SecureVNC Plugin - AES, RSA, and more, for x86 and x64!

[adzm]

SecureVNC DSM Plugin
Simple, effective, secure VNC sessions
For 32- and 64-bit Windows 2000, Windows XP, Window Vista, Windows 7, Windows Server 2003, Windows Server 2008
Based on OpenSSL 0.9.8o

No pre-shared key or password required!

Current Version - v2.3 - Nov 8th, 2010

Please refer to the official website for downloads and the most up to date information!
http://adamwalling.com/SecureVNC

New in v2.3:

• Connections are made much faster than before due to various performance improvements.
  Now licensed under the LGPL
  New cipher option, AES-CFB, uses the cipher feedback (CFB) mode of operation rather than output feedback (OFB).
  New cipher option, 3AES-CFB. See the history section on the website for more info.

Quick Specifications

• Default configuration uses 2048-bit RSA keys and 256-bit AES keys.
  RSA public-key cryptography supports 512-, 1024-, 2048-, and 3072-bit keys.
  Configurable choice of symmetric ciphers and keys
  • AES, AES-CFB, 3AES-CFB: Supports 128-, 192-, and 256-bit keys.
    Blowfish: Supports 56-, 128-, 192-, 256-, and 448-bit keys.
    IDEA: Supports 128-bit keys.
    CAST5: Supports 56- and 128-bit keys.
    ARC4: Supports 56-, 128-, 192-, and 256-bit keys.

All versions are threadsafe, allowing the UltraVNC server to host multiple simultaneous viewers.

UltraVNC 1.0.9.x betas or the special UltraVNC 1.0.8.2 builds available on the SecureVNC plugin website are required for all the great new features; older builds use the legacy plugin interface. The legacy interface remains unchanged, however it does benefit from the performance improvements.

What does the future hold?
Preparing to split into two editions!

• The standard edition will use a FIPS-certified cryptographic module, which also means AES will be the only recommended and supported cipher in the standard edition.
  Other ciphers will remain in a separate edition for users who are forced to abide by cryptographic legislation that restricts their freedoms.

Direct links

• (x86 - 32bit) - http://adamwalling.com/SecureVNC/SecureVNCPlugin.dsm
  (x64 - 64bit) - http://adamwalling.com/SecureVNC/SecureVNCPlugin64.dsm

[redge]

test SecureVNC.dsm 1.0.1.0 built 31 July 2009

* dynamic pre-shared key
* static pre-shared key

lan: wired 100 Mbit/s
OS: Win7rc 32bit, XP SP3
vnc authentication
no mirror driver
system hook enabled
direct and reverse mode between vncviewer 1.0.6.4 with winvnc 1.0.6.4 service system


result:
success for both usage of SecureVNCPlugin.dsm (dynamic and static)

great work with the dynamic pre-shared key.


Information
I think would be good to write comment plugin information about the encryption in use:
(Based on OpenSSL ver. 1.0.0? using ARC4 128bit? for symmetric encryption and RSA 2048 bit? for public key encryption)



actuel limitation of button "Generate Key" for static pre-shared SecureVNC.key

I can Generate Key file SecureVNC.pkey but unable to save the file except \users\redge\documents since the plugin miss to elevate privilege for credential for allow save the file to %programfiles%\UltraVNC or %windir%\system32 for service mode
I had manually moved the file to good place where the file can be read by winvnc service system


known limitation of winvnc that apply for all type of dsmplugin
since winvnc until 1.0.6.4 is not dynamic,
you need to restart winvnc service or as application close and open after enable SecureVNCPlugin.dsm, otherwise it fail.

[adzm]

As always, thanks for your help redge. I edited the top post a bit.

[redge]

Like all negotiations between two parties, it is susceptible to a man-in-the-middle attack. The only way to avoid this is to involve a trusted third party. However that is overkill for most purposes, I believe; this can only be exploited if a malicious party is able to both view AND modify the communication between the two parties.

idea
the trusted third party could be the repeater. but need review little code of repeater for include the trusted reference or is more easy than I think ?

[adzm]

It is definitely possible to use the repeater as a trusted third party, although that would probably require a few fundamental changes to the repeater, as well as the plugin architecture itself. However, it is definitely worth looking into, and I do intend to do so at some point soon. Then again, not everyone uses a repeater anyway.

Regardless, I think the threat is minimal, and this still provides good generalized security, especially compared to unencrypted communication!

Using a third party in the DSM plugin would probably require a whole new plugin, since it would definitely not be backwards compatible.

But perhaps I'll be able to get to it sometime!

[fuggi]

Hi adzm,
good job! I have tested the 64-bit version with both, the winvnc server and the viewer, on a Windows Vista 64 bit system connecting to resp. listen to a Windows XP 32 bit system and it worked fine.

I just haven't had the time so far to check the encryption.

Best regards,
fuggi

[docdoc]

Please note:

I suspect BOTH PLUGINS (AESV3 and Secure) DON'T WORK UNDER WINDOWS 2000!

If you set up the plugins under W2000, pressing "Config" key on server, an error comes out (edit: entry "InterLockedPushEntrySList" not found in KERNEL32) and the plugin can't be loaded.
I think I've found the missing entry name the plugins complain about is present on XP and newer only...

I've lost one day following this issue, including web searches on many websites, but none of them helped me any way, and I haven't seen anywhere such advise, so I hope this warning helps other UltraVNC and plugins users having troubles under old W2000 machines. I know such machines are an endangered species but they're still on the wild..

I think it should be clearly stated on home website (as system requirements) and any other download pages...

Obviously if you have some solution/workaround to get them work, it'll be appreciated!

[docdoc]

Bump...

[MiG]

Plugins don't work anymore for me with 1.0.7.7 (beta).

Tried AESV2Plugin.dsm, SecureVNCPlugin.dsm and SecureVNCPluginAES.dsm.

Viewer connects (you don't see the desktop) and gets disconnected by the server.

Without plugins everything seems fine (and fast!)

[adzm]

The underlying code is in production, but I had been using a local copy and merged my changes into svn. My best bet is that I overlooked something. I'll see if I can figure out what is going on.

Edit: as redge mentioned this was Rudi's issue, which he has already resolved. Thanks Rudi!

[twagner]

Hi MiG

i`ve tested adzm plugins`s too and they works great on the UVNC 1.0.7.7 version. (german WinXP Prof. SP-3 by Updates on 09.2009).

You must restart the uvnc-server if you`ve changed to the dsm-plugins.
If you`ve stoped the server to restart them, please wait 12-15 seconds before restarting the server.

bye

twagner

[redge]

adzm,

don't try to find bug

Seems viewer 1077 is the cause.
Damm, it are my own updates that have an error, fixing it.

MiG
you already tested the new vncviewer 1.07.7fixed bug compilation of Rudi

[adzm]

FYI new version of SecureVNC almost ready. Fixes windows 2000 support. I merged the same fix into the other aes/arc4 plugins as well.

Other feature is the ability to use a private key for the viewer and public key distributed with the server which is used to sign the server's key when transmitted to the viewer. This allows the server to be publicly available (such as for remote support purposes) while keeping the private key secret with the viewer.

This prevents active man in the middle attacks.

The current implementation is already secure against passive mitm but any key exchange is vulnerable to a malicious party that can intercept and modify the handshake to provide it's own keys. This is one solution. The others involve a trusted third party a la ssl/tls but that is a bit beyond the capabilities of the current plugin framework. However with this solution your security is great as long as the viewer's key is kept secret.

Of course this is optional but should greatly benefit our enterprise users who distribute the server freely for remote support purposes. This was never secure with the old plugins since the key to decrypt is provided with the server!

As always, the best solution depends on how the software is used but I think we have most scenarios covered once I release this new build.

[adzm]

Also I am making AES mode the default. The speed hit is not really much on any modern computer and it is a better algorithm. Also intel and amd are putting aes support directly into their next generation of processors!!

[redge]

AES mode the default. The speed hit is not really much on any modern computer and it is a better algorithm

I think you also need take care ARC4 for VNC used on low mono core CPU without hyperthreading and won't have enough CPU power for AES without slowdown computer responsiveness and connectivity ?

SSE, SSE2 old computer.
SSE3, SSE4 new computer.
Streaming SIMD Extensions
but a lot of instructions are not used or/and not necessary for VNC and encryption plugin.

[adzm]

New version now available on the website. I'll update my original post when I get a chance. Windows 2000 support plus a client authentication key for security against man-in-the-middle attacks (useful especially for remote support and SC where the server and public client auth key are publicly available; the private key should be kept secret with the viewer.)

[bigjohn]

how do you enable it to work for the ARC4 only on the server??

[adzm]

Just use the ARC4 version on the server. It will let the viewer know which cipher to use.

[bigjohn]

Just use the ARC4 version on the server. It will let the viewer know which cipher to use.

If I don't select to use the plugin on the viewer, it won't connect... this is why I ask.

[redge]

If I don't select to use the plugin on the viewer, it won't connect... this is why I ask.

test done under conditions ?
direct, reverse, with repeater and ID ?
vncviewer +winvnc version ?
viewer -dsmplugin securevncplugin.dsm -listen
can accept server (with and without encryption) reverse connect to viewer both (crypted and uncrypted)

but server without dsmplugin can't accept viewer with any dsmplugin or is it a bug with SecureVNC should accept it ?

[adzm]

I've been terribly busy, sorry. But I'll see if I can figure out what is going on soon. Also I remember seeing an issue posted somewhere regarding autoreconnect not working with the dsm plugins; my hunch is that the state is not being reset so the handshake is not occurring. I'll look at that too. I've never used that feature before, really.

[Rudi De Vos]

Should be fixed in the latest update 108 ( 26/10)
The viewer needed to delete the plugin as soon as you disconnect,
if you do it later, the delete crash.
Tests where done with "securevncplugin.dsm"

Only using the repeater you need to restart manual the viewer (autoreconnect on viewer site doesn't seems to work together with the repeater, no crash but repeater fails to bind the streams). Autoreconnect without repeater works.

If you have time, can you verify the the dsm plugins for memory leaks.
Boundcheker report leaks, it could be false reports...

svn is updated with all changes.

[bigjohn]

I think my recent experiences with this plugin validate the possibility of a memory leak. I'm seeing that VNC server will periodically crash when connected for a long period of time.

[faba]

Does anybody know how to use this plugin with SC (Singleclick VNC) with the certificates? If I add SecureVNC to SC I got the message that a plugin is used but the connection is unencrypted.

[redge]

new SC for vista/7 only support msrc4plugin.dsm signed from factory
(you can't send your own plugin, it simply ignored)

with old SC version 1.0.0,
you can include your own plugin in your zip you are uploading to online creator
you need to use a work around
rename securevncplugin.dsm --> msrc4plugin.dsm

[faba]

Thanks for your reply. I have renamed it but as you have said it is not possible with the new SC.
Could somebody please fix this? The old SC isn't really usable with Vista oder Windows 7 and SecureVNC especially with the certificates is perfect for SC because of the asymmetric encrypting approach.
With the old plugin if you got the exe you got the key so ...

[max789]

Excellent work, adzm!

Is version 1.0.2.0 already incorporated into uVNC 1.0.8.2? The properties of the SecureVNCPlugin.dsm file still describe it as version 1.0.0.0.

[adzm]

FYI, there is a new version in the works that integrates deeper into UltraVNC which makes things much more stable and also provides much better feedback for debugging some of these issues.

As far as I know, the old SC is deprecated, but I've been making my own just based off of the official builds. You can pretty much do everything you need with the ultravnc.ini and command liine switches, and the 7zsfx packer that allows you to package up multiple files and run a command (with switches) when extracted.

Perhaps sometime I'll write up a guide for others. I'll mark it on my todo list -=]

I'm trying to get this available to the community as soon as possible.

SecureVNC Plugin v2.2.0.0

x86 / 32-bit - SecureVNCPlugin.dsm
x64 / 64-bit - SecureVNCPlugin64.dsm

• * Fixes crash due to UltraVNC host attempting to encrypt a buffer using the legacy method after the socket has been closed and interface has been freed.
  * Client authentication has been changed. If you are using client authentication, you must update both the server and the client to this version. Otherwise, this is backwards compatible with v1.0.2.0.
  * ARC4 is being phased out. If there is any interest in it, please let me know, but for now we shall only use AES.
  * OpenSSL 0.9.8n fixes issue that caused a significant delay initializing the pseudo-random number generator.
  * This build actually contains a significantly improved interface with various new features; however the functionality cannot be exposed until a new build of UltraVNC is created. More information will be posted here once this is ready.

Regarding the new features are that are waiting on a new build of UltraVNC...

Mostly I updated the plugin interface to provide much better integration with UltraVNC. This allows much easier debugging and provides lots of other benefits for the user. Specifically, being able to handle variable size challenge/responses and even multiple ones. This is actually implemented according to the RFB authentication specs. Some new features include supporting multiple keys for client auth, 256-bit AES encryption, the possibility of further configuration (eg blowfish or other algorithm selection), the ability to report error messages to UltraVNC, some interface changes to show encryption status, etc. Additionally, vncviewer can detect the current version of the SecureVNCPlugin and switch to using that mode, so servers that are not updated to the new SecureVNCPlugin and the (currently unreleased) build of UltraVNC can still be accessed by the (currently unreleased) build of vncviewer.

Also some minor unrelated fixes in UltraVNC as well, such as an incredibly annoying bug where copying text while the enter password dialog is up in vncviewer causes the connection to fail.

I'll have these changes merged into UltraVNC shortly and we can wait for Rudi to make an official build. If there is interest, I may put up an unofficial build for those who want to help test.

[defiant]

Anyone having difficulty with setting a passphrase using version 2.2.3.0 of the SecureVNC plugin? I've tried setting a 128 character passphrase in the plugin configuration page on one server running Vista Home and another running XP Prof. SP3, but after I press "Ok" to commit the changes, I'm still prompted for the standard 8 character VNC password.

I'm also using version 1.0.8.2 (May 15 2010 Build) of the UVNC server and viewer.

Anyone have any insight into this issue?

[adzm]

Scratch all this; I figured it out, based on a hunch after the seemingly unrelated SC reply. The configuration is not working properly when running as a service. I'll figure out what is going on and post new 'experimental' server builds and update subversion as soon as possible.

A temporary workaround is to stop the service, run winvnc.exe as a user-mode application and configure the plugin and save, then close it and re-start the service.

Thanks everyone for their help!

Please try the version here: http://adamwalling.com/SecureVNC/debug/ ... Plugin.dsm or here http://adamwalling.com/SecureVNC/debug/ ... ugin64.dsm

It will create a SecureVNC_<timestamp>.log file in your %temp% path. Try messing around with the configs and etc and get me the log when you are done. Trying to figure out whether the issue exists within the plugin or within the (admittedly somewhat convoluted) preferences code within UltraVNC.

If you are running as a service, you may want to search or use procexp to find out where the log is. On Windows XP, it was located in C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp.

I have not had any trouble with it personally, and several others seem to have no difficulty either, but there is definitely a problem somewhere since you are not the first to bring this up.

Please note the log will contain your passphrase in plain text so do not use a 'real' passphrase!

Email it back to me at adam.walling@gmail.com when you get a chance -- thank you very much!

Thanks!