Black OTP CD

From otp22 db
Jump to: navigation, search

Introduction

Black OTP CDs contain OTP key material used to decrypt Black OTP messages. Presumably there are nine such CDs, of which four have been recovered so far.

CD format

The Black OTP CD series appear to have a common format, as they're all based on a modified Ubuntu 12.04 LTS desktop i386 CD image (original April 2012 ISO release).

dc76b5ef8b242e2f4f05a0ca2265a1d5e7ace12da5d39c817ec251e0b2461d6f  ubuntu-12.04-desktop-i386.iso

Each of the CDs contains a 100 MB (104857600 bytes) block of (apparent) random data at byte offset 0x12C00000. Messages from the agent system have referred to this block as "a standard 100 MB hole".

Presumably Ubuntu was chosen as a OTP block carrier to make the CDs look 'ordinary' as there doesn't seem to be any other purpose (the 100 MB blocks render the CDs in fact unbootable).

Image creation

A CD/DVD imaging tool such as [1] can be used to create an ISO.

Image up/downloading

As all black OTP CDs appear to be based on the same Ubuntu release, some traffic can be saved by uploading only the difference (delta) between the Ubuntu ISO and an OTP disc. This is especially useful when you have a slow upload speed or want to download multiple OTP ISO images. You'll need to download xdelta to create or apply deltas; also make sure you have the Ubuntu base image.

Delta creation

xdelta3.exe -evs ubuntu-12.04-desktop-i386.iso otp_disc_image.iso otp_delta.xdelta

Example run:

xdelta3 -evs ubuntu-12.04-desktop-i386.iso kauai_7.iso otp_delta.xdelta
xdelta3: source ubuntu-12.04-desktop-i386.iso source size 701 MiB [735358976] blksize 2.00 MiB window 64.0 MiB (FIFO)
xdelta3: 0: in 8.00 MiB: out 74.0 B: total in 8.00 MiB: out 74.0 B: 16 ms
...
xdelta3: warning: input window 411041792..419430400 has no source copies
...
xdelta3: finished in 44 sec; input 735358976 output 104864320 bytes (14.26%)

Note: warnings about missing source copies (as shown above) are expected behavior, this indicates it is copying data which doesn't exist in the original Ubuntu ISO (such as an OTP block).

Recreating the OTP ISO from a delta

xdelta3.exe -dvs ubuntu-12.04-desktop-i386.iso otp_delta.xdelta otp_disc_image.iso

Example run:

xdelta3 -dvs ubuntu-12.04-desktop-i386.iso otp_delta.xdelta otp_disc_image.iso
xdelta3: source ubuntu-12.04-desktop-i386.iso source size 701 MiB [735358976] blksize 2.00 MiB window 64.0 MiB
xdelta3: finished in 5.8 sec; input 104864320 output 735358976 bytes (701.25%)

Block extraction

The easiest way to extract an OTP block depends on the tools available. Any hex editor editor should allow you to isolate the data; alternatively you can use one of the following code snippets:


Python

Python oneliner (assumes image as image.iso):

python -c "fp=open('image.iso','rb');fp.seek(0x12C00000);open('otp_block.bin','wb').write(fp.read(104857600))"

Windows PowerShell

For Windows users with PowerShell avaiable, the following function will do the job:

function Extract-OTP ([string] $ImageFile, [string] $OutputFile, [uint64] $Offset=0x12C00000) {
  $Buffer = New-Object byte[] 104857600

  $Image = (Get-Item -LiteralPath $ImageFile).OpenRead()
  $Image.Seek($Offset, [System.IO.SeekOrigin]::Begin)
  $Image.Read($Buffer, 0, 104857600)
  $Image.Close()

  $OutputFile = [System.IO.Path]::Combine((Get-Location), $OutputFile)
  [System.IO.File]::WriteAllBytes($OutputFile, $Buffer)
  Remove-Variable Buffer
}

# Usage: Extract-OTP image.iso otp_block.bin

C/C++

//C++
#include <fstream>
using namespace std;
int main(){
ifstream img("image.iso",     ios::in  |            ios::binary);
ofstream key("otp_block.bin", ios::out | ios::app | ios::binary);
const int win=0x00010000;
const int mul=0x00000640;//104857600=0x06400000
char buf[win];
img.seekg(0x12C00000, ios::beg);
for(int i=0;i<mul;i++){
	img.read (buf, win);
	key.write(buf, win);
}
img.close();
key.close();
return 0;
}
//C
#include <stdio.h>
int main(int argc, char** argv){
FILE* img=fopen("image.iso", 'rb');
FILE* key=fopen("otp_block.bin", 'wb');
const int win=0x00010000;
const int mul=0x00000640;//104857600=0x06400000
char buf[win];
fseek(img, 0x12C00000, SEEK_SET);
for(int i=0;i<mul;i++){
	fread (buf, win, 1, img);
	fwrite(buf, win, 1, key);
}
fclose(img);
fclose(key);
return 0;
}

Purpose

The 100 MB block retrieved from the El Paso CD was used to decrypt Black OTP1 messages. We presume other blocks are to be used in a similar fashion.

Initial discovery

At around the same time the El Paso OTP1 CD was retrieved, "Black OTP1 File Start" messages were found on the Agent System, which contained a series of bytes and an offset.

This situation was reminiscent of previous messages that used data.bin (from the TrueCrypt CD) offsetted data to decode messages. Given this history, it was not long before we discovered that this was another one time pad, which was used to encrypt the Black OTP1 messages.

The words "Black OTP1 File Start", the discs usage as an OTP and its color seemed to indicate that the disc was called "Black OTP1".

List

  • OTP black 1: El Paso CD (MD5: ab91c0a32d164d1067b36ea695f69014)
  • OTP black 2: North Dakota CD (MD5: 0080166234e7753c9b4c40fd4830bc18)
  • OTP black 3: Unknown
  • OTP black 4: Newport Beach CD (MD5: 252e924b93583a2020157e5af22ff140)
  • OTP black 5: Unknown
  • OTP black 6: Unknown
  • OTP black 7: Kauai OTP7 CD (MD5: 0da2e0cdc45df1eab57619ed0361a3ba)
  • OTP black 8: Kauai OTP8 CD (MD5: 70792b21244ea57a8a4cbc11a58cc54a)
  • OTP black 9: Kauai OTP9 CD (MD5: 5c272f3f49fc48bc006d25d9d098e9f4)