As presented to the Tulsa Chapter of the Information Systems Audit and Control Association (ISACA) On April 28, 2011 Many thanks to the Tulsa Chapter And Mr. Jon Williams Vice President Copyright 2011 – mlcu.com 1 01010100 01101000 01100101 00100000 01010100 01110101 01101100 01110011 01100001 00100000 01001001 01010011 01000001 01000011 01000001 00100000 01100111 01110010 01101111 01110101 01110000 00100000 01101001 01110011 00100000 01101000 01100001 01110110 01101001 01101110 01100111 00100000 01101100 01110101 01101110 01100011 01101000 00100000 01100001 01110100 00100000 01000110 01101100 01100101 01101101 01101001 01101110 01100111 01110011 00101110 00100000 01001100 01110101 01101110 01100011 01101000 00100000 01101001 01110011 00100000 01100001 01101100 01110111 01100001 01111001 01110011 00100000 01100111 01101111 01101111 01100100 00100000 01110100 01101000 01100101 01110010 01100101 00101110 What Is Data? What is Digital Data? Code Sheets, Error Levels and Endians Oh My! Benjamin Davies CISSP, CISA, CM, CSM, ITILv3 Presentation contains an extensive notes section Copyright 2011 – mlcu.com 3 What Will We Need to Know? • Code Sheets – ASCII is the most likely but there are thousands and thousands. • Error levels – EVERY operation produces an error code. Mostly it is “error level 0” Meaning everything is OK, some are flags. • Protocols – A list of the rules we will operate under. • Endians – Determines where to start counting the bits. Copyright 2011 – mlcu.com 4 Copyright 2011 – mlcu.com 5 0 1 2 3 4 5 6 7 0000 0001 0010 0011 0100 0101 0110 0111 8 9 A B C D E F 1000 1001 1010 1011 1100 1101 1110 1111 Hex to Binary 6 Code Sheet to HEX to Binary 8 4 2 1 8 4 2 1 0 1 0 0 1 1 0 0 4 C CodeSheetValue 128 64 0 1 32 16 8 4 2 1 0 0 1 1 0 0 76 CodeSheetValue 7 01010100 01101000 01100101 00100000 01010100 5 4 6 8 6 5 2 0 5 4 01110101 01101100 01110011 01100001 00100000 7 5 6 C 7 3 6 1 2 0 01001001 01010011 01000001 01000011 01000001 4 9 5 3 4 1 4 3 4 1 00100000 01100111 01110010 01101111 01110101 01110000 00100000 01101001 01110011 00100000 01101000 01100001 01110110 01101001 01101110 01100111 00100000 01101100 01110101 01101110 Copyright 2011 – mlcu.com 01010100 01101000 01100101 00100000 01010100 5 4 T 6 8 h 6 5 e 2 0 5 4 T 01110101 01101100 01110011 01100001 00100000 7 5 u 6 C l 7 3 s 6 1 a 2 0 01001001 01010011 01000001 01000011 01000001 4 9 I 5 3 S 4 1 A 4 3 C 4 1 A 00100000 01100111 01110010 01101111 01110101 2 0 6 7 g 7 2 6 F 7 5 01110000 00100000 01101001 01110011 00100000 7 0 2 0 6 9 7 3 2 0 01101000 01100001 01110110 01101001 01101110 6 8 6 1 7 6 6 9 6 E 01100111 00100000 01101100 01110101 01101110 Copyright 2011 – mlcu.com 11 Copyright 2011 – mlcu.com 12 Side note on the tools used. • We are using a music player but this is just a stand-in for ANY program • A text editor (notepad++) • A Hash Calculator (HashCalc), • A Hex Editor (CygnusHex). • Frhed (Free Hex Editor). Copyright 2011 – mlcu.com 13 Encryption • Exclusive OR a string of text (called plain text) in binary, with a string of text (called the encryption string) and call the result cypher text. • Send the cypher text to a recipient who XORs the string of text used to encrypt and the result is the original text Copyright 2011 – mlcu.com 14 XOR • Exclusive OR – is like adding without carrying the 1. There is a more accurate definition but this is good for us at the moment. • • • • 0 xor 0 = 0 0 xor 1 = 1 1 xor 0 = 1 1 xor 1 = 0 Copyright 2011 – mlcu.com 15 Encryption with XOR • Plain text binary string (AbCd 41,62,43,64) • Encryption string (Key$ 4B,65,79,24) • Cypher text (..:@ 0A,07,3A,40) 01000001 01100010 01000011 01100100 01001011 01100101 01111001 00100100 00001010 00000111 00111010 01000000 Copyright 2011 – mlcu.com 16 Encryption with XOR • Cypher text (..:@ 0A,07,3A,40) • Encryption string (Key$ 4B,65,79,24) • Plain text binary string (AbCd 41,62,43,64) 00001010 00000111 00111010 01000000 01001011 01100101 01111001 00100100 01000001 01100010 01000011 01100100 Copyright 2011 – mlcu.com 17 Copyright 2011 – mlcu.com New Flag of Freedom XOR to get Parity • If I can XOR two bits… Then I should be able to XOR a series of bits (parity). 10101010 = 0 00000001 = 1 11111100 00110101 01101100 = 0 Copyright 2011 – mlcu.com 19 and … • XOR is good for digital signatures, checksums Copyright 2011 – mlcu.com 20 • • • • • GIFs are lossy in color if your original image had more than 256 colors, as it only uses an 8 bit palette. A good image editing program will pick the optimum 256 color palette when saving (the bundled MS Paint program is not a good program by that criterion) When saving PNGs, a good image editor will allow you to choose 24 bit color, for image file storage that is about as lossless as it gets. For photos this is fine. However, the question you have to ask yourself for graph images is “do I need millions of colors?” and the answer if you haven’t chosen fancy visual effects like fading backgrounds is “No!” Color depth is the hidden cost of image file size that many people forget when they’re trying to squeeze down file size. If you have a very good image editor (I use Paint Shop Pro for all my graphs) you can choose an exact number of colors, and I find 16 colors (4 bits) or fewer will often do the job just fine. PNG and GIF, when saving with the same small number of colors, do just about as well as each other in compression. I find GIF has the same size whether the image is interlaced or non-interlaced, interlaced PNG is a bit bigger than GIF, and non-interlaced PNG is a bit smaller than GIF. So non-interlaced PNG, with the minimum number of bits necessary to give you all the colors you want, gets you the smallest files per displayed pixel. GIF is a very close second. Copyright 2011 – mlcu.com 21 Binary describes color, sound, shapes, and other data. Copyright 2011 – mlcu.com 22 Bitmap in hex editor Copyright 2011 – mlcu.com 23 Flags, error levels 1 -> 00000001 2 -> 00000010 4 -> 00000100 8 -> 00001000 16 -> 00010000 32 -> 00100000 64 -> 01000000 128 -> 10000000 Copyright 2011 – mlcu.com 24 ASCII test available but that does not have a key… ALT 168 question mark ALT 174 Copyright 2011 – mlcu.com £ 156 ° 0176 ² 0178 ☻ 2 ♥ 3 ♦ 4 ♣ 5 ♠ 6 ♪ 13 ♫ 14 § 21 ¿ 168 ½ 171 ¼ 172 ¡ 173 ± 241 ÷ 246 ≈ 247 25 RWX-RWX-RWX Unix file permissions set by a series of three bit binary flags. One set for User, Group, All. 4 2 1 4 2 1 4 2 1 r w x r w - r - - 7 6 Copyright 2011 – mlcu.com 4 26 IP Addresses 128 64 32 16 8 4 2 1 1 1 1 1 1 1 1 1 255 128 64 32 16 8 4 2 1 1 1 0 0 0 0 0 0 192 128 64 32 16 8 4 2 1 0 1 1 1 1 1 1 1 127 128 64 32 16 8 4 2 1 1 0 1 0 1 0 0 0 168 Copyright 2011 – mlcu.com 27 MAC Address Copyright 2011 – mlcu.com 28 Packet Sniffer Copyright 2011 – mlcu.com 29 The GET packet. Copyright 2011 – mlcu.com 30 01010100.01101000.01100001.01101110.01101011.00100000. 01111001.01101111.01110101.00100000.01100110.01101111. 01110010.00100000.01111001.01101111.01110101.01110010. 00100000.01100001.01110100.01110100.01100101.01101110. 01110100.01101001.01101111.01101110.00101110.00100000. 01001000.01100001.01110110.01100101.00100000.01100001. 00100000.01100111.01110010.01100101.01100001.01110100. 00100000.01100100.01100001.01111001.00100001. 54.68.61.6E.6B.20. 79.6F.75.20.66.6F. 72.20.79.6F.75.72. 20.61.74.74.65.6E. 74.69.6F.6E.2E.20. 48.61.76.65.20.61. 20.67.72.65.61.74. 20.64.61.79.21. Thank you for your attention. Have a great day! Copyright 2011 – mlcu.com 31