machine > >>>> and nothing else every again. > > > The devs do state that it only encrypts keystrokes in Firefox and > not other > > applications, although they do sell a version that supposedly works > > "in over 160 browsers and applications". > >>>> > >>>> personally I would not touch this with a barge pole and I would > do a lot > >>>> more more digging and checking into this. > > > Yes, I am sceptical of claims, hence the post to this list. > > > > >>>> regards > >>>> > >>>> Tim > > > > Thanks for your input > > Dave. > > > >>>> > >>>> On 08/12/10 11:12, mrx wrote: > >>>>> Hi list, > >>>> > >>>>> Is anyone familiar with the firefox addon KeyScrambler? According to > > developers this encrypts keystrokes. > >>>> > >>>>> Quote: > >>>>> "How KeyScrambler Works: > >>>>> When you type on your keyboard, the keys travel along a path > within the > > operating system before it arrives at your browser. Keyloggers plant > >>>>> themselves along this path and observe and record your > keystrokes. The > > collected information is then sent to the criminals who will use it to > >>>>> steal from you. > >>>> > >>>>> KeyScrambler defeats keyloggers by encrypting your keystrokes at the > > keyboard driver level, deep within the operating system. When the > encrypted > >>>>> keystrokes reach your browser, KeyScrambler then decrypts them > so you > > see exactly the keys you've typed. Keyloggers can only record the > >>>>> encrypted keys, which are completely indecipherable." > >>>> > >>>>> Can this be trusted? As in trusted I mean not bypassed. > >>>> > >>>>> Input from the professionals on this list would be much appreciated. > >>>> > >>>>> Thank you > >>>>> regards > >>>>> Dave > >>>> > >>>> > >>>> _______________________________________________ > >>>> Full-Disclosure - We believe in it. > >>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >>>> Hosted and sponsored by Secunia - http://secunia.com/ > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > >> > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > >> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/