Truth, Computing and Fail » Security

One time XOR pad with /dev/urandom

anomit — Thu, 26 Jun 2008 20:59:08 +0000

I made one I think doing a md5 hash of the resulting ciphertext would add an extra layer of security. What do the others think of this idea? Of course, the safe storage and transmission of the XOR key becomes an issue. Check the code and see if you could come up with suggestions to optimize it. I particularly don’t like the exponential order for loop at the very end. The XOR key is stored in the xor-key file in the same directory where the code is run.

import sys

if len(sys.argv)<=1:
	print 'Usage: python basicsalt.py '
	sys.exit(1)

frandom=open('/dev/urandom','r')  #open the random device
fpickle=open(sys.argv[1],'r')	#open the input file in read-only mode
bytes=1024

key=open('xor-key','w')	#open/create the xor-key file

picklebuf=fpickle.read() #read the input file
fpickle.close()

fpickle=open(sys.argv[1],'w')	#open the input file in write mode
				#the ciphertext is stored in the same file
tempicklebuf=''			#temporary buffer for storing the ciphertext

fileLen=len(picklebuf)
print fileLen

#a function that doesn't exactly 'add' the salt in the classical sense of the term
def addsalt(pb,sb,fileLen):
	global tempicklebuf
	for i in range(fileLen):
		tempicklebuf+=chr(ord(pb[i]) ^ ord(sb[i]))	#just plain XOR

bufsalt=frandom.read(fileLen)
addsalt(picklebuf,bufsalt,fileLen)
key.write(bufsalt)

fpickle.write(tempicklebuf)
frandom.close()
key.close()

First run of BackTrack2

anomit — Fri, 18 Apr 2008 18:03:12 +0000

Yeah, I know BT3 Beta is doing the rounds but when learning something, I don’t exactly like to walk on the bleeding edge!

The collection of tools is amazing and I don’t even need to go on blabbering about it. Its the distro of choice for security professionals. The multitude of scripts are simply vast each grouped neatly in the appropriate categories for radio analyzing, os fingerprinting, forensics etc etc (heck, I don’t even remember all of them).

I booted into BT2 using the live CD. I prefer the live CD in this case as I don’t exactly wanna mess around with my wireless settings by creating and destroying multiple VAPs. Got down straight to work, fired up airodump-ng. Found a couple of clients connected to the AP near me. Deauth-ed them with aireplay-ng. To make sure it was working, called over a friend to my room, tested the deauth on his laptop and it was working!

Ok, catch up with your breath. This is how I did it:

Created a VAP ath1 in monitor mode
wlanconfig ath1 create wlandev wifi0 wlanmode monitor
I wont even explain how to start up airodump-ng. Its as easy as 1-2-3.

Deauth the clients using the MAC addresses found with aireplay-ng.
aireplay-ng -0 30 -c client MAC address -a access point MAC address ath1
Here -0 means deauth and 30 is the number of deauth requests to be sent.

At this stage, you can easily spoof the MAC address and capture the packets intended to be received by the now disconnected client. Maybe get around MAC based authentication too if that is the first layer of security in a network.
Finally, don’t forget to check out the documentation and tutorials at aircrack-ng.org

Something very volatile

anomit — Thu, 06 Mar 2008 18:05:34 +0000

Came across this some 5 days back on Digg, but was too tired and busy due to exams to post it. Anyways, it had just occurred to me while writing these assembly programs that we unknowingly put a lot of sensitive information in the RAM which maybe in some cases are unavoidable too. Watch the video there too.