• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Reversing blue coat proxysg - wa-
 

Reversing blue coat proxysg - wa-

on

  • 1,512 views

 

Statistics

Views

Total Views
1,512
Views on SlideShare
1,512
Embed Views
0

Actions

Likes
0
Downloads
59
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Reversing blue coat proxysg - wa- Reversing blue coat proxysg - wa- Presentation Transcript

    • Reversing BlueCoat ProxySGFor fun and profit
      Idsecconf 2011@PalComTech
      Palembang
    • Research and Development Center Indonesia
      http://rndc.or.id @0x0000F4C0
    • BlueCoat
      • Web Security
      • ProxySG
      • Web security Module
      • WAN Optimization
      • MACH5
      • PacketShaper
      • Personal Security
      • K9 Web Protection
      • Service Provider Caching
      • CacheFlow
    • ProxySG
      • ProxySG provides complete control over all your web traffic with robust features that include user authentication, web filtering, data loss prevention, inspection and validation of SSL-encrypted traffic, content caching, bandwidth management, stream-splitting and more.
    • ProxySG
    • ProxySG
    • ProxySG License
      • Blue Coat SG510-5, Proxy Edition8,000.00
      • Blue Coat SG510-10, Proxy Edition14,000.00
      • Blue Coat SG510-20, Proxy Edition23,000.00
      • Blue Coat SG510-25, Proxy Edition27,600.00
      • Blue Coat SG510-10, MACH5 Edition10,000.00
      • Blue Coat SG510-20, MACH5 Edition20,000.00
      • Blue Coat SG510-25, MACH5 Edition24,000.00
    • ProxySG Component
      • SGOS 5
      • SG Client – Acceleration
      • SG Client - Web Filtering
      • Peer-To-Peer
      • Bandwidth Management
      • Compression
      • Websense Offbox Content Filtering
      • dll
    • Inside ProxySG
    • Inside ProxySG
      • Firmware
      • CHK (< v5.5.1.1)
      • Unsigned Firmware Image File
      • BCSI (> v6.0.0.0)
      • Signed Firmware Image File
    • ProxySG CHK File
      struct BCoatImage
      {
      DWORDdwCsum;
      BYTEdwSignature[0x3C];
      CFBounddwCF1; //0x1000 bytes
      CFBounddwCF2; //0x1000 bytes
      BYTE
      ImageContent[dwCF2.dwSizeOfImage];
      ImageIndex dwImageIndex[dwCF2.dwTotalFiles];
      };
    • ProxySG CHK File
      typedef structCFBound
      {
      BYTE Signatures[0x40];
      WORDunkW1;
      WORDunkW2;
      DWORDunkDW1;
      DWORDdwSizeOfImage;
      DWORDdwStartOfIndex;
      DWORDdwTotalFiles;
      DWORDdwStartOfName;
      DWORDunkDW3[0xBC];
      DWORDdwMD5[4];
      DWORDunkDW4[0x32A];
      } CFBound;
    • ProxySG CHK File
      typedef struct ImageIndex
      {
      DWORDoffset;
      DWORDsize;
      DWORDname;
      DWORDunkDW1[5];
      } ImageIndex;
    • ProxySG CHK File
    • ProxySG CHK File
      • Protection
      • 2 MD5 hash
      • 1 Cheksum
    • ProxySG CHK License File
      • Base64 Encoded
      • Signed XML
      • Certificate
    • Bypassing License Check
      • Patching EVP_VerifyFinal()
      • Injecting Self-Signed CA
    • Next Steps?
      • Inject Backdoor?
      • Provide API?