LSB new twist : text based Stegnograph

Today i am going to discuss about a simple twist in existing Stegnography and text base data hiding techniques. While creating challenges for Preconference hacking challenge “HACKIM” for nullcon conference. we cameup with text based LSB hiding challenge as crypto challenge part 5. today i am releasing tools i used to encoding and decoding such values.

The basic prremise behind the tool is the simplest Image based Stegnographic technique where data is hidden in the least significant bit of the Pixel. Here we implemented the same principle on a normal text. The difference in both is in case of the image there is very less distortion and original image is looks pretty much the same however in text implementation the text looks a lot different.

Example

text to hide = a

binary of text to hide = 01000001

So for this we need a cover of size = 8char

lets assume the cover is abcdefgh

We will replace the LSB of each character with one bit of the text which we need to hide. starting from HSB to LSB of text.

S.NoTextbinaryconverted BinaryFinal Text
1a0110000101100000`
2b0110001001100011c
3c0110001101100011c
4d0110010001100100d
5e0110010101100100d
6f0110011001100110f
7g0110011101100110f
8h0110100001101001i

now this new text could be send across

final text becomes `ccddffi

Now as we can see the text is changed a lot however the important thing to remember is first and formost the cover is extracted and is most easily available.

by just random variation of 1 and 0 you can get the actual value.

Here is an funny tip

Make your envelop text something interesting so that focus shifts on the envelope rather then the variation in data.

For the above task to be simplified i wrote simple encode and decode scripts as listed below. (Scripts are at there crude level’s right now may improve on them if the need arises.)

Encode

#License : GPL2
#License File : http://www.gnu.org/licenses/gpl-2.0.html
import sys
Key="CoDe"
Cover="Secret is hidden at /home/anant/"
km=""
if (len(Key) * 8) == len(Cover):
	print "Original : " + Cover
	for k in Key:
		km += bin(ord(k))[2:].zfill(8)
	sys.stdout.write("Conceled : ")
	i=0
	for c in Cover:
		y=bin(ord(c))[2:].zfill(8)
		s = list(y)
		s[7]=km[i]
		i+=1
		sys.stdout.write(chr(int('0b' + "".join(s),2)))
	print ""
else:
	print "Invalid Cover Size : " + str(len(Cover)) + " : " + str((len(Key) * 8))

Decoding

#License : GPLv2
#License URL : http://www.gnu.org/licenses/gpl-2.0.html
import sys
crypt="Rebrdt!ir!iheeeo at .inld/an`ot/"
cnt=0
decode=list()
#print len(crypt)
if (len(crypt) % 8) == 0:
	for c in crypt:
		y=bin(ord(c))
		decode.append(y[len(y)-1])
		cnt = cnt + 1
		if (cnt % 8 == 0):
			sys.stdout.write(chr(int('0b' + "".join(decode),2)))
			decode = []
else:
	print "Invalid Input"
print " "

Hope people might find some use of this somewhere..

Standalone Perl on Android

In simmilar lines to standalone python this is the code that could be used for running standalone perl applications.

This script again tries to address some very basic issues.

1) non availability of direct perl calling mechanism while using terminal emulator.

2) Environmental limitations.

3) you can’t pass command-line arguments.

Script enclosed Here

#License: GPLv2 or later
#License URI: http://www.gnu.org/licenses/gpl-2.0.html
PW=`pwd`
cd $PW
export PERL5LIB="/sdcard/haxdroid/perllib"
/data/data/com.googlecode.perlforandroid/files/perl/perl "$@"

this script allows for following things

1) allow us to use this shell script to call perl directly.

2) allows for command line argument passing.

3) relative path references are now working

 

I have named this script as py and placed it in /system/bin/pl location

so basically copying this script in a text file say pl.txt

adb push pl.txt /system/bin/pl

adb shell chmod 04755 /system/bin/pl

 

As always this depends on perl4aandroid project for running properly, you can download from here
https://android-scripting.googlecode.com/files/perl_for_android_r1.apk

DroidCAT – Android Application collection for Security professionals

After a gap of 1 month finally releasing the droidcat application.

DroidCAT application is developed as part of HaXdroiD project which is right now in closed tested status.

Lets talk about DroidCat today.

What is Cat-Droid?
DroidCat is inspired by firecat and aims to be a one stop solution to finding all
ethical hacking / information security related application published in android domain.
This Application is also a part of HaXdroiD suite which aims to empower the
Android handset for Penetration Testing purposes.

So now lets not wait head over to the android market and download the application.

DroidCAT

Whitepaper : Security Issues in Android Custom ROM's

Today i am releasing the paper which i presented recently at C0C0N conference at ernakulam. this paper outlines where security misconfiguration that can lead to device compromise, data theft and so on.
Hope this helps in secure development and deployment of custom ROM’s.

http://anantshri.info/articles/android_cust_rom_security.html

The link contains download for both my slidepack as well as the complete whitepaper.

also a crude application is created and uploaded on android market which can help in identifying the issue.

https://market.android.com/details?id=anant.hax.aui

Android : Running Standalone Python

This is not yet another post on  android-scripting project or SL4A or python for android.

This post is for a specific purpose to empower the terminal again and make users again feel the power of terminal.

Current state we can run perl, python, PHP, ruby, beanshell in SL4A interface or as a standalone apk with modifications.

so here is the bad part

1) you can’t run applications on console directly.

2) you have environmental limitations.

3) you can’t pass command-line arguments.

for a normal person these could be some limitations however for some including myself THESE are the limitations.

so while searching for solution i have came across this script

Here is a modified version of the same making sure the awesomeness embedded

#License: GPLv2 or later
#License URI: http://www.gnu.org/licenses/gpl-2.0.html
PW=`pwd`
export EXTERNAL_STORAGE=/mnt/sdcard
export LANG=en
PYTHONPATH=/mnt/sdcard/com.googlecode.pythonforandroid/extras/python
PYTHONPATH=${PYTHONPATH}:/data/data/com.googlecode.pythonforandroid/files/python/lib/python2.6/lib-dynload
export PYTHONPATH
export TEMP=/mnt/storage/com.googlecode.pythonforandroid/extras/python/tmp
export PYTHON_EGG_CACHE=$TEMP
export PYTHONHOME=/data/data/com.googlecode.pythonforandroid/files/python
export LD_LIBRARY_PATH=/data/data/com.googlecode.pythonforandroid/files/python/lib
cd $PW
/data/data/com.googlecode.pythonforandroid/files/python/bin/python "$@"

Line no 1,3,11 are the changes that i made.

These changes allow for following things.

1) allow us to use this shell script to call python.

2) allows for command line argument passing.

3) relative path references are now working

however we also need to understand the importance of Sl4A style project these project provide native applications a direct option to interact / create native UI. (dialog box, button, texts etc)

I have named this script as py and placed it in /system/bin/py location

so basically copying this script in a text file say py.txt

adb push py.txt /system/bin/py

adb shell chmod 04755 /system/bin/py

gives you python shell on your android terminal.

Right now i am working towards making various tools of trade available on terminal.

I will be keeping a track my progress at XDA developer forum thread linked here.

 

MyLife : Hack : Yahoo Open HackDay 2011

Open Hack India

Open Hack India 2011

This was my first time attending Yahoo open hackday the event is all fun and a quick way to hacking onto the yahoo api’s.

I specifically focused on one API YQL, which basically claims to do the following


select * from internet

now that raises an eyebrow, in simpler term this is what is we can call a content scrapper’s dream, we get as less as 1000+ data tables which allow us to interact with various websites using well known sql standards.

here we can keep adding more and more tables if needed otherwise we can always revert back to generic tablees like

select * from rss where url =”http://blog.anantshri.info/feed/”

the thing that i like the most was they have given a direct access in the form of yql console you can check that by clicking the above link

http://developer.yahoo.com/yql/console/

I have been trying my luck to brew something for my self and a long lasting itch came back to me and i thought lets try solving the etch here.

so my hack for open hackday 2011 was : MY Life : a social content feed aggregation widget.

basically what i am doing is listed here in simplest terms.

1) take simple userid/username from users for various social networking sites.

2) create a unified feed based on user inputs

3) provide widget (HTML/JS) and PHP code to be used on site based on the user need.

So here is the hosted version of Hack

http://anantshri.info/openhack/mylife/

Note : YQL has rate limit and hence will only be able to fetch content for 10000 times a day. so if you do find output missing then its a good news for me basically my site has crossed 10000 users .

White Paper : Web Application Finger Printing : Methods/Techniques and Prevention

Today I am presenting my work for past some days in form of a white paper.

This white paper basically outlines the automated finger printing methods, techniques and ideas for prevention automated methods to work on your site.

BTW those who are having wappalyzer on there browsers just enjoy visiting my Joomla Powered Website. 😀

Here is the link for HTML version of the paper which also includes the PDF version for download.
Web Application finger printing : Methods/Techniques and Prevention
Waiting to hear from the fellows (I am expecting rebuke, criticism, and a bit of appreciation if its worth it)

Chrome Extensions for Security Professionals

Google Chrome Extensions

During Recent days we have seen a phenomenal increase in usage of Google Chrome Browser, however Security Professionals are still looking at Firefox for there day to day life usage, the basic reason behind it is large set of firefox extensions backing it up, we have also custom builds like OWASP Mantra doing the round.

So for those who love using Google Chrome and still miss the large plugin base here is a list of must have plugin set for the Security professional’s.

Note : Usage could be offensive and defensive both, its upto the user to decide. the content here is for informational purpose only

CAUTION : LONG POST …. continue below only if you can give time coz this post is large.

Continue reading