[ALERTE] 19 clés pour le certificat COVID

AntoineForum52
2021-07-13 15:47:37

19 clés publiques en tout ayaa, j'imagine qu'elles sont utilisées par différents services
https://image.noelshack.com/fichiers/2021/28/2/1626183714-capture.png

Et vous savez quoi ?
De ce que j'ai vu, tous les pays membres de l'UE n'utilisent pas la même signature
Par exemple, d'autres utilisent ECDSA, tandis que la France utilise PKCS1

En 1998 et 2007, Bleichenbacher a trouvé une vunlérabilité contre PKCS1, or ils utilisent la version 1.5, donc pas patchée pour le certificat COVID, car patché seulement depuis la version 2 [1] [2]

[1] DOI : 10.1109/ARES.2007.38 | Izu, T., Takenaka, M., & Shimoyama, T. (2007). Analysis on Bleichenbacher’s Forgery Attack. | https://sci-hub.se/10.1109/ARES.2007.38
[2] Hanno Böck; Juraj Somorovsky; Craig Young. "ROBOT attack: Return Of Bleichenbacher's Oracle Threat".

Voilà comment se présentent les données en France

https://image.noelshack.com/fichiers/2021/28/2/1626183986-dgc-qrcode-00001.pnghttps://image.noelshack.com/fichiers/2021/28/2/1626184005-dgc-qrcode-00002.pnghttps://image.noelshack.com/fichiers/2021/28/2/1626184016-dgc-qrcode-00003.pnghttps://image.noelshack.com/fichiers/2021/28/2/1626184027-dgc-qrcode-00004.pnghttps://image.noelshack.com/fichiers/2021/28/2/1626184044-dgc-qrcode-00005.pnghttps://image.noelshack.com/fichiers/2021/28/2/1626184052-dgc-qrcode-00006.png

 {
"JSON": {
"ver": "1.2.1",
"nam": {
"fn": "Test",
"fnt": "TEST",
"gn": "Api",
"gnt": "API"
},
"dob": "2009-02-28",
"t": [
{
"tg": "840539006",
"tt": "LP217198-3",
"ma": "345",
"sc": "2021-04-13T14:20:00Z",
"tr": "260415000",
"tc": "Centre de test",
"co": "FR",
"is": "Emetteur du certificat",
"ci": "URN:UVCI:01:FR:GGD81AAH16A0#6"
}
]
},
"CBOR": "A401624652061A60C744F6041A60CB3976390103A101A46376657265312E322E31636E616DA462666E645465737463666E74645445535462676E6341706963676E746341504963646F626A323030392D30322D3238617481A9627467693834303533393030366274746A4C503231373139382D33626D616333343562736374323032312D30342D31335431343A32303A30305A627472693236303431353030306274636E43656E747265206465207465737462636F62465262697376456D6574746575722064752063657274696669636174626369781D55524E3A555643493A30313A46523A4747443831414148313641302336",
"COSE": "D2844DA201260448539BEF0779360A3EA058F4A401624652061A60C744F6041A60CB3976390103A101A46376657265312E322E31636E616DA462666E645465737463666E74645445535462676E6341706963676E746341504963646F626A323030392D30322D3238617481A9627467693834303533393030366274746A4C503231373139382D33626D616333343562736374323032312D30342D31335431343A32303A30305A627472693236303431353030306274636E43656E747265206465207465737462636F62465262697376456D6574746575722064752063657274696669636174626369781D55524E3A555643493A30313A46523A474744383141414831364130233658402E11B35E2B3920BDB9F432AC1E50F59911C78D42BE8D3063F373412E6845F8674776A6ECBA85DAAB22E1475A15B5F7CB17575AD24F541353DBA25D081139F79A",
"COMPRESSED": "78DA0DCEBF4B02511C007024A968938840288E829638F9BEE77979374497BFA11FA2678950E87BF7BC4EF08CBBE7516350A37F40B5944810B5454341AD0E6E8E35B5070D5936E6FC593EFDD3CDB66FC99FCE5F7E4D1CCB53AB57C541C74792B9F160B91BFFF507CB3DC5537C63D7BE0EF598C350088710B52BF50EA9DA86CE5C4EAB3637F4445E27A64DB5438B9A36A75A36438D06A9610045042CE268859FDC126E5A510922610540269CD736B218AD20252A8649BD42C35284B89463C048044944611D492A0615A044B863611924140100C2A91D633677986030818F0E8436466562B95EA2CE38674D47309A02650EB7AA16AD8CDC3A9A2BE4B6D4C24E2CA30252933935958A4791A6A591ACC1A25C5C0B051EF69715E1E56980EFE7B33FE7816E6BFDB505F4DBD54207893F33E5DD7C3E9FBDDD2D7CA44A338FC3DEEC6EA9BFAD4FE7DFDB7B93016578F10FC3067452",
"BASE45": "NCFOX1B8O8D0DO3/7EXILDTI:48W0IQ:IYPV$BTQEF9U87AO/:304DCAAAUFB NKIU/XN0DAX8A-3G:.M/49A-MRM8M*L./DOZ65+0NCB29TVCB:3WC0Q.5E59KB3CUX9VVPXTL7.OU8PVOI7NU2IN5GWF:0I 7.OA:RC91O72V5VON312523P5I%17SR/3QO.9J%6R*US+B31L8-M8TH-+69IBDO8+$0$BCSW8FU5R9DJ9K%E2 IB/61.BC.48B$J7-6H53*24-G5ME9 J8JJA2FNLRCV49 B9LCCAB9RY0XBK/DNHCCBP4V50IRO8W3%*6%BJ.56$3I6WGL+8SLCG/B73QU2D::86LJ+YC%9N0*2F HHI7VO545NHPO.S59D0ORI$Y6TLHQII+-KZ$LTNKSSB5T0$7VLY240TMDG5DTO38EGGFTD *M/.U9/Q*.0O:7U2T VFX8KB/R3YF5H9%7I88SO:DJAOP4AMDS0SF.701DFU:1W 0$1",
"PREFIX": "HC1:NCFOX1B8O8D0DO3/7EXILDTI:48W0IQ:IYPV$BTQEF9U87AO/:304DCAAAUFB NKIU/XN0DAX8A-3G:.M/49A-MRM8M*L./DOZ65+0NCB29TVCB:3WC0Q.5E59KB3CUX9VVPXTL7.OU8PVOI7NU2IN5GWF:0I 7.OA:RC91O72V5VON312523P5I%17SR/3QO.9J%6R*US+B31L8-M8TH-+69IBDO8+$0$BCSW8FU5R9DJ9K%E2 IB/61.BC.48B$J7-6H53*24-G5ME9 J8JJA2FNLRCV49 B9LCCAB9RY0XBK/DNHCCBP4V50IRO8W3%*6%BJ.56$3I6WGL+8SLCG/B73QU2D::86LJ+YC%9N0*2F HHI7VO545NHPO.S59D0ORI$Y6TLHQII+-KZ$LTNKSSB5T0$7VLY240TMDG5DTO38EGGFTD *M/.U9/Q*.0O:7U2T VFX8KB/R3YF5H9%7I88SO:DJAOP4AMDS0SF.701DFU:1W 0$1",
"2DCODE": "iVBORw0KGgoAAAANSUhEUgAAAb0AAAG9CAAAAACkRfeYAAALFklEQVR42u3d0Y7cOAwF0fz/T88+LhCM1VWUEyRh+WkW023LOgpwQzLYH19df+/1oy1Iryu9rvTS60qvK72u9NLr+nP1fny+fvrc///5eJeffvHz0+Fdzmt5vP139zs/XH2ELvLxftc3TS+99NJLL73Neuf3f/u9Hr9B7/KoQlkfbel3wZY83oUe8meF9NJLL7300tuud95osECwfLDHVBlQP37kZvMf34i+G42lzwrppZdeeumllx7TUwJ+84cRT2VEL0qpaYYFBz+99NJLL7300pvpgerUsPHnO4wqKPqCHThJ4HyD36aXXnrppZdeejO9m4jnl6Xu/HY7Uo1ODRcEeqG/rzubXnrppZdeev+M3nB+uZ9e/Wk6S51eev2UXnrpLdFT13VLTI0cga9d3/mdrAvWDPqA+PbppZdeeumlt1hPRR4anDwrTb3nLVIzQcO0rZZBzegrpJdeeumll95mPXoHP6REG2GUBjwD/JbK0/NNM/Z1vE4vvfTSSy+9zXoKxA9U++lmkGHV8BHY6GEOpTS0Kva4semll1566aWX3ucoeNPB83U01RcDW3RzHm9Wrz5Hy3nppZdeeumlt14PLJp+5LoVdzPmAzp46kz5qEoztjoheKYsvfTSSy+99HbqqVrOcLNIReiihHa+qZ/CUjNGlNCH4PTSSy+99NJbr0fTompIqfWq6SD6mrSE5h3B6n1Ens6UpZdeeumll946PbCL567UeZXDM6A+d9OAo51DdexuioJkKim99NJLL730Fuv5VhedufFx7p3iHC260agKMqIK5IPznV566aWXXnqL9c4h6dzRon02+tYgBapMB8pg9IyqcOu7nemll1566aWX3qxDpOZrVAltmPP8mn2j7p1WHG2X0mPy8wrSSy+99NJLb6fesHIEtuh6bOgm5r5YBlOhWo17eeD00ksvvfTSS08HOwVy3gmfev0WDetUvmbm1weu9NJLL7300kvPJENVJVKdL5XG1C76uSi/lb7XeF4uGbFKL7300ksvvfS+5D++9khqSMn/5Lt6NIzS56riF2j3pZdeeumll156n5PSMB7SD9P4BeptKtOB8ttwU0GB7Z3Dll566aWXXnpL9XwMIrUc2GdTofB6nsi/ka/V0YOggmx66aWXXnrppQenfmj3CnxXdQ5VKKTDQjRQ0j2mg0Yq4H84remll1566aW3WE816kC0VDUpdb9hwj0fk+E8Ed06WsnDH0kvvfTSSy+9nXrDazgLTKPgectVi02NRNEy2HVX9GZAO7300ksvvfQ269EBaNrMUnsHykz+NPj7+c8Nq11+n9NLL7300ksvPVNr8q+uqk7n5/oc6keTaKgGZgCYvm966aWXXnrppQfvCjZajTWpQSNQtvIZ1vfo1MDUsNLozkB66aWXXnrppTdqXF13zWj9iW6Hqp4NMyc4xv4XuEGYXnrppZdeejv1fK1pmND8ztJQSOPczXn0hb3hW5JnpJdeeumll95OPTXmA3KZ2sVzLjvfwKv4Oabf0Y5UqTe99NJLL730NuuBDpkKqMNmlton2tXzEc8fnZvhKLXm9NJLL7300luvd/6ymhjybziYyPncDPwlNCqk0xUMZ7nSSy+99NJLb6me3wTfkBrOQPlwS3OyWp+KzfRV6Un/9qbppZdeeumlt1iP9t7oe6kgRieLQNwEidln3WGH0fdMKWF66aWXXnrpLdV7J6sNUyrYWTo75NdCC1NgWIj2Lv2fkg+ZM7300ksvvfQ26fka0s0cE9g2UJPyuZbuO2hlnnfDnx9/gtNLL7300ktvs95wd/xdVPXspqwGcqg6o9eHd1h9/PYZ6aWXXnrppbdTj6ZPtWgweOM3Wk0CXadoXyjEQ0Uw0j7vZHrppZdeeult11O7OJz1Aav0qRJ0Dm9yo4+laiP8aU0vvfTSSy+9pXr0NsMpIk8I7jxstt208WhGpPNJw8ORXnrppZdeeuv1aEGM1sLoosG8DuW6Lvb5M6A6jDRZk1pieumll1566W3X80sAZTXwrip+0SKe+q4vdN3Ea9BDHGTO9NJLL7300tukd+7vnX+hun+qv0d328c5sHBaFFTfpRmbTCWll1566aWX3ia9YWQEoYveHhwY2olUHUG6Zhoo6bkA+/chhqeXXnrppZfeTr1fN1bsJm2MGU2LvtNHm5pqm66nsNJLL7300ksvPdjfow+m/a7ruwx7eS/23tSJ892/D83U9NJLL7300tupp5p8N0GRbi84OrSd5o/JmfqdJh9N4M+HMr300ksvvfR26ikVVTMDjn6c+fwR8B50MEjtsWrjqaND/saQXnrppZdeekv01EaDZw4jo6pTnatONL+pM+Xf/MVo/tzfSy+99NJLL71NerShB0pAagiIjgP52hWtWL1YjfOdPvW+6aWXXnrppZee6TsNi0bDm94cE5AWgaOvin0Iiq88N7300ksvvfQ269HdAUFRlahAe8736FTBDjz3Js361uPV3xjSSy+99NJL79/Xo/Ws4dPpCfHTSz7cDh+uEuTwINAWZXrppZdeeult1gP57dyUG76D75+BIhS4KdgxdTKHqXcYkdNLL7300ktvsx6tXYGXU+Wym7ko1w37/B7gYPnWnjqeLiKnl1566aWX3mI9EAWBGe3g0YPgl4ZrTTA70009n/nhH4Hn36aXXnrppZdeevP5JBo8r/dOjUSpgambbiKNzT7Wf7uM9NJLL7300lusp1LgsFhFy2W0Kad2whfThnNMoFKmDsegzpleeumll156/7SeL2/5wSDwn7Te9gUvT61yI+3+qaEsstnppZdeeumlt1PvnHvoykGw802+Yb/Qj0n5r9EhqvOD6HFKL7300ksvvfRm9aKhrbr9Oyn1XJhSDUy6qmFApa+VXnrppZdeepv1QCBStwZ9LP/q12NIw5vSQtxNodAvKL300ksvvfQ269FxG1UfA8FT7ezbGdbXuPxzab5UXcz00ksvvfTS26ynopZ6LxoPh5FRddKGS/NzR/RQgqifXnrppZdeeul97nKpoEhHk37Ay28HbZiBAH1+XzorRUuGV5Wy9NJLL7300tuk5294U/eiKVBNJb3dEaQ/0bdU6ZjIpJdeeumll156Nm76jKh2VoEMh6NUtZCG6mHQBjE8vfTSSy+99NbrqQacf1fQ/QP9LpA01VFUw0e+NOZPIT6U6aWXXnrppbdYzzfR3pkJ8tFX7Q4dJQIn6Z23VC+dXnrppZdeeul9iX8BpqZ0hg09P+vjc62KjP7YAephgc3199JLL7300kvv39cbBiyVTX37S9XH6HdvhopUDKfovhiZXnrppZdeekv1aOKj0zwqZfk0S6tdak9UmgU3uEmf4EovvfTSSy+9pXqgv3fd5QKzPmAwSLXOhvweic42+Q+nl1566aWXXnpfD/8XKboT5/R0U3VSXS6fYUFG9ANOw76dqv2ll1566aWXXno68dGQRG+gwi3Nfp5LdSfpL4ZdR/LnIL300ksvvfQW69Gk+c4bgr1TEz4qjN4kQ3pur9/3w9lLL7300ksvve16Kgup4hItsKnUq2Z9fBfuet/BIv1z00svvfTSSy89qHfT2gM39UlO1dFoNQ6cH780mnrJn5L00ksvvfTSS49lTvXMm2Ia6ANe99muN4LulZpKGvT30ksvvfTSS2+T3rC/dxO61GuqpKmyrqps+dmmm/Pz7b6kl1566aWX3mI9tUUqRg4rarR/RjdG7Q4NisPZK5WTSeZML7300ksvvSV6XX/dlV56Xel1pZdeV3pd6XWll17Xn3b9B06/Mut1TALCAAAAAElFTkSuQmCC",
"TESTCTX": {
"VERSION": 1,
"SCHEMA": "1.2.1",
"CERTIFICATE": "MIIDujCCAaKgAwIBAgIIKUgZWBL1pnMwDQYJKoZIhvcNAQELBQAwZjELMAkGA1UEBhMCRlIxHTAbBgNVBAoTFElNUFJJTUVSSUUgTkFUSU9OQUxFMR4wHAYDVQQLExVGT1IgVEVTVCBQVVJQT1NFIE9OTFkxGDAWBgNVBAMTD0lOR1JPVVBFIERTYyBDQTAeFw0yMTA2MDIxMjE0MDBaFw0yMTA5MDIxMjE0MDBaMEAxCzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDRVJUSUdOQTEeMBwGA1UEAwwVQ0VSVElHTkEgLSBURVNUIERHQyAxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAETdygPqv/l6tWFqHFEIEZxfdhtbrBpDgVjmUN4CKOu/EQFwkVVQ/4N0BamwtI0hSnSZP72byk6XqpMErYWRTCbKNdMFswCQYDVR0TBAIwADAdBgNVHQ4EFgQUUjXs7mCY2ZgROQSsw1CN0qM4Zj8wHwYDVR0jBBgwFoAUYLoYTllzE2jOy3VMAuU4OJjOingwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4ICAQAvxuSBWNOrk+FRIbU42tnwZBllUeNH7cWcrYHV0O+1k3RbpvYa0YE2J0du301/a+0+pqlatR8o8Coe/NFt4/KSu+To+i8uZXiHJn2XrAZgwPqqTvsMUVwFPWhwJpLMCejmU0A8JEhXH7s0BN6orqIH0JKLpl0/MdVviIUksnxPnP2wdCtz6dL5zKhi+Qt8BFr55PL1dvuWxnuFOsKr89MqaexQVe/WvKhG5GXBaJFDbp4USVX9Z8vwp4SfEs5nh0ti0M2fyGrpfPvWWFra/qoRGAUJEPHHPMqZT45c1rXo12+cpme2CYM4rsliQsaqdH462p7YNNI5reBC+WHhzGr9FGq9yZ1gu/yhz1cJxNwE5gsBTWnJmSnRE75lYj1a/GAb+9wfABd1Vx68Fnww3Ngp8lG2T1vEWhwQusj/OmloVbqjJiCi6PcZ1/OSTbx58Zv9ySwDd3QGxPygfMy87FuhT6iWlPv57qTMrgtEjq89J8v3WnReAhp12ru5ehN2Zv0ZkO1Of0H3yxNBsvfHUgpgwsRn4zjLVbkU+a3hr4famOThmB1X0tuikY0mbNtVejPGS0qCgeLgj8ILlUrRtsW4R6WzZdIsz7H9AYnpyZbdMPsa856xBR9s0+AzguJI9kkJxvVcpR//GiXMhs0EdgWj2rouOEPZiFNdWpVRrxv/kw==",
"VALIDATIONCLOCK": "2021-06-14T12:05:26.214Z",
"DESCRIPTION": "Maximal Negative RAT"
},
"EXPECTEDRESULTS": {
"EXPECTEDVALIDOBJECT": true,
"EXPECTEDSCHEMAVALIDATION": true,
"EXPECTEDENCODE": true,
"EXPECTEDDECODE": true,
"EXPECTEDVERIFY": true,
"EXPECTEDCOMPRESSION": true,
"EXPECTEDUNPREFIX": true,
"EXPECTEDVALIDJSON": true,
"EXPECTEDB45DECODE": true,
"EXPECTEDPICTUREDECODE": true,
"EXPECTEDEXPIRATIONCHECK": true
}
}

AntoineForum52
2021-07-13 15:48:54

up

OttoMagetto
2021-07-13 15:49:21

Génie

Hubert_Ponceur
2021-07-13 15:49:27

Et donc ?

Slavic-NS103
2021-07-13 15:49:52

Up

ThePrettyBoy
2021-07-13 15:49:58

Coucou TF1 M6, DEDI aux mecs de LYON

ReVergogned
2021-07-13 15:50:28

Tu penses qu'ils vont laisser des failles de merde comme ça ?

noelcoins
2021-07-13 15:50:32

"DESCRIPTION": "Maximal Negative RAT"

RAT :hap:

LemGoEnSang
2021-07-13 15:50:40

[15:49:27] <Hubert_Ponceur>
Et donc ?

JakePetersen
2021-07-13 15:50:56

J'y fus dans le doute.

The_Dark_Anakin
2021-07-13 15:51:08

Attendez, regardez le pseudo de l'op avant de commenter.

JetBlue
2021-07-13 15:51:17

On est censé faire quoi de ça?

Leasingdeyougo
2021-07-13 15:51:41

C’est bien de lire Wikipedia mais quand t’y connais rien vaut mieux te taire le sous doué

AntoineForum52
2021-07-13 15:51:54

Wikipédia d'ailleurs

In 1998, Daniel Bleichenbacher published a seminal paper on what became known as Bleichenbacher's attack (also known as "million message attack").[3][4] PKCS #1 was subsequently updated in the release 2.0 and patches were issued to users wishing to continue using the old version of the standard.[2] With slight variations this vulnerability still exists in many modern servers.[5]

https://en.wikipedia.org/wiki/PKCS_1

Or, ils utilisent la version rsassa-pkcs1-v1.5 !

Hubert_Ponceur
2021-07-13 15:52:07

Il a généré lui même des QR code ?

AntoineFandePS3
2021-07-13 15:52:16

Coucou BFMTV :noel:

Positionnement
2021-07-13 15:52:38

Je ne sais que faire des ces informations

EminenceDerrick
2021-07-13 15:52:43

Le 13 juillet 2021 à 15:50:28 :
Tu penses qu'ils vont laisser des failles de b​ouse comme ça ?

Vu le gouvernement de bras cassés qu'on a ça serait pas surprenant.

BadHorsie1
2021-07-13 15:53:03

Qu’un génie nous sauve de cet enfer du pass sanitairehttps://image.noelshack.com/fichiers/2021/53/7/1609712085-216901-full-gigapixel-scale-4-00x.png

AntoineForum52
2021-07-13 15:53:08

Le 13 juillet 2021 à 15:52:43 :

Le 13 juillet 2021 à 15:50:28 :
Tu penses qu'ils vont laisser des failles de b​ouse comme ça ?

Vu le gouvernement de bras cassés qu'on a ça serait pas surprenant.

C'est le groupe IN qui gère ça, c'est fait à l'arrache, ils ont aussi fait des passeports pour d'autres pays il y avait des vulns et bugs :rire:

Infos
Gestion du forum

contact@geevey.com

API disponible. Utilisez le paramètre "api" en GET, peu importe le contenu, sur une page du site.

Notes

    Partenaire: JVFlux
    Ce site n'est pas associé à Jeuxvideo.com ou Webedia. Nous utilisons seulement des archives publiques.
    Il est inutile de me spammer par e-mail pour supprimer un topic. Au contraire, en conséquence, je mettrais votre topic dans le bloc ci-dessous.
Non-assumage
    Personne n'a pas assumé de topic pour le moment.