Reversing BlueCoat ProxySGFor fun and profit<br />Idsecconf 2011@PalComTech<br />Palembang<br />
Research and Development Center Indonesia<br />http://rndc.or.id @0x0000F4C0<br />
BlueCoat<br /><ul><li>Web Security
ProxySG
Web security Module
WAN Optimization
MACH5
PacketShaper
Personal Security
K9 Web Protection
Service Provider Caching
CacheFlow</li></li></ul><li>ProxySG<br /><ul><li>ProxySG provides complete control over all your web traffic with robust f...
ProxySG<br />
ProxySG License<br /><ul><li>Blue Coat SG510-5, Proxy Edition8,000.00
Blue Coat SG510-10, Proxy Edition14,000.00
Blue Coat SG510-20, Proxy Edition23,000.00
Blue Coat SG510-25, Proxy Edition27,600.00
Blue Coat SG510-10, MACH5 Edition10,000.00
Upcoming SlideShare
Loading in …5
×

Reversing blue coat proxysg - wa-

1,919 views

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,919
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
88
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Reversing blue coat proxysg - wa-

  1. 1. Reversing BlueCoat ProxySGFor fun and profit<br />Idsecconf 2011@PalComTech<br />Palembang<br />
  2. 2. Research and Development Center Indonesia<br />http://rndc.or.id @0x0000F4C0<br />
  3. 3. BlueCoat<br /><ul><li>Web Security
  4. 4. ProxySG
  5. 5. Web security Module
  6. 6. WAN Optimization
  7. 7. MACH5
  8. 8. PacketShaper
  9. 9. Personal Security
  10. 10. K9 Web Protection
  11. 11. Service Provider Caching
  12. 12. CacheFlow</li></li></ul><li>ProxySG<br /><ul><li>ProxySG provides complete control over all your web traffic with robust features that include user authentication, web filtering, data loss prevention, inspection and validation of SSL-encrypted traffic, content caching, bandwidth management, stream-splitting and more.</li></li></ul><li>ProxySG<br />
  13. 13. ProxySG<br />
  14. 14. ProxySG License<br /><ul><li>Blue Coat SG510-5, Proxy Edition8,000.00
  15. 15. Blue Coat SG510-10, Proxy Edition14,000.00
  16. 16. Blue Coat SG510-20, Proxy Edition23,000.00
  17. 17. Blue Coat SG510-25, Proxy Edition27,600.00
  18. 18. Blue Coat SG510-10, MACH5 Edition10,000.00
  19. 19. Blue Coat SG510-20, MACH5 Edition20,000.00
  20. 20. Blue Coat SG510-25, MACH5 Edition24,000.00</li></li></ul><li>ProxySG Component<br /><ul><li>SGOS 5
  21. 21. SG Client – Acceleration
  22. 22. SG Client - Web Filtering
  23. 23. Peer-To-Peer
  24. 24. Bandwidth Management
  25. 25. Compression
  26. 26. Websense Offbox Content Filtering
  27. 27. dll</li></li></ul><li>Inside ProxySG <br />
  28. 28. Inside ProxySG <br /><ul><li>Firmware
  29. 29. CHK (< v5.5.1.1)
  30. 30. Unsigned Firmware Image File
  31. 31. BCSI (> v6.0.0.0)
  32. 32. Signed Firmware Image File</li></li></ul><li>ProxySG CHK File<br />struct BCoatImage<br />{<br />DWORDdwCsum;<br />BYTEdwSignature[0x3C];<br />CFBounddwCF1; //0x1000 bytes<br />CFBounddwCF2; //0x1000 bytes<br />BYTE<br />ImageContent[dwCF2.dwSizeOfImage];<br />ImageIndex dwImageIndex[dwCF2.dwTotalFiles];<br />};<br />
  33. 33. ProxySG CHK File<br />typedef structCFBound<br />{<br />BYTE Signatures[0x40];<br />WORDunkW1;<br />WORDunkW2;<br />DWORDunkDW1;<br />DWORDdwSizeOfImage;<br />DWORDdwStartOfIndex;<br />DWORDdwTotalFiles;<br />DWORDdwStartOfName;<br />DWORDunkDW3[0xBC];<br />DWORDdwMD5[4];<br />DWORDunkDW4[0x32A];<br />} CFBound;<br />
  34. 34. ProxySG CHK File<br />typedef struct ImageIndex<br />{<br />DWORDoffset;<br />DWORDsize;<br />DWORDname;<br />DWORDunkDW1[5];<br />} ImageIndex;<br />
  35. 35. ProxySG CHK File<br />
  36. 36. ProxySG CHK File<br /><ul><li>Protection
  37. 37. 2 MD5 hash
  38. 38. 1 Cheksum</li></li></ul><li>ProxySG CHK License File<br /><ul><li>Base64 Encoded
  39. 39. Signed XML
  40. 40. Certificate</li></li></ul><li>Bypassing License Check<br /><ul><li>Patching EVP_VerifyFinal()
  41. 41. Injecting Self-Signed CA</li></li></ul><li>Next Steps?<br /><ul><li>Inject Backdoor?
  42. 42. Provide API?</li>

×