Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

SECRET//20350112
Uptime – the approximate time since last reboot/power-cycle event
Current Mission ID
Name – the name that may have been assigned to the Flytrap (could be empty)
Location – the location that may have been assigned to the Flytrap (could be
empty)
SSID – SSID of the Flytrap
Username and Password
PoP address and port – PoP address and port that the status communication was
sent through
Svn revision of the implant
15.1.3 (U) Flytrap Security Data
(S) This section enumerates the information that is sent in the Flytrap Security Block
portion of a Beacon. Note that username and password are sent in the Flytrap Status
Block.
Security Type – None, WEP, WEP with Authentication, WPA (WPA Personal),
WPA2 (WPA2 Personal), RADIUS, WPA RADIUS (WPA Enterprise), WPA2
RADIUS (WPA2 Enterprise)
WEP Keys
WEP Key Index (i.e., which WEP key is currently being used)
WPA/WPA2 Pre-shared Key
RADIUS Pre-shared Key
RADIUS Server Address
WPA Crypto Type – TKIP, AES, TKIP+AES
15.1.4 (S) Authentication, Encryption, and Covert Communication
(S) Authentication utilizes HMAC with the MD5 hashing algorithm and key shared
between the CT and the Flytraps. They key is not stored in contiguous memory on the
Flytrap and is assembled from an algorithm on the Flytrap. The Header Block and the
Data portion of the message each are authenticated separately using separate shared keys.
If either authentication fails, the message is not handled.
(S) Encryption is done using one of two methods: either 128-bit AES CBC mode with
shared key, or 64-bit Blowfish CBC mode with shared key. Note that the encryption
mode a Flytrap will use is determined when building the Flytrap firmware image (see
15.5). If Blowfish is chosen, no AES software is built into the image. If AES is chosen,
no Blowfish software is built into the image. The shared key is determined using a shared
algorithm that makes use of the random IV’s that are part of the message. The result of
using the algorithm is that the key used to encrypt a buffer is different for every
connection between a Flytrap and the CT. The Header Block and the Data portion of the
message each are encrypted separately using separate shared keys/ algorithms The IV in
the first Block of the message is used to randomize/scramble the key that encrypts the
Header Block. The IV that is part of the Header Block is used to randomize/scramble the
key that encrypts the Data portion. If decryption fails, the message is not handled.
129
SECRET//20350112

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh