Amit’s lab

Isn’t the title of the post geeky enough? Atleast I think so, I never thought of something like this even in my dreams until I came across this research from the Security and Cryptography Laboratory at Ecole Polytechnique Federale de Lausanne.

Can you just imagine, Everything you type on your keyboard sitting alone in your room on a highly secured PC is still captured by someone else sitting in another room 20 metres away. The technology being experiemented out is compromising the Electro Magnetic Radiations emitted out by a PS/2 , USB or a LAPTOP keyboard. These EMR (electro magnetic radiations) are captured by a receiver and the whole spectrum is analyzed to get the key presses. So, If you are typing an email or a password or your banking account details, some one can still sniff them out without using any spywares or keyloggers.

Although Electro magnetic eavesdropping is not a new stuff and people keep on doing it. But This is some startling finding I could never ever thought of.

The two researchers have outline four separate attack methods, some that work at a distance of as much as 65 feet from the target. And you thought, Even disconnecting the PC from internet makes it secure..

Watch out the following two videos demonstrating the hack.

And the second one…

Get the actual paper here…

“COMPROMISING ELECTROMAGNETIC EMANATIONS OF WIRED KEYBOARDS” by Martin Vuagnoux and Sylvain Pasin.

The paper is still under review and not much details are available about it.

…

Just an update to my previous post.

This War intensifies with Tata Sky annoucing its PVR Set Top Box to be launched Soon. Check out Tata Sky Website for details. With this, you’ll be able to pause, rewind, record Live TV.

I won’t talk much about it right now and will wait for its official launch

Till then, keep thinking whether to buy Airtel OR wait for this launch

…

ALRIGHT!!! THE PARTY IS ON. The war has begun with the latest entrant being Bharti in the Indian Satellite TV (DTH) space. Bharti entered the market with the brand name “Airtel Digital TV” a day before. For the past one week, Airtel was running teaser campaign (”See you at home soon”) for its Digital TV launch. Reliance retaliated almost overnight by takign over this teaser campaign almost same to Airtel one and played the spoiler for Airtel. Remember that age old Pepsi Vs. Coca Cola advert battles. That’s what Reliance did to Bharti.

Please make sure to read the complete post if you are planning to buy one or shift to another broadcaster.

First things first. I’ll explain the basics of satellite TV so that many of you can understand the logic behind all this hooplah. Satellite TV or DTH (Direct To Home) is not a new concept. Many of the other countries are already into this for donkey years. US being the leading brat among everyone as usual. DirecTV has been there for long enough with best of technology to offer. Satellite TV offers you to watch everything directly on to your TV sets beamed from the Satellites. That means, no more hassles of cable operators. If you are from India, you must have faced irrational charges, cable operator strikes, power outages, not getting your favourite channels, channels shifting their channel number positions, bullying of cable operator staff bullying, monopolized area distribution. And the list of problems goes on. Satellite TV puts an end to all the woes of the customers. Because, in DTH, your cable operator is a satellite now which never goes down on a strike.

In Satellite TV, the signal is beamed directly from a satellite which the broadcaster has hired. The signal is received directly by the small dish antenna installed at your house or premises. Broadcaster provides a Set Top Box which connects to this dish antenna directly with a cable and in turn, this Set Top Box connects to your TV. Bang!!! Watch the channel you wish. The best part is that you pay for only those channels you wish to watch. For example, you don’t need to pay for Sports channels if you don’t like sports. Or why to pay for Fashion TV if there is no more “Midnight Hot” being allowed in India.

Continue Reading

Alright!! this news is an old shit. I was thinking to write about it for many months but was always wary of the leagal bindings I have with my company. Now, that the news is old, stale and widely public, I feel like talking about it.

Satellite TV hacking has been in a lot of focus in the past, especially, in the western world, when the technology was in its infancy stage and was trying to grow. Cryptographers and mathematicians were busy round the clock trying to produce new algorithms to keep hackers at bay. and then, emerged the two guys, Boris Floricic (better known as Tron) and this guy , Chris Tarnovsky (better known as Big Gun) in the underground world.

Satellite TV hacking in the past has been considered as on the lines of hacking smart card (From the Eye of a Legal Storm, Murdoch’s Satellite-TV Hacker Tells All , Also see the video given below ). But now, I feel that trying to hack a smart card is a waste of energy, time and money. It needs a lot of know how and knowledge to break the pay TV smart card and is no where, similar to internet hacking. I agree that if you wish to watch free TV, then you’ll definitely need to hack the smart card. But then, you can still pay the bills and try to break the system to get more out of it. So, it always goes on in my mind that if instead of trying to reverse engineer the smart card, we try to exploit the system, then it will be much easier to get more information on your TV.

Okay, lets take an example as usual. Lets say that, you social engineer the programmer sitting in of the software companies writing code to enable EPGs. Although, every code written passes strigent code reviews, but it is still very easy to leave easter eggs in the code which can enable you view some information you are not entitled to. :-) 

May be, we can try the other route. Third party companies writing interactive applications always uses the API’s and the SDK provided by the above referred product vendors. So, As you know, every software has bugs, it might take quite a while, but using tainted object technique, these interactive applications can exploit the information stored on the Set Top Box. and you never know, this might compromise a big system.

Talking about all this, we still know that it is a closed system development and is not available to outside world. Also, it passes stringent checks, code reviews and quality assurance, it is still possible to leave small gaps to enable the hackers to exploit these possibilties.

I am a novice in this reverse engineering field and bound by my company laws, I cannot talk more details about it.

But, I leave you to think more and meanwhile, watch this awsome hacking video.

…

This is an idea which is doing rounds in my mind for quite a while. I tried promoting it but people could not see it realizing. So, I am just posting it out here. If any VC is reading and likes it, please mail me.. and if any developer likes it and gets it through, atleast drop me a word of appreciation if nothing else is possible.

Okay, After reading this post, you might say that whatz so new about this? this already happens on STB using the metadata. but then, I have left some hint towards the end of the post what doesn;t exist and I want to achieve. If you read carefully & get the feel of the actual stuff, you might like to take it forward. Ofcourse, I have taken out many important pieces in this post for obvious reasons.

Abstract
Search Engine on TV is one thing that looks similar to search on internet and it is. Till now, we used to have search based on program name, time, actor, channel etc. and now, is the time to move one step forward to search the content of the program and choose the content among different channels. This paper deals with a concept of searching the whole content at the broadcaster’s end. The user just needs to key in the keywords he wants to search and he gets the search results on TV Screen. The user, then, can play the item selecting from the search. Of course, the catch is that the content can contain only the results from the programs or channels permitted by the broadcaster and user may need to pay for the item to be seen. This paper is attempted to create a search engine of the internet world in TV domain.

Continue Reading

Everyone has seen a smart card in some form, may be its your driving license, your banking card, or your STB card. smart cards are being used in daily life. Now, why smart cards? is it just a fancy stuff or just some data holder or data holder with security.

yes, security is one of the major aspects of smart card. Okay, consider this as an introduction to smart cards.

Continue Reading

Okay.. finally i managed some more time to write a post. Although, the stuff I post on my tech blog is not a very complex one as I just post basics but I aim to provide just reference in regards to bytecode reverse engineering. 

Alright!!! this time again, I’ll deviate from the topic and I’ll talk about how to make java code execution faster and tougher to reverse engineer. This covers the basic question “How do I get an .EXE (executable) from java code?”

hmm.. to begin with, everyone knows that java compiler generates a class file which is interpreted by the bytecode interpreter and then executed. Now, to execute some java code, VM should be running, class loaders play some role, some java reflection etc etc… and finally, even the obfuscated code also gets decompiled and the code can be understood by anyone.

So, how to protect your code and make it execute faster?

Continue Reading

Okay, Last time I deviated from the topic a bit but nevertheless, it still deserved to mention the importance of secure programming to keep away novices from breaking a system just by some invalidated inputs.

Now, let’s get back to Bytecodes. Let me put the disclaimer first that these posts of mine are not tutorials or something but they are just reference pointers on the way of reverse engineering the code. So, one needs to be an expert or atleast something near to that level to achieve the goals in reverse engineering. For detailed information and tutorials and other stuff, google the net.

I’ll start with a simple example (As I always feel that example are better than numerous pages of theory )

Consider the following java code:

1
2
3
4
5

public class Test {
    public static void main(String args[]){
        System.out.println("Hello F@^#ers !!!");
    }
}

Now, Let’s look at the generated bytecode for the above code. (I used javap utility to get this code. So, the simple command is “javap -c ” to get this output)

Continue Reading

Last time, I talked about how to write strongly typed enum patterns so as to prevent breaking the program from invalid inputs and keeping the program short and sweet for efficiency. Although, I wanted to continue on discussing bytecode but then, I felt like discussing Tainted Object Propagation as I mentioned in my last post.

Basically, Tainted Object Propagation is the term defined for using incorrect or invalid inputs to get more than required information from the system and in some cases, taking control of the system. Although this technique is much widely used to misuse web applications and database oriented applications, but this holds true for any API publisher who exposes his API’s to third party application writers.

Again, just like previous post, Let’s start with an example.

Consider that a web page or an application takes an input “userName” and the application executes the following query to find that particular user.

1
2
3
4
5

HttpServletRequest request = ...;
String userName = request.getParameter("name");
Connection con = ...
String query = "SELECT * FROM Users " + " WHERE name = ’" + userName + "’";
con.execute(query);

Now, this is the usual code written by programmers to get the particular from the database. Now, if an attacker gets the control of the userName field, he can set it to ‘OR 1=1; This query allows the user to circumvent user name check and returns all the users from the database. In this case, the input variable “userName” is considered as Tainted Object.

Continue Reading

Alright!!! Let’s get started. This is one of many subjects which always overwhelms me. Why so? Ofcourse, the reasons can not be explained here but then, the reason should be the least of your worries.

Okay, if you know enough about this, then please post your knowledge tips as comments because your comments might help towards my unexplained reasons.

I’ll run this topic as a series for quite a number of posts. You may find similar information on other websites but then, it’s a wild world and I am not intending to infringe any copyrights.

Now to begin with, let’s first understand how to evaluate the performance of java code and protect the java code from tainted objects. We’ll talk about Tainted Object Propagation as we progress in this series of discussions.

I’ll explain this with an example of enum pattern.

We can have enums in Java in two ways. Continue for detailed reading