One time XOR pad with /dev/urandom

anomit | June 27, 2008

I made one :) I think doing a md5 hash of the resulting ciphertext would add an extra layer of security. What do the others think of this idea? Of course, the safe storage and transmission of the XOR key becomes an issue. Check the code and see if you could come up with suggestions to optimize it. I particularly don't like the exponential order for loop at the very end. The XOR key is stored in the xor-key file in the same directory where the code is run.

PYTHON:
import sys

if len(sys.argv)<=1:
    print 'Usage: python basicsalt.py <input file>'
    sys.exit(1)

frandom=open('/dev/urandom','r')  #open the random device
fpickle=open(sys.argv[1],'r')   #open the input file in read-only mode
bytes=1024

key=open('xor-key','w') #open/create the xor-key file

picklebuf=fpickle.read() #read the input file
fpickle.close()

fpickle=open(sys.argv[1],'w')   #open the input file in write mode
                #the ciphertext is stored in the same file
tempicklebuf=''   #temporary buffer for storing the ciphertext

fileLen=len(picklebuf)
print fileLen

#a function that doesn't exactly 'add' the salt in the classical sense of the term
def addsalt(pb,sb,fileLen):
    global tempicklebuf
    for i in range(fileLen):
        tempicklebuf+=chr(ord(pb[i]) ^ ord(sb[i]))  #just plain XOR

bufsalt=frandom.read(fileLen)
addsalt(picklebuf,bufsalt,fileLen)
key.write(bufsalt)

fpickle.write(tempicklebuf)
frandom.close()
key.close()

Comments
2 Comments »
Categories
Coding, GNU/Linux, Security
Tags
,
Comments rss Comments rss
Trackback Trackback

First run of BackTrack2

anomit | April 18, 2008

Yeah, I know BT3 Beta is doing the rounds but when learning something, I don't exactly like to walk on the bleeding edge!

The collection of tools is amazing and I don't even need to go on blabbering about it. Its the distro of choice for security professionals. The multitude of scripts are simply vast each grouped neatly in the appropriate categories for radio analyzing, os fingerprinting, forensics etc etc (heck, I don't even remember all of them).

dsc00123.JPG
I booted into BT2 using the live CD. I prefer the live CD in this case as I don't exactly wanna mess around with my wireless settings by creating and destroying multiple VAPs. Got down straight to work, fired up airodump-ng. Found a couple of clients connected to the AP near me. Deauth-ed them with aireplay-ng. To make sure it was working, called over a friend to my room, tested the deauth on his laptop and it was working!

dsc00125.JPG
Ok, catch up with your breath. This is how I did it:

Created a VAP ath1 in monitor mode
wlanconfig ath1 create wlandev wifi0 wlanmode monitor
I wont even explain how to start up airodump-ng. Its as easy as 1-2-3.

Deauth the clients using the MAC addresses found with aireplay-ng.
aireplay-ng -0 30 -c client MAC address -a access point MAC address ath1
Here -0 means deauth and 30 is the number of deauth requests to be sent.

At this stage, you can easily spoof the MAC address and capture the packets intended to be received by the now disconnected client. Maybe get around MAC based authentication too if that is the first layer of security in a network.
Finally, don't forget to check out the documentation and tutorials at aircrack-ng.org

Comments
2 Comments »
Categories
GNU/Linux, Security, Wireless networks
Tags
, ,
Comments rss Comments rss
Trackback Trackback