Hi again and a happy new year 2013!

Lets continue were I left you the last time.

The CTL

The CTL is basically a binary TLV file with 1 byte type, followed by 2 bytes length and finally the data. But as this is far to easy, some special fields omit the length field and just place the data after the type (I guess those are fields with a fixed length). Here is an example CTL file:

Red fields are the types (counting up), green fields are the length (note the missing length on some fileds) and the purple field contains the data (in this case data with a length of 8 bytes and a type 0×05, which is the signing cert serial number btw. [and yes, this is a real example; Cisco signs phone loads with this 'random' cert]).

The CTL contains a header with types from 0×01 to 0x0f which is padded with 0x0d. The same header is used for the signed files .sgn from the TFTP server later on. The header describes the file version, the header length, the certificate the file is signed by (further called Signing Cert), the corresponding Certificate Authority, the file name, the files time stamp and finally the signature. The header is followed by multiple cert entries, which again use types 0×01 to 0x0f.  The cert entry contains a role field 0×04 which describes the use of the cert. We are interested in the CAPF cert (0×04) and the Call Manager cert (0×02).
(more…)

Cisco, MitM, tool, VoIP | Post your comment here.

Some of you may have heard the topic before, as we have spoken about on this years BlackHat Europe, TROOPERS12  and HES12, so this is nothing completely new, but as we’re done with responsible disclosure (finally (-; )  and all the stuff should be fixed, we’re going to publish the code that brought us there. I will split the topic into two blog posts, this one will wrap up the setup, used components and protocols, the next one [tbd. till EOY, hopefully] will get into detail on the tools and techniques we used to break the enterprise grade security.

 The Components

First lets take a look on all the components involved in the setup:

As you can see in the picture, there are a lot of components and even more certificates involved. From left to right: (more…)

Cisco, MitM, tool, VoIP | Post your comment here.

Today is a great day, its the day, Loki finally runs on all big operating systems. Im proud to announce the first Loki release for Windows!

There are a few things not working (yet / at all) under Windows. Those are:

• The WLCCP Module – ive not yet managed to build and link against asleap on windows [but time may help (-; ]
• TCP-MD5 Auth for BGP – This will never work, as Windows has no TCP-MD5 impl. in the kernel
• The MPLS Module – Had some hassle here with WinPcap, may be working in the future

The most testing so far was done on Windows 7 were all the other functions work as they do on Linux and Mac.

Download the installer here [1ebf2edbb0cdb631dc2704e82d9c2d778fac703d].

cheers

/daniel

Loki, MitM, python, tool | Post your comment here.

Today I’m going to open up the ‘Week of releases’, which means there will be some new software in the next days.

Lets start with a new version of loki. The version goes up to 0.2.7 and there are a lot of new features:

• SCTP support in the base.
• Invalid option and invalid header scan in the ICMP6 module.
• On-line msg updates for neighbor messages in the RIP module.
• New module for rewriting 802.1Q labels
• Lots of small improvements and bug-fixes
• Some new features I won’t tell right now, get the source and find them yourself

Also there are new packages for gentoo, ubuntu-11.04 and fedora-15, also its the first time, packages for amd64 systems are available.

Downloads:

• Source

• Package for gentoo – c29a6cca7a1f7394a473d4b50a1766e9f13fd5a5

  Dependencies:

  • Manifest – 9338ebcc6a3cb58478671f00cac3114efe5df337
• Package for ubuntu 11.04 i386 – bf9fa05aa20677ac209126b78c3829940daaa8ee

  Dependencies:

  • pylibpcap – e30c9c8ab1a8e1ee3ddedd05475767dc9f85b526
• Package for ubuntu 11.04 amd64 – 50f5c784f039a15613affd52e304e61fd2a16a58

  Dependencies:

  • pylibpcap – 9457644ef52fd6bfdb0da8790eee759cc4f76c8b
• Package for fedora 15 i686 – 06398d9c8ca5fd0d80b0da65756b01bfe07652b4

  Dependencies:

  • pylibpcap – d7e2a9249cba4362d4e435643257ee6a89a412cf
  • libdnet-python – 83bbe3895a58d264190afaef586aba8c2bd921f4
• Package for fedora 15 amd64 – 06c1fca3f8390cbe00e8e5c427327379c30222d6

  Dependencies:

  • pylibpcap – 62d8cc32ef42211584df439ace8f453a3822d5b1
  • libdnet-python – d8e969b35b2b5613f364525f21c8e0738a42e061

enjoy!

/daniel

Loki, MitM, python | Post your comment here.