Encryption in NQ Vault turned out to be an ordinary XOR, and this is not the worst
NQ Vault is a rather popular (30 million users) Android application (there is a version for iOS) that allows you to encrypt selected SMS, photos and videos on the device. View encrypted content through the application by entering a password. The application has received good reviews and reviews in leading IT publications.
User GitHub ninjadoge24 decided to check how well the application protects private data.
The researcher began by creating a simple 1x1 pixel PNG file and adding the “NINJADOGE24” signature to the end of the file. Then he uploaded the file to the device and encrypted it using NQ Vault with a simple password. The location of the encrypted file was found in the application database (in SQLite format). Comparison of the encrypted data with the source showed the first fail.
Original file
Encrypted file
What is it? The signature at the end of the file remains untouched! And the encryption of other sites suspiciously resembles a simple replacement. Applying the XOR operation between the source and the ciphertext, the researcher received the key: 0x04. Yes, exactly, XOR with a single-byte key , that is, a simple replacement. Reminds childhood, "school" ciphers with a shift by several letters in alphabetical order, is not it? And this is in an application that has a paid version for $ 7.99 per year!
')
It remained to find out why the signature at the end of the file remained unchanged. After quickly writing a script for encrypting / decrypting and another experiment with a JPEG file, another sad truth was revealed: only the first 128 bytes of the file are encrypted , the rest remains untouched. And why, if the first 128 bytes is enough? The header is corrupted, the file will not open with standard applications, which is something that an inexperienced user needs. And the speed of video encryption NQ Vault probably tearing all competitors on rags.
And the final touch. How is it possible to get a single-byte key from a password entered by a user? The researcher tried to grope the algorithm, going through different passwords, but then spat, making a reasonable conclusion: why waste time on it, if you can use brute force and just go through the 256 possible options. Anyone, even the most ancient Android device perfectly cope with this.
Full test report .
There are probably thousands of such applications, both in Google Play and in the AppStore. They just managed to successfully unleash it, while others did not. But what is remarkable about this story. First, how easily users trust promises of security. In the mind of the user there is no big difference between an application for quickly uploading photos somewhere and an application that encrypts files or stores credit card data. There is no understanding that for applications related to security, you need to apply special selection criteria. Just promises, good appearance, user-friendly interface and even thousands of positive reviews are not enough here.
Secondly, how can you trust reviews in specialized publications? It is clear that most of them are paid, and this in itself is not bad, applications need to be promoted. The main thing is that they are more or less objective. And reputable publications really try to write objective reviews. But when it comes to security, a simple review is again not enough. We need to involve experts who can test this part.
User GitHub ninjadoge24 decided to check how well the application protects private data.
The researcher began by creating a simple 1x1 pixel PNG file and adding the “NINJADOGE24” signature to the end of the file. Then he uploaded the file to the device and encrypted it using NQ Vault with a simple password. The location of the encrypted file was found in the application database (in SQLite format). Comparison of the encrypted data with the source showed the first fail.
Original file
0000000: 8950 4e47 0d0a 1a0a 0000 000d 4948 4452 .PNG........IHDR 0000010: 0000 0001 0000 0001 0802 0000 0090 7753 ..............wS 0000020: de00 0000 0970 4859 7300 0003 b100 0003 .....pHYs....... 0000030: b101 f583 ed49 0000 0007 7449 4d45 07df .....I....tIME.. 0000040: 0401 0319 3a3d ca0b 0c00 0000 0c69 5458 ....:=.......iTX 0000050: 7443 6f6d 6d65 6e74 0000 0000 00bc aeb2 tComment........ 0000060: 9900 0000 0f49 4441 5408 1d01 0400 fbff .....IDAT....... 0000070: 00ff 0000 0301 0100 c706 926f 0000 0000 ...........o.... 0000080: 4945 4e44 ae42 6082 4e49 4e4a 4144 4f47 IEND.B`.NINJADOG 0000090: 4532 340a E24. Encrypted file
0000000: 8d54 4a43 090e 1e0e 0404 0409 4d4c 4056 .TJC........ML@V 0000010: 0404 0405 0404 0405 0c06 0404 0494 7357 ..............sW 0000020: da04 0404 0d74 4c5d 7704 0407 b504 0407 .....tL]w....... 0000030: b505 f187 e94d 0404 0403 704d 4941 03db .....M....pMIA.. 0000040: 0005 071d 3e39 ce0f 0804 0404 086d 505c ....>9.......mP\ 0000050: 7047 6b69 6961 6a70 0404 0404 04b8 aab6 pGkiiajp........ 0000060: 9d04 0404 0b4d 4045 500c 1905 0004 fffb .....M@EP....... 0000070: 04fb 0404 0705 0504 c302 966b 0404 0404 ...........k.... 0000080: 4945 4e44 ae42 6082 4e49 4e4a 4144 4f47 IEND.B`.NINJADOG 0000090: 4532 340a E24. What is it? The signature at the end of the file remains untouched! And the encryption of other sites suspiciously resembles a simple replacement. Applying the XOR operation between the source and the ciphertext, the researcher received the key: 0x04. Yes, exactly, XOR with a single-byte key , that is, a simple replacement. Reminds childhood, "school" ciphers with a shift by several letters in alphabetical order, is not it? And this is in an application that has a paid version for $ 7.99 per year!
')
It remained to find out why the signature at the end of the file remained unchanged. After quickly writing a script for encrypting / decrypting and another experiment with a JPEG file, another sad truth was revealed: only the first 128 bytes of the file are encrypted , the rest remains untouched. And why, if the first 128 bytes is enough? The header is corrupted, the file will not open with standard applications, which is something that an inexperienced user needs. And the speed of video encryption NQ Vault probably tearing all competitors on rags.
And the final touch. How is it possible to get a single-byte key from a password entered by a user? The researcher tried to grope the algorithm, going through different passwords, but then spat, making a reasonable conclusion: why waste time on it, if you can use brute force and just go through the 256 possible options. Anyone, even the most ancient Android device perfectly cope with this.
Full test report .
Conclusion
There are probably thousands of such applications, both in Google Play and in the AppStore. They just managed to successfully unleash it, while others did not. But what is remarkable about this story. First, how easily users trust promises of security. In the mind of the user there is no big difference between an application for quickly uploading photos somewhere and an application that encrypts files or stores credit card data. There is no understanding that for applications related to security, you need to apply special selection criteria. Just promises, good appearance, user-friendly interface and even thousands of positive reviews are not enough here.
Secondly, how can you trust reviews in specialized publications? It is clear that most of them are paid, and this in itself is not bad, applications need to be promoted. The main thing is that they are more or less objective. And reputable publications really try to write objective reviews. But when it comes to security, a simple review is again not enough. We need to involve experts who can test this part.
Source: https://habr.com/ru/post/254899/
All Articles