On 06/05/2012 07:21 AM, Douglas Pichardo wrote:
The last link below [http://rmhrisk.wpengine.com/?p=52] points out that
the sub-CA's were issued with constraints granting them:
- License Server Verification (1.3.6.1.4.1.311.10.6.2)
- Key Pack Licenses (1.3.6.1.4.1.311.10.6.1)
- Code Signing (1.3.6.1.5.5.7.3.3)
But I don't see any constraints at all listed in the MS.txt certificate
you attached from
[http://blog.crysys.hu/2012/06/the-flame-malware-wusetupv-exe-certificate-chain/].
Am I missing something here?
No you're not. There aren't any.
This is true not only for the evil cert, but also for Genuine
Microsoft^TM Terminal Services License Server license certs. You can
find examples with http://www.google.com/search?q=06+01+04+01+82+37+12;
Attached are a couple of examples found this way.
Ryan Hurst has more good detailed analyses on the MSTS licensing PKI
goof based on a Genuine Microsoft^TM cert.
http://rmhrisk.wpengine.com/?p=57 and
http://rmhrisk.wpengine.com/?p=60
Marc Stevens and B.M.M. de Weger (of
http://www.win.tue.nl/hashclash/rogue-ca/) have been looking at the
collision in the evil CN=MS cert. I'm sure they'll have a full report at
some point. Until then, they have said this:
[We] have confirmed that flame uses a yet unknown md5 chosen-prefix
collision attack. We are interested in other possible certs based
on this md5 coll attack for further analysis. I am now analyzing
their chosen-prefix collision attack in more detail, (more examples
would greatly help) and trying to write up some results and
conclusions to make a more detailed statement. The collision
attack itself is very interesting from a scientific viewpoint
and there are already some practical implications.
Didier Stevens has posted the full chain at
http://blog.didierstevens.com/2012/06/06/flame-authenticode-dumps-kb2718704/
There is a mystery cert CN=TLS Server in the executable. It does not
appear to have a tumor. It's attached here. Perhaps someone can figure
out what it's for.
- Marsh
P.S. The first couple of 64-byte blocks here are the tumor. For some
reason, it does not show up with 'openssl x509 -text' or even 'openssl
asn1parse -dump'.
500:d=2 hl=4 l= 888 prim: cont [ 1 ]
dd if=MS.der bs=1 skip=500 count=888 | hd
81 82 03 78 00 6a 4c e0 1f f5 91 69 b2 74 36 f0
|...x.jLi.t6.|
0010 7f 7b 4b 7b c6 be eb 3f 9f 98 3d a3 84 87 54 7e
|.{K{...?..=...T~|
0020 72 87 71 25 4b 68 35 ae 65 bd 6c 8f dc 8d ac c4
|r.q%Kh5.e.l.|
0030 e8 98 92 de dc 53 62 f5 72 6a 25 27 a3 12 46 eb
|.Sb.rj%'..F.|
0040 7f 6d 58 cd 30 83 d7 7a 85 b8 48 e6 0e 01 11 68
|.mX.0..z..Hh|
0050 65 7d 53 38 0b 40 f4 3b 68 43 59 c1 3c 05 c3 40
|e}S8.@.;hCY...@|
0060 26 9d 51 97 e2 eb 2e b8 c2 19 6e 4e 94 46 3b d8
|.Q...nN.F;.|
0070 d4 fd 0d 00 d1 68 fa df f3 fa 18 8a 7c 65 9b da
|.h..|e..|
0080 23 11 9f 16 a6 8b 23 24 88 87 22 69 19 c2 11 ea
|#.#$..i|
0090 9d 36 81 ad fb e8 8b d2 d0 eb 06 f2 1a 86 8d c6
|.6..|
00a0 84 f3 88 c5 e0 d9 64 c6 48 95 d4 be d3 54 48 91
|..d.HTH.|
00b0 e6 6c e9 1e 33 97 15 42 ee b4 6d 1f 15 0b 27 dd
|.l..3..B..m...'.|
00c0 08 bb 81 de b6 96 16 39 d9 26 44 6a 5f d1 6b 3f
|...9.Dj_.k?|
00d0 12 71 dc f0 99 62 d2 43 14 58 f8 6e f8 22 35 d2
|.q...b.C.X.n.5.|
00e0 90 f7 fd 93 6a c4 49 b8 cb 0c e9 65 a8 f7 22 b5
|j.Ie...|
00f0 f2 05 19 20 ef 25 63 c7 b3 97 4a 82 3e b2 e3 ee |...
.%c...J|
0100 b4 5e cb 1d b3 59 8f 8d f4 79 01 b1 b6 68 89 14
|.^...Y...y...h..|
0110 b4 8f 9d 60 d7 71 a5 3d 95 02 03 01 00 01 a3 82
|...`.q.=|
0120 02 5a 30 82 02 56 30 1d 06 03 55 1d 0e 04 16 04
|.Z0..V0...U.|
0130 14 9a 9a 5d 77 bd 84 66 a4 f1 de 18 10 1b 6e 67
|...]w..f..ng|
0140 a5 97 c1 14 87 30 1f 06 03 55 1d 23 04 18 30 16
|.0...U.#..0.|
0150 80 14 75 e8 03 58 5d fb 65 e4 d9 a6 ac 17 b6 03
|..u..X].e...|
0160 7e 47 ad 2e 81 af 30 81 c2 06 03 55 1d 1f 04 81
|~G0U|
0170 ba 30 81 b7 30 81 b4 a0 81 b1 a0 81 ae 86 56 68
|.0..0.Vh|
0180 74 74 70 3a 2f 2f 74 6b 78 70 61 73 72 76 33 36
|ttp://tkxpasrv36|
0190 2e 70 61 72 74 6e 65 72 73 2e 65 78 74 72 61 6e
|.partners.extran|
01a0 65 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d
|et.microsoft.com|
01b0 2f 43 65 72 74 45 6e 72 6f 6c 6c 2f 4d 69 63 72
|/CertEnroll/Micr|
01c0 6f 73 6f 66 74 25 32 30 4c 53