ãƒãƒ¼ã‚«ãƒ«ã‚¹ãƒˆãƒ¬ãƒ¼ã‚¸ã«ä¿å˜ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ã®æš—å·åŒ– ― Windows ã®å ´åˆ
Gumblar ã«ã‚ˆã‚‹ FFFTP ã¸ã®æ”»æ’ƒã«ã¤ã„ã¦
Gumblarã«ã‚ˆã‚‹FFFTPã¸ã®æ”»æ’ƒã«ã¤ã„ã¦
FTPã®ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚’ç›—ã¿ã€ã‚µã‚¤ãƒˆã‚’改竄ã™ã‚‹GumblarウイルスãŒçŒ›å¨ã‚’ãµã‚‹ã£ã¦ãŠã‚Šã¾ã™ã€‚
ã“ã®Gumblarウイルスã®äºœç¨®ãŒã€FFFTPã‚’ç‹™ã£ã¦æ”»æ’ƒã—ã¦ã„ã‚‹ã“ã¨ãŒå ±å‘Šã•ã‚Œã¦ãŠã‚Šã¾ã™ã€‚ 詳ã—ãã¯ä»¥ä¸‹ã®ã‚µã‚¤ãƒˆã‚’å‚ç…§ã—ã¦ãã ã•ã„。
smilebanana
UnderForge of LackFFFTPã¯ãƒ‘スワードをレジストリã«è¨˜éŒ²ã—ã¦ãŠã‚Šã¾ã™ã€‚ç°¡å˜ãªæš—å·åŒ–ã‚’ã‹ã‘ã¦ã‚ã‚Šã¾ã™ãŒã€FFFTPã¯ã‚ªãƒ¼ãƒ—ンソースã§ã‚ã‚‹ãŸã‚ã€æš—å·ã®è§£é™¤æ³•ã¯ãƒ—ãƒã‚°ãƒ©ãƒ ソースを解æžã™ã‚Œã°å¯èƒ½ã§ã™ã€‚
Gumblarウイルスã®äºœç¨®ã¯ã€ãƒ¬ã‚¸ã‚¹ãƒˆãƒªã«è¨˜éŒ²ã•ã‚Œã¦ã„るパスワードをèªã¿å–ã‚Šã€ã‚µã‚¤ãƒˆæ”¹ç«„ã«ä½¿ç”¨ã—ã¦ã„るよã†ã§ã™ã€‚
上記ç†ç”±ã«ã‚ˆã‚Šã€ä»¥ä¸‹ã®ã„ãšã‚Œã‹ã®å¯¾ç–ã‚’ãŠå–ã‚Šãã ã•ã„。
â—接続先ã®FTPサーãƒãƒ¼ãŒSSLç‰ã«å¯¾å¿œã—ã¦ã„ã‚‹å ´åˆã€‚
→SSL対応ã®FTPソフトã¸ã®åˆ‡ã‚Šæ›¿ãˆã‚’ãŠè–¦ã‚ã—ã¾ã™ã€‚ç¾åœ¨ã€FFFTPã¯SSLç‰ã«å¯¾å¿œã—ã¦ã„ã¾ã›ã‚“。ãªãŠã€åˆ‡ã‚Šæ›¿ãˆã®éš›ã¯ã€ã‚³ãƒ³ãƒˆãƒãƒ¼ãƒ«ãƒ‘ãƒãƒ«ã®ã€Œãƒ—ãƒã‚°ãƒ©ãƒ ã®è¿½åŠ ã¨å‰Šé™¤ã€ã‚’使ã£ã¦ã€FFFTPをアンインストールã—ã¦ãã ã•ã„。
â—接続先ã®FTPサーãƒãƒ¼ãŒSSLç‰ã«å¯¾å¿œã—ã¦ã„ãªã„å ´åˆã€‚
→パスワードをFFFTPã«è¨˜æ†¶ã•ã›ã‚‹ã®ã‚’ã‚„ã‚ã€æŽ¥ç¶šæ™‚ã«æ¯Žå›žãƒ‘スワードを入力ã™ã‚‹ã‚ˆã†ã«ã—ã¦ãã ã•ã„。ãŸã ã—ã€Gumblarウイルスã¯é€šä¿¡ã®å‚å—ã‚‚è¡Œã£ã¦ã„ã‚‹ã¨è€ƒãˆã‚‰ã‚Œã‚‹ãŸã‚ã€FTPサーãƒãƒ¼ã«æŽ¥ç¶šã—ãŸæ™‚点ã§ã€Gumblarウイルスã«ãƒ‘スワードãŒç›—ã¾ã‚Œã‚‹å¯èƒ½æ€§ãŒã‚ã‚Šã€ä¸‡å…¨ã§ã¯ã‚ã‚Šã¾ã›ã‚“。
ãªãŠã€UnderForge of Lackã«è¨˜è¼‰ã•ã‚Œã¦ã„るレジストリã®å‰Šé™¤ã§ã™ãŒã€é€šå¸¸ã¯FFFTPをコントãƒãƒ¼ãƒ«ãƒ‘ãƒãƒ«ã‚’使ã£ã¦ã‚¢ãƒ³ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã—ãŸæ®µéšŽã§å‰Šé™¤ã•ã‚Œã¾ã™ã€‚
ã¨ã‚ã£ãŸã®ã§ï¼ŒFFFTP ã®ã‚½ãƒ¼ã‚¹ã‚’èªã‚“ã§ã¿ã¾ã—ãŸï¼Ž
/*----- パスワードを暗å·åŒ–ã™ã‚‹ ------------------------------------------------ * * Parameter * char *Str : パスワード * kchar *Buf : æš—å·åŒ–ã—ãŸãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ * * Return Value * ãªã— *----------------------------------------------------------------------------*/ static void EncodePassword(char *Str, char *Buf) { unsigned char *Get; unsigned char *Put; int Rnd; int Ch; srand((unsigned)time(NULL)); Get = (unsigned char *)Str; Put = (unsigned char *)Buf; while(*Get != NUL) { Rnd = rand() % 3; Ch = ((int)*Get++) << Rnd; Ch = (unsigned char)Ch | (unsigned char)(Ch >> 8); *Put++ = 0x40 | ((Rnd & 0x3) << 4) | (Ch & 0xF); *Put++ = 0x40 | ((Ch >> 4) & 0xF); if((*(Put-2) & 0x1) != 0) *Put++ = (rand() % 62) + 0x40; } *Put = NUL; return; } /*----- パスワードã®æš—å·åŒ–を解ã ---------------------------------------------- * * Parameter * char *Str : æš—å·åŒ–ã—ãŸãƒ‘スワード * kchar *Buf : ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ * * Return Value * ãªã— *----------------------------------------------------------------------------*/ static void DecodePassword(char *Str, char *Buf) { unsigned char *Get; unsigned char *Put; int Rnd; int Ch; Get = (unsigned char *)Str; Put = (unsigned char *)Buf; while(*Get != NUL) { Rnd = ((unsigned int)*Get >> 4) & 0x3; Ch = (*Get & 0xF) | ((*(Get+1) & 0xF) << 4); Ch <<= 8; if((*Get & 0x1) != 0) Get++; Get += 2; Ch >>= Rnd; Ch = (Ch & 0xFF) | ((Ch >> 8) & 0xFF); *Put++ = Ch; } *Put = NUL; return; }
今回å•é¡Œã¨ãªã£ã¦ã„る接続パスワードç‰ã¯ï¼Œä¸Šè¨˜ EncodePassword 関数ã§ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã•ã‚Œã¦ãƒ¬ã‚¸ã‚¹ãƒˆãƒªã«è¨˜éŒ²ã•ã‚Œã¦ã„ãŸã‚ˆã†ã§ã™ï¼Ž
CryptProtectData API
最åˆã«æ³¨æ„書ã.
ç§ã¯ã‚»ã‚ュリティã®å°‚門家ã§ã¯ã‚ã‚Šã¾ã›ã‚“ã®ã§ï¼Œä¸‹è¨˜ã®å†…容を信用ã™ã‚‹å‰ã«ç¤¾å†…外ã®ã‚»ã‚ュリティ専門家ã®æ–¹ã«ã‚ˆã相談ã•ã‚Œã‚‹ã“ã¨ã‚’ãŠã™ã™ã‚ã—ã¾ã™ï¼Ž
ã•ã¦ä»Šå›žã®ä»¶ï¼Œã€Œã‚ªãƒ¼ãƒ—ンソースãªãƒ—ãƒãƒ€ã‚¯ãƒˆã®å ´åˆï¼Œã‚½ãƒ¼ã‚¹ã‚’èªã‚ã°ãƒ‡ã‚³ãƒ¼ãƒ‰æ–¹æ³•ãŒåˆ†ã‹ã‚‹ã€ã¨ã„ã†ç‚¹ãŒã‚„ã‚„æ°—ã«ãªã‚‹ã‚ˆã†ãªæ°—ã«ãªã‚‰ãªã„よã†ãªæ„Ÿã˜ã§ã™ï¼Ž
ã¾ãšå‡ºç™ºç‚¹ã¨ã—ã¦ï¼ŒMicrosoft ãŒæŽ¨å¥¨ã—ã¦ã„る方法を見ã¦ã¿ã¾ã—ょã†ï¼Ž
Storing Passwords
Never store passwords in plaintext (unencrypted). Encrypting passwords significantly increases their security. For information about storing encrypted passwords, see CryptProtectData. For information about encrypting passwords in memory, see CryptProtectMemory. Store passwords in as few places as possible. The more places a password is stored, the greater the chance that an intruder might find it. Never store passwords in a Web page or in a Web-based file. Storing passwords in a Web page or in a Web-based file allows them to be easily compromised.
After you have encrypted a password and stored it, use secure ACLs to limit access to the file. Alternatively, you can store passwords and encryption keys on removable devices. Storing passwords and encryption keys on a removable media, such as a smart card, helps create a more secure system. After a password is retrieved for a given session, the card can be removed, thereby removing the possibility that an intruder can gain access to it.
ä¸Šè¨˜æ–‡ç« ã«ã‚るよã†ã«ï¼ŒCryptProtectData API ã‚„ CryptProtectMemory API *1 を使ã£ã¦ãƒ‡ãƒ¼ã‚¿ã‚’æš—å·åŒ–ã—ãŸä¸Šã§ï¼Œä¿å˜å…ˆã®ã‚¢ã‚¯ã‚»ã‚¹ã‚³ãƒ³ãƒˆãƒãƒ¼ãƒ«ãƒªã‚¹ãƒˆã«ã‚‚æ°—ã‚’ã¤ã‘ã‚,ã¨ã‚ã‚Šã¾ã™ï¼Ž
実際,CryptProtectData ã§ãƒ‘スワードç‰ã‚’æš—å·åŒ–ã—ã¦ã„るオープンソースãªãƒ—ãƒãƒ€ã‚¯ãƒˆã«ï¼ŒChromium (Google Chrome) ãŒã‚ã‚Šã¾ã™ï¼Ž
// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "chrome/browser/password_manager/encryptor.h" #include <windows.h> #include <wincrypt.h> #include "base/string_util.h" #pragma comment(lib, "crypt32.lib") bool Encryptor::EncryptWideString(const std::wstring& plaintext, std::string* ciphertext) { return EncryptString(WideToUTF8(plaintext), ciphertext); } bool Encryptor::DecryptWideString(const std::string& ciphertext, std::wstring* plaintext){ std::string utf8; if (!DecryptString(ciphertext, &utf8)) return false; *plaintext = UTF8ToWide(utf8); return true; } bool Encryptor::EncryptString(const std::string& plaintext, std::string* ciphertext) { DATA_BLOB input; input.pbData = const_cast<BYTE*>( reinterpret_cast<const BYTE*>(plaintext.data())); input.cbData = static_cast<DWORD>(plaintext.length()); DATA_BLOB output; BOOL result = CryptProtectData(&input, L"", NULL, NULL, NULL, 0, &output); if (!result) return false; // this does a copy ciphertext->assign(reinterpret_cast<std::string::value_type*>(output.pbData), output.cbData); LocalFree(output.pbData); return true; } bool Encryptor::DecryptString(const std::string& ciphertext, std::string* plaintext){ DATA_BLOB input; input.pbData = const_cast<BYTE*>( reinterpret_cast<const BYTE*>(ciphertext.data())); input.cbData = static_cast<DWORD>(ciphertext.length()); DATA_BLOB output; BOOL result = CryptUnprotectData(&input, NULL, NULL, NULL, NULL, 0, &output); if(!result) return false; plaintext->assign(reinterpret_cast<char*>(output.pbData), output.cbData); LocalFree(output.pbData); return true; }
Chromium Revision 8066 ã§ã¯ï¼ŒCryptProtectData API ã® pOptionalEntropy 引数ãŠã‚ˆã³ pPromptStruct 引数㫠NULL を渡ã—ã¦ã„ã¾ã™ï¼Žã“ã‚Œã¯ï¼ŒåŒã˜ã‚³ãƒ³ãƒ”ュータã®åŒã˜ãƒ¦ãƒ¼ã‚¶ã§ã‚ã‚Œã°ï¼Œèª°ã§ã‚‚ CryptUnprotectData API ã§å¾©å·ã§ãã‚‹ã“ã¨ã‚’æ„味ã—ã¾ã™ï¼Ž
åŒã˜ã‚³ãƒ³ãƒ”ュータを使ã†åˆ¥ã®ãƒ¦ãƒ¼ã‚¶ã‹ã‚‰å¾©å·ã¯ï¼Œ(æš—å·åŒ–ãŒè¡Œã‚れ㟠PC 環境ã®æš—å·åŒ–è¨å®šã§æœŸå¾…ã•ã‚Œã‚‹ç¨‹åº¦ã«) 防ãŒã‚Œã¾ã™ï¼Žæš—å·åŒ–ã•ã‚ŒãŸãƒ‡ãƒ¼ã‚¿åˆ—ãŒæµå‡ºã—ãŸå ´åˆã«ã‚‚,復å·ã¯ (æš—å·åŒ–ãŒè¡Œã‚れ㟠PC 環境ã®æš—å·åŒ–è¨å®šã§æœŸå¾…ã•ã‚Œã‚‹ç¨‹åº¦ã«) 防ãŒã‚Œã¾ã™ï¼Ž
例ã¨ã—ã¦ï¼Œä»¥ä¸‹ã®ãƒã‚¤ãƒˆåˆ—ã‚’ Chromium ã¨åŒã˜æ–¹æ³•ã§æš—å·åŒ–ã—ã¦ã¿ã¾ã—ãŸï¼Ž
const unsigned char original_password[] = { 0x6b, 0x6f, 0x67, 0x61, 0x69, 0x64, 0x61, 0x6e, };
手元ã«æ§‹ç¯‰ã—ãŸä»®æƒ³ç’°å¢ƒã® Windows XP SP3 ã§ã¯ï¼Œä¸Šè¨˜ãƒã‚¤ãƒˆåˆ—ã‹ã‚‰ä»¥ä¸‹ã®ã‚ˆã†ãªãƒã‚¤ãƒˆåˆ—ãŒç”Ÿæˆã•ã‚Œã¾ã—ãŸï¼ŽãªãŠï¼ŒåŒã˜å…¥åŠ›ãƒ‡ãƒ¼ã‚¿ã§ã‚ã£ã¦ã‚‚毎回異ãªã‚‹çµæžœãŒè¿”ã•ã‚Œã¾ã™ãŒï¼Œã©ã®å‡ºåŠ›ã«å¯¾ã—ã¦ã‚‚復å·çµæžœã¯åŒã˜ã«ãªã‚Šã¾ã™ï¼Ž
const unsigned char encrypted_password[] = { 0x01, 0x00, 0x00, 0x00, 0xd0, 0x8c, 0x9d, 0xdf, 0x01, 0x15, 0xd1, 0x11, 0x8c, 0x7a, 0x00, 0xc0, 0x4f, 0xc2, 0x97, 0xeb, 0x01, 0x00, 0x00, 0x00, 0x22, 0xd6, 0xf5, 0x5e, 0x47, 0x15, 0xa1, 0x4d, 0x97, 0xde, 0x34, 0xbf, 0xc8, 0xb9, 0x4c, 0x9c, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x66, 0x00, 0x00, 0xa8, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0xf6, 0xbb, 0xf7, 0x64, 0xd3, 0xe0, 0x27, 0x58, 0xcf, 0xd0, 0xf1, 0xab, 0x21, 0x3f, 0x6b, 0xf8, 0x00, 0x00, 0x00, 0x00, 0x04, 0x80, 0x00, 0x00, 0xa0, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x98, 0x84, 0x42, 0xa8, 0x82, 0xff, 0x44, 0xc2, 0x44, 0xeb, 0xaa, 0xc8, 0x84, 0xd2, 0x0d, 0x18, 0x10, 0x00, 0x00, 0x00, 0x56, 0x63, 0x8c, 0x93, 0x17, 0x8e, 0xe0, 0x7d, 0x38, 0x77, 0x6f, 0xe1, 0xda, 0x64, 0x85, 0xdc, 0x14, 0x00, 0x00, 0x00, 0x31, 0xd4, 0xab, 0x9c, 0xeb, 0xc3, 0x17, 0x62, 0xa6, 0xcd, 0xcc, 0x1c, 0x0e, 0x35, 0xfa, 0x13, 0x52, 0x0e, 0x00, 0x3a, };
ã•ã¦ã“ã®æš—å·åŒ–,åŒä¸€ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®ãƒ—ãƒã‚»ã‚¹ã‹ã‚‰ã¯ç°¡å˜ã«å¾©å·ã§ãã¦ã—ã¾ã†ã¨ã„ã†ã“ã¨ã§ï¼Œä½•ã‚‰ã‹ã®ã‚¢ãƒ—リケーションãŒé™¥è½ã—ãŸæ™‚点ã§ã‚ã¾ã‚Šæ„味ãŒã‚ã‚Šã¾ã›ã‚“*2.ã¨ã¯ã„ãˆï¼ŒWindows ã§åŒä¸€ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®ãƒ—ãƒã‚»ã‚¹ã‹ã‚‰ã®æ”»æ’ƒã«å¯¾å‡¦ã™ã‚‹ã®ã¯å¤§å¤‰ã§ã™ï¼Žã“ã‚Œã¯ã‚‚ã¯ã‚„ OS ã®é ˜åˆ†ï¼Œã—ã‹ã‚‚æ´å²ã®é•·ã„ OS ã¨ã„ã†ã“ã¨ã§ï¼Œæ”¹å–„ã—よã†ã«ã‚‚互æ›æ€§ã¸ã®å½±éŸ¿ãŒå¤§ãã,Integrity Level ã‚„ UAC ã®å°Žå…¥ã§è¦‹ãŸã‚ˆã†ãªå¤§ããªæ··ä¹±ã¨é•·æœŸã®åŠªåŠ›ãŒã¤ãã¾ã¨ã„ã¾ã™ï¼Ž
Windows 環境ã§ã®é–‹ç™ºçµŒé¨“者å‘ã‘ã« 3 è¡Œã§ã¾ã¨ã‚ã‚‹ã¨ï¼Œã¤ã¾ã‚Šã¯ã“ã†ã§ã™ï¼Ž
- ä»®ã«ï¼ŒIntegrity Level Low ãªå¯¾è©±åž‹ãƒ—ãƒã‚»ã‚¹ (ブラウザやãã®ãƒ—ラグイン) ã«ä»»æ„ã®ã‚³ãƒ¼ãƒ‰ã‚’実行å¯èƒ½ãªè„†å¼±æ€§ãŒå˜åœ¨ã™ã‚‹ã¨ã—ã¦ï¼Œ
- ãã®ãƒ—ãƒã‚»ã‚¹ã§ã¯ï¼Œãƒ¬ã‚¸ã‚¹ãƒˆãƒªã‚„ファイルã‹ã‚‰ãƒ‡ãƒ¼ã‚¿ã‚’èªã¿å‡ºã™ãŸã‚ã® API 㨠CryptUnprotectData API ãŒå®Ÿè¡Œå¯èƒ½ã¨ã™ã‚‹
- ã•ã¦ï¼Œãƒ¬ã‚¸ã‚¹ãƒˆãƒªã‚„ファイルã‹ã‚‰å€‹äººæƒ…å ± (ã®ã‚ˆã†ã«ä¿ç®¡ã•ã‚Œã¦ã„る機密データ) ã‚’ç›—ã¿å‡ºã•ã‚Œãªã„よã†ã«ã™ã‚‹ã«ã¯ï¼Ÿ
ã“ã†ã„ã†è¦æ±‚ã®å®Ÿç¾ã¯ï¼Œ(今㮠Windows ã§ã¯) アプリケーションã¨è¨€ã†ã‚ˆã‚Š OS ã¨ã„ã†ã‚ˆã‚Šï¼Œã‚¢ãƒ³ãƒã‚¦ã‚£ãƒ«ã‚¹ã‚½ãƒ•ãƒˆã®é ˜åˆ†ã®ã‚ˆã†ã«ã‚‚æ„Ÿã˜ã‚‰ã‚Œã¾ã™ï¼Ž
今日もç¾å®Ÿã—ã‚“ã©ã„ã§ã™â€¦*3
実験ã«ä½¿ã£ãŸã‚µãƒ³ãƒ—ルコード
#include <iostream> #include <windows.h> #include <wincrypt.h> #include <iostream> #pragma comment(lib, "crypt32.lib") bool EncryptString(const std::string& plaintext, std::string* ciphertext) { DATA_BLOB input; input.pbData = const_cast<BYTE*>( reinterpret_cast<const BYTE*>(plaintext.data())); input.cbData = static_cast<DWORD>(plaintext.length()); DATA_BLOB output; BOOL result = CryptProtectData( &input, L"", NULL, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN, // remove if you want to use password &output); if (!result) return false; // this does a copy ciphertext->assign(reinterpret_cast<std::string::value_type*>(output.pbData), output.cbData); LocalFree(output.pbData); return true; } bool DecryptString(const std::string& ciphertext, std::string* plaintext){ DATA_BLOB input; input.pbData = const_cast<BYTE*>( reinterpret_cast<const BYTE*>(ciphertext.data())); input.cbData = static_cast<DWORD>(ciphertext.length()); DATA_BLOB output; BOOL result = CryptUnprotectData( &input, NULL, NULL, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN, // remove if you want to use password &output); if(!result) return false; plaintext->assign(reinterpret_cast<char*>(output.pbData), output.cbData); LocalFree(output.pbData); return true; } void dump_string(const std::string& label, const std::string& test); int main() { std::string original_test = "kogaidan"; dump_string("original_password", original_test); std::string encrypted_text; if (!EncryptString(original_test, &encrypted_text)) { std::cerr << "EncryptString failed" << std::endl; return 1; } dump_string("encrypted_password", encrypted_text); std::string derypted_text; if (!DecryptString(encrypted_text, &derypted_text)) { std::cerr << "DecryptString failed" << std::endl; return 1; } dump_string("decrypted_password", derypted_text); return 0; } #pragma region dump_string void dump_string(const std::string& label, const std::string& test) { std::cout << "const unsigned char " << label.c_str() << "[] = {\n"; std::cout << std::hex; int count = 0; for (std::string::const_iterator i = test.begin(); i != test.end(); ++i) { if (count++ == 0) { std::cout << " "; } std::cout << "0x"; std::cout.width(2); std::cout.fill('0'); std::cout << (*i & 0xff) << ", "; if (count >= 8) { std::cout << "\n"; count = 0; } } std::cout << std::dec; std::cout << "};\n"; std::cout << std::endl; } #pragma endregion
å‚考
- DPAPI / DPAPIによる暗号化 - EternalWindows
- CryptProtectData ã®ä½¿ç”¨æ–¹æ³•ã«ã¤ã„ã¦è§£èª¬ã•ã‚Œã¦ã„ã¾ã™ï¼Žãƒ—ãƒãƒ³ãƒ—トを表示ã—ã¦ãƒ‘スワードを併用ã™ã‚‹æ–¹æ³•ã‚‚ã‚ã‚ã›ã¦ç´¹ä»‹ã•ã‚Œã¦ã„ã¾ã™ï¼Ž
- http://www.forest.impress.co.jp/docs/news/20100130_346056.html:title=
- FFFTP ãŒä¿å˜ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ãŒç‹™ã‚ã‚Œã¦ã„る件ã«ã¤ã„ã¦è‰²ã€…
å‚考2
CryptProtectMemory API 㯠Windows Vista 以é™ã§åˆ©ç”¨å¯èƒ½*4ã§ï¼Œä»Šå›žã®ãƒã‚°ã‚ªãƒ³ã‚»ãƒƒã‚·ãƒ§ãƒ³ã®ã¿å¾©å·å¯èƒ½ï¼Œã¨ã„ã£ãŸæœŸé™ä»˜ãã®æš—å·åŒ–ã‚’è¡Œã†ã“ã¨ãŒã§ãã¾ã™ï¼Ž
pDataã¯ã€æš—å·åŒ–ã—ãŸã„データを指定ã—ã¾ã™ã€‚ cbDataã¯ã€pbDataã®ã‚µã‚¤ã‚ºã‚’指定ã—ã¾ã™ã€‚ ã“ã®å€¤ã¯ã€CRYPTPROTECTMEMORY_BLOCK_SIZE定数ã®å€æ•°ã§ãªã‘ã‚Œã°ãªã‚Šã¾ã›ã‚“。 dwFlagsã¯ã€æ¬¡ã«ç¤ºã™å®šæ•°ã®ã„ãšã‚Œã‹ã‚’指定ã—ã¾ã™ã€‚
定数 説明 CRYPTPROTECTMEMORY_SAME_PROCESS æš—å·åŒ–ã‚’è¡Œã£ãŸãƒ—ãƒã‚»ã‚¹ã ã‘ãŒãƒ‡ãƒ¼ã‚¿ã‚’復å·åŒ–ã§ãる。 プãƒã‚»ã‚¹ãŒçµ‚了ã™ã‚‹ã¨ãƒ‡âˆ’タを複åˆåŒ–ã™ã‚‹ã“ã¨ã¯ã§ããªã„。 CRYPTPROTECTMEMORY_CROSS_PROCESS æš—å·åŒ–ã‚’è¡Œã£ãŸãƒ—ãƒã‚»ã‚¹ã ã‘ã§ãªãã€åˆ¥ã®ãƒ—ãƒã‚»ã‚¹ã‚‚データを複åˆåŒ–ã§ãる。 システムをシャットダウンã™ã‚‹ã¨ãƒ‡âˆ’タを複åˆåŒ–ã™ã‚‹ã“ã¨ã¯ã§ããªã„。 CRYPTPROTECTMEMORY_SAME_LOGON æš—å·åŒ–ã‚’è¡Œã£ãŸãƒ—ãƒã‚»ã‚¹ã ã‘ã§ãªãã€åˆ¥ã®ãƒ—ãƒã‚»ã‚¹ã‚‚データを複åˆåŒ–ã§ãる。 ãŸã ã—ã€ãã®ãƒ—ãƒã‚»ã‚¹ã¯æš—å·åŒ–ã‚’è¡Œã£ãŸãƒ—ãƒã‚»ã‚¹ã¨åŒã˜ ãƒã‚°ã‚ªãƒ³ã‚»ãƒƒã‚·ãƒ§ãƒ³ã§å‹•ä½œã—ã¦ã„ã‚‹å¿…è¦ãŒã‚る。 システムをシャットダウンã™ã‚‹ã¨ãƒ‡âˆ’タを複åˆåŒ–ã™ã‚‹ã“ã¨ã¯ã§ããªã„。
å‚考3
CredUIPromptForCredentials (Vista 以é™ã¯ CredUIPromptForWindowsCredentials推奨) も,パスワード管ç†ã«ä½¿ãˆãã†ã§ã™ãŒï¼Œãƒ¦ãƒ¼ã‚¶ãƒ¼å˜ä½ã«ç§˜å¯†æƒ…å ±ã‚’æ ¼ç´ã™ã‚‹ãŸã‚,åŒä¸€ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®ãƒ—ãƒã‚»ã‚¹ãŒã©ã‚Œã‹ã²ã¨ã¤é™¥è½ã—ãŸæ™‚点ã§ã‚„ã°ã’ã«è¦‹ãˆã¾ã™ï¼Ž
ã¯ã˜ã‚ã«
アプリケーションãŒã€ãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹ã‚„ FTP サイトãªã©ä¿è·ã•ã‚ŒãŸãƒªã‚½ãƒ¼ã‚¹ã«ã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹ãŸã‚ã«ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼æä¾›ã®è³‡æ ¼æƒ…å ±ãŒå¿…è¦ãªå ´åˆãŒã‚ã‚Šã¾ã™ã€‚ã—ã‹ã—ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ã® ID ã¨ãƒ‘スワードをå–å¾—ã—æ ¼ç´ã™ã‚‹ã“ã¨ã¯ã€ã‚·ã‚¹ãƒ†ãƒ ã«ã¨ã£ã¦ã‚»ã‚ュリティ上ã®ãƒªã‚¹ã‚¯ã«ã‚‚ãªã‚Šã¾ã™ã€‚å¯èƒ½ã§ã‚ã‚Œã°ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒè³‡æ ¼æƒ…å ±ã‚’æä¾›ã—ãªã„よã†ã«ã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ãŒ (ãŸã¨ãˆã°ã€ãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹ç”¨ã«çµ±åˆã•ã‚ŒãŸèªè¨¼ã‚’使用ã™ã‚‹ãªã©)ã€ãã‚Œã¯é¿ã‘られãªã„å ´åˆã‚‚ã‚ã‚Šã¾ã™ã€‚ユーザーã‹ã‚‰ã®è³‡æ ¼æƒ…å ±ã®ãƒªã‚¯ã‚¨ã‚¹ãƒˆãŒå¿…è¦ã§ã€ã‚¢ãƒ—リケーションã¯ã€Microsoft® Windows® XP ã¾ãŸã¯ Microsoft® Windows Server 2003 上ã§å®Ÿè¡Œã—ã¦ã„ã‚‹å ´åˆã€ã‚ªãƒšãƒ¬ãƒ¼ãƒ†ã‚£ãƒ³ã‚° システムã¯ã“ã®ã‚¿ã‚¹ã‚¯ã‚’容易ã«ã™ã‚‹é–¢æ•°ã‚’æä¾›ã—ã¾ã™ã€‚
Stored User Names and Passwords
Windows XP 㨠Windows Server 2003 ã¯ã€ã€ŒStored User Names and Passwordsã€ã¨å‘¼ã°ã‚Œã‚‹æ©Ÿèƒ½ (図 1 ã‚’å‚ç…§ã—ã¦ãã ã•ã„) を使用ã—ã¦ã€1 ã¤ã® Windows ユーザー アカウント㫠1 セットã®è³‡æ ¼æƒ…å ±ã‚’é–¢é€£ä»˜ã‘ã€Data Protection API (DPAPI) を使用ã—ã¦ã€ãれらã®è³‡æ ¼æƒ…å ±ã‚’æ ¼ç´ã—ã¾ã™ã€‚
.gif)
図 1. Windows XP ã® [Credential Management] ダイアãƒã‚° ボックス
アプリケーション㌠Windows XP ã¾ãŸã¯ Windows .NET 上ã§å®Ÿè¡Œã—ã¦ã„ã‚‹å ´åˆã€ã‚¢ãƒ—リケーションã¯ã€è³‡æ ¼æƒ…å ±ç®¡ç† API 機能を使用ã—ã¦ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ã«è³‡æ ¼æƒ…å ±ã‚’ç¢ºèªã—ã¾ã™ã€‚ã“れら㮠API ã®ä½¿ç”¨ã«ã‚ˆã£ã¦ã€ä¸€è²«ã—ãŸãƒ¦ãƒ¼ã‚¶ãƒ¼ インターフェイス (図 2 ã‚’å‚ç…§ã—ã¦ãã ã•ã„) ãŒæä¾›ã•ã‚Œã€ã‚ªãƒšãƒ¬ãƒ¼ãƒ†ã‚£ãƒ³ã‚° システムã«ã‚ˆã‚‹ã“れらã®è³‡æ ¼æƒ…å ±ã®ã‚ャッシュを自動的ã«ã‚µãƒãƒ¼ãƒˆã—ã¾ã™ã€‚
.gif)
図 2. 標準㮠Windows XP ã®è³‡æ ¼æƒ…å ±ãƒ€ã‚¤ã‚¢ãƒã‚° ボックス
ユーザーã®è³‡æ ¼æƒ…å ±ã‚’ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã§ã€ãƒªã‚¯ã‚¨ã‚¹ãƒˆã€æ ¼ç´ã€ä½¿ç”¨ã™ã‚‹ã“ã¨ã«é–¢ã™ã‚‹å•é¡Œã¯ã€Michael Howard and David LeBlanc ã«ã‚ˆã‚‹ã€Žãƒ—ãƒã‚°ãƒ©ãƒžã®ãŸã‚ã®ã‚»ã‚ュリティ対ç–テクニックã€ã§ã•ã‚‰ã«è©³ã—ã説明ã•ã‚Œã¦ã„ã¾ã™ã€‚è©³ç´°æƒ…å ±ã«ã¤ã„ã¦ã¯ã€ãã®æœ¬ã‚’èªã‚€ã“ã¨ã‚’ãŠå‹§ã‚ã—ã¾ã™ã€‚ã“ã“ã§ã¯ã€Microsoft® Visual Basic® .NET 㨠C# アプリケーションã‹ã‚‰ã®è³‡æ ¼æƒ…å ±ç®¡ç† API ã®ä½¿ç”¨æ–¹æ³•ã‚’示ã—ã¾ã™ã€‚
ã¾ãŸã‚‚ EternalWindows ã•ã‚“ã®è¨˜äº‹ã‚’å‚考ã«ï¼Ž
*1:ã“れら㮠API 㯠Windows 2000 以é™ã§ã®ã¿åˆ©ç”¨å¯èƒ½ã§ã™
*2:仮㫠pOptionalEntropy 引数を併用ã—ãŸã¨ã—ã¦ã‚‚今度㯠pOptionalEntropy ã®å†…容をã©ã†ã‚„ã£ã¦éš ã™ã‹ã¨ã„ã†å•é¡Œã«ãªã‚Šã¾ã™ï¼ŽpOptionalEntropy ã®å†…容をソースコードã«æ›¸ã„ã¦ã—ã¾ã†ã®ã¯ï¼Œãƒ‘スワードをソースコードã«æ›¸ã„ã¦ã—ã¾ã†ã“ã¨ã¨åŒã˜ã§ã™ï¼Ž
*3:[http://niha28.sakura.ne.jp/b/log/100:title=å…ƒãƒã‚¿]
*4:Windows 2000 SP3 以é™ã«é–¢ã—ã¦ã¯ [http://msdn.microsoft.com/en-us/library/aa387693.aspx:title=RtlEncryptMemory]
