Rairii@GossiTheDog @buffaloverflow anyone want to mirror it? seems wayback doesn't have it
Rich Warren@GossiTheDog @Rairii tbf it was actually the rxwx/pulse-meter project (which uses the same code) that got the complaint, but I took the gist down too to avoid further complaints. I believe there were other forks/projects though and the key (which the complaint was about), is in metasploit
Mr. Bitterness@buffaloverflow @GossiTheDog @Rairii
TBH, when I last looked into the ICT, I don't think I paid much attention to what format its output is in. More novel to me was the idea that its output can be completely spoofed.
Is it something other than what can be decrypted with packdecrypt?
TBH, when I last looked into the ICT, I don't think I paid much attention to what format its output is in. More novel to me was the idea that its output can be completely spoofed.
Is it something other than what can be decrypted with packdecrypt?
@wdormann @Rairii @GossiTheDog yeah agreed it’s totally silly! Preventing inspection from third-party security solutions, marking your own homework and making life hard for good-faith security researchers is the opposite of building trust imo.
As for which binary, I believe configdecrypt is the one you’d need
As for which binary, I believe configdecrypt is the one you’d need
@buffaloverflow @Rairii @GossiTheDog
Ah, right, configdecrypt rings a bell!
My pet side project now is to make an offline version of the ICT that can produce sound results. You know, something that Ivanti should have done years ago.
The only thing I'm missing at this point is a copy of the ICT itself, which I can't have because I'm not a current Ivanti customer. 😕
Ah, right, configdecrypt rings a bell!
My pet side project now is to make an offline version of the ICT that can produce sound results. You know, something that Ivanti should have done years ago.
The only thing I'm missing at this point is a copy of the ICT itself, which I can't have because I'm not a current Ivanti customer. 😕
@Rairii @GossiTheDog @wdormann I think the ICT is decrypted with packdecrypt (same as fw updates), whereas the results use configdecrypt. You’d need packencrypt (presumably) to encrypt a custom ICT, however afaik it’s not public since then you could also sign firmware! It does also use a static symmetric key but has an additional RSA signature check
@buffaloverflow @Rairii @GossiTheDog
Yeah, I don't have a problem with the ICT itself.
But the idea is to boot from TRUSTED media, run an ICT-equivalent tool, and report the results.
But TBH, I don't know if a hardware PSA device has the ability to boot from anything but the internal storage, as I don't currently have a PSA to test on.
Yeah, I don't have a problem with the ICT itself.
But the idea is to boot from TRUSTED media, run an ICT-equivalent tool, and report the results.
But TBH, I don't know if a hardware PSA device has the ability to boot from anything but the internal storage, as I don't currently have a PSA to test on.
@buffaloverflow @Rairii @GossiTheDog
Sort of in the same way that you can fake a PCS factory reset without needing the RSA private key, but rather you can change the update mechanism to work with a tarball, rather than a signed PKG file.
Sort of in the same way that you can fake a PCS factory reset without needing the RSA private key, but rather you can change the update mechanism to work with a tarball, rather than a signed PKG file.