So I reviewed the implementation to ensure that now the temporary key file is properly overwritten before deletion - and yes, it is done.
However, in that process I found a backdoor, which is so blatantly obvious that I overlooked it the first time, and I just thought this is how things work with LUKS - which I never used before.
So I really have to appologize here, that me as a security professionel, that I oversaw this gaping hole.
The backdoor is like this: beside the key the user is using, a backup key is generated and written to the flash. So anybody who gets access to the flash (local admin rights on QNAP shell), can read out the backup key and access the encrypted harddisk without a passphrase!
And everyone who is using the disk encryption option can verify this for themselves:
this requires perl for the string manipulation. if not installed because of squeezecenter (/share/MD0_DATA/SSODS/bin/perl) and not installed wia OptPkg, do this on a different machine - or do the reorder by hand (see below)
Code: Select all
[/] # strings /dev/sdx6 | grep ENCK | awk -F= '{print$2}' | perl -e '$in=<STDIN>;$tmp1=substr($in,0,24);$tmp2=reverse(substr($in,24,8));print $tmp2 . $tmp1;' > /tmp/testkey
[/] # /sbin/cryptsetup luksOpen /dev/md0 md0 --key-file=/tmp/testkey
key slot 0 unlocked.
Command successful.
The backdoor key is in the ENCK variable in the flash device ("grep ENCK /dev/sdx6"). A simple string manipulation has to be performed so it is valid as a key:
Key in ENCK : ABCDEFGHIJKLMNOPQRSTUVWXYZ012345
After reorder: 543210ZYABCDEFGHIJKLMNOPRQSTUVWX
This reordered key has to be written to a temporary file WITHOUT A LINEFEED.
thats all that is to it ...
just for completeness, this is how it works with your passphrase in case you want to access the harddrive on a different linux machine:
Code: Select all
#[b]this requires a crypt command which supports md5. its not installed on qnap, so do this on a linux system where this is available
[/] # crypt '$1$YCCaQNAP$' 'yourpassphrase' | tr -d '\n' > /tmp/testkey
[/] # /sbin/cryptsetup luksOpen /dev/md0 md0 --key-file=/tmp/testkey
key slot 1 unlocked.
Command successful.
in case you dont have the crypt command on your linux, compile this yourself:
Code: Select all
// compile with "gcc -o crypt crypt.c -lcrypt
#include <stdio.h>
#define _XOPEN_SOURCE
#include <unistd.h>
int main(int argc, char *argv[]) {
char buf[256], *result;
strcpy(buf, argv[2]);
result = crypt(buf, argv[1]);
printf("%s\n", result);
return 0;
}
In the meantime you have to overwrite the saved ENCK key with a random string.