Showing posts with label crypto. Show all posts
Showing posts with label crypto. Show all posts

17.5.08

new hardware

i finally have replacement hardware, a Lenovo laptop replete with Windows Vista. Fedora Core 9 comes out on Tuesday, so i'll be jacked up and Linified by Tuesday night and waiting to dump more newbie-hacker crap on y'all. i also have new custom ink lined up for then, and a couple new piercings doing their best to heal up within the confines of my slightly shit immune system, plus new (hot) Scottish nookie, so all in all i'm a pretty happy little bastard right now. i might even have a job.

anyway. few challenges are gonna be working with the Broadcomm chipset for wireless under Core 8 (i seem to remember that needing madwifi), making the weird combo memory card reader and the fingerprint auth device work at all - especially the fingerprinter, i'll be fucking chuffed if i can get that shit working. it's a swiper rather than a presser, too, which makes it harder to hack; i'd want to dust the keyboard, monitor and case for prints, relief one into a mould and make a gelatine finger to test that before i could say i was sure though. biosecurity is pretty cool, but we've all seen it's far from infallible.

does give me a little more trust in Windows, though, although disturbingly i don't think the regular auth protocol has been disabled in favour of fingerprints. i'd have passwords required as well as prints, or as a backup only if the prints failed, but not as an either-or option...

so kids, fingerprints are fun but won't keep the robbers away, Scots are all hardcore motherfuckers, and remember - Tramadol fucks you up.

L

3.3.08

tag recognition program, rudimentary draft

/* rfid-mod
* simplistic rfid recog program heavily based on Phidgets Inc's RFID-simple
* version: 0.1b
* author: Lepht Anonym */


#include
#include

/* attachHandler
* displays status to the terminal */
int attachHandler(CPhidgetHandle reader, void *userPointer)
{
int serial;
const char *name;

CPhidget_getDeviceName (reader, &name);
CPhidget_getSerialNumber(reader, &serial);
printf("%s %10d attached.\n", name, serial);

return 0;
}

/* detachHandler
* displays status to the terminal */
int detachHandler(CPhidgetHandle reader, void *userPointer)
{
int serial;
const char *name;

CPhidget_getDeviceName (reader, &name);
CPhidget_getSerialNumber(reader, &serial);
printf("%s %10d detached.\n", name, serial);

return 0;
}

/* errorHandler
* prints errors to the terminal */
int errorHandler(CPhidgetHandle reader, void *userPointer, int errorCode, const char *unknown)
{
printf("error handled: %i - %s\n", errorCode, unknown);
return 0;
}

/* tagHandler
* turns on the LED port and prints the ID of the tag
* later, it will store the read tag in a local var so it can be verified as either matching L's or not
* pls note this is not a secure thing to do as the tag value could be strings'd out of the program (should hash'n'md5 instead) */
int tagHandler(CPhidgetRFIDHandle reader, void *userPointer, unsigned char *tag)
{
int i;
CPhidgetRFID_setLEDOn(reader, 1);
printf("got tag: ");
for(i = 0 ; i < 5 ; i++) printf("%02x ", (*(tag+i))&0xff);
printf("\n");
return 0;
}

/* tagLostHandler
* turns off the LED port and prints the ID of the lost tag to the terminal */
int tagLostHandler(CPhidgetRFIDHandle reader, void *userPointer, unsigned char *tag)
{
int i;
int var[5];
CPhidgetRFID_setLEDOn(reader, 0);
printf("tag lost: ", tag);
for(i = 0 ; i < 5 ; i++) printf("%02x ", (*(tag+i))&0xff);
// store that same data as a variable:
for(i = 0; i < 5; i++) { var[i] = (*(tag+i)&0xff); }
// TODO check that the separate parts of the var array match L's implant
printf("\n");
return 0;
}

/* displayProperties
* displays the data about a physical reader to the terminal */
void displayProperties(CPhidgetRFIDHandle reader)
{
// declare variables for the data and a buffer to store device type in:
int serial, version, outputs, antennaStatus;
const char* type;

// get data from the device:
CPhidget_getDeviceType((CPhidgetHandle)reader, &type);
CPhidget_getSerialNumber((CPhidgetHandle)reader, &serial);
CPhidget_getDeviceVersion((CPhidgetHandle)reader, &version);
CPhidgetRFID_getNumOutputs(reader, &outputs);
CPhidgetRFID_getAntennaOn(reader, &antennaStatus);

// print to the terminal:
printf("%s\n", type);
printf("serial number: %10d\nversion: %8d\n", serial, version);
printf("number of digital outputs: %d\n\n", outputs);
printf("antenna status: %d\n", antennaStatus);
}

/* main
* administrates */
int main(int argc, char* argv[])
{
const char *error;
int result;

// declare and create a handle for the reader:
CPhidgetRFIDHandle reader = 0;
CPhidgetRFID_create(&reader);

// set handlers for device and tag events:
CPhidget_set_OnAttach_Handler((CPhidgetHandle)reader, attachHandler, NULL);
CPhidget_set_OnDetach_Handler((CPhidgetHandle)reader, detachHandler, NULL);
CPhidget_set_OnError_Handler((CPhidgetHandle)reader, errorHandler, NULL);
CPhidgetRFID_set_OnTag_Handler(reader, tagHandler, NULL);
CPhidgetRFID_set_OnTagLost_Handler(reader, tagLostHandler, NULL);

// open device:
CPhidget_open((CPhidgetHandle)reader, -1);

// wait for the physical RFID reader device to be attached:
printf("polling for physical device presence...");
if((result = CPhidget_waitForAttachment((CPhidgetHandle)reader, 10000)))
{
CPhidget_getErrorDescription(result, &error);
printf("device error: %s\n", error);
return 1;
}

// activate the antenna and display properties to the terminal:
CPhidgetRFID_setAntennaOn(reader, 1);
displayProperties(reader);

// keep the program open until the user is done:
printf("now scanning for tags.\nhit any key and enter to end session.\n");
getchar();

// close the device and free the memory back up:
printf("closing...\n");
CPhidget_close((CPhidgetHandle)reader);
CPhidget_delete((CPhidgetHandle)reader);
return 0;
}

27.2.08

boku wa user ga hanasemasen

man, i now know what the word overload truly means. i'm trying to make a C program display tag output correctly, prototype a game-selling system interface, build (and understand) analogue sensors for my team's stupid-ass Lego robot, figure out how many photons per second are given off by a fucking 200W lightbulb (undergraduate quantum physics course), do laundry, read Anderson's seminal security engineering text, fix my damn Atheros card and calculate a dosage of dihydrocodeine that results in neither me bitchslapping my robotics team because the pain is pissing me off nor passing out in the corridors and getting groped and/or looted by the unscrupulous. it's a riot, sure, i'm as wired as i've ever been without the use of schmethamphetamines (fuck you, Google spider), but without stimulants, i just fucking collapse.

so instead of actually working, i'd like to point y'all to LSO's challenge server, challenge.learnsecurityonline.com. that's why i'm still up at 3:30: it feels so good to get root, you'll forgo sleep.

which leads me to my actual point: techheads are always percieved as being isolated from "real life" (i'm not gonna go into the semantic idiocy of that phrase right now), but up until now i've seen that as a kind of stupid myth. this last month or so has really changed my mind.

starting up, people's reactions to the kind of shit that doesn't even get a shrug from a hacker. the chip in my hand inspires about 1 "hey that's cool" or "you could use that for X random application" for every 99 "oh my god that's so fucking gross get that the fuck out of your body you fucking headcase". i've been seeing weird discrepancies in how tech people react to the world compared to the machine-illiterate, too: walking into a classroom with two unlabelled doors, i say to the guy next to me, "you know, that's really bad interface design", and then realise that's a fucking stupid thing to think. likewise, i keep trying to hit Ctrl-C Ctrl-V when faced with having to copy out bits of meatspace paper, and forgetting not to use the word meatspace when that's where i am, and i know there are guys out there way worse than me.

the problem is, that doesn't only isolate you from students, it gives tech itself a bad image. it also makes it virtually impossible to interact with endusers and clients meaningfully - you write in your docs, "bitsetq -a -f -x -q" and your users look at you and go, "hay lepht wtf is terminal anyways?" equally, students who listen to you won't ask questions if they hear one huge pile of jargon and unfamiliar concepts, they just give up. i'm gonna have to learn to act like a normal human being if i wanna deal with these people, and that's a huge part of what my job involves.

i think i've been in denial about that, trying to convince myself i think the same way as a social scientist or a historian, and it's seeming more and more like i was bullshitting myself. i guess we all gotta learn to speak user; seems to me like otherwise, users won't speak to us.

L

10.9.07

virus autopsy: ILOVEYOU, part 1

*click* 2213 hours. subject... whoof, subject's been in the virus mortuary for a good long while now, that's disgusting. subject appears to have been a VBScript email-propagator by the name of ILOVEYOU, recieved as an attachment and requiring a manual launch by the user to activate.

scalpel. thorax incision reveals...

001 rem barok -loveletter(vbe) (i hate go to school)
002 rem by: spyder / ispyder@mail.com / @GRAMMERSoft Group / Manila, Philippines
003
004 On Error Resume Next
005 dim fso, dirsystem, dirwin, dirtemp, eq, ctr, file, vbscopy
006
007 eq = ""
008 ctr = 0
009 set fso = CreateObject("Scripting.FileSystemObject")
010 set file = fso.OpenTextFile(WScript.ScriptFullname, 1)
011 vbscopy = file.ReadAll
012
ach, handkerchief. handkerchief! thankyou nurse. aside from an infestation of bad English, subject is Filipino and seems to have been healthy at time of death. here you see the variable declarations, all in good health, and the inelegant initialisations of three of them just to read the filesystem... i'll remove them and go under the ribcage.
013 main()
014
015 sub main()
016 On Error Resume Next
017 dim wscr,rr
018 set wscr=CreateObject("WScript.Shell")
019 ' checks the time out of Windows scripting host
020 rr=wscr.RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout")
021 if (rr>=1) then
022 ' change the script to endless:
023 wscr.RegWrite(HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout", 0, "REG_DWORD")
024 end if
alright, hold it there, nurse. you see that? the thing's setting the Windows Scripting virtual machine's timeout to zero, to stop it from timing out and exiting before the script is finished. devious, but not devious enough... i think we're done for tonight, nurse.

next time, we're gonna be getting to the real meat of this autopsy - i'll be dissecting the main processes of the virus, and you'll get to be personally splattered in the gore.

15.8.07

but i am invincible!

today, we sit our asses down in the morgue of the computer world, the University lab, for a simple post-mortem. as you've probably gathered, the networks i get to play with here are huge; massive, dynamic systems, thousands of terminals, hundreds of printers, upwards of twenty main servers and i don't even wanna know how many miles of base-1000 cable. it's fairly well-secured, and not thanks to me (hell, i didn't set the security systems up): the labs are secured by swipecard access, you can't logon without a current username and password, and the password system is... adequate. the Unix servers are actually very well-defended, i can tell you.

and yet it's not secure. it is possible to hack the main server in three steps.

i'll give you a hint: the first step is to walk up the stairs to the helpdesk, which is in the Department's offices and not the Directorate's: the Department is the teaching arm of Computing, whereas the Directorate handles the running of labs, the wireless, username allocation, email and all the rest of the machine shit that the non-inducted use on a daily basis.

winner is the first who can tell me how. there's no prize, just glory.

26.7.07

crypto? is that some Southern kid's name?

i'm always amazed at this. on looking at the passwords for a small section of a network, i found that despite the strict password policy, all the passwords but three - out of several hundred - were words. the policy demands alphanumerics and mixed case, so most users had a "Password123"... oy.

i asked a couple other users what the hell was with that. the response?

"Well, normal people can't remember codes."

like fuck they can't. i'm a normal person, apart from being slightly better educated than the general public, and i remember about 10 different alphanumeric codes with random punctuation marks for all the different shit i have to authenticate to in a day (use mnemonics!). if you have to use each code once or twice a day, it really isn't difficult to memorize them; and these other students only have the one system password that's enforced to be so complex. the rest of their passwords, for all the things i keep seeing them wasting their time with - Bebo or Myspace, usually (you know what i think of Bebo and Myspace) - are set by themselves, of course, and they're uniformly simple.

so what's the problem? why can't you remember one code? i guess that's a question for a psychologist. my problem with this is that when they can't remember it, they write it down; and when they write codes down, the security of our collective system is down to someone not finding the paper.

obviously, that ain't acceptable. my solution with my own citadel was to implement a token system, which i'm in the process of linking to a chip in my hand (more on that when it's more developed) - and i'm unfortunately not allowed to RFID my compatriots. but i still think the token idea stands, and i'd kill to have a say on whether or not it's implemented here.

here's how the simplest token protocol works, from the seminal textbook, Ross Anderson's Security Engineering:

you have a token, a little transponder thing that can be shaped like a key, or a button, or even embedded in your ID card or something. i have a gate, or a door. you walk up to the door, and your token sends a string to the door's reciever:

token -> gate: serial number, {serial number, onetime number}


the stuff in braces is encrypted under a key known to both the transponder and the reciever, meaning my gate can then decrypt it, check that the two serial numbers match, check that the onetime (Anderson calls it a nonce, but in my country that's slang for a child molester...) hasn't been used already (this way i know you're not just replaying someone else's earlier access attempt) and lets you in.

now, replace the gate with the logon system, and you're flying. it's a little more difficult than that, unfortunately, so i won't be seeing it around here anytime soon. unfortunately, the fact remains:this kind of system is the only way to let normal people slack off remembering their codes.

so: either ya remember your damn password, or you let a totally non-medically qualified, slightly paranoid security nut embed machinery in your hand. okay?

...where are you going?


Lepht