hacklab.to » im http://hacklab.to Toronto's hacker collective Fri, 03 Feb 2012 07:33:27 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 Interesting MITM with otr conversation log http://hacklab.to/archives/interesting-mitm-with-otr-conversation-log/ http://hacklab.to/archives/interesting-mitm-with-otr-conversation-log/#comments Fri, 05 Dec 2008 23:41:52 +0000 letoams http://hacklab.to/?p=109 I got some strange IM from someone. Halfway through  I figure out we’ve
been setup somehow with a relay in the middle and both of us see the
other as some other identity. When the person says he is using adium, I
thought it was a perfect chance to fire up OTR to see what would happen
with this MITM scenario….  Funny enough, it revealed the identity of
the other user to me :)

(My AIM identity is letoams)

(06:17:38 PM) SensitiveCoho: Hey.
(06:18:16 PM) letoams: bot?
(06:18:36 PM) SensitiveCoho: are you a bot?
(06:18:53 PM) letoams: are you are you are you a bot?
(06:19:14 PM) SensitiveCoho: no
(06:19:17 PM) SensitiveCoho: i’m human
(06:19:28 PM) letoams: ok then
(06:19:57 PM) SensitiveCoho: who are you?
(06:20:13 PM) letoams: if you dont know why are you talking to me?
(06:20:26 PM) SensitiveCoho: i want to know why you’re talking to me
(06:20:48 PM) letoams: you started?
(06:20:52 PM) letoams: (06:17:38 PM) SensitiveCoho: Hey.
(06:21:12 PM) SensitiveCoho: i’m not SensitiveCoho
(06:21:30 PM) letoams: that’s what i see
(06:21:31 PM) SensitiveCoho: embarrassedcoho
6:17

Hi!
(06:21:40 PM) SensitiveCoho: i see you as “embarrassedcoho”
(06:21:48 PM) letoams: that’s not my name :)
(06:22:00 PM) letoams: funny. must be some bot connecting two random im
identities
(06:22:06 PM) SensitiveCoho: maybe
(06:22:20 PM) SensitiveCoho: you on mac/pc?
(06:22:27 PM) letoams: linux
(06:22:32 PM) SensitiveCoho: i’m on mac
(06:22:33 PM) letoams: not infected here :P
(06:22:37 PM) SensitiveCoho: using adium
(06:22:57 PM) SensitiveCoho: adium’s been weird today … bugging me that yahoo
messenger network is down for mainenance
(06:23:00 PM) letoams: really? let’s try otr then. that would defeat a man in
the middle attack
(06:23:02 PM) SensitiveCoho: it just keeps telling me this over and over
(06:23:03 PM) Attempting to start a private conversation with SensitiveCoho…
(06:23:12 PM) SensitiveCoho: otr?
(06:23:14 PM) sensitivecoho has not been authenticated yet.  You should
authenticate this buddy.
[Image] (06:23:14 PM) Unverified conversation with SensitiveCoho started.
(06:23:26 PM) The following message received from sensitivecoho was not
encrypted: [error]
(06:23:29 PM) The following message received from sensitivecoho was not
encrypted: [hmm]
(06:23:30 PM) letoams: its privacy crypto built into adium and pidgin
(06:23:33 PM) OTR Error: You sent encrypted data to logicbus, who wasn’t
expecting it.
(06:23:45 PM) Successfully refreshed the unverified conversation with
SensitiveCoho.
(06:23:45 PM) The last message to sensitivecoho was resent.
(06:23:47 PM) letoams: haha
(06:23:47 PM) The following message received from sensitivecoho was not
encrypted: [could this be due to a compromised password?]
[Image] (06:23:53 PM) Private conversation with SensitiveCoho lost.
(06:23:56 PM) OTR Error: You sent encrypted data to logicbus, who wasn’t
expecting it.
(06:23:59 PM) SensitiveCoho: i can’t read what you’re saying
(06:24:02 PM) OTR Error: You sent encrypted data to logicbus, who wasn’t
expecting it.
(06:24:03 PM) letoams: awesome. the MITM does otr too
(06:24:20 PM) sensitivecoho is contacting you from an unrecognized computer.
You should authenticate this buddy.
[Image] (06:24:21 PM) Unverified conversation with SensitiveCoho started.
(06:24:23 PM) The following message received from sensitivecoho was not
encrypted: [i read that]
[Image] (06:24:29 PM) Private conversation with SensitiveCoho lost.
(06:24:38 PM) SensitiveCoho: very strange
(06:24:40 PM) letoams: i think we blew up the mitm thing.
(06:25:06 PM) letoams: you know anyone in Toronto?
(06:29:13 PM) The encrypted message received from sensitivecoho is unreadable,
as you are not currently communicating privately.
[Image] (06:29:34 PM) Unverified conversation with SensitiveCoho started.
[Image] (06:29:34 PM) Unverified conversation with SensitiveCoho started.
[Image] (06:32:21 PM) Private conversation with SensitiveCoho lost.
(06:32:27 PM) letoams: is your handle logicbus ?
(06:32:41 PM) The encrypted message received from sensitivecoho is unreadable,
as you are not currently communicating privately.
(06:33:02 PM) SensitiveCoho: how did you figure that out
(06:33:11 PM) letoams: (06:23:33 PM) OTR Error: You sent encrypted data to
logicbus, who wasn’t expecting it.
(06:33:15 PM) letoams: otr told me
(06:33:26 PM) SensitiveCoho: hmm
(06:33:34 PM) SensitiveCoho: i just see “embarrassedcoho” for those msgs
(06:33:44 PM) SensitiveCoho: i suppose that could be a client thing
(06:33:49 PM) SensitiveCoho: i guess you have an advantage over me
(06:34:08 PM) letoams: still curious what is going on here. (my AIM is letoams)
(06:34:16 PM) SensitiveCoho: yeah
(06:34:41 PM) SensitiveCoho: i googled embarrassedcoho
(06:34:48 PM) SensitiveCoho: didn’t come up with anything helpful
(06:35:42 PM) letoams: me neither
(06:36:22 PM) letoams: anyway. gotta go. have a nice life :)
(06:36:35 PM) SensitiveCoho: peace

Anyone what this double-blind bot MITM thing is? Someone’s research project?

]]> http://hacklab.to/archives/interesting-mitm-with-otr-conversation-log/feed/ 1