Discover a Monsters Weakness?

As a newbie player, I’m getting to grips with all my skills and abilities and when to use them.

One thing that’s come up is when we encounter monsters … what do you roll against when trying to gauge a monsters weaknesses, so we can use fire, water, light, etc, against it?

Do different types of monsters require different rolls to understand what their possible weaknesses could be, eg Insight, Nature, Arcana, etc?

Some players round the table are GM’s themselves and very knowledgeable about what to use against monsters, but their characters wouldn’t have a clue, having never encountered them before, so it’s difficult to find the right balance as a newbie who doesn’t want to buy a monster manual or use an online search!

Any advice appreciated! .:. Walts

Would a Wall of Water count as ‘running water’ for purposes of a vampire’s weakness to running water?

The Wall of Water spell doesn’t specify whether the water is moving, only that it is difficult terrain. It is 1′ thick and thus may or may not qualify as a sufficient quantity of water to cause the vampire to be ‘in running water’ if he is restrained while in it.

So the question is, would holding a vampire in the area of a Wall of Water damage the vampire?

What is considered “running water” for the vampire’s weakness?

I like a lot D&D vampires. I even bought curse of Strahd. But something I always wandered is “What is running water ?”

Rivers are running waters, since it is used as an exemple. But how about rain (no answers are given on the related question)? How about a bottle? How about peeing on a vampire? How about puddles?

related question:

Is rain considered Running Water for a Vampire’s weakness?

Is the additional damage from weakness doubled on a critical hit?

In Pathfinder 2e, some creatures have weakness. When they take damage matching their weakness, they take additional damage. Is this damage from weakness doubled on a critical hit?

For example, the Ice Linnorm has weakness 10 for fire. Imagine a player attacks it with fire damage and scores a critical hit. Their normal damage is 1d10. How much damage did they deal? Is it 2d10+10, or 2d10+20?

I’m aware that the Core Rulebook describes how to calculate damage done. However, found it difficult to walk through those steps and understand the interaction between weakness and critical hits.

Are there any specific weakness in this crypto implementation?

I am reverse engineering the firmware of a particular router/modem. I am focusing on the functionality to export the router configuration. I an searching for a way to decrypt the configuration backup file.

I have the source code of the open source parts of the firmware and the binaries of the closed source parts for analysis.

After an analysis of the binary responsible for creating the configuration backup file i discovered it does the following:

  1. Takes the raw XML configuration file
  2. Compresses the file
  3. Encrypts the file using a key and an iv (more on that later)
  4. Applies a PKCS7 signature to the file

To encrypt the configuration file a 256 bit AES key is used, in CBC mode. We will call this key file key.

To derive the file key two pieces of information are used: a user password and a device key, combined in the following way:

file_key = MD5(user_password) + MD5(device_key) 

where the user_password is just a string choosen by the user during the config export process in the web interface of the router.

The device_key is an AES key, generated once (the first time is used) and then saved on a file (and read from there when is used again). During the generation of the AES key also an IV is generated and saved along the key. The is generated once and reused the following times.

This device_key (and the associated IV) is used only to encrypt/decrypt the configuration backup.

The crypto library used is openssl-1.0.2k

This is a C code that describes how is generated the device_key (and the associated IV). Is called only once and the results are reused.

const EVP_CIPHER *cipher_algo; const EVP_MD *digest_algo;  unsigned char salt[8]; unsigned char device_key[32]; unsigned char device_key_iv[16];  // yes, the secret key material is constant and is "secret" char secret_data[] = "secret";  cipher_algo = EVP_aes_256_cbc(); digest_algo = EVP_md5();  // in the code the result of this call is NOT checked to be sure it succeded, // maybe something here? RAND_pseudo_bytes(salt, 8);   // here the device_key is generated EVP_BytesToKey(cipher_algo, digest_algo, salt, secret_data, strlen(secret_data), 1, device_key, device_key_iv);  // from now on the device_key and device_key_iv is never regenerated 

This is a C code that describes how is generated the file_key. It is called every time a backup configuration file is exported.

unsigned char device_key[32];  unsigned char device_key_iv[16];  char user_password[] = "test1234"; unsigned char file_key_raw[32];  MD5_CTX md5_context; AES_KEY file_key_aes;  get_device_key_and_iv(device_key, device_key_iv);   // hash of user password MD5_Init(&md5_context); MD5_Update(&md5_context, user_password, strlen(user_password)); MD5_Final(file_key_raw, &md5_context);  // hash of device_key MD5_Init(&md5_context); MD5_Update(&md5_context, device_key, 32); MD5_Final(&file_key_raw[16], &md5_context);  // now file_key_raw contains the raw bytes of the key   AES_set_encrypt_key(file_key_raw, 256, file_key_aes);  // now the struct file_key_aes contains the file_key  //to encrypt data, this is called: AES_cbc_encrypt(input_data_buffer, output_data_buffer, len_of_input_data, file_key_aes, device_key_iv, 1); 

Are there implementation/usage bugs that can allow to recover the file key without a full bruteforce?

Is there any specific weakness in this crypto implementation?

I am reverse engineering the firmware of a particular router/modem. I am focusing on the functionality to export the router configuration. I an searching for a way to decrypt the configuration backup file.

I have the source code of the open source parts of the firmware and the binaries of the closed source parts for analysis.

After an analysis of the binary responsible for creating the configuration backup file i discovered it does the following:

  1. Takes the raw XML configuration file
  2. Compresses the file
  3. Encrypts the file using a key and an iv (more on that later)
  4. Applies a PKCS7 signature to the file

To encrypt the configuration file a 256 bit AES key is used, in CBC mode. We will call this key file key.

To derive the file key two pieces of information are used: a user password and a device key, combined in the following way:

file_key = MD5(user_password) + MD5(device_key) 

where the user_password is just a string choosen by the user during the config export process in the web interface of the router.

The device_key is an AES key, generated once (the first time is used) and then saved on a file (and read from there when is used again). During the generation of the AES key also an IV is generated and saved along the key. The is generated once and reused the following times.

This device_key (and the associated IV) is used only to encrypt/decrypt the configuration backup.

The crypto library used is openssl-1.0.2k

This is a C code that describes how is generated the device_key (and the associated IV). Is called only once and the results are reused.

const EVP_CIPHER *cipher_algo; const EVP_MD *digest_algo;  unsigned char salt[8]; unsigned char device_key[32]; unsigned char device_key_iv[16];  // yes, the secret key material is constant and is "secret" char secret_data[] = "secret";  cipher_algo = EVP_aes_256_cbc(); digest_algo = EVP_md5();  // in the code the result of this call is NOT checked to be sure it succeded, // maybe something here? RAND_pseudo_bytes(salt, 8);   // here the device_key is generated EVP_BytesToKey(cipher_algo, digest_algo, salt, secret_data, strlen(secret_data), 1, device_key, device_key_iv);  // from now on the device_key and device_key_iv is never regenerated 

This is a C code that describes how is generated the file_key. It is called every time a backup configuration file is exported.

unsigned char device_key[32];  unsigned char device_key_iv[16];  char user_password[] = "test1234"; unsigned char file_key_raw[32];  MD5_CTX md5_context; AES_KEY file_key_aes;  get_device_key_and_iv(device_key, device_key_iv);   // hash of user password MD5_Init(&md5_context); MD5_Update(&md5_context, user_password, strlen(user_password)); MD5_Final(file_key_raw, &md5_context);  // hash of device_key MD5_Init(&md5_context); MD5_Update(&md5_context, device_key, 32); MD5_Final(&file_key_raw[16], &md5_context);  // now file_key_raw contains the raw bytes of the key   AES_set_encrypt_key(file_key_raw, 256, file_key_aes);  // now the struct file_key_aes contains the file_key  //to encrypt data, this is called: AES_cbc_encrypt(input_data_buffer, output_data_buffer, len_of_input_data, file_key_aes, device_key_iv, 1); 

Are there implementation/usage bugs that can allow to recover the file key without a full bruteforce?

I have noticed that the Key Derivation Function (EVP_BytesToKey) is used insecurely, because the key material is constant and is used only one round of a fast digest algorithm (MD5). I think that this effectively lowers the entropy to max 64 bits (the salt bits) instead of 256 bits, if the user password is know.

Are there any more errors? Maybe something related to key/iv reusage or missing check for the return code of RAND_pseudo_bytes()?

Note that the plaintext of the configuration file is not known.

Can Tidal Wave trigger a vampire weakness to running water?

In my last session as a player, me and the rest of the party found a bunch of vampire spawns, and at the start of the battle, the group’s druid conjured Tidal Wave.

Me and another friend at the table, we both experienced DMs, remembered “hey, that’s running water!” and got excited with it. The DM at the table agreed with our claim, and the water conjured by the druid spell was able to trigger the vampire weakness to running water, as the spell is unclear of when the water vanishes (in terms of turns, rounds, etc).

The space where we fought the vampire was reasonably small and “sealed”, so there wasn’t that much space for the water to escape after the spell was cast. The location where the fight happened was (Curse of Strahd spoiler ahead):

So, is there a reason why Tidal Wave wouldn’t trigger their weakness? If not, why?

Does my VNC server have security weakness in authentication?

https://www.cl.cam.ac.uk/research/dtg/attarchive/vnc/sshvnc.html says that

VNC uses a random challenge-response system to provide the basic authentication that allows you to connect to a VNC server. This is reasonably secure; the password is not sent over the network. Once you are connected, however, traffic between the viewer and the server is unencrypted, and could be snooped by someone with access to the intervening network. We therefore recommend that if security is important to you, you ‘tunnel’ the VNC protocol through some more secure channel such as SSH.

I installed vino on LUbuntu 18.04, and configured and started my vino server according to https://askubuntu.com/a/530196/1471:

$   export DISPLAY=:0 $   gsettings set org.gnome.Vino enabled true # although fails, it doesn't matter No such key “enabled” $   gsettings set org.gnome.Vino prompt-enabled false $   gsettings set org.gnome.Vino require-encryption false     $   /usr/lib/vino/vino-server 

I could connect to the server at port 5900 from RealVNC’s VNC viewer on my Android phone within the same WIFI network, and I was only asked to provide was the password to login to my Ubuntu. The quote at the beginning says that VNC uses challenge-response system, and doesn’t transfer password, so why do I have to provide a password?

I haven’t tried to do any thing explicitly to make my vino server available to the Internet (or I am not aware that I did it). In the monitoring output message of the server (see below), however, I found the following suspicious clients 46.101.184.149, zg-0817a-64.stretchoid.com, 196.52.43.118, and scan-06.shadowserver.org according to:

  • https://www.abuseipdb.com/check/46.101.184.149
  • https://www.abuseipdb.com/check/107.170.227.141
  • https://www.abuseipdb.com/check/196.52.43.118
  • https://www.abuseipdb.com/whois/216.218.206.67

What kind of security problem does my VNC server have?

Does the monitoring message say that the suspicious clients successfully connect to my VNC server, and pass authentication test? The quote at the beginning says that VNC uses challenge-response system, and doesn’t transfer password, so isn’t it that the suspicious clients are unlikely pass authentication test?

If the suspicious clients snooped the traffic between the viewer and the server, isn’t it that the server is not aware of that?

Thanks.

$   /usr/lib/vino/vino-server  (vino-server:32529): dbind-WARNING **: 19:44:12.185: Error retrieving accessibility bus address: org.freedesktop.DBus.Error.ServiceUnknown: The name org.a11y.Bus was not provided by any .service files 19/08/2018 07:44:12 PM Autoprobing TCP port in (all) network interface 19/08/2018 07:44:12 PM Listening IPv6://[::]:5900 19/08/2018 07:44:12 PM Listening IPv4://0.0.0.0:5900 19/08/2018 07:44:12 PM Autoprobing selected port 5900 19/08/2018 07:44:12 PM Advertising security type: 'TLS' (18) 19/08/2018 07:44:12 PM Re-binding socket to listen for VNC connections on TCP port 5900 in (all) interface 19/08/2018 07:44:12 PM Listening IPv6://[::]:5900 19/08/2018 07:44:12 PM Listening IPv4://0.0.0.0:5900 19/08/2018 07:44:12 PM Clearing securityTypes 19/08/2018 07:44:12 PM Advertising security type: 'TLS' (18) 19/08/2018 07:44:12 PM Clearing securityTypes 19/08/2018 07:44:12 PM Advertising security type: 'TLS' (18) 19/08/2018 07:44:12 PM Advertising authentication type: 'No Authentication' (1) 19/08/2018 07:44:12 PM Re-binding socket to listen for VNC connections on TCP port 5900 in (all) interface 19/08/2018 07:44:12 PM Listening IPv6://[::]:5900 19/08/2018 07:44:12 PM Listening IPv4://0.0.0.0:5900 19/08/2018 07:44:12 PM Clearing securityTypes 19/08/2018 07:44:12 PM Clearing authTypes 19/08/2018 07:44:12 PM Advertising security type: 'TLS' (18) 19/08/2018 07:44:12 PM Advertising authentication type: 'VNC Authentication' (2) 19/08/2018 07:44:12 PM Clearing securityTypes 19/08/2018 07:44:12 PM Clearing authTypes 19/08/2018 07:44:12 PM Advertising security type: 'TLS' (18) 19/08/2018 07:44:12 PM Advertising authentication type: 'VNC Authentication' (2) 19/08/2018 07:44:12 PM Advertising security type: 'VNC Authentication' (2) 19/08/2018 07:44:17 PM [IPv4] Got connection from client android-c28b29b650f6548c.home 19/08/2018 07:44:17 PM   other clients: 19/08/2018 07:44:17 PM Client Protocol Version 3.7 19/08/2018 07:44:17 PM Advertising security type 18 19/08/2018 07:44:17 PM Advertising security type 2 19/08/2018 07:44:17 PM Client returned security type 2  ** (vino-server:32529): WARNING **: 19:44:28.888: VNC authentication failure from 'android-c28b29b650f6548c.home'  19/08/2018 07:44:28 PM rfbAuthPasswordChecked: password check failed 19/08/2018 07:44:28 PM Client android-c28b29b650f6548c.home gone 19/08/2018 07:44:28 PM Statistics: 19/08/2018 07:44:28 PM   framebuffer updates 0, rectangles 0, bytes 0 19/08/2018 07:44:30 PM [IPv4] Got connection from client android-c28b29b650f6548c.home 19/08/2018 07:44:30 PM   other clients: 19/08/2018 07:44:30 PM Client Protocol Version 3.7 19/08/2018 07:44:30 PM Advertising security type 18 19/08/2018 07:44:30 PM Advertising security type 2 19/08/2018 07:44:30 PM Client returned security type 2  ** (vino-server:32529): WARNING **: 19:44:40.531: Deferring authentication of 'android-c28b29b650f6548c.home' for 5 seconds  19/08/2018 07:44:45 PM rfbProcessClientNormalMessage: ignoring unknown encoding type 22 19/08/2018 07:44:45 PM rfbProcessClientNormalMessage: ignoring unknown encoding type 21 19/08/2018 07:44:45 PM rfbProcessClientNormalMessage: ignoring unknown encoding type 15 19/08/2018 07:44:45 PM rfbProcessClientNormalMessage: ignoring unknown encoding type -314 19/08/2018 07:44:45 PM Enabling NewFBSize protocol extension for client android-c28b29b650f6548c.home 19/08/2018 07:44:45 PM Pixel format for client android-c28b29b650f6548c.home: 19/08/2018 07:44:45 PM   8 bpp, depth 6 19/08/2018 07:44:45 PM   true colour: max r 3 g 3 b 3, shift r 4 g 2 b 0 19/08/2018 07:44:45 PM Pixel format for client android-c28b29b650f6548c.home: 19/08/2018 07:44:45 PM   32 bpp, depth 24, little endian 19/08/2018 07:44:45 PM   true colour: max r 255 g 255 b 255, shift r 16 g 8 b 0 19/08/2018 07:44:45 PM no translation needed  Gtk-Message: 20:43:41.511: GtkDialog mapped without a transient parent. This is discouraged. Gtk-Message: 20:43:44.339: GtkDialog mapped without a transient parent. This is discouraged. Gtk-Message: 20:43:52.072: GtkDialog mapped without a transient parent. This is discouraged. 19/08/2018 10:39:57 PM [IPv4] Got connection from client 46.101.184.149 19/08/2018 10:39:57 PM   other clients: 19/08/2018 10:39:57 PM      android-c28b29b650f6548c.home 19/08/2018 10:39:57 PM Client Protocol Version 3.3  ** (vino-server:32529): WARNING **: 22:39:57.238: VNC authentication failure from '46.101.184.149'  19/08/2018 10:39:57 PM rfbAuthPasswordChecked: password check failed 19/08/2018 10:39:57 PM Client 46.101.184.149 gone 19/08/2018 10:39:57 PM Statistics: 19/08/2018 10:39:57 PM   framebuffer updates 0, rectangles 0, bytes 0 19/08/2018 10:43:41 PM [IPv4] Got connection from client 46.101.184.149 19/08/2018 10:43:41 PM   other clients: 19/08/2018 10:43:41 PM      android-c28b29b650f6548c.home 19/08/2018 10:43:41 PM Client Protocol Version 3.3  ** (vino-server:32529): WARNING **: 22:43:41.812: Deferring authentication of '46.101.184.149' for 5 seconds   ** (vino-server:32529): WARNING **: 22:43:47.449: VNC authentication failure from '46.101.184.149'  19/08/2018 10:43:47 PM rfbAuthPasswordChecked: password check failed 19/08/2018 10:47:27 PM [IPv4] Got connection from client 46.101.184.149 19/08/2018 10:47:27 PM   other clients: 19/08/2018 10:47:27 PM      46.101.184.149 19/08/2018 10:47:27 PM      android-c28b29b650f6548c.home 19/08/2018 10:47:27 PM Client Protocol Version 3.3  ** (vino-server:32529): WARNING **: 22:47:27.692: Deferring authentication of '46.101.184.149' for 5 seconds   ** (vino-server:32529): WARNING **: 22:47:32.452: VNC authentication failure from '46.101.184.149'  19/08/2018 10:47:32 PM rfbAuthPasswordChecked: password check failed 19/08/2018 10:51:12 PM [IPv4] Got connection from client 46.101.184.149 19/08/2018 10:51:12 PM   other clients: 19/08/2018 10:51:12 PM      46.101.184.149 19/08/2018 10:51:12 PM      46.101.184.149 19/08/2018 10:51:12 PM      android-c28b29b650f6548c.home 19/08/2018 10:51:12 PM Client Protocol Version 3.3  ** (vino-server:32529): WARNING **: 22:51:12.833: Deferring authentication of '46.101.184.149' for 5 seconds   ** (vino-server:32529): WARNING **: 22:51:18.448: VNC authentication failure from '46.101.184.149'  19/08/2018 10:51:18 PM rfbAuthPasswordChecked: password check failed 19/08/2018 10:54:58 PM [IPv4] Got connection from client 46.101.184.149 19/08/2018 10:54:58 PM   other clients: 19/08/2018 10:54:58 PM      46.101.184.149 19/08/2018 10:54:58 PM      46.101.184.149 19/08/2018 10:54:58 PM      46.101.184.149 19/08/2018 10:54:58 PM      android-c28b29b650f6548c.home 19/08/2018 10:54:58 PM Client Protocol Version 3.3  ** (vino-server:32529): WARNING **: 22:54:58.339: Deferring authentication of '46.101.184.149' for 5 seconds   ** (vino-server:32529): WARNING **: 22:55:03.449: VNC authentication failure from '46.101.184.149'  19/08/2018 10:55:03 PM rfbAuthPasswordChecked: password check failed 19/08/2018 10:58:43 PM [IPv4] Got connection from client 46.101.184.149 19/08/2018 10:58:43 PM   other clients: 19/08/2018 10:58:43 PM      46.101.184.149 19/08/2018 10:58:43 PM      46.101.184.149 19/08/2018 10:58:43 PM      46.101.184.149 19/08/2018 10:58:43 PM      46.101.184.149 19/08/2018 10:58:43 PM      android-c28b29b650f6548c.home 19/08/2018 10:58:43 PM Client Protocol Version 3.3  ** (vino-server:32529): WARNING **: 22:58:43.756: Deferring authentication of '46.101.184.149' for 5 seconds   ** (vino-server:32529): WARNING **: 22:58:49.448: VNC authentication failure from '46.101.184.149'  19/08/2018 10:58:49 PM rfbAuthPasswordChecked: password check failed  19/08/2018 11:02:28 PM [IPv4] Got connection from client 46.101.184.149 19/08/2018 11:02:28 PM   other clients: 19/08/2018 11:02:28 PM      46.101.184.149 19/08/2018 11:02:28 PM      46.101.184.149 19/08/2018 11:02:28 PM      46.101.184.149 19/08/2018 11:02:28 PM      46.101.184.149 19/08/2018 11:02:28 PM      46.101.184.149 19/08/2018 11:02:28 PM      android-c28b29b650f6548c.home 19/08/2018 11:02:28 PM Client Protocol Version 3.3  ** (vino-server:32529): WARNING **: 23:02:28.345: Deferring authentication of '46.101.184.149' for 5 seconds   ** (vino-server:32529): WARNING **: 23:02:33.449: VNC authentication failure from '46.101.184.149'  19/08/2018 11:02:33 PM rfbAuthPasswordChecked: password check failed 19/08/2018 11:30:51 PM [IPv4] Got connection from client zg-0817a-64.stretchoid.com 19/08/2018 11:30:51 PM   other clients: 19/08/2018 11:30:51 PM      46.101.184.149 19/08/2018 11:30:51 PM      46.101.184.149 19/08/2018 11:30:51 PM      46.101.184.149 19/08/2018 11:30:51 PM      46.101.184.149 19/08/2018 11:30:51 PM      46.101.184.149 19/08/2018 11:30:51 PM      46.101.184.149 19/08/2018 11:30:51 PM      android-c28b29b650f6548c.home 19/08/2018 11:31:01 PM rfbProcessClientProtocolVersion: client gone 19/08/2018 11:31:01 PM Client zg-0817a-64.stretchoid.com gone 19/08/2018 11:31:01 PM Statistics: 19/08/2018 11:31:01 PM   framebuffer updates 0, rectangles 0, bytes 0 sendto: Network is unreachable sendto: Network is unreachable 20/08/2018 10:37:54 AM rfbProcessClientNormalMessage: read: Connection reset by peer 20/08/2018 10:37:54 AM Client android-c28b29b650f6548c.home gone 20/08/2018 10:37:54 AM Statistics: 20/08/2018 10:37:54 AM   key events received 32, pointer events 3932 20/08/2018 10:37:54 AM   framebuffer updates 7016, rectangles 13714, bytes 270216867 20/08/2018 10:37:54 AM     ZRLE rectangles 13714, bytes 270216867 20/08/2018 10:37:54 AM   raw bytes equivalent 538553044, compression ratio 1.993040 20/08/2018 02:15:10 PM [IPv4] Got connection from client 196.52.43.118 20/08/2018 02:15:10 PM   other clients: 20/08/2018 02:15:10 PM      46.101.184.149 20/08/2018 02:15:10 PM      46.101.184.149 20/08/2018 02:15:10 PM      46.101.184.149 20/08/2018 02:15:10 PM      46.101.184.149 20/08/2018 02:15:10 PM      46.101.184.149 20/08/2018 02:15:10 PM      46.101.184.149 20/08/2018 02:15:10 PM Client Protocol Version 3.7 20/08/2018 02:15:10 PM Advertising security type 18 20/08/2018 02:15:10 PM Advertising security type 2 20/08/2018 02:15:10 PM Client returned security type 1 20/08/2018 02:15:10 PM rfbAuthProcessSecurityTypeMessage: client returned unadvertised security type 1 20/08/2018 02:15:10 PM Client 196.52.43.118 gone 20/08/2018 02:15:10 PM Statistics: 20/08/2018 02:15:10 PM   framebuffer updates 0, rectangles 0, bytes 0 20/08/2018 02:31:26 PM [IPv4] Got connection from client scan-06.shadowserver.org 20/08/2018 02:31:26 PM   other clients: 20/08/2018 02:31:26 PM      46.101.184.149 20/08/2018 02:31:26 PM      46.101.184.149 20/08/2018 02:31:26 PM      46.101.184.149 20/08/2018 02:31:26 PM      46.101.184.149 20/08/2018 02:31:26 PM      46.101.184.149 20/08/2018 02:31:26 PM      46.101.184.149 20/08/2018 02:31:28 PM rfbProcessClientProtocolVersion: client gone 20/08/2018 02:31:28 PM Client scan-06.shadowserver.org gone 20/08/2018 02:31:28 PM Statistics: 20/08/2018 02:31:28 PM   framebuffer updates 0, rectangles 0, bytes 0