This project provides code to exploit the malleability CFB (CVE-2017-17688) and CBC gadgets (CVE-2017-17689) published by Efail and made available for penetration testing.
The documentation with all side notes and a detailed introduction can be fount in HTML here or as PDF here. Also a summary in form as a presentation can be found here.
The files opgp_modification.py and smime_modification.py are the execution points for the desired exploits. The project includes encrypted test messages for both, OpenPGP and S/MIME. However, any other message can be loaded into the program.
- Ciphertexts: The path in
get_*_msg()needs to be changed in order to load another ciphertext. Furthermore, the initialization needs to be adopted. For the latter I recommend using this or that decoder depending on the encryption standard. - Emailserver: In addition, configurations regarding
smtplibneed to be made. Therefore you need to specify your email server, address and password inconfig.txt. An example file is given.
The exploits currently lack on an implementation to defeat integrity protection in OpenPGP messages. This is might be not necessary but depends on the targeting email client.