Mojic, Timing Side-Channel, (No CVE) (Medium)

Listen to this Post

The vulnerability exists in Mojic v2.1.3’s `CipherEngine.js` during HMAC-SHA256 verification. The decryption routine compares the computed HMAC digest (calcDigest) with the footer’s HMAC (footerHex) using the JavaScript `!==` operator. This operator performs a character-by-character string comparison and short-circuits as soon as a mismatch is found. Consequently, the time taken to reject a tampered file is proportional to the number of leading bytes that match the correct HMAC. An attacker can exploit this observable timing discrepancy (CWE-208) by iteratively forging HMAC bytes, measuring the decryption engine’s response time for each guess. With precise microsecond measurements, the attacker reconstructs the correct HMAC byte by byte without knowing the encryption password. The vulnerable code is in the `flush` method of `getDecryptStream()` (approx line 265):

if (footerHex !== calcDigest) {
this.emit('error', new Error("FILE_TAMPERED"));
return;
}

Because each comparison leaks the position of the first mismatching character, an attacker can automate thousands of requests, each altering one byte, and use statistical timing analysis to deduce the valid signature. Once a valid HMAC is forged, the integrity seal is bypassed. The engine then proceeds to decrypt and decompress the payload, converting emoji sequences back into C source code. This allows injection of arbitrary code into the restored `.c` file.

dailycve form:

Platform: Mojic CipherEngine
Version: 2.1.3
Vulnerability: Timing discrepancy HMAC
Severity: Medium
date: Apr 16 2026

Prediction: May 1 2026

What Undercode Say:

Simulate timing measurement for HMAC byte guessing
for byte in {0..255}; do
echo -n "\x$byte" >> forged_hmac.bin
time node decrypter.js tampered.mojic
Record microseconds until "FILE_TAMPERED" error
done
// Node.js script to measure comparison time
const { performance } = require('perf_hooks');
const start = performance.now();
try { cipherEngine.decrypt(tamperedBuffer); }
catch(e) { const delta = performance.now() - start; }

Exploit:

Attacker crafts a malicious `.mojic` payload, replaces HMAC footer with dummy bytes, then sends decryption requests. For each position i, attacker brute‑forces byte value 0x00–0xFF while measuring response delay. The delay increases when the guessed byte matches the real HMAC at that position. After recovering all 32 HMAC bytes, attacker re‑signs the tampered payload, bypassing integrity check and injecting arbitrary C code.

Protection from this CVE:

Upgrade to patched version where `crypto.timingSafeEqual()` replaces !==. If unavailable, apply hotfix: convert both hex strings to `Buffer` and use `crypto.timingSafeEqual()` with length check. Avoid any short‑circuiting comparison for cryptographic secrets. Monitor for unusual decryption failure spikes.

Impact:

Full integrity bypass leading to arbitrary code injection into decrypted C source files. An attacker can deliver a booby‑trapped `.mojic` file that, when decrypted by a victim, executes malicious logic in the restored code – potentially causing remote code execution, data theft, or supply‑chain compromise of compiled binaries.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top