(120211) #fitalk application password decrypter
TRANSCRIPT
![Page 1: (120211) #fitalk application password decrypter](https://reader031.vdocuments.site/reader031/viewer/2022030312/58ee2b871a28abe9308b45f5/html5/thumbnails/1.jpg)
FORENSICINSIGHT SEMINAR
Application Password Decrypter
baadc0de
http://baadc0de.blogspot.com
![Page 2: (120211) #fitalk application password decrypter](https://reader031.vdocuments.site/reader031/viewer/2022030312/58ee2b871a28abe9308b45f5/html5/thumbnails/2.jpg)
forensicinsight.org Page 2 / 16
개요
1. Application Password Decrypter
2. 기존 연구 소개
• Database SQL Developers
• Messengers
3. 향후 연구 토의
![Page 3: (120211) #fitalk application password decrypter](https://reader031.vdocuments.site/reader031/viewer/2022030312/58ee2b871a28abe9308b45f5/html5/thumbnails/3.jpg)
forensicinsight.org Page 3 / 16
Application Password Decrypter
![Page 4: (120211) #fitalk application password decrypter](https://reader031.vdocuments.site/reader031/viewer/2022030312/58ee2b871a28abe9308b45f5/html5/thumbnails/4.jpg)
forensicinsight.org Page 4 / 16
Application Password Decrypter
프로젝트 개요
• 패스워드 복호화 도구
• ID & Password를 저장하는 모든 프로그램을 대상
• 웹브라우저, 메신저….등 (당신이 원하는 모든 것!)
멤버
• baadc0de
• posquit0
• proneer
Application Password Decrypter
![Page 5: (120211) #fitalk application password decrypter](https://reader031.vdocuments.site/reader031/viewer/2022030312/58ee2b871a28abe9308b45f5/html5/thumbnails/5.jpg)
forensicinsight.org Page 5 / 16
Application Password Decrypter
http://securityxploded.com/password-recovery-tools.php
SecurityXploded – Password Recovery Tools
![Page 6: (120211) #fitalk application password decrypter](https://reader031.vdocuments.site/reader031/viewer/2022030312/58ee2b871a28abe9308b45f5/html5/thumbnails/6.jpg)
forensicinsight.org Page 6 / 16
기존 연구 소개
- Database SQL Developers
- Messengers
![Page 7: (120211) #fitalk application password decrypter](https://reader031.vdocuments.site/reader031/viewer/2022030312/58ee2b871a28abe9308b45f5/html5/thumbnails/7.jpg)
forensicinsight.org Page 7 / 16
Microsoft SQL Server Management Studio
설정파일 경로
RegSrvr.xml (즐겨찾는 서버 등록)
Base64 인코딩된 패스워드
![Page 8: (120211) #fitalk application password decrypter](https://reader031.vdocuments.site/reader031/viewer/2022030312/58ee2b871a28abe9308b45f5/html5/thumbnails/8.jpg)
forensicinsight.org Page 8 / 16
MySQL Query Browser
접속 기록 저장 파일
mysql_user_connecton.xml
패스워드 저장 옵션
![Page 9: (120211) #fitalk application password decrypter](https://reader031.vdocuments.site/reader031/viewer/2022030312/58ee2b871a28abe9308b45f5/html5/thumbnails/9.jpg)
forensicinsight.org Page 9 / 16
MySQL Query Browser (cont’d)
암/복호화 방식
• Obscured – 자체 함수
• OS Specific – OS 자체 함수 이용
CryptProtectData – 암호화
CryptUnprotectData – 복호화
암호화된 바이너리를 Base64 text로 저장
![Page 10: (120211) #fitalk application password decrypter](https://reader031.vdocuments.site/reader031/viewer/2022030312/58ee2b871a28abe9308b45f5/html5/thumbnails/10.jpg)
forensicinsight.org Page 10 / 16
PostgreSQL pgAdmin III
접속 기록 저장 파일
저장 방식
![Page 11: (120211) #fitalk application password decrypter](https://reader031.vdocuments.site/reader031/viewer/2022030312/58ee2b871a28abe9308b45f5/html5/thumbnails/11.jpg)
forensicinsight.org Page 11 / 16
SQLGate for MSSQL, MySQL, and Oracle
설정 파일 경로
프로그램 설치 경로
설정파일 (dblogin.ini) – Base64 이용
![Page 12: (120211) #fitalk application password decrypter](https://reader031.vdocuments.site/reader031/viewer/2022030312/58ee2b871a28abe9308b45f5/html5/thumbnails/12.jpg)
forensicinsight.org Page 12 / 16
Database Connection Information Extractor
![Page 13: (120211) #fitalk application password decrypter](https://reader031.vdocuments.site/reader031/viewer/2022030312/58ee2b871a28abe9308b45f5/html5/thumbnails/13.jpg)
forensicinsight.org Page 13 / 16
Messengers
MSN Messenger
NateOn
Yahoo Messenger
Misslee Messenger
BuddyBuddy
…
![Page 14: (120211) #fitalk application password decrypter](https://reader031.vdocuments.site/reader031/viewer/2022030312/58ee2b871a28abe9308b45f5/html5/thumbnails/14.jpg)
forensicinsight.org Page 14 / 16
향후 연구 토의
![Page 15: (120211) #fitalk application password decrypter](https://reader031.vdocuments.site/reader031/viewer/2022030312/58ee2b871a28abe9308b45f5/html5/thumbnails/15.jpg)
forensicinsight.org Page 15 / 16
향후 연구 토의
1. 대상 프로그램 선정
2. 개발언어, 코딩규칙 및 개발환경(코드공유 등)
3. 발생 가능한 법적 이슈 검토
![Page 16: (120211) #fitalk application password decrypter](https://reader031.vdocuments.site/reader031/viewer/2022030312/58ee2b871a28abe9308b45f5/html5/thumbnails/16.jpg)
forensicinsight.org Page 16 / 16
Q&A