12/31/13

The Internet and Physical Communication Media.

The Internet infrastructure consists both of hardware and software.

Hardware part of infrastructure consists also of physical medium. The physical medium can take many shapes & forms and does not have to be the same type for each transmitter-receiver pair along the path. Examples of physical media include twisted-pair copper wire, coaxial cable, multimode fiber-optic cable, terrestrial radio spectrum, and satellite radio spectrum.

Physical media fall into two categories: guided media and unguided media. With guided media, the waves are guided along a solid medium, such as fiber-optic cable, a tristed-pair copper wire, or a coaxial cable. With unguided media, the waves propagate in the atmosphere and in outer space, such as in a wireless LAN or a digital satellite channel.

Twisted-Pair Copper Wire.

The least expensive and most commonly used guided transmission medium is twisted-pair copper wire. Twisted pair consists of two insulated copper wires, each about 1 mm thick, arranged in a regular spiral pattern. When fiber-optic technology emerged in the 1980's, many people disparaged twisted pair because of its relatively low bit rates (speed), but twisted-pair was modernized for speed and did not give up so easily.

Coaxial Cable.

Like twisted pair, coaxial cable consists of two copper conductors, but the two conductors are concentric rather than parallel. With this construction and special insulation and shielding coaxial cable can have high bit rates. Coaxial cable can be used as a guided shared medium. Specifically, a number of internet devices can be connected directly to the cable, with each receiving whatever is sent by the other internet devices.

Fiber Optics.

An optical fiber is a thin, flexible medium that conducts pulses of light, with each pulse representing a bit (unit of information, 0 or 1). A single optical fiber can support tremendous bit rates (speed), up to tens or even hundreds of gigabits per second. They are immune to electromagnetic interference, have very low signal attenuation up to 100 kilometers, and are very hard to tap. These characteristics have made fiber optics the preferred long-haul guided transmission media, particularly for overseas links.

Terrestial Radio Channels.

Radio channels carry signals in the electromagnetic spectrum. They are attractive medium because they require no physical wire to be installed, can penetrate walls, provide connectivity to mobile user, and can potentially carry a signal for long distances. Environmental considerations determine path loss and shadow fading (which decrease the signal strength as the signal travels over a distance and around/through obstructing objects) and interference (due to other transmissions and electromagnetic signals).

Satellite Radio Channels.

A communication satellite links two or more Earth-based microwave transmitter/receivers, known as ground stations. Two types of satellites are used in communications: geostationary satellites and low-earth orbiting (LEO) satellites. Geostationary satellites permanently remain above the same spot on Earth. LEO satellites are placed much closer to Earth and do not remain permanently above one spot on Earth. They rotate around Earth (just as the Moon does) and may communicate with each other, as well as with ground stations.

Quantum Networks.

Quantum networks descend from the study of Quantum cryptography. The idea of a quantum network emerged after successful experiments on quantum teleportation. When two companies (one from Switzerland, 'idQuantique', and another from the USA, 'MagiQTech') released practical communication devices based upon the rules of quantum mechanics, the need for a secure network capable of utilizing quantum principles was realized. These networks are now known as quantum communication networks. In these networks, data are communicated as quantum states through the technique of entanglement via an optical fiber link.

Source: [3], Wikipedia.

Speed.

The speed at which information arrives at destination depends on the route it goes with (length of route, information splitting and joining to send simultaneously via multiple links, speeds of each of partial links [slow links form bottlenecks], transmission errors).

Internet as an idea.

Internet is also idea, in theory even human couriers may carry information (whole or part) from point A to B, and be part of the Internet physical medium links, and so on. If/when sending part of information, for example for security purposes (encrypted information without parts is often much harder to attack), i'd give the 'package' to someone who can do it well: martial artist or soldier, or spy, or appropriate security personnel, depending on the situation.

12/27/13

Every hacker should know perfectly....

every hacker should know....

.... 'C', and 'Assembler' languages perfectly.

if she/he does not remember, should relearn and deepen their understanding.

it's about 6 months to complete (if there's focus on this task).

12/25/13

When 'C' language is better than assembler, and when other option is true?

C is higher level language, it's easier for most of humans to write in C. Less errors, faster development and such.

Assembler can be used to optimize program (or it's parts, often bottlenecks) to the fullest for specific architecture.

C programmers however have this advantage: with general code, they do not depend on processor model. When new processor model is made, they just recompile their program with different parameters and they do not need to write everything anew.

C and Assembler are closely tied, it's best to use both as neccessary, using assembler on bottlenecks and blocks of code under special supervision, for example, for security reasons, and C for the rest.

12/21/13

Programming Language Translation.

From some viewpoint, compilation is nothing else than translation.

It's translation from high-level language such as C or Java to machine code, which can be run (perhaps it's little more complex, but that's the essence).

Can for example, Pascal Language code be compiled to Java or other, seemingly unrelated one?

I think yes, it can.

Just translate it to data structure in computer memory, then transform data structure to the one compatible with another, target language, then generate output (code in that language). It might be hard to understand, but still not so unknown language.

Shellcode, Assembler & Machine Code.

In computer security, a shellcode is a small piece of code used as the 'payload' in the exploitation of a software vulnerability.

It is called 'shellcode' because it typically starts a command shell from which the attacker can control the compromised machine, but any piece of code that performs a similar task can be called shellcode.

Modern 'Intrusion Detection Systems' (IDS) have means of detecting common shellcodes being passed to defended machine. But such code can be disguised.

Shellcode is (perhaps always) an assembler program that is translated to encoded form.

Assembler programs use mnemonics and macros. Assemblers are tool for humans, they allow to write code easier, instead of looking at strange language. (strings of binary numbers for example).

Example:

 photo shellcode_casm_zpse03cc467.png

Code is slightly different after compilation and disassembly, probably optimized for specific computer system. It's equivalent, it still does it's job of spawning command shell. Perhaps there's difference between 'xor' and 'xorl' instructions (many things can be affected, from flags to speed of such instruction). Or just different notation, different mnemonics for the same processor instructions.


-------------


(x86 assembler program. ran & analyzed.):

// clear eax register

  xorl %eax,%eax

// push /bin//sh + string terminator (0) on stack, from end to beginning, because of architecture.

  pushl %eax
  pushl $0x68732f2f
  pushl $0x6e69622f

// prepare registers for function call.

  movl %esp,%ebx

// push function parameters on stack in preparation for function call.

  pushl %eax
  pushl %ebx

// prepare registers for function call.

  movl %esp,%ecx
  xorl %edx,%edx

// call function execve.

  movb $0xb, %al
  int $0x80

-------------


can be encoded as hexadecimal number character string:

31 c0 50 68 2f 2f 73 68 68 2f 62 69 6e 89 e3 50 53 89 e1 31 d2 b0 0b cd 80

'Perhaps' there are machines that can use this hexadecimal number string as language to program them, as their machine code that can be executed on them without translation or compilation.

Virtual or not.

If not, then perhaps they can be realized....

I do not see technical difficulties with this, for there are programmable processors for example....

Even if my knowledge of hardware is limited, from programmer's viewpoint any device can be programmed.

thus, machine code is even closer to hardware (lower-level) than assembler code, which for example uses macros, and is compiled to machine-dependent machine code.

Source: Wikipedia.

see also, if You wish or need ... : 'Buffer Overflow' Hacking Attack.

Shell-storm: (one of shellcode databases).

(shellcode is small in size, thus easy to analyze. it's better to use someone's work this way than to create it anew, because programmer's time also costs).

12/15/13

Hacking Theory & Practice.

True hacking skill is not to only know theory, but also do it, when your computer(s) break and software dynamically fails.

Everyone should decide when and if to insure their IT infrastructure. And how.

12/14/13

Common Problems in Software Company.

I've worked in few companies, about 10-100 people each, often cooperating with other teams, often in another city or country. Roles of programmer analyst and programmer. In consultant role i never did at all.

Process looked like this:

If company had customer(s), it could survive.

Role names might not be accurate, and depending on company size, some people could do well in few roles at once.

Main Architect, or Technical Leader was responsible for whole project from technological viewpoint, but still participated in meetings with clients.

There were talks between client(s) representative(s) and Analysts. Some documents (requirements and more) were made, it took a while.

Documents were passed to Analysts and Designers, who translated the requirements of Clients to technical talk, and abstract technical designs (in my opinion this should be contracts and automated tests).

Programmers, each of them understanding software analysis to some extent could communicate well with analysts. They did the implementation part. System which was developed on developer machines, each of them solving different project using similar (but not always) tools.

Periodically the system was committed (put into and more) into code repository (where everyone with access could store it or take it from there, in a safe and reliable way), not without clashes and problems.

Then it either went into integration (often programmers did the job of joining parts of code for integrator), or was passed to someone responsible for making sure that parts of whole system (car analogy: tires, windows, different spoiler variants etc...), the integrator.

Then tests, and feedback, bugfixing (correcting errors).

Each phase lasted a predetermined amount of time.

After succesful tests, system was moved from testing or integration environment to 'production environment', where it was considered 'live', and users could use it.

Then new iteration (cycle) began, and problems accumulated. No one wants coders to start always from scratch, but reality changes. To adjust code is much harder than to write it from beginning, as there are problems with understanding each others' code, especially if it's errorful, tangle of dependencies of kinds many programmers even not have clue about. If code has errors, it's often good to isolate such before solving. One at once is best. Automated tests help a lot in this case, for there are ways to ensure that code that breaks it is never allowed in repository (or someone responsible can be blamed, and we can revert to previous version), and this saves everyone stress and costs.

In the new iteration (development cycle in this case), analysts went to customers and got feedback, perhaps were paid, and change requests were debated. New words in dictionary, new technical designs. System to rebuild anew.

The more code would be reusable, the more quality it had, the easier it would be to manage changes and erosion which is cause of eventual fall of many projects.

Rest of the cycle was repeated, and programmers were put under time stress, more complex software, staff changes and different ways of thinking of new employees, at some point not many understood what problems they are solving, and how to not get fired for stupidity.

Simple network packet capture tool.

Simplest tool i could find for such task is linux network packet capture tool called tcpdump.

It can capture packets coming into local network device (for example: computer connected to the Internet) then display them or save to file. Such data can then be analyzed, for example to detect suspicious packets, or to debug internet protocols.

For example:






Or its source code can be examined and analyzed for inspiration, then custom version can be made.

But not without crediting authors.

12/10/13

Heap Data Structure.

Heap is a data structure, that has uses in sorting and in priority queues.

For more details of algorithms & data structures (they form programs after all) please see literature [4], perhaps more.

Heap is a data structure that can be considered as a full binary tree. It can be implemented in a table (array). Tree is full at every level, perhaps excluding lowest (leaves).

Having a tree node indexed by variable i, we can find parent's position in a table, or/and sons (LEFT, RIGHT):

PARENT(i) = i/2 (round down).
LEFT(i) = (2*i).
RIGHT(i) = (2*i)+1.

On most computers these calculations are fast, using bitwise shift operators.

Heaps also have a property called 'heap property' which means that every (and any) node's value is not greater than parent node's value (at every level).

A[PARENT(i)] >= A[i].

We define node's height as amount of edges (connections), on longest simple line between this node and leaf.

We define tree's height as root's height (tree's root is highest tree node).

12/8/13

Heap Overflow type Attacks.

Attacks on applications are one of most commonly used by hackers.

Using errors in programs, intruder can gain privileges at which it (program) was run.

Existence of errors contained in programs gives possibility of accessing data or process memory.

We'll explore how this kind of abuse can be exploited.




'buffer overlov', in this case buffers are on heap (in heap segment).


 photo fnovw_zps1c25afa5.png

'file name overwrite to access private data'.

(perhaps encrypted) system passwords are in /etc/shadow.
root privileges (can check for +s permissions flag) are required to read from /etc/shadow.

unneccessary lines (such as debug printf) are danger to leave, for they give out information about hacker.



for more details please see Literature: [5], [14], perhaps more.


see also, if You wish or need ... : 'Heap Overflow' Hacking Attack.

12/7/13

Cipher Block Chaining (CBC).

Block ciphers encrypt only fixed-size blocks. If we want to encrypt something that isn't exactly one block large, we have to use a 'block cipher mode'.

CBC, or cipher block chaining, is one of most widely used such block cipher modes.

If we have plaintext of length equal to exactly m * block size length, then we can use CBC. This property can be ensured using proper 'padding'.

The standard formulation of CBC is as follows:

Ci = E(K, Pi XOR Ci-1) for i = 1 , .... , m .

where:

Ci : i-th ciphertext block to compute.
E : Encryption function.
K : Cryptographic key.
Pi : i-th plaintext block to encrypt.
XOR : bitwise arithmetic exclusive alternative operation.
i : index (for iteration).
m : number of fixed side ciphertext blocks.

Padding is filling ciphertext block with numbers in a way that ensures that block is fully filled and that this padding can be reversed. For example we can append 128 number to the end of ciphertext block then fill the rest with zeros.

Using CBC also helps to ensure that in case of two the same plaintext blocks, ciphertext blocks differ. It increases security.

One of problems that arise, when using CBC is protecting first n-bit block(s) from unautorized decryption. Solution to this is to use Initialization Vector (IV) which can be XOR-ed with first block(s). Initialization Vector can use random number or nonce (number used only once), or other less reliable solutions. With nonce-generated IV, messages received should be reejected if they have nonce used before. Nonce(s) used for message(s) should be agreed before transmission, between sender and receiver, somehow. Perhaps downloaded (preferably using digital signature for security), perhaps exchanged offline.

12/5/13

Hacking, Cryptography & Prime Number Trade.

Every hacker/cryptograph should count prime numbers by herself/himself.

Only way to trust tools you use is to create them on on your own.

At some point however, it's so slow that prime numbers trade should be involved, but not without checking and counting anyway.

XOR operations.

XOR stands for 'Exclusive Or', or 'Exclusive Alternative'.

It's used often in Information Technology Sector.

It can be used as Logical Operator or (Bitwise) Arithmetic Operator.

As Logical Operator, it evaluates to truth when and only when logical operands (input data) are different.

For example:

TRUE XOR TRUE = FALSE
TRUE XOR FALSE = TRUE
FALSE XOR TRUE = TRUE
FALSE XOR FALSE = FALSE

As Arithmetic Operator, it 'sums' (more appropriately: XORs) two bits (zeros or ones), resulting in 0 or 1, as follows:

1 XOR 1 = 0
1 XOR 0 = 1
0 XOR 1 = 1
0 XOR 0 = 0

More than one bit can be used, each is evaluated separately, for example:

11 XOR 11 = 00
10 XOR 11 = 01
01 XOR 11 = 10
00 XOR 11 = 11

etc..

Please note that XOR operation is reversible. That is, XORing operand 1 twice with the operand 2 will yeld operand 1 in the result.

For example:

111 XOR 010 XOR 010 = 111, because:

111 XOR 010 = 101

and

101 XOR 010 = 111.

12/4/13

Sample Cipher using Stitie Space.

To create 'public' key of a pair, proceed as follows:

1. Divide n-bit blocks into k-bit blocks, where k<n.
2. Select up to n2 k-bit common input blocks, where n is cryptographic security level of cipher and k<n and k divides n (it's not ideal cipher, just one of key pairs under it).If n2 > 2k then use 2k common input blocks.
3. Select large prime numbers (equal amount to selected k-bit blocks in point 2), call them 'pn1', 'pn2', ... . They should not be sequential, and each of key pairs should have different sets.
4. Assign primes selected above to the common input blocks selected above.
5. Prepare beginning protocol of a cipher, selected or randomly chosen but remembered bits to use in first block(s) of ciphertext. This is secret shared by 'private' and 'public' key pair. Different key pairs have different bits.
6. Select minimum and maximum threshold of common k-bit blocks or their concatenations considered. For each selected common k-bit block or concatenation, precalculate a number, a product of primes assigned to selected common k-bit blocks. Assign a 'reserved' block to each of them.
7. Prepare functions, complex or not, and assign them to prime products computed above.
8. Prepare ending protocol of a cipher, mentioning which common input blocks should be processed differently. These are blocks bitwise equal to 'reserved' blocks assigned to products of primes mentioned above.
9. Whole ciphertext, including beginning and ending protocols should be malformed so it's hard to guess them easily. Develop such methods for each of key pairs independently.

This key can be used as follows:

1. Create beginning protocol block(s) of a cipher as designed above.
2. Add all values that belong to ending protocol there, and insert it in selected place (any place in the ciphertext to be processed, after the beginning protocol).

repeat in rounds (as many times for each block as neccessary):

3. For each concatentation of selected common k-bit input blocks in n-bit block (according to selected minimum and maximum concatenations threshold), substitute it for 'reserved' block, assigned to a product of primes.
4. For rest of k-bit input blocks in n-bit block, transform them somehow, with functions, complex or not, selected depending on last product of primes before that block. These functions are a secret of this 'public' key.
5. If this is first n-bit block, XOR beginning protocol with beginning n-bit block(s) before proceeding onward, but only once, not per round.
6. If this is not first n-bit block, XOR it with previous block.

end of repeat in rounds.

7. Malform whole ciphertext somehow.

To create 'private' key of a pair, proceed as follows:

1. Add 'public' key secrets to the 'private' key.
2. Add properly indexed primes and products to the 'private' key.
3. Add reversed functions to the 'private' key.

This key can be used as follows:

Reverse order of operations then decipher using reversed functions, accounting for beginning and ending protocol. Proceed from first block of ciphertext to last. Because we know all secrets, we can proceed fast without need to guess through trapdoor function, which is time-wise costly.

This key pair can be generated by Stitie Space, as mentioned few posts earlier, with few improvements.

Succesful use of this cipher depends on amount and size of prime numbers at users disposal (and opponent's).

Public key files should be encrypted, signed and certified. Software for encryption using such keys should not be open-source, and it's binary executable should be obfuscated. To protect secrets of public keys and its ciphers.

Critic is welcome and requested.

Trapdoor function.

A trapdoor function is a function that is easy to compute in one direction, yet believed to be difficult to compute in the opposite direction (finding its inverse) without special information, called the 'trapdoor'. Trapdoor functions are widely used in cryptography.

In mathematical terms, if f is a trapdoor function there exists some secret information y, such that given f(x) and y it is easy to compute x. Consider a padlock and its key. It is trivial to change the padlock from open to closed without using the key, by pushing the shackle into the lock mechanism. Opening the padlock easily, however, requires the key to be used. Here the key is the trapdoor.

An example of a simple mathematical trapdoor is '6895601 is the product of two prime numbers. What are those numbers?' A typical solution would be to try dividing 6895601 by several prime numbers until finding the answer. This is slow solution, which are rather unpractical for most needs.

However, if one is told that 1931 is part of the answer, one can find the answer by entering '6895601 / 1931' into any calculator. This example is not a sturdy trapdoor function--modern computers can guess all of the possible answers within a second--but this sample problem could be improved by using the product of two much larger primes.

Source: Wikipedia.

See also: One-way compression in Cryptography (it's not so related as it might seem at first).

12/3/13

Attacks on Block Ciphers.

def. A secure block cipher is one for which no attack exists.

def. An attack on a block cipher is a nontrivial method of distinguishing the block cipher from an ideal block cipher.

Lowering probability of breaking ciphers.

There can be probabilistic attack on cipher.

It differs from brute force attack such way, that we try all possible combinations of possible keys, or fraction of such number in selected order. We start from those which are most probable to occur, and end with least probable ones.

How we can lower probability of breaking cipher that way, thus delay the inevitable perhaps?

By using disinformation methods, including new ciphers that secure secrets of old.

The Ideal Block Cipher.

def. Block cipher is considered Ideal when and only when:

1. For each key value block cipher is random permutation, a 'lookup table' of 2n elements of n bits each.
2. Different permutations for the different key values should be chosen independently.
3. It consists of all possible 'lookup tables', thus is no longer random.

Basic Idea of making Asymetric Key-Pair Generator using Stitie Space.

To create one-way compressed block cipher, proceed as follows:

1. Create Stitie Space (part of it can be used, for example 8 x 9 x 12 nodes for 864 bits).
2. Assign mathematical function, complex or not, at each node (use 'strategy' pattern).
3. Partition Stitie Space somehow, and compress 3D Block Cipher that is Stitie Space by joining functions at nodes somehow (for example by substituting variable for a function that computes it, taken from another node). This step can be repeated as many times as neccessary for security.

Private key is such Stitie Space and a secret that decides how Stitie Space is partitioned, and how functions at nodes are joined. It can be determined somehow, more or less randomly or not. Please note that each of blocks can be encrypted little differently, for example by adding encrypted byte number to encrypted byte.

Please note that such private key can be serialized (reduced to a number or color).

Please also note that functions used can depend both on key and plaintext data.

12/2/13

One-way compression in Cryptography.

In cryptography, a one-way compression function is a function that transforms a fixed-length input into a fixed-length output.

The transformation is "one-way", meaning that it is difficult given a particular output to compute inputs which compress to that output. One-way compression functions are not related to data compression, which by definition is invertible.

A compression function mixes two fixed length inputs and produces a single fixed length output of the same size as one of the inputs. This can also be seen as that the compression function transforms one large fixed-length input into a shorter, fixed-length output. That's how, for example, hash functions can be produced from the Block Ciphers.

See also: Trapdoor function (it's not so related as it might seem at first).

12/1/13

Public Cryptographic Algorithms, Key Lengths & Security.

Quality Cryptographic Algorithm should not rely on it's secrecy. In fact, best Cryptographic Algorithms are known and thoroughly tested.

Small-sized-length keys can be computed by supercomputers, thus broken by antiterroristic organizations easily. But longer-length keys are dangerous.

For more details, see Literature: [8], [3].

Block Ciphers.

A block cipher is an encryption function for fix-sized blocks.

Given n-bit sized block 'p', encryption function Ek(p) will encrypt that block using key 'k'.

It can be compared to a lookup table where for each pair (k,p) encrypted block 'c' of size equal to size of block 'p' can be produced.

A n-bit block cipher can be compared to lookup table of size 2n, with each element consisting of n bits.

Such cipher's encryption can be reversed.

For more details, see Literature: [8], [3].

See also: Block Cipher Modes.