A risk with using MD5 for software package fingerprinting

John Gilmore gnu at toad.com
Mon Jan 28 05:49:34 EST 2002


A small PS to my last message.

In 1978 I was lent an Apple II running the ABBS software (Apple
Bulletin Board System), and it ran in a corner of my bedroom for some
years as the PCnet ABBS in San Francisco.  This was a machine with an
8-bit 1 MHz processor, 48K of RAM, and a custom floppy that held maybe
100 or 200K bytes; no hard drive.  It did email for a regular
community of dozens of users, and hundreds of assorted visitors, on a
single 300-baud phone line.

While getting the PCnet (uucp-like packet-switching and email
transfer) software running on this beast, I also improved the ABBS
software, which was written in Applesoft (Microsoft) BASIC and thus
came with its own source code.  One day I found a very interesting
line in that code.  It went something like this:

18520	if (%K.eq.%U5) goto 3700

You needed a lot of context to understand that this was a backdoor in
the ABBS software.  It compared "K", the message number that the caller
had just asked the BBS to delete, with the machine address of an I/O
port "U5" that the BBS used to talk to the modem or something.  If the
message number and the I/O address matched, it would jump into another
bit of BASIC code at line 3700, which was where it handled commands
for the local Apple operator of the BBS, including what is now called
"shell" access.  

So asking the ABBS to delete message number 32547 or so would give you
operator privileges.

This obscure line among thousands, placed just so, could do that.
This is why only someone who actually understands the code at a deep
level is likely to find back doors like this.

I deleted that line, and put out an alert to other ABBS users that the
author of the ABBS software had inserted a back-door in it.

I think that was the only deliberately build backdoor I've ever found
in a piece of software or hardware.  (Well, not counting NSA's designs
for cellular phone encryption algorithms, key exchange protocols, and
the Clipper chip.  Or the weakening of DES in the first place.)

(All the variable names and line numbers in this story have been
changed to protect the innocent -- and to avoid me having to try to
dig out probably nonexistent printouts of that software.  But if you
have the ABBS BASIC source, look in the 'K' (kill message) command
section.)

	John



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




More information about the cryptography mailing list