Tuesday, April 30, 2013

Setting up your Hacking Playground - Hyper-V Quick Setup [Part 2]

By Tony Lee.

In first part of this series, we did a high-level comparison between free versions of VMWare ESXi and Microsoft’s Hyper-V. In this part, we will explore the insane (and absurd) challenge that exists when setting up Hyper-V to be a remotely managed, headless server. Finally, in the last part of the series, we will give you the essentials needed to start using Hyper-V and present the winner of our Geek Playground comparison.

Hyper-V manager installation

Hyper-V Server 2012 installation was smooth--maybe a little too smooth… There has to be a catch, right? Of course there is! The remote management setup is extremely frustrating and unpolished. In fact, I am a little surprised Microsoft released a product that has so many issues. All I want to do is connect to the server from my laptop and manage the VMs! Fortunately, since I had to struggle through the setup, I figured I would document the process to hopefully save you some sleepless nights.

Here comes the ugly so hold on to your knickers!

Downloading and installing the client

Windows 7 Hyper-V Manager can be downloaded as part of Remote Server Administration Tools for Windows 7

Caveat: “**Remote Server Administration Tools for Windows 7 with SP1 can be installed ONLY on computers that are running the Enterprise, Professional, or Ultimate editions of Windows 7 or Windows 7 with SP1.*” -- So no Home Edition… Sorry folks.

Ironically, the Remote Server Administration Tools (RSAT) client took longer to install than the Hyper-V server. Crazy!

Enabling Hyper-V tools

After install, if you are like me, you are wondering why you cannot locate Hyper-V Manager in the start menu. Then it dawns on you that you have to enable that as a Windows feature shown in the screenshot below:

Microsoft’s obfuscation skills increase by 10

Enabling Remote Management

Whew! So, all is good right? We can open Hyper-V manager client and click "Connect" to Server… But when we enter the IP of the remote server we get an error message:

“An error occurred while attempting to connect to server [HOSTNAME]. Check that the Virtual Machine Management service is running and that you are authorized to connect to the server. You do not have the required permission to complete this task. Contact the administrator of the authorization policy for the computer [HOSTNAME].”


After Googling around, I found a series of posts by John Howard, a Senior Program Manager in the Hyper-V team. This series of posts included a very detailed, but lengthy, explanation on how to fix this issue. Not placing fault on John here, but in my opinion, maybe Microsoft should just fix the issue? It is hard to imagine that the product would be released with this frustrating limitation. When using VMWare vSphere client, you just enter the IP/Hostname and some credentials--what is so difficult about that?

Fortunately, John Howard was nice enough to also create a tool to do all of this configuration magic for us, the "Hyper-V Remote Management Configuration Utility". However, this is not just any tool, I was amazed to see that it is a 6,300 line VB script! John must be a wizard or something. :)

Hyper-V Remote Management Configuration Utility

Download from:

Copy the hvremote.wsf script to the server - From the server, map the C drive of your client laptop:

 net use * \\laptop\C$ “password” /U:local\[user]

copy z:\users\[user]\Desktop\hvremote.wsd c:\

Setting up Accounts

Since my laptop was already a member of a domain and the server is a member of a workgroup, I used the provided “10 second guide” instructions:

Server Side

Add user syntax:
 net user [username] “[password]” /add

net user tony “SecretPassword” /add

Grant user access syntax:
 cscript hvremote.wsf /add:[username]

cscript hvremote.wsf /add:tony

Client Side

 cmdkey /add:[servername] /user:[servername]\[accountname] /pass

cmdkey /add:VMServer /user:VMServer\tony /pass

Enabling Ping on Hyper-V

On your Hyper-V host, in the blue configuration command prompt (sconfig.cmd):

Select #4: Configure Remote Management -> #3 Configure Server Response to Ping

Added server name to client’s hosts file

From elevated command prompt on client (start -> cmd -> right click -> Run as Administrator):

 write c:\windows\system32\drivers\etc\hosts
[IP address]  [Hostname]

ex:   VMServer

Reboot server!

Verify proper functionality

Run the following command on both computers:

 cscript hvremote.wsf /show /target:othercomputername

ex from laptop:
cscript hvremote.wsf /show /target:VMServer

ex from server:
cscript hvremote.wsf /show /target:laptop

You should now be able to bring up Hyper-V Manager and connect to the server

Disk management

Now that we can access the Hyper-V server through Hyper-V Manager, we may need to make our extra disk drives in the server usable. Most people point and click via the GUI, but you can also manage the disks via the command line interface as well. CLI knowledge is critical for the free version of Hyper-V.

To list the logical drive letters, we can use:

 wmic logicaldisk get name,description
Description       Name
Local Fixed Disk  C:
CD-ROM Disc       D:
CD-ROM Disc       E:

We have two extra hard drives (2x2TB) that do not show up as usable. We will fix that with Diskpart.

Diskpart foo


Microsoft DiskPart version 6.2.9200

Copyright (C) 1999-2012 Microsoft Corporation.
On computer: VMSERVER

DISKPART> list letter

Microsoft DiskPart version 6.2.9200

DISK        - Display a list of disks. For example, LIST DISK.
PARTITION   - Display a list of partitions on the selected disk.
              For example, LIST PARTITION.
VOLUME      - Display a list of volumes. For example, LIST VOLUME.
VDISK       - Displays a list of virtual disks.

DISKPART> list volume

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
  Volume 0     D                       DVD-ROM         0 B  No Media
  Volume 1     E                       DVD-ROM         0 B  No Media
  Volume 2         System Rese  NTFS   Partition    350 MB  Healthy    System
  Volume 3                      NTFS   Partition   1862 GB  Healthy
  Volume 4     C                NTFS   Partition    167 GB  Healthy    Boot

So, we have confirmed that my two DVD burners are D and E… I wanted to change that to F and G and then assign drive letters D and E to my other hard drives.

 DISKPART> select volume 0

Volume 0 is the selected volume.

DISKPART> assign letter=F

DiskPart successfully assigned the drive letter or mount point.

DISKPART> list volume

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 0     F                       DVD-ROM         0 B  No Media
  Volume 1     E                       DVD-ROM         0 B  No Media
  Volume 2         System Rese  NTFS   Partition    350 MB  Healthy    System
  Volume 4     C                NTFS   Partition    167 GB  Healthy    Boot

Now, for the other one:
 DISKPART> select volume 1

Volume 1 is the selected volume.

DISKPART> assign letter=G

DiskPart successfully assigned the drive letter or mount point.

DISKPART> list volume

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
  Volume 0     F                       DVD-ROM         0 B  No Media
* Volume 1     G                       DVD-ROM         0 B  No Media
  Volume 2         System Rese  NTFS   Partition    350 MB  Healthy    System
  Volume 4     C                NTFS   Partition    167 GB  Healthy    Boot

Now, to partition, format and assign drive letters to the other disks:
 DISKPART> list disk

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online         1863 GB  1862 GB
  Disk 1    Online         1863 GB  1863 GB        *
* Disk 2    Online          167 GB      0 B

DISKPART> select disk 0

Disk 0 is now the selected disk.

DISKPART> list partition

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            350 MB  1024 KB

DISKPART> create partition primary

DiskPart succeeded in creating the specified partition.

DISKPART> list partition

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            350 MB  1024 KB
* Partition 2    Primary           1862 GB   351 MB

DISKPART> format fs=ntfs quick

  100 percent completed

DiskPart successfully formatted the volume.

DISKPART> assign letter=D

DiskPart successfully assigned the drive letter or mount point.

DISKPART> list volume

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
  Volume 0     F                       DVD-ROM         0 B  No Media
  Volume 1     G                       DVD-ROM         0 B  No Media
  Volume 2         System Rese  NTFS   Partition    350 MB  Healthy    System
* Volume 3     D                NTFS   Partition   1862 GB  Healthy
  Volume 4     C                NTFS   Partition    167 GB  Healthy    Boot

Now, for the last drive:

 DISKPART> list disk

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
* Disk 0    Online         1863 GB      0 B
  Disk 1    Online         1863 GB  1863 GB        *
  Disk 2    Online          167 GB      0 B

DISKPART> select disk 1

Disk 1 is now the selected disk.

DISKPART> list partition

There are no partitions on this disk to show.

DISKPART> create partition primary

DiskPart succeeded in creating the specified partition.

DISKPART> list partition

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
* Partition 1    Primary           1863 GB  1024 KB

DISKPART> format fs=ntfs quick

  100 percent completed

DiskPart successfully formatted the volume.

DISKPART> assign letter=E

DiskPart successfully assigned the drive letter or mount point.

DISKPART> list volume

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
  Volume 0     F                       DVD-ROM         0 B  No Media
  Volume 1     G                       DVD-ROM         0 B  No Media
  Volume 2         System Rese  NTFS   Partition    350 MB  Healthy    System
  Volume 3     D                NTFS   Partition   1862 GB  Healthy
  Volume 4     C                NTFS   Partition    167 GB  Healthy    Boot
* Volume 5     E                NTFS   Partition   1863 GB  Healthy


Leaving DiskPart...


 Volume in drive E has no label.
 Volume Serial Number is 2015-54E4

 Directory of E:\

File Not Found


 Volume in drive D has no label.
 Volume Serial Number is 5CC4-3887

 Directory of D:\

File Not Found

Finally! We can use all of the hard drives:

Final thoughts

Wow, that was painful. And we did not even do the hard work. Fortunately, John Howard did the heavy lifting and then made things relatively easy with his awesome script. I still cannot believe Microsoft would release a product that requires that much configuration for something that should be so simple. Stay tuned for our next article on actually using Microsoft’s Hyper-V and of course the conclusion of our comparison between VMWare ESXi and Hyper-V 2012.

Tuesday, April 23, 2013

Setting up your Hacking Playground - VMWare vs HyperV

By Tony Lee.

I am beginning to think that it is a universal truth that geeks love to build some sort of playground or work area for their experiments. Whether that is physical or digital, it becomes a sort of escape--a place to try out new ideas without destroying something of value. If you are nodding your head in agreement then you know what I am talking about.

Before virtualization, we had computers stacked on top of computers just to run a digital playground. After all, what fun is a single host network? Then came the prevalence of virtualization and the market was easily dominated by the trailblazing VMWare. Virtualization not only helped me save on hardware, but also power, space, and cooling. Matter of fact, I think this was about this time that I discovered that HVAC was required to heat the house during the winter months. ;)

In the past, I have exclusively used VMWare for my at-home virtual environment. Starting way back with VMWare Server for Linux (a type 2 aka a hosted hypervisor) and eventually moving to ESXi (a type 1 aka native or bare metal hypervisor). However, I recently built a new rig and had to make a decision of whether to go back to VMWare ESXi or try out Microsoft’s Hyper-V Server 2012 (both type 1). I took a little bit of time to document my experiences and I think you will be as surprised as I was with the results. Hopefully this will save you a few sleepless nights that I lost along the way.

**Keep in mind, most hackers are not independently wealthy and thus we will be using FREE PRODUCTS ONLY! Sure, our employers can drop 10k or even 60k on all the bells and whistles, but we are trying to build a production-like environment for our at-home use.**

On with the geek holy war! (Maybe for the next set of articles, we will throw in XenServer to really spice things up).


For a quick summary, I threw everything together in the below table. Read on for more details:

Category VMWare Hyper-V Winner
Hardware Compatibility Horrible - NIC driver missing on my setup Excellent - no issues Hyper-V
RAM supported 32 GB All 64 GB - up to 4TB Hyper-V
Stability Bad - Purple screen of death Excellent - no issues so far Hyper-V (in my case - most likely due to HW compatibility)
Boot speed Slow - minutes to complete Fast - 30 seconds or less Hyper-V
Features More developed and refined features Free Hyper-V is missing File transfer to datastores and Free robust virtual machine converter VMWare - Mainly due to Linux OS support, more robust management and conversion clients
Management vSpere client, Workstation, SSH RDP, Hyper-V Manager Tie - VMware wins in VM management and conversion, however Microsoft wins in hypervisor management
Size of hypervisor 4GB 8GB VMWare


The hardware for this hacker playground is as follows:

  • Cooler Master 932 High Air Flow (HAF) full tower chassis
  • Intel i7-3930K processor - Liquid cooled
  • ASRock X79 Extreme6 motherboard
  • 64 GB Corsair RAM
  • 180 GB Intel SSD hard drive
  • 2 x 2 GB Western Digital Hard Drives
  • 2 x ASUS DVD Burners

Note the amount of RAM, it becomes important later.

Playground requirements

When designing the virtual arena, I had a few requirements in mind:

  • Utilize the hardware above
  • Ease of installation
  • Stable environment
  • Fast VM provisioning
  • Quick snapshot recovery
  • Ability to share VM access


Both VMWare and Microsoft obviously spend money on professional marketing and comparisons. Depending on who you listen to--each will claim that they are cheaper than the other:

"VMware (finally) admits that its costs are higher than Microsoft’s" - From Microsoft

VMWare Responds: “Flawed Logic Behind Microsoft’s Virtualization and Private Cloud Cost Comparisons”

And third parties chime in: “HYPER-V VS. VMWARE COMPARISON”

However, for my hacker playground, I won’t need platinum support. Ultimately, it will come down to how many features I can get for the low, low price of free. On paper, it appears that Microsoft steals the show.

In fact, here is a competitive feature comparison from Microsoft. This comparative analysis paper points out VMWare’s greatest limitation of the free ESXi product. ESXi has a hard limit of 32GB of RAM unless you license the product. Remembering back to the hardware statistics stated earlier, my rig has 64GB of RAM. A few years ago that amount of RAM would have been out of the price range for the average consumer--however, now it is only $300! Wake up VMWare! We can build home boxes that exceed what you support in the free ESXi. How about Microsoft Hyper-V Server 2012? Do they have this limitation? Not even close! Check out the graphic below, they support up to 4TB!

Well, this cannot be true. Can we find something from VMWare that confirms this 32GB limit for free ESXi? Sure can, see the image below from VMWare:

Wow. That is a tough obstacle for VMWare to overcome. That leaves me three options:

  1. Stay with their product and disable half of my memory
  2. Pay thousands to license it for my house
  3. Adopt Microsoft’s Hyper-V or another virtualization product

Ok, this crippling limitation aside, let’s see how they compare in overall experience.

ESXi experience

To describe my personal ESXi experiences, I grouped the experiences into a handful of categories below.

Hardware compatibility

I must be honest in saying that my most recent overall ESXi experience has been horrible--mainly due to the very limited hardware compatibility list (HCL) and the 32GB limit on the RAM. If your hard drive controller is on the list, your NIC isn’t or vice versa. The average home system running a reasonably priced motherboard is most likely not going to be 100% compliant with the HCL which means building your own custom image with added drivers. I had to hunt around to find an article that explained how to create a custom USB ESXi image with extra drivers for the components I was missing. On top of that, the version of ESXi that I could get the drivers loaded on was very unstable. Overall, it was the RAM limitation and the hardware compatibility issues that prompted me to look at other virtualization solutions--the hardware compatibility list for VMWare is horrid.

RAM supported

Did I mention ESXi embarrassingly only supports 32GB of RAM.


The next category of importance was stability. With VMWare ESXi, I would get a purple screen of death--yes, that’s right, purple. After much research I find lots of other people with the same problem, but no real solution other than upgrade the version of the image which would cause me to lose my drivers. I would just purchase another NIC (that is on the HCL) in order to overcome the stability and driver issues, but I still have the RAM limitation to deal with.

Boot speed

VMWare ESXi takes forever to boot/reboot. Minutes. Sometimes as long as 5 minutes to completely start all of the services. I hated rebooting ESXi and avoided it when possible.


VMware is great about supporting ALL operating systems--including Linux. The data store management is a breeze with included file transfer capabilities. Included performance meters are useful and sometimes necessary for a bit of troubleshooting. Resource pools are very handy in provisioning. Free stand-alone VMWare converter is also a very useful and flexible tool.


vSphere Client as well as VMWare Workstation can both be used to manage your virtual machines. Management of the server itself is either done at the console or via SSH. I feel like Microsoft edges out VMWare here by providing RDP to the Hyper-V server.

Size of hypervisor

VMWare has Hyper-V beat here. My guess is that VMWare has a smaller footprint because it has less hardware support (since it didn't support mine). As a result, ESXi can be installed on a 4GB thumb drive instead of an 8GB. Is it really that big of a deal? Probably not.

Hyper-V experience

Here's my experience with Hyper-V in the same categories:

Hardware compatibility

No compatibility issues here! I did not have to build a custom image with third party drivers. Download the ISO, burn it, install and done.

RAM Supported

My entire 64GB of RAM is utilized. In fact, if I could afford 4TB of RAM, free Hyper-V would support that too. No competition here.


So far, this has been rock solid. Even with multiple VMs running and really stressing the box, I have had no issues.

Boot speed

Wow is Hyper-V reboots fast. Not only did it install in less than 10 minutes, but it reboots in 30 seconds! Moreover, 20 of those seconds are spent during the POST of my computer. (64GB of RAM takes a little bit of time to check). So, really Hyper-V was booting in 10 seconds.


Here is one category where Microsoft falls short. Keep in mind, I am purely going off of what is available for free (Microsoft System Center is not free)--but I miss being able to upload and download files to the datastore. With ESXi, we could use vSphere to upload and download ISOs or even VMs. With Hyper-V Manger, you have no file transfer capability. FREE stand-alone VMWare converter could convert many types of VMs into other VMWare VM’s--including Hyper-V virtual machines. Microsoft’s converter tool is much more limited. This will be discussed in Part III of this series.


One added bonus in Hyper-V is the ability to remotely administer your VMServer using RDP with Hyper-V as opposed to command line over SSH with VMWare. This is a really nice convenience when you don’t want to get up off the couch to go into the office.

To manage the virtual machines, you can use Hyper-V Manager. This tool even looks similar to vSphere client which helps to reduce the learning curve.

But before we even get to being able to use Hyper-V manager, stay tuned for Part II of this series detailing my experience plus tips and tricks on how to do some under the hood work to get remote management working. This is BY FAR Microsoft’s biggest shortcoming on this product--closely followed by its lack of support for Linux and very limited conversion tool. To be honest, the difficulty with enabling remote management almost made me give up on it before even installing the first virtualized OS.

Size of hypervisor

As mentioned before, VMWare has a smaller footprint, but I would take a larger footprint combined with an easier install and more stability any day of the week.

Final Thoughts

I have been a long-time adopter and advocate of VMWare, however I feel that they may have been riding on the waves of their success for too long. Unfortunately, in the absence of real competition, they could afford to do so. Now that Microsoft (and others) have moved into this arena and become a major threat--especially with Hyper-V 2012, I am looking forward to seeing both companies continue to innovate new features and enhance the end-user’s experience in the near future. I am very impressed with Hyper-V (after remote management is setup), but I still virtualize both Linux and Windows, plus I consume virtual appliances which are almost always created as VMWare images--both of these issues may be a problem with Hyper-V. However at this time, it appears the Hyper-V has the edge, but you won’t know the real winner until the final article.

Stay tuned for part II of this series which outlines the painful steps in setting up remote management. There may be tips and tricks that will hopefully save you lots of time. Thanks for reading. :)

Tuesday, April 16, 2013

Creating, Extracting, and Signing JARs

By Raakesh T.

Java Archive (JAR) is a cross-platform archive file format used to compress and bundle multiple files (e.g. Java class files), metadata and resources into a single file with the .jar file extension. It is the preferred way for packaging Java applets or applications into a single archive, so that they may be downloaded by a browser with only a single request and response.

JAR files are built on the ZIP file format algorithm and are similar to UNIX’s tape archive format (TAR) and can be signed using digital signature to ensure authenticity.

Users can create or extract JAR files using the jar command that comes with a Java Development Kit (JDK). They can also use zip tools to do so; however when compressing, it’s important to note that the MANIFEST must first within the ZIP file order entries.

Creating JAR Files

To create a JAR file using the JDK jar utility:

 C:\Java> jar cf Name.jar  *.class 

  • c - Creates a new archive.
  • f - Specifies the JAR file to be created.

In the above example all the class files in the present directory will be bundled into the file called Name.jar file.

To include a subdirectory in the JAR file:

 C:\Java> jar cf Name.jar  *.class SubDirectory 

The above example would bundle all the class files in the present directory and the all the contents in the subdirectory SubDirectory into a JAR file name Name.jar.


The manifest file, META-INF/MANIFEST.MF, is automatically generated by the jar tool and is always the first entry in the JAR file. The manifest file has meta-information about the archive is stored as name: value pairs.

If you have a preexisting manifest file and want to included specific name: value pairs, you can specify the with the m option:

 C:\Java> jar cmf myManifestFile Name.jar *.class 

Be sure that any pre-existing manifest file that you use ends with a new line. Note that the order of the commands should be considered. For example using cfm results in a different structured command from cmf:

 C:\Java> jar cfm Name.jar myManifestFile *.class 

Now the MANIFEST.MF has the following:

 Manifest-Version: 1.0
 Created-By: 1.7.0_17 (Oracle Corporation) 

Signing JAR Files

The jarsigner utility within the JDK can sign and verify JAR files. JAR files are signed using PKI (Public Key Infrastructure). PKI uses a public and private key pair - the private key should be kept with the owner privately and securely and the public key can made available publicly. Here the private is used to encrypt the file’s hash value and the public key will be used to decrypt the encrypted file’s hash value. Also to make the certificate genuine it has to be in the known Certificate Authority (CA) Chain. (The whole discussion on CA is out of scope).

When you sign the JAR file, the certificate containing the public key is created in the META-INF directory. The digest (or hash) is computed for all files in the JAR and is also included in the manifest.

 Name: Name.class
SHA-256-Digest: (a 256-bit hash value for the file)

A signature file with extension ".SF" is created in the META-INF directory. The digest of each file is signed (or encrypted) using the signer's private key:
 Signature-Version: 1.0
SHA-256-Digest-Manifest-Main-Attributes: (base64 form of SHA-256 digest)
SHA-256-Digest-Manifest: (base64 form of SHA-256 digest)
Created-By: 1.7.0_17 (Oracle Corporation)

Name: Name.class
SHA-256-Digest: (base64 form of SHA-256 digest)

A signature block file with extension ".DSA" (Digital Signature Algorithm) is also created in META-INF directory. This file includes the digital signature for the JAR file, the digital certificate and the public key of the signer.

The signature related files are:


Note that if such files are located in META-INF subdirectories, they are not considered signature-related.

Before we sign the JAR file, we need to create private and public file required for encrypting and decrypting the JAR hash or digest value. JDK provides the keytool utility for managing public/private keys and digital certificates. The jarsigner utility can be used for signing the JAR files.

Generating keys

First you must create a pair of keys (private-public) which is used to sign the JAR and authenticate you. These keys can be generated using the keytool command. The generated keys are stored in a keystore file. Each set of keys is associated with a unique name, known as its alias. To generate the keys:

 C:\Java> keytool -genkey -alias alias-name -keystore keystore-name

Following the above command you will be asked for the keystore password or to create one if the keystore does not yet exist and then, you will have to answer seven questions to record your identity. Then you will be asked to choose a password for the keys you just created.

To list the contents of keystore:

 C:\Java>keytool –keystore keystore-name –list 

Now the key pair is generated which will be used to sign the JAR.


To sign the JAR file, use the following command
 C:\Java>jarsigner -keystore keystore-name -storepass keystore-password -keypass key-password jar-file alias-name 

Note: Including the passwords on the command line is usually a bad idea – if you leave out the values then jarsigner will prompt you for them.

Check if a JAR is Signed

Your browser will automatically verify signed applets, if it can’t, it would throw a warning similar to the below:

Download the JAR file and verify. You can extract the downloaded JAR file and manually parse the MANIFEST and .SF file data in the META-INF sub-directory.

The above option will not give any certificate information like Owner, Issuer or validity.

The JAR file can be verified using jarsigner. The basic command to use for verifying a signed JAR file is:

 C:\Java>jarsigner -verify jar-file

If the JAR is unsigned, the response would be:

 jar is unsigned. (signatures missing or not acessible)

If the JAR is signed but the certificate is expired, the utility would give a warning that certificate is expired:

 jar verified.
This jar contains entries whose signer certificate has expired.
This jar contains entries whose certificate chain is not validate

When you get the certificate expired message, you can read the certificate information using the keytool:

 C:\Java>keytool -list -printcert -jarfile jar-file.jar

The above output would reveal the Owner, Issuer and Validity Information of the certificate.

It is also possible to read the certificate information from the .DSA file. To do so, extract the JAR file using a ZIP utility and then use openssl:

  C:\>openssl pkcs7 -in signature-file.DSA -inform DER -print_certs -text


Signing the JAR with valid signature would help the users to identify malicious component publishers and modification of the components after publishing.

For more information - check out our whitepaper here:


Tuesday, April 9, 2013

Hacking EAP-FAST Phase 0 with hostapd-wpe

By Brad Antoniewicz.

EAP-FAST (Flexible Authentication via Secure Tunneling) [RFC 4851] is an EAP-Type developed by Cisco "to support customers that cannot enforce a strong password policy and want to deploy an 802.1x EAP type that does not require digital certificates". While this article will focus on its use in 802.11 networks, mostly everything below is still applicable to wired networks.

PAC Files

EAP-FAST is very similar to EAP-TTLS and PEAP in that it first establishes a TLS tunnel from the client to the authentication server, then passes client credentials through it via a "less secure inner authentication protocol". The defining factor of EAP-FAST is client side file called a Protected Access Credential (PAC). The PAC aids in the initial tunnel set up by acting sort of like a mix between a client certificate and a session identifier. To understand it, you have to have knowledge of RFC4507, which outlines TLS session resumption. Long story short: the client gets a session ticket, which allows it to reestablish a TLS tunnel without performing the full TLS handshake.


EAP-FAST has specific terminology for each of steps in a connection, named phases 0 - 2. Phase 1 is the TLS tunnel establishment, and Phase 2 corresponds to user authentication via the inner authentication protocol. Phase 0, however, is something new.

Phase 0: Provisioning

The EAP-FAST RFC doesn't specifically touch on the provisioning of the PAC files, instead there is another entire RFC dedicated to it. Probably because this is one of the most difficult issues to deal with. EAP-TTLS and PEAP support client certificates however since the user has to first make a wired connection to retrieve the certificate (or the certificate has to be loaded manually) they're hardly ever used. So EAP-FAST's defining factor is the PAC which faces the same problem.

You have the traditional modes of installation (e.g. sneakernet) or you can choose "Automatic PAC Provisioning". This is the real downfall of most deployments. Automatic PAC Provisioning establishing an anonymous Diffie Helman tunnel between the client and the authentication server. Since its anonymous, the client can't validate the identity of the authentication server, and, bam, AP Impersonation Attack.


A little awhile ago Josh Wright and I teamed up on patch for FreeRADIUS called FreeRADIUS-WPE (Wireless Pwnage Edition). The patch modifies FreeRADIUS to output additional debugging information, including the inner authentication credentials of the connecting client. Since FreeRADIUS doesn't support EAP-FAST, I followed JoMo-Kun's lead and modified hostapd.

With hostapd-wpe you can launch impersonation attacks against EAP-FAST Phase 0 and PEAP! Just compile and run :)