Spotted the bug! 

@haskal Spotted the bug!

In get_cmd in the server:
crypto_lock first encrypts, putting the ciphertext into chan->data.exec_cmd, and then MACs the ciphertext. But exec_cmd is shared memory; you can exploit a race condition! If you (the client) modify exec_cmd after encryption but before the MAC gets computed, you'll get a good MAC of your modified ciphertext.
ChaCha is a stream cipher so you can do
exec_cmd ^= (old_plaintext ^ "echo 'fuck drm'")

This was super fun! Thank you! :)

Follow

Spotted the bug! 

@asvhl @haskal 馃帀馃帀馃帀
nice work uwu

Sign in to participate in the conversation
Cybrespace

锝冿綑锝傦綊锝咃綋锝愶絹锝冿絽: the social hub of the information superhighway jack in to the mastodon fediverse today and surf the dataflow through our cybrepunk, slightly glitchy web portal support us on patreon or liberapay!