Code Sheets, Error Levels and Endians Oh My!

advertisement
As presented to the Tulsa Chapter of the
Information Systems Audit and Control
Association (ISACA)
On April 28, 2011
Many thanks to the Tulsa Chapter
And Mr. Jon Williams
Vice President
Copyright 2011 – mlcu.com
1
01010100 01101000 01100101 00100000 01010100
01110101 01101100 01110011 01100001 00100000
01001001 01010011 01000001 01000011 01000001
00100000 01100111 01110010 01101111 01110101
01110000 00100000 01101001 01110011 00100000
01101000 01100001 01110110 01101001 01101110
01100111 00100000 01101100 01110101 01101110
01100011 01101000 00100000 01100001 01110100
00100000 01000110 01101100 01100101 01101101
01101001 01101110 01100111 01110011 00101110
00100000 01001100 01110101 01101110 01100011
01101000 00100000 01101001 01110011 00100000
01100001 01101100 01110111 01100001 01111001
01110011 00100000 01100111 01101111 01101111
01100100 00100000 01110100 01101000 01100101
01110010 01100101 00101110
What Is Data?
What is Digital Data?
Code Sheets, Error Levels and Endians Oh My!
Benjamin Davies
CISSP, CISA, CM, CSM, ITILv3
Presentation contains an extensive notes section
Copyright 2011 – mlcu.com
3
What Will We Need to Know?
• Code Sheets – ASCII is the most likely
but there are thousands and thousands.
• Error levels – EVERY operation produces
an error code. Mostly it is “error level 0”
Meaning everything is OK, some are flags.
• Protocols – A list of the rules we will
operate under.
• Endians – Determines where to start
counting the bits.
Copyright 2011 – mlcu.com
4
Copyright 2011 – mlcu.com
5
0
1
2
3
4
5
6
7
0000
0001
0010
0011
0100
0101
0110
0111
8
9
A
B
C
D
E
F
1000
1001
1010
1011
1100
1101
1110
1111
Hex to
Binary
6
Code Sheet to HEX to Binary
8
4
2
1
8
4
2
1
0
1
0
0
1
1
0
0
4
C
CodeSheetValue
128 64
0
1
32
16
8
4
2
1
0
0
1
1
0
0
76
CodeSheetValue
7
01010100 01101000 01100101 00100000 01010100
5 4
6 8
6 5
2 0
5 4
01110101 01101100 01110011 01100001 00100000
7 5
6 C
7 3
6 1
2 0
01001001 01010011 01000001 01000011 01000001
4 9
5 3
4 1
4 3
4 1
00100000 01100111 01110010 01101111 01110101
01110000 00100000 01101001 01110011 00100000
01101000 01100001 01110110 01101001 01101110
01100111 00100000 01101100 01110101 01101110
Copyright 2011 – mlcu.com
01010100 01101000 01100101 00100000 01010100
5 4
T
6 8
h
6 5
e
2 0
5 4
T
01110101 01101100 01110011 01100001 00100000
7 5
u
6 C
l
7 3
s
6 1
a
2 0
01001001 01010011 01000001 01000011 01000001
4 9
I
5 3
S
4 1
A
4 3
C
4 1
A
00100000 01100111 01110010 01101111 01110101
2 0
6 7
g
7 2
6 F
7 5
01110000 00100000 01101001 01110011 00100000
7 0
2 0
6 9
7 3
2 0
01101000 01100001 01110110 01101001 01101110
6 8
6 1
7 6
6 9
6 E
01100111 00100000 01101100 01110101 01101110
Copyright 2011 – mlcu.com
11
Copyright 2011 – mlcu.com
12
Side note on the tools used.
• We are using a music player but this is just
a stand-in for ANY program
• A text editor (notepad++)
• A Hash Calculator (HashCalc),
• A Hex Editor (CygnusHex).
• Frhed (Free Hex Editor).
Copyright 2011 – mlcu.com
13
Encryption
• Exclusive OR a string of text (called plain
text) in binary, with a string of text (called
the encryption string) and call the result
cypher text.
• Send the cypher text to a recipient who
XORs the string of text used to encrypt
and the result is the original text
Copyright 2011 – mlcu.com
14
XOR
• Exclusive OR – is like adding without
carrying the 1. There is a more accurate definition but this is
good for us at the moment.
•
•
•
•
0 xor 0 = 0
0 xor 1 = 1
1 xor 0 = 1
1 xor 1 = 0
Copyright 2011 – mlcu.com
15
Encryption with XOR
• Plain text binary string (AbCd 41,62,43,64)
• Encryption string (Key$ 4B,65,79,24)
• Cypher text (..:@ 0A,07,3A,40)
01000001 01100010 01000011 01100100
01001011 01100101 01111001 00100100
00001010 00000111 00111010 01000000
Copyright 2011 – mlcu.com
16
Encryption with XOR
• Cypher text (..:@ 0A,07,3A,40)
• Encryption string (Key$ 4B,65,79,24)
• Plain text binary string (AbCd 41,62,43,64)
00001010 00000111 00111010 01000000
01001011 01100101 01111001 00100100
01000001 01100010 01000011 01100100
Copyright 2011 – mlcu.com
17
Copyright 2011 – mlcu.com
New Flag of Freedom
XOR to get Parity
• If I can XOR two bits… Then I should be
able to XOR a series of bits (parity).
10101010 = 0 00000001 = 1
11111100 00110101 01101100 = 0
Copyright 2011 – mlcu.com
19
and …
• XOR is good for digital signatures,
checksums
Copyright 2011 – mlcu.com
20
•
•
•
•
•
GIFs are lossy in color if your original image had more than 256 colors, as it
only uses an 8 bit palette. A good image editing program will pick the
optimum 256 color palette when saving (the bundled MS Paint program is
not a good program by that criterion)
When saving PNGs, a good image editor will allow you to choose 24 bit
color, for image file storage that is about as lossless as it gets. For photos
this is fine. However, the question you have to ask yourself for graph
images is “do I need millions of colors?” and the answer if you haven’t
chosen fancy visual effects like fading backgrounds is “No!”
Color depth is the hidden cost of image file size that many people forget
when they’re trying to squeeze down file size. If you have a very good
image editor (I use Paint Shop Pro for all my graphs) you can choose an
exact number of colors, and I find 16 colors (4 bits) or fewer will often do the
job just fine.
PNG and GIF, when saving with the same small number of colors, do just
about as well as each other in compression. I find GIF has the same size
whether the image is interlaced or non-interlaced, interlaced PNG is a bit
bigger than GIF, and non-interlaced PNG is a bit smaller than GIF.
So non-interlaced PNG, with the minimum number of bits necessary to give
you all the colors you want, gets you the smallest files per displayed pixel.
GIF is a very close second.
Copyright 2011 – mlcu.com
21
Binary describes color, sound, shapes, and other data.
Copyright 2011 – mlcu.com
22
Bitmap in hex editor
Copyright 2011 – mlcu.com
23
Flags, error levels
1 -> 00000001
2 -> 00000010
4 -> 00000100
8 -> 00001000
16 -> 00010000
32 -> 00100000
64 -> 01000000
128 -> 10000000
Copyright 2011 – mlcu.com
24
ASCII test available but
that does not have a
key…
ALT 168 question mark
ALT 174
Copyright 2011 – mlcu.com
£ 156
° 0176
² 0178
☻ 2
♥ 3
♦ 4
♣ 5
♠ 6
♪ 13
♫ 14
§ 21
¿ 168
½ 171
¼ 172
¡ 173
± 241
÷ 246
≈ 247
25
RWX-RWX-RWX
Unix file permissions set by a series of three
bit binary flags. One set for User, Group, All.
4
2
1
4
2
1
4
2
1
r
w
x
r
w
-
r
-
-
7
6
Copyright 2011 – mlcu.com
4
26
IP Addresses
128
64
32
16
8
4
2
1
1
1
1
1
1
1
1
1
255
128
64
32
16
8
4
2
1
1
1
0
0
0
0
0
0
192
128
64
32
16
8
4
2
1
0
1
1
1
1
1
1
1
127
128
64
32
16
8
4
2
1
1
0
1
0
1
0
0
0
168
Copyright 2011 – mlcu.com
27
MAC Address
Copyright 2011 – mlcu.com
28
Packet Sniffer
Copyright 2011 – mlcu.com
29
The GET packet.
Copyright 2011 – mlcu.com
30
01010100.01101000.01100001.01101110.01101011.00100000.
01111001.01101111.01110101.00100000.01100110.01101111.
01110010.00100000.01111001.01101111.01110101.01110010.
00100000.01100001.01110100.01110100.01100101.01101110.
01110100.01101001.01101111.01101110.00101110.00100000.
01001000.01100001.01110110.01100101.00100000.01100001.
00100000.01100111.01110010.01100101.01100001.01110100.
00100000.01100100.01100001.01111001.00100001.
54.68.61.6E.6B.20.
79.6F.75.20.66.6F.
72.20.79.6F.75.72.
20.61.74.74.65.6E.
74.69.6F.6E.2E.20.
48.61.76.65.20.61.
20.67.72.65.61.74.
20.64.61.79.21.
Thank you for your attention.
Have a great day!
Copyright 2011 – mlcu.com
31
Download