[Cryptography] Android's Secure ADB as a security hole

Peter Gutmann pgut001 at cs.auckland.ac.nz
Fri Jan 23 08:26:14 EST 2015

In Android 4.2, Google introduced something called "Secure ADB".  It works
like this:

Device -> Host: 20-byte random value ADB_AUTH_TOKEN.
Host -> Device: signed( 20-byte random value ) using RSA with SHA-1

So if you send in a SHA-1 hash of something (which happens to be 20 bytes), 
the host is required to sign it for you and send you back the signature.  What 
you're getting is a hash of a hash, but that just means you need to find a 
signature that uses this doubled hash, like S/MIME signed attributes.  From 
tracing through the source code:


it doesn't look like the 20-byte limit is enforced anywhere, so by the looks
of it you can send in something slightly longer (e.g. the S/MIME attributes)
and you'll get back a signature on them from the host.  Rewrite the signature
into S/MIME form and you're done.

Can someone who's more familiar with Android internals verify whether this
signing-oracle-by-design really is there?


More information about the cryptography mailing list