[Cryptography] Android's Secure ADB as a security hole
Ben Laurie
benl at google.com
Sat Jan 24 12:53:52 EST 2015
On 23 January 2015 at 05:26, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
> In Android 4.2, Google introduced something called "Secure ADB". It works
> like this:
>
> Device -> Host: 20-byte random value ADB_AUTH_TOKEN.
> Host -> Device: signed( 20-byte random value ) using RSA with SHA-1
> ADB_AUTH_SIGNATURE.
>
> So if you send in a SHA-1 hash of something (which happens to be 20 bytes),
> the host is required to sign it for you and send you back the signature. What
> you're getting is a hash of a hash, but that just means you need to find a
> signature that uses this doubled hash, like S/MIME signed attributes. From
> tracing through the source code:
>
> http://code.metager.de/source/xref/android/4.2/system/core/adb/adb_auth_host.c#346
>
> it doesn't look like the 20-byte limit is enforced anywhere, so by the looks
> of it you can send in something slightly longer (e.g. the S/MIME attributes)
> and you'll get back a signature on them from the host. Rewrite the signature
> into S/MIME form and you're done.
>
> Can someone who's more familiar with Android internals verify whether this
> signing-oracle-by-design really is there?
I believe the key used is unique to adb, Surely this is not a problem?
More information about the cryptography
mailing list