Re: [funsec] Verizon Service, Actiontec Gateway, and SSL Certifcate

[Jeffrey Walton]

Well, this is not a good sign. I downloaded littleblackbox
(https://code.google.com/p/littleblackbox/), which is a database of
shared private keys. The program connects to the device or servers,
fetches the certificate, and tries to find the private key in its
database:

jeffrey@ubuntu-12-x64:~/littleblackbox-0.1.3/bin$ ./littleblackbox -r
192.168.1.1:443

-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQDOPa+w/2o5IuWs3eV2MVXEpyqLYfZScbyPpr2mY8zkbdKC6DFq
zG6cBY7S06qobVjXmOgQMkoVoO8ihbD1NB6V/4xyDgMwJJ8uSfpaB/JyzefeoNz9
Gcg+s+wpKoG84PTHyfVy6xMTCwZ+qC26JLGPquu/ucwEljHy0WVYPmb9VQIDAQAB
AoGAYrG+W9M+f+0lP95IKpFdW+grQdw1RirLc2r1oqRrrnynmqGG1HbUD7HRMS69
ojABrdqsYuPN9B+5kCmuDwlMANwIwV3ZwxE7A7Hy1tpi9PgckTjZW8rCl3ciEZkx
Y+Xw9j9QGlSI6Hxthocb/4eCwwMenLrSZDj6oKuZ7DgJUJkCQQDl88c7RJsTS6HN
ztAjFxpKobIgzy9u1AH15WDqqd2rawtJk2FTFcz0GrAy/gawKU42wFqZOKv28iMq
96fGcPN3AkEA5ZpSL+vQD1WAEd7Vv56zqmTOTpEOGoDD5zxfch4gvr8rCgU6hDmz
0Y3UQ7MRJrTNvVwYXpIUoazBBUZUfbpQkwJAagxTBXJOUke/BzspogU1itWnYJos
NeBwRwbR+2b7Y+KqAfSGHdsf+jOUru+YBgYGnBl5rtAD/o8MyPQN2+abYQJABhbD
mzW7vMxdqxunu38v8JLfzcGXCCjmCRnWxiX6ZFSZhZiB5sPI+wOx32G+ULJ2ylDI
7KkfFvKH4+Xrk7H/NQJAJWQusAs1tHhDDddvcvqe4J5q0qvNdOSTs0Cu2CimWPxe
tfcz64o64XWgmCAaFq2pfaN4oC1kaGnIbUEdtIqNXw==
-----END RSA PRIVATE KEY-----

On Mon, Apr 29, 2013 at 2:23 AM, Jeffrey Walton <noloa...@gmail.com> wrote:
> Hi All,
>
> I have Verizon service which provides an Actiontec gateway. The
> gateway is model MI424WR, running firmware 40.20.1. ("Firmware Update"
> claims its up to date, even though there's been no updates for quite
> some time, including patches to dhcp and libupnp).
>
> Can anyone verify the certificate (and key pair) included with the
> gateway is unique (or better, static)? Below are the thumbprints and
> certificate details from OpenSSL after exporting the certificate (from
> Firefox).
>
> Bonus points: does anyone know how to generate a new certificate or
> upload a new certificate? The Actiontec manual only mentions SSL
> certificates when it says to ignore warnings and proceed because its
> safe [1] (seriously!).
>
> Thanks
> Jeff
>
> [1] 
> http://support.actiontec.com/doc_files/MI424WR_Vz_User_Manual_4.0.16.1.45.160_v4.pdf
>
> $ openssl x509 -in ORname_Jungo\:OpenRGProductsGroup -noout -fingerprint
> SHA1 Fingerprint=43:88:33:C0:94:F6:AF:C8:64:C6:0E:4A:6F:57:E9:F4:D1:28:14:11
>
> $ openssl x509 -in ORname_Jungo\:OpenRGProductsGroup -noout -text
> Certificate:
>     Data:
>         Version: 3 (0x2)
>         Serial Number: 0 (0x0)
>     Signature Algorithm: md5WithRSAEncryption
>         Issuer: C=US, CN=ORname_Jungo: OpenRG Products Group
>         Validity
>             Not Before: Jun  3 11:11:43 2004 GMT
>             Not After : May 29 11:11:43 2024 GMT
>         Subject: C=US, CN=ORname_Jungo: OpenRG Products Group
>         Subject Public Key Info:
>             Public Key Algorithm: rsaEncryption
>                 Public-Key: (1024 bit)
>                 Modulus:
>                     00:ce:3d:af:b0:ff:6a:39:22:e5:ac:dd:e5:76:31:
>                     55:c4:a7:2a:8b:61:f6:52:71:bc:8f:a6:bd:a6:63:
>                     cc:e4:6d:d2:82:e8:31:6a:cc:6e:9c:05:8e:d2:d3:
>                     aa:a8:6d:58:d7:98:e8:10:32:4a:15:a0:ef:22:85:
>                     b0:f5:34:1e:95:ff:8c:72:0e:03:30:24:9f:2e:49:
>                     fa:5a:07:f2:72:cd:e7:de:a0:dc:fd:19:c8:3e:b3:
>                     ec:29:2a:81:bc:e0:f4:c7:c9:f5:72:eb:13:13:0b:
>                     06:7e:a8:2d:ba:24:b1:8f:aa:eb:bf:b9:cc:04:96:
>                     31:f2:d1:65:58:3e:66:fd:55
>                 Exponent: 65537 (0x10001)
>         X509v3 extensions:
>             X509v3 Basic Constraints:
>                 CA:TRUE, pathlen:5
>             X509v3 Key Usage:
>                 Digital Signature, Non Repudiation, Key Encipherment,
> Data Encipherment, Certificate Sign
>             X509v3 Extended Key Usage:
>                 TLS Web Client Authentication, Code Signing, E-mail
> Protection, TLS Web Server Authentication
>             Netscape Comment:
>                 Jungo OpenRG Products Group standard certificate
>             Netscape Cert Type:
>                 SSL Client, SSL Server, SSL CA
>     Signature Algorithm: md5WithRSAEncryption
>          9e:d6:d6:cd:8f:e4:52:1a:ad:77:99:4d:f9:91:18:da:06:12:
>          92:df:5f:5a:88:8b:66:87:7d:86:03:2c:d7:82:3e:24:64:56:
>          b9:10:f5:ad:ef:77:c2:f9:45:d4:51:6f:c4:93:a4:cf:63:0b:
>          73:47:64:47:4c:f4:fd:6d:fa:cf:b4:f0:ef:2a:49:53:ff:35:
>          77:29:ed:6b:dc:88:58:b4:b2:c1:d9:f5:fd:8e:80:ed:5e:81:
>          c3:24:05:46:e2:65:83:6f:e7:0c:ff:ad:52:5b:5c:e9:c5:db:
>          51:ef:06:75:39:b6:20:04:c0:cc:44:7c:38:a1:91:6c:13:2d:
>          5e:ab
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.