Remove shell from the sandbox

[xAnavrins]

Newer versions of CraftOS adds a few new functions in the shell api that aren't properly sandboxed.
"shell.openTab" is pretty much equivalent to shell.run and allows to run a local program on the computer outside of the sanbbox.
Example:
shell.openTab("pastebin run A1b2C3d4")
and
firewolf.download("viruscode"); shell.openTab("/downloads/viruscode")
Will run these file without any sandbox restrictions.

After looking at the whole set of function in shell api, it looks like some function either leaks some info about the filesystem, or are just plain useless for a firewolf site.
Might be good idea to completely remove the shell api from the sandbox.

[pingbird]

A blacklist based sandbox is generally a bad idea, there is another unsandboxed execution exploit that existed before shell.openTab that has't been fixed afaik

Plus the DH implementation is broken :|

[Ale32bit]

shell.openTab got removed

[1lann]

@PixelToast DH implementation is intentionally left broken, it's a nice exercise to write an exploit for Firewolf.

[pingbird]

Doubt it was intentional, why use AES if the key is going to be compromised anyway?

[1lann]

@PixelToast it was intentionally left broken. i.e. Anavrins reported it to me and I decided not to fix it. Of course the vulnerability was not intentional.

Also encryption was only implemented to stop kids on Minecraft servers bragging "I can hack Firewolf I'm so good" when all they do is a very simple plain text intercept.

The vulnerable DH implementation is good enough to stop those people, but still leaves it open to attack to people who have some kind of proficiency in cryptography, which I believe they deserve to be able to exploit :P.

[pingbird]

You do not need to listen to that entire range BTW, all you need is 3 modems to trilaterate both computers to find their distance. From there you have all the components needed to derive the destination port.

And no you are not the only one with code, I've had a ninja page injection / evesdrop script for many months, plus a sandbox exploit :P

My bad about mistaking it for AES again, its been a long time since i looked at firewolf.

now to explain whats wrong with the implementation:

1. The modexp implementation is wrong and extremely slow
2. Due to Change code to name it to FireWolf #1 the time complexity of the bad modexp, the privates have to be small making them extremely easy to brute force and there are a ton of collisions
3. The prime is small, though this is much less of an issue than Change code to name it to FireWolf #1 and Add Plugins and a Plugins API #2 and fixing requires changing to an implementation that uses bignum
4. The key is re-used for each message, this is especially problematic with RC4

[1lann]

@PixelToast ah good to know, the way Anavrins did it was you didn't need the distance, but needed the channel. Anavrins also notified me about a year ago about the issue.

Funnily enough in my RSA library, I used a different modexp algorithm. @GravityScore actually wrote the original, and we were aware it was broken about a year ago when I was debugging something, (or maybe Anavrins told me too) but we were too lazy to fix it. Is this implementation better?

local function modexp(base, exponent, modulus)
	local r = 1

	while true do
		if exponent % 2 == 1 then
			r = r * base % modulus
		end
		exponent = exponent / 2

		if exponent == 0 then
			break
		end
		base = base * base % modulus
	end

	return r
end

If you're interested my RSA library and program can be found here:
RSA encryption/decryption library at: https://gist.github.com/1lann/6604c8d3d8e5fdad0832
Key generation program at: https://gist.github.com/1lann/c9d4d2e7c1f825cad36b
I'll be happy to receive any feedback you have for it.

all you need is 3 modems to trilaterate both computers to find their distance. From there you have all the components needed to derive the destination port.

I'm interested in this, I'm assuming this is in conjunction with an exploit with the DH implementation? Because the channel is decided after the DH handshake using the secrets shared.

If you want another challenge, I guess I could try to fix these exploits (in a seperate branch probably because the old servers and clients will become incompatible, and backwards compatibility will be a pain) and let you guys hack it again? xD