search

Aseman-Land / Cutegram

Cutegram is a telegram client by Aseman Land. It's forked from sigram.
http://aseman.co/cutegram
GNU General Public License v3.0
387 stars 60 forks source link

Guessable Symmetric Encryption Key #178

Open libcrack opened 9 years ago

libcrack commented 9 years ago

Cutegram uses symmetric encryption keys for saving the user's messages in the storage. This is no good, but what is worse indeed is to use the a key which is easily guesable as It is heavily just based on the user's phone number. Also the "host_id" is used.

This is an EPIC fail, I wouldn't recomment to anyone to use this Telegram client, as I would counsider Telegram's 1st. Ok, lets do this: 

QString get_hostid()
{
    static QString cg_hostId;
    if(!cg_hostId.isEmpty())
        return cg_hostId;

    QProcess prc;
    prc.start("hostid");
    prc.waitForStarted();
    prc.waitForReadyRead();
    prc.waitForFinished();

    cg_hostId = prc.readAll();
    cg_hostId = cg_hostId.trimmed();
    return cg_hostId;
}
bool encryptData(const QByteArray &src, QByteArray &dst, const QString &phone)
{
    QSharedPointer<AsemanSimpleQtCryptor::Key> gKey = QSharedPointer<AsemanSimpleQtCryptor::Key>(new AsemanSimpleQtCryptor::Key(SERPENT_PASSWORD(phone)));
    AsemanSimpleQtCryptor::Encryptor enc( gKey, AsemanSimpleQtCryptor::SERPENT_32, AsemanSimpleQtCryptor::ModeCFB, AsemanSimpleQtCryptor::NoChecksum );
    if(enc.encrypt( src, dst, true ) != AsemanSimpleQtCryptor::NoError)
        return false;
    else
        return true;
}
#define SERPENT_PASSWORD(EXTRA) QString(get_hostid() + "-" + EXTRA)

Note: key creation SERPENT_PASSWORD(phone)**

    QSharedPointer<AsemanSimpleQtCryptor::Key> 
**gKey = QSharedPointer<AsemanSimpleQtCryptor::Key>\**
**(new AsemanSimpleQtCryptor::Key(SERPENT_PASSWORD(phone)));**
bool decryptData(const QByteArray &src, QByteArray &dst, const QString &phone)
{
    QSharedPointer<AsemanSimpleQtCryptor::Key> gKey = QSharedPointer<AsemanSimpleQtCryptor::Key>(new AsemanSimpleQtCryptor::Key(SERPENT_PASSWORD(phone)));
    AsemanSimpleQtCryptor::Decryptor dec( gKey, AsemanSimpleQtCryptor::SERPENT_32, AsemanSimpleQtCryptor::ModeCFB );
    if(dec.decrypt( src, dst, true ) != AsemanSimpleQtCryptor::NoError)
        return false;
    else
        return true;
}
 1 #include "cutegramencrypter.h"
 2
 3 QVariant CutegramEncrypter::encrypt(const QString &text, bool encryptedMessage)
 4 {
 5     Q_UNUSED(encryptedMessage)
 6     QByteArray result;
 7     AsemanSimpleQtCryptor::Encryptor enc( _key, AsemanSimpleQtCryptor::SERPENT_32, AsemanSimpleQtCryptor::ModeCFB, AsemanSimpleQtCryptor::NoChecksum     );
 8     if(enc.encrypt( text.toUtf8(), result, true ) == AsemanSimpleQtCryptor::NoError)
 9         return result;
10     else
11         return text;
12 }
13
14 QString CutegramEncrypter::decrypt(const QVariant &data)
15 {
16     if(data.type() == QVariant::String)
17         return data.toString();
18
19     QByteArray result;
20     AsemanSimpleQtCryptor::Decryptor dec( _key, AsemanSimpleQtCryptor::SERPENT_32, AsemanSimpleQtCryptor::ModeCFB );
21     if(dec.decrypt( data.toByteArray(), result, true ) == AsemanSimpleQtCryptor::NoError)
22         return result;
23     else
24         return QString("Can't decrypt data. The key is lost!");
25 }
26
27 void CutegramEncrypter::setKey(const QString &key)
28 {
29     _key = QSharedPointer<AsemanSimpleQtCryptor::Key>(new AsemanSimpleQtCryptor::Key(key));
30 }
31
Choochmeque commented 9 years ago

OMG! My "Hello, sup, how r u" messages were compromised. CIA, NSA and evil hackers are able to read it. NOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO.....

Choochmeque commented 9 years ago

Sorry, I couldn't resist.

realbardia commented 9 years ago

Hi... You're wrong :) Cutegram uses a random key (and not guessable one) for messages. But yes. Currently It just used on the systems that has kwallet installed.

    QString CutegramAuth::readEncryptKeyFromKWallet()
    {
        if(!init_kwallet())
            return get_hostid();

        static QByteArray data;

        if(data.isEmpty())
            data = cg_wallet->readEntry(WALLET_FOLDER, "EncryptKey");
        if(data.isEmpty())
        {
            data = QUuid::createUuid().toString().toUtf8();
            cg_wallet->writeEntry(WALLET_FOLDER, "EncryptKey", data);
        }

        return data;
    }

Also auth file encrypts using a guessable key on the systems without kwallet. We're working to add keyring, kwallet5 and also another wallet systems support for the security on the next releases. But currently It's better than our old system (completely non-encrypted messages and auth file). Just please be patient until the next releases. We have limited contributors. Thank you very much...

libcrack commented 9 years ago

"You're wrong :) Cutegram uses a random key (and not guessable one) for messages. But yes. Currently It just used on the systems that has kwallet installed."

Therefore I'm right, indeed, if you examine the ticket text body, no reference to kwallet is made. I can understand that it should not be confortable to read this ticket, but please, stick it to the reality: if kwallet is not in use, the key is not random and it is gueseable.

Looking forward to help you to implementing the gnome-keyring code.

Regards

Choochmeque commented 9 years ago

@borjiviri, so about gnome-keyring, it would be great. @realbardia, what do you think?

libcrack commented 9 years ago

I would say that it worth to take a look at this project https://github.com/frankosterfeld/qtkeychain

I think tht a good approach is just to store all messages (normal chats & secret chats) encrypted in a local database (sqlite). Which encryption should be implemented to store those data securely? None! They are already encrypted when traveling through the network! Just let's work with the messages but before they are decrypted by the client-tp-server authorization key or the end-to-end key in case of secret chats as can be read in https://core.telegram.org/api/end-to-end, https://core.telegram.org/mtproto#authorization-and-encryption and https://core.telegram.org/mtproto/description#authorization-key.

So what must be stored on the user's keychain (kwallet/gnome-keyring)?

Please also do a quick read of https://core.telegram.org/mtproto/security_guidelines just in case I missed something important.

realbardia commented 9 years ago

Thank you for your information. It's good. Also I'll check QtKeyChain project to add keyring and ... support on the Cutegram...

realbardia commented 9 years ago

@Sollex-21412 Yes. I agree with you. It's great to add this features in the future :)