Reverse engineering of Solnet client

Stuart Stock (
Thu, 15 May 1997 13:12:33 -0500 (CDT)

From comp.risks Digest 19.14:

---------- Forwarded message ----------

Date: Mon, 12 May 1997 17:56:54 +0200 (MET DST)
From: Thomas Koenig <>
Subject: DES challenge news

You may remember RISKS-19.09, in which I discussed the risks in a
network-wide attack on the RSA DES challenge: The Swedish group at didn't give out its source, so the client
could, in fact, do anything, such as crack a master EC-card key. The
reason given was client integrity.

Well, a month after this, the promised source code release has not
happened. Instead, it appears that somebody disassembled part of the
client, made a version that reported fake "done" blocks, and then sent
these to the servers.

Moral? Don't ever think that nobody can read compiled code. Don't try to
run a cooperative effort like this in a closed development model.

Thomas Koenig,, ig25@dkauni2.bitnet.

Stuart Stock                         
Systems/Security Administrator       
Gundaker Realtors                              "If Windows is the answer,
                                                it was a stupid question."
 Got a computer?  Help crack DES!