OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Citrix ICA Basic Encryption
From: Dug Song (dugsongMONKEY.ORG)
Date: Wed Mar 29 2000 - 08:59:55 CST

The ICA (Independent Computing Architecture) protocol used in various
Citrix products (Winframe, Metaframe) relies on a trivially cracked
encryption scheme to protect user authentication.

The ICA basic encryption algorithm is a variant of the simple XOR
scheme used for saved Winframe passwords:

        void decrypt(u_char key, u_char *p, int len)
        {
          int i;

          for (i = len; i > 0; i--)
            p[i] = p[i-1] ^ p[i] ^ key;

          p[0] ^= (key | 'C');
        }

Demonstration code to decrypt Winframe passwords stored in appsrv.ini:

         http://www.monkey.org/~dugsong/icadecrypt.c.txt

Demonstration code to sniff (and decrypt) ICA network authentication:

        http://www.monkey.org/~dugsong/dsniff/

Citrix offers a secure alternative called SecureICA, which uses
Diffie-Hellman for key exchange and RC5 to encrypt the underlying
transport (now at 128-bit strength worldwide). While this is certainly
better than the simple XOR scheme outlined above, it may still be
vulnerable to an active man-in-the-middle attack. Caveat user.

        http://www.citrix.com/products/sica/

Thanks to Jeremie Kass <jeremiemonkey.org> for providing me with ICA
traffic traces, and to Niels Provos <provosmonkey.org> for sifting thru
hexdumps with me. :-)

-d. 

---
http://www.monkey.org/~dugsong/