Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- advapi.dll security question
August 9, 2006, 11:22 am
rate this thread
I happened to come by an old article (dated 04.09.1999) about NSA
having something to do with an extra set of keys inside the Windows
advapi.dll file. According to the article the extra keys are in this
dll on every version of Windows between Windows 95 OSR2 and Windows
Three questions that came to mind:
1. has anything similar been reported about Windows XP?
2. what kind of software would one use to check the dll for keys?
3. if answer to 2 is "hex editor" or other low level editor: how would
you know that you have found a key?
- Sebastian Gottschalk
August 9, 2006, 5:37 pm
Re: advapi.dll security question
Yes and no. Yes, there are additional keys. No, they are from Microsoft,
and they're supposed to provide a signature for a plugin interface that
allows NSA to exchange it with its own implementation in a safe way. At
least that's the official technical explanation.
No. The architecture change removed the need for such a special
A disassembler with good structure analysis.
If there's some DER or BER encoded structure that looks like an exponent
plus a big composite integer of a typical site.