I'm trying to make a simple program in GNU Radio to help understand (and test) the encryption blocks. I have attached a screenshot of my program. Basically, it takes a picture of a cat from a .png file and sends it to another.png file. I sent it three ways so as to see how it behaved. One way went straight from file to file, one went through only encryption, and one went through encryption and decryption. With the lower half of the program (the encryption and decryption) disabled, it works on the first route, but when I enable the lower half in an attempt to simultaneously do all 3 paths, the first path only sends the top half of the cat image, and the other two don't send any data to the files at all. The image of my program can be found in the link above this post. I'm new to this so my apologies if this was a bad post, but thanks in advance for any help.
Related
I have a lot of pcap files containing traces of different JPEG images being transmitted. Each of those images is divided into a couple hundred of packets of base64 encoded data. I have written a program to extract those images.
The problem is that here and there one or a few of these packets are missing.
I would like to recover as much of those images as possible. Currently the extracting software stops whenever a packet is missing and I end up with partial images. When opened in an image viewer, they look normal on the top, but then as soon as a packet is missing the rest of the image is grey due to the missing data.
So I would like to write a program that modifies a pcap file and inserts a dummy packet into the trace whenever a piece of an image is missing. This way, only the portion of the image that is really missing would be greyed out.
What would be an easy way to achieve this? I would appreciate any hints for useful tools/formats etc.
Thanks!
I can easily identify the locations in Wireshark where it would look as follows when following a TCP stream:
...
OJuOhptqVqcJAMzxzXGm7OlhdtuxWB4YtvGVYvd6V4gvUIQNkT7/AErZWaXLy4SpZ2IIA+1V
uHWJbtkPLB3XpXt7bVqMHsi3Cyn06TAI69P61nujdGNdEvCrMW[1368 bytes missing in capture file].eioyN6ANH4fMB3M7YUApIaUTP0r0Hgv8FlIUncjaenvXA/DEBzNSEn4fKUDP
zFegMOZKWkaSIjnt7VTMvgUviY8pvKrpkhBcTISeT0+1cLflTiidyeK7r4g2wfyret7nRpcC
...
But is there a way to automate it? Maybe some other file format that is easier to parse and modify?
You could render what you have into txt, edit it, and then use text2pcap to convert back to pcap.
I'm trying to decode array of bytes from DSP TrueSpeech to PCM.
When we convert this array as part of streaming (divide it to packets) we can hear some strange "Beep" tones after the decoding.
We tried to decode the entire WAV file in one piece and we didn't get those Beeps.
Currently we are using Alvas.net for it, but we tried also with NAudio and got the same reaults?
My questions:
1)Is anyone familiar with this kind of behavior?
2)Do you have an idea what can we do?
Thanks
Ziv
How are you performing the decode? Often codecs maintain internal state, so it's important that you don't keep closing and re-opening the codec for each block of audio that you receive. In NAudio, that means just one AcmStream/WaveFormatConversionStream that everything you receive is passed through.
Also, make sure it is only compressed audio that is being passed into the codec. Sometimes when you receive audio over the network it is contained within some kind of larger packet that contains timing or encoding metadata (e.g. RTP).
At the bottom line, we have the packet data(array of bytes) which we are sending to decode (return as PCM) and then we're writing the new decoded array of bytes in to the new WAV file.
We're defiantly going to try your suggestion regarding the stream with NAudio.
Regarding the bytes we're working on, they don't contain any garbage. We've wrote a tester that stream the file directly (without network) and got the same beep results.
Our solution is working so well with many other codecs (GSM and etc..) and only in true speech we're having this problem.
Therefore it seems to be like some behavior of True Speech codec, but we didn't find any documentation about it.
Thanks Again
Ziv
I want to prevent my file to copy from any devices. Means that i have memory card and when i insert it in any device like android or computer than my file can't copy from that.
Any resources to read or any place that i can get some information about copy preventing
Maybe you could partition the SD card and leave some space unpartitioned and write some magic bytes to it. When your program executes you'll determine the device the application ran from. If this is the SD card you'll try and read the raw bytes from the SD card and compare it with the magic bytes, if the program is not ran from SD card or if the magic bytes do not match it does not execute. Done!
Please don't get me wrong, this won't be easy, but maybe it could work. Copying would still work, but the file will be useless. Also, this is not a ready to made solution, but rather an outline how you could achieve your goal.
For accessing SD-Cards raw data please see
http://www.codeproject.com/Articles/28314/Reading-and-Writing-to-Raw-Disk-Sectors
And for partitioning http://geeks.lockergnome.com/profiles/blogs/how-to-partition-an-sd-card
Goal (General)
My ultimate (long term) goal is to write an importer for a binary file into another application
Question Background
I am interested in two fields within a binary file format. One is
encrypted, and the other is compressed and possibly also encrypted
(See how I arrived at this conclusion here).
I have a viewer program (I'll call it viewer.exe) which can open these files for viewing. I'm hoping this can offer up some clues.
I will (soon) have a correlated deciphered output to compare and have values to search for.
This is the most relevant stackoverflow Q/A I have found
Question Specific
What is the best strategy given the resources I have to identify the algorithm being used?
Current Ideas
I realize that without the key, identifying the algo from just data is practically impossible
Having a file and a viewer.exe, I must have the key somewhere. Whether it's public, private, symmetric etc...that would be nice to figure out.
I would like to disassemble the viewer.exe using OllyDbg with the findcrypt plugin as a first step. I'm just not proficient enough in this kind of thing to accomplish it yet.
Resources
full example file
extracted binary from the field I am interested in
decrypted data In this zip archive there is a binary list of floats representing x,y,z (model2.vertices) and a binary list of integers (model2.faces). I have also included an "stl" file which you can view with many free programs but because of the weird way the data is stored in STL's, this is not what we expect to come out of the original file.
Progress
1. I disassembled the program with Olly, then did the only thing I know how to do at this poing and "searched for all referenced text" after pausing the porgram right before it imports of of the files. Then I searched for words stings like "crypt, hash, AES, encrypt, SHA, etc etc." I came up with a bunch of things, most notably "Blowfish64" which seems to go nicely with the fact that mydata occasionally is 4 bytes too long (and since it is guranteed to be mod 12 = 0) this to me looks like padding for 64 bit block size (odd amounts of vertices result in non mod 8 amounts of bytes). I also found error messages like...
“Invalid data size, (Size-4) mod 8 must be 0"
After reading Igor's response below, here is the output from signsrch. I've updated this image with green dot's which cause no problems when replaced by int3, red if the program can't start, and orange if it fails when loading a file of interest. No dot means I haven't tested it yet.
Accessory Info
Im using windows 7 64 bit
viewer.exe is win32 x86 application
The data is base64 encoded as well as encrypted
The deciphered data is groups of 12 bytes representing 3 floats (x,y,z coordinates)
I have OllyDb v1.1 with the findcrypt plugin but my useage is limited to following along with this guys youtube videos
Many encryption algorithms use very specific constants to initialize the encryption state. You can check if the binary has them with a program like signsrch. If you get any plausible hits, open the file in IDA and search for the constants (Alt-B (binary search) would help here), then follow cross-references to try and identify the key(s) used.
You can't differentiate good encryption (AES with XTS mode for example) from random data. It's not possible. Try using ent to compare /dev/urandom data and TrueCrypt volumes. There's no way to distinguish them from each other.
Edit: Re-reading your question. The best way to determine which symmetric algorithm, hash and mode is being used (when you have a decryption key) is to try them all. Brute-force the possible combinations and have some test to determine if you do successfully decrypt. This is how TrueCrypt mounts a volume. It does not know the algo beforehand so it tries all the possibilities and tests that the first few bytes decrypt to TRUE.
I am new in Flex Environment, specifically flex3. I've been studying it for 1 week.
I have a project which I need FTP to upload and download mp3 and pictures files.
What is the best way to get started?
If you mean creating an FTP client in Flex, it has been done already:
FlexFTP
I used this 2 years ago. It works great but only one thing is missing, and it makes it impossible to use for big files (more than 10 or 50 Mo).
In fact, sockets in Flex have a buffer you can write into, so that data will be sent. But you can not determine how much of the buffer has been sent, nor if it is empty.
So the progress of an upload or the upload completion is impossible to retrieve with flex... maliboo has made an approximation in the pl.maliboo.ftp.invokers.UploadInv class. He sends 4096 every 300 ms, and considere that it is ok.
And this will always be true, because it is the worst case, but when you upload 3Go with a good connection speed, the script will run forever, also the upload is finished.