Tuesday, December 3, 2013

How does communication protocols exchange streams of data.?

Three Way Handshake :

TCP/IP is the communication protocols used in connecting hosts between internet. Every OS in the market comes with the inbuilt TCP stack in them. Without the kernel's TCP network ,there is no possible data exchange can happen between devices, be it mobile devices, laptops, desktops and any other network hardwares.
Among the 4 layers in the suite, the transport layer takes the responsibility of transmission,error detection,recovery,reliability and session control.



How does the data transmission really takes place?
The blocks of data are sent through the transport layer. Each segment of a message sent from the machine contains a checksum which checks if the data at the receivers's end is correct. If the data received at the destination is undamaged, then an acknowledgement will be sent to the sender machine, else the receiver discards the segment and the sender machine sends all the segments for which a positive acknowledgement has not been received.
This is the frame for a 3-Way HandShake. Three distinct segments are exchanged between the hosts for reliable TCP session to be established.


EVENTDIAGRAM
Host A sends SYN to Host B
Host B receives A's SYN
Host B sends a acknowledgement SYN-ACK to Host A
Host A receives B's SYN
Host A sends a acknowledgement ACK to Host B
Host B receives A's ACK. 
TCP socket connection is ESTABLISHED.
tcp three-way handshake,syn,syn-ack,ack
TCP Three Way Handshake
(SYN,SYN-ACK,ACK)

Steps in the handshake:

Machine A sends a SYN signal to initiate the connection to the target Machine B.
( 1 Shake)
SYN - synchronize sequence number . Its just the sequence number it starts the segment with.
Machine B acknowledges the communication with the SYN-ACK signal. It responds along with sequence number it will start with. (2 Shake)
Machine A, after receiving the acknowledgement from B, checks the SYN number from B and acknowledges the initial sequence number of B. A sends the final ACK signal and starts the data transferring in segments(bits). (3 Shake)

That's why this is called a 3 way Handshake (SYN - SYN - ACK)

TCP/IP is the de-facto standard for transmitting data over internet.


Wednesday, November 13, 2013

Pakistan Hijacked Youtube - Prefix Hijack

Even a single fixed-route attack can destabilize a Network....!

Everyone remembers the time in 2008 when Pakistan Gov. put down orders to officially block YouTube broadcast in Pakistan. In response to this, Pakistan telecom blocked the YouTube telecast by the very old Prefix hijack, which resulted in YouTube being blocked.

How did this happen?

Pakistan Telecom provider tried to block YouTube in their homeland by advertising an unauthorized prefix route, to its providers. This newly defined prefix route ( 208.65.153.0/24) happens to be the more perfect destination route of the Youtube server ( 208.65.152.0/22). The upstream providers of the country relayed it to the Internet World, rerouting all of YouTube's traffic to Pakistan Telecom, thus blocking YouTube for all of its users worldwide.
Within 2 minutes from the first relay of the bad route, almost all the world providers carried the route.
Youtube alerted that the /24 prefix has been hijacked.
All the providers start dropping the erroneous route and carried out the /25 prefix thus getting Youtube back to its users.

Its times like this , the term BGP takes revival and fame. BGP - Border Gateway Protocol used in exchanging routing information within and between Autonomous systems (Google,Bank of America,Samsung,etc). 
This attack states a phenomenon  "Even when a router announces seriously bogus information,it will continue to announce the same bogus information for the duration of its attack".


Wednesday, November 6, 2013

ASSEMBLER - X86


Assembler  --- Assembly instructions into Machine Code Instructions.

When the assembly instructions is sent into the ASM , the named 'variables' are hard-coded as memory address and ;label' variables as code address. Some parts of the prog source are always lost when assembler is used,which is inevitable.


MASM   -  Microsoft Assembler. (Macro Assembler)

  •  Used by Microsoft systems for the low-part definition of the Operating systems.
  •  Used for Intel core.
  •  This is not portable and hence is the disadvantage with other platforms.
TASM   - Turbo assembler
  •  Developed by Borland and used in integration with Borland's software development tools.
  •  This assembler is not free .
NASM   -  Netwide Assembler
  • Free, portable and retargetable. 
  • Can be used both in Linux and Windows systems.
  • Not mature as TASM and MASM,but definitely user-friendly.
FASM  -   Flat Assembler
  • Fast Self-assembling Open-source (X86) assembler .
AT & T Syntax
  • AT&T syntax is different from Intel Syntax, but is used in GAS (GNU Assembler) ,mainly distributed in Unix and Unix-based Systems.
  • GAS is specifically designed to be used as the back-end of GCC (GNU Compiler Collection) package.
  • GCC always feeds it syntactically correct code,GAS often has minimal error checking.
  • GAS syntax can be switched to Intel syntax with the directive  ":intel_syntax noprefix"
  • GAs is automatically installed with GCC or GNU binutils distribution package.
                              

HLA   -   High Level Assemblers
  • An assembler with high-level syntax. 
  • HLA acts as a front-end to other assemblers as FASM, MASM , NASM and GAS. So, the programmer must have another assembler installed to assemble programs with HLA.
  • HLA comes with a comprehensive standard library.
  • HLA syntax is very easy and closely resembles to C.                                                                      
      Example of a HLA code : 
            
            mov (src, dest) ;
            pop(eax) ;
            push(ebp) ;
            for (mov (0, ecx) ; ecx < 10; inc (exc)) do
                    mul (ecx) ;
            endfor ;



Friday, October 25, 2013

Binary Bomb!!!! BOOMMM!!!!

BINARY BOMB - A BOOM at each phase!

A "binary bomb" is a Linux executable C program that consists of six "phases." Each phase expects the user to enter a particular string on stdin. If the user enters the expected string, then that phase
is "defused." Otherwise the bomb "explodes" by printing "BOOM!!!".
The goal is to defuse as many phases as possible without defusing the bomb.



Each bomb phase tests a different aspect of machine language programs:
  Phase 1: string comparison
  Phase 2: loops
  Phase 3: conditionals/switches
  Phase 4: recursive calls and the stack discipline
  Phase 5: pointers
  Phase 6: linked lists/pointers/structs

There is also a "secret phase" that only appears if students append a certain string to the solution to Phase 4. 

Each user gets a unique bomb that they must solve themselves.  The unique
solution to each bomb is available to the instructor.

Catch the source code at Binary Labs: CMU Binary Bomb

Wednesday, October 23, 2013

Disk encryption installation of ArchLinux.

ArchLinux - System Encryption with a keyfile on a external flashdrive/CD/USB:

Script for the arch-linux - full system encryption with a keyfile on a external drive.

#!/bin/bash
modprobe dm_mod
cryptsetup -c aes-xts-plain -s 512 luksFormat /dev/sda2 /mnt/USB/keyfile.jpg
cryptsetup -d /mnt/USB/keyfile.jpg luksOpen /dev/sda2 rootcrypt
mkfs -t ext4 /dev/mapper/rootcrypt
mkfs -t ext4 /dev/sda1
mkdir /mnt/boot
mount /dev/sda1 /mnt/boot
mount /dev/mapper/rootcrypt /mnt
pacstrap -i /mnt base base-devel
genfstab -p /mnt > /mnt/etc/fstab
arch-chroot /mnt
bash
cd //boot
pacman -S syslinux
nano /etc/syslinux/syslinux.cfg
//append the keyfile path//
cryptdevice=/dev/sda2:rootcrypt root=/dev/mapper/rootcrypt ro cryptkey=/dev/disk/by-label/USB:vfat:keyfile.jpg
nano /etc/mkinitcpio.conf
//add encrypt hook //
MODULES="dm_mod vfat ext4"
HOOKS=base udev block autodetect encrypt filesystems
//Save the file and exit//
syslinux-install_update -i
syslinux-install_update -a
syslinux-install_update -m
nano /etc/hostname
passwd
ln -s /usr/share/zoneinfo/America/New_York /etc/localtime
nano /etc/locale.gen
LANG="en_US.UTF-8"
//Save and exit the file//
nano /etc/locale.conf
//Uncomment the en_US.UTF-8 line//
//Save and exit the file//
exit
exit
mkinitcpio -p linux
umount /dev/sda1
reboot