[dm-crypt] OT: Just for fun , outputing a sound as access granted or denied

[dm-crypt] OT: Just for fun , outputing a sound as access granted or denied

[Aaron Lewis]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi.
	I did a small modification , make cryptsetup funny , these code is not
secure as i didn't verify changes on ogg123 & sound files.

When typing in wrong codes , you'll hear a woman voice `access denied' ,
and '`access granted' for right password.

I can't spread the sound file anyway , it's from DOOM 3 for linux.


- --- luks/keymanage.c    2010-05-28 00:32:10.000000000 +0800
+++ luks-mod/keymanage.c        2010-08-29 16:21:32.653337261 +0800
@@ -676,6 +676,28 @@
        return r;
 }

+#define MAX_SOUND_LEN 100
+#define MAX_CMD_LEN 200
+
+void Doom_Sound( int granted ) {
+       char *fName = (char *) malloc ( sizeof(char) * MAX_SOUND_LEN );
+       char *syscmd = (char* ) malloc ( sizeof(char) * MAX_CMD_LEN );
+
+       if ( granted ) {
+               strncpy (fName ,
"/usr/share/sounds/comp_access_granted.ogg" , MAX_SOUND_LEN );
+       } else {
+               strncpy (fName ,
"/usr/share/sounds/comp_access_denied.ogg" , MAX_SOUND_LEN );
+       }
+
+       if ( access ( fName , R_OK ) != -1 ) {
+               snprintf ( syscmd , MAX_CMD_LEN , "/usr/bin/ogg123 -d
alsa %s &>/dev/null" , fName );
+       }
+
+       if ( system ( syscmd ) ) {
+               return;
+       }
+}
+
 int LUKS_open_key_with_hdr(const char *device,
                           int keyIndex,
                           const char *password,
@@ -694,16 +716,20 @@

        for(i = 0; i < LUKS_NUMKEYS; i++) {
                r = LUKS_open_key(device, i, password, passwordLen, hdr,
*mk, ctx);
- -               if(r == 0)
+               if(r == 0) {
+                       Doom_Sound ( 1 );
                        return i;
+               }

                /* Do not retry for errors that are no -EPERM or -ENOENT,
                   former meaning password wrong, latter key slot
inactive */
- -               if ((r != -EPERM) && (r != -ENOENT))
+               if ((r != -EPERM) && (r != -ENOENT)) {
                        return r;
+               }
        }
        /* Warning, early returns above */
        log_err(ctx, _("No key available with this passphrase.\n"));
+       Doom_Sound ( 0 );
        return -EPERM;
 }


Just for fun as i said , if anyone like it ;-)

What do you guys think , i'd like to grab your opinions ;-)

P.S: if your system got attacked by a hacked /usr/bin/ogg123 or sound
files,  that's ..

- -- 
Best Regards,
Aaron Lewis - PGP: 0x4A6D32A0
FingerPrint EA63 26B2 6C52 72EA A4A5 EB6B BDFE 35B0 4A6D 32A0
irc: A4R0NL3WI5 on freenode
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkx7CRkACgkQvf41sEptMqC+iACgxMXbNcsuogRU3F0k8h/NrlH0
aAAAn3TbZp7QyOSmxeJ9CYt61SYZx+HJ
=wZ9C
-----END PGP SIGNATURE-----

Re: [dm-crypt] OT: Just for fun , outputing a sound as access granted or denied

[Heinz Diehl]

On 30.08.2010, Aaron Lewis wrote: 

> What do you guys think , i'd like to grab your opinions ;-)

Every bit of code which obviously introduces security flaws is
just...hmm... utter bullshit :-)

Re: [dm-crypt] OT: Just for fun , outputing a sound as access granted or denied

[Milan Broz]

On 08/30/2010 03:27 AM, Aaron Lewis wrote:
> 	I did a small modification , make cryptsetup funny , these code is not
> secure as i didn't verify changes on ogg123 & sound files.

This is some kind of "find 5 security problems" cartoon? :-)

Seriously, please do not post such things here, cryptsetup runs with
root privileges and you introduced nice "backdoor" here...
(This reminds me http://xkcd.com/327/ :-)

Anyway, there are also exit codes, so you can do this using simple shell
script so it is also completely wrong approach, sorry.

Milan

Re: [dm-crypt] OT: Just for fun , outputing a sound as access granted or denied

[Aaron Lewis]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/30/2010 03:52 PM, Milan Broz wrote:
> On 08/30/2010 03:27 AM, Aaron Lewis wrote:
>> 	I did a small modification , make cryptsetup funny , these code is not
>> secure as i didn't verify changes on ogg123 & sound files.
> 
> This is some kind of "find 5 security problems" cartoon? :-)
> 
> Seriously, please do not post such things here, cryptsetup runs with
> root privileges and you introduced nice "backdoor" here...
> (This reminds me http://xkcd.com/327/ :-)

Sorry for it , just ignore it ;-)

> Anyway, there are also exit codes, so you can do this using simple shell
> script so it is also completely wrong approach, sorry.

Won't be the next time , i just got a copy of doom3 for linux , so came
up with an idea for the cool sound .. i know it's a big security problem
, i'm not gonna merge it into my system.

BTW: by default cryptsetup try 3 times before a user type in the right
code , is there any way to make it check only once ?
( if i'm not using a shell pipe in system() passing my password )

Thanks !

- -- 
Best Regards,
Aaron Lewis - PGP: 0x4A6D32A0
FingerPrint EA63 26B2 6C52 72EA A4A5 EB6B BDFE 35B0 4A6D 32A0
irc: A4R0NL3WI5 on freenode
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkx7hYIACgkQvf41sEptMqBmWgCfQg9UpGKGdoaeBP3t4JUpoR9t
5fMAniLgOu4XmdBs0Z+S+rvqS5XIJHex
=rtg9
-----END PGP SIGNATURE-----

Re: [dm-crypt] OT: Just for fun , outputing a sound as access granted or denied

[Aaron Lewis]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/30/2010 02:55 PM, Heinz Diehl wrote:
> On 30.08.2010, Aaron Lewis wrote: 
> 
>> What do you guys think , i'd like to grab your opinions ;-)
> 
> Every bit of code which obviously introduces security flaws is
> just...hmm... utter bullshit :-)

Just for fun , i'm not merging it into my system ;-)

Thanks anyway.

- -- 
Best Regards,
Aaron Lewis - PGP: 0x4A6D32A0
FingerPrint EA63 26B2 6C52 72EA A4A5 EB6B BDFE 35B0 4A6D 32A0
irc: A4R0NL3WI5 on freenode
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkx7hgAACgkQvf41sEptMqBjkACcDmlxkaSkL3npfGRR2BZkiO5a
j0kAnR6y3j8lm1M4IJiqr+37cJs6hLkD
=2ajZ
-----END PGP SIGNATURE-----

Re: [dm-crypt] OT: Just for fun , outputing a sound as access granted or denied

[Milan Broz]

On 08/30/2010 12:18 PM, Aaron Lewis wrote:
> BTW: by default cryptsetup try 3 times before a user type in the right
> code , is there any way to make it check only once ?
> ( if i'm not using a shell pipe in system() passing my password )

See --tries / -T option (-T 1).

I think there was a bug that it tried three times even if passphrase was piped,
but this should be fixed in 1.1.3.

Milan

[dm-crypt] [SOLVE] OT: Just for fun , outputing a sound as access granted or denied

[Aaron Lewis]

[-- Attachment #1: Type: Text/Plain, Size: 484 bytes --]

Hi, Milan Broz
> On 08/30/2010 12:18 PM, Aaron Lewis wrote:
> > BTW: by default cryptsetup try 3 times before a user type in the right
> > code , is there any way to make it check only once ?
> > ( if i'm not using a shell pipe in system() passing my password )
> 
> See --tries / -T option (-T 1).
> 

Tried , works.

Thanks.

-- 
Best Regards,
Aaron Lewis - PGP: 0x4A6D32A0
FingerPrint EA63 26B2 6C52 72EA A4A5 EB6B BDFE 35B0 4A6D 32A0
irc: A4R0NL3WI5 on freenode

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]