Paid Advertising is
ha.ckers sla.cking
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
MS opaque BLOBs format revealed :p
Posted by: nimahacker
Date: August 06, 2008 03:48PM

Just I noticed the following statement in MSDN: “The format of opaque BLOBs is unpublished. Each CSP vendor determines its own BLOB format which should include encrypting the opaque BLOBs with some sort of symmetric key.” While surprisingly this is not the case for Microsoft CSP implementation! When we export a key as an Opaque BLOB, then using the following code we are able to extract the plain text key:

DWORD dwPlainKeyLen = *(BYTE*)(pOpaqueBlob + 0x10);
BYTE *pPlainKey = pOpaqueBlob + dwOpaqueBlobLen – dwPlainKeyLen;


Information Security Software Tools

Options: ReplyQuote

Sorry, only registered users may post in this forum.